Hi. I set following values in default.prop but have no adb root shell.
Code:
[email protected]:/ $ grep secure default.prop
ro.secure=0
ro.adb.secure=0
Code:
[email protected]:/ $ id
uid=2000(shell) gid=2000(shell) groups=1003(graphics),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats) context=u:r:shell:s0
I use factory boot and system partitions, except one change I made to default.prop.
Can anyone give any suggestions or pointers?
up
up
up
Related
This guide is for people who want root but want to keep their stock rom, not breaking the warranty, unlocking bootloader etc.
A proud ubuntu user, I am writing this in a new thread purely because the manual rageagainstthecage method and SuperOneClick method did not not work for me, see link to my conclusion below if you care
http://forum.xda-developers.com/showpost.php?p=11305312&postcount=2526
What did work however was via adb shell using psneuter and its fairly simple if you follow the following commands.
This guide assumes you know how to get access to the shell via adb, if you dont then search elsewhere.
OK lets get to business!
1. Download the attached nexus_one_softroot.tar from the bottom of this post and extract contents to the same folder as adb
2. Open up your terminal, cd to the same folder as adb and the extracted files
3. Enter the following commands:
Code:
sudo ./adb push psneuter /data/local/tmp/psneuter
sudo ./adb push busybox /data/local/tmp/busybox
sudo ./adb push su /data/local/tmp/su
sudo ./adb shell chmod 755 /data/local/tmp/psneuter
sudo ./adb shell chmod 755 /data/local/tmp/busybox
sudo ./adb shell chmod 755 /data/local/tmp/su
sudo ./adb shell
After this you should see only a $ which tells us that we at the android command line with user privileges only, lets continue
Code:
$ cd /data/local/tmp
$ ls
busybox
su
psneuter
$ ./psneuter
property service neutered.
killing adbd. (should restart in a second or two)
You will now be kicked out of android shell, lets go back in
Code:
sudo ./adb shell
After this you should see only a # which tells us that we root baby! If you want to double check issue this command
Code:
# id
uid=0(root) gid=0(root)
Lets continue on. From this point we will install busybox and su which will make root permanent
Code:
# mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
# cd /data/local/tmp
# ./busybox cp busybox /system/bin
# chmod 4755 /system/bin/busybox
# busybox cp su /system/bin
# chmod 4755 /system/bin/su
# exit
For some reason I sometimes have to enter exit twice to leave the android shell. Again, re-access the android shell
Code:
sudo ./adb shell
Now in the android shell we can finish up
Code:
# su
# mount -o remount,ro -t yaffs2 /dev/block/mtdblock3 /system
# exit
# exit
Lastly we must install Superuser, and I did this from the android market so I knew its the latest version, its simple to get, less command input etc.
Now you have root! I hope this was simple enough to follow, I have not really written a guide before but from lots of searching I just could not find a solution for my Nexus One 2.2.1 FRG83D, especially any guide that uses psneuter.
Anyway, glad to contribute
EDIT - also, being new to starting threads, this may not quite be in the right section of the forum, sorry if thats the case mods
Hi,
Holding in my hands this Chinese pretty well made and fast thing (maybe just border plastic looks little bit loose).
But in this post I will not tell about quality of this tablet, writing this just for other people who "googled" to solve problems :cyclops:
Device spec:
Freelander PD80 Shangpin
Exynos quadcore
Android 4.0.4
So nothing new here just flow what you need to perform.
Really this article not about rooting actually it's how to get root work here.
I'm using linux so everything below aligned to linux but with some modification you can perform everything under windows.
This flow can be applicable to any device with such problem.
And as usual - Whatever you do with your device, you do that at your own risk.
Description:
1. Executing "su" in connectbot or android terminal emulator return next:
Code:
$ su
su: uid xxxxx not allowed to su
2. By executing "su" from adb shell I'm getting the root rights:
Code:
linux$ ./adb shell
android$ su
android#
Conclusion:
So device is rooted problem just with "wrong" su binary (even busybox inside).
Let's solve it if it's really your problem.
Steps to solve:
1. Download "chainsdd superuser" (site http://androidsu.com/superuser/ direct link http://downloads.noshufou.netdna-cdn.com/superuser/Superuser-3.1.3-arm-signed.zip)
2. extract archive and find inside Superuser.apk and su
3. Put Superuser.apk and su into folder with adb
4. Upload them to android device sdcard by executing from PC:
Code:
# ./adb push ./su_free /sdcard/su_free
Code:
# ./adb push ./Superuser.apk /sdcard/superuser.apk
5. Now we need to move them into system
Launch adb shell:
Code:
$ ./adb shell
$ su
#
6. Make sure that system partition writable (it was my case):
Code:
# mount|grep system
As result you will see:
Code:
/dev/block/mmcblk0p2 /system ext4 rw,relatime,barrier=1,data=ordered 0 0
In our case we don't need that. But if you see "ro" instead of "rw", you need to simply remount it:
Code:
# mount -o remount,rw /system
7. Back up old su binary by executing
Code:
# cp /system/xbin/su /system/xbin/su_ori
8. Copy su binary from sdcard to system
Code:
# cp /sdcard/su /system/xbin/su
Fix permissions:
Code:
# chmod 6755 /system/xbin/su
Check permissions:
Code:
# ls -l /system/xbin/|grep su
You'll see something like this:
Code:
-rwsr-sr-x root root 380532 2013-11-17 01:02 su
-rwsr-sr-x root root 64412 2013-11-17 01:18 su_ori
and link it
Code:
# ln -s /system/xbin/su /system/bin/su
9. Copy superuser.apk to system applications:
Code:
# cp /sdcard/Superuser.apk /system/app/superuser.apk
Fix permissions:
Code:
# chmod 644 /system/app/superuser.apk
Check permissions:
Code:
# ls -l /system/app|grep superuser.apk
You'll see something like this:
Code:
-rw-r--r-- root root 1468798 2013-11-17 01:10 superuser.apk
10. Reboot. And try to execute su from connectbot or android terminal emulator.
You'll be asked about granting permission.
That's all now we can do everything.
Good luck.
I used TWRP for installing the su command, and I installed SuperSU app from Google Play. It works.
The question - how su command works? It hasn't s-bit (it has -rwxr-xr-x, see below), so it can not change eUID by expected way. In what way it gets root's permissions?
Code:
[email protected]:/ $ id
uid=2000(shell) gid=2000(shell)
groups=1003(graphics),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats) context=u:r:shell:s0
[email protected]:/ $ su
[email protected]:/ # id
uid=0(root) gid=0(root) context=u:r:init:s0
[email protected]:/ # which su
/system/xbin/su
[email protected]:/ # ls -l /system/xbin/su
-rwxr-xr-x root root 75348 2016-10-29 22:31 su
[email protected]:/ #
Hi all,
im using a rooted samsung galaxy note 3 with lollipop
i have installed tasker to automate a few things ...
in addition i have installed the app "secure settings" to open the lookscreen
because of the message from secure settings in "System+ Module", that "Root access was not detected. The System+ module requires root access to function, i try the following:
Found on https://www.reddit.com/comments/3uf5bn ....
---------------------------------
adb shell
su
mount -o remount,rw /system
touch /sbin/su /system/bin/su /system/xbin/su
mount -o remount,ro /system
exit
reboot
---------------------------
im using Android Debug Bridge version 1.0.41
Version 28.0.3-5475833 <-- i think that's the latest version
C:\adb>adb shell
[email protected]:/ $ su
[email protected]:/ # mount -o remount,rw /system
[email protected]:/ # touch /sbin/su /system/bin/su /system/xbin/su
touch: usage: touch [-alm] [-t YYYYMMDD[.hhmmss]] <file>
1|[email protected]:/ # exit
1|[email protected]:/ $ exit
C:\adb>adb shell
[email protected]:/ $ su
[email protected]:/ # mount -o remount,rw /system
[email protected]:/ # touch /sbin/su /system/bin/su /system/xbin/su <-- don't work
touch: usage: touch [-alm] [-t YYYYMMDD[.hhmmss]] <file>
1|[email protected]:/ # exit
1|[email protected]:/ $ exit
C:\adb>adb shell
[email protected]:/ $ su
[email protected]:/ # touch /sbin/su <-- tried single step
255|[email protected]:/ # < -- is that the problem?
----------------------------
please help me ....
thanks Mikel
A old thread about the same topic: https://forum.xda-developers.com/android/software-hacking/rooting-set-box-lge-sh960s-airtel-t3826462
So I have temp root using dirty-cow and have tried to edit default.prop to get adb by usb. didnt work, all are mounted read-only. tried remounting, fail, turning off SELinux, fail. heres the shell:
Code:
$ adb shell
[email protected]:/ $ /data/local/tmp/dcow /data/local/tmp/run-as /system/bin/run-a>
dcow /data/local/tmp/run-as /system/bin/run-as
warning: new file size (9804) and destination file size (17920) differ
[*] size 17920
[*] mmap 0xb6d64000
[*] currently 0xb6d64000=464c457f
[*] using /proc/self/mem method
[*] madvise = 0xb6d64000 17920
[*] madvise = 0 17449
[*] /proc/self/mem 10931200 610
[*] exploited 0 0xb6d64000=464c457f
[email protected]:/ $ /system/bin/run-as
uid /system/bin/run-as 2000
uid 0
0 u:r:runas:s0
context 0 u:r:shell:s0
[email protected]:/ # Hehehe
/system/bin/sh: Hehehe: not found
127|[email protected]:/ # which touch
/system/bin/touch
[email protected]:/ # touch Hi.txt
touch: 'Hi.txt': Read-only file system
1|[email protected]:/ # mount -o rw,remount /system
mount: Permission denied
255|[email protected]:/ # ls -ladZ sys
sys/ system/
255|[email protected]:/ # ls -ladZ system
drwxr-xr-x root root u:object_r:system_file:s0 system
[email protected]:/ # setenforce 0
setenforce: Couldn't set enforcing status to '0': Permission denied
1|[email protected]:/ # sestatus
/system/bin/sh: sestatus: not found
127|[email protected]:/ # cat
^C
130|[email protected]:/ #
130|[email protected]:/ #
130|[email protected]:/ #
130|[email protected]:/ #
130|[email protected]:/ #
130|[email protected]:/ # cat /etc/selinux/config
/system/bin/sh: cat: /etc/selinux/config: No such file or directory
1|[email protected]:/ # cd etc
[email protected]:/etc # ls
18p
NOTICE.html.gz
audio_effects.conf
audio_policy.conf
bluetooth
clatd.conf
dhcpcd
event-log-tags
fallback_fonts.xml
fonts.xml
gps.conf
hosts
media_codecs.xml
media_codecs_google_audio.xml
media_codecs_google_tv.xml
media_codecs_google_video.xml
media_codecs_performance.xml
media_profiles.xml
mkshrc
permissions
ppp
preloaded-classes
recovery-resource.dat
security
sysconfig
system_fonts.xml
wifi
[email protected]:/etc # touch lol
touch: 'lol': Read-only file system
1|[email protected]:/etc # mount -o rw,remount /
mount: Permission denied
255|[email protected]:/etc # su mount -o rw,remount /
/system/bin/sh: su: not found
127|[email protected]:/etc # sudo mount -o rw,remount /
/system/bin/sh: sudo: not found
127|[email protected]:/etc #
127|[email protected]:/etc #
so can I know why I am denied even tho I am root? Also can some-one guide me to write a blob extraction script? There is no fastboot.
as its a Android Marshmallow (6.0) device try to dump boot.img and flash modified magisk_patched.img on locked bootloader. Magisk has an option to by-pass dm-verity. this is confirmed method on some Mediatek devices, if you are lucky this will work
Code:
ls -d $(find /dev/block -name by-name)/*
cat /dev/block/.../by-name/boot > /sdcard/boot.img
if that works, adb pull the img, patch with Magisk Manager, make sure you have enabled both checkboxes for preserve encryption + keep AVB/dm-verity, push it back to device and try to flash
Code:
cat /sdcard/magisk_patched.img > /dev/block/.../by-name/boot
however, if the img is flashed and dm-verity is preventing from boot this is a permanently brick
FaIl
aIecxs said:
as its a Android Marshmallow (6.0) device try to dump boot.img and flash modified magisk_patched.img on locked bootloader. Magisk has an option to by-pass dm-verity. this is confirmed method on some Mediatek devices, if you are lucky this will work
Code:
ls -d $(find /dev/block -name by-name)/*
cat /dev/block/.../by-name/boot > /sdcard/boot.img
if that works, adb pull the img, patch with Magisk Manager, make sure you have enabled both checkboxes for preserve encryption + keep AVB/dm-verity, push it back to device and try to flash
Code:
cat /sdcard/magisk_patched.img > /dev/block/.../by-name/boot
however, if the img is flashed and dm-verity is preventing from boot this is a permanently brick
Click to expand...
Click to collapse
I dont have full root i guess: find: /dev/block: Permission denied
check /proc/partitions for two similar partitions with 10 or 16 MB one of these should be boot. try to dump the partition (for example on my device it's mmcblk0p7)
Code:
cat /proc/partitions
cat /dev/block/mmcblk0p7 > /sdcard/mmcblk0p7.img
if that fails try to disable selinux
Code:
echo 0 > /sys/fs/selinux/enforce
or
echo 0 > /data/local/tmp/enforce
mount -o bind /data/local/tmp/enforce /sys/fs/selinux/enforce
chmod 0644 /sys/fs/selinux/enforce
chown 0.0 /sys/fs/selinux/enforce
chcon u:object_r:selinuxfs:s0 /sys/fs/selinux/enforce
Can someone help with steps to root the device and backup current ROM
seniornoob58432 said:
A old thread about the same topic: https://forum.xda-developers.com/android/software-hacking/rooting-set-box-lge-sh960s-airtel-t3826462
So I have temp root using dirty-cow and have tried to edit default.prop to get adb by usb. didnt work, all are mounted read-only. tried remounting, fail, turning off SELinux, fail. heres the shell:
Code:
$ adb shell
[email protected]:/ $ /data/local/tmp/dcow /data/local/tmp/run-as /system/bin/run-a>
dcow /data/local/tmp/run-as /system/bin/run-as
warning: new file size (9804) and destination file size (17920) differ
[*] size 17920
[*] mmap 0xb6d64000
[*] currently 0xb6d64000=464c457f
[*] using /proc/self/mem method
[*] madvise = 0xb6d64000 17920
[*] madvise = 0 17449
[*] /proc/self/mem 10931200 610
[*] exploited 0 0xb6d64000=464c457f
[email protected]:/ $ /system/bin/run-as
uid /system/bin/run-as 2000
uid 0
0 u:r:runas:s0
context 0 u:r:shell:s0
[email protected]:/ # Hehehe
/system/bin/sh: Hehehe: not found
127|[email protected]:/ # which touch
/system/bin/touch
[email protected]:/ # touch Hi.txt
touch: 'Hi.txt': Read-only file system
1|[email protected]:/ # mount -o rw,remount /system
mount: Permission denied
255|[email protected]:/ # ls -ladZ sys
sys/ system/
255|[email protected]:/ # ls -ladZ system
drwxr-xr-x root root u:object_r:system_file:s0 system
[email protected]:/ # setenforce 0
setenforce: Couldn't set enforcing status to '0': Permission denied
1|[email protected]:/ # sestatus
/system/bin/sh: sestatus: not found
127|[email protected]:/ # cat
^C
130|[email protected]:/ #
130|[email protected]:/ #
130|[email protected]:/ #
130|[email protected]:/ #
130|[email protected]:/ #
130|[email protected]:/ # cat /etc/selinux/config
/system/bin/sh: cat: /etc/selinux/config: No such file or directory
1|[email protected]:/ # cd etc
[email protected]:/etc # ls
18p
NOTICE.html.gz
audio_effects.conf
audio_policy.conf
bluetooth
clatd.conf
dhcpcd
event-log-tags
fallback_fonts.xml
fonts.xml
gps.conf
hosts
media_codecs.xml
media_codecs_google_audio.xml
media_codecs_google_tv.xml
media_codecs_google_video.xml
media_codecs_performance.xml
media_profiles.xml
mkshrc
permissions
ppp
preloaded-classes
recovery-resource.dat
security
sysconfig
system_fonts.xml
wifi
[email protected]:/etc # touch lol
touch: 'lol': Read-only file system
1|[email protected]:/etc # mount -o rw,remount /
mount: Permission denied
255|[email protected]:/etc # su mount -o rw,remount /
/system/bin/sh: su: not found
127|[email protected]:/etc # sudo mount -o rw,remount /
/system/bin/sh: sudo: not found
127|[email protected]:/etc #
127|[email protected]:/etc #
so can I know why I am denied even tho I am root? Also can some-one guide me to write a blob extraction script? There is no fastboot.
Click to expand...
Click to collapse
Can you help me the steps you used to root via ditry cow?
aIecxs said:
check /proc/partitions for two similar partitions with 10 or 16 MB one of these should be boot. try to dump the partition (for example on my device it's mmcblk0p7)
Code:
cat /proc/partitions
cat /dev/block/mmcblk0p7 > /sdcard/mmcblk0p7.img
if that fails try to disable selinux
Code:
echo 0 > /sys/fs/selinux/enforce
or
echo 0 > /data/local/tmp/enforce
mount -o bind /data/local/tmp/enforce /sys/fs/selinux/enforce
chmod 0644 /sys/fs/selinux/enforce
chown 0.0 /sys/fs/selinux/enforce
chcon u:object_r:selinuxfs:s0 /sys/fs/selinux/enforce
Click to expand...
Click to collapse
How to disable selinux?