[Q] Questions about flashing partitions - Android Software/Hacking General [Developers Only]

Hi,
I know this is not the place for n00b questions but I didn't find answers for these. I own a Moto XT300/Spice and since it is only available in Canada and Brazil the mod support is pretty weak. I'd like to try a few things, like adding the adreno200 3d module to the kernel/load dynamically or even try to update to froyo.
First, what are each partitions on the android device?
boot - where kernel/ramdisk/kernel arguments are kept
system - system data, not modifiable by user, only /data is ?
recovery - kernel/ramdisk/other files booted when pressing power+x on power?
userdata - ?
cache - ?
kpanic - ?
In system there should be a recovery.img that is flashed to the recovery partition at each restart? My moto spice does not have it. Why?
Motorola normally has a locked bootloader. What does this mean? That I can't change the bootloader? That I can't change the boot.img ?
When pressing Power+X and the Alt+L the recovery menu appears. This is the result of booting the recovery partition?
When hard-reseting the phone, boot.img and /system are not restored, just certain folders are wiped? For example, if busybox and su was installed, when hardresetting the phone they would still be there ?
/sdcard/update.zip can be used to restore the state of the phone(with the right update-script, of course). It should be included the boot.img and system/ as well as the META-INF and must be signed. Is sensitive information of the phone included in either boot.img or system that should not be given to others, like the IMEI?
Using the default.prop and build.prob from system could I compile the kernel from source and modify it?
Thanks for any help regarding these topics. I've searched around and most similar threads were not answered.

If you con do it please let me know, i'm a former WM user and know nothing of android or linux (so far)...

snakerdlk said:
Hi,
I know this is not the place for n00b questions but I didn't find answers for these. I own a Moto XT300/Spice and since it is only available in Canada and Brazil the mod support is pretty weak. I'd like to try a few things, like adding the adreno200 3d module to the kernel/load dynamically or even try to update to froyo.
First, what are each partitions on the android device?
boot - where kernel/ramdisk/kernel arguments are kept
system - system data, not modifiable by user, only /data is ?
Click to expand...
Click to collapse
Still no idea...
recovery - kernel/ramdisk/other files booted when pressing power+x on power?
Click to expand...
Click to collapse
YES
userdata - ?
cache - ?
kpanic - ?
In system there should be a recovery.img that is flashed to the recovery partition at each restart? My moto spice does not have it. Why?
Motorola normally has a locked bootloader. What does this mean? That I can't change the bootloader? That I can't change the boot.img ?
Click to expand...
Click to collapse
No idea
When pressing Power+X and the Alt+L the recovery menu appears. This is the result of booting the recovery partition?
Click to expand...
Click to collapse
YES
When hard-reseting the phone, boot.img and /system are not restored, just certain folders are wiped? For example, if busybox and su was installed, when hardresetting the phone they would still be there ?
Click to expand...
Click to collapse
probably..
/sdcard/update.zip can be used to restore the state of the phone(with the right update-script, of course). It should be included the boot.img and system/ as well as the META-INF and must be signed. Is sensitive information of the phone included in either boot.img or system that should not be given to others, like the IMEI?
Click to expand...
Click to collapse
I heard that after signing in to the google account on your phone, system partition may have it... who knows...
Heard of a guy who managed to erase his IMEI. Is this possible ?
Using the default.prop and build.prob from system could I compile the kernel from source and modify it?
Click to expand...
Click to collapse
Don't know, but Clockwork Mod uses the info from the boot.img to setup the build environment...
Thanks for any help regarding these topics. I've searched around and most similar threads were not answered.
Click to expand...
Click to collapse
Yeah, had a feeling such post would not be answered in these forums...

Related

[Q] recovery.img and recovery-from-boot.p

Hi all,
I am trying to make sense of how the android system is made up w.r.t to boot/kernel.
I have been looking at the .img files in the build (I built for the "passion" device), and have been googling around to find some more information about the various .img files.
I ran into a nice HOWTO in android-dls.com 's WIKI, titled HOWTO:_Unpack%2C_Edit%2C_and_Re-Pack_Boot_Images (I'm sorry, I'm a new user so XDA won't allow me to post links. I will try to modify my post a soon as I'm granted permission for that)
but I am afraid it is a little outdated:
I have several questions, but I will try to be brief, so I'll focus on
one of them, and if that works I'll proceed to the next questions, all related to "Android bringup for dummy embedded linux kernel experts".
I am fairly aware of differences between different linux
configurations, and I am very familiar with linux bringup concepts, so I will just use common examples from the linux world as my terminology. Hope it will be clear enough.
I understood that boot.img a combination of a kernel (e.g. bzImage in linux) and an initial ramdisk (e.g. initrd.gz), wrapped by some header, as in common linux kernel loading practice (piggy.o etc.).
Now, the aforementioned HOWTO says that the "recovery" image is built on
the same way, and that it is stored on the target's /system/
recovery.img .
I would assume that this would be compound of the ramdisk-
recovery.img, and some other kernel.
Now, the problem is that:
1. This /system/recovery.img does not exist from what I saw (on my
Motorola XOOM tablet)
2. What does exist is /system/boot-from-recovery.p , which is
created during the boot process in obj/PACKAGING/
recovery_patch_intermediates/recovery_from_boot.p .
I saw tons of posts referring to the files, all said that "in order to
replace the rescue disk image, this file needs to be renamed" - but I
am looking for a way to figure out what it is, and how to extract its
contents.
I assume /system/recovery.img is deprecated, is that correct?
3. I did not see any flash devices in /proc/mtd (which is strange).
I searched for hours before sending this post, so I would appreciate
your help. I also posted a similar message at the google android-building group, but it has not been answered yet, and I got the impression that these forums are more active and can help me get where I need.
If it is not the right place to ask the question please let me know -
I just assume this is a general android concept and not device
specific.
Thanks,
Ron
I meant of course /system/recovery-from-boot.p , and not recovery-from.boot.p
-R
Hi,
I don't know if you managed to find out what "recovery-from-boot.p" is, since this is quite an old post, but I think I'll try to help anyway.
recovery.img is not deprecated at all. From my own experience, it looks like "recovery-from-boot.p" is a protection measure introduced in Gingerbread, but not the recovery itself. What it does is replacing any recovery currently installed on the phone with the default one on every boot.
I discovered it after flashing a custom recovery on my Android 2.3.4 phone. It worked, but just during the first boot. The next time I rebooted the phone, the default recovery image was there again. After browsing several sites, I found that "recovery-from-boot.p" is responsible for that.
So, if you flash a custom recovery image on a Gingerbread phone and want to keep it forever, you must delete this "recovery-from-boot.p" from /system, or at least rename it. That way, your new custom recovery will never get overwritten buy the default one, unless you do it yourself.
I hope this helps you and clarifies this question.
Well, it helped me. I'm new to rooting and just came across mention of this file. I am trying to learn 'why' as well as 'how'', so your post was informative.
Was going to ask a dumb question but I figured it out
i need to delet those files
bigrammy said:
Was going to ask a dumb question but I figured it out
Click to expand...
Click to collapse
Hello
can't delete those files >> i am rooted but every time i delete or rename it take permission then nothing happen >> how i can delete them plsssssssssssssssssssssssssssssssssssssss
recovery from boot p
ahmed morsy said:
Hello
can't delete those files >> i am rooted but every time i delete or rename it take permission then nothing happen >> how i can delete them plsssssssssssssssssssssssssssssssssssssss
Click to expand...
Click to collapse
Hey good day. Did you get your problem fixed...? I have an xt912 it has the same file. For days I've been trying to wipe the phone. Tryed rooting it. I tryed reprogramming it. And I got through with all of that. But everytime the phone boots up it goes back to the same state. Then I used a root browser and while exploring I saw this recovery from boot file. I need help. And I don't think I can downgrade the Motorola phones. Thanks in advance.
jman0 said:
Hi,
I don't know if you managed to find out what "recovery-from-boot.p" is, since this is quite an old post, but I think I'll try to help anyway.
recovery.img is not deprecated at all. From my own experience, it looks like "recovery-from-boot.p" is a protection measure introduced in Gingerbread, but not the recovery itself. What it does is replacing any recovery currently installed on the phone with the default one on every boot.
I discovered it after flashing a custom recovery on my Android 2.3.4 phone. It worked, but just during the first boot. The next time I rebooted the phone, the default recovery image was there again. After browsing several sites, I found that "recovery-from-boot.p" is responsible for that.
So, if you flash a custom recovery image on a Gingerbread phone and want to keep it forever, you must delete this "recovery-from-boot.p" from /system, or at least rename it. That way, your new custom recovery will never get overwritten buy the default one, unless you do it yourself.
I hope this helps you and clarifies this question.
Click to expand...
Click to collapse
i have deleted it . then flash recovery ,, but it failed .. it wont even now go to stock recovery itself.. any help..
Does recovery from boot has to do anything with ota update applying ? or it will cause issues in system update ?
I have recovery-from-boot.p in my system and i cant root my phone i cant change the recovery img ... Help?
I hadn't had to deal with this for some time, perhaps because I've updated my devices (Nexus 4, Nexus 5, Nexus 7 '13) with the factory images, with "-w" removed from flash-all, then flashing CWM's recovery, ensure SuperSU was installed, then continuing. Today, I used the new OTA image on my Hammerhead/N5, and recovery-from-boot.p seems to be up to its old tricks again.
Solution is simple.
Flash your alternate Recovery in fastboot, fastboot flash recovery [recovery image file] . Boot into Recovery. Apply/install root app (typically via sideload). Mount /system. adb shell mv /system/recovery-from-boot.p /system/recovery-from-boot.p.bak. Reboot. Done. (If you're unfamiliar with fastboot, adb, and flashing new recovery partitions, you have some reading to do. Commence RTFM.)
I also used to have to move /system/etc/install-recovery.sh but that seems to be gone in Marshmallow. :} Or moved...?
well, after following a guide I have extracted the system.img from a pure-nexus ROM(The ROM I'm currently using), now I can see that "recovery-from-boot.p" file is responsible for recovery lock in my phone. I'll keep it short and straight to the question
"Can I remove this file and rebuild the .dat file and flash it?, so that I won't have any other problems at all"
I want to know if recovery-from-boot.p file is linked to anything other than just locking the recovery or re-flashing it innumerable times.

[A510/A511] [WIP] Stock ROM dumps - Get back to factory state

As we now have functional recovery options on our tablets, and people will inevitably mess things up with their device, we need to get a way to get your tablets back to factory condition. But I need your help with this!
What do you want?
Here's my idea: We have all seen various ZIPs floating around, most of them leaked from somewhere. The problem with these is that you can't use OTA updates, and I'm not sure what Acer Service Center thinks of custom ROM installs. What I want is to build a list of software that is officially distributed by Acer, is OTA-updateable, etc. For this reason, I want people that have not yet modified their tablets (except root) to provide image dumps of their /system, /boot, /flexrom, and /recovery partition. It's really easy to do, and you'll help yourself and others when they get into trouble.
Can I help?
Answer all of the following questions. If at one point the answer is "Sorry, you can't help", well... You can't help
Is your device unlocked and rooted? Yes - You can help! / No - You can still help, but you need to unlock and root your device.
Do you have the original Acer ROM installed on your device? Yes - You can help! / No - Sorry, you can't help
Have you received the latest OTA updates for your device? Yes - You can help! / No - You can help as well!
Have you removed any apps or files from the /system or /flexrom partition? Yes - Sorry, you can't help / No - You can help!
Have you installed a custom recovery image? Yes - You can still help, as long as everything else is still original / No - You can help!
Okay, so I can help, now what?
If you can and are willing to help (remember, it could save your own ass one day), follow the instructions below. If you get stuck or simply don't know where to start but are willing to help, let us know in this thread and I'm sure we can all help eachother out.
This will not gather any personal data from you. Personal data is stored on the /data partition, which we don't need, so: No worries!
Root your device, if you haven't already.
Connect your tablet to your computer via ADB
Type the following command: adb shell. You are now logged into your tablet. You can exit at any time by typing exit and hitting ENTER.
Type the following command: dd if=/dev/block/mmcblk0p2 of=/sdcard/boot.img. This will copy your /boot partition to a file called boot.img on your internal storage. This one will be fast, it only has about 8MB to copy.
This step can be skipped if you have a custom recovery! Type the following command: dd if=/dev/block/mmcblk0p1 of=/sdcard/recovery.img. This will copy your /recovery partition to a file called recovery.img on your internal storage. This one will be fast as well, it only has about 6MB to copy.
Type the following command: dd if=/dev/block/mmcblk0p3 of=/sdcard/system.img. This will copy your /system partition to a file called system.img on your internal storage. This one will take a bit longer, it has about 360MB to copy.
Type the following command: dd if=/dev/block/mmcblk0p6 of=/sdcard/flexrom.img. This will copy your /flexrom partition to a file called flexrom.img on your internal storage. This one will take a bit longer as well, it has about 360MB to copy.
Type exit to exit the ADB shell. Copy the four .img files from your tablet (internal storage) to your computer. You might have to reboot your tablet if the files don't show up.
ZIP or RAR these files, and upload them somewhere. If you can't find a place to store them: send me a private message or reply in this thread and we'll arrange something else. If you have uploaded the files somewhere: again, send me a private message or reply in this thread.
So now what?
When I receive your files, I will package them into an update.zip that can be flashed from custom recoveries. This will then restore everything (including the custom recovery) to factory state, which can help you in getting your device back to stock.
What versions do you have already?
Acer_AV041_A510_1.044.00_WW_GEN1 (download links will follow shortly)
Acer_AV041_A510_1.098.00_EMEA_CUS1 (download links will follow shortly)
Acer_AV041_A510_1.099.00_EMEA_DE (download links will follow shortly)
The idea sounds great so far. But I have a small problem to make a complete backup for my a511.
Your linked root tutorial for the procedure is only for a100/a510 and doesn't work for a511, as I understand.
The tutorial for rooting the a511 needs first to flash a CWM.
http://forum.xda-developers.com/showthread.php?t=1729432
So it isn't possible for us to backup the recovery partition, right ?
I have the stock Acer_AV041_511_1.028.00_EMEA_DE on my device.
Is it even possible to backup and recover the baseband ?
I'm very interested in your CWM recovery for a511 too, but since many guys f++++d up their device now, I want to make sure that my device will not goes the same way.
i can help, n my tab is rooted.
but i don understand the first step: Connect your tablet to your computer via ADB
What about if we have removed system apps (such as the antivirus that comes with the tablet). It wouldn't be a complete dump if it didn't include those.
I have root and am happy to provide a dump, but I did uninstall several of the crappier pre-installed apps that came with my tablet.
scorpio16v said:
The idea sounds great so far. But I have a small problem to make a complete backup for my a511.
Your linked root tutorial for the procedure is only for a100/a510 and doesn't work for a511, as I understand.
The tutorial for rooting the a511 needs first to flash a CWM.
http://forum.xda-developers.com/showthread.php?t=1729432
So it isn't possible for us to backup the recovery partition, right ?
I have the stock Acer_AV041_511_1.028.00_EMEA_DE on my device.
Is it even possible to backup and recover the baseband ?
I'm very interested in your CWM recovery for a511 too, but since many guys f++++d up their device now, I want to make sure that my device will not goes the same way.
Click to expand...
Click to collapse
Hi, your device will not brick, I can send you a test A511 recovery if you want. Worst that can happen is that recovery won't boot, but in that case you can simply put back recovery. Send me a private message and we can work something out.
scae said:
What about if we have removed system apps (such as the antivirus that comes with the tablet). It wouldn't be a complete dump if it didn't include those.
I have root and am happy to provide a dump, but I did uninstall several of the crappier pre-installed apps that came with my tablet.
Click to expand...
Click to collapse
Then it's of no use, unless you have a backup of your pre-installed apps. Removing apps from the /system or /flexrom partition is not recommended, and you gain nothing by it: You only gain space on read-only filesystems which you won't use in 99% of situations, and you've now broken OTA's for yourself as well, as OTA's will only install when apps are present unless you start modifying OTA files.
The 'correct' way to get rid of pre-installed apps is simply freezing them, either from the settings menu or with an app like Titanium Backup. This will make it seem like they're not there (so they don't use resources at all), but the APKs don't get removed.
So unfortunately, we can't use your dumps to restore devices to factory state. Unless, ofcourse, you've made a backup of the apps somewhere.
skymario said:
i can help, n my tab is rooted.
but i don understand the first step: Connect your tablet to your computer via ADB
Click to expand...
Click to collapse
Do you have ADB or the Android SDK installed?
NoThrills said:
Do you have ADB or the Android SDK installed?
Click to expand...
Click to collapse
I just learned ADB, n successful install ur CWM, later will try to dump my stock Rom to u.
My stock Rom version 1.073 ww gen1
does it matter if the system apps have been frozen or do they need to be unfrozen first?
I have flashed that remove stock recovery mod so the stock rom doesn't keep overwriting cwm on reboot. Does that disqualify me? If not I'll dump my rom for you when I get home.
I'm on this rom version:
ro.build.pandora.id=Acer_AV041_A510_RV28RC04_PA_CUS1
ro.build.flexrom.id=Acer_AV041_A510_1.076.00_PA_CUS1
I unlocked bootloader,rooted,installed cwm then backed up my stock rom.Could i restore my stock rom then be able to send you those fills
and return to total stock.
NoThrills said:
Hi, your device will not brick, I can send you a test A511 recovery if you want. Worst that can happen is that recovery won't boot, but in that case you can simply put back recovery. Send me a private message and we can work something out.
Click to expand...
Click to collapse
i think he mean that the a511 recovery doesn't work properly....you can flash a zip, but nearly all other options brick the device
i have a a511 too with Acer_AV041_A511_1.028.00.EMEA_DE and can help with testing or something else
I have Acer AV041_A510_1.079.00_PA_CA. (Canada)
I have not done a thing to it because it is a replacement for the Galaxy Note I bricked trying to upgrade from GB to ICS, too early.
I might try again if I was sure I could get back to where I am, using your process.
I assume that your Root link is comprehensive but I also need reassurance on how to ADB.
[email protected]
Sent from my A510
blgblade said:
i think he mean that the a511 recovery doesn't work properly....you can flash a zip, but nearly all other options brick the device
Click to expand...
Click to collapse
No, as I understand, the only working methode to root the a511 is to bootloader unlock, flash the custom recovery and then the root.zip.
Maybe I'm wrong and there is another working way to root the device ?
The problem is simply, that we lost the stock recovery before we have a backup from it.
If we have another root way for a511, the backup of stock firmware is done in a few minutes and from this point we can test the a511 custom recovery from NoThrills.
To the A511 owners: Technically, if you have a install-recovery.sh file on your device, the device will always flash recovery back from the boot.img.
In theory: To test, one could simply overwrite the stock recovery with my Recovery (not the other ones, they will brick your device) and then when you reboot, your device will overwrite the recovery with the stock one again. So you really don't need a backup of the recovery partition.
As long as you don't let your device fully boot (so, stay in recovery) there's plenty of time to test if the recovery works or not. If it doesn't, simply reset your device and it will flash back the original recovery (again: provided there is a install-recovery.sh in your /system partition).
So again, if anyone is willing to test, let me know
NoThrills said:
To the A511 owners: Technically, if you have a install-recovery.sh file on your device, the device will always flash recovery back from the boot.img.
Click to expand...
Click to collapse
I can't find a install-recovery.sh in /system partition on my a511. Search on root-explorer can't find one on the device.
Even NOT on /system/etc like on other devices.
NoThrills said:
So unfortunately, we can't use your dumps to restore devices to factory state. Unless, ofcourse, you've made a backup of the apps somewhere.
Click to expand...
Click to collapse
Ah damn, I did back them up via titanium but it doesn't seem to want to restore them - it just sits there say restoring app.
scorpio16v said:
I can't find a install-recovery.sh in /system partition on my a511. Search on root-explorer can't find one on the device.
Even NOT on /system/etc like on other devices.
Click to expand...
Click to collapse
Yeah, I meant /system/etc... That's weird, I'd figure Acer would use the same system on the A511... Let me check one of the leaked ROMs...
Hello,
I have an stock Acer_AV041_A510_1.098.00_EMEA_CUS1, there we go for the files
Host file is not the stock version, it was edited by AdAway.
Can you make a version without recovery overwritting ?
I thinks a lot of people want to try some roms... just for testing...
Acer_AV041_A510_1.098.00_EMEA_CUS1 boot && system && flexroom:
http :// dl.free.fr/jDEmTNSD4
Have Fun
Hello,
I have the same rom without root or unlocked bootloader or moded recovery so if the above on does not make it I'll upload mine.
Sent from my A510 using xda app-developers app

[Q] CF-Auto-Root for Nexus 5 - How it works?

Hey guys,
I couldn't find it anywhere and I don't really know if this is the right place to ask, but I'll give it a try...
I wonder how does the CF-Auto-Root for the nexus 5 works?
I can see in the windows batch file that it unlocks the bootloader (that's the easy part) and than boot with some image file.
It seems that this tool is not installing any custom recovery which I always saw is a necessary tool for rooting.
What exactly is this image file? what does it do? Where does it come from? What it contains?
Why it's device related (different image files for different nexus devices running the same stock version).
Thanks,
Casteel.
Casteel said:
Hey guys,
I couldn't find it anywhere and I don't really know if this is the right place to ask, but I'll give it a try...
I wonder how does the CF-Auto-Root for the nexus 5 works?
I can see in the windows batch file that it unlocks the bootloader (that's the easy part) and than boot with some image file.
It seems that this tool is not installing any custom recovery which I always saw is a necessary tool for rooting.
What exactly is this image file? what does it do? Where does it come from? What it contains?
Why it's device related (different image files for different nexus devices running the same stock version).
Thanks,
Casteel.
Click to expand...
Click to collapse
Unlocking and rooting is a piece of cake with CF Auto Root for the N5, i never xperienced issues with it. Download CF Root for the Nexus 5, unzip it with 7-zip. Enable usb debugging in developer options, then go into bootloader/fastboot mode, open the uznipped CF Root folder and press Root_windows.bat and follow instructions. Takes 30 seconds - 1 minute all in all.
Thanks, but...
gee2012 said:
Unlocking and rooting is a piece of cake with CF Auto Root for the N5, i never xperienced issues with it. Download CF Root for the Nexus 5, unzip it with 7-zip. Enable usb debugging in developer options, then go into bootloader/fastboot mode, open the uznipped CF Root folder and press Root_windows,bat and follow instructions. Takes 30 seconds - 1 munute all in all.
Click to expand...
Click to collapse
First, thanks for your response.
I don't have a problem with making it work.
As you said, it is super simple and no question it's a great tool.
My question is about how it works? What exactly does it do behind the scene?
Casteel said:
First, thanks for your response.
I don't have a problem with making it work.
As you said, it is super simple and no question it's a great tool.
My question is about how it works? What exactly does it do behind the scene?
Click to expand...
Click to collapse
It unlocks the BL and injects superSU in one go without having to flash a seperate superSU.zip with a custom recovery. Thats all.
gee2012 said:
It unlocks the BL and injects superSU in one go without having to flash a seperate superSU.zip with a custom recovery. Thats all.
Click to expand...
Click to collapse
What do you mean by "injects SuperSU" ?
It sounds very simple from the way you say it. Why can't I do this myself?
I believe it doesn't just mean copy it to the right place.
Does it also include putting the su binary in the right system path with the right permissions?
How does the root privilage is gained?
Does only unlocking the BL let me write to the system partition?
I would really appreciate some technical details to understand this rooting process and what this image file contains.
Thanks again!
Read this http://forum.xda-developers.com/showthread.php?t=2507211 and this http://forum.xda-developers.com/showthread.php?t=1980683. You can also do the root yourself manualy if that more comfortable for you.
gee2012 said:
Read this http://forum.xda-developers.com/showthread.php?t=2507211 and this http://forum.xda-developers.com/showthread.php?t=1980683. You can also do the root yourself manualy if that more comfortable for you.
Click to expand...
Click to collapse
gee2012, I really appreciate your help.
I've already read (most of) these two threads before posted here, and couldn't find an answer to my questions,
only general explanations about how to make it work and how to solve problems,
nothing about HOW it works and what it actually does.
I have already rooted my device with this tool, I don't have any discomfort with is,
just pure technological curiosity about how it works.
Sure, I can also root myself manually, but all the guides I read about it mentioned installing custom recovery, and that tool does it with out it.
Casteel said:
gee2012, I really appreciate your help.
I've already read (most of) these two threads before posted here, and couldn't find an answer to my questions,
only general explanations about how to make it work and how to solve problems,
nothing about HOW it works and what it actually does.
I have already rooted my device with this tool, I don't have any discomfort with is,
just pure technological curiosity about how it works.
Sure, I can also root myself manually, but all the guides I read about it mentioned installing custom recovery, and that tool does it with out it.
Click to expand...
Click to collapse
Look here https://www.google.com/search?q=how+root+works&ie=utf-8&oe=utf-8&aq=t and other sites how root works http://stackoverflow.com/questions/...hat-are-the-pre-requisites-for-it-to-work-wha.
With Google you can find anything
Actually, I read this also...
It only talks about gaining root privilage using some system exploit.
So, you're telling that CF-Auto-Root is running some script in its bootable image file that is using some kind of exploit to gain root access?
Shouldn't it be less "hacky" thing in nexus devices?
And how can it be that the image file is related to specific devices and not to specific stock versions?
What prevents from other apps to use this so called "exploit"?
This is probably what you are looking for...
Embedded in the boot image a folder cfroot with the SuperSU apk file, the su binary and the necessary init scripts and there is a binary under sbin does the remaining steps of copying the files to the respective places. It is not an exploit, it merely uses the boot image and the boot process to "install" SuperSU. You do not need a custom recovery to root your phone, merely the capability to copy the superuser files to the /system partition.
In more detail:
1. Embedded in the ramdisk is a folder "cfroot" with "99SuperSUDaemon, install-recovery.sh, su and Superuser.apk".
2. In the sbin folder in the ramdisk is a binary "cfautoroot" which does stuff like copy the above files to the correct locations and set the appropriate permissions, etc.
3. This file is called through the "recovery" script/binary in the sbin folder
4. The "recovery" script/binary is executed as a startup server via the init system in "init.rc" within the ramdisk
The result:
When you boot up, the superuser files are copied to the respective locations with the right permission, thereby rooting the system
OK! Now we're getting closer
Thank you very much.
But I still have some confusions...
You said:
craigacgomez said:
there is a binary under sbin does the remaining steps of copying the files to the respective places.
You do not need a custom recovery to root your phone, merely the capability to copy the superuser files to the /system partition.
Click to expand...
Click to collapse
How did the "cfautoroot" got to my phone sbin folder?
How do I get the capability to copy the superuser files to the system partition?
Putting things in these folders and set their appropriate permissions doesn't require root from the first place?
How is the init.rc calling the recovery script to run the cfautoroot? shouldn't I need root access to modify init.rc?
[Is the CF-Auto-Root source code available somewhere to see all these files you're talking about?]
It sounds like only unlocking the bootloader is giving me some sort of "root" capabilities to do all these stuff. is it true?
Will this method work in non Nexus devices either?
And what are all those "exploits" that so many rooting guides are talking about?
I'm guessing it desn't have anything with rooting Nexus devices since rooting them is kind of part of their existence, isn't it?
Thanks again! :good:
Casteel said:
OK! Now we're getting closer
Thank you very much.
But I still have some confusions...
You said:
How did the "cfautoroot" got to my phone sbin folder?
How do I get the capability to copy the superuser files to the system partition?
Putting things in these folders and set their appropriate permissions doesn't require root from the first place?
How is the init.rc calling the recovery script to run the cfautoroot? shouldn't I need root access to modify init.rc?
[Is the CF-Auto-Root source code available somewhere to see all these files you're talking about?]
It sounds like only unlocking the bootloader is giving me some sort of "root" capabilities to do all these stuff. is it true?
Will this method work in non Nexus devices either?
And what are all those "exploits" that so many rooting guides are talking about?
I'm guessing it desn't have anything with rooting Nexus devices since rooting them is kind of part of their existence, isn't it?
Thanks again! :good:
Click to expand...
Click to collapse
"cfautoroot" is a binary created by Chainfire which is embedded in the sbin folder in the kernel ramdisk. It's in the CF Auto Root boot image. Android kernels are essentially Linux kernels and have an init process which is basically a bootstrap/startup process. init.rc is part of this process. It is run when the kernel boots up. Anything within the init process is low-level and essentially run as "root". It kick-starts various other processes like zygote which is the Android process management system. This will help you understand the init process a bit better (http://www.mekya.com/blog/2012/03/android-initialization-from-init-rc-to-third-party-code/). In the init.rc file is a line which "executes" the file /sbin/recovery (which is embedded in the ramdisk along with cfautoroot). This in turn "executes" cfautoroot which takes care of copying the superuser files to the correct locations and setting the correct permission. All this is done within the init process and has elevated (root) permission.
Unlocking the bootloader does not root your phone. It simply allows you to flash "unsigned" (custom) boot images.
Any phone with the ability to flash a custom boot image can make use of this process.
Exploits make use of holes or workarounds to either flash a custom boot image or inject files into the system partition without unlocking the bootloader and are only needed if you cannot unlock the phone bootloader.
Hope this helps!
Casteel said:
Hey guys,
I couldn't find it anywhere and I don't really know if this is the right place to ask, but I'll give it a try...
I wonder how does the CF-Auto-Root for the nexus 5 works?
I can see in the windows batch file that it unlocks the bootloader (that's the easy part) and than boot with some image file.
It seems that this tool is not installing any custom recovery which I always saw is a necessary tool for rooting.
What exactly is this image file? what does it do? Where does it come from? What it contains?
Why it's device related (different image files for different nexus devices running the same stock version).
Thanks,
Casteel.
Click to expand...
Click to collapse
Thank you for asking the question and being polite yet persistent about getting your answer. I have been trying to get to this answer myself for some time now.
Sent from my Nexus 5 using Tapatalk
Great! now we're even closer :victory:
So in the boot process I have elevated privilages, that basically what I was missing.
But this bootable image file is not an image of the OS, isn't it?
It is an image of the kernel?
It is some sort of pre-handled file system that the device is booted into and than startup the OS?
Or something like that...?
Thanks for your patient and the very quiqc responses!
We're almost there...
Casteel said:
Great! now we're even closer :victory:
So in the boot process I have elevated privilages, that basically what I was missing.
But this bootable image file is not an image of the OS, isn't it?
It is an image of the kernel?
It is some sort of pre-handled file system that the device is booted into and than startup the OS?
Or something like that...?
Thanks for your patient and the very quiqc responses!
We're almost there...
Click to expand...
Click to collapse
The boot image is not the OS image. It contains the kernel and the ramdisk. The ramdisk is the basically the root filesystem (/) which the kernel mounts, after which the init process begins and init.rc is called. Nothing is ever persisted or modified in the root filesystem unless it is done during the init process or it is embedded in the ramdisk
craigacgomez said:
The boot image is not the OS image. It contains the kernel and the ramdisk. The ramdisk is the basically the root filesystem (/) which the kernel mounts, after which the init process begins and init.rc is called. Nothing is ever persisted or modified in the root filesystem unless it is done during the init process or it is embedded in the ramdisk
Click to expand...
Click to collapse
Nice.
I thought the root file system is part of the OS image.
So basically, I can have the same OS installed on my devices with different file systems according to what is defined in boot?
One last question and I will stop bother you
Why is the image file device related?
Meaning, why nexus 4, 5 and 7 have different CF-Auto-Root?
(Nexus 7 even got several).
Thanks again!
Casteel said:
Nice.
I thought the root file system is part of the OS image.
So basically, I can have the same OS installed on my devices with different file systems according to what is defined in boot?
One last question and I will stop bother you
Why is the image file device related?
Meaning, why nexus 4, 5 and 7 have different CF-Auto-Root?
(Nexus 7 even got several).
Thanks again!
Click to expand...
Click to collapse
Yes, you could theoretically change the way your filesystem is defined via the boot image, but Android as an OS expects some things.
And each device has different autoroot files because they have different kernels and some differences in some init scripts specific to the hardware. Some devices like the Nexus 7 have multiple version (LTE & non-LTE for example) and there are hardware differences and different kernels.
craigacgomez said:
Yes, you could theoretically change the way your filesystem is defined via the boot image, but Android as an OS expects some things.
And each device has different autoroot files because they have different kernels and some differences in some init scripts specific to the hardware. Some devices like the Nexus 7 have multiple version (LTE & non-LTE for example) and there are hardware differences and different kernels.
Click to expand...
Click to collapse
A thousand thanks, Craig Gomez!
You really helped.
I truely appreciate the patient and the kindful responses.
It was a nice first experience in this forum.
Thank you very much!
Casteel said:
A thousand thanks, Craig Gomez!
You really helped.
I truely appreciate the patient and the kindful responses.
It was a nice first experience in this forum.
Thank you very much!
Click to expand...
Click to collapse
Glad I could help you... It's what communities are all about... Sharing knowledge and experiences.
Sent from my Nexus 5
Excellent thread. Thanks to OP and members who responded.

A buggy twrp for A60, but not sure for M40.

I have made and got a buggy twrp for A6060, which is the Chinese version of M40, based on android-11. It can startup but lacking mtp and usb. It can't decrypt the /data too so you should do some preparations before can use it. I am not sure whether it can be used on M40.
Usage in shorts:
① Magisk and root. You can find the guide in this forum so I will pass it.
② Using a file manager to access /system/vender/etc/fstab.qcom, in the part of /userdata delete the field of "fileencryption=ice" (usually sth. like this, not includes the quotation marks), same and quit.
③ Enter recovery and wipe data. Then use odin flash this recovery: Just zip it to .tar file then flash in the AP slot.
④ When startup, press VOLUMN UP & POWER. If everything goes well, you will see the logo of twrp and enter it and can successfully access the files in /data. Then you can copy some gsi and have a try.
Click to expand...
Click to collapse
Hope it will be helpful and I really hope somebody can make it a ture and full device tree. That will definetely benefit both A60 and M40 users.
The twrp for A60: https://github.com/Jason-summer/Action-Recovery-builder
The source of the twrp: https://github.com/Jason-summer/device_samsung_a60q/tree/android-11
Sorry for my poor English if causing someone confused.
good job! Is it possible to flash a phone using this? (i have a60)
blankkk123 said:
good job! Is it possible to flash a phone using this? (i have a60)
Click to expand...
Click to collapse
It works for me. But you should decrypt your phone first before you try to flash sth. or you may found /data a pile of random code.
SummerElement said:
It works for me. But you should decrypt your phone first before you try to flash sth. or you may found /data a pile of random code.
Click to expand...
Click to collapse
If it's not difficult, can you please write instructions? I think this will help many who want to flash

How To Guide Installing a custom recovery, and disabling encryption in the system.

Hello everyone.
If you want to have a recovery with the ability to backup/restore, this instruction is for you.
Here are recovery, while they do not know how to encryption of data section (I hope we will have such ones sometime).Yes, recovery already patched by magisk 25.2
Download the patch, copy it to the SD card (if you have it) or to a USB flash drive, for firmware by otg.
We set the recovery in fastboot mode with the command:
fastboot flash boot (recovery name).img
We load into the recovery, flash the patch, and make FORMAT DATA.
Attention!!!This will delete all your settings and installed programs, including deleting everything from the internal memory.
After that, we boot into the system, configure and "rejoice", now the recovery will see data and, accordingly, internal memory.
And yes, if you have a security thing, this procedure disables the encryption of your data
COMPLETELY, THAT IS, COMPLETELY.
Oh, I forgot, although I think it's clear by the name of the recovery, they (recovery) are designed for firmware on Android 12.
Download files:
RECOVERY
Guys, one jamb got out here, my system has been transferred to RW, and I checked the script on such a system. As it turned out, the script does not work on the stock system. So, in order for it to work normally, you need to first transfer the system to RW
Any chance to explain step by step?
reosm said:
Any chance to explain step by step?
Click to expand...
Click to collapse
What exactly?
In the post everything is written as to put.
There are 2 img in the recovery file, which one will be loaded before or after
reosm said:
There are 2 img in the recovery file, which one will be loaded before or after
Click to expand...
Click to collapse
one is TWRP recovery and the other is Orange Fox recovery, choose which one you want to use, just flash one of them.
Hey does twrp/orangefox actually work on this phone. I've heard that those are currently under development. And does flashing these .img require wipe data or can they work with sd card or OTG?
Soma Das said:
Hey does twrp/orangefox actually work on this phone. I've heard that those are currently under development. And does flashing these .img require wipe data or can they work with sd card or OTG?
Click to expand...
Click to collapse
Recovery can work with both sd and otg. While they cannot decrypt the data, but if you transfer the system to RW, and flash the patch to disable encryption in the system, then everyone will see the recovery.
Who has a system in RO, you can use these, checked, it also works
[A/B][A-ONLY][SCRIPT][READ-ONLY][EROFS][ANDROID 10+] Universal Disable Force Encryption for RO and RW "NEO STABLE"
Disable Force Encryption NEO Do you all know what DFE is? no? Anyway. Basically, your device has an encrypted data section "/data" by default. Let's look at the advantages of google's solution that we will lose after disabling encryption: -...
forum.xda-developers.com
arraki said:
Recovery can work with both sd and otg. While they cannot decrypt the data, but if you transfer the system to RW, and flash the patch to disable encryption in the system, then everyone will see the recovery.
Click to expand...
Click to collapse
Can it backup anything such as boot.img, vendor etc?
Soma Das said:
Can it backup anything such as boot.img, vendor etc?
Click to expand...
Click to collapse
Probably you can, but why. A backup of the datа section is enough for normal recovery. Of course, you can also make a backup of the super section if you changed something in it.
arraki said:
Probably you can, but why. A backup of the datа section is enough for normal recovery. Of course, you can also make a backup of the super section if you changed something in it.
Click to expand...
Click to collapse
Do I need to flash disable dm Verity?
Soma Das said:
Do I need to flash disable dm Verity?
Click to expand...
Click to collapse
In the first post, everything is written.
does it work for Mediatek cpu install on the Note 11 pro plus 5g?
Christ_soyo said:
does it work for Mediatek cpu install on the Note 11 pro plus 5g?
Click to expand...
Click to collapse
MediaTek chip on is Redmi note 11 pro. It wilont work and you will get soft brick.
Christ_soyo said:
does it work for Mediatek cpu install on the Note 11 pro plus 5g?
Click to expand...
Click to collapse
What exactly works?
Do we need to unlock the bootloader firtst before we flash the recovery, right?
derjango said:
Do we need to unlock the bootloader firtst before we flash the recovery, right?
Click to expand...
Click to collapse
Of course
After using this patch my device doesn't know how to be case sensitive, which makes some apps have weird errors with read and write functions
nimade2333 said:
After using this patch my device doesn't know how to be case sensitive, which makes some apps have weird errors with read and write functions
Click to expand...
Click to collapse
This is clearly not because of the patch, I have put it on for a long time, and there are no problems. Yes, and he only disables encryption in the system, how can he influence this.

Categories

Resources