Related
Dear Sirs,
I have HTC Desire Z with CM 7.0.3 (superuser installed) and s-off. Posting here since the issue seems relevant to android in general rather than specific hardware...
I have already seen the following threads before opening this one but they do not help since I cannot issue any of the commands that they mention:
:http://forum.xda-developers.com/showthread.php?t=1364521
:http://forum.xda-developers.com/showthread.php?t=1087350
:http://forum.xda-developers.com/showthread.php?t=837102 (it says to use mount command but thats exactly where I get the permission denied)
When I boot the phone normally and "adb shell", I can get a root prompt (id command shows root user, "cd" shows "/"). But ANY command I run brings permission denied (even ls, chmod, mount). I literally can't do anything. Same whether I boot with/without S D card. I CAN however issue commands such as "adb pull /init.rc" if I exit and go back to DOS.
If I open a terminal session (with Superuser full permissions), I can SU as root, but again cannot issue any commands without getting "permission denied"/
However if I boot into clockworkmod recovery and mount /data and /system, and then open an adb shell via USB, I can connect as root and browse everything, everything is fine and all commands work OK. /etc/fstab shows all partitions would be mounted as rw.
So it looks like some application during boot, is resetting the permission for /system to be ro, and also removing root's privileges.
Please could you let us know if there is a method to determine what app is doing this during boot. I cannot see anywhere in init.rc where I can catch this application that is doing this and prevent it from making /system inaccessible after boot.
Preferably if someone could point me to the complete log of the boot process that shows each command that is run, I might have a clue as to where in the boot up process, the /system partition suddenly becomes ro and root loses all permissions.
The problem prevents busybox updating and other root apps that need to write to /system.
This was not a problem for months after installing and rooting CM 703, only recently it has become an issue, perhaps following some hidden Google update???
Thanks
Hi all--in need of some help here--have been crusing the forums for three days and still hitting a brick wall...
Have a rooted (and minimally modded) Atrix 4g in serious need of a hard reset and all the pain that comes with as nearly every app force closes on startup.
Hoping to backup some of my data (contacts, SMS, etc), but unable to do so my usual way (an app, root explorer, or the like), so I'm attempting to use ADB pull to grab the .db files. I'm relatively comfortable with linux, but running into a problem with ro/rw permissions (I think).
have tried the following:
adb pull /data/...../mmssms.db (yields Permission Denied)
# cp /data/....mmssms.db (appears to copy, but no file in destination, and can't copy out of shell)
have been able to remount /system as rw, but not /data where the files are located.
Anybody have suggestions? I'd be most apprecative!
Copy the the files as superuser to your sdcard first and adb pull them from there.
Unfortunately, the whole reason I'm needing to reset is that every app (incl superuser accesses) force closes on start--no chance to move through the phone itself. Since the .db files are not in the usb-accessible file structure I'm thinking that ADB is the only way to access.
Does that make sense?
Hi, OP here--anybody else have a suggestion? Getting a little desperate here... Any thoughts would really be appreciated!
im assuming your accessing ADB via recovery?
You should be able to use su without superuser.apk's permission in that case - however, theoretically, you should not need to use su in recovery anyway.
you can try running
Code:
adb shell ls -l /data/data/*tele*/databases/mmssms.db
and see what you get permissions wise, maybe a chmod could fix it?
Otherwise you could try
Code:
adb shell mount -o remount,rw /data
Another alternative to cp and adb pull is cat
Code:
adb shell cat /path/to/mmssms.db > /path/to/destination-file.db
might copy remote mmssms.db to a local file, while
Code:
adb shell
cat /path/to/mmssms.db > /path/to/destination-file.db
exit
would copy remote to remote
Is /data mounted at all?
This is strange, you should have read access to everything, especially in recovery.
What phone and what recovery?
Its not something as simple as geting the URIs the wrong war round ('cmd local remote' vs 'cmd remote local')?
So, still tinkering... Will give it one last try before I call it quits and just wipe the bloody thing. So, your thoughts were spot on--its probably me missing something.
Quick data dump on progress to data:
Phone: Rooted Motorola Atrix running 2.2
no trouble accessing shell or via ADB
/data is mounted, though only in Read Only mode--can't seem to change, have tried several ways in various modes (shell, su, etc)
Permissions for mmssms.db are: -rw-rw---- radio radio
chmod 777 of the file yields: "Read-only file system," which makes sense since I can't seem to change /data... to rw
Tried to remount rw:
adb shell mount -o remount,rw /data
and
mount -o remount,rw -t yaffs2 /dev/block/mmcblk0p11 /system (for systeem
but get "Operation not permitted" in both cases.... UGH!
Hadn't thought of cat--great idea. Still no real joy however.
I seem to have managed a copy to /system, but can't seem to get it off the device or onto the SD card.
Thanks much for your help so far. Any final thoughts?
SO CLOSE!!!! (and yet...)
crags said:
Hadn't thought of cat--great idea. Still no real joy however.
I seem to have managed a copy to /system, but can't seem to get it off the device or onto the SD card.
Click to expand...
Click to collapse
SO FRUSTRATING!!!! so close, but not quite there--HELP!!!
As noted at the end above, have been able to copy the mmssms.db file to /system/ after remounting as RW
Can't seem to copy or pull off the device--still getting "Permission Denied" no matter which course I try!?!?!
It sounds as if your doing this while booted into the ROM, and (maybe) without su (root)?
su-ing might help, just type su and hit return to enter a root shell
alternatively, going in through recovery ('adb shell reboot recovery') might help as most recoveries ignore permission rules - make sure to mount the partitions your using though.
It almost sounds like the sdcard has no write permissions - you can get the NAND partitions to mount rw, but cant copy to the sdcard.
On my Desire, there is (at least) two mount points: /sdcard and /mnt/sdcard - maybe on your phone only one of your mount points has write permissions?
Otherwise i suggest going in via recovery. You can still use adb (will have to manually mount - 'mount /system' 'mount /date' and 'mount /sdcard' usually work, otherwise use the menu item in recovery )
When in recovery, and after mounting partitions/card, try adb pull, cp /sdcard and cat > sdcard (and if possible cat > computer) plus anything else i forgot (quite tired )
if these dont work something is messed up somewhere in the ROM, or likely kernel and so without ideas a reflash would be the only real solution :/
I did have a bare-minimum+apps recovery script (attached) which might be worth a read to see if your forgetting something obvious - it works on my desire
So I went to replace libaudioflinger.so in /system/lib with one I'd built myself, but unfortunately something obviously went wrong and when I rebooted the device, it just hangs on the loading screen.
The good thing is that the original file is in /sdcard named '_libaudioflinger.so_', and I can connect via adb there. If i run 'su' which gives me some sort of root access, but when I try 'mount -o remount rw /system', it shows up as "Operation not permitted". If I'm able to get that filesystem mounted, I just need to run "mv /sdcard/_libaudioflinger.so_ /system/lib/libaudioflinger.so", anybody any ideas how I might be able to recover this?
seaders said:
So I went to replace libaudioflinger.so in /system/lib with one I'd built myself, but unfortunately something obviously went wrong and when I rebooted the device, it just hangs on the loading screen.
The good thing is that the original file is in /sdcard named '_libaudioflinger.so_', and I can connect via adb there. If i run 'su' which gives me some sort of root access, but when I try 'mount -o remount rw /system', it shows up as "Operation not permitted". If I'm able to get that filesystem mounted, I just need to run "mv /sdcard/_libaudioflinger.so_ /system/lib/libaudioflinger.so", anybody any ideas how I might be able to recover this?
Click to expand...
Click to collapse
Hopped on #android-root and they got me all sorted. Basically just had some sort of a bad root/su which wasn't giving me the correct access. All back up and running 100% now, though.
If it boots into the bootloader you can always flash the factory image
Sent from my Nexus 5 using XDA Free mobile app
You can't brick a device by swapping system files.
Sent from my Nexus 5 using Tapatalk
This thread is made in an effort to root the ZTE Grand X 4 (Z957). At this point I've made some progress by using the Dirty Cow exploit to access a root shell via ADB, but have been unable to install su to the system partition.
Notes: stock rom, no custom recovery.
Exploit method:
Follow the instructions posted by Arinerron on GitHub regarding CVE-2016-5195 (under 10 posts, cannot share direct link)
When successful you will see "[email protected]:/ #" as your shell prompt, however the session will hang after any command. That said, /system/run-as is still updated allowing you to do the following:
$ adb shell
[email protected]:/ $ run-as
uid run-as 2000
uid 0
0 u:r:runas:s0
context 0 u:r:shell:s0
[email protected]:/ # id
uid=0(root) gid=0(root) groups=0(root),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats) context=u:r:shell:s0
you have access to the android system as root within this shell, but this is where I'm getting stuck. I'm not able to find a way to mount the system partition as read/write, and as such unable to install su. Also note that you will need to run the exploit again anytime you reboot the device. I have tried the following methods:
$ adb shell cp /sdcard/Download/su /system/bin/su
cp: /system/bin/su: Read-only file system
[email protected]:/ # mount -o rw,remount /system
mount: Permission denied
adb reboot disemmcwp
#still unable to remount the system partition
At this point I'll share what I've been able to do so far and see if anyone else has ideas for a next step.
Have you figured out how to root the z957.
This worked on my ZTE GrandX Max Plus to permanently disable the write protection on the system partition.
Good luck!!
reboot disemmcwp
If you ever want to re-enable being blocked from mounting system rw:
reboot emmcwpenab
Any luck on this root? I am looking to buy a phone on Cricket, but I need one that I can root.
Bump? Would love to see root here!
Bump, I've tried but I also get stuck on the same three methods:
$ adb shell cp /sdcard/Download/su /system/bin/su
cp: /system/bin/su: Read-only file system
[email protected]:/ # mount -o rw,remount /system
mount: Permission denied
adb reboot disemmcwp
#still unable to remount the system partition
Grand X 4
has anyone successfully rooted the grand x ?!
Thought I would post an update: Still no success on my end.
"Rooting" is easy, but breaking out of the selinux context to do anything is hard. ie. I expanded on timwr/CVE-2016-5195 by trying to use vikiroot to break out of the u:r:shell:s0 context. To do this adb push the vikiroot exploit to /data/local/tmp and then use the timwr method to run that exploit as root:
[email protected]:/ # /data/local/tmp/exploit
Unfortunately I could only get the reverse shell to work as a glorified echo. If anyone knows where I could find some c++ code for running a shell in android for me to work off of I'm willing to see how much further I can get in that direction.
As disemmcwp doesn't work I'm wondering if ZTE found a different way to lock down the system partition? Interestingly there is an OEM-specific settings button that is greyed out (find it at *#*#4636#*#*).
I'm running firmware from Wind/Freedom Mobile so I can access the bootloader and unlock it, but I can't install SU or anything from stock. Additionally, there is no TWRP released for this phone yet. I have no idea where to find the board config files for this phone. Without a custom bootloader I'm not sure how to make permanent changes to the rom at this point.
Thanks for your work on this. Stock Rom is pretty clean, but root would be great on this.
I've tried many different ways to root this phone. For weeks, I've tried. Nothing. I personally think that there is no way to, not now at least.
Don't know if this will help but, I found that they lock the bootloader under the developer settings!
Has anyone tried a one click root application like KingoRoot ?
Or is this more for doing it on your own without a service like that?
Previously I had tried a series of one click solutions but I haven't found any that support this device yet. Typically they use the same exploits we've tried to use the hard way
After slacking for awhile I was finally able to poke around some of the internals of the phone in FTM mode using qualcomm developer tools. Lots of nifty things in the embedded file system and plenty of opportunities to flash new boot loaders and roms to the device for those of you who have a locked bootloader, but unfortunately I haven't been able to extract a copy of the stock rom or bootloaders. I'm still lacking the information I need to compile a new one for the phone.
Where I stand:
Can create a root shell, cannot remount system as read/write for permanent root in stock rom.
Can install new boot loader, no twrp or other found for this hardware.
Can compile new twrp, no boardconfig files (handy to avoid bricking your phone)
Can explore EFS and access chip via FTM, not sure how or if possible to download current rom / bootloader from here.
Happy for any tips on what to try next!
Can you tell me which tools you used? I looked at the Qualcomm site and there are plenty to choose from.
If you can get those tools off of the site maybe I'll message you about grabbing a few items on my Christmas list! QPST includes the tools necessary, and the tools to backup the 425 should you accidentally brick your phone (basically impossible to truly brick a qualcomm if you have the right tools). Archive.org has a copy, don't remember where to find the driver pack but you'll need that too (and a windows build).
Read through some notes on marshmellow and sounds like you have to remount system from recovery. I'm camping for the next month but will try talking to the TWRP team about porting a bootloader to the phone when I get back.
Let me know if you make any headway!
try this adb command and see if you get a qualcomm serial port after reboot
Code:
adb reboot edl
if that doesnt work try
Code:
adb reboot bootloader
then run the attached
How did you get into diag mode? Just do the temp root method and setprop sys.usb.config diag,adb?
https://freeandroidroot.com/root-zte-grand-x-4/
This page claims to have a root method but does it actually work? I've tried twice with no success.
How's everyone here? I also am awaiting root for this device. It really needs some shine on it's mid levelness. So here is my friend's zte warp 7 work for root. He also got some killer roms for the Huawei ascend XT. He does great work. I'm sure if he had a grand x 4 he could move this along. Just a suggestion. This man can this done. Just a suggestion for all of us. https://forum.xda-developers.com/showpost.php?p=72560392&postcount=246
---------- Post added at 11:31 PM ---------- Previous post was at 11:10 PM ----------
https://forum.xda-developers.com/member.php?u=7934375
Anyone root this phone yet?
Sent from my Z956 using XDA-Developers Legacy app
Hi there, I'm trying to pull root directories like /system and /data without any luck. My purpose it to have them on my PC as a backup, and be able to browse them to pull out apps and pieces of data as necessary if it ever becomes necessary.
Device: Nexus 6P (North American version)
ROM: Stock 6.0.1 Rooted, using Wugfresh Nexus Root Toolkit and SuperSU
PC OS: Windows 7 PC (64 bit)
Adb is working properly and I can easily pull non-root directories like "/sdcard" and so on. I'd like to be able to backup the entire root directory ("/") or at least the child directories (like "/system" and "/data", etc.) Unfortunately, when I try
Code:
adb pull -p "/system" "C:\somewhere"
it skips a bunch of files, so I need to come up with a better method.
I've tried
Code:
adb root
and it tells me it's already running in root mode.
I try
Code:
adb remount
and it does this properly, but doesn't change the effects of all the commands I've tried.
When I run
Code:
adb shell
it enters shell and gives me # by default, so seemingly it is giving me su permission by default?
*** Oddly, when I enter "su" while in shell, it tells me "/sbin/sh: su: not found" which seems odd to me. I think it's possibly that SuperSU is installed as systemless root, or there's something else screwy here, so I guess I'm not sure how to proceed. Still, if that were case, why would adb already be running as root, and why would shell automatically give me the #?
Any help is appreciated!!
Thanks!