Hi, I've been asked by a friend to help in a rather unfortunate situation. The sons of one of his friends has, tragically, died. His parents have a tablet of his and want to get the data (photos, mainly) off it, but unfortunately they don't know his unlock code. I believe it's a Galaxy Tab 10 model, so I'm try to POC it on my own tablet which is an original Galaxy Tab 10.1. I don't believe that his device is rooted, but neither is mine, so if I can get it going on mine, I should be fine on his. As far as I can see, I'm pretty nailed, but I thought I'd check to see if there any neat tricks to get at the user data.
I've done a fair bit with adb on my Nexus 4, and can get at the data as it's rooted, so I'm familiar with mounting devices, etc - I've looked at the mount points when logged into the device, and I find that /dev/block/mmcblk0p8 mounts to /data, but when I reboot into recovery mode I get "operation not permitted" when I try
Code:
mount -r -t ext4 /dev/block/mmcblk0p8 /data
I'm not really surprised about this, because my device isn't rooted. adb root gets a "cannot run in production builds", I can't su in the adb shell and I can't adb pull that device file down to my machine to see if I can mount a copy of it locally (again, as it has 600 root/root permissions, I'm not surprised at this).
As I said, I'm not surprised all this has failed, as my device isn't rooted - is there anything I can try to get round this? I'm pretty sure not, but given the circumstances I thought I'd ask. I will see if I can get the tablet and see if it's rooted, if so then I'm guessing that this should work, happily (unless, of course, local data encryption was enabled - AFAIK this isn't by default, but I can't remember), but if not then I'm not sure I can help.
I did see something about loading Odin then this should enable access, but I don't want to try this on my own tablet, and I would also be dubious about doing it blind on their tablet in case I accidentally wipe all the data.
Thanks for any help you can give
MH
Related
Recently I decided to try Slim Bean on my phone, seeing they released a new version a few days ago. I had been running Cyanogenmod 7 but decided it was time for a change. Initially, everything worked great, I was able to reinstall all my old apps, send texts, and things functioned well.
About 12-14 hours after doing this however, my phone stopped having signal. I didn't reboot it or anything, just no longer would it pick up a signal. Checking the about phone revealed it saying it had an unknown baseband and IMEI, I wasn't too concerned, I had backups of the EFS files, so I turned on USB debugging, plugged my computer in, and used an adb shell to move the backup to the main system. However, this still didn't work for my phone.
According to the Slimrom's FAQ, there are two solutions to this: delete the 00check and 98tweaks files in the system/etc/init.d folder, or just reinstall the ROM. However, using an adb shell or a terminal emulator on my phone, both with superuser powers, I can't remove those files. chmod spits back that they are read-only files. lsattr shows only the A tag active, which shouldn't be standing in my way. I seem powerless to get rid of these, and I can't find any guide as to how to do so. I've tried restoring to factory defaults and reinstalling the ROM, and this time I don't have signal right from the start. Can anyone help me figure out what to do about this? I've searched around and can't find any answers, which is making me think I'm just missing something really stupid. Any help would be appreciated!
Update: Figured it out. The system partition was mounted as read-only, and I thought I had tried remounting it but must have tried a higher level directory or botched the command. mount -o remount,rw /system gave me the ability to delete those files. Sorry for the trouble!
Hello all,
I have been trying to gain root on a Android 4.0.4 device and was able to, but I can't seem to keep system rw long term.
I run the following command
mount -o remount,rw /system
or
adb remount (from a PC)
the mount command will then show that system is in rw mode. However, if I attempt to copy any data into /system, the first file copy fails and the system then reports read only. To make things even more odd, commands like chmod on a file in /system work just fine.
It seems to me that there is something that detects something writing to /system, and then forces the mount back to ro.
Does anyone have any ideas about this? Is this a common technique manufactures use?
The closest thing I could find on XDA is a reference to Sony Xperia devices having a watchdog service that doesn't something like this, but this device is a Kenwood Head unit and not a Sony device.
Thanks!
chris.davis925 said:
Hello all,
I have been trying to gain root on a Android 4.0.4 device and was able to, but I can't seem to keep system rw long term.
I run the following command
mount -o remount,rw /system
or
adb remount (from a PC)
the mount command will then show that system is in rw mode. However, if I attempt to copy any data into /system, the first file copy fails and the system then reports read only. To make things even more odd, commands like chmod on a file in /system work just fine.
It seems to me that there is something that detects something writing to /system, and then forces the mount back to ro.
Does anyone have any ideas about this? Is this a common technique manufactures use?
The closest thing I could find on XDA is a reference to Sony Xperia devices having a watchdog service that doesn't something like this, but this device is a Kenwood Head unit and not a Sony device.
Thanks!
Click to expand...
Click to collapse
I would think that you might need to run a script to remount on boot perhaps, such as one along this idea http://www.3c71.com/android/?q=node/466. Like via init.d or if that isn't possible on this then maybe something like this could do it http://forum.xda-developers.com/showthread.php?t=2378274 ?
Just spit balling ideas.
Correct me if I am wrong, but it seems to me that I wouldn't be able to do those options since system doesn't actually stay rw?
Really depends on the phone. Sometimes you can slip a script in during boot that will keep the system open. Sometimes you need to have a special module too such as this: http://forum.xda-developers.com/showthread.php?t=2230341 Sometimes the kernel doesn't allow it. I would think on 4.0.4 it shouldn't be near as hard as some of the newer JB and KK things. What do you have?
It is the Kenwood DNN990HD running Android 4.0.4.
I will try and run the binary tool you linked.
Thanks!
Hello everybody, I'm Dejan and I could use some help please.
I have Samsung Galaxy SII GT 9100 with broken screen and I have some very important stuff in it. Screen is totally broken and I cant see a thing. Long story short i used Fuzzy Meep's app but I'm stuck deep in the mud so thats off. I booted phone in my custom recovery , installed ADB on PC and managed to connect to the device. But I can't make my way thru the sdcard. Here is what I did:
G:\ADB>adb.exe shell
~ # cd etc
cd etc
/etc # ls
ls
recovery.fstab
/etc # cat recovery.fstab
cat recovery.fstab
# Android fstab file.
#<src> <mnt_point> <type> <mnt_flags and options
> <fs_mgr_flags>
# The filesystem that contains the filesystem checker binary (typically /system) cannot
# specify MF_CHECK, and must come before any filesystems that do specify MF_CHECK
# data partition must be located at the bottom for supporting device encryption
/dev/block/mmcblk0p9 /system ext4 ro,noatime
wait
/dev/block/mmcblk0p7 /cache ext4 noatime,nosuid,nodev,j
ournal_async_commit,errors=panic wait,check_spo
/dev/block/mmcblk0p1 /efs ext4 noatime,nosuid,nodev,j
ournal_async_commit,errors=panic wait,check_spo
/dev/block/mmcblk0p10 /data ext4 noatime,nosuid,nodev,d
iscard,noauto_da_alloc,journal_async_commit,errors=panic wait,check_spo,encryptable=/efs/metadata
/dev/block/mmcblk0p12 /preload ext4 noatime,nosuid,nodev,j
ournal_async_commit wait
# vold-managed volumes ("block device" is actually a sysfs devpath)
/devices/platform/dw_mmc/mmc_host/mmc0/mmc0 auto auto defaults voldmanaged=sdcard0:
11,nonremovable,noemulatedsd
/devices/platform/s3c-sdhci.2/mmc_host/mmc1 auto auto defaults voldmanaged=sdcard1:
auto
/devices/platform/s3c_otghcd/usb auto auto defaults voldmanaged=usbdisk0
:auto
# recovery
/dev/block/mmcblk0p5 /boot emmc defaults recovery
only
/dev/block/mmcblk0p6 /recovery emmc defaults recovery
only
How do i mount internal memory and pull out my data? Any help is appreciated. Thanks
It's a CM LInaro Kitkat 4.4.2 with custom kernel. With older versions of Android I was able to do what I was attempting to do but I've read somewhere about certain change when mounting storage on 4.4.2.
Thanks in advance.
Noone? Reallu? At least some info about device reading out data directly from the storage chip?
denkodenko said:
Noone? Reallu? At least some info about device reading out data directly from the storage chip?
Click to expand...
Click to collapse
That isn't even remotely possible for an end user. The only people who might be able to do that is a company which specialises in recovery of data from dead HDDs'. If it is possible, expect it to be very very expensive. I've never seen a single person post here in 2.5 yrs saying they've had this done successfully. Even if this is was possible, fixing your screen would be cheaper.
Very few people here have attempted to do what you're doing with ADB (me included; frankly, if the data was that important to me, I'd pay $120 for a new screen to save myself hassles, but I wouldn't be in that situation to begin with because I back stuff up). Unfortunately, you're going to be in for a rather long wait if you don't manage to work this out on your own, many people who may have been able to help you don't post here anymore, they've moved onto other phones given it's been 3 yrs since this phone was released.
MistahBungle said:
That isn't even remotely possible for an end user. The only people who might be able to do that is a company which specialises in recovery of data from dead HDDs'. If it is possible, expect it to be very very expensive. I've never seen a single person post here in 2.5 yrs saying they've had this done successfully. Even if this is was possible, fixing your screen would be cheaper.
Very few people here have attempted to do what you're doing with ADB (me included; frankly, if the data was that important to me, I'd pay $120 for a new screen to save myself hassles, but I wouldn't be in that situation to begin with because I back stuff up). Unfortunately, you're going to be in for a rather long wait if you don't manage to work this out on your own, many people who may have been able to help you don't post here anymore, they've moved onto other phones given it's been 3 yrs since this phone was released.
Click to expand...
Click to collapse
Well at least I gave it a shot but yeah... you are probably right I shouldn't have bothered posting and I was pretty sure someone somewhere might have asked the exact same question unfortunately I couldn't find it. I know how annoying these questions can be and I'm very sorry if I made someone angry. Long story short - I managed to get my pictures and videos back, as well as contacts. I do back those stuff up. however I had some .bin files for work that I lost but I've been living with that. It just might take some time browsing on the Internet finding them again but I'd rather do that than trying to do anything with the phone. I bought it $100 last year, the screen alone is that much, there's no point in fixing it. And at last but not least, thanksfor the reply.
Nah, they're not annoying It's just a very unusual situation, and as I said, if you want help with that sort of stuff with this phone on here, because so many people have moved on, you need to be really patient, that's all.
Same story
Shortly broken display no touch input. I had custom KitKat rom.
I had almost given up trying to mount the internal sd card with ADB, following numerios forum post instructions
here is my solution using windows pc and ADB
I rebooted in recovery (I think it was 6,0xx)
Using command prompt (you also need adb.exe) :
adb remount
adb root
adb usb
Those 3 command somehow mounted the internal storage and I was able to use the "adb pull" comand to copy the whole internal sd card to my hard drive
After that I went with "adb shell" to check how the sd card was mounted and here is what I found:
"
/dev/block/vold/259:3 on /storage/sdcard0 type vfat (rw,dirsync,nosuid,nodev,noe
xec,relatime,uid=1023,gid=1023,fmask=0007,dmask=0007,allow_utime=0020,codepage=c
p437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro)
/dev/block/mmcblk0p11 on /emmc type vfat (rw,dirsync,relatime,uid=1023,gid=1023,
fmask=0007,dmask=0007,allow_utime=0020,codepage=cp437,iocharset=iso8859-1,shortn
ame=mixed,utf8,errors=remount-ro)
"
Posted this in the wrong place, i guess this is the right
Hi everyone,
I have a 10.1'' chinese tablet with a rk3066 chip, suddenly the firmware got damagend, there is no way to find the original, i've tried with over 100 different firmwares from here or rockchipfirmware, nothing worked, but there is 1 version that barely works (PlayerMomo12 release 3) but the screen is inverted in both axis (X and Y), i've tried different methods to fix it, with apks, with usb debugging, and nothing worked, the apps just doesn't works, even one of them dissapeared and i was unable to install it again, using my laptop doesnt works because the directory that should mount doesn't exist, i don't know why but i've tried all the methods, even mounting with a terminal inside the tablet (you can imagine how hard was writting with the screen like a mirror), then i thought the only solution was using the kitchen to modify the file script.bin, but again, a lot of problems, i couldn't open the image, found this thread:
http://forum.xda-developers.com/show...33246&page=555
-------------------------------------
Originally Posted by biglcny
just running sysrw and sysro would return this:
Usage: mount [-r] [-w] [-o options] [-t type] device directory
rather than no output as usual. I believe there may be another version of mount that takes different parameters. When a rom is flashed and you connect to it with adb shell there is a version of mount in /system/bin that is different and accepts options in a different format.
simply typing running mount at the command line or in a shell script uses that one instead of the busybox one.
dr.notor replied:
Well, the above is an example of totally screwed up mount binary, dunno which phone and ROM you are using but the guy who produced the above would deserve a bit hit with a cluebat into their head.
If you have similar broken crap, simply edit the scripts to call busybox mount and not mount.
-------------------------------------
well, this is the point (after a lot of days working on this) when i give up, this tablet was bought in China and the company (scope) doesn't sell it anymore, and they don't reply the emails, even the webpage is half empty, this is the point when i ask, if someone can help me sending a working kernel based on this rom (PlayerMomo12 release 3) or the firmware with the script.bin modified to invert both axis, if no one can, then it's the moment to smash the tablet with a giant hammer and send it back to China
i could bought 2 galaxy tab 4 if i wasn't wasted so much time on this
here is the firmware if someone wanna to try
http://www.rockchipfirmware.com/cont...-tnt-release-3
Ok, I get that boot-debug has been around for years... since android 10 for me, before that, it was variant=user, or variant=eng(ineer).
Strange how after I show boot-debug.img, magisk chooses this very path, but only after. Keeping in mind many people come here asking questions, and all those that know sit back and say nothing. Until they dont like what they see.
If you know better, and cant help, please keep your comments to yourself. This thread is intended to HELP, and is targetted toward those who CHOOSE to HELP because they CAN.
How I got su to work. Is this root? Now this is a good question. I dont want ANY overlaid system in my fone. I want to write to system like many others want to.
Not some google way of forcing us to use their mirrored online version of a locked filesystem already on my f'n.
Priority 1: I want to root my f'n without internet. Period. I do NOT want magisk using my credit. This proves we pay for magisk. I sometimes live so far from the world wide web, that offline is the only way to work. So I need to be able to root without google or THEIR employees offerings.
Priority 2: RW-able system.
So, I discover boot-debug.img for my f'n. Had it for a year, before I discovered it. Yeah, I discovered it after a year here asking, and getting NO replies that worked. Only after I'm vindicated to the naysayers 'thats been around forever...' yeah, try helping instead of useless comments.
In the end, I learned so much in such a short time. Constructive critiscism is NOT insulting. Magisk kills root in MY f'n. PERIOD. Camera does not work, location does not work, and I cant make/receive calls. But hey, it's an overlaid file system, of course it wont ALL work, I mean, I'd expect to lose a lil functionality, but disabling the GSI ability in dev options? I dont think so.. Worse, lack of adb or fastboot is produced in my f'n when using magisk, so tata magisk.
My logs actually explain all, so no more crappy adb logs. Yeah, I like simple adb, it works, or I'll MAKE it work.
Like this:
Attempt every possible method of flashing magisk according to tut's, nada. 3 different paths lead me to...?
1: The note9 recovery I found, that lopstom was kind enough to twrp for me (well appreciated) is the KEY to gaining root on my ulefone armor x5 mt6765. It turns out that the note9 recovery is actually an android 9 os, with a 'super' .img - and being android 9, the bootloader I used is an OLD bootloader, in particular, the variant=eng type. Note this, this is key.
2: With the note9 flashed to recovery I can RW system in android 10 properly, but only in twrp.
3: Discover boot-debug.img - yup, it's not quite a variant=eng build, but it does work for the following:
Flash boot-debug.img. By doing so, you get the adb root command, and the disable-verity options, way better than wiping vbmeta, which contains the 'is it rw, or ro' of every file in every partition to be mounted in their own partitions, but what most dont know, is each file mounted in it's own mountpoint also has the information contained by vbmeta, but for each seperate file. So unless you add the /null (one for system, the other for vendor) after the disable-verity...
Nah, wipe most of your directory structure, then wonder why in a RW-able system, it still dont work. Because each file in it's own mountpoint knows if the system directory SHOULD be ro or rw. That's EACH and EVERY stock file in it's OWN mountpoint, has the RW or RO inf for the system & vendor directory, ie, is system RW?
Example: Camera wont work, get it?
In the end, this is how I went about installing su.
Flashed boot-debug.img did NOT flash recovery. Flashed meefik busybox-arm64 to f'n, but did NOT install it, instead, I opened it to install it, top left, saved the busybox-arm64 and then flashed twrp, and while there, flashed the system_rw, to defeat the system_RW saying not enough space, I chose 1024, did the copy over of super_fixed, then rebooted, enabled system, THEN flashed the busybox-arm64 from twrp, and rebooted.
Results: I copied the busybox-arm64 su, from xbin to system. In order to defeat the system_RW saying not enough space, I chose 1024. Round numbers matter with system_RW, same senario as memory, so use sizes equal to how memory works. ie, 32, 64, 128, and multiples of.
Look at the adb posts in my closed thread.
With Su installed, I have to type exit TWICE to exit. without su in system, exit only needs typed once.
Now here is why I continue. I found root, but dont have the experience, but it's like this:
See all those lovely new file that end in .cel? Mine says platinum. That means I AM ROOT. By swapping out .cel files, I have all the access magisk denies me. .cel files... get on it devs... swap them out, try try try... find what I found.
I dont actually need su, but i need it for some apps. What I have proven, is that SU does NOT kill android 10_Q.
variant=user or variant=eng, is NOW dependant on .cel files, like, say, boot-debug.cel.
Have a nice discovery... I hacked googles latest offering my-cel-f
Edit: Cel files are found in the bootloader, a zero byte file, the file NAME decides what the loader can or cant do, PERIOD.
New root tools only require swapping these out, as well as a few system edits when done.
Ok, slight mistake in spelling so I'll add the following for you to 'see'..
userdebug_plat_sepolicy.cil
So it's not cel as I wrote in the first post, my point being just as valid.
Platinum clearly states there are more who's names I have yet to obtain...
Theoretically in my mind, if I swap the .cil file in the bootloader for say hypothetically:
engdebug_plat_sepolicy.cil... with the few edits seen in the android 10 notes I posted from china, the one where people say 'too much hassle' - I say, for them. Those notes show the rest of the cil files, so yeah, I got root OPTIONS to play with
Stay tuned for more scottish inventor style NOTES.
Edit: for the record: https://source.android.com/compatibility/vts/vts-on-gsi