Hello everyone,
I purchased one of the latest revisions of the D2 Tablet Platinum (model# 751G_MZ) and tried every single rooting method I could find, not a single one worked on this tablet, even tried paid version of super-oneclick root and it says wait for new version! I ran out of software options to root the tablet. I WAS able to manually push su binary into the /data/local/tmp folder that is used to root the older 751G but it did not correct the permissions or put the su binary into /system/bin and /system/xbin.
I figured I was out of software methods so I took the best route and now have a completely hacked and 100% brickproof tablet. even tablets that are completely wiped out and appear to be off are recoverable now. this includes the "M6 USB" mode that means no bootloader is installed. What I did is outlined below, bear with me as I am not good with explaining things but the pictures should speak for themselves. after pushing the files into the /data/local/tmp folder I needed a way to move them and correct the permissions. knowing that recovery mode is able to flash and change things with root privs on almost all tablets.
After I added a Serial UART port to my tablet(see pictures) I booted into recovery mode and opened a serial console, I am able to modify u-boot parameters as well as debug and change just about everything. I mounted the /system partition from the root shell in serial terminal and moved the files using busybox cp, then chmod 06755 su to correct permissions. I then rebooted into android and installed superuser and sucess. I have root and much much more! I am gonna work on finding a way to do this using software but I could use some help with this. If anyone has questions please don't hesitate to ask.
Their are many pictures that would be very interesting to tablet users in general, please click the link below to see the full album to see my modifications.
http://s281.photobucket.com/user/UR2EZ4ME/slideshow/D2-Tablet
BinaryDroid
Michael Pizzileo
Now that I have a brick-proof AML8726MXS based Tablet, I am going to be porting CM10 to the device. I ran into an issue with unpacking the non-standard boot images but i'm writing a script right now that will handle the new format used since no tool exists for this platform, only the older AML8726MX and AML8726M1/M3. if anyone knows of any unpack tools for this platform it would save me time later on when it comes time to build CWM for the Digital2 Platinum Tab. after that i should be all ready to do a test build using source tree from older platform as a base.
BinaryDroid
Michael Pizzileo
I have just ported Clockworkmod to the tablet as well as created a software rooting method that anyone can do. I am doing some final bugfixes to the CWM so it mounts the Internal flash as well and then post a full guide on how to root the tablet. I am hoping others with the tablet or pick up this great $89 1024x600 Dual core A9 1.5GHZ 1GM Ram tablet so others can help with developing better ROMS for it. its a slow process doing the full CM10 port myself lol. I'll keep everyone posted and look forward to any questions or comments.
Binarydroid.
Double post..
awesome work! do you think a similiar method could work on newer fire tablets? i
Old but firmware still available in case someone needs it. Was already when this thread was written.
Now at http://web.archive.org/web/20150402...on=com_content&view=article&id=237&Itemid=423
Rooting should have been easy enough. Just keys file needed to be changed
to a test version... in the recovery file that is....
Hi every one
just need to confirm from professional people here , i need to edit build.prop on my A9 device without rooting so that i could make some connection with my car screen (stupid screen accept only Samsung and LG) , Is that possible?
amro ibrahim said:
Hi every one
just need to confirm from professional people here , i need to edit build.prop on my A9 device without rooting so that i could make some connection with my car screen (stupid screen accept only Samsung and LG) , Is that possible?
Click to expand...
Click to collapse
First, this question gets asked A LOT so a simple search here or google will show numerous others asking this and their findings. It doesn't matter if its not specifically referring to HTC A9 or in this specific forum either.
That being said....to answer your question.....NO! ^_^ You will most likely need root to even access the system root folder where your build prop. You may find it using some app possibly that doesn't require root, open it and change values, HOWEVER, you will never be able to save these changes without root, sorry.
If you are knowledgeable on unpacking system images or have firmware.zip/tar etc that you can dig through and find the build prop, edit it on windows/linux/mac repack or rezip and flash it successfully....thats one way.
Another way would be to use ADB to pull what you want and push it back to system afterwards.....but not to sure as my phone(s) usually are rooted and never tried to use ADB unrooted. Somethings tells me that this too won't work but go for it.
mcbright80 said:
First, this question gets asked A LOT so a simple search here or google will show numerous others asking this and their findings. It doesn't matter if its not specifically referring to HTC A9 or in this specific forum either.
That being said....to answer your question.....NO! ^_^ You will most likely need root to even access the system root folder where your build prop. You may find it using some app possibly that doesn't require root, open it and change values, HOWEVER, you will never be able to save these changes without root, sorry.
If you are knowledgeable on unpacking system images or have firmware.zip/tar etc that you can dig through and find the build prop, edit it on windows/linux/mac repack or rezip and flash it successfully....thats one way.
Another way would be to use ADB to pull what you want and push it back to system afterwards.....but not to sure as my phone(s) usually are rooted and never tried to use ADB unrooted. Somethings tells me that this too won't work but go for it.
Click to expand...
Click to collapse
Actually i searched a LOT but i have found the TWO answers "Yes you can" AND "No you can not" , also people says yes you can giving steps i have no idea about it like this one
1. Make a process which executes "getprop" from the "/system/bin/getprop" directory and initialize the String which we want to get (ro.board.platform in example).
2. Make a BufferedReader which gets the value (String) by retrieving the data from a inputStreamReader().
3.Convert the BufferedReader to String.
. That is why i asked here again to get clear answer which i get it and many thanks for you
amro ibrahim said:
Actually i searched a LOT but i have found the TWO answers "Yes you can" AND "No you can not" , also people says yes you can giving steps i have no idea about it like this one
1. Make a process which executes "getprop" from the "/system/bin/getprop" directory and initialize the String which we want to get (ro.board.platform in example).
2. Make a BufferedReader which gets the value (String) by retrieving the data from a inputStreamReader().
3.Convert the BufferedReader to String.
. That is why i asked here again to get clear answer which i get it and many thanks for you
Click to expand...
Click to collapse
LOL i understand the frustration. I also spend a ridiculous amount of time scouring forums and any other place online for the many questions i need help with only to get fractured/incomplete answers or conflicting ones like you stated where it seems like the answer is both yes and no or whatever....its a real pain. Truthfully, I said you wouldn't be able to do this without root due to the level of difficulty of the other options trying without root. Creating bufferedreader etc is all Java Programming. You will need a decent working knowledge of java programming to be able to do what that guide was talking about.....i figured you might not have that so I said that NO to your question here. I know some of what that guide was explaining enough to create some of that they described but still not enough to feel comfy attempting. Your best option, i think, will be to extract the build prop from a stock.img and repack the system.img after editing the build.prop. Use 7zip to unzip/rezip the system.img and notepad++ to open/edit the build.prop and flash image in your recovery. You could also use Android Kitchen if you can. Plenty of tutorials on this. I linked two below for ya though. '
What were you looking to edit in the Build.prop anyhow? I assume you are disinclined to root/unlock bootloader for warranty issues correct?
BTW, sorry for such a late response...I am not always here for days at a time usually so.....
dsixda's Android Kitchen - http://forum.xda-developers.com/showthread.php?t=633246
Super-Rs - http://forum.xda-developers.com/chef-central/android/kitchen-superrs-kitchen-t3202296
mcbright80 said:
LOL i understand the frustration. I also spend a ridiculous amount of time scouring forums and any other place online for the many questions i need help with only to get fractured/incomplete answers or conflicting ones like you stated where it seems like the answer is both yes and no or whatever....its a real pain. Truthfully, I said you wouldn't be able to do this without root due to the level of difficulty of the other options trying without root. Creating bufferedreader etc is all Java Programming. You will need a decent working knowledge of java programming to be able to do what that guide was talking about.....i figured you might not have that so I said that NO to your question here. I know some of what that guide was explaining enough to create some of that they described but still not enough to feel comfy attempting. Your best option, i think, will be to extract the build prop from a stock.img and repack the system.img after editing the build.prop. Use 7zip to unzip/rezip the system.img and notepad++ to open/edit the build.prop and flash image in your recovery. You could also use Android Kitchen if you can. Plenty of tutorials on this. I linked two below for ya though. '
What were you looking to edit in the Build.prop anyhow? I assume you are disinclined to root/unlock bootloader for warranty issues correct?
BTW, sorry for such a late response...I am not always here for days at a time usually so.....
dsixda's Android Kitchen - http://forum.xda-developers.com/showthread.php?t=633246
Super-Rs - http://forum.xda-developers.com/chef-central/android/kitchen-superrs-kitchen-t3202296
Click to expand...
Click to collapse
Thanks again for your replay , actually i still trying to proceed your way .. i think i am too close to do it , but you know after one or two hour of Trying&searching i say to my self let us unlock this phone and finish this matter .. any way i am using the Android Kitchen and i hope i could do it
(NOTE: this post is a duplicate of a similar thread I started on the Android Central user forum)
Hello everyone,
In the continuing saga of the Leagoo T5C i bought before the holidays from GearBest, I've seen the good (the price and overall build quality, along with a reasonably good user experience), the bad (some notifications that I just can't get rid of, among other things), and I now present you the ugly: after watching a review video on YouTube about my device, I learned that it came loaded with a Trojan called "Gorilla.AM"...
***EDIT: apparently, the Trojan's name could actually be "Guerrilla.AM", I'm not sure.***
Needless to say, I did as the tester had, and installed Malwarebytes, which, sure enough, found the exact same Trojan on my device.
You can watch the video here: https://www.youtube.com/watch?v=R5l3z7BvBtk
It so happens that it's embedded in Leagoo's own application launcher, called Sujet (in French; maybe it's called "Subject" in English, I don't know). I can force quit the application, since I use another launcher called Apex (good pick, by the way), but Malwarebytes can't seem to shake the Trojan off my device nonetheless.
A quick search on Google gives very little in the way of information about this malware, but I'd like to be on the safe side, so I came here.
Any contribution would be welcome at this stage.
Hi. I've seen your post on a french-speaking forum but for my own reasons I don't want to help there, too many morons.
Leagoo is well-known for smartphones with built-in spyware/adware. I've had both a Z5 and a M5 and both had such crap in the stock firmware.
This one is new to me but you'll probably have to follow the same steps to get rid of it.
Try
Code:
adb shell pm disable <internal name of that launcher>
first (from a PC connected to the device with ADB - zillions of tutorials available for this)
The internal name can be found by guessing or by using one of the many apps that will show you the information. One is https://play.google.com/store/apps/details?id=com.csdroid.pkg
If that fails, try adding "-k -user 0" to the command line.
If it fails again (denied) then you have no choice but to root your device first, then use this pm command from a root shell or directly delete the folder for "Sujet/Subject" from /system/app or /system/priv-app where you'll find it.
Lannig said:
Hi. I've seen your post on a french-speaking forum but for my own reasons I don't want to help there, too many morons.
Leagoo is well-known for smartphones with built-in spyware/adware. I've had both a Z5 and a M5 and both had such crap in the stock firmware.
This one is new to me but you'll probably have to follow the same steps to get rid of it.
Try
Code:
adb shell pm disable <internal name of that launcher>
first (from a PC connected to the device with ADB - zillions of tutorials available for this)
The internal name can be found by guessing or by using one of the many apps that will show you the information. One is https://play.google.com/store/apps/details?id=com.csdroid.pkg
If that fails, try adding "-k -user 0" to the command line.
If it fails again (denied) then you have no choice but to root your device first, then use this pm command from a root shell or directly delete the folder for "Sujet/Subject" from /system/app or /system/priv-app where you'll find it.
Click to expand...
Click to collapse
Hi,
OK, first off, thanks for the reply. Secondly, as I've stated before, I'm new to Android, and though I know my way around the command line in both Windows, Linux et OS X (not so much macOS: my MacBook Pro is 12-years old...), I suppose there are some things to set up first, before you can actually do what you suggest.
I understand that ADB stands for Android Debug Bridge, so is it an existing functionality in, say, Windows, that you can trigger from the command line, or a third-party software you have to install first?
On the Android side, what action should I take? Any Developer command to enable/disable to let ADB interact with my device the way it's supposed to?
Yes, you need to enable debug mode on your phone too. I could refer you to one of the zillion tutorials available on the net, but here's a summary.
Go to settings > about... (à propos)
Make at least 7 rapid touches on the line that says "build number" or its french translation.
This will make a new settings menu available from the main settings page: developer options
In this new menu, enable USB debugging.
Then you need to install ADB on your Mac and I'm at loss to help you there because I'm totally foreign to Macs. Never used one.
This seems like a good start: https://www.xda-developers.com/install-adb-windows-macos-linux/
Note: you may also try issuing the commands mentioned above from a terminal emulator running directly on your Android device, although I'm told that it's not exactly the same thing protection-wise.
Install this: https://play.google.com/store/apps/details?id=jackpal.androidterm and try typing the commands from the emulator window. If it works, no need for ADB (although having ADB will probably prove useful sooner or later and I encourage you to take the step).
EDIT: forget the guys from Phonandroid, they're brain-damaged beyond help
Lannig said:
Yes, you need to enable debug mode on your phone too. I could refer you to one of the zillion tutorials available on the net, but here's a summary.
Go to settings > about... (à propos)
Make at least 7 rapid touches on the line that says "build number" or its french translation.
This will make a new settings menu available from the main settings page: developer options
In this new menu, enable USB debugging.
Then you need to install ADB on your Mac and I'm at loss to help you there because I'm totally foreign to Macs. Never used one.
This seems like a good start: https://www.xda-developers.com/install-adb-windows-macos-linux/
Note: you may also try issuing the commands mentioned above from a terminal emulator running directly on your Android device, although I'm told that it's not exactly the same thing protection-wise.
Install this: https://play.google.com/store/apps/details?id=jackpal.androidterm and try typing the commands from the emulator window. If it works, no need for ADB (although having ADB will probably prove useful sooner or later and I encourage you to take the step).
EDIT: forget the guys from Phonandroid, they're brain-damaged beyond help
Click to expand...
Click to collapse
OK, thanks for the heads-up; I've already installed a Terminal emulator on the phone, so I'm gonna give it a go in a moment. I concur about Phoneandroid, alas: I've just received flak from one of the moderators because I'd double-posted on the same subject, whereas I'd just posted one thread, in the wrong part of the forum, according to him. Go figure...
OK, please feed back on your attempts, both from terminal emulator and through ADB.
Alas, I suspect that root will be required. It was for me on my Z5 and M5 to get rid of Leagoo's crapware.
Phonandroid is a bunch of losers with bloated egos posing as experts when 2/3 of the replies given are total BS.
"Er, Houston, we've had a problem..."
On Windows: "ADB is not a recognized name for a command applet..."
On OS X: "adb: command not found"
Stumped, I am...
"Er, Houston, we've had a problem..."
On Windows: "ADB is not a recognized name for a command applet..."
On OS X: "adb: command not found"
Stumped, I am...
(Additional question, not quite related: Aida64 indicates that my device runs a 4.4.49 version of the Android kernel, when the current version for Android 7.x is supposed to be 4.4.1; how does that compute--no pun intended--with my issue?)
Missing adb command is because the adb.exe (Windows) or adb (Mac) file is not in the command path. Either make the folder that contains the adb[.exe] file the current folder using the cd command or use whatever context menu for opening a command line window within the currently selected folder works, or even add that folder to the PATH variable. Google "add directory to path" for Windows and MacOS.
No idea about the kernel version. Minor kernel versions may vary within an Android release. Not surprising and most definitely unrelated to your problem. The crapware certainly isn't part of the kernel. It's most likely a system app i.e. a folder within either /system/app or /system/priv-app folders. You can't delete it without root, but you might be able to disable (freeze) it with the commands I gave you.
OK, thanks. I did "cd" to the folder where I had unzipped ADB on Windows (on the Mac, when I tried to open the ADB executable, I got a "cpu not supported" error message in the Terminal, as I feared, since my MBP is 32-bit-only, and most Mac applications nowadays only support 64-bit CPUs), and still got the "adb unrecognized command" error in PowerShell.
The phone was plugged in, and the right USB mode, so I'm still a bit baffled here. Gonna try it again with a different approach. Will keep you posted.
Over and out...
OK, here's what I got: "Error: java.lang.SecurityException: Shell cannot change component state for com.leagoo.launcher3/null to 2"
Basically, from my poor understanding of how Android works, it's root or die, right?
UglyStuff said:
OK, here's what I got: "Error: java.lang.SecurityException: Shell cannot change component state for com.leagoo.launcher3/null to 2"
Basically, from my poor understanding of how Android works, it's root or die, right?
Click to expand...
Click to collapse
I see that this phone has 7.x android. So, a Magisk Systemless flash might work. After rooting your device, get a good launcher integrate it to /system. Then delete your stock launcher all together.
Tell me if this works.
---------- Post added at 01:23 PM ---------- Previous post was at 01:20 PM ----------
rhn19 said:
I see that this phone has 7.x android. So, a Magisk Systemless flash might work. After rooting your device, get a good launcher integrate it to /system. Then delete your stock launcher all together.
Tell me if this works.
Click to expand...
Click to collapse
If you are new to this, use an app from play store for uninstalling and integrating apps.
Hi,
Yes, like I said, I'm a newbie when it comes to Android, so I'll abstain from rooting my device for now, but I'll keep your suggestions under advisement, because I suppose there'll be no other option in the long run. I'm gathering info on how to safely root a device.
I've done countless jailbreaks on iPhones, and it was always absolutely painless, but then, I had better understanding of how iOS works than I have Android, so until I know more about the OS, I'll keep my phone as it is.
Thanks again!
UglyStuff said:
Hi,
Yes, like I said, I'm a newbie when it comes to Android, so I'll abstain from rooting my device for now, but I'll keep your suggestions under advisement, because I suppose there'll be no other option in the long run. I'm gathering info on how to safely root a device.
I've done countless jailbreaks on iPhones, and it was always absolutely painless, but then, I had better understanding of how iOS works than I have Android, so until I know more about the OS, I'll keep my phone as it is.
Thanks again!
Click to expand...
Click to collapse
Jailbreaking vs Rooting is like 5-1 on difficulty level. Because Android is Open source while IOS is not. I would highly suggest you Root it if your phone does not have warranty. After all something that is on /system partition like your launcher will need superuser access to modify it. I cannot think of a way that wont void your warranty.
You can flash TWRP and then boot into aroma-fm but that will void your warranty. Rooting is the preferred option here.
Yeah, well, the phone is brand-new, and still under warranty, but that's not what's holding me back: I'd rather not brick it, most of all, because I need it, if not as my main phone, at least for connectivity.
I've read tutorials on this very website about using TWRP to flash a new baseband, but I'm curious about what firmware to choose, where to download it from to be sure it's not laden with bad stuff, and how sure I'll be to have an operable phone afterwards.
UglyStuff said:
Yeah, well, the phone is brand-new, and still under warranty, but that's not what's holding me back: I'd rather not brick it, most of all, because I need it, if not as my main phone, at least for connectivity.
I've read tutorials on this very website about using TWRP to flash a new baseband, but I'm curious about what firmware to choose, where to download it from to be sure it's not laden with bad stuff, and how sure I'll be to have an operable phone afterwards.
Click to expand...
Click to collapse
Why do you want a new firmware? I don't get you man, do you want to clear out the malware or try a new ROM? Because i think you would have to build a new ROM, there is not one available i guess.
That's the thing: the malware on my phone is part of the application launcher installed by the OEM. In other words, it's embedded inside the ROM. If I root my phone and somehow manage to get rid of this launcher, what's to tell me that Leagoo won't push it silently back onto my device under the disguise of an update?
I don't know what to do here. I understand that based on stock Android, each OEM applies a certain number of modifications to accommodate the hardware it used to build the phone, and since the SoC is brand-new, I gather there aren't many drivers available, unless I leave the current baseline in place.
I'm kinda caught between a rock and a hard place here...
UglyStuff said:
That's the thing: the malware on my phone is part of the application launcher installed by the OEM. In other words, it's embedded inside the ROM. If I root my phone and somehow manage to get rid of this launcher, what's to tell me that Leagoo won't push it silently back onto my device under the disguise of an update?
I don't know what to do here. I understand that based on stock Android, each OEM applies a certain number of modifications to accommodate the hardware it used to build the phone, and since the SoC is brand-new, I gather there aren't many drivers available, unless I leave the current baseline in place.
I'm kinda caught between a rock and a hard place here...
Click to expand...
Click to collapse
If you use malwarebytes after root that thing wont happen. And almost all of the OEMs have a trigger which voids when rooting or flashing firmware. After that the OEM wont give you updates unless you use the A/B partitioning system.
OK, I understand how rooting my phone would void the warranty: after all, it's a substantial change in the phone software, and the OEM can't be made responsible for any mishap that occurs after I've rooted the phone.
What's the A/B partitioning system (I suppose it helps partition your storage space)? I don't have a microSD card installed (I use the slot for my second SIM), but I do have 32 Gb of storage space, minus what's already used up.
Do you know KingRoot? Is it as good and (reasonably) safe a rooting tool as they say it is?
Hi all.
I'll make my apologies if this post is in the wrong place or against any rules, if so sorry for creating more work for the mods!
I dabble in Linux, so bear with me here. I am not a complete noob, but to some of you folks here, I am certainly in the gutter of the pecking order
So I got a cheap Amazon Kindle Fire 7" 2019 model, and thanks to this forum have used diplomatic's mtk-su tool to get superuser (su/root) on adb and Termux, which has allowed me to get rid of a lot of Amazon bloat and data collection, and system apps that just aren't useful, replace the launcher and generally make this tablet useable.
I have not, as of yet, installed a modified boot loader/twrp/magisk stuff. I am trying to avoid that route, as there is quite a chance of me messing up and I am destructive when trying to take things apart (maybe unplug battery required).
On to network interface security.
I've installed NetGuard, read a lot and understand the idea behind how it works. Dump unwanted traffic to a sinkhole VPN connection.
I would like to utilise iptables. After using mtk-su in termux, I can access and create rules and these apply instantly. All seems to work as expected, however, as we all know iptables rules are not persistent and a reboot clears them all out and replaces with the stock ruleset - which is a bit too open and has strange stuff in it.
Q:
Run a my_rules script on startup.
So I can write a .sh script with the iptables rules I want applied. It won't have root permission and won't run, but if executed at boot time by another script? ( .rc ) which does have permission to do root things, the script should run, rules be applied and I can be happy.
For one thing, I am not sure quite where to add my script. I have read somewhere that the .rc files I can see are actually created from a secure/encrypted/compressed store which is uncompressed at boot time. So editing an .rc file which is freshly created is pointless.
Secondly, I guess import <name of script -no.sh extension->? won't work, and will probably need service <name of script> and oneshot or another command.
Am I going to have to go the twrp/magisk route? Do I really need to make changes to more than I can access with root and a terminal on the running device?
Thank you for your time and patience to read this post.
I am obviously not reading enough!
It seems the /system/ folder is all read-only. I can't even "cp /system/bin/install-recovery.sh /system/bin/install-recovery_bak.sh" to back up the existing.
Will try mounting /system as rw, maybe.
*edit*
OK, a major problem is that /system is not writable. mount -o remount,rw /system or /dev/block/dm-0 looks like it works but the location still cannot accept new files created or changes to existing files.
There seems to be a watchdog or something running which prevents changes to the mounting here.
So, I conclude this is what people mean by rooting - booting a modified system which allows access to these such places. Having su in a terminal /adb is all great, but still can't do everything - opens up the opportunity of going further and changing boot loader, twrp and magisk though.
Sigh, I was hoping to avoid that path.
I can, at least, launch a small shell script which would leverage mtk-su to run and write my iptables rules into the running system. But this would be a manual exercise and I am bound to forget to apply it.
If mods wish to delete this thread, I have no objection. but maybe it might help someone else in my situation to understand a little more or maybe not.
I think I am showing how much of a noob I am here. Sorry.