Hi,
From what I've gathered (and please correct me if I'm wrong), Motorola has locked down their devices by requiring you to sign any replacement kernel with a secret key. This process is enforced by their bootloading code.
We can't replace the bootloader or the kernel without this key, but we do have root access to the Defy. Would it not be possible to write a kernel module, and load it using insmod on a rooted phone? Is insmod available on Android?
This kernel module would then run in kernel mode, and should thus have access to any and all features of the processor and the entire memory space, right? Can't this be used to load a different kernel into memory, reconfigure the MMU to put it at the appropriate memory address, and then have the phone boot the new kernel?
The limited modding that has been done on the Defy and the uncertainty about upgrades down the road are the only thing that keep me from buying it..
Never mind, apparently this is what http://freemymoto.com/tiki-index.php does, so not only is it possible, it's already been done.
Hi
If this is the wrong place to ask, please do let me know. I have no persmission to post anywhere else on the website - let alone the dev section
I am looking for some information on how HTC implements their NAND-write protection. The reason I ask is because I have an android device which I can temp root using a known exploit. Since the bootloader is locked, changes to the system partition do not persist after reboot. However, with temp root, I can insmod arbitrary kernel modules into the kernel. Assuming a module can fiddle arbitrarily with the kernel code, is therotically possible to bypass the NAND-protection this way? Is the check performed in kernel? if not, how is the protection implemented and where is it enforced? at the flash controller level?
Best
Hi there,
I just got a Galaxy Note Pro 12.2 LTE with Snapdragon, and as this is my third Android device I rooted it with Towelroot (had to use the string for 'new Samsung' from Geohot's page). So after rooting it I installed all the apps I am used to, but I have a problem with Orbot (Tor Proxy). Regardless if setup to provide a socks proxy or transparently proxy the traffic from apps or everything, it wouldn't start binding to the local control port.
After finding out that SEAndroid has been incorporated from google into Android and finding more stuff that doesn't work (like mounting a NFS share from my home server to the tablet) I start to think that maybe the Orbot problem is related to the kernel on the tablet in enforcing mode. I tried evrything I could find here and elesewhere to set it to permissive, no way to do it... (other than flashing a custom kernel where this is disabled...) As far a I get it, we should be able to switch modes by several commands, like setenforce Permissive or echoing 1 or 0 somewhere to the SELinuxFS. All this doesnt work, as we have root access but I guess we are in the wrong context or this has been blocked otherwise.
On the internet I found a lot of resources about management tools for SEAndroid, like 'setool' and 'SEAndroidmanage'. These are not on the Tablet as far as I can see, maybe we have a chance of getting into permissive mode somehow if we only had those tools to work with the policy. Fort example there is a mapping between Linux-users und SEAndroid-users which can be listed using setool. Maybe we can extract important info that way and find a way to permissive mode. Does anyone have those tools or is the only way to get them to compile AOSP from source with options like buildtype 'eng' which also creates additional debugging tools ?? Maybe someone can tell me, I was already gonna setup Ubuntu 14.04 in a VM to build the actual sources.
There must be a way somehow to do this without flashing unsigned kernels or create new ramdisk which also taint the device, which hasn't happened to mine up to now. It's very frustrating I can't even mount NFS shares, regardless of options I tried. So, does anyone know if this could workout or is it a waste of time ??
Druidster
How about this?
http://graemehill.ca/turning-a-galaxy-note-pro-into-a-linux-laptop/
He made a kernel that gives you permissive. Didn't work for me. Make sure to backup before trying.
---------- Post added at 04:58 PM ---------- Previous post was at 04:55 PM ----------
** just read about you not wanting to flash unsigned kernels. Maybe it won't work for you.... Not sure about signed kernels but guessing that means total stock?
Hi,
I do have the device for 10 days now, so up to now it's still KNOX 0x0.
I have just started to read into this SELinux stuff and I thought it could help somehow to have the possibility of using the tools usually used to create or list policies and do other stuff. I wonder if they would work or if the tablet has been so locked down by samsung, that there is no possibility to change anything on this.
While reading about SELinux I found out that you can also create policies for network ports, maybe that what is needed to make Orbot run without error when binding to a local port. So, I guess if I get more pissed at something not working on the stock image I will flash a custom kernel.
Just to clarify, I got the kernel to install. Now the kernel permission can be changed.
Sent from my SM-P900 using Tapatalk
Hello everyone.
Can we please get root on this phone?
Specs are:
Operating System: KaiOS
System chip: Qualcomm Snapdragon 205 MSM8905
Processor: Dual-core, 1100 MHz, ARM Cortex-A7, 32-bit, 28 nm
Graphics processor: Adreno 304
System memory: 0.5 GB RAM
Built-in storage: 4 GB
Storage expansion: up to 64 GB
sgmarouf said:
Hello everyone.
Can we please get root on this phone?
Specs are:
Operating System: KaiOS
System chip: Qualcomm Snapdragon 205 MSM8905
Processor: Dual-core, 1100 MHz, ARM Cortex-A7, 32-bit, 28 nm
Graphics processor: Adreno 304
System memory: 0.5 GB RAM
Built-in storage: 4 GB
Storage expansion: up to 64 GB
Click to expand...
Click to collapse
Im also wondering the same thing
Yes, have been able to flash my own system and it is also possible to get ADB.
I am currently working on it, but it might take some days to get something useful out of it. As I just created a new account here, I am currently not able to post any links, but you can find my stuff linked on Twitter via @nexus511.
nexus511 said:
Yes, have been able to flash my own system and it is also possible to get ADB.
I am currently working on it, but it might take some days to get something useful out of it. As I just created a new account here, I am currently not able to post any links, but you can find my stuff linked on Twitter via @nexus511.
Click to expand...
Click to collapse
Good job! :good:
0312birdzhang said:
Good job! :good:
Click to expand...
Click to collapse
Short update:
I have been able to gain root and I have also been able to modify selinux policies on the device. Then I have been running into some strange behavior. It actually looks like the kernel is telling to be running in permissive mode but even a permissive context seems to be enforcing instead.
I will try to use something like "Magisk" instead and see, if a service can solve this issue.
For anyone interested: The kernel-config can be extracted via /proc/config.gz. The dtb is compiled into the kernel image. Maybe I try extracting the dtb and building a codeaurora kernel for the device and see, how far I get with that. This might resolve the strange selinux issues I currently see.
nexus511 said:
Short update:
I have been able to gain root and I have also been able to modify selinux policies on the device. Then I have been running into some strange behavior. It actually looks like the kernel is telling to be running in permissive mode but even a permissive context seems to be enforcing instead.
I will try to use something like "Magisk" instead and see, if a service can solve this issue.
For anyone interested: The kernel-config can be extracted via /proc/config.gz. The dtb is compiled into the kernel image. Maybe I try extracting the dtb and building a codeaurora kernel for the device and see, how far I get with that. This might resolve the strange selinux issues I currently see.
Click to expand...
Click to collapse
This is a good news! I just bought a "banana" today, waiting for your good news :fingers-crossed:
nexus511 said:
Short update:
I have been able to gain root and I have also been able to modify selinux policies on the device. Then I have been running into some strange behavior. It actually looks like the kernel is telling to be running in permissive mode but even a permissive context seems to be enforcing instead.
I will try to use something like "Magisk" instead and see, if a service can solve this issue.
For anyone interested: The kernel-config can be extracted via /proc/config.gz. The dtb is compiled into the kernel image. Maybe I try extracting the dtb and building a codeaurora kernel for the device and see, how far I get with that. This might resolve the strange selinux issues I currently see.
Click to expand...
Click to collapse
Sounds like you've made some impressive progress here, can't wait for more details!
Will you be posting a more detailed tutorial/how-to here or on your blog in the future?
Keep up the great work! :good:
Great work, would be great to uninstalled preinstalled *tty demo games.
@nexus511, any way you could please share the root procedure or point to some resources?
Or...at the very least when you get a spare second, how you did manage to unlock your bootloader knowing Nokia has publicly acknowledge disabling Device > Developer?
Muchas,
nexus511 said:
Short update:
I have been able to gain root and I have also been able to modify selinux policies on the device. Then I have been running into some strange behavior. It actually looks like the kernel is telling to be running in permissive mode but even a permissive context seems to be enforcing instead.
I will try to use something like "Magisk" instead and see, if a service can solve this issue.
For anyone interested: The kernel-config can be extracted via /proc/config.gz. The dtb is compiled into the kernel image. Maybe I try extracting the dtb and building a codeaurora kernel for the device and see, how far I get with that. This might resolve the strange selinux issues I currently see.
Click to expand...
Click to collapse
fpb4 said:
@nexus511, any way you could please share the root procedure or point to some resources?
Or...at the very least when you get a spare second, how you did manage to unlock your bootloader knowing Nokia has publicly acknowledge disabling Device > Developer?
Muchas,
Click to expand...
Click to collapse
Use OmniJB can enable "Developer Mode".
Tested on sideload mode
0312birdzhang said:
Use OmniJB can enable "Developer Mode".
Tested on sideload mode
Click to expand...
Click to collapse
Cheers mate :good: , that's a step forward (and cookie points to OmniJB's dev for the firefox 52.9 esr trick) - now WebIDE lists all runtime apps in Unrestricted DevTools privileges...which is great should I be willing to debug any of those or create my own. What I am looking for though is a way to *delete/un-install/remove* (no cigar remounting /system/b2g/webapps rw without root) some of the certified pre-installed applications (assistant to start with or the bunch of packaged Gameloft bloatware). Any idea - i've pm'ed @nexus511 for some root procedure but no answer yet?
0312birdzhang said:
Use OmniJB can enable "Developer Mode".
Tested on sideload mode
Click to expand...
Click to collapse
Is there anyway I could revert installing omniJB? I'd love to be able to install factory updates again.
hello all, just give an update on how's everything regarding nokia 8110 is going
fpb4 said:
Cheers mate :good: , that's a step forward (and cookie points to OmniJB's dev for the firefox 52.9 esr trick) - now WebIDE lists all runtime apps in Unrestricted DevTools privileges...which is great should I be willing to debug any of those or create my own. What I am looking for though is a way to *delete/un-install/remove* (no cigar remounting /system/b2g/webapps rw without root) some of the certified pre-installed applications (assistant to start with or the bunch of packaged Gameloft bloatware). Any idea - i've pm'ed @nexus511 for some root procedure but no answer yet?
Click to expand...
Click to collapse
Could you remove the pre-installed apps?
Hi!
It's possible, to get full ADB-Root by injecting a patched adbd-binary. And with real swap instead of zram, the device is more responsive (background-tasks like Launcher/Homescreen are killed less often...)
As soon, as I have build my own patched adbd, I will provide an 'update.zip' -- it seems chainfire doens't like others to use his version. (OpenSource -- anyone? )
BTW: no, I don't have 'su' -- only my own priviledged additional startscript and ADB-Root but for me this is more than enough to 'work'
(my goal is to create native apps with Ada/Gnoga - meaning native but with HTML5-GUI. First tests are working well...)
I would love to have this phone without the pre-installed social media and game garbage, would your planned update.zip allow someone reasonably competent at following instructions to do this easily or is experience required?
It should be possible to remove those apps - but for me it's hard to say how. On my device there were no preinstalled apps/games other than snake. Everything else is (un)installable normally. Could be a region-thing
(I've got the european/german version)
-- but on my device the store seems to be a 'static' bunch of zips - so it could kill the store to just remove those.
(i think I would need to adjust configs for the store if I want to clean them up)
If I remember correctly, there is a flag in the app-manifest to config if an app is removeable... my first try would be to edit this flag and check if I could uninstall it normally after this
On the other hand: there is nearly no need to uninstall - KaiOS-Apps are small and with a sdcard....
(I created an extra 1GB-Swap on /data - even then enough space left)
BTW: if You have a little experience with android-stuff, rooting is simple when You know how
Enable adb --> just type *#*#33284#*#* on keypad of your phone (the digits spell 'debug' )
-- build an update.zip - sign with AOSP-Test-Keys
--- let it create '/data/opt', '/data/opt/bin'
--- put an patched adbd (chainfire's v22 works) in /data/opt/bin
--- create /data/opt/init as a shellscript, remounting / rw, replace /sbin/adbd with patched one, remount / ro kill adbd so it restarts the patched version. (you may add commands for other stuff on boot - I disable zram, enable swapfile, start en Ada-Server....)
--- and add a call to '/data/opt/init' as last line to '/etc/init.qcom.post_boot.sh' so this 'init' will start with root-rights on startup.
This way /data/opt/init will inherit root from /etc/init.qcom.post_boot.sh, so it can replace adbd - and because the patched version won't drop it's root-rights you'll have a root shell over adb.
As You see - it's quite trivial, but at the moment I don't have a patched adbd which I'm allowed to include.
(I hadn't time to build an AOSP-tree until now)
Has anyone tried installing OmniJB from 4pda.ru website? (Sorry can't post links)
If you google "4pda 890710" it will bring it up.
Also, anyway of installing whatsapp yet?
PolePolisher said:
I would love to have this phone without the pre-installed social media and game garbage, would your planned update.zip allow someone reasonably competent at following instructions to do this easily or is experience required?
Click to expand...
Click to collapse
root or create an update to edit /data/local/webapps/webapps.json
it worked on my phone no more s*** games and google stuff
Can I not just replace the /sbin/adbd from the boot.img?
(by extracting the boot.img with a flashable zip, and then unpack/repack with kitchen)