Better Mobile App

Securing your android after ROOT

Hello everyone,
Its been great to have root on your X10 using the method posted here:
http://forum.xda-developers.com/showthread.php?t=711907
Well, this method works all right but I did some investigating of my own to audit the state of the system after its been rooted. Thanks to the discussions you may find here: http://forum.xda-developers.com/showthread.php?t=712178, the original developers soon chose to update the Rooting tutorial with some additional steps (See post #2 and #4 of the rooting thread). This is all good, because now you have the real power to act as a the *real* superuser i.e uid 0.
Most of the discussions that follow are only intended for users who are well versed with general *NIX security and concepts about user ids, permissions and other things. So please disregard this post if you have no ideas of these concepts.
Ok, so first things first. I basically followed the root tutorial as it is all the way upto step3 (or step3a as in my case). Remember, you essentially have a rooted phone right after step2, step3/3a just adds the updated baseband firmware, which has no effect whatsoever on the subsequent things that you do to your phone.
Well essentially, what I did do was install the "su" binary and the "Superuser.apk" following in the lines of step4v2 (post #2 in root thread). These are essential to give you control over your system as without them you are simply relying on a hacked "sh" binary which runs with elevated privileges. Here are the file permission masks for the "sh" binary which gets installed after the FOTA in step2:
Code:
# ls -l sh
ls -l sh
-rwsrwsrwx root root 86944 2010-06-28 18:08 sh
#
Wait!!! This is *not* quite ok. What this means is that any process can use this binary to gain super user privileges. This binary is setuid and setgid root!!!
Well you might say that... so is the case for "su":
Code:
# ls -l su
ls -l su
-rwsrwsrwx root root 22120 2010-06-28 08:08 su
#
But, this is different because its use is controlled by the Superuser Whitelist application that was installed with Superuser.apk.
This difference is crucial because if any non-privileged application and process forks and execs "su", the Superuser Whitelist app would immediately post a notification screen on the phone and provide options to allow or disallow.
With the "sh" binary installed on your phone as it is, you are basically inviting *any* application to be able to do anything it wants to your phone... and all this without your knowledge!!!
To test this theory, all you need to do is simply install one of the terminal emulators floating around the market or use the one provided in the rooting thread under the step4/app folder and launch it. It straight away, launches you into a root shell. Here is a screen shot of what you can do this way:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
(Remember, no warnings, no notifications and all this can be done by any app under the hood)
Here is what you can do to make your phone more secure.
Step1: Download an alternative shell or simply change the permissions on the "sh" binary:
Code:
# cd /system/bin
# chmod 755 sh
Step2: In case you downloaded an alternative shell like "bash" and copied it under your /system/bin folder, simply get rid of the original "sh" binary and create a symlink to the one you download, for ex: bash:
Code:
# cd /system/bin
# rm sh
# ln -s bash sh
(Note: the above steps assume that you have /system mounted as rw, if you don't know what that means, then you should not be reading this, sorry)
Remember, when installing any alternative shell make sure that its permission mode is set to 755 or lower. I recommend to *never* set the setuid and setgid bits on the shell!!!
Here is what I did personally:
Installed bash from here: http://forum.xda-developers.com/showthread.php?t=537827
Installed it under /system/bin *without* the setuid and setgid bits
Removed the "sh" binary
Created a symlink named "sh" to the binary "bash"
This way, whenever I launch "adb shell" or use any terminal emulator on my phone, I always get a un-privileged shell. To get root, simply fire "su".
PS: This information is not intended for casual users who have limited or no knowledge of UNIX or UNIX like sytems like Linux, Adrdoid SDK commands like adb or don't know their way around if faced with a command line!!!
PS: Another post with some steps to properly secure the system: http://forum.xda-developers.com/showthread.php?t=712945

lmao..
http://forum.xda-developers.com/showthread.php?t=712945

zephyrix said:
lmao..
http://forum.xda-developers.com/showthread.php?t=712945
Click to expand...
Click to collapse
lol, you must've done this while I was writing mine!!
Anyways, its good to have this info out and I do point out some concepts detailing *why* this is a problem.

Definitely.
Make sure people have installed a proper way to elevate to root before attempting to change sh to not setuid, or they may screw themselves over lol

Thanks for your guide! Much appreciated would be an understatement.

is there any other way of testing that as using tht method in ur given picture now says read only error does this mean i successfully secured my root?

bcool15 said:
is there any other way of testing that as using tht method in ur given picture now says read only error does this mean i successfully secured my root?
Click to expand...
Click to collapse
Oh... I think I forgot to show this, but essentially you need to get the system partition into read/write mode as well. So it will be one more command before the write is attempted:
# mount -o remount,rw -t yaffs2 /dev/mtdblock2 /system
...
...
# echo "I can...

j4mm3r said:
Oh... I think I forgot to show this, but essentially you need to get the system partition into read/write mode as well. So it will be one more command before the write is attempted:
# mount -o remount,rw -t yaffs2 /dev/mtdblock2 /system
...
...
# echo "I can...
Click to expand...
Click to collapse
thats the command which stoppped wrkin so i just redid whole rooting procedure with new v3 update does it still need securing?

bcool15 said:
thats the command which stoppped wrkin so i just redid whole rooting procedure with new v3 update does it still need securing?
Click to expand...
Click to collapse
Dont worry about the example shown in the screen shot. That is just to illustrate what a setuid "sh" binary can do to your system.

j4mm3r said:
Dont worry about the example shown in the screen shot. That is just to illustrate what a setuid "sh" binary can do to your system.
Click to expand...
Click to collapse
this securing procedure isnt working on my new root any suggestions?
please
Regards,

bcool15 said:
this securing procedure isnt working on my new root any suggestions?
please
Regards,
Click to expand...
Click to collapse
Exactly what procedure are you referring to? The post is just meant to be a set of guidelines of a vulnerability that existed on the phone after it was rooted using "the root procedure" at the time this was posted.
If you have a "sh" binary on your phone which is setuid and setgid, then you have this vulnerability. I haven't updated the post with results from any new root procedures that have been posted since, but I suspect even the newer methods posted so far in the "root thread" don't get rid of the compromised "sh" binary.
Please ignore if you don't know what setuid and setgid means.

Clean and pre-rooted 2.1 ROM

All credits go to pulpoff2 for this! This is not by me, I am merely the messenger. Only thing I did was to ask pulpoff for the files and a tutorial With his permission I will share it with you.
This will provide you with a fresh and unmodified 2.1-system, exactly like you would do the official update - only exception is that it is rooted. So all the apps and games of the official firmware are available and nothing else. You can remove the crap (like the games or timescape for example) by yourself after doing the steps below.
UPDATE:
There is a newer ROM by propc you can use instead of this one. Look here:
http://forum.xda-developers.com/showthread.php?t=888427
-- NEW --
propc kindly provides us with a shellscript to automate the steps below. See here for the script and a short manual:
http://forum.xda-developers.com/showpost.php?p=10067921&postcount=120
If the script doesn't work for you or you prefer to do things the manual way, you may use the steps below.
Download these files:
x8-2.1rooted.img.yaffs.rar
and
ISO-8859-1__unyaffs-arm.rar
Also download the 2.1-firmware from here or here. Unpack it on your computer and delete the "system.sin".
Unpack "x8rooted.img", "busybox" and "unyaffs" to SDcard.
You need 1.6 with root on your phone. By the way, all the data on your phone will be lost after doing the following steps, so making a backup is advised.
Use "adb shell" to connect to your phone and become su:
Code:
su
Copy "busybox" and "unyaffs" to /data/local/tmp. (Pulpoff says you should copy to /sbin, but this requires remounting with busybox. I copied to /sbin, but I think /data/local/tmp should work just fine)
Code:
cd /data/local/tmp
cat /sdcard/busybox > busybox
cat /sdcard/unyaffs > unyaffs
chmod the files to make them executable:
Code:
chmod 755 busybox
chmod 755 unyaffs
EDIT: If you want to copy the files to /sbin (like pulpoff2 advises), you can do this OPTIONAL step:
EDIT2: It was confirmed that this is indeed not necessary!
Remount the root directory to make /sbin writable. Then copy the files over and change the working directory to /sbin:
Code:
[strike]
./busybox mount -o remount,rw /
./busybox cp -prf busybox /sbin/
./busybox cp -prf unyaffs /sbin/
cd /sbin[/strike]
Remount /system as writable:
Code:
mount -o remount,rw /dev/block/mtdblock0 /system
Switch to busybox shell:
Code:
./busybox sh
Remove /system (yes, really!). It's normal to get errors because of the "lost+found"-folders. Ignore the errors.
Code:
./busybox rm -r /system
Unpack pre-rooted image to system. It should output "end of image" if it finishes correctly.
Code:
./unyaffs /sdcard/x8rooted.img /system
Your phone won't boot anymore now and it will crash as soon as you try to use it - that's normal! Go to next step.
Just remove the battery and the usb-cable from the phone, then re-attach the battery. Flash 2.1-kernel (without system.sin !!) using the flasher-tool by Bin4ry. If the flasher gives you an error because of a missing "loader.sin" you can take this file from the 1.6-firmware. Refer to Bin4ry's thread to learn how to use his flasher and how to enter flash-mode on your phone.
The phone should now boot, although the first boot can take a little while. If you get into a boot-loop or you just see the white sony ericsson logo (not the green one after the animation) for several minutes, it probably didn't work and you have to start over again by flashing 1.6.
This was written as I remember how I did it by myself. It worked for me at first try! If it works for you, please click the thanks-button. It will make me feel better
After you have your nice rooted 2.1 you probably want to enable JIT for a nice performance boost.

But does it have root? Bad reading.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

a-k-t-w said:
But does it have root?
Click to expand...
Click to collapse
Absolutely. But no busybox. So if you plan to enable JIT, you have to copy busybox to /system/bin by yourself.

a-k-t-w said:
But does it have root? Bad reading.
Click to expand...
Click to collapse
of course it is rooted.
now we know what to do with unyaffs.

2 things:
1. I've bought the phone with 1.6 android, but I was unable to root it with any method, then I've upgraded to 2.1 update 1. Is there any way to root it?
2. I have Hungarian language. Does it contain Hungarian language?

csengoi said:
2 things:
1. I've bought the phone with 1.6 android, but I was unable to root it with any method, then I've upgraded to 2.1 update 1. Is there any way to root it?
2. I have Hungarian language. Does it contain Hungarian language?
Click to expand...
Click to collapse
1: There is no way to directly root a phone with 2.1. You need to go back to 1.6, root it and then follow the above steps.
2: I guess so. As far as I know the firmware is the same for all countries.

Works like a charm! I removed the /system folder contents one by one though, using the method from the previous thread. Anyway, the first time I tried, unyaffs exited before extracting all the files (maybe the phone ran out of memory?). I didn't notice it and went on to flash the phone, ending up stuck at the Sony Ericsson logo. So, make sure that unyaffs reports that it has reached the "end of image" before moving on to the next step!
Thanks!!

cat /sdcard/busybox > busybox invalid lenght
cat /sdcard/unyaffs > unyaffs invalid lenght
how to proceed?

isaac12 said:
cat /sdcard/busybox > busybox invalid lenght
cat /sdcard/unyaffs > unyaffs invalid lenght
how to proceed?
Click to expand...
Click to collapse
in adb shell:
enter su and you have to look your mobile screen because it will ask you to allow su. (if you rooted well your phone)
i had this problem when i didn't press the allow button in superuser confirmation.

---dobule post--- sorry

trapacska said:
in adb shell:
enter su and you have to look your mobile screen because it will ask you to allow su. (if you rooted well your phone)
i had this problem when i didn't press the allow button in superuser confirmation.
Click to expand...
Click to collapse
rooted phone yes
su confirmed
cd /data/local/tmp
cat /sdcard/busybox > busybox invalid lenght
cat /sdcard/unyaffs > unyaffs invalid lenght

does it mount data.img on sdcard???
or i'll need to use chargemon from previous way?

WARR10r said:
does it mount data.img on sdcard???
or i'll need to use chargemon from previous way?
Click to expand...
Click to collapse
This has nothing to do with App2SD. Also the ROM gets loaded from internal flash, not from sdcard. The result is the same as with the official update, but with root.
If you want to have /data on sdcard, use the modified chargemon or neptun2's method.

I'm totally new to android but somehow i managed to get to number 8, and I have no idea how to switch to busybox shell, can somebody explain this bit in lamens terms please.

gully666uk said:
I'm totally new to android but somehow i managed to get to number 8, and I have no idea how to switch to busybox shell, can somebody explain this bit in lamens terms please.
Click to expand...
Click to collapse
try adding ./ before

gully666uk said:
I'm totally new to android but somehow i managed to get to number 8, and I have no idea how to switch to busybox shell, can somebody explain this bit in lamens terms please.
Click to expand...
Click to collapse
You should still be in "/data/local/tmp" as the working directory (check with "pwd"-command). If you followed the steps correctly, you should have a working busybox-file in there. So just type "busybox sh". If it looks like it does nothing, it's all right

isaac12 said:
rooted phone yes
su confirmed
cd /data/local/tmp
cat /sdcard/busybox > busybox invalid lenght
cat /sdcard/unyaffs > unyaffs invalid lenght
Click to expand...
Click to collapse
try to use another su. i rooted my x8 with superoneclick 1.5.0

I got stuck at SE logo for at least 10mins, it doesnt re-boot cycle although..

Sectoras said:
I got stuck at SE logo for at least 10mins, it doesnt re-boot cycle although..
Click to expand...
Click to collapse
That's way too long, something isn't right there. To start over again you have to flash back to 1.6.

Ok I had not realised the superuser permissions was not popping up on my phone that's sorted now. I get to number 8 again and it said permission denied

Yes another ROOTME thread... But this is Root + OC AIO

Difference between Pre-OTA and Post-OTA: Pre-OTA means you did NOT accept the Over The Air system update. Post means you did
Click to expand...
Click to collapse
Well... I used all of the root tools and scripts... i always had a problem where no matter what only one program would get root. Then Titanium Backup wouldnt acquire root EVER...
Then I tried the new perma temp root and still nothing.
So i did what I do best and tweaked the .bat a bit and added automatic OC scripting. Only reason I am making this thread is to help those who could not fix FULL temp root. With this I was able to always run TiBu and SetCPU no probs. I achieved this by added the ./fixsu.sh into the /bat into /vendor/bin.
There is a point where it says you HAVE to wait ten seconds... You do. I do the whole root process with my screen off just to be safe. If it reboots your phone, it means the CPU was active while you tried to alter its settings.
Also, I went ahead and added the commands to push LKM right after ROOT, and made it scale up to my highest stable undervolted frequency. Note: you can change the settings within the .bat if you want higher/lower freqs+uV. [scpll_l_val=[B]32[/B] is the frequency step. 33 is 1.8GHz and 37 is 2.0GHz(good luck! haha). 37 IS the highest you can try. vdd_uv=1320000 is the voltage. If you try anything 1188000 or below you will be locked to stock clock settings. Stock voltage is 1188000, afterall....
Thanks to coolbho3000 for the LKM (and SetCPU of course, GO BUY IT FOR HIM, he deserves the $$$). And thanks to teamwin for the root... and thanks to
eugene373 for sharing about /vendor/bin.
This is probably what you wanna read
So much text for such an easy process. JUST run the .bat Press any key when it says... READ what it says afterwards [wait 10 seconds with no activity AND screen OFF]... Press a key to continue. Go to SetCPU and Overclock. This WILL make all your programs have permanent temporary root (if you reboot you must reroot!)
Update:Ok then. I went ahead and added another .bat file which is for people who DON'T want anything auto uninstalled (which is honestly just [email protected]@)
adb shell rm -r /system/app/slackerradio.apk
adb shell rm -r /system/app/TMOUS_Navigator.apk
adb shell rm -r /system/app/Transfer-pyramid-8.30.0.26-S30.apk
adb shell rm -r /system/app/Protips.apk
adb shell rm -r /system/app/Protips.odex
adb shell rm -r /system/app/IdleScreen_Stock.apk
adb shell rm -r /system/app/IdleScreen_Stock.odex
adb shell rm -r /system/app/HtcTipWidget.apk
adb shell rm -r /system/app/HtcTipWidget.odex
adb shell rm -r /system/app/com.htc.TrendsWidget.apk
adb shell rm -r /system/app/com.htc.TrendsWidget.odex
adb shell rm -r /system/app/com.mobitv.client.tmobiletvhd.apk
adb shell rm -r /system/app/FusionStockWidget.apk
adb shell rm -r /system/app/FusionStockWidget.odex
adb shell rm -r /system/app/Stock.apk
adb shell rm -r /system/app/Stock.odex
adb shell rm -r /system/app/slackerradio.apk
adb shell rm -r /system/app/TMOUS_Navigator.apk
adb shell rm -r /system/app/Transfer-pyramid-8.30.0.26-S30.apk
adb shell rm -r /system/app/Protips.apk
adb shell rm -r /system/app/Protips.odex
adb shell rm -r /system/app/IdleScreen_Stock.apk
adb shell rm -r /system/app/IdleScreen_Stock.odex
adb shell rm -r /system/app/HtcTipWidget.apk
adb shell rm -r /system/app/HtcTipWidget.odex
adb shell rm -r /system/app/com.htc.TrendsWidget.apk
adb shell rm -r /system/app/com.htc.TrendsWidget.odex
adb shell rm -r /system/app/com.mobitv.client.tmobiletvhd.apk
adb shell rm -r /system/app/FusionStockWidget.apk
adb shell rm -r /system/app/FusionStockWidget.odex
adb shell rm -r /system/app/Stock.apk
adb shell rm -r /system/app/Stock.odex
Also, updated the fixsu.sh to be overkill, it will send to both, /data AND /vendor. This is just for those picky phones. Won't have any negative effect on anyone.
Additionally, I found a TEMPSU.BAT in another thread and went ahead and overkilled that one on the pathing too. The tempsu.bat is for those who have issue with SuperUser and/or Force Closes in trying to reach it. First, Uninstall Superuser by using the default uninstaller (clear data first!). Reboot your phone. KEEP the screen OFF. Run the ROOT.bat. After its complete leave the screen off. Then run TEMPSU.BAT. Should be no problems anymore. I came from a LONG line of SuperUser FCs. I could only get one program at a time to get ROOT. Once I got it to work the right at last, it hasn't reappeared. So don't worry.
Click to expand...
Click to collapse
dhoshman said:
Please make a version that is mac compatible PLeeeeaase. At least a linux comp version.
Click to expand...
Click to collapse
View this guys' thread for linux
Get the updated zip on a lower post 1st page
============================================================
tuscani1821 said:
Can't seem to get root to work. When it installs oc it always resets too. I have the screen off like it says. Adb drivers are installed and I can root by other methods just not this one. Maybe the oc voltage is too high that's packed in the script?
Sent from my PG86100 using Tapatalk
Click to expand...
Click to collapse
I can think of 2 problems. Either you CPU is finicky and won't run on 1.7 (32), or you are pressing 'any key' in too quick of a succession. There will be one prompt for 'any key to continue', then it will pause again with text saying to wait, and THEN press a key again. If you are doing it right and know it, try changing the OC from 32 to 30 (and lower the voltage a bit also). If still doesn't work, do the RUU reflash method and start the script on a fresh install.
bballer71418 said:
On every root method I try I can't get my device to connect. I set up adb on my comp using the unlocker tutorial and it worked on my og evo. Any reason why I can't get adb to connect to ny 3VO?
Sent from my PG86100 using XDA Premium App
Click to expand...
Click to collapse
If you are using Win7 or Vista (same thing, really) @ 64bit, you have to remember that the drivers for ADB 64bit are not digitally signed. So you will have to press F8 key at your PC startup, then select 'Disable Driver Signature Enforcement. Be sure to go into the Device Manager and ensure you see 'ADB Android Interface' under 'Android Phones'. If you see a triangle with a yellow thing it means the driver is not properly loaded. This is the only thing that will keep ADB from recognizing your phone... That or you have USB Debugging disabled on your phone (Menu>Settings>Applications>Development.
ianoob said:
Been running for almost a day strait now. The only wierd thing is I keep getting the popup saying SetCPU has been granted SU permission every 30sec or so while the phone is in use :s
Edit, before I get flamed... I know I can tell SU not to warn me, but SetCPU has never done this to me except after reboots.
Sent from my PG86100 using XDA Premium App
Click to expand...
Click to collapse
Yea I get it too. The problem is eMMC is making us lose the temp root. But thanks to the original founder, we can add and symlink to /vendor/bin and just have the system reapply the privileges.
fdavila17 said:
Guys which one I'm I suppose to download?
Sent from my PG86100 using XDA Premium App
Click to expand...
Click to collapse
POST-after OTA
PRE-Before OTA
IF you KNOW that you are doing it all right and are getting errors out the ying yang, read BELOW
ierv69 said:
Could you please tell me a link to download the ruu file..
I'm on 1.11.651.2
Click to expand...
Click to collapse
RUU_Shooter_Sprint_WWE_1.11.651.2_Radio_radio_0.97 .00.0518_NV_SPCS_1.15_release_193503_signed.exe
1.11
Click to expand...
Click to collapse
RUU_Shooter_S_Sprint_WWE_1.13.651.7_Radio_0.97.10. 0530_NV_NV_SPCS_1.16_release
Click to expand...
Click to collapse
First do the first RUU... Then go ahead and do the next one. Don't worry about any exploits that may be covered up, the kernel is the same and more than likely nothing else of value was touched... Since it wasn't noticed. Just do it. Then use the POST Ota zip.
worked now didnt it HAHAHAHAHAHAHA

I get a 'file is broken' error on adb.exe. I wouldn't care since I have adb already on my desktop and in my path, but it won't finish extracting files with that file dying. Not sure if it's just me or not.
This is on the pre-ota rar file.

smw6180 said:
I get a 'file is broken' error on adb.exe. I wouldn't care since I have adb already on my desktop and in my path, but it won't finish extracting files with that file dying. Not sure if it's just me or not.
This is on the pre-ota rar file.
Click to expand...
Click to collapse
yea... i see... everytime i upload it gets corrupted... joy...
UPDATE: Reuploaded and fixed... Checked it myself. Enjoy

Thanks for making overclocking dummy proof. I am tired and saw this post after seeing the overclock thread and thinking *that's too much for the morning*.
Good job.

Tilde88 said:
yea... i see... everytime i upload it gets corrupted... joy...
UPDATE: Reuploaded and fixed... Checked it myself. Enjoy
Click to expand...
Click to collapse
Yep, that fixed it. About to check it out. Thanks!

akiradavis said:
Thanks for making overclocking dummy proof. I am tired and saw this post after seeing the overclock thread and thinking *that's too much for the morning*.
Good job.
Click to expand...
Click to collapse
no problem man. Now that I have my phone basically with full Root privs, I dont need to restart anymore. But in the rare event that I HAVE to... It'll be 45 seconds to root and OC with nothing done.
i just wish i could do something about all the hostility in this forum...

i have tried this 2 times now.. the rooting process seems to go fine, but when the damn setCPU app tries to run, it says it cannot access root or whatever.. basically leaving me in setCPU safemode, where nothing can be done.. not sure whats goin on.. tried doing it the manual way before your .bat got uploaded and same stuff happened.. i know i have root cause i can see # in adb shell.. any suggestions.. its the latest SetCPU 2.2.4
EDIT: I think I finally got it.. for some reason, after reboots, superuser didnt uninstall.. so i uninstalled before i ran .bat and i opened titanium backup to check if it would request root from superuser and it did. i then opened setCPU and it requested superuser also.. was able to get it up to 1.8Ghz without shooting any commands. i had to do a autodetect though to get it to recognize correct cpu frequencies.. after that, i ran a full benchmark in Quadrant.. got a 2775!! W00t

Tilde88 said:
So much text for such an easy process. JUST run the .bat Press any key when it says... READ what it says afterwards [wait 10 seconds with no activity AND screen OFF]... Press a key to continue. Go to SetCPU and Overclock. This WILL make all your programs have permanent temporary root (if you reboot you must reroot!)
Click to expand...
Click to collapse
might want to alert people you put in some removal of stock apps - not a big deal cause i looked at your .bat first, but some people may not.
thanks for the script too!

worked first time. And Riggs, yeah, first thing I did was check the bat file and removed the remove lines.

First, thanks for this! Second, I'm not 100% sure, but I think the fixsu.sh file needs changed.. you are pushing busybox/su/etc to /vendor/bin, but fixsu.sh thinks they are still in /data/local/tmp.
If I'm wrong, ignore me... but it's throwing a number of errors that do not seem right..
Thanks again,
Scott

I had the same problem with Superuser. I had to uninstall it before this script would work.
And I wasn't crazy about the app removal lines either.. I removed them from my copy of the script.
Scott

Delvorak said:
First, thanks for this! Second, I'm not 100% sure, but I think the fixsu.sh file needs changed.. you are pushing busybox/su/etc to /vendor/bin, but fixsu.sh thinks they are still in /data/local/tmp.
If I'm wrong, ignore me... but it's throwing a number of errors that do not seem right..
Thanks again,
Scott
Click to expand...
Click to collapse
I noticed error when that part of process went thru in .bat also.. returned with error that no such file or directory exists... But last run of .bat though, went thru as far as setCPU n titanium backup..
:Sent from my EVO 3D:

Here are some screenies of setCPU n Quadrant score after running .bat n getting it OC'd.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
:Sent from my EVO 3D:

Flawless! Can't thank you enough.
DDD-EVO

Does this wrk on a MAC
Sent from my PG86100 using XDA Premium App

drewski83 said:
Here are some screenies of setCPU n Quadrant score after running .bat n getting it OC'd.
:Sent from my EVO 3D:
Click to expand...
Click to collapse
Same here but no go with Titanium B, oh well.........

i ran the early version of fr3vo, then the one from yesterday (with /vendor/bin), then this one early morning. fr3vo and this script have given me titanium backup/msl reader working.
1728mhz good -- 2179 on quadrant.
edit: barnacle not working at all. i can see the ad-hoc network but im unable to connect/get an IP.

Best Permanent Temp Root so far... Thanks Bro!

Guys which one I'm I suppose to download?
Sent from my PG86100 using XDA Premium App

OC!!!
HI, Everything went fine, I have almost all my root apps working fine. But When I go to SetCPU thr freq is 1188 and the min I put it on 192000.. Cant make the max go more..Please help!!!!

[MOD] 1.8GHz+ overclock module for HTC EVO 4G LTE

EDIT: Perflock really doesnt allow the settings to stick. Sure you can change them in Set CPU or a similar app, but after using CPU Spy and realizing that the phone does not clock to above 1.5GHZ unless Set CPU is open this is considered pretty much useless until a custom kernel comes that disables perflock. Sorry.
First I want to say thanks to Haus for showing me how to do this, his thread is here. This is not my own release but rather I modded coolbho3000's original module to work with our phones. The rest of the post will be word for word verbatim of his post.
Instructions
Install the overclock (only once):
1. Push the kernel module to your device, make sure it is the krait_oc.ko file, not the krait_oc.ko.bak file:
Code:
adb push krait_oc.ko /data/local
2. Install the new thermald.conf, making sure to back up the old one, and reboot. The thermald.conf is included in the download. If you want to target a frequency other than 1809000 KHz, you should edit the thermald.conf and replace "1809000" to whatever frequency you want to target.
Code:
adb push thermald.conf /data/local
adb shell
su
mount -o rw,remount /system
cp /system/etc/thermald.conf /system/etc/thermald.conf.bak
rm -r /system/etc/thermald.conf
cp /data/local/thermald.conf /system/etc
reboot
Load the overclock (every time you reboot):
1. Load the kernel module (replace pll_l_val and vdd_uv with your desired voltages and L value as explained above. It defaults to 67 and 1300000 if you don't give it any parameters):
Code:
adb shell
su
insmod /data/local/krait_oc.ko pll_l_val=67 vdd_uv=1300000
2. Bring core 1 temporarily offline so it gets updated with the new max frequency:
Code:
echo 0 > /sys/devices/system/cpu/cpu1/online
3. You'll now have an additional CPU frequency! SetCPU can configure your maximum frequency up to this speed. You can also choose to keep running at 1.5GHz at any time - this method doesn't eliminate any available frequencies. Set the max at 1.8GHz to verify it's stable here.
4. Restart thermald by running "ps". Look for "thermald" in the list, and find thermald's pid (it's usually a number in the low hundreds, higher up in the list). Run "kill [thermald's PID]" in adb shell. The kernel does not currently have kernel-level temperature throttling turned on, so thermald is important for now.
Remove the overclock by restoring your backup of thermald.conf:
Code:
adb shell
su
mount -o rw,remount /system
rm -r /system/etc/thermald.conf
cp /system/etc/thermald.conf.bak /system/etc/thermald.conf
rm -r /system/etc/thermald.conf.bak
reboot
Rebooting clears any kernel modules that are loaded, so you're now clean. You can then delete anything left over in /data/local, but it doesn't matter.
Download
Link to Modded Krait_OC Modules for HTC EVO 4G LTE

Whaaa? Thanks!
Sent from my EVO using Tapatalk 2

This is amazing. We can overclock before kernel source drops... Thank you devs once again for exceeding my expectations!
Sent from my EVO using xda app-developers app

yeZZZZURRRRRR!!!!! sweet nice work brA!!!!!!!! THANKS :victory::highfive:

Nice work
Sent from my EVO LTE

Seems a little complicated for me but can't wait to see how this thing does oc'd so we know what to expect when Kernel source is released ..

Code:
echo 0 > /sys/devices/system/cpu/cpu1/online
I get permission denied at this point.

utnick said:
Code:
echo 0 > /sys/devices/system/cpu/cpu1/online
I get permission denied at this point.
Click to expand...
Click to collapse
Are you running it as root?
Sent from my LTEvo

locked and loaded running at 1.8 nice :good: have it set to 1.8 ondemand
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

i hope someone makes a video on this..im still a noob pretty much!! so i plug my phone in to my desktop and then what?? what to i have to put my phone in??

I'm working on making this an app fyi
Sent from my EVO LTE

what do i do what the zip??? lol sorry i know flash it but whats it do ?? i dont understand?? do i just flash the zip over my rom then do all that abd stuff???

evo401 said:
what do i do what the zip??? lol sorry i know flash it but whats it do ?? i dont understand?? do i just flash the zip over my rom then do all that abd stuff???
Click to expand...
Click to collapse
This is definitely not a flashable zip. Everything you need to do is in the OP, step by step.

Gibson.Dubs said:
Are you running it as root?
Sent from my LTEvo
Click to expand...
Click to collapse
Yes, yes I am.

evo401 said:
i hope someone makes a video on this..im still a noob pretty much!! so i plug my phone in to my desktop and then what?? what to i have to put my phone in??
Click to expand...
Click to collapse
If you are a newbie I would hold off on this. I don't consider my self a newbie and there is just something that scares me about messing with the kernel unless I'm 100% sure of what I'm doing.

It may need to be tweaked a bit. I crash a lot a 1.8. I'm not sure how you ran a qruadrant.

sracercelica said:
If you are a newbie I would hold off on this. I don't consider my self a newbie and there is just something that scares me about messing with the kernel unless I'm 100% sure of what I'm doing.
Click to expand...
Click to collapse
i never used abd shell ect.. all i kno how to do is flash radio's.. roms..kernels.. recoverys.. and root my last 3 evo's.. lol i never had to do anything like that?? im deff a noob to that!!:laugh: quess ill just have to wait till we get kernels!!
---------- Post added at 12:57 AM ---------- Previous post was at 12:53 AM ----------
Dread 7us said:
I'm working on making this an app fyi
Sent from my EVO LTE
Click to expand...
Click to collapse
that would be super sweet! :good:

this is similar to how we oc the E3D prior to kernel release, when we just had temp root. We used terminal emulator.

this does not play well with dual core mods. if you're running one then disable it.
the dual core mod won't let you turn off the second core to let it update the frequency.
dual core mod back to stock

Art2Fly said:
Code:
adb push thermald.conf /data/local
adb shell
su
[B]mount -o rw,remount /system[/B]
cp /system/etc/thermald.conf /system/etc/thermald.conf.bak
rm -r /system/etc/thermald.conf
cp /data/local/thermald.conf /system/etc
reboot
Click to expand...
Click to collapse
Shouldn't that be "mount -o remount,rw /system" ?

[APP][ROOT] WearToolbox V1.54 (16-04-2016)

DISCLAIMER:
I'm not responsible for damage to your phone or watch.
You are using this app at your own responsibility
WearToolbox was just an idea to make life easier.
With WearToolbox you can connect from your phone to your watch through adb, with this it's possible to send commands or sideload apps etc. (see features).
For now design doesn't matter for me, functionality does. Design will be better when app is in a further stage.
When enough people have tested it and provided me feedback, it will be released in the Play Store for easier updating.
The app is in DEVELOPMENT and TEST stage and can have BUGS.
Tested on LG Watch R with Android Wear 5.1.1 and LG G2 5.0.2
Have fun with it and let me know if it works or not!
FEATURES
- Automatic installation of necessary binaries (adb -> /system/bin/)
- Automatic connection
- Reboot (system, recovery, bootloader)
- Sideload apps (/sdcard/WearToolbox/sideload/)
- Uninstall apps
- Push files to /sdcard/
- Send adb commands (adb command)
- Send shell commands (adb shell command)
- ADB and shell command history
- Script parser for own created scripts
TODO:
- Make a nicer UI
IDEAS:
- Pull files
- ADB filebrowser
REQUIREMENTS
- Enabled debug and bluetooth debug on android watch, developer options (youtube)
- Enabled debug on phone, developer options
- Enabled debug in Android Wear app, under settings
- Rooted phone
FAQ:
Q: How to use root with shell:
A:
Code:
"su -c '[COMMAND]'"
Snippets:
Code:
"su -c 'echo 85 > /sys/class/timed_output/vibrator/amp'"
Code:
"su -c 'echo 120 > /sys/class/timed_output/vibrator/driving_ms'"
Code:
wm density 200
Q: How to sideload apps:
A: Place apk in the folder /sdcard/WearToolbox/sideload/, restart WearToolbox, choose right apk, click sideload, wait a long time
Q: How to use scripts:
A: Make for example a dummy.txt file in /sdcard/WearToolbox/scripts/ with shell commands in it. Each command on a newline. Save it, restart WearToolbox, test it.
Example (vibrate.txt):
Code:
cat /sys/class/timed_output/vibrator/amp
cat /sys/class/timed_output/vibrator/driving_ms
"su -c 'echo 85 > /sys/class/timed_output/vibrator/amp'"
"su -c 'echo 120 > /sys/class/timed_output/vibrator/driving_ms'"
cat /sys/class/timed_output/vibrator/amp
cat /sys/class/timed_output/vibrator/driving_ms
DOWNLOAD
https://play.google.com/apps/testing/com.diechel.xda.weartoolbox

I might go ahead and try this. Having something like this would be very very useful. (fyi, I believe you initial change log date has the wrong month. Unless it is June 31st already)

Rennat said:
I might go ahead and try this. Having something like this would be very very useful. (fyi, I believe you initial change log date has the wrong month. Unless it is June 31st already)
Click to expand...
Click to collapse
Haha yes youre right about the changelog Will change.
Let me know if it works and what you think about it.
What features would you like etc etc.

stuck on "Checking Connection" for me Sammy 5.1.1 S6 Edge (arm64) and LGWR 5.1.1
EDIT - seems to download binaries every time I open the app, still won't connect - perhaps something to do with arm64 architechture ???
EDIT2 - in Android Wear Manager bluetooth debugging ON, it says HOST disconnected, TARGET connected

kashortiexda said:
stuck on "Checking Connection" for me Sammy 5.1.1 S6 Edge (arm64) and LGWR 5.1.1
EDIT - seems to download binaries every time I open the app, still won't connect - perhaps something to do with arm64 architechture ???
EDIT2 - in Android Wear Manager bluetooth debugging ON, it says HOST disconnected, TARGET connected
Click to expand...
Click to collapse
- Can you check if the files 'adb' and 'fastboot' are present in /system/bin/
- What is there permission? should be 755
- Are the files 'adb' and 'fastboot' on your root of your /sdcard/
- Can you type 'adb' and 'fastboot' in terminal and post output
- Can you type 'mount -o remount, rw /system' in terminal and post output
For me HOST and TARGET are connected in Android Wear App

@Diechel , I have adb but not fastboot in /system/bin

Okay copied adb and fastbook to /system/bin and 755'd them.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

kashortiexda said:
Okay copied adb and fastbook to /system/bin and 755'd them.View attachment 3343013
Click to expand...
Click to collapse
i see something weird
Code:
localhost:4444:4444
should be
Code:
localhost:4444
Will look if i can find something.
Also wondering why copying didnt work, was searching all over the internet how to correctly remount /system
My output is as follows, see attachment. Of course a newer version but nothing changed to adb init

@Diechel am I supposed to have my watch or phone plugged into my PC by USB when doing all this / running weartoolbox ?

kashortiexda said:
@Diechel am I supposed to have my watch or phone plugged into my PC by USB when doing all this / running weartoolbox ?
Click to expand...
Click to collapse
No just bluetooth connected to each other.
And all the 3 debugging option on as stated in the OP
Edit:
Build 21 online

Yip got all that but no adb devices and the localhost:4444:4444 is clearly wrong
Would a logcat help

kashortiexda said:
Yip got all that but no adb devices and the localhost:4444:4444 is clearly wrong
Would a logcat help
Click to expand...
Click to collapse
I dont know if logcat helps, what you can try is manually connect with terminal on your phone.
Code:
su
adb kill-server
setprop service.adb.tcp.port 5555
stop adbd
start adbd
adb forward tcp:4444 localabstract:/adb-hub
adb connect localhost:4444
adb devices
Each line need to be filled in, not all together.
And try build 21

Did the manual Terminal stuff and it FIXED the 4444 problem, installed v21 and.....[emoji1]

kashortiexda said:
Did the manual Terminal stuff and it FIXED the 4444 problem, installed v21 and.....[emoji1]
View attachment 3343080
Click to expand...
Click to collapse
TADAAAAAA
GOOD!
Let me know if you have ideas to implement. First i go for functionality then change the user interface a bit

@Diechel
EDIT: I tried sideloading es file explorer apk ... worked !!! [emoji1]

kashortiexda said:
@Diechel I tried sideloading es file explorer apk ...it says done but nothing on watch.
Have you successfully sideloaded any apks ?
Click to expand...
Click to collapse
Yes i had, will try again.
It takes some time for the watch to install, will try now and report back!
Edit:
From what i see now is that the message done comes too fast.
Bluetooth is slow and is still transferring after the done message, can see that in my top bar.
Seems not working indeed, will check thanks
EDIT:
It got installed after a while
Good that it is working! Will see how i can report in log

I got it installed too, yes the done is misleading .... GREAT app btw, well done [emoji106] [emoji106]

kashortiexda said:
I got it installed too, yes the done is misleading .... GREAT app btw, well done [emoji106] [emoji106]
Click to expand...
Click to collapse
Haha thank you, now there is a message that you need to wait untill it arrives on your watch, bluetooth is slow

@Diechel are you planning on adding the trickier "adb remove sideloaded app" but I think it may not be possible. .

kashortiexda said:
@Diechel are you planning on adding the trickier "adb remove sideloaded app" but I think it may not be possible. .
Click to expand...
Click to collapse
Can try at least, I think it's possible. Maybe a lot of work