Related
Hi
I am new to hacking android. I have built linux distros in the past, and have worked with Linux for 15 years,
I have just rooted a ZTE V965. It doesn't come pre-installed with Play store, and has all sorts of ZTE-specific Chinese apps. It has a good baseband circuit, a good screen, reasonable camera and I think is a great value phone, apart from the awful UI.
It is an android phone, although heavily customised. It has an MTK6589 processor coupled with 4Gb ROM and 512Mb RAM.
I have other phones which operate a much more "Vanilla" android. For example, the Guophone 9105 which also uses an MTK6589. This has a troubling tendency to reboot every random interval. Approx 6 times a week.
I have had success in the past running Linux systems built for much earlier kernels on later kernels. This suggests the ABI (application binary interface) for the Linux kernel changes rather slowly.
I am wondering how well the userland apps are separated from the kernel and drivers on Android.
Specifically, is it feasible to dump all the UI stuff from one phone onto another then change the init to launch the other UI?
Would this risk bricking the phone, or would the shell commands and ADB infrastructure still likely operate?
I guess I should change the bootloader to one that supports fastboot first, right? Is ther a how-to on achieveing this from the root shell?
Thanks for any thoughts
Nick.
Nick Hill said:
Hi
I am new to hacking android. I have built linux distros in the past, and have worked with Linux for 15 years,
I have just rooted a ZTE V965. It doesn't come pre-installed with Play store, and has all sorts of ZTE-specific Chinese apps. It has a good baseband circuit, a good screen, reasonable camera and I think is a great value phone, apart from the awful UI.
It is an android phone, although heavily customised. It has an MTK6589 processor coupled with 4Gb ROM and 512Mb RAM.
I have other phones which operate a much more "Vanilla" android. For example, the Guophone 9105 which also uses an MTK6589. This has a troubling tendency to reboot every random interval. Approx 6 times a week.
I have had success in the past running Linux systems built for much earlier kernels on later kernels. This suggests the ABI (application binary interface) for the Linux kernel changes rather slowly.
I am wondering how well the userland apps are separated from the kernel and drivers on Android.
Specifically, is it feasible to dump all the UI stuff from one phone onto another then change the init to launch the other UI?
Would this risk bricking the phone, or would the shell commands and ADB infrastructure still likely operate?
I guess I should change the bootloader to one that supports fastboot first, right? Is ther a how-to on achieveing this from the root shell?
Thanks for any thoughts
Nick.
Click to expand...
Click to collapse
Hi Nick, I have the same phone. I'm also very new to android, last phone was iOS and before that windows. I managed to root the V965 using Vroot. I also managed to install SuperSU and CWM. However, the CWM is not fully functional, I can only do a factory reset, not install any packages or roms. Probably the phone has a locked bootloader. I can't check, because the USB driver with the phone doesnt support fastboot.
I really need to get google play working in this phone, read a lot of stuff, tried many things, but I havent succeeded yet. Please let me know if you make any progress.
In China they are flashing this phone, found some ROMs even, but I am not sure how they manage and google translate isn't much help there.
http://www.romjd.com/Device/zte-v965/hot/all/1
Hmmm my V965 is having some issues now
After a factory reset, the setup wizard keeps crashing. Even after another resest. So I can't get in the phone anymore.
Any chance you can send me the USB drivers that are on the phone? My phone isnt deteceted anymore, so I can't access the drivers, which I want to reinstall. And of course they are not on the ZTE website.
Byte_Me said:
Hmmm my V965 is having some issues now
After a factory reset, the setup wizard keeps crashing. Even after another resest. So I can't get in the phone anymore.
Any chance you can send me the USB drivers that are on the phone? My phone isnt deteceted anymore, so I can't access the drivers, which I want to reinstall. And of course they are not on the ZTE website.
Click to expand...
Click to collapse
Hi
You can temporarily download the ZTE v965 USB drivers from
www dot nickhill dot co dot uk forward slash ztev965usb dot zip
Byte_Me said:
Hi Nick, I have the same phone. I'm also very new to android, last phone was iOS and before that windows. I managed to root the V965 using Vroot. I also managed to install SuperSU and CWM. However, the CWM is not fully functional, I can only do a factory reset, not install any packages or roms. Probably the phone has a locked bootloader. I can't check, because the USB driver with the phone doesnt support fastboot.
Click to expand...
Click to collapse
Fastboot and ADB appear to be standard protocols, at least on my Ubuntu, which don't need special drivers. However, it does appear that the stock boot loaader on the v965 does fail to incorporate the fastboot option.
If you remove the battery, replace it then turn on holding the volume down, you will get a menu, but fastboot is not there.
I don't know for a fact, but I do suspect that if you have access to the running android system as root, then you could in principle change any of the internal flash data. Therefore, in principle, I guess you could replace the boot loader or anything else in the running android system. Anyone please correct me if I am wrong, or confirm if I am right.
The feature set of this phone seems to be the same as the feature set of my Guophone. MTK6589, dual SIM, etc. So this image may be a good place to start if considering a transplant.
If you have ROMs, then perhaps it is possible to flash the ROM from a root terminal. I'm thinking add the uncompressed ROM to the Micro SD card, then using the dd command, block copy it to the appropriate image area on the internal ROM, reboot, reset to factory defaults.
If anyone more experienced than me with the nuts and bolts of Android can confirm or deny this will work, or where it should be put, please let me know.
An important factor is that the NAND is not locked on the ZTE V965. So if you have a root shell on the phone, you can issue the following command:
mount -o remount,rw /[email protected] /system/
Once you have done this, you will have read/write access to the system partition.
The only thing I then need to know is what should I avoid changing that may break the ADB bridge/root console?
And is all the UI stuff kept together, if so, where?
Shuffle it around a bit, make a new ROM
Thanks for the driver!
Unfortuntely it doesn't help
I found out the culprit, I tried to install gapps (google apps package) to the system app folder. I thought these changes would be reversed with a factory reset, but they are not. Setupwizard.apk keeps crashing and is preventing me from accessing my phone, so I must find a way to remove it from the system app folder. However, since this error occurred, I am not able to contact the phone in any way from the PC. Adb toolkit does not detect it, even when I reinstalled your driver. It's quite puzzling, I dont understand why in recovery mode I cannot connect adb-toolkit anymore.
Got my V965 working again, but it was a lot of hassle with shell access. Still not fully functional, no drives detected when i connect to USB, which is quite annoying, but not more than that. If you ever make any progress with google apps or flashing, please keep me informed, that would make this phone much more useable. I'll also keep hacking away at it, but without a bootloader unlock (I still think this is the problem), I don't think it will be possible.
I'm convinced it's possible to flash the phone, it seems they do it a lot in China.
I found a website with a couple of custom ROMs specific for the V965:
http://www.romjd.com/Rom/Detail/17086
And what I suspect is a rooting & flashing tool. Rooting works, I haven't figured out flashing yet.
http://dl.vmall.com/c0xa12brvo
I've also tried flashing from the settings - update menu in the phone, but it never finds the ROM (update.zip)
I did find another problem, I can't be reached on my phone, it always goes to voicemail. Same SIM in another phone works fine. No idea what's causing this.
Byte_Me said:
Got my V965 working again, but it was a lot of hassle with shell access. Still not fully functional, no drives detected when i connect to USB, which is quite annoying, but not more than that. If you ever make any progress with google apps or flashing, please keep me informed, that would make this phone much more useable. I'll also keep hacking away at it, but without a bootloader unlock (I still think this is the problem), I don't think it will be possible.
Click to expand...
Click to collapse
Hi
I might be able to help you with the problem.
I have a mint, unused ZTE v965. I have used MTK Droid root and tools to extract a backup of the entire new phone. It is currently uploading to www dot nickhill dot co dot uk forward slash ZTE-V965_new_backup.zip
You should be able to write this back to your phone using flashtool.exe.
I don't know for sure if this will work, so entirely at your own risk! Just trying to help. If unsure, ask around.
I am new to this forum, so please remember to click the thanks button if you find anything I have done helpful!
Meanwhile, the MTK droid root and tools has a function to remove much of the chinese stuff (once the system has been installed) and there is always the cyanogenmod gapps package. This may be worth investigating.
Nick Hill said:
Hi
I might be able to help you with the problem.
I have a mint, unused ZTE v965. I have used MTK Droid root and tools to extract a backup of the entire new phone. It is currently uploading to www dot nickhill dot co dot uk forward slash ZTE-V965_new_backup.zip
Click to expand...
Click to collapse
The file size should be 635,972,093 bytes and should finish uploading at 04:00 GMT
md5sum 17ecfdd1040d5dbfab70a3adbc24e07a
Thanks for the ROM, i'll give it a go. I will try to install it using the update option in the settings, that seems the safest.
Be careful with gapps. setupwizard.apk + factory reset = a lot of problems (if you install in system app folder)
OMG that tool is awesome. created CWM boot, installed your ROM, then installed a clean ROM, then installed gapps, all working!!!
Byte_Me said:
OMG that tool is awesome. created CWM boot, installed your ROM, then installed a clean ROM, then installed gapps, all working!!!
Click to expand...
Click to collapse
Firstly, I'm glad it's working for you.
Secondly, which tools did you use? Did you unpack the zip, open flashtools, select the scatter file then program the phone, or did you use some other method?
Which clean ROM did you then install, and how did you install it?
Did you then use MobileUncle to install CWM then use the cyanogenmod 10.1 gapps, or did you do something different?
It is useful to remember that MTKdroidtools has a useful function to remove chinese stuff. I think if more people contributed to the list of Chinese files that are safe to remove, that would be blade.
A detailed step-by-step guide might be helpful for anyone else with the same problem. One of the general problems I find is that there are plenty of guides around referring to this program, or that program, but few are detailed enough for someone who doesn't already know about those programs to use.
I pretty much bricked a Lenovo A766 yesterday, and it took several hours to learn about the tools to eventually unbrick it.
I would have rather spent my time understanding what is really going on, rather than spending my time learning vaguely what tool achieves what end result. If I understood more about the Android system, and built that knowledge on my understanding of Linux, I reckon I could achieve much more.
One thing I notice is that tablets and smartphones are actually replacing desktops and laptops. February this year, windows machines were down 7% YOY. I use Ubuntu for my main computer. Using these tools on Windows led me to significant frustration! This has led me to understand why there is a move. Maybe the tools provided for windows need to eventually move to android. We could then potentially use USB OTG to service other android devices. MTKdroidtools and flashtools runnng as a host on a separate Android system would be cool.
Nick Hill said:
Firstly, I'm glad it's working for you.
Click to expand...
Click to collapse
Thanks, me too
Secondly, which tools did you use? Did you unpack the zip, open flashtools, select the scatter file then program the phone, or did you use some other method?
Click to expand...
Click to collapse
I used MTK tools as described in that topic, rooted, made backup, installed CWM
Which clean ROM did you then install, and how did you install it?
Click to expand...
Click to collapse
I used the update tool from CWM to flash this ROM:
http://www.romjd.com/Rom/Detail/17086
That ROM is not very clean though, You might as well clean your own ROM
Did you then use MobileUncle to install CWM then use the cyanogenmod 10.1 gapps, or did you do something different?
Click to expand...
Click to collapse
CWM is installed using MTK Droid Root and Tools:
http://forum.xda-developers.com/showpost.php?p=44660171&postcount=417
This gapps version I installed: gapps-jb-20121011-signed
It's installed using CWM bootloader: install .zip package
It is useful to remember that MTKdroidtools has a useful function to remove chinese stuff. I think if more people contributed to the list of Chinese files that are safe to remove, that would be blade.
Click to expand...
Click to collapse
I used the delete China function, but it didnt catch very much. But with all the functions available now, it's quite easy to clean manually.
A detailed step-by-step guide might be helpful for anyone else with the same problem. One of the general problems I find is that there are plenty of guides around referring to this program, or that program, but few are detailed enough for someone who doesn't already know about those programs to use.
Click to expand...
Click to collapse
Yes, I plan to make a topic for this phone, but at the moment I am still testing many things.
I pretty much bricked a Lenovo A766 yesterday, and it took several hours to learn about the tools to eventually unbrick it. I would have rather spent my time understanding what is really going on, rather than spending my time learning vaguely what tool achieves what end result. If I understood more about the Android system, and built that knowledge on my understanding of Linux, I reckon I could achieve much more.
Click to expand...
Click to collapse
I know how you feel, I was ready to toss this phone in the trash
One thing I notice is that tablets and smartphones are actually replacing desktops and laptops. February this year, windows machines were down 7% YOY. I use Ubuntu for my main computer. Using these tools on Windows led me to significant frustration! This has led me to understand why there is a move. Maybe the tools provided for windows need to eventually move to android. We could then potentially use USB OTG to service other android devices. MTKdroidtools and flashtools runnng as a host on a separate Android system would be cool.
Click to expand...
Click to collapse
I have no idea about the possibilities there. I'm not a programmer, just someone who is good with computers and knows a little bit of everything.
PS. I could also use some thanks as well, maybe get some respect around here
Nick Hill said:
...
Click to expand...
Click to collapse
Did you give it a try yet? Another user did and google apps are working for him, so thats 2 for 2.
Are you still on your original ROM? If so, I have a question for you. Do you get notification badges on your icons, for instance, when you have a missed call, is there a red box with a 1 on the phone icon? Also, do your contacts get ID-ed when they call you? I have some problems with that, caused by the country code prefix. I am still running that ROM I downlaoded from the Chinese forum, but if your ROM doent have these issues, I will switch back ASAP.
Nick Hill said:
Firstly, I'm glad it's working for you.
Click to expand...
Click to collapse
as you are a Lenovo a766 owner, may you help me with this?
http://forum.xda-developers.com/showthread.php?p=49076877#post49076877
Where are configuration settings stored accross factory resets?
I have come to the (perhaps erroneous) conclusion that the user interface and what the user will experience is governed primarily from:
the APKs in
/system/app/
/system/vendor/operator/app/
and the configuration files pertaining to the installed apps, which is located at:
/data/user/0/
I guess that when the android device is factory reset, the /data partition is completely cleared, right?
Is there a set of standard configurations which are unpacked from somewhere into /data/user/0/ after a factory reset, or is it normal for all configurations to be stored in their respective APKs?
Hello everyone,
I would really like to achieve a temporary root on my device. I am running the stock version, recently it updated to 20N for the Android 6.0 MM update.
I am very comfortable with adb and other command line interfaces (I primarily work on Linux servers remotely for my day job).
Are there any good resources for achieving a manual temporary root from adb on this device (or any Android device in general?). I find my Google-Fu searching has been lacking, I haven't found any reliable information on this in general for Android. Ideally, I would like to achieve a temporary root without having to wipe my device or install a new ROM. Am I correct in thinking that some sort of temporary root must be achieved before installing a custom ROM? I am wary of most "One Click" packages out there.... I prefer to do the grunt work and understand why/how something works.
In short, I yearn to see a '#' instead of '$' over an abd connection, specifically for an LG G4 H810 20N, but any general Android process is welcomed! Even being able to mount the filesystem as root (possibly from a bootloader or recovery mode) and access the internal filesystem as root via command line would be considered a success. I primarily want to be able to read/write files that are normally blocked from the standard user.
Thanks in advance!
MisterMagicFingers said:
Hello everyone,
I would really like to achieve a temporary root on my device. I am running the stock version, recently it updated to 20N for the Android 6.0 MM update.
I am very comfortable with adb and other command line interfaces (I primarily work on Linux servers remotely for my day job).
Are there any good resources for achieving a manual temporary root from adb on this device (or any Android device in general?). I find my Google-Fu searching has been lacking, I haven't found any reliable information on this in general for Android. Ideally, I would like to achieve a temporary root without having to wipe my device or install a new ROM. Am I correct in thinking that some sort of temporary root must be achieved before installing a custom ROM? I am wary of most "One Click" packages out there.... I prefer to do the grunt work and understand why/how something works.
In short, I yearn to see a '#' instead of '$' over an abd connection, specifically for an LG G4 H810 20N, but any general Android process is welcomed! Even being able to mount the filesystem as root (possibly from a bootloader or recovery mode) and access the internal filesystem as root via command line would be considered a success. I primarily want to be able to read/write files that are normally blocked from the standard user.
Thanks in advance!
Click to expand...
Click to collapse
Bad news: at this point it's not going to happen. With 6.x you have to have a modified kernel to get root and the locked bootloader on your phone will not allow that kernel to boot. In short: don't expect to see root on Marshmallow on this phone anytime soon and it will probably never happen.
I'm not saying that it's impossible, but it's almost certainly not going to happen.
http://www.xda-developers.com/a-look-at-marshmallow-root-verity-complications/
fatbas202 said:
http://www.xda-developers.com/a-look-at-marshmallow-root-verity-complications/
Click to expand...
Click to collapse
Thanks for the information! I have several 4.x and 5.x devices around and am still hoping to find some general information on manually achieving temp root access of the filesystems.
MisterMagicFingers said:
Thanks for the information! I have several 4.x and 5.x devices around and am still hoping to find some general information on manually achieving temp root access of the filesystems.
Click to expand...
Click to collapse
We are all hoping that you find something that someone else has overlooked! Good luck!
Hi all,
According to you, is rooting your device or unlock its bootloader a way for making it less secure, more vulnerable to attacks ?
Is it a false idea or a real subject ?
iwanttoknow said:
Hi all,
According to you, is rooting your device or unlock its bootloader a way for making it less secure, more vulnerable to attacks ?
Is it a false idea or a real subject ?
Click to expand...
Click to collapse
Yes it definitely is less seure
IronRoo said:
Yes it definitely is less seure
Click to expand...
Click to collapse
Thanks for your reply.
Coud you please give us more details ?
Do you mean that it can be hacked ?
What device's components are less secure when the it's rooted ?
iwanttoknow said:
Thanks for your reply.
Coud you please give us more details ?
Do you mean that it can be hacked ?
What device's components are less secure when the it's rooted ?
Click to expand...
Click to collapse
Yes, basically everything is less secure. Eg
quote "By gaining root access, you get total control over the entire system. With the right skills and tools, you can read and modify almost any parameter on your device. This is the reason why some apps, as as SuperSU, require root access in order to work properly. However, this type of access is a double edged sword as with root access nothing is there to prevent malicious applications from wreaking havoc on your system: system files can be corrupted or deleted, personal information can be skimmed, and you could even soft brick your device."
https://www.androidpit.com/5-reasons-not-to-root-your-device
And possible even just having su binary installed is an issue, though it's not clear to me whether this has been confirmed, it seems precautionary to me, if it's just a LinageOS issue or more devices are vulnerable, however this weeks update to Linage OS is trying to address this. Anyhow the fix seems to have some extra benefits
https://lineageos.org/Changelog-9/
Also, just to be clear, you are still able to be hacked even if you are not rooted, but it's a whole lot more difficult.
iwanttoknow said:
Thanks for your reply.
Coud you please give us more details ?
Do you mean that it can be hacked ?
What device's components are less secure when the it's rooted ?
Click to expand...
Click to collapse
Also just to be a tad bit more correct in nature,
Rooting or unlocking your bootloader do NOT necessarily mean your device is any less secure than it is when you first turn it on after purchase.
Many people tend to misunderstand what rooting a phone is intended for, and most of the popular "One-Click" methods are simple apps you download install and run on your phone to acquire root access through a process called "Privlidge Escalation" which gains permission as root by simply climbing a chain that eventually lets it give you access to all your phones internals,
Thus in theory, any given app could be injected with that same code & then used to MALICIOUSLY root your device (without your knowledge or control) which would obviously be a MAJOR security flaw *Cough Cough* on Google's end *Cough Cough* but since it is generally only used by geeks who want to use a phone properly they don't look too much deeper past that. However rooting your device by yourself, unlocking your bootloader by yourself, controlling root permissions via SuperSU or like application ensures if anything TRIES to gain root access YOU being the owner of YOUR device can deny the possible threat instead of never being aware of it........
Thanks for your reply.
What is *Cough Cough* ?
BTW I understand that a malicious application can take control of my device without I know it, if it's not rooted, by using the same code as applications rooting your device.
Do I have well understood what you wrote ?
But how can I have the insurance that I always will be warned by an application like SuperSU or others ?
I have necessarily to TRUST this type of application which could be also a malicious application...
It's a veritable vicious circle.
?
The question you should be asking yourself is this. Why do I want to root my device?
Though, any device may have vulnerabilities which can be exploited to gain root like mentioned. If you want to keep your device secure, do not install or use anything from an unknown source.
samehb said:
The question you should be asking yourself is this. Why do I want to root my device?
Click to expand...
Click to collapse
My main raison to root my device (if I did), would be to have a finest control on it.
But it's seems to be a difficult goal... like security in general.
?
iwanttoknow said:
My main raison to root my device (if I did), would be to have a finest control on it.
But it's seems to be a difficult goal... like security in general.
?
Click to expand...
Click to collapse
SuperSU will automatically deny anything asking it to provide root access by default . When you have an app for rooted phones installed and you run it for the first time you will get a pop-up from the SuperSU app to say "Yes, go ahead" or "No!" to anything before it even runs. So for me I always try to get devices with a way to root available because its the only way I know if stuff is trying to gain root access without my permission & watch it's actions.
@LilAnt530
Thanks for your reply.
My previous device was rooted and I used SuperSU.
But as I wrote before, "how can I have the insurance that I always will be warned by an application like SuperSU or others ?
I have necessarily to TRUST this type of application which could be also a malicious application..."
iwanttoknow said:
@LilAnt530
Thanks for your reply.
My previous device was rooted and I used SuperSU.
But as I wrote before, "how can I have the insurance that I always will be warned by an application like SuperSU or others ?
I have necessarily to TRUST this type of application which could be also a malicious application..."
Click to expand...
Click to collapse
Oh okay dude apologies the Open Source alternative to SuperSU is Phh's SuperUser & you can find it in the magisk related forum. SuperUser is only questioned as "Malicious" because ChainFire keeps the source closed from what I understand, so I believe it was Phusssion who came to light abt showing us systemless root methods with his open source root management app . You may need to root your phone with an unsafe method, & install Magisk Manager & deploy a magisk install to get the open source variant to work though, not 100% sure
It seems that it will be more and more difficult to root a mobile with new Android's versions.
iwanttoknow said:
It seems that it will be more and more difficult to root a mobile with new Android's versions.
Click to expand...
Click to collapse
I agree! And it also feels like its becoming a very heavy marketing plot aspect instead of another thing that made Android great. Like are we just supposed to pay ridiculously for the Pixel to obtain root? & for the record, that "Essential" phone, is still sorta essentially too expensive......
iwanttoknow said:
@LilAnt530
Thanks for your reply.
My previous device was rooted and I used SuperSU.
But as I wrote before, "how can I have the insurance that I always will be warned by an application like SuperSU or others ?
I have necessarily to TRUST this type of application which could be also a malicious application..."
Click to expand...
Click to collapse
Phh superuser with Magisk is a 100% open source method for managing root access on your device
Also discussed there: https://forum.xda-developers.com/showthread.php?t=2687933
Primokorn said:
Also discussed there: https://forum.xda-developers.com/showthread.php?t=2687933
Click to expand...
Click to collapse
Thanks I was trying to find one of those lol. As ive seen this question asked hundreds of times within recent months across forums
iwanttoknow said:
Hi all,
According to you, is rooting your device or unlock its bootloader a way for making it less secure, more vulnerable to attacks ?
Is it a false idea or a real subject ?
Click to expand...
Click to collapse
Rooting is a way to access the root-user on Android. It is the exact same as logging in as the root user in UNIX based operating systems. The windows equivalent of 'root' user, is an administrator account. Only difference is, within other UNIX based operating systems, the root user account is easily accessible. In android, it is blocked, so you need to do some process to gain access to the root user account. This process is known as "rooting".
Now, with administrative privileges, you gain the ability to modify the system, which is very useful, if kept in the right hands. But GOD FORBID, you get some nasty malware, such as a trojan or virus on your rooted device, that piece of malware now has access to administrative privileges, and can virtually do ANYTHING it wants to your system.
If you get some malware while the device does not have root access, the scenario is a lot less serious, as the malware cannot access system files, UNLESS there is an exploit designed SPECIFICALLY for that device or software version.
Now, unlocking bootloader in theory is a security flaw.... but then again, freedom is always inversely proportional to security... you have to sacrifice a bit of one to acquire the other. Theoretically, if all the custom operating systems you install are from trusted sources, and there is no embedded backdoors or spyware, or rootkits, or trojans, it is perfectly alright, software vulnerabilities, it is alright. But you simply cannot trust what these developers of custom roms actually embed into their roms, without actually examining the code itself.
I would recommend if you root and unlock the bootloader, install a custom recovery software such as TWRP. That way, in case your device gets compromised by hackers/malware, you can completely reformat the drive, and flash the stock firmware, thereby removing the malware.
Hope this helps.
Hope this helps.
---------- Post added at 09:31 AM ---------- Previous post was at 09:28 AM ----------
iwanttoknow said:
It seems that it will be more and more difficult to root a mobile with new Android's versions.
Click to expand...
Click to collapse
Yes, but the difficulty isn't because of the operating system necessarily. It is mostly because the phone manufacturers lock the bootloader, which makes the process of getting root very difficult. In addition to that, certain exploits that we use to gain root access are also being patched in the newer Android versions.
BIG_BADASS said:
Rooting is a way to access the root-user on Android. It is the exact same as logging in as the root user in UNIX based operating systems. The windows equivalent of 'root' user, is an administrator account. Only difference is, within other UNIX based operating systems, the root user account is easily accessible. In android, it is blocked, so you need to do some process to gain access to the root user account. This process is known as "rooting".
Now, with administrative privileges, you gain the ability to modify the system, which is very useful, if kept in the right hands. But GOD FORBID, you get some nasty malware, such as a trojan or virus on your rooted device, that piece of malware now has access to administrative privileges, and can virtually do ANYTHING it wants to your system.
If you get some malware while the device does not have root access, the scenario is a lot less serious, as the malware cannot access system files, UNLESS there is an exploit designed SPECIFICALLY for that device or software version.
Now, unlocking bootloader in theory is a security flaw.... but then again, freedom is always inversely proportional to security... you have to sacrifice a bit of one to acquire the other. Theoretically, if all the custom operating systems you install are from trusted sources, and there is no embedded backdoors or spyware, or rootkits, or trojans, it is perfectly alright, software vulnerabilities, it is alright. But you simply cannot trust what these developers of custom roms actually embed into their roms, without actually examining the code itself.
I would recommend if you root and unlock the bootloader, install a custom recovery software such as TWRP. That way, in case your device gets compromised by hackers/malware, you can completely reformat the drive, and flash the stock firmware, thereby removing the malware.
Hope this helps.
Hope this helps.
---------- Post added at 09:31 AM ---------- Previous post was at 09:28 AM ----------
Yes, but the difficulty isn't because of the operating system necessarily. It is mostly because the phone manufacturers lock the bootloader, which makes the process of getting root very difficult. In addition to that, certain exploits that we use to gain root access are also being patched in the newer Android versions.
Click to expand...
Click to collapse
Thanks a lot for your detailed answer.
If you need security, just root and install supersu or magisk.
If you have xposed framework, then try a nice fire wall like Xprivacy
As far as I can tell both SuperSU and Magisk are trusted and reliable, people wouldn't be using them, if they were untrustworthy. And I agree with Big's comments, freedom and ability to manipulate what you want in the device comes with a significant security issue. You are going to have to be careful about this either way.
Hi,
I have successfully unlocked my motorola phone using the motolora support
page.
Unfortunately, the motorola device does not have su(1) on it.
If I were to get an su binary from somewhere (like, compile it myself),
and store it on the sd-card or in some download directory, would I
effectively have rooted my device?
Without having to load some unknown binary from some hackers somewhere
(like superSu) in order to do it?
tmellman said:
Hi,
I have successfully unlocked my motorola phone using the motolora support
page.
Unfortunately, the motorola device does not have su(1) on it.
If I were to get an su binary from somewhere (like, compile it myself),
and store it on the sd-card or in some download directory, would I
effectively have rooted my device?
Without having to load some unknown binary from some hackers somewhere
(like superSu) in order to do it?
Click to expand...
Click to collapse
That is not how root works, the su binaries have to be in the /system partition, placing su binaries in user partition does absolutely nothing. What's wrong with using SuperSU?
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Droidriven said:
That is not how root works, the su binaries have to be in the /system partition, placing su binaries in user partition does absolutely nothing. What's wrong with using SuperSU?
Click to expand...
Click to collapse
If it's provided by Google or from the android source tree, then I would feel secure in using it. Other than that, I avoid solutions where I have to take binaries from unverifiable sources.
And in general, everybody offers some (binary) tool to do your rooting for you, but - once the manufacturer lock is removed - I don't understand why linux isn't linux.
tmellman said:
If it's provided by Google or from the android source tree, then I would feel secure in using it. Other than that, I avoid solutions where I have to take binaries from unverifiable sources.
And in general, everybody offers some (binary) tool to do your rooting for you, but - once the manufacturer lock is removed - I don't understand why linux isn't linux.
Click to expand...
Click to collapse
The developer that created the SuperSU app along with many other apps that you might be familiar with is called Chainfire and he's known worldwide, you might have heard of him.
Without him, alot of the custom software and a lot of the tools/apps we use to customize our devices wouldn't exist. He has been pretty much the most influential developer in the entire android rooting and customizing community. If that isn't verifiable enough for you then something is wrong with you. In fact, I'm pretty sure that you have or will require something he developed when you customize your device.
Everyone in this community uses at leat one of his apps.
Android operating system isn't linux, it's based on a Linux kernel but the operating system is very different. The linux kernel is about all that they have in common with a couple of exceptions.
Su binaries aren't something that would ever come from Google or android source tree. It will ALWAYS come from somewhere else other than Google or android source tree, even if you write the su binaries yourself, yours would be just as questionable because they also would not be coming from Google or android source. How would your own su binaries be any different than the ones that already exist?
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Droidriven said:
Su binaries aren't something that would ever come from Google or android source tree. It will ALWAYS come from somewhere else other than Google or android source tree, even if you write the su binaries yourself, yours would be just as questionable because they also would not be coming from Google or android source. How would your own su binaries be any different than the ones that already exist?
Click to expand...
Click to collapse
I've already gotten this URL from Usenet:
(googlesources) /platform/system/extras/+/master/su/
(unfortunately had to obfuscate the URL due to a limitation of the forum)
and have fetched arm-linux-gnueabi-gcc.
As to running from /system, I've seen mention of this:
mount -o remount,rw /system
Now perhaps I understand what that's needed for.
I'm collecting the information bit-for-bit, but am not 100% sure I'll be able to run with my image and without third-party code...
tmellman said:
I've already gotten this URL from Usenet:
(googlesources) /platform/system/extras/+/master/su/
(unfortunately had to obfuscate the URL due to a limitation of the forum)
and have fetched arm-linux-gnueabi-gcc.
As to running from /system, I've seen mention of this:
mount -o remount,rw /system
Now perhaps I understand what that's needed for.
I'm collecting the information bit-for-bit, but am not 100% sure I'll be able to run with my image and without third-party code...
Click to expand...
Click to collapse
If you want root, it will be third party code, regardless of what method, software or tools you use. Root is not a stock android or Google product so third party is the only source.
If you're on lollipop, Marshmallow or nougat then pretty much your only option to root your device is to use one of the universal rooting apps and hope one of them works. Otherwise, you probably won't get root.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
(NOTE: this post is a duplicate of a similar thread I started on the Android Central user forum)
Hello everyone,
In the continuing saga of the Leagoo T5C i bought before the holidays from GearBest, I've seen the good (the price and overall build quality, along with a reasonably good user experience), the bad (some notifications that I just can't get rid of, among other things), and I now present you the ugly: after watching a review video on YouTube about my device, I learned that it came loaded with a Trojan called "Gorilla.AM"...
***EDIT: apparently, the Trojan's name could actually be "Guerrilla.AM", I'm not sure.***
Needless to say, I did as the tester had, and installed Malwarebytes, which, sure enough, found the exact same Trojan on my device.
You can watch the video here: https://www.youtube.com/watch?v=R5l3z7BvBtk
It so happens that it's embedded in Leagoo's own application launcher, called Sujet (in French; maybe it's called "Subject" in English, I don't know). I can force quit the application, since I use another launcher called Apex (good pick, by the way), but Malwarebytes can't seem to shake the Trojan off my device nonetheless.
A quick search on Google gives very little in the way of information about this malware, but I'd like to be on the safe side, so I came here.
Any contribution would be welcome at this stage.
Hi. I've seen your post on a french-speaking forum but for my own reasons I don't want to help there, too many morons.
Leagoo is well-known for smartphones with built-in spyware/adware. I've had both a Z5 and a M5 and both had such crap in the stock firmware.
This one is new to me but you'll probably have to follow the same steps to get rid of it.
Try
Code:
adb shell pm disable <internal name of that launcher>
first (from a PC connected to the device with ADB - zillions of tutorials available for this)
The internal name can be found by guessing or by using one of the many apps that will show you the information. One is https://play.google.com/store/apps/details?id=com.csdroid.pkg
If that fails, try adding "-k -user 0" to the command line.
If it fails again (denied) then you have no choice but to root your device first, then use this pm command from a root shell or directly delete the folder for "Sujet/Subject" from /system/app or /system/priv-app where you'll find it.
Lannig said:
Hi. I've seen your post on a french-speaking forum but for my own reasons I don't want to help there, too many morons.
Leagoo is well-known for smartphones with built-in spyware/adware. I've had both a Z5 and a M5 and both had such crap in the stock firmware.
This one is new to me but you'll probably have to follow the same steps to get rid of it.
Try
Code:
adb shell pm disable <internal name of that launcher>
first (from a PC connected to the device with ADB - zillions of tutorials available for this)
The internal name can be found by guessing or by using one of the many apps that will show you the information. One is https://play.google.com/store/apps/details?id=com.csdroid.pkg
If that fails, try adding "-k -user 0" to the command line.
If it fails again (denied) then you have no choice but to root your device first, then use this pm command from a root shell or directly delete the folder for "Sujet/Subject" from /system/app or /system/priv-app where you'll find it.
Click to expand...
Click to collapse
Hi,
OK, first off, thanks for the reply. Secondly, as I've stated before, I'm new to Android, and though I know my way around the command line in both Windows, Linux et OS X (not so much macOS: my MacBook Pro is 12-years old...), I suppose there are some things to set up first, before you can actually do what you suggest.
I understand that ADB stands for Android Debug Bridge, so is it an existing functionality in, say, Windows, that you can trigger from the command line, or a third-party software you have to install first?
On the Android side, what action should I take? Any Developer command to enable/disable to let ADB interact with my device the way it's supposed to?
Yes, you need to enable debug mode on your phone too. I could refer you to one of the zillion tutorials available on the net, but here's a summary.
Go to settings > about... (à propos)
Make at least 7 rapid touches on the line that says "build number" or its french translation.
This will make a new settings menu available from the main settings page: developer options
In this new menu, enable USB debugging.
Then you need to install ADB on your Mac and I'm at loss to help you there because I'm totally foreign to Macs. Never used one.
This seems like a good start: https://www.xda-developers.com/install-adb-windows-macos-linux/
Note: you may also try issuing the commands mentioned above from a terminal emulator running directly on your Android device, although I'm told that it's not exactly the same thing protection-wise.
Install this: https://play.google.com/store/apps/details?id=jackpal.androidterm and try typing the commands from the emulator window. If it works, no need for ADB (although having ADB will probably prove useful sooner or later and I encourage you to take the step).
EDIT: forget the guys from Phonandroid, they're brain-damaged beyond help
Lannig said:
Yes, you need to enable debug mode on your phone too. I could refer you to one of the zillion tutorials available on the net, but here's a summary.
Go to settings > about... (à propos)
Make at least 7 rapid touches on the line that says "build number" or its french translation.
This will make a new settings menu available from the main settings page: developer options
In this new menu, enable USB debugging.
Then you need to install ADB on your Mac and I'm at loss to help you there because I'm totally foreign to Macs. Never used one.
This seems like a good start: https://www.xda-developers.com/install-adb-windows-macos-linux/
Note: you may also try issuing the commands mentioned above from a terminal emulator running directly on your Android device, although I'm told that it's not exactly the same thing protection-wise.
Install this: https://play.google.com/store/apps/details?id=jackpal.androidterm and try typing the commands from the emulator window. If it works, no need for ADB (although having ADB will probably prove useful sooner or later and I encourage you to take the step).
EDIT: forget the guys from Phonandroid, they're brain-damaged beyond help
Click to expand...
Click to collapse
OK, thanks for the heads-up; I've already installed a Terminal emulator on the phone, so I'm gonna give it a go in a moment. I concur about Phoneandroid, alas: I've just received flak from one of the moderators because I'd double-posted on the same subject, whereas I'd just posted one thread, in the wrong part of the forum, according to him. Go figure...
OK, please feed back on your attempts, both from terminal emulator and through ADB.
Alas, I suspect that root will be required. It was for me on my Z5 and M5 to get rid of Leagoo's crapware.
Phonandroid is a bunch of losers with bloated egos posing as experts when 2/3 of the replies given are total BS.
"Er, Houston, we've had a problem..."
On Windows: "ADB is not a recognized name for a command applet..."
On OS X: "adb: command not found"
Stumped, I am...
"Er, Houston, we've had a problem..."
On Windows: "ADB is not a recognized name for a command applet..."
On OS X: "adb: command not found"
Stumped, I am...
(Additional question, not quite related: Aida64 indicates that my device runs a 4.4.49 version of the Android kernel, when the current version for Android 7.x is supposed to be 4.4.1; how does that compute--no pun intended--with my issue?)
Missing adb command is because the adb.exe (Windows) or adb (Mac) file is not in the command path. Either make the folder that contains the adb[.exe] file the current folder using the cd command or use whatever context menu for opening a command line window within the currently selected folder works, or even add that folder to the PATH variable. Google "add directory to path" for Windows and MacOS.
No idea about the kernel version. Minor kernel versions may vary within an Android release. Not surprising and most definitely unrelated to your problem. The crapware certainly isn't part of the kernel. It's most likely a system app i.e. a folder within either /system/app or /system/priv-app folders. You can't delete it without root, but you might be able to disable (freeze) it with the commands I gave you.
OK, thanks. I did "cd" to the folder where I had unzipped ADB on Windows (on the Mac, when I tried to open the ADB executable, I got a "cpu not supported" error message in the Terminal, as I feared, since my MBP is 32-bit-only, and most Mac applications nowadays only support 64-bit CPUs), and still got the "adb unrecognized command" error in PowerShell.
The phone was plugged in, and the right USB mode, so I'm still a bit baffled here. Gonna try it again with a different approach. Will keep you posted.
Over and out...
OK, here's what I got: "Error: java.lang.SecurityException: Shell cannot change component state for com.leagoo.launcher3/null to 2"
Basically, from my poor understanding of how Android works, it's root or die, right?
UglyStuff said:
OK, here's what I got: "Error: java.lang.SecurityException: Shell cannot change component state for com.leagoo.launcher3/null to 2"
Basically, from my poor understanding of how Android works, it's root or die, right?
Click to expand...
Click to collapse
I see that this phone has 7.x android. So, a Magisk Systemless flash might work. After rooting your device, get a good launcher integrate it to /system. Then delete your stock launcher all together.
Tell me if this works.
---------- Post added at 01:23 PM ---------- Previous post was at 01:20 PM ----------
rhn19 said:
I see that this phone has 7.x android. So, a Magisk Systemless flash might work. After rooting your device, get a good launcher integrate it to /system. Then delete your stock launcher all together.
Tell me if this works.
Click to expand...
Click to collapse
If you are new to this, use an app from play store for uninstalling and integrating apps.
Hi,
Yes, like I said, I'm a newbie when it comes to Android, so I'll abstain from rooting my device for now, but I'll keep your suggestions under advisement, because I suppose there'll be no other option in the long run. I'm gathering info on how to safely root a device.
I've done countless jailbreaks on iPhones, and it was always absolutely painless, but then, I had better understanding of how iOS works than I have Android, so until I know more about the OS, I'll keep my phone as it is.
Thanks again!
UglyStuff said:
Hi,
Yes, like I said, I'm a newbie when it comes to Android, so I'll abstain from rooting my device for now, but I'll keep your suggestions under advisement, because I suppose there'll be no other option in the long run. I'm gathering info on how to safely root a device.
I've done countless jailbreaks on iPhones, and it was always absolutely painless, but then, I had better understanding of how iOS works than I have Android, so until I know more about the OS, I'll keep my phone as it is.
Thanks again!
Click to expand...
Click to collapse
Jailbreaking vs Rooting is like 5-1 on difficulty level. Because Android is Open source while IOS is not. I would highly suggest you Root it if your phone does not have warranty. After all something that is on /system partition like your launcher will need superuser access to modify it. I cannot think of a way that wont void your warranty.
You can flash TWRP and then boot into aroma-fm but that will void your warranty. Rooting is the preferred option here.
Yeah, well, the phone is brand-new, and still under warranty, but that's not what's holding me back: I'd rather not brick it, most of all, because I need it, if not as my main phone, at least for connectivity.
I've read tutorials on this very website about using TWRP to flash a new baseband, but I'm curious about what firmware to choose, where to download it from to be sure it's not laden with bad stuff, and how sure I'll be to have an operable phone afterwards.
UglyStuff said:
Yeah, well, the phone is brand-new, and still under warranty, but that's not what's holding me back: I'd rather not brick it, most of all, because I need it, if not as my main phone, at least for connectivity.
I've read tutorials on this very website about using TWRP to flash a new baseband, but I'm curious about what firmware to choose, where to download it from to be sure it's not laden with bad stuff, and how sure I'll be to have an operable phone afterwards.
Click to expand...
Click to collapse
Why do you want a new firmware? I don't get you man, do you want to clear out the malware or try a new ROM? Because i think you would have to build a new ROM, there is not one available i guess.
That's the thing: the malware on my phone is part of the application launcher installed by the OEM. In other words, it's embedded inside the ROM. If I root my phone and somehow manage to get rid of this launcher, what's to tell me that Leagoo won't push it silently back onto my device under the disguise of an update?
I don't know what to do here. I understand that based on stock Android, each OEM applies a certain number of modifications to accommodate the hardware it used to build the phone, and since the SoC is brand-new, I gather there aren't many drivers available, unless I leave the current baseline in place.
I'm kinda caught between a rock and a hard place here...
UglyStuff said:
That's the thing: the malware on my phone is part of the application launcher installed by the OEM. In other words, it's embedded inside the ROM. If I root my phone and somehow manage to get rid of this launcher, what's to tell me that Leagoo won't push it silently back onto my device under the disguise of an update?
I don't know what to do here. I understand that based on stock Android, each OEM applies a certain number of modifications to accommodate the hardware it used to build the phone, and since the SoC is brand-new, I gather there aren't many drivers available, unless I leave the current baseline in place.
I'm kinda caught between a rock and a hard place here...
Click to expand...
Click to collapse
If you use malwarebytes after root that thing wont happen. And almost all of the OEMs have a trigger which voids when rooting or flashing firmware. After that the OEM wont give you updates unless you use the A/B partitioning system.
OK, I understand how rooting my phone would void the warranty: after all, it's a substantial change in the phone software, and the OEM can't be made responsible for any mishap that occurs after I've rooted the phone.
What's the A/B partitioning system (I suppose it helps partition your storage space)? I don't have a microSD card installed (I use the slot for my second SIM), but I do have 32 Gb of storage space, minus what's already used up.
Do you know KingRoot? Is it as good and (reasonably) safe a rooting tool as they say it is?