Not sure my question in subject is clear, so here's the thing...
I have dual-boot tablet with Android 5.0.1 and Windows 10 installed, and the model is Onda V80 Plus (32GB), if that matters at all.
I'm really having hard time rooting this device using standard methods (even with much of background knowledge and experience), so I was about to take a different route.
I installed Paragon ExtFS windows app which gives me read/write access to /system and /data android partitions (which have ext4 filesystem).
I was wondering if anyone knows if it's possible to gain root access in Android just by copying some files and changing some permissions or whatever from within Windows OS?
Basically, for those not familiar with ExtFS app, I can assign a drive letter to /system and /data partitions, and do whatever I want with them just like with any other drive or volume.
I'm aware that modifying ext4 partitions can render my Android OS unbootable, but I have a backup and would like to try it anyway as this is my last option.
When I look into SuperSU.zip file (which I always flashed through CWM/TWRP recovery to gain root access), I see many files which some lengthy script is copying all around, so I stopped after analyzing about hundred lines of code lol.
I really didn't find any method like this on the internet, so I wonder if that's even possible, and if it is, how would I go about it?
Thanks everyone.
Burs said:
Not sure my question in subject is clear, so here's the thing...
I have dual-boot tablet with Android 5.0.1 and Windows 10 installed, and the model is Onda V80 Plus (32GB), if that matters at all.
I'm really having hard time rooting this device using standard methods (even with much of background knowledge and experience), so I was about to take a different route.
I installed Paragon ExtFS windows app which gives me read/write access to /system and /data android partitions (which have ext4 filesystem).
I was wondering if anyone knows if it's possible to gain root access in Android just by copying some files and changing some permissions or whatever from within Windows OS?
Basically, for those not familiar with ExtFS app, I can assign a drive letter to /system and /data partitions, and do whatever I want with them just like with any other drive or volume.
I'm aware that modifying ext4 partitions can render my Android OS unbootable, but I have a backup and would like to try it anyway as this is my last option.
When I look into SuperSU.zip file (which I always flashed through CWM/TWRP recovery to gain root access), I see many files which some lengthy script is copying all around, so I stopped after analyzing about hundred lines of code lol.
I really didn't find any method like this on the internet, so I wonder if that's even possible, and if it is, how would I go about it?
Thanks everyone.
Click to expand...
Click to collapse
Root needs a custom kernel. Not something you are gonna do with a Windows setup the way you have it. Also you will most likely not find anything as that is most likely not an official version of Android as Google doesn't allow dual booting.
Thanks for a reply. But I don't see what does custom kernel have to do with what I try to achieve? If I could, in my Windows environment, replicate the modifications that script inside SuperSU zip does to /system partition, I should gain root access, right? In theory that is, since I'm aware lots of things can go wrong. I was hoping someone could explain a bit what SuperSU script is doing when run inside custom recovery, so I try to do the same thing. Again, if it's possible, and if it's worth the time spent. But I have time, and I'm always willing to learn something new.
Burs said:
Thanks for a reply. But I don't see what does custom kernel have to do with what I try to achieve? If I could, in my Windows environment, replicate the modifications that script inside SuperSU zip does to /system partition, I should gain root access, right? In theory that is, since I'm aware lots of things can go wrong. I was hoping someone could explain a bit what SuperSU script is doing when run inside custom recovery, so I try to do the same thing. Again, if it's possible, and if it's worth the time spent. But I have time, and I'm always willing to learn something new.
Click to expand...
Click to collapse
what su is doing is pulls the kernel and patches it. root access is defined in the kernel. what itnis doing in system is flashimg just the apk
Ok, I see. So if I ask someone who rooted the same model successfully to send me patched kernel, I could easily flash it in fastboot mode (my bootloader is unlocked). So only thing left to do would be to copy apk inside /system/app, and cross my fingers? I'll post my findings if I manage to do something worth writing about. Thanks.
I have same problem with you. I can't root my Onda V80 plus. I unlock bootloader, flash recovery for my device. Then, i put it into recovery mode and install supersu.zip over recovery. When i reboot this onda, it has stopped in onda logo.
bahuy2003 said:
I have same problem with you. I can't root my Onda V80 plus. I unlock bootloader, flash recovery for my device. Then, i put it into recovery mode and install supersu.zip over recovery. When i reboot this onda, it has stopped in onda logo.
Click to expand...
Click to collapse
I managed to root my Onda few days after my last post, but forgot to post my findings, sorry. I didn't used any of my hacker's skills lol, but I researched a bit more and found out what I was missing. The same issue is with you, so you have to disable verity before flashing recovery by typing in these commands:
Code:
adb root
adb remount
adb disable-verity
adb reboot
After rebooting install supersu.zip, and the next boot won't hang on Onda logo anymore. Hope this helps you.
btw, note that not just any adb version has verity command line switch. You have to download newer adb version!
Thank you! I trie a lots times, but i can't make successfully!
Basic root procedure would be: unlock BL -> disable verity -> flash (temp) recovery -> install SuperSU
Here are the links containing all the files neccessary for rooting Onda V80 Plus: Mega | MediaFire
Note the ReadMe.txt inside archive. It contains list of adb/fastboot commands needed to be executed in order to successfully root the device.
Thank you very much! I download your file and root successfully my Onda V80 plus! It works well for me.
Related
First, you need to be sure you install the sdcard version of the recovery, otherwise you won't be able to do this. (You need to goto this thread to install the sdcard version and follow instructions.
First of all, make sure your drivers are setup properly as this is a windows script to fix everything since you can only fix it from a computer. (I CANNOT EMPHASIZE THAT ENOUGH!)
Then you just download this zip, it check's md5 sum on the image before flashing so no worries, and then it flashes. It will reboot when it's finished.
I am in NO way responsible should anything happen, it was your fault for not checking the app's md5 in the first place so if this works for you, openly admit that you could have been better with handling the app's flashing. <-- Required.
I'm having a seperate thread so I can actively update this with anything that may arise since it would make my app's thread cluttered.
Read the whole thread or enjoy a broken Ntab, it's your choice.
Just wanted to say thanks for the dedication to those of us not smart enough to figure things out on our own.
Sent from my BNTV250 using Tapatalk
is this for those nt cannot use sd card recovery or 8 times boot break to restore the originally rom?
Dumb Question
Total noob question. What do you mean by drivers set up properly? I want to try this, but I do not want to screw up again, and I just want to be totally sure I understand this properly. Thanks.
Benblanko81 said:
Total noob question. What do you mean by drivers set up properly? I want to try this, but I do not want to screw up again, and I just want to be totally sure I understand this properly. Thanks.
Click to expand...
Click to collapse
Means that you must have your nook drivers installed and working, if you ever rooted then you should have your drivers working properly.
~ Veronica
Can't get this to work
I have verified that I have the proper drivers (thanks Veronica). I unzip the fix and run the batch file, but the window closes almost instantly. I am using an XP machine, because of installing the drivers when I rooted. I can not for the life of me figure why it wont run. I am booted into the sd card version of CWM. Do I need to mount it some way or just at the home CWM recovery screen. I have been looking for help without asking and bothering, but can't figure it out. Not a noob but totally confused. Any help would be appreciated. Thanks.
Oops! I managed to set the wrong error levels on it, I meant to do 0 and 1, I instead did 1 and 2. Anyway, uploading now.
Still no go.
I got the batch file to run but it does not finish. It starts the Deamon successfully, and it just stays at Deamon Started Succesfully. It has been there for about 45 minutes. Should I wait or can I kill it and start over. Thanks again.
Kill it reboot your machine and start over
Sent from XDA premium using my Nook Tablet
No Go
Thanks Veronica, but the reboot still does the same thing. I just started the Nook&Zergy and the device shows up so I know the drivers are proper, it just stays stuck in Deamon Started Successfully for the fix. I am out of ideas, I fear I have just bricked my first device. I have doing this since the G1, this is sad.
No no, just do:
adb push cwm_internal.img /sdcard/cwm_internal.img
adb shell
then type:
dd if=/sdcard/cwm_internal.img of=/dev/block/mmcblk0p3
First off great work Indirect. This is exactly what I was hoping that image creator would be used for, just working on other things and got preoccupied. I think you might have to do some explaining though.
One thing to note though is that CWM should not be used for any other then rooting your device. As it stands right now there is no reason to flash it to an internal partition, you will only risk messing something up, as it has no gains.
Overview:In the Nook Tablet world there is a locked bootloader, which requires that there be a Secure Chain from u-boot, to the recovery. With the exploit that bauwks discovered and designed, we are able to flash custom recoveries on to the device. However a recovery must be packed.
Packing Structure:There are two ways that we have been able to go about getting around the boot loader, the internal method requires that we use the second U-Boot, with a 256k buffer and then attache the recovery after the buffer.
(0-m bytes) ------> (m-256k bytes) ------> (256k-n bytes)
Bauwks ntBoot Buffer nemiths CWM
The trick is that that 256kth byte must contain the header for the CWM, and this is vital. If that is lost, or something on Bauwks didnt get flashed right, you will enter a boot loop.
FAQ:
What Is a 'broken recovery' NT?
A broken recovery Nook Tablet is one where either the NT's internal recovery structure was not writen correctly or one where the NT's internal recovery structure is missing bauwks boot.
How can I tell if I have a 'broken recovery'?
Assuming you have not messed with any other partitions if you do either the N + pwr method, or the 8 false boots, you should see it open the BN recovery. If your device constantly turns on and off after one of these two methods, then you have a broken recovery partition.
My Nook just continues to boot into the recovery whats this?
Aha now that is not a 'broken recovery' and is actually quite fixable. In the nook Tablet there are two files that relate to the booting structure, aka the selection of where to boot from. These lie on a partition called bootdata, and are named BCB and BootCnt. If you are running stock on your internal partition, just let the stock recovery run, and it will solve your problem. If you are running CWM, you will have to use the following commands,
Code:
adb shell mount -t vfat /dev/block/mmcblk0p6 /data
adb shell dd if=/dev/zero of=/data/BCB bs=1 count=1088
adb shell dd if=/dev/zero of=/data/BootCnt bs=1 count=1
adb reboot
Aaa this is confusing can't I just put the stock recovery on my NT?
Sure. Hopefully indirect will make a script soon, or I will make one tonight that will put the default recovery img back. If you are feeling lucky you can do the following while on CMW.
NOTE: I AM NOT RESPONSIBLE FOR ANY DAMAGES YOU CAUSE TO YOUR DEVICE. One false move and you will brick your device. HIGHLY UNRECOMMENDED
Code:
adb push recovery.img /data (this is the recovery from the 1.4.0 or 1.4.1 update zip)
adb dd if=/data/recovery.img /dev/block/mmcblk0p3 (THIS LINE IS [COLOR="Red"]EXTREMELY DANGEROUS[/COLOR]. It should only be done as a last resort, and you should only do it if you are willing to take full responsibility.)
Dead End.
I am going to start from the beginning. I flashed CWM using this app and the hit reboot into recovery from the app as well. Went to the cardboard box. I can reboot into CWM using the sd card method but can get no further. I have been trying the fix for two days and cant get it to work. Indirect gave me some ADB commands but I cant get ADB to work either. I have been on this for 2 days and cannot get it going. I really do not know what else to do. I am not a Noob and i know I have the proper drivers, the fix gets stuck though, and with the tablet in CWM from the sd card I just cant get ADB to work. I do not know if maybe because of usb debugging not being checked off, but again I can not boot up to Android, just to recovery from sd card. If I take out the sd card with CWM it boots to the cardboard box, then to black screen, and there it stays. I checked the thread for the app and people are still having this problem. I really do not know what to do. I have followed every instruction I have found or has been given to me, to the t, nothing.
UPDATE - I deleted the sdk and everything that had to do with Android from my pc. Reinstalled drivers using the method in the root thread that is pinned. I ran NOOK&ZURGY just to see my device appear in list of adb devices, which it did. It gave me my serial and it said recovery. I then redownloaded the sdk and did not download the Drivers from SDK manager. I am not sure but that seems to be the key here, to get rid of google drivers that can be downloaded from SDK manager. I then opened a command prompt, adb devices and bam there it was. I used the commands posted by LogLud above my post under "My nook just continues to boot into the recovery, what is this?". ADB Reboot and ****ing worked. THANKS TO INDIRECT, LOGLUD, and LAVERO.BURGOS. Your patience and help is greatly appreciated. I have never really asked for this much help before on XDA, and you guys were on the money, Thank You, Thank You, Thank You. Please PM me so that I can get you guys and girls beers. I will try to figure out how on my own anyways, but you guys deserve a contribution for taking the time out of your day to help me and others. Anyone with this issue and is having problems fixing, please post here or shoot me a PM and I will gladly give you all I can. Thank you again to all and happy flashing.
Benblanko81 said:
I am going to start from the beginning. I flashed CWM using this app and the hit reboot into recovery from the app as well. Went to the cardboard box. I can reboot into CWM using the sd card method but can get no further. I have been trying the fix for two days and cant get it to work. Indirect gave me some ADB commands but I cant get ADB to work either. I have been on this for 2 days and cannot get it going. I really do not know what else to do. I am not a Noob and i know I have the proper drivers, the fix gets stuck though, and with the tablet in CWM from the sd card I just cant get ADB to work. I do not know if maybe because of usb debugging not being checked off, but again I can not boot up to Android, just to recovery from sd card. If I take out the sd card with CWM it boots to the cardboard box, then to black screen, and there it stays. I checked the thread for the app and people are still having this problem. I really do not know what to do. I have followed every instruction I have found or has been given to me, to the t, nothing.
UPDATE - I deleted the sdk and everything that had to do with Android from my pc. Reinstalled drivers using the method in the root thread that is pinned. I ran NOOK&ZURGY just to see my device appear in list of adb devices, which it did. It gave me my serial and it said recovery. I then redownloaded the sdk and did not download the Drivers from SDK manager. I am not sure but that seems to be the key here, to get rid of google drivers that can be downloaded from SDK manager. I then opened a command prompt, adb devices and bam there it was. I used the commands posted by LogLud above my post under "My nook just continues to boot into the recovery, what is this?". ADB Reboot and ****ing worked. THANKS TO INDIRECT, LOGLUD, and LAVERO.BURGOS. Your patience and help is greatly appreciated. I have never really asked for this much help before on XDA, and you guys were on the money, Thank You, Thank You, Thank You. Please PM me so that I can get you guys and girls beers. I will try to figure out how on my own anyways, but you guys deserve a contribution for taking the time out of your day to help me and others. Anyone with this issue and is having problems fixing, please post here or shoot me a PM and I will gladly give you all I can. Thank you again to all and happy flashing.
Click to expand...
Click to collapse
Oh well you should had started your first post by saying im using SDK and you will have it fixed faster. SDK is not needed in windows, leave that for devs all the necessary stuff that you needed to root is provided in indirects permanent root thread including drivers.
Glad it worked!
~ Veronica
Please help
I used Indirects app to install CWM, it seemed to work fine, but when I tried to boot into CWM it flashes the picture of the box, then shuts off. I tried using this method to fix it, but the same thing happens.
What am I doing wrong? Please help. I'd hate to have bricked my nook.
lehite said:
I used Indirects app to install CWM, it seemed to work fine, but when I tried to boot into CWM it flashes the picture of the box, then shuts off. I tried using this method to fix it, but the same thing happens.
What am I doing wrong? Please help. I'd hate to have bricked my nook.
Click to expand...
Click to collapse
Did you try the method posted in this thread? you don't mention that , also can you boot normal if you let it or you cant? provide more info.
~ Veronica
lavero.burgos said:
Did you try the method posted in this thread? you don't mention that , also can you boot normal if you let it or you cant? provide more info.
~ Veronica
Click to expand...
Click to collapse
Sorry if I was not clear. Here is the entire process:
1. I have a rooted Nook Tablet.
2. I installed Indirect's One Click App to install CWM
3. I used that app to install CWM.
4. I attempted to boot into CWM, but it flashes the box and then shuts off
5. I came to this thread and began following the instructions to fix it, but the fist set of instructions "First, you need to be sure you install the sdcard version of the recovery, otherwise you won't be able to do this.(You need to goto this thread to install the sdcard version and follow instructions.)
6. I followed those instructions, but I still get the box image then shut down.
7. I can't boot normally or into CWM.
Let me know if you need any other information and I greatly appreciate your help.
What I really need to know is how to create the CWM sdcard on a mac. i.e. I don't have a linux machine with gparted and I can't figure out how to get something like Disk Utility to enable boot and lda flags.
Thanks!
bootable sd card with osx
Lehite, I was having the same problem, i.e. disk utility in osx couldn't do the job for me. I ended up using this method.
Download the “size agnostic” CM7 SD card installer image (v1.3 in my case), then write it to your microSD following the instructions on the before mentioned page. The writing takes a little bit without terminal telling you the progress, after 1-2 minutes it should be done.
After succesfully writing the image to your SD card copy the files from Goncezilla's SD Boot thread (here) to your SD card overwriting files if necessary and follow his further instructions.
On a reboot with the boot SD inside your nook you should get to the CWM menu after seeing the cardboard box. good luck!
I myself am also stuck at the black screen after the box and need to figure out how to get the ADB working on osx to be able to do Loglud's commands...
UPDATE: to get ADB working on osx I used this method. Since I'm not a developer I didn't download the whole SDK package from google but rather just the ADB tools from here.
I then connected the Nook to the mac while in CWM, checked if it was properly recognized but typing adb devices, and applied Loglud's adb commands. BAM! worked! Am back in android Many thanks to all for directions, especially Loglud.
Now a question to Indirect, I downloaded your package just today, while using it it verified the MD5 positively and continued flashing. Why did I get the black screen, and not the CWM?
cheers
Hi
I've done a bit of searching but can't find anything too specific to what I'm trying to do. Basically we have 10 Android tablets, and I want to make them all standardised e.g. have the same Apps on, configured in the same way (e.g. enterprise wireless network added).
Now the thing is if anyone messes around with them I want a really easy way to restore them to the original config which I've done.
One way I thought was to configure one fully, install Titanium Backup on it, do a full backup of apps/system data etc, and put the backup onto an SD card. Then I already have the base ROM on an SD card so if theres any problems, I can just flash the ROM over it again, install TB, and restore all the data. Would this be suitable to do to duplicate the data onto 10 tablets, and also restore the data if required?
The other thing I looked into was customising a ROM myself, don't want to do anything too tricky it'll just be a case of removing all the preinstalled crap I don't want, preloading the Apps we do want, and if possible preloading the wireless key and getting rid of the first boot initial set up wizard.
PS I've looked at installing CWM and doing whole image backups, but supposedly the tablet isnt supported (its an Ainol Novo 7 Elf 2)
Any advice would be great, hopefully theres some fairly straight forward way of managing this
Thanks
One of the reasons I integrated a full blown GNU/Linux on my devices, was the need to run full and automated backups. If you are looking into the possibility making a custom ROM, this might be a solution for you as well. I'm using BackuPC to run backups nightly, backing them up as any other GNU/Linux machine (using tar over ssh).
See the link in my signature for more information about this.
kuisma said:
One of the reasons I integrated a full blown GNU/Linux on my devices, was the need to run full and automated backups. If you are looking into the possibility making a custom ROM, this might be a solution for you as well. I'm using BackuPC to run backups nightly, backing them up as any other GNU/Linux machine (using tar over ssh).
See the link in my signature for more information about this.
Click to expand...
Click to collapse
Hi
Thanks for the reply, not too sure this would be the right option for us. I don't really need to take nightly backups, I just need to make a backup of a preconfigured image, and then put that image onto 10 other devices. Then I want to keep the original backup and have an easy way to restore it onto any devices which have been messed up. Sort of like image cloning for PCs, I want to prepare a base image, and then flash it over all the devices.
fro5tie said:
Hi
Thanks for the reply, not too sure this would be the right option for us. I don't really need to take nightly backups, I just need to make a backup of a preconfigured image, and then put that image onto 10 other devices. Then I want to keep the original backup and have an easy way to restore it onto any devices which have been messed up. Sort of like image cloning for PCs, I want to prepare a base image, and then flash it over all the devices.
Click to expand...
Click to collapse
Ok, I see. Compile the image to you likings (boot image and system partition), and then flash it using fastboot onto you devices.
Hi
Does anyone have any more thoughts on this?
I have experimented with Titanium Backup and this seems to work quite well. I have installed a ROM, and customised it e.g. installed the apps I need and configured the apps, wireless settings and home screens etc. Then I do a full apps + system backup in TB to my SD card.
Then the plan is, I can reflash the ROM onto the other device, install TB and then restore this backup. This saves my user state and wireless settings etc.
Only problems is when I flash the ROM, I have to go through all the initial set up again and also remove some preinstalled apps which I dont want. Any ways around this?
There must be something I'm missing. Why don't you install the device, walk through the setup, remove the bloatware you don't want and then dumps the disk partitions into images you flash the other devices with using fastboot? This way you'll get'em cloned, isn't it this you want..?
Of course there's still some tinkering needed once restored/cloned, such as giving them individual Google accounts etc, but you can easily fix this without re-running the setup wizard.
kuisma said:
There must be something I'm missing. Why don't you install the device, walk through the setup, remove the bloatware you don't want and then dumps the disk partitions into images you flash the other devices with using fastboot? This way you'll get'em cloned, isn't it this you want..?
Of course there's still some tinkering needed once restored/cloned, such as giving them individual Google accounts etc, but you can easily fix this without re-running the setup wizard.
Click to expand...
Click to collapse
Hi
Yes that's what I want to do! How would I go about dumping the disk into an image and then flashing?
fro5tie said:
Hi
Yes that's what I want to do! How would I go about dumping the disk into an image and then flashing?
Click to expand...
Click to collapse
There are several methods. Some boot loaders (such as nvflash for tegra based devices) can actually read back the disk partitions to a computer via the USB port. You can also on the tablet read the raw mtd device with busybox/dd. I assume you've unlocked the bootloader and gain root access to the device, since this is a requirement for flashing them as well. A third alternative is using busybox/tar, and then recreate the filesystem image using mkyaffs (or if ext3/ext4 even easier, just loopback mount an image on you linux maching to unpack the tar archive to). Once you got the images (system and userdata partitions), you flash the devices with "fastboot flash system system.img" and "fastboot flash userdata data.img". I don't believe you'll need to tamper with the other partitions.
kuisma said:
There are several methods. Some boot loaders (such as nvflash for tegra based devices) can actually read back the disk partitions to a computer via the USB port. You can also on the tablet read the raw mtd device with busybox/dd. I assume you've unlocked the bootloader and gain root access to the device, since this is a requirement for flashing them as well. A third alternative is using busybox/tar, and then recreate the filesystem image using mkyaffs (or if ext3/ext4 even easier, just loopback mount an image on you linux maching to unpack the tar archive to). Once you got the images (system and userdata partitions), you flash the devices with "fastboot flash system system.img" and "fastboot flash userdata data.img". I don't believe you'll need to tamper with the other partitions.
Click to expand...
Click to collapse
Hi
Thanks for the quick reply, much appreciated.
Unfortunately you've lost me a bit here!
Yes the device is rooted, I dont have a linux machine though.
Any chance you'd be able to provide some more specific instructions? The device is a chinese tablet from manufacturer Ainol, the model is a Novo 7 Elf 2. Unfortunately there isn't much discussion on these online so specific help is hard to find!
fro5tie said:
Any chance you'd be able to provide some more specific instructions? The device is a chinese tablet from manufacturer Ainol, the model is a Novo 7 Elf 2. Unfortunately there isn't much discussion on these online so specific help is hard to find!
Click to expand...
Click to collapse
I can provide you specific answers to specific questions, but I have no experience of the tablet in question, so you'll have to do some digging yourself first. Make sure it supports fastboot, investigate what the proprietary bootloader is capable of, see how/if you can obtain an original image etc.
One maybe easier solution, especially if you plan to restore the tablets on a regular basis, is to only make a new boot image to reflash the devices with. The only modification done is that you change the /init.rc script to mount /data and /system from the SDcard instead of from the internal nand disk device.
Once this is done, you'll power up and run the installation wizard and everything on your master tablet. Then power it down, and clone the SDcard. This SDcard now contains everything, so you'll simply restore a device by replacing its SDcard with a copy of this master card. I guess it's easier to clone a SDcard than reflashing several internal partitions. Easier to make the master as well - you don't need to dd or tar them, they are already in "image" format. If you can get hold of the original firmware, this should be quite easy without the need to preserving data from the device itself.
fro5tie said:
Any chance you'd be able to provide some more specific instructions?
Click to expand...
Click to collapse
Issue the commands "cat /proc/mtd" and "mount" on your device at command prompt (e.g. via "adb shell" or the "ConnectBot" terminal app). This shows you if the device allows you to copy the boot image from it. Paste in the output into this thread. If you believe the "clone the tablet via the SDcard" is a good solution for you, the process is in short terms something as below;
Copy the boot image to the sdcard:
# dd if=/dev/mtd/mtd2ro of=/mnt/sdcard/boot.img bs=2048 (device dependent of contents of /proc/mtd)
Remove the sdcard, insert into a computer, split the boot image info kernel + initramfs. Read http://android-dls.com/wiki/index.php?title=HOWTO:_Unpack%2C_Edit%2C_and_Re-Pack_Boot_Images for instructions about how to work with the boot.img file. I really recommend a GNU/Linux environment for this.
Then edit /init.rc replacing the "mount yaffs2 [email protected] /system" with "mount ext3 /dev/block/mmcblk0p2 /system" for system and data (use p3 for data partition, the device name may be different on your tablet, see mount output).
Create an SDcard with three partitions: #1 vfat (standard), #2 and #3 ext3. Insert into you device and boot it up again.
# mount -t ext3 /dev/block/mmcblk0p2 /root
# cd /system
# tar cf - . | (cd /root ; tar xf - )
# umount /root
# mount -t ext3 /dev/block/mmcblk0p3 /root
# cd /data
# tar cf - . | (cd /root ; tar xf - )
# umount /root
This copies your partitions to the SDcard. Shutdown the tablet again.
Make a new boot.img using the instructions in the link above, using the edited init.rc script.
Now you can non-destrutive give this a try.
Place you tablet in fastboot mode (often vol-up (or vol-down) during power on).
$ fastboot devices
This vill verify the tablet is in fastboot mode. It should be listed. Then:
$ fastboot boot boot.img
Note here, only BOOT the tablet, do NOT use the "flash" keyword. This in case of the image isn't working, you'll just have to restart you tablet, and no harm's done.
Look around. Do a "mount" command. Everything works? Mount shows /data and /system from sdcard? Perfect. Now you can reflash it. Shutdown and flash:
$ fastboot flash boot boot.img
Now the device will use /data and /system from the SDcard every time. Customize your device, and then clone your SDcard and try it in tablet #2 you'll booting with your new boot.img and the cloned SDcard. Verify that #tablet #2 is a perfect clone of tablet #1. It is? Now you can flash the boot,img into all your tablets.
--------------------
But don't forget, there may be other solutions as well, maybe more suitable. This you'll have to investigate yourself.
And the usual disclaimer - you can probably not follow above by the letter. There sure is some obstacle you'll have to overcome, something non-standard, etc.
Also keep the original boot.img file for safekeeping in the case you want to restore the device's boot image some day.
Wow! Thanks for the info! This is really helpful, I need to set aside a bit of time to work through this and have a look. Thanks again its really appreciated, I'll be back with info once I've had chance to give it a go!
I certainly can't offer more detailed info than the fellow from Sweden who seems to really know his stuff...but what about making a nandroid backup of your fully configured reference tablet (I'm assuming all tablets are rooted). Ensure all your tabs have CWM recovery and copy your nandroid file to each one.
If any of your fleet get 'corrupted' you can simply restore the original, fully configured ROM.
In fact that sounds too obvious..likely I missed something about your scenario which precludes this option from consideration!
Good luck mate.
tweeny80 said:
I certainly can't offer more detailed info than the fellow from Sweden who seems to really know his stuff...but what about making a nandroid backup of your fully configured reference tablet (I'm assuming all tablets are rooted). Ensure all your tabs have CWM recovery and copy your nandroid file to each one.
If any of your fleet get 'corrupted' you can simply restore the original, fully configured ROM.
In fact that sounds too obvious..likely I missed something about your scenario which precludes this option from consideration!
Good luck mate.
Click to expand...
Click to collapse
Hi
Yes that was my first thought as well, tablets are rooted yes but there is no CWM for the tablet. Its an obscure Chinese branded tablet.
Unless there is another way to do nandroid backups?
hmm tricky situation. Catch 22 ! From what I know, your best bet is to backup all possible things through Titanium Backup given that you don't have the use of Nandroid backups. You can include wifi settings, messages etc but it's modular & not systemic.
I did a quick google search with no luck - time to upgrade your fleet dude :-0
Best of luck.
Hello Fire users
I am not really a newbie but until today I have worked only with Samsung devices.
My daughter got an Fire HD 6 in the christmas days and we started to play around and we have done all updates up to 5.3.1.1. But it's not running perfectly for my wishes. I have read thats it's possible to root the tablet incl. TWRP, xposed framework and go with this up to 5.3.1.1 but it's hard to read out what I have exactly to do because there are many warnings when to do something and when not.
Could you please help what to do exactly? ADB is running and phone is recognizing on Mac and Windows...
Thanks for your help ?
cuki3r3k83bln said:
Hello Fire users
I am not really a newbie but until today I have worked only with Samsung devices.
My daughter got an Fire HD 6 in the christmas days and we started to play around and we have done all updates up to 5.3.1.1. But it's not running perfectly for my wishes. I have read thats it's possible to root the tablet incl. TWRP, xposed framework and go with this up to 5.3.1.1 but it's hard to read out what I have exactly to do because there are many warnings when to do something and when not.
Could you please help what to do exactly? ADB is running and phone is recognizing on Mac and Windows...
Thanks for your help
Click to expand...
Click to collapse
From latest news, OS 5.3.1 can't be rooted(directly). You'll need to downgrade to 4.5.3, root, and go back to 5.3.1 as explained here
If you want to feel android experience, you can either install custom launcher and Play Store from here or just totally install Cyanogenmod 11 from here
Killa8 said:
From latest news, OS 5.3.1 can't be rooted(directly). You'll need to downgrade to 4.5.3, root, and go back to 5.3.1 as explained here
If you want to feel android experience, you can either install custom launcher and Play Store from here or just totally install Cyanogenmod 11 from here
Click to expand...
Click to collapse
@Killa8, as I mentioned HERE in more detail, the procedure for downgrading to 4.5.3 doesn't appear to be explained in the linked tutorial. Any help would be greatly appreciated! I'm trying to root and install CM on my daughter's tablets as they find Android to be far more intuitive than FireOS. Many thanks!!!
Downgrade to 4.5.3 and root as seen here (skip step 1): https://forum.xda-developers.com/fire-hd/general/how-to-downgrade-to-4-5-3-root-device-t3139351
Jump down to the 2nd post here: https://forum.xda-developers.com/fire-hd/general/how-to-upgrade-to-lollipop-root-gapps-t3163950 and install TWRP on your device.
Then go to post 1 where it says "1) boot into TWRP, and, in a single session (!!!!!)" and follow the directions. MAKE SURE YOU USE THE RIGHT BOOTLOADERS!!
Enjoy rooted FireOS 5.3.1
RadRacer said:
Downgrade to 4.5.3 and root as seen here (skip step 1): https://forum.xda-developers.com/fire-hd/general/how-to-downgrade-to-4-5-3-root-device-t3139351
Jump down to the 2nd post here: https://forum.xda-developers.com/fire-hd/general/how-to-upgrade-to-lollipop-root-gapps-t3163950 and install TWRP on your device.
Then go to post 1 where it says "1) boot into TWRP, and, in a single session (!!!!!)" and follow the directions. MAKE SURE YOU USE THE RIGHT BOOTLOADERS!!
Enjoy rooted FireOS 5.3.1
Click to expand...
Click to collapse
Thank you for this! I was having the same issue as the OP and this solved it.:good:
geoyou said:
Thank you for this! I was having the same issue as the OP and this solved it.:good:
Click to expand...
Click to collapse
Can you tell me how you installed TWRP? the 2nd post of the page is confusing to me.
NVM i found a video tutorial
I've seen too many threads mentioning 5.3.1 and implying that 5.3.1.1 is the same.
Even if that is the case, all the tutorials I have read left me scratching my head at various points. So here is a walkthrough of what I just went through to root my Kindle fire HD 6
It's now running 5.3.1.0 and will stay there for the time being (unless I can get solid answers on 5.3.1.1).
I started with this tutorial thread but I found it easy to make mistakes and I ended up bricking my device (fortunately the unbrick iso is very good and the tutorial video is excellent).
So here is my procedure. Doing this on Windows is probably less involved thanks to the bat file in one of the steps.
Start by getting the stuff you will need together.
You will need ROMs from here.
Specifically, the 4.5.3 and 5.3.1.0 ROMs.
The 4.5.3 file name is update-kindle-20.4.5.3_user_453011120.bin
The 5.3.1.0 file name is update-kindle-20.5.5.2_user_552153420.bin
Note: The version number on that second file makes no sense to me, and I made a mistake trying to flash the wrong one in TWRP. Here is the correct name for reference. You might change the file names to reflect the version number.
Go ahead and change the extension of the 5.3.1.0 bin file to zip instead. TWRP will need it this way.
Download the stock recovery image. There is a link at the bottom of the second post in the tutorial thread I linked above. Or you can just click here.
Grab the WindowsAutoTWRP_v03.zip from the tutorial thread (or click here).
It has the Windows ADB executable and drivers in it so it will save you some hassle on a Windows machine.
For Macs, I found a video from RootJunkie.com that linked to tools at http://rootjunkysdl.com/files/?dir=Adb%20Fastboot%20Files. I was able to do everything from my Mac with these.
As a side note, the video I found these on was https://www.youtube.com/watch?v=iv0VcNM8IAw, but it's not important to watch.
It will help to gather zips and APK files you will need right now as well.
Get a copy of ES file explorer, Kingroot (I used the APK, but if you have a windows system, it might be easier to use the Windows version instead), and an android launcher of some sort.
For additional images, you will need the following:
From the tutorial thread: make_space_v02.zip
Supersu.zip linked at https://download.chainfire.eu/696/SuperSU/UPDATE-SuperSU-v2.46.zip
Xposed which if you follow the link from the tutorial through the forum thread should lead you here: http://dl-xda.xposed.info/framework/sdk22/arm/. I grabbed xposed-v87-sdk22-arm.zip
flash Pico (Uni) GAPPS for 5.1 which again, if you follow all the links, will take you here: https://basketbuild.com/filedl/devs?dev=osm0sis&dl=osm0sis/gapps/tk_gapps-modular-pico%28uni%29-5.1.1-20150920-signed.zip.
Make sure you have all the files gathered in one place, it's really helpful.
If you are using a Mac, you will also need Android File Transfer at https://www.android.com/filetransfer/.
Something optional that might help is a USB OTG cable or one of those USB drives that support USB OTG with its own micro USB connector. It's not necessary but it might help if you need to get files to your tablet in TWRP.
At this point, I'm going to go into Mac instruction mode. If you know that the Windows command prompt is sort of like the terminal application on OS X, that you don't use ./ path specifies on windows, etc, you should be able to come up with some
Once you have everything in place, shut down your Kindle Fire 6.
On your computer, open a terminal window and get to where you unzipped your ADB tools.
The simple way is to type cd followed by a space then drag the folder with your tools from finder to the terminal widow so you get something like cd /users/me/abd
The actual path will be dependent on your system.
This terminal window should remain open for the entire process. It will make life easier.
Hold volume up and turn the Kindle Fire on. You should enter recovery.
Back at your computer type ./adb devices
Your kindle should show up there. When it does, go back to your tablet and select "apply update from ADB".
Then, from the terminal, enter ./adb sideload 4.5.3 file name is update-kindle-20.4.5.3_user_453011120.bin
If you just type ./adb sideload then drag the file into the terminal window, it will fill the name and path out for you.
Note that this all seems kind of like the video I linked above but we are downgrading to 4.3.5 instead as the tutorial thread says we should.
Once that's done, you end up back at the recovery screen. I went ahead and did a wipe data/factory reset. I don't know if this is necessary though.
When you get into 4.5.3, you need to shut down wifi if you are not prompted through new device setup.
If you are prompted, just skip it.
You may need to enable debugging. Go to setting, device options, find the serial number field and tap it 7 times.
Open the now revealed developer console and toggle "enable ADB" so it's on.
Install the APKs you downloaded earlier.
Use ./adb install <name of ES file explorer apk>
If you're on Windows, you can go ahead and run the Windows root util.
If you are on a Mac, install the Kingroot APK using the ./adb install command.
If you go the APK route, Kingroot requires a wifi connection. This will expose you to Amazon's OTA updates. You will need to watch your Kindle carefully at this point.
The download with probably download but as long as you don't let it sleep, it should not reboot and install.
Kingroot may take a couple of tries to get root.
As soon as it does, turn off wifi!
After that, open ES file explorer, give it root permissions, then navigate to the root folder, then to cache. Look for a bin file there. If there is nothing, you didn't get the OTA update pushed to you. If you did, delete it. See post 5 in this thread: https://forum.xda-developers.com/kindle-fire-hdx/help/deleting-downloaded-update-t3100573
To prevent any OTA relapses until we can go further, use ES file explorer to rename /system/etc/security/otacerts.zip. I replaces the first o and last p with _ characters.
It should be safe to turn on wifi at this point.
If you deleted a bin file in /cache, you aren't out of the woods yet. The Kindle could still reboot on you and it will give you the red ! but I found booting into recovery then just rebooting the Kindle caused it to work itself out after a couple tries.
We should be good to go for TWRP at this point.
In the terminal type ./adb shell
When the shell opens type su
Grant the shell permissions on the Kindle
Type exit twice.
On a Mac, we cannot run the bat file included in the WindowsAutoTWRP_v03.zip file.
But here are the commands to enter manually:
./adb devices
./adb install gscript-android.apk
./adb shell "mkdir /sdcard/gscript"
./adb push gscript /sdcard/gscript/
./adb shell "cp /sdcard/gscript/flash_453_stay.sh /data/local/tmp/"
./adb shell "ls /data/local/tmp/"
./adb shell "su -c 'chmod 777 /data/local/tmp/flash_453_stay.sh'"
./adb shell "su -c 'sh /data/local/tmp/flash_453_stay.sh'"
Once complete open ES file explorer again
DELETE sdcard/gscripts/s5.4.1_113_stock_recovery_uboot.zip!!!!!!!
It's too easy to mistakenly flash this in TWRP and it WILL brick your kindle.
We will now copy those zip files we downloaded earlier onto the Kindle.
I used the Android file transfer unity to put them in the scripts folder but copying them to Downloads on the Kindle might be easier.
If you are a command line type of person, you can also use the adb push command.
You want to copy over the following:
The 5.3.1.0 file name is update-kindle-20.5.5.2_user_552153420.bin
5.5.2_1534_stock_recovery_uboot.zip
UPDATE-SuperSU-v2.46.zip (or whatever the current version you downloaded is)
make_space_v02.zip
xposed-v87-sdk22-arm.zip (or whatever the version you downloaded is. The version could have changed after I wrote this.)
tk_gapps-modular-pico(uni)-5.1.1-20150920-signed.zip (again, based on what version was available when you downloaded it)
It might be a good time to sideload that extra launcher you downloaded earlier. I didn't need it, but you might.
Again the command is ./adb install <apk file name>
In the terminal, type ./adb reboot recovery.
You *should* end up in TWRP.
These next steps are important to do in one go. Don't exit TWRP until you have installed all the zip files you copied over.
The order in the tutorial thread is the 5.3.1.0 system image, the recovery image, the make_space zip, the Supersu zip, the xposed zip, and the tk_gapps-modular-pico(uni)... zip.
Do all this from the Install menu in TWRP. I did not try to queue up all the zip files at once, I don't know if that would work.
If you forgot to copy a file, TWRP should allow you to copy files via a USB cable to your tablet.
If you do this on a Mac and Android file transfer craps out on you as it did with me, that is where the USB OTG cable comes in handy. But lets hope you copied everything or that the USB connection doesn't crap out on you.
Select the wipe menu, then advanced wipe. Check the cache and dalvik cache. Once done use the back arrow and swath the "swipe to factory reset" slider.
If you are brave, you can just reset and wait through the fire logo.
If you are trying to follow along with the tutorial I linked, reboot while holding volume up to see what recovery you land in. If it's not TWRP, proceed.
When you finally get to Android, you can use ES file explorer as one way to check for root privileges. I'm sure there are others.
I'm no expert, but if you run not problems with the Kindle Fire HD 6 (4th gen) and you started with 5.3.1.1, I can tell you some of the pitfalls I ran into and how I got out of them.
Excellent guide, thanks elementcarbon12!
I'm a total new comer to rooting and getting my hands dirty with android (although I am a long time linux user), and i made it work, and now have a fire hd 6 that I can sort the way I want it!
I did encounter a few problems though, first, I did not do a factory reset /data wipe after the downgrade and ended up in a boot loop. This was easily sorted by using the "adb reboot recovery" command, doing the data wipe/reset and then holding down power for 20 sec.
Everything was smooth sailing again until the reboot out of TWRP after installing the ZIP files. I did the wimps reboot to recovery to make sure I didn't get TWRP, which I didn't, so rebooted to get into android, however I entered a boot loop again. This time a simple hold the power for 20 sec and then turn on worked and the system started it's 'optimization'.
Upon completion, i still had root, although ES and my chosen launcher had gone, so had to reinstall them. No problems there though.
So thank you very much for collection all of the information and links from other pages into this one easy to follow post!
hi guys i have a question I'm on cm11 on fire hd 6 i also have a android backup of 4.5.3 my question is I'm note sure what boot loader i have at one point it did have 5xxx on it but not sure what version can i just side load 5.4.0 and be okay since the stock rom was put back to 4.5.3 thats how i installed cm11 or does it need boot loader from a 5xxx rom
Goodday,
I have been looking into rooting my android device for over a week now and was still not able to find how it can be done for an unidentified tablet.
I have an Allwinner T8 tablet (headunit) that runs oreo 8.1.0, theres no info availlable on this unit whatsoever, all i have is a detailled system information gathered by root checker, i can post the detaills if its required.
I've managed to make a full backup of my device using the adb backup command incase something goes wrong it can be reverted easily.
No custom recovery option availlable to flash.
Is it possible to root my device using the supersu zip without a custom recovery for example with adb using the command "adb flash"?
The most usefull guide for my situation i have come across is the magisk manager installation guide: ht tps://forum.xda-developers.com/apps/magisk/official-magisk-v7-universal-systemless-t3473445
This method requires me to have the stock boot image from my device, seeing i don't have root and cant just copy that file, where exactly can i find this file(whats the path to it)?
Is it possible to use adb command "adb root; adb pull ... " to retrieve this file? If not how can i get my hands on this file?
Please help me, i have spend many houres searching google and watching videos but all of wich are the easy methods that don't work for my tablet or require root or a custom recovery wich i cant install... pretty frustrating...
I think magisk manager is the only correct way to go for my problem
Also, if i remount my system or root with read&write rights using adb shell, is that the same as rooting my device?
if i can read and write into the system directory on my device then i should be set.
So what exactly is the diffrence between rooting my device and remounting my device/system as read/write?
anyone??
Ok, I get that boot-debug has been around for years... since android 10 for me, before that, it was variant=user, or variant=eng(ineer).
Strange how after I show boot-debug.img, magisk chooses this very path, but only after. Keeping in mind many people come here asking questions, and all those that know sit back and say nothing. Until they dont like what they see.
If you know better, and cant help, please keep your comments to yourself. This thread is intended to HELP, and is targetted toward those who CHOOSE to HELP because they CAN.
How I got su to work. Is this root? Now this is a good question. I dont want ANY overlaid system in my fone. I want to write to system like many others want to.
Not some google way of forcing us to use their mirrored online version of a locked filesystem already on my f'n.
Priority 1: I want to root my f'n without internet. Period. I do NOT want magisk using my credit. This proves we pay for magisk. I sometimes live so far from the world wide web, that offline is the only way to work. So I need to be able to root without google or THEIR employees offerings.
Priority 2: RW-able system.
So, I discover boot-debug.img for my f'n. Had it for a year, before I discovered it. Yeah, I discovered it after a year here asking, and getting NO replies that worked. Only after I'm vindicated to the naysayers 'thats been around forever...' yeah, try helping instead of useless comments.
In the end, I learned so much in such a short time. Constructive critiscism is NOT insulting. Magisk kills root in MY f'n. PERIOD. Camera does not work, location does not work, and I cant make/receive calls. But hey, it's an overlaid file system, of course it wont ALL work, I mean, I'd expect to lose a lil functionality, but disabling the GSI ability in dev options? I dont think so.. Worse, lack of adb or fastboot is produced in my f'n when using magisk, so tata magisk.
My logs actually explain all, so no more crappy adb logs. Yeah, I like simple adb, it works, or I'll MAKE it work.
Like this:
Attempt every possible method of flashing magisk according to tut's, nada. 3 different paths lead me to...?
1: The note9 recovery I found, that lopstom was kind enough to twrp for me (well appreciated) is the KEY to gaining root on my ulefone armor x5 mt6765. It turns out that the note9 recovery is actually an android 9 os, with a 'super' .img - and being android 9, the bootloader I used is an OLD bootloader, in particular, the variant=eng type. Note this, this is key.
2: With the note9 flashed to recovery I can RW system in android 10 properly, but only in twrp.
3: Discover boot-debug.img - yup, it's not quite a variant=eng build, but it does work for the following:
Flash boot-debug.img. By doing so, you get the adb root command, and the disable-verity options, way better than wiping vbmeta, which contains the 'is it rw, or ro' of every file in every partition to be mounted in their own partitions, but what most dont know, is each file mounted in it's own mountpoint also has the information contained by vbmeta, but for each seperate file. So unless you add the /null (one for system, the other for vendor) after the disable-verity...
Nah, wipe most of your directory structure, then wonder why in a RW-able system, it still dont work. Because each file in it's own mountpoint knows if the system directory SHOULD be ro or rw. That's EACH and EVERY stock file in it's OWN mountpoint, has the RW or RO inf for the system & vendor directory, ie, is system RW?
Example: Camera wont work, get it?
In the end, this is how I went about installing su.
Flashed boot-debug.img did NOT flash recovery. Flashed meefik busybox-arm64 to f'n, but did NOT install it, instead, I opened it to install it, top left, saved the busybox-arm64 and then flashed twrp, and while there, flashed the system_rw, to defeat the system_RW saying not enough space, I chose 1024, did the copy over of super_fixed, then rebooted, enabled system, THEN flashed the busybox-arm64 from twrp, and rebooted.
Results: I copied the busybox-arm64 su, from xbin to system. In order to defeat the system_RW saying not enough space, I chose 1024. Round numbers matter with system_RW, same senario as memory, so use sizes equal to how memory works. ie, 32, 64, 128, and multiples of.
Look at the adb posts in my closed thread.
With Su installed, I have to type exit TWICE to exit. without su in system, exit only needs typed once.
Now here is why I continue. I found root, but dont have the experience, but it's like this:
See all those lovely new file that end in .cel? Mine says platinum. That means I AM ROOT. By swapping out .cel files, I have all the access magisk denies me. .cel files... get on it devs... swap them out, try try try... find what I found.
I dont actually need su, but i need it for some apps. What I have proven, is that SU does NOT kill android 10_Q.
variant=user or variant=eng, is NOW dependant on .cel files, like, say, boot-debug.cel.
Have a nice discovery... I hacked googles latest offering my-cel-f
Edit: Cel files are found in the bootloader, a zero byte file, the file NAME decides what the loader can or cant do, PERIOD.
New root tools only require swapping these out, as well as a few system edits when done.
Ok, slight mistake in spelling so I'll add the following for you to 'see'..
userdebug_plat_sepolicy.cil
So it's not cel as I wrote in the first post, my point being just as valid.
Platinum clearly states there are more who's names I have yet to obtain...
Theoretically in my mind, if I swap the .cil file in the bootloader for say hypothetically:
engdebug_plat_sepolicy.cil... with the few edits seen in the android 10 notes I posted from china, the one where people say 'too much hassle' - I say, for them. Those notes show the rest of the cil files, so yeah, I got root OPTIONS to play with
Stay tuned for more scottish inventor style NOTES.
Edit: for the record: https://source.android.com/compatibility/vts/vts-on-gsi