Camera2 API without flashing custom recovery or rooting. - Xiaomi Redmi Note 3 Questions & Answers

Hello there, it's been a while since I've been here, I had a Samsung Galaxy S2 last time I posted. Anyway...
I was trying to enable the Camera2 API, so I unlocked my bootloader for it. I followed a guide that explained how to do the API thing without installing a custom recovery or rooting, however while everything went well (no errors during the procedure), the API wasn't actually enabled. And I confirmed it by reading the build.prop file, finding out that the "persist.camera.HAL3.enabled=1" line was not in it.
The guide I followed consisted in booting the TWRP recovery from fastboot, and pushing commands through adb shell that way; "setprop persist.camera.HAL3.enabled=1", to be precise. It didn't work though.
So naturally, I searched for another way, and found one that uses a different way of adding that line to the build.prop file, by pulling said file from the system partition, editing it on the PC running adb, pushing it back to /system, and setting the permissions through the following commands:
Code:
adb pull /system/build.prop
Then, after editing the file through notepad++, adding the "persist.camera.HAL3.enabled=1" line
Code:
adb push build.prop /system
to put it back, edited, and then to set the permissions
Code:
adb shell
cd system
chmod 644 build.prop
My question is: can this second method be mixed with the frist one? Essentially, can I do the pull/edit/push/chmod series of commands off of a TWRP that I'm temporarily running via fastboot? Or does it have to be installed?
I know that you might wonder "why don't you just flash it, making your life easier?", but now it's a matter of principle, I need to know if this can be done without doing it. Plus, since I don't plan on doing anything else that needs it, it's kind of a waste of time having to then go back to the original recovery.
Hope someone can help me with this doubt, thanks in advance to anyone who will!

Related

[Q] Help, Need Engineering Bootloader And No Methods Seem To Work

I have a refurbed Eris because my old one had the trackball issue. When I rooted that one I went about the old school ADB way and had s=off. When I got my refurb and got it all activated I went and installed the 1 Click Root and I can't seem to get the engineering bootloader. I tried the steps in jcase's thread, but it didn't do anything but wipe my phone. After that I tried flashing engtools.zip, that flat out did nothing at all.
Basically my question is, how should I go about getting it on there? I have no problem wiping my phone to stock with HTC's RUU package they put out and starting from scratch. Also, is there any way to make the 1 Click Root include the engineering bootloader? Maybe somebody could figure out what the parse error is with jcase's old abandoned work here:
http://forum.xda-developers.com/showthread.php?t=742735&highlight=engineering+bootloader
Scroll down a few replies for the link.
I'm at a loss, so any help is greatly appreciated.
So, here's the deal.
The only thing which prevents somebody from flashing the (HTC) "Root" PB00IMG.ZIP ROM, or ANY OTHER PB00IMG.ZIP ROM OR RUU UTILITY is the "Main Version is Older!" problem. This is the same thing that kept Eris "Leakers" from successfully using the "Root PB00IMG.ZIP" ROM
It turns out that this top-secret "Main Version" number is stored (as a string) in the "misc" partition. (It is also stored in the hidden "misc3" partition, but that's a story for another time). Now, what would happen if you grabbed a copy of your misc partition (using "dump_image" in Amon_RA), hand patched a very old "Main Version number" into the file, and then flashed this hacked "misc.img" back to the misc partition on your phone?
Answer: it would allow you to flash ANY RUU or PB00IMG.ZIP file - including the HTC "Root PB00IMG.ZIP ROM", which installs the 1.49.2000 S-OFF bootloader.
Now, Jcase has already done all of this work for you, except for flashing the resulting "misc.img" to your phone - that's your job.
His original instructions are in this thread:
http://forum.xda-developers.com/showthread.php?t=726885
BUT NOTE! There was/is a typo in the fourth line of his instructions!
The correct sequence is:
Code:
adb push flash_image /data/local/flash_image
adb push misc.img /data/local/misc.img
adb shell chmod 777 /data/local/flash_image
adb shell /data/local/flash_image misc /data/local/misc.img
Note that Jcase could have made these instructions even simpler by noting that there is already a version of flash_image built-in to the Amon_RA recovery, and it suffices to just copy his "misc.img" file to the SD card, fire up Amon_RA, and
Code:
adb flash_image misc /sdcard/misc.img
OK, that's it; the rest is up to you. Don't forget that if you let the HBOOT+(Root)PB00IMG.ZIP flash run all the way through, it installs an old radio , and you will also need to get the Amon_RA recovery back on the phone. (Even though it is the "root" ROM, you can use OneClick to do that). You can avoid both those things if you use the toastcfh "battery pull trick" (documented here, with pictures) at the early part of the HBOOT+PB00IMG.ZIP install.
Don't forget to make a Nandroid backup before you begin.
good luck.
bftb0
PS - I forgot to add the observation that I have tried doing the bootloader install as a flashable .zip method with both of the S-ON bootloaders as a starting point. It worked only for the 1.49.0000 S-ON bootloader, but not for the 1.47.0000 bootloader. I suspect that is why the method you were trying is not working for you. (I used "erisengspl.zip", rather than Jcase's method, but my guess they will both behave the same way - the problem is due to the bootloader version, not the flashing method)
Thanks for all the help, seriously, but literally none of that worked. ADB acted like flash_image wasn't even there. When I tried to install flash_image I got a host of errors. I think I'm gonna start over and try from stock 2.1 and try to root it old school, though I'm not sure any of the guides are relevant anymore.
I'm beginning to think this isn't worth the fighting and wiping and general work.
Thanks again though, that was really detailed and helpful.
dalladubb said:
Thanks for all the help, seriously, but literally none of that worked. ADB acted like flash_image wasn't even there. When I tried to install flash_image I got a host of errors. I think I'm gonna start over and try from stock 2.1 and try to root it old school, though I'm not sure any of the guides are relevant anymore.
I'm beginning to think this isn't worth the fighting and wiping and general work.
Thanks again though, that was really detailed and helpful.
Click to expand...
Click to collapse
It works - I have done it possibly more than 100 times on my phone.
If adb says "flash_image not found", or something like that, it just means that you didn't put that file into the current folder (probably the same folder that adb.exe is in ( either <sdk-directory>/tools or <sdk-directory>/platform-tools )
same deal with "adb push misc.img" ... if a file name is given as an argument to a program launched by the command window (in both Unix and Windows), and it does not start with an explicit path, it is presumed to be in the "current directory".
So, try again, but put the flash_image file and "misc.img" file in the same folder that you are running the adb command from.
If you get an error message in one command, there is no point in running the subsequent command - figure out where your mistakes are before you proceed to the next command.
There are also plenty of opportunities to make a mistake if you are typing things by hand, too - so I recommend cut and paste. (In the Windows command window, there is a pulldown menu from the top bar: Edit -> paste)
bftb0 said:
(In the Windows command window, there is a pulldown menu from the top bar: Edit -> paste)
Click to expand...
Click to collapse
My turn to butt in. If you didn't know already, although you have to go to the pulldown menu for most things, you can actually right-click anywhere in the command window and choose Paste. This was a huge relief to me when I "discovered" it as going to the pulldown menu was a PITA to do very often.

[Q] Will anyone root the new Kyobo Mirasol reader?

The world's first ereader with a color Mirasol display is finally on the market, but unfortunately it's running a severely locked-down Android by the Korean bookstore chain Kyobo. The Kyobo ui is entirely in Korean, the browser blocks downloads, and the reader app is crap. In other words, it's basically useless to anyone outside of Korea. A few enterprising Americans have imported them and been extremely disappointed. Will someone please take a look at this device and see if it can be rooted or if something else can be done to make it of use to the rest of us?
Please use the Q&A Forum for questions Thanks
Moving to Q&A
Nate over at The Digital Reader has a firmware update that supposedly contains all of the installed apps. He is asking for someone to try and hack it. He has a download link for the firmware at The Digital Reader.
I also posted this as a question here on XDA:
http://forum.xda-developers.com/showthread.php?t=1432283
it is rooted since some time already.
files and instructions are in the following archive, but since instructions are in korean, i'll do a writeup below.
(argh! spambot won't allow this link, so you'll have to piece it together...)
www<dot>4shared<dot>com/zip/aLwRc7ZG/mirasol_rooting.html
edit: needed files are also in an attachment below
the gist is that you need to flash the boot partition via fastboot, setup root and busybox, and then modify secure->install_non_market_apps in settings.db.
you will need to have adb and fastboot from the android sdk working on your computer. There are many posts about this elsewhere, so i won't go into the details.
also, i only print filename without path, just find the corresponding file in the mentioned archive and modify the commands accordingly.
flash the boot partition via fastboot
first get your kyobo into fastboot mode (with usb cable attached) by pressing volume-down at bootup. timing here can be a bit finicky, but easiest seems to be to shut it down completely and then press just after pressing power.
issue a 'fastboot devices' on computer, if successful it should give you the response '???????????? fastboot' or similar. if empty or hangs, try again by rebooting the kyobo by pressing power with volume-up held (you can go into fastboot immediately after reboot by volume-down as expected).
when positive response above, you can flash by
Code:
fastboot flash boot boot.img
and then reboot by
Code:
fastboot reboot
edit: simplified fastboot instructions, thanks to smb_gaiden, whose button-poking-fu is strong.
setup root and busybox
with boot partition flashed you now have adb access, so let's use it. let the device boot as normal, and then issue the following.
Code:
adb push busybox /data/local/tmp
adb push fixsu.sh /data/local/tmp
adb push su /data/local/tmp
adb shell chmod 777 /data/local/tmp/busybox
adb shell chmod 777 /data/local/tmp/fixsu.sh
adb shell chmod 777 /data/local/tmp/su
adb shell /data/local/tmp/fixsu.sh
adb shell ln -s /data/local/tmp/busybox /system/xbin/busybox
after this, install some apk's from the archive
Code:
adb install superuser.apk
adb install blackmart.apk
fix non-market apps setting
only thing left is to change a setting to allow non-market apps to be installed. if you don't care about your current settings (locale, etc), you can just push the settings.db from the archive like so:
Code:
adb push settings.db /data/data/com.android.providers.settings/databases/
if you *do* care about your settings, you'll need to pull the settings.db, edit it in some sqlite db editor (set secure->install_non_market_apps to 1) and push the result.
that's it. all rooted. now you just need to install angry birds and yer' set ;-)
Adb doesn't seem to start properly on device
Hello.
I did succeed in flashing the bootloader via fastboot.
However when I boot device - I see adb on usb only for some initial seconds, and then it disappears.
For that matter my device already had December firmware on it.
Any ideas how to activate adb on device?
Thank you,
Leonid
it may be that persist.service.adb.enable is reset, stopping the adbd service. try flashing the attached boot image instead, see if that fixes it. it is the same as above, except that persist.service.adb.enable is ignored.
edit: i took a look at the december update, afaict it should pose no problem (very few changes in there).
Once these steps are done, how do you install google market?
Thanks.
edit: the original instructions were snafu, so i replaced them with something that should actually work.
getting android market running on the kyobo
needed files are in the attached archive.
install like so:
Code:
adb remount
adb push DrmProvider.apk /system/app
adb push MediaProvider.apk /system/app
adb push DownloadProvider.apk /system/app
adb push GoogleServicesFramework.apk /system/app
adb push Market-3.4.4.apk /system/app
adb push init.qcom.post_boot.sh /system/etc
adb push fix-shared-user.sh /data/local/tmp
adb shell chmod 777 /data/local/tmp/fix-shared-user.sh
adb shell /data/local/tmp/fix-shared-user.sh
wait for the reboot, find market in the menu, and off you go (with downloads this time ;-)
if downloads still do not work after this, try re-executing the last line. android periodically writes to the file we are modifying, which might clobber our changes if unlucky.
I am thinking about buying one of these because I have seen it on sale for 50% discount. However, the general reviews aren't too encouraging, so will rooting make any difference to overall performance?
fatboy1976 said:
I have seen it on sale for 50% discount.
Click to expand...
Click to collapse
where is that?
throwaway4096 said:
you'll need GoogleServicesFramework.apk and Market-3.4.4.apk from the following links:
http://androidmarketu.googlecode.com/files/GoogleServicesFramework.apk
http://forum.xda-developers.com/showthread.php?t=1391565
install like so:
Code:
adb remount
adb push GoogleServicesFramework.apk /system/app
adb push Market-3.4.4.apk /system/app
find Market in the menu and off you go.
Click to expand...
Click to collapse
I'm finding the market force closes when downloading an app.
May I seek help from someone who has rooted recently? I am finding it pretty difficult to get into fastboot. So some questions as I continue to play.
Which version is currently rootable? I bought mine this week and want to be sure it is still applicable with the method here.
Do I need a USB driver to work this hack? EDIT: Yes, found with a web search.
When do I press the volume keys? Immediately after power? Similar timing? When I see the flicker on the screen? When I see the logo? Before all that? EDIT: I did not need the volume up key to get into fastboot.
Thanks!
rooting for beginners
Some friends and i ordered the kyobo to solve our eye-problem (nystagm)
We still canĀ“t figure out, how to root it.
Can you please give us some rooting instruktion vor beginners??
It would be so essential for us, as the kyobo is little worth without forgeign apps!
Thank you very much!
Joe
send2toonie said:
I'm finding the market force closes when downloading an app.
Click to expand...
Click to collapse
Hi, I am stuck with the same problem. Have tried many things?!
---------- Post added at 04:57 PM ---------- Previous post was at 04:32 PM ----------
smb_gaiden said:
May I seek help from someone who has rooted recently? I am finding it pretty difficult to get into fastboot. So some questions as I continue to play.
Which version is currently rootable? I bought mine this week and want to be sure it is still applicable with the method here.
Do I need a USB driver to work this hack? EDIT: Yes, found with a web search.
When do I press the volume keys? Immediately after power? Similar timing? When I see the flicker on the screen? When I see the logo? Before all that? EDIT: I did not need the volume up key to get into fastboot.
Thanks!
Click to expand...
Click to collapse
Hi, Managed to root my kyobo after about 8 h trying. I installed the firmware update on my kyobo, that is found on the web, as instructed from the SD card. Then I installed fastboot and adb on my computer (search for 'how to install fastboot and adb'), as I found instructions for that as well. To enter fastboot I kept Kyobos, volume down button for about 10 sec, when booting the device (kyobo connected to computer with USB) - nothing happens -> however on my computers command window (cmd), 'fastboot devices' command produces an answer with '? ..' as it should. The biggest issue I had was to get adb working. For this purpose I installed and removed a couple of USB drivers - I don't really know how I got it to work finally.
You can tell if you have succeeded installing a useful usb driver, if you enter the 'adb devices' command in the cmd window and it returns a device number. Then you are ready to go with the rest of the commands/instruction as seen in the insturction of this thread.
From the blackmart application I was able to install many useful applications - the Launcher application can replace the Kyobo "home" application, which is very useful.
I installed android market as well, but so far I have not been able to download and install applications. I think It might be a permission issue between kyobo software and the installed android market?
Hey Guys!
is there a way to root the kyobo via mikrosd?
thanks a lot
Joe
Hey Joe. I've seen you on this forum as well as The Digital Reader asking for help with the Kyobo rooting. I too am a beginner and I'm trying to build up the nerve to try it. Wish us both luck and I hope someone can share rooting-for-dummies with us.
@fatboy1976: rooting won't improve performance in itself. it makes the device better as you can install apps, but ofc the hardware is still the same.
@send2toonie: yes, sorry about that. it worked for me, but only thanks to other changes. it's hard to keep track :-/. i updated the original post with new instructions which should work properly.
@smb_gaiden: hah, excellent, i never tried that! original post updated.
@Joe84: it should be possible to root via microsd by creating an update.zip. i haven't gotten around to trying that yet, but maybe in future. for now this is as simple as it gets.
Kaarlos said:
Hi, I am stuck with the same problem. Have tried many things?!
---------- Post added at 04:57 PM ---------- Previous post was at 04:32 PM ----------
Hi, Managed to root my kyobo after about 8 h trying. I installed the firmware ...(updated -see above..) .., which is very useful.
I installed android market as well, but so far I have not been able to download and install applications. I think It might be a permission issue between kyobo software and the installed android market?
Click to expand...
Click to collapse
Jep! With the updated instuctions the Android Market now finally works!! Thanks! (Installed twice)
Kaarlos said:
Jep! With the updated instuctions the Android Market now finally works!! Thanks! (Installed twice)
Click to expand...
Click to collapse
Hi,
Could you post the OS/processor version and driver name that got adb working for you. If you can also remember the keys pressed to put the Kyobo in the correct boot mode for adb, that would be nice too.
I have also managed to load apps on my Kyobo but that is without having su, Superuser, adb and Android Market working. The above info would be helpful in fixing that. Holding the volume down fir 10 seconds after pressing power on puts the Kyobo into fastboot mode. Adb requires a different mode and set of key presses. This is because there is a menu of boot options being displayed which can't be seen on the Mirasol screen. I suspect this is because of display settings within the boot.img but that is only a guess on my behalf.

[Q] Is possible to root jelly bean?

I have just updated my Prime and I did not have rooted it with ICS. Is possible to root JB without previous rooting?
No. You must back up root using OTA Rootkeeper in order to regain root in JB. There is no known exploit for JB yet.
without restoring root with ota rootkeeper, try http://matthill.eu/mobile/root-trans...lybean-update/ and follow the instructions, follow the links for the files you need
tonesy said:
without restoring root with ota rootkeeper, try http://matthill.eu/mobile/root-trans...lybean-update/ and follow the instructions, follow the links for the files you need
Click to expand...
Click to collapse
lol, must be a joke.... dead link.
I have been actively pursuing this. Without bootloader unlock i dont beleive so.
If you Unlock the Bootloader or already have an Unlocked Bootloader, you can get root.
I haven't seen any exploits posted for the Prime in JB yet, so this may be your only way for now.
hx4700 Killer said:
lol, must be a joke.... dead link.
I have been actively pursuing this. Without bootloader unlock i dont beleive so.
Click to expand...
Click to collapse
He posted a bad link but doesnt work if you have no root access at all. This is just a "regain root if you have partial root" guide:
http://matthill.eu/?s=jelly+bean
Thread moved
Thread moved. This is clearly belonging into Q&A. Please post in correct Sub-Forum.
peace
jotha - forum moderator
Does any one know if one person with development capabilty is trying to find a way to root JB ?
I talked to bin4ry about his root method in hopes of working with him on modifications for the prime but he is telling me his mod is making the change he is exploiting according to what I am seeing but possibly ASUS disabled the emulator mode in this version of the OS. This is what would give you root access via ADB so changes can be made.
I couldnt get out of him what exactly his "restore timing exploit" is but I understand everthing after that
Outside of anything coming up I would say if you must have it now and don't mind voiding your warranty then use the unlocker tool and follow one of many guides on here to do it from an unlocked device.
Perhaps we can turn this thread into, or possibly start a new one about the different things people(devs and/or the technically savy) are finding in the quest for an exploit...
We could start with a list of what is known. Of particular interest would be the differences between the complete stock (me btw), was rooted but lost it, was rooted and kept it, and of course anybody who has managed to root it by messing around but not taken notes along the way.
here's what I have found.
from the PC, creating an adb shell allows me to ls /data/local/tmp/ but from a tablet's terminal emulator (shell?) I cant.
Typing id from both it becomes obvious why
From adb shell I get
Code:
uid=2000(shell) gid=2000(shell) groups=1003(graphics),1004(input),1007(log),1009
(mount),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt)
,3003(inet),3006(net_bw_stats)
from the tablet I get
Code:
uid=10126(u0_a126) gid=10126(u0_a126) groups=1015(sdcard_rw), 1028(sdcard_r),
3003(inet)
I was getting excited last night (burnt the midnight oil) trying what I thought might be a possible exploit with an android supplied command called "run-as". Its limitaions became obvious when I looked at the source code for it. You need an application pakage that is debugable and it cd's to its directory to run the command and a bunch of other things, so I compiled it on C4droid using just the main functions setresuid() and setresgid() but they both failed no matter what value was plugged into them based on UID and GID found here
http://forum.xda-developers.com/showthread.php?t=442557
I have yet to exhaust this avenue. I might be able to create an empty package and sign it as a system app, make it debugable and see what that yeilds but its looking like a convoluted process, espicially considering that run as may not work as intended on prime's JB
PS I want to state that I know precious little about linux and even less about the android layer above it...
Just as an FYI the way bin4rys tool is supposed to work is an exploit in which it makes a symlink to /data/local.prop and injects ro.kernel.qemu=1 in to local.prop then reboots.
This is supposed to put the device in emulator mode and when you connect with adb shell you get a root shell prompt. All the rest is fairly straightforward/standard. Remount file system as RW, install SU and superuser.apk with their permissions set properly in the proper places then break the symlink to local.prop and reboot.
What would help a lot is if someone who is already rooted can make the attempt, set qemu = 1 in the relinked local.prop then adb shell connect to see if you get a root prompt. Trying to confirm that emulator mode is enabled and you get root access as shell to see if this is even worth pursuing.
I would just use the unlocker tool but I am 2 weeks in to ownership of a new unit.
yes I have seen that typing adb root gives the message
Code:
adbd cannot run as root in production builds
it would indeed be interesting to see if changing "qemu" flags it as a non-production build. My sgs is rooted with CM10 nightlies might try toggling the value on that and see what adb says
Run-as
abazz said:
I was getting excited last night (burnt the midnight oil) trying what I thought might be a possible exploit with an android supplied command called "run-as". Its limitaions became obvious when I looked at the source code for it. You need an application pakage that is debugable and it cd's to its directory to run the command and a bunch of other things, so I compiled it on C4droid using just the main functions setresuid() and setresgid() but they both failed no matter what value was plugged into them based on UID and GID found here
http://forum.xda-developers.com/showthread.php?t=442557
Click to expand...
Click to collapse
Yes. I noticed the permissions on that file as well. I'm not an android person, so I don't know how that end works, but the permissions do look correct (setuid root, and runnable as group shell [which we get via adb, but not locally on terminal].
Based on the little bit that I have read, it seems that it may be getting the permissions assigned to the apk and running the command line with those permissions.
If that is correct, then running it via something with c4droid probably won't work, as it's permissions are whatever group it (c4droid?) was assigned at install.
So, how do does one / can one specify that the package is supposed to be root (uid 0). I'd guess (from a standard UNIX security perspective) that you can't just push arbitrary apps to the machine with 'run me as root' permissions. Otherwise, this would be a completely non-issue. But, is there a package which is pre-installed that we can exploit the permissions of to do this? I don't know yet.
Also, if my readings / assumptions were correct above, we probably don't want to do a setreuid(), but rather call bash/busybox as the 'command' issued in the name of the apk (since it would then run as root, or the uid of the package). Either that, or a system command(s) to chown/chmod the su binary that we can upload via adb (but which comes in as shell.shell).
Did you find the source for run-as somewhere? It would be interesting to look at to see if such a thing is possible. Failing that, it would be interesting to see if there were any sorts of buffer overflows that could be run against it. I've never tried such on arm7, but I've done it under UNIX on x86 and Sparc.
Thanks
Schemm
elschemm said:
Yes. I noticed the permissions on that file as well. I'm not an android person, so I don't know how that end works, but the permissions do look correct (setuid root, and runnable as group shell [which we get via adb, but not locally on terminal].
Based on the little bit that I have read, it seems that it may be getting the permissions assigned to the apk and running the command line with those permissions.
If that is correct, then running it via something with c4droid probably won't work, as it's permissions are whatever group it (c4droid?) was assigned at install.
Click to expand...
Click to collapse
Yes you are correct. setresuid() function will not give you permissions greater than the process its running in
So, how do does one / can one specify that the package is supposed to be root (uid 0). I'd guess (from a standard UNIX security perspective) that you can't just push arbitrary apps to the machine with 'run me as root' permissions. Otherwise, this would be a completely non-issue. But, is there a package which is pre-installed that we can exploit the permissions of to do this? I don't know yet.
Click to expand...
Click to collapse
Its worse than that, the package also has to be debuggable
There is some info out there on how to sing a package with the appropriate system permissions so it would be interesting to actually do this and see what, if anything can be done.
I downloaded the asus unlock package and passed it through the apk tool to see what it does, as it obviously would need root access. As root access is all i require the code it shows is irrelevant really, its the fact that it gains root access with its signature and also the uid that is set in the manifest android.sharedUserID="adroid.uid.system". This and, most importantly android.permission.MOUNT_UNMOUNT_FILESYSTEMS. WIthoput these things we cant change anything in the directories we need
Also, if my readings / assumptions were correct above, we probably don't want to do a setreuid(), but rather call bash/busybox as the 'command' issued in the name of the apk (since it would then run as root, or the uid of the package). Either that, or a system command(s) to chown/chmod the su binary that we can upload via adb (but which comes in as shell.shell).
Click to expand...
Click to collapse
Yes thats what we would do from the run-as command. What I was attempting to see was if I could get a root uid by creating a c program that uses the setresuid() function call thereby bypassing the need to have an appropriate package installed. As it didn't work I'm having dounts whether it would work even if the right package was there. run-as did make reference to package.h which I haven't looked at, so unless there are some system parameters that package.c extracts from the apk I dont really see how this will work...
Did you find the source for run-as somewhere? It would be interesting to look at to see if such a thing is possible. Failing that, it would be interesting to see if there were any sorts of buffer overflows that could be run against it. I've never tried such on arm7, but I've done it under UNIX on x86 and Sparc.
Thanks
Schemm
Click to expand...
Click to collapse
Yeah found the source here
I also searched for linux exploits, there are massive lists of them, most of them patched by now but I assume the linux base in JB would be somewhat different to whats getting around on X86 systems
On anather note I have tried bin4ry's "root many" method , using the restore timing exploit but had no luck.
HX... I looked through the scripts and all the misc files in bin4ry's zip package and could not find anything remotely indicating an injection of the qemu value. It make a symbolic link to the build.prop in com.android.settings...../file99, which was succesfull after pressing restore but thats about it. perhaps I should fire up ubuntu and try the linux script instead of the windows .bat file
Interestingly, this guys root method for the Razr M makes use of Run-as if you look at the batch file.
He is essentially doing a "fake package" install then runs an exe that is some sort of exploit. Finally he uses run-as against what I have to assume is the bug report feature of the droid and asks you to trigger a bug report with a button sequence.
So it seems he is getting something that has root privileges (bug report) to do something that grants SU and also implimenting run-as
http://forum.xda-developers.com/showthread.php?p=32889627#post32889627
I fear that remained a few developers interested in finding a way to root transformer prime with jelly bean, because all of them had tablet already rooted with ics and managed in mantaining rooting across upgrade.

[Q] My Nabi 2 wifi isnt working please help fellahs!

hey everyone long story short i rooted my tablet a while back and started having problems so i flashed a new rom and the wifi isnt working.
I went to androidfiles.org and clicked nabi 2 and download wifi-fix, ota update and stock zip rom and flashed those three zip files ( i compressed them) in twrp.. its booting up and everything but wifi isnt working. ive read a lot of peeps are having wifi probs. I have a xda link for my exact device and you guys tell me wut the hell im supposed to do. its got all kinds of stock roms and ota updats and stuff,... which one do i use wtf do i do. should i go one at a time from lowest to biggest, do i even need ota updates or w./e that is?!?!?!? please help guys my chirstmas is becoming a nightmare... its my only internet source.. i had to come all the way to the dang library for this crap.. please help!!!!! heres the link that might give u guys an idea on how to help.. heres the stock roms and stuff
http://forum.xda-developers.com/wiki/Fuhu_nabi_2 thank you!!!!!
duuude im baked said:
hey everyone long story short i rooted my tablet a while back and started having problems so i flashed a new rom and the wifi isnt working.
I went to androidfiles.org and clicked nabi 2 and download wifi-fix, ota update and stock zip rom and flashed those three zip files ( i compressed them) in twrp.. its booting up and everything but wifi isnt working. ive read a lot of peeps are having wifi probs. I have a xda link for my exact device and you guys tell me wut the hell im supposed to do. its got all kinds of stock roms and ota updats and stuff,... which one do i use wtf do i do. should i go one at a time from lowest to biggest, do i even need ota updates or w./e that is?!?!?!? please help guys my chirstmas is becoming a nightmare... its my only internet source.. i had to come all the way to the dang library for this crap.. please help!!!!! heres the link that might give u guys an idea on how to help.. heres the stock roms and stuff
http://forum.xda-developers.com/wiki/Fuhu_nabi_2 thank you!!!!!
Click to expand...
Click to collapse
Thought I would share some info I found when I ran into the wifi problem on my daughter's nabi. I did some searches on the internet and the typical answer I found for solving the wifi issue was "reset the device" or "unroot and return to stock rom - flash all updates and reroot". Being a glutton for punishment, and the fact I didn't want to reset the device, I searched and searched and was able to fix my daughter's wifi without doing a reset or unroot/reroot. Before I get into it I wanted to mention that wifi failures can happen for a number of reasons so while this worked for myself, it may not work for you.
Some prerequisites:
Most importantly; you need a rooted device. If you do not have root access you will not be able to write files or access the commands to fix the issue I am about to outline.
Some knowledge of linux would be helpful, but not necessarily required.
Lets get started:
Warning! It goes without saying but I will say it anyways - you can mess up your nabi by rooting it. Some of the commands below could mess up your nabi bad. If this scares you then you probably should not proceed any further. I am not responsible for any damage you do to your nabi.
Commands are listed between ' and ' - do not use the ' when inputing the commands.
Note: The first two/three steps are not necessary but they do give you insight as to how I was able to determine my problem. If following this doesn't fix the problem for you the logcat output may give you some important info that you can google that may help you fix your particular problem.
Note: Steps 5 and on can be skipped if you have a text editor (vi or nano) on your device. If you have a text editor loaded simply edit the conf file directly.
1. You will need to run the command 'adb logcat' in a command-line window and in your appropriate directory. Adb is available as part of the android sdk but can also be found stand alone since most people do not need the sdk.
2. Try to turn on the wifi. You should see the output of your adb logcat window scroll some data. If the wifi is not attempting to turn on at all sometimes you can move between the settings options then go back to the wifi settings and move the slider. If you cannot get your wifi to turn on you can scroll the window up and attmept to find the data from when the device started up. In the output you should see lines that talk about wlan0 and probably something that says "failed" somewhere. In my case I could see where the wlan0 enabled but then a few lines down it said something about "Line: 25 failed" and "failed to parse file".
3. The file is actually a configuration file used by the wifi kernal module/driver. In my case this file had become corrupted.
4. Set adb in root mode (won't work if the device does not have root access) by running 'adb root' at the command-line. You may need to click on an "allow root permission" window on the actual device after running this command.
5. Run 'adb pull /data/misc/wifi/wpa_supplicant.conf' from command-line. If this does not work then do the following:
a. Run 'adb shell' from command line.
b. 'su'
c. 'cat /data/misc/wifi/wpa_supplicant.conf' - copy the output from the command and paste into a text editor (see note in step 6 on why NOT to use notepad).
d. Save the file as wpa_supplicant.conf, preferrably in the same diretory as adb.
e. 'exit' twice should exit you from the adb shell and return you to your command-line. If all else failes a "ctrl-c" should drop you out of adb.
6. Use a text editor to open wpa_supplicant.conf. The file should be located int he same directory as adb. If you are using Windows I would strongly suggest you NOT use notepad. Notepad will typically change all the EOLs (End Of Line) from \n to \r\n which will really mess things up worse.
7. In the file you should see "network={" entries. There maybe one entry, there maybe many entries. You can remove all lines between "network={" and "}" including the latter themselves. If you see your 'home' network listed you can leave it as the only entry and make sure its priority is set to 1 but it maybe better to remove it as well just in case it contains part of the corrupted data.
8. Save the file.
9. Do 'adb push wpa_supplicant.conf /data/misc/wifi/wpa_supplicant.conf' from command-line. If this does not work then do the following:
a. Run 'adb push wpa_supplicant.conf /sdcard/wpa_supplicant.conf' from command-line.
b. Run 'adb shell'
c. 'su'
d. 'dd if=/sdcard/wpa_supplicant.conf of=/data/misc/wifi/wpa_supplicant.conf'
e. Do 'exit' twice to exit the adb shell. If all else fails then a "ctrl-c" should drop you ot of adb.
10. If the wpa_supplicant file was corrupted then the wifi should now be able to enable and you should now be able to connect to a network.
I hope this is helpful to at least a few people.

[GUIDE] Access locked AXON 7: How to clear the lockscreen security settings

I have been experimenting with flashing, etc. and somehow the lockscreen were corrupted and the pattern I was using was not longer valid. I had the fingerprint already setup so I could enter using the rear sensor, but having a corrupted lockscreen is annoying. THis method requires TWRP custom recovery. It is compatible with locked bootloaders and doesn't modify the stock boot or system. It is also compatible with all the AAXON 7 models.
If you have the stock ROM and need TWRP and ADB interface:
A. Setup ADB interface in your PC and device drivers. and connect your terminal to the PC.
B. Setup axon7tool in your computer. Enter into EDL mode by running the command "adb reboot edl" in the command prompt. The terminal will seen to be off.
C. Disable the antivirus and then backup your recovery image using axon7tool running "axon7tool -r recovery". Save the created file in a safe place.
D. Flash tenfar's signed TWRP as a new recovery using axon7tool. It will reboot to system again.
E. Open the command prompt and run:
Code:
adb devices
adb reboot recovery
1. In TWRP , and with the ADB interface properly installed run these the commands from your computer:
Code:
adb devices
adb shell mv /data/system/locksettings.db locksettings.db.old
adb reboot
Now the system will allow you to pass lockscreen without security. In that case you do not need to apply the rest of the steps. Should you continue experimenting issues with the lockscreen, then you should apply the full procedure. Just add the following 2 steps:
2. Open the command prompt and run:
Code:
adb devices
adb reboot recovery
3. When TWRP had fully loaded, run in the command prompt the following commands:
Code:
adb devices
adb shell mv /data/system/gatekeeper.pattern.key gatekeeper.pattern.key.old
adb shell mv /data/system/locksettings.db locksettings.db.old
adb shell mv /data/system/gatekeeper.password.key gatekeeper.password.key.old
adb shell mv /data/system/locksettings.db-shm locksettings.db-shm.old
adb shell mv /data/system/locksettings.db-wal locksettings.db-wal.old
adb reboot
If you want to restore the stock recovery, you just need to rename the recovery-backup.bin file created in step C back to recovery.bin and run the command "axon7tool -w recovery". after that you can enable your antivirus software again. axon7tool can't connect with some antivirus software. I will be editing this OP with links to the procedures required for each step. All of them are in this forums.
Enjoy
@Oki
To fix either " Wrong Pattern " , " Wrong Pin " users only need to delete " /data/system/locksettings.db " from either Terminal/File Explorer with root or TWRP File explorer then Reboot and you'll be good to go .
DrakenFX said:
@Oki
To fix either " Wrong Pattern " , " Wrong Pin " users only need to delete " /data/system/locksettings.db " from either Terminal/File Explorer with root or TWRP File explorer then Reboot and you'll be good to go .
Click to expand...
Click to collapse
Sure! but this guide is intended for people with the stock, unrooted, blocked bootloader who want to remain with a pure stock experience. Usually people without experience rooting devices. This is why I will edit the guide to add all the details to every step.
Could I do this with a pin as well? I restored a backup and it corrupted my password and I have to use the fingerprint on the back to get in.
twilighttony said:
Could I do this with a pin as well? I restored a backup and it corrupted my password and I have to use the fingerprint on the back to get in.
Click to expand...
Click to collapse
Yes, the procedure deletes everything. If you have problems just do the same also with:
gatekeeper.password.key
locksettings.db-shm
locksettings.db-wal
I have updated the OP just to describe the full procedure.
I had this problem earlier today of having the PIN corrupted, but I have it set to require the pin on the first boot.
I fixed it by removing all files ending in ".key" in /system. Not really sure how this compares to removing locksettings.db. Afterward, I put my password back using Google's device manager.
Of course, I am rooted with twrp, so this comes after setting that up.
Masterjuggler said:
I had this problem earlier today of having the PIN corrupted, but I have it set to require the pin on the first boot.
I fixed it by removing all files ending in ".key" in /system. Not really sure how this compares to removing locksettings.db. Afterward, I put my password back using Google's device manager.
Of course, I am rooted with twrp, so this comes after setting that up.
Click to expand...
Click to collapse
The problem of this method is that it only works if the bootloader is unlocked and the phone has the No-verify patch installed.
When you say "No-verify patch," are you talking about removing Google license verification from apps (via an app such as lucky-patcher for instance)? AFAIK that is on a per-app basis and wouldn't affect something like the lockscreen password.
So if the phone has those prerequisites (unlocked, No-verify, TWRP), is there a difference between removing the ".key" files and the locksettings.db? I am not entirely sure what the different files contain, and don't seem to be able to find this information through Google, though I may just not be searching the right set of keywords.
Masterjuggler said:
When you say "No-verify patch," are you talking about removing Google license verification from apps (via an app such as lucky-patcher for instance)? AFAIK that is on a per-app basis and wouldn't affect something like the lockscreen password.
So if the phone has those prerequisites (unlocked, No-verify, TWRP), is there a difference between removing the ".key" files and the locksettings.db? I am not entirely sure what the different files contain, and don't seem to be able to find this information through Google, though I may just not be searching the right set of keywords.
Click to expand...
Click to collapse
No-Verify is an additional security system implementend in the kernel. When No-Verify is active, it checks for the signature of the system partition. If the system was modified, then the system won't boot. This is why after unlocking the bootloader you have to apply No-Verify Patch or any package with the integrated patch such as SuperSU. As you can see, it has nothing to do with the app signature or the lockscreen at all.
The method presented in the OP is valid for most Android phones, and the only prerequisite is to have TWRP installed. It is safe and a lot more recommended than patching the system partition. Patching system or kernel should always be your last resort. usually deleting locksettings.db is enough, and it is a general method that works for almost any locking method.
On B25 and have followed all instructions. Seems this method no longer works :/

Categories

Resources