[Q] Any way to achieve selinux permissive on AT&T sm p907a? - Galaxy Note Pro 12.2 Q&A, Help & Troubleshooting

Question is in the title is there any way to get the selinux status to permissive on the AT&T note pro12.22 using stock rom?
I have already tried the sm P905 method for Qualcomm on here without success. I do have root but it is not enough as most of my root apps such as usb bt joycenter gold need the permissive state to function properly. I was just wondering if anybody knew if this is possible or if AT&T customers have been brickwalled again as with the note 3 and the bootloader locked

Xenoghost42 said:
Question is in the title is there any way to get the selinux status to permissive on the AT&T note pro12.22 using stock rom?
I have already tried the sm P905 method for Qualcomm on here without success. I do have root but it is not enough as most of my root apps such as usb bt joycenter gold need the permissive state to function properly. I was just wondering if anybody knew if this is possible or if AT&T customers have been brickwalled again as with the note 3 and the bootloader locked
Click to expand...
Click to collapse
Someone needs to build a permissive kernel for the p907a.

Xenoghost42 said:
Question is in the title is there any way to get the selinux status to permissive on the AT&T note pro12.22 using stock rom?
I have already tried the sm P905 method for Qualcomm on here without success. I do have root but it is not enough as most of my root apps such as usb bt joycenter gold need the permissive state to function properly. I was just wondering if anybody knew if this is possible or if AT&T customers have been brickwalled again as with the note 3 and the bootloader locked
Click to expand...
Click to collapse
I wanted to know the same thing when I first bought my note pro as it couldn't read my external drive formatted NTFS. I was never able to set the kernel to permissive (needed for apps that mount ntfs drives) so I ended up reformatting my hard drive to exFat. The only bad thing is now I can't store a disc image for my windows laptop as it wants the file system to be NTFS to begin the backup! I'm not sure whether to sell my tablet now as the locked bootloader is a real pain. If its a laptop replacement then it has to read my hard drive and I need it formatted NTFS.

jordant2 said:
I wanted to know the same thing when I first bought my note pro as it couldn't read my external drive formatted NTFS. I was never able to set the kernel to permissive (needed for apps that mount ntfs drives) so I ended up reformatting my hard drive to exFat. The only bad thing is now I can't store a disc image for my windows laptop as it wants the file system to be NTFS to begin the backup! I'm not sure whether to sell my tablet now as the locked bootloader is a real pain. If its a laptop replacement then it has to read my hard drive and I need it formatted NTFS.
Click to expand...
Click to collapse
Yes sir this tablet is entirely too tied down too be any sort of laptop replacement. It's essentially a tablified sm n900a (AT&T note 3) with the bootloader being locked and all. If it's any indicator given how robust the development community is for that device and how minute the one for this one is......I doubt we will see an unlocked bootloader at all seeing as how the n900a's remains yet to be unlocked and it has been out for nearly a full year now. All well price you pay for lte I guess. I really wish AT&T would stop alienating their customers though

I also have the p907a and am trying to disable the selinux or set it to permissive. I have completely deleted the files related to knox, and I am fully rooted. Mine also doesn't print an error for setenforce 0, it just doesn't work. I have also tried wanam xposed which claims to be able to set permissive, it also didn't work.
I have been spending time looking for the bootloader partition in hopes that like desktop linux, I can edit the kernel params sent before booting and just add selinux=0. If anyone has any clue which /dev/block device it is hiding under please let me know

I have also found and tried setprop ro.build.selinux.enforce 0. This also is ignored by the system. The 2 /dev/block devices that seem promissing are:
/dev/block/mmcblk0p6 alias aboot and /dev/block/mmcblk0p14 alias boot. Now I don't know if these are generated on install and therefore different for each system but I am attaching the image files of these block devices. aboot is identified as "Hitachi SH big-endian COFF object, not stripped" the other one as data. Anyway Maybe someone else on here can help figure out next steps. As they are binary that is out of my skill level.

ok looking around on the forums boot.img is a packed kernel and ramdisk. Hopefully the settings are in the ramdisk or something. Does anyone have the tools to unpack the boot.img and internal zimage and ramdisk for OSX? I see there are tools for windows and linux, but I couldn't find any for mac
Thanks
Most forums frown on making new threads when the subject is already covered. The op may have given up but I haven't... Do I open my own thread????

Related

[Q] where is boot options on transformer infinity?

I unlocked my boot loader and have not yet found where I can boot from a SD card or usb thumb drive...
I want this as a step towards partitioning and dual boot option...
I have the 64gig infinity, I want to install 10.4 Ubuntu, or more modern mint, or...
Any words of help, how to get this infinity to stop and notice my usb thumb as a boot option?
THANKS
koko
kokoPedli said:
I unlocked my boot loader and have not yet found where I can boot from a SD card or usb thumb drive...
I want this as a step towards partitioning and dual boot option...
Click to expand...
Click to collapse
Unlocking the bootloader only allows you to install and boot unsigned recoveries and kernels. Little is known how to reconfigure the bootloader - I have never seen a thread here how to do it. However I know some of the theory behind it:
Tegra devices use a proprietary partition table. On some devices, like our TF700, this partition table is even encrypted with a device-specific key, same as the bootloader itself. This is the partition table with the 3-letter partition names like BCT, PT, SOS, LNX, etc. It is used for the bootloader's blob flashing feature, and for NVFlash.
The Linux kernel on the TF700 (also on the TF101) uses a standard GPT, which is located at the end of the eMMC. This partition table does not contain some of the hidden partitions, in particular the boot partitions that contain recovery and kernel are invisible.
I think your safest bet is to use the same kernel for both Android and your Linux distribution, like rabits did, or try to use kexec.
> The Linux kernel on the TF700 (also on the TF101) uses a standard GPT, which is located at the end of the eMMC. This partition table does not contain some of the hidden partitions, in particular the boot partitions that contain recovery and kernel are invisible.
> I think your safest bet is to use the same kernel for both Android and your Linux distribution, like rabits did, or try to use kexec.[/QUOTE]
Thanks for responding! I appreciate it =)
And I wish I knew enough to try what you suggest, but I do not...
I got this infinity for 2 reasons, one was the hardware looked great to turn it into a linux box, the other was to use the speech to text function...
I was told by the sales guy that function worked fine out of wifi range... I guess he must have had a cell version od android, as I get nothing out of wifi range. Now I wish I had never gotten this, or at least never unlocked it with the asus unlocker so I could return it!
oh well, live and learn, I guess someone will still give me SOMETHING for it.
Unless someone else here tells me how to run non-android version of linux on this box ? Please ?!?
Read the Ubuntu thread from rabits.

How are Android Phones different from PCs; making them harder to modify?

Out of curiosity, someone please explain to me what we are doing at the hardware level when we flash/root etc. I have an excellent understanding of PCs and Windows hard drives, but I don't understand why Android is much more complicated to modify and how the carriers are able to permanently mess up (in our opinion) our phones using OTA updates when there is not a computer virus that exists that can permanently mess up my computer to the point that a wipe and reinstall wont fix it?
My specific questions are as follows:
1. Most thread instructions usually say to root the phone before installing custom recovery (TWRP). If we are doing an ODIN flash, is rooting actually needed to install TWRP? Is root part of the ROM? Or is it a deeper hardware thing unrelated to the ROM?
2. If we are installing a custom rom (cyanogen mod) and we want root, is it necessary to root with a separate method (superuser.zip etc), or does flashing cyanogen mod give us root automatically?
3. If we are flashing images to the phone's hard drive, why does the current operating system on the phone matter? Why is there a different root/TWRP install method (and .tar images?) for android 4.1.1 than there is for 4.1.2 or 3.x.x? Shouldn't the same ODIN images work regardless of what operating system the phone has on it? As in, why do I even need to look at what is currently installed on the phone? If I have a computer and I want to install a new operating system, the current OS doesn't matter, I just wipe the drive and install the new OS. Why are the phones different? Why is it possible to buy a brand new computer, wipe the drive, and install Windows XP, or even DOS, but I can't buy a brand new phone and install Android 1.0.0?
4. How are the carriers able to cause developers so many problems with their OTA updates? If someone upgraded their i747 to 4.3 why can't they just format the phone's drive and reinstall an older operating system like I can on my computer? Even a computer infected with the worst computer virus can still be wiped and reinstalled with any processor compatible operating system, so how do the OTA updates cause irreversible phone problems when nasty computer viruses can't do this?
Basically explain to me what makes the Android phones different from PCs and makes everything so much more complicated than it is to format a Windows drive and install Linux and then format again and install something totally different? I just don't understand what makes them so different? Lastly, if the carriers encrypt a bootloader, like ATT did with the S4, why can't we just erase the bootloader and flash our own not-encrypted bootloader to the phone? Is the bootloader some sort of chip that we would have to physically remove and replace? Or is it 1's and 0's on the drive that we can format and rewrite?
scubapilot said:
Out of curiosity, someone please explain to me what we are doing at the hardware level when we flash/root etc. I have an excellent understanding of PCs and Windows hard drives, but I don't understand why Android is much more complicated to modify and how the carriers are able to permanently mess up (in our opinion) our phones using OTA updates when there is not a computer virus that exists that can permanently mess up my computer to the point that a wipe and reinstall wont fix it?
My specific questions are as follows:
1. Most thread instructions usually say to root the phone before installing custom recovery (TWRP). If we are doing an ODIN flash, is rooting actually needed to install TWRP? Is root part of the ROM? Or is it a deeper hardware thing unrelated to the ROM?
2. If we are installing a custom rom (cyanogen mod) and we want root, is it necessary to root with a separate method (superuser.zip etc), or does flashing cyanogen mod give us root automatically?
3. If we are flashing images to the phone's hard drive, why does the current operating system on the phone matter? Why is there a different root/TWRP install method (and .tar images?) for android 4.1.1 than there is for 4.1.2 or 3.x.x? Shouldn't the same ODIN images work regardless of what operating system the phone has on it? As in, why do I even need to look at what is currently installed on the phone? If I have a computer and I want to install a new operating system, the current OS doesn't matter, I just wipe the drive and install the new OS. Why are the phones different? Why is it possible to buy a brand new computer, wipe the drive, and install Windows XP, or even DOS, but I can't buy a brand new phone and install Android 1.0.0?
4. How are the carriers able to cause developers so many problems with their OTA updates? If someone upgraded their i747 to 4.3 why can't they just format the phone's drive and reinstall an older operating system like I can on my computer? Even a computer infected with the worst computer virus can still be wiped and reinstalled with any processor compatible operating system, so how do the OTA updates cause irreversible phone problems when nasty computer viruses can't do this?
Basically explain to me what makes the Android phones different from PCs and makes everything so much more complicated than it is to format a Windows drive and install Linux and then format again and install something totally different? I just don't understand what makes them so different? Lastly, if the carriers encrypt a bootloader, like ATT did with the S4, why can't we just erase the bootloader and flash our own not-encrypted bootloader to the phone? Is the bootloader some sort of chip that we would have to physically remove and replace? Or is it 1's and 0's on the drive that we can format and rewrite?
Click to expand...
Click to collapse
Reason being is that the manufacturers have control over everything and completely lock you out.
Its not like you have a bios on these phones or you can install a new hard drive with a different OS on it.
They lock it down so much.
It's also not impossible to root any of the phones.
All you need to do is use uart or jtag to talk to the device straight up.
Rotting is part of the rom.
An odin flash will work great for flashing recovery(For samsung devices only)
And roms.
But odin flashes whole partitions only.
Rotting is not a hardware thing.
Its basically finding a way to place a file on the /system partition in the bin folder.
Then being able to execute that file. (File: su)
The su executable changes your uid(User id) to 0 which indicates the root user giving you full access over the device.
To get the su executable on to the device you will have to find exploits in the software to allow you to write to the /system/bin directory.
One such exploit is zergrush which gave you a root shell where you copy the su binary over to the device.
What is rooting?
Pretty much every rom here will be given root access by default.
Some roms(Usually indicated with stock) have no root.
In which case recovery will allow you to flash a zip putting the su files onto your installed rom.
(Recovery is like running a live cd to repair windows.)
A good place to learn is xda-university
What is recovery?
These phones have flash memory.
Not magnetic.
And like I said Odin flashes whole partitions.
So it would completely wipe whatever partition you are flashing to.
/system would contain android.
So an odin package with a system img would wipe the current OS and flash the contents of your odin package to the place where the old OS was.
To summarize, Odin packages are not dependent upon the installed OS at all.
Now that is an interesting question.
The reason that you can't just install any OS is because we don't just have generic drivers built for generic hardware.
We have millions of different phone models.
There really hasn't been any movement for standard compliant hardware in the phone scene.
So building generic stuff for all of the different kinds of phones would be a nightmare.
And the last one.
Its because we rely on software security bugs to break into devices.
Google has made it easy for us to do anything that we want with our devices with a simple command.
samsung's download mode isn't a sure fire way of doing any modding because you would have to build a rom from stock. (Samsung doesn't release their stuff very often. An exception to this is : sammobile )
And again, you could do this with an underlying knowledge of the hardware using Uart or jtag. (Conneting to the board directly and speaking to the processor)
Seriously think about that for a second, how do you install windows. A cd drive.
How do you configure devices. a bios.
In short : These phones aren't made to be messed with for security reasons and because manufacturers are too lazy to make it easy for modders. (Nexus devices are made in mind for modders though)
Need anymore info just ask. :highfive:
Thank you so much Lgrootnoob. A few more questions.
1. When you say
To get the su executable on to the device you will have to find exploits in the software to allow you to write to the /system/bin directory.
Click to expand...
Click to collapse
Do I understand correctly that this is only true when adding root to a stock rom? If I flash cyanogen mod to the system partition, it does not require an exploit because it just erases and overwrites the entire partition? I have been rooting, and then installing TWRP, and then installing Cyanogen Mod. If I understand you correctly, me rooting the stock rom is an unnecessary step, as I am just erasing and overwriting it with Cyanogen Mod later?
Google has made it easy for us to do anything that we want with our devices with a simple command.
Click to expand...
Click to collapse
2. So modding the Google Nexus does not require that we use the exploits you mentioned are needed to modify the other phone(s)?
3. I understand that Android 4.3 has security features that prevent gaining "true root"? As long as Nexus leaves the "easy access" you mentioned, it will still be possible to flash a custom rom that does allow true root, no matter what security features Google puts into its version of Android?
4. Does the Google Play Edition Galaxy S4 require the exploits? Or do the Google Play edition phones have the same "easy access" you mentioned the Nexus has? Is the "easy access" the fastboot function I've read about?
5. With a carrier that encrypts all of their bootloaders, I will most likely be forced to buy only Nexus products or Google Play edition phones if I want to have Cyanogen Mod with full root? I haven't wanted a Nexus because it doesn't have a removable battery or SD card, but having custom firmware is the most important thing to me.
scubapilot said:
Thank you so much Lgrootnoob. A few more questions.
1. When you say Do I understand correctly that this is only true when adding root to a stock rom? If I flash cyanogen mod to the system partition, it does not require an exploit because it just erases and overwrites the entire partition? I have been rooting, and then installing TWRP, and then installing Cyanogen Mod. If I understand you correctly, me rooting the stock rom is an unnecessary step, as I am just erasing and overwriting it with Cyanogen Mod later?
2. So modding the Google Nexus does not require that we use the exploits you mentioned are needed to modify the other phone(s)?
3. I understand that Android 4.3 has security features that prevent gaining "true root"? As long as Nexus leaves the "easy access" you mentioned, it will still be possible to flash a custom rom that does allow true root, no matter what security features Google puts into its version of Android?
4. Does the Google Play Edition Galaxy S4 require the exploits? Or do the Google Play edition phones have the same "easy access" you mentioned the Nexus has? Is the "easy access" the fastboot function I've read about?
5. With a carrier that encrypts all of their bootloaders, I will most likely be forced to buy only Nexus products or Google Play edition phones if I want to have Cyanogen Mod with full root? I haven't wanted a Nexus because it doesn't have a removable battery or SD card, but having custom firmware is the most important thing to me.
Click to expand...
Click to collapse
1. Well, devices that have no way of flashing at the bootloader must be rooted on the stock rom to flash other roms. (Exception: Nexus devices that have fastboot flash system.img functions) But custom roms come su in /system/bin all the time. (Unless said otherwise in their thread)
2. Yup, google gives exclusive access on the nexus phones.
However, you have to unlock the bootloader to flash anything.
Unlocking the bootloader will use the command:
Code:
fastboot oem unlock
Unlocking the bootloader wipes all data.(/data partition) but leaves the system partition intact.
Reasone being is when someone flashes a recovery:
Code:
fastboot flash recovery.img
They could use recovery to dump your data partition.
3. The way processes work in android 4.3 and above is different from 4.3's ancestors.
Root can be obtained with Supersu
But exploits to gain root on the android system have been pretty much put out of business.
Most exploits are bootloader exploits these days. (Or oem rom exploitsem's theming makes their devices vulnerable usually.[They have less tested code or just don't care.])
So root is still widely available on just about any rom out there thanks to chainfire!
^He is an awesome developer by the way.
4. I would figure that the google play editions have easy access with fastboot that would normally be stumped by samsung.
Google makes everything awesome.
" Is the "easy access" the fastboot function I've read about?" In short yes.
It allows you to flash recovery which can dump the whole system and allow you to modify the system however you like and put it back on the device.
There is even an app for recovery by the way: Aroma fm
5. The removable battery doesn't matter unless you wan't to swap batts on the fly.
But it does have a function for restarting the phone without pulling the battery. Hold power button + volume up until it restarts.
And even if you wanted to replace the battery you could take the nexus device apart and disconnect the battery and find a replacement. (Maybe ordered from the manufacturer.)
The devs here are awesome and find exploits in almost all of the bootloaders or the oem (skinned) android versions.
So the nexus devices aren't the only option, but they usually get more development unless your device is truly a powerhouse like the gs4 international.

Temporary root shell for developers on locked bootloaders.

Hello All! I am me2151.
I am here to tell you some kind of good news.
We have achieved a temporary root shell using a modified recowvery script. Originally Recowvery installed a custom "recovery" but I have modified it to instead create a temporary root shell using the System_Server SELinux context and disable the flashing portion of the script. Yes we are still limited until we can get Kernel or Init context but I am working on that as well.
This exploit will be useful down the line because of one major thing. WE CAN INSERT KERNEL MODULES!!! But they need to be signed. So I am releasing this out here so we can take the next step into our full root! We also have rw to the /data partition and changes save over a reboot.
If we can get someone to sign a kernel module that the system accepts we can set SELinux to permissive.
This exploit SHOULD work for all variants.
NOTE: This should only be used by devs who know what they are doing.
Instructions(this should work on MacOS and Linux only!):
Download linked file below.
Extract to either adb directory OR a directory you have adb access in.
Give execute permissions to temp.sh.
Run temp.sh.
When you are all done with your exploring and stuff type "Reboot" to reboot normally.
https://drive.google.com/open?id=0B8CP3g3AqMuHcmNJUUJWLUJUelE
Credit:
 @jcadduono - For recowvery, and pointing me in the right direction on IRC.
 @brenns10 - Wrote the lsh used in the exploit to spawn the shell.
The group over here for ideas and solutions.
Very cool work! Glad to see people putting my shell (such as it is) to good use. Wish I had a V20 to try it out
I don't think you'll ever be able to sign a kernel module (SHA512 hash). You'd probably have better luck signing your own boot image.
Here's a theory to toy with:
I think the way to do it would be to gain read access to /init binary allowing you to dirtycow /init with the same init binary but change a very specific (but not vital to system integrity) set of instructions to point back to the setenforce code with a value of 0 without disturbing the rest of the binary/instructions. This way, init should continue running without crashing and taking down the whole system, and you can do something that might trigger that specific instruction set - which would then result in selinux becoming permissive.
This is beyond me, unfortunately. This method would also be very device specific until someone also finds an intelligent way to read init, modify instructions, then dirtycow it back.
I think system server context might be able to read init?
Once you get your permissive selinux, you'll also have to deal with Unix capabilities limitations (find a way around them).
jcadduono said:
I don't think you'll ever be able to sign a kernel module (SHA512 hash). You'd probably have better luck signing your own boot image.
Here's a theory to toy with:
I think the way to do it would be to gain read access to /init binary allowing you to dirtycow /init with the same init binary but change a very specific (but not vital to system integrity) set of instructions to point back to the setenforce code with a value of 0 without disturbing the rest of the binary/instructions. This way, init should continue running without crashing and taking down the whole system, and you can do something that might trigger that specific instruction set - which would then result in selinux becoming permissive.
This is beyond me, unfortunately. This method would also be very device specific until someone also finds an intelligent way to read init, modify instructions, then dirtycow it back.
I think system server context might be able to read init?
Once you get your permissive selinux, you'll also have to deal with Unix capabilities limitations (find a way around them).
Click to expand...
Click to collapse
if system_server can read init then thats a serious flaw.... Question for you. you said it would be very device specific. does that mean its unique for each individual phone or each model?
EDIT:Unfortunately we only have access to the init.rc not the binary it self.
@jcadduono I appreciate your input and direction in this matter another idea we have been toying with is
We have the aboot boot recovery and system dump. From the tmob variant would it be possible to make a tot from that for our devices changing the props to match our device, build, and carrier info? We can also pull apks from /system/apps and /privapps to our ext sdcard
@me2151, @jcadduono, @brenns10: Great work guys, keep it up. Good to see some people are trying for root. What model/s are being tested, or should this theoretically work on all models? Whilst you probably aren't doing it for the cash, there is a bounty I hope someone can claim soon, for a functonal root alone (not boot unlock) posted on this board.
RoOSTA
roosta said:
@me2151, @jcadduono, @brenns10: Great work guys, keep it up. Good to see some people are trying for root. What model/s are being tested, or should this theoretically work on all models? Whilst you probably aren't doing it for the cash, there is a bounty I hope someone can claim soon, for a functonal root alone (not boot unlock) posted on this board.
RoOSTA
Click to expand...
Click to collapse
It should work on all models. I personally use a sprint model(LS997). I think it MAY have been tested on VZW as well.
I can confirm that work on H990DS
Sent from my MI PAD using XDA-Developers mobile app
We know from earlier LG phone releases that the laf partition when bypassed in some way (corrupted, etc) aboot will boot to fastboot when going into download mode. It was my thought that the bootloader could be unlocked from there. However corrupting laf eliminates device recovery. Catch-22.
I think the best way to proceed is to get a working .TOT first which is just a waiting game. That would ensure device recovery and replacing the bootloader in the .TOT and signing it with something unlockable.
This is a great way to explore the locked phones in the meantime, thanks.
ATT Pretty Please
me2151 said:
Hello All! I am me2151.
I am here to tell you some kind of good news.
We have achieved a temporary root shell using a modified recowvery script. Originally Recowvery installed a custom "recovery" but I have modified it to instead create a temporary root shell using the System_Server SELinux context and disable the flashing portion of the script. Yes we are still limited until we can get Kernel or Init context but I am working on that as well.
This exploit will be useful down the line because of one major thing. WE CAN INSERT KERNEL MODULES!!! But they need to be signed. So I am releasing this out here so we can take the next step into our full root! We also have rw to the /data partition and changes save over a reboot.
If we can get someone to sign a kernel module that the system accepts we can set SELinux to permissive.
This exploit SHOULD work for all variants.
NOTE: This should only be used by devs who know what they are doing.
Instructions(this should work on MacOS and Linux only!):
Download linked file below.
Extract to either adb directory OR a directory you have adb access in.
Give execute permissions to temp.sh.
Run temp.sh.
When you are all done with your exploring and stuff type "Reboot" to reboot normally.
https://drive.google.com/open?id=0B8CP3g3AqMuHcmNJUUJWLUJUelE
Credit:
@jcadduono - For recowvery, and pointing me in the right direction on IRC.
@brenns10 - Wrote the lsh used in the exploit to spawn the shell.
The group over here for ideas and solutions.
Click to expand...
Click to collapse
At the moment all I am using root for is to add a line within my build.prop to disable Tethering checks, so I can tether at full 4G speed and not get throttled. Would this be possible using the method above, or would build.prop immediately get replaced at the reboot?
Thanks, and keep up the good work!
NRadonich said:
At the moment all I am using root for is to add a line within my build.prop to disable Tethering checks, so I can tether at full 4G speed and not get throttled. Would this be possible using the method above, or would build.prop immediately get replaced at the reboot?
Thanks, and keep up the good work!
Click to expand...
Click to collapse
no. it is a tcp root shell that can only do a few things such as kernel modules.. only section we were able to write to and have it stick was the /data partition which wont help you in this scenario
elliwigy said:
no. it is a tcp root shell that can only do a few things such as kernel modules.. only section we were able to write to and have it stick was the /data partition which wont help you in this scenario
Click to expand...
Click to collapse
So if we can write to data partition then in theory can we adb push to it using this? I ask because I'd like to install some tbo apps that normally would require flashing. But if we could push them we would be solid
markbencze said:
So if we can write to data partition then in theory can we adb push to it using this? I ask because I'd like to install some tbo apps that normally would require flashing. But if we could push them we would be solid
Click to expand...
Click to collapse
Unfortunately its a tcp shell. not a pure adb shell. so we cannot push or pull to those directories
Wow great progress keep up the good work. You guys are helping those assholes from LG sell more phones. Obviously some people have not made the switch because the lack of root. Root users are very influential leaders to get others to try out a new device.
Sent from my LG-LS997 using XDA-Developers mobile app
Works on the LG G5 also...
Hey guys, with the expectation of many that 'root is coming' to the other v20 models...are we likely to see the same type of root format that applied to the LG G4, where you have to (either) download or rip your own image to a PC. Use commands to insert root, then reflash to the device?
Any root is better than nothing, I know...but I ask because with the amount of software updates for the G4 (v10c software through to v10k before MM came out), meant the sheer amount of times you'd have to go through this process to keep your phone up to date whilst maintaining root was extremely frustrating - as it also meant xposed and related settings/apps needed to be reinstalled each time you performed an OTA update and re-flashed root.
Is this going to be a side effect of dealing with a locked bootloader? PS: If I sound dumb, it's probably because I am.
RoOSTA
roosta said:
Hey guys, with the expectation of many that 'root is coming' to the other v20 models...are we likely to see the same type of root format that applied to the LG G4, where you have to (either) download or rip your own image to a PC. Use commands to insert root, then reflash to the device?
Any root is better than nothing, I know...but I ask because with the amount of software updates for the G4 (v10c software through to v10k before MM came out), meant the sheer amount of times you'd have to go through this process to keep your phone up to date whilst maintaining root was extremely frustrating - as it also meant xposed and related settings/apps needed to be reinstalled each time you performed an OTA update and re-flashed root.
Is this going to be a side effect of dealing with a locked bootloader? PS: If I sound dumb, it's probably because I am.
RoOSTA
Click to expand...
Click to collapse
it shouldnt be an expectation as weve made it clear we do not have root and are hitting hurdles.. we have been advised we need to atack selinux and or the bl but at this point were wanting to try to use debug firmware which hoprfully would allow a bl unlock..
unfortunately nobody can creat a .tot with the debug firmware at al and theres no way at all to flash the images..
we need to somehow leverage an exploit to gain a temp adb root shell before we could even attempt anything and this has not been done in a way thats useful to us..
unfortunately we need more experienced devs at this point.
LG Australia (and as such, Taiwan) have effectively confirmed their H990DS v20 mobile phone's bootloader is confirmed as being unlockable. However (and for no apparent reason) they will not confirm why one region have released a variant of the phone with the bootloader unlock and why they are refusing this to others phones/regions. Because of course, they have zero training and information about anything related to their company expect for goods released in a specific region. That comes from a 'product expert'
Titanium Backup
Howdy,
Just reading through the thread, I understand that it's not quite a "full" root, but would it be enough to run Titanium Backup? I'm hoping to move away from root access with my V20 but it would be really helpful if I could do it temporarily, restore some application and data backups, reboot and uninstall Titanium.
Tim

Development TWRP for Moto G Stylus 2021 xt2115-1 (otg mouse necessary)

OTG adapter and mouse necessary
I am wondering if anyone can fix this recovery or possible port a new one with the files I have included. I am willing to test if you don't have a device to test on. My original post is here
Post in thread 'TWRP coming?'
TWRP coming?
Just saw the following article from XDA regarding TWRP v3.5 being released. I'm hopeful that this means that for devices that ship with Android 10 that TWRP will be able to decrypt the data partition in order to facilitate a complete backup...
forum.xda-developers.com
Here are the files and recovery backups.
Resolution is 1080x2400
Board is SM6150
Aarch64
Stock android 10
Please help anybody with the know how. Thanks. I'll buy anybody a pizza for doing this! Get it working right and I will definitely support.
External_sdcard says unknown filesystem but still functions to backup all partitions except /vendor, /system and /product individually. Allows /super backup.
/vendor and /system_root (permission denied)
touch screen not functioning in recovery
Flashing causes black screen after boot logo splash
I used AIK on windows 10 with notepad++
*EDIT*
added driver to /sbin in /ramdisk. updated recovery below.
Hey, do u have telegram? If so hit me up on there @rcc2002 username "Ritmo".. Im working on getting you help on this subject as soon as possible because I am so happy that you were able to create this. It does temporary boot. I didn't try flashing it but the problems that create the black screen I believe are Android security during boot, usually something to do with dmverity i think, the no touch screen working is usually a driver issue that just needs a proper driver being installed in the build. Or even pushed with a terminal cmd poss I've seen.. And the two errors coming up permission denied for system root is one I've seen before and is I believe very common. All mostly has to do with Android security and all the little annoying issues in building a permissive recovery I suppose. But anyway the dude I'm going to ask will basically tell you probably exactly what to do the second he sees or hears the errors and sees ur files.. what do the two zip files contain? And how did you build this exactly? Curious.. from common trees from scratch or a device tree builder? if you don't have telegram, just text me 856-896-7600..... ~RAY..
They contain most of kernel files and recovery and boot stock backup. Build.prop fstab and ueventd.rc. Also the device tree all pulled from the device root using root explorer. I ported this over from a different device that had the exact same specs. I used AIK for windows and modified the files to correlate with the moto g stylus 2021.
ID like to work on this also do you have someway to communicate? I may have found one of the kernel source codes you can try building with.
In all honesty I just need somebody to help me learn how to install touch drivers into the recovery. Then I will use avbtools to resize the file to its proper size. Just need the info. The rest of the recovery works. I've tested almost all of it. Haven't tested adb yet but I'm sure that won't be a problem if faulty.
Here is the block partitions I used to partly configure the recovery. It's a bit messy but I think it's OK. Not trying to type all this out. Pulled from device last night.
sosthenisRR said:
OTG adapter and mouse necessary
I am wondering if anyone can fix this recovery or possible port a new one with the files I have included. I am willing to test if you don't have a device to test on. My original post is here
Post in thread 'TWRP coming?'
TWRP coming?
Just saw the following article from XDA regarding TWRP v3.5 being released. I'm hopeful that this means that for devices that ship with Android 10 that TWRP will be able to decrypt the data partition in order to facilitate a complete backup...
forum.xda-developers.com
Here are the files and recovery backups.
Resolution is 1080x2400
Board is SM6150
Aarch64
Stock android 10
Please help anybody with the know how. Thanks. I'll buy anybody a pizza for doing this! Get it working right and I will definitely support.
External_sdcard says unknown filesystem but still functions to backup all partitions except /vendor, /system and /product individually. Allows /super backup.
/vendor and /system_root (permission denied)
touch screen not functioning in recovery
Flashing causes black screen after boot logo splash
I used AIK on windows 10 with notepad++
*EDIT*
added driver to /sbin in /ramdisk. updated recovery below.
Click to expand...
Click to collapse
Contact me on telegram, I could possibly help. @Electimon
is anyone working on twrp for the xt2131-1?
aaronj1993 said:
is anyone working on twrp for the xt2131-1?
Click to expand...
Click to collapse
No, also that's the 5G https://forum.xda-developers.com/f/moto-g-stylus-5g.12373/
ShayBox said:
No, also that's the 5G https://forum.xda-developers.com/f/moto-g-stylus-5g.12373/
Click to expand...
Click to collapse
yes I know but that's the next closest device.
I'm mid-level to flashing but new(ish) to XDA here. Since this device is so similar "can" you flash the 5G ROMS to the 2021 ? And it boot/work somewhat ? Referring to Lineage OS for the most part since these devices are still somewhat "new" .. Trying to find the best place to ask and this seems to be it so far. No posts much yet in 2022 ..
roiikka said:
I'm mid-level to flashing but new(ish) to XDA here. Since this device is so similar "can" you flash the 5G ROMS to the 2021 ? And it boot/work somewhat ? Referring to Lineage OS for the most part since these devices are still somewhat "new" .. Trying to find the best place to ask and this seems to be it so far. No posts much yet in 2022 ..
Click to expand...
Click to collapse
The Moto G Stylus 5G has a different SoC, so this most likely would not work.
I just upgraded to android 11 on my moto g stylus 2021 XT2115-1 but now I cannot figure out how to root it I can install magisk and patch the boot but it does not stick and keep root but it does show ramdisk as yes, so not sure what the deal is, it has been awhile but it looks like to achieve it we will have to get rid of dmverity and vbmeta at least. to be able to keep a root or roll back to droid 10.
Well I cannot help with twrp but I was able to upgrade to android 11 and get root with magisk rather easily check this post all credit goes to the poster. https://forum.xda-developers.com/t/root-question-for-moto-g-stylus-xt2115-1-2021.4259413/
toxinburn said:
Well I cannot help with twrp but I was able to upgrade to android 11 and get root with magisk rather easily check this post all credit goes to the poster. https://forum.xda-developers.com/t/root-question-for-moto-g-stylus-xt2115-1-2021.4259413/
Click to expand...
Click to collapse
However if someone can get twrp working I got orange fox but meh not my fav i prefer touch twrp please let me know or if i can find it someplace ill post it worst case I just reflash stock recovery and try again.
I can help with this if it hasn't been fixed already ?? Just did twrp for XT2215-4 and XT2211-2
so is this stable? // who knows which ROMs are safe to flash to this xt2115 -1
Terrible this isn't working, you guys throw the stylus in the trash and get new devices?
What's the new member thing about. I've been on xda for 10 years
sosthenisRR said:
OTG adapter and mouse necessary
I am wondering if anyone can fix this recovery or possible port a new one with the files I have included. I am willing to test if you don't have a device to test on. My original post is here
Post in thread 'TWRP coming?'
TWRP coming?
Just saw the following article from XDA regarding TWRP v3.5 being released. I'm hopeful that this means that for devices that ship with Android 10 that TWRP will be able to decrypt the data partition in order to facilitate a complete backup...
forum.xda-developers.com
Here are the files and recovery backups.
Resolution is 1080x2400
Board is SM6150
Aarch64
Stock android 10
Please help anybody with the know how. Thanks. I'll buy anybody a pizza for doing this! Get it working right and I will definitely support.
External_sdcard says unknown filesystem but still functions to backup all partitions except /vendor, /system and /product individually. Allows /super backup.
/vendor and /system_root (permission denied)
touch screen not functioning in recovery
Flashing causes black screen after boot logo splash
I used AIK on windows 10 with notepad++
*EDIT*
added driver to /sbin in /ramdisk. updated recovery below.
Click to expand...
Click to collapse
I have the xt2115-1 and am curious to know what ever came of this. Was a working TWRP ever accomplished? I am trying to install a custom rom on my phone, but I can't seem to move past a permission denied issue in fastboot and can't seem to locate a working TWRP. Any suggestions?

Does editing root operating system files trip the secure bootloader checking, or does it only check the kernel ?

Hi,
I have, a very large amount of Motorola Z3 and Z4 for my personal use (basically, I use them as raspberry pi substitutes)
They are all verizon variants (xt1929-17 and xt1980-04) and their bootloader is not unlockable.
I have pile of fresh screens, batteries and everything else, I plan to keep on using them for as long as I can as simple 4gb ram linux computers with camera and touch screens.
But, not being able to do anything as root is a big roadblock especially to making them reliably do what I want them to do !
Things like just running a script from start and keeping that script is running and restarting it if it ever stops.
Another big thing, probably the biggest thing, is the ability to re-enable "adb tcpip" after a reboot without going back to a computer !
So I was wondering, if I take the phone apart, desolder, or in-circuit reprogram the main storage flash chip, would the bootloader notice ?
I understand I cannot even start a kernel that is not approved by the bootloader but what about other files ?
What if I just put a copy of mksh with root setuid bit, so I get root access ?
Or if android doesn't have setuid, maybe I could edit a root privileged executable to have a flaw and run my own scripts as root ?
I'm curious if there's any way to break the secure boot security ?
thanks !
No need to solder for writing flash storage. However, modified system won't boot on locked bootloader. unlock bootloader first.
https://github.com/bkerler/edl#for-generic-unlocking

Categories

Resources