How to root Android 2.3.6 using Ubuntu - General Questions and Answers

I have Alcatel OT 995 with Android Gingerbread 2.3.6 and use Ubuntu. I tried Superoneclick (but it works with 2.3.5 :/ ), Casual (doesn't work), Superuser.apk.. all without effects. Anyone has any suggestions?

Hi I did it the following way (Alcatel OT 995):
Get the android sdk, run path_to_sdk/tools/android sdk and install the platform-tools (you need adb and fastboot, they then are placed into path_to_sdk/platform-tools )
Get the cwm recovery for the device from hxxp://dump.pargon.nl/alcatel/cwm-recovery/
Get the su binary (arm) from superuser.apk: hxxp://androidsu.com/superuser/
Follow hxxp://dump.pargon.nl/alcatel/cwm-recovery/README for how to boot into cwm recovery
Inside recovery go to the mount menu and mount /system (and it is a good idea to use the backup menu item before doing this all )
Unpack the su binary somewhere and do adb push path_to_your_su/su /system/bin/su
Use adb shell chmod 4755 /system/bin/su to give it proper rights.
Boot back into the android system, run Superuser.apk, it will, of course, tell you if it worked.
Maybe you should include the device Name into the Thread title because rooting is a somewhat device specific issue.
Oh it seems someone here decided to be unfriendly to new users so hxxp==http...

Try memprodroid
tamtamtam23 said:
I have Alcatel OT 995 with Android Gingerbread 2.3.6 and use Ubuntu. I tried Superoneclick (but it works with 2.3.5 :/ ), Casual (doesn't work), Superuser.apk.. all without effects. Anyone has any suggestions?
Click to expand...
Click to collapse
If you only want root, otherwise want to stick to a stock system, the most conservative method (rooting, no tampering with any other ROM partitions) is mempodroid. It only works within a specific range of linux kernels (it relies on a bug that got introduced into linux kernel but was fairly rapidly stomped on), but I think 2.3.6 kernel is probably one of them. See http://forum.xda-developers.com/showthread.php?t=1461736 for details. If it doesn't work (you don't have the right kernel), you haven't broken anything, you just won't have root.

Related

[Q] compiling su and sudo for android

Hi.
i recently rooted my work phone (ION , kind of like sapphire ,1.6).
Rooting was done by using the canyongen mod recovery image to load the device in recovery mode , backuup the original system image , change the default property ro.secure=0 and then flashing the system.img again to the rom.
So basically i didn't really change the original rom (thanks to Amon Ra in some post here in XDA).
I wanted to gain root access inside android apps and couldn't, short test shows no su or sudu executable exists on the device, even though when i'm not root and typing su ro sudo i get permission denied....
I never cmopiled anything for arm processor, i do have the source code checked out (for donut) but i'm not sure how can i compile the su (anyone knows which linux package contains it ? ) and if i need to twik it.
I'm not sure that in such a sensative pieace of software i can count on internet ready made builds.
Any help would be greatly appreciated!

[ROOT + CWM + OC KERNEL + Ubuntu] ZTE V11A / V71A / v55 HC3.2

The information provided in this thread is no longer up to date, although useful troubleshooting information can be found for those having issues. For those who would prefer to have the most up-to-date versions of CM9, CM10 or ParanoidAndroid supported by an awesome developer, go here
WARNING: IF YOU UPDATE YOUR TABLETS TO THE LATEST v03 UPDATES OF THE OFFICIAL ROM, YOU WILL LOSE THE ABILITY TO ROOT IT USING THE SUPERBOOT METHOD AND IT WILL BECOME A HUGE PAIN TO RE-INSTALL CWM/CUSTOM ROMS. INSTRUCTIONS FOR THIS SITUATION ARE PRESENTED BELOW, BUT PLEASE KEEP THIS IN MIND AND TRY TO READ THE THREAD CAREFULLY BEFORE MAKING SUCH CHANGES.
For those who need it, you can find a nandroid backup of Vodafone Romania's stock ROM for the v71a, here
Hello friends. With great thanks to utkanos, Koush and mobilx we now have a public alpha CWM and root available on both the ZTE V11A and the V71A, also known as the SFR StarTab 7/10, Vodafone SmartTab 7/10, as well as Sprint's (ZTE) V55 with credits due to utkanos for porting CWM, mobilx for being arguably the most motivated searcher of the holy root grail, and PaulOBrien from modaco and his superboot solution. We also thank alterbridge86 and eldarerathis for their advice and support. Additionally, credits go to joe.stone for custom kernel with loop device support, OC, touched voltages and a few other goodies.
Also, for interested developers, I have made the source code of the kernel available in a more easily accessible fashion. The source code (3 parts, contains the source for both models) is available here:
Part 1, Part 2, Part 3.
INSTALLING CWM:
A new optimized version of CWM for 7"and 10" tabs has been put together by joe.stone. I will also keep utkanos' links available below for those who prefer his versions or wish to thank him for his early efforts in making our tablets awesome
joe.stone said:
For those who have troubles with cwm recovery (freeze while backup ) i have created a new version. Flashable from fastboot.
10" CWM Recovery
7" CWM Recovery
Credit goes to joe.stone.
Click to expand...
Click to collapse
joe.stone said:
If you updated your tablet ROM via OTA or updater exe and can no longer install CWM, follow the following instructions:.
In firmware v03b fastboot flash is disabled and from a running system flash_image will fail too.
Download the twrp recovery http://goo.im/devs/joestone/twrp/v71_recovery.img
download the twrp recovery zip flashable version too
http://goo.im/devs/joestone/twrp/V71A_TWRP.zip
download kernel #60
http://www.4shared.com/zip/tzrUo5_N/v7_kernel_60.html?
copy the two zip files to the sdcard
If you want flash kernel#60 then do the following:
adb reboot bootloader
the tablet will reboot and you will get only a blank screen . Be sure that the drivers are installed from windows update for the fastboot interface.
check it with : fastboot devices. If you get waiting for device the drivers are not installed.
fastboot boot v71_recovery.img
The twrp recovery comes up. Now you can install twrp by selecting install menu. Browse to the v71twrp.zip on the sd and install it. Now you have permanent twrp recovery.
now go back to install menu browse to the v7_kernel_60.zip and install it.
reboot and enjoy.
These are kernel #60 links for the other models :
Sprint Optik (V55)
http://www.4shared.com/zip/RTZrSXyV/v55_kernel_60.html?
SmartTab10 (V11A)
http://www.4shared.com/zip/PrW1TWHF/v10_kernel_60.html?
OR
You can flash cwm using adb , you need root rights .The best is when adbd is running in root mode (for eaxample kernel#60).
Download this :flash_image binary
then turn on usb debugging.
to flash cwm you need the following commands:
adb push CWMrecovery.img /data/local/tmp
(where cwmrecovery.img is the name of the cwm image file name.)
adb push flash_image /data/local/tmp
adb shell chmod 755 /data/local/tmp/flash_image
adb shell (you need # not $ for flashing , so if you got $ type su to get #)
cd /data/local/tmp
./flash_image /dev/block/mmcblk0p18 CWMrecovery.img
Dont forget to remove the install-recovery.sh file from /system/etc othervise it will install stock recovery at system start if it has not the stock recovery.
To revert the bootloader you need to flash NON-HLOS.bin"to "/dev/block/mmcblk0p1" and "emmc_appsboot.mbn" to "/dev/block/mmcblk0p7" from a previous version .
Click to expand...
Click to collapse
Utkanos' v11a version is here.
Utkanos' v71a version is here.
Credit goes to utkanos, mobilx and koush. I have also attached these files at the end of the post.
Also attached, is the original 7-inch stock recovery file, for users who may wish to return to stock and have not performed backup.
--> Plug your tablet into usb, launch a command line, and use "adb reboot bootloader"
--> Download the CWM Recovery image from the link that fits your device.
--> Place it into the adb/fastboot folder (I am assuming you have downloaded fastboot already from the link above, during the root procedure).
--> In the command line, navigate to that folder (use "cd <path>").
--> input the command "fastboot flash recovery <filename>".
--> Reboot into recovery mode (should be Power + Volume down).
--> You should now be in CWM Recovery, and can now attempt to perform a nandroid backup.
Also, in order to prevent a possible hang, you should:
--> Reboot the tablet into the Android OS;
--> Mount it through USB;
--> Go into the clockworkmod folder;
--> Create an empty file with no extension called ".hidenandroidprogress"
After a period of testing this will be submitted to the Koush's Rom Manager. Source code is also available herehere, linked from utkanos' post.
What works:
Nandroid backup/restore on internal sdcard
Battery stats wipe
Dalvik wipe
Cache wipe
etc.
What does not work so far:
USB mass storage
credits:
utkanos
Koush
Click to expand...
Click to collapse
Modified Kernel Available, all credits to joe.stone, give him thanks here:
joe.stone said:
Here it is.
There is a new kernel version available. The new version is #60 and flashable from cwm recovery .
Changelog :
-Revert GPU overclock
-Revert change of system audio files (because of bootloops on some devices after installation #55)
-Increased system volume on kernel level
-Changed VMALLOC_RESERVE=0x19000000 to VMALLOC_RESERVE=0x10000000
-Added Apple Magicmouse HID support
-Added Microsoft HID support
-Changed cpu minimum freq 345MHz to 432 MHz to avoid the black screen effect (the screen does not wake up , you have to reset )
V55_kernel_60.zip Hope will work fine on v55.
V7_kernel_60.zip
V10_kernel_60.zip
Click to expand...
Click to collapse
Also, Benny3 has put together a CWM-flashable ROM package for the V55 tablet, including Joe's kernel #60 and a number of useful goodies. You can thank him and download the package from here.
Both device (v71, v11) were migrated into one kernel tree , so they both use the same source. (In case of v71 it is much newer source)
The whole kernel source was updated from the v55 sources .
Now they are in cwm recovery flashable format , because this package updates the kernel modules too in /system/lib/modules and enables to use the agps and NTP server setting was corrected . It points to europe.pool.ntp.org instead of the test one . Now my tab finds position within seconds . With the new kernel for me it seems the touchscreen is much better , but as before I am waiting for the feedbacks. Other fixes include: Touchscreen sensitivity, USB Charging etc.
Installation :
download the zip file
copy it to your tab's internal storage
start the tab in clockworkmod recovery
select install zip from sdcard
select the file for your model
install
reboot
and stock kernel for 10" :
stock kernel[/QUOTE]
Finally, if you want to obtain a dump of boot.img, please consider the following advice, also by mobilx, here:
mobilx said:
It is a mmcblk device not mtdblock
dd if=/dev/block/mmcblk0p8 of=/sdcard/boot_backup.img
dd if=/dev/block/mmcblk0p18 of=/sdcard/recovery_backup.img
Click to expand...
Click to collapse
ROOTING:
mobilx said:
It is recommended that you skip these steps and proceed to flashing clockwork mod for your respective device from the start using fastboot, and from inside CWM install joe's kernel (or custom rom), which you can find below. Joe's kernels and rom already come with significant updates to stock Vodafone systems, and are pre-rooted.
We will use superboot to root. What does superboot do? It puts the SU binary and makes a 'insecure' kernel to be loaded temporarily on to the device through ADB remount. So it's only purpose is to make ROOT. After execution, you will still be on the stock kernel, only with root privileges.
This method is for the advanced users only who want to have root before we have a fully functional CWM running. With the CWM the root method will be easier.
IMPORTANT!
At this point we have no way to repair a broken device to a factory state. We can unroot and that is it. It is advisable do make dump of your rom before making any changes to the system. We are not responsible for any damage that can occur in the root process and after that.
What will you need?
--> Download Fastboot+Superboot.img from here.
--> Install ADB through the SDK, download from here, although the ADB included with the ZTE drivers should also work.
--> Install the ZTE drivers, you can find them here, although they should already be included on your device when first mounting it.
--> don't forget to enable USB debugging in the tablet's application settings.
--> Put the fastboot.exe and the superboot.img files in the working directory you will be running adb from (Default should be at "C:\Program Files\ZTE Handset USB Driver".
--> Open a Command Line (Start Menu > Run > CMD) and navigate to the working directory. (Use "cd C:\Program Files\ZTE Handset USB Driver" or alter the path accordingly).
--> Write the following commands withing the command line:
--> adb reboot bootloader
--> fastboot boot superboot.img
--> The device should now boot with the Superuser.apk installed and SU in the /system/xbin/su, as well as allowing you adb root commands. Now run the following:
--> adb remount
--> adb shell
--> ln -s /system/xbin/su /system/bin/su
--> You can now exit the ADB shell and reboot the tablet.
--> Install busybox from the market and check the SU binary version with the Superuser.apk - try to update. If it succeed you are done.
Credits:
sangemaru
utkanos
PaulOBrien from modaco and his superboot solution
Click to expand...
Click to collapse
Reserved for future posts
I have ZTE V11A aka Vodafone Smart Tab 10 in my possession
I'm very interested in obtaining root for this device, so if I can be of any help, please let me know.
I hope that whis device will gain more popularity in the near future, because of it's excellent hardware and low price.
Is there any progress going on with rooting this device?
P.S. Two more questions,
Has anyone found where to buy 40pin to hdmi cable/connector? (because you don't get one in the box)
Does any of you experience clock drift with your device after some time, mine is drifting forward about 20min per day with no automatic Network Sync.
Thank you.
assdksl said:
I have ZTE V11A aka Vodafone Smart Tab 10 in my possession
I'm very interested in obtaining root for this device, so if I can be of any help, please let me know.
I hope that whis device will gain more popularity in the near future, because of it's excellent hardware and low price.
Is there any progress going on with rooting this device?
Click to expand...
Click to collapse
Currently, me and mobilx are trying to put aside time to either:
obtain a dump of the boot.img that we can inject su and superuser.apk into;
compile the source code into a flashable rom that we can inject su and superuser.apk into;
get clockworkmod working on the device;
Due to time constraints, I haven't made much headroom this week, but I'm taking a couple of days off work and hope to make some progress.
P.S. Two more questions,
Has anyone found where to buy 40pin to hdmi cable/connector? (because you don't get one in the box)
Does any of you experience clock drift with your device after some time, mine is drifting forward about 20min per day with no automatic Network Sync.
Thank you.
Click to expand...
Click to collapse
Haven't looked for it, but so far accessories for this line of devices seem to be lacking. With the popularization by Vodafone and the launch of the new Sprint V55 and similar tablets, these accessories should become more popular.
I haven't had any problems with the time on my device, sounds really weird.
assdksl said:
Does any of you experience clock drift with your device after some time, mine is drifting forward about 20min per day with no automatic Network Sync.
Click to expand...
Click to collapse
Clock drift is happening due to Network-provided time setting. Im not sure what is causing this. It could be related to a Vip network or a failure of a process which obtains time from the network. If you want this not to happen just untick that option in settings.
Thank you both for quick answering my questions.
mobilx said:
Clock drift is happening due to Network-provided time setting. Im not sure what is causing this. It could be related to a Vip network or a failure of a process which obtains time from the network. If you want this not to happen just untick that option in settings.
Click to expand...
Click to collapse
Yes, indeed, but when I untick sync with Network-provided time, clock is ticking faster then it should.
It seems that clock chip on my device is not calibrated well or there is some other bug, it seems that it is HW issues... this is little more explained here:
http://blogs.keynote.com/mobility/2...wrist-watch-android-doesnt-keep-the-time.html
It seems that I was unfortunate and get device with bad clock, also without root I'm unable to use ClockSync app that will solve my problem.
But what is bugging me, is the fact that I also have SGS I9000, and it is synchronizing with Vip network just fine.
Mobilx are you experiencing time drift issue with network-provided time sync, but with manual time settings it is working fine?
sangemaru said:
Currently, me and mobilx are trying to put aside time to either:
obtain a dump of the boot.img that we can inject su and superuser.apk into;
compile the source code into a flashable rom that we can inject su and superuser.apk into;
get clockworkmod working on the device;
Due to time constraints, I haven't made much headroom this week, but I'm taking a couple of days off work and hope to make some progress.
Click to expand...
Click to collapse
I am a software developer, and I have some Android programming knowledge, but I'm not experienced much with Linux and compiling flashable Roms, but I can try In any case, if I can help, just let me know.
assdksl said:
Mobilx are you experiencing time drift issue with network-provided time sync, but with manual time settings it is working fine?
Click to expand...
Click to collapse
Yes it happend to me once. First I unticked the network-provided time sync and after restart I ticked it again. The clock is fine since than.
assdksl said:
I am a software developer, and I have some Android programming knowledge, but I'm not experienced much with Linux and compiling flashable Roms, but I can try In any case, if I can help, just let me know.
Click to expand...
Click to collapse
Well, so far what possible leads we have that I can think of are these:
mobilx suggested this thread http://forum.xda-developers.com/showthread.php?t=443994 for packing/unpacking boot.img
to quote Alterbridge of Team Overcome: "I presume the ZTE tablet uses boot.img format for its kernels, in which case you can extract the initramfs using mkbootimg (there are a number of scripts floating around). from there you can modify whatever you want in the initramfs and then repackage the boot.img and be on your way."
eldarerathis gave me some more instructions: "You basically need to extract the ROM's zip and add su/Superuser in the proper folders (su in /system/bin, Superuser in /system/app). You'll probably also have to look at the updater-script and add something to give su executable permission. It's usually something like 'set_perm(0, 0, 6755, "/system/bin/su");' that you need to add. The updater-script should be in the zip under /META-INF somewhere."
These are some of the useful bits of advice I received that could probably be put to good use when I have some free time. If you feel that anything is helpful, feel free to try it out.
sangemaru said:
Well, so far what possible leads we have that I can think of are these:
mobilx suggested this thread http://forum.xda-developers.com/showthread.php?t=443994 for packing/unpacking boot.img
to quote Alterbridge of Team Overcome: "I presume the ZTE tablet uses boot.img format for its kernels, in which case you can extract the initramfs using mkbootimg (there are a number of scripts floating around). from there you can modify whatever you want in the initramfs and then repackage the boot.img and be on your way."
eldarerathis gave me some more instructions: "You basically need to extract the ROM's zip and add su/Superuser in the proper folders (su in /system/bin, Superuser in /system/app). You'll probably also have to look at the updater-script and add something to give su executable permission. It's usually something like 'set_perm(0, 0, 6755, "/system/bin/su");' that you need to add. The updater-script should be in the zip under /META-INF somewhere."
Click to expand...
Click to collapse
Thank you, I will do some reading for a start.
We are sure that bootloaders are unlocked?
sangemaru said:
Currently, me and mobilx are trying to put aside time to either:
obtain a dump of the boot.img that we can inject su and superuser.apk into;
compile the source code into a flashable rom that we can inject su and superuser.apk into;
get clockworkmod working on the device;
Click to expand...
Click to collapse
Did you consider getting clockworkmod working in more details? Is it simpler then above method?
I have found this article regarding putting clockwork mode to new devices, I just read it briefly...
http://www.koushikdutta.com/2010/10/porting-clockwork-recovery-to-new.html
assdksl said:
Thank you, I will do some reading for a start.
We are sure that bootloaders are unlocked?
Did you consider getting clockworkmod working in more details? Is it simpler then above method?
I have found this article regarding putting clockwork mode to new devices, I just read it briefly...
http://www.koushikdutta.com/2010/10/porting-clockwork-recovery-to-new.html
Click to expand...
Click to collapse
That's fine. We have a dev utkanos who agreed to build the CWM for our device. He is very experienced in this stuff. The only way to build a proper CWM is to get a boot.img dumped or extracted from a leaked ROM.
So what we need to do:
Get root via some exploit (there is none for 3.2 HC yet) , dump boot.img and build CWM, flash CWM with fastboot, or
Find leaked ROM , extract boot.img, build CWM, flash CWM with the fastboot, root device with Update.zip
Yes the fastoboot is working and the bootloader is unlocked.
I have tried these exploits so far:
GingerBreak
psneuter
zergRush
Also I have tried:
Acer iconia 100 method ADB
Acer iconia 500 method
All ideas are welcome.
Ladies and gentleman the ROOT is here Device is successfully rooted with the superboot method.
Thanks to my friend sangemaru who made this possible.
Expect CWM soon. utkanos is working on it.
Need some testing, before this goes to public
That's great news mobilx! Looking forward to a root and ICS sometime in the future
Congrat`s guys,nice work and many thanks from all users.
This is a beginning of a beautiful friendship with SmartTab
We expect nice custom roms and maybe in a short time and ICS rom for this excellent tablet.
If I or we (other members) can help with something,please,let us know,i dont know programming but i can use Paint (just kidding)
Jeeej!!! I'm looking forward to it!
Ok lets roll
While we are waiting for CWM to be build we can root ZTE V11A/V71A aka Vodafone SmartTab 10/7 with the superboot.
What the superboot does? It puts SU binary and makes a 'insecure' kernel to be loaded temporally on to device( ADB remount). So it's only purpose is to make ROOT. After reboot you are on your old kernel but with the root.
This method is for the advanced users only who want to have root before we build a CWM. With the CWM the root method will be easier.
IMPORTANT!
At this point we have no way to repair a broken device to a factory state. We can unroot and that is it. It is advisable do make dump of your rom before making any changes to the system. We are not responsible for any damage that can occur in the root process and after that.
What we need?
ADB installed through SDK
Zte drivers installed --> debugging ticked in options
fastboot + superboot.img --> Put files in the adb working dir
>adb reboot bootloader
>fastboot boot superboot.img
Device should boot with Superuser.apk installed and SU in the /system/xbin/su.
>adb remount
>adb shell
#ln -s /system/xbin/su /system/bin/su
Install busybox from the market and check the SU binary version with the Superuser.apk - try to update. If it succeed you are done.
#exit
$exit
>adb reboot
Device will reboot with the stock kernel but rooted.
Credits:
sangemaru
utkanos
PaulOBrien from modaco and his superboot solution
Thx mobilx! Hvala
All it's OK
It's working also on v71a.......LOL
10x man
urs71 said:
It's working also on v71a.......LOL
10x man
Click to expand...
Click to collapse
I can also confirm this working on 7 inch
urs71 said:
It's working also on v71a.......LOL
10x man
Click to expand...
Click to collapse
jakaka said:
I can also confirm this working on 7 inch
Click to expand...
Click to collapse
That is great guys. sangemaru will be very happy because he owns A71A
So you can confirm that it boots and the touchscreen is working? That means the kernel is the same for those two variants.
V17A
YES, all work perfectly...........setcpu, blackmarkt,root uninstaller, lucky patcher, etc
The only differences between v11a and v71a is the size of the display
we are wating for CWM..........10x again
v71a

Temporary root via motochopper

Hi, I was experimenting on rooting without registering to HTCDev, testing many Linux kernel exploits. (I don't write the exploits myself, I compile exploits source codes and try to make it run on One SV kernel)
The exploit I found working is motochopper, with some minor modifications, it could also be used to gain temporary root on One SV.
I tested this exploit on Taiwanese version of One SV, which is k2u and Android 4.1.2, kernel version is "3.4.10-gb590306 [email protected] #1 SMP PREEMPT"
First download motochopper.zip from the link above, unzip it.
Code:
adb push pwn /data/local/tmp/
adb shell chmod 755 /data/local/tmp/pwn
adb push su /data/local/tmp/
adb push busybox /data/local/tmp/
Now, adb shell into it and execute /data/local/tmp/pwn , this would push the su executable to /system/xbin , then "su -" , you should now become root!
But due to HTC modified kernel, which has eMMC write protection, /system partition is unwritable. Some time later you would find the su executable you pushed to /system/xbin disappear, this would also happen on reboots. This means you would need to re-run this exploit every time you reboot!
The motochopper exploit is based on CVE-2013-2596, which affects Linux kernel before 3.8.9 and some Android builds. Since the vulnerability came from Linux kernel, I predict it would also work on all versions of One SV's kernel 3.4.10, perhaps even all HTC 3.4.10 kernels.
With temporary root, you could read & write memory (dump kernel image), dump any partition (but some of them is readonly as above mentioned), etc.
I'm still thinking how to get permanent root from this point, post here if you have any ideas!
ps. I have less then 10 posts so I can't post to development boards. But this post should go there I guess.
Did someone try on the LTE version ?
Doest it work?
I would like to use that to remove few Stock apps; like Best Deals, Flicker for HTC Sence, FB for HTC Sence etc...
But once it's over, before reboot, is it possible to delete the files ?
If you're on hboot 2.0 (if you updated to jb) you won't be able to remove anything, since the system partition is write protected. Apps'll come back after reboot.
On hboot 1 no problem though , afaik.

[Q] Question about removing system/bin/recovery?

OK, in the middle of writing up this topic, my situation has suddenly changed. (And changed again.)
The story begins: an old AT&T Samsung Infuse 4G, still on Froyo. Put it through a factory-reset and began to fiddle with how to install Clockwork Mod recovery. So there's the guide to upload a modified 3e recovery.
I run adblinux to push the modified recovery over the stock 3e at "system/bin/recovery" -- but "system/bin" was only in read-only mode and adblinux can't run "mount" and doesn't have permission to enter shell and run "su" (or enter shell as root) and File Manager HD (with Super User privledges) can't modify read-only folder "system/bin".
I managed to find a go around by pushing the modified-recovery into the sdcard's root and going through a terminal emulator on the phone to overwrite the file... but I rebooted the phone without running "chmod" on the newly overwritten file and the Infuse bricked so bad that even the battery in off-state refused to refresh.
I understand and accept what I did should be labelled as 'idiotic', but I did manage to wait at the Samsung logo until adblinux recognized the device and eventually restored the original recovery back to "system/bin" (I also found out adblinux didn't have permission to run chmod in the "system/bin" directory).
So... A few questions before I continue:
Why did (pushing the old recovery) work? ADB initially did not recognized the phone, but then the Infuse came up as "I997ae56e13f recovery" -- why was the name now 'recovery?'
And why does running "./adblinux reboot recovery" brings back the bootloop? (In fact, I cannot enter recovery mode, so something is still wrong -- the recovery file is not 755 and I can't chmod a read-only file-system either from adb or via super-user terminal. The temp-root method times out.)
OK, now I'm going home. I'll probably still try to re-install SuperUser. Maybe that will allow adblinux to run "su" in shell, but I'm not going to try anything too extreme.
Justin20 said:
OK, in the middle of writing up this topic, my situation has suddenly changed. (And changed again.)
The story begins: an old AT&T Samsung Infuse 4G, still on Froyo. Put it through a factory-reset and began to fiddle with how to install Clockwork Mod recovery. So there's the guide to upload a modified 3e recovery.
I run adblinux to push the modified recovery over the stock 3e at "system/bin/recovery" -- but "system/bin" was only in read-only mode and adblinux can't run "mount" and doesn't have permission to enter shell and run "su" (or enter shell as root) and File Manager HD (with Super User privledges) can't modify read-only folder "system/bin".
I managed to find a go around by pushing the modified-recovery into the sdcard's root and going through a terminal emulator on the phone to overwrite the file... but I rebooted the phone without running "chmod" on the newly overwritten file and the Infuse bricked so bad that even the battery in off-state refused to refresh.
I understand and accept what I did should be labelled as 'idiotic', but I did manage to wait at the Samsung logo until adblinux recognized the device and eventually restored the original recovery back to "system/bin" (I also found out adblinux didn't have permission to run chmod in the "system/bin" directory).
So... A few questions before I continue:
Why did (pushing the old recovery) work? ADB initially did not recognized the phone, but then the Infuse came up as "I997ae56e13f recovery" -- why was the name now 'recovery?'
And why does running "./adblinux reboot recovery" brings back the bootloop? (In fact, I cannot enter recovery mode, so something is still wrong -- the recovery file is not 755 and I can't chmod a read-only file-system either from adb or via super-user terminal. The temp-root method times out.)
OK, now I'm going home. I'll probably still try to re-install SuperUser. Maybe that will allow adblinux to run "su" in shell, but I'm not going to try anything too extreme.
Click to expand...
Click to collapse
I am curious how adblinux differs from the linux compiled version of adb. Usually it's just called adb.
Anyway, if you are using a Linux OS, and you pulled the original recovery to your PC before overwriting it, it should maintain it's permissions. Likewise, a push would set the permissions like they were on the host PC as well. They say to chmod afterward, because if you are using a windows packaged/downloaded file, or pushing with a Windows PC, the permissions could be anything in the end (rarely what you really want).
As to why the device name changes, not sure. Device names change based on the ROM installed (not always serial number), so it's not out of the question that recovery could tack on something else.
With above, problem is, even with Linux, it doesn't always line up so permissions can be influenced in a push but you may not get what you were asking for. Try chmod 755 the recovery on the local side and adb push the recovery again, after making a backup of the recovery that is there and see if it continues to bootloop.
If all else fails, as long as you have download mode, you can always use ODIN (or Heimdall) to go back to stock (albeit newer Gingerbread). Option A gives you root only, option D, root + recovery (CWM).
Hope this helps.
Thanks for replying!
joel.maxuel said:
I am curious how adblinux differs from the linux compiled version of adb. Usually it's just called adb.
Click to expand...
Click to collapse
I.. have no idea actually. I don't know how to configure Wine to properly emulate an environment for the Windows ADB and I can't get the correct phone-drivers for my WinXP system. (Kleis won't recognize the rooted phone, though if I leave the phone plugged in while installing Kleis, it will interrupt with a "Samsung Mobile Device connected" message.)
joel.maxuel said:
They say to chmod afterward, because if you are using a windows packaged/downloaded file, or pushing with a Windows PC, the permissions could be anything in the end (rarely what you really want).
With above, problem is, even with Linux, it doesn't always line up so permissions can be influenced in a push but you may not get what you were asking for. Try chmod 755 the recovery on the local side and adb push the recovery again, after making a backup of the recovery that is there and see if it continues to bootloop.
Click to expand...
Click to collapse
Unfortunately I can't chmod and push at the same end.
-I tried changing the permissions of recovery file on my PC, but I wouldn't be able to push it onto the "system/bin" directory in the phone.
-I tried changing the permissions on the existing "/system/bin/recovery" file, but the phone says it's a read-only filesystem.
-I tried chmod from the phone in a different directory, but I can't move the file into the "system/bin" directory (cross-device link), delete the existing recovery file (read-only filesystem), and.. why don't I have the copy command?
joel.maxuel said:
If all else fails, as long as you have download mode, you can always use ODIN (or Heimdall) to go back to stock (albeit newer Gingerbread). Option A gives you root only, option D, root + recovery (CWM).
Click to expand...
Click to collapse
I thought flashing with Odin/Heimdall required access to recovery (to wipe all user data and cache folders either before or after the flash).
Without a recovery mode to boot into, won't I be sunk if things go wrong?
Also, I seem to have a different Heimdall frontend, one that doesn't have slots for PDA. It might be because I'm using an newer/older (1.3.1) edition from Ubuntu 12.04 (the official downloads page only has it for 12.10~13.04 editions of my OS), so I'm probably going to have to command-line it.
Code:
heimdall --verbose flash --factoryfs factoryfs.rfs --cache cache.rfs --modem modem.bin --kernel zImage
Look about right? (No partition image table from the tarball found in that forum link?)
Justin20 said:
I.. have no idea actually. I don't know how to configure Wine to properly emulate an environment for the Windows ADB and I can't get the correct phone-drivers for my WinXP system. (Kleis won't recognize the rooted phone, though if I leave the phone plugged in while installing Kleis, it will interrupt with a "Samsung Mobile Device connected" message.)
Click to expand...
Click to collapse
There is adb for Linux, I think adb is natively Linux anyway (the Windows version being the port). Don't have to worry about drivers if in Linux, due to the native support. If using Debian, Ubuntu (or any other Debian derivative), just need to run:
Code:
sudo apt-get install adb
But judging by immediately below, a different version of ADB probably won't change much.
Justin20 said:
Unfortunately I can't chmod and push at the same end.
-I tried changing the permissions of recovery file on my PC, but I wouldn't be able to push it onto the "system/bin" directory in the phone.
-I tried changing the permissions on the existing "/system/bin/recovery" file, but the phone says it's a read-only filesystem.
-I tried chmod from the phone in a different directory, but I can't move the file into the "system/bin" directory (cross-device link), delete the existing recovery file (read-only filesystem), and.. why don't I have the copy command?
Click to expand...
Click to collapse
'cp' should exist, be interesting if it did not. A different ADB could change the outcome (#1), but as pointed out before, you probably won't get the permissions you wanted in the end. Outcomes 2 and 3 would end up being the same, as the device is mounted read only.
You may get lucky with this:
Code:
adb shell mount -o remount,rw system
If root has any influence with this ADB session, it will remount your /system so you can chmod your recovery file on the device end.
Justin20 said:
I thought flashing with Odin/Heimdall required access to recovery (to wipe all user data and cache folders either before or after the flash).
Without a recovery mode to boot into, won't I be sunk if things go wrong?
Click to expand...
Click to collapse
My understanding is that it is completely separate, as the process will replace recovery to stock as well. But just in case, keep this one as a last resort.
I never used Heimdall, just ODIN through a WinXP Virtual Machine (only heard about Heimdall later), but when I used ODIN, I never had any problem with these generic drivers (adbsetup-1.3):
http://dottech.org/21534/how-to-ins...ows-computer-for-use-with-your-android-phone/
Wow, I wish I took better notes last week. I had to go elsewhere and come back to this project and whatever progress I had made, I think I'm starting over from scratch.
I still can't mount/remount the system folder from anywhere (via ADB under Win/XP and Linux/Ubuntu 12.04); running "su chmod" from the phone still gives a permission denied, changing from Superuser to SuperSU didn't do anything (both programs did find the SU binary to be outdated), and adding a Busybox APK did not add a 'copy' function to my terminal emulator (on the phone) so running an ADB shell would be limited in that regard as well.
I'm going to have to take the phone to a McDonald's and attach a Google account to it. (I would have liked to have done all this offline somehow.)
joel.maxuel said:
when I used ODIN, I never had any problem with these generic drivers (adbsetup-1.3):
http://dottech.org/21534/how-to-ins...ows-computer-for-use-with-your-android-phone/
Click to expand...
Click to collapse
How did you manage to get your virtual OS to go "online?" When I tried installing the Google device drivers that came with adbsetup, a big red "X" popped up (Install failed).
I saw that there was a Java-based ODIN, but it's Java 8.0. Should I be using a later/earlier version of Odin/Heimdall? The latest versions don't support my OS (surprising since they support the latest, 14.04, and 12.10 but not anything between or 12.04, the other big release). The existing XDA threads all use Odin/Heimdall 1.1 -- the 1.3 version I have does NOT look like that (and does not have the "PDA" options in the GUI).
Justin20 said:
How did you manage to get your virtual OS to go "online?" When I tried installing the Google device drivers that came with adbsetup, a big red "X" popped up (Install failed).
Click to expand...
Click to collapse
Did the adbsetup binary change? I remember a DOS install process, so there shouldn't have even been a setup wizard (graphical anyway).
Anyway, to get the virtual OS to recognize, need to right click on the devices icon on the bottom status bar (at least in VirtualBox), looks like a USB drive, and select Android, or whatever pops up.
Hope this helps. Also, did the shell remount mentioned earlier have any effect (using adblinux)?
Sent from my Asus MeMO Pad 8"
joel.maxuel said:
Did the adbsetup binary change? I remember a DOS install process, so there shouldn't have even been a setup wizard (graphical anyway).
Click to expand...
Click to collapse
The DOS prompt process begins a driver install. From there, the Setup Wizard popped up.
joel.maxuel said:
Anyway, to get the virtual OS to recognize, need to right click on the devices icon on the bottom status bar (at least in VirtualBox), looks like a USB drive, and select Android, or whatever pops up.
Click to expand...
Click to collapse
Another bad sign: nothing pops up.
As for using mount/remount, the option "remount" was not found. (It would scroll down the whole list of options and switches.)
I think it's time for me to give up the ghost on fixing this issue. I still don't know how I managed to foul it up in the first place because I tried repeating it (entering the command-prompt from the phone, entering superuser, and moving files into "/system/bin") to no avail. So there is a modified 3e recovery file in "/system/bin" without the correct permissions that's preventing the phone from entering recovery mode (and slowing up the boot-up process and "battery recharge" icon when powered off), but other than that the device works, so that's something.
I still would like to try flashing the entire thing with ODIN/Heimdall if I could get either to work. (I ran the latest Heimdall, 1.4.0 32-bit, under WinXP only to find it was not a valid binary. The various Open Disk-Imager in a Nutshell (ODIN) apps out there, but nothing looks like those used on these forums (and did not include a PDA option).
Justin20 said:
The DOS prompt process begins a driver install. From there, the Setup Wizard popped up.
I still would like to try flashing the entire thing with ODIN/Heimdall if I could get either to work. (I ran the latest Heimdall, 1.4.0 32-bit, under WinXP only to find it was not a valid binary. The various Open Disk-Imager in a Nutshell (ODIN) apps out there, but nothing looks like those used on these forums (and did not include a PDA option).
Click to expand...
Click to collapse
The correct version of ODIN will be packaged with whatever image you choose. Just find a windows machine lying around, install the adbsetup drivers, and flash away. Hope this helps.

Help with SELinux - rooting a new device

Evening all,
I have a Vivo V3 Max (www.vivoglobal.com) which runs Android 5.0.1 (no Marshmallow ROM yet!). It has never been able to be rooted and I am on a mission to do it.
The progress I've made so far is as follows:
1. Got a custom TWRP recovery image flashed and working on the phone so I can boot into recovery. This recovery has full root access to everything.
2. Modified the boot image so that ADB runs as root (insecure mode). This allows me to have a full root shell via ADB when the phone has fully booted as normal. Also modified the fstab to make /system world writable.
3. Installed various "recovery flashable ZIPs" to no avail - it puts all the files (su in /system/xbin etc) in the right place but still no root access.
4. Manually created the required files and symlinks myself, which resulted in the same as 3) above.
I am now at the stage where I realise that it's SELinux not allowing the full root to go through in normal userspace. I can run setenforce 0 (and also su 0 setenforce 0) via ADB to make SELinux permissive, but still I get "/system/bin/sh: su: Operation not permitted" when running SU from a Terminal Emulator app.
Is there anyone out there who can help me with the SELinux side of things to allow /system/xbin/su to run? Also tried systemless with Magisk but same result. Vivo do not release kernel sources for any of their products so I'm stuck with what I have. I do at least have read/write access to all partitions on the device though, so if theres any modifications I can make then I'm happy to try them. I have a full NAND backup of the entire thing.
I have tried using supolicy etc to inject rules, but I'm not really sure what I should be injecting.
Any seasoned developers willing to help me out? My background is in PHP, C#, VB.NET and Windows Servers but I'm OK with Linux too.
Many thanks!
I have attached the output on supolicy --dumpav in case it is useful.
Just a quick update on this... I managed to find a ROM for a very similar device hardware-wise, which was pre rooted. After tweaking the boot image to allow it to run on my device, I could see that /system/xbin/su still had no permission to run. This was despite the fact that the security policies from the other device was copied directly to mine, and on that other device full root access is possible using the exact same ROM that I ported.
I am therefore left with the conclusion that it doesn't matter how many rules I inject to sepolicy or how many domains I modify, the kernel is the limiting factor here. Since Vivo do not release the kernel sources for any of their devices I guess I'm screwed. Would this be against the GPL and is something I can take up with Vivo? I'm gutted...

Categories

Resources