Hi!
I'm writing a small application that allows you to enable or disable RamHack. There is a problem. The logs show that the app does not have permission.
At the beginning of the code doing the command "su":
Code:
final Runtime runtime = Runtime.getRuntime();
try {
runtime.exec("su");
}
catch (IOException e) {
e.printStackTrace();
}
Then after tap a button I execute this:
Code:
final Runtime runtime = Runtime.getRuntime();
try {
runtime.exec("mkdir /sdcard/switch_rh");
runtime.exec("wget -P /sdcard/switch_rh URL_to_my_site/rhpack.zip");
runtime.exec("unzip -o /sdcard/switch_rh/rhpack.zip -d /sdcard");
runtime.exec("rwsystem");
runtime.exec("flash_image boot /sdcard/2.img");
runtime.exec("cp /sdcard/2.ko /system/lib/modules/wlan.ko");
runtime.exec("rosystem");
runtime.exec("rm -r /sdcard/2.ko");
runtime.exec("rm -r /sdcard/2.img");
runtime.exec("reboot");
}
catch (IOException e) {
e.printStackTrace();
}
The logs show like this:
Code:
03-24 19:55:30.682: WARN/System.err(12444): java.io.IOException: Error running exec(). Commands: [rwsystem] Working Directory: null Environment: null
03-24 19:55:30.692: WARN/System.err(12444): at java.lang.ProcessManager.exec(ProcessManager.java:196)
03-24 19:55:30.692: WARN/System.err(12444): at java.lang.Runtime.exec(Runtime.java:225)
03-24 19:55:30.692: WARN/System.err(12444): at java.lang.Runtime.exec(Runtime.java:313)
03-24 19:55:30.692: WARN/System.err(12444): at java.lang.Runtime.exec(Runtime.java:246)
03-24 19:55:30.692: WARN/System.err(12444): at pl.zezol.switch_rh.MainActivity$1.onClick(MainActivity.java:76)
03-24 19:55:30.692: WARN/System.err(12444): at android.view.View.performClick(View.java:2360)
03-24 19:55:30.692: WARN/System.err(12444): at android.view.View.onTouchEvent(View.java:4194)
03-24 19:55:30.692: WARN/System.err(12444): at android.widget.TextView.onTouchEvent(TextView.java:6534)
03-24 19:55:30.692: WARN/System.err(12444): at android.view.View.dispatchTouchEvent(View.java:3724)
03-24 19:55:30.692: WARN/System.err(12444): at android.view.ViewGroup.dispatchTouchEvent(ViewGroup.java:882)
03-24 19:55:30.692: WARN/System.err(12444): at android.view.ViewGroup.dispatchTouchEvent(ViewGroup.java:882)
03-24 19:55:30.692: WARN/System.err(12444): at android.view.ViewGroup.dispatchTouchEvent(ViewGroup.java:882)
03-24 19:55:30.692: WARN/System.err(12444): at android.view.ViewGroup.dispatchTouchEvent(ViewGroup.java:882)
03-24 19:55:30.722: WARN/System.err(12444): at com.android.internal.policy.impl.PhoneWindow$DecorView.superDispatchTouchEvent(PhoneWindow.java:1712)
03-24 19:55:30.722: WARN/System.err(12444): at com.android.internal.policy.impl.PhoneWindow.superDispatchTouchEvent(PhoneWindow.java:1202)
03-24 19:55:30.742: WARN/System.err(12444): at android.app.Activity.dispatchTouchEvent(Activity.java:2019)
03-24 19:55:30.742: WARN/System.err(12444): at com.android.internal.policy.impl.PhoneWindow$DecorView.dispatchTouchEvent(PhoneWindow.java:1696)
03-24 19:55:30.742: WARN/System.err(12444): at android.view.ViewRoot.handleMessage(ViewRoot.java:1660)
03-24 19:55:30.742: WARN/System.err(12444): at android.os.Handler.dispatchMessage(Handler.java:99)
03-24 19:55:30.742: WARN/System.err(12444): at android.os.Looper.loop(Looper.java:123)
03-24 19:55:30.742: WARN/System.err(12444): at android.app.ActivityThread.main(ActivityThread.java:4358)
03-24 19:55:30.742: WARN/System.err(12444): at java.lang.reflect.Method.invokeNative(Native Method)
03-24 19:55:30.742: WARN/System.err(12444): at java.lang.reflect.Method.invoke(Method.java:521)
03-24 19:55:30.742: WARN/System.err(12444): at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:791)
03-24 19:55:30.742: WARN/System.err(12444): at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:549)
03-24 19:55:30.742: WARN/System.err(12444): at dalvik.system.NativeStart.main(Native Method)
03-24 19:55:30.742: WARN/System.err(12444): Caused by: java.io.IOException: Permission denied
03-24 19:55:30.742: WARN/System.err(12444): at java.lang.ProcessManager.exec(Native Method)
03-24 19:55:30.742: WARN/System.err(12444): at java.lang.ProcessManager.exec(ProcessManager.java:194)
03-24 19:55:30.742: WARN/System.err(12444): ... 25 more
03-24 19:55:31.102: WARN/su(12516): request rejected (10085:10085->0:0 /system/bin/sh)
What can I do that the program had access to the root?
PS. Sorry for my bad English.
Cheers
zezol said:
Hi!
I'm writing a small application that allows you to enable or disable RamHack. There is a problem. The logs show that the app does not have permission.
At the beginning of the code doing the command "su":
Code:
final Runtime runtime = Runtime.getRuntime();
try {
runtime.exec("su");
}
catch (IOException e) {
e.printStackTrace();
}
Then after doing a command button is pressed:
Code:
final Runtime runtime = Runtime.getRuntime();
try {
runtime.exec("mkdir /sdcard/switch_rh");
runtime.exec("wget -P /sdcard/switch_rh URL/rhpack.zip");
runtime.exec("unzip -o /sdcard/switch_rh/rhpack.zip -d /sdcard");
runtime.exec("rwsystem");
runtime.exec("flash_image boot /sdcard/2.img");
runtime.exec("cp /sdcard/2.ko /system/lib/modules/wlan.ko");
runtime.exec("rosystem");
runtime.exec("rm -r /sdcard/2.ko");
runtime.exec("rm -r /sdcard/2.img");
runtime.exec("reboot");
}
catch (IOException e) {
e.printStackTrace();
}
What do I do that the program had access to the root?
PS. Sorry for my bad English.
Cheers
Click to expand...
Click to collapse
don't rely on rwsystem and rosystem scripts, they are often broken, don't have hash bangs and have dos eol
instead use
Code:
busybox mount rw,remount /system
I would also point out that you don't need to use recursion ( -r ) this is only required if you wish to delete a directory
having said that you *should* be using recursion
but here
runtime.exec("unzip -o /sdcard/switch_rh/rhpack.zip -d /sdcard");
Click to expand...
Click to collapse
you are unziping to the root of the SD card, and then only deleting the two files
you are expecting
better to unzip into a new directory, and then delete the directory after
( therefore you do not leave anything unexpected behind )
being a script , you should probably check to see tf what you expect exists
with
runtime.exec("wget -P /sdcard/switch_rh URL/rhpack.zip");
Click to expand...
Click to collapse
it looks like you are pulling from the internet, are you checking it in anyway?
the download could be corrupt, it won't unzip and you end up flashing something that is on the root of the sdcard and just happens to have the same name...
it is inviting trouble........... and one day trouble may just turn up
I also don't believe that permission sticks between calls to Runtime.exec(), which means each call is individually responsible for obtaining root permission. Additionally, if one of your calls goes wrong, there's no way to check it, alert the user, and bail out. You might be better off writing a shell script to do this, then calling on that--how important is a UI? Plus everything Firerat said.
olearyp said:
I also don't believe that permission sticks between calls to Runtime.exec(), which means each call is individually responsible for obtaining root permission. Additionally, if one of your calls goes wrong, there's no way to check it, alert the user, and bail out. You might be better off writing a shell script to do this, then calling on that--how important is a UI? Plus everything Firerat said.
Click to expand...
Click to collapse
***BINGO!!!!
That definitely will be a problem.
The call to the su command is restricted to the particular shell that it was executed within!
BTW: That program won't be getting on my su whitelist.... looks extremely dangerous!
Many thanks guys! It works, but not quite...
I leave the su command at the beginning of the code.
My commands:
Code:
runtime.exec("mkdir /sdcard/switch_rh");
runtime.exec("unzip -o /sdcard/rhpack.zip -d /sdcard/switch_rh/");
runtime.exec("su busybox mount rw,remount /system");
runtime.exec("su flash_image boot /sdcard/switch_rh/2.img");
runtime.exec("su cp /sdcard/switch_rh/2.ko /system/lib/modules/wlan.ko");
runtime.exec("su busybox mount ro,remount /system");
runtime.exec("rm -r /sdcard/switch_rh");
runtime.exec("reboot");
Now in the logs returns to me something like this:
Code:
03-26 17:23:27.774: WARN/su(743): request rejected (0:0->0:0 /system/bin/sh)
03-26 17:23:27.804: WARN/su(745): request rejected (0:0->0:0 /system/bin/sh)
03-26 17:23:27.814: WARN/su(744): request rejected (0:0->0:0 /system/bin/sh)
03-26 17:23:27.814: WARN/su(746): request rejected (0:0->0:0 /system/bin/sh)
It's strange...
zezol said:
Many thanks guys! It works, but not quite...
I leave the su command at the beginning of the code.
My commands:
Code:
runtime.exec("mkdir /sdcard/switch_rh");
runtime.exec("unzip -o /sdcard/rhpack.zip -d /sdcard/switch_rh/");
runtime.exec("su busybox mount rw,remount /system");
runtime.exec("su flash_image boot /sdcard/switch_rh/2.img");
runtime.exec("su cp /sdcard/switch_rh/2.ko /system/lib/modules/wlan.ko");
runtime.exec("su busybox mount ro,remount /system");
runtime.exec("rm -r /sdcard/switch_rh");
runtime.exec("reboot");
Now in the logs returns to me something like this:
Code:
03-26 17:23:27.774: WARN/su(743): request rejected (0:0->0:0 /system/bin/sh)
03-26 17:23:27.804: WARN/su(745): request rejected (0:0->0:0 /system/bin/sh)
03-26 17:23:27.814: WARN/su(744): request rejected (0:0->0:0 /system/bin/sh)
03-26 17:23:27.814: WARN/su(746): request rejected (0:0->0:0 /system/bin/sh)
It's strange...
Click to expand...
Click to collapse
maybe its my fault, slight omission with the mount code
if its a program your not familiar with ,
less it,
if that don't tell you anything, and you have no real reason to not trust it, run it with --help
or man cmd
all of those will tell you that I was a muppet and forgot to type -o
Code:
busybox mount -o rw,remount /system
but that doesn't have anything to do with your error
what's so special about this anyway, why wouldn't a simple shell script do?
zezol said:
Many thanks guys! It works, but not quite...
I leave the su command at the beginning of the code.
My commands:
Code:
runtime.exec("mkdir /sdcard/switch_rh");
runtime.exec("unzip -o /sdcard/rhpack.zip -d /sdcard/switch_rh/");
runtime.exec("su busybox mount rw,remount /system");
<snip>
Click to expand...
Click to collapse
Code:
$ su -c "[I]command[/I]"
Code:
runtime.exec("su -c busybox mount -o rw,remount /system");
runtime.exec("su -c flash_image boot /sdcard/switch_rh/2.img");
runtime.exec("su -c cp /sdcard/switch_rh/2.ko /system/lib/modules/wlan.ko");
runtime.exec("su -c busybox mount -o ro,remount /system");
Log:
Code:
03-26 19:00:21.004: WARN/su(711): request rejected (0:0->0:0 busybox)
03-26 19:00:21.064: WARN/su(713): request rejected (0:0->0:0 cp)
03-26 19:00:21.094: WARN/su(712): request rejected (0:0->0:0 flash_image)
03-26 19:00:21.134: WARN/su(714): request rejected (0:0->0:0 busybox)
:/
Firerat said:
what's so special about this anyway, why wouldn't a simple shell script do?
Click to expand...
Click to collapse
Since I am a beginner and I learn programming with Java and Android. Secondly, I want to write a simple app for a friend (and my satisfaction) who does ROM for G1
zezol said:
Code:
runtime.exec("su -c busybox mount -o rw,remount /system");
runtime.exec("su -c flash_image boot /sdcard/switch_rh/2.img");
runtime.exec("su -c cp /sdcard/switch_rh/2.ko /system/lib/modules/wlan.ko");
runtime.exec("su -c busybox mount -o ro,remount /system");
Log:
Code:
03-26 19:00:21.004: WARN/su(711): request rejected (0:0->0:0 busybox)
03-26 19:00:21.064: WARN/su(713): request rejected (0:0->0:0 cp)
03-26 19:00:21.094: WARN/su(712): request rejected (0:0->0:0 flash_image)
03-26 19:00:21.134: WARN/su(714): request rejected (0:0->0:0 busybox)
:/
Since I am a beginner and I learn programming with Java and Android. Secondly, I want to write a simple app for a friend (and my satisfaction) who does ROM for G1
Click to expand...
Click to collapse
now tbh , I need to learn this java stuff myself, only done a tiny bit of tweaking so far.
Anyway,
as mentioned above it should be
su -c "command"
at least that is what it would be on a standard shell
I belive something like this would be more suitable for you
Code:
runtime.exec("su -c 'command'");
for now I would forget about mounting and just figure out who I am
Code:
runtime.exec("whoami");
just to see if it works
then
Code:
runtime.exec("IAM=`whoami`;echo $IAM")
Code:
runtime.exec("id");
runtime.exec("id -u");
runtime.exec("expr `id -u` + `id -u`");
runtime.exec("su -c 'id'");
runtime.exec("su -c 'id -u'");
runtime.exec("su -c 'expr `id -u` + `id -u`'");
hope it helps
That's actually progress. Note how the correct things are being rejected now. Make sure your SU Permissions blacklists aren't blocking your own program. And Firerat's advice to build up to what you want is also sound.
So the other problem you're going to run into once you get that figured out (sorry I didn't think of this sooner) is that the calls to Runtime.exec() are non-blocking, which means that the code you wrote will end up trying to run every line simultaneously. The quick hack to fix that is to capture the Process that is returned by the call to .exec to a variable (say, "p") then call p.waitFor() after every line.
Unfortunately, you will quickly be met by an FC/Wait dialog if you do this then try to interact with your phone, because your code (presumably) is trying to run in the UI thread.
There are a couple of solutions to this problem that I've used. The original implementation of GUSTO (previous to v0.5) used an AsyncTask to thread out the Runtime.exec() calls; the current implementation uses an IntentServer for better user experience.
Sorry for the bump, but I am a bit confused about this... I am trying the following:
Code:
Process p = null;
final Runtime runtime = Runtime.getRuntime();
try {
p = runtime.exec("su -c 'mount -o rw,remount /system'");
p.waitFor();
p = runtime.exec("su -c 'mkdir /system/bin/test'");
p.waitFor();
}
catch (Exception e) {
e.printStackTrace();
}
But nothing happens... Do I HAVE to have busybox installed? am i not allowed to use the built in commands?
I tried running it in the emulator with logcat running but it denied root permissions (no dialog was prompted) and on my rooted evo4g (was prompted for root permissions and allowed it). As a sidenote, is there anything I can use to get logging output from my production phone?
Thanks much in advance!
how did you solve your problem?
I'm trying to execute root commands from an app too but to move files to the /system but I'm getting an "su rejected" error, please help
thesk8mafia said:
I'm trying to execute root commands from an app too but to move files to the /system but I'm getting an "su rejected" error, please help
Click to expand...
Click to collapse
post source code
Truth to be told, I'll write down your name on a scrap of paper so to never ever run anything written by you. No offense, but I don't want my phone to fry 'cause you're learning how to fry phones.
Having said that, I'll give you some hints, so that maybe in the future I'll try one of your apps (not going to happen).
1. If you want to write an Android app, it has to run Java, not shell code. If you want to write a shell script, write a shell script. This isn't bashing, it's a hearted hint. Trust me here!
2. If you still want to wrap an Android app around a shell script, then at the very least use Android/Java as much as possible and restrict the shell part to the strictly least required: special commands or commands requiring root!
Code:
runtime.exec("mkdir /sdcard/switch_rh"); [B]NO ROOT REQUIRED![/B]
runtime.exec("wget -P /sdcard/switch_rh URL_to_my_site/rhpack.zip"); [B]NO ROOT REQUIRED![/B]
runtime.exec("unzip -o /sdcard/switch_rh/rhpack.zip -d /sdcard"); [B]NO ROOT REQUIRED![/B]
runtime.exec("rwsystem");
runtime.exec("flash_image boot /sdcard/2.img");
runtime.exec("cp /sdcard/2.ko /system/lib/modules/wlan.ko");
runtime.exec("rosystem");
runtime.exec("rm -r /sdcard/2.ko"); [B]NO ROOT REQUIRED![/B]
runtime.exec("rm -r /sdcard/2.img"); [B]NO ROOT REQUIRED![/B]
runtime.exec("reboot");
What should you do? You should use Java (with proper try/catch blocks) checking for errors at each step you take, taking care of the possible failures (download not available, directory not existing, ...). Taking care of errors with shell code is possible but it's a PITA and you can't debug it with the debugger. Why am I even pointing this out in the first place?!? Just do it.
1. You can create the directory with Java. Not only that, but you don't need to hardcode "/sdcard" in it! Just use the API to get the correct path: http://developer.android.com/guide/topics/data/data-storage.html#filesExternal
2. You can downlad your remote file with Java. In the worst case scenario, you can use an HttpURLConnection + FileOutputStream. In the best case scenario there's an Android API for that.
3. You can unzip your remote file with Java, checking that all the files you expect it to contain are there and it got transferred correctly. Check this out: http://developer.android.com/reference/java/util/zip/ZipFile.html
4. You can delete the files you downloaded with Java. This is so easy I want to cry. http://developer.android.com/reference/java/io/File.html#delete()
5. The few commands you need root to run, and you need them to be shell scripts (you can't run Java stuff as root as far as I've harshly found out), you write them this way:
Code:
try {
// You previously found out which is the right path for the su binary,
// being it /system/bin/su or /system/xbin/su
Process suProcess = Runtime.getRuntime().exec(suBinaryPath);
DataOutputStream dos = new DataOutputStream(suProcess.getOutputStream());
dos.writeBytes("flash_image boot " + sdcardPath + "2.img\n");
dos.flush();
dos.writeBytes("cp " +sdcardPath + "2.ko /system/lib/modules/wlan.ko\n");
dos.flush();
dos.writeBytes("exit\n");
dos.flush();
suProcess.waitFor();
} catch (Exception ex) {
// Please do something, don't let Exceptions be raised and silently trapped.
}
Pay attention and don't forget the "\n" at the end of each command.
This will make your app SuperUser.apk friendly and will get you to the result you wanted.
hrk said:
Truth to be told, I'll write down your name on a scrap of paper so to never ever run anything written by you. No offense, but I don't want my phone to fry 'cause you're learning how to fry phones.
Having said that, I'll give you some hints, so that maybe in the future I'll try one of your apps (not going to happen).
1. If you want to write an Android app, it has to run Java, not shell code. If you want to write a shell script, write a shell script. This isn't bashing, it's a hearted hint. Trust me here!
2. If you still want to wrap an Android app around a shell script, then at the very least use Android/Java as much as possible and restrict the shell part to the strictly least required: special commands or commands requiring root!
Code:
runtime.exec("mkdir /sdcard/switch_rh"); [B]NO ROOT REQUIRED![/B]
runtime.exec("wget -P /sdcard/switch_rh URL_to_my_site/rhpack.zip"); [B]NO ROOT REQUIRED![/B]
runtime.exec("unzip -o /sdcard/switch_rh/rhpack.zip -d /sdcard"); [B]NO ROOT REQUIRED![/B]
runtime.exec("rwsystem");
runtime.exec("flash_image boot /sdcard/2.img");
runtime.exec("cp /sdcard/2.ko /system/lib/modules/wlan.ko");
runtime.exec("rosystem");
runtime.exec("rm -r /sdcard/2.ko"); [B]NO ROOT REQUIRED![/B]
runtime.exec("rm -r /sdcard/2.img"); [B]NO ROOT REQUIRED![/B]
runtime.exec("reboot");
What should you do? You should use Java (with proper try/catch blocks) checking for errors at each step you take, taking care of the possible failures (download not available, directory not existing, ...). Taking care of errors with shell code is possible but it's a PITA and you can't debug it with the debugger. Why am I even pointing this out in the first place?!? Just do it.
1. You can create the directory with Java. Not only that, but you don't need to hardcode "/sdcard" in it! Just use the API to get the correct path: http://developer.android.com/guide/topics/data/data-storage.html#filesExternal
2. You can downlad your remote file with Java. In the worst case scenario, you can use an HttpURLConnection + FileOutputStream. In the best case scenario there's an Android API for that.
3. You can unzip your remote file with Java, checking that all the files you expect it to contain are there and it got transferred correctly. Check this out: http://developer.android.com/reference/java/util/zip/ZipFile.html
4. You can delete the files you downloaded with Java. This is so easy I want to cry. http://developer.android.com/reference/java/io/File.html#delete()
5. The few commands you need root to run, and you need them to be shell scripts (you can't run Java stuff as root as far as I've harshly found out), you write them this way:
Code:
try {
// You previously found out which is the right path for the su binary,
// being it /system/bin/su or /system/xbin/su
Process suProcess = Runtime.getRuntime().exec(suBinaryPath);
DataOutputStream dos = new DataOutputStream(suProcess.getOutputStream());
dos.writeBytes("flash_image boot " + sdcardPath + "2.img\n");
dos.flush();
dos.writeBytes("cp " +sdcardPath + "2.ko /system/lib/modules/wlan.ko\n");
dos.flush();
dos.writeBytes("exit\n");
dos.flush();
suProcess.waitFor();
} catch (Exception ex) {
// Please do something, don't let Exceptions be raised and silently trapped.
}
Pay attention and don't forget the "\n" at the end of each command.
This will make your app SuperUser.apk friendly and will get you to the result you wanted.
Click to expand...
Click to collapse
Just to say that DataOutputStream.writeBytes(string) only writes one byte for each char, so if you're dealing with Unicode strings, you'd better use some better class.
Also note that you can check the return code of your command through
Code:
echo $?
Meh, we already told the op what they were doing was wrong
thesk8mafia just bumped it with their lame question.
Firerat said:
Meh, we already told the op what they were doing was wrong
thesk8mafia just bumped it with their lame question.
Click to expand...
Click to collapse
You are right, I got a bit "Mr. Teacher" there seeing that the last post from the op was still in a sucky state...
I hope the informations I wrote will be more useful than the "Mr. Teacher" attitude I used.
Hello,
I'm developing an application (Widgetsoïd on market) who have widgets switcher.
I put a button to reboot phone but now I would like to put options to reboot in recovery and bootloader mode.
My problem is to execute command I use this for reboot :
Code:
String command = "su -c reboot";
Process p = Runtime.getRuntime().exec(command);
if(p.waitFor()==127 || p.waitFor()==255){
message.show();
}
I know to reboot into mode i have to add "reboot recovery" or "reboot bootloader" but command doesn't execute.
I try
Code:
String command = "su -c reboot recovery";
Process p = Runtime.getRuntime().exec(command);
if(p.waitFor()==127 || p.waitFor()==255){
message.show();
}
or
Code:
String command = "su -c 'reboot recovery'";
Process p = Runtime.getRuntime().exec(command);
if(p.waitFor()==127 || p.waitFor()==255){
message.show();
}
But the first make a simple reboot and the second make nothing.
Can you help me please?
Cheers
Jim
I found a solution
Code:
String[] str ={"su","-c","reboot recovery"};
Process p = Runtime.getRuntime().exec(str);
if(p.waitFor()==127 || p.waitFor()==255){
message.show();
}
It's work correctly.
Cheers
hrk said:
Code:
try {
// You previously found out which is the right path for the su binary,
// being it /system/bin/su or /system/xbin/su
Process suProcess = Runtime.getRuntime().exec(suBinaryPath);
DataOutputStream dos = new DataOutputStream(suProcess.getOutputStream());
dos.writeBytes("flash_image boot " + sdcardPath + "2.img\n");
dos.flush();
dos.writeBytes("cp " +sdcardPath + "2.ko /system/lib/modules/wlan.ko\n");
dos.flush();
dos.writeBytes("exit\n");
dos.flush();
suProcess.waitFor();
} catch (Exception ex) {
// Please do something, don't let Exceptions be raised and silently trapped.
}
Click to expand...
Click to collapse
I have tried this but it doesn't work for me (it works but app forces close because of an ANR).
I have found a solution that may help other people:
Code:
try {
// You previously found out which is the right path for the su binary,
// being it /system/bin/su or /system/xbin/su
Process suProcess = Runtime.getRuntime().exec(suBinaryPath);
DataOutputStream dos = new DataOutputStream(suProcess.getOutputStream());
dos.writeBytes("flash_image boot " + sdcardPath + "2.img\n");
dos.flush();
dos.writeBytes("cp " +sdcardPath + "2.ko /system/lib/modules/wlan.ko\n");
dos.flush();
dos.writeBytes("exit\n");
dos.flush();
[COLOR="Red"]dos.close();[/COLOR]
suProcess.waitFor();
} catch (Exception ex) {
// Please do something, don't let Exceptions be raised and silently trapped.
}
I have a huawei u8950d which I wanna root.
Its bootloader has been locked but I found a way to root a locked device: http://forum.xda-developers.com/showthread.php?t=1461736
So I've make those following codes to a bat file:
Code:
adb push mempodroid /data/local/tmp
adb push su /data/local/tmp
adb push Superuser.apk /data/local/tmp
adb shell
cd /data/local/tmp
chmod 777 ./mempodroid
./mempodroid 0xd524 0xab8f sh
[COLOR="red"]mount -o remount,rw -t ext4 /dev/block/mmcblk0p17 /system[/COLOR]
cat /data/local/tmp/su > /system/xbin/su
chown 0.0 /system/xbin/su
chmod 06755 /system/xbin/su
cat /data/local/tmp/Superuser.apk >/system/app/Superuser.apk
chown 0644 /system/app/Superuser.apk
When launching the red line I got this:
Code:
mount: Operation not permitted
Is it the issue of mempodroid?
The two addresses doesn't match my device.
Code:
./mempodroid 0x**** 0x**** sh
Maybe other reason?
I need help.Thx!
I found some interesting thing
Code:
#include <dlfcn.h>
#include <stddef.h>
#include <stdio.h>
int main(void)
{
void* lib = dlopen("libc.so", RTLD_NOW | RTLD_GLOBAL);
void* symbol;
if (lib == NULL) {
fprintf(stderr, "Could not open self-executable with dlopen(NULL) !!: %s\n", dlerror());
return 1;
}
symbol = dlsym(lib, "exit");
if (symbol == NULL) {
fprintf(stderr, "Could not lookup symbol exit !!: %s\n", dlerror());
return 2;
}
printf("exit() addr:%08x\n", symbol);
symbol = dlsym(lib, "setresuid");
if (symbol == NULL) {
fprintf(stderr, "Could not lookup symbol setresuid !!: %s\n", dlerror());
return 2;
}
printf("setresuid() addr:%08x\n", symbol);
dlclose(lib);
return 0;
}
Root a bootloader locked phone.(mempodroid way)
Hi,
Were you finally able to root the Huawei U8950D? How did you do it? I will be grateful if you give me a step by step process. Thanks
---------- Post added at 06:50 AM ---------- Previous post was at 06:45 AM ----------
fromnowon said:
I found some interesting thing
Code:
#include <dlfcn.h>
#include <stddef.h>
#include <stdio.h>
int main(void)
{
void* lib = dlopen("libc.so", RTLD_NOW | RTLD_GLOBAL);
void* symbol;
if (lib == NULL) {
fprintf(stderr, "Could not open self-executable with dlopen(NULL) !!: %s\n", dlerror());
return 1;
}
symbol = dlsym(lib, "exit");
if (symbol == NULL) {
fprintf(stderr, "Could not lookup symbol exit !!: %s\n", dlerror());
return 2;
}
printf("exit() addr:%08x\n", symbol);
symbol = dlsym(lib, "setresuid");
if (symbol == NULL) {
fprintf(stderr, "Could not lookup symbol setresuid !!: %s\n", dlerror());
return 2;
}
printf("setresuid() addr:%08x\n", symbol);
dlclose(lib);
return 0;
}
Click to expand...
Click to collapse
what is this code and who we have to use it????
device: Galaxy S7 Exynos, systemless SuperSu, CF-Autoroot, Nougat 7.0
Hi,
I've tried a lot of things now, but I'am failing at editing a file in android /sys folder. I want to change a variable for battery charging in /sys/class/power_supply/battery/batt_tune_float_voltage. In a terminal I've performed following
Code:
1|herolte:/sys/class/power_supply/battery # cat batt_tune_float_voltage
43500
herolte:/sys/class/power_supply/battery # chmod 777 batt_tune_float_voltage
herolte:/sys/class/power_supply/battery # echo 42000 > batt_tune_float_voltage
1|herolte:/sys/class/power_supply/battery # cat batt_tune_float_voltage
43500
I even cannot mount battery_tune_float_voltage
Code:
1|herolte:/sys/class/power_supply/battery # mount -o rw,remount /sys
herolte:/sys/class/power_supply/battery # mount -o rw,remount batt_tune_float_voltage
mount: 'batt_tune_float_voltage' not in /proc/mounts
Does anyone know what the problem here is?! I would be really glad if someone could explain me if i've missed something or why this does not work.
Anyway: As I'am understanding so far, the App Battery Charge Limit here on xda uses following code for editing file /sys/class/power_supply/battery/batt_slate_mode
Code Link
Code:
val switchCommands = arrayOf("mount -o rw,remount $file", "echo \"$newState\" > $file")
if (alwaysWrite) {
suShell.addCommand(switchCommands)
} else {
suShell.addCommand("cat $file", 0) { _, _, output ->
if (output[0] != newState) {
setChangePending()
suShell.addCommand(switchCommands)
}
}
}
}