Exploiting Android systems locally (without a computer) - Android Software/Hacking General [Developers Only]

A call to ROM modders:
As you all know, there is a known method for exploiting Android devices and gain root privilges within the application itself without the use of a computer. This is a major security risk as any application can gain root and control the device without the users' knowledge.
To make your ROM/MOD protected, make sure you replace the adbd binary in your initramfs using the latest adbd from google sources. Thats it.
More details can be found here: www.androidsec.net

galaxys
Hi. I got galaxy s with voodoo kernel 5.3 but after install app close. Any idea?
Thanks
Also force close.

I installed the immunizer.apk from your website, but get a FC when trying to start it.
Galaxy S
Speedmod Kernel (all partitions ext4)

FC here as well.
Samsung Captivate running Perception 10.2/Firebird2-v05 #54.

I'd appreciate if you can look at the logcat to watch for any error.
By next week I should be able to test Immunizer on some more Android devices so I hope to be able to debug most of the problems. I'll post updates soon.

Fails to do anything:
Code:
W/ActivityManager( 3008): Process ProcessRecord{4879e6906820:androidsec.net/10159} failed to attach
*NOTE: Running KA7 voodoo injected kernel and KA7 modem on a Vibrant.
I installed v1.1 from the site.

Isn't this the same exploit used in Visionary? To get Temp Root access on the G2 and MyTouch 4G and such

if we were to be watching logcat, what should be looking for?

Version 1.3 starts without FC. If I press immunize and then press yes when it asks whether it should immunize and reboot, it waits for about 10 seconds, then I get a black screen, and finally it returns to the app list and nothing happened (if I reboot manually and start immunizer it still says the system is vulnerable).

dasunsrule32 said:
Fails to do anything:
Code:
W/ActivityManager( 3008): Process ProcessRecord{4879e6906820:androidsec.net/10159} failed to attach
*NOTE: Running KA7 voodoo injected kernel and KA7 modem on a Vibrant.
I installed v1.1 from the site.
Click to expand...
Click to collapse
kasper_h said:
Version 1.3 starts without FC. If I press immunize and then press yes when it asks whether it should immunize and reboot, it waits for about 10 seconds, then I get a black screen, and finally it returns to the app list and nothing happened (if I reboot manually and start immunizer it still says the system is vulnerable).
Click to expand...
Click to collapse
Same issue...

kasper_h said:
Version 1.3 starts without FC. If I press immunize and then press yes when it asks whether it should immunize and reboot, it waits for about 10 seconds, then I get a black screen, and finally it returns to the app list and nothing happened (if I reboot manually and start immunizer it still says the system is vulnerable).
Click to expand...
Click to collapse
Same here... :\

Please try latest version (1.4) and post results.
Also, if Immunizer failes, please provide output of the following commands (using 'adb shell' or similar):
Code:
ls -l /sbin/adbd
getprop ro.build.version.release
getprop ro.build.version.sdk

1.4 caused system to FC on reboot. Thank god for CWM advanced restore.
I'm not near a computer I can use to pull logs, sorry.
Thanks for your efforts, but I'm done with this project until it's stable.
Sent from my SGH-I897 using XDA App

I installed 1.4 over voodoo 5.3 kernel. I run it then ask me for aplly and reboot. I select apply and reboot and freeze on this screen. As soom as possible i'll paste adb logcat.
Regards
Sent from my Galaxy S. Darkyy Rom xxjpy with voodoo 5.3 (supercurio), voodoo app, bln!!!

Immunizer 1.4 -web- (galaxy i9000 +voodoo 5.03)
Code:
getprop ro.build.version.release 2.2.1
getprop ro.build.version.sdk 8
(Start & freeze after applying)
Code:
Start proc androidsec.net:remote for broadcast androidsec.net/.ExploitedAlarmReceiver: pid=8699 uid=10155 gids={3003, 1015}
I/Zygote ( 8699): Zygote: pid 8699 has INTERNET permission, then set capability for CAP_NET_RAW
D/dalvikvm( 8699): Trying to load lib /data/data/androidsec.net/lib/libandroidterm.so 0x489224e8
D/dalvikvm( 8699): Added shared lib /data/data/androidsec.net/lib/libandroidterm.so 0x489224e8
I/Exec ( 8699): JNI_OnLoad
I/ActivityManager( 2943): No longer want com.android.settings (pid 7028): hidden #16
D/dalvikvm( 2943): GC_FOR_MALLOC freed 29465 objects / 1138576 bytes in 358ms
D/dalvikvm( 2943): GC_FOR_MALLOC freed 43742 objects / 1823120 bytes in 218ms
D/dalvikvm( 6970): GC_EXPLICIT freed 4946 objects / 398088 bytes in 374ms
D/NativeCrypto( 6970): Freeing OpenSSL session
D/NativeCrypto( 6970): Freeing OpenSSL session
after apply
Code:
ls -l /sbin/adbd
lrwxrwxrwx root root 2011-01-27 23:35 adbd -> ../voodoo/root/sbin/adb

I'll be following this thread with great interest. Greetings. Dan

very interesting

Related

adbd running on device, cannot connect from host

Hello all,
As per my previous thread, I now have a rooted nonsense free Android.
Now I'm trying to connect to it via adb which is proving tricky.
The device is rooted (unrevoked/clockwork mod) and in recovery mode it'll adb just like that. However, when the device is running, I can't pick it up. I get:
Code:
$ adb devices
List of devices attached
???????????? no permissions
Now I have the old superuser skull and crossbones app thingy on my phone running. I've also tried to connect locally using connectbot and this works, I get sh running just fine. I can also su and get root.
However, even if I stop and restart adbd it changes nothing from the pov of the host... in other words it's not letting me connect.
Specifically, I can see:
Code:
sh-3.2# ps
...
root 1978 1 3142 200 ffffffff 0000f474 /sbin/adbd
...
$ whoami
whoami: unknown uid 0
from connectbot on the device
A pointer in the right direction would be wonderful!
_glokta.

[MOD][One Click Root]ClockworkMod 3.1.0.1[RFS & EXT4]

[MOD][One Click Root]ClockworkMod version 3.1.0.1[RFS & EXT4]
One Click Root does NOT work on Gingerbread!Read on for why.
Standard disclaimer: I think you guys know the deal by now. I am not responsible for anything you do, don't do, don't read, or brick.
If you are already rooted and have ClockworkMod installed and you just need to upgrade CWM please visit DRockstar's thread: [RECOVERY][GPL] ClockworkMod 3.1.0.1 PURPLE UPGRADE RFS/EXT4/USB CUSTOM FOR EPIC4G
This is an updated and refreshed One Click Root based off Dameon87's 3.0.0.6 version here (originally based off work from noobnl and firon). It has been updated and fixed by myself (Rodderik) and DRockstar.
Huge credit goes to DRockstar. Without his persistence and hard work we would not have a new working recovery image. He spent many hours fixing and testing the image after bugging koush to compile a ROM Manager compatible, dual file system recovery. Credit also goes to the noobnl and firon for the original one click root scripts, koush for giving us a new better recovery, Dameon87 for his one click changes and EXT4 conversion script, tanimn and all the other developers that worked hard to contribute to the new recovery.
UPDATED 6/24/2011
updated to Clockwork Mod 3.1.0.1_purple by DRockstar
updated busybox to latest (1.18.4)
updated recovery.fstab
tweaked script to hopefully improve success rate
fixed redirector (again)
plus some other misc fixes
Includes:
Dual file system support (RFS & EXT4)
New ClockworkMod (v3.0.2.5)
koush's latest hacked adbd
Superuser.apk (v2.3.6.1)
busybox (v1.18.0.git)
su (v2.3.1-ef)
Switched to bmlwrite for flashing
Added scripts for mounting UMS (by DRockstar)
FIXED REDIRECTOR!!!
Rom Manager Compatible
Works properly on Mac OSX
Tested with EC05 (Froyo), EB13 (Froyo), and DI18 (Eclair)
Works on: Windows, Linux, and Mac OSX
For future reference the rageagainstthecage root exploit has been patched in Gingerbread. Refer to DRockstar's post on Gingerbreak for rooting Gingerbread (this also works on the Epic running Froyo)
Instructions:
Windows
1. Extract zip to a folder
2. Ensure phone is in usb debugging mode and connected to your computer
3. Run the run.bat
4. Follow on screen instructions
Linux
1. Extract zip to a folder
2. Ensure phone is in usb debugging mode and connected to your computer
3. Open a terminal and navigate to the unzipped folder
4. Type: chmod 777 run.sh
5. Type: ./run.sh
6. Follow on screen instructions
Mac OSX
1. Extract zip to a folder
2. Ensure phone is in usb debugging mode and connected to your computer
3. Open a terminal and navigate to the unzipped folder
4. Type: chmod 777 run.sh
5. Type: ./run.sh
6. Follow on screen instructions
qbking77 has done a nice video tutorial on using Windows to root and install ClockworkMod using this method. You can see his video here: http://www.youtube.com/watch?v=ymN1H2e9YMk
Thanks qbking77!
dansan382 also made a video that you can find here.
Notes:
1. Button mappings are slightly different from older versions of CWM. Volume buttons = Up and Down, Power or Camera = Enter, Capacitive Back = Back. Capacitive Home also works as enter but not correctly from the main menu so if you hit it and the screen disappears hit Capacitive Home again or Capacitive Back to bring it back.
NOTE: As of 3.1.0.1 the buttons have been sorted out.
2. KNOWN ISSUE: When invoked, reboot recovery requires a re-plug of the usb cable for adb to work again. Simply unplug the usb cable and plug it back in.
3. If the script does not reboot your phone at the end please run the script again. If it still doesn't work reboot the phone and run the script again.
4. USB Mass Storage can be mounted from inside of recovery. 'adb shell' into the phone and type 'mountums' MAKE SURE YOU SAFELY REMOVE/EJECT BEFORE RUNNING 'umountums' to safely unmount sdcard.
NOTE: As of 3.1.0.1 mounting from the menu works again!
5. There is a Go Back menu option but it must be enabled. See the post here.
6. VIRUS ALERT!!! rageagainstthecage may be detected by your antivirus program but it is NOT harmful to your computer. See this post for an explanation.
7. A few users report issues with 3.1.0.1 not booting. If that happens then use 3.0.2.5.
Download: http://devphone.org/files/epic4g/oneclickroot/OneClickRootCWM3.1.0.1-EC05.zip
md5: 57d787dba5a478eb088f148e0dff2ef0
Previous version(s): http://devphone.org/files/epic4g/oneclickroot/OneClickRootCWM3.0.2.5-EC05.zip
EXT4/RFS Conversion:
For converting RFS to EXT4 or EXT4 to RFS please see this post by chris41g: Rfs2Ext4 and Ext42Rfs CWM 3.0.25 flashable zips. These will work fine with ClockworkMod 3.1.0.1
k0nane said:
FYI, the EXT4 conversion script is not necessary if you are flashing a ROM that properly formats to EXT4, unless you plan to keep data (which isn't recommended coming from stock anyway, use MyBackup Root if you must). Currently, only SRF, Bonsai, and the journal-off version of midNIGHT (I have not checked 5.3) do this. Other ROMs only use delete_recursive() in their updater-script - so flashing them will work, but you'll get RFS!
Click to expand...
Click to collapse
If you are flashing a new rom please make sure you check or ask if you need to take additional steps to convert your filesystem.
Here is sample output from a run in Linux. Windows and Mac OSX should be similar. You may or may not get "sudo: adb: command not found" but it is ok so long as the script runs correctly. Getting the error is dependent on how your environment is set up. If you get any other errors you will need to run the script again.
[email protected]:~/Desktop/OneClickRootCWM3.0.2.5-EC05$ ./run.sh
One Click Root & CWM 3.0.2.5 for the Epic 4G
Updated and tweaked by Rodderik and DRockstar 5/10/2011
Original one click by joeykrim and one click installer by noobnl and firon
busybox by skeeterslint
Huge credits go out to:
koush - dual fs recovery binary
DRockstar - recovery kernel build
Press any key to continue...Starting adb server
sudo: adb: command not found
sudo: adb: command not found
Copy and run the exploit (may take up to two minutes)
98 KB/s (5392 bytes in 0.053s)
0 KB/s (43 bytes in 0.044s)
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[+] RLIMIT_NPROC={2662, 2662}
[*] Searching for adb ...
[+] Found adb as PID 2974
[*] Spawning children. Dont type anything and wait for reset!
[*]
[*] If you like what we are doing you can send us PayPal money to
[*] [email protected] so we can compensate time, effort and HW costs.
[*] If you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 USD!
[*]
[*] adb connection will be reset. restart adb server on desktop and re-login.
Wait for phone to reconnect...
Mount system as r/w, cleanup old files, do some basic configuration
96 KB/s (4793 bytes in 0.048s)
Copying files onto phone...
499 KB/s (26264 bytes in 0.051s)
2097 KB/s (196521 bytes in 0.091s)
2048 KB/s (927544 bytes in 0.442s)
6 KB/s (327 bytes in 0.052s)
Setting permissions...
Installing busybox...
Installing clockworkmod redirector
108 KB/s (6535 bytes in 0.059s)
push: recoveryfiles/etc/recovery.fstab -> /system/bin/recoveryfiles/etc/recovery.fstab
push: recoveryfiles/sdparted -> /system/bin/recoveryfiles/sdparted
push: recoveryfiles/mountums -> /system/bin/recoveryfiles/mountums
push: recoveryfiles/umountums -> /system/bin/recoveryfiles/umountums
push: recoveryfiles/fix_permissions -> /system/bin/recoveryfiles/fix_permissions
push: recoveryfiles/recovery -> /system/bin/recoveryfiles/recovery
push: recoveryfiles/tune2fs -> /system/bin/recoveryfiles/tune2fs
push: recoveryfiles/recovery_wrapper -> /system/bin/recoveryfiles/recovery_wrapper
push: recoveryfiles/nandroid-md5.sh -> /system/bin/recoveryfiles/nandroid-md5.sh
push: recoveryfiles/killrecovery.sh -> /system/bin/recoveryfiles/killrecovery.sh
push: recoveryfiles/e2fsck -> /system/bin/recoveryfiles/e2fsck
push: recoveryfiles/parted -> /system/bin/recoveryfiles/parted
push: recoveryfiles/adbd -> /system/bin/recoveryfiles/adbd
push: recoveryfiles/postrecoveryboot.sh -> /system/bin/recoveryfiles/postrecoveryboot.sh
14 files pushed. 0 files skipped.
1538 KB/s (2018303 bytes in 1.280s)
push: recoveryfiles/etc/recovery.fstab -> /system/bin/recoveryfiles/etc/recovery.fstab
1 file pushed. 0 files skipped.
8 KB/s (515 bytes in 0.060s)
push: recoveryres/images/progress_bar_empty_right_round.png -> /system/bin/recoveryres/images/progress_bar_empty_right_round.png
push: recoveryres/images/icon_clockwork.png -> /system/bin/recoveryres/images/icon_clockwork.png
push: recoveryres/images/icon_error.png -> /system/bin/recoveryres/images/icon_error.png
push: recoveryres/images/indeterminate2.png -> /system/bin/recoveryres/images/indeterminate2.png
push: recoveryres/images/progress_empty.png -> /system/bin/recoveryres/images/progress_empty.png
push: recoveryres/images/progress_fill.png -> /system/bin/recoveryres/images/progress_fill.png
push: recoveryres/images/progress_bar_fill.png -> /system/bin/recoveryres/images/progress_bar_fill.png
push: recoveryres/images/icon_firmware_install.png -> /system/bin/recoveryres/images/icon_firmware_install.png
push: recoveryres/images/progress_bar_empty_left_round.png -> /system/bin/recoveryres/images/progress_bar_empty_left_round.png
push: recoveryres/images/icon_firmware_error.png -> /system/bin/recoveryres/images/icon_firmware_error.png
push: recoveryres/images/icon_installing.png -> /system/bin/recoveryres/images/icon_installing.png
push: recoveryres/images/progress_bar_left_round.png -> /system/bin/recoveryres/images/progress_bar_left_round.png
push: recoveryres/images/indeterminate3.png -> /system/bin/recoveryres/images/indeterminate3.png
push: recoveryres/images/progress_bar_right_round.png -> /system/bin/recoveryres/images/progress_bar_right_round.png
push: recoveryres/images/progress_bar_empty.png -> /system/bin/recoveryres/images/progress_bar_empty.png
push: recoveryres/images/indeterminate6.png -> /system/bin/recoveryres/images/indeterminate6.png
push: recoveryres/images/indeterminate4.png -> /system/bin/recoveryres/images/indeterminate4.png
push: recoveryres/images/indeterminate5.png -> /system/bin/recoveryres/images/indeterminate5.png
push: recoveryres/images/indeterminate1.png -> /system/bin/recoveryres/images/indeterminate1.png
push: recoveryres/keys -> /system/bin/recoveryres/keys
20 files pushed. 0 files skipped.
78 KB/s (81069 bytes in 1.010s)
Installing clockworkmod recovery...
794 KB/s (66884 bytes in 0.082s)
3213 KB/s (5478824 bytes in 1.664s)
Cleaning up files...
sudo: adb: command not found
All done!
If your phone did not reboot or root does not
work correctly. Please rerun the script.
Press any key to exit the script.
[email protected]:~/Desktop/OneClickRootCWM3.0.2.5-EC05$
Click to expand...
Click to collapse
Thats pretty baller!!! Thanks hotrod!!
Hehe, it's about time, this needs sticky at top of the dev board!
Great work, Rodderik spent some time learning root and the cwm redirector, to make this happen.... I think we both have tweaked it out, so that anyone on any computer can use it, now
I've been waiting for a single solution for a long time now, so I'm very glad to see it happen.
DRockstar said:
Hehe, it's about time, this needs sticky at top of the dev board!
Great work, Rodderik spent some time learning root and the cwm redirector, to make this happen.... I think we both have tweaked it out, so that anyone on any computer can use it, now
I've been waiting for a single solution for a long time now, so I'm very glad to see it happen.
Click to expand...
Click to collapse
Yeah buddy! I couldn't have done it without your work and help. Thanks a bunch and I can't wait for the AIO.
Rodderik & drockstar, you both rock and thank you.
If 3.0.2.8 that comes in bonsai doesn't workout for me, its nice to have another option......thanks again
Nice work........
Rodderik said:
EXT4 Conversion (and RFS soon):
If you want to convert to EXT4 you can use this script from Dameon87. There are two ways you can use it. Please read the all the steps below before attempting conversion. Failure to read all the steps ahead of time and putting all the files needed on your sdcard can result in an unbootable device.
Click to expand...
Click to collapse
So I have a suggestion that 'may' help w/ this..
my wife's Transform has a version of CWM that has an integrated terminal option in the main menu. you open terminal and type "RFS" or "EXT4" into the window w/ the keyboard and it will auto convert to either file system..
I'm not sure how they do this, but I'm wondering if during the install of CWM, maybe you can push the required files to the SD card and make menu options that will perform the operations using the files that were pushed to the SD card during install ??
I don't know a whole lot about this stuff, but It was something that popped into my (sometimes filled w/ cob webs) head. LOL..
Excellent work BTW
FYI, the EXT4 conversion script is not necessary if you are flashing a ROM that properly formats to EXT4, unless you plan to keep data (which isn't recommended coming from stock anyway, use MyBackup Root if you must). Currently, only SRF, Bonsai, and the journal-off version of midNIGHT (I have not checked 5.3) do this. Other ROMs only use delete_recursive() in their updater-script - so flashing them will work, but you'll get RFS!
EDIT: And, lots of credit to tanimn for tireless hard work on this project.
Wow. You guys never seem to amaze me. Thank you all. Thanks for your input ko about the roms doing this. That will help save people a step. You guys rock man.
Btw... this should be a sticky
Sent From My Evo Killer!
k0nane said:
FYI, the EXT4 conversion script is not necessary if you are flashing a ROM that properly formats to EXT4, unless you plan to keep data (which isn't recommended coming from stock anyway, use MyBackup Root if you must). Currently, only SRF, Bonsai, and the journal-off version of midNIGHT (I have not checked 5.3) do this. Other ROMs only use delete_recursive() in their updater-script - so flashing them will work, but you'll get RFS!
EDIT: And, lots of credit to tanimn for tireless hard work on this project.
Click to expand...
Click to collapse
Quoted your post in the OP and added tanimn to credits. Thanks K0nane for pointing this out.
@Rodderick, or DRockstar, quick question please.
I installed per your instructions. Then once I rebooted, I installed RomManager. But I reboot into recovery from within RomManager, it takes you to cwm-3.0.0.6. Isn't it supposed to take you to cwm-3.0.2.5? Also, is the cwm3.0.2.5 in DRockstar's thread the updated version of cwm3.0.2.5? If not, can we get a flashable .zip of the updated cwm3.0.2.5 please?
sniperkill said:
I installed per your instructions. Then once I rebooted, I installed RomManager. But I reboot into recovery from within RomManager, it takes you to cwm-3.0.0.6. Isn't it supposed to take you to cwm-3.0.2.5? Also, is the cwm3.0.2.5 in DRockstar's thread the updated version of cwm3.0.2.5? If not, can we get a flashable .zip of the updated cwm3.0.2.5 please?
Click to expand...
Click to collapse
if you install rom manager and click flash clockworkmod recovery and select epic4g it says that the epic doesn't have an officially supported cwm yet but allows you to manually say yes and this should allow rom manager to work...this is all we can do until koush gets back in town to make the change to rom manager for us but he did compile this cwm recovery binary for us so it is official. it just required some tweaking by DRockstar and tanimn and a few of the other devs to get it all working correctly.
Rodderik said:
if you install rom manager and click flash clockworkmod recovery and select epic4g it says that the epic doesn't have an officially supported cwm yet but allows you to manually say yes and this should allow rom manager to work...this is all we can do until koush gets back in town to make the change to rom manager for us but he did compile this cwm recovery binary for us so it is official. it just required some tweaking by DRockstar and tanimn and a few of the other devs to get it all working correctly.
Click to expand...
Click to collapse
Thanks for the quick reply. But yes, I did do all that with RomManager, but it still takes me to cwm-3.0.0.6. But, if I shut it down, then 3 fingure boot, that takes me to cwm-3.0.2.5... Also, I greatly appreciate all the hard work you guy's do, so dont take me wrong, i'm deffinatly not complaining.. I love all the work you guys do!!!
sniperkill said:
Thanks for the quick reply. But yes, I did do all that with RomManager, but it still takes me to cwm-3.0.0.6. But, if I shut it down, then 3 fingure boot, that takes me to cwm-3.0.2.5...
Click to expand...
Click to collapse
what kernel are you using? if the kernel hasn't been updated and you flashed after the one click process then rom manager will boot whatever recovery comes with your kernel. 3.0.2.5 should still be one bml8 for 3 finger boots unless the rom reflashes that as well. run the one click again now after you are all setup and rom manager should boot into 3.0.2.5
Rodderik said:
what kernel are you using? if the kernel hasn't been updated and you flashed after the one click process then rom manager will boot whatever recovery comes with your kernel. 3.0.2.5 should still be one bml8 for 3 finger boots unless the rom reflashes that as well. run the one click again now after you are all setup and rom manager should boot into 3.0.2.5
Click to expand...
Click to collapse
Nice catch, I didnt even think about that. And yes, I did flash midnight-5.3.. So, imma have to figure another route.
On another note, does this OneClickRoot cwm-3.0.2.5 work with the official EC05?
Also, if you run the OneClickRoot cwm3.0.2.5 more than once, does it just overwrite the previously written files from running it the first time?
sniperkill said:
Nice catch, I didnt even think about that. And yes, I did flash midnight-5.3.. So, imma have to figure another route.
On another note, does this OneClickRoot cwm-3.0.2.5 work with the official EC05?
Also, if you run the OneClickRoot cwm3.0.2.5 more than once, does it just overwrite the previously written files from running it the first time?
Click to expand...
Click to collapse
i think i just got a bad flash testing this for you...i loaded eb13 and will ota to EC05 but it was tested to work.
Rodderik said:
i think i just got a bad flash testing this for you...i loaded eb13 and will ota to EC05 but it was tested to work.
Click to expand...
Click to collapse
Im sorry man, you dont gotta do that for me, as I'm sure I'll figure it all out. I'm pretty good at most of this kinda stuff. Fix your phone and keep up the great work buddy!!
sniperkill said:
Im sorry man, you dont gotta do that for me, as I'm sure I'll figure it all out. I'm pretty good at most of this kinda stuff. Fix your phone and keep up the great work buddy!!
Click to expand...
Click to collapse
it's all good...i did the OTA to EC05 again and verified the one click root does work. being as how the OTA is odexed I know my kernel refuses to boot it as ext4 (its the only scenario it wont boot) i'm going to restore my nandroid and rerun the one click but we might have to wait until kernels are updated
i'll let you know shortly
ok so i figured out we should just wait until you favorite kernels update to the new CWM as to keep the issues to a minimum. you can try to run the one click again but it all depends on how your favorite kernel handles recovery. the safest bet will be to wait until they have a chance to update them.

[Tutorial] How To Logcat

Here's how to use logcat:
There are two main ways to do a logcat, within android, and through adb.
Logcat within android can be done one of two ways, through a Logcat app:
Here are two good examples are either: aLogcat or Catlog
I prefer catlog, because in my opinion it has a little bit nicer UI. Both of these programs can dump their logs to a txt file, which is very useful for debugging. Or, you can do it in terminal emulator (same rules as running through adb(see below))
From Moscow Desire:
Moscow Desire said:
Just a little more info when doing logcat.
Remember, Logcat will run till you end the session. And it won't always create the file till you do so. It's possible you may not see the logfile for a minute or so.
Edit: For phones/tablets with internal storage & external sd:
(note that the location naming convention may be different depending on device)
Open your terminal app;
Type: logcat > /sdcard/logcat.txt (this should create it in internal memory on the tablet)
To send to ext sd card: logcat > /mnt/external_sd/logcat.txt
I use a tablet for example Phones may have a different naming convention.
MD
Click to expand...
Click to collapse
On the other hand, using adb to run logcat, in my opinion is much more useful, because you can start using it when android boots (i.e. once the boot animation appears.)
The code for logcat to output to a file is
Code:
adb logcat > name of problem.txt
you can also do
Code:
adb logcat -f name of problem.txt
how I prefer to do it is this way:
Code:
adb logcat -v long > name of problem.txt
with the -v flag & the long argument, it changes output to long style, which means every line of logcat will be on its own line (makes it a little neater, imo)
Note: When outputting to a file, you will see a newline, but nothing printed, this is normal. To stop logcat from writting to a file, you need to press ctrl+c.
Here's where using logcat (via adb makes life really easy)
Lets say you find a problem you're having after looking at a logcat.
For example:
When I was trying to use a different ramdisk, wifi wouldn't work so I got a logcat that's almost 1300 lines long (a lot of stuff happens in the background)
So if you are searching for an error in the logcat file (it's always e/ for error, f/ for fatal. Those are the two main things that will break a system.)
Code:
D/dalvikvm( 871): GC_CONCURRENT freed 472K, 6% free 10224K/10823K, paused 1ms+6ms
V/AmazonAppstore.DiskInspectorServiceImpl( 871): Available blocks: 21981, Block size: 4096, Free: 90034176, Threshold: 5242880, withinThreshold? true
D/AmazonAppstore.UpdateService( 871): Received action: null from intent: Intent { cmp=com.amazon.venezia/com.amazon.mas.client.framework.UpdateService }
W/AmazonAppstore.UpdateService( 871): Confused about why I'm running with this intent action: null from intent: Intent { cmp=com.amazon.venezia/com.amazon.mas.client.framework.UpdateService }
D/dalvikvm( 890): GC_CONCURRENT freed 175K, 4% free 9375K/9671K, paused 2ms+3ms
V/AmazonAppstore.ReferenceCounter( 871): Reference (MASLoggerDB) count has gone to 0. Closing referenced object.
E/WifiStateMachine( 203): Failed to reload STA firmware java.lang.IllegalStateException: Error communicating to native daemon
V/AmazonAppstore.UpdateService( 871): runUpdateCommand doInBackground started.
V/AmazonAppstore.UpdateService( 871): Running UpdateCommand: digitalLocker
V/AmazonAppstore.UpdateCommand( 871): Not updating key: digitalLocker from: 1334228488057
V/AmazonAppstore.UpdateService( 871): Finished UpdateCommand: digitalLocker
V/AmazonAppstore.UpdateService( 871): Running UpdateCommand: serviceConfig
V/AmazonAppstore.MASLoggerDB( 871): performLogMetric: Metric logged: ResponseTimeMetric [fullName=com.amazon.venezia.VeneziaApplication_onCreate, build=release-2.3, date=Wed Apr 11 13:10:55 CDT 2012, count=1, value=1601.0]
V/AmazonAppstore.MASLoggerDB( 871): onBackgroundTaskSucceeded: Metric logged: ResponseTimeMetric [fullName=com.amazon.venezia.VeneziaApplication_onCreate, build=release-2.3, date=Wed Apr 11 13:10:55 CDT 2012, count=1, value=1601.0]
W/CommandListener( 118): Failed to retrieve HW addr for eth0 (No such device)
D/CommandListener( 118): Setting iface cfg
D/NetworkManagementService( 203): rsp
D/NetworkManagementService( 203): flags
E/WifiStateMachine( 203): Unable to change interface settings: java.lang.IllegalStateException: Unable to communicate with native daemon to interface setcfg - com.android.server.NativeDaemonConnectorException: Cmd {interface setcfg eth0 0.0.0.0 0 [down]} failed with code 400 : {Failed to set address (No such device)}
W/PackageParser( 203): Unknown element under : supports-screen at /mnt/asec/com.android.aldiko-1/pkg.apk Binary XML file line #16
D/wpa_supplicant( 930): wpa_supplicant v0.8.x
D/wpa_supplicant( 930): random: Trying to read entropy from /dev/random
D/wpa_supplicant( 930): Initializing interface 'eth0' conf '/data/misc/wifi/wpa_supplicant.conf' driver 'wext' ctrl_interface 'N/A' bridge 'N/A'
D/wpa_supplicant( 930): Configuration file '/data/misc/wifi/wpa_supplicant.conf' -> '/data/misc/wifi/wpa_supplicant.conf'
D/wpa_supplicant( 930): Reading configuration file '/data/misc/wifi/wpa_supplicant.conf'
D/wpa_supplicant( 930): ctrl_interface='eth0'
D/wpa_supplicant( 930): update_config=1
D/wpa_supplicant( 930): Line: 4 - start of a new network block
D/wpa_supplicant( 930): key_mgmt: 0x4
(mind you, that's 29 lines out of 1300ish, just for example)
I then could do the following with logcat:
Code:
adb logcat WifiStateMachine:E *:S -v long > name of problem.txt
and this will only print out any errors associated with WifiStateMachine, and anything which is fatal, which makes it about a million times easier to figure out what's going on!
In WifiStateMachine:E, the :E = to look for Errors, the full list of options is as follows:
V — Verbose (lowest priority)
D — Debug
I — Info (default priority)
W — Warning
E — Error
F — Fatal
S — Silent (highest priority, on which nothing is ever printed)
You can replace the :E with any other letter from above to get more info.
In order to filter out anything other than what you are looking for (in this case, WifiStateMachine) you must put a *:S after your last command (i.e. WifiStateMachine:E ThemeChoose:V ... ... AndroidRuntime:E *:S)
Sources: http://developer.android.com/tools/help/logcat.html
http://developer.android.com/tools/help/adb.html
Update for windows users:
Thank go to FuzzyMeep Two, Here's what he's posted for windows
FuzzyMeep Two said:
I have made a tool to simplify this for people. I will send you the .bat version, to see the validity of the file, and post the .exe for everyone else.
http://logcat-tool.googlecode.com/files/logcatHELPER.exe
I made this in about a half hour, so if you fnd any issues let me know. I believe i worked out all functionality issues, and do plan on expanding functionality in the future.
Click to expand...
Click to collapse
(If you used his tool, here's his post, thank him for his work!)
Very nicely done, now i have something i can refer people to
Perfect tutorial. Well done. ... I'll translate your tutorial into my language to share it other people.
pRo_lama said:
Perfect tutorial. Well done. ... I'll translate your tutorial into my language to share it other people.
Click to expand...
Click to collapse
Thank you! And thanks for taking your time to translate it!
If you need me to clarify anything shoot me a PM, and I'll help! (Same goes for anybody else interested in porting to their language)
Pax
Very nice, but I do have a question (and I started programming for Android recently): What do you do when the system reboots while debugging (in my case musb_hdrc.ko)? I tried catlog, but the logs are empty... Is there another way to do that?
Thank you in advance
Krain said:
Very nice, but I do have a question (and I started programming for Android recently): What do you do when the system reboots while debugging (in my case musb_hdrc.ko)? I tried catlog, but the logs are empty... Is there another way to do that?
Thank you in advance
Click to expand...
Click to collapse
Use adb instead of an in-android method to capture the logs, you can start when the boot animation starts (note: Not when the kernel splash screen appears) and when it reboots, it'll automatically end. (i.e. run the following in command prompt:
Code:
adb logcat *:E > oh_nos_it_crashed.txt
)
If you're not getting to the boot animation (keeps cycling on the Kernel splash screen) then you have kernel issues, and you need a kernel that has integrated last_kmsg (a whole different ball of wax that I'm still learning about) to figure out what's going on. (kmesg's are direct kernel output)
Maybe if someone like AdamOutler (or any other Dev who has a much better handle on them than myself) were to explain them, it'd help
Pax
Hey man regarding your guide .
I was testing a built of cm9 from my htc one v and it wasnt booting so the dev told me to do a logcat for it .
Just wondering what the process and commands would be?
Thanks.
Just a little more info when doing logcat.
Remember, Logcat will run till you end the session. And it won't always create the file till you do so. It's possible you may not see the logfile for a minute or so.
But what if you can't connect ADB to your device? You can do this
(note that the location naming convention may be different depending on device)
Open your terminal app;
Type: logcat > /sdcard/logcat.txt (this should create it in internal memory on the tablet)
To send to ext sd card: logcat > /mnt/external_sd/logcat.txt
I use a tablet for example Phones may have a different naming convention.
Nice definition of the display terminology
MD
tranceph0rmer said:
Hey man regarding your guide .
I was testing a built of cm9 from my htc one v and it wasnt booting so the dev told me to do a logcat for it .
Just wondering what the process and commands would be?
Thanks.
Click to expand...
Click to collapse
What you'll wanna do is run the following,
Code:
adb logcat *:E > crash.txt
And look at the output file specifically for lines that say 0x0deadbaad (if you see that, that means there's a problem with the Java libraries it references above it) otherwise look for other F/ lines, that'll point you in the right direction.
If you're having issues where and is not accessible for to buy having USB debugging turned off because of doing a /data wipe (factory data reset) first install a similar Rom (in your case, a prior, stable CM9, boot into it, turn on usb debugging, reboot into recovery & only write /cache & dalvik cache before installing the offending Rom & getting your logcat (sorry if I rambled, just got done working a double )
Pax
Sent from my R800x using Tapatalk 2
Moscow Desire said:
Just a little more info when doing logcat.
Remember, Logcat will run till you end the session. And it won't always create the file till you do so. It's possible you may not see the logfile for a minute or so.
But what if you can't connect ADB to your device? You can do this
(note that the location naming convention may be different depending on device)
Open your terminal app;
Type: logcat > /sdcard/logcat.txt (this should create it in internal memory on the tablet)
To send to ext sd card: logcat > /mnt/external_sd/logcat.txt
I use a tablet for example Phones may have a different naming convention.
Nice definition of the display terminology
MD
Click to expand...
Click to collapse
Thanks, MD!
The problem is when you can't access terminal (bootloops, fc'ing like it's going out of style, etc.) that adb is really useful. Sometimes to trick the system into working, you can (esp with AOSP based roms) install a same version of android (I.e. 4.0.4) & not wipe /data (after turning on usb debugging) & still have an access (I learned this after spending about 2-3 months crack flashing my own builds & getting tired of titanium restoring all my apps)
Pax
Sent from my R800x using Tapatalk 2
Great guide, thanks! Found it through the portal. I just added to my sig so maybe it will help stop some of those questions.
paxChristos said:
What you'll wanna do is run the following,
Code:
adb logcat *:E > crash.txt
And look at the output file specifically for lines that say 0x0deadbaad (if you see that, that means there's a problem with the Java libraries it references above it) otherwise look for other F/ lines, that'll point you in the right direction.
If you're having issues where and is not accessible for to buy having USB debugging turned off because of doing a /data wipe (factory data reset) first install a similar Rom (in your case, a prior, stable CM9, boot into it, turn on usb debugging, reboot into recovery & only write /cache & dalvik cache before installing the offending Rom & getting your logcat (sorry if I rambled, just got done working a double )
Pax
Sent from my R800x using Tapatalk 2
Click to expand...
Click to collapse
Thanks for the info.
Will do that the next time i get stuck at the boot animation
can anyone tell me how to clear / reset logcat?
Thanks in advance
riteshbendre said:
can anyone tell me how to clear / reset logcat?
Thanks in advance
Click to expand...
Click to collapse
Why would you want to do that?
To my knowledge, the only way logcat is reset is if you reboot your phone.
That's why filtering your results is very helpful, because no matter how long it's been running, you can get the info that you want without extraneous information
Pax
Thanks for the clarifications
Man thank you so much for the awesome guide!
Now I can actually filter out my logcat results instead of searching through the entire log.
Sent using Tapatalk
Helpful Tool
paxChristos said:
Here's how to use logcat.....
Click to expand...
Click to collapse
I have made a tool to simplify this for people. I will send you the .bat version, to see the validity of the file, and post the .exe for everyone else.
FIXED HUGE ISSUE CAUSING EMPTY FILES
DOWNLOAD
PM or post here if you run into any issues. They WILL be addressed.
I have made a tool to simplify Logcat creation for people. The creation of this tool was inspired, and guided, by the thread started HERE by paxChristos.
UPDATE 4.1
Corrected an issue causing empty files.
apparently, if the process id contained a space ( 1234) the file would parse correctly, but if the numbers came up to the parenthesis (12345) it would output an empty file named ACTIVITY(12345) with no extension.
This was a huge issue, and i apologize for not seeing it sooner. It has been corrected, and the logcat tool works better than ever. I just ran through a 20,000 line logcat without any empty files appearing.
a couple more things to help with stability.
Underscores (_) will be replaced by dashes (-)
Brackets ([]) and arrows (<>) will be replaced with paranthesis(())
-------------------------------------------------------------------------------------------------------------
HUGE UPDATE
Added the ability to "SUPER PARSE" Files, which separates files into folders by log level and creates a TXT file for each activity
Super parse DOES NOT Work with LONG format Logs.
SUPER PARSE is in its infancy I do expect errors, please let me know if you run into anything.
OLD STUFF
EDIT V3.6 DONE
Added ability to filter logcats by activity name. (logcat -s "FILTER")
Fixed Log Level Setting
EDIT V3.5 DONE
NOW PROPERLY PARSES "LONG" FORMAT LOGCATS.
Thank you to Senior Member jes0411 for pointing out the issues that lead me to create V3.4 and 3.5. If any of you have an issue please let me know. It could be hours before i get to it or weeks, but i will get to fixing it.
EDIT V3.4 DONE
Changed the way the date variable was handled to hopefully fix issues experienced by users of non-English versions of windows.
EDIT V3.3 DONE
EDIT V 3.2 Finished
Google code won't allow any new uploads, so i uploaded the new update to XDA in a ZIP file.
Fixed ADB Location settings, some users were having trouble if they input the ADB folder with any quotation marks in the path name, it will now automatically remove quotation marks to ensure correct syntax.
Fixed issue with ADB Location setting not exiting to previous menu.
Fixed issue with Log Level setting not exiting to previous menu.
Capitalized some stuff
Added a feature that will automatically create the selected folder if no output folder exists and the user attempts to run a log.
Added a check when selecting an output folder that will ask if you want the folder created if it does not exist
EDIT V3.1 DONE
FIXED OPTIONS 7 & 8, URLS WERE MISSING A "?"
CHANGELOG EDITS
SAVES AND PARSES FILES IN TO DIFFERENT OUPUT FILES BASED ON LOG LEVEL (E , I , D , W , ETC)
LOGCAT TOOL v1.1 by FuzzyMeep TWO
I made this in about a half hour, so if you fnd any issues let me know. I believe i worked out all functionality issues, and do plan on expanding functionality in the future.
reposted HERE
Edit: source here.
Batch Source
EDIT: UPDATED TO V1.1
added the framework to add filtering to your logcat, it is in the exe, but not utilized yet (still bugy). i have also worked out a few minor bugs in this release.
Very nice tut. Will try
thanks a ton for the in depth guide. I was always fairly confused on how to approach this, so now I'll have something to refer to in order to help all of the awesome devs here.
mcmb03 said:
thanks a ton for the in depth guide. I was always fairly confused on how to approach this, so now I'll have something to refer to in order to help all of the awesome devs here.
Click to expand...
Click to collapse
+1

[Q] What is the "Package Manager"? And why is it not running on my phone?

I've tried to use a couple apps to disable certain services on my phone - but they have not worked. (I have tried DisableService and MyAndroidTools)
When I try to use those apps, the SuperSU log gives the following output:
Code:
pm disable com.google.android.gms/com.google.android.gms.wearable.service.WearableService
exit
Error: Could not access the Package Manager. Is the system running?
I'm still trying to figure out what the "Package Manager" is, and why it seems to be missing/not running on my device.
Is the Package Manager part of the ROM, or the kernel, or what?
For reference, I have an AT&T SGS4, running a custom Lollipop ROM (GoldenEye53)
Thanks!
sac02 said:
I've tried to use a couple apps to disable certain services on my phone - but they have not worked.
When I try to use those apps, the SuperSU log gives the following output:
Code:
pm disable com.google.android.gms/com.google.android.gms.wearable.service.WearableService
exit
Error: Could not access the Package Manager. Is the system running?
I'm still trying to figure out what the "Package Manager" is, and why it seems to be missing/not running on my device.
Is the Package Manager part of the ROM, or the kernel, or what?
For reference, I have an AT&T SGS4, running a custom Lollipop ROM (GoldenEye53)
Thanks!
Click to expand...
Click to collapse
Package Manager it is the service which can install an apk on your phone (it's like an apk reader if you know what i mean)
but about the error i don't know why this message come to you ...but don't try to stop necessary services !!it could brick your ROM my friend
Hmm, so if I can install an apk (I definitely can) then that should be evidence that I have functioning Package Manager?
So I wonder what the issue is with these apps... or my phone...
Also, I am going to be very very careful with disabling services. I only plan to disable services that are:
1. Affecting my phone negatively (waking and looking for wearable devices that I do not use would be an example), and
2. Are confirmed OK to disable based on research. I will not disable anything I am not certain is safe.
Thanks for your help.
I've got the same setup as you with the phone, rom, app, and error message. I haven't figured out what the problem is yet.
Sent from my SGH-I337 using Tapatalk
I know you said you tried a couple apps, but maybe try using the Xposed module Amplify? That is, if you have the Xposed Framework installed.
Try killing system_server first then run your command. It might work. Here's how to do
Code:
su -c pkill system_server
It will fast-reboot your phone, Then run your command
samsungrockz said:
Try killing system_server first then run your command. It might work. Here's how to do
Code:
su -c pkill system_server
It will fast-reboot your phone, Then run your command
Click to expand...
Click to collapse
It doesn't recognize this command
Code:
[email protected]:/ # su -c pkill system_server
tmp-mksh: pkill: not found
If I try kill it requires process number, not name
Code:
127|[email protected]:/ # kill system_server
tmp-mksh: kill: system_server: arguments must be jobs or process IDs
Suncatcher16 said:
It doesn't recognize this command
Code:
[email protected]:/ # su -c pkill system_server
tmp-mksh: pkill: not found
If I try kill it requires process number, not name
Code:
127|[email protected]:/ # kill system_server
tmp-mksh: kill: system_server: arguments must be jobs or process IDs
Click to expand...
Click to collapse
kill doesn't take process names, it takes process IDs
simply use
Code:
su
ps|grep system_server
you will see the system_server process with an ID, 3 to 5 digit numbers like 16458
then "kill 16458"
and pkill isn't recognized probably because of busybox (installs bunch of useful command tools on your system), install an busybox installer from playstore, install busybox then try again.
samsungrockz said:
kill doesn't take process names, it takes process IDs
simply use
Code:
su
ps|grep system_server
you will see the system_server process with an ID, 3 to 5 digit numbers like 16458
then "kill 16458"
and pkill isn't recognized probably because of busybox (installs bunch of useful command tools on your system), install an busybox installer from playstore, install busybox then try again.
Click to expand...
Click to collapse
No, I have bysybox. Maybe this command exists only in Pro-version?
Nevertheless, I already solved the problem by rerooting with another su binary.
Suncatcher16 said:
No, I have bysybox. Maybe this command exists only in Pro-version?
Nevertheless, I already solved the problem by rerooting with another su binary.
Click to expand...
Click to collapse
good to hear that

[HOWTO] Unlock TF700T in 2020

UPDATE: Asus has updated the servers. Older protocols for HTTPS, which are required for older Android versions, are no longer supported. Unfortunately, some additional steps are needed for the unlock now. See this post for step by step instructions.
I recently got my hands on a Asus TF700T with a locked boot loader. The official unlock app did not work, so I took a closer look. What I found is that the Asus servers are still up and running, but connection fails due to certificate pinning. And that can be dealt with
So here are the instructions:
The device must be rooted. KingoRoot (the app) worked for me.
Download the unlock bundle from the link below. I didn't find a way to directly attach files here.
Copy both apks to /system/app, change the permission to 0644
For this, a remount of the system partition may be needed:
mount -o remount,rw -t ext4 /dev/block/mmcblk0p1 /system
DMClient.apk replaces the original DMClient.apk and DMClient.odex (i.e. you have to rename/move/delete the .odex file)
The modified unlock app cannot be installed like any other and must be installed that way
Reboot the device. On startup Android shows that one app is optimized (that's DMClient). The unlock app is now installed.
Use the unlock app. Google account does not matter.
Watch logcat to get some more information on what the unlock app does. On success the device immediately reboots, so redirect adb logcat to a file if you want to keep the log.
I only tested on a TF700T with WW SKU, V10.6.1.14.10. I assume that other firmware versions work as well.
The unlock app for TF700T also supports TF201, TF300T, TF300TG, and TF300TL, but a modified DMClient is needed.
In case something goes wrong and your device gets stuck at the boot screen, this advice may be helpful:
Bricked my Asus TF300T? Manual JB update
First, my device failed to get the OTA Update because I deleted some system apps (see my original post). Then I found this post where another user restored original APKs in /system/apps and manage...
android.stackexchange.com
(thanks @DieAbrissbirne)
Download links
Unlock app and DMClient for TF700T
https://leo.pfweb.eu/dl/OaKdx
Spoiler: Successfully used on
WW_epad-10.6.1.14.10
JOP40D.US_epad-10.6.1.14.10-20130801
DMClient for TF300T
https://leo.pfweb.eu/dl/vUHnp
DMClient for TF300TG
https://leo.pfweb.eu/dl/xphHy
DMClient for TF201
https://leo.pfweb.eu/dl/pKvEA
Spoiler: Successfully used on
WW_epad_10.4.2.17
---------------------------------------------------------------------
Unlock app and DMClient for TF701T
https://leo.pfweb.eu/dl/2AcpB
DMClient for ME301T (also seems to work for ME302KL)
https://leo.pfweb.eu/dl/uiJPN
Dealing with this same issue, but can't get your method to work... Do I need to already have the v7 unlock tool installed before this? And do I just remove the DMClient.odex file from /system/app since there is only the replacement file for DMClient.apk?
Any help is appreciated!
You don't need the original unlock app. I recommend uninstalling it. DMClient.odex is not needed, you can rename or delete it. I don't know what happens if you keep it as is.
At which point does it fail?
Is the unlock app installed after restart? If not, check the permissions of both files. It must be 644 (-rw-r--r--).
If you can start the modified unlock app: Do you get an error message? Is there anything relevant in logcat (search for "unlock")? Is the internet connection ok?
Code:
-rw-r--r-- root root 442064 2020-09-02 22:19 UnLock_App_V7_update.apk
Removed both DMClient.apk and .odex and don't have any original unlock apps installed. But I don't have the modified unlock app installed after restart.
Which firmware version do you have?
The permissions look good. Basically all apks in /system/app should have the same owner and permissions.
If I understand correctly, you have removed the original DMClient.apk and DMClient.odex and copied the modified one from the download. Is the permission correct?
If permissions are ok, it's hard to say, what is wrong. I would suggest to rename UnLock_App_V7_update.apk to something else (maybe unlock.apk) and reboot the device. This forces a reinstall. Best would be if you could watch logcat during startup. The log will tell you why the installation fails.
Edit: Are you sure, the app is not installed? Depending on the locale it may not be literally translated as "unlock app". The icon is a gear with a lock.
JOP40D.US_epad-10.6.1.14.10-20130801
Code:
W/ActivityManager( 524): No content provider found for permission revoke: file:///data/local/tmp/UnLock_App_V7_update.apk
W/ActivityManager( 524): No content provider found for permission revoke: file:///data/local/tmp/UnLock_App_V7_update.apk
I/PackageManager( 524): Copying native libraries to /data/app-lib/vmdl1192069982
W/PackageParser( 524): Exception reading classes.dex in /data/app/vmdl1192069982.tmp
W/PackageParser( 524): java.lang.SecurityException: META-INF/MANIFEST.MF has invalid digest for classes.dex in /data/app/vmdl1192069982.tmp
W/PackageParser( 524): at java.util.jar.JarVerifier.invalidDigest(JarVerifier.java:131)
W/PackageParser( 524): at java.util.jar.JarVerifier.access$100(JarVerifier.java:53)
W/PackageParser( 524): at java.util.jar.JarVerifier$VerifierEntry.verify(JarVerifier.java:123)
W/PackageParser( 524): at java.util.jar.JarFile$JarFileInputStream.read(JarFile.java:119)
W/PackageParser( 524): at java.io.BufferedInputStream.read(BufferedInputStream.java:304)
W/PackageParser( 524): at android.content.pm.PackageParser.loadCertificates(PackageParser.java:447)
W/PackageParser( 524): at android.content.pm.PackageParser.collectCertificates(PackageParser.java:634)
W/PackageParser( 524): at com.android.server.pm.PackageManagerService.installPackageLI(PackageManagerService.java:7959)
W/PackageParser( 524): at com.android.server.pm.PackageManagerService.access$1900(PackageManagerService.java:180)
W/PackageParser( 524): at com.android.server.pm.PackageManagerService$5.run(PackageManagerService.java:6108)
W/PackageParser( 524): at android.os.Handler.handleCallback(Handler.java:725)
W/PackageParser( 524): at android.os.Handler.dispatchMessage(Handler.java:92)
W/PackageParser( 524): at android.os.Looper.loop(Looper.java:137)
W/PackageParser( 524): at android.os.HandlerThread.run(HandlerThread.java:60)
E/PackageParser( 524): Package com.asus.unlock has no certificates at entry classes.dex; ignoring!
Does this SO post make sense as the issue? stackoverflow DOT com/questions/44386464/android-app-installation-failed-package-com-my-app-has-no-certificates-at-entry
That's interesting. The app isn't signed at all, that's why "normal install" does not work. But as system app things worked for me and there was no error.
Besides rooting the device I had unlocked developer options and allowed install from unknown sources. But I wouldn't expect these to make any difference.
Is there anything about DMClient in the log? The same applies here. It would be strange if it works for one and not for the other.
Got it to work. After digging a bit deeper into the logs I think it was confused because I had already installed and uninstalled the original unlock tool. It was complaining about the unlock package already existing, etc.
So, I just went all the way back to a factory reset to remove everything and then did your original steps and it worked. I was watching logcat and it didn't say anything about the unlock package for the time it worked too btw. I guess uninstalling the original and restarting wasn't enough to truly get rid of it enough without a factory reset.
Thanks for your help and effort to put this together!
Great! Do you mean, there was no output from the unlock app at all? There should have been some information starting with
Code:
/****Unlock
. However, it does not persist reboot, so you have to watch live or redirect to a file.
I was watching it live and did a find on the output for 'unlock' once it restarted and didn't see anything but I suppose I could have missed it.
It's only a couple of lines so indeed easy to miss. Thanks for the feedback :good:
d.l.i.w said:
It's only a couple of lines so indeed easy to miss. Thanks for the feedback :good:
Click to expand...
Click to collapse
Didn't work for me, unfotunatly . I still get message - "Failed to unlock your device, please try again later".
Device: TF300TG.
FW: WW_epad-10.4.3.9-20121106
Android: 4.1.1
Tried to reset to factory settings. Didn't help either.
Please, tell me - can I use V7 apk with Android 4.2 / 4.2.1 or i need patched version of Unlock_V8.apk ?
I/*** Unlock: request( 2000): h t t p s: //mdm.asus.com/DMServer/DeviceState?id=XXXXXXXXXXXX&AUTH=YYYYYYYYYYYYYYY&ACTION=get
D/dalvikvm( 2000): GC_CONCURRENT freed 269K, 5% free 6796K/7111K, paused 16ms+20ms, total 86ms
D/DMServerUnlock( 2000): index of line: 1
D/DMServerUnlock( 2000): DM Server Response: 0
W/GoogleVerify( 2000): no google account
I/UnLockActivity( 2000): no Google account and pin code
Click to expand...
Click to collapse
Of course, I changed variable values in request URL.
iserver said:
Device: TF300TG
Click to expand...
Click to collapse
Obviously DMClient is specific to each device model. So, the modified DMClient is not compatible with devices other than TF700T.
Is the original firmware for the TF300TG available somewhere? If so, I might be able to create a modified DMClient also for this model, but I can't promise anything.
So I am fairly early into this root / unlock of my new tf700t.
I rooted / unlocked my old tf300t at least 8 years ago now.
I recently dusted it off and immediately after getting 7.1.2 installed on it and having it set up just right, stepped on it by accident.
So I bought a tf700t and have been trying to root it for a whole day with out success....
I have successfully upgraded the boot loader from 10.4.4.25 to WW 10.6.1.14.8 and gotten Motochopper to root.
Can you go over the tools and method you used to put the two files from the package into the system/apps folder with he new permissions?
When I try and move the files my go-to rooted file explorer (Ghost commander) refuses to change the permissions or move the files.
Is it possible that GhostCommander and TotalCommander simply don't work with the motochopper version of rooting? or am I missing something more fundamental?
I get that given the age of the tablet I will not be able to unlock with the normal v7 unlocker and b/c Asus are bastards.
What a Deus-ex it was to find a post from only a few weeks ago on the topic.
I love XDA.
Down0038 said:
Can you go over the tools and method you used to put the two files from the package into the system/apps folder with he new permissions?
When I try and move the files my go-to rooted file explorer (Ghost commander) refuses to change the permissions or move the files.
Is it possible that GhostCommander and TotalCommander simply don't work with the motochopper version of rooting? or am I missing something more fundamental?
I get that given the age of the tablet I will not be able to unlock with the normal v7 unlocker and b/c Asus are bastards.
Click to expand...
Click to collapse
Total Commander worked for me just fine. It asked if the system partition should be mounted writable and then copied the files. The same with setting permissions.
I used KingoRoot, because Motochopper does not work on the latest firmware, but this shouldn't make any difference. You could try to copy the files via adb shell.
I was quite surprised that the Asus servers are still running and functional. The only issue is that the original unlock app does not trust the new server certificates.
"the device is unlocked"
Thanks for this work! Dusted off an old TF700T, but I'm unable to unlock, with the following logs (grepped for unlock):
Code:
I/ActivityManager( 520): START u0 {act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10200000 cmp=com.asus.unlock/.EulaActivity} from pid 835
I/ActivityManager( 520): Start proc com.asus.unlock for activity com.asus.unlock/.EulaActivity: pid=1715 uid=1000 gids={41000, 3003, 1015, 1028, 3002, 3001, 1006, 3007}
I/ActivityManager( 520): START u0 {cmp=com.asus.unlock/.UnLockActivity} from pid 1715
D/DMServerUnlock( 1715): get DMServer Response retry count = 3
I/*** Unlock: md5 input( 1715): 50465d2a5837unknown8bf0d93b7649a513c736f4016495a5ec5b2ab8a0dm_servernEEd_query_STATe
I/*** Unlock: request( 1715): [url]https://mdm.asus.com/DMServer/DeviceState?id=50465d2a5837&AUTH=OsYXBMvoh62t24Ukl025Lw&ACTION=get[/url]
D/DMServerUnlock( 1715): index of line: 3
D/DMServerUnlock( 1715): DM Server Response: 105
I/ActivityManager( 520): START u0 {act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10200000 cmp=com.asus.unlock/.EulaActivity} from pid 835
I/UnLockActivity( 1715): ============= UnLockActivity onStart =======================
I/UnLockActivity( 1715): ============= UnLockActivity onResume =======================
D/DMServerUnlock( 1715): get DMServer Response retry count = 3
I/*** Unlock: md5 input( 1715): 50465d2a5837unknown8bf0d93b7649a513c736f4016495a5ec5b2ab8a0dm_servernEEd_query_STATe
I/*** Unlock: request( 1715): [url]https://mdm.asus.com/DMServer/DeviceState?id=50465d2a5837&AUTH=OsYXBMvoh62t24Ukl025Lw&ACTION=get[/url]
D/DMServerUnlock( 1715): index of line: 3
D/DMServerUnlock( 1715): DM Server Response: 105
D/DMServerUnlock( 1715): get DMServer Response retry count = 3
I/*** Unlock: md5 input( 1715): 50465d2a5837unknown8bf0d93b7649a513c736f4016495a5ec5b2ab8a0dm_servernEEd_query_STATe
I/*** Unlock: request( 1715): [url]https://mdm.asus.com/DMServer/DeviceState?id=50465d2a5837&AUTH=OsYXBMvoh62t24Ukl025Lw&ACTION=get[/url]
D/DMServerUnlock( 1715): index of line: 3
D/DMServerUnlock( 1715): DM Server Response: 105
I fear I have one of those TF700's that doesn't have a valid serial number, so it can't unlock?
For me unlock worked, although the Asus website did not recognize the serial number when I tried to register my device.
I don't know what the response 105 means, but this does not necessarily mean an error. It could be that the modified DMClient was not installed correctly.
Which firmware version do you have? Did you do a factory reset before?
d.l.i.w said:
For me unlock worked, although the Asus website did not recognize the serial number when I tried to register my device.
I don't know what the response 105 means, but this does not necessarily mean an error. It could be that the modified DMClient was not installed correctly.
Which firmware version do you have? Did you do a factory reset before?
Click to expand...
Click to collapse
Yes, I factory reset before installing. I had rooted with Kingo Root / Superuser, but had to root via ADB, because I couldn't download and run the apk directly on the tablet after the factory reset. I did allow it to install all the associated root utilities/apps. I used a console/terminal app called "Material Terminal" (by Yaroslav Shevchuk) installed by the play store to su, mv the DMClient and Unlock_App_v7 apk files to /system/app and chmod 0644 them... every reboot shows it "Optimizing the app".
I have Android v 4.2.1 Kernel version 3.1.10-gb1a9af5 dated Aug 1 2013
I'll probably try doing another factory reset, root, and install again just to be sure.
Does someone have a correct version of Kingoroot apk that does work for ICS tf700t please :fingers-crossed:? I tried all i've found it doesnt work
EDIT: Found it
The tutorials works!!! Thank you very much ))
TF700T 4.2.1 - 10.6.1.14.10-20130801

Categories

Resources