I could successfully install Ubuntu 13.10 via Complete Linux Installer under Android 4.4.2 (on a Nexus 5). If I reboot and then open Ubuntu 13.10, everything works fine. But if I close Ubuntu and open it again (without reboot), I get:
[email protected]:/ $
[email protected]:/ $ cd /sdcard/ubuntu
[email protected]:/sdcard/ubuntu $ su
sh /data/data/com.zpwebsites.linuxonandroid/files/bootscript.sh /sdcard/ubuntu/ubuntu.img
sh /data/data/com.zpwebsites.linuxonandroid/files/bootscript.sh /sdcard/ubuntu/ubuntu.img
[email protected]:/storage/emulated/legacy/ubuntu # sh /data/dcom.zpwebsites .linuxonandroid/files/bootscript.sh /sdcard/ubuntu/ubuntu.img
/data/data/com.zpwebsites.linuxonandroid/files/bootscript.sh[39]: dirname: not found
Checking loop device... FOUND
mount: mounting /dev/block/loop255 on /data/local/mnt failed: Device or resource busy
Error: Unable to mount the loop device!
1|[email protected]:/storage/emulated/legacy/ubuntu #
What is the problem?
Hear hear. Same issue Galaxy S5 g900r4. SELINUX is permissive(finally).
Hi everyone, I searched around but couldn't find anything similar.
On KitKat, I regularly insert my own messages into kernel and logcat logs from adb shell, either typing manually or with a batch file, in the following fashion:
Code:
adb shell "echo 'whatever' >/dev/kmsg"
adb shell "echo '\06title\0whatever\0' > /dev/log/main"
However on Lollipop, system logs (logcat) no longer use /dev/log/ but rather with a new "logd" mechanism with socket connection to /dev/socket/logdw for writing. However, if I simply modify my command to
Code:
adb shell "echo '\06title\0whatever\0' > [B]/dev/socket/logdw[/B]"
it does not work, instead giving an error message:
Code:
/system/bin/sh: can't create /dev/socket/logdw: No such device or address
But it does exist:
Code:
adb shell ls -l /dev/socket/logd*
srw-rw-rw- logd logd 1969-12-31 17:40 logd
srw-rw-rw- logd logd 1969-12-31 17:40 logdr
s-w--w--w- logd logd 1969-12-31 17:40 logdw
I'm not a software guy so not sure what is special with a socket connection. Is there any chance of being able to write to logcat directly with adb shell command, or will I need either an app or a compiled executable?
Thanks!
Came across this somewhat dated post as I was researching for the same thing.
I found a solution on stackoverflow dot com/a/33260551
Note, my phone is running 5.1.1, and you need to be rooted.
Code:
$ su -c which log && su -c log -h
/system/bin/log
USAGE: log [-p priorityChar] [-t tag] message
priorityChar should be one of:
v,d,i,w,e
I have an Lenovo Vibe C (a2020a40) and I want to use framebuffer. For example when I try
Code:
cat /dev/urandom > /dev/graphics/fb0
it returns with
Code:
tmp-mksh: cat: <stdout>: No such device
.
Code:
ls -al /dev/graphics/
crwsr-sr-x system graphics 29, 0 1970-01-23 12:32 fb0
Is there something I need to do to get fb0 working? BTW I rooted my phone by flashing SuperSU via TWRP.
A old thread about the same topic: https://forum.xda-developers.com/android/software-hacking/rooting-set-box-lge-sh960s-airtel-t3826462
So I have temp root using dirty-cow and have tried to edit default.prop to get adb by usb. didnt work, all are mounted read-only. tried remounting, fail, turning off SELinux, fail. heres the shell:
Code:
$ adb shell
[email protected]:/ $ /data/local/tmp/dcow /data/local/tmp/run-as /system/bin/run-a>
dcow /data/local/tmp/run-as /system/bin/run-as
warning: new file size (9804) and destination file size (17920) differ
[*] size 17920
[*] mmap 0xb6d64000
[*] currently 0xb6d64000=464c457f
[*] using /proc/self/mem method
[*] madvise = 0xb6d64000 17920
[*] madvise = 0 17449
[*] /proc/self/mem 10931200 610
[*] exploited 0 0xb6d64000=464c457f
[email protected]:/ $ /system/bin/run-as
uid /system/bin/run-as 2000
uid 0
0 u:r:runas:s0
context 0 u:r:shell:s0
[email protected]:/ # Hehehe
/system/bin/sh: Hehehe: not found
127|[email protected]:/ # which touch
/system/bin/touch
[email protected]:/ # touch Hi.txt
touch: 'Hi.txt': Read-only file system
1|[email protected]:/ # mount -o rw,remount /system
mount: Permission denied
255|[email protected]:/ # ls -ladZ sys
sys/ system/
255|[email protected]:/ # ls -ladZ system
drwxr-xr-x root root u:object_r:system_file:s0 system
[email protected]:/ # setenforce 0
setenforce: Couldn't set enforcing status to '0': Permission denied
1|[email protected]:/ # sestatus
/system/bin/sh: sestatus: not found
127|[email protected]:/ # cat
^C
130|[email protected]:/ #
130|[email protected]:/ #
130|[email protected]:/ #
130|[email protected]:/ #
130|[email protected]:/ #
130|[email protected]:/ # cat /etc/selinux/config
/system/bin/sh: cat: /etc/selinux/config: No such file or directory
1|[email protected]:/ # cd etc
[email protected]:/etc # ls
18p
NOTICE.html.gz
audio_effects.conf
audio_policy.conf
bluetooth
clatd.conf
dhcpcd
event-log-tags
fallback_fonts.xml
fonts.xml
gps.conf
hosts
media_codecs.xml
media_codecs_google_audio.xml
media_codecs_google_tv.xml
media_codecs_google_video.xml
media_codecs_performance.xml
media_profiles.xml
mkshrc
permissions
ppp
preloaded-classes
recovery-resource.dat
security
sysconfig
system_fonts.xml
wifi
[email protected]:/etc # touch lol
touch: 'lol': Read-only file system
1|[email protected]:/etc # mount -o rw,remount /
mount: Permission denied
255|[email protected]:/etc # su mount -o rw,remount /
/system/bin/sh: su: not found
127|[email protected]:/etc # sudo mount -o rw,remount /
/system/bin/sh: sudo: not found
127|[email protected]:/etc #
127|[email protected]:/etc #
so can I know why I am denied even tho I am root? Also can some-one guide me to write a blob extraction script? There is no fastboot.
as its a Android Marshmallow (6.0) device try to dump boot.img and flash modified magisk_patched.img on locked bootloader. Magisk has an option to by-pass dm-verity. this is confirmed method on some Mediatek devices, if you are lucky this will work
Code:
ls -d $(find /dev/block -name by-name)/*
cat /dev/block/.../by-name/boot > /sdcard/boot.img
if that works, adb pull the img, patch with Magisk Manager, make sure you have enabled both checkboxes for preserve encryption + keep AVB/dm-verity, push it back to device and try to flash
Code:
cat /sdcard/magisk_patched.img > /dev/block/.../by-name/boot
however, if the img is flashed and dm-verity is preventing from boot this is a permanently brick
FaIl
aIecxs said:
as its a Android Marshmallow (6.0) device try to dump boot.img and flash modified magisk_patched.img on locked bootloader. Magisk has an option to by-pass dm-verity. this is confirmed method on some Mediatek devices, if you are lucky this will work
Code:
ls -d $(find /dev/block -name by-name)/*
cat /dev/block/.../by-name/boot > /sdcard/boot.img
if that works, adb pull the img, patch with Magisk Manager, make sure you have enabled both checkboxes for preserve encryption + keep AVB/dm-verity, push it back to device and try to flash
Code:
cat /sdcard/magisk_patched.img > /dev/block/.../by-name/boot
however, if the img is flashed and dm-verity is preventing from boot this is a permanently brick
Click to expand...
Click to collapse
I dont have full root i guess: find: /dev/block: Permission denied
check /proc/partitions for two similar partitions with 10 or 16 MB one of these should be boot. try to dump the partition (for example on my device it's mmcblk0p7)
Code:
cat /proc/partitions
cat /dev/block/mmcblk0p7 > /sdcard/mmcblk0p7.img
if that fails try to disable selinux
Code:
echo 0 > /sys/fs/selinux/enforce
or
echo 0 > /data/local/tmp/enforce
mount -o bind /data/local/tmp/enforce /sys/fs/selinux/enforce
chmod 0644 /sys/fs/selinux/enforce
chown 0.0 /sys/fs/selinux/enforce
chcon u:object_r:selinuxfs:s0 /sys/fs/selinux/enforce
Can someone help with steps to root the device and backup current ROM
seniornoob58432 said:
A old thread about the same topic: https://forum.xda-developers.com/android/software-hacking/rooting-set-box-lge-sh960s-airtel-t3826462
So I have temp root using dirty-cow and have tried to edit default.prop to get adb by usb. didnt work, all are mounted read-only. tried remounting, fail, turning off SELinux, fail. heres the shell:
Code:
$ adb shell
[email protected]:/ $ /data/local/tmp/dcow /data/local/tmp/run-as /system/bin/run-a>
dcow /data/local/tmp/run-as /system/bin/run-as
warning: new file size (9804) and destination file size (17920) differ
[*] size 17920
[*] mmap 0xb6d64000
[*] currently 0xb6d64000=464c457f
[*] using /proc/self/mem method
[*] madvise = 0xb6d64000 17920
[*] madvise = 0 17449
[*] /proc/self/mem 10931200 610
[*] exploited 0 0xb6d64000=464c457f
[email protected]:/ $ /system/bin/run-as
uid /system/bin/run-as 2000
uid 0
0 u:r:runas:s0
context 0 u:r:shell:s0
[email protected]:/ # Hehehe
/system/bin/sh: Hehehe: not found
127|[email protected]:/ # which touch
/system/bin/touch
[email protected]:/ # touch Hi.txt
touch: 'Hi.txt': Read-only file system
1|[email protected]:/ # mount -o rw,remount /system
mount: Permission denied
255|[email protected]:/ # ls -ladZ sys
sys/ system/
255|[email protected]:/ # ls -ladZ system
drwxr-xr-x root root u:object_r:system_file:s0 system
[email protected]:/ # setenforce 0
setenforce: Couldn't set enforcing status to '0': Permission denied
1|[email protected]:/ # sestatus
/system/bin/sh: sestatus: not found
127|[email protected]:/ # cat
^C
130|[email protected]:/ #
130|[email protected]:/ #
130|[email protected]:/ #
130|[email protected]:/ #
130|[email protected]:/ #
130|[email protected]:/ # cat /etc/selinux/config
/system/bin/sh: cat: /etc/selinux/config: No such file or directory
1|[email protected]:/ # cd etc
[email protected]:/etc # ls
18p
NOTICE.html.gz
audio_effects.conf
audio_policy.conf
bluetooth
clatd.conf
dhcpcd
event-log-tags
fallback_fonts.xml
fonts.xml
gps.conf
hosts
media_codecs.xml
media_codecs_google_audio.xml
media_codecs_google_tv.xml
media_codecs_google_video.xml
media_codecs_performance.xml
media_profiles.xml
mkshrc
permissions
ppp
preloaded-classes
recovery-resource.dat
security
sysconfig
system_fonts.xml
wifi
[email protected]:/etc # touch lol
touch: 'lol': Read-only file system
1|[email protected]:/etc # mount -o rw,remount /
mount: Permission denied
255|[email protected]:/etc # su mount -o rw,remount /
/system/bin/sh: su: not found
127|[email protected]:/etc # sudo mount -o rw,remount /
/system/bin/sh: sudo: not found
127|[email protected]:/etc #
127|[email protected]:/etc #
so can I know why I am denied even tho I am root? Also can some-one guide me to write a blob extraction script? There is no fastboot.
Click to expand...
Click to collapse
Can you help me the steps you used to root via ditry cow?
aIecxs said:
check /proc/partitions for two similar partitions with 10 or 16 MB one of these should be boot. try to dump the partition (for example on my device it's mmcblk0p7)
Code:
cat /proc/partitions
cat /dev/block/mmcblk0p7 > /sdcard/mmcblk0p7.img
if that fails try to disable selinux
Code:
echo 0 > /sys/fs/selinux/enforce
or
echo 0 > /data/local/tmp/enforce
mount -o bind /data/local/tmp/enforce /sys/fs/selinux/enforce
chmod 0644 /sys/fs/selinux/enforce
chown 0.0 /sys/fs/selinux/enforce
chcon u:object_r:selinuxfs:s0 /sys/fs/selinux/enforce
Click to expand...
Click to collapse
How to disable selinux?
I am trying to put a binary in ramdisk and execute that binary towards the end of kernel init to launch it from a seperate thread. But I am not able to launch the binary as the binary doesnt have execution permissions..So do you know how I can give execution permissions to a binary in ramdisk..like first stage android init in ramdisk..
What do you mean with ramdisk? My understanding of RAMDisk is that it's a segment or portion of system memory on your Android phone that is used as a disk drive. In essence, it is a virtual storage, created by software, from your device’s RAM chip.
Anyway here I show you how a binary is made executable, assumed device's Android is rooted and you can access it via ADB then
Code:
adb devices
adb shell "su -c 'cd / && mount -t auto -o rw,remount <MOUNT_POINT>'"
adb push <BINARY_FILE> <MOUNT_POINT>/
adb shell "su -c 'chmod 0755 <MOUNT_POINT>/<BINARY_FILE>'"
adb shell "su -c 'chown <USER>:<GROUP> <MOUNT_POINT>/<BINARY_FILE>'"
where <MOUNT_POINT> is the partition / dir that will house the <BINARY_FILE>, where <USER> and/or <GROUP> can be specified by name or by number.