Related
DO NOT POST IN THIS THREAD BEFORE READING THE WHOLE POST
PLEASE ADD GUIDES TO COMMON ISSUES YOURSELVES
To my recollection, the previous WM Guides thread was successful.. so we'll be moving on to android as well - from beginner to pro.
I hope this thread will provide answers to a decent percentage of your questions.
Please hold until guide collecting is finished..
In the meanwhile you are ALL invited to send me links or full guides to add to this thread.. remember, we are all about sharing.
COMING SOON! (in the meanwhile, you've got a great battery life guide at http://forum.xda-developers.com/showthread.php?t=471521 - be sure to thank BruceElliot for it!)
also, if you decide to post a guide, please keep the guide as neat as possible, with a title containing the LEVEL ([BEGINNER], [INTERMEDIATE], [PRO]) and the commonly searched words so that people who look for it can find it easily. (if you can, use the same color (dark orange) and same size (4) and Bold.. for the main title.. tho that's not a must )
post #2. [BEGINNERS+INTERMEDIATE] Replacing System Files using Android Commander
post #3. [EVERYONE] ADB Workshop by Adrynalyne and Guide by Captainkrtek
post #4. [QUICK FAQ's] Common QnA's for beginners by Timmymarsh (work in progress)
[BEGINNERS] Replacing system files using Android Commander
Replacing system files using Android Commander:
(This post was formally based in the HD2's RTL support thread and revolved around our need to replace frameworks)
so:
1. Download the android SDK from: http://dl.google.com/android/android...08-windows.zip
2. EXTRACT(!!!) the android-sdk-windows to c:\
(make sure you extract the dir - not run the setup from inside the zip file)
3. install Android Commander from http://androidcommander.com
4. Connect your device and make sure it's set to Debugging mode in /settings/applications/development/
5. You might have to set a dir containing your adb.exe file. set it to c:\android-sdk-windows\tools\
6. You will see a Total Commander-like interface. you can then copy the framework.jar file to the correct directory (there's no difference between SD android builds and androids in ROM - the system dir will be shown the same way)
a. Yes, you can replace/delete system files while android is running.
b. (for androids running from SD) Any file copied to /sdcard/android/root/system/X will be copied to /system/X in the system file. The sdcard/android root dir is JUST LIKE your root in ROM androids.
c. Make sure you either created a backup or verified a match in any other way before replacing files like frameworks, zimage, modules, etc.. your android might not boot afterwards (I keep all system.ext2 files backed up so that i can restore them incase i screw something up.)
enjoy
[EVERYONE] ADB Workshop by Adrynalyne and Guide by Captainkrtek
This following guide was rewritten by Captainkrtek, please make sure to thank him for it
Original Post:
(http://forum.xda-developers.com/showthread.php?t=879701)
This workshop was held in #android-learning on irc.freenode.net by XDA Member Adrynalyne. All credit to him for this guide, I simply am taking it and turning it into a guide. Here we go!
You can find the raw IRC log here
Good evening folks, and welcome to my ADB workshop. This is by no means a full explanation on the subject, but more of a crash course to help folks get up to speed, and get more from their devices. There may be some things you already know here, so please be patient and respect those who do not.
Reference Files
http://adrynalyne.us/files/How to install adb.pdf
http://adrynalyne.us/files/Using ADB.pdf
So, lets just start with the basics.
What is ADB?
ADB stands for the android debugging bridge and is used for testing and debugging purposes by developers.
However, we like to get more out of our devices, and its a great way to fix things.
Knowing adb can mean the difference between a paperweight and a working phone.
So, to start with, we will look at installing ADB.
Generally speaking, the Sun/Oracle JDK is required to run all SDK functions.
ADB is but one tool in the SDK arsenal.
So, we begin by downloading and installing the JDK. This can be found here:
https://cds.sun.com/is-bin/[email protected]_Developer
Choose your OS, download and install. I recommend that 64 bit users use the regular x86/32 bit version as well.
Moving ahead, we download the Windows sdk from here:
http://dl.google.com/android/installer_r08-windows.exe
Due to already installing JDK, you won't be stopped by the install process.
Now, if you notice, I installed it to:
C:\android-sdk-windows
I did this because it makes things easier when setting up path variables.
I encourage everyone to do the same, but obviously it is not required.
So, this SDK is handy, but is only good up to 2.2. We want the latest and greatest! (Well I do)
So, we navigate to:
C:\android-sdk-windows\
and we run SDK Manager.exe
If you notice in your PDF file for installing adb, you will notice that you can update, and I made a choice not to include earlier sdk versions.
I won't go into full detail on that, but depending on the version of SDK you have, 8 or 9, it WILL make a difference in using adb.
By default, for version 8 adb.exe resides in C:\android-sdk-windows\tools
By default, for version 9 adb.exe resides in C:\android-sdk-windows\platform-tools
We will assume version 9 in this guide
Really, the SDK is installed and adb is usable right now, but in my humble opinion, its not enough
I like the ability to use adb in ANY directory on my machine.
To do this, we edit Windows's environment variables.
Specifically, the system path.
To do this, we click on start, or the orb (depending on OS), and right click on Computer, left clicking on properties in the menu.
If its windows XP, I believe it brings you into advanced system properties immediatly. Vista and 7 need a second step.
On the left hand side, as you notice I have highlighted in the pdf, left click advanced system settings.
Under advanced tab, we left click environment variables...
There are two boxes here.
We are concerned with system variables, however.
So we scroll down the list and highlight path and click edit.
Ignoring all the extra stuff in here, make sure you are at the end of the line, and type
Code:
;C:\android-sdk-windows\platform-tools
The semicolon allows us to separate it
from the previous path statement.
Click ok all the way out.
We now have ADB setup globally. We can use cmd.exe (I use powershell) and no matter what directory we are in, adb is recognized.
If it is not, make certain you entered the path into system variables, and made no typos.
If you installed to a different location, you will need to adjust the path accordingly.
This concludes the section on installing the Android SDK to use ADB.
This next section will be on using ADB, so please open that pdf now.
Now, this applies to any OS, not just Windows.
Well, with the exception of the USB drivers.
I will not go too much into that, but if you take a look at the PDF, it goes through installing usb drivers for the sdk, and how to download them.
Fiarly straightforward, in that rspect.
Now, to setup our phones to use with the SDK and ADB, we must change some settings.
First, we go to menu softkey, then settings.
We scroll down to Applications and tap it.
Under Development, we will check Enable USB Debugging. Please note the SGS phones are different in this respect.
The USB cable must be unplugged before enabling or disabling this setting.
Once this is done, we are now ready to play with adb
One quick note: If you get device not found/conencted, please reboot your phone. DJ05 has a quirk in it where ADBD randomly crashes on boot.
A reboot will fix this
ADBD= ADB Daemon
Ok, continuing on.
Lets look at installing applications. This is also known as sideloading.
Unlike installing from the SD card, it does not require unknown sources to be enabled.
The command for this is
Code:
adb install packagename
This assumes that you are working from the directory where the file is located.
This will install the application to /data/app.
It will also show sometimes useful errors if install fails.
That is not something you will see from the Android GUI.
Now, a lot of us have probably deleted files with apps like Root Explorer. While this isn't really a bad thing, it leaves behind databases and data for the application removed.
This is where the 0kb applicaiton entries come from.
If you take that application entry name, you can uninstall the extra data via adb.
First we go to the adb shell which logs into the phone.
Code:
adb shell
If we end up with a $, we will want admin rights, in many cases. This is not one of them, I don't beleive.
To get admin rights, you want to type
Code:
su
Look at your phone if this is the first time, it may prompt you to allow access. Else you will get permission denied.
If you are not rooted, this will not work either.
Ok, now that we are logged in, we will type
Code:
pm uninstall packagename
where packagename is the name of the 0kb listing.
Now this seems like a pain in the a** and I agree.
HOWEVER
There will be a time where Manage applications crashes when you try to uninstall it from the phone. In this case, a factory reset, or this method is the only effective way to fix the problem.
Moving on.
How many of us have removed system applications or renamed them? Did you know that you can simply disable them from the system?
Code:
adb shell
su
pm disable appllicationname
This will disable it, and the system will ignore it.
This can be seen as safer than deleting or renaming things, but your mileage may vary.
On the other hand, you can also re-enable these applications.
Code:
adb shell
su
pm enable applicationname
Please note: Not all applications will properly re-enable. I believe a factory reset or reinstall of said application will fix the issue.
Also, application names are absolutely case sensitive.
*nix based Operating Systems see the letter 'a' and 'A' as two different things.
when you log into adb shell, you are playing by android rules
Ok, a lot of us tweak and mod our phones and turning off the device to get to clockwork recovery, or battery pulls, or multiple button holds to get into Download mode are troublesome and annoying at best.
ADB can help us here.
Here, we do not need to be logged into the shell
If we want to merely reboot the phone:
Code:
adb reboot
If we want to go to recovery (works well with voodoo5)
Code:
adb reboot recovery
If we want to go to Download Mode because we need Odin, heaven forbid:
Code:
adb reboot download
Its instant. No waiting on animations or anything else.
Its also handy if Android has locked up, but yet still works in adb.
I for one hate taking my case off to battery pull.
So now we move on to pushing and pulling files.
Sometimes, I don't feel like mounting my sd card to copy a file over to my phone.
I can use this command to push a file straight to my sd card:
Code:
adb push filename /pathtodirectoryonphone
So for instance, if I have test.txt that I want to send, I would type:
Code:
adb push test.txt /sdcard/
and there it goes.
Ok moving on
Pushing files can be done to any directory, however, some are protected.
For instance, /system is going to give you a permission denied or a read only filesystem error.
To get around this, the easiest thing to do is push the file to your sdcard, then log into the shell:
Code:
adb shell
Code:
su
We will then mount the system as writable
Code:
mount -o rw,remount /dev/block/stl9 /system
Then we can use something like
Code:
cp /sdcard/test.txt /system/app/test.txt
cp stands for copy
and it requires the path of the file and destination path. The name of the file is optional
When you copy it, you can rename it to whatever you like.
For instance, if we wanted to backup a file
Code:
cp /sdcard/test.txt /sdcard/backuptest.txt
Now, lets assume you do not have busybox installed.
You non rooted users will not.
Then you must use a slightly more complicated command called dd
This is used like this:
Code:
dd if=/sdcard/test.txt of=/system/app/test.txt
if is for inputfile
of= output file
Not every user friendly, but probably one of the safer copy commands.
Ok, moving on to pulling files.
Lets say you want to get a file from your phone, to modify, backup, etc.
To do this, we simply use adb in this manner:
Code:
adb pull /pathtofile/filename destinationname
For instance, if I wanted to backup ADW launcher in system/app
I would do this
Code:
adb pull /system/app/ADWLaucnher.apk ADWLauncher.apk
And it will pull the file from the phone and put it in the current directory.
Like above, you can specifcy where it goes.
pushing files to the sdcard, it seems prudent to talk about changing permissions.
sdcards are typically fat32, which destroys permisisons, and Android is heavily permission based.
So if you push an application to your sd card, then try to copy it to /system/app/ bad things are going to happen, or the app may not even show up.
So in that case, we use something called chmod.
This is used in this manner
Code:
adb shell
su
chmod 755 /pathtoapplication/applicationname
Keep in mind
you dont want to do this while its still on your sd card.
an example
Code:
adb shell
su
chmod 755 /system/app/ADWLauncher.apk
755 is good for applications and script files.
Just a couple more topics to cover.
Lets go over deleting files.
This becomes especially handy for removing rogue applications.
To do this, we must be in the adb shell.
Code:
adb shell
su
rm /system/app/ADWLauncher.apk
You may need to remount system as writable with:
Code:
mount -o rw,remount /dev/block/stl9 /system
That applies when using chmod as well.
So what I did above was delete ADW Launcher from system/app
However, what if I wanted to delete the entire contents of a directory?
Same thing as before, except
Code:
adb shell
rm -f /data/dalvik-cache/*.*
I just cleared my dalvik-cache with that command
very quick, very effective.
If you just tried that, please reboot your phone now
Ok....this leaves us with the final topic: logcat
logcat allows us to log what the OS is doing, and possibly delve information for when things are not working
its quite simple Reading it is another.
To use logcat
Code:
adb shell
logcat
To logcat to a certain file do
Code:
adb shell
logcat > /sdcard/logcat.txt
Now we let the log settle down to a reasonable amount of data coming in and not a wall of scrolling, then start the app in question. When it gives an error, we hit ctrl-C and kill the adb shell session.
This should have captured enough data to see the error. Now, I prepared an example. A user came to me on IRC, and Google Maps was force closing. Clearing data didnt fix it, Clearing dalvik-cache, and fix permissions did not fix it. In this case, the user did not know how to use adb So I had him grab an app called alogcat from the market and email me the log. This is also a very valid method.
this file explains what the problem was, and highlights what to look for as an example.
http://adrynalyne.us/files/logcat.pdf
___________________________________________________________________
This concludes the guide from Adrynalyne, there will be more workshops such as this one in irc.freenode.net #android-learning.
Thanks to everyone in #samsung-fascinate !
QUICK FAQ's
sources: Q&A Section, The Weekly Q&A Section by XDA News Writers (thanks guys)
Q: ‘Is there any way to block specific apps from using my data connection?’
A: Try the Droid Wall application.
Q: ‘I read how you can make changes in the build.prop file on my Android device. How exactly do I get to it?’
A: Install ASTRO file manager, browse to /system, long press on build.prop – Edit – Copy. Press on the home icon then Edit icon – Paste. Connect sd card, edit it, and paste it over from where you copied build.prop
Q: What happens if I update my phone? will I need to re-root it and get the ROM again? will all of my applications get erased? If so, is there a way around this?
A: You will lose your root, but not apps if it is just an update.
Q: I just tried to flash a ROM from recovery on my Android phone and got “Verification Failed, Installation Aborted” What happened?
A: Before you can flash a custom ROM the .zip file must be digitally signed in the ROM kitchen, if unzipped and re-zipped it will lose its verification, this happens often using the Safari browser as it likes to decompress .zip’s. Or if your download is corrupted (download the ROM again) it will fail the Verification.
Q - HTC Location Widget shows "map data unavailable"
A - On the widget, click the pin/then click the windows button/click get more/scroll to download maps/download relevant map (care, maybe a big file). Now exit and click onto map, your location should now be visible :)
Q:So, I moved all the apps on the SD, but is still not enough. How can I free some memory? I could delete the cache of the older upgrade or something else?
A:Do you have pictures and videos? If so, check if they are on the SD card and not on your internal memory. Cleaning your cache helps, and try deleting your text messages threads.
Q: ‘What exactly is a kernel and what are the benefits in changing it?’
A: A kernel is a bridge between the applications and the actual data processing done at the hardware level. The kernel’s responsibilities include managing the system’s resources – the communication between hardware and software components. Flashing different kernels gives you different operating speeds, better battery life, the ability to overclock, and more.
Android control other device with IOIO Board.
It use ADB.
http://androidcontrol.blogspot.com/2011/10/ioio-board-for-android-control-io.html
timmymarsh said:
QUICK FAQ's
sources: Q&A Section, The Weekly Q&A Section by XDA News Writers (thanks guys)
Q: ‘Is there any way to block specific apps from using my data connection?’
A: Try the Droid Wall application.
Q: ‘I read how you can make changes in the build.prop file on my Android device. How exactly do I get to it?’
A: Install ASTRO file manager, browse to /system, long press on build.prop – Edit – Copy. Press on the home icon then Edit icon – Paste. Connect sd card, edit it, and paste it over from where you copied build.prop
Q: What happens if I update my phone? will I need to re-root it and get the ROM again? will all of my applications get erased? If so, is there a way around this?
A: You will lose your root, but not apps if it is just an update.
Q: I just tried to flash a ROM from recovery on my Android phone and got “Verification Failed, Installation Aborted” What happened?
A: Before you can flash a custom ROM the .zip file must be digitally signed in the ROM kitchen, if unzipped and re-zipped it will lose its verification, this happens often using the Safari browser as it likes to decompress .zip’s. Or if your download is corrupted (download the ROM again) it will fail the Verification.
Q - HTC Location Widget shows "map data unavailable"
A - On the widget, click the pin/then click the windows button/click get more/scroll to download maps/download relevant map (care, maybe a big file). Now exit and click onto map, your location should now be visible :)
Q:So, I moved all the apps on the SD, but is still not enough. How can I free some memory? I could delete the cache of the older upgrade or something else?
A:Do you have pictures and videos? If so, check if they are on the SD card and not on your internal memory. Cleaning your cache helps, and try deleting your text messages threads.
Q: ‘What exactly is a kernel and what are the benefits in changing it?’
A: A kernel is a bridge between the applications and the actual data processing done at the hardware level. The kernel’s responsibilities include managing the system’s resources – the communication between hardware and software components. Flashing different kernels gives you different operating speeds, better battery life, the ability to overclock, and more.
Click to expand...
Click to collapse
Thank you for your patience and taking the time to answer those questions. I loved your simple and easily digestible format.
There is a note
*nix based Operating Systems see the letter 'a' and 'A' as two different things.
when you log into adb shell, you are playing by android rules
Click to expand...
Click to collapse
this note is all wrong..
1. linNUX is not *NIX.
2. Mac OS-X is a *NIX OS, it is based upon UNIX, they use their own variant called Darwin. Darwin does not require capitolization.
3. The word should be POSIX. Linux is POSIX compliant and POSIX defines the capitolization standardards
soft brick
Taioba said:
Is there any way to use ADB even though I can not enable USB debugging by the android?
I have an Atrix with soft-brick. How can I restore a file (framework-res.apk) knowing that my USB debugging is off?
I can enable ADB via fastboot?
Thanks!
Click to expand...
Click to collapse
I found this for atrix 4g....
http://forum.xda-developers.com/showthread.php?t=965546
hope it helps
knoknot said:
i have a bricked s2 not so sure how to go about reviving it via adb
Click to expand...
Click to collapse
check this thread
http://forum.xda-developers.com/showthread.php?t=1237815
thanks. searched for that
Thanks for it.
Great Guys............ :good:
Thanks for sharing.
Thanks for sharing this guild :d, i am new member for reccod
Great job~ Sometimes could be used this.
I'm using Windows 10 RTM and I've set the path, yet I still get the "unrecognized application" error in the command console. What am I missing?
Nevermind, a restart fixed it. Used to be you didn't have to.... sheesh.
nir36 said:
Replacing system files using Android Commander:
(This post was formally based in the HD2's RTL support thread and revolved around our need to replace frameworks)
so:
1. Download the android SDK from: http://dl.google.com/android/android...08-windows.zip
2. EXTRACT(!!!) the android-sdk-windows to c:\
(make sure you extract the dir - not run the setup from inside the zip file)
3. install Android Commander from http://androidcommander.com
4. Connect your device and make sure it's set to Debugging mode in /settings/applications/development/
5. You might have to set a dir containing your adb.exe file. set it to c:\android-sdk-windows\tools\
6. You will see a Total Commander-like interface. you can then copy the framework.jar file to the correct directory (there's no difference between SD android builds and androids in ROM - the system dir will be shown the same way)
a. Yes, you can replace/delete system files while android is running.
b. (for androids running from SD) Any file copied to /sdcard/android/root/system/X will be copied to /system/X in the system file. The sdcard/android root dir is JUST LIKE your root in ROM androids.
c. Make sure you either created a backup or verified a match in any other way before replacing files like frameworks, zimage, modules, etc.. your android might not boot afterwards (I keep all system.ext2 files backed up so that i can restore them incase i screw something up.)
enjoy
Click to expand...
Click to collapse
Thanks, this Guide is very informative
Help with LG D722
I'm using LG D722 phone and I somehow unlocked bootloader and installed twrp recovery. I backed up Lollipop that's what I'm using and i want to restore custom ROM
I know I need to install Google Apps after installing Custom ROM. But Do I also need to install Modem files on my device ? Because I can't find them on XDA Forums. Please give me a link or something. The help is not just appreciated but seriously needed.
Success. Thanks
Hello, I walk testing one recovery but I'm booting before flashing, the question is, will the recovery feel same when booted vs flashed? I've booted and used to flash a pair of zips but felt very laggy and bugged although did the work right. Thanks
Edit: solved, tried myself
Sent from my SHIELD Tablet K1 using XDA-Developers mobile app
http://forum.xda-developers.com/showthread.php?t=872128&page=2
Notice (4/16/14): I'm no longer here. I've said "goodbye" to AT&T and their locked bootloader schemes. I'm voting with my wallet - I've sold my I337 and switched to T-Mobile. My apologies to the community, but you're now on your own here.
Intro/About/Requirements:
This thread started as a guide for people who wanted to run Ubuntu in a chroot, and then connecting to it locally with a VNC client. This method has been used countless times on other devices, with many thanks to @zacthespack and his his group, LinuxonAndroid. Unfortunately, this method did not work out-of-the-box on my device, so I tweaked things to work with the Galaxy S4 and posted them here in this thread.
However, the most people immediately noticed that with this method the performance is not great, and some applications can't work in a headless environment. With a comment made by zackthespack, I began researching what it would take to get Ubuntu to write directly to the device's framebuffer. After a few months, I not only managed to accomplish this, but also developed a way to get the Galaxy S4 to boot directly into Ubuntu. As far as I have seen, both of these are a "first" for this handset.
All of these methods require root. The VNC Chroot does not require a custom kernel, but the other methods require a custom-built kernel. For the I337 (AT&T) handset, this can pose a problem if you have bootloaders that are MF3+. If you're using MDB/MDL bootloaders still, you shouldn't have a problem with this and you can Loki the custom kernel without issue.
Depending on your ROM and/or Kernel, you may also need a new version of BusyBox installed, even for the VNC method. You'll find a few apps on the Play Store that can do this for you. Beware that some of them are not easily reversible (such as TinyBox), so if you're stuck on MF3 with no way to create/restore a nandroid/system backup, you should be careful.
Click to expand...
Click to collapse
Disclaimers:
Following this guide and/or flashing anything I've provided to your device is your own responsibility. If something breaks, you break your device, or something explodes, I can't be held liable (I'll help correct any situations you may put yourself in, however). I claim no rights to any proprietary software or intellectual property included in this post or the packages contained herein. By using any of this software, you agree to whatever licenses/agreements that the creators may have included with their software. If you use any of this stuff in your own project, please provide credit where credit is due. For example, if you take my u.sh script and adapt it to some new device (i.e. Galaxy S 5), please at least mention where it came from.
Click to expand...
Click to collapse
VNC Chroot Method (original):
This method is loosely based on this thread for the Galaxy S3 and the ubuntu.sh script there. It didn't work for the S4, but I've made several tweaks to it, simplifying it a ton, and otherwise getting it to work perfectly on my S4. I've tried this using my AT&T Galaxy S4 (SGH-I337) on both the MDL build and the MF3 build - both seem to work great.
Instructions:
Download the Ubuntu 13.04 Small v1 image here.
Create a folder on your sdcard labeled "ubuntu" by whatever means you want to.
Extract the ubuntu.img from your downloaded zip into this folder.
Download my version of the ubuntu.sh and place it on the root of your sdcard.
Open the script in a text editor and read through it. Never run a script like this on your android without first knowing what it does - especially when the author is telling you that you need root. If you're happy with it, proceed.
Install an terminal emulator of your choice. I personally used this one, and technically an adb shell will work too (but you'll be tethered to your PC...).
Install a VNC Client of your choice. I personally used this one, but there might be better/faster ones out there.
Open the terminal emulator, and execute the following commands:
Code:
su
sh /sdcard/ubuntu.sh
If you see a bunch of errors and get dumped back at the "[email protected]:/ # " prompt, then something went wrong. Report your errors in this thread. Remember, this requires root (and the "su" command to get there, of course).
You'll be prompted for some setup parameters, which you can save at the end for later. Just answer each question and press Enter after each:
You'll need to provide a new password for the "ubuntu" user. A simple passwords like "ubuntu" works, unless you want some security.
Start VNC server? (y/n) - always choose "y". We need this to interact with the device.
SSH server? Optional. If you use it, you should enable it.
Screen size: Enter whatever you want. I personally used 960x540 (one quarter of the S4's screen size) so that I could actually interact with things using the touch screen.
Save settings as defaults? - You might not want to do this until you have a screen size that works best for you.
Once you see the prompt, "[email protected]:~# " - you're in! You now have Ubuntu running in a chroot. As the on-screen instructions suggest, type "exit" at this prompt to end the chroot and Ubuntu. It is recommended to do this when you are done so that the ubuntu.sh script can clean up after itself (unmounting things, etc.).
Leave your terminal emulator app running! Use your Home button to return home and leave it running.
Open you VNC client and connect with the following settings:
Nickname: (whatever you want)
Password: ubuntu
Address: localhost
Port: 5900 (default)
Username: (leave blank)
Color Format: 24-bit color (you can use lower if you want better performance)
Connect. For the VNC app I used, I had to zoom in to make the screen fit correctly (use pinch-to-zoom, and then use the "+" button on-screen). Also, you can play around with the Input Mode some if you wish.
Enjoy Ubuntu!
As you can see, it's not terribly complicated to get this up and running. Once you have set it up the first time, it's a lot smoother from then on out. The script is designed to allow you to use the external SDCard if you wish. Just use place the ubuntu.img in an "ubuntu" folder on your external SDCard, drop the ubuntu.sh on the root of the external SDCard, and use "sh /mnt/extSdCard/ubuntu.sh" instead (don't forget "su"!).
Click to expand...
Click to collapse
Freedreno Chroot Method (NEW):
This long-winded tutorial will explain how you can setup Xubuntu-desktop in a chroot. Before attempting any of this, you should read through all the steps and be sure you're comfortable performing the steps needed.
This requires roughly 2GB free space on your /data partition - the actual finished install is about 1.4GB, but it will require some extra space while it installs Freedreno and other components. HINT: Keep in mind that your /data partition is shared with your internal sdcard (your internal sdcard gets whatever space is leftover at the end of the /data partition), so you can get an idea how much free space you have by looking at how much space your internal sdcard has available.
Instructions:
Step 0 (option A) - Build Custom Kernel
You will need to install a custom kernel that has specific options enabled in the configuration, along with a few patched files in the source code. This list of changes is based on a delta from the stock I337 MF3 kernel, available at http://opensource.samsung.com/. You should be able to apply these changes to "any" kernel that you can build from source, so this documentation may apply to devices other than the I337.
Kernel Mods:
Required config changes:
Code:
CONFIG_DEVTMPFS=y
# CONFIG_DEVTMPFS_MOUNT is not set
CONFIG_DRM=y
CONFIG_MSM_KGSL_DRM=y
# CONFIG_KGSL_PER_PROCESS_PAGE_TABLE is not set
# CONFIG_MSM_KGSL_PAGE_TABLE_COUNT is not set
CONFIG_FB_MODE_HELPERS=y
CONFIG_FB_MSM_TRIPLE_BUFFER=y
CONFIG_FB_MSM_DEFAULT_DEPTH_BGRA8888=y
# CONFIG_FB_MSM_DEFAULT_DEPTH_RGBA8888 is not set
Fix for Wi-Fi problems when using MF3 kernel on UCUAMDL bootloaders (i.e. "unadulterated" or "neutered"):
Code:
CONFIG_PROC_AVC=y
Required Patches to kernel source code:
https://github.com/freedreno/kernel-msm/commit/4c0281745f8c85707be88acebb557aca0b8f1dba
https://github.com/freedreno/kernel-msm/commit/228f65d48d4855d903e3b4642179dfa14eedd040
https://github.com/freedreno/kernel-msm/commit/54b510b2e6bccf08fdf3a8ad00a62b27c2f8c1e6
Additional changes required for sudo to work (added 10-25-13 in v4):
Code:
# Samsung Rooting Restriction Feature
#
# CONFIG_SEC_RESTRICT_ROOTING is not set
# CONFIG_SEC_RESTRICT_SETUID is not set
# CONFIG_SEC_RESTRICT_FORK is not set
# CONFIG_SEC_RESTRICT_ROOTING_LOG is not set
Additional changes to the initramfs required for sudo to work (added 10-25-13 in v4):
Edit fstab.qcom, remove the nosuid, part of the line that references userdata.
Step 0 (option B) - Download Custom Kernel Instead
Don't want to compile your own kernel from source? If you have the I337, you can use mine! As mentioned above, this kernel is based on the original MF3 source from Samsung, with the modifications listed above. If you are stuck with MF3+ bootloaders on your I337, you will not be able to install this kernel directly (at the time of this writing). MDB/MDL bootloaders are fine, but you will need to flash loki-doki afterwards (this kernel is not pre-lokified!). This kernel might work with other similar variants (such as the M919), but I haven't tested this on anything except my own I337 daily-driver. YMMV. If you run into issues, you might need to wipe cache/dalvik. This will likely only work with TouchWiz-based ROMs (I have not tried it with AOSP). Here's some downloads for you:
mf3-freedreno-android-boot-v4.zip - CWM/TWRP flashable zip.
- Boots to android, allows Ubuntu with Freedreno to work in a chroot.
- Compiled with the original (slightly modified) MF3 initramfs and "mf3-freedreno-minimum-zImage-v4" (below).
- Includes minimal configuration changes described above, plus the WiFi fix part.
mf3-freedreno-minimum-zImage-v4 - Just the MF3 kernel itself with minimal changes to get the chroot to work.
mf3-freedreno-minimum-config-v4 - Yeah, that's right. I'm providing the .config files I used for all of this.
Step 0.5 - Install the Kernel
Before you can start up the chroot properly, you'll need to have the custom kernel installed. You don't want the "ubuntu-boot" version right now, because you don't have an Ubuntu install to boot to. If you're using my pre-built kernel, first flash mf3-freedreno-android-boot-v4.zip and then flash loki-doki.zip.
Step 1 - Companion Files
Download this file: mf3-freedreno-companions-v4.zip - Non-flashable zip. This includes the script files, which you should promptly read through both u.sh and launch.sh. It is always good practice to read through any script file you get from the internet, making sure it's doing what you would expect it to. Also check out CREDITS.txt, which includes information about the included upstart-dummy.tar.gz and start-stop-daemon files.
Extract the companion files .zip and place its contents on the root of your internal sdcard (/sdcard/). Don't extract the contents of upstart-dummy.tar.gz. This is your $src directory. You can change this if you wish (see script for details).
Step 2 - Install/Configure Ubuntu
Install an terminal emulator of your choice. I personally used this one, and technically an adb shell will work too (but you'll be tethered to your PC...). At the console/shell, type the following two commands:
Code:
su
sh /sdcard/u.sh bash
The script will download Ubuntu Core and install Freedreno, upstart-dummy, and lubuntu-desktop. Total download size will be around 425MB. Total install time will vary, but count on it taking at least 45 minutes to install and configure everything. At the very end, you'll be prompted to enter a password for the new user "ubuntu".
Step 2.5 - Exit ubuntu
When you see the message "Type 'exit' (without quotes) to leave ubuntu," the install is complete. You'll notice that your prompt changed to "[email protected]". This is the easiest way to confirm that you're actually inside the ubuntu chroot. Type exit and hit Enter to get back to android.
Step 3 - Fire it up!
From now on, you can start Ubuntu using u.sh in any of these three ways:
sh /sdcard/u.sh - This will make initial prep, STOP android (black screen), launch the chroot, install/configure if needed, and will execute "service lightdm start". This will give you the greeter and you can login as "ubuntu". If the lightdm service stops for whatever reason (see info about the home button below), the script will continue by exiting the chroot and rebooting your device.
[*]sh /sdcard/u.sh bash - Same as above, except that it will not stop android, not startx (will give bash shell instead), and will not reboot your phone when you exit the shell.
[*]sh /sdcard/u.sh destroy - This will do exactly as it sounds - destroy your ubuntu installation. This will unmount your /sdcard from ubuntu (if still mounted somehow) and then recursively delete your ubuntu installation. If you change the source or destination directories in the main script, you should be careful deleting things.
NOTE: Remember to ALWAYS run any these from a root shell, whether via terminal emulator, via adb shell, or using SManager (or similar).
Step 4 - Note the Home Button and Touchpad
Take note that any time you have X running via lightdm, the hardware Home button will kill the X server. This is intentional, and will exit the chroot and reboot your phone. You'll also notice that currently, the touchscreen acts like a giant touchpad (like on a laptop). Use two fingers to right-click or scroll. Direct touchscreen input is not available at this time due to a segmentation fault that evdev causes when used on this device in a chroot.
Step 5 - (optional) Make Changes and Do it All Over Again
Customize the crap out of it! Edit my u.sh, launch.sh or xorg.conf and have fun. If you find great improvements, please post them in this thread! In future revisions, I might include them. Things should be well documented within the scripts. You might even change the bit at the end of launch.sh that starts "service lightdm start&" instead of "startx" - this would give you the greeter and let you login as the user "ubuntu" if you want. Also note that those three files are the only ones that must remain in your $src directory if you wish to continue to run this as a chroot. By the way, booting directly to Ubuntu after it is installed does not require any of the companion files anymore.
Click to expand...
Click to collapse
Native Boot Method (NEW):
This part of the tutorial is for those who wish to take things a step further and boot your device directly into Xubuntu-desktop. This will require that you setup the Freedreno chroot properly, and then you'll be installing a new boot.img. While this doesn't replace your /system partition, you won't be able to boot directly into Android while you have this boot.img installed.
Instructions:
Step 1 - Install Ubuntu
Basically, you need to perform all the steps for the Freedreno Chroot method, and get that up and running first. All you're doing here is swapping out your kernel.
Step 2 (option A) - Build Custom Kernel
You'll need all of the kernel customizations included in the freedreno chroot method, plus these listed below:
NOTE: You will need some proprietary blobs, which can be found on your device in the /etc/firmware directory.
Config changes to enable booting directly into Ubuntu (beyond replacing the initramfs...):
Code:
CONFIG_EXTRA_FIRMWARE_="audience-es325-fw.bin a300_pm4.fw a300_pfp.fw vidc_1080p.fw"
CONFIG_CMDLINE="console=tty0 fbcon=vc:0-3"
# CONFIG_CMDLINE_FROM_BOOTLOADER is not set
CONFIG_CMDLINE_EXTEND=y
# CONFIG_CMDLINE_FORCE is not set
Optional config changes to enable the framebuffer console when booting directly into Ubuntu - useful for debugging.
Code:
CONFIG_VT_CONSOLE=y
CONFIG_VT_CONSOLE_SLEEP=y
CONFIG_VT_HW_CONSOLE_BINDING=y
CONFIG_DEVPTS_MULTIPLE_INSTANCES=y
CONFIG_FRAMEBUFFER_CONSOLE=m
CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y
# CONFIG_FRAMEBUFFER_CONSOLE_ROTATION is not set
# CONFIG_FONTS is not set
NOTE: You will need to grab some .ko files that are created, which must be loaded in the following order:
Code:
insmod /ko/font.ko
insmod /ko/softcursor.ko
insmod /ko/bitblit.ko
insmod /ko/fbcon.ko
I recommend that you include these four lines into the init script that is included in the ubuntu ramdisk. These can go pretty much anywhere after the ". /scripts/functions" part, but before it calls out to run-init. Also, don't forget to drop those .ko files into a new /ko directory in the initramfs. If you want to load these with modprobe, I'll leave that up to you (good luck).
Replace the entire ramdisk/initramfs:
At this time, I'm not going to provide instructions on how to do this. You'll need this mako boot.img straight from Ubuntu, repacked with the zImage created here. For what it's worth, the re-pack tool I'm using includes --cmdline 'androidboot.hardware=qcom user_debug=31 zcache', but I'm not sure if that's needed (especially considering our kernel seems to use qcache?). Anyways, good luck.
Step 2 (option B) - Download Custom Kernel Instead
Again, if you don't want to compile your own kernel from source, you can download mine and use it. The same warnings and restrictions apply as they do in Step 0 (option B) of the Freedreno Chroot method. And here's your downloads:
mf3-freedreno-ubuntu-boot-v4.zip - CWM/TWRP flashable zip.
- Boots to Ubuntu directly, but only if your Ubuntu install is located at /data/ubuntu (Default).
- Compiled with the original MF3 initramfs and "mf3-freedreno-everything-zImage-v4" (below).
- Includes all configuration changes described above.
mf3-freedreno-everything-zImage-v4 - Just the MF3 kernel itself with all changes for both chroot and direct booting to Ubuntu.
mf3-freedreno-everything-config-v4 - Yet again, I'm providing my complete .config file for this.
Step 3 - Install the Kernel
Here's the easy part. Flash your completed boot.img, flash loki-doki, and reboot. If you're using my pre-built kernel, first flash mf3-freedreno-ubuntu-boot-v4.zip and then flash loki-doki.zip.
Click to expand...
Click to collapse
Flashable Zip Method (NEWEST):
It's finally finished: a flashable .zip that you can use to dump a pre-built rootfs onto your data partition. This will still require that you flash one of the two custom kernels (whether for chroot or native booting), but it will allow you to skip the whole build/install process.
ubuntu-install-v4.zip - CWM/TWRP flashable .zip. Requires approx 2GB free space on your data partition during install, and the final install size is approximately 1.3GB (may want more free space to add your own programs/etc.). Output folder is /data/ubuntu. This can be changed in u.sh, but heed the warnings within!
Instructions:
Instructions for Chroot-style Ubuntu:
Download the "companions" .zip and extract its contents to the root of /sdcard.
Download the "ubuntu-install" .zip to your internal or external SDCard.
Download the "mf3-freedreno-android-boot" .zip to your internal or external SDCard.
Make a nandroid backup of your phone, and store it on an external SDCard or your computer. Always a good idea to have this.
Install the "ubuntu-install" and "mf3-freedreno-android-boot" .zip files, followed by loki-doki.zip if you need that for your device (e.g. I337).
Restart and resume with Step3 of the Freedreno Chroot Method.
Instructions for Native Boot Ubuntu:
Download the "ubuntu-install" .zip to your internal or external SDCard.
Download the "mf3-freedreno-ubuntu-boot" .zip to your internal or external SDCard.
Install the "ubuntu-install" and "mf3-freedreno-ubuntu-boot" .zip files, followed by loki-doki.zip if you need that for your device (e.g. I337).
Restart and let it start into Ubuntu!
NOTE: The username is "ubuntu" and the password is also "ubuntu" - it is highly recommended that you change this ASAP.
Click to expand...
Click to collapse
Known Issues/Bugs:
Below is the list of known issues that I can think of, from the top of my head. This will probably be updated later as everyone points stuff out. Some issues only apply to some of the methods, so the applicable methods are listed in parenthesis after each.
Sound has not been tested (freedreno/native)
3D graphics or OpenGL support has not been tested (all)
Some applications don't work in a headless environment (vnc)
Some applications don't like to run as root, such as chromium (freedreno) lightdm is working in companions-v3, so no need to login as root anymore
Onboard is not working (freedreno/native) fixed in companions-v3
sudo does not work (all) fixed in kernel-v4 for freedreno/native, but problem remains for (vnc) if you are not using a custom kernel
A few kernel Oops's (native)
Shutdown menu doesn't always work (freedreno/native) fixed partly in companions-v4 - proper locale settings seem to allow the shutdown menu to work once you are logged in
Performance issues due to VNC connection (vnc)
No 3G/WiFi/network connection that I'm aware of... (native)
No control over 3G/WiFi/network/bluetooth yet (all)
Xorg's normal touchscreen driver evdev causes segmentation faults (freedreno/native)
Working on a possibly trying to get fbdev to work natively without Freedreno for simplicity (freedreno/native)
Anything you'd normally expect from a phone does not exist (freedreno/native)
Screen rotation (with or without accelerometer) doesn't work yet (freedreno/native)
HDMI/MHL output remains untested at this time. I got it to briefly work once, but I need to revisit this. (freedreno/native)
Many more to come, I'm sure...
Click to expand...
Click to collapse
To-Do:
Add mirrors to the download links.
Add a CWM/TWRP-flashable .zip that just dumps a clean Ubuntu install onto your data partition. This should be easy enough. completed!
Fix some of the bugs above.
Simplify the launch.sh and xorg.conf files. The u.sh script seems pretty solid.
Develop a method that works with only fbdev. This method might eliminate the possibility of 3D acceleration, but should enable screen rotation and other nifty things.
Possibly look into getting kexec (or similar) to work on the Galaxy S4 to offer a dual-boot option. Low priority at the moment, because flashing a kernel back and forth is pretty easy stuff.
Get Ubuntu Touch to work. This would eliminate a lot of bugs. I mostly need to just buckle-down and build CM10.1 from source, and then slowly visit each step of the Ubuntu Touch boot process.... Ugh.
Rebuild Freedreno to try to get Mesa/Gallium3D working properly. I'm probably going to need a lot of help from Rob Clark on this one!
More to come...
Click to expand...
Click to collapse
Revision History:
[11-13] mf3-freedreno-companions-v2.zip - Updated launch.sh: added some error checking and fixed the Freedreno build process.
[11-15] mf3-freedreno-companions-v3.zip - Updated launch.sh to include onboard and English language. Removed florence and xvkbd. Removed .keyb script. Added sudo. Simplified upstart-dummy, and included new upstart-dummy.tar.gz. Prepped for new flashable .zip method.
[11-26] mf3-freedreno-companions-v4.zip - Updated launch.sh: included fix for onboard so that it should work anytime lightdm is launched, added some bits for sudo to work, and home button now kills lightdm (not just the Xsession); Updated u.sh: Added check for root, added notes about sudo and nosuid.
[11-26] mf3-freedreno-android-boot-v4.zip & mf3-freedreno-ubuntu-boot-v4.zip - Finally fixed sudo! See kernel mods sections for details.
[11-26] ubuntu-install-v4.zip - rebuilt with new companions.
Click to expand...
Click to collapse
Aou said:
Check out this app: SManager (Script Manager). It makes running the ubuntu.sh or u.sh a whole lot easier, plus you can send it into the background (vnc method only). Just remember to jump back into SManager later, use the Menu Key and open the console to be able to kill the ubuntu.sh. You can also add "bash" as an additional argument (freedreno method only). This seems to be an effective replacement for the Terminal Emulator. Don't forget to choose the "su" option to run either script as root.
Click to expand...
Click to collapse
I have literally spent hundreds of hours working on this project, and many more hours documenting it thoroughly - just so that I could share it with all of you. If you found this guide, custom kernel or scripts to be beneficial, please hit the THANKS button on this post.
This mostly works, but I think I may have made an error. I see it starting the sshd, but not VNC server. I can call vncserver, but when launching the vnc client app I just get stuck at "Establishing Handshake" until it times out. This differs from when I don't call vncserver, where I get immediately connection refused.
I'm going to redownload the image and start from scratch, but the image isn't very friendly when I'm trying to figure out how to rerun the initial configuration script...
On my S4 running OTA-MF3 with root, this didn't work for me until i used Busybox Installer from the market. Tried internal and external without it, neither worked. Only thing that looked like an error after that was
Code:
chown: cannot access '/external-sd/': no such file or directory
but this only showed the first time I ran it. Opened VNC connection just fine from my computer to the phone, and though there was slight graphics glitching (orange and red boxes on desktop) it worked just fine and they didn't interfere. Thanks for this!
Tsaukpaetra said:
This mostly works, but I think I may have made an error. I see it starting the sshd, but not VNC server. I can call vncserver, but when launching the vnc client app I just get stuck at "Establishing Handshake" until it times out. This differs from when I don't call vncserver, where I get immediately connection refused.
I'm going to redownload the image and start from scratch, but the image isn't very friendly when I'm trying to figure out how to rerun the initial configuration script...
Click to expand...
Click to collapse
It's not, I agree. I found that the easiest way to clear the configuration and start anew is to do the following from the "[email protected]" prompt (that is, within ubuntu):
Code:
rm /root/DONOTDELETE.txt
rm /root/cfg/linux.config
DeadlySin9 said:
On my S4 running OTA-MF3 with root, this didn't work for me until i used Busybox Installer from the market. Tried internal and external without it, neither worked. Only thing that looked like an error after that was
Code:
chown: cannot access '/external-sd/': no such file or directory
but this only showed the first time I ran it. Opened VNC connection just fine from my computer to the phone, and though there was slight graphics glitching (orange and red boxes on desktop) it worked just fine and they didn't interfere. Thanks for this!
Click to expand...
Click to collapse
Interesting. I looked through the image's init.sh, and found something that's relatively new (wasn't in beta):
Code:
# Fix for sdcard read/write permissions by Barry flanagan
chown ubuntu /external-sd/
As far as I can tell, that message is harmless. It's only included in the initial configuration, as it's in the section:
Code:
if [ ! -f /root/DONOTDELETE.txt ]
As for the need to download/install the BusyBox installer, that's not surprising at all. I've had so much trouble BusyBox ever since I switched to MF3. I might include this as an extra step in the OP - thank you.
You kidding right...does this really work? To cool, thanks Aou. Great work.
TheAxman said:
You kidding right...does this really work? To cool, thanks Aou. Great work.
Click to expand...
Click to collapse
Yessir, it does indeed work! The S4 handles it very nicely with the extra RAM & CPU it has to spare, so the only limiting factor is VNC. If someone could devise a way to get Ubuntu to draw directly on the screen from within that Chroot, that would be perfect. I don't think it's really possible by design, but this might be the closest we get to running native linux on the I337 until we see some unlocked bootloaders.
Thanks
Aou said:
Yessir, it does indeed work! The S4 handles it very nicely with the extra RAM & CPU it has to spare, so the only limiting factor is VNC. If someone could devise a way to get Ubuntu to draw directly on the screen from within that Chroot, that would be perfect. I don't think it's really possible by design, but this might be the closest we get to running native linux on the I337 until we see some unlocked bootloaders.
Thanks
Click to expand...
Click to collapse
In fact I am currently working on getting xorg to write to androids frame buffer which will mean no more vnc
Sent from my Nexus 4 using xda premium
zacthespack said:
In fact I am currently working on getting xorg to write to androids frame buffer which will mean no more vnc
Sent from my Nexus 4 using xda premium
Click to expand...
Click to collapse
You, sir, are the man. thank you so much for working on this! I threw $10 at you to help fund the skittles/cheetos/carrots/beer/pizza/whatever it takes to help you along.
Added a couple things to the OP. Looks like pure-stock roms will indeed need BusyBox installed, by some means or another. Also, found SManager, which makes executing the ubuntu.sh script much, much easier.
The second script that allows me to launch ubuntu, but the first that allows me to get a real X server on my vnc. Thank you so much !
PS: Why am I unable to install wine ?
"Package wine is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source"
This is working pretty good, slow though, do I have it setup right, or did I miss something?
TheAxman said:
This is working pretty good, slow though, do I have it setup right, or did I miss something?
Click to expand...
Click to collapse
I have found it to run a bit slow, and with regular crashing of GUI programs too. Is it just slow or unusable? You can always try closing other apps besides terminal and VNC, or try to VNC from a computer even.
tboss1995 said:
The second script that allows me to launch ubuntu, but the first that allows me to get a real X server on my vnc. Thank you so much !
PS: Why am I unable to install wine ?
"Package wine is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source"
Click to expand...
Click to collapse
Looks like you're not the only one. Check out this thread on the LinuxOnAndroid site:
http://forum.linuxonandroid.org/index.php?topic=268.0
TheAxman said:
This is working pretty good, slow though, do I have it setup right, or did I miss something?
Click to expand...
Click to collapse
DeadlySin9 said:
I have found it to run a bit slow, and with regular crashing of GUI programs too. Is it just slow or unusable? You can always try closing other apps besides terminal and VNC, or try to VNC from a computer even.
Click to expand...
Click to collapse
Most of the slowness comes from interacting with it via VNC, it would seem. Hard to compare to anything else, considering VNC is all we've got at the moment. I wonder if @zacthespack can shed some light on this. As he mentioned before, he's working on getting it to draw directly to the Android screen. I'm certainly not going to ask for any status updates, but I'm wondering if he can confirm that we'd see a speed increase without VNC...
EDIT: Also, as I use it more, I am noticing the app crashes too (such as Chromium). Could just be something in the 13.04 image, but also could be because we're running this all on ARM architecture.
Aou said:
Looks like you're not the only one. Check out this thread on the LinuxOnAndroid site:
http://forum.linuxonandroid.org/index.php?topic=268.0
Most of the slowness comes from interacting with it via VNC, it would seem. Hard to compare to anything else, considering VNC is all we've got at the moment. I wonder if @zacthespack can shed some light on this. As he mentioned before, he's working on getting it to draw directly to the Android screen. I'm certainly not going to ask for any status updates, but I'm wondering if he can confirm that we'd see a speed increase without VNC...
Click to expand...
Click to collapse
RE installing WINE, sure you can install the ARM verson but Wine is not a emulator (infact WINE stands for Wine Is Not a Emulator) so you can only run ARM compiled windows software.
Yest there is a good speed increase, as with VNC xorg writes to the vnc server and passes it to the vnc client to then render on the screen.
With the new method xorg just writes to Androids frame buffer, no inbetween man.
And it can get even faster once we have graphics accelerations although not all chip sets will get that.
zacthespack said:
RE installing WINE, sure you can install the ARM verson but Wine is not a emulator (infact WINE stands for Wine Is Not a Emulator) so you can only run ARM compiled windows software.
Click to expand...
Click to collapse
Good point, forgot about that. It's really just a big package of Windows dependencies, responding to API calls, etc. The software that Wine runs is still sending stuff to/from the processor directly, therefore it would have to be compiled for ARM.
I wonder what Windows8 programs are available that are compiled for ARM (because of the Microsoft Surface and all...).
Aou said:
Good point, forgot about that. It's really just a big package of Windows dependencies, responding to API calls, etc. The software that Wine runs is still sending stuff to/from the processor directly, therefore it would have to be compiled for ARM.
I wonder what Windows8 programs are available that are compiled for ARM (because of the Microsoft Surface and all...).
Click to expand...
Click to collapse
There's plenty or ARM software within the built in app store, but I'm not sure where they install to or how one would go about extracting them. I have it on desktop and it shows what processors it runs on. Can't wait for the straight to screen function though
Also, I'm going to see if a different image is more stable. Chromium was the most obvious crashing for me and others generally crashed.
DeadlySin9 said:
There's plenty or ARM software within the built in app store, but I'm not sure where they install to or how one would go about extracting them. I have it on desktop and it shows what processors it runs on. Can't wait for the straight to screen function though
Also, I'm going to see if a different image is more stable. Chromium was the most obvious crashing for me and others generally crashed.
Click to expand...
Click to collapse
I noticed that with 12.04, it doesn't seem to connect to Xorg or something, because when you use VNC, it only shows a grey screen with a cross cursor. Same for both "Lite" and "Full" packages. Haven't tried older (10.x) packages of Ubuntu.
The other Linux images should work just fine. Optionally, you can edit the ubuntu.sh script to be more appropriate, but it should theoretically work the same (unless the init.sh is located elsewhere inside the image...).
I tried the Ubuntu 10 image and the Debian image but ubuntu didn't run vnc (vncserver not found or something) and debian kept saying I didn't have permissions.
It appears chromium is incredibly unstable on this image, so I've uninstalled it.
I'm currently working on trying to get Minecraft to work, but ever since 1.6.2 and this new launcher, it's incredibly difficult to modify the client files and such. Something is going wrong with liblwjgl.so. I can get the launcher to work correctly, but when it goes to load the game, it can't find liblwjgl.so and says that it might be because of 32bit vs ARM. I did get lwjgl installed correctly, and pulled the ARM version of the .so and stuck it in [what I believe was] the right .jar file, but it still has the error.
I'll keep you all posted. If I can get this to work, and if zacthespack can get xorg to draw on the android screen, ... :good:
EDIT:
Found out that every time the launcher runs minecraft, it downloads several libraries and other crap to run the game, to keep itself current and to support multiple versions, yada, yada. Unfortunately, this means that it downloads https://s3.amazonaws.com/Minecraft..../2.9.0/lwjgl-platform-2.9.0-natives-linux.jar every time you click Play, and overwrites any custom one you might have (i.e. one with ARM libraries inside). I tried revoking write access to the file, but then the launcher aborts the launch because it can't overwrite the file.
Any suggestions?
EDIT #2:
Well, the easy solution was to modify the file, run the launcher, disconnect mobile data temporarily, and then launch the game ("couldn't connect to server .... have local copy of file .... assuming it's good...."). No more errors about that stupid library file. However, the game immediately crashes now with an error report. Investigating this now. PROGRESS!
Problem
I'm aware I may need to modify the script in order to accommodate my setup, but I figured I'd post here first before changing anything in case someone else had a similar problem and came up with the solution.
I followed all the instructions, except I want to boot from an external USB stick (mounted using StickMount).
I reviewed the script, dropped it on the root of the USB stick, and copied the unzipped image to a folder named ubuntu.
Here is the output when I run the script:
Making mount points and mounting to them...
mount: mounting /dev/loop20 on /data/local/ubmnt failed: Operation not supported
mount: mounting devpts on /data/local/ubmnt/dev/pts failed: No such file or directory
mount: mounting proc on /data/local/ubmnt/proc failed: No such file or directory
mount: mounting sysfs on /data/local/ubmnt/sys failed: No such file or directory
Connecting to /sdcard...
mount: mounting /sdcard on /data/local/ubmnt/sdcard failed: No such file or directory
Putting in some settings...
net.ipv4.ip_forward = 1
/sdcard/usbStorage/sda1/ubuntu.sh[19]: can't create /data/local/ubmnt/etc/resolv.conf: No such file or directory
/sdcard/usbStorage/sda1/ubuntu.sh[20]: can't create /data/local/ubmnt/etc/resolv.conf: No such file or directory
/sdcard/usbStorage/sda1/ubuntu.sh[21]: can't create /data/local/ubmnt/etc/hosts: No such file or directory
ubuntu is configured with SSH and VNC servers that can be accessed from the IP:
(You will see an error about wlan0 if your WiFi is disabled. Safe to ignore.)
----------------- OKAY, starting Ubuntu! -----------------
chroot: can't execute '/root/init.sh': No such file or directory
----------------- Ubuntu has exited! -----------------
Cleaning up - unmounting everything and removing what we made...
umount: can't forcibly umount /data/local/ubmnt/dev/pts: No such file or directory
umount: can't forcibly umount /data/local/ubmnt/sys: No such file or directory
umount: can't forcibly umount /data/local/ubmnt/proc: No such file or directory
umount: can't forcibly umount /data/local/ubmnt/sdcard: No such file or directory
umount: can't forcibly umount /data/local/ubmnt: Invalid argument
Welcome back to your android.
Click to expand...
Click to collapse
I am running as root, BusyBox free has been installed. My terminal app has been granted root privileges. The path to the USB stick is sdcard/usbStorage/sda1.
Any help/guidance would be greatly appreciated! :fingers-crossed:
Yep, you read that correctly. I have optware, ssh, samba, transmission, and flexget working on my Minix X5 Mini. This should work for any rooted device which has an adb connection enabled. This will work on the original ROM. In fact, I use the stock ROM. For those not using a Minix device this should work on any ARM device. Sorry but all the binaries are built on ARM.
JUST AS EVERY OTHER DEVELOPER: I AM NOT RESPONSIBLE IF YOU BRICK YOUR DEVICE! MAKE A BACKUP!
Requirements:
Linux box with adb (don't ask me about windows, I don't support bad habits)
clockworkmod (for a backup)
root
internet connection
Process:
Make a backup of your ROM!
Download files (gitHub)
You have two options here:
Download the zip via https://github.com/erichlf/AndroidSeedBox/archive/master.zip and unzip it.
Clone the repo using git via 'git clone [email protected]:erichlf/AndroidSeedBox.git'
Make script executable
chmod +x optware-etc.sh
Obtain adb connection to device (covered in another thread)
Gain root access on local machine (adb seemed to require this for things to work)
sudo su
Run script and follow directions
./optware-etc.sh
Use SManager to run /opt/home/root/sysinit at every restart.
Notes:
The script can be modified to change the various programs that I install. You could exchange transmission for deluge for example.
Transmission can be accessed from the minix through localhost:9091 or from some other machine using your ip-address and the port 9091. If that doesn't work you should edit the config file located at /opt/home/root/.config/transmission-daemon/settings.json
username: root
password: you provided this in the install script
Without SManager nothing will start automatically. However, if you have a ROM which has init.d support you can move the scripts in /opt/etc/init.d to /etc/init.d I would suggest maybe linking the two instead of just moving the scripts or possibly adding a script to /etc/init.d which runs the items in /opt/etc/init.d The reason is because when installing things using ipkg the startup scripts will be placed in /opt/etc/init.d and not /etc/init.d However, it is extremely important that optware is started, and this is partly what sysinit accomplishes.
To list available packages
ipkg list
To install a new package use the command
ipkg install <new package>
To remove a package use the command
ipkg remove <package to remove>
cron is weird and I couldn't get it to work like it should, but I got it to work
While on the Android device (ssh or terminal emulator)
Create a .crond file in the home directory of your device (/opt/home/root/) with some schedule in it. Remember to leave a blank line at the end of the file.
Tell cron about the .crond file
crontab -u root /opt/home/root/.crond
Make sure cron sees the cron file
crontab -l
If you want to edit your cronfile use a text editor and edit the file directly and then tell cron about the file again.
Many things are installed in what seem like strange places, so use
which <binary you are looking for>
Feel free to help develop the code. I think what would be best is an update.zip or a CWM flashable zip. Right now I don't know how to do this, but once I get more time I will look into it. So, any help on this front is welcomed.
Enjoy!
I really wish you would have kept the repo up. It seems kind of pointless to go through all that trouble just to delete the repo and leave people wondering what you did.
I have been busy and didn't update this particular post, since there had been no activity on it.
git clone [email protected]:erichlf/androidseedbox.git
https://bitbucket.org/erichlf/androidseedbox/get/master.zip
Sorry, I didn't need to be rude. I was just excited to find this and then sad when it was gone. Thanks for pointing me in the right direction!
Hello XDA!
Samsung has been semi SamPWND again!
Disclaimer:
This root method was developed and tested on the N960U model. This is the only model I have that is a Samsung device. I do have friends and other devs however that have tested this method on various other Samsung devices on both Qualcomm and Exynos chipsets and it has worked on a good number of them meaning this method is not limited to the Note 9. With that being said, due to all the time I have already spent on this and not having any other devices, I will ONLY be supporting the N960U. So do not get upset if I do not respond to you if you have a Samsung A8934839K312 on 7.1 Android (aka a device I have never even heard of before.)
Disclaimer 2:
This root method is mainly for dev's or those who like to tinker and figure things out. The reason I say this is because at this time, you are REQUIRED to be on a factory/combination firmware to mess with the root method. I will ignore any comments/questions for people who do not read this disclaimer and ask me how to root stock etc. as that is what I have been trying to do for over a month now. If you need your phone for work or a daily then I suggest only messing with this root method if you have a lot of spare time since it involves flashing combo firmware at which mobile services and other stuff will not be functional. You have been warned!
Disclaimer 3:
This thread/poc are essentially to get you the ability to use root apps and have a root shell, that is it. If I have time and see some questions that are legit questions I will try to provide help in a timely manner. This POC simply pushes busybox binary from Magisk.zip and SuperSU (the last version chains released before retirement) and installs it in sbin/daemon mode. There is also a way to install MagiskSU in daemon mode as well as ways to install root to /system/xbin for example and do mods such as Xposed that typically need to modify the system partition but that is not the purpose of this thread and these methods are a bit more involved (require modifying the root script as well as setting up bind mounts and other stuff.) Hopefully once this is released and some devs chime in I hope there will eventually be others contributing with various root scripts, install methods etc. and of course HOPEFULLY find a way to write to system/odm/vendor partitions so we can eventually run root on stock!
Disclaimer 4:
I am NOT responsible if you break your phone, wipe your IMEI, hard brick etc. etc.! Also, I spent months to get to this point and already had someone steal my files from AFH (I know, my fault for not hiding them) so please do not take my work as your own. If you want to use it in any way/shape/form just ask for permission and/or give credits in your thread is all I ask! If you are however using someone else's modified files and in here trying to get help I might turn you away (back to the person who provided the modified files) just an FYI!
I think that is enough disclaimers for now!
Note: This thread will most likely be ugly for a bit as I am terrible with making these things look pretty... Hopefully as time goes I will keep improving it or find someone who is trustworthy I can make a "contributor" so they can fix it up for me haha.
Now, Let's Get To It!
Technical Details:
This is sort of a spawn from an exploit I found and reported to Samsung back on the Tab S3 that I never released on XDA. That method (long story short) involved modifying the Persist partition and flashing it in ODIN as ODIN did not check it for integrity. Of course it was patched by Samsung who gave me some $$$ and gave me a shout out on their security bulletin which was pretty cool!
This method is similar to "Persist Root" except we are not flashing any modified partitions in ODIN. Instead, on many Samsung combination firmwares there is an init rc script on /system. If you want to know if your device is compatible a good starting point would be to look for a file called "init.lab.rc" which is typically located at "/system/etc/init/init.lab.rc" like so:
-rw-r--r-- 1 root root ubject_r:system_file:s0 14784 2008-12-31 10:00 init.lab.rc
As it stands, we cannot edit this script. I noticed something cool however when I was reading it one day. Specifically one thing that caught my eye was this:
chmod 777 /data/lab/run_lab_app.sh
There are MANY files and scripts at /data/lab. Luckily, the init.lab.rc sets permissions to "0777" and sets ownership to system on the entire /data/lab directory! If you are still with me, this means all the contents of this directory are world readable/writeable and we can modify any of the files in this DIR without elevated privileges!
Now I am showing the "run_lab_app.sh" script specifically for a reason. We know we can modify any scripts on /data/lab, but how can we execute it with elevates privileges? Going back to the init.lab.rc, if you scroll to the bottom of the rc file you will see this:
service start_abc /system/bin/sh /data/lab/run_lab_app.sh factory abc+
user system
group system
disabled
oneshot
on property:sec.lab.abc.start=1
start start_abc
setprop sec.lab.abc.start 0
Now what that means is, when you set the property "sec.lab.abc.start" to "1" it executes the abc service as system user and more specifically it will start by executing the "run_lab_app.sh" script! Therefore, after you modify the script to your liking, push it to /data/lab/run_lab_app.sh, then do a "setprop sec.lab.abc.start 1" your script will be executed as system user!
Now system obviously is not "root". Now that we can execute as system user we have more attack vectors to elevate privileges even more. Ideally, I remembered how I rooted the Tab S3 about a year ago using Persist partition. As it stands, we are not able to read/write on persist. If we were to set permissions however on /persist using the run_lab_app.sh script, then we can gain access to it! Therefore, one would only need to add this command to the run_lab_app.sh script and execute it using the setprop command:
chmod -R 0777 /persist
As soon as you modify the script, push it and execute the setprop command, it will change permissions on the /persist DIR to be world readable/writeable!
Now, the reason why I like to use Persist, there is a script that is executed by INIT on every reboot automatically (this means it is executed by root!) The script in question is this one "/persist/coresight/qdss.agent.sh." (I am not sure if this script itself is a Qualcomm specific script or not.) Modifying this script has no ill effects on anything from what I have seen.
Now to see how the script is executed you can look in "/vendor/etc/init/hw/init.qcom.test.rc" and you will see some interesting stuff including this:
crownqltesq:/vendor/etc/init/hw # cat init.qcom.test.rc | grep persist
service cs-early-boot /vendor/bin/sh /persist/coresight/qdss.agent.sh early-boot /vendor/bin/init.qcom.debug.sh
service cs-post-boot /vendor/bin/sh /persist/coresight/qdss.agent.sh post-boot /vendor/bin/init.qcom.debug.sh
write /persist/coresight/enable 1
write /persist/coresight/enable 0
crownqltesq:/vendor/etc/init/hw #
As I stated earlier, due to this init script, the qdss.agent.sh script is executed by init context/root user automatically during early boot and post boot. This means once you get everything set up, you won't need to keep reinstalling root (unless you mess something up) on each reboot. This is ideal since we don't have a way yet to modify system/vendor/odm partitions yet. Think of it as a "systemless" root.
For the POC I have provided in this thread for example, it contains the bare minimum SU files. The files in the attached zip are simple: SamPWND.bat, sampwnd1.sh, sampwnd2.sh, /sampwnd which contains su, sukernel, supolicy, libsupol.so and busybox. The way it works is this:
1) You double click the .bat file and it should do everything for you! The .bat file will:
- Push sampwnd1.sh to /data/lab/run_lab_app.sh
- Execute the lab script by doing "setprop sec.lab.abc.start 1"
- Push sampwnd2.sh to /persist/coresight/qdss.agent.sh
- Push root files in "sampwnd" folder to /persist/coresight/sampwnd
- Set permissions on the files we just pushed to Persist to 0777
- Reboot the device (Note: The .bat file reboots the device at this point since everything is in place to root when the device reboots, it's that simple!)
After the device reboots, you should now be able to use a root shell as well as sideloading any root apps will work (apps such as TiBu, Root Explorer, Flashfire etc. etc.)
When the device reboots, the qdss.agent.sh script does the following automatically:
1) Mounts rootfs and sets permissions to 0777 so we can access /sbin
2) Pushes the contents of the root files folder "sampwnd" to /sbin
3) Sets permissions to the files we just moved to /sbin
4) Exports the LIB path to /sbin due to the libsupol.so being needed to patch the sepolicy with supolicy
- The export command is "export LD_LIBRARY_PATH=/sbin"
- Once the script is over and you use another app or go into a shell etc. the LIB path will be gone/reset so you don't need to
worry.
5) Patches the sepolicy for SU
6) Installs SU by executing "su --install"
7) Executes the SU daemon by running "su --daemon"
8) Lastly, remounts rootfs back to RO.
As stated earlier, these commands are all automatically executed by init/root each time you reboot the device. Essentially, whatever we put into the qdss.agent.sh script will be executed on boot by init/root. If for some reason permissions are lost, we should still have our lab script and we would only need to run "setprop sec.lab.abc.start 1" to change permissions on persist again!
The initial files I provide today are just a simple root install script. I have successfully used the root script to install MagiskSU, Xposed (using bind mounts to overlay on /system) and other tests. I also at one point made a backup script that backed up all the partitions on the device into a folder which I extracted to my PC for safe keeping, you get the picture! Once you have root however, you can do these things easier as you will have root access.
Now that you know the workings of the exploit (err exploits?) I will explain briefly what is needed and how to test it.
Pre-requisites:
1) Download links will be in 2nd post.
2) For the purpose of this thread and the only device I personally have, you should have a N960U/U1/W on a rev1 bootloader (there isn't a rev2 BL yet so most should be good to go.)
3) A vulnerable Combo Firmware. I linked the one I use in Post 2. I use 1ARG4 Factory/Combo firmware. Of course you will need ODIN to flash the combo.
4) The root files/7z linked in post 2.
5) Stock firmware for when you are done playing, testing, etc. etc.
6) Almost forgot, you will need ADB. I will not go into details on this, if you don't have a working ADB Google is your friend. I recommend setting it to your path so you can use ADB from anywhere on the PC.
Install Instructions:
1) Extract the root files 7z into a DIR of your choice.
2) Flash whichever vulnerable combo firmware you are using via ODIN.
3) Once it boots up, make sure your device is seen by adb by running "adb devices"
4) Double click the .bat file.
5) That's it! Your device will reboot and you should be rooted!
If for some reason it is not working and you are on a N960U/U1/W, there could be a number of reasons. If you are not using the 1ARG4 combo I linked then it's possible the combo you are using is not vulnerable. It could also be an issue with ADB. Sometimes if things get crazy throughout your testing you might need to reflash /persist in ODIN or reflash the combo firmware in ODIN then re-run the .bat file (I only experience this typically when I get crazy with the root script and end up losing permissions to everything or something I added in the root script is causing the device to boot-loop etc. etc.)
Now donations are not required but feel free to throw me some beer money if you want! My paypal email/link is in a few places, you shouldn't have any trouble finding it!
TELEGRAM GROUP IS COMING REAL SOON!
We will use the TGRAM to provide support, ideas, share scripts/files and HOPEFULLY, we can all figure out together how to turn this into rooting the stock firmware as this is the goal and will be the primary focus of the chat!
Credits:
@samsung - for letting us PWND them time and time again!
@chainfire - SuperSU of course
@topjohnwu - MagiskSU of course
@me2151 - For all the time and help he is going to be putting in with us! Such a great guy! lol
@jrkruse - For everything! Everything from EDL support, ROM support, Root support you name it!
@partcyborg - For also spending countless hours helping answer questions in here so I don't have to hahah
@mweinbach - He writes great articles for XDA! He is a good kid who gets his hands on cool things frequently
@"mysecretfriendfromfaraway - I will not name him haha, he knows who he is. He always helps out and gets great things!
XDA:DevDB Information
SamPWND N960U Root, Tool/Utility for the Samsung Galaxy Note 9
Contributors
elliwigy
Version Information
Status: Testing
Created 2019-05-05
Last Updated 2019-05-05
Hello XDA!
Samsung has been semi SamPWND again!
Disclaimer:
This root method was developed and tested on the N960U model. This is the only model I have that is a Samsung device. I do have friends and other devs however that have tested this method on various other Samsung devices on both Qualcomm and Exynos chipsets and it has worked on a good number of them meaning this method is not limited to the Note 9. With that being said, due to all the time I have already spent on this and not having any other devices, I will ONLY be supporting the N960U. So do not get upset if I do not respond to you if you have a Samsung A8934839K312 on 7.1 Android (aka a device I have never even heard of before.)
Disclaimer 2:
This root method is mainly for dev's or those who like to tinker and figure things out. The reason I say this is because at this time, you are REQUIRED to be on a factory/combination firmware to mess with the root method. I will ignore any comments/questions for people who do not read this disclaimer and ask me how to root stock etc. as that is what I have been trying to do for over a month now. If you need your phone for work or a daily then I suggest only messing with this root method if you have a lot of spare time since it involves flashing combo firmware at which mobile services and other stuff will not be functional. You have been warned!
Disclaimer 3:
This thread/poc are essentially to get you the ability to use root apps and have a root shell, that is it. If I have time and see some questions that are legit questions I will try to provide help in a timely manner. This POC simply pushes busybox binary from Magisk.zip and SuperSU (the last version chains released before retirement) and installs it in sbin/daemon mode. There is also a way to install MagiskSU in daemon mode as well as ways to install root to /system/xbin for example and do mods such as Xposed that typically need to modify the system partition but that is not the purpose of this thread and these methods are a bit more involved (require modifying the root script as well as setting up bind mounts and other stuff.) Hopefully once this is released and some devs chime in I hope there will eventually be others contributing with various root scripts, install methods etc. and of course HOPEFULLY find a way to write to system/odm/vendor partitions so we can eventually run root on stock!
Disclaimer 4:
I am NOT responsible if you break your phone, wipe your IMEI, hard brick etc. etc.! Also, I spent months to get to this point and already had someone steal my files from AFH (I know, my fault for not hiding them) so please do not take my work as your own. If you want to use it in any way/shape/form just ask for permission and/or give credits in your thread is all I ask! If you are however using someone else's modified files and in here trying to get help I might turn you away (back to the person who provided the modified files) just an FYI!
I think that is enough disclaimers for now!
Note: This thread will most likely be ugly for a bit as I am terrible with making these things look pretty... Hopefully as time goes I will keep improving it or find someone who is trustworthy I can make a "contributor" so they can fix it up for me haha.
Now, Let's Get To It!
Technical Details:
This is sort of a spawn from an exploit I found and reported to Samsung back on the Tab S3 that I never released on XDA. That method (long story short) involved modifying the Persist partition and flashing it in ODIN as ODIN did not check it for integrity. Of course it was patched by Samsung who gave me some $$$ and gave me a shout out on their security bulletin which was pretty cool!
This method is similar to "Persist Root" except we are not flashing any modified partitions in ODIN. Instead, on many Samsung combination firmwares there is an init rc script on /system. If you want to know if your device is compatible a good starting point would be to look for a file called "init.lab.rc" which is typically located at "/system/etc/init/init.lab.rc" like so:
-rw-r--r-- 1 root root ubject_r:system_file:s0 14784 2008-12-31 10:00 init.lab.rc
As it stands, we cannot edit this script. I noticed something cool however when I was reading it one day. Specifically one thing that caught my eye was this:
chmod 777 /data/lab/run_lab_app.sh
There are MANY files and scripts at /data/lab. Luckily, the init.lab.rc sets permissions to "0777" and sets ownership to system on the entire /data/lab directory! If you are still with me, this means all the contents of this directory are world readable/writeable and we can modify any of the files in this DIR without elevated privileges!
Now I am showing the "run_lab_app.sh" script specifically for a reason. We know we can modify any scripts on /data/lab, but how can we execute it with elevates privileges? Going back to the init.lab.rc, if you scroll to the bottom of the rc file you will see this:
service start_abc /system/bin/sh /data/lab/run_lab_app.sh factory abc+
user system
group system
disabled
oneshot
on property:sec.lab.abc.start=1
start start_abc
setprop sec.lab.abc.start 0
Now what that means is, when you set the property "sec.lab.abc.start" to "1" it executes the abc service as system user and more specifically it will start by executing the "run_lab_app.sh" script! Therefore, after you modify the script to your liking, push it to /data/lab/run_lab_app.sh, then do a "setprop sec.lab.abc.start 1" your script will be executed as system user!
Now system obviously is not "root". Now that we can execute as system user we have more attack vectors to elevate privileges even more. Ideally, I remembered how I rooted the Tab S3 about a year ago using Persist partition. As it stands, we are not able to read/write on persist. If we were to set permissions however on /persist using the run_lab_app.sh script, then we can gain access to it! Therefore, one would only need to add this command to the run_lab_app.sh script and execute it using the setprop command:
chmod -R 0777 /persist
As soon as you modify the script, push it and execute the setprop command, it will change permissions on the /persist DIR to be world readable/writeable!
Now, the reason why I like to use Persist, there is a script that is executed by INIT on every reboot automatically (this means it is executed by root!) The script in question is this one "/persist/coresight/qdss.agent.sh." (I am not sure if this script itself is a Qualcomm specific script or not.) Modifying this script has no ill effects on anything from what I have seen.
Now to see how the script is executed you can look in "/vendor/etc/init/hw/init.qcom.test.rc" and you will see some interesting stuff including this:
crownqltesq:/vendor/etc/init/hw # cat init.qcom.test.rc | grep persist
service cs-early-boot /vendor/bin/sh /persist/coresight/qdss.agent.sh early-boot /vendor/bin/init.qcom.debug.sh
service cs-post-boot /vendor/bin/sh /persist/coresight/qdss.agent.sh post-boot /vendor/bin/init.qcom.debug.sh
write /persist/coresight/enable 1
write /persist/coresight/enable 0
crownqltesq:/vendor/etc/init/hw #
As I stated earlier, due to this init script, the qdss.agent.sh script is executed by init context/root user automatically during early boot and post boot. This means once you get everything set up, you won't need to keep reinstalling root (unless you mess something up) on each reboot. This is ideal since we don't have a way yet to modify system/vendor/odm partitions yet. Think of it as a "systemless" root.
For the POC I have provided in this thread for example, it contains the bare minimum SU files. The files in the attached zip are simple: SamPWND.bat, sampwnd1.sh, sampwnd2.sh, /sampwnd which contains su, sukernel, supolicy, libsupol.so and busybox. The way it works is this:
1) You double click the .bat file and it should do everything for you! The .bat file will:
- Push sampwnd1.sh to /data/lab/run_lab_app.sh
- Execute the lab script by doing "setprop sec.lab.abc.start 1"
- Push sampwnd2.sh to /persist/coresight/qdss.agent.sh
- Push root files in "sampwnd" folder to /persist/coresight/sampwnd
- Set permissions on the files we just pushed to Persist to 0777
- Reboot the device (Note: The .bat file reboots the device at this point since everything is in place to root when the device reboots, it's that simple!)
After the device reboots, you should now be able to use a root shell as well as sideloading any root apps will work (apps such as TiBu, Root Explorer, Flashfire etc. etc.)
When the device reboots, the qdss.agent.sh script does the following automatically:
1) Mounts rootfs and sets permissions to 0777 so we can access /sbin
2) Pushes the contents of the root files folder "sampwnd" to /sbin
3) Sets permissions to the files we just moved to /sbin
4) Exports the LIB path to /sbin due to the libsupol.so being needed to patch the sepolicy with supolicy
- The export command is "export LD_LIBRARY_PATH=/sbin"
- Once the script is over and you use another app or go into a shell etc. the LIB path will be gone/reset so you don't need to
worry.
5) Patches the sepolicy for SU
6) Installs SU by executing "su --install"
7) Executes the SU daemon by running "su --daemon"
8) Lastly, remounts rootfs back to RO.
As stated earlier, these commands are all automatically executed by init/root each time you reboot the device. Essentially, whatever we put into the qdss.agent.sh script will be executed on boot by init/root. If for some reason permissions are lost, we should still have our lab script and we would only need to run "setprop sec.lab.abc.start 1" to change permissions on persist again!
The initial files I provide today are just a simple root install script. I have successfully used the root script to install MagiskSU, Xposed (using bind mounts to overlay on /system) and other tests. I also at one point made a backup script that backed up all the partitions on the device into a folder which I extracted to my PC for safe keeping, you get the picture! Once you have root however, you can do these things easier as you will have root access.
Now that you know the workings of the exploit (err exploits?) I will explain briefly what is needed and how to test it.
Pre-requisites:
1) Download links will be in 2nd post.
2) For the purpose of this thread and the only device I personally have, you should have a N960U/U1/W on a rev1 bootloader (there isn't a rev2 BL yet so most should be good to go.)
3) A vulnerable Combo Firmware. I linked the one I use in Post 2. I use 1ARG4 Factory/Combo firmware. Of course you will need ODIN to flash the combo.
4) The root files/7z linked in post 2.
5) Stock firmware for when you are done playing, testing, etc. etc.
6) Almost forgot, you will need ADB. I will not go into details on this, if you don't have a working ADB Google is your friend. I recommend setting it to your path so you can use ADB from anywhere on the PC.
Install Instructions:
1) Extract the root files 7z into a DIR of your choice.
2) Flash whichever vulnerable combo firmware you are using via ODIN.
3) Once it boots up, make sure your device is seen by adb by running "adb devices"
4) Double click the .bat file.
5) That's it! Your device will reboot and you should be rooted!
If for some reason it is not working and you are on a N960U/U1/W, there could be a number of reasons. If you are not using the 1ARG4 combo I linked then it's possible the combo you are using is not vulnerable. It could also be an issue with ADB. Sometimes if things get crazy throughout your testing you might need to reflash /persist in ODIN or reflash the combo firmware in ODIN then re-run the .bat file (I only experience this typically when I get crazy with the root script and end up losing permissions to everything or something I added in the root script is causing the device to boot-loop etc. etc.)
Now donations are not required but feel free to throw me some beer money if you want! My paypal email/link is in a few places, you shouldn't have any trouble finding it!
TELEGRAM GROUP IS COMING REAL SOON!
We will use the TGRAM to provide support, ideas, share scripts/files and HOPEFULLY, we can all figure out together how to turn this into rooting the stock firmware as this is the goal and will be the primary focus of the chat!
Credits:
@samsung - for letting us PWND them time and time again!
@chainfire - SuperSU of course
@topjohnwu - MagiskSU of course
@me2151 - For all the time and help he is going to be putting in with us! Such a great guy! lol
@jrkruse - For everything! Everything from EDL support, ROM support, Root support you name it!
@partcyborg - For also spending countless hours helping answer questions in here so I don't have to hahah
@mweinbach - He writes great articles for XDA! He is a good kid who gets his hands on cool things frequently
@"mysecretfriendfromfaraway - I will not name him haha, he knows who he is. He always helps out and gets great things!
XDA:DevDB Information
SamPWND N960U Root, Tool/Utility for the Samsung Galaxy Note 9
Contributors
elliwigy
Version Information
Status: Testing
Created 2019-05-05
Last Updated 2019-05-05