Related
Okay, I had ordered another phone from ebay. The guy had just received it and it was new and unused. It has RC28 on it.
fingerprint= kila-user 1.0 TC4-RC28 114235 ota-rel-keys,release-keys
When I launch /system/bin/telnetd from terminal console I am not getting root. I do not see a process running when I run ps afterwards. Also, I tried typing reboot from the contact, and it is not recycling the phone.
Any chance they have updated the init.rc to close the console bug on an older RC for phones just shipping out from tmobile this past week?
I plan to update to the stock RC29 which I manually updated to on my other phone. I'd really like root before I update to the new RC30 modded, so I can back up my files before overwriting them. [Though, last time I upgraded Google did OTAs right away.]
** Anybody want me to explore the phone for any differences to the standard RC28 to see if the cause for the exploit not working?
-oldsk00lz
Just go ahead and install the official RC29 and you should be able to get root access
Are you sure it's not working? IIRC if you don't connect to telnetd fairly fast, it stops running for some reason. I know that I've had to run it a couple times before I could connect.
As for the root console bug, I've also heard that it closes after some time of the phone being on. Did you try it after a fresh reboot?
Updating to RC28 or RC29, the ones that we mirrored, should activate the console bug again, if they are fixing it.
Yeh, it was not working (telnetd/console exploit) on the RC28 I had. I tried hitting enter to clear any previous commands, tried rebooting, tried back to back calls with telnet right afterwards, telneting locally and from several boxes. Was weird.... Much different than another G1 I had. That's why I was surprised.
Only thing I could think of (besides a tweaked RC28) was that my router could have been acting up.
Anyhow, I moved forward with updating to RC29, getting root, updating to modded RC30, and all is good. Just wanted to throw this out there in case any other recent buyers encountered a similar issue.
SIDENOTE: JesusFreak lived up to his name. I was slightly "freaked" out after the recent upgrade. I went to the System settings and looked to be the standard RC30 fingerprint!!! versus the modded xda one. Thought I may have installed the stock update. :O But, everything else is as expected, root, root, and more root. I must have missed a message if he reverted back to the standard fingerprint.
-oldsk00lz
oldsk00lz said:
SIDENOTE: JesusFreak lived up to his name. I was slightly "freaked" out after the recent upgrade. I went to the System settings and looked to be the standard RC30 fingerprint!!! versus the modded xda one. Thought I may have installed the stock update. :O But, everything else is as expected, root, root, and more root. I must have missed a message if he reverted back to the standard fingerprint.
-oldsk00lz
Click to expand...
Click to collapse
Indeed, I thought the same thing, but it is much, much, much better this way. If JesusFreke left the fingerprint to be the same as the old one, Google would be able to target OTA updates specifically for rooted G1s. This way, if they release an update signed with the test keys, they'd have to have millions of non rooted G1s freak out because they couldn't update.
Gary13579 said:
Indeed, I thought the same thing, but it is much, much, much better this way. If JesusFreke left the fingerprint to be the same as the old one, Google would be able to target OTA updates specifically for rooted G1s. This way, if they release an update signed with the test keys, they'd have to have millions of non rooted G1s freak out because they couldn't update.
Click to expand...
Click to collapse
Not quite...
First, I don't think Google cares for those of us having root with RC30 moded recovery and keys. They really only care about patching the "average consumers" phone. They have to do it globaly (I mean in the distribution sense) not to get in trouble, or a BIG bug wich is what was patched.
Second, they only have to do the following if they want to put "us" back to stock (if we don't check the update of course AND don't pay attention and apply the update [BIG IF]):
Script the rewrite of recovery.img from their package (before rebooting in the background) to our phones and apply the update.... ... ... that's it.
This will get a bit of the "unaware" people who have root with RC30. But for the more savey of us, no.
quedijo said:
Script the rewrite of recovery.img from their package (before rebooting in the background) to our phones and apply the update.... ... ... that's it.
This will get a bit of the "unaware" people who have root with RC30. But for the more savey of us, no.
Click to expand...
Click to collapse
And what good would secretly rewriting recovery.img do? Once JF replaces the recovery.img with the modified one, it doesn't matter how many times they write it to flash, it's still modified.
They don't need to use the update package to take away your root. With modified RC30, any dalvik program that knows and wants to can write directly into /system. If they wanted to get draconian about it, they could push code down from Market to reflash whatever they want in /system.
You said "With modified RC30, any dalvik program that knows and wants to can write directly into /system".
Aren't these apps sandboxed? If they do have access to /system, I assume they would only have access if they ran su, assuming you didn't rename it, and was able to remount system as read/write.
Or am I missing something like a different exploit? root on 'my' phone is great for me, but not good for others.
-oldsk00lz
oldsk00lz said:
You said "With modified RC30, any dalvik program that knows and wants to can write directly into /system".
Aren't these apps sandboxed? If they do have access to /system, I assume they would only have access if they ran su, assuming you didn't rename it, and was able to remount system as read/write.
Or am I missing something like a different exploit? root on 'my' phone is great for me, but not good for others.
-oldsk00lz
Click to expand...
Click to collapse
Yeah, by invoking su. Deleting or renaming it is probably the safest bet for now. I doubt any Android devs are actively looking for phones to brick but better safe than sorry.
a new workaround for our very insecure rooted RC30
I just read a post here about a better fix for the issue.
This very smart cat, added a password routine to SU and judging by my read of the post it seems to be well implemented, you do have to type some commands and you could pooch your g1 but it seems better than runnin just about as wide open as goog had us...
Without a decent browser getting the link is a pita, if somebody can't find it ill link it when I'm at the desktop
Bhang
*EDIT*
I found the link its just a pain in the arse while typing a message, to all the helpful folks who will want to tell me how to do it, I know how I just think it could be easier
http://forum.xda-developers.com/showthread.php?t=448775
Im trying to get someone to help walkme through the rooting process of a motoactv watch that I received for christmas. The device was recently rooted, and it appears that the process is fairely easy. I have limited rooting experience with android phones, and have jailbroken a few iphones, but have never had to mess with command lines, or adb. If someone is willing to walkme through the process on here I will be more than willing to make a modest paypal donation to them (we can discuss payment terms.)
I have posted the link website below for the rooting procedure. Also note that I am only interested in doing this as long as the core fitness apps and capabilities of the device arent completly destroyed, as this was a gift from my girlfriend and it needs to function in a fitness capacity. Im thinking that they shouldnt be affected, and that I probably will only gain the ability to delete them, but I could be wrong. I am also trying to learn from this expereince and am willing to pay if necessary to do so. Thanks so much, and hope everyone has a happy new year.
http://www.cmw.me/?q=node/55
I have one on order. I thought the process was pretty straightforward. It is easier on a Mac or Linux as there are scripts that use zergrush already available. If you are unfamiliar with using the command line I would recommend finding someone else to root it for you.
I am rooting mine for Google music and adding watch faces but I am kind of tickled by the idea of watching NetFlix on a wristwatch.
Cheers,
-M
XDA member since 2007
Hi
I already rooted the MotoACTv that I have. But I am having problems installing the Google APPS zip file downloaded from the cynagoen web site. Can some one explain how to install this so I can get the Market up and running on the watch. I already installed other apps like pandora and they work. Only thing is that I installed this with adb install command and not the via the market. Would love to have the market working. Please help.
rdavidowski said:
Hi
I already rooted the MotoACTv that I have. But I am having problems installing the Google APPS zip file downloaded from the cynagoen web site. Can some one explain how to install this so I can get the Market up and running on the watch. I already installed other apps like pandora and they work. Only thing is that I installed this with adb install command and not the via the market. Would love to have the market working. Please help.
Click to expand...
Click to collapse
If you downloaded the gapps from cyanogenmod as you should have, you need to adb push everything that isn't an apk.
There are a few libraries that need to be installed. adb push filename /file/location/name is the way to do this. The locations match the unzipped folder names.
Cheers,
-M
XDA member since 2007
I also need step by step directions please, bricked my watch
I tried to follow the directions and I finally got the phone to root. Then when applying the new interface it must have not liked the commands I was trying to use.
Can anyone give step by step directions. It took me about 2 hours to figure out what applications I needed and how to use them so I am sure others would benefit from this.
The directions on that original post was way too vague for us noobs
Hardcore73 said:
I tried to follow the directions and I finally got the phone to root. Then when applying the new interface it must have not liked the commands I was trying to use.
Click to expand...
Click to collapse
Oh, no... Are you sure your watch is bricked? That really is awful... I thought mine was for a bit after I used Super One Click to root it, but I was able to recover it by holding Start + Power for 10-15 seconds then plugging it in.
It seems zergRush is safer -- I ended up with root after that, but a couple of others in the #motoactv channel on freenode tried it and ended up with the phone seemingly dead (though a start+power off like above fixed it) and without root.
I posted this in the other thread but I am impatient and figured it wouldn't hurt to ask here too so,
moonzbabysh said:
Okay so last night I attempted to root my motoactv but my adb for some reason say it cannot load the root.img, I had the same problem where it's couldn't load the recovery.img for my photon when attempting to apply CWM or twerp recovery. Fastboot devices definitely sees both my devices (no I didn't do them are same time, and the files needed are in the same file location as instructed) and I can even Fastboot reboot and have that work. Any ideas or suggestions?? Any help would be appreciated.
Click to expand...
Click to collapse
Your system.img is defunct. PM me or come in IRC and I'll send you the links for them and more.
Sent from my Galaxy Nexus using Tapatalk
MOTOACTV update without Windows
I'd like to root my MOTOACTV. My clock is running version 4.53.50. To root I had to update at least to version 4.55.78. I found the file delta-ota-Blur_Version.4.53.50-4.55.78.Motorola-F100.Retail.en.US.zip but I've no idea how to flash that to my clock without Windows.
Any ideas?
Thanks.
This is my first post here so please don't hit me if I am doing something wrong.
Among our TF700 Forums/Fora, there have been some people with issues involving the acquisition of the legendary root. It seems that though it is simple to get under typical circumstances, it is possible to encounter atypical difficulty for whatever the reason. I will try to gather information from the problems people have encountered and post possible solutions. Let it be known that I, myself, have not personally encountered these issues nor am I a Master Rooter of the Transformer series. I merely want to collect and present possible solutions so that those with problems will have an easier time of finding things to try and get their Infinity properly rooted.
If you have questions regarding why DebugFS isn't working, I propose you consult the main thread here. If none of these methods work, please start your own thread involving the things you have tried and the issues you are encountering as it will be easier for those much more intelligent than I to assist you with your problems.
Notes:
You do not need an unlocked bootloader to get root access.
Rooting the TF700 does not void your warranty - unlocking the bootloader does. (e.g. Not the same thing)
All commands will be listed in "double quotes" - the quotes should not be typed.
Make sure to always use the most up-to-date version of sparkm3's DebugFS script.
I will be updating this thread as I come across more problems / solutions.
DebugFS doesn't complete:
Make sure that ASUS Sync is disabled in Settings -> Accounts & Sync
Make sure Unknown Sources is enabled under Settings -> Security (under Device Administration)
Make sure USB Debugging is enabled under Settings -> Developer Options
Make sure you have installed the drivers (you can download the drivers from sparkym3's OP)
-It should show up in Windows Device Manager as an adb composite device
Make sure your computer can see the device (use adb from within the DebugFS package and type in "adb devices" - a list should show up with your device in the list)
Make sure that ASUS Sync is uninstalled from your PC
Try a different computer
When DebugFS does complete, you should be able to open up Terminal Emulator, type in "su" and your prompt should turn from "$" to "#". Alternatively, you should be able to do the same thing via adb ("adb shell" then "su").
DebugFS does complete but still can't get root:
Try to run the SuperUser application
Try to uninstall and reinstall SuperUser
Try to run the SuperUser Update Fixer (thanks to okantomi)
If all else fails, you can give this a try. (thanks to d14b0ll0s)
Hopefully, this list will eventually help someone.
Thanks for this, well done (I'm going to add a link to this in my tweaks how-to if that's ok).
I believe you could add this one to the list.
Just received my champagne today fully updated .26, got root, busybox, and titanium back up with no problems... New to all this but had no problems getting rooted. Love the infinity (C7) so far GPS works,no light bleeds, good wifi, pretty smooth, hopefully the future updates wont screw my tablet and unlike the 4 primes I had when when it first came out defect after defect. Looks like this one maybe a keeper.
d14b0ll0s said:
Thanks for this, well done (I'm going to add a link to this in my tweaks how-to if that's ok).
I believe you could add this one to the list.
Click to expand...
Click to collapse
You can link to this thread if you believe that it will be helpful for others to read over. Any sort of suggestions of what you think would be easier to follow or details I should provide are welcome.
Also, I read over that post you noted and I have a question about that. The post mentions changing "adb wait-for-device" and suggests that it could be changed to "pause". Reading over the batch file though, it seems that sparky uses both "pause <CON" and "@pause <CON" so it makes me believe that perhaps one of those would be more appropriate. What do you think? or should I be directing this question to sparky?
Edit: I placed a request for the information in the main DebugFS thread.
I believe wait-for-device is more appropriate for a script, while pause is better for manual adb management (just imagine what happens).
d14b0ll0s said:
I believe wait-for-device is more appropriate for a script, while pause is better for manual adb management (just imagine what happens).
Click to expand...
Click to collapse
My question was whether when modifying the batch file if the person should be using "pause" or "pause <CON" as mentioned in burningcf's post
(Copy & Vomited from post)
Alternatively, if you don't feel comfortable with executing the adb actions by hand, you might want to just replace all occurrences of
Code:
adb wait-for-device
with
Code:
pause
(or something like that.)
(/Vomit)
which may be something to try before actually going for a line-by-line manual execution.
Perhaps I should just add a link to the post itself but I'm worried that it might go over some people's heads as to what is going on there. Well, let's see if I can get some more background from sparky and then I'll include what I can.
d14b0ll0s said:
Thanks for this, well done (I'm going to add a link to this in my tweaks how-to if that's ok).
I believe you could add this one to the list.
Click to expand...
Click to collapse
If you would like to update this post you linked to, I update the tool a few days ago to include pauses along with the wait-for-device calls. I removed the pointless lines that got left in there, and I am using a better way to determine su access. Finally, I updated it to kill asus sync if it is running.
The new version that should have all the fixes is v2.2
---------- Post added at 01:36 AM ---------- Previous post was at 01:33 AM ----------
alienedd said:
My question was whether when modifying the batch file if the person should be using "pause" or "pause <CON" as mentioned in burningcf's post
(Copy & Vomited from post)
Alternatively, if you don't feel comfortable with executing the adb actions by hand, you might want to just replace all occurrences of
Code:
adb wait-for-device
with
Code:
pause
(or something like that.)
(/Vomit)
which may be something to try before actually going for a line-by-line manual execution.
Perhaps I should just add a link to the post itself but I'm worried that it might go over some people's heads as to what is going on there. Well, let's see if I can get some more background from sparky and then I'll include what I can.
Click to expand...
Click to collapse
I responded to your post in the other thread, but I will copy it here as well, for easy reading.
There should be no difference between the pause that starts with @ and the one that doesn't (as far as this is concerned), I don't know how both got in there.
The reason that I added <CON to the end was because the script was ignoring the pauses and just continuing anyway (because it already had input stored in the buffer). The <CON just insures that the input is coming from the console (user) instead of some other buffer.
sparkym3 said:
I responded to your post in the other thread, but I will copy it here as well, for easy reading.
There should be no difference between the pause that starts with @ and the one that doesn't (as far as this is concerned), I don't know how both got in there.
The reason that I added <CON to the end was because the script was ignoring the pauses and just continuing anyway (because it already had input stored in the buffer). The <CON just insures that the input is coming from the console (user) instead of some other buffer.
Click to expand...
Click to collapse
Thanks for the explanation in feedback in both threads. Much appreciated it.
Added d14b0ll0s's link to post for "last resort" situations.
alienedd said:
My question was whether when modifying the batch file if the person should be using "pause" or "pause <CON" as mentioned in burningcf's post
Perhaps I should just add a link to the post itself but I'm worried that it might go over some people's heads as to what is going on there. Well, let's see if I can get some more background from sparky and then I'll include what I can.
Click to expand...
Click to collapse
Sorry for reading your post neglectfully, I was sleepy already but I believe sparkym3 responded to it now.
sparkym3 said:
If you would like to update this post you linked to, I update the tool a few days ago to include pauses along with the wait-for-device calls. I removed the pointless lines that got left in there, and I am using a better way to determine su access. Finally, I updated it to kill asus sync if it is running.
The new version that should have all the fixes is v2.2
Click to expand...
Click to collapse
Good job, thanks for this! I will update the rooting part in the tweaks thread.
And I believe there is no reason to add the pause solution here now or just you could mention it's obsolete.
Great post > thanks .... but ......
alienedd said:
Among our TF700 Forums/Fora,.......
If you have questions regarding why DebugFS isn't working, I propose you consult the main thread here. If none of these methods work, please start your own thread involving the things you have tried and the issues you are encountering as it will be easier for those much more intelligent than I to assist you with your problems.
Notes:
You do not need an unlocked bootloader to get root access.
All commands will be listed in "double quotes" - the quotes should not be typed.
Make sure to always use the most up-to-date version of sparkm3's DebugFS script.
I will be updating this thread as I come across more problems / solutions.
DebugFS doesn't complete:
Make sure that ASUS Sync is disabled in Settings -> Accounts & Sync
Make sure Unknown Sources is enabled under Settings -> Security (under Device Administration)
Make sure USB Debugging is enabled under Settings -> Developer Options
Make sure you have installed the drivers (you can download the drivers from sparkym3's OP)
-It should show up in Windows Device Manager as an adb composite device
Make sure your computer can see the device (use adb from within the DebugFS package and type in "adb devices" - a list should show up with your device in the list)
Make sure that ASUS Sync is uninstalled from your PC
Try a different computer
When DebugFS does complete, you should be able to open up Terminal Emulator, type in "su" and your prompt should turn from "$" to "#". Alternatively, you should be able to do the same thing via adb ("adb shell" then "su").
DebugFS does complete but still can't get root:
Try to run the SuperUser application
Try to uninstall and reinstall SuperUser
Try to run the SuperUser Update Fixer (thanks to okantomi)
If all else fails, you can give this a try. (thanks to d14b0ll0s)
Hopefully, this list will eventually help someone.
Click to expand...
Click to collapse
>> sorry if I am missing something >>> pls forgive as am very very NEW TO this " rooting" process
AND am still trying to GET MY TF700 from this crazy 'bay plac e !!!
so my question(s) is...
a) what hardware I need? or Does the transfermer (TF700) come with a USB cable to connect to PC
b) if not ; where can I get one of these ordered > so am ready when i get mine.
c) from what I read @ asus website > doing ROOT and UNLOCKING = voids warranty!! true ??
thanks in advance for answers
Debbie1759 said:
>> sorry if I am missing something >>> pls forgive as am very very NEW TO this " rooting" process
AND am still trying to GET MY TF700 from this crazy 'bay plac e !!!
so my question(s) is...
a) what hardware I need? or Does the transfermer (TF700) come with a USB cable to connect to PC
b) if not ; where can I get one of these ordered > so am ready when i get mine.
c) from what I read @ asus website > doing ROOT and UNLOCKING = voids warranty!! true ??
thanks in advance for answers
Click to expand...
Click to collapse
A) It comes with it
B) no need
C) Rooting does not void warranty but Unlocking will void your warranty.
Sent from my ASUS Transformer Pad TF700T using XDA Premium App
After deleting asus sync, then reisntalling superuser from the market did the trick thanks!
Thanks
jjdevega said:
A) It comes with it
B) no need
C) Rooting does not void warranty but Unlocking will void your warranty.
Sent from my ASUS Transformer Pad TF700T using XDA Premium App
Click to expand...
Click to collapse
Thanks for info..
> looking forward to grabbin this bad boy and ridin him to ROOT ! :angel:
d14b0ll0s said:
Thanks for this, well done (I'm going to add a link to this in my tweaks how-to if that's ok).
I believe you could add this one to the list.
Click to expand...
Click to collapse
having trouble getting rooted and tried your link, everything went fine, it even shows the uid and gid as = 0, but i still dont have root when i boot up and run root checker or superuser to update binaries. starting to look like i might have to go back to stock recovery and do a fresh install of firmware. I have even flashed TWRP through fastboot and installed a rooted rom (Zues v4) and still had no root. Really at a loss for what to do next.
Somehting that might help
alienedd said:
DebugFS does complete but still can't get root:
Try to run the SuperUser application
Try to uninstall and reinstall SuperUser
Try to run the SuperUser Update Fixer (thanks to okantomi)
If all else fails, you can give this a try. (thanks to d14b0ll0s)
Hopefully, this list will eventually help someone.
Click to expand...
Click to collapse
Thanks very much for all your guide, I have always use XDA forums and learn alot about android devices. I want to tell you that yesterday I try to root my TF700 like 10 times and in 3 different computers! I follow all the steps and eveything but I wasn't able to Root it. But in my last try.. I went to setting and in USB Debugging (it was enable) I disable it and enable it again, and then try with the Debug and it finally WORK :laugh:
So well maybe this will help someone that could be in my situation.
Sorry for my bad english.
I give up. I tried DebugFS, and that didn't work completely. Superuser seemed to be working but Busybox installer & TiBu didn't see root. I tried the manual commands in this thread and it's still not working. Screw this. Everyone that posted help threads on rooting & unlocking & etc. has done fabulous work, including this thread. But I'm just destined to live a rootless life.
*I have no interest in installing a custom ROM till JB is pushed out and I know the ROMs are reliable. I don't want to have to deal with so many bugs.
das0527 said:
I give up. I tried DebugFS, and that didn't work completely. Superuser seemed to be working but Busybox installer & TiBu didn't see root. I tried the manual commands in this thread and it's still not working. Screw this. Everyone that posted help threads on rooting & unlocking & etc. has done fabulous work, including this thread. But I'm just destined to live a rootless life.
*I have no interest in installing a custom ROM till JB is pushed out and I know the ROMs are reliable. I don't want to have to deal with so many bugs.
Click to expand...
Click to collapse
I was in the same boat. I finally installed Black Bean rom which is JB based and it gave me root. The development seems to have tripled just in
Sent from my ICS Razr
---------- Post added at 11:36 AM ---------- Previous post was at 11:25 AM ----------
I was in the exact same boat. Installing Baked Black Bean rom gave me root. I understand your concern with JB roms, however, there are only 2 bugs I have experienced-no GPS and portrait mode. Although they sound like big issues they really aren't. Any game or app I use that runs in portrait only mode works fine. Also I have seen 3 to 4 roms drop in the last 2 days. It will not be long until the devs fix all issues. This is a popoular device among Apple haters and I foresee a lot of really good stuff coming for this tablet. Just try out a JB rom and see how you like it...you can always go back. Hope this helps...I was just as frustrated as you.
Sent from my ICS Razr
Will, thank you for the advice. However, until the custom ROMs become more stable - or until JB is pushed out officially - I'm very wary of unlocking & flashing a custom ROM.
das0527 said:
Will, thank you for the advice. However, until the custom ROMs become more stable - or until JB is pushed out officially - I'm very wary of unlocking & flashing a custom ROM.
Click to expand...
Click to collapse
This is how i kind of feel to. My galaxy nexus feeds all my flashing needs.
worked for me
das0527 said:
I give up. I tried DebugFS, and that didn't work completely. Superuser seemed to be working but Busybox installer & TiBu didn't see root. I tried the manual commands in this thread and it's still not working. Screw this. Everyone that posted help threads on rooting & unlocking & etc. has done fabulous work, including this thread. But I'm just destined to live a rootless life.
*I have no interest in installing a custom ROM till JB is pushed out and I know the ROMs are reliable. I don't want to have to deal with so many bugs.
Click to expand...
Click to collapse
>> am still using Virgin TF700..(recovered from FACTORY BACKUP) but did try the ROOT...using the "DebugFS" method..
and it works >>>>> MUST REMEMBER to stop/switch off this apps = ASUS SYNC..... that is something that got me @ first try..
DOH! than I realised .. and once turned off = worked like a charm !!!
just my 0.02c worth !
Hello! So this should be an interesting first post. First, a little background:
I'm relatively new to this, and I've been trying to root my NEC Terrain for a little while now. I've followed the instructions on numerous pages in order to understand how to do things. And now I have been able to rip any partition from the phone. I've looked through everything I could in both the boot and recovery partitions but I haven't found anything I can use (I also explored /system but there doesn't seem to be anything in there either). Also, I tried to do everything on this page: http://forum.xda-developers.com/showthread.php?t=2337642 but I can't get SuperSU or TiBu to work. (As an aside, if anybody can point me in the right direction for the most recent su binary, that would be awesome). SuperSU wants to update the binary but fails. I would assume it's because it tries to install it directly into /system/bin, which isn't writable. If I could make it install it into /data/sbin, it might work, but that's off topic right now.
I would like to explore more of the partitions to understand what they are and what they do (I can't seem to find much information about them anywhere). I'm hoping to find something in the code to give a hint as to how to get into the bootloader. So, I have things like "aboot", "firmware", "MM", and "GROW", among others. Is there any way to decode or decompile those images so I can see what coding goes into them? Am I going about this the wrong way?
Thanks in advance to anyone that can help!
Maybe this will help you
In this post by E:V:A you can find some information about partitions and links to more!
I think latest SuperSU should be with latest SU binary (I can be wrong about this), so you could download "CWM / TWRP / MobileODIN installable ZIP" from this post and take one from "x86" folder.
Good luck.
Thanks for the links! Some of these may be very helpful. However, the su binary I got from that link was much older than the other most recent I had. It's a version 2.0 and they're up to at least 3.2 (I'll check the link again to see if I missed something). Also, for these phones, if anybody is wondering, they are ARM, not x86.
There seems to be only one direction I can go with this: Find an exploit that can run at boot that will interrupt it at the right time and allow editing of the /system partition. I can get a root shell with that script and a bind mount, but it's not enough to get anything else to work (ro.secure is still active, so there's no way to change it after the system is booted). Root is granted to root, and that's all. Any app requesting root does not get it.
The guys on that other thread said they got SuperSU and TiBu to work, but they provided very limited information and I can't seem to make them work. I wonder though, if that would matter as long as ro.secure is still enabled.
Welcome to the Kyocera DuraForce super thread
There isn't much information floating around for the DuraForce and I've created this thread to aggregate information as it's found so we have a single place for useful information, hacks, etc.
I'll keep the thread as up to date as possible and organize any information from future posts into the originals so people can find information easier.
There is a Lollipop update available for the device as of early February, 2016. I have found a way for users to update if the OTA fails (see below). I've also updated the below posts with information regarding the Lollipop update and moved the KitKat notes to another location (link for old notes is below)
Ota - lmy47v1218_2217
For those who are having trouble applying a FOTA on the DuraForce, check /cache/fota/xyz_fotalog_123.dat It's a text file that contains a lot of really good info on what is going on during a FOTA. Including errors. Keep a look out for signature mismatch errors.
I had errors with the following files. Took me a few tries to get the OTA applied as each attempt resulted in one error.
Uninstall Xposed (moar hacks)
/system/usr/keylayout/gpio-keys.kl (disable PTT/Speaker buttons)
/system/etc/permissions/platform.xml (sd card "fix")
If trying to address the issues manually does not work, follow the procedure below.
Download "vanilla" system image from HERE (link)
Extract zip file
Ensure at least 2Gb of storage is available for internal data
adb push mmcblk0p21_KVT49L_0617_0132 /storage/sdcard0/
adb shell
su
dd if=/storage/sdcard0/mmcblk0p21_KVT49L_0617_0132 of=/dev/block/mmcblk0p21
Reboot phone once it completes. It will take awhile and not report anything during the process.
After phone boots, run "adb reboot recovery"
Wipe data / factory reset
Wipe cache
Reboot
Run software update
General Notes - Lolipop
Force Reboot: Pwr + Vol Up + Vol Dn + Back + Home + App Switcher buttons for ~10-30 seconds
Root: Use KingRoot from http://king-root.net/ -- I used the android APK successfully
SD cards bigger than 32Gb still do not work correctly on stock firmware
Known Working Customizations
To be determined
KitKat Notes
All previous notes for KitKat have been moved to a document in box. The notes can be found HERE (link)
Sources / Mirror(s)
The OSS drop is available on Kyocera's developer site: http://www.kyoceramobile.com/support/developers/
Misc file mirror: https://nuskunetworks.box.com/s/p5hwq3hboctl0saze0wkcv3jzfefuw45
Do you trust Kingo?
I'm THRILLED to hear you were able to root and freeze all the AT&T crapware. I can't wait to do the same. But how do you feel about Kingo? I'm almost leaning more to keeping the bloat, kind of the devil you know, you know?
kemonine96 said:
Welcome to the Kyocera DuraForce super thread
There isn't much information floating around for the DuraForce and I've created this thread to aggregate information as it's found so we have a single place for useful information, hacks, etc.
I'll keep the thread as up to date as possible and organize any information from future posts into the originals so people can find information easier.
If you're looking for root, look no further than Kingo. I can confirm the Windows version of Kingo is working on the AT&T varient of the DuraForce.
Click to expand...
Click to collapse
tomzweifel said:
How do you feel about Kingo?
Click to expand...
Click to collapse
I've used it a few times over the last year and can only complain it does a sloppier job compared to SuperSU. Every pre-canned root wants to crap all over /system and none is better than the other so long as you get the su binary in a working state IMHO. I know Kingo is harder to clean up after than SuperSU / others but it's a hell of a lot easier to just use Kingo to root and cleanup after. Stacking root exploits and similar like Kingo is doing is a huge PITA and best left to those specializing in such things.
tomzweifel said:
I'm almost leaning more to keeping the bloat, kind of the devil you know, you know?
Click to expand...
Click to collapse
Fair enough, I was able to replace Kingo with SuperSU pretty easily:
Install SuperSU from Play Store
Run SuperSU and update su binary via "Normal" mode
Authorize SuperSU when Kingo prompts
Allow SuperSU to replace su binary
Freeze/Remove Kingo
Reboot and enjoy SuperSU
Optional: cleanup other Kingo remnants
Components to clean up?
Any chance you can steer me towards the "remnants" that need to be cleaned up and where to find them, just to make sure I get it all? I'm probably going to go though this exact process tonight or tomorrow.
Thanks for the information!
kemonine96 said:
I've used it a few times over the last year and can only complain it does a sloppier job compared to SuperSU. Every pre-canned root wants to crap all over /system and none is better than the other so long as you get the su binary in a working state IMHO. I know Kingo is harder to clean up after than SuperSU / others but it's a hell of a lot easier to just use Kingo to root and cleanup after. Stacking root exploits and similar like Kingo is doing is a huge PITA and best left to those specializing in such things.
Fair enough, I was able to replace Kingo with SuperSU pretty easily:
Install SuperSU from Play Store
Run SuperSU and update su binary via "Normal" mode
Authorize SuperSU when Kingo prompts
Allow SuperSU to replace su binary
Freeze/Remove Kingo
Reboot and enjoy SuperSU
Optional: cleanup other Kingo remnants
Click to expand...
Click to collapse
tomzweifel said:
Any chance you can steer me towards the "remnants" that need to be cleaned up and where to find them, just to make sure I get it all? I'm probably going to go though this exact process tonight or tomorrow.
Thanks for the information!
Click to expand...
Click to collapse
Unfortunately I don't have notes on what Kingo leaves around on /system... Some searching online or poking about /system should yield results.
New OTA Update
I just got notified of an available OTA update but I can't find a changelog or any info on it yet. I'll be sure to post it if I find it.
tomzweifel said:
I just got notified of an available OTA update but I can't find a changelog or any info on it yet. I'll be sure to post it if I find it.
Click to expand...
Click to collapse
Please do. I haven't gotten any notifications yet and I'm kinda curious what the OTA will contain.
http://www.att.com/esupport/article.jsp?sid=KB426870&cv=820
Software update includes
Kyocera Remote Lock
Miscellaneous improvements, fixes, and security updates
Dkesler76 said:
http://www.att.com/esupport/article.jsp?sid=KB426870&cv=820
Software update includes
Kyocera Remote Lock
Miscellaneous improvements, fixes, and security updates
Click to expand...
Click to collapse
Thanks for the heads up. Too bad it's not L.
kemonine96 said:
Thanks for the heads up. Too bad it's not L.
Click to expand...
Click to collapse
np yeah i wished it was to lol... seems that my phone wont take the ota i did delete the bloatware....probably why it wont update u know how to force the ota or do u know where i can get the apks to reinstall them to update it... ty dan
Dkesler76 said:
np yeah i wished it was to lol... seems that my phone wont take the ota i did delete the bloatware....probably why it wont update u know how to force the ota or do u know where i can get the apks to reinstall them to update it... ty dan
Click to expand...
Click to collapse
I managed to free up some time this weekend and I'm going to be pulling the OTA and seeing what I can do for re-packing it for those of us who are rooted and/or de-bloated.
Will post back with more info after I've had some time to poke at the OTA some.
Edit 1: Looks like this has patches for system and boot. /cache/delata looks like the directory where everything was downloaded. Hopefully binwalk and some other tools will yield useful information on what's contained within.
Edit 2: Looks like I was able to install the OTA despite being rooted. I'm waiting for 1st boot to verify root persisted and I'm also working on mirroring a number of partitions that can be used to "go back" to stock as well as images for updated partitions post-OTA.
Dkesler76 said:
np yeah i wished it was to lol... seems that my phone wont take the ota i did delete the bloatware....probably why it wont update u know how to force the ota or do u know where i can get the apks to reinstall them to update it... ty dan
Click to expand...
Click to collapse
I managed to get a stock boot and system partition uploaded today that you should be able to use to restore the de-bloated apps. The image is here
You can use a Linux machine (or other methods) to extract the APKs and put them back or use busybox + dd to restore the contents of the partition (you may need to re-root if writing the partition using dd). There are some good guys on XDA and elsewhere on how to restore a partition image on an Android device.
Edit: The posted file is for an ATT device
Good news everybody! The ATT OTA doesn't remove root and can be installed as-is provided you've not de-bloated the ROM or installed Xposed. If you've de-bloated (see below) you'll need to restore the missing bloatware and if you've installed Xposed, you'll need to uninstall it prior to applying the OTA.
In one of the early OP's there's a link to the "misc file mirror" that contains partition images for boot and system partitions. These are from an ATT device and can be used to restore back to a state that'll allow the OTA to apply.
Happy hacking and OTAing everyone.
kemonine96 said:
I managed to get a stock boot and system partition uploaded today that you should be able to use to restore the de-bloated apps. The image is here
You can use a Linux machine (or other methods) to extract the APKs and put them back or use busybox + dd to restore the contents of the partition (you may need to re-root if writing the partition using dd). There are some good guys on XDA and elsewhere on how to restore a partition image on an Android device.
Edit: The posted file is for an ATT device
Click to expand...
Click to collapse
weird i tried dd and busy box and no go not showing up on device
Dkesler76 said:
weird i tried dd and busy box and no go not showing up on device
Click to expand...
Click to collapse
What isn't showing up?