The following procedure has been tested by me only on ZP950 + 16GB model. Although the procedure is created generally for the MTK6589 processor and it has been already tested on other devices, could / should also work for other devices based on MTK quad-core processor.
!! Important !!
Success with this application void warranty on your device.
The procedure is based on exploits found by motochopper and the necessary files can be downloaded from here
The procedure works on both linux (run.sh) and Windows (run.bat).
Here are the steps to follow:
Download and unzip the package into a folder
Enable USB debugging on your device. Check that using the command adb devices your device is seen.
Open a DOS window (or in case of linux the unix shell) on the new extracted folder
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Disconnect the device from the PC, run the run.bat command and press enter.
The program will wait for the device. Then connect your device to the PC
The program will upload the necessary programs, install the exploit and SuperSU.apk and after will launch the exploit to enable root permissions.
When the process is finished, press a button and the program will restart the phone
When the phone is rebooted you will have the root permission and SuperSU application installed.
At first launch of the program will ask you to perform an upgrade to a newer version.
To test whether the procedure for root works, connect the terminal to the PC and type the commands
Code:
adb shell
at the shell prompt given command
Code:
su
The SuperSU app will ask you whether to grant root permissions or not, and once accepted, the shell prompt will change from $ to #.
Tested on my zp950+ Build number 20130427-162946
Reserved for future use
Recovery
The recovery partition is only 6 mb so, some latest recovery don't fit in partition and cant'be installed.
(To be honest, there is a procedure that allow you to increase the recovery partition but you must shift all other partitions and reflash all, but is very dangerous and i am not sure about it).
Here there is an adapted version of CWM (6.0.3.0) that works with the default partion size.
PS: Your device must be rooted, and i am not resposabile of damage to your phone.
The steps are:
Downloa the recovery from here
Conncet the device to pc, open a shell (or dos) where you have downloaded the recovery and run this commands:
Code:
adb push cwm-6.0.3.0-zp950.img /sdcard/
adb shell
su
dd if=/sdcard/cwm-6.0.3.0-zp950.img of=/dev/recovery
This will copy the new recovery on your sdcard,
open a shell on your phone and get the root grants
flash (manually) the new recovery into recovery partition
After the operation ends, you can type
Code:
adb reboot recovery
to reboot the phone in recovery mode, on power off it and restart it pressing POWER_ON and VOLUME_UP together.
PS: here there is the default (stock) recovery for who wants to restore it.
Related
I just rooted the phone (I know this because I installed a screen shot app and it works) and I'm trying to copy a private app that is free off of my phone onto my computer. But, I cannot figure it out. Could someone please give me step-by-step instructions. I would really appreciate this.
It sounds like you have completed this process:
http://forum.xda-developers.com/showthread.php?t=581577
But read it and make sure you complete the last step to flash the recovery rom.
www.androidspin.com/downloads...roc-v1.2.3.img
He kind of botched the last command instead of:
adb shell flash_image recovery recovery-RA-heroc-v1.2.3.img
it should be:
adb shell
cd /sdcard/
su
flash_image recovery recovery-RA-heroc-v1.2.3.img
Once you make sure this is done, turn of your phone and then hold Home button and press end button. This should load the recovery, choose Nandroid Backup once you are done backing up you will want to flash Modaco's 1.1 rom. More information can be found here:
http://forum.xda-developers.com/showthread.php?t=581846
Once this is done connect your phone to your pc, and open command prompt.
type in:
cd "the directory where the sdk is" \tools
then type:
If you are using appstosd with ext2 and fat32 partitioned sdcard:
adb pull /system/sd/app app
If you are using just fat32, no appstosd:
adb pull /data/app app
this will put all your apps into a directory named app in your \tools folder on your pc.
for private apps just replace app with app-private
alternatively, you can move apps one at a time with the command:
leave out " ".
adb pull /system/sd/app/"appname" "appname"
This will place the file directly into your tools directory. Hope this helps.
Yep, thats what I did. But I didn't flash the recovery rom. If I do that will it erase all my applicastion that I have installed? I didn't want to do that because the app I want to backup was free when I downloaded it but now it's not.
Ok, so I followed all the instructions above and go the in MoDaCo rom flashed. Then, when I tried to pull the apps off the sdcard I get a permissions denied error.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Thanks.
Now I have a new problem. It says "adb: not found". Now what?
Thanks for being so helpful everyone.
adb is a command that is run outside of the shell
for example your prompt would still be at
c:\android-sdk-windows\tools>adb pull /data/app-private (location)
you can't use adb inside of adb shell
Ah, I didn't know adb had to be run outside of the shell.
Now it says there aren't any files in app-private but I know there are two in there.
Flashing a custom recovery is the epitome of Android Hacking and Rooting. But it is always not a straightforward process. Here I am going to share three different methods for flashing a custom recovery. But first let us understand what a custom recovery is.
CUSTOM RECOVERY
Traditionally every android phone comes equipped with some sort of "recovery" program which is used for, well, recovery[emoji14]. It was intended to be used as a fallback measure in case you ended up messing with your phone. But these recoveries were (and are) terribly underpowered and offered a very basic set of features. Here comes in the topic of "Custom Recoveries". Exactly what it means, it means a recovery that has been customised or/and tweaked for some added features. The three big and famous names in the custom recovery circles are:
TeamWin Recovery Project (TWRP)
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Features
Completely Touch-Driven and User Friendly UI
Fully Customizable XML-Driven Interface
Officially supports most Android devices
Has a good and extensive feature set
Supports ADB Sideload
Is a personal choice
ClockWorkMod Recovery (CWM)
Features
The First (most probably) custom recovery for android
Volume Rocker and Power Button Controllable UI
Can perform all sort of wipes including /boot and/devlog
Unofficial Versions available for most devices
Officially available only through Koushik Dutta's ROM Manager Premium app available here
Not very user friendly
Philz Touch Recovery
Features
CWM based recovery
Features three interaction modes - Full Touch, Partial Touch, Only Rockers(Non-Touch)
Everything pretty much the same as CWM including UI (though it has a okayish background)
Now after your little tuition session let's get our hands dirty and flash some recoveries!!!
As for every tutorial you will need some tools set up. They are:
Working ADB and Fastboot (only for 1st method) refer here for help in setting up adb and fastboot.
Rashr from here (only for 2nd method)
Terminal Emulator for Android by Jack Palevich from here (only for method 3)
Any Recovery image for your phone (Search "name_recovery model_name image XDA" on Google)
Rooted device for method 2 and 3
First Method - Fastboot Method
First set up ADB and Fastboot if you haven't already done so. Windows users can follow my guide here
Place the downloaded recovery.img or whateveritisidontcare.img in the same place you put your adb and fastboot if you haven't added adb directory to the PATH variable
Press Shift and rightclick on your anywhere in the white area of the screen. A popup will come up with an option "Open Command Window here". Select it
A Command Prompt shall open up. Make sure your device is connected and USB Debugging is enabled
Type the following commands one by one
Code:
adb reboot bootloader
fastboot flash recovery recovery.img
If successful your command prompt should look something like this.
Done!
Second Method - Using Rashr
Ensure you have Rashr installed and have root access
Open Rashr, grant it root acess, then close it.
Download the recovery image on to the root of your sdcard.
Use a root explorer to copy the image to "/data/data/de.mkrtchyan.recoverytools/files"
Open Rashr, select Recovery from Storage browse to the recovery on the sdcard and continue. IMPORTANT : Rashr may seem to be unresponsive for some time after selecting recovery image. IT IS NOT. Do not FC it or do anything, just keep your device aside and wait for it to report success or failure.
Rashr will take some time and hopefully won't throw up any error and show success
That's it. Enjoy !!!
Third Method - Terminal Flashing Method
This one's relatively simple. Here it goes
Open terminal emulator and type the following commands. Be sure to hit grant on the superuser prompt
Code:
cd /sdcard #type the address of the file directory, i am assuming it to be /sdcard
su
flash_image recovery recovery.img #replace recovery.img with whatever is the name of the downloaded file
If it says "Not found" or some such bull****, It's probably because Busybox isn't installed. Stock ROMs do not have busybox so you'll need @Stericson's BusyBox Free installer. It's available on the play store for free.
Done !!!
Hopefully you will be able to use these guides as a stepping stone to the world of android hacking...:victory:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
JOIN MOTO G6 GLOBAL GROUP ON TELEGRAM
https://t.me/Moto_G6
SIMPLE GUIDE WITH IMAGES1. TURN PHONE INTO RECOVERY MODE
(POWER + VOLUME DOWN, USE VOLUME DOWN TO NAVIGATE TO RECOVERY AND PRESS POWER ON RECOVERY)
2. GO TO MOUNT, TURN ON ALL CHECK BOX AND BACK TO MENU USING HOME BUTTON
3. GO TO ADVANCE MENU, PRESS ON FILE MANAGER AND ENTER INSIDE PERSIST FOLDER
4. NOW INSIDE PERSIST FOLDER TAP ON BLUE FOLDER ICON ON BOTTON, AND DONT DELETE OR MOVE ANYTHING HERE, JUS PRESS ON COPY, AND ON ROOT SELEC SDCARD (INTERNAL MEMORY) OR EXTERNAL-SDCARD (EXTERNAL MEMORY) FOR THE GUIDE I USED INTERNAL MEMORY
5. I USED TWRP FOLDER IN MY INTERNAL MEMORY, CHECK IF THE PATCH ARE OKAY AND SWIPE TO COPY.
6. WITH SYSTEM ON, YOU CHECK THE FOLDER AND SAVE IT ON CLOUD SERVICES OR OTHER PLACE.
what about:
Code:
dd if=/dev/block/by-name/persist of=/sdcard/persist.img
?
& to recover just via dd vice versa
I did this on Moto G4, Moto G5, Moto G5s Plus ...
Is it possible on Moto G6?
zitronenmelissa said:
what about:
Code:
dd if=/dev/block/by-name/persist of=/sdcard/persist.img
?
& to recover just via dd vice versa
I did this on Moto G4, Moto G5, Moto G5s Plus ...
Is it possible on Moto G6?
Click to expand...
Click to collapse
Is this the command via ADB?
Brickstin said:
Is this the command via ADB?
Click to expand...
Click to collapse
yes, you can in adb shell & su
or in twrp terminal
or running android in (lineage) terminal with root
zitronenmelissa said:
yes, you can in adb shell & su
or in twrp terminal
or running android in (lineage) terminal with root
Click to expand...
Click to collapse
I appreciate the response: you seem to be knowledgeable in this and so I have another question for you:
when it comes to the ADB method as I have Android Studio SDK and i have the latest platform tools downloaded in the configuration setup.
Do I do this in AP Fastboot mode or do I boot to Recovery Mode?
Which should I use?
Brickstin said:
I appreciate the response: you seem to be knowledgeable in this and so I have another question for you:
when it comes to the ADB method as I have Android Studio SDK and i have the latest platform tools downloaded in the configuration setup.
Do I do this in AP Fastboot mode or do I boot to Recovery Mode?
Which should I use?
Click to expand...
Click to collapse
you can do it running android, usb debugging turned on and rooted
or in twrp
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Grant Root Privileges to Regular Users Using Devices With Android 6 and up by Simply Upgrading Android's Multi-command Applet Toybox.
Preface:
THIS TOOL MAKES USE OF ADB COMMANDS, SO IF YOU DO NOT HAVE USB DEBUGGING TURNED ON AND ADB IS NOT INSTALLED ON YOUR WINDOWS COMPUTER, THEN IT WILL NOT BE OF ANY USE.
What does it do?
THIS TOOL MODIFIES ANDROID'S MULTI-COMMAND APPLET TOYBOX BY REPLACING IT BY ITS FULL VERSION - MEANS BY ITS VERSION THAT HAS SU COMMAND INCORPORATED.
Screenshot:
Download:
Usage:
Unpack the downloaded ZIP to any location on your Windows computer, run the script named Toybox-Updater.bat located therein.
Disclaimer:
This program is offered AS IS.
I do not warrant the functions in the program will meet your requirements or that the operation of the program will be uninterrupted or error-free.
In no event I am liable to you for any damages, including any lost data or other incidental or consequential damage.
Please don’t hesitate to report here any issues you may have with this tool! Thanks & enjoy!
In Linux, what Android is based on, the su (read: switch user) command is used to run a command as a different user, means the su command is used to run an OS function as a different user. It is the easiest way to switch or change to the administrative account in the current logged in session.
So using su to temporarily act as a root user - a root account is a master administrator account with full access and permissions in the system - allows you to bypass any default user-restrictions and perform different tasks with full permissions.
Because most Android versions by defaut use limited user accounts for normal use - making the system more secure - what restricts the user from running specific OS commands, the tool provided herewith adds su command to Android, what allows the currently logged in user to temporarily act as a root user - take note that a root account is a master administrator account with full access and permissions in the system.
su Command Syntax
To use the su command, enter it into a Windows command-line as follows:
Code:
adb shell "toybox su -c '[options] [username [arguments]]'"
Take note that if [username] is omitted su defaults to the superuser (in Linux term: root).
Hi, I came across this from another post where the user was trying to get su in his a022f. I have the same device and would like to achieve the same result. Unfortunately, I can't seem to find the zip file (there's no link to dl), or is it still being worked on, hence the absence of a link?
in brief:
the data should be there on the phone, so there's hope it should be easier to recover than deleted data but i run out of ideas how to get adb to find and pull it... maybe a more advanced user has better knowledge (better commands or tools)
adb devices and fastboot devices communicate with phone, so i have all drivers installed, i can only tackle with it via usb from windows 7 based computer
the detailed story:
i have a huawei g620s-L01, stuck in bootloop (just loading huawei logo forever or until battery empty but does not restart) and also "volume down" button does nothing... the bootloader is locked and huawei seems to have stopped providing unlock codes...the touch works but is shattered so i was told repair the button is not an option...
i can boot it into recovery mode using "volume up + power" but i can't use the recovery menu due to the dead "volume down"
from recovery menu i can only "reboot system now" but that re-enters the bootloop,
also i get bootloop if i try to boot into download mode via adb command
i can use some adb commands (i say some because some return errors, others say i don't have permissions)
i can boot into fastboot via adb command too...i can not find my dcim folder or any data folder to use the pull commnad, i tried the generic commands to pull sdcrd or dcim or all files with *.jpg
the user data is not accesible, i could browse some system directories but they did not contain my files via cd commands
i found some threads saying maybe i need mount or root commands
but trying to mount partitions or access su via adb also gives errors
su is not found, i do remember there was a su when android was working on the devices but is useless if i can't find/access it
i found the factory rom and some tools to try to restore rom to the phone due to claims that same rom might find my data, but the tools failed to start due to locked bootloader
i also tried several versions of full android sdk (old and new) trying to find "monitor or file browser" tools but the menu is not there...perhaps it will not activate those tools when device is in fastboot/recovery modes
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
i also found a 3rd party full android browser but can't connect with it either
also recovery softs are useless, they need a working android to try to recover anything...some recovery softs claimed they can fix bootloop but don't support my device
free tools that try to unlock bootloader also failed
so at this point i am running out of things to try
this is what i figured so far: i can see my data but can't touch it
i seem to have 4 partitions on the device:
1 is called sdcard but has nothing accesible on it, could be the feature for external card
2 is called ext , total size is 711,49mb , used 124,98 and available 586,5
3 is called system , total size 1,64 gb, used 1,23gb, available 418,1mb
4 is called data, total size 3,96gb, used 3,75gb, available 218,16mb
clearly the data partition is still keeping my data
i can not see my installed apps, so i guess they are also on that partition
i can see some system apps, namely 49 out of 146
so i'm guessing the issue is with one application, likely system app since i can't see them all
the phone may be partly rooted, the android may have some rooted features but the adb on it is not rooted
so i can not use the adb root command to get to my data
and i can not try to flash recovery or rom or custom boot img from adb due to bootloader locked and asking for unknown code