Database Info

[DEV] Root question, 1.5 ROM

Hi all,
I have a question about setting up root for the new 3.03 Sense UI ROM.
I know how to get root access by typing
Code:
adb shell
su
But most ROM's that I've ever used allowed 'adb shell' to go straight to a root shell.
How do I make this work properly?
And also, when I type 'adb root', I get
Code:
adbd cannot run as root in production builds
I'm in the process of building the android environment on Ubuntu so that I can change ro.secure=1 to ro.secure=0. Will that help the other 2 issues that I'm having.
Excuse my extreme noobness here, but any help at all would be awesome!
Thanks!

Nevermind, I think I got it...
I changed ro.secure from 1 to 0 in default.prop, repacked the boot.img and now I've got root!

[Resolved] [Q] Help needed rooting G Pro! T_T

*Since this problem can happen to other LG devices, I'm writing here.
-Summarized Question for Busy XDAers-
1.Installed su binary and busybox through Android System Recovery 3e.
2.Can get root access from LG Recovery mode, half access on ordinary boot+adb shell, Permission denied on terminal emulator app. SuperSu not working, and 'root' is granting permission every 5 minutes.
3.HELP PLEASE!
-Full Question-
Maybe it can be a real noobish question, but I need help rooting my G Pro.
LG started Kitkat update a week ago, and G Pro also got Kitkat update.
I tried to root my device using old methods, and new methods for other G devices, but none of them worked.
So! I tried making one for me, using Android System Recovery 3e(maybe it could be a problem?)
I booted my device to recovery using
Code:
'adb reboot recovery'
and sideloaded zip file containing su binary and busybox.
Of course I signed it with testkey, so I could get SuperSu, su binary, and busybox installed on my system.
But, after rebooting my device, I felt something went wrong.
I typed
Code:
'su'
command on terminal enulator, and got
Code:
'Permission Denied'
error.
Assuming it's related to permission and owner of su binary, I tried
Code:
ls -al /system/bin/su
.
Here's the result:
Code:
[email protected]:/ $ su
Permission denied
1|[email protected]:/ $ ls -al /system/bin/su
-rwsr-sr-x root root 85096 2008-08-01 21:00 su
It seems...nothing's wrong!
So I tried with adb, and got # without asking Superuser app.
But I couldn't mount system, as well as other commands require root access.
I removed SuperSu and downloaded Superuser by ChainsDD, but that didn't work.
Instead, I could see on log that 'root' was granting permission every 5 minutes.
Not knowing what the problem is, I rebooted device to LG recovery(diffrent from Android Recovery 3e).
I could access adb from there, and got root access and removed some garbage apps.
Then, it means su binary and busybox is working.
What is the problem??? Please help!
EDIT:It was binary version problem lol

SU request hangs after root attempt

Hello world,
I try to make something useful out of my Samsung Galaxy Note 10.1 (GT-n8020), so I've started with reinitializing the device with kies, which got me a fresh android kitkat 4.4.2 rom (build: KOT49H.N8020XXUDNI2). After that, I wanted to flash supersu, of course - I've used chainfires cf-autoroot (CF-Auto-Root-p4notelte-p4noteltexx-gtn8020.zip - cant post links, sorry)
I've also flashed philz recovery which works quite well, over odin.
The problem for now is, I cant use the super user binary:
1. The binary was successfully flashed via odin on the device, like the supersu apk. Opening the app just displays a missing su binary, any other app which requires root cant locate or call the file...
2. The following permissions are set on the su file
[email protected]:/ $ ls -la /system/xbin/su
-rwsr-sr-x root root 96144 2015-09-15 14:44 su
3. I've enabled usb debugging because people like to use magic even if this has nothing to do with the main problem
4. I've tried to execute su via adb shell, but it just hangs.
So if anyone could help, I'd be pretty happy - if not, I'm going to throw this f*ck!ng piece of plastic into the woods.

Alright, using N8020-CWM-6.0.2.8-Darkman.tar.md5 as recovery and CF-Auto-Root-p4notelte-p4noteltexx-gtn8020.tar.md5 as root finally worked.

ZTE Grand X 4 - Rooting Progress

This thread is made in an effort to root the ZTE Grand X 4 (Z957). At this point I've made some progress by using the Dirty Cow exploit to access a root shell via ADB, but have been unable to install su to the system partition.
Notes: stock rom, no custom recovery.
Exploit method:
Follow the instructions posted by Arinerron on GitHub regarding CVE-2016-5195 (under 10 posts, cannot share direct link)
When successful you will see "[email protected]:/ #" as your shell prompt, however the session will hang after any command. That said, /system/run-as is still updated allowing you to do the following:
$ adb shell
[email protected]:/ $ run-as
uid run-as 2000
uid 0
0 u:r:runas:s0
context 0 u:r:shell:s0
[email protected]:/ # id
uid=0(root) gid=0(root) groups=0(root),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats) context=u:r:shell:s0
you have access to the android system as root within this shell, but this is where I'm getting stuck. I'm not able to find a way to mount the system partition as read/write, and as such unable to install su. Also note that you will need to run the exploit again anytime you reboot the device. I have tried the following methods:
$ adb shell cp /sdcard/Download/su /system/bin/su
cp: /system/bin/su: Read-only file system
[email protected]:/ # mount -o rw,remount /system
mount: Permission denied
adb reboot disemmcwp
#still unable to remount the system partition
At this point I'll share what I've been able to do so far and see if anyone else has ideas for a next step.

Have you figured out how to root the z957.

This worked on my ZTE GrandX Max Plus to permanently disable the write protection on the system partition.
Good luck!!
reboot disemmcwp
If you ever want to re-enable being blocked from mounting system rw:
reboot emmcwpenab

Any luck on this root? I am looking to buy a phone on Cricket, but I need one that I can root.

Bump? Would love to see root here!

Bump, I've tried but I also get stuck on the same three methods:
$ adb shell cp /sdcard/Download/su /system/bin/su
cp: /system/bin/su: Read-only file system
[email protected]:/ # mount -o rw,remount /system
mount: Permission denied
adb reboot disemmcwp
#still unable to remount the system partition

Grand X 4
has anyone successfully rooted the grand x ?!

Thought I would post an update: Still no success on my end.
"Rooting" is easy, but breaking out of the selinux context to do anything is hard. ie. I expanded on timwr/CVE-2016-5195 by trying to use vikiroot to break out of the u:r:shell:s0 context. To do this adb push the vikiroot exploit to /data/local/tmp and then use the timwr method to run that exploit as root:
[email protected]:/ # /data/local/tmp/exploit
Unfortunately I could only get the reverse shell to work as a glorified echo. If anyone knows where I could find some c++ code for running a shell in android for me to work off of I'm willing to see how much further I can get in that direction.
As disemmcwp doesn't work I'm wondering if ZTE found a different way to lock down the system partition? Interestingly there is an OEM-specific settings button that is greyed out (find it at *#*#4636#*#*).
I'm running firmware from Wind/Freedom Mobile so I can access the bootloader and unlock it, but I can't install SU or anything from stock. Additionally, there is no TWRP released for this phone yet. I have no idea where to find the board config files for this phone. Without a custom bootloader I'm not sure how to make permanent changes to the rom at this point.

Thanks for your work on this. Stock Rom is pretty clean, but root would be great on this.

I've tried many different ways to root this phone. For weeks, I've tried. Nothing. I personally think that there is no way to, not now at least.

Don't know if this will help but​, I found that they lock the bootloader under the developer settings!

Has anyone tried a one click root application like KingoRoot ?
Or is this more for doing it on your own without a service like that?

Previously I had tried a series of one click solutions but I haven't found any that support this device yet. Typically they use the same exploits we've tried to use the hard way
After slacking for awhile I was finally able to poke around some of the internals of the phone in FTM mode using qualcomm developer tools. Lots of nifty things in the embedded file system and plenty of opportunities to flash new boot loaders and roms to the device for those of you who have a locked bootloader, but unfortunately I haven't been able to extract a copy of the stock rom or bootloaders. I'm still lacking the information I need to compile a new one for the phone.
Where I stand:
Can create a root shell, cannot remount system as read/write for permanent root in stock rom.
Can install new boot loader, no twrp or other found for this hardware.
Can compile new twrp, no boardconfig files (handy to avoid bricking your phone)
Can explore EFS and access chip via FTM, not sure how or if possible to download current rom / bootloader from here.
Happy for any tips on what to try next!

Can you tell me which tools you used? I looked at the Qualcomm site and there are plenty to choose from.

If you can get those tools off of the site maybe I'll message you about grabbing a few items on my Christmas list! QPST includes the tools necessary, and the tools to backup the 425 should you accidentally brick your phone (basically impossible to truly brick a qualcomm if you have the right tools). Archive.org has a copy, don't remember where to find the driver pack but you'll need that too (and a windows build).
Read through some notes on marshmellow and sounds like you have to remount system from recovery. I'm camping for the next month but will try talking to the TWRP team about porting a bootloader to the phone when I get back.
Let me know if you make any headway!

try this adb command and see if you get a qualcomm serial port after reboot
Code:
adb reboot edl
if that doesnt work try
Code:
adb reboot bootloader
then run the attached

How did you get into diag mode? Just do the temp root method and setprop sys.usb.config diag,adb?

https://freeandroidroot.com/root-zte-grand-x-4/
This page claims to have a root method but does it actually work? I've tried twice with no success.

How's everyone here? I also am awaiting root for this device. It really needs some shine on it's mid levelness. So here is my friend's​ zte warp 7 work for root. He also got some killer roms for the Huawei ascend XT. He does great work. I'm sure if he had a grand x 4 he could move this along. Just a suggestion. This man can this done. Just a suggestion for all of us. https://forum.xda-developers.com/showpost.php?p=72560392&postcount=246
---------- Post added at 11:31 PM ---------- Previous post was at 11:10 PM ----------
https://forum.xda-developers.com/member.php?u=7934375

Anyone root this phone yet?
Sent from my Z956 using XDA-Developers Legacy app

TWRP for the new cat flip phone?

The novel CAT S22 Flip was released in September, and is pretty much the only of its kind. It actually has an unlocked bootloader, and I was excited to try to root it. However, there's no version of TWRP designed specifically for it! Having never rooted anything before, does anyone know my options in this case to get TWRP for this phone? (Or another method of root I'm not aware of would also be fine.) Thanks!

Shoitah said:
The novel CAT S22 Flip was released in September, and is pretty much the only of its kind. It actually has an unlocked bootloader, and I was excited to try to root it. However, there's no version of TWRP designed specifically for it! Having never rooted anything before, does anyone know my options in this case to get TWRP for this phone? (Or another method of root I'm not aware of would also be fine.) Thanks!
Click to expand...
Click to collapse
Hey. I'm in the same boat. I need to add su binary but looks like the only way to do it is with TWRP. Have you succeeded? I keep trying to find a way to do it, so far no luck.

TWRP isn't needed at all to push ( suitable ) SU binary onto Android's filesystem: you achieve this by means of ADB, too

jwoegerbauer said:
TWRP isn't needed at all to push ( suitable ) SU binary onto Android's filesystem: you achieve this by means of ADB, too
Click to expand...
Click to collapse
Sweet!!! How does it look like?
I just tried adb sideload <file.zip> while in recovery mode and i'm getting this
adb: sideload connection failed: closed
adb: trying pre-KitKat sideload method...
adb: pre-KitKat sideload connection failed: closed
When check adb devices its shows that device is unauthorized. But it's only unauthorized in recovery mode.

Actually looks like I have a problem with recovery mode. Instead I'm getting "No command" screen. It's not even getting into recovery

To perform a ADB Sideload - what is used to flash a Stock ROM - phone must get booted into Sideload mode at 1st
Code:
adb devices
adb reboot sideload
adb sideload <STOCK-ROM-ZIP>
adb reboot

Oh cool. Didn't know that I could reboot stratight to sideload and bypass initial recovery menu. Thank you!
As for my previous issue with "No command" error on recovery boot, I managed to resolve it. When It's gets to "No command" screen, you need to hold Power + Volume Down just long enough to tap Volume Up. And then recovery menu will appear. So Press Power + Volume Down and then tap Volume Up.
When I tried to sideload su binary with
Code:
adb sideload <file.zip>
On the mobile screen i'm getting this error
Code:
E:failed to verify whole-file signature. Update package verification took 0.5 s ( result 1)
E:Signature verification failed
E: error: 21
Looks like recovery not allowing to install unsigned packages. Is there a way around it? Do I need to source another su binary or there is a way to sign it?

Ok. I think I'm getting closer to the core issue. I thought that I rooted the device, but I only unlocked the bootloader. So device is not rooted. As per original thread topic, looks like there is still no TWRP yet and boot.img is not accessible to modify. Tried to get boot.img directly from the device, but getting - permission denied.
Any other walkarounds i should try?

SU binary isn't a signed package. It's a ~110KB file you have to push onto Android OS, preferred to /data/local/tmp directory and afterwards have to make it executable.

I've downloaded Chainfire SuperSu Zip packages, unpacked it and got a su file from arm64 folder. As you mentioned, su file is 108.5KB =)
I've pushed it to /data/local/tmp and made it executable
Code:
S22FLIP:/ $ ls -la /data/local/tmp
total 114
drwxrwxrwx 2 shell shell 3488 2022-12-22 09:36 .
drwxr-x--x 4 root root 3488 1970-01-01 12:15 ..
-rwxrwxrwx 1 shell shell 108496 2008-02-29 03:33 su
Maybe I'm missing something, I still get
Code:
S22FLIP:/ $ su
/system/bin/sh: su: inaccessible or not found

You must tell Android where the SU binary is located
Code:
cd /data/local/tmp & su
or
Code:
/data/local/tmp/su

jwoegerbauer said:
You must tell Android where the SU binary is located
Code:
cd /data/local/tmp & su
or
Code:
/data/local/tmp/su
Click to expand...
Click to collapse
Hi. I am trying to root the phone. I tried with QFIL to get the boot.img file with no luck.... I am trying now with su. I put the su binary where you said and execute it.
Now what should I do? If you can help me, I will be grateful

IMO you can't root a phone ( a conglomerat of hardware pieces ) but only enable Android OS to run system commands as root ( will say with elevated rights if those are required ) by means of su.
Knowing this you would open a terminal window in Android and type out
Code:
<FULLPATH-TO-SU-BINARY-HERE>/su -c "<SHELL-COMMAND-THAT-REQUIRES-ELEVATED-RIGHTS-HERE>"
Example:
Code:
/data/local/tmp/su -c "mount -o remount,rw -t auto /system"

jwoegerbauer said:
IMO you can't root a phone ( a conglomerat of hardware pieces ) but only enable Android OS to run system commands as root ( will say with elevated rights if those are required ) by means of su.
Knowing this you would open a terminal window in Android and type out
Code:
<FULLPATH-TO-SU-BINARY-HERE>/su -c "<SHELL-COMMAND-THAT-REQUIRES-ELEVATED-RIGHTS-HERE>"
Example:
Code:
/data/local/tmp/su -c "mount -o remount,rw -t auto /system"
Click to expand...
Click to collapse
Doesn't work. It looks like the su binary doesn't grant system commands root
I really don't know what to do......