[Q]Java Shell Root Access (segmentation fault) - Android Q&A, Help & Troubleshooting

Hi Guys,
So i've been trying to flash modules from within the phone without having to boot into the recovery,
and i found that i can just extract the update-binary and execute it through shell and it will do the trick!!
however,
know im trying to do that through my app,
i successfully got root access using Chainfire's libsuperuser,
however, whenever i send the commands to run update-binary i get "segmentation fault(core dumped)" Error.
the command i using in both shell and from within the app is "./update-binary 3 stdout ./modules.zip".
P.S. this might be irrelevent but when ever i add a number before stdout (e.g 7stdout) i get segmentation fault during shell as well,
other than that, i can't find the problem
This is a logcat of the process through strace, if we have a linux debugger here
Code:
08-24 17:06:43.568 8703-9188/com.thunder.kernel.lighter D/libsuperuser: [libsuperuser][SU*] execve("./update-binary", ["./update-binary", "3", "recovery", "./KernelLighter.zip"], [/* 24 vars */]) = 0
08-24 17:06:43.573 8703-9188/com.thunder.kernel.lighter D/libsuperuser: [libsuperuser][SU*] gettid() = 9202
08-24 17:06:43.573 8703-9188/com.thunder.kernel.lighter D/libsuperuser: [libsuperuser][SU*] syscall_983045(0x39a10, 0x399d4, 0, 0x40, 0x399d4, 0xbea729c0, 0xd8ec, 0xf0005, 0, 0, 0, 0, 0, 0xbea72960, 0x28dcf, 0x8c9c, 0x60000010, 0x39a10, 0, 0, 0xc764, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0) = 0
08-24 17:06:43.588 8703-9188/com.thunder.kernel.lighter D/libsuperuser: [libsuperuser][SU*] mmap2(NULL, 131072, PROT_READ, MAP_SHARED, 8, 0) = 0x4007e000
08-24 17:06:43.588 8703-9188/com.thunder.kernel.lighter D/libsuperuser: [libsuperuser][SU*] open("/dev/urandom", O_RDONLY|O_LARGEFILE) = 4
08-24 17:06:43.588 8703-9188/com.thunder.kernel.lighter D/libsuperuser: [libsuperuser][SU*] read(4, "B\300>7", 4) = 4
08-24 17:06:43.593 8703-9188/com.thunder.kernel.lighter D/libsuperuser: [libsuperuser][SU*] close(4) = 0
08-24 17:06:43.598 8703-9188/com.thunder.kernel.lighter D/libsuperuser: [libsuperuser][SU*] mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x40119000
08-24 17:06:43.598 8703-9188/com.thunder.kernel.lighter D/libsuperuser: [libsuperuser][SU*] mprotect(0x40119000, 4096, PROT_READ) = 0
08-24 17:06:43.603 8703-9188/com.thunder.kernel.lighter D/libsuperuser: [libsuperuser][SU*] fcntl64(0, F_GETFL) = 0 (flags O_RDONLY)
08-24 17:06:43.603 8703-9188/com.thunder.kernel.lighter D/libsuperuser: [libsuperuser][SU*] --- SIGSEGV (Segmentation fault) @ 0 (0) ---
08-24 17:06:43.693 8703-9188/com.thunder.kernel.lighter D/libsuperuser: [libsuperuser][SU*] +++ killed by SIGSEGV (core dumped) +++
08-24 17:06:43.693 8703-9188/com.thunder.kernel.lighter D/libsuperuser: [libsuperuser][SU*] Process 9202 detached
08-24 17:06:53.368 8703-8756/com.thunder.kernel.lighter D/libsuperuser: [libsuperuser][SU%] END

08-24 17:06:43.603 8703-9188/com.thunder.kernel.lighter D/libsuperuser: [libsuperuser][SU*] fcntl64(0, F_GETFL) = 0 (flags O_RDONLY)
Click to expand...
Click to collapse
I think this line is the important one. I think fcntl stands for flag control, also there is something about read only. Hope this helps somehow, I am not an android expert, but I do know a few things about linux...

I've read some man pages. Combined with what I know from Android I suppose the following: When you execute the command in the shell, there is nothing between it and the kernel / memory. If you execute it from within the app, you have to bypass some securit system put around Android apps which is checking the permissions of the apps. The app itself will not be able to write to the memory, therefore the process is generating a SIGSEV signal, which just says the process trying to write is not allowed to write. Without this, executed from the shell directly, you are allowed as you already have full access
You get a segmentation fault (I suppose SIGSEV as well) when you write something before stdout, because stdout is specifying a system device; the standard output. When the system can't find this device, it is missing an address to write to, that's why you get the segmentation fault as well.
Hope this hellps, I am not entirely sure.

I figured it was due to stdout but is there a way around it?
Sent from my HTC One X

As I already said, I am not an Android expert. But what you have to try is: I don't know if this is possible, but try to start a new shell instance form within the app, gain root access and execute the command there rather than directly processing the command from the app. That's what I do in a Linux GUI when trying to run particular commands.
EDIT: Another question: What does the command update-binary do exactly? Does it need stdout as parameter definitely? Also, as stdout is a virtual system device, that's likely the cause why it won't work from within the app. Is there an Android access right for virtual system devices like stdout which you need to sepcify for the app?

dansou901 said:
As I already said, I am not an Android expert. But what you have to try is: I don't know if this is possible, but try to start a new shell instance form within the app, gain root access and execute the command there rather than directly processing the command from the app. That's what I do in a Linux GUI when trying to run particular commands.
EDIT: Another question: What does the command update-binary do exactly? Does it need stdout as parameter definitely? Also, as stdout is a virtual system device, that's likely the cause why it won't work from within the app. Is there an Android access right for virtual system devices like stdout which you need to sepcify for the app?
Click to expand...
Click to collapse
You might have missed it,
But I'm running the command as root,
Thus it would already be in a different shell, the su.
I thought it could be permission but root only needs root permission and I have that.
The update-binary is found in all flashable zips,
It's what process the update scripts and flashes the zip,
I'm trying for a recovery less flashing technic.
Also the stdout parameter can be anything and it will still cause the error,
But from within a shell it will also work with anything.
Sent from my HTC One X

Related

Lost all partitions (Need the partition List for YP-G70 USA 8 GIG Please!!!!)

can someone please explain to me how to restore my partitions for yp-g70 usa please im confused
Jistropy said:
can someone please explain to me how to restore my partitions for yp-g70 usa please im confused
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?t=1468213&highlight=brick
This might help you if you are talking about messed-up partition.
This method is probably the last thing you can do before you go to A/S center.
If flash pit file doesn't help, try this method.
Is yours 8gb or 16gb?
you will have to figure out partition table by asking other people.
http://forum.xda-developers.com/showthread.php?t=2066694&highlight=stylemate&page=2
in this link, you will be able to see my Korean Galaxy Player 16gb partition table, it was broken by flashing my absurd kernel
so i had to manually type in bytes.
8 gigs
I have no partitions.. something went wrong idk what so how do i remake them
Jistropy said:
8 gigs
I have no partitions.. something went wrong idk what so how do i remake them
Click to expand...
Click to collapse
I will write this method elaborately, based from my experience.
I'm using windows 7 btw.
What you need
1.Samsung drivers (if you have ever flashed with odin before, you probably have it)
2. rj's custom kernel (to get CWM and fdisk function)
3. adb (to use fdisk....)
Steps...
1 flash rj's custom kernel
2 enter recovery mode (don't mount or do anything just enter it.) and connect it with your computer.
3. run cmd
4. move to the directory where adb.exe is and run "adb shell"
now i hope that the computer will detect your device. if not, plug it out, reinstall samsung driver, and reboot your computer.
if you type "adb shell" and get "~$" you are on the right track.
5. type "su" (to get superuser permission. you will see that ~$ has changed to ~#
6. type
Code:
fdisk /dev/block/mmcblk0
u
p
This will print out your current partition table.
Normal SGP 5.0 has
mmcblk0p1, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17 these many blocks.
When mine was broken, i had question mark at 12th block and no further blocks. So i had to manually write the partition.
Here is the important and little sad part.
I do not know the partition table for your device. Mine is Korean 16GB model.
You said yours is 8gb but do you know if it's international model or USA? international model has physical home button.
You need to ask some one who has same device (8gig, same model) to do the steps mentioned above, capture the picture of the partition table and send it to you. If you acquire that partition table for your device, you can proceed.
7. Now, from here, since I know your partition status, I will just give an example.
Let's say mine is broken from 12th partition and it starts at "52800" byte but ends at "1313784744" (starting point is right but end point is not right)
you delete that 12th partition by typing:
Code:
d
12
simple right?
now we gotta re-write it.
8. type:
Code:
n
l
52800
68159
n= making new partition
l= i don't know but just type it (I don't have player now so....)
52800 = this is the starting block that i mentioned before right?
68159 = this is the correct endpoint.
9. use "n" "l" "starting point" "endpoint" commands to set your partition upto 17th mmcblock
note that "n" commands will incrementally increase the number of block.
If you have made a mistake (which is absolutely not allowed...) just quit fdisk or simply exit cmd. It will discard the changes unless you save it.
As i said before, step 7~9 is just an example. You gottta apply this method to your device.
start looking for other people's normal partition table
Oh!!!
if you are using 8gig international version, rumirand already posted it.
# partition table of /dev/mmcblk0
unit: sectors
/dev/mmcblk0p1 : start= 64, size= 15515584, Id= 5
/dev/mmcblk0p2 : start= 0, size= 0, Id= 0
/dev/mmcblk0p3 : start= 0, size= 0, Id= 0
/dev/mmcblk0p4 : start= 0, size= 0, Id= 0
/dev/mmcblk0p5 : start= 128, size= 512, Id=83
/dev/mmcblk0p6 : start= 704, size= 512, Id=83
/dev/mmcblk0p7 : start= 1280, size= 2560, Id=83
/dev/mmcblk0p8 : start= 3904, size= 2560, Id=83
/dev/mmcblk0p9 : start= 6528, size= 10240, Id=83
/dev/mmcblk0p10: start= 16832, size= 20480, Id=83
/dev/mmcblk0p11: start= 37376, size= 15360, Id=83
/dev/mmcblk0p12: start= 52800, size= 15360, Id=83
/dev/mmcblk0p13: start= 68224, size= 593920, Id=83
/dev/mmcblk0p14: start= 662208, size= 274432, Id=83
/dev/mmcblk0p15: start= 936704, size= 131072, Id=83
/dev/mmcblk0p16: start= 1067840, size= 3940352, Id=83
/dev/mmcblk0p17: start= 5008256, size= 10504192, Id=83
endpoint is not mentioned but size is mentioned.
Just little bit of command change would be alright.
instead of
Code:
n
l
"starting point"
"end point"
try
Code:
n
l
"starting point"
"+size"
so in 12th partition, it would be
Code:
n
l
52800
+15360
oh dear missed your captured partition
seems like steps 1~6 was in vain.
Anyway, what did you do @[email protected]
only 3rd partition alive (and they don't even exist)
try deleting 3rd partion, and recreate 1st one
I don't know how to skip to 5th one,,,, so I hope you have a good luck on that sorry.
Maybe just typing n,l,0,0 might skip one partition....
Thanks to rumirand and Siraki
I dont know how to create them, thats the problem.
It does connect and im using entropys daily btw.
updating when i get to doing this in a few minuetes
Jistropy said:
I dont know how to create them, thats the problem.
It does connect and im using entropys daily btw.
updating when i get to doing this in a few minuetes
Click to expand...
Click to collapse
yeah I edited it back again sorry haha
isn't entropy's for usa device?
is yours usa device? if so, it might not be safe to use 8gig internation partition table provided by rumirand.
Got a question, for
n
l
"starting point"
"end point"
do i press enter and type the next command or type in one line
how do i delete the third partition? (nevermind) Got one block done lol
Just want to thank developer MEV for all his support and for giving me the right direction to look into.
I have no fixed my problems as of yet, because I simply haven't been successful in understanding the steps towards solving it.
He redirected me for the partition tables: Click HERE!
Device Size (KiB) Mount Name Notes
/dev/block/mmcblk0 7757824 Internal eMMC disk device
/dev/block/mmcblk0p1 1 Extended partition containing everything else
/dev/block/mmcblk0p5 256 boot.bin Initial+Primary Bootloaders
/dev/block/mmcblk0p6 256 YPG70_8G-0304.pit Partition Information Table
/dev/block/mmcblk0p7 1280 Sbl.bin Secondary Bootloader
/dev/block/mmcblk0p8 1280 Sbl.bin SBL backup
/dev/block/mmcblk0p9 5120 /mnt/.lfs param.lfs param.blk and boot logos - source of recovery loops
/dev/block/mmcblk0p10 10240 /efs efs.rfs WiFi and BT MAC addresses - causes missing lockscreen
/dev/block/mmcblk0p11 7680 zImage Kernel
/dev/block/mmcblk0p12 7680 zImage "Recovery" kernel that is never used
/dev/block/mmcblk0p13 296960 /system factoryfs.rfs System partition
/dev/block/mmcblk0p14 137216 /dbdata dbdata.rfs Various Android/app databases
/dev/block/mmcblk0p15 65536 /cache cache.rfs Cache partition
/dev/block/mmcblk0p16 1970176 /data datafs.rfs Data partition (apps and their data)
/dev/block/mmcblk0p17 5252096 /sdcard userfs_8G.rfs "Emmc" "Usb Storage" - where your media goes
/dev/block/mmcblk1 <varies> External SD Card disk device
/dev/block/mmcblk1p1 <varies> /sdcard/external_sd External SD Card partition
Click to expand...
Click to collapse
My problem right now is that I do not understand after "fdisk /dev/block/mmcblk0" what am I suppose to to make the other blocks.
I cleared out the one I made because it starts at mmcblk0p3 or mmcblk0p4 but I don't know how to set different mmcblk0p##'s

How can i unpack/repack this system_1.img+system_2.img+...+system_8.img

I want to modify the Saihon X6 ROM, but the system.img is different from I've ever met, they put the system.img into 8 img, now do not know how to unpack/repack, I need help, need a detailed tutorial. Thank you
ht tp://pan.baidu.com/s/1pJAvLer
I tried this,and it not working
Run sudo mount -o loop system_1.img system
displays
Mount: wrong fs type, bad option, bad superblock on / dev/loop0,
Missing codepage or helper program, or Other Error
system log may have some important information,
try using dmesg | tail like a command.
Run dmesg | tail view LOG
display
[74.005499] audit_printk_skb: 18 callbacks suppressed
[74.005518] type = 1400 Audit (1360118240.727:23): AppArmor = "DENIED" operation = "capable" parent = 1 Profile = "/ usr / lib / Telepathy / mission-control-5 "pid = 1553 COMM =" mission-control "Capability = 23 capname =" sys_nice "
[74.415356] type = 1400 Audit (1360118241.135:24): AppArmor = "DENIED" operation = "Open" parent = 1 profile = "/ usr/lib/telepathy/mission-control-5" name = "/ usr / share / gvfs / remote-volume-monitors /" pid = 1553 comm = "mission-control" requested_mask = "r" denied_mask = "r" fsuid = 0 ouid = 0
[365.116251] EXT4-fs (loop0): bad geometry: Block count 97 656 Exceeds Size of device (32767 Blocks)
[579.113993] hrtimer: interrupt took 5,682,946 ns
[630.545278] EXT4-fs ( loop0): bad geometry: Block count ninety-seven thousand six hundred and fifty-six Exceeds Size of device (32767 Blocks)
[644.026965] EXT4-fs (loop0): Unrecognized Mount option "loop1" or Missing value
[670.312507] EXT4-fs (loop0): bad geometry: Block count ninety-seven thousand six hundred fifty-six Exceeds Size of device (32767 Blocks)
[788.599457] EXT4-fs (loop0): bad geometry: 76800 Block count Exceeds Size of device (1657 Blocks)
[1008.514549] EXT4-fs (loop0): bad geometry: Block count 97,656 exceeds size of device (32767 blocks)
file system_1.img
results
system_1.img: Linux rev 1.0 ext4 filesystem data, UUID = 57f8f4bc-abf4-655f-bf67-946fc0f9f25b (extents) (large files)
https://forum.xda-developers.com/an...ide-how-to-unpack-repack-system1-img-t3567741

How can i unpack/repack this system_1.img+system_2.img+...+system_8.img

I want to modify the Saihon X6 ROM, but the system.img is different from I've ever met, they put the system.img into 8 img, now do not know how to unpack/repack, I need help, need a detailed tutorial. Thank you
ht tp://pan.baidu.com/s/1pJAvLer
I tried this,and it not working
Run sudo mount -o loop system_1.img system
displays
Mount: wrong fs type, bad option, bad superblock on / dev/loop0,
Missing codepage or helper program, or Other Error
system log may have some important information,
try using dmesg | tail like a command.
Run dmesg | tail view LOG
display
[74.005499] audit_printk_skb: 18 callbacks suppressed
[74.005518] type = 1400 Audit (1360118240.727:23): AppArmor = "DENIED" operation = "capable" parent = 1 Profile = "/ usr / lib / Telepathy / mission-control-5 "pid = 1553 COMM =" mission-control "Capability = 23 capname =" sys_nice "
[74.415356] type = 1400 Audit (1360118241.135:24): AppArmor = "DENIED" operation = "Open" parent = 1 profile = "/ usr/lib/telepathy/mission-control-5" name = "/ usr / share / gvfs / remote-volume-monitors /" pid = 1553 comm = "mission-control" requested_mask = "r" denied_mask = "r" fsuid = 0 ouid = 0
[365.116251] EXT4-fs (loop0): bad geometry: Block count 97 656 Exceeds Size of device (32767 Blocks)
[579.113993] hrtimer: interrupt took 5,682,946 ns
[630.545278] EXT4-fs ( loop0): bad geometry: Block count ninety-seven thousand six hundred and fifty-six Exceeds Size of device (32767 Blocks)
[644.026965] EXT4-fs (loop0): Unrecognized Mount option "loop1" or Missing value
[670.312507] EXT4-fs (loop0): bad geometry: Block count ninety-seven thousand six hundred fifty-six Exceeds Size of device (32767 Blocks)
[788.599457] EXT4-fs (loop0): bad geometry: 76800 Block count Exceeds Size of device (1657 Blocks)
[1008.514549] EXT4-fs (loop0): bad geometry: Block count 97,656 exceeds size of device (32767 blocks)
file system_1.img
results
system_1.img: Linux rev 1.0 ext4 filesystem data, UUID = 57f8f4bc-abf4-655f-bf67-946fc0f9f25b (extents) (large files)

[Q] S3 Neo+ I9301, KitKat possibly crashing the phone?

Hi, ive recently bought a phone I9301 (the one with 1.5gb RAM and 4.4.2 kitkat from 12th August)
but the main problem is that the phone happens to restart itself
it does it very often when (i think) something wakes it up from the Deep Sleep (after about 10minutes of doing nothing) like:
- unlocking the phone
- setting the alarm
- receiving a call
sometimes it restarts automatically when i'm not using it
ive checked the android there are no Kernel panic logs left, no crash logs at all
tried to crash the phone while having it connected to the Catlog via USB, but it doesnt go Deep Sleep while charging (so the alarm and calls worked) but managed to crash it once
thats what the CatLog left me with
Code:
10-04 13:31:30.145: E/SMD(225): DCD ON
10-04 13:31:30.345: E/adsprpc(254): vendor/qcom/proprietary/adsprpc/src/listener_android.c:124:listener protocol failure -1
10-04 13:31:30.355: E/adsprpc(254): vendor/qcom/proprietary/adsprpc/src/listener_android.c:128::error: -1: 0 == (nErr = __QAIC_HEADER(adsp_listener_next_invoke)( ctx, nErr, 0, 0, &ctx, &handle, &sc, bufs->inbufs, inBufsAllocated, bufs->inbufLenReqs, MAX_BUFS, bufs->outbufLenReqs, MAX_BUFS))
10-04 13:31:30.365: E/adsprpc(254): vendor/qcom/proprietary/adsprpc/src/listener_android.c:187:listener thread exiting with code -1
10-04 13:31:30.365: E/adsprpc(254): vendor/qcom/proprietary/adsprpc/src/fastrpc_apps_user.c:215::error: -1: 0 == (nErr = remotectl_open(name, (int*)ph, dlerrstr, sizeof(dlerrstr), &dlerr))
10-04 13:31:30.375: E/adsprpc(254): vendor/qcom/proprietary/adsprpc/src/listener_android.c:189:listener thread failed to cleanly shutdown. This is ok durring process exit.
10-04 13:31:30.375: E/adsprpc(254): vendor/qcom/proprietary/adsprpc/src/fastrpc_apps_user.c:215::error: -1: 0 == (nErr = remotectl_open(name, (int*)ph, dlerrstr, sizeof(dlerrstr), &dlerr))
10-04 13:31:30.375: E/adsprpc(254): vendor/qcom/proprietary/adsprpc/src/fastrpc_apps_user.c:215::error: -1: 0 == (nErr = remotectl_open(name, (int*)ph, dlerrstr, sizeof(dlerrstr), &dlerr))
10-04 13:31:30.375: E/adsprpc(254): vendor/qcom/proprietary/adsprpc/src/fastrpc_apps_user.c:215::error: -1: 0 == (nErr = remotectl_open(name, (int*)ph, dlerrstr, sizeof(dlerrstr), &dlerr))
10-04 13:31:30.385: E/adsprpc(254): vendor/qcom/proprietary/adsprpc/src/fastrpc_apps_user.c:215::error: -1: 0 == (nErr = remotectl_open(name, (int*)ph, dlerrstr, sizeof(dlerrstr), &dlerr))
: E/(): Device disconnected
(look at the bottom), i guess nothing special, however didnt find time to check what the remotectl_open function does in detail
its been to the Warranty 2 times, first time they 're' flashed the firmware, but the problem remained, tried disabling tons of built-in apps, hard reset, nothing works
second time they said theres nothing to do and all i have to do is just wait for the release of firmware update,
any ideas whats wrong with the phone?

adb bugreport returning strange bytes

I am using OS X 10.10.1 and adb version 1.0.32.
I wrote some python code to obtain the bugreport:
proc = subprocess.Popen( [ 'adb',
'-s',
udid,
'bugreport' ],
stdout = subprocess.PIPE,
stderr = subprocess.PIPE )
stddata = proc.communicate()
encodedBugReportString = stddata[0]
bugreportString = encodedBugReportString.decode( 'utf-8' )​
The problem is that it fails to decode what adb returns because some of the bytes are outside of valid utf-8.
Is it a known issue that adb bugreport can return bytes which have been corrupted?
Is the encoding of what 'adb bugreport' returns not 'utf-8'? If not 'utf-8', what is the encoding that it is using?

Categories

Resources