For Non-Rooted Devices and Rooted Devices
Here is a summary on how to get mounting points without rooting or extracting recovery.img.
The different procedures only needs to have adb shell or terminal emulator.. I will explain using adb shell through pc.
After establishing adb connection to your device, you can choose any of the following procedures to get your mounting points:
#1
Code:
adb shell
cat /proc/mounts
This will give you info about device, the mount point, the file system type, and how it is mounted.
Limitation: This method, however, will not give you all mounting points.!!!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
#2
Code:
adb shell
cat /proc/partitions
This is more neat, it will give you info about ALL dev blocks and their names (not the familiar name!), and block size
Limitation: Needs from you to figure out which block belong to which partition name.!!
#3
Code:
adb shell
ls -al /dev/block/platform/[B][COLOR="Blue"]dw_mmc[/COLOR][/B]/by-name
This one is the command that I like on non-rooted device..! It will give you info about the dev block names WITH their familiar names (i.e, boot, recovery, system... etc) :laugh:
This command is not universal between devices, and you will need to gather its pieces (/dev/block/platform/dw_mmc/by-name).
How?
- In your device, use any explorer that can get you to the device root (personally I use ES Explorer, by pressing on "/" on navigation bar).
- Go to "/dev/block/platform/" folder
- Here you will see some files and folders, we need to open folders and search for the folder called "by-name" inside one of them; in my situation it was "dw_mmc" folder which has the folder "by-name" inside it.
- At the end, my targeted piece info will be (/dev/block/platform/dw_mmc/by-name)
- Now open adb shell and put the command..
***
For Rooted Devices Only
There are different ways to get mounting points in rooted device (including the non-rooted devices way), but the easiest way to get all device mounting points is to push parted binary to /system/bin folder and run it.
Code:
adb remount
adb shell "su" "" "mount -o remount,rw /system"
adb push parted /system/bin/parted
adb shell
chmod 755 /system/bin/parted
parted /dev/block/[B][COLOR="Blue"]mmcblk0[/COLOR][/B]
print
Here, your mounting points will start with /dev/block/mmcblk0p* where (*) is the number shown in the table above for each partition.
example:
The preload partition mounting point will be mmcblk0p12
The modem partition mounting point will be mmcblk0p8
The system partition mounting point will be mmcblk0p9
The Kernel partition mounting point will be mmcblk0p5
and so on
Don't forget to "quit" the parted action after grasping your device mounting points.
N.B:
- You may need to run first:
Code:
adb shell
cat /proc/partitions
to know what is the initial name for your device partition.. In the example above, it was mmcblk0.
- Also to be able to do adb push to /system partition, you will need adbd insecure installed in your device (Check this thread for that app), or to push it manually by any root explorer and then fix permissions to 755.
***
Pre-made ScriptsWindows users
Here is a script I wrote for both non-rooted (way #3) and rooted devices for windows users.
Just extract the content in any folder and run the script that you want ("Non-Rooted and Rooted.cmd" or "Rooted Only.cmd")
Don't forget to install adbd insecure in rooted device in order to use Rooted Only.cmd script.
Linux users
As same, here is a script I wrote for both non-rooted (way #3) and rooted devices for linux users.
Just extract the content in any folder and run the script that you want ("non-rooted" or "rooted")
Don't forget to install adbd insecure in rooted device in order to use rooted script.
N.B: The linux scripts are tested with cygwin emulator on windows machine.. So needs feedback on actual machine.!!
Cheers
reserved
Thank you, I go to try.
Linux script added to OP
Thanks
Thank you You are the best one
Related
Not sure if anyone has gotten one of these yet but I have been given one for some work so thought I would share my progress with it.
About
http://www.ippea.com/
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Table of Contents
How to Root
How to Root
The iPPea comes with busybox built-in into the image. So unlike other devices we don’t have to compile/download busybox and deploy it - full access to all the busybox tools is available by default.
But what makes rooting really easy the iPPea has ro.secure off. This means that a simple adb connection is enough to grant root access - all that we have to do is install a su binary.
Unfortunately, the busybox su requires too much baggage of the traditional Linux system - notably /etc/passwd, /etc/groups and friends to work. Since this is a MIPS system and Superuser.apk is contains an ARM binary, that approach cannot work either. In addition, compiling su-binary from Superuser.apk requires the entire AOSP tree, which is too much work and network bandwidth for us. So, we will use a portable C implementation of su instead.
This step does require you to plug in the iPPea into a computer with ADB, so be prepared to do so. You will also need this prebuilt portable MIPS Android su binary.
Now that you have the ‘su’ binary handy as well as your iPPea detected in adb (adb devices, you may need to chown it to make it visible), here we go:
Code:
adb push su /dev/
adb shell
# now we are on the iPPea
busybox mount -o remount,rw /system
busybox mv /dev/su /system/bin/su
busybox chmod 4755 /system/bin/su
busybox mount -o remount,ro /system
exit
# now we are back to our computer
adb reboot # to reboot
Credits to: Compdigitec
Useful Links + more Info
Here you will find useful links for the ippea and places to find more information
Change log
09/02/2012
Started thread
Added how to root
The following procedure has been tested by me only on ZP950 + 16GB model. Although the procedure is created generally for the MTK6589 processor and it has been already tested on other devices, could / should also work for other devices based on MTK quad-core processor.
!! Important !!
Success with this application void warranty on your device.
The procedure is based on exploits found by motochopper and the necessary files can be downloaded from here
The procedure works on both linux (run.sh) and Windows (run.bat).
Here are the steps to follow:
Download and unzip the package into a folder
Enable USB debugging on your device. Check that using the command adb devices your device is seen.
Open a DOS window (or in case of linux the unix shell) on the new extracted folder
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Disconnect the device from the PC, run the run.bat command and press enter.
The program will wait for the device. Then connect your device to the PC
The program will upload the necessary programs, install the exploit and SuperSU.apk and after will launch the exploit to enable root permissions.
When the process is finished, press a button and the program will restart the phone
When the phone is rebooted you will have the root permission and SuperSU application installed.
At first launch of the program will ask you to perform an upgrade to a newer version.
To test whether the procedure for root works, connect the terminal to the PC and type the commands
Code:
adb shell
at the shell prompt given command
Code:
su
The SuperSU app will ask you whether to grant root permissions or not, and once accepted, the shell prompt will change from $ to #.
Tested on my zp950+ Build number 20130427-162946
Reserved for future use
Recovery
The recovery partition is only 6 mb so, some latest recovery don't fit in partition and cant'be installed.
(To be honest, there is a procedure that allow you to increase the recovery partition but you must shift all other partitions and reflash all, but is very dangerous and i am not sure about it).
Here there is an adapted version of CWM (6.0.3.0) that works with the default partion size.
PS: Your device must be rooted, and i am not resposabile of damage to your phone.
The steps are:
Downloa the recovery from here
Conncet the device to pc, open a shell (or dos) where you have downloaded the recovery and run this commands:
Code:
adb push cwm-6.0.3.0-zp950.img /sdcard/
adb shell
su
dd if=/sdcard/cwm-6.0.3.0-zp950.img of=/dev/recovery
This will copy the new recovery on your sdcard,
open a shell on your phone and get the root grants
flash (manually) the new recovery into recovery partition
After the operation ends, you can type
Code:
adb reboot recovery
to reboot the phone in recovery mode, on power off it and restart it pressing POWER_ON and VOLUME_UP together.
PS: here there is the default (stock) recovery for who wants to restore it.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Welcome to this subject where I'll share the following information to activate the terminal init.d our support, as well as the development of the topic is addressed primarily to the developer community roms in order to implement and improve its development in each of the phones and better autonomy thereof is provided.
Warning: Before continuing please read the documentation that will expose so they can check its development, those who only discuss other issues please abtenerse as this issue is not in order to respond is only to well that development develop properly targeted by this issue.
The tools I used for the development of the init.d support they can find at the end of the subject for downloading and asu same time the use so you can verify some of the things we will discuss on this issue.
no script can be universal because it is different and its code and some values and parameters are only applicable for each smartphone
Requirements: root access and SuperSU
1.- proceed with the most basic thing is to give root access to our terminal this method according in each terminal is indispensable as the first requirement
2.- as a second step this would be related to the installation of busybox in the terminal and ending with the installation of the same proceed with checking the same watching the following path with a file browser /system/xbin, if you have any doubts use the application busybox checker to verify the installation of the same
3.- as a third step needs a file browser and asu time they open the routes to them to enter and to edit text files comfortably
4.- as fourth step is to go to the /system /etc there init.qcom.post_boot.sh locate file name to open it proceed traditionally files editor of exploring and we should be on the part of all the way just to add the following lines
Code:
# support init.d
/system/xbin/busybox run-parts /system/etc/init.d
and finished we proceed to save changes to the file
5.- In this step we will create a folder called init.d name is created only once we proceed with changing the permissions would be: 0755 attached screenshot for more details of the permits, download the file will come a script called 99SuperSUDaemon and moved to the /system/etc/init.d apply the same route that takes the folder permissions ie the file 99SuperSUDaemon 0755 will have permission to run properly without any problem because if you put 0644 permits will not run
6.- proceed with terminal power cycle this is to enable support init.d our terminal as seen was not very complicated because they bring roms have actually proven but have not convecid me a story to execution of script obtaining a negative result this method I show a positive result :good:
-Tools
I bring a tool that enables init.d support only run automatically and ready
the end of the song I'll let the files that I used for this topic
1. As a first step it will be necessary to know what we are going and we want to remember that there is no script and not the same parameters with a value change at each terminal
2.- we will create in the internal memory of the terminal a folder called tools this may be optional but we'll use as an example to notice what we do at every step and can understand a bit about this topic
3.- after the tools created folder create a script so that they will ask is to copy the files that are present on that route in this case I will take as an example the following path: /proc/sys/vm is where some values are saved by heart
Code:
#!/system/bin/sh
# copying files
# script by kaiiori xda-developers
sleep 2
echo "creating internal memory directory"
busybox mkdir /storage/emulated/0/tools/vm
sleep 2
echo "copying files"
sleep 2
cp -r /proc/sys/vm /storage/emulated/0/tools
sleep 2
echo "copying completed"
exit 0;
save file vm.sh
4.- install android terminal in the terminal run the following commands
root permissions
Code:
su
go to the directory of your internal memory in this case this is my directory
Code:
cd /storage/emulated/0/tools
find files in the directory
Code:
ls
run the script through the terminal
Code:
sh vm.sh
in the directory /storage/emulated/0/tools/vm has been created a folder called VM and see if open files that have been copied to the internal memory of the terminal
5.- if you open the file values that have default in this case if you to installed scripts should the value applied to the parameter of the same appear if it is not is because there is a problem with the script in content and has to reahacer to carry just the change you want to apply
checking values applied
1.- after you created the script with the content you need to check to see if the value applied is that we have written script is the file we should show the same value as if it does not show is because the code is not right
2.- I leave a script will help them review the values and see if they were applied correctly
Code:
#!/system/bin/sh
# copying files
# script by kaiiori xda-developers
echo " " >>/storage/emulated/0/tools/info.log
echo "-------------------------------" >>/storage/emulated/0/tools/info.log
cat /proc/sys/vm/swappiness >>/storage/emulated/0/tools/info.log
echo " " >>/storage/emulated/0/tools/info.log
echo "-------------------------------" >>/storage/emulated/0/tools/info.log
root permissions
Code:
su
go to the directory of your internal memory in this case this is my directory
Code:
cd /storage/emulated/0/tools
find files in the directory
Code:
ls
run the script through the terminal
Code:
sh script_log.sh
in the directory you create a log file there appear the value that was applied in this case is 100 by default but as I modify it appears 40 that is the result we must apply
with this information I will end my subject just adding the init.d support users should provide updates and other improvements because honestly the code they use and check it when I get the same default the script I use for this and to apply the changes not be able to release it in no way is the greetings own development
reserv
reserved
Welcome to the one and only, the original, universal
SystemRW / SuperRW feat. MakeRW / ro2rw by lebigmac
This script removes the read-only lock of all partitions embedded in the super partition of your stock firmware.
This allows you to mount your device as R/W and fully debloat your device and customize your MIUI experience to make it run as smooth as silk!
MIUI 12 is great but it has a little bit too much bloatware.
Be very careful and make lots of backups before messing with your System ! One small error could cause irreversible bootloop!
Enjoy debloating and customizing your fully read/write-able Android device!
NOTE: Before launching this script make sure you've got full read/write (rw) access to the /data partition by first decrypting and then mounting /data partition as r/w !
Visit official project thread
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
PS C:\adb> adb shell "ls -Alg /dev/block/by-name | grep 'super'"
lrwxrwxrwx 1 root 16 1970-02-02 16:40 super -> /dev/block/sda23
POCO X3 pro
/
so does this work on x3 pro?
edit, it didnt. threw some devblock warnings about not mounting
@gsser Yes it works! Try latest version! Good luck!
lebigmac said:
@gsser it can work depending on how much effort you decide to put into it.
Click to expand...
Click to collapse
well if it is like that, then why is there even a non complete script when it can be done by the owner...
And since you have already asked how it is on x3 pro im saying it doesnt work.
"I'm looking forward to hearing from the Poco X3 Pro users how the script performs on your device."
It is mostly because of current recoveries for x3 pro doesnt support /data yet, but the script can use sdcard rather than internal storage.
@gsser Thanks for the screenshot and feedback. Please download latest v1.32
Feel free to send me your log files if you get any errors and I'll take a look. Thanks.
lebigmac said:
@gsser Thanks for the screenshot and feedback. Please download latest v1.31 that I uploaded today. And feel free to edit the script with your favorite text editor and change the super image dump path in line #333 to this. Then save file.
Code:
sDumpTarget="/sdcard/super_original.bin"
Feel free to send me your log files if you get any errors so I can take a look. Thanks.
Click to expand...
Click to collapse
Only lines i could find about data were these and i edited the path to my sdcard, flashed it.
Edit just seen you edited your reply. Ill try
I'm not 100% sure if your changes will work properly. Feel free to give it a try.
Keep in mind if you change variables the script might not work as expected.
The reason why the script is installed to /data/local/tmp is because in /scard path you don't have execution permission. That's why it's better to launch script from /data/local/tmp
Poco x3 pro recovery don't have full r/w access to /data/local/tmp ?! That's crazy!
You can try launch script directly from android and it should work as expected.
lebigmac said:
I'm not 100% sure if your changes will work properly. Feel free to give it a try.
You can also use /sdcard path it should be the same thing as what you wrote. Good luck.
Please report back any errors thanks.
Keep in mind if you change LOC variable you must also copy the whole script folder to that new location.
The reason why the script is installed to /data/local/tmp is because in /scard path you don't have execution permission. Is better to launch script from /data/local/path
You don't have full access to /data/local/path in poco x3 pro?
Click to expand...
Click to collapse
This is how the folder looks rightnow. Do i need to do anything about it? Also what is LOC :c
Edit nvm, lol im blind
Not sure what you're trying to do but that path is totally messed up
Just run script in android operating system as described in the instructions if you don't have full read write access to /data/local/tmp from custom recovery
Have you tried manually mounting /data partition in orange fox? Maybe it's not mounted and that's why /data/local/tmp is unavailable.
lebigmac said:
Not sure what you're trying to do but that path is totally messed up
Click to expand...
Click to collapse
Yeah ill just change than only line
lebigmac said:
Not sure what you're trying to do but that path is totally messed up
Just run script in android operating system as described in the instructions if you don't have full read write access to /data/local/tmp from custom recovery
Have you tried manually mounting /data partition in orange fox? Maybe it's not mounted and that's why /data/local/tmp is unavailable.
Click to expand...
Click to collapse
All available recoveries have issue mounting data, some cant even mount mtp.
Ill try android one and see what happens.
If your /data partition is not mounted then you can try manually mounting /data partition before running script.
mount /data
lebigmac said:
LOC is a safety path check feature I had to implement because some folks were launching the script from God knows where and overwriting God knows what with dd lol.
Did you try manually mounting /data partition before running script?
mount -o remount,rw /data
Click to expand...
Click to collapse
Yeah, ill try android version then flash it with fastboot but im a bit confused. Do i execute this command or do i need to do other things? Sorry im a noob at these things
./makesysrw.sh in=./files/super/super_original.bin out=./custom/path/super_fixed.bin size=50
Actually ill stop here since i dont get the whole thing, i dont understand at all :/ once i tried to use linux and it was not fun for me... Im bad with command lines and scripts
After copying script folder into /data/local/tmp/
open command prompt and type this
Bash:
adb shell
su
cd /data/local/tmp/systemrw_1.32
chmod +x ./systemrw.sh
./systemrw.sh size=50
lebigmac said:
After installing script folder into /data/local/tmp/
open command prompt and type this
Bash:
adb shell
su
cd /data/local/tmp/makesysrw_1.31
chmod +x ./makesysrw.sh
./makesysrw.sh size=25
Click to expand...
Click to collapse
now this is what i like
are you sure your bootloader is unlocked?
now do i need to flash the super_fixed.bin in script folder's files folder in fastboot? original super is approx. 8gb and fixed one is nearly half of it
I am ultra noob, so can anyone take a look at the following link for me.
And post a detailed guide.
https://www.pentestpartners.com/security-blog/cracking-android-passwords-a-how-to/
Thanks
P.S. I need this for my own phone and not for illegal stuff.
If your phone's Android is rooted
&
If your phone can get accessed by means of ADB
then
you can open Android's SQLite database named /data/system/locksettings.db via ADB
Code:
adb devices
adb shell
mount -t auto -o rw,remount /data/system
sqlite3 /data/system/locksettings.db
and do the database query as mentioned in the article linked to.
@jwoegerbauer this is what it shows
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Some things to mention.
1.My phone is locked.
2.By default it goes to USB tethering mode upon connecting to my PC(I changed the setting in DEV mode)
3. It is rooted
4. It has orange fox recovery installed
5. Again I am a noob right now (won't remain that way for too long) and need a tutorial of some kind to do this successfully.
6. I do not know SQL and so how to use it either, and for that matter Hashcat too.
The blog still remains difficult for me.
Thanks again
Line
Code:
mount -t auto -o rw,remount /data/system
should read as
Code:
mount -t auto -o rw,remount /data
Nothing
I see today is not my best day.
This should work
Code:
adb devices
adb shell
su -c 'mount -t auto -o rw,remount /data'
sqlite3 /data/system/locksettings.db
Still not working @jwoegerbauer
Is there any other way such as doing all this in recovery mode or using terminal in orange fox
or adb sidelode or something.
sa1 said:
View attachment 5307221
Click to expand...
Click to collapse
My guess is that your phone 's Android isn't properly rooted.
@jwoegerbauer what does properly rooted mean. All apps that require root works properly.
SubwayChamp said : If you are in Android 10 system can't be mounted the suggested way, you also said that device is locked but is rooted (?). Orange Fox recovery has inbuilt an add-on feature that can do that.
Here : https://forum.xda-developers.com/t/help-thread-ask-any-question-noob-friendly.2257421/post-85003273
sa1 said:
@jwoegerbauer what does properly rooted mean. All apps that require root works properly.
Click to expand...
Click to collapse
It's not interesting here whether apps that require root work or not. In your case it is only important whether SU-binary can be found by the system.
Anyway:
Some newer Android builds require the following additional ADB commands to be run first to disable Android's AVB-lock
Code:
adb root
adb disable-verity
adb reboot
adb wait-for-device
Try this. Then run commands as listed above.
FYI: I no longer participate this thread. Have a nice day.
This is what it shows