Title, I can't figure out how to do this.
And as a side question, has anyone figured out how to unlock the bootloader?
Found this it might do the trick for permissive but the bootloader i wonder if a loki patch would work if it was applied to the recovery and boot image then you wouldnt need to unlock completely to flash but all the roms would need to be loki'd but the its better to have full unlocked bootloader. There is a unlock bootloader thread on here but im not sure whos all used it...
You can set the SELinux to Permissive temporarily by running the bellow two commands in Terminal emulator
su
setenforce 0
But it SElinux will change to default once you hard reboot your phone.. In order to keep it in permissive, you need to soft reboot always whenever reboot needed and it's quite annoying..
So I found a workaround to Set the SELinux to permissive on boot itself.
For this you need to have init.d support.. If you don't have just install it via universal init.d tool available in xda.. (just do a search, u will get it) install universal init.d and activate init.d..
Then go to /etc/init.d directory, create a file and rename it as "08setperm" (without quotes) and add the below lines in the file and save it..
#!/system/sh
setenforce 0
And give full permission (rwxrwxrwx) .. Use root Explorer to edit and give permissions..
Now hard reboot your phone and you can see SELinux is set to "permissive" on boot itself..
---------- Post added at 04:14 PM ---------- Previous post was at 03:43 PM ----------
If loki would be something youd be interested in its a add on of android image kitchen it will loki patch youre boot image and i believe recovery is supported as well. It auto generates the loki patches for you all you have to do is drag and drop the images over the loki selection and it does the rest.
http://forum.xda-developers.com/showthread.php?t=2073775
CoffeeNAndroid said:
Found this it might do the trick for permissive but the bootloader i wonder if a loki patch would work if it was applied to the recovery and boot image then you wouldnt need to unlock completely to flash but all the roms would need to be loki'd but the its better to have full unlocked bootloader. There is a unlock bootloader thread on here but im not sure whos all used it...
You can set the SELinux to Permissive temporarily by running the bellow two commands in Terminal emulator
su
setenforce 0
But it SElinux will change to default once you hard reboot your phone.. In order to keep it in permissive, you need to soft reboot always whenever reboot needed and it's quite annoying..
So I found a workaround to Set the SELinux to permissive on boot itself.
For this you need to have init.d support.. If you don't have just install it via universal init.d tool available in xda.. (just do a search, u will get it) install universal init.d and activate init.d..
Then go to /etc/init.d directory, create a file and rename it as "08setperm" (without quotes) and add the below lines in the file and save it..
#!/system/sh
setenforce 0
And give full permission (rwxrwxrwx) .. Use root Explorer to edit and give permissions..
Now hard reboot your phone and you can see SELinux is set to "permissive" on boot itself..
---------- Post added at 04:14 PM ---------- Previous post was at 03:43 PM ----------
If loki would be something youd be interested in its a add on of android image kitchen it will loki patch youre boot image and i believe recovery is supported as well. It auto generates the loki patches for you all you have to do is drag and drop the images over the loki selection and it does the rest.
http://forum.xda-developers.com/showthread.php?t=2073775
Click to expand...
Click to collapse
The init.d thing hasn't worked for me... oh well. As for the bootloader, yeah, I'm just going to wait for a guide on how to do it. I don't want to break my phone haha. Thanks anyway!
minz1 said:
The init.d thing hasn't worked for me... oh well. As for the bootloader, yeah, I'm just going to wait for a guide on how to do it. I don't want to break my phone haha. Thanks anyway!
Click to expand...
Click to collapse
It didn't work coz stock kernel does not support init.d , i think that i made a permissive kernel you can find it in the bounty thread
messi2050 said:
It didn't work coz stock kernel does not support init.d , i think that i made a permissive kernel you can find it in the bounty thread
Click to expand...
Click to collapse
That permissive kernel is the stock kernel and see it does support init.d.
https://play.google.com/store/apps/details?id=os.tools.scriptmanager
Id use use script manager and run it put it in the init.d folder and run it as script with root permissions
See init.d works with script manager
CoffeeNAndroid said:
That permissive kernel is the stock kernel and see it does support init.d.
https://play.google.com/store/apps/details?id=os.tools.scriptmanager
Id use use script manager and run it put it in the init.d folder and run it as script with root permissions
Click to expand...
Click to collapse
I have done that, and it hasn't worked. I dunno what's going on with this.
Download the test file in this thread and use its instructions to do everything correctly. Once its in init.d folder browse as root in script manager, press on the test file select open as script. Click root, boot, save... reboot then go into youre data folder and see if theres a test log. If theres a test log youre init.d is working
http://forum.xda-developers.com/showthread.php?t=1933849
Anyways iam running that permissive kernel and id hate to break it to you but theres no init.d included in the kernel. You dont need a permissive kernel anyways to get init.d. when i modified the optimus elite with a galaxy s3 apps2sd script the phone didnt have init.d or a permissive kernel and i ran init.d scripts through script manager.. its either flash the kernel which to remove permissive you have to flash stock kernel which removes root unless you flash in flashfire cause the kernel is included in the boot image so a clean flash of the stock boot removes root too. Or use script manager to get init.d and then add the perm script. With script manager you can turn it on and off alot easier and when you remove it doesnt remove youre root and you dont have to take steps to reroot...
Oh and the reason messi is being ****ty is cause i didnt help root the galaxy s6 active.. i dont make money off other peoples work.. since super su is chainfires id have all the money given to chainfire but messi believes in making money off people using stuff other people created. Making a boot image permissive is not really considered work.. messi would of had a fit if the money went to chainfire... it seems messi only focuses on the bountys to see how much money messi can make. I would of been the one to add root and wouldnt of got nothing for it. Messi would of felt entitled to the money for doing nothing but making a permissive kernel...
CoffeeNAndroid said:
Oh and the reason messi is being ****ty is cause i didnt help root the galaxy s6 active.. i dont make money off other peoples work.. since super su is chainfires id have all the money given to chainfire but messi believes in making money off people using stuff other people created. Making a boot image permissive is not really considered work.. messi would of had a fit if the money went to chainfire... it seems messi only focuses on the bountys to see how much money messi can make. I would of been the one to add root and wouldnt of got nothing for it. Messi would of felt entitled to the money for doing nothing but making a permissive kernel...
Click to expand...
Click to collapse
I dunno about the drama on these forums man.. if that's really true then I don't know...
messi2050 said:
It didn't work coz stock kernel does not support init.d , i think that i made a permissive kernel you can find it in the bounty thread
Click to expand...
Click to collapse
CoffeeNAndroid said:
That permissive kernel is the stock kernel and see it does support init.d.
https://play.google.com/store/apps/details?id=os.tools.scriptmanager
Id use use script manager and run it put it in the init.d folder and run it as script with root permissions
Click to expand...
Click to collapse
A constructive discussion is fine but anything else either take it to Pm or add each other to your ignore lists. Also there is no point in posting that you have added someone to your ignore list as you wont see their reply
Supersu is a free app... when the only thing you add is root access by supersu which is what the free version does then it should be distributed for free.. if anyone is entitled to money off of it then it would be chainfire.. to take someone elses work and charge money for it is ridiculous.. if i would of known that root provided was cf auto root i wouldnt of ever paid the $20 i kinda figured theyd make their own root method but that never happened... chainfire was the first to make a root boot image for marshmallow so technically everything would be credited to him... its easy to give someone credit but much more difficult to do the right thing and give that someone the money especially when youre motivated by money...
Check this post, selinux is set always permissive on my stock kernel, i don't have init.d support ?
https://forum.xda-developers.com/g2...w-to-set-selinux-to-permissive-t3329439/page4
I have permissive kernel on this model. There is a thread here with a version posted. I'll have him update the thread to State the process so far. Currently in testing phase
Related
Hello to all the kernels Devs,
I just want to share with you all the initramfs I use in my kernels.This initram has scripts that run on boot to give root and installs the Superuser.apk and Busybox along with a script that will allow people to easily remount the /system filesystem read write if changes need to be made I think this is the best way to run root on the Epic that way there is no need for rom devs to have to setup a rom to be rooted.The scripts in it are run from init.rc and sets up the phone for root and installs Busybox with a full compliment of applets.It is in working order and will work with Rom Manager.If you have any questions about it let me know.
Link to my initramfs.
http://www.mediafire.com/?aynk2gd05xuv6c0
Another link in case mediafire doesn't feel like working.
http://www.sdx-downloads.com/devs/skeeterslint/Epic-4G-initramfs.tar.gz
Updated to latest stable busybox version 1.17.3
does root explorer and metamorph work with this?
Root explorer will work when he updates it on the merket is is bugged right now, metamorph I can't say I never used it, Titanium Backup will work without having to install busybox through the app all root programs will work without issues. It sets su in /system/bin and /system/xbin so as to not break any root apps. The root script is in /sbin it is run from init.rc during startup, the busybox install is also run from init.rc and gets setup in /bin.
Sent from my SPH-D700 using Tapatalk
Metamorph works fine for me.
[email protected] said:
Metamorph works fine for me.
Click to expand...
Click to collapse
I thought it only worked with Cyanogen - what ROM/kernel are you using?
If root explorer has a bug and needs an update, is the same true for connectbot?
ragnarokx said:
I thought it only worked with Cyanogen - what ROM/kernel are you using?
Click to expand...
Click to collapse
Works with twiz also(worked on my behold 2) but not all themes work.
skeeterslint said:
Hello to all the kernels Devs,
I just want to share with you all the initramfs I use in my kernels.This initram has scripts that run on boot to give root and installs the Superuser.apk and Busybox along with a script that will allow people to easily remount the /system filesystem read write if changes need to be made I think this is the best way to run root on the Epic that way there is no need for rom devs to have to setup a rom to be rooted.The scripts in it are run from init.rc and sets up the phone for root and installs Busybox with a full compliment of applets.It is in working order and will work with Rom Manager.If you have any questions about it let me know.
Link to my initramfs.
http://www.mediafire.com/?q4n2mgb4d2l6ucv
Click to expand...
Click to collapse
Wont flash in clockwork,is this for odin?
Ummm no this is for kernel devs to build kernels with. It is the ramdisk that is inside the kernel.
Sent from my SPH-D700 using Tapatalk
Bump,
Joeys root exploit was never ment to be permanant was just a hold out till the source code was released and we could root with the kernel.its worth trying it out at least once
skeeterslint said:
Bump,
Joeys root exploit was never ment to be permanant was just a hold out till the source code was released and we could root with the kernel.its worth trying it out at least once
Click to expand...
Click to collapse
Hey bro I tried integrating your ramdisk into my kernel, but theres a few issues.
For one, ADB can still run as root, and I can get into it thru a shell, but I lose all root access in usermode. SetCPU fails. My Search2Play app fails. Nothing can get root. I believe its because of the SU binary you're using.
Any ideas?
Geniusdog254 said:
Hey bro I tried integrating your ramdisk into my kernel, but theres a few issues.
For one, ADB can still run as root, and I can get into it thru a shell, but I lose all root access in usermode. SetCPU fails. My Search2Play app fails. Nothing can get root. I believe its because of the SU binary you're using.
Any ideas?
Click to expand...
Click to collapse
Go into the default.prop and remove this ro.secure=0 thats a setting that koush had in it it gives a root shell in adb and that is probably what is breaking it.TThe su binary I am using is the the one that comes with Superuser.apk that you can download through Rom Manager.I don't seem to have any issues losing root on my phone.
skeeterslint said:
Go into the default.prop and remove this ro.secure=0 thats a setting that koush had in it it gives a root shell in adb and that is probably what is breaking it.TThe su binary I am using is the the one that comes with Superuser.apk that you can download through Rom Manager.
Click to expand...
Click to collapse
I didn't even know Koush had added that lol I'd had it in mine since day one. That would make since. But I'm not sure its the best idea. Then you can't adb remount or adb push to /system since it'll be in secure mode.
What path does your search2play use to find cp?Thats what fails on my phone I guess its not checking the whole path that is setup in init.rc which is export PATH /sbin:/bin:/system/sbin:/system/bin:/system/xbin.
Geniusdog254 said:
I didn't even know Koush had added that lol I'd had it in mine since day one. That would make since. But I'm not sure its the best idea. Then you can't adb remount or adb push to /system since it'll be in secure mode.
Click to expand...
Click to collapse
To be honest I thought i had changed that before I packed it up.Oh and whats up with setcpu it works fine for me other then being a bit unstable on any other setting except conservative which isn't the initram that cuases that its the phone its always been a bit unstable on the galaxy s from reading the other forums?
Initramfs is updated for DI18.
Updated again to fix issues with bluetooth.
skeeterslint said:
Updated again to fix issues with bluetooth.
Click to expand...
Click to collapse
How'd you fix Bluetooth? Was it just a change in the modules?
Geniusdog254 said:
How'd you fix Bluetooth? Was it just a change in the modules?
Click to expand...
Click to collapse
No was either sonething in init.rc or the init binary itself becuase the release i just replaced had the modules in it already.
skeeterslint said:
No was either sonething in init.rc or the init binary itself becuase the release i just replaced had the modules in it already.
Click to expand...
Click to collapse
I new to the whole kernel development, just starting out but how would I install this? Would I use menuconfig?
Right now I have me my kernel development environment all setup, and compiled my first working kernel for the epic. Thanks in advance.
First of all, Merry X'mas! I have been going out for hundreds of buffets and drinks these days... now writing this post with little drunk
I think some might get confused with my kernel and why rooting is bundled in the kernel? Should rooting a separate process?
Let me explain how it works.
Most of you would know what is rooting. It is the granting of superuser permission in the android environment such that you could execute commands with the highest right. With this right, you can *almost* do anything in the phone, like touching the kernel or like read/write any file system.
To get "rooted" is actually simple with a few words: To put su into /system/bin/ and put Superuser.apk into /system/app/
Simple? Right? Yes, it is simple to say. In old days (dated back in the years of Google Nexus One), if you want to put su or Superuser.apk into those directories, you need to have rooted. But wait, you need to get rooted before you can root the phone? This does not make sense!!! Therefore, we need to use another method to put those files to the system. Yes, it is CWM recovery. It is through using custom recovery that we could write scripts to put those 2 files into the system. And therefore, in old days (or even in nowadays), one of the method to root your phone is to flash the .zip file using CWM.
In years of Samsung device, there is a brand new method that can actually flash something into the system apart from using CWM. Yes, you guess right, it is through Odin3. It is through Odin3 that you could flash your ROM, kernel, radio, etc.
When Galaxy R (i9103) first appeared on the market, no CWM was made to this phone, and therefore the only method is to flash the su and Superuser using Odin3.
While the most straight-forward approach is to flash the whole /system/ (factoryfs.img) (with su and Superuser.apk already embedded) using Odin3, this method is working but is not suggested because this will need you to overwrite the whole /system/ (of 5xx MB) and the flashing time is long.
So, here it comes another not-so straight-forward approach. That is to flash a custom kernel through Odin3. And we put su and Superuser.apk inside the custom kernel and ask the kernel ramdisk to execute a script to check whether your phone already get su in /system/bin/, if no, the script will copy the files to your phone. Using this method, what we need to do is to flash a custom kernel with a few megabytes and thus the flashing time is fast and it would have no impact to any of the apps nor data. This method is the method I use for rooting.
As described above, when you have flashed the kernel, it will push su and Superuser.apk to the device once boot up and after that, your phone is rooted and you can change to any other kernels that would still retain your phone in rooted state.
ardatdat said:
As described above, when you have flashed the kernel, it will push su and Superuser.apk to the device once boot up and after that, your phone is rooted and you can change to any other kernels that would still retain your phone in rooted state.
Click to expand...
Click to collapse
In other words, we can put your kernel on i9103 with odin and immediately later put back stock kk5 kernel and device will stay rooted and with oc?
But it increases the counter.
legion1911 said:
In other words, we can put your kernel on i9103 with odin and immediately later put back stock kk5 kernel and device will stay rooted and with oc?
But it increases the counter.
Click to expand...
Click to collapse
device will stay rooted and with oc? << 'yes' to rooted, but 'no' to OC
OC is done in the kernel. Root is done through a script in the ramdisk. The script is actually pushing su and Superuser to your phone. Once your phone get su and Superuser, it is rooted and you will not be un-rooted unless these files are deleted. When you flash other kernel, of course you cannot enjoy the OC kernel. I think it is easy to understand.
By far, I cannot see the harm of the increase in counter. Actually, there is no official statements that this counter will lead to non-warranty. In theory, when you have rooted the device, you can have the right to alter any system files and that is already sufficient to make your device out of warranty.
Experiences from many people have proved that Samsung is still willing to provide support & warranty to the device even if it is flashed with any custom things or rooted. Although it is not officially acknowledged & guaranteed.
Really interesting thread. Thanks for sharing your knowledge, ardatdat. I'll take this as a reference
thanks ,,,,,,,,,,,,,,,,,,,,,,,,,,
---------- Post added at 08:55 PM ---------- Previous post was at 08:44 PM ----------
hay ardatdat i want to know abou u some things about u
*how u know that the all stuff ?
*r u student ?
*what u do ?
*i want too dev my own kernel and rom what i have for that?
SbXLivE said:
thanks ,,,,,,,,,,,,,,,,,,,,,,,,,,
---------- Post added at 08:55 PM ---------- Previous post was at 08:44 PM ----------
hay ardatdat i want to know abou u some things about u
*how u know that the all stuff ?
*r u student ?
*what u do ?
*i want too dev my own kernel and rom what i have for that?
Click to expand...
Click to collapse
Thanks SbXLivE. I am not a student and is working right now. I am over age of 30 ...
Good question. I have been investigating into the kernels and ROMs from the date of Google Nexus One (more than 1 year). Experiences are gained from playing with the nexus one and I have been compiling custom kernel for it. In terms of technical skill, I am much lag behind from those ROM and Kernel gurus that could possibly modify anything.
I am still a learner and gaining experience everyday. Let's discuss and share our ideas to make us grow! To compile your own kernel or ROM, A Ubuntu environment (linux) is a must.
ardatdat said:
Thanks SbXLivE. I am not a student and is working right now. I am over age of 30 ...
Good question. I have been investigating into the kernels and ROMs from the date of Google Nexus One (more than 1 year). Experiences are gained from playing with the nexus one and I have been compiling custom kernel for it. In terms of technical skill, I am much lag behind from those ROM and Kernel gurus that could possibly modify anything.
I am still a learner and gaining experience everyday. Let's discuss and share our ideas to make us grow! To compile your own kernel or ROM, A Ubuntu environment (linux) is a must.
Click to expand...
Click to collapse
Thanks Mate
Main thread + features + install instructions + dev support
http://forum.xda-developers.com/showthread.php?t=2201860
PhilZ Touch is a CWM Advanced Edition that adds all the features you could ever miss in CWM
It is a well proven recovery for many phones
It also adds a full touch interface a completely configurable GUI
Please give your feedback, what works, and any bug you could encounter
Read the features, and check if you are missing something
To take a screen shot, just long press outside a menu (2 sec and slightly change pressure after the delay)
Also, do not forget to read about the powerful aroma file manager integration and double tap shortcut
Download links
Last version can be found here:
Galaxy S5 Unified (klte): International, Canada, Sprint, TMO
http://goo.im/devs/philz_touch/CWM_Advanced_Edition/klte
Notice: ATT and VZW are locked. You must unlock them to be able to flash a recovery
Click to expand...
Click to collapse
special credits to @PlayfulGod for his unified device tree
https://github.com/playfulgod
XDA:DevDB Information
[klte][CWM Advanced Edition] PhilZ Touch, a Tool/Utility for the Samsung Galaxy S 5
Contributors
Phil3759
Version Information
Status: Stable
Created 2014-04-04
Last Updated 2014-04-16
reserved
You did notice that there was a issue with internal storage right?? It was suggested I could fix using a init file but I've not had a chance to work on it yet. If you happen to have the same issue and fix it, please share and let me know what you did.
PlayfulGod said:
You did notice that there was a issue with internal storage right?? It was suggested I could fix using a init file but I've not had a chance to work on it yet. If you happen to have the same issue and fix it, please share and let me know what you did.
Click to expand...
Click to collapse
ups, sorry, I did not notice
Link to the exact issue?
Sure if I find a fix I will share all sources. That's what I always do now, outside the touch code
Phil3759 said:
ups, sorry, I did not notice
Link to the exact issue?
Sure if I find a fix I will share all sources. That's what I always do now, outside the touch code
Click to expand...
Click to collapse
not sure of the source of the issue, but its internal sd/storage is read only. So no backups can be made to internal storage. Restoring data works fine tho.
TWRP doesnt have this issue tho, so I think its in the device repo and prolly something simple. lol
Also this is only known to work with the G900F so far. The kernel src I have on github is technically for the G900D, but its working in CWM. Just seems to be missing model specific dts files.
PlayfulGod said:
not sure of the source of the issue, but its internal sd/storage is read only. So no backups can be made to internal storage. Restoring data works fine tho.
TWRP doesnt have this issue tho, so I think its in the device repo and prolly something simple. lol
Also this is only known to work with the G900F so far. The kernel src I have on github is technically for the G900D, but its working in CWM. Just seems to be missing model specific dts files.
Click to expand...
Click to collapse
Not having the device makes it a too long debug process. Also, seems few users interested in debugging it
About write to sdcard, it is probably a selinux permission issue. At least that's what I most often encountred
I looked at your twrp sources. They use custom selinux permission files
Well, in fact they are using Samsung enforced permissions and they run this at boot:
Code:
toolbox setenforce permissive
You'll have to mount /system for that than unmount it as we have still no setenforce in busybox (they are in Pruvot custom busybox repo though)
Can you try this:
ensure you are not using the recovery.fstab file in your device tree but the fstab.qcom
adb shell:
Code:
mount /system
/system/bin/toolbox setenforce permissive
Click to expand...
Click to collapse
See if you can now access internal storage in write mode
Phil3759 said:
Not having the device makes it a too long debug process. Also, seems few users interested in debugging it
About write to sdcard, it is probably a selinux permission issue. At least that's what I most often encountred
I looked at your twrp sources. They use custom selinux permission files
Well, in fact they are using Samsung enforced permissions and they run this at boot:
Code:
toolbox setenforce permissive
You'll have to mount /system for that than unmount it as we have still no setenforce in busybox (they are in Pruvot custom busybox repo though)
Can you try this:
See if you can now access internal storage in write mode
Click to expand...
Click to collapse
Agreed, debugging w/o the device is a pita. lol
I seen that as well and had the tester try to set it. Not sure if they mounted system first, so will have them try it again to make sure. If they did, it didnt help.
I will have to check and see which fstab I have it using too. When I hear from my tester I will test all your suggestions. And thanks.
Its using the fstab.qcom.
PlayfulGod said:
Agreed, debugging w/o the device is a pita. lol
I seen that as well and had the tester try to set it. Not sure if they mounted system first, so will have them try it again to make sure. If they did, it didnt help.
I will have to check and see which fstab I have it using too. When I hear from my tester I will test all your suggestions. And thanks.
Its using the fstab.qcom.
Click to expand...
Click to collapse
Oh, you're also doing it blindly
It can be possible, but not with such a non existing feedback from users
If you think testers are just able to boot and check, try to add the needed lines to postrecoveryboot.sh (inherited from msm8960-common/recovery)
Code:
mount [BLKID] /system
/system/bin/toolbox setenforce permissive
umount /system
However, I think you need the blkid, not sure the path symlink to partition will work
You cannot just make a mount /system from postrecoveryboot.sh as the fstab file is not yet generated by recovery at that level
Phil3759 said:
Oh, you're also doing it blindly
It can be possible, but not with such a non existing feedback from users
If you think testers are just able to boot and check, try to add the needed lines to postrecoveryboot.sh (inherited from msm8960-common/recovery)
Code:
mount [BLKID] /system
/system/bin/toolbox setenforce permissive
umount /system
However, I think you need the blkid, not sure the path symlink to partition will work
You cannot just make a mount /system from postrecoveryboot.sh as the fstab file is not yet generated by recovery at that level
Click to expand...
Click to collapse
I will give that a try. thanks
img built and linked to tester(s).
PlayfulGod said:
I will give that a try. thanks
img built and linked to tester(s).
Click to expand...
Click to collapse
Thanks,
will watch your thread and wait for testers before wasting more time on it
Phil3759 said:
Thanks,
will watch your thread and wait for testers before wasting more time on it
Click to expand...
Click to collapse
Philz, its boot looping! it doesnt work at all !
leoaudio13 said:
Philz, its boot looping! it doesnt work at all !
Click to expand...
Click to collapse
Can you post a stock recovery.img please!
Phil3759 said:
Can you post a stock recovery.img please!
Click to expand...
Click to collapse
Here you are : https://drive.google.com/file/d/0B3HkAzPm36j4b05kbDNtTVA1ZnM/edit?usp=sharing
I'll test this on Friday. Verizon S5 on it's way that day.
Sent from my SCH-I545 using XDA Premium 4 mobile app
Philz,
Thank You for all you did.
Every time i'm buying a new phone, i have the pleasure to get your recovery "ready to install".
Great work, great support.
Update Alpha 6.26.1
- proper repack on stock kernel
- selinux permissive hack
Download: (flash in odin)
http://d-h.st/B20
The aim is to only see if it boots
If it boots, we're ready to fix any bugs and make it stable
Phil3759 said:
Update Alpha 6.26.1
- proper repack on stock kernel
- selinux permissive hack
Download: (flash in odin)
http://d-h.st/B20
The aim is to only see if it boots
If it boots, we're ready to fix any bugs and make it stable
Click to expand...
Click to collapse
Has this been tested on a 900H Model?
Phil3759 said:
Update Alpha 6.26.1
- proper repack on stock kernel
- selinux permissive hack
Download: (flash in odin)
http://d-h.st/B20
The aim is to only see if it boots
If it boots, we're ready to fix any bugs and make it stable
Click to expand...
Click to collapse
Gahhh! Ive been waiting for yours to test. Now im in Cambodia on business. Will test when im bak by 2mo tks again Philz
Sent from my SM-G900F using Tapatalk
leoaudio13 said:
Gahhh! Ive been waiting for yours to test. Now im in Cambodia on business. Will test when im bak by 2mo tks again Philz
Sent from my SM-G900F using Tapatalk
Click to expand...
Click to collapse
LoL
Two months!
Hope someone else will test before
Phil3759 said:
LoL
Two months!
Hope someone else will test before
Click to expand...
Click to collapse
U dissapeared since I post u the stock recovery lol. I was wondering
Sent from my SM-G900F using Tapatalk
Hello All! I am me2151.
I am here to tell you some kind of good news.
We have achieved a temporary root shell using a modified recowvery script. Originally Recowvery installed a custom "recovery" but I have modified it to instead create a temporary root shell using the System_Server SELinux context and disable the flashing portion of the script. Yes we are still limited until we can get Kernel or Init context but I am working on that as well.
This exploit will be useful down the line because of one major thing. WE CAN INSERT KERNEL MODULES!!! But they need to be signed. So I am releasing this out here so we can take the next step into our full root! We also have rw to the /data partition and changes save over a reboot.
If we can get someone to sign a kernel module that the system accepts we can set SELinux to permissive.
This exploit SHOULD work for all variants.
NOTE: This should only be used by devs who know what they are doing.
Instructions(this should work on MacOS and Linux only!):
Download linked file below.
Extract to either adb directory OR a directory you have adb access in.
Give execute permissions to temp.sh.
Run temp.sh.
When you are all done with your exploring and stuff type "Reboot" to reboot normally.
https://drive.google.com/open?id=0B8CP3g3AqMuHcmNJUUJWLUJUelE
Credit:
@jcadduono - For recowvery, and pointing me in the right direction on IRC.
@brenns10 - Wrote the lsh used in the exploit to spawn the shell.
The group over here for ideas and solutions.
Very cool work! Glad to see people putting my shell (such as it is) to good use. Wish I had a V20 to try it out
I don't think you'll ever be able to sign a kernel module (SHA512 hash). You'd probably have better luck signing your own boot image.
Here's a theory to toy with:
I think the way to do it would be to gain read access to /init binary allowing you to dirtycow /init with the same init binary but change a very specific (but not vital to system integrity) set of instructions to point back to the setenforce code with a value of 0 without disturbing the rest of the binary/instructions. This way, init should continue running without crashing and taking down the whole system, and you can do something that might trigger that specific instruction set - which would then result in selinux becoming permissive.
This is beyond me, unfortunately. This method would also be very device specific until someone also finds an intelligent way to read init, modify instructions, then dirtycow it back.
I think system server context might be able to read init?
Once you get your permissive selinux, you'll also have to deal with Unix capabilities limitations (find a way around them).
jcadduono said:
I don't think you'll ever be able to sign a kernel module (SHA512 hash). You'd probably have better luck signing your own boot image.
Here's a theory to toy with:
I think the way to do it would be to gain read access to /init binary allowing you to dirtycow /init with the same init binary but change a very specific (but not vital to system integrity) set of instructions to point back to the setenforce code with a value of 0 without disturbing the rest of the binary/instructions. This way, init should continue running without crashing and taking down the whole system, and you can do something that might trigger that specific instruction set - which would then result in selinux becoming permissive.
This is beyond me, unfortunately. This method would also be very device specific until someone also finds an intelligent way to read init, modify instructions, then dirtycow it back.
I think system server context might be able to read init?
Once you get your permissive selinux, you'll also have to deal with Unix capabilities limitations (find a way around them).
Click to expand...
Click to collapse
if system_server can read init then thats a serious flaw.... Question for you. you said it would be very device specific. does that mean its unique for each individual phone or each model?
EDIT:Unfortunately we only have access to the init.rc not the binary it self.
@jcadduono I appreciate your input and direction in this matter another idea we have been toying with is
We have the aboot boot recovery and system dump. From the tmob variant would it be possible to make a tot from that for our devices changing the props to match our device, build, and carrier info? We can also pull apks from /system/apps and /privapps to our ext sdcard
@me2151, @jcadduono, @brenns10: Great work guys, keep it up. Good to see some people are trying for root. What model/s are being tested, or should this theoretically work on all models? Whilst you probably aren't doing it for the cash, there is a bounty I hope someone can claim soon, for a functonal root alone (not boot unlock) posted on this board.
RoOSTA
roosta said:
@me2151, @jcadduono, @brenns10: Great work guys, keep it up. Good to see some people are trying for root. What model/s are being tested, or should this theoretically work on all models? Whilst you probably aren't doing it for the cash, there is a bounty I hope someone can claim soon, for a functonal root alone (not boot unlock) posted on this board.
RoOSTA
Click to expand...
Click to collapse
It should work on all models. I personally use a sprint model(LS997). I think it MAY have been tested on VZW as well.
I can confirm that work on H990DS
Sent from my MI PAD using XDA-Developers mobile app
We know from earlier LG phone releases that the laf partition when bypassed in some way (corrupted, etc) aboot will boot to fastboot when going into download mode. It was my thought that the bootloader could be unlocked from there. However corrupting laf eliminates device recovery. Catch-22.
I think the best way to proceed is to get a working .TOT first which is just a waiting game. That would ensure device recovery and replacing the bootloader in the .TOT and signing it with something unlockable.
This is a great way to explore the locked phones in the meantime, thanks.
ATT Pretty Please
me2151 said:
Hello All! I am me2151.
I am here to tell you some kind of good news.
We have achieved a temporary root shell using a modified recowvery script. Originally Recowvery installed a custom "recovery" but I have modified it to instead create a temporary root shell using the System_Server SELinux context and disable the flashing portion of the script. Yes we are still limited until we can get Kernel or Init context but I am working on that as well.
This exploit will be useful down the line because of one major thing. WE CAN INSERT KERNEL MODULES!!! But they need to be signed. So I am releasing this out here so we can take the next step into our full root! We also have rw to the /data partition and changes save over a reboot.
If we can get someone to sign a kernel module that the system accepts we can set SELinux to permissive.
This exploit SHOULD work for all variants.
NOTE: This should only be used by devs who know what they are doing.
Instructions(this should work on MacOS and Linux only!):
Download linked file below.
Extract to either adb directory OR a directory you have adb access in.
Give execute permissions to temp.sh.
Run temp.sh.
When you are all done with your exploring and stuff type "Reboot" to reboot normally.
https://drive.google.com/open?id=0B8CP3g3AqMuHcmNJUUJWLUJUelE
Credit:
@jcadduono - For recowvery, and pointing me in the right direction on IRC.
@brenns10 - Wrote the lsh used in the exploit to spawn the shell.
The group over here for ideas and solutions.
Click to expand...
Click to collapse
At the moment all I am using root for is to add a line within my build.prop to disable Tethering checks, so I can tether at full 4G speed and not get throttled. Would this be possible using the method above, or would build.prop immediately get replaced at the reboot?
Thanks, and keep up the good work!
NRadonich said:
At the moment all I am using root for is to add a line within my build.prop to disable Tethering checks, so I can tether at full 4G speed and not get throttled. Would this be possible using the method above, or would build.prop immediately get replaced at the reboot?
Thanks, and keep up the good work!
Click to expand...
Click to collapse
no. it is a tcp root shell that can only do a few things such as kernel modules.. only section we were able to write to and have it stick was the /data partition which wont help you in this scenario
elliwigy said:
no. it is a tcp root shell that can only do a few things such as kernel modules.. only section we were able to write to and have it stick was the /data partition which wont help you in this scenario
Click to expand...
Click to collapse
So if we can write to data partition then in theory can we adb push to it using this? I ask because I'd like to install some tbo apps that normally would require flashing. But if we could push them we would be solid
markbencze said:
So if we can write to data partition then in theory can we adb push to it using this? I ask because I'd like to install some tbo apps that normally would require flashing. But if we could push them we would be solid
Click to expand...
Click to collapse
Unfortunately its a tcp shell. not a pure adb shell. so we cannot push or pull to those directories
Wow great progress keep up the good work. You guys are helping those assholes from LG sell more phones. Obviously some people have not made the switch because the lack of root. Root users are very influential leaders to get others to try out a new device.
Sent from my LG-LS997 using XDA-Developers mobile app
Works on the LG G5 also...
Hey guys, with the expectation of many that 'root is coming' to the other v20 models...are we likely to see the same type of root format that applied to the LG G4, where you have to (either) download or rip your own image to a PC. Use commands to insert root, then reflash to the device?
Any root is better than nothing, I know...but I ask because with the amount of software updates for the G4 (v10c software through to v10k before MM came out), meant the sheer amount of times you'd have to go through this process to keep your phone up to date whilst maintaining root was extremely frustrating - as it also meant xposed and related settings/apps needed to be reinstalled each time you performed an OTA update and re-flashed root.
Is this going to be a side effect of dealing with a locked bootloader? PS: If I sound dumb, it's probably because I am.
RoOSTA
roosta said:
Hey guys, with the expectation of many that 'root is coming' to the other v20 models...are we likely to see the same type of root format that applied to the LG G4, where you have to (either) download or rip your own image to a PC. Use commands to insert root, then reflash to the device?
Any root is better than nothing, I know...but I ask because with the amount of software updates for the G4 (v10c software through to v10k before MM came out), meant the sheer amount of times you'd have to go through this process to keep your phone up to date whilst maintaining root was extremely frustrating - as it also meant xposed and related settings/apps needed to be reinstalled each time you performed an OTA update and re-flashed root.
Is this going to be a side effect of dealing with a locked bootloader? PS: If I sound dumb, it's probably because I am.
RoOSTA
Click to expand...
Click to collapse
it shouldnt be an expectation as weve made it clear we do not have root and are hitting hurdles.. we have been advised we need to atack selinux and or the bl but at this point were wanting to try to use debug firmware which hoprfully would allow a bl unlock..
unfortunately nobody can creat a .tot with the debug firmware at al and theres no way at all to flash the images..
we need to somehow leverage an exploit to gain a temp adb root shell before we could even attempt anything and this has not been done in a way thats useful to us..
unfortunately we need more experienced devs at this point.
LG Australia (and as such, Taiwan) have effectively confirmed their H990DS v20 mobile phone's bootloader is confirmed as being unlockable. However (and for no apparent reason) they will not confirm why one region have released a variant of the phone with the bootloader unlock and why they are refusing this to others phones/regions. Because of course, they have zero training and information about anything related to their company expect for goods released in a specific region. That comes from a 'product expert'
Titanium Backup
Howdy,
Just reading through the thread, I understand that it's not quite a "full" root, but would it be enough to run Titanium Backup? I'm hoping to move away from root access with my V20 but it would be really helpful if I could do it temporarily, restore some application and data backups, reboot and uninstall Titanium.
Tim
Hi,
I saw now days few ROM has HAL switch. Which is fantastic to use any camera apps in our favourite ROM.
As that feature is not available in all ROM and if i want to try a ROM which has good battery life or good performance but that ROM lacks with that HAL switch feature, so i can't use my favourite cam app there.
Can anyone please make a TWRP flashable zip for
"HAL swichter - switch between hal1 and hal3"
So i can use or anyone can use Oxygen OS port Cam with Google Camera or Sultan's cam.
Thanks & Regards,
Normas Interruptor said:
Hi,
I saw now days few ROM has HAL switch. Which is fantastic to use any camera apps in our favourite ROM.
As that feature is not available in all ROM and if i want to try a ROM which has good battery life or good performance but that ROM lacks with that HAL switch feature, so i can't use my favourite cam app there.
Can anyone please make a TWRP flashable zip for
"HAL swichter - switch between hal1 and hal3"
So i can use or anyone can use Oxygen OS port Cam with Google Camera or Sultan's cam.
Thanks & Regards,
Click to expand...
Click to collapse
its just a shell command. do it in terminal. make a .txt right down the command to remember it, open shell execute it.
app ? heh..... make 2 .sh scripts. one with each command. Thats easy for the most amateur user.
For a more advanced user make a .sh script with an if command to getprop and if = {command1} true -> then {command2}.
Then this script in sd, link it on homescreen and single press it to execute. Voila. Here is your app.
kessaras said:
its just a shell command. do it in terminal. make a .txt right down the command to remember it, open shell execute it.
app ? heh..... make 2 .sh scripts. one with each command. Thats easy for the most amateur user.
For a more advanced user make a .sh script with an if command to getprop and if = {command1} true -> then {command2}.
Then this script in sd, link it on homescreen and single press it to execute. Voila. Here is your app.
Click to expand...
Click to collapse
Well, thank you for your reply ?.
But I'm kind of noob here who don't know how to make that script or .sh script. That's why i asked to someone to make a flashable zip so i can flash this via TWRP recovery and after that I don't need to do anything with emulator or other step.
Normas Interruptor said:
Well, thank you for your reply .
But I'm kind of noob here who don't know how to make that script or .sh script. That's why i asked to someone to make a flashable zip so i can flash this via TWRP recovery and after that I don't need to do anything with emulator or other step.
Click to expand...
Click to collapse
ok, but
i don't think anyone is interested in this.
for example me. i don't care changing hals to use different camera apps.
but the idea of how to do it is just like i said in the previous post. so someone that uses it and has a few script knowledge will do it
kessaras said:
ok, but
i don't think anyone is interested in this.
for example me. i don't care changing hals to use different camera apps.
but the idea of how to do it is just like i said in the previous post. so someone that uses it and has a few script knowledge will do it
Click to expand...
Click to collapse
I hope so
setprop presist.camera.HAL3.enabled=1
cpt.macp said:
setprop presist.camera.HAL3.enabled=1
Click to expand...
Click to collapse
Where i need to do that?
Please elaborate the full steps... As I'm using RR ROM unofficial by "niceash_soni"
Deleted
Normas Interruptor said:
Where i need to do that?
Please elaborate the full steps... As I'm using RR ROM unofficial by "niceash_soni"
Click to expand...
Click to collapse
Still haven't solved it ?
You just need to make a .sh script with just 2 if commands.
One will check for hal1 and one will check for hal3.
You don't need app and it's boring to open terminal and write a whole line every time you need to toggle that.
Try it and if you can't do it I'll write it for you when I'm back.
Or simply make 2 scripts with the setprop commands if you can't make it with the if command to check.
Tapping one script will do hal1=0 and hal3=1.
Tapping the other will do hal1=1 and hal3=0.
kessaras said:
Still haven't solved it ?
You just need to make a .sh script with just 2 if commands.
One will check for hal1 and one will check for hal3.
You don't need app and it's boring to open terminal and write a whole line every time you need to toggle that.
Try it and if you can't do it I'll write it for you when I'm back.
Click to expand...
Click to collapse
Thank you for your reply.
I'm noob bro.
I don't know how to do it...
If you can write down all the steps so i can try with it but with the above short note I can't understand what I need to do with script.
Please make a flashable zip if you can or any best thing.
Regards,
Normas Interruptor said:
Thank you for your reply.
I'm noob bro.
I don't know how to do it...
If you can write down all the steps so i can try with it but with the above short note I can't understand what I need to do with script.
Please make a flashable zip if you can or any best thing.
Regards,
Click to expand...
Click to collapse
pfffffffffffffffffff why nobody answers to him ?
2 scripts. +install app from play store to press and execute them.
Code:
#!/system/bin/sh
#Enable HAL3
setprop persist.camera.HAL1.enabled=0
setprop persist.camera.HAL3.enabled=1
echo "HAL3 Enabled"
Code:
#!/system/bin/sh
#Enable HAL1
setprop persist.camera.HAL3.enabled=0
setprop persist.camera.HAL1.enabled=1
echo "HAL1 Enabled"
Otherwise use if to check prop. getprop ........... > x if x=1 then ............
Use the 1st way for now. Going to bed cause im drunk xD
kessaras said:
pfffffffffffffffffff why nobody answers to him ?
2 scripts. +install app from play store to press and execute them.
Otherwise use if to check prop. getprop ........... > x if x=1 then ............
Use the 1st way for now. Going to bed cause im drunk xD
Click to expand...
Click to collapse
Thank you for your time.
But still I don't know how to use this ?...
Need more guidance.
Normas Interruptor said:
Thank you for your time.
But still I don't know how to use this ...
Need more guidance.
Click to expand...
Click to collapse
decompress at sdcard. search google , find app to easy press execute scripts, link scripts to homescreen , thats it.
Use local terminal for those command with root access , don't expect spoon feeding , use Google.
kessaras said:
pfffffffffffffffffff why nobody answers to him ?
2 scripts. +install app from play store to press and execute them.
Otherwise use if to check prop. getprop ........... > x if x=1 then ............
Use the 1st way for now. Going to bed cause im drunk xD
Click to expand...
Click to collapse
Here is my build.prop file... Can you please tell me which code do i need to use?
Or
If it is possible to you? Can you please add these codes in that build.prop file and share with me?
https://drive.google.com/file/d/0B5c0qxNUWHOkcFBYSmNpaE1xSFU/view?usp=drivesdk
Thanks
Normas Interruptor said:
Here is my build.prop file... Can you please tell me which code do i need to use?
Or
If it is possible to you? Can you please add these codes in that build.prop file and share with me?
https://drive.google.com/file/d/0B5c0qxNUWHOkcFBYSmNpaE1xSFU/view?usp=drivesdk
Thanks
Click to expand...
Click to collapse
its not a prop in build.prop. its a prop in the kernel, at another file, depending the kernel.
i think it was missing su permission. try those with an app that can execute scripts.
kessaras said:
its not a prop in build.prop. its a prop in the kernel, at another file, depending the kernel.
i think it was missing su permission. try those with an app that can execute scripts.
Click to expand...
Click to collapse
So, i have to flash the attached your Camera HAL zip that's it. Right?
Normas Interruptor said:
So, i have to flash the attached your Camera HAL zip that's it. Right?
Click to expand...
Click to collapse
No... In there , there are only 2 scripts. Want to enable hal1 ? You tap execute the hal1 script. Want to enable hal3? Execute hal3 script.
I didn't make any app or module.
But if this goes on for long I will make it.
I believe soon the maintainers will do something about that because many people ask for this now. If they don't do it, I'll do it in the end even if I don't care about hal -_-
Anyway. Search Google play for app that can execute scripts on tap and you are good with those 2 scripts for now. Easy tap the one you want.
kessaras said:
No... In there , there are only 2 scripts. Want to enable hal1 ? You tap execute the hal1 script. Want to enable hal3? Execute hal3 script.
I didn't make any app or module.
But if this goes on for long I will make it.
I believe soon the maintainers will do something about that because many people ask for this now. If they don't do it, I'll do it in the end even if I don't care about hal -_-
Anyway. Search Google play for app that can execute scripts on tap and you are good with those 2 scripts for now. Easy tap the one you want.
Click to expand...
Click to collapse
Well, i have tried two script apps... Script manager and shscript... Can't understand how to make these two command executable on one touch... People are smart who actually know that how to do that, even i have tried to watching YT videos as well, so i can understand how to make those scripts executable... But no luck...
You are the only one who help me alot here...
Heartiest thanks to you.
------------------------------------------
Now closing this thread as I'm so dumb to understand these methods, i know that would be very easy one for those who know how to do that... That's why people calling me here "spoon feeding" and all...
Now going to switching from RR ROM unofficial build by "Niceash_soni" to APEX ROM, however I don't feel comfortable on that, because that ROM has EAS kernel, that is very laggy all the time to me (using OP3). Don't know the reason behind that. So i would have to use that ROM with EXkernel for custom ROM V12 (latest one).
Though i love the RR ROM by "Niceash_soni" but he will not adding these method and sometimes he was very rude to me as i have request him twice. It's okay as i can understand he could be frustrating with so many requests or repeated requests.
__________________
Thank buddy, helping me so much here.
Normas Interruptor said:
Well, i have tried two script apps... Script manager and shscript... Can't understand how to make these two command executable on one touch... People are smart who actually know that how to do that, even i have tried to watching YT videos as well, so i can understand how to make those scripts executable... But no luck...
You are the only one who help me alot here...
Heartiest thanks to you.
------------------------------------------
Now closing this thread as I'm so dumb to understand these methods, i know that would be very easy one for those who know how to do that... That's why people calling me here "spoon feeding" and all...
Now going to switching from RR ROM unofficial build by "Niceash_soni" to APEX ROM, however I don't feel comfortable on that, because that ROM has EAS kernel, that is very laggy all the time to me (using OP3). Don't know the reason behind that. So i would have to use that ROM with EXkernel for custom ROM V12 (latest one).
Though i love the RR ROM by "Niceash_soni" but he will not adding these method and sometimes he was very rude to me as i have request him twice. It's okay as i can understand he could be frustrating with so many requests or repeated requests.
__________________
Thank buddy, helping me so much here.
Click to expand...
Click to collapse
Other people also ask in other roms. It's the same in the official rr. No worries. Soon someone that needs it, will do something. Otherwise me or some other guy will do. Since more people ask for it , it will definitely come.
Don't close the thread. It seems it's only you but there are hundreds more hidden behind this
It's just that our free time is always little as we work for more than 8 hours. Sometimes 12 hours. Anyway. Leave it as it is . Soon a maintainer or a senior will do something.