Related
I think all of you PS3 owners here already know about the Jailbreak tool that allows you too execute unsigned code on the PS3. That opens the console for a lot of homebrew possibilities(mplayer port maybe?). The source code for the exploit leaked and a dev called KaKaRoTo managed to get it to be executed from a N900. Yesterday KaKaRoTo released his souce code and today someone already ported it to the Palm Pre. This quick port was possible because the N900 and Palm Pre both share the same USB controller(mUSB) which happens to be the controller used by the Droid/Milestone.
Here is some info from KaKaRoTo's blog:
Q: How hard is it to port it to a new device ?
A: Well, I’ve just separated my code from the N900 specific stuff, so it’s quite easy, there are mainly two functions to write, one to get and one to set the USB address.. two other functions that only return some static result depending on the configuration of the controller (the name of the endpoints, and whether the controller supports high speed or full speed mode).
Read the README file provided with PSFreedom, and check the psfreedom_machine.c file for specifics on what to implement.
Q: How can I port it to a new device.
A: Well, first, you need to figure out what controller your device uses, in the case of the N900, it’s ‘musb’..
Then go to the driver code for that controller (probably in drivers/usb/gadget) and look for ‘SET_ADDRESS’. In the case of musb, it was in drivers/usb/musb/musb_gadget_ep0.c. In there it was setting the address to the USB device, so just copy that code into the psfreedom_machine.c to allow setting the address, and add a similar function to be able to retreive the address.
Then add a function to return 0 or 1 depending on whether the controller supports HIGH, FULL or LOW speed mode (go to usb_gadget_register_driver for your controller, and in the first lines, it should validate the speed argument, it will tell you which ones are acceptable), set LOW speed mode to return TRUE only if FULL speed isn’t available .
Finally, add a function to return the endpoint names.. it will usually be something like ‘epXin’ and ‘epXout’ (where X is the endpoint number), or “epXin-bulk”, etc.. look at how the driver initializes its endpoints or grep for “->name” in the file to find where it sets it…
That should be enough!
Ok this is it for now with the FAQ. Next time, I’ll tell you all about my experience, what problems I encountered and how I fixed them, maybe it will help others!
Click to expand...
Click to collapse
http://kakaroto.homelinux.net/
Some people over the HTC Desire boards are already working on a port but Desire's controller is a different one(MSM72K) so they might take some time and it will be of no use for us
http://forum.xda-developers.com/showthread.php?t=772795
So, any dev here willing to give it a try?
according to zzg in the desire forum, this is what you need to do. no source changes.
Well you don't really need any changes to get it compiled against Droid's kernel, a quick and dirty way by looking at psfreedom's make file:
make -C /path/to/droid/kernel/source M=/path/to/psfreedom/source ARCH=arm CROSS_COMPILE=/path/to/android_ndk/tree/build/prebuilt/linux-x86/arm-eabi-4.4.0/bin/arm-eabi- EXTRA_CFLAGS=-DENABLE_MUSB_CONTROLLER modules
Click to expand...
Click to collapse
You can get the source from motorola.
Has anyone been successful with the exploit?
On the wiki it shows that it's in progress, but no info on who is working on it
hxxp://psfreedom.com/wiki/index.php?title=Device_compatibility_list
The guys over in the Milestone thread are beginning to get somewhere it seems, and someone in the desire thread said they've almost got the Milestone version working.
Not sure it means anything to the droid-ers though
Ahhhh I want a Droid version! I wish I could code!
Patiently waiting for the Motorola Droid Port....
Anybody know who is working on milestone/droid port?
desolateone1 said:
according to zzg in the desire forum, this is what you need to do. no source changes.
You can get the source from motorola.
Click to expand...
Click to collapse
Tried that. It didn't work, though I'm not familiar with configuring kernels. I have a compsci degree, but I just haven't ever played with them. Didn't figure it'd be as simple as this but thought I'd give it a go for the community... anyone want to give me a new clue?
Edit: I configured the kernel with 'make defconfig'
Where did you get the motorola source kernel?
https://opensource.motorola.com/sf/projects/droid
http://tinyurl.com/droid-ks-ese81
http://android.git.kernel.org/?p=ke...1;hb=34485287cb92a298eb6110926b729bf40bf3ba69
The third link is to the kernel space tree and I took the "snapshot" from there.
Got the NDK from here...
http://developer.android.com/sdk/ndk/index.html
Confirmed working!!!
place linked files on root of sdcard
First do nandroid backup!
Then reboot into recovery fire up adb and
"adb shell"
"#cd /sdcard"
"#flash_image boot boot.img"
reboot into ROM normally
open a terminal
"$su"
"#mount -o remount,rw /system"
"#mv psfreedom.ko /data/psfreedom.ko"
"#insmod /data/psfreedom.ko"
Then do the normal Jailbreak/PSgroove/PSFreedom power off on and quickly hit eject
It will take a little longer to boot (this is good)
Then under the "Game" tab it will show two new icons "/app_home/PS3/Game" and "Install Package Files"
Done using Cyanogenmod 6
Excellent job devs!
Links: hxxp://dl.dropbox.com/u/8949251/psfreedom.ko
hxxp://dl.dropbox.com/u/8949251/boot.img
freehood4all said:
Confirmed working!!!
place linked files on root of sdcard
First do nandroid backup!
Then reboot into recovery fire up adb and
"adb shell"
"#cd /sdcard"
"#flash_image boot boot.img"
reboot into ROM normally
open a terminal
"$su"
"#mount -o remount,rw /system"
"#mv psfreedom.ko /data/psfreedom.ko"
"#insmod /data/psfreedom.ko"
Then do the normal Jailbreak/PSgroove/PSFreedom power off on and quickly hit eject
It will take a little longer to boot (this is good)
Then under the "Game" tab it will show two new icons "/app_home/PS3/Game" and "Install Package Files"
Done using Cyanogenmod 6
Excellent job devs!
Links: hxxp://dl.dropbox.com/u/8949251/psfreedom.ko
hxxp://dl.dropbox.com/u/8949251/boot.img
Click to expand...
Click to collapse
So just to make sure I am understanding correctly you are saying that this method is confirmed working for the droid? If so where did the work come from? Was this recompiled from another platform and if so what is the source?
-Z
zerosignal0 said:
So just to make sure I am understanding correctly you are saying that this method is confirmed working for the droid? If so where did the work come from? Was this recompiled from another platform and if so what is the source?
-Z
Click to expand...
Click to collapse
Yes I have tested and it works, I have already backed up a game, and used the ftp server.
The work came from several people in #PSFreedom on irc.freenode.net
I think you are asking how was the module compiled, afaik it was from a 2.6.32 droid kernel.
Also you should note that when you flash the modded boot image Charging does NOT work you should have adequate battery BEFORE trying and you should flash back to your old boot image with an advanced nandroid restoring the boot image.
freehood4all said:
Yes I have tested and it works, I have already backed up a game, and used the ftp server.
The work came from several people in #PSFreedom on irc.freenode.net
I think you are asking how was the module compiled, afaik it was from a 2.6.32 droid kernel.
Also you should note that when you flash the modded boot image Charging does NOT work you should have adequate battery BEFORE trying and you should flash back to your old boot image with an advanced nandroid restoring the boot image.
Click to expand...
Click to collapse
Awesome! Thanks for the info, I was just wondering where the dev work was coming from. Also thanks a bunch for the boot_image heads up because I was just about to flash it over but wouldnt have been able to test it for a few hours.
-Z
So this may seem like a dumb question but I have the backup manager files and such but am not sure where on the sdcard to place it. Also what is the path you are supposed to use on the hdd (both internal and external) to place backups and write backups?
zerosignal0 said:
So this may seem like a dumb question but I have the backup manager files and such but am not sure where on the sdcard to place it. Also what is the path you are supposed to use on the hdd (both internal and external) to place backups and write backups?
Click to expand...
Click to collapse
Place any .pkg files on the root of a thumb drive thats formated to FAT32
As for backups you can put backups under /dev_hdd0/game/LAUN12345/GAMEZ "This is the path if you are using the original backupmanager.pkg and not some stealth backupmanger"
For games on an external I believe you put a folder named "GAMEZ" on the root of HDD. I haven't tried with external yet, so correct me if I'm wrong.
I will let you know when I get out of work. I have setup and saved my rom with the kernel changes so I can quick change when necessary. Thanks for the update on the file paths as well.
-Z
I'm totally lost right now can someone walk me through on how to do this? I have cm6 on my droid
You essentially are kinda following the same steps for flashing the boot image for getting manual root and some older roms. The instructions are pretty straightforward but make sure that you take a nandroid backup before making any changes.
I am running chevys SS 4.7 rom but I believe the kernel versions should be the same. As soon as I get out of here Ill update with the results.
-Z
Hi all,
I am trying to make sense of how the android system is made up w.r.t to boot/kernel.
I have been looking at the .img files in the build (I built for the "passion" device), and have been googling around to find some more information about the various .img files.
I ran into a nice HOWTO in android-dls.com 's WIKI, titled HOWTO:_Unpack%2C_Edit%2C_and_Re-Pack_Boot_Images (I'm sorry, I'm a new user so XDA won't allow me to post links. I will try to modify my post a soon as I'm granted permission for that)
but I am afraid it is a little outdated:
I have several questions, but I will try to be brief, so I'll focus on
one of them, and if that works I'll proceed to the next questions, all related to "Android bringup for dummy embedded linux kernel experts".
I am fairly aware of differences between different linux
configurations, and I am very familiar with linux bringup concepts, so I will just use common examples from the linux world as my terminology. Hope it will be clear enough.
I understood that boot.img a combination of a kernel (e.g. bzImage in linux) and an initial ramdisk (e.g. initrd.gz), wrapped by some header, as in common linux kernel loading practice (piggy.o etc.).
Now, the aforementioned HOWTO says that the "recovery" image is built on
the same way, and that it is stored on the target's /system/
recovery.img .
I would assume that this would be compound of the ramdisk-
recovery.img, and some other kernel.
Now, the problem is that:
1. This /system/recovery.img does not exist from what I saw (on my
Motorola XOOM tablet)
2. What does exist is /system/boot-from-recovery.p , which is
created during the boot process in obj/PACKAGING/
recovery_patch_intermediates/recovery_from_boot.p .
I saw tons of posts referring to the files, all said that "in order to
replace the rescue disk image, this file needs to be renamed" - but I
am looking for a way to figure out what it is, and how to extract its
contents.
I assume /system/recovery.img is deprecated, is that correct?
3. I did not see any flash devices in /proc/mtd (which is strange).
I searched for hours before sending this post, so I would appreciate
your help. I also posted a similar message at the google android-building group, but it has not been answered yet, and I got the impression that these forums are more active and can help me get where I need.
If it is not the right place to ask the question please let me know -
I just assume this is a general android concept and not device
specific.
Thanks,
Ron
I meant of course /system/recovery-from-boot.p , and not recovery-from.boot.p
-R
Hi,
I don't know if you managed to find out what "recovery-from-boot.p" is, since this is quite an old post, but I think I'll try to help anyway.
recovery.img is not deprecated at all. From my own experience, it looks like "recovery-from-boot.p" is a protection measure introduced in Gingerbread, but not the recovery itself. What it does is replacing any recovery currently installed on the phone with the default one on every boot.
I discovered it after flashing a custom recovery on my Android 2.3.4 phone. It worked, but just during the first boot. The next time I rebooted the phone, the default recovery image was there again. After browsing several sites, I found that "recovery-from-boot.p" is responsible for that.
So, if you flash a custom recovery image on a Gingerbread phone and want to keep it forever, you must delete this "recovery-from-boot.p" from /system, or at least rename it. That way, your new custom recovery will never get overwritten buy the default one, unless you do it yourself.
I hope this helps you and clarifies this question.
Well, it helped me. I'm new to rooting and just came across mention of this file. I am trying to learn 'why' as well as 'how'', so your post was informative.
Was going to ask a dumb question but I figured it out
i need to delet those files
bigrammy said:
Was going to ask a dumb question but I figured it out
Click to expand...
Click to collapse
Hello
can't delete those files >> i am rooted but every time i delete or rename it take permission then nothing happen >> how i can delete them plsssssssssssssssssssssssssssssssssssssss
recovery from boot p
ahmed morsy said:
Hello
can't delete those files >> i am rooted but every time i delete or rename it take permission then nothing happen >> how i can delete them plsssssssssssssssssssssssssssssssssssssss
Click to expand...
Click to collapse
Hey good day. Did you get your problem fixed...? I have an xt912 it has the same file. For days I've been trying to wipe the phone. Tryed rooting it. I tryed reprogramming it. And I got through with all of that. But everytime the phone boots up it goes back to the same state. Then I used a root browser and while exploring I saw this recovery from boot file. I need help. And I don't think I can downgrade the Motorola phones. Thanks in advance.
jman0 said:
Hi,
I don't know if you managed to find out what "recovery-from-boot.p" is, since this is quite an old post, but I think I'll try to help anyway.
recovery.img is not deprecated at all. From my own experience, it looks like "recovery-from-boot.p" is a protection measure introduced in Gingerbread, but not the recovery itself. What it does is replacing any recovery currently installed on the phone with the default one on every boot.
I discovered it after flashing a custom recovery on my Android 2.3.4 phone. It worked, but just during the first boot. The next time I rebooted the phone, the default recovery image was there again. After browsing several sites, I found that "recovery-from-boot.p" is responsible for that.
So, if you flash a custom recovery image on a Gingerbread phone and want to keep it forever, you must delete this "recovery-from-boot.p" from /system, or at least rename it. That way, your new custom recovery will never get overwritten buy the default one, unless you do it yourself.
I hope this helps you and clarifies this question.
Click to expand...
Click to collapse
i have deleted it . then flash recovery ,, but it failed .. it wont even now go to stock recovery itself.. any help..
Does recovery from boot has to do anything with ota update applying ? or it will cause issues in system update ?
I have recovery-from-boot.p in my system and i cant root my phone i cant change the recovery img ... Help?
I hadn't had to deal with this for some time, perhaps because I've updated my devices (Nexus 4, Nexus 5, Nexus 7 '13) with the factory images, with "-w" removed from flash-all, then flashing CWM's recovery, ensure SuperSU was installed, then continuing. Today, I used the new OTA image on my Hammerhead/N5, and recovery-from-boot.p seems to be up to its old tricks again.
Solution is simple.
Flash your alternate Recovery in fastboot, fastboot flash recovery [recovery image file] . Boot into Recovery. Apply/install root app (typically via sideload). Mount /system. adb shell mv /system/recovery-from-boot.p /system/recovery-from-boot.p.bak. Reboot. Done. (If you're unfamiliar with fastboot, adb, and flashing new recovery partitions, you have some reading to do. Commence RTFM.)
I also used to have to move /system/etc/install-recovery.sh but that seems to be gone in Marshmallow. :} Or moved...?
well, after following a guide I have extracted the system.img from a pure-nexus ROM(The ROM I'm currently using), now I can see that "recovery-from-boot.p" file is responsible for recovery lock in my phone. I'll keep it short and straight to the question
"Can I remove this file and rebuild the .dat file and flash it?, so that I won't have any other problems at all"
I want to know if recovery-from-boot.p file is linked to anything other than just locking the recovery or re-flashing it innumerable times.
Hi,
I tried finding a better place to post this, but there are no device forums for the bSquare MDP 8660 probably because its not that common and its a 'development phone'.
I'm using one of these devices in the lab I'm working in and I wanted to see if I could flash Google Apps on it since it comes without any of them (Market, Maps, Gmail, etc.).
Since it has an unlocked bootloader, can I just flash Google Apps (from Cyanogen's website) to it the same way you do it when installing the Cyanogen ROM? Are these files device independent? Or would this be an almost sure way of bricking the phone?
Device website: bsquare.com/snapdragon-mobile-development-platform.aspx
OS: Android 2.3.4
I would really appreciate any guidance/suggestions. Thanks!
gjain89 said:
Hi,
I tried finding a better place to post this, but there are no device forums for the bSquare MDP 8660 probably because its not that common and its a 'development phone'.
I'm using one of these devices in the lab I'm working in and I wanted to see if I could flash Google Apps on it since it comes without any of them (Market, Maps, Gmail, etc.).
Since it has an unlocked bootloader, can I just flash Google Apps (from Cyanogen's website) to it the same way you do it when installing the Cyanogen ROM? Are these files device independent? Or would this be an almost sure way of bricking the phone?
Device website: bsquare.com/snapdragon-mobile-development-platform.aspx
OS: Android 2.3.4
I would really appreciate any guidance/suggestions. Thanks!
Click to expand...
Click to collapse
Most probably yes.
Well here's my advice. Follow at your own risk. It might not probably brick it but there's always the slight risk of stuff going awry.
1) Make a Flash backup.
2) See if you have the system/app folder intact.
3) Flash the Google Market(yes, only the market.)
4) Install whatever the apps you want from the Market.
All Google apps except Market and Talk can be downloaded from the Market. You can of course flash the whole gapps update but downloading this way gives you some peace of mind and chances of avoiding any possible incompatible apps. (Like Voice Search which may not work properly on all ROMs. But, if it's AOSP, all Google apps would work and should work. )
Most of the Google apps would be device independent since most of them would use the Android API and not the native platform.
Flashing custom recovery - didn't work
Thanks for the guidelines.
I tried flashing ClockworkMod recovery so that I could make a backup of the phone, but every time I boot into recovery it shows a blank screen now. ADB doesn't recognize the device either. I tried Amon Ra's recovery and the phone is doing the same thing.
Before flashing any of the custom recoveries, the phone would just show the triangle when booting into recovery. It did show up on ADB though.
Would you have any suggestions on how I should continue? In case its of any use, I do have a package that I downloaded from the manufacturer's website that contains the original boot, recovery, and system images (along with some other files).
gjain89 said:
Thanks for the guidelines.
I tried flashing ClockworkMod recovery so that I could make a backup of the phone, but every time I boot into recovery it shows a blank screen now. ADB doesn't recognize the device either. I tried Amon Ra's recovery and the phone is doing the same thing.
Before flashing any of the custom recoveries, the phone would just show the triangle when booting into recovery. It did show up on ADB though.
Would you have any suggestions on how I should continue? In case its of any use, I do have a package that I downloaded from the manufacturer's website that contains the original boot, recovery, and system images (along with some other files).
Click to expand...
Click to collapse
As I told earlier, I'm not so familiar with the device.
If ADB is not working in recovery, it could either mean that the USB drivers(the drivers in the device, not PC) are corrupted or that the recovery is incompatible.
If CWM recovery you used is 100% compatible with your device(ie other people are using it without issues), it means that you must reflash all your files to factory and then flash a fresh copy of recovery. Simply, you must start it from scratch.
If you have no idea of the compatibility of CWM with your device,
1) Check and see if ADB/fastboot is working well with your device in other modes(boot, system). You can perform a simple file transfer and check the checksum of the original copy and copy on your device to ensure integrity.
2) If ADB/fastboot works well in all other modes but fails only in recovery, flash stock recovery(only recovery) and see if adb is working well. You can do the same thing as before. If adb/fastboot works well in stock recovery but fails in CWM recovery, it probably means CWM is not fully compatible with your device.
If CWM works well, go ahead and make a backup and proceed to flashing market. But, if like I said in 2), if CWM is not fully compatible with your device, proceed with caution.
As an an alternative, if you are going through all these ONLY to get the market, you can extract the market update and push the relevant files to the correct paths in the device using ADB in recovery or bootloader mode.
Installing only the Market app
Hi Nibras,
Sorry for not replying back to you. My college classes got started and I couldn't spend much time on this project.
I liked the idea of just extracting the Market app and installing that (since that is all I really need).
Do you think I could just use the procedure outlined below, even though I won't be doing it on Honeycomb:
Installing Android Market over your freshly installed HoneyComb will require a different approach than just installing an APK.
Make sure you have ADB up and running, and your device recognized. Refer to our guides on what is ADB and how to install it, and how to enable ADB USB drivers for NVIDIA Tegra and Tegra 2 based devices.
Download this version of the Market (2.2.11).
Download GoogleServicesFramework.apk.
Place the files in any folder on your computer and open a Command Prompt window, browsing to that folder.
Enter these commands in the Command Prompt window:
Code:
adb shell mount -o remount,rw /dev/block/mmcblk1p2 /system
adb push Vending.apk system/app/Vending.apk
adb push GoogleServicesFramework.apk system/app/GoogleServicesFramework.apk
adb shell
cd system/app
chmod 6755 Vending.apk
chmod 6755 GoogleServicesFramework.apk
exit
adb reboot
Now go to apps, open the market and sign in. If the Market won’t open at first, reboot and try again and it should work.
Click to expand...
Click to collapse
gjain89 said:
Hi Nibras,
Sorry for not replying back to you. My college classes got started and I couldn't spend much time on this project.
I liked the idea of just extracting the Market app and installing that (since that is all I really need).
Do you think I could just use the procedure outlined below, even though I won't be doing it on Honeycomb:
Click to expand...
Click to collapse
That should work I guess. But, flashing via recovery is just a one step process. =)
Update.zip also does just the above process, I guess. It just saves us a couple of steps. Also, if you make a recovery backup, if anything goes wrong(say boot loop or force close of system at boot), you can revert very easily since recovery is independent of all the other data on phone.
And, I guess you might have to push Talk.apk too. I'm not sure about it though. Some people complained that removing Talk.apk broke the Market authentication.
If you want to push Talk.apk, get the apk file and,
Type adb push Talk.apk system/app/Talk.apk after adb push GoogleServicesFramework.apk system/app/GoogleServicesFramework.apk
Also, type, chmod 6755 Talk.apk after chmod 6755 GoogleServicesFramework.apk.
Btw, you can also ignore Android Market altogether and use Amazon App Store as well as GetJar.com. They both offer install-able Market apps. Of course, they don't have a collection as large as Android Market.
@gjain89:
Did you ever try pushing the Market files to the MDP? If so, then did it work? I have one of these and I'm in a similar position.
Thanks
I have one of these...
I used adb to push the files. However the system partition barely has any room for more apps. so apps larger than 2MB won't install, unless you obtain the APK from a secondary source.
Refer to this thread for more information: http://forum.xda-developers.com/showthread.php?t=1400737
And this one: https://developer.qualcomm.com/forum/qdevnet-forums/general-discussion/6864
Plus, many apps force close.
Enjoy!
PS: Let's try to stick together, we might be able to fix some of these problems. Maybe someone could build a custom rom.
Hi gurus! I have done some searching based on this, but I seem to come across many different answers based on devices, ROMs etc. So I thought I would just ask. Apologies if there is an easy guide I have missed!
I need to configure a number of Android sticks with customized settings and software then deploy them in kiosk environments. Rather than configure each one separately, I'm hoping to be able to deploy an image nice and quickly to them.
The sticks are RK30 based. The webpage is here: http://multitouch.com/istick-a200-fastest-mini-computer.html and the specs are here: http://multitouch.com/download/datasheet/istick-a200-datasheet.pdf.
They are pre-rooted and you can download a "Factory Restore Pack" which includes the ADB driver, RKBatch Tool and a single factory image. It seems pretty easy to use the tool to push the image to the device and reset it.
I'm hoping to be able to configure a single device and then backup or export the image to an img file (like the factory default one) then just push this to the other devices using the same method. Is this possible and if so, how would I create the img file?
I've read and tried to understand about img files, but it seems there are boot.img files, system.img files and a whole bunch of others. I'm guessing this is a system.img file, but if I stuff around with no direction, I'll probably just brick a bunch of devices.
I also guess I could install clockwork mod and then backup to an SD, then install cm on each new device and restore the backup, but I'm hoping to do this without even needing cm by just using the RKBatch tool.
I really appreciate any help anyone can provide. Thanks in advance!
OK - update (maybe)
Can I use this tool: http://vondroid.com/threads/updated-27-08-2012-how-to-dump-current-rom.322/? I'm guessing that the file I then want to get is the system partition? Is this the one that RKBatchTool will push back to the device?
Soooo many ways to brick!!!
Hello! So this should be an interesting first post. First, a little background:
I'm relatively new to this, and I've been trying to root my NEC Terrain for a little while now. I've followed the instructions on numerous pages in order to understand how to do things. And now I have been able to rip any partition from the phone. I've looked through everything I could in both the boot and recovery partitions but I haven't found anything I can use (I also explored /system but there doesn't seem to be anything in there either). Also, I tried to do everything on this page: http://forum.xda-developers.com/showthread.php?t=2337642 but I can't get SuperSU or TiBu to work. (As an aside, if anybody can point me in the right direction for the most recent su binary, that would be awesome). SuperSU wants to update the binary but fails. I would assume it's because it tries to install it directly into /system/bin, which isn't writable. If I could make it install it into /data/sbin, it might work, but that's off topic right now.
I would like to explore more of the partitions to understand what they are and what they do (I can't seem to find much information about them anywhere). I'm hoping to find something in the code to give a hint as to how to get into the bootloader. So, I have things like "aboot", "firmware", "MM", and "GROW", among others. Is there any way to decode or decompile those images so I can see what coding goes into them? Am I going about this the wrong way?
Thanks in advance to anyone that can help!
Maybe this will help you
In this post by E:V:A you can find some information about partitions and links to more!
I think latest SuperSU should be with latest SU binary (I can be wrong about this), so you could download "CWM / TWRP / MobileODIN installable ZIP" from this post and take one from "x86" folder.
Good luck.
Thanks for the links! Some of these may be very helpful. However, the su binary I got from that link was much older than the other most recent I had. It's a version 2.0 and they're up to at least 3.2 (I'll check the link again to see if I missed something). Also, for these phones, if anybody is wondering, they are ARM, not x86.
There seems to be only one direction I can go with this: Find an exploit that can run at boot that will interrupt it at the right time and allow editing of the /system partition. I can get a root shell with that script and a bind mount, but it's not enough to get anything else to work (ro.secure is still active, so there's no way to change it after the system is booted). Root is granted to root, and that's all. Any app requesting root does not get it.
The guys on that other thread said they got SuperSU and TiBu to work, but they provided very limited information and I can't seem to make them work. I wonder though, if that would matter as long as ro.secure is still enabled.