Is anybody work on root for the Xperia Z4 Tablet?
Stuck on SELinux
I am working on it.
So far I have not succeded in disabling SELinux.
setprop selinux.reload_policy 0 in init.rc seems to disable adb here
I can not figure out how to trigger a kernel commandline witk mkbootimg:
selinux=0 --> bootloop
androidboot.seliux=permissive or disabled is only marginally better
I am pondering two other approaches:
a) edit the policy (have never done this before)
b) build a kernel w/o SELinux, root the tablet and then back to stock kernel
DHGE said:
I am working on it.
So far I have not succeded in disabling SELinux.
setprop selinux.reload_policy 0 in init.rc seems to disable adb here
I can not figure out how to trigger a kernel commandline witk mkbootimg:
selinux=0 --> bootloop
androidboot.seliux=permissive or disabled is only marginally better
I am pondering two other approaches:
a) edit the policy (have never done this before)
b) build a kernel w/o SELinux, root the tablet and then back to stock kernel
Click to expand...
Click to collapse
try
http://forum.xda-developers.com/z3/...pluskernel-t2925999/post60568900#post60568900
or
https://github.com/AndroPlus-org/an...mmit/5ec1615d1a6045ddf56a8436022592b3087703df
I'm also working to make kernel to root, currently build succeeded but didn't boot (remote test without actual device on my hand:crying
beware of RIC
I'm also working to make kernel to root, currently build succeeded
Click to expand...
Click to collapse
My kernel actually booted but when going in your direction via .configure (disabling SELiunux and RIC) it bootlooped ...
This is how far I am:
Code:
<5>[ 8.132868] type=1400 audit(3943802.429:4): avc: denied { create } for pid=435 comm="touch" name="killroy.txt" scontext=u:r:init:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=0 ppid=434 pcomm="rootsh" pgid=434 pgcomm="rootsh"
<5>[ 8.139599] type=1400 audit(3943802.439:5): avc: denied { create } for pid=434 comm="rootsh" name="killroy.txt" scontext=u:r:init:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=0 ppid=1 pcomm="init" pgid=1 pgcomm="init"
<4>[ 8.145329] RIC: /system remount denied, mnt_flags:0x8020
The problem are not the first two lines. It seems in this context it is not allowed to write to "/".
The last one is: I want to make /system writable when RIC steps in.
This is another layer of security from SONY.
I want to move a su to /system/xbin or execute the update-binary script from chainfire's SuperSU.
Maybe I have the time to figure out how to disable RIC and do this.
Another approach:
william-roberts writes no disabling SELinux on production kernels
So compile an engineering kernel.
Or another one: investigate the source of init from the Z3 AOSP and try (impossible?) to use this as 64bit on the Z4. I think the patch to prevent SELinux here is a very useful hack.
Still another one: edit the system partition to include a su in xbin and reflash that
DHGE said:
The problem are not the first two lines. It seems in this context it is not allowed to write to "/".
The last one is: I want to make /system writable when RIC steps in.
This is another layer of security from SONY.
I want to move a su to /system/xbin or execute the update-binary script from chainfire's SuperSU.
Maybe I have the time to figure out how to disable RIC and do this.
Click to expand...
Click to collapse
On Z3, I could disable sony_ric by commenting out "CONFIG_SECURITY_SONY_RIC" in defconfig (for Z4T, kitakami_defconfig)
and/or modify some lines in init.sony-platform.rc in ramdisk
Code:
# Start RIC
service ric /sbin/ric
user root
group root drmrpc trimarea system
class main
seclabel u:r:ric:s0
to
Code:
# Start RIC
service ric /sbin/ric
user root
group root drmrpc trimarea system
class main
seclabel u:r:ric:s0
disabled
,then to make sure it gets disabled,
modify
Code:
# SONY: Enable Sony RIC
mount securityfs securityfs /sys/kernel/security nosuid nodev noexec
write /sys/kernel/security/sony_ric/enable 1
to
Code:
# SONY: Enable Sony RIC
mount securityfs securityfs /sys/kernel/security nosuid nodev noexec
write /sys/kernel/security/sony_ric/enable 0
RIC is zombie
write /sys/kernel/security/sony_ric/enable 0
Click to expand...
Click to collapse
thanks - I did not know this one
It is gone in Z4 init - maybe because RIC seems to be hardwired into the build as SELinux is.
But I could not find more than you ...
is this supposed to work init.rc?
Code:
exec /system/bin/chcon u:object_r:su_exec:s0 /sbin/rootsh
I can not find errors for wrong syntax only for permission problems.
still:
Code:
-r-xr-xr-x root root u:object_r:rootfs:s0 rootsh
RIC OK, SELinux?
@AndroPlus
Getting rid of RIC and SELinux was a bit more work than in your repository.
But the kernel is fine and you can see my dumb-patched source in the attachments. Look for "//ew"
Comments welcome
Code:
rootfs / rootfs rw,relatime 0 0
tmpfs /dev tmpfs rw,seclabel,nosuid,relatime,size=1418940k,nr_inodes=354735,mode=755 0 0
devpts /dev/pts devpts rw,seclabel,relatime,mode=600 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,seclabel,relatime 0 0
selinuxfs /sys/fs/selinux selinuxfs rw,relatime 0 0
debugfs /sys/kernel/debug debugfs rw,relatime 0 0
...
tmpfs /mnt/asec tmpfs rw,seclabel,relatime,size=1418940k,nr_inodes=354735,mode=755,gid=1000 0 0
tmpfs /mnt/obb tmpfs rw,seclabel,relatime,size=1418940k,nr_inodes=354735,mode=755,gid=1000 0 0
none /dev/cpuctl cgroup rw,relatime,cpu 0 0
tmpfs /tmp tmpfs rw,seclabel,nosuid,relatime,size=1418940k,nr_inodes=354735,mode=755 0 0
/dev/block/bootdevice/by-name/system /system ext4 rw,seclabel,relatime,discard,data=ordered 0 0
/dev/block/bootdevice/by-name/userdata /data ext4 rw,seclabel,nosuid,nodev,noatime,discard,noauto_da_alloc,data=ordered 0 0
/dev/block/bootdevice/by-name/cache /cache ext4 rw,seclabel,nosuid,nodev,noatime,discard,data=ordered 0 0
/dev/block/bootdevice/by-name/persist /persist ext4 rw,seclabel,nosuid,nodev,relatime,data=ordered 0 0
...
adb /dev/usb-ffs/adb functionfs rw,relatime 0 0
securityfs /sys/kernel/security securityfs rw,nosuid,nodev,noexec,relatime 0 0
/dev/fuse /mnt/shell/emulated fuse rw,nosuid,nodev,noexec,relatime,user_id=1023,group_id=1023,default_permissions,allow_other,allow_utime_grp 0 0
/dev/block/vold/179:65 /mnt/media_rw/sdcard1 texfat rw,dirsync,nosuid,nodev,noexec,relatime,uid=1023,gid=1023,umask=0007,allow_utime=0020,iocharset=utf8,min_prealloc_size=64k,max_prealloc_size=122598k,readahead=4M,fail_safe,discard,hidden=show,errors=continue 0 0
/dev/block/vold/179:65 /mnt/secure/asec texfat rw,dirsync,nosuid,nodev,noexec,relatime,uid=1023,gid=1023,umask=0007,allow_utime=0020,iocharset=utf8,min_prealloc_size=64k,max_prealloc_size=122598k,readahead=4M,fail_safe,discard,hidden=show,errors=continue 0 0
/dev/fuse /storage/sdcard1 fuse rw,nosuid,nodev,noexec,relatime,user_id=1023,group_id=1023,default_permissions,allow_other,allow_utime_grp 0 0
Still some issues left:
- get rid of nosuid on mounts:
Code:
type=1400 audit(1436734934.698:20): avc: denied { execute_no_trans } for pid=5927 comm="sh" path="/sbin/su" dev="rootfs" ino=10535 scontext=u:r:adbd:s0 tcontext=u:object_r:rootfs:s0 tclass=file permissive=1 ppid=5487 pcomm="sh" pgid=5487 pgcomm="sh"
or I have an oversight in my patches.
- I can not get into root-shell
I will try to nail things via an init-service.
The royal flush will be a successful run of Chainfire's update-binary. The neccessary ingredients (files) are already in my boot.img ...
insecure c-files are originally from http://developer.sonymobile.com/dow...archives/open-source-archive-for-28-0-a-7-24/
Another one bites the dust! -> tastes ...
Finally I made it but it is not for the faint of heart and an ugly hack and procedure.
You need a patched kernel (see the files in the previous post). Just fiddling with the .config does not cut it since stock rom does some very thorough checks of modifications.
I guess it is even hardcoded in the init but I have no source for that and did not debug it.
My patches just make the SELinux and RIC checks say "everything OK" but for SONY's behind the scenes magic it looks like everything is set up normally.
Then you need to tweak a rootfs:
http://whiteboard.ping.se/Android/Rooting
Thank you, Mikael Q Kuisma!
I changed chmod 4750 sbin/rootsh to chmod 6750 sbin/rootsh
Do not follow his link for root-finishing the SAMSUNG device!
It is for 32bit. Look at the date of the post.
Do this:
Get the latest SuperSU from Chainfire. I used BETA-SuperSU-v2.49 because of the tweaks for Lollipop (I might enable SELinux again, if I can surgically remove the SONY tweaks on top of it and beside: RIC).
Problem here: Chainfire has the correct installer for a recovery and we do not have one (yet) on stock rom.
So I copied the relevant files (common and arm64) into /SuperSU_files and the su on top of it into /sbin.
Then I ran my script install_SuperSU.sh (see attachment) stolen and edited from Chainfires update-binary.
After a reboot you are done.
SuperSU works as intended (just made my first Titanium backup) but complains it needs to update his su binary. Ignore this message. It did not go away after flashing the SuperSU.zip with FlashFire.
I guess it is because the apk is checking the existence of a su in the recovery. No recovery -> no su. Hence the message.
To be very clear:
- you need to unlock your boot loader
- you are running without the IMO useful protection of SELinux
- you are running without SONY's protection (gone for good IMO)
I wanna try it but I'm scared lol
Sent from my SGP712 using Tapatalk
I Hope it come a Root Method that is very simply.
If I had a stock ftf I would try just in case something goes wrong then I would flash back the stock rom
eman2001 said:
If I had a stock ftf I would try just in case something goes wrong then I would flash back the stock rom
Click to expand...
Click to collapse
flashtool (with xperifirm)
had to use it twice in my endavours ...
DHGE said:
flashtool (with xperifirm)
had to use it twice in my endavours ...
Click to expand...
Click to collapse
Thanks for the effort!
but does this method effects the sony warranty ?
EvoDrifter said:
this method ... ?
Click to expand...
Click to collapse
I do not think so - I flashed a SONY provided stock ROM.
Unlocking the bootloader can affect your warranty.
DHGE said:
Finally I made it but it is not for the faint of heart and an ugly hack and procedure.
You need a patched kernel (see the files in the previous post). Just fiddling with the .config does not cut it since stock rom does some very thorough checks of modifications.
I guess it is even hardcoded in the init but I have no source for that and did not debug it.
My patches just make the SELinux and RIC checks say "everything OK" but for SONY's behind the scenes magic it looks like everything is set up normally.
Then you need to tweak a rootfs:
http://whiteboard.ping.se/Android/Rooting
Thank you, Mikael Q Kuisma!
I changed chmod 4750 sbin/rootsh to chmod 6750 sbin/rootsh
Do not follow his link for root-finishing the SAMSUNG device!
It is for 32bit. Look at the date of the post.
Do this:
Get the latest SuperSU from Chainfire. I used BETA-SuperSU-v2.49 because of the tweaks for Lollipop (I might enable SELinux again, if I can surgically remove the SONY tweaks on top of it and beside: RIC).
Problem here: Chainfire has the correct installer for a recovery and we do not have one (yet) on stock rom.
So I copied the relevant files (common and arm64) into /SuperSU_files and the su on top of it into /sbin.
Then I ran my script install_SuperSU.sh (see attachment) stolen and edited from Chainfires update-binary.
After a reboot you are done.
SuperSU works as intended (just made my first Titanium backup) but complains it needs to update his su binary. Ignore this message. It did not go away after flashing the SuperSU.zip with FlashFire.
I guess it is because the apk is checking the existence of a su in the recovery. No recovery -> no su. Hence the message.
To be very clear:
- you need to unlock your boot loader
- you are running without the IMO useful protection of SELinux
- you are running without SONY's protection (gone for good IMO)
Click to expand...
Click to collapse
Wow. ... you have certainly put a lot of effort into this. THank you very much. I promised myself that as soon as ROOT was available, I would purchase the Z4 Tablet!!! THanks again.:good::good:
baddison said:
Wow. ... you have certainly put a lot of effort into this. THank you very much. I promised myself that as soon as ROOT was available, I would purchase the Z4 Tablet!!! THanks again.:good::good:
Click to expand...
Click to collapse
Same. I really need it to work with Six axis controller app and Folder Mount! Though I'd be too scared to try the above! I'm waiting for a flashable .zip to come along!
better wait for AOSP
I'm waiting for a flashable .zip to come along!
Click to expand...
Click to collapse
I doubt there ever will be one.
For the newer kernels you'd need a still undiscovered exploit that also needs to defeat SELinux and RIC in order to install a su executable.
I bought the tablet since I am quite satisfied with my venerable Tablet Z and like more speed, less weight, better display and not fiddling with the USB-cap.
AND: SONY make it easy to unlock the bootloader and have an AOSP-policy for their devices.
http://developer.sonymobile.com/knowledge-base/open-source/open-devices/
There is not too much available (the kernel source I used) right now but I am confident, soon we will have the AOSP version of the ROM code availabe. This will be Android 5.1 I guess and from there it is not too complicated to build a M version or a CyanogenMod or ... .
If you do not do it yourself it will be a 2 GBytes download for the ROM image and you will flash it with fastboot (another plus for SONY devices) or Androxyde's flashtool.
I hope the AOSP sources will be available any day. Maybe the 64bitness of the new processor delays the release a bit.
I guess from the availability of the sources it would be less of a month to find a downloadable release of the ROM somewhere (you better trust the builder ...).
My bet (a bottle of non-vintage Pol Roger :highfive is that such a ROM will be available before November 2015.
I hope it come a simpler method or a Rom
Many thanks, DHGE, for the link about the AOSP policy. That alleviates *some* of my concern.
Cheers mate. I'll probably stick with my Tab S then for now until a working build of a custom ROM or some how root is available. My tab S is a bit slow when it comes to gaming so I though this would be a hell of a lot better, though without being able to use apps like Six Axis controller would defeat the purpose for me.
Its a big shame it's obviously quite a difficult task to get this device rooted compared to others due to the 64bit architecture. I'm not going to pretend that I understand how the rooting process works but I do have some contacts with Sony and there Xperia development team. If I can be of any help in anyway I'll try my best if you need software or have questions etc...
Related
I have done these works :
1. Removed full battery notification
2. Installed supercurio kernel
3. Removed touchwiz launcher (replaced with the stock gingerbread of the nexus s 9020)
4. Removed all Samsung stuff (unuseful) except voice commands and dlna.
Now i would share this with all the comunity, but how i can do this ?
(i can't do a nandroid backup because clockworkmod isn't avaible).
Please, help me, this phone it's terrible with all samsung customization!
Im pretty sure you can create an ODIN package.
I am not sure if the partitions are the same on SGS2 (dont own one yet) but take a look at this.
icezar1 said:
Im pretty sure you can create an ODIN package.
I am not sure if the partitions are the same on SGS2 (dont own one yet) but take a look at this.
Click to expand...
Click to collapse
Ok, i'll try now to pack my first worlwide rom!
kawa636r said:
I have done these works :
1. Removed full battery notification
2. Installed supercurio kernel
3. Removed touchwiz launcher (replaced with the stock gingerbread of the nexus s 9020)
4. Removed all Samsung stuff (unuseful) except voice commands and dlna.
Now i would share this with all the comunity, but how i can do this ?
(i can't do a nandroid backup because clockworkmod isn't avaible).
Please, help me, this phone it's terrible with all samsung customization!
Click to expand...
Click to collapse
thanks man
does the removal of the samsung bloatware resolve the android os battery issue>
winwiz said:
thanks man
does the removal of the samsung bloatware resolve the android os battery issue>
Click to expand...
Click to collapse
seems to be yes, because samsung apps stay forever in background.
I'm trying to take nexus s keyboard and port to s2, but where are keyboard files located?
****URGENT****
When trying to make odin flashable image, i have this error after these commands :
# su
# mount -o remount,rw /dev/block/stl9 /system
# dd if=/dev/block/stl9 of=/sdcard/factoryfs.rfs bs=4096
/dev/block/stl9: cannot open for read: No such file or directory
I have followed http://forum.xda-developers.com/showthread.php?t=960946 but seems to be not good for S2. I think that /dev/memory addressing it's different.
Who can help me?
In shell type mount and see on what stl is mounted /system. I DONT OWN A SGS 2! If you don't have some basic linux knowledge and dont know how the phone works, don't do this! I'm really serious!
But if you wanna go ahead you will need to find out your mount points. Is vital!
How i can see on what stl is mounted system? there isn't an fstab file?
kawa636r said:
****URGENT****
When trying to make odin flashable image, i have this error after these commands :
# su
# mount -o remount,rw /dev/block/stl9 /system
# dd if=/dev/block/stl9 of=/sdcard/factoryfs.rfs bs=4096
/dev/block/stl9: cannot open for read: No such file or directory
I have followed http://forum.xda-developers.com/showthread.php?t=960946 but seems to be not good for S2. I think that /dev/memory addressing it's different.
Who can help me?
Click to expand...
Click to collapse
SGS2 has different mount points. I see mention of RFS as well, which is wrong for the SGS2...
# mount
rootfs / rootfs rw,relatime 0 0
tmpfs /dev tmpfs rw,relatime,mode=755 0 0
devpts /dev/pts devpts rw,relatime,mode=600 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,relatime 0 0
none /acct cgroup rw,relatime,cpuacct 0 0
tmpfs /mnt/asec tmpfs rw,relatime,mode=755,gid=1000 0 0
tmpfs /mnt/obb tmpfs rw,relatime,mode=755,gid=1000 0 0
tmpfs /mnt/usb tmpfs rw,relatime,mode=755,gid=1000 0 0
tmpfs /app-cache tmpfs rw,relatime,size=7168k 0 0
none /dev/cpuctl cgroup rw,relatime,cpu 0 0
/dev/block/mmcblk0p9 /system ext4 rw,relatime,barrier=1,data=ordered 0 0
/dev/block/mmcblk0p7 /cache ext4 rw,nosuid,nodev,noatime,barrier=1,data=ordered 0 0
/dev/block/mmcblk0p1 /efs ext4 rw,nosuid,nodev,noatime,barrier=1,data=ordered 0 0
nil /sys/kernel/debug debugfs rw,relatime 0 0
/dev/block/mmcblk0p10 /data ext4 rw,nosuid,nodev,noatime,barrier=1,data=ordered,noauto_da_alloc,discard 0 0
/dev/block/mmcblk0p4 /mnt/.lfs j4fs rw,relatime 0 0
/dev/block/vold/179:11 /mnt/sdcard vfat rw,dirsync,nosuid,nodev,noexec,noatime,nodiratime,uid=1000,gid=1015,fmask=0002,dmask=0002,allow_utime=0020,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro,discard 0 0
Somebody can help me for the commands that i must do for creating a ROM?
kawa636r said:
Somebody can help me for the commands that i must do for creating a ROM?
Click to expand...
Click to collapse
Not got an SGS 2. Also, I hate working on ROMs from a dump of the device to be perfectly frank...
pulser_g2 said:
Not got an SGS 2. Also, I hate working on ROMs from a dump of the device to be perfectly frank...
Click to expand...
Click to collapse
from my response of mount command you can't help me?
kawa636r said:
from my response of mount command you can't help me?
Click to expand...
Click to collapse
Nope, sorry. I need the device to figure it out really, as I've not worked with a Samsung before. And I don't know about repackaging a ROM into a tar for ODIN based on a dump.
I wouldn't want to try and help either, as I need the device to actually check it properly, and wouldn't want you or someone else to have to try reflashing after messing something up...
Never looked at using a dump before - I prefer to take the stock ROM and modify it on my PC tbh
pulser_g2 said:
Never looked at using a dump before - I prefer to take the stock ROM and modify it on my PC tbh
Click to expand...
Click to collapse
Yes, but stock rom come with odin files format.
If i want to cook a rom i must start from sources, from a system dump, or from a zip rom (in nexus s i remember that rom are packaged in zip)....
Me too
I have the same problem, do you have find a solution?
I don't want to ruin your mojo, the more people interested in android, the better... but I'm a bit worried if inexperienced people give other inexperienced people things to flash with Odin. Since your ROM doesn't bring anything new (all other roms have this already), why not put some more time in it, polish it a bit, and maybe you will get some original ideas to add to it, instead of rushing it like this, and possibly brick some phones?
The probleme is that i have no time to do this, i have created a system and i have modivied the cyanogenmod to work with this system, the probleme is that i should to find a better methode to install the cyanogenmod rom from a pc, it is not for me is for other simple users.
Hi folks (this should be in the development forums, but I can't post there yet...)
I booted my Sony Tablet S into recovery mode, then managed to get the SD Card to mount. (Select option 2 and it will mount it up for you ). Using "adb pull" to retrieve /proc/mounts I get the following gem:
Code:
rootfs / rootfs rw 0 0
tmpfs /dev tmpfs rw,nosuid,relatime,mode=755 0 0
devpts /dev/pts devpts rw,relatime,mode=600 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,relatime 0 0
/dev/block/mmcblk0p4 /cache ext4 rw,nosuid,nodev,relatime,barrier=1,data=ordered 0 0
/dev/block/mmcblk1p1 /sdcard vfat rw,nodev,noatime,nodiratime,fmask=0000,dmask=0000,allow_utime=0022,codepage=cp437,iocharset=iso8859-1,shortname=mixed,comp_uni,avoid_dlink,errors=remount-ro 0 0
From what I can see, this means if we can convince the system to run executables placed on the SD Card - we should be able to run a suid binary - and attain root (then be able to mount /system rw and add a su binary)
Does that help anyone?
bcooksley said:
Hi folks (this should be in the development forums, but I can't post there yet...)
I booted my Sony Tablet S into recovery mode, then managed to get the SD Card to mount. (Select option 2 and it will mount it up for you ). Using "adb pull" to retrieve /proc/mounts I get the following gem:
Code:
rootfs / rootfs rw 0 0
tmpfs /dev tmpfs rw,nosuid,relatime,mode=755 0 0
devpts /dev/pts devpts rw,relatime,mode=600 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,relatime 0 0
/dev/block/mmcblk0p4 /cache ext4 rw,nosuid,nodev,relatime,barrier=1,data=ordered 0 0
/dev/block/mmcblk1p1 /sdcard vfat rw,nodev,noatime,nodiratime,fmask=0000,dmask=0000,allow_utime=0022,codepage=cp437,iocharset=iso8859-1,shortname=mixed,comp_uni,avoid_dlink,errors=remount-ro 0 0
From what I can see, this means if we can convince the system to run executables placed on the SD Card - we should be able to run a suid binary - and attain root (then be able to mount /system rw and add a su binary)
Does that help anyone?
Click to expand...
Click to collapse
Thank you. I hope it helps to mount sd for app2sd, psxperia, direct media playing soon
Sent from my R800i
How does the system decide if a program can run as root? The location it runs from?
Is there a cron function in the tablets, or ability to add something to the init.d steps?
An application which is both setuid and owned by root (known as setsuid) can be executed by any user and is granted root privileges immediately. That is how "su" (and other similar apps) work.
Unfortunately, i've discovered that the file system arguments it supplies are hardcoded - so whilst it can detect that a SD card is formatted with ext4 - the mount fails as ext4 doesn't support the FAT specific arguments.
So while we will be able to use this to get executables on the system - we can't get setsuid executables on the system, limiting us to executables being run as the "shell" user.
Yes. Ill help. I sent you a pm.
Ok, so whilst the SD Card method has unfortunately not panned out - I have found something potentially interesting none the less.
This lies in the update system used by Sony. I have determined that the updates appear to be encrypted using a Triple-DES key, which is embedded in, or retrieved by /system/lib/libautomagic_library.so.
This file has traces of apparently being written by HTC (the strings HTC_RIL, CDMA and PHONE all appear in it). It also has a reference to the location /data/data/com.sony.automagic.client.app/file/ (which doesn't exist on my device)
This library is used by the updater application itself - through a Java framework "automagic_downloader". Unfortunately, due to the use of the compiled C code for decryption and update verification (which includes SHA1/MD5 sum checks, likely against the previously downloaded info.xml, which it also handles) it is not possible to tell if the decrypted file is the one placed in /cache however.
The key "ro.sony.build.incremental" written in /system/build.prop is the version number used by Sony to determine if the system needs updating or not, as far as I can tell (with the C library being used, it is difficult to tell)
I have also noted, that when in recovery mode, the following two statements are present in /default.props
ro.build.description=nbx03_033-user 3.2.1 THMASU0035 0035.002 test-keys
ro.build.fingerprint=Sony/nbx03_002/nbx03:3.2.1/THMASU0035/0035.002:user/test-keys
I am not sure at this point if this just means that different keys will be used - or if the keys referenced are the ones available publicly in Android's repositories.
Please note that the above, whilst interesting, does not provide a direct path to rooting the device at this time. Note also that I was not able to complete the paths that the updater application takes codewise, so some of the code I examined may not be used - and thus the above may not apply.
However, if correct this may allow for the OTA images to be decrypted at some point, if someone can decompile those libraries (or otherwise extract the keys using a hex editor).
bcooksley said:
Ok, so whilst the SD Card method has unfortunately not panned out - I have found something potentially interesting none the less.
This lies in the update system used by Sony. I have determined that the updates appear to be encrypted using a Triple-DES key, which is embedded in, or retrieved by /system/lib/libautomagic_library.so.
This file has traces of apparently being written by HTC (the strings HTC_RIL, CDMA and PHONE all appear in it). It also has a reference to the location /data/data/com.sony.automagic.client.app/file/ (which doesn't exist on my device)
This library is used by the updater application itself - through a Java framework "automagic_downloader". Unfortunately, due to the use of the compiled C code for decryption and update verification (which includes SHA1/MD5 sum checks, likely against the previously downloaded info.xml, which it also handles) it is not possible to tell if the decrypted file is the one placed in /cache however.
The key "ro.sony.build.incremental" written in /system/build.prop is the version number used by Sony to determine if the system needs updating or not, as far as I can tell (with the C library being used, it is difficult to tell)
I have also noted, that when in recovery mode, the following two statements are present in /default.props
ro.build.description=nbx03_033-user 3.2.1 THMASU0035 0035.002 test-keys
ro.build.fingerprint=Sony/nbx03_002/nbx03:3.2.1/THMASU0035/0035.002:user/test-keys
I am not sure at this point if this just means that different keys will be used - or if the keys referenced are the ones available publicly in Android's repositories.
Please note that the above, whilst interesting, does not provide a direct path to rooting the device at this time. Note also that I was not able to complete the paths that the updater application takes codewise, so some of the code I examined may not be used - and thus the above may not apply.
However, if correct this may allow for the OTA images to be decrypted at some point, if someone can decompile those libraries (or otherwise extract the keys using a hex editor).
Click to expand...
Click to collapse
Thanks, and please evryone lets keep trying until someone figures this out. Any effort is progress iMO
I'm trying to put the SU binary in a different place than the /system folder. I can flash it to /data with the correct permissions, but when I run SU, it doesn't get root.
Code:
[email protected]:/ $ /data/su
/data/su
1|[email protected]:/ $ id
id
uid=2000(shell) gid=2000(shell) groups=1003(graphics),1004(input),1007(log),1009(mount),1011(adb),1015(sdcard_rw),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats)
Is there a reason why it doesn't work in /data/? Is there another folder (not /system/) where it should work?
Code:
ls -la /data/su
-rwsr-sr-x root root 380532 2008-08-01 12:00 su
# From a working /system/su :
-rwsr-sr-x root root 380532 2008-08-01 12:00 su
Has to be in /system. It has elevated privileges that you can't get in the /data partition. Are you unable to put it in /system, as in trying to root a new device, or is there another reason you're against putting it there?
I continued searching myself (like I should) and I just found the answer (sorry, forgot to subscribe to the thread). /data is mounted with "nosuid" option, so privilege elevation isn't possible.
Code:
[email protected]:/ $ cat /proc/self/mountinfo
cat /proc/self/mountinfo
1 1 0:1 / / ro,relatime - rootfs rootfs ro
12 1 0:12 / /dev rw,nosuid,relatime - tmpfs tmpfs rw,mode=755
13 12 0:9 / /dev/pts rw,relatime - devpts devpts rw,mode=600
14 1 0:3 / /proc rw,relatime - proc proc rw
15 1 0:13 / /sys rw,relatime - sysfs sysfs rw
16 15 0:5 / /sys/kernel/debug rw,relatime - debugfs debugfs rw
17 1 0:14 / /acct rw,relatime - cgroup none rw,cpuacct
18 1 0:15 / /mnt/asec rw,relatime - tmpfs tmpfs rw,mode=755,gid=1000
19 1 0:16 / /mnt/obb rw,relatime - tmpfs tmpfs rw,mode=755,gid=1000
20 12 0:17 / /dev/cpuctl rw,relatime - cgroup none rw,cpu
21 1 179:1 / /system ro,relatime - ext4 /dev/block/mmcblk0p1 ro,user_xattr,acl,barrier=1,data=ordered
22 1 179:7 / /data rw,nosuid,nodev,noatime,nodiratime - ext4 /dev/block/mmcblk0p7 rw,errors=panic,user_xattr,acl,barrier=1,nodelalloc,data=ordered
23 1 179:2 / /cache rw,nosuid,nodev,noatime,nodiratime - ext4 /dev/block/mmcblk0p2 rw,errors=panic,user_xattr,acl,barrier=1,nodelalloc,data=ordered
24 1 0:18 / /Removable rw,relatime - tmpfs tmpfs rw,mode=755,gid=1000
25 1 0:19 / /mnt/sdcard rw,nosuid,nodev,relatime - fuse /dev/fuse rw,user_id=1023,group_id=1023,default_permissions,allow_other
26 24 179:9 / /Removable/MicroSD rw,nosuid,nodev,noexec,relatime - vfat /dev/block/vold/179:9 rw,dirsync,uid=1000,gid=1015,fmask=0000,dmask=0000,allow
rtname=mixed,utf8,errors=remount-ro
If I understand this correctly, there's no location (except for /system) that is mounted without the nosuid flag (or at least no location where I can put the SU binary). Is it possible to create a new partition that would also be automatically mounted at startup? Which files should I edit/where should I look for info?
I'm not trying to root a new device. It works perfectly fine in /system/. I want to have root access without it being obvious that it's available.
You can use the option of SuperSU to have no icon or use a launcher that can hide apps, like Nova. Then you would only be able to tell if you were looking under the All Tab in the Application Manager in Settings, or if you have a device like a Samsung where it might show your device status as Custom. If that's the case, I believe there's an Xposed mod to change that to official status.
Sent from my A0001 using XDA Premium 4 mobile app
es0tericcha0s said:
You can use the option of SuperSU to have no icon or use a launcher that can hide apps, like Nova. Then you would only be able to tell if you were looking under the All Tab in the Application Manager in Settings, or if you have a device like a Samsung where it might show your device status as Custom. If that's the case, I believe there's an Xposed mod to change that to official status.
Click to expand...
Click to collapse
No, I'm trying to hide it on a system wide level. I'm doing this for forensics/research purposes. Not for the user, but for apps. For XPosed, there's also RootCloack, but that's lacking in many ways. There are a lot of ways of still detecting root while RoatCloack is installed.
Does anybody know how I can add a partition? I've searched for documentation but so far I've only found information about how to resize partitions.
Dauntless said:
No, I'm trying to hide it on a system wide level. I'm doing this for forensics/research purposes. Not for the user, but for apps. For XPosed, there's also RootCloack, but that's lacking in many ways. There are a lot of ways of still detecting root while RoatCloack is installed.
Does anybody know how I can add a partition? I've searched for documentation but so far I've only found information about how to resize partitions.
Click to expand...
Click to collapse
Messing with that would be a good way to brick the device. I don't believe there would be a way to create a new partition in that manner, and if you could, even less likely it would be able to run su from it. And different manufacturers do their partitions and sometimes even files systems differently. If you could, somehow, get it to work with one phone, it wouldn't be a universal solution.
es0tericcha0s said:
Messing with that would be a good way to brick the device. I don't believe there would be a way to create a new partition in that manner, and if you could, even less likely it would be able to run su from it. And different manufacturers do their partitions and sometimes even files systems differently. If you could, somehow, get it to work with one phone, it wouldn't be a universal solution.
Click to expand...
Click to collapse
Is there a reason why you think it would be impossible to su from it if it's mounted without the nosuid flag?
Maybe a different approach then: Where should I look if I want to mount /data (or any other partition) without the nosuid flag?
It also doesn't have to be a universal solution.
I just don't think it's possible to mount another partition with that flag.
Sent from my A0001 using XDA Premium 4 mobile app
I see various options for converting system apps <==> user apps and moving or linking some to SD. But I don't see a good general discussion of this. Also, I think my old phone needs a more hard core approach--probably one that trims down /system and reduces how much /system overlaps redundantly with updates on /data. So here goes...
First off, these solutions seem inadequate:
built-in apps2sd: it still fills up internal memory a lot.
s2e: an all-or-nothing approach for each category
free version of link2sd: cannot move-and-link app data, nor system apps
I've been fairly happy with link2sd, but it's still not radical enough for me. Can s2e be combined with it to reclaim even more space?
Assumptions about a stronger solution:
It will require root access.
It will break OTA (can this be turned off safely? can someone link to a good overview of problems/workarounds?)
It *might* require a fairly fast SD card (but still limited to an old phone's bus speeds, etc.) Note: I just bought a 32GB class 10 SDHC card (UHS-1 U3) for my s5360.
It might require one or two paid apps (hopefully not)
One of the most promising options I've seen is to convert system apps to user apps and then move-and-link them to SD. For the conversion step, do the following all do the same thing?
link2sd Plus (paid)
Titanium Backup Pro (paid)
System Tuner (paid) -- I've tried the free ones and move (and freeze) always fails.
app mover (free) http://forum.xda-developers.com/showthread.php?t=1999346
And are there rules of thumb for what can be safely converted?
EDIT: I just found this handy list--my guess is that any green or yellow Yes can be safely converted to a user app and even moved/linked to SD, but that red shouldn't, and think twice before uninstalling yellow :
http://wiki.cyanogenmod.org/w/Barebones#CM-10.1_App_list_.28WIP.29
Can apps that were moved to /data still be updated? I'd especially like to target outdated system apps that are have already been updated anyway and are thus running from /data anyway. My understanding is that 'moving' those to /data doesn't increase /data usage and doesn't reduce performance--just slightly reduces permissions--as long as I don't move/link them to SD.
lightningdude said:
In all seriousness, though, I'm not entirely sure the Link2SD has good implementation of this method. You might try Titanium Backup to convert system to user apps, then try linking it with Link2SD. It may still not work, but it'd be worth a shot, I suppose.
Furthermore, I always delete bloatware I'm not going to use with Titantium Backup. If I need to go back to stock for an OTA, I just flash the complete stock of whatever phone I'm on.
Click to expand...
Click to collapse
If this can all be done successfully, can the internal partitions then be resized? That is, if we safely shunt some of /system and /cache off to SD, can we then let /data steal some space from both? (My s5360 has this by default: /system 230MB, /cache 40MB, /data 197MB)
My old s5360 seems to get full almost immediately after flashing a cm11 rom (LolliKat) and minimal gapps onto it, although I plan to try again with a version of minimal gapps that installs to SD.
For that matter, can some ROMs be installed primarily to SD? I get the impression that that's how some dual-boot (multiROM) approaches work, but I don't really know.
I've also seen one guide for permanently mounting /system as read-write. I think I'd be ok with that (are the security concerns truly awful?), especially if it meant that system apps would update themselves in-place without impacting /data. But I'm guessing it's not that simple.
can't create /system/... Read-only file system
I found another cool feature of link2sd to "integrate update into system", removing it from data and eliminating the double use of space. The free version includes this feature, but unfortunately it always errors out for me:
`sh: [51]: can't create /system/app/Music.apk.t: Read-only file system`
I tried upgrading to link2sd Plus, since that's the version that includes a convert feature, which requires write access to /system:
C-Jon said:
One of the most promising options I've seen is to convert system apps to user apps and then move-and-link them to SD.
Click to expand...
Click to collapse
But that feature failed too, for the same reason. So I tried all of the following--granting each app superuser access for 10 minutes each time--and they also failed to successfully mount /system as RW:
X-plore - long press the / folder and choose System Shell, then enter `su` and `mount -o remount,rw /system /system`. It gives no error, but if I then immediately `cd system` and try to `mkdir xxzz` it gives an error: `can't create directory 'xxzz' : Read-only file system`. If I use the GUI, I can apparently create a folder under /system with no error, but if I browse up and come back, the folder is gone.
ES File Explorer (free version) - menu, Root Explorer, Mount R/W. I tried running it multiple times, setting both `/` and `/system` to RW. After doing this a couple times, `/` showed up as already RW, but `system` never did. I immediately retried link2sd Integrate--fails with same error.
mountsystemrorw - this app is dedicated to this one task, and when I click "MOUNT /system RW" it claims success ("Your system is now mounted RW!"); but it actually fails. (At least, link2sd Integrate and X-plore still give the same error/failures.)
AnExplorer - menu, Root. I don't see 'mount' options.
Has KitKat made it nearly impossible to mess with /system, even as root? Or am I doing something wrong?
Just in case, I tried re-running "recreate mount scripts" in link2sd, which had worked before, and this time it failed too! `can't create /system/etc/init.d/11link2sd: Read-only file system`. So maybe something has changed since I first installed link2sd. Hmm. I do see this in a thread on stack exchange, "Write access to the system partition is usually blocked by the kernel at boot." But "recreate mount scripts" worked before, *after* I'd flashed the current kernel (Kernel Bangprovn#1.zip) and ROM (LolliKat Stable 2.zip). That's how I got the ext4 partition working for link2sd in the first place.
I'm getting frustrated and don't want to have a big fight every time I want to integrate or convert an app. So I'm wondering just how feasible the following might be...
I've also seen one guide for permanently mounting /system as read-write. I think I'd be ok with that (are the security concerns truly awful?), especially if it meant that system apps would update themselves in-place without impacting /data.
Click to expand...
Click to collapse
I'm guessing they wouldn't simply self-update. But if I could easily run the Integrate step without this RW battle, that might be enough.
If it helps, here is my mount info:
Code:
cat /proc/mounts
rootfs / rootfs ro,noatime,nodiratime 0 0
tmpfs /dev tmpfs rw,seclabel,nosuid,relatime,mode=755 0 0
devpts /dev/pts devpts rw,seclabel,relatime,mode=600 0 0
proc /proc proc rw,noatime,nodiratime 0 0
sysfs /sys sysfs rw,seclabel,noatime,nodiratime 0 0
selinuxfs /sys/fs/selinux selinuxfs rw,noatime,nodiratime 0 0
/sys/kernel/debug /sys/kernel/debug debugfs rw,noatime,nodiratime 0 0
none /acct cgroup rw,relatime,cpuacct 0 0
none /sys/fs/cgroup tmpfs rw,seclabel,relatime,mode=750,gid=1000 0 0
none /sys/fs/cgroup/memory cgroup rw,relatime,memory 0 0
tmpfs /mnt/asec tmpfs rw,seclabel,relatime,mode=755,gid=1000 0 0
tmpfs /mnt/obb tmpfs rw,seclabel,relatime,mode=755,gid=1000 0 0
tmpfs /mnt/fuse tmpfs rw,seclabel,relatime,mode=775,gid=1000 0 0
none /dev/cpuctl cgroup rw,relatime,cpu 0 0
/dev/block/mtdblock8 /system yaffs2 ro,seclabel,noatime,nodiratime 0 0
/dev/block/mtdblock9 /cache yaffs2 rw,seclabel,nosuid,nodev,noatime,nodiratime 0 0
/dev/block/mtdblock10 /data yaffs2 rw,seclabel,nosuid,nodev,noatime,nodiratime 0 0
/dev/block/mmcblk0p2 /data/sdext2 ext4 rw,seclabel,relatime,barrier=1,data=writeback 0 0
/dev/block/vold/179:1 /mnt/media_rw/sdcard0 vfat rw,dirsync,nosuid,nodev,noexec,noatime,nodiratime,uid=1023,gid=1023,fmask=0007,dmask=0007,allow_utime=0020,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro 0 0
/dev/block/vold/179:1 /mnt/secure/asec vfat rw,dirsync,nosuid,nodev,noexec,noatime,nodiratime,uid=1023,gid=1023,fmask=0007,dmask=0007,allow_utime=0020,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro 0 0
/dev/fuse /storage/sdcard0 fuse rw,nosuid,nodev,noatime,nodiratime,user_id=1023,group_id=1023,default_permissions,allow_other 0 0
using bin/mount rather than xbin/mount
I finally found a solution: remount by explicitly using `/system/bin/mount -o ...` rather than just `mount -o ...`. I'm guessing that at some point the version in /system/xbin started taking priority and for some reason that version fails silently. More info here:
http://android.stackexchange.com/a/110883/109855
Hi guys! I need help because I have a problem that I do not manage to give it to an end. I think (hope not) I bricked my phone.
I have a Kyocera Brigadier (Verizon edition), where after many attempts, I succeeded to root it with Kingroot. I was very glad that I could to customize it like the old Nexus One. I installed Xposed and some modules like Gravity... All good. I was away in vacation and I said to test it more. I installed Busybox and Super Rom Tools. I did Install in BusyBox and in the morning I did not manage to wake the phone. I did a soft reset (keeping pressed power button 20 sec.), all good until I put it on sleep. It was the sleep of death. And again I had to forcibly restart. At one point it appeared above applications the default wallpaper, and oscillate when the home screen, when default wallpaper. An error message appear after few moments: Unfortunately, the process com.android.systemui has stopped. I went into Recovery (stock) and wanted to delete the cache but mistakenly (stress and nerves) gave reset phone, meaning Restore to factory settings. Besides the fact that I lost pictures and videos from vacation, I lost all applications and settings ... I said this is it, this happens if you don´t have your head on your shoulders. I was installed Titanium but I had not done any backup yet.
I tried now to uninstall applications imposed by Verizon, and try to eliminate the annoying message "This year SIM card is from unknown source" so I deleted one by one all applications and services that belonged to Verizon and Kyocera. I must say that after factory reset, remained the root and custom boot screen. Seeing that fail to get rid of that message, I said I'll try again when I get back home from vacation. I did again reset to factory default and surprise, it no longer occurs any application from Verizon or Kyocera, all I wiped disappeared. I did reset again and nothing. The custom boot screen was put to me, but not appears the Setup Wizard of the phone. I said this is it and so I do not want them ... After setting up my Gmail account when I tried to install applications from Google Play it gives me unknown error "-110". OK, I tried from the SD card and send it to me: For security .... bla bla ... block installation of apps obtained from unknown sources , but this setting is gray and I can not to mark off. I thought it was something from the root, and I did clean root from Kingroot but gave me error and gone and application and root. In settings of the phone it says at Root status - unknown (before it said rooted or unrooted)
Now I got home, I connected the phone to the computer and try to do adb install to see if it works. Recognizes it at adb devices, but if I give adb install any app it gives me this error:
C:\Android\sdk\platform-tools>adb install kingroot.apk
3221 KB/s (6649985 bytes in 2.015s)
WARNING: linker: app_process has text relocations. This is wasting memory and is a security risk. Please fix.
WARNING: linker: app_process has text relocations. This is wasting memory and is a security risk. Please fix.
pkg: /data/local/tmp/kingroot.apk
Failure [INSTALL_FAILED_INTERNAL_ERROR]
I tried to root it again with desktop version of Kingroot, Kingoroot, Rootgenius but no success...
What I noticed:
- all phone applications have 0.00B and at storage stays at Calculating...
- system time I think it's not correct, although it looks right it is set at 13/01/1970...
- whole system memory is read only. I cannot change anything, all apps data and settings are stored in the RAM flash not in ROM memory
I done before some roots and install custom recovery and ROMs of several phones like Nexus One, Galaxy Nexus, SII, SIII, Nexus 4, Motorola Xoom but I´m not a developer, I´m a firefighter so my knowledge of programming are limited... I just helped some friends to customize their phones and use their phone at max capacity.
So please can someone give me some solution to try? Some adb commands....
btw the bootloader is locked by Verizon
I have another friend with same phone, can I make a nand backup and flash it on my phone? How?
Thank you for your time!
Best regards!
THE SOLUTION!!!
I attach some screenshots maybe it help...
BUMP
Over 40 views and no solution to try?!
I played more today with ADB and I attach some results...
I tried to root it again with Kingroot PC version but no success...
Anyone knows how to make system read/write? Because I think this is the big problem.... If I can install apps maybe I can root it again with Kingroot apk...
In bootloader appear the sunken Android and an little 1 in the top left side and that´s all, tried fastboot oem unlock but failed, other commands like flash didn´t tried.
Please, any idea?
Best regards!
Hi,
I bought last week, the European Brigadier aka Torque KC-S701 and i had to root it but any success for now !
I read about your issue and i'm asking regarding your adb command's results :
C:\SDK\sdk\platform-tools>fastboot oem unlock
...
FAILED (status read failed (Too many links))
finished. total time: 1602.805s
1) What was your aim doing that ? Unlocking the Brigadier ?
- a) Your bootloader had to be unprotected
- b) adb reboot-bootloader
- c) Fasboot devices
???
- d) If something apeared then
fastboot oem unlock
Vol UP to select opened cadenas and Vol Down to check it
- e) Reboot with
fastboot reboot-bootloader
2) What about now with the following command "adb shell' and 'll' or 'ls -al' ? did you compare with the first time as in your txt file ?
3) Maybe an idea : 'adb reboot recovery' ?
In all the cases, the real challenge is to mount /system in rw to push the 'root files' ...
Let us know about your tries ...
If Kyocera can flash your phone from scratch, that means it's able for us/someone to do the same ... :fingers-crossed:
the adb commands working perfectly...
- adb reboot-bootloader - phone reboots in bootloader (it appear sunken android with a little 1 in top left corner and that´s all)
- adb reboot recovery - phone reboots in recovery (you have only 3 options in recovery: reboot phone, restore to factory settings clean up cache memory)
With fastboot oem unlock command nothing happened on screen. Tried some combination of Vol UP, Vol Down, power button but nothing (I thought the options was hide from user viewing)... On nexus devices and other few, at this command you´ll be asked for Bootloader unlock but in this case Verizon make something well done...
In no one screen mode (recovery, bootloader, safe mode and normal) any command adb shell, adb remount, adb fastboot which contain /system failed for write mount... read only... (maybe I didn´t write the commands well)
Kyocera can flash the phone because they have the tools... I talk with a friend which told me that there is a chance by disassemble 2 phones (mine and one working good) and make a connection on the motherboard with some special cables with Box tool but it´s a risky operation.... There is chance to brick both phones and then Kyocera Service Center cannot do anything. Beside, opening the phones it´s hard to resealing again for water protection.
The only easy chance is to unlock bootloader and flash then original or custom ROM. but...
Obsy said:
the adb commands working perfectly...
- adb reboot-bootloader - phone reboots in bootloader (it appear sunken android with a little 1 in top left corner and that´s all)
- adb reboot recovery - phone reboots in recovery (you have only 3 options in recovery: reboot phone, restore to factory settings clean up cache memory)
With fastboot oem unlock command nothing happened on screen. Tried some combination of Vol UP, Vol Down, power button but nothing (I thought the options was hide from user viewing)... On nexus devices and other few, at this command you´ll be asked for Bootloader unlock but in this case Verizon make something well done...
In no one screen mode (recovery, bootloader, safe mode and normal) any command adb shell, adb remount, adb fastboot which contain /system failed for write mount... read only... (maybe I didn´t write the commands well)
Kyocera can flash the phone because they have the tools... I talk with a friend which told me that there is a chance by disassemble 2 phones (mine and one working good) and make a connection on the motherboard with some special cables with Box tool but it´s a risky operation.... There is chance to brick both phones and then Kyocera Service Center cannot do anything. Beside, opening the phones it´s hard to resealing again for water protection.
The only easy chance is to unlock bootloader and flash then original or custom ROM. but...
Click to expand...
Click to collapse
Well, I read you and sommething seems to be intersting ... Whenyou go into recovery, you found 3 options then 'Restore to factory settings' and your will be back alive ! I suppose ... :laugh:
I think thius is the only way to 'recover' a working phone because seing your pictures ... your phone dis not respond correctly !
Give you a try ... :good:
Lol, if you didn´t observe it I did it few times - restore to factory setting but unfortunately the programs and services which I delete it was from eprom memory so now is nothing to restore. And now with the system files blocked on read only I cannot push it them back....
So, unable for you to restore but what happened when you did a : 'adb shell && ll '?
What did you see compare to your txt file ? The same or not ?
This is ADB shell from today. What's curious is that date and time are prehistorical and nothing change except the dev and data files... What should be mentioned is that system file is locked to 15.05.2015 the time when phone went crazy....
Obsy said:
This is ADB shell from today. What's curious is that date and time are prehistorical and nothing change except the dev and data files... What should be mentioned is that system file is locked to 15.05.2015 the time when phone went crazy....
Click to expand...
Click to collapse
The date are not prehistorical ... i have the same date about on my Torque KC-S701 as 1970-01-01. Which could be intersting seemed to be the different date for some directories (1970/01/01 21h36 to 1970/01/03 02h43) ... WEIRD !
Take a look on mine.txt in attachment.
So try to go on /system and make a ll to compare 'permissions' with mine.
I think you made a recovery with weird present recovery in your phone. Weird because different to the original ...
So, you told us /system was now RO, did you try to re root your phone by the same way used your first time ? This could be give you the right to put in RW that you want and to get from someone which have the same phone, the original directories which are differantly dated as your first ...
This is just an idea ... :silly:
Rood i did with Kingroot.apk but now I cannot install any app nor Play Store (error -110) neither SD card (cannot pass by unknown source)... I tried the desktop version of Kingroot but no success...
I did cd /system and here it is.
All seems to be good ...
USB debugging is active because you can use adb without any problem.
Did you try a adb shell fix_permissions ? I saw you tried to install kingroot by adb but did you try to re-ionstall kingroot.apk with adb.exe -r kingroot.apk ?
So, on your screenshots, we can see calculating place taking by apps but whitout any results ... Did tou try to see sommething by adb shell df just to see if you can see something in /data ?
So, what about adb shell mount ?
In all the cases, without root, you can't mount /system in RW !
I hope you'll get more further info to solve your issue without sending your phone for flashing to Kyocera !
....
zegoo said:
All seems to be good ...
USB debugging is active because you can use adb without any problem.
Did you try a adb shell fix_permissions ? I saw you tried to install kingroot by adb but did you try to re-ionstall kingroot.apk with adb.exe -r kingroot.apk ?
So, on your screenshots, we can see calculating place taking by apps but whitout any results ... Did tou try to see sommething by adb shell df just to see if you can see something in /data ?
So, what about adb shell mount ?
In all the cases, without root, you can't mount /system in RW !
I hope you'll get more further info to solve your issue without sending your phone for flashing to Kyocera !
Click to expand...
Click to collapse
adb.exe don´t work...
adb install -r kingroot.apk same error...
adb shell df and mount > this is the results:
C:\SDK\sdk\platform-tools>adb shell df
Filesystem Size Used Free Blksize
/dev 926.4M 132.0K 926.3M 4096
/sys/fs/cgroup 926.4M 12.0K 926.4M 4096
/mnt/asec 926.4M 0.0K 926.4M 4096
/mnt/obb 926.4M 0.0K 926.4M 4096
/system 1.4G 959.0M 515.2M 4096
/data 11.6G 352.3M 11.2G 4096
/cache 845.6M 13.6M 832.0M 4096
/persist 7.8M 4.1M 3.8M 4096
/firmware 64.0M 56.9M 7.1M 16384
/sysprop 7.8M 5.0M 2.8M 4096
/carrier 39.3M 4.0M 35.3M 4096
/mnt/shell/emulated 11.6G 352.3M 11.2G 4096
/storage/emulated/legacy 11.6G 352.3M 11.2G 4096
/data/DxDrm/fuse: Permission denied
/mnt/media_rw/sdcard1: Permission denied
/storage/sdcard1 14.8G 7.5G 7.3G 8192
C:\SDK\sdk\platform-tools>adb shell mount
rootfs / rootfs ro,relatime 0 0
tmpfs /dev tmpfs rw,seclabel,nosuid,relatime,size=948676k,nr_inodes=181731,mode=755 0 0
devpts /dev/pts devpts rw,seclabel,relatime,mode=600 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,seclabel,relatime 0 0
selinuxfs /sys/fs/selinux selinuxfs rw,relatime 0 0
debugfs /sys/kernel/debug debugfs rw,relatime 0 0
none /acct cgroup rw,relatime,cpuacct 0 0
none /sys/fs/cgroup tmpfs rw,seclabel,relatime,size=948676k,nr_inodes=181731,mode=750,gid=1000 0 0
tmpfs /mnt/asec tmpfs rw,seclabel,relatime,size=948676k,nr_inodes=181731,mode=755,gid=1000 0 0
tmpfs /mnt/obb tmpfs rw,seclabel,relatime,size=948676k,nr_inodes=181731,mode=755,gid=1000 0 0
none /dev/cpuctl cgroup rw,relatime,cpu 0 0
/dev/block/platform/msm_sdcc.1/by-name/system /system ext4 ro,seclabel,relatime,data=ordered 0 0
/dev/block/platform/msm_sdcc.1/by-name/userdata /data ext4 rw,seclabel,nosuid,nodev,relatime,noauto_da_alloc,data=ordered 0 0
/dev/block/platform/msm_sdcc.1/by-name/cache /cache ext4 rw,seclabel,nosuid,nodev,relatime,data=ordered 0 0
/dev/block/platform/msm_sdcc.1/by-name/persist /persist ext4 rw,seclabel,nosuid,nodev,relatime,data=ordered 0 0
/dev/block/platform/msm_sdcc.1/by-name/modem /firmware vfat ro,relatime,uid=1000,gid=1000,fmask=0337,dmask=0227,codepage=cp437,iocharset=iso8859-1,shortname=lower,errors=remount-ro 0 0
/dev/block/platform/msm_sdcc.1/by-name/sysprop /sysprop ext4 rw,seclabel,nosuid,nodev,relatime,data=ordered 0 0
/dev/block/platform/msm_sdcc.1/by-name/carrier /carrier ext4 rw,seclabel,nosuid,nodev,relatime,data=ordered 0 0
/dev/fuse /mnt/shell/emulated fuse rw,nosuid,nodev,relatime,user_id=1023,group_id=1023,default_permissions,allow_other 0 0
/dev/fuse /storage/emulated/legacy fuse rw,nosuid,nodev,relatime,user_id=1023,group_id=1023,default_permissions,allow_other 0 0
DxDrmServerIpc /data/DxDrm/fuse fuse.DxDrmServerIpc rw,nosuid,nodev,relatime,user_id=1013,group_id=1000,allow_other 0 0
/dev/block/vold/179:64 /mnt/media_rw/sdcard1 vfat rw,dirsync,nosuid,nodev,noexec,relatime,uid=1023,gid=1023,fmask=0007,dmask=0007,allow_utime=0020,codepage=cp437,iocharset=iso88591,shortname=mixed,utf8,errors=remount-ro 0 0
/dev/fuse /storage/sdcard1 fuse rw,nosuid,nodev,relatime,user_id=1023,group_id=1023,default_permissions,allow_other 0 0
C:\SDK\sdk\platform-tools>
If u can understand something... o.0
Thanks!
Why did you say 'adb.exe' does not work ?
'adb' or 'adb.exe' is the same ...
So you wrote that your memory is in Read Only, i don't understand ... Were you talking about /data because /data is ReadWritable ?
I know we have not got the same phone but there is my 'mount result command' in attachment. /data is in RW as it should be and /system in RO as too.
You should compare this two files, may be you'll find something instersting to solve your issue ... So is there someone which have the same phone which could give you the same command result to compare ? :good:
adb.exe no such command
On mount beside some numbers I have this line in addition to yours
DxDrmServerIpc /data/DxDrm/fuse fuse.DxDrmServerIpc rw,nosuid,nodev,relatime,user_id=1013,group_id=100 0,allow_other 0 0
Yes, the /data is RO or corrupted
C:\SDK\sdk\platform-tools>adb shell
[email protected]:/ $ cd /system
cd /system
[email protected]:/system $ ll
ll
drwxr-xr-x root root 2015-05-18 23:45 app
drwxr-xr-x root shell 2015-05-18 23:45 bin
-rw-r--r-- root root 6120 2015-05-15 21:25 build.prop
drwxr-xr-x root root 2015-05-10 08:08 csc
drwxr-xr-x root root 2015-05-15 20:40 etc
drwxr-xr-x root root 2014-07-13 22:18 fonts
drwxr-xr-x root root 2014-07-13 22:18 framework
drwxrwx--x root root 2014-07-13 22:18 kcjprop
drwxr-xr-x root root 2014-07-13 22:18 lib
drwx------ root root 1970-01-01 02:00 lost+found
drwxr-xr-x root root 2015-05-16 22:42 media
drwxr-xr-x root root 2015-05-18 22:39 priv-app
drwxr-xr-x root root 2014-07-13 22:18 tts
drwxr-xr-x root root 2015-05-09 17:40 usr
drwxr-xr-x root shell 2014-07-13 22:18 vendor
drwxr-xr-x root shell 2015-05-18 23:45 xbin
[email protected]:/system $ cd /data
cd /data
[email protected]:/data $ ll
ll
opendir failed, Permission denied
255|[email protected]:/data $
255|[email protected]:/data $ df
df
Filesystem Size Used Free Blksize
/dev 926.4M 132.0K 926.3M 4096
/sys/fs/cgroup 926.4M 12.0K 926.4M 4096
/mnt/asec 926.4M 0.0K 926.4M 4096
/mnt/obb 926.4M 0.0K 926.4M 4096
/system 1.4G 959.0M 515.2M 4096
/data 11.6G 938.7M 10.7G 4096
/cache 845.6M 13.6M 832.0M 4096
/persist 7.8M 4.1M 3.8M 4096
/firmware 64.0M 56.9M 7.1M 16384
/sysprop 7.8M 5.0M 2.8M 4096
/carrier 39.3M 4.0M 35.3M 4096
/mnt/shell/emulated 11.6G 938.7M 10.7G 4096
/storage/emulated/legacy 11.6G 938.7M 10.7G 4096
/data/DxDrm/fuse: Permission denied
/mnt/media_rw/sdcard1: Permission denied
/storage/sdcard1 14.8G 7.5G 7.3G 8192
1|[email protected]:/data $
BTW u have LTE working on Orange?
Humm, about 'adb.exe', you are under windows and when you write 'adb' or 'adb.exe', this is the same. Juste take a look inside the directory where 'adb.exe' is located.
So, under Linux, for my mind, i wrote 'adb ' ...
Regarding your '/data', i can read:
'/dev/block/platform/msm_sdcc.1/by-name/userdata /data ext4 rw,seclabel,nosuid,nodev,relatime,noauto_da_alloc, data=ordered 0 0' in the result of your mount command, that's meaning '/data' is correctly mounted in 'RW' as it had to be.
Regarding the line(s) which is(are) different between our each 'mount command', i don't know more further ... Weird !
Regarding the 'll command' when you to see in '/data', i have exactly the same ... This is a Kyocera protection ! Sucks !
The only weird thing i saw regarding your different command are as your phone was in its first stage when you bought it that's why i have an advice ...
Try to get 'root' again ! You had to succeed to push the files needed in '/data/local/tmp' as it was done before. :good:
For LTE, your right, the Torque KC-S701 is for European market and is able regarding LTE French network aka Orange for Free network for my mind ... as it should be regarding your Brigadier if Verizon and Kyocera respected the law ... We have the same equipment, the only difference is the screen, better is yours ! Lucky guy !
Today from nothing, the "sleep of death" and "the process com.android.systemui has stopped" come back.... Clear cache from fastboot didn´t help, only restore to factory settings.....
I played with some adb commands and this is the results. If someone have time to watch it and maybe have an idea.... Thanks!
So... Hear is very clearly what u need to do. But before I tell u I want to make somethings clear.
Root access alone will not make /system rw.
You have to mount system as rw.
Apps that relay on root access will do this for u if they modify the /system which exposed would have.
Also removing/uninstalling /system apps is not ever recommend for many reasons. If there were ever an update you would not be able to apply the update.
You have titanium back up. Use the freeze option instead. This allows u to restore the app if ever needed.
Now on to your issue. Please forgive me as your OP is a bit of a run on and broken English.
From what I can understand (and with a bit of guessing) one of your xposed mods cause a FC of the system UI. Which lead u to hunt down issues in the wrong place (even if u hadnot factory reset clear cache would have done no good)
Xposed is.... OK... But has many fundamental flaws in a nut Shell it replaces a few native .jars with hooks built into them (this in of itself modified files in the /system of which the normal end user has no idea which files so right off the back you will never be able to update your system if ever and OTA comes for it)
Secondly the biggest flaw in exposed... The modules. Way to much trust is given to the creator of said module and many of the modules I inspect have modules active by default. This is a HUGE no no because say a certain aspect of this module does not work with your current rom(version of Android altered by OEM and carrier) well guess what happens... You have just created a device that when it boots it runs that module which causes the system UI to crash and now u can not access or use your phone. And because your rooted but not unlocked (bootloader not carrier unlocked) you have no custom recovery and therefore no way to restore the /system partition of your device... Welcome to your house hold another paper weight brick.
So you or any average Android "tinkerer" thinks (and rightfully so because its says EVERYWHERE a factory reset will restore my phone to like the day I got it) I can restore my phone with a reset. Well that is true to an extent. If you never touched the /system partition of your device a factory reset just erases all data in /data (user data partition) and presto phone is back to new... However the simple act of rooting a device touched the /system to place two files in there. The su binary and the supersuer apk.
Anyways. To continue on. I hope the above info enlightens you to your current issue. You need to restore your /system partiton... How do I do this you ask.. Well IF you had root you could replace every file you modified or touched or removed (with the exact same file that comes preloaded can not be a copy of an apk from the play store and another device that's "close enough")
Each file must be signed from your OEM.
OK so you say well **** I don't have root access any more.
Still not the end of the world. You could fastboot flash (or whatever means of bootloader communication Kyocera uses)
However because your bootloader is locked you can not just flash the /system with anything. It must be an image signed by OEM and or carrier.
And sense most oems do not have just a system img to flash you will need to locate the entire package they flash, and it must be for your EXACT DEVICE if you flash say an AT&T package on your vzw device you will only cause fastboot flash failures due to signing mismatch or worse.
So I leave you with this.
Google
Fastboot OEM files for (insert device name/brand/carrier)
And may I wish u the best of luck
Sent from my Nexus 6 using Tapatalk 2
Thank you too much for your time!
English isn´t my primary language.. and I don´t use Google translate.... only when i don´t remember something... The biggest mistake I did was to unroot the phone, I get an error and from then /data was corrupted
The phone worked well one week with Xposed modules until I installed Busybox. Next day the mess begin. So I blame Busybox. Now I don´t have root and any other apps installed, xposed or modules and I het again that systemui error? Why?
I can´t find any OEM files for Kyocera Brigadier... so can I get one from a functionally phone? Like I said, I had 2 friends with same phone, one rooted and one not
Which commands should I use for it? Did you see the last adb commands I used? one post before?
Thanks again!
Obsy said:
Thank you too much for your time!
English isn´t my primary language.. and I don´t use Google translate.... only when i don´t remember something... The biggest mistake I did was to unroot the phone, I get an error and from then /data was corrupted
The phone worked well one week with Xposed modules until I installed Busybox. Next day the mess begin. So I blame Busybox. Now I don´t have root and any other apps installed, xposed or modules and I het again that systemui error? Why?
I can´t find any OEM files for Kyocera Brigadier... so can I get one from a functionally phone? Like I said, I had 2 friends with same phone, one rooted and one not
Which commands should I use for it? Did you see the last adb commands I used? one post before?
Thanks again!
Click to expand...
Click to collapse
You will have xposed installed tho. Not the apk but remember the app xposed installs and replaces files inside the system.
The system UI failure is likely due to on the the apks u uninstalled via titanium backup.
To hunt the exact reason u have the UI fc preform a logcat
Boot phone...
Connect to pc
From your directory with adb open comand promnt on pc (assuming your using Windows)
Type
adb logcat > systemuifc.txt
Cause the UI to crash...
Wait 30 seconds then close the command prompt
This will create a text file of the logcat in the directory.
Look thru the logcat to find what caused the UI to crash.
U can email it to me and I can browse it
My user name at g mail dot com
Sent from my SHIELD Tablet using Tapatalk 2
---------- Post added at 02:26 PM ---------- Previous post was at 02:07 PM ----------
I thought I read somewhere... But I looked back and didn't see it. Is the su binary anywhere in /system/xbin/
Because unless u removed it manually or used some kind of app to remove it, it should still be there...
If it is. And we can find the issue for UI crash and what apps u need, I'm sure it's fixable...
But the larger issue is fixing the corrupted /data
I would preform a factory wipe in recovery, then in fastboot mode use command prompt
fastboot erase userdata
That would be the only thing I could think of to try and correct the corrupt data
Once u get the data corruption issue dealt with. You "could" pull any missing apks from your friends phone. Then push them to yours once u get your data partition fixed, and re root
Sent from my Nexus 6 using Tapatalk 2