Related
Samsung Galaxy Tab A 7.0 LTE/WIFI 2016 TINKER EDITION ROM (DEOXED/ROOT/XPOSED)
============================================
Update 01/04/2017
-----------------------
Tinker Edition V5.1 is now out.
* Re-added Samsung stock camera and gallery
* revert back to stock vold to fix issues people are having with micro sdcards
Now available for the SM-T285, SM-T280 to follow
Update 10/29/2016
------------------------
TWRP for the SM-T285 here
Early Build of TWRP for the T285 (see post by @ashyx will update this if an official version is released. The T280 version should be available not far behind I believe
Update 09/21/2016
-----------------------
V5 now out (root, deodexed, xposed) for the SM-T280/T285, still working on the SM-T280
Update 09/20/2016
------------------------
Turns out this device is not as locked as we all thought it too be. See thread below for my ordeal and more details:
http://forum.xda-developers.com/galaxy-tab-a/help/resources-samsung-galaxy-tab-7-0-2016-t3431022
Modifications:
===========
* Based on LMY47V.T285XXU0APCN
* Stock Boot and Recovery (Not much choice since the bootloader is locked)
* Busybox
* Hijacked Vold (using CM 12.1 sources) to run shell scripts stored in /data/scripts/vold.init
* Removed Touchwiz launcher and redundant samsung apps (Hancom office, Kidzone), replaced with Trebuchet
* Enabled r/w to the external SD Card
* Dolby Atmos mod (09/11/2016) (thanks to @Nando14sunny)
* Deodexed/Xposed (09/13/2016) (thanks to @wanam and @rovo89)
* soft linked /etc/hosts to /data/scripts/hosts and can be edited using adb shell (09/13/2016) (thanks to @venomrat)
* V5: root chainfire's SuperSu 2.78 (09/21/2016) (thanks to @Chainfire)
* stock boot animation
Special thanks also to @ashyx for initially taking a look at this device , I haven't given up on rooting this device yet.
Special thanks to @klemen241 for helping me try out the SM-T280 build
Haven't done extensive testing on Xposed modules, but the pokemon go iv mod/hacked worked and that was good enough for me (Before pokemon Go was patched). If you use this ROM feedback is highly appreciated
NOTES: To be safe, perform a cache wipe using recovery. I didn't need to do this personally but I haven't tested all use cases
NOTES: Since this rom is deodexed, the first boot will take quite a while, so please be patient .
NOTES: if you are coming from V2 and are using the mount_ext4 apps2sd scripts please update it for additional support for the V3 ROM HERE:
https://github.com/jedld/smt285_data_scripts
NOTES: (09/13/2016) Unfortunately, the V3 build fails the Google SafetyNet check, will be a problem if you play Pokemon Go
Other Notes: Removed support for zygote.init scripts in V3 as I am now using the app_process32_xposed binary, will work to get this back soon. I haven't had a need for zygote scripts though. The vold.init scripts shoud still work as before if you are using the apps2sd script
Installation Instructions:
Odin or Heimdall Required. I you are coming from the Stock Rom please wipe/factory reset to be sure. If you are upgrading from V1 or V2 you are not required to wipe unless there are problems. If you are upgrading to V3 cache wipe is recommended using recovery.
--FLASH AT YOUR OWN RISK--
1. Make sure to backup of your data and have a copy of your stock Rom in case something goes wrong.
2. Make sure your device is OEM unlocked. (Enable Developer settings and Enable the OEM unlock settings)
3. Extract ZIP file below and flash the tar.md5 file using ODIN, for details on this kindly look for instructions in the xda site.
4. For Heimdall you can use 7zip to extract the system.img from the tar.md5 and just flash the system.img itself.
Choose the appropriate download for the model (wifi only T280/ lte T285) that you have:
WIFI ONLY Download (SM-T280)
==========================
Link (V5 Deodexed, Rooted and Xposed):
https://mega.nz/#!0Jdg0a4D!XWLES1BwCPrkBlUzqNhRfRi_91LOdawYHydQ_scV2dI
Link (V3 Deodexed and Xposed - with special thanks to wanam with his custom Xposed build (86.0), and credits also to rovo89):
Download from Mega (v3 09/13/2016)
LTE Version Downloads (SM-T285)
===========================
Link (V5.1 Deodexed, Rooted and Xposed):
https://mega.nz/#!ZFFTFKYZ!NAeajNUjIgYI7zOslpWoJ2AeJ-NCKG0Ut8Buz_6eCgU
Link (V3 Deodexed and Xposed - with special thanks to wanam with his custom Xposed build (86.0), and credits also to rovo89):
Download from Mega (v3 09/13/2016)
Link (Original V2 odexed version):
Download from Mega (V2 09/11/2016)
If you have suggestions, send me a PM.
Other Notes (So people don't have to ask):
* I've tried to run superuser daemonsu, but unfortunately the sepolicy scopes for vold and zygote are too narrow in this device for supersu to use despite being root. In theory a version of daemonsu can be made specifically to run on this device with a somewhat castrated functionality though I don't have access to the source code to figure it out. Navigating the sepolicy landmine is hard.
WIFI ISSUES
=========
There are reports of wifi problems with the latest build due to wrong permissions with dhcp hooks, if so you can do the following (big thanks to @_mone):
Using adb shell:
Code:
su
mount -o rw,remount,rw /system
chmod 755 /system/etc/dhcpcd/dhcpcd-run-hooks
mount -o ro,remount,ro /system
/system is readonly by default, which is why you need the remount commands. Reboot your device after just to make sure.
Hi,
The mount_ext4_sdcard.sh script moves all apps to SD card on reboot?
Edit: did not read till the end. System apps are not move.
venomrat said:
Hi,
The mount_ext4_sdcard.sh script moves all apps to SD card on reboot?
Edit: did not read till the end. System apps are not move.
Click to expand...
Click to collapse
It won't by default for safety purposes, however you are welcome to edit the script and try to move them all
jedld said:
It won't by default for safety purposes, however you are welcome to edit the script and try to move them all
Click to expand...
Click to collapse
Thanks for your hard work. It's a pity this device is not as popular as their other models or more people would have already signed the petition.
I regret not doing more research before buying this tablet.
Hello there
At first i want to thank you for your hard work so far
Then i've got a question,
I just built this Tablet (LTE version) in my car. Now i'm on to configure it with Tasker to "act more like a car radio". It was really hard, because of the non rooted device.. But i did it so far
I used a sound mod, called Dolby Atmos (i think it's from lenovo?) on allmost every of my rooted devices to improve its sound.
I'm wondering if it would be possible that you could build in this mod inside a rom for me?
Normally i flash it as a zip file via a custom recovery so it's in the system files. but maybe you could edit it in there before the rom get flashed via odin? I could give you the zip, if u dont find it. It would be really nice!
Greetings from germany
Nando14sunny said:
Hello there
At first i want to thank you for your hard work so far
Then i've got a question,
I just built this Tablet (LTE version) in my car. Now i'm on to configure it with Tasker to "act more like a car radio". It was really hard, because of the non rooted device.. But i did it so far
I used a sound mod, called Dolby Atmos (i think it's from lenovo?) on allmost every of my rooted devices to improve its sound.
I'm wondering if it would be possible that you could build in this mod inside a rom for me?
Normally i flash it as a zip file via a custom recovery so it's in the system files. but maybe you could edit it in there before the rom get flashed via odin? I could give you the zip, if u dont find it. It would be really nice!
Greetings from germany
Click to expand...
Click to collapse
we could try, could you point me to a rom that has the specified libraries for Dolby?
Thank you, for the fast answer!
Here is the flashable zip of the Dolby Atmos, mod i used successfully on my other devices:
Mega
Greetings
Nando14sunny said:
Thank you, for the fast answer!
Here is the flashable zip of the Dolby Atmos, mod i used successfully on my other devices:
Mega
Greetings
Click to expand...
Click to collapse
Ok, wish granted, updated the ROM to include Dolby ATMOs, just redownload the ROM from the link in the main post.
jedld said:
Ok, wish granted, updated the ROM to include Dolby ATMOs, just redownload the ROM from the link in the main post.
Click to expand...
Click to collapse
Wow thank you! I'll test it right now
Edit:
It works like a charm! You really improved my devie with it!
Hi,
If it's not too troublesome, perhaps the next version can symlink the host file to a r/w folder so that ads can be blocked.
Thanks.
venomrat said:
Hi,
If it's not too troublesome, perhaps the next version can symlink the host file to a r/w folder so that ads can be blocked.
Thanks.
Click to expand...
Click to collapse
Possible, though the only r/w partition is data and cache, and it may potentially cause problems when you suddenly try to do a wipe. I'm working on deodexing and porting xposed framework for now. Either that if you've got some IP addresses that need to be blocked I can create an edition that has those entries. I'll see what I can do though there might be away to do it without breaking factory reset/wipe cache.
jedld said:
Possible, though the only r/w partition is data and cache, and it may potentially cause problems when you suddenly try to do a wipe. I'm working on deodexing and porting xposed framework for now. Either that if you've got some IP addresses that need to be blocked I can create an edition that has those entries. I'll see what I can do though there might be away to do it without breaking factory reset/wipe cache.
Click to expand...
Click to collapse
No hurry. I can wait. What you are doing now is more important. :good:
venomrat said:
No hurry. I can wait. What you are doing now is more important. :good:
Click to expand...
Click to collapse
Wish Granted. As a bonus, the latest version of the ROM is now deodexed and Xposed, please refer to the main post for the updates.
Feedback is appreciated.
How can i change the dpi?
Sent from my SM-T285 using XDA-Developers mobile app
corzradio said:
How can i change the dpi?
Sent from my SM-T285 using XDA-Developers mobile app
Click to expand...
Click to collapse
May need to modify build.prop, you may do this yourself here:
http://forum.xda-developers.com/galaxy-tab-a/how-to/guide-samsung-galaxy-tab-7-0-sm-t285-t3438296
Also there may be an Xposed framework modules that do that. Not sure though since I'm ok with the stock DPI
jedld said:
Wish Granted. As a bonus, the latest version of the ROM is now deodexed and Xposed, please refer to the main post for the updates.
Feedback is appreciated.
Click to expand...
Click to collapse
Thanks. Will need to find time to re-flash this weekend.
Regarding xposed have you actually tested any other modules that need root?
I already built a rom with xposed but it was all but useless because pretty much all the modules I use need root.
most of those I tried don't need root so far (youtube adaway, pokemon go iv). Haven't tried those that need root but I suppose those wouldn't work.
I use app settings and it works for dpi change, and you are welcome. I am glad to test stuff, its fun haha. If anyone has questions about t280 you can ask me
how can i boost the volume? since its not rooted i cant find the mixer.xml
Hello everyone, I have a problem on which audio enhancement to use? I tried to install Viper4Android_FX_v2505_A7.x_Nougat_IO_test_fix.apk, but it does not install the necessary drivers, my problem is that I use Spotify and the sound is very simple, I would need to strengthen the bass a little bit, I have the B&O headphones.
Thanks
the best audio package by far is A.R.I.S.E.
I use magisk, but it should work with SuperSU too.
You need to have busybox installed to /system/xbin for Viper4Arise to work properly.
When you flash the ARISE package the first time, it will drop a file "arise_customize.conf" into /sdcard
This is what you use to customize which ARISE modules you want to be installed when you flash the ARISE installer the second time.
I have attached the arise_customize.conf file that I use, and know works very well on LG-V20.
For many reasons, though, I recommend looking into switching to magisk over supersu.
After you have busybox installed properly, and after you have Viper4ARISE flashed properly with the customize file used, there is a module in the magisk app repository "universal_deep_buffer_remover".. this is the ONLY thing I have found that correctly removes the deep buffer without breaking the HIFI dac on the V20.
(you can also easily install busybox from the magisk manager app too, although I recommend flashing that module from recovery first. You may need to play with that its triicky. Install from recovery and/or from within the magisk manager app.)
it should go without saying that before you start installing this you will need to remove any other audio mods that you have installed previously, or the best bet being reflash your ROM to get a fresh start.
syndre said:
the best audio package by far is A.R.I.S.E.
I use magisk, but it should work with SuperSU too.
You need to have busybox installed to /system/xbin for Viper4Arise to work properly.
When you flash the ARISE package the first time, it will drop a file "arise_customize.conf" into /sdcard
This is what you use to customize which ARISE modules you want to be installed when you flash the ARISE installer the second time.
I have attached the arise_customize.conf file that I use, and know works very well on LG-V20.
For many reasons, though, I recommend looking into switching to magisk over supersu.
After you have busybox installed properly, and after you have Viper4ARISE flashed properly with the customize file used, there is a module in the magisk app repository "universal_deep_buffer_remover".. this is the ONLY thing I have found that correctly removes the deep buffer without breaking the HIFI dac on the V20.
(you can also easily install busybox from the magisk manager app too, although I recommend flashing that module from recovery first. You may need to play with that its triicky. Install from recovery and/or from within the magisk manager app.)
it should go without saying that before you start installing this you will need to remove any other audio mods that you have installed previously, or the best bet being reflash your ROM to get a fresh start.
Click to expand...
Click to collapse
You forgot to attach the file
Looking forward to it, I've always used Viper and never heard of this one, I'm eager to try it.
UL7RA said:
You forgot to attach the file
Looking forward to it, I've always used Viper and never heard of this one, I'm eager to try it.
Click to expand...
Click to collapse
so sorry, my fault
I did attach the file but I didn't see that it rejected the .prop extension, I edited that first post with it uploaded as a text file, same file is attached here too. Remove the .txt and put it on /sdcard
If you open the file and change the install core to =true, you will only have to flash the arise zip once (instead of letting it place that customize.prop file on SD card the first time around).
syndre said:
so sorry, my fault
I did attach the file but I didn't see that it rejected the .prop extension, I edited that first post with it uploaded as a text file, same file is attached here too. Remove the .txt and put it on /sdcard
If you open the file and change the install core to =true, you will only have to flash the arise zip once (instead of letting it place that customize.prop file on SD card the first time around).
Click to expand...
Click to collapse
Unfortunately, I believe not much of ARISE works on my H990DS, as the first time I flashed using your prop file, I got arkamys audio to continuously force close. Uninstalled it by editing the prop file, reboot. Tried opening Dolby Atmos, force close. I guess I'm left with Viper, which I've had before anyway. I'm on magisk, if that matters, but I saw that the magisk compatibility was set to true.
UL7RA said:
Unfortunately, I believe not much of ARISE works on my H990DS, as the first time I flashed using your prop file, I got arkamys audio to continuously force close. Uninstalled it by editing the prop file, reboot. Tried opening Dolby Atmos, force close. I guess I'm left with Viper, which I've had before anyway. I'm on magisk, if that matters, but I saw that the magisk compatibility was set to true.
Click to expand...
Click to collapse
If you're using SuperSU the only other thing that I could think of would be making sure BusyBox is installed
In the future if something like that is force closing you can either just freeze the application or delete the app folder in system partition using recovery.
If you haven't yet tried flashing your ROM again, letting boot up and sit for a few minutes, then flash busybox and arise again on a fresh ROM installation, that is definitely something to try.
I'm just curious, is there a reason why you prefer SuperSU over magisk?
I use the BusyBox flashable installer made by as from here. He's got lots of other neat things on that thread to!
https://forum.xda-developers.com/showthread.php?t=2239421
Sent from my LG V20 using XDA Labs
syndre said:
If you're using SuperSU the only other thing that I could think of would be making sure BusyBox is installed
In the future if something like that is force closing you can either just freeze the application or delete the app folder in system partition using recovery.
If you haven't yet tried flashing your ROM again, letting boot up and sit for a few minutes, then flash busybox and arise again on a fresh ROM installation, that is definitely something to try.
I'm just curious, is there a reason why you prefer SuperSU over magisk?
I use the BusyBox flashable installer made by as from here. He's got lots of other neat things on that thread to!
https://forum.xda-developers.com/showthread.php?t=2239421
Sent from my LG V20 using XDA Labs
Click to expand...
Click to collapse
No, I'm not using SuperSU, I'm on Magisk (14.0). You might have missed when I said that. BusyBox is installed and running fine, and I managed to fix everything by flashing the ARISE zip, but with a modified prop file.
UL7RA said:
No, I'm not using SuperSU, I'm on Magisk (14.0). You might have missed when I said that. BusyBox is installed and running fine, and I managed to fix everything by flashing the ARISE zip, but with a modified prop file.
Click to expand...
Click to collapse
ahh ok, yeah misunderstood that you got it going
great
Sent from my LG V20 using XDA Labs
Hello, thanks for replying ... I installed my system again with MagiskSU, but when I installed ARISE, I could not understand how to install it ... I downloaded the MAGNUS OPUS package and tried to flash with the TWP, and there was ERROR 1, I put both your "arise_customize.prop" in my sdcard (/sdcard/arise_customize.prop) and what is in the ARISE forum, but without success ...
let's go to the beginning ... first I install MagiskSU, then BusyBox, then I put the file on sdcard? and then try to install? that's what i did
what am I doing wrong?
Thanks for the cooperation
pkrename said:
Hello, thanks for replying ... I installed my system again with MagiskSU, but when I installed ARISE, I could not understand how to install it ... I downloaded the MAGNUS OPUS package and tried to flash with the TWP, and there was ERROR 1, I put both your "arise_customize.prop" in my sdcard (/sdcard/arise_customize.prop) and what is in the ARISE forum, but without success ...
let's go to the beginning ... first I install MagiskSU, then BusyBox, then I put the file on sdcard? and then try to install? that's what i did
what am I doing wrong?
Thanks for the cooperation
Click to expand...
Click to collapse
The order I flash those things is first the ROM (if your ROM has any audio mods included as separate zips in the main rom zip, most modded stock roms do this, remove that. Either delete any viper or dolby zips from the main rom zip, or comment out the libes that install them in the update-script FIRST).
Second I flash busybox, it should say "installng to /system/xbin".
Third I flash Magisk. The current latest version is v14.5 and I can confirm it works n my V20.
After that, I boot into the rom and let it up the stock audio configuration to and confirm that you have sound working initially. After it settles down for a few minutes, I go back into recovery and then flash the arise zip.
The first time you flash ARISE, it checks to see if the customize prop file is present on/ sdcard and if it is it will use those options. If the customize file is not present the only thing it will do is install the core part of ARISE, and it will place that customize.prop file onto /sdcard for you. If that happens you'll get a message saying so, instructing you to edit it to select which modules you want. The customize.prop file I attached is what I use, you don't necessarily have to use those exact settings, you can choose what you want and play around with it and see what works. Trial and error is a way of life doing these mods.
Flashing the same ARISE zip a second time once you edited the prop file to your liking will install what you choose instead of just the core files.
Reboot back into your ROM and open the magisk manager app. You'll notice there is a module there for ARISE compatibility. At this point your equalizer apps should be functioning, but only for local media files. To get the sound to process through the Viper equalizer using streaming music you need to remove the deep audio buffer. Magisk manager allows you to do this very easily by just downloading the universal deep audio remover module from the repository in magisk manager.
While you're at this point, it's a good idea to also download and install the BusyBox module from the magisk manager app too. You can install the magisk BusyBox module on top of what you already flashed in recovery, thats how I do it. If there's any conflicting files the magisk module takes priority. If anything, doing this gives me the peace of mind that BusyBox is for sure installed correctly.
After installing the BusyBox and deep buffer remover modules from the magisk manager app, reboot and that should be it! The only thing you need to do now to take your already amazing DAC to the next level is adjust the equalizer settings to what you like. This is a never ending quest to make whatever youre listening to sound perfect. Frustrating but fun at the same time.
Of course there are a ton of things that could go wrong, each case seems to be different, so there's no way to let you know what to do before a problem shows up.
Try that and let me know how it goes. Good Luck!
syndre said:
The order I flash those things is first the ROM (if your ROM has any audio mods included as separate zips in the main rom zip, most modded stock roms do this, remove that. Either delete any viper or dolby zips from the main rom zip, or comment out the libes that install them in the update-script FIRST).
Second I flash busybox, it should say "installng to /system/xbin".
Third I flash Magisk. The current latest version is v14.5 and I can confirm it works n my V20.
After that, I boot into the rom and let it up the stock audio configuration to and confirm that you have sound working initially. After it settles down for a few minutes, I go back into recovery and then flash the arise zip.
The first time you flash ARISE, it checks to see if the customize prop file is present on/ sdcard and if it is it will use those options. If the customize file is not present the only thing it will do is install the core part of ARISE, and it will place that customize.prop file onto /sdcard for you. If that happens you'll get a message saying so, instructing you to edit it to select which modules you want. The customize.prop file I attached is what I use, you don't necessarily have to use those exact settings, you can choose what you want and play around with it and see what works. Trial and error is a way of life doing these mods.
Flashing the same ARISE zip a second time once you edited the prop file to your liking will install what you choose instead of just the core files.
Reboot back into your ROM and open the magisk manager app. You'll notice there is a module there for ARISE compatibility. At this point your equalizer apps should be functioning, but only for local media files. To get the sound to process through the Viper equalizer using streaming music you need to remove the deep audio buffer. Magisk manager allows you to do this very easily by just downloading the universal deep audio remover module from the repository in magisk manager.
While you're at this point, it's a good idea to also download and install the BusyBox module from the magisk manager app too. You can install the magisk BusyBox module on top of what you already flashed in recovery, thats how I do it. If there's any conflicting files the magisk module takes priority. If anything, doing this gives me the peace of mind that BusyBox is for sure installed correctly.
After installing the BusyBox and deep buffer remover modules from the magisk manager app, reboot and that should be it! The only thing you need to do now to take your already amazing DAC to the next level is adjust the equalizer settings to what you like. This is a never ending quest to make whatever youre listening to sound perfect. Frustrating but fun at the same time.
Of course there are a ton of things that could go wrong, each case seems to be different, so there's no way to let you know what to do before a problem shows up.
Try that and let me know how it goes. Good Luck!
Click to expand...
Click to collapse
Great Tutorial... but... in my phone... (H990DS) with custom root by DirtySanta, the Magisk v14.5 make this device no boot... does it work with version 14.0?
I have a LS997 and also see dirty santa. I run Schwifty's kernel, if that is of any interest to you.
Yes, v14 will be fine to use.
This is for anyone doing audio mods, check out sauron ainur audio, it's a Russian team that figured out a new/better way to mod devices,, (any variant) I've tried bout everything, and it is way better than arise, guitarded hero even chimed in on the forum and credited them as the real deal and not a poser basically, the bass is much tighter and puncher and tunable, must have magisk and u can have other mods along with it e.g.--v4a, James dsp, Arkamys, Dirac, etc. Read the thread!!! And it's easier to install. It will/is change android modding imo.
I was able to do it, but I only managed to release it on my device after upgrading to version 14.5... in version 14 it did not run... I did all the steps as it happened in my tutorial and now it is running the perfect V4A !! Thank you syndre was a great help!
I used to think arise was best, all magisk users should try sauron ainur audio mod, the only one I got to activate is the mk II beta 8. Easy to install if you follow directions and can use viper and other mods with it, they found a new way to do audio mods that's changing the game for audio it just ain't well known yet, read the thread, guitarded hero chimes in and validates them as the real deal and I can say it is awesome, tighter bass, clearer w/less congestion from non working/compatible ports. Message me if you need help or have general questions. Can be tricky to learn, (me anyway since I just started using magisk). Russian team I believe, try it out, good luck.
---------- Post added at 01:40 AM ---------- Previous post was at 01:34 AM ----------
Beta 8 was only one i could get to activate quad dac, wanted to correct that, but the versions without dac activated still sound better than other mods with dac working, it's that good. Imo the bass is way more tunable and precise, and punchier which is important to me.
Hello,
let's assume I have a super-secure Android phone that's known for not being rootable. Let's also assume, I've successfully tried the Janus vulnerability and was able to replace the classes.dex of a system app with a slightly modified one.
As far as I understand it, using the Janus vulnerability, you can only replace the classes.dex but no resources. So whatever is in the classes.dex can only work with the resources already there.
Now the big question: Is there any classes.dex that doesn't depend on specific resources and that I could use to get e.g. a root shell?
I'll try to change a System app to gain higher rights, but i doubt this will be enough to write to system.
github.com/wegeneredv-de/CVE-2017-13156
Use Janus vulnerability to get root access ?
No, I think you can't really. It is maybe possible to root using this exploit by editing a system app because system apps have more rights than "normal" apps which are installed in /data partition. If you really want to use janus exploit to root your phone, try to find a privilege escalation exploit and edit an app to make it execute the exploit. But I think "normal" rooting methods are more efficients. You can install any app on your phone or update any apps, so you don't need Janus. Executing privilege escalation exploit is the only way to root your phone with no (not at 100% true, you can root your phone using recovery, but it is not the subject)
I hope I have helped you,
Have a n1ce day,
Luca
PS : Don't hesitate to thanks me
Yes, you can. You can edit the system upgrade app to make it install a special package (that should be signed by recovery) to root your phone I think.
lucahack said:
Yes, you can. You can edit the system upgrade app to make it install a special package (that should be signed by recovery) to root your phone I think.
Click to expand...
Click to collapse
There's no easier way? Something like copying a "su" binary to somewhere and setting a few filesystem permissions?
mbirth said:
There's no easier way? Something like copying a "su" binary to somewhere and setting a few filesystem permissions?
Click to expand...
Click to collapse
The easiest way is to flash supersu in a custom recovery to root. (link to supersu flashable : https://s3-us-west-2.amazonaws.com/supersu/download/zip/SuperSU-v2.82-201705271822.zip )
lucahack said:
Yes, you can. You can edit the system upgrade app to make it install a special package (that should be signed by recovery) to root your phone I think.
Click to expand...
Click to collapse
I've been looking into that for awhile. I thought it was possible using dirtycow also maybe.
How would a special package still be usable and signed by the recovery?
Wouldn't modification break the recovery signing?
Delgoth said:
I've been looking into that for awhile. I thought it was possible using dirtycow also maybe.
How would a special package still be usable and signed by the recovery?
Wouldn't modification break the recovery signing?
Click to expand...
Click to collapse
If you extract your ota certs from a valid OTA and sign the injected update.zip with those valid signatures it may be possible. That's the latest I've been looking into but the updater binaries are so complicated I don't know how it will work. I think the best option is smali edit within an app like testmode.apk on the K1 that can manipulate system properties and shared preferences. Once you can allow the properties to allow insecure adb or debuggable = true or secure = false you can do the rest of the work in adb. But BB probably has protections that will nullify on reboot.
jcrutchvt10 said:
If you extract your ota certs from a valid OTA and sign the injected update.zip with those valid signatures it may be possible. That's the latest I've been looking into but the updater binaries are so complicated I don't know how it will work. I think the best option is smali edit within an app like testmode.apk on the K1 that can manipulate system properties and shared preferences. Once you can allow the properties to allow insecure adb or debuggable = true or secure = false you can do the rest of the work in adb. But BB probably has protections that will nullify on reboot.
Click to expand...
Click to collapse
I have the Verizon test keys for the G925V 4CPI2 6.0.1, but my s6 edge is currently out of commission until I can find the signed bootloader binaries to upload to the device over the serial port. SDB and SDC are completely gone. I need to inject the data, but don't know the map of the sboot.bin
I had the same idea though. I'm glad I wasn't the only one. It got lost in the cracks because of other projects going on. I saw some malware one time that would install itself by piggybacking on the ota system update process, when you scheduled the update to occur five minutes from the current time. And that process I do believe relied on using a modified CSC or Cache once the process started.
I need help editing the default.prop of my rooted boot.img for an LG LM-X210ULM K8+. I want to mark ro.debuggable off as 1 instead of 0 but which i have no problem doing but when i use any kitchen program it puts it back together as 15mb instead of 32mb and when i flash it to my device it always bootloops.
If any one could help i would appreciate it. Im including a copy of the rooted boot.img freshly pulled ftom my device
The size probably isn't the issue. Using AIK the size was even bigger than the original.
It's all just 0x00 the rest of that partition...
By using my old uImage/_recovery unpack-repack batch file
http://cxzstuff.blogspot.com/2013/03/uimagerecovery-unpack-repack-batch-file.html
the result was smaller but still a bit bigger than the Magisk had made.
But that is irrelevant really... result attached.
Yea i dont get it. The size doesnt matter as long as it diesnt exceed the max amount of space the partition can hold. But why does changing one value cause the boot.img to boot loop after flashing.
Even the boot.img you made looped after flashing
Duhjoker said:
Even the boot.img you made looped after flashing
Click to expand...
Click to collapse
Just tells that it's not the tool used. Or mine oldie is as bad/good as the newer one in this case.
What that Magisk img had was like it had some signature but it should not be needed and probably just garbage left there from the stock...
Should not matter, but how about doing it other way around? Modify the stock boot first and then give it to Magisk for rooting.
I think it was stock. Ill have to make sure though. wonder why magisk doesnt make the image debuggable to begin with. But your right it might be that im using a magisk patched image. Ive got some firmware already broke down ill give it another try here in a bit and post my results.
Duhjoker said:
I think it was stock. Ill have to make sure though. wonder why magisk doesnt make the image debuggable to begin with. But your right it might be that im using a magisk patched image. Ive got some firmware already broke down ill give it another try here in a bit and post my results.
Click to expand...
Click to collapse
So here we are. There should be some shortcut or something left to the original sub forum at least for a week or two when you boys move these threads - dammit...
Any luck? You have a customized recovery? How about these?
https://forum.xda-developers.com/an...g/mod-bootimage-adb-unsecure-patcher-t3618558
Yes luck tonight i did a fresh reflashing on my QC Lg k8+ and decided to break open the boot.bin from the kdz i used and made my changes to default.prop then i put the renamed to boot.img on my phone and let magisk patch it then flashed it via fastboot and dared it to go into system. Then i double dared it. Then for safe measure i double dog dared it to boot into system to which it had no choice but to go along with the or be labled a @!%\**__(€.
It booted.
So the lesson learned is to patch a fresh boot.img with your default.prop changes then have magisk patch it for root.
Now oddly when i patched and tweaked my recovery using carlive kitchen, i also made sure that the same changes to default.prop or rather i made sure they had been made and they had. But any terminal like emulator or termux pulls up the props using getprop with the changes unmade and i still cannot change the values of the system build.prop and when i patch it manually it reverts on reboot.
I literally have to open a vi in twrp to make changes. And forget about copying my own patched build.prop to system in twrp. Because that leads to boot loop as well
Ok so is there a reason that you dont make those changes in the boot.img any more? Because the past two days i have woke up to no root. I have had to reflash my boot.img both times
Ok i just compiled my first kernel from lg source code and now i dont know which of the split images in my folder is the zimage
Back to the drawing board quite literally. Im stuck for sure.
I need to make edits to a few files like init.rc and init.lge.power.rc to allow for changes in my newly compiled kernels. Basically im adding a couple properties and some cpu frequency stuff. Plus i want to make it back to adoptable storage and add a second sd partition for ext4 projects im working that would work best right off the root file system.
Im using the stock extracted boot.img from a kdz using salt and carliv kitchen to unpack and repack i have also mkbootimg tools that i compiled myself and some static arm version.
I extracted the ramdisk place my new kernel image in and repack with the init files changed and flash using recovery or fastboot and bootloop every time. And magisk isnt signing with the verity key.
ok i dont know whst was going on the other day but i can split boot.img again and make changes with out looping.
i used gparted on my linux machine to partition my 128gb sd card with 3/4 vfat and 1/4 ext4 i know that by using adb it will automount but thats one timr and i may need to switch out every now and then plus it put a center part in it of about 15mb. with gparted i get the two parts with no bs. any way i created a script that mounts the second part and even symlinks some stuff. it works good but im having trouble getting init.rc to run it.
on early-init
chmod 0755 /system/etc/init/init.mntsd.sh
exec system system /system/bin/sh /system/etc/init.mntsd.sh
any tips
I'm using phh AOSP 12.0 v400 (https://github.com/phhusson/treble_experimentations/releases) and I would like to know if there is a way of permanently change /system/etc/hosts file, or at least auto changing it in every boot, which is probably what Magisk does, but I'm not sure how to do it with this ROM since there is no boot.img.