I want to flash my cube i7.
I achieved to set ro.secure=0 ; ro.adb.secure=0 and ro.debuggable=1 by splitting the boot image i use to boot with fastboot.
ADB allow me to enter in root mode (adb root) but when i want to mount the system in rw, permission denied.
No way neither to push a file.
I can enter in some folder, according the permissions specifics to each one of them, but since i'm a normal user, i can't write anythinx in order to push supersu.
Well, I think the cause is selinux policy preventing adb (or adbd) to gain administrator privilège.
So here the questions ?
Is there a way to mount system at boot time (what i did already with fstab) to allow me to modify it ???
Is there a way to disable selinux for just a boot ???
Can i split the file system at cold state, modify file system, and flash it again in memory with proper permission ???
Related
So, I've gotten my SGS2 today and went ahead to root it. Flashed CF-Root matching my current version (KE7 PDA/KE4 baseband). I used the S2Root app posted here on the forum to get root and flashed a stock kernel back.
In either of these stages, I couldn't get ADB to run as root, needed for a modification i'm trying to do (can't write to /system/framework otherwise).
Is there a known way to get ADB to run as root?
(The issue at hand - /default.prop contains ro.secure=1 and ro.debuggable=0 - And i can't edit this file in order for it to persist after reboot)
even in CWM i can't get ADB to run as root and thus cannot copy files to /system/framework even though /system is mounted as r/w.
Thanks for the help.
ransagy said:
So, I've gotten my SGS2 today and went ahead to root it. Flashed CF-Root matching my current version (KE7 PDA/KE4 baseband). I used the S2Root app posted here on the forum to get root and flashed a stock kernel back.
In either of these stages, I couldn't get ADB to run as root, needed for a modification i'm trying to do (can't write to /system/framework otherwise).
Is there a known way to get ADB to run as root?
(The issue at hand - /default.prop contains ro.secure=1 and ro.debuggable=0 - And i can't edit this file in order for it to persist after reboot)
even in CWM i can't get ADB to run as root and thus cannot copy files to /system/framework even though /system is mounted as r/w.
Thanks for the help.
Click to expand...
Click to collapse
Try this:
adb shell mkdir /sdcard/temp/
adb push fileToPush /sdcard/temp/
adb shell
$ su
# cp /sdcard/temp/ /system/path/to/push/to/
ADB doesn't run as root, as it's not safe to, as you can bypass superuser security in a rogue app otherwise
I'll try it ASAP, Thanks.
Isn't there a way to edit /default.prop though?
I'd prefer to have adb run in root at the very least while running this mod, and then restore it.
the mod currently patches framework.jar/libwebcore.so for RTL issues, and relays on scripted access to adb and r/w access to /system.
I ended up discovering that i need a different ROM either way since stock is odexed.
I'll try making my own ROM based on stock with deodexed files and make the fix before hand.
Hello,
i have a Wiko PULP 3G, without a working root method.
I take a look at the Firmware files, there seems no CRC Protection. Even a Satellite Receiver or a TV Firmware have such.
I changed Text in the image with a HEX Editor(ro.sys.usb.storage.type) to get Massstorage. I flashed the modified image.
The Program just done it. Okay i have still no Massstorage. But on the Mobile i can see the build.prop has really changed
like i edit it.
I wonder if i can change Textfiles, it may possible to mount system as r/w.
Its a 1.9GB image difficult to find the Init/fstab.
Questions:
1. What do i need to modify to get mass_storage ?
2. How are the typical Textlines for a phone to make system read-only?
3. If i have write access to /system i can put a "su" file(any?) to system install SuperSU and have root?
Okay i have modified a boot.img, repack it and flashed it.
I set ro.secure=0, ro.debuggable=1 and massstorage in build.prop.
I got masstorage )))))
But how do i get the su to xbin. In the extracted Boot.img or Recovery.img there is no xbin.
Other .img files cant be xtracted.
With adb push this dont work, no permission.
Ideas?
If this is a raw system partition ext4 image, you can just mount it (with -o loop) on your Linux PC and modify the contents.
_that said:
If this is a raw system partition ext4 image, you can just mount it (with -o loop) on your Linux PC and modify the contents.
Click to expand...
Click to collapse
Thanks, but its not a raw image. I think its Android Sparse Image Format.
Linux cant mount it. Yaffey is not able to handle it.
I wonder why there i no tool where you can put a Firmware in and click on "Root it" and ready is the new one?!
Now i found tools to depack/pack the system image.
But the Phone dont boot, it starts and restart in Recovery.
If i do a root filecheck in Recovery it says 1 file added and 1 file changed - FAIL.
There must be something like a modify protection
Hi all,
I have gained temp root access on a japan phone, able to obtain rw access to all files & folders except /system. Edited default.prop file on ro.secure and ro.debuggable to 0 & 1, did setenforce to permissive but still unable to write on /system getting mount: permission denied, is there any advice anyone can give please?
On a seperate issue, this phone does not have fastboot or recovery mode, attempted to dd a modified boot.img to the dev/block/xxxxxxxxxx folder of where the original boot.img was resulting a bootloop, wondering under normal circumstances when there is no fastboot or recovery mode, dd a boot.img should achieve the same flash result of using fastboot?
Thanks in advance!
Custom adb root boot image with chainfires adbd kernel from adbd insecure as the phones adbd.. it has a few other tweaks and a custom permissive kernel and systemless root from chainfires supersu... the rsa fingerprint doesn't pop up when you connect a computer but it can be bypassed with adb in a custom recovery and found out if you use adbd insecure and let it patch chainfires adbd kernel it makes the phone as attached device in for adb devices instead of the plain unauthorized device and vendor keys not set. ... if you use it now you get adb root access and regular root access with the su binary but due to the rsa fingerprint not popping up you have to use adbd insecure until a recovery comes out cause it bypasses rsa fingerprint.. credits to come... to use adb root access you need a custom recovery with adb... adbd insecure app... adb on you're computer.... android sdk/android studio... java... boost mobile j7 running build f3 but you can just run systemless root until a recovery comes through. You can grab systemless root from here http://forum.xda-developers.com/galaxy-j7/how-to/root-samsung-galaxy-j7-sm-j700p-t3430185
And use it with the boot image.. but i just added systemless root patches to the boot image so all you have to do is flash the boot image.
Stock boot image below incase you want to unroot and go back to stock which can be flashed in flashfire link below. You can take this boot image and use flashfire to flash the stock firmware or stock boot image and you can root or not root when you flash with flashfires inject systemless root.
Flashfire below
https://play.google.com/store/apps/details?id=eu.chainfire.flash
Stock boot image below
https://drive.google.com/file/d/0B6d5ZB2mhxuHQWlqT2RDMDJNWlE/view?usp=drivesdk
All i did was add adb root access to the ramdisk.. and a few other ramdisk tweaks and added supersu systemless root patch to the boot image and chainfires adbd insecure kernel as the phones adbd. And added the stock boot image in a odin flashable tar.
Custom adb root access and regular systemless root Boot image below
https://drive.google.com/file/d/0B6d5ZB2mhxuHUUpkandKRUpEdXc/view?usp=drivesdk
Credits....
@messi2050 from xda for original boot image and permissive kernel..
@messi2050 from xda for providing instructions on how to root with cf auto root
@Chainfire from xda for adbd kernel and adbd insecure app
@Chainfire from xda for cf auto root tar
@Chainfire from xda for systemless root and supersu
@Chainfire from xda for flashfire
@ANyOne from xda or anywhere else who tests it.
Updated op with a new test build it has systemless root patches from chainfires supersu systemless root and roots you when you flash it in odin.
Added stock boot image to op... incase you want to remove root and the tweaks. Its simple to remove the roots and tweaks by just flashing the stock boot image in odin or flashfire.
Ive been testing as i go.. i haven't had any problems with root access it works pretty good and runs smoothly.
Added flashfire and some minor boot image flashing instructions to get back to stock rooted.
Test build #4 is up.. did some changes in default prop in ramdisk.. should make adb root access more smoother when it gets used in a custom recovery...
Update after some tweaking my last tweaks allow you to access the apn menu and edit apns and add apns.. in regular stock boot image its locked down and you cant access it but you can with this boot image.
Now works with adbd insecure app just let it patch chainfires adbd kernel and it lets you bypass the rsa fingerprint so you can run adb shell without having to wait for a custom recovery. Be sure to test adb shell and adb root access.
In the process of testing adb shell and adb root access some more....
After extensive testing for the past 3 hours using every adb command and adb shell command i can find.... the results are they all work...
Snapping screen shots and screen recording works pretty good too..
For the moment use titanium backup pro or app quarantine to disable/freeze the security logs and stop the pop up cause the permissive kernel running permissive instead of enforcing.
App quarantine
https://play.google.com/store/apps/details?id=com.ramdroid.appquarantine
[email protected]:/#
/sbin/adbdsh:
Bravo!!
Sent from my SM-J700F using XDA-Developers mobile app
Modified adbd uses /sbin/adbd : as its terminal shell
Original adbd uses /system/bin/sh as its terminal shell
One of the mods i did if youre curious but due to usb debugging being secure in newer android versions aka the rsa fingerprint having to match both on computer and phone and the fact you cant just reset the rsa key on stock cause it removes the revoke usb debugging authorization to reset the rsa fingkey and key so you dont get the full luxury of this old mod which has been around awhile and is not new... to grant root on stock firmware you need a custom recovery with adb or chainfires adbd insecure app... oh how times have changed in android...
Get Android Image Kitchen and extract it to your PC;
2. Open your_favorite_kernel.zip with 7zip and extract boot.img file to Android Image Kitchen folder;
3. Drag and Drop boot.img over unpackimg.bat. Kernel is unpacked and you will see 2 new folders - ramdisk and split_img;
4. Go to ramdisk folder and open default.prop file with text editor. This probably is not necessary but just in case change ro.secure and ro.adb.secure to 0 (zero):
Code:
ro.secure=0
ro.adb.secure=0
5. Get Chainfire's adbd Insecure v1.30, open it with 7zip, in assets folder you will see 3 .png files. Extract adbd.17.png to ramdisk\sbin folder;
6. Delete original kernel adbd file and rename adbd.17.png to adbd;
7. Go back to Android Image Kitchen folder and run repackimg.bat by just click on it. This will repack the modified kernel to image-new.img file ready for flashing;
8. Rename image-new.img to boot.img and replace the original one in your_favorite_kernel.zip by Drag and Drop in 7zip window;
9. Close 7zip, copy modified your_favorite_kernel.zip to /sdcard and flash it in recovery.
10. Enjoy ADB full root access for /system;
Android Sdk/ Android Studio
https://developer.android.com/studio/index.html
Java for devs and java for consumers
https://www.oracle.com/java/index.html
For development and adb purposes ill just leave this here.. its big enough to have its own thread but it goes with this mod so ill just leave it here..
CoffeeNAndroid said:
One of the mods i did if youre curious but due to usb debugging being secure in newer android versions aka the rsa fingerprint having to match both on computer and phone and the fact you cant just reset the rsa key on stock cause it removes the revoke usb debugging authorization to reset the rsa fingkey and key so you dont get the full luxury of this old mod which has been around awhile and is not new... to grant root on stock firmware you need a custom recovery with adb or chainfires adbd insecure app... oh how times have changed in android...
Get Android Image Kitchen and extract it to your PC;
2. Open your_favorite_kernel.zip with 7zip and extract boot.img file to Android Image Kitchen folder;
3. Drag and Drop boot.img over unpackimg.bat. Kernel is unpacked and you will see 2 new folders - ramdisk and split_img;
4. Go to ramdisk folder and open default.prop file with text editor. This probably is not necessary but just in case change ro.secure and ro.adb.secure to 0 (zero):
Code:
ro.secure=0
ro.adb.secure=0
5. Get Chainfire's adbd Insecure v1.30, open it with 7zip, in assets folder you will see 3 .png files. Extract adbd.17.png to ramdisk\sbin folder;
6. Delete original kernel adbd file and rename adbd.17.png to adbd;
7. Go back to Android Image Kitchen folder and run repackimg.bat by just click on it. This will repack the modified kernel to image-new.img file ready for flashing;
8. Rename image-new.img to boot.img and replace the original one in your_favorite_kernel.zip by Drag and Drop in 7zip window;
9. Close 7zip, copy modified your_favorite_kernel.zip to /sdcard and flash it in recovery.
10. Enjoy ADB full root access for /system;
Click to expand...
Click to collapse
Hello
Thanks for this tutorial !
I remain on the Samsung logo written with "recovery is not enforcing blah"
Yet I do exactly what's in the tutorial. I boot with the SM-J710FN
Could you help me please?
thank you in advance
Hello everyone!
since some time ago I was customizing the ROM of Android 5.0. Everything was in order while I didn't try to change the system files. Obviously after flashing device refuse the normal boot and stacked on boot screen.. The reason was selinux context which I've never applied.
The process is:
1. Mount the ROM as EXT4
2. Add/Change files
3. Change the permissions
4. Unmount and flash...The question is:
How to label and chcon the newly added files with Android's default context in a mounted EXT4 image?
PS: Not sure is the right forum. Please suggest a solution.
Thanks!
dFrem said:
Hello everyone!
since some time ago I was customizing the ROM of Android 5.0. Everything was in order while I didn't try to change the system files. Obviously after flashing device refuse the normal boot and stacked on boot screen.. The reason was selinux context which I've never applied.
The process is:
1. Mount the ROM as EXT4
2. Add/Change files
3. Change the permissions
4. Unmount and flash...
The question is:
How to label and chcon the newly added files with Android's default context in a mounted EXT4 image?
PS: Not sure is the right forum. Please suggest a solution.
Thanks!
Click to expand...
Click to collapse
What do u mean u mounted the ROM ext4? The file system should have been defined upon install. If u changed the file system of your system partition I would assume you wiped you accidently wiped the installed os . Selinux status could affect boot but only if you did something that requires permissive status (a custom kernel is a good ready example of the type of flAsh that would need selinux on permissive). Ok so let's assume u didn't mean ROM . You meAnt system partition and you naturraly mounted that (system) as R/W . What permissions did you set on file . 644 is the correct answer if you were trying to install as system file. Wht was it you flashed? It's probably an easy fix bud . Just need more info
mojoswagger1980 said:
What do u mean u mounted the ROM ext4? The file system should have been defined upon install. If u changed the file system of your system partition I would assume you wiped you accidently wiped the installed os . Selinux status could affect boot but only if you did something that requires permissive status (a custom kernel is a good ready example of the type of flAsh that would need selinux on permissive). Ok so let's assume u didn't mean ROM . You meAnt system partition and you naturraly mounted that (system) as R/W . What permissions did you set on file . 644 is the correct answer if you were trying to install as system file. Wht was it you flashed? It's probably an easy fix bud . Just need more info
Click to expand...
Click to collapse
@mojoswagger1980 Thanks for answering. My bad, of course meaning is to mount "system.img" and not the ROM. Will explain.
The image is mounted, adding busybox into system/xbin, chmod 644, (automatically set owner root:root). As expected ls -Z is showing "?" for system/xbin/busybox...
Not changing anything more, flashing this image. File is not accessible or doesn't exists.
No doubts that if I am doing "chcon ubject_r:system_file:s0 system/xbin/busybox" it says first relabel the file... Relabel says there is no such type, user, etc...
What can I do in this case?
PS: Setting permissive 1 with inject-sepolicy doesn't help. May be I am doing something wrong here. Please suggestions.