Better Mobile App

[ThinkTank / WIP]Possible Alternate Root / No Boot Unlock Required

Okay I posted this also in the Themes forum for Nexus but I wanted to see if anyone could assist. Someone in the theme forum asked about the bootanimation.zip that shows us the cool animation during boot, while reading this it reminded me of the behold 2. See below
What are the permissions for bootanimation.zip if they were left open to non root then this may-b a way to get root with unlocking the bootloader. This would be the same approach that was used to root the behold 2 where the "try3" file was renamed to play_logo . play_logo then was used to root and after root was opened it would make play_logo_real play which was the boot animation. I may be wrong but couldnt this be a possibility. Thanks, any help is appreciated. Im wondering if Zinx could chime in...

How are you going to write to the bootanimation.zip without root? Further, do you intend to replace the recovery or update custom roms? I am just trying to figure out the purpose of root and flashing other customized images.

seraph1024 said:
How are you going to write to the bootanimation.zip without root? Further, do you intend to replace the recovery or update custom roms? I am just trying to figure out the purpose of root and flashing other customized images.
Click to expand...
Click to collapse
You can always write if I am not mistaken using the low-level write dd if/of command. We would use the bootanimation.zip to run the root command. An example is in the Samsung Behold 2 it was done as follows:
Example
echo "#!/system/bin/sh
/data/local/try3 /system/bin/sh
mount -o rw,remount /dev/st9 /system
cat /system/bin/sh > /system/bin/su
chmod 04755 /system/bin/su
/system/bin/playlogo_real" > /system/bin/playlogo
Click to expand...
Click to collapse
This is how it was done. I am wondering if the same can be done on the nexus using bootanimation.zip as it executed at startup. We would basically modify the bootanimation.zip to the above and add a line for it to execute the boot image. By gaining root this way we would still be able to put on a custom recovery and roms without unlocking the bootloader in theroy. The try3 file was created by Zinx and used by Maxisma to bring root to the behold 2. I am pretty sure this may work on the Nexus 1. I hope this helps.

Ok. I don't have a locked phone that I can play with at the moment. I'll make up a package for you tomorrow. Can you test it for me?

seraph1024 said:
Ok. I don't have a locked phone that I can play with at the moment. I'll make up a package for you tomorrow. Can you test it for me?
Click to expand...
Click to collapse
Okay XDA is back up. Yes I can test. Oh man if this works there will be absolutely no need to unlock the boot loader... Thanks

seraph1024 said:
Ok. I don't have a locked phone that I can play with at the moment. I'll make up a package for you tomorrow. Can you test it for me?
Click to expand...
Click to collapse
Hey Seraph1024 take a look at this. Its too big for XDA so I put it up on pastebin. http://pastebin.com/f62780d32 Its what is contained in the try3 file. Zinx used it in flashrec

No joy.
Code:
$ getprop | grep product.model
[ro.product.model]: [Nexus One]
$ pwd
/data/local
$ ls -al try3
-rwxrwxrwx 1 0 0 74512 Jan 25 13:26 try3
$ id
uid=2000(shell) gid=2000(shell)
$ ./try3 /system/bin/sh
[1] Killed ./try3 /system/bin/sh
$ id
uid=2000(shell) gid=2000(shell)
Exploit does not work.

I was that close to rooting today until i saw this now its made me double think again lol I've been waitin for a custom rom by cyanogen until i rooted, and since its pretty much almost here i was going to root. bah guess i'll wait until CM gets released!

flak0 said:
You can always write if I am not mistaken using the low-level write dd if/of command.
Click to expand...
Click to collapse
You can't on this phone. There are two ARM cores - one running the low-level stuff (bootloader, radio) and the other running Linux.
Without the engineering bootloader (or some exploit) we don't have access to the baseband ARM core, and therefore don't have access to its MMU, which is programmed to deny read/write access to protected areas of the flash - such as the bootloader and splash screens. Even with root, Linux can't access that stuff.
It's going to be really hard to find a kernel exploit for the N1 to get root. Most exploits involve mapping memory to the zero page and then triggering a null pointer de-reference bug in the kernel. But the N1's kernel won't allow such mappings.... I believe the minimum address for mmap on the N1 is around 64k. (It's in the kernel config.)
This is a tough nut to crack.

The behold root was done that way because there's no way to flash the partitons on it.
You still need root in the first place to write to that file. The droid guys have been looking a while for a new root exploit but didnt find one. The problem is that all known exploits have been closed in 2.1.
We need to wait for someone to find a new one that works. Then this would be a real posibility, and there' no need to hijack playlogo.

for what its worth, if you need a lab rat i do not have my phone rooted yet and i am willing to test some things if anyone needs...
i dont plan on rooting it until the ball really gets rolling with everything and until I am 100% satisified with the phones performance

kam187 said:
You still need root in the first place to write to that file.
Click to expand...
Click to collapse
That's what I though. And like it was posted earlier, I don't think there is a exploit since this phone is done differently. I am busy for the next couple of days but if anyone want to "try", I'll make up something but I really doubt any of the old stuff will work on this phone.

passwd: command not found

short story:
There is no passwd command in my system bin, so I am unable to change the (or effectively, add a) root password.
longer story:
So, as soon as I got my HTC Droid Eris, I installed that root 2.1 leak from HTC. After going through several Terminal applications, I found one that didn't force close every time I tried to use it. I was about to log into root with "su" but I didn't know the root password. I tried Googling around, but I found nothing relevant. I then proceeded to try entering the "su" command anyway and to my surprise, their was NO ROOT PASSWORD. I've been panicking for the last two days trying to find a way to get the passwd command into my bin, but it doesn't look like it's going to work. I've even done some crazy things like try to copy the passwd command from my openSUSE box into the bin (Yes, I understand that it probably wouldn't have been compatible, but it's worth a shot). After doing some research, I learned that the /system/bin directory is read-only. That explains why I kept getting device cross-over errors whenever I tried moving the command from my SD card into the internal memory. Also, I found where the HTC devs installed the "su" command in the leaked 2.1root. It's in the /system/xbin directory.
Does anyone have a solution to this? I'm worried about hackers and being rickroll'd by some idiot's worm. I've been keeping my 3G mobile network off and only using secured Wi-fi to access the Internet

Umm, why are you trying to change the root password? Also when you do su in a shell our shouldn't ask you for a password. The risk of getting hacked are almost zero because the hackers have bigger targets to go after such as the iphone or motorola droid.
Sent from my Eris using the XDA mobile application powered by Tapatalk

This command will mount system as writeable
Code:
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
Use one of the custom roms with SuperUser.apk (all of them) for security. We don't have passwords for shells on android.

[HOW-TO] Temp Market Fix for CM7 Nightlies [Builds 20-???]

Confirmed by droopypillow -Thanks
This fix is NOT just for the market not downloading apps issue, it actually was bugging me quite a lot that none of my apps were attached to the market so I had to use alternative methods, like app brain or an app updater app to know when I could update my apps
HebrewToYou was kind enough to tell us how to fix only the part where the market won't download apps if you have 1.5 cache set in your custom MTD partitions. So either do this or resize your cache to like 60 as recommended by the helpful fellow aaldiar
HebrewToYou said:
So here's an *actual* fix that doesn't involve replacing the Market app...
...it appears this issue may be localized to people with custom MTD partitions.
Thanks go out to JTownBrewer and FredBo (on #mytouchslide @ freenode IRC) for figuring this out:
Open up your favorite terminal emulator -- I like Better Terminal Emulator Pro -- and enter...
Code:
su
cp -a /dev/cache/download /data/cache
Market apps will once again be downloading properly. This *may* not work after rebooting, so just keep that in mind.
Click to expand...
Click to collapse
What this fixes​
Apps not being attached to the market
(Make sense since I have Custom MTD partitions) HebrewToYou tells me that only for users with custom MTD partitions: Not being able to download apps (since build 20)
The Only Requirement​
Must have ADB.exe and must know how to get to it through command prompt, my steps are simple enough that that is the only thing you need to know.
Windows Instructions I guess, not so sure how different on Mac or Linux​
Download the Vending.apk I attached at the bottem
Put Vending.apk in the folder where adb.exe is located
Go to folder where adb.exe is located with command prompt
This may or may not be unnecessary, but force close and clear you cache on the Market app. It's what I did so just in case, k?
On your phone either go into recovery, or if you have S-Off I think you can type
Code:
adb shell
mount -o rw,remount /system
exit
and you should be able to push to /system without a problem, may be unnecessary but I always do it so I had to add that part
Then in your command prompt type
Code:
adb push Vending.apk /system/app
Open your Marketplace now and see if it's working.
What I did is I took the Vending.apk from the cm6 g-apps, I assure you it works perfect except it is an older version of the marketplace, so maybe it even has the 24 hours for a refund still? I'm not sure and I don't really feel like checking. My phone hasn't tried to update the marketplace so it I've been using this fine for the past 2 days when I first noticed my market wasn't working but at the time I thought it was just me because of a few issues I caused myself

RESERVED to include additional info about what build this error is fixed on when Cyanogen fixes this issue for all devices

All I did for my market to work was download the same file 5 times.. it wouldn't install.. then reboot the phone, try to download apps again like 2 more tries and now market works for me.
Gj on the app too
Sent from my T-Mobile myTouch 3G Slide using Tapatalk

xaodxkevin said:
If you're good with ADB: For anyone who's got a bit of expertise with adb and whatnot, please post if there are any errors in this post and what should be different for I am sick and there may be errors. Seriously though I really need some sleep, good night.
I cannot stress this enough!Please read comments before doing this, there may be an error in my post =\ and hopefully someone's posted the correction or confirmed that this works 100%
I'm really sick, but I felt this could help many people so I'm posting this anyways hoping I don't make any errors and I really don't feel like making this look very nice right now but heres a temp fix
The Only Requirement​
Must have ADB.exe and must know how to get to it through command prompt, my steps are simple enough that that is the only thing you need to know.
What this fixes​
Not being able to download apps (since build 20?)
And apps not being attached to the market
Windows Instructions I guess, not so sure how different on Mac or Linux​
Download the Vending.apk I attached at the bottem
Put Vending.apk in the folder where adb.exe is located
Go to folder where adb.exe is located with command prompt
This may or may not be unnecessary, but force close and clear you cache on the Market app. It's what I did so just in case, k?
On your phone either go into recovery, or if you have S-Off I think you can type
Code:
adb shell
mount -o rw,remount /system
exit
and you should be able to push to /system without a problem, may be unnecessary but I always do it so I had to add that part
Then in your command prompt type
Code:
adb push Vending.apk /system/app
Open your Marketplace now and see if it's working.
What I did is I took the Vending.apk from the cm6 g-apps, I assure you it works perfect except it is an older version of the marketplace, so maybe it even has the 24 hours for a refund still? I'm not sure and I don't really feel like checking. My phone hasn't tried to update the marketplace so it I've been using this fine for the past 2 days when I first noticed my market wasn't working but at the time I thought it was just me because of a few issues I caused myself
p.s.
If this is in the wrong location, move it please? I wasn't too sure where to put this
+
if there are any errors here please post? seriously I'm really sick and this took every ounce of energy and concentration I had so there may be a mistake somewhere and yes I've proof read it about 100x now >:|
Click to expand...
Click to collapse
ive market downloading issues since build 20..i did everything step by step except step 4..and now my market works...thanks for the temporary fix

So here's an *actual* fix that doesn't involve replacing the Market app...
...it appears this issue may be localized to people with custom MTD partitions.
Thanks go out to JTownBrewer and FredBo (on #mytouchslide @ freenode IRC) for figuring this out:
Open up your favorite terminal emulator -- I like Better Terminal Emulator Pro -- and enter...
Code:
su
cp -a /dev/cache/download /data/cache
Market apps will once again be downloading properly. This *may* not work after rebooting, so just keep that in mind.

Thanks for confirming droopypillow
And
Thanks HebrewToYou for the fix once I get home I'll add note of it and credit you, but I still prefer this one because it keeps my apps attached to the market. I'm not sure exactly who/why people are getting that issue but I'll definitely be happy with the old market until I hear that's fixed.

I flashed build 26 market is working again on this build for me..
Sent from my T-Mobile myTouch 3G Slide using XDA App

I have the custom MTD partitions and simply changed the cache from 1.5 to 60 and that solved my Market and GPS problems instantly. Just an FYI for you guys.

aaldiar said:
I have the custom MTD partitions and simply changed the cache from 1.5 to 60 and that solved my Market and GPS problems instantly. Just an FYI for you guys.
Click to expand...
Click to collapse
so the cache was also causing the GPS problems? Thanks, I'll make sure to change the cache size immediately
I'll continue using this though until the apps being attached to market issue is fixed

xaodxkevin said:
so the cache was also causing the GPS problems? Thanks, I'll make sure to change the cache size immediately
I'll continue using this though until the apps being attached to market issue is fixed
Click to expand...
Click to collapse
I have a 1.5meg cache and have no issues with gps...I had market problems from. Build 20-25..but I did nothing wxcept flash build 26 and it is fixed..
Sent from my T-Mobile myTouch 3G Slide using XDA App

Yeah, I don't think the cache partition size has anything to do with GPS issues. This was purely a fix for the market.

Lol, I know it is a fix for the market. But I still had GPS issues with 26 along with market problems. Might just be some hardware dealio with my particular slide series or something. All I know is once I did the partition my GPS and market worked instantly.
Sent from my T-Mobile myTouch 3G Slide using XDA App

I'm on nightly #27, no market issues. Custom mtd with cache @ 1.5 as well.

How do I see what the cache size is and change it?
(Sorry for the noob question).

Please see this thread: http://forum.xda-developers.com/showthread.php?t=893706

i am running custom mtd and notice for some reason something keeps remounting my /sd-ext and /cache partition to RO which causes the failure. Rebooting and updating/installing the apps right away usually works but it's only a matter of time before it gets remount as RO. Also adb shell will not allow me to remount it back to RW, it doesn't give me any errors using mount but it just stays at RO.
right after a reboot:
Code:
/dev/block/mtdblock3 on /system type yaffs2 (ro)
/dev/block/mtdblock5 on /data type yaffs2 (rw,nosuid,nodev)
/dev/block/mmcblk0p2 on /sd-ext type ext3 (rw,noatime,nodiratime,errors=continue,barrier=1,data=ordered)
/dev/block/mmcblk0p2 on /cache type ext3 (rw,noatime,nodiratime,errors=continue,barrier=1,data=ordered)
/dev/block/mtdblock4 on /dev/cache type yaffs2 (rw,nosuid,nodev)
after running:
Code:
/dev/block/mtdblock3 on /system type yaffs2 (ro)
/dev/block/mtdblock5 on /data type yaffs2 (rw,nosuid,nodev)
/dev/block/mmcblk0p2 on /sd-ext type ext3 (ro,noatime,nodiratime,errors=continue,barrier=1,data=ordered)
/dev/block/mmcblk0p2 on /cache type ext3 (ro,noatime,nodiratime,errors=continue,barrier=1,data=ordered)
/dev/block/mtdblock4 on /dev/cache type yaffs2 (rw,nosuid,nodev)

*edit* failed again

[Q] S-OFF, no root. Options for root and/or SU

I've got a device and need either root or su for system app development, but want to do this in the least invasive way possbile. The twist... this is likely a pre-release device and came from HTC with S-OFF (HBOOT-1.01.0000).
With S-OFF (but no root) what are the options for getting root and/or SU installed?

pukebag said:
I've got a device and need either root or su for system app development, but want to do this in the least invasive way possbile. The twist... this is likely a pre-release device and came from HTC with S-OFF (HBOOT-1.01.0000).
With S-OFF (but no root) what are the options for getting root and/or SU installed?
Click to expand...
Click to collapse
Least invasive: Install superuser/su from adb, leaving stock recovery in place. LMGTFY: http://www.equisoforum.com/Thread-ADB-Shell-Pro-Root-method
Better route: Flash CWM or TWRP recovery to phone, then flash superuser/su package from recovery.

junkmail9 said:
Least invasive: Install superuser/su from adb, leaving stock recovery in place. LMGTFY: no_urls_from_noobs
Better route: Flash CWM or TWRP recovery to phone, then flash superuser/su package from recovery.
Click to expand...
Click to collapse
(please forgive if anything I have below is nonsense... I'm slowly building my understanding)
I don't believe the 1st method will work. I can't 'adb remount' because I don't have root on the device ('remount failed: Operation not permitted'). If remount worked I'd be good, because as you suggest I could push the su apk/permission/scripts to the device. I also tried remounting the /system partition as RW but no luck ('mount: Operation not permitted').
I'll try the 'traditional' CWM route. I just wasn't sure if having S-OFF opened up any other options for getting root, mounting /system as RW, or...
Thanks much.

pukebag said:
(please forgive if anything I have below is nonsense... I'm slowly building my understanding)
I don't believe the 1st method will work. I can't 'adb remount' because I don't have root on the device ('remount failed: Operation not permitted'). If remount worked I'd be good, because as you suggest I could push the su apk/permission/scripts to the device. I also tried remounting the /system partition as RW but no luck ('mount: Operation not permitted').
I'll try the 'traditional' CWM route. I just wasn't sure if having S-OFF opened up any other options for getting root, mounting /system as RW, or...
Thanks much.
Click to expand...
Click to collapse
I have always used the "Better Route". However, I was under the impression that s-off unlocked the partitions.
Out of curiosity, did you try the following command anyway: (adb push su /system/bin) ?

junkmail9 said:
I have always used the "Better Route". However, I was under the impression that s-off unlocked the partitions.
Out of curiosity, did you try the following command anyway: (adb push su /system/bin) ?
Click to expand...
Click to collapse
At least in this case /system is mounted RO:
- adb shell mount | grep system -> /dev/block/mmcblk0p33 /system ext4 ro,relatime,user_xattr,barrier=1,data=ordered 0 0
- adb push foobar.txt /system/bin -> 'failed to copy foobar.txt to /sytem/bin/foobar.txt : Read-only file system
This isn't a regular consumer device so it's at least a little funky. For example, it doesn't get OTA updates and is stuck with an old RUU (htc sense 4.0... ruu 1.31.605.1 (? not sure where exactly to get RUU version). It also has the 'normal' CID (VZW__001).
It might get a little interesting digging up workable bootloader and supercid method, now out-of-date for basically everyone else.

pukebag said:
At least in this case /system is mounted RO:
- adb shell mount | grep system -> /dev/block/mmcblk0p33 /system ext4 ro,relatime,user_xattr,barrier=1,data=ordered 0 0
- adb push foobar.txt /system/bin -> 'failed to copy foobar.txt to /sytem/bin/foobar.txt : Read-only file system
This isn't a regular consumer device so it's at least a little funky. For example, it doesn't get OTA updates and is stuck with an old RUU (htc sense 4.0... ruu 1.31.605.1 (? not sure where exactly to get RUU version). It also has the 'normal' CID (VZW__001).
It might get a little interesting digging up workable bootloader and supercid method, now out-of-date for basically everyone else.
Click to expand...
Click to collapse
If you're already S-OFF, you shouldn't need to do anything with supercid. Just put the phone into fastboot and flash a custom recovery - either CWM (link) or TWRP (link), depending on your preference. Follow the "manual installation" steps in the thread of your choice. I have been very happy with PhilZ's Touch CWM.
Also - first thing to do after installing the recovery is to make a nandroid backup of the (semi) pristine state of your phone.

/system won't stay mounted as rw

Hello all,
I have been trying to gain root on a Android 4.0.4 device and was able to, but I can't seem to keep system rw long term.
I run the following command
mount -o remount,rw /system
or
adb remount (from a PC)
the mount command will then show that system is in rw mode. However, if I attempt to copy any data into /system, the first file copy fails and the system then reports read only. To make things even more odd, commands like chmod on a file in /system work just fine.
It seems to me that there is something that detects something writing to /system, and then forces the mount back to ro.
Does anyone have any ideas about this? Is this a common technique manufactures use?
The closest thing I could find on XDA is a reference to Sony Xperia devices having a watchdog service that doesn't something like this, but this device is a Kenwood Head unit and not a Sony device.
Thanks!

chris.davis925 said:
Hello all,
I have been trying to gain root on a Android 4.0.4 device and was able to, but I can't seem to keep system rw long term.
I run the following command
mount -o remount,rw /system
or
adb remount (from a PC)
the mount command will then show that system is in rw mode. However, if I attempt to copy any data into /system, the first file copy fails and the system then reports read only. To make things even more odd, commands like chmod on a file in /system work just fine.
It seems to me that there is something that detects something writing to /system, and then forces the mount back to ro.
Does anyone have any ideas about this? Is this a common technique manufactures use?
The closest thing I could find on XDA is a reference to Sony Xperia devices having a watchdog service that doesn't something like this, but this device is a Kenwood Head unit and not a Sony device.
Thanks!
Click to expand...
Click to collapse
I would think that you might need to run a script to remount on boot perhaps, such as one along this idea http://www.3c71.com/android/?q=node/466. Like via init.d or if that isn't possible on this then maybe something like this could do it http://forum.xda-developers.com/showthread.php?t=2378274 ?
Just spit balling ideas.

Correct me if I am wrong, but it seems to me that I wouldn't be able to do those options since system doesn't actually stay rw?

Really depends on the phone. Sometimes you can slip a script in during boot that will keep the system open. Sometimes you need to have a special module too such as this: http://forum.xda-developers.com/showthread.php?t=2230341 Sometimes the kernel doesn't allow it. I would think on 4.0.4 it shouldn't be near as hard as some of the newer JB and KK things. What do you have?

It is the Kenwood DNN990HD running Android 4.0.4.
I will try and run the binary tool you linked.
Thanks!