Dear all,
I almost managed to root my A1 810... But I need advice to effectively achieve it.
Here are the main steps I followed :
Under linux (Ubuntu 14.04) (These are not detailed instructions, only the main steps. I will post a detailed step by step once finalized)
Code:
- From PC : upload busybox binary file to the tablet
- From Tablet : install "ExDialer & Contacts"
- From Tablet : initiate engineer mode (Dial *#*#3646633#*#* from ExDialer)
- From Tablet : initiate telnetd (run command from MTKlogger from within ExDialer)
- From PC : initiate a shell on tablet with adb
- From the shell : initiate a telnet local connection to tablet
- From the telnet session find out the position of the Android partition (cat /proc/dumchar_info)
- From the telnet session dump the android partition to a gzip file (dd if=/dev/block/mmcblk0 bs=4096 skip=17664 count=262144 | gzip > /data/local/tmp/system.img.gz)
- From PC : download the system image
- From PC : mount the system image on a loop device
- From PC : copy a su binary file to /system/bin ()within the mounted system image)
- From PC : set the correct permissions to the su executable (sudo chmod 06755 su) => it's here that you really getting the root permission
- From PC : unmount image
- From PC : upload the upaded image to the tablet (adb push)
- From the telnet session copy the updated system image to the android partition (zcat /data/local/tmp/system.img.gz | dd of=/dev/block/mmcblk0 bs=4096 seek=17664 count=262144) (Take care that's the dangerous part !!!!)
- Restart the tablet.
I didn't brick my tablet ... But it is not effectively rooted either
I checked from the terminal emulator that "su" has the correct properties :
ls -l su
-rwsr-sr-x root shell 311872 2014-08-15 23:16 su
But when I try something like :
su
ls /data
I get : opendir failed. Permission denied.
Obviously, I am not root...
Any idea ?
You can root with:
POOT: This app is a one click root app. No computer needed
Framaroot: Framaroot is a oneclick root app . No computer needed
This is the most popular one!
Z4Root: Z4Root is an oneclick root app . No computer needed
Towelroot: Towelroot is an oneclick root app. No computer needed
Baidu: No information
Vroot: No information
Gingerbreak: This app can root almost all gingerbread devices
Downloads:
Poot - Download the app >>here<<
Framaroot - Download the app inside this XDA Thread - >> CLICK HERE <<
Z4ROOT - Download the app inside this XDA Thread - >> CLICK HERE <<
Towelroot - Download the app inside this XDA Thread - >> CLICK HERE <<
Baidu ROOT - Download the app >> HERE <<
vROOT - Download the app >> HERE <<
Gingerbreak - Download the app inside this XDA Thread - >> CLICK HERE <<
Flash a SU ZIP - Download the ZIP >> HERE << and flash it on your unlocked bootloader phone !
Hit thanks if you liked this post or this post has helped you out !<br/>
Sent through my Galaxy Note using Tapatalk 4
Bink Feed: Thank you for trying.
There are many people trying to root this tablet since KitKat OTA has been issued... without any success.
Most or all the tools you listed have already been tested, again, without any success.
(see [ToolKit] Acer Iconia v0.8.3)
Since KitKat, the [ToolKit] Acer Iconia v0.8.3 does not work anymore. The main reason is that the "run command" used in engineering mode disappeared.
Yesterday, I found it again : it is now in the parameters from MTKLogger (!)
With that finding, I now have access to the guts of the android system.
I need help from the community to understand what I is missing :
Based on the rooting guide Acer Iconia B1 A71 Root written by entonjackson (many thanks to him)
I managed to extract a valid system image (dd if=/dev/block/mmcblk0 ... | gzip > system.img.gz)
I mounted that image (mount -o loop system.img /media/iconia)
I changed the permission of /system/xbin/su (chmod 06755 su)
I wrote back the system image to the tablet android partition (zcat system.img.gz | dd of=/dev/block/mmcblk0 ...)
et voilà !
... the only remaining problem is that I did not gain root access, even if su has now the correct properties (-rwsr-sr-x root root)
Anybody can tell me what else should I change in the android system image ?
Answering to myself...
##STANDARD DISCLAIMER => No responsibility, blah, blah, ...##
With KitKat, it is also necessary to have a running "su daemon".
A solution is to create a "install-recovery.sh" file in /system/etc. This script is executed at each boot.
Detailed step by step:
Files: (remove [grr] from ht[grr]tp)
busybox binary, for example from ht[grr]tp://busybox.net/downloads/binaries/latest/busybox-armv7l (to be renamed to busybox)
su binary, Superuser.apk and install-recovery.sh to be extracted from ht[grr]tp://download.clockworkmod.com/superuser/superuser.zipOperating system:
Any decent Linux distribution (I'm on Ubuntu since years)1/ copy busybox binary to the tablet
[email protected]:~$ adb push busybox /data/local/tmp/
[email protected]:~$ adb shell
[email protected]:/ $ chmod 755 /data/local/tmp/busybox2/ start a telnet daemon on the tablet
install "ExDialer - Dialer & Contacts" on the tablet
Initiate engineering mode: dial *#*#ENGMODE#*#*
Go to the "Log and Debugging" tab
Launch MTKLogger
Go to the settings
Select "Run Command"
Type: /data/local/tmp/busybox telnetd -l /system/bin/sh -p 1234
Press ok. Now a telnet daemon should be running on the tablet with some kind of privileges.3/ connect to the tablet (adb shell + telnet):
[email protected]:~$ adb shell
[email protected]:/ $ /data/local/tmp/busybox telnet 127.0.0.1 12344/ Find out the start address and size of the System partition
[email protected]:/ $ cat /proc/dumchar_info
Code:
Part_Name Size StartAddr Type MapTo
preloader 0x0000000000c00000 0x0000000000000000 2 /dev/misc-sd
mbr 0x0000000000080000 0x0000000000000000 2 /dev/block/mmcblk0
ebr1 0x0000000000080000 0x0000000000080000 2 /dev/block/mmcblk0p1
pmt 0x0000000000400000 0x0000000000100000 2 /dev/block/mmcblk0
pro_info 0x0000000000300000 0x0000000000500000 2 /dev/block/mmcblk0
nvram 0x0000000000500000 0x0000000000800000 2 /dev/block/mmcblk0
protect_f 0x0000000000a00000 0x0000000000d00000 2 /dev/block/mmcblk0p2
protect_s 0x0000000000a00000 0x0000000001700000 2 /dev/block/mmcblk0p3
seccfg 0x0000000000020000 0x0000000002100000 2 /dev/block/mmcblk0
uboot 0x0000000000060000 0x0000000002120000 2 /dev/block/mmcblk0
bootimg 0x0000000000600000 0x0000000002180000 2 /dev/block/mmcblk0
recovery 0x0000000000a00000 0x0000000002780000 2 /dev/block/mmcblk0
sec_ro 0x0000000000600000 0x0000000003180000 2 /dev/block/mmcblk0p4
misc 0x0000000000080000 0x0000000003780000 2 /dev/block/mmcblk0
logo 0x0000000000300000 0x0000000003800000 2 /dev/block/mmcblk0
expdb 0x0000000000a00000 0x0000000003b00000 2 /dev/block/mmcblk0
android 0x0000000040000000 0x0000000004500000 2 /dev/block/mmcblk0p5
cache 0x000000002bc00000 0x0000000044500000 2 /dev/block/mmcblk0p6
usrdata 0x0000000332020000 0x0000000070100000 2 /dev/block/mmcblk0p7
bmtpool 0x0000000000000000 0x00000000ff3f00a8 2 /dev/block/mmcblk0
Part_Name:Partition name you should open;
Size:size of partition
StartAddr:Start Address of partition;
Type:Type of partition(MTD=1,EMMC=2)
MapTo:actual device you operate
Look at the line "android". Convert the associated start address and the size in number of 4096 blocks. Considering the values above, I obtained: start adress = 17664x4096, size = 262144x4096.5/ dump the content of the android partition (it's there that the su binary will go)
[email protected]:/ $ dd if=/dev/block/mmcblk0 bs=4096 skip=17664 count=262144 | /data/local/tmp/busybox gzip > /data/local/tmp/system.img.gz6/ copy that file to the PC and make a copy (who knows... it may be useful)
[email protected]:~$ adb pull /data/local/tmp/system.img.gz
[email protected]:~$ cp system.img.gz system.img.untouched.gz7/ mount that file (change "user" to your current user name in the following instructions)
[email protected]:~$ mkdir /home/user/Iconia_system
[email protected]:~$ gunzip system.img.gz
[email protected]:~$ sudo mount -o loop system.img /home/user/Iconia_system8/ make some change to the android file system (removing old su binary, backing up old install-recovery.sh, installing new su, new install-recovery.sh):
[email protected]:~$ sudo rm -f /home/user/Iconia_system/bin/su
[email protected]:~$ sudo rm -f home/user/Iconia_system/xbin/su
[email protected]:~$ sudo rm -f /system/app/Superuser.*
[email protected]:~$ sudo rm -f /system/app/Supersu.*
[email protected]:~$ sudo rm -f /system/app/superuser.*
[email protected]:~$ sudo rm -f /system/app/supersu.*
[email protected]:~$ sudo rm -f /system/app/SuperUser.*
[email protected]:~$ sudo rm -f /system/app/SuperSU.*
[email protected]:~$ sudo cp /home/user/Iconia_system/etc/install-recovery.sh /home/user/Iconia_system/etc/install-recovery.sh.bak
[email protected]:~$ sudo cp su /home/user/Iconia_system/xbin/su
[email protected]:~$ sudo chown root.root /home/user/Iconia_system/xbin/su
[email protected]:~$ sudo chmod 6755 /home/user/Iconia_system/xbin/su
[email protected]:~$ sudo ln -s /system/xbin/su /home/user/Iconia_system/bin/su
[email protected]:~$ sudo cp Superuser.apk /home/user/Iconia_system/app
[email protected]:~$ sudo chmod 644 /home/user/Iconia_system/app/Superuser.apk
[email protected]:~$ sudo cp install-recovery.sh /home/user/Iconia_system/etc/install-recovery.sh
[email protected]:~$ sudo chmod 755 /home/user/Iconia_system/etc/install-recovery.sh9 remove some bloatware (optional)
[email protected]:~$ sudo rm /home/user/Iconia_system/app/e.g. PlusOne.apk
[email protected]:~$ sudo rm /home/user/Iconia_system/priv-app/e.g. AccuWeather.apk10/ unmount the android file system
[email protected]:~$ sudo umount /home/user/Iconia_system11/ compress the file
[email protected]:~$ gzip system.img12/ push it back to the tablet
[email protected]:~$ adb push system.img.gz /data/local/tmp/13/ connect to the tablet and "burn" the modified file system (be patient, will take up to 10 minutes)
[email protected]:~$ adb shell
[email protected]:/ $ /data/local/tmp/busybox telnet 127.0.0.1 1234
[email protected]:/ $ /data/local/tmp/busybox zcat /data/local/tmp/system.img.gz | dd of=/dev/block/mmcblk0 bs=4096 seek=17664 count=262144
[email protected]:/ $ exit
[email protected]:/ $ exit14/ restart the tablet
Huge Thanx, works for me too Great work
Edit: Mhh, OK, The system boots with "preinstalled" Superuser, but if i try to give some apps root permission, there is no root popup from superuser, and no root. Can you Plesse upload your system.img.gz to test it with that?
Maybe it works With the SuperSu Binarys...
I confirm it works with superuser.apk from clockworkmod.
SuperSU seems a little bit more tricky to install if you don't have direct rw access to /system.
Did you copy the install-recovery.sh script into /system/etc and set the correct rights (755) ?
Maybe you need to clean some cache ?
Do you have another supersuser app (or binary) installed ?
The "su" command from adb shell works ?
I am uploading my system.img.gz (be careful, it is for Acer_AV0K0_A1-810_RV0BRC01_WW_GEN1) (2 hours left)
Optimissimus99 said:
Huge Thanx, works for me too Great work
Edit: Mhh, OK, The system boots with "preinstalled" Superuser, but if i try to give some apps root permission, there is no root popup from superuser, and no root. Can you Plesse upload your system.img.gz to test it with that?
Maybe it works With the SuperSu Binarys...
Click to expand...
Click to collapse
Bruno25 said:
I confirm it works with superuser.apk from clockworkmod.
SuperSU seems a little bit more tricky to install if you don't have direct rw access to /system.
Did you copy the install-recovery.sh script into /system/etc and set the correct rights (755) ?
Maybe you need to clean some cache ?
Do you have another supersuser app (or binary) installed ?
The "su" command from adb shell works ?
I am uploading my system.img.gz (be careful, it is for Acer_AV0K0_A1-810_RV0BRC01_WW_GEN1) (2 hours left)
Click to expand...
Click to collapse
Im getting the same problems as @Optimissimus99.
install-recovery has the right perms, using superuser from cwm, su in adb shell works, but i cant remount /system
Code:
[email protected] ~/iconia $ adb shell
[email protected]:/ $ su
[email protected]:/ # mount -o rw,remount /system
mount: Operation not permitted
fREAST0 said:
Im getting the same problems as @Optimissimus99.
install-recovery has the right perms, using superuser from cwm, su in adb shell works, but i cant remount /system
Code:
[email protected] ~/iconia $ adb shell
[email protected]:/ $ su
[email protected]:/ # mount -o rw,remount /system
mount: Operation not permitted
Click to expand...
Click to collapse
I think it is not the same problem: I also cannot remount /system rw. It seems to be a new security level introduced with KitKat on the A1-810.
I am still looking for a solution.
A potential solution is to change the content default.prop in boot.img.
Code:
#
# ADDITIONAL_DEFAULT_PROPERTIES
#
ro.secure=1
ro.allow.mock.location=0
persist.mtk.aee.aed=on
ro.debuggable=0
ro.adb.secure=1
persist.sys.usb.config=mtp
persist.service.acm.enable=0
ro.mount.fs=EXT4
ro.persist.partition.support=no
I read that ro.secure=1 should be change to ro.secure=0 and ro.debuggable=0 to ro.debuggable=1
But for that, boot.img has to be dumped, splitted (kernel + ramdisk), ramdisk has to be "uncpio", changed, "cpio", merged back with the kernel and write back to the tablet.
The standard tools (abootimg, unpack-bootimg.pl, ...) cannot split correctly boot.img (they look for a gzip magic number preceded by some zeros... But in that case, the gzip magic numbers are preceded by FFs...).
Moreover, the boot.img (dumped directly from the tablet since it is not available from Acer web site) has 3 ramdisks, which is really unusual !
I am a little bit scared to brick my tablet...
Bruno25 said:
I think it is not the same problem: I also cannot remount /system rw. It seems to be a new security level introduced with KitKat on the A1-810.
I am still looking for a solution.
A potential solution is to change the content default.prop in boot.img.
Code:
#
# ADDITIONAL_DEFAULT_PROPERTIES
#
ro.secure=1
ro.allow.mock.location=0
persist.mtk.aee.aed=on
ro.debuggable=0
ro.adb.secure=1
persist.sys.usb.config=mtp
persist.service.acm.enable=0
ro.mount.fs=EXT4
ro.persist.partition.support=no
I read that ro.secure=1 should be change to ro.secure=0 and ro.debuggable=0 to ro.debuggable=1
But for that, boot.img has to be dumped, splitted (kernel + ramdisk), ramdisk has to be "uncpio", changed, "cpio", merged back with the kernel and write back to the tablet.
The standard tools (abootimg, unpack-bootimg.pl, ...) cannot split correctly boot.img (they look for a gzip magic number preceded by some zeros... But in that case, the gzip magic numbers are preceded by FFs...).
Moreover, the boot.img (dumped directly from the tablet since it is not available from Acer web site) has 3 ramdisks, which is really unusual !
I am a little bit scared to brick my tablet...
Click to expand...
Click to collapse
That sounds like a probable cause for the system partition.
Anyway i got root working (still no system R/W), using files and the binaries from http://download.chainfire.eu/supersu with a modified script (update-binary form that zip, which is used in recovery) to work while the system.img is mounted.
sudo mkdir /home/user/iconia
cd /home/user/iconia/
sudo mkdir system
wget http://download.chainfire.eu/452/SuperSU/UPDATE-SuperSU-v2.02.zip?retrieve_file=1
unzip UPD[...] -d supersu
wget http://fs1.d-h.st/download/00138/WBX/update-binary
sudo chmod u+x update-binary
sudo mount -o loop system.img system
sudo ./update-binary
sudo umount system
gzip system.img and so on
Click to expand...
Click to collapse
fREAST0 said:
That sounds like a probable cause for the system partition.
Anyway i got root working (still no system R/W), using files and the binaries from http://download.chainfire.eu/supersu with a modified script (update-binary form that zip, which is used in recovery) to work while the system.img is mounted.
Click to expand...
Click to collapse
Thank you fo the tip ! I didn't ever think to use the update-binary script offline !
Bruno25 said:
I confirm it works with superuser.apk from clockworkmod.
SuperSU seems a little bit more tricky to install if you don't have direct rw access to /system.
Did you copy the install-recovery.sh script into /system/etc and set the correct rights (755) ?
Maybe you need to clean some cache ?
Do you have another supersuser app (or binary) installed ?
The "su" command from adb shell works ?
I am uploading my system.img.gz (be careful, it is for Acer_AV0K0_A1-810_RV0BRC01_WW_GEN1) (2 hours left)
Click to expand...
Click to collapse
Upload finished (remove [grr] from ht[grr]tp) => ht[grr]tp://mq3dk1y9c3.mesfichiers.org/
fREAST0 said:
Im getting the same problems as @Optimissimus99.
install-recovery has the right perms, using superuser from cwm, su in adb shell works, but i cant remount /system
Code:
[email protected] ~/iconia $ adb shell
[email protected]:/ $ su
[email protected]:/ # mount -o rw,remount /system
mount: Operation not permitted
Click to expand...
Click to collapse
In A1-810, you need this command to remount /system:
Code:
mount -o remount,rw /system /system/
twu2 said:
In A1-810, you need this command to remount /system:
Code:
mount -o remount,rw /system /system/
Click to expand...
Click to collapse
@twu: are you sure the special mount is still used in the A1-810 using KK? I thought it was only a JB special, but you could be right...
I will play with the rooting method of this thread as soon as my A1-810 is on KK...
twu2 said:
In A1-810, you need this command to remount /system:
Code:
mount -o remount,rw /system /system/
Click to expand...
Click to collapse
No joy
Code:
[email protected]:/ # mount -o remount,rw /system /system/
mount: permission denied (are you root?)
By the way, I noticed that my mount command is weird :
Code:
[email protected]:/ # which mount
/system/bin/mount
[email protected]:/ # ls -l /system/bin/mount
lrwxrwxrwx root root 2013-08-23 12:51 mount -> wrapper.sh
Content of wrapper.sh :
Code:
#!/system/bin/sh
CMD=`basename $0`
ARG="$*"
NEWARG="-o remount,rw /system /system/"
LArg=$(eval echo \$$#)
case "$CMD" in
"busybox")
if [ $1 == "mount" ] && (([ $2 == "-o" ] && ([ $3 == "rw,remount" ] || [ $3 == "remount,rw" ])) || [ $2 == "-oremount,rw" ] || [ $2 == "-oremount,rw" ]); then
if [ $LArg == "/system" ] || [ $LArg == "/system/" ]; then
/system/xbin/.mount_wrapper/mount $NEWARG
# return $?
return 0
fi
fi
/system/xbin/busybox $ARG
# return $?
return 0
;;
"mount")
if ([ $1 == "-o" ] && ([ $2 == "rw,remount" ] || [ $2 == "remount,rw" ])) || [ $1 == "-oremount,rw" ] || [ $1 == "-orw,remount" ]; then
if [ $LArg == "/system" ] || [ $LArg == "/system/" ]; then
/system/xbin/.mount_wrapper/mount $NEWARG
# return $?
return 0
fi
fi
/system/bin/toolbox mount $ARG
# return $?
return 0
;;
esac
exit 0
It may come from a previous JB busybox installation (?)
If I force the use of toolbox :
Code:
[email protected]:/ # toolbox mount -o remount,rw /system /system/
mount: Operation not permitted
Am I the only one with that messy configuration ?
Bruno25 said:
No joy
Code:
[email protected]:/ # mount -o remount,rw /system /system/
mount: permission denied (are you root?)
By the way, I noticed that my mount command is weird :
Code:
[email protected]:/ # which mount
/system/bin/mount
[email protected]:/ # ls -l /system/bin/mount
lrwxrwxrwx root root 2013-08-23 12:51 mount -> wrapper.sh
Content of wrapper.sh :
Code:
#!/system/bin/sh
CMD=`basename $0`
ARG="$*"
NEWARG="-o remount,rw /system /system/"
LArg=$(eval echo \$$#)
case "$CMD" in
"busybox")
if [ $1 == "mount" ] && (([ $2 == "-o" ] && ([ $3 == "rw,remount" ] || [ $3 == "remount,rw" ])) || [ $2 == "-oremount,rw" ] || [ $2 == "-oremount,rw" ]); then
if [ $LArg == "/system" ] || [ $LArg == "/system/" ]; then
/system/xbin/.mount_wrapper/mount $NEWARG
# return $?
return 0
fi
fi
/system/xbin/busybox $ARG
# return $?
return 0
;;
"mount")
if ([ $1 == "-o" ] && ([ $2 == "rw,remount" ] || [ $2 == "remount,rw" ])) || [ $1 == "-oremount,rw" ] || [ $1 == "-orw,remount" ]; then
if [ $LArg == "/system" ] || [ $LArg == "/system/" ]; then
/system/xbin/.mount_wrapper/mount $NEWARG
# return $?
return 0
fi
fi
/system/bin/toolbox mount $ARG
# return $?
return 0
;;
esac
exit 0
It may come from a previous JB busybox installation (?)
If I force the use of toolbox :
Code:
[email protected]:/ # toolbox mount -o remount,rw /system /system/
mount: Operation not permitted
Am I the only one with that messy configuration ?
Click to expand...
Click to collapse
IIRC that wrapper is included in the toolkit for the A1 root, i think @twu2 made it
Skickat från min GT-I9505 via Tapatalk
fREAST0 said:
IIRC that wrapper is included in the toolkit for the A1 root, i think @twu2 made it
Skickat från min GT-I9505 via Tapatalk
Click to expand...
Click to collapse
You remembered well: the wrapper and all the busybox links comes from the toolkit (inside the a1su.tgz file).
Bruno25 said:
You remembered well: the wrapper and all the busybox links comes from the toolkit (inside the a1su.tgz file).
Click to expand...
Click to collapse
I don't have kitkat in my a1-810 (not got any OTA about this).....
in JB, yes, mount /system command will force to use busybox to mount it (toolbox not work).
twu2 said:
I don't have kitkat in my a1-810 (not got any OTA about this).....
in JB, yes, mount /system command will force to use busybox to mount it (toolbox not work).
Click to expand...
Click to collapse
Dear twu2, since you are still with JB , could you post the content of your /default.prop ? I would like to check what should be changed in mine to get rw access to /system
/default.prop, Android 4.4.2, Acer Iconia A1-810
Code:
#
# ADDITIONAL_DEFAULT_PROPERTIES
#
ro.secure=1
ro.allow.mock.location=0
persist.mtk.aee.aed=on
ro.debuggable=0
ro.adb.secure=1
persist.sys.usb.config=mtp
persist.service.acm.enable=0
ro.mount.fs=EXT4
ro.persist.partition.support=no
Kitkat Root
twu2 said:
In A1-810, you need this command to remount /system:
Code:
mount -o remount,rw /system /system/
Click to expand...
Click to collapse
Bruno25 said:
No joy
Code:
[email protected]:/ # mount -o remount,rw /system /system/
mount: permission denied (are you root?)
By the way, I noticed that my mount command is weird :
Code:
[email protected]:/ # which mount
/system/bin/mount
[email protected]:/ # ls -l /system/bin/mount
lrwxrwxrwx root root 2013-08-23 12:51 mount -> wrapper.sh
Content of wrapper.sh :
Code:
#!/system/bin/sh
CMD=`basename $0`
ARG="$*"
NEWARG="-o remount,rw /system /system/"
LArg=$(eval echo \$$#)
case "$CMD" in
"busybox")
if [ $1 == "mount" ] && (([ $2 == "-o" ] && ([ $3 == "rw,remount" ] || [ $3 == "remount,rw" ])) || [ $2 == "-oremount,rw" ] || [ $2 == "-oremount,rw" ]); then
if [ $LArg == "/system" ] || [ $LArg == "/system/" ]; then
/system/xbin/.mount_wrapper/mount $NEWARG
# return $?
return 0
fi
fi
/system/xbin/busybox $ARG
# return $?
return 0
;;
"mount")
if ([ $1 == "-o" ] && ([ $2 == "rw,remount" ] || [ $2 == "remount,rw" ])) || [ $1 == "-oremount,rw" ] || [ $1 == "-orw,remount" ]; then
if [ $LArg == "/system" ] || [ $LArg == "/system/" ]; then
/system/xbin/.mount_wrapper/mount $NEWARG
# return $?
return 0
fi
fi
/system/bin/toolbox mount $ARG
# return $?
return 0
;;
esac
exit 0
It may come from a previous JB busybox installation (?)
If I force the use of toolbox :
Code:
[email protected]:/ # toolbox mount -o remount,rw /system /system/
mount: Operation not permitted
Am I the only one with that messy configuration ?
Click to expand...
Click to collapse
For the RW workaround, you need to place a superuser app in /system/app, an su binary in /system/bin an su binary in /system/xbin, a busybox binary in /system/bin, and an su binary in /system/bin/.ext4. The one in /system/bin/.ext4 lets you do a mount -o remount,RW /system /system/ for RW workaround. You need all 3 su binaries. Take this system.IMG.gz as an example. Do a mount -o loop to see contents. Do not flash it to tablet because it is a jellybean a1-810 image. I repeat, do not flash it.
http://forum.xda-developers.com/showthread.php?t=2240029
Press a1-810 and download the pa_cus1 image. I can't post the direct link due to the 10 post policy.
carl031462 said:
For the RW workaround, you need to place a superuser app in /system/app, an su binary in /system/bin an su binary in /system/xbin, a busybox binary in /system/bin, and an su binary in /system/bin/.ext4. The one in /system/bin/.ext4 lets you do a mount -o remount,RW /system /system/ for RW workaround. You need all 3 su binaries. Take this system.IMG.gz as an example. Do a mount -o loop to see contents. Do not flash it to tablet because it is a jellybean a1-810 image. I repeat, do not flash it.
http://forum.xda-developers.com/showthread.php?t=2240029
Press a1-810 and download the pa_cus1 image. I can't post the direct link due to the 10 post policy.
Click to expand...
Click to collapse
No joy, yet,
Code:
[email protected]:/ # ls -al /system/bin/.ext4/
lrwxrwxrwx root root 2014-08-29 22:08 su -> /system/xbin/su
[email protected]:/ # busybox mount -o remount,rw /system /system/
mount: permission denied (are you root?)
Related
hi to all mod
here is code
$ su
su
# su mv /sdcard/gameloft /sdcard/external_sd/gameloft
su mv /sdcard/gameloft /sdcard/external_sd/gameloft
Permission denied
# su 1n -s /sdcard/external_sd/gameloft /sdcard/gameloft
su 1n -s /sdcard/external_sd/gameloft /sdcard/gameloft
Permission denied
#
pls help me(or)crate stuf like folder mapping tool
thank you
if you have to move directory i think that you have to do: mv -v -t source dest
cause -t is used for specified that you want move a dir and -v to show what the command are doing....
for the ln command use this format: ln -s /my/existing/directory thisismylink
...and i see that you wrote "1n" and not "ln" but maybe is a paste error
Bye
Hello xda-developers!
I'm trying to port Tizen for samsung wave 1.
But now I'm doing some research.
This thread will be my research on doing a chrooted scripts and try to boot a Tizen 2 Alpha working through vnc-viewer.
I'll write here my scripts for everyone to test it.
After these scripts an app. But now scripts.
This thread will be updated everytime I get a spare time to write it.
Thanks!
Tutorial:
First download the image from the torrent file.
Copy it for your extsd or sdcard phone/tablet.
It's to copy the image file from Tizen 2 Alpha for these two places.
And on terminal emulator run the tizen_run bash file.
Test it and I will test it too as I'm writing this tutorial and post.
Rename the script tizen_run.sh.txt to tizen_run.sh
Thanks !
PS: This code was changed to work with Tizen 2 Alpha I'm going to test it now.
I've putted here for everyone can get work it too.
Code:
#!/bin/sh
# Modify this according to your needs
DEVICE="/dev/block/mmcblk1p2"
LOOP="yes"
# Maybe this as well
MNT_PATH="/mnt/extsd/tizen"
# Modify only if you know, what are you doing
BINDS="dev dev/pts proc sys mnt/extsd"
ANDROID_BINDS=" /system /data "
TMPS="tmp var/tmp var/log var/run"
MY_MOUNTS=""
unset PS1
# Helper functions
die() {
echo " $1"
exit 1
}
safe_mount() {
mkdir -p "$MNT_PATH""$2"
if [ "$3" ]; then
OPTION=" $3 "
else
OPTION=""
fi
if [ -z "`mount | grep " $MNT_PATH$2 "`" ]; then
mount $OPTION "$1" "$MNT_PATH$2" || die "Can't mount $2!!!"
fi
MY_MOUNTS="$MNT_PATH$2 $MY_MOUNTS"
}
# Real work
[ "`whoami || echo root`" = "root" ] || die "You must be root first!"
LOOP_ARG=""
[ "$LOOP" = "yes" ] || LOOP_ARG=" -o loop "
safe_mount $DEVICE "" "$LOOP_ARG -t ext4 "
for i in $BINDS; do
safe_mount "/$i" "/$i" " -o bind "
done
if [ -d /Removable ]; then
for i in /Removable/*; do
[ -d "$i" ] && safe_mount $i /mnt$i " -o bind "
done
fi
for i in $ANDROID_BINDS; do
safe_mount $i /mnt/android$i " -o bind "
done
for i in $TMPS; do
safe_mount none /$i " -t tmpfs "
done
mount -o remount,ro "$MNT_PATH"
chroot "$MNT_PATH" /sbin/fsck.ext2 -y "$DEVICE"
mount -o remount,rw "$MNT_PATH"
# Tweak configuration of the chroot during first start
if [ \! -f "$MNT_PATH"/etc/profile.d/tweak.sh ]; then
mkdir -p "$MNT_PATH"/home/demo
echo 'nameserver 8.8.8.8' > "$MNT_PATH"/etc/resolv.conf
echo 'net:x:3003:root,demo' >> "$MNT_PATH"/etc/group
echo 'demo:x:1000:100::/home/demo/bin/bash' >> "$MNT_PATH"/etc/passwd
echo 'demo:$1$joWqOQdr$YsapocP32UtdiR3PKBXVM1:15395:0:::::' \
>> "$MNT_PATH"/etc/shadow
sed -i 's|^root:.*|root:$1$joWqOQdr$YsapocP32UtdiR3PKBXVM1:15395:0:::::|' \
"$MNT_PATH"/etc/shadow
echo '#!/bin/sh
export TERM=linux
export LANG="en_US.utf-8"
export EDITOR="busybox vi"
alias vi="busybox vi"
precmd() { :; }
if [ "`whoami`" = root ]; then
export HOME=/root
export USER=root
hostname -F /etc/HOSTNAME
fi
if [ -z "$CHROOTED" ]; then
export CHROOTED=yes
export HOME="/home/demo"
export USER="demo"
su demo
fi
' > "$MNT_PATH"/etc/profile.d/tweak.sh
fi
export PATH="/bin:/sbin:/usr/bin:/usr/sbin:/system/xbin:/system/bin"
# Chroot
chroot "$MNT_PATH" /bin/bash
# Cleanup
echo "Umount everything (yes/NO)?"
read answer
if [ "$answer" = yes ]; then
for i in $MY_MOUNTS; do
umount -l $i
done
fi
For bada
And Bada there any way to run it there,,,, or only possible in Badadroid,,,,:good::,,,,
Only possible in badadroid.
astronfestmon said:
Hello xda-developers!
I'm trying to port Tizen for samsung wave 1.
But now I'm doing some research.
This thread will be my research on doing a chrooted scripts and try to boot a Tizen 2 Alpha working through vnc-viewer.
I'll write here my scripts for everyone to test it.
After these scripts an app. But now scripts.
This thread will be updated everytime I get a spare time to write it.
Thanks!
Tutorial:
First download the image from the torrent file.
Copy it for your extsd or sdcard phone/tablet.
It's to copy the image file from Tizen 2 Alpha for these two places.
And on terminal emulator run the tizen_run bash file.
Test it and I will test it too as I'm writing this tutorial and post.
Thanks !
PS: This code was changed to work with Tizen 2 Alpha I'm going to test it now.
I've putted here for everyone can get work it too.
Code:
#!/bin/sh
# Modify this according to your needs
DEVICE="/dev/block/mmcblk1p2"
LOOP="yes"
# Maybe this as well
MNT_PATH="/mnt/extsd/tizen"
# Modify only if you know, what are you doing
BINDS="dev dev/pts proc sys mnt/extsd"
ANDROID_BINDS=" /system /data "
TMPS="tmp var/tmp var/log var/run"
MY_MOUNTS=""
unset PS1
# Helper functions
die() {
echo " $1"
exit 1
}
safe_mount() {
mkdir -p "$MNT_PATH""$2"
if [ "$3" ]; then
OPTION=" $3 "
else
OPTION=""
fi
if [ -z "`mount | grep " $MNT_PATH$2 "`" ]; then
mount $OPTION "$1" "$MNT_PATH$2" || die "Can't mount $2!!!"
fi
MY_MOUNTS="$MNT_PATH$2 $MY_MOUNTS"
}
# Real work
[ "`whoami || echo root`" = "root" ] || die "You must be root first!"
LOOP_ARG=""
[ "$LOOP" = "yes" ] || LOOP_ARG=" -o loop "
safe_mount $DEVICE "" "$LOOP_ARG -t ext4 "
for i in $BINDS; do
safe_mount "/$i" "/$i" " -o bind "
done
if [ -d /Removable ]; then
for i in /Removable/*; do
[ -d "$i" ] && safe_mount $i /mnt$i " -o bind "
done
fi
for i in $ANDROID_BINDS; do
safe_mount $i /mnt/android$i " -o bind "
done
for i in $TMPS; do
safe_mount none /$i " -t tmpfs "
done
mount -o remount,ro "$MNT_PATH"
chroot "$MNT_PATH" /sbin/fsck.ext2 -y "$DEVICE"
mount -o remount,rw "$MNT_PATH"
# Tweak configuration of the chroot during first start
if [ \! -f "$MNT_PATH"/etc/profile.d/tweak.sh ]; then
mkdir -p "$MNT_PATH"/home/demo
echo 'nameserver 8.8.8.8' > "$MNT_PATH"/etc/resolv.conf
echo 'net:x:3003:root,demo' >> "$MNT_PATH"/etc/group
echo 'demo:x:1000:100::/home/demo/bin/bash' >> "$MNT_PATH"/etc/passwd
echo 'demo:$1$joWqOQdr$YsapocP32UtdiR3PKBXVM1:15395:0:::::' \
>> "$MNT_PATH"/etc/shadow
sed -i 's|^root:.*|root:$1$joWqOQdr$YsapocP32UtdiR3PKBXVM1:15395:0:::::|' \
"$MNT_PATH"/etc/shadow
echo '#!/bin/sh
export TERM=linux
export LANG="en_US.utf-8"
export EDITOR="busybox vi"
alias vi="busybox vi"
precmd() { :; }
if [ "`whoami`" = root ]; then
export HOME=/root
export USER=root
hostname -F /etc/HOSTNAME
fi
if [ -z "$CHROOTED" ]; then
export CHROOTED=yes
export HOME="/home/demo"
export USER="demo"
su demo
fi
' > "$MNT_PATH"/etc/profile.d/tweak.sh
fi
export PATH="/bin:/sbin:/usr/bin:/usr/sbin:/system/xbin:/system/bin"
# Chroot
chroot "$MNT_PATH" /bin/bash
# Cleanup
echo "Umount everything (yes/NO)?"
read answer
if [ "$answer" = yes ]; then
for i in $MY_MOUNTS; do
umount -l $i
done
fi
Click to expand...
Click to collapse
what can we do with this file?
In badadroid vnc-viewer and terminal emulator You can run Tizen under android.
astronfestmon said:
In badadroid vnc-viewer and terminal emulator You can run Tizen under android.
Click to expand...
Click to collapse
sorry for the noobs questions, but how??
Edit 1:
I saw your tutorial just now, but I did not understand what to do in the terminal emulator?
There's no problem at all.
You need to copy the code into a file bash(.sh) with the name tizen_run.sh
Then in badadroid run it an app called terminal emulator to get into vnc-viewer.
As a loopback image inside android.
I'm trying to run it as an application like linuxonandroid.
astronfestmon said:
There's no problem at all.
You need to copy the code into a file bash(.sh) with the name tizen_run.sh
Then in badadroid run it an app called terminal emulator to get into vnc-viewer.
As a loopback image inside android.
I'm trying to run it as an application like linuxonandroid.
Click to expand...
Click to collapse
I think I am not smart enough to do understand you..
But thanks anyway..
Okay.
I'll upload here the file to run on terminal emulator.
I'm testing the app for android.
I'll upload it here.
Something wrong.There are no permission to tizen_run.sh
I can't test
New link for image tizen:
http://tizen-kernel-s8500.googlecode.com/files/tizen.7z.001
Try this command:
sh tizen_run.sh
or
./tizen_run.sh
Copied Tizen.img (latest one) to sd card
Copied tizen_run.sh to sd card
Then on Android (Nand Ver.) Emulator tried
sh tizen_run.sh ---> no such file or directory
./tizen_run.sh ---> not found
I'm going to check it out.
type this on terminal emulator:
cd /mnt/extsd - if exists
cd folder "where the Tizen.img and script is located"
then
sh tizen_run.sh
or
./tizen_run.sh
astronfestmon said:
I'm going to check it out.
type this on terminal emulator:
cd /mnt/extsd - if exists
cd folder "where the Tizen.img and script is located"
then
sh tizen_run.sh
or
./tizen_run.sh
Click to expand...
Click to collapse
Can't execute : Permission denied
I'll post a new file.
To see what happens.
in the first topic i have a txt file rename it on linux.
mv tizen_run.sh.txt tizen_run.sh
news??
Sorry about not saying any news.
Next week another build and a better script with an app for badadroid.
Installing Recovery Roms With ADB
About Article
Thats really funny to install a rom on your phone without touching your phone but thats more difficult than flashing rom from recovery . Here I fully explain the method but you can save commands in .bat and .sh files for using next times . It takes less than 5 min to flash rom if have saved commands in executable files . This guide explains the whole commands so its too long ! Dont confuse , just copy pase commands and save them into executable files then run all by few clicks
Disclaimer
*/
I am not responsible for any damage or ... done to your device by using this . Do at your own risk !
*/
Step 1 : What you need !
You need :
1- A healthy Galaxy S Plus device
2- ADB drivers and USB debugging on
3- Smasung USB drivers
4- Lots of patience
5- Having Basic Linux Shell Knowledge
6- 200 mg free space at data partition
Step 2 : Starting ....
1- Connect phone to PC and Do'nt touch it again ! Proccess here starts We want to do this without touching phone
2- Go to adb directory open cmd and type :
Code:
adb reboot recovery
Device will reboot to recovery
3- Type in cmd :
Code:
adb shell
busybox mount -rw -o remount /system
busybox rm -rf /system
busybox mkdir /system
busybox chmod 777 /system
mount -rw -o remount /data
4- Exit adb shell
5- Rename your .zip rom to "rom.zip" put it into c:\\ ( you can put it any where else but change path in the command )
6- open adb and type
Code:
adb push C:\\rom.zip /data/rom.zip
adb shell
busybox unzip /data/rom.zip -d /system/
busybox mount -rw -o remount /system
busybox mount -rw -o remount /data
busybox mount -rw -o remount /cache
busybox rm -rf /data /cache
busybox mkdir /data /cache
busybox chmod 777 /data
busybox chmod 777 /cache
busybox rm -f /data/rom.zip
busybox rm -rf /system/META-INF
busybox dd if=/system/boot.img of=/dev/block/mmcblk0p8
rm -f /system/boot.img
p=busybox chmod
s=busybox ln -s /system/bin/toolbox
busybox mv /system/system /system
7- Type agin ( I do not write busybox symlink ... its users selectable )
Code:
cd /system/bin
$s cat
$s chmod
$s chown
$s date
$s dd
$s df
$s dmesg
$s getevent
$s getprop
$s hd
$s id
$s ifconfing
$s iftop
$s insmod
$s ioctl
$s ionice
$s kill
$s ln
$s log
$s ls
$s lsmod
$s lsof
$s md5
$s mkdir
$s mount
$s mv
$s nandwrite
$s netstate
$s newfs_msdos
$s notify
$s printenv
$s ps
$s r
$s reboot
$s renice
$s rm
$s mmod
$s route
$s schedtop
$s sendevent
$s setconsole
$s setprop
$s sleep
$s smd
$s start
$s stop
$s sync
$s top
$s unmount
$s uptime
$s umstate
$s watchprops
$s wipe
busybox ln -s /system/fonts/Roboto-Regular.ttf /system/fonts/DroidSans.ttf
busybox ln -s /system/bin/mksh /system/bin/sh
8- Type :
Code:
$p 777 /system
$p 777 /system/*
$p 777 /system/bin/*
$p 777 /system/xbin/*
$p 644 /system/app/*
$p 644 /system/etc/*
$p 777 /system/etc/init.d/*
$p 644 /system/fonts/*
$p 644 /system/frimware/*
$p 644 /system/framework/*
$p 755 /system/vendor/*
$p 755 /system/usr/*
$p 644 /system/tts/*
$p 644 /system/media/*
$p 644 /system/build.prop
$p 644 /system/lib/*
$p 644 /system/cameradata/*
busybox reboot
9- now Disconnect Phone From ADB
10- If your rom doesnt boot Fix Permissions from Recovery
******
Please Excuse me For any Mistakes becuase I spend a lot of time to write this
******
I didnt fully test this but this must work !
[OT on] How many Bytes are 200mg of free space? [OT off]
ew, looks really to be hard work if it needs to be typed all the way^^
I recognize that you did not delete the boot.img file after dd'ing it into the Kernel memory block. The rest should work indeed.
magicw said:
[OT on] How many Bytes are 200mg of free space? [OT off]
ew, looks really to be hard work if it needs to be typed all the way^^
I recognize that you did not delete the boot.img file after dd'ing it into the Kernel memory block. The rest should work indeed.
Click to expand...
Click to collapse
200 * 1024 = 204800 (kb) (as shown in "cat /proc/partitions")
204800 * 1024 = 209715200 (bytes)
Google does this for you btw, ask this: how many bytes is 200mb
and you get:
200 megabytes = 209 715 200 bytes
and you just copy the text into files and execute them on your phone.. else its way to much work lol
broodplank1337 said:
200 * 1024 = 204800 (kb) (as shown in "cat /proc/partitions")
204800 * 1024 = 209715200 (bytes)
Google does this for you btw, ask this: how many bytes is 200mb
and you get:
200 megabytes = 209 715 200 bytes
and you just copy the text into files and execute them on your phone.. else its way to much work lol
Click to expand...
Click to collapse
he was joking about alireza wrote mg instead of mb (MB if we want to be picky)
ktulu84 said:
he was joking about alireza wrote mg instead of mb (MB if we want to be picky)
Click to expand...
Click to collapse
I couldnt open my eyes after writing this haha ... It tooks 5 hours to write this
magicw said:
[OT on] How many Bytes are 200mg of free space? [OT off]
ew, looks really to be hard work if it needs to be typed all the way^^
I recognize that you did not delete the boot.img file after dd'ing it into the Kernel memory block. The rest should work indeed.
Click to expand...
Click to collapse
Sorry gona fix it ....
I ve just wrote the toolbox symlink , If I had wrriten the whole busybox symlinks it needed about 10 hours to write busybox usually has more than 600 symlinks !
alireza7991 said:
I couldnt open my eyes after writing this haha ... It tooks 5 hours to write this
Sorry gona fix it ....
I ve just wrote the toolbox symlink , If I had wrriten the whole busybox symlinks it needed about 10 hours to write busybox usually has more than 600 symlinks !
Click to expand...
Click to collapse
Yeah, we know and thanks for your work... We are only grammar Nazi... Lol
Inviato dal mio GT-I9001 con Topatalk 2
I have a rooted HTC and need to create a custom file in /system/xbin. I execute a mount command (for read-write permission on /system), create the file, remount /system in readonly and after that my file magically disappear. Here are the commands I wrote in a su shell via adb.
Code:
[email protected]:/system/xbin # mount | grep system
/dev/block/mmcblk0p35 /system ext4 ro,seclabel,relatime,data=ordered 0 0
[email protected]:/system/xbin # mount -o rw,remount /dev/block/mmcblk0p35 /system
[email protected]:/system/xbin # cd /system/xbin
[email protected]:/system/xbin # echo test > myfile
[email protected]:/system/xbin # ls
daemonsu
dexdump
dexus
myfile <- 'myfile' is created
nc
su
[email protected]:/system/xbin # cat myfile
test
[email protected]:/system/xbin # mount -o ro,remount /dev/block/mmcblk0p35 /system
[email protected]:/system/xbin # ls
daemonsu
dexdump
dexus
nc
su
PUFF after remounted /system in readonly my file is disappeared. Any idea about this?
NOTE: If I try to re-execute the commands, my HTC restarts itself ... EDIT 2: As you could see in the 'ls' command output, in /system/xbin exist 'su' installed with a root tool. How could this root tool install 'su' permanently?
pivotce.com informs that instructions have been published on gaining root access to a webOS TV. This is much harder than on the old phones and tablets. When this was done on legacy webOS, there was a wave of enhancements and tweaks made available to phone users from webOS Internals and other developers.
The instructions can be found on the Russian webOS forums here: webos-forums.ru/topic4650.html (English Translation via Google).
As the thread itself notes, this creates the possibility of fiddling with your TV in a way that may turn it into a large, thin brick and will almost certainly invalidate your warranty. The general user should stay well clear of this.
pivotCE published this for information only and recommend leaving investigations to those who know what they are doing or who can afford to wreck expensive television sets. We will watch to see if anything interesting emerges from this development.
+
Detailed analysis of the root access method described above:
forums.webosnation.com/lg-webos-tv/331754-pivotce-seems-webos-tv-has-been-rooted.html#post3450911
Hello!
I'm from webos-forums.ru. I've root on TV for a while and can help you with translation or testing on LG webOS 1.4.
rooting
I could use your help rooting my lg 65uf6450-ua if you would. Thank you
Root webOS
Hodizzal said:
I could use your help rooting my lg 65uf6450-ua if you would. Thank you
Click to expand...
Click to collapse
1. You need to install Developer Mode App and export private ssh-key with CLI (webostv.developer.lge.com/develop/app-test)
2. Convert private ssh-key with puttygen [import key <your private ssh-key>, then save private key]
3. Download exploit (zalil.su/6937580), then connect with TV User: prisoner, [<ip-tv>:9922] + private-key with WinSCP (or other SCP-client), upload to /media/developer on TV and rename it to root.
on linux
Code:
ssh -i <your private ssh-key> [email protected]<ip-tv> -p 9922 "/bin/sh -i"
4.
Code:
chmod +x root
Code:
./root
5. After try install any app from market go to LG App Store and try to install any app.
6. if third stage ok. the insert password 1111 as said.
7.
Code:
busybox chroot /proc/1/root
Code:
[email protected]tTV:/# id
Code:
uid=0(root) gid=0(root)........
I personally use Linux Subsystem on Windows 10 for all of this.
To install .ipk app:
Code:
ApplicationInstallerUtility -c install -p /tmp/<any-name>.ipk -u 0 -l /media/developer -d
Info about your linux kernel and TV firmware:
Code:
luna-send -n 1 -f luna://com.palm.systemservice/osInfo/query '{ "subscribe": false }'
Launch app:
Code:
luna-send -n 1 -f luna://com.webos.applicationManager/launch '{"id": "netflix"}'
All apps ID you can find with
Code:
luna-send -n 1 "palm://com.palm.applicationManager/listLaunchPoints" "{}"
or at a folder /media/cryptofs/apps/usr/palm/applications/<App ID>/appinfo.json
For permanent root access through telnet:
1)
Code:
[email protected]:/# mkdir -p /media/cryptofs/root/etc
2)
Code:
[email protected]:/# cp -r /etc/* /media/cryptofs/root/etc
3)
Code:
[email protected]:/# mount -o bind /media/cryptofs/root/etc /etc
4)
Code:
[email protected]:/# passwd root
Enter any new root password
5)
Code:
cp /media/cryptofs/apps/usr/palm/services/com.palmdts.devmode.service/start-devmode.sh /tmp/start-devmode.sh
6) Download with WinSCP start-devmode.sh and edit it locally.
You need to add at the beginning
Code:
mount -o bind /media/cryptofs/root/etc /etc
telnetd -l /sbin/sulogin &
Plus you can add the line to launch any App at start, e.g:
Code:
luna-send -n 1 -f luna://com.webos.applicationManager/launch '{"id": "netflix", "params":{}}'
And comment Dev Mode online check.
Here it's mine start-devmode.sh. It's for webOS 1.4. It can be different for other webOS versions:
Code:
#!/bin/sh
mount -o bind /media/cryptofs/root/etc /etc
telnetd -l /sbin/sulogin &
#luna-send -n 1 -f luna://com.webos.applicationManager/launch '{"id": "netflix", "params":{}}'
# FIXME: disable this to turn off script echo
set -x
# FIXME: disable this to stop script from bailing on error
# set -e
# TODO: Check upstart daemon/process tracking (do we need to change /etc/init/devmode.conf? start sshd as daemon?)
# set devmode ssh port here
SSH_PORT="9922"
# set arch:
ARCH="armv71"
grep -qs "qemux86" /etc/hostname && ARCH="i686"
# set directories
OPT_DEVMODE="/opt/devmode"
OPT_SSH="/opt/openssh"
DEVELOPER_HOME="/media/developer"
DEVMODE_SERVICE_DIR="/media/cryptofs/apps/usr/palm/services/com.palmdts.devmode.service"
CRYPTO_SSH="$DEVMODE_SERVICE_DIR/binaries-${ARCH}/opt/openssh"
CRYPTO_OPT="$DEVMODE_SERVICE_DIR/binaries-${ARCH}/opt"
if [ -s ${DEVMODE_SERVICE_DIR}/jail_app.conf ] ; then
mv ${DEVMODE_SERVICE_DIR}/jail_app.conf ${DEVELOPER_HOME}
mv ${DEVMODE_SERVICE_DIR}/jail_app.conf.sig ${DEVELOPER_HOME}
fi
if [ -r ${DEVMODE_SERVICE_DIR}/sessionToken ] ; then
mv -f ${DEVMODE_SERVICE_DIR}/sessionToken /var/luna/preferences/devmode_enabled
fi
# Make sure the ssh binaries are executable (in service directory)
if [ ! -x "${CRYPTO_SSH}/sbin/sshd" ] ; then
chmod ugo+x ${CRYPTO_SSH}/sbin/sshd ${CRYPTO_SSH}/bin/ssh* ${CRYPTO_SSH}/bin/scp* || true
chmod ugo+x ${CRYPTO_SSH}/bin/sftp ${CRYPTO_SSH}/lib/openssh/* || true
chmod ugo+x ${CRYPTO_OPT}/devmode/usr/bin/* || true
fi
# TODO: (later) Look for "re-init" flag to re-generate ssh key if requested by app (via devkey service)
# com.palm.service.devmode could have "resetKey" method to erase /var/lib/devmode/ssh/webos_rsa
# Kind of dangerous though, since new key will need to be fetched on the desktop (after reboot)...
# We could just require a hard-reset of the TV which should blow away /var/lib/devmode/ssh/...
# Initialize the developer (client) SSH key pair, if it doesn't already exist
if [ ! -e /var/lib/devmode/ssh/webos_rsa ] ; then
mkdir -p /var/lib/devmode/ssh
chmod 0700 /var/lib/devmode/ssh
# get FIRST six (UPPER-CASE, hex) characters of 40-char nduid from nyx-cmd
# NOTE: This MUST match passphrase as displayed in devmode app (main.js)!
# PASSPHRASE="`/usr/bin/nyx-cmd DeviceInfo query nduid | head -c 6 | tr 'a-z' 'A-Z'`"
# PASSPHRASE="`/usr/bin/nyx-cmd DeviceInfo query nduid | tail -n1 | head -c 6 | tr 'a-z' 'A-Z'`"
PASSPHRASE="`tail /var/lib/secretagent/nduid -c 40 | head -c 6 | tr 'a-z' 'A-Z'`"
${CRYPTO_SSH}/bin/ssh-keygen -t rsa -C "[email protected]" -N "${PASSPHRASE}" -f /var/lib/devmode/ssh/webos_rsa
# copy ssh key to /var/luna/preferences so the devmode service's KeyServer can read it and serve to ares-webos-cli tools
cp -f /var/lib/devmode/ssh/webos_rsa /var/luna/preferences/webos_rsa
chmod 0644 /var/luna/preferences/webos_rsa
# if we generated a new ssh key, make sure we re-create the authorized_keys file
rm -f ${DEVELOPER_HOME}/.ssh/authorized_keys
fi
# Make sure the /media/developer (and log) directories exists (as sam.conf erases it when devmode is off):
mkdir -p ${DEVELOPER_HOME}/log
chmod 777 ${DEVELOPER_HOME} ${DEVELOPER_HOME}/log
# Install the SSH key into the authorized_keys file (if it doesn't already exist)
if [ ! -e ${DEVELOPER_HOME}/.ssh/authorized_keys ] ; then
mkdir -p ${DEVELOPER_HOME}/.ssh
cp -f /var/lib/devmode/ssh/webos_rsa.pub ${DEVELOPER_HOME}/.ssh/authorized_keys || true
# NOTE: authorized_keys MUST be world-readable else sshd can't read it inside the devmode jail
# To keep sshd from complaining about that, we launch sshd with -o "StrictModes no" (below).
chmod 755 ${DEVELOPER_HOME}/.ssh
chmod 644 ${DEVELOPER_HOME}/.ssh/authorized_keys
chown -R developer:developer ${DEVELOPER_HOME}/.ssh
fi
# FIXME: Can we move this to /var/run/devmode/sshd ?
# Create PrivSep dir
mkdir -p /var/run/sshd
chmod 0755 /var/run/sshd
# Create directory for host keys (rather than /opt/openssh/etc/ssh/)
HOST_KEY_DIR="/var/lib/devmode/sshd"
if [ ! -d "${HOST_KEY_DIR}" ] ; then
mkdir -p ${HOST_KEY_DIR}
chmod 0700 ${HOST_KEY_DIR}
fi
# Create initial keys if necessary
if [ ! -f ${HOST_KEY_DIR}/ssh_host_rsa_key ]; then
echo " generating ssh RSA key..."
${CRYPTO_SSH}/bin/ssh-keygen -q -f ${HOST_KEY_DIR}/ssh_host_rsa_key -N '' -t rsa
fi
if [ ! -f ${HOST_KEY_DIR}/ssh_host_ecdsa_key ]; then
echo " generating ssh ECDSA key..."
${CRYPTO_SSH}/bin/ssh-keygen -q -f ${HOST_KEY_DIR}/ssh_host_ecdsa_key -N '' -t ecdsa
fi
if [ ! -f ${HOST_KEY_DIR}/ssh_host_dsa_key ]; then
echo " generating ssh DSA key..."
${CRYPTO_SSH}/bin/ssh-keygen -q -f ${HOST_KEY_DIR}/ssh_host_dsa_key -N '' -t dsa
fi
# Check config
# NOTE: This should only be enabled for testing
#${CRYPTO_SSH}/sbin/sshd -f ${CRYPTO_SSH}/etc/ssh/sshd_config -h ${HOST_KEY_DIR}/ssh_host_rsa_key -t
# Set jailer command
DEVMODE_JAIL="/usr/bin/jailer -t native_devmode -i com.palm.devmode.openssh -p ${DEVELOPER_HOME}/ -s /bin/sh"
#DEVMODE_JAIL="echo"
# Add for debugging, but this will cause sshd to exit after the first ssh login:
# -ddd -e
# Make environment file for openssh
DEVMODE_JAIL_CONF="/etc/jail_native_devmode.conf"
DEVMODE_OPENSSH_ENV="${DEVELOPER_HOME}/.ssh/environment"
if [ -f ${DEVMODE_JAIL_CONF} ]; then
echo " generating environment file from jail_native_devmode.conf..."
find ${DEVMODE_JAIL_CONF} | xargs awk '/setenv/{printf "%s=%sn", $2,$3}' > ${DEVMODE_OPENSSH_ENV}
${DEVMODE_JAIL} /usr/bin/env >> ${DEVMODE_OPENSSH_ENV}
fi
# Set path for devmode
if [ -f ${DEVMODE_OPENSSH_ENV} ]; then
echo "PATH=${PATH}:${OPT_DEVMODE}/usr/bin" >> ${DEVMODE_OPENSSH_ENV}
fi
sleep 5;
for interface in $(ls /sys/class/net/ | grep -v -e lo -e sit);
do
if [ -r /sys/class/net/$interface/carrier ] ; then
if [[ $(cat /sys/class/net/$interface/carrier) == 1 ]]; then OnLine=1; fi
fi
done
#if [ $OnLine ]; then
# sessionToken=$(cat /var/luna/preferences/devmode_enabled);
# checkSession=$(curl --max-time 3 -s https://developer.lge.com/secure/CheckDevModeSession.dev?sessionToken=$sessionToken);
# if [ "$checkSession" != "" ] ; then
# result=$(node -pe 'JSON.parse(process.argv[1]).result' "$checkSession");
# if [ "$result" == "success" ] ; then
rm -rf /var/luna/preferences/dc*;
# # create devSessionTime file to remain session time in devmode app
# remainTime=$(node -pe 'JSON.parse(process.argv[1]).errorMsg' "$checkSession");
# resultValidTimeCheck=$(echo "${remainTime}" | egrep "^([0-9]{1,4}(:[0-5][0-9]){2})$");
# if [ "$resultValidTimeCheck" != "" ] ; then
echo '900:00:00' > ${DEVMODE_SERVICE_DIR}/devSessionTime;
chgrp 5000 ${DEVMODE_SERVICE_DIR}/devSessionTime;
chmod 664 ${DEVMODE_SERVICE_DIR}/devSessionTime;
# fi
# elif [ "$result" == "fail" ] ; then
# rm -rf /var/luna/preferences/devmode_enabled;
# rm -rf /var/luna/preferences/dc*;
# if [ -e ${DEVMODE_SERVICE_DIR}/devSessionTime ] ; then
# rm ${DEVMODE_SERVICE_DIR}/devSessionTime;
# fi
# fi
# fi
#fi
# Cache clear function added (except Local storage)
if [ -e ${DEVMODE_SERVICE_DIR}/devCacheClear ] ; then
rm -rf `ls | find /var/lib/webappmanager*/* -name "Local Storage" -o -name "localstorage" -prune -o -print`;
rm ${DEVMODE_SERVICE_DIR}/devCacheClear;
fi
# Launch sshd
${DEVMODE_JAIL} ${OPT_SSH}/sbin/sshd
-o StrictModes=no
-f ${OPT_SSH}/etc/ssh/sshd_config
-h ${HOST_KEY_DIR}/ssh_host_rsa_key
-o PasswordAuthentication=no -o PermitRootLogin=no -o PermitUserEnvironment=yes
-D -p ${SSH_PORT}
7) Upload new start-devmode.sh and rewrite the old one
Code:
cp /tmp/start-devmode.sh /media/cryptofs/apps/usr/palm/services/com.palmdts.devmode.service/start-devmode.sh
8) Restart TV.
Connect with telnet and type previously entered password.
Code:
telnet <ip-tv>
Trying <ip-tv>...
Connected to <ip-tv>].
Escape character is '^]'.
webOS TV 1.4.0 LGSmartTV
Give root password for system maintenance
(or type Control-D for normal startup):
Entering System Maintenance Mode
[email protected]:/#
Does it work on WebOS 3.5 devices?
medi01 said:
Does it work on WebOS 3.5 devices?
Click to expand...
Click to collapse
Positive.
is it possible to install webOS 3.0 on an 65EF9500 that currently has WebOS 2.0 via the USB upgrade method?
enkrypt3d said:
is it possible to install webOS 3.0 on an 65EF9500 that currently has WebOS 2.0 via the USB upgrade method?
Click to expand...
Click to collapse
No
Is there any method to get 3.0 installed over 1.4 I have a 49ub8500-ua
syconu said:
Is there any method to get 3.0 installed over 1.4 I have a 49ub8500-ua
Click to expand...
Click to collapse
No
Is there anything hack related that I can do with this to and can is support a new air mouse with a dongle
Ok, so I get run the root app and first ,second , and third stage all are good. then it says try get root password is 1111. But the terminal keeps freezing after that happens. A couple times my tv rebooted too. I cant figure out what i could have messed up. ANyone with any experience using this method have any legit information?
steven817817 said:
Ok, so I get run the root app and first ,second , and third stage all are good. then it says try get root password is 1111. But the terminal keeps freezing after that happens. A couple times my tv rebooted too. I cant figure out what i could have messed up. ANyone with any experience using this method have any legit information?
Click to expand...
Click to collapse
Try to delete all 'cache' files from exploit at /media/developer. It doesn't wotk twice as far as I concerned
Is there anyway I can root my 1.4.0 and if so what r the benefits of the root? Can I install Android or kodi? What's the point
teffd said:
Try to delete all 'cache' files from exploit at /media/developer. It doesn't wotk twice as far as I concerned
Click to expand...
Click to collapse
I tried it stil seems to finish step 3 then says enter 1111. But this is where it freezes up and does not get any further.
Is this still working on 3.6? I'm stuck at try to install any app from market.
Mazda77 said:
Positive.
Click to expand...
Click to collapse
Which TV and firmware version?
Is this possible with UJ63 serie?
Hi, would the root access allow somehow to connect other bluetooth devices different than LG? Thanks!
You can do pretty much anything to the system with root, even include support for unsupported devices in form of additional kernel modules.
For example, I've added Samba support so I can mount use my NAS (see my blog at ddscentral dot org for details).
Hey guys is it possible to install android apps into WebOS? I just bought an Lg oled LG 55EG9A7V i want to use Perfect Player IPTV but i cant install it right now...Other then that i dont need anything else..
Can anyone help me?