Related
I am fairly new to android. I have been seeing different words that sort of confused me. Like for example, ROM, could anyone explain what this is? Also, what is rooting?
Thank you?
Imaano said:
I am fairly new to android. I have been seeing different words that sort of confused me. Like for example, ROM, could anyone explain what this is? Also, what is rooting?
Thank you?
Click to expand...
Click to collapse
ROM: Read Only Memory, a program used to make changes to anything from the look of the home screen, to icons to custom boot animation
Getting root or rooting your phone is the process of modifying the operating system on your device to grant you complete control over it.
This means you can overcome limitations that the carriers and manufacturers put on your phone, extend system functionality, and even upgrade it to a custom flavor (ROM) of Android
a rom is basically the operating system, instead of being installed like windows it is flashed, it can have built in stuff installed depending on who puts it together, the kernal is what makes it al work with your phone like drivers and all that, rooting is giving you super user access, aka admin rights. without super user rights u cant get access to core system files, after rooted u get a higher level of access to the system. Certain programs from market require root access like rom manager which allows you to make a nandroid back which is exact back up of everything on phone, and u can also enable sideloading allowing you to install apps straight from your sdcard, instead of just from the market.
So would rooting enable my device to download applications from outside the market?
it depends if bubby included it in the one click check his thread out and it will tell u.
just read up in dev section make sure u know what everything is, and there is also a file to get back to stock as you got phone, but depends on what you wanted just root and side loading still same rom that came with phone? if thats it just do gold card and bubbys 1click root. there are other roms that you could try out aswell but like i said check out dev section first and get familiar a little with whats going on.
Hello,
first of all, excuse me for my very bad english and if this has been asked before. The reason I'm posting this is because I was trying to add CIFS support to my Nexus 7: I compiled and sideloaded the cifs.ko module correctly and had no luck with mounting (Error: Invalidad argument, any help to fix that is welcome!). I assumed that it was a problem of Android's "mount" command and went to install BusyBox from Google Play, it created a lot of symlinks that I didn't wanted and had to restore original firmware to fix that.
I'm not interested in using apps from Google Play that need root, I just need root privilegies with a terminal in order to use small scripts/programs I make myself or have access to their source code, so I was wondering if there's some kind of "sandbox" mechanism (I've used chroot in Linux and jail in FreeBSD) so I can minimize the probability of screwing up Android filesystem.
Obviosuly, I'm not referring to Android sandbox for its apps.
Thanks!!
CarlosML said:
Hello,
first of all, excuse me for my very bad english and if this has been asked before. The reason I'm posting this is because I was trying to add CIFS support to my Nexus 7: I compiled and sideloaded the cifs.ko module correctly and had no luck with mounting (Error: Invalidad argument, any help to fix that is welcome!). I assumed that it was a problem of Android's "mount" command and went to install BusyBox from Google Play, it created a lot of symlinks that I didn't wanted and had to restore original firmware to fix that.
I'm not interested in using apps from Google Play that need root, I just need root privilegies with a terminal in order to use small scripts/programs I make myself or have access to their source code, so I was wondering if there's some kind of "sandbox" mechanism (I've used chroot in Linux and jail in FreeBSD) so I can minimize the probability of screwing up Android filesystem.
Obviosuly, I'm not referring to Android sandbox for its apps.
Thanks!!
Click to expand...
Click to collapse
If you root and install super user you can prevent any apps using root apart from the terminal app you wish to use, or just make sure you have a backup of your filesystem so if anything does break you can just reinstall via recovery
zacthespack said:
If you root and install super user you can prevent any apps using root apart from the terminal app you wish to use, or just make sure you have a backup of your filesystem so if anything does break you can just reinstall via recovery
Click to expand...
Click to collapse
Thanks for your answer! My idea is preventing myself from screwing up the main fs without the hassle of doing a backup everytime I want to test something.
I've done something like that using 'chroot' in Linux, so I'm curious if the same mechanism can be used in Android.
CarlosML said:
Thanks for your answer! My idea is preventing myself from screwing up the main fs without the hassle of doing a backup everytime I want to test something.
I've done something like that using 'chroot' in Linux, so I'm curious if the same mechanism can be used in Android.
Click to expand...
Click to collapse
chroot works under android however you can not create a chrooted android install (that i know of).
Theres no good way of preventing yourself damaging it apart from just making sure you test each command and do not delete or edit anything you shouldnt be.
Hi
I am new to hacking android. I have built linux distros in the past, and have worked with Linux for 15 years,
I have just rooted a ZTE V965. It doesn't come pre-installed with Play store, and has all sorts of ZTE-specific Chinese apps. It has a good baseband circuit, a good screen, reasonable camera and I think is a great value phone, apart from the awful UI.
It is an android phone, although heavily customised. It has an MTK6589 processor coupled with 4Gb ROM and 512Mb RAM.
I have other phones which operate a much more "Vanilla" android. For example, the Guophone 9105 which also uses an MTK6589. This has a troubling tendency to reboot every random interval. Approx 6 times a week.
I have had success in the past running Linux systems built for much earlier kernels on later kernels. This suggests the ABI (application binary interface) for the Linux kernel changes rather slowly.
I am wondering how well the userland apps are separated from the kernel and drivers on Android.
Specifically, is it feasible to dump all the UI stuff from one phone onto another then change the init to launch the other UI?
Would this risk bricking the phone, or would the shell commands and ADB infrastructure still likely operate?
I guess I should change the bootloader to one that supports fastboot first, right? Is ther a how-to on achieveing this from the root shell?
Thanks for any thoughts
Nick.
Nick Hill said:
Hi
I am new to hacking android. I have built linux distros in the past, and have worked with Linux for 15 years,
I have just rooted a ZTE V965. It doesn't come pre-installed with Play store, and has all sorts of ZTE-specific Chinese apps. It has a good baseband circuit, a good screen, reasonable camera and I think is a great value phone, apart from the awful UI.
It is an android phone, although heavily customised. It has an MTK6589 processor coupled with 4Gb ROM and 512Mb RAM.
I have other phones which operate a much more "Vanilla" android. For example, the Guophone 9105 which also uses an MTK6589. This has a troubling tendency to reboot every random interval. Approx 6 times a week.
I have had success in the past running Linux systems built for much earlier kernels on later kernels. This suggests the ABI (application binary interface) for the Linux kernel changes rather slowly.
I am wondering how well the userland apps are separated from the kernel and drivers on Android.
Specifically, is it feasible to dump all the UI stuff from one phone onto another then change the init to launch the other UI?
Would this risk bricking the phone, or would the shell commands and ADB infrastructure still likely operate?
I guess I should change the bootloader to one that supports fastboot first, right? Is ther a how-to on achieveing this from the root shell?
Thanks for any thoughts
Nick.
Click to expand...
Click to collapse
Hi Nick, I have the same phone. I'm also very new to android, last phone was iOS and before that windows. I managed to root the V965 using Vroot. I also managed to install SuperSU and CWM. However, the CWM is not fully functional, I can only do a factory reset, not install any packages or roms. Probably the phone has a locked bootloader. I can't check, because the USB driver with the phone doesnt support fastboot.
I really need to get google play working in this phone, read a lot of stuff, tried many things, but I havent succeeded yet. Please let me know if you make any progress.
In China they are flashing this phone, found some ROMs even, but I am not sure how they manage and google translate isn't much help there.
http://www.romjd.com/Device/zte-v965/hot/all/1
Hmmm my V965 is having some issues now
After a factory reset, the setup wizard keeps crashing. Even after another resest. So I can't get in the phone anymore.
Any chance you can send me the USB drivers that are on the phone? My phone isnt deteceted anymore, so I can't access the drivers, which I want to reinstall. And of course they are not on the ZTE website.
Byte_Me said:
Hmmm my V965 is having some issues now
After a factory reset, the setup wizard keeps crashing. Even after another resest. So I can't get in the phone anymore.
Any chance you can send me the USB drivers that are on the phone? My phone isnt deteceted anymore, so I can't access the drivers, which I want to reinstall. And of course they are not on the ZTE website.
Click to expand...
Click to collapse
Hi
You can temporarily download the ZTE v965 USB drivers from
www dot nickhill dot co dot uk forward slash ztev965usb dot zip
Byte_Me said:
Hi Nick, I have the same phone. I'm also very new to android, last phone was iOS and before that windows. I managed to root the V965 using Vroot. I also managed to install SuperSU and CWM. However, the CWM is not fully functional, I can only do a factory reset, not install any packages or roms. Probably the phone has a locked bootloader. I can't check, because the USB driver with the phone doesnt support fastboot.
Click to expand...
Click to collapse
Fastboot and ADB appear to be standard protocols, at least on my Ubuntu, which don't need special drivers. However, it does appear that the stock boot loaader on the v965 does fail to incorporate the fastboot option.
If you remove the battery, replace it then turn on holding the volume down, you will get a menu, but fastboot is not there.
I don't know for a fact, but I do suspect that if you have access to the running android system as root, then you could in principle change any of the internal flash data. Therefore, in principle, I guess you could replace the boot loader or anything else in the running android system. Anyone please correct me if I am wrong, or confirm if I am right.
The feature set of this phone seems to be the same as the feature set of my Guophone. MTK6589, dual SIM, etc. So this image may be a good place to start if considering a transplant.
If you have ROMs, then perhaps it is possible to flash the ROM from a root terminal. I'm thinking add the uncompressed ROM to the Micro SD card, then using the dd command, block copy it to the appropriate image area on the internal ROM, reboot, reset to factory defaults.
If anyone more experienced than me with the nuts and bolts of Android can confirm or deny this will work, or where it should be put, please let me know.
An important factor is that the NAND is not locked on the ZTE V965. So if you have a root shell on the phone, you can issue the following command:
mount -o remount,rw /[email protected] /system/
Once you have done this, you will have read/write access to the system partition.
The only thing I then need to know is what should I avoid changing that may break the ADB bridge/root console?
And is all the UI stuff kept together, if so, where?
Shuffle it around a bit, make a new ROM
Thanks for the driver!
Unfortuntely it doesn't help
I found out the culprit, I tried to install gapps (google apps package) to the system app folder. I thought these changes would be reversed with a factory reset, but they are not. Setupwizard.apk keeps crashing and is preventing me from accessing my phone, so I must find a way to remove it from the system app folder. However, since this error occurred, I am not able to contact the phone in any way from the PC. Adb toolkit does not detect it, even when I reinstalled your driver. It's quite puzzling, I dont understand why in recovery mode I cannot connect adb-toolkit anymore.
Got my V965 working again, but it was a lot of hassle with shell access. Still not fully functional, no drives detected when i connect to USB, which is quite annoying, but not more than that. If you ever make any progress with google apps or flashing, please keep me informed, that would make this phone much more useable. I'll also keep hacking away at it, but without a bootloader unlock (I still think this is the problem), I don't think it will be possible.
I'm convinced it's possible to flash the phone, it seems they do it a lot in China.
I found a website with a couple of custom ROMs specific for the V965:
http://www.romjd.com/Rom/Detail/17086
And what I suspect is a rooting & flashing tool. Rooting works, I haven't figured out flashing yet.
http://dl.vmall.com/c0xa12brvo
I've also tried flashing from the settings - update menu in the phone, but it never finds the ROM (update.zip)
I did find another problem, I can't be reached on my phone, it always goes to voicemail. Same SIM in another phone works fine. No idea what's causing this.
Byte_Me said:
Got my V965 working again, but it was a lot of hassle with shell access. Still not fully functional, no drives detected when i connect to USB, which is quite annoying, but not more than that. If you ever make any progress with google apps or flashing, please keep me informed, that would make this phone much more useable. I'll also keep hacking away at it, but without a bootloader unlock (I still think this is the problem), I don't think it will be possible.
Click to expand...
Click to collapse
Hi
I might be able to help you with the problem.
I have a mint, unused ZTE v965. I have used MTK Droid root and tools to extract a backup of the entire new phone. It is currently uploading to www dot nickhill dot co dot uk forward slash ZTE-V965_new_backup.zip
You should be able to write this back to your phone using flashtool.exe.
I don't know for sure if this will work, so entirely at your own risk! Just trying to help. If unsure, ask around.
I am new to this forum, so please remember to click the thanks button if you find anything I have done helpful!
Meanwhile, the MTK droid root and tools has a function to remove much of the chinese stuff (once the system has been installed) and there is always the cyanogenmod gapps package. This may be worth investigating.
Nick Hill said:
Hi
I might be able to help you with the problem.
I have a mint, unused ZTE v965. I have used MTK Droid root and tools to extract a backup of the entire new phone. It is currently uploading to www dot nickhill dot co dot uk forward slash ZTE-V965_new_backup.zip
Click to expand...
Click to collapse
The file size should be 635,972,093 bytes and should finish uploading at 04:00 GMT
md5sum 17ecfdd1040d5dbfab70a3adbc24e07a
Thanks for the ROM, i'll give it a go. I will try to install it using the update option in the settings, that seems the safest.
Be careful with gapps. setupwizard.apk + factory reset = a lot of problems (if you install in system app folder)
OMG that tool is awesome. created CWM boot, installed your ROM, then installed a clean ROM, then installed gapps, all working!!!
Byte_Me said:
OMG that tool is awesome. created CWM boot, installed your ROM, then installed a clean ROM, then installed gapps, all working!!!
Click to expand...
Click to collapse
Firstly, I'm glad it's working for you.
Secondly, which tools did you use? Did you unpack the zip, open flashtools, select the scatter file then program the phone, or did you use some other method?
Which clean ROM did you then install, and how did you install it?
Did you then use MobileUncle to install CWM then use the cyanogenmod 10.1 gapps, or did you do something different?
It is useful to remember that MTKdroidtools has a useful function to remove chinese stuff. I think if more people contributed to the list of Chinese files that are safe to remove, that would be blade.
A detailed step-by-step guide might be helpful for anyone else with the same problem. One of the general problems I find is that there are plenty of guides around referring to this program, or that program, but few are detailed enough for someone who doesn't already know about those programs to use.
I pretty much bricked a Lenovo A766 yesterday, and it took several hours to learn about the tools to eventually unbrick it.
I would have rather spent my time understanding what is really going on, rather than spending my time learning vaguely what tool achieves what end result. If I understood more about the Android system, and built that knowledge on my understanding of Linux, I reckon I could achieve much more.
One thing I notice is that tablets and smartphones are actually replacing desktops and laptops. February this year, windows machines were down 7% YOY. I use Ubuntu for my main computer. Using these tools on Windows led me to significant frustration! This has led me to understand why there is a move. Maybe the tools provided for windows need to eventually move to android. We could then potentially use USB OTG to service other android devices. MTKdroidtools and flashtools runnng as a host on a separate Android system would be cool.
Nick Hill said:
Firstly, I'm glad it's working for you.
Click to expand...
Click to collapse
Thanks, me too
Secondly, which tools did you use? Did you unpack the zip, open flashtools, select the scatter file then program the phone, or did you use some other method?
Click to expand...
Click to collapse
I used MTK tools as described in that topic, rooted, made backup, installed CWM
Which clean ROM did you then install, and how did you install it?
Click to expand...
Click to collapse
I used the update tool from CWM to flash this ROM:
http://www.romjd.com/Rom/Detail/17086
That ROM is not very clean though, You might as well clean your own ROM
Did you then use MobileUncle to install CWM then use the cyanogenmod 10.1 gapps, or did you do something different?
Click to expand...
Click to collapse
CWM is installed using MTK Droid Root and Tools:
http://forum.xda-developers.com/showpost.php?p=44660171&postcount=417
This gapps version I installed: gapps-jb-20121011-signed
It's installed using CWM bootloader: install .zip package
It is useful to remember that MTKdroidtools has a useful function to remove chinese stuff. I think if more people contributed to the list of Chinese files that are safe to remove, that would be blade.
Click to expand...
Click to collapse
I used the delete China function, but it didnt catch very much. But with all the functions available now, it's quite easy to clean manually.
A detailed step-by-step guide might be helpful for anyone else with the same problem. One of the general problems I find is that there are plenty of guides around referring to this program, or that program, but few are detailed enough for someone who doesn't already know about those programs to use.
Click to expand...
Click to collapse
Yes, I plan to make a topic for this phone, but at the moment I am still testing many things.
I pretty much bricked a Lenovo A766 yesterday, and it took several hours to learn about the tools to eventually unbrick it. I would have rather spent my time understanding what is really going on, rather than spending my time learning vaguely what tool achieves what end result. If I understood more about the Android system, and built that knowledge on my understanding of Linux, I reckon I could achieve much more.
Click to expand...
Click to collapse
I know how you feel, I was ready to toss this phone in the trash
One thing I notice is that tablets and smartphones are actually replacing desktops and laptops. February this year, windows machines were down 7% YOY. I use Ubuntu for my main computer. Using these tools on Windows led me to significant frustration! This has led me to understand why there is a move. Maybe the tools provided for windows need to eventually move to android. We could then potentially use USB OTG to service other android devices. MTKdroidtools and flashtools runnng as a host on a separate Android system would be cool.
Click to expand...
Click to collapse
I have no idea about the possibilities there. I'm not a programmer, just someone who is good with computers and knows a little bit of everything.
PS. I could also use some thanks as well, maybe get some respect around here
Nick Hill said:
...
Click to expand...
Click to collapse
Did you give it a try yet? Another user did and google apps are working for him, so thats 2 for 2.
Are you still on your original ROM? If so, I have a question for you. Do you get notification badges on your icons, for instance, when you have a missed call, is there a red box with a 1 on the phone icon? Also, do your contacts get ID-ed when they call you? I have some problems with that, caused by the country code prefix. I am still running that ROM I downlaoded from the Chinese forum, but if your ROM doent have these issues, I will switch back ASAP.
Nick Hill said:
Firstly, I'm glad it's working for you.
Click to expand...
Click to collapse
as you are a Lenovo a766 owner, may you help me with this?
http://forum.xda-developers.com/showthread.php?p=49076877#post49076877
Where are configuration settings stored accross factory resets?
I have come to the (perhaps erroneous) conclusion that the user interface and what the user will experience is governed primarily from:
the APKs in
/system/app/
/system/vendor/operator/app/
and the configuration files pertaining to the installed apps, which is located at:
/data/user/0/
I guess that when the android device is factory reset, the /data partition is completely cleared, right?
Is there a set of standard configurations which are unpacked from somewhere into /data/user/0/ after a factory reset, or is it normal for all configurations to be stored in their respective APKs?
Disclaimer - this is your vehicle you are messing with. If you are not comfortable with potentially permanently damaging the head unit, stop here.
Now for the good stuff.
Credit where credit is due: this method relies on the recent "dirtycow" exploit. I used the POC Android exploit code located here:
https://github.com/timwr/CVE-2016-5195
This exploit in simple terms takes advantage of a Linux kernel bug that allows a (small) file to be "overwritten", when a user only has read access to that file. It doesn't actually modify filesystem contents, but any application that reads the file after the exploit is used will read the "new", post-exploit contents instead of the original.
The scripts attached use the dirtycow binary to overwrite the "/system/etc/factory_reset.sh" shell script with a nefarious version. This script is executed when you perform a factory reset operation through the settings menu, and gets executed as the root user .
The nefarious script is quite simple - it just calls another script that is uploaded and performs a reboot. The second script mounts the /system partition as R/W, then copies over an su binary and sets appropriate permissions, then syncs and mounts read only again.
Please note that the attached "rootme.sh" script is intended to be run from a Linux machine - if I get the time (or enough donations), or if someone else cares to, it can be ported over to a Windows batch file easily enough.
Updated the attached zip to include a Windows batch file.
Steps:
Download the attached zip file
Extract to a machine capable of connecting to your Pilot over ADB
Modify "rootme.sh" (*nix) or "rootme.bat" (Windows) to use the correct IP
- Change the "172.16.1.217" lines to reflect the correct IP for your Pilot
Execute "rootme.sh" (*nix) or "rootme.bat"
- ./rootme.sh should do it for *nix
- for Windows, open a command prompt, navigate to "rootme.bat" location and type "rootme.bat"
- Watch output for completion
Perform factory reset operation
- Note - should the exploit function correctly, this step should NOT perform any factory reset operations. However, you should fully expect everything to be reset if the exploit failed or some other problem occurred when attempting to use a nefarious factory_reset.sh script.
After the Pilot reboots, you should be able to get a shell over ADB as normal, except now issuing an "su" command will drop you to root!
Update - thanks to purespin figuring out the signature mechanisms, we can now install apps! I've attached OneClick.zip, which contains a series of scripts to automate the rooting & app installation process.
That said, be careful, use these at your own risk, etc.
Extract zip file to some folder then open up a command prompt in that folder. Also drop the APKs you wish to install to that folder.
Type OnceClickInstall.bat [YourHeadUnitIP] [APKToInstall.apk]
The script will root your device if it's not already, then go ahead and perform steps necessary to install the APK (one reboot required if already rooted).
This basically performs the steps described in purespin's post to get a signature of the APK, download and modify the whitelist XML file, upload it back, reboot, then install the APK.
There's one prompt in the script that asks you too look things over - pay attention here, if any issues crop up at this point damage can be avoided, continuing in a bad state will have undefined results.
Updated the scripts to back up the white list on each run to /data/local/tmp/whitelist-(timestamp).xml.
Updated to handle APKs with more than one signature.
Edit: As suggested by wpg_moe, a Git Hub project has been set up here:
https://github.com/jersacct/2016PilotOneClick.git
Changes & suggestions are encouraged and welcomed, but this is a part time hobby project for me, so expect movement to be "lumpy", as I'm mostly only able to work on this during the weekends.
would this work on a 2016 civic android headunit? should be the same concept for it?
This is GREAT news!!! We will start to test it on a 2016/Civic/Touring. It reminds of of the hacking a linksys firmware via tftp.
sheryip said:
would this work on a 2016 civic android headunit? should be the same concept for it?
Click to expand...
Click to collapse
I don't have a Civic to test with, but I would imagine Honda uses the same factory reset mechanism on both models.
The included scripts are pretty straightforward - if you care to crack them open you'll see the operations they perform pretty plainly. I think the absolute worst you could suffer if you attempt this is that you factory reset your head unit. Remember your favorite radio stations if you decide to give it a shot.
Yes, I am able to root the 2016 Pilot using the method provided by jersacct. It is super easy and strait-forward!
Now the question is what is next I have been working as programmer for the last 20 years but I don't have much knowledge of Android hacking. What's the starting point?
I'd say step 2 is to get the system info from a Ridgeline or a '17 pilot when they come out so we can try to put Android Auto or Car Play on the 16 models. Navigation would be nice but with AA/CP, you wouldn't need it.
Yep, this is just a first step. We still have to work around the white list service Honda put in place that's preventing installation of other APKs. I have not been successful in replacing the ApplistUpdate.apk with a modified version or replacing /data/system/whitelist.xml with a modified version. In either case the service is still preventing installation of new APKs.
I have a couple of workaround theories I'm working on - tracking down and modifying the service's source to always allow APK installation (effectively disabling the white list check), using the service's own interface to add APKs to the white list (much like S_Mike has done for the EU versions), stripping out or disabling the service entirely.
I think it would be much easier to get APKs installed than porting Android Auto or Car Play over. I would be much happy if we can achieve what they have done on EU versions.
jersacct said:
Yep, this is just a first step. We still have to work around the white list service Honda put in place that's preventing installation of other APKs. I have not been successful in replacing the ApplistUpdate.apk with a modified version or replacing /data/system/whitelist.xml with a modified version. In either case the service is still preventing installation of new APKs.
Click to expand...
Click to collapse
Any summary on how S_Mike did that (using the service's own interface to add APKs to the white list)? If not, I might spend some time to loop through the 139-page thread after work
jersacct said:
I have a couple of workaround theories I'm working on - tracking down and modifying the service's source to always allow APK installation (effectively disabling the white list check), using the service's own interface to add APKs to the white list (much like S_Mike has done for the EU versions), stripping out or disabling the service entirely.
Click to expand...
Click to collapse
I have a pilot 2016. But i dont have a Linux machine. So how can i use this. Even if i use this, if i will not have access to install apks then what is the use. I am a bit confused. I am also a developer and have been rooting my phones to install custom roms, but that was all with the guides that i found on the internet. Didn't try any thing fancy.
ammarbukhari said:
I have a pilot 2016. But i dont have a Linux machine. So how can i use this.
Click to expand...
Click to collapse
I've updated the attachment to include a Windows batch file, and updated the instructions.
Rooting the device with this method doesn't mean you can unlock all the Android goodies we're hoping for. It will, however, help a person so inclined to defeat the Honda installation restrictions.
There is no zip file
jersacct said:
I've updated the attachment to include a Windows batch file, and updated the instructions.
Rooting the device with this method doesn't mean you can unlock all the Android goodies we're hoping for. It will, however, help a person so inclined to defeat the Honda installation restrictions.
Click to expand...
Click to collapse
Thanks, have you had any luck installing an apk? That's what I'm looking to do on my Ridgeline.
Sent from my Nexus 6P using Tapatalk
ammarbukhari said:
There is no zip file
Click to expand...
Click to collapse
Sorry, corrected.
enyce9 said:
Thanks, have you had any luck installing an apk? That's what I'm looking to do on my Ridgeline.
Click to expand...
Click to collapse
Not yet, still working on this.
The system doesn't just check the white list. It checks the certs as well. If it's isn't sign by the developer for Honda the package installer won't install the apk.
Guys, you probably have to change the signature of the APK in the list from that code to "PREINSTALL", without the "". I have a 2015 Honda HR-V and that's the way we can install apps on our head unit. Some people had problem to install apps after updating Honda applications, because it changed "PREINSTALL" to the app signature. After a factory reset, they got the PREINSTALL again for "HondaAppCenter_A1.apk". So, try removing the signature code to PREINSTALL for some APK and use that APK name to install the app.
maecar said:
Guys, you probably have to change the signature of the APK in the list from that code to "PREINSTALL", without the "". I have a 2015 Honda HR-V and that's the way we can install apps on our head unit. Some people had problem to install apps after updating Honda applications, because it changed "PREINSTALL" to the app signature. After a factory reset, they got the PREINSTALL again for "HondaAppCenter_A1.apk". So, try removing the signature code to PREINSTALL for some APK and use that APK name to install the app.
Click to expand...
Click to collapse
I think the protection mechanisms in this version are entirely different. There are no "process_controls.list" or "allowed_installations.list" files present in the entire filesystem, nor does a grep across the entire filesystem return any results for "HondaAppCenter". These tell me that the protection mechanisms are not the same as previous or EU versions.
I've attached what I believe to be a component of the replacement mechanisms, an XML file describing full app names, sometimes signatures, and fields describing permissions. Any edits to this file don't seem to be regarded, so I'm still digging in to the core services that make up the white list mechanism.
Did you update whitelist.xml file directly or update the whitelist.xml file in ApplistUpdate.apk?
What a coincidence this is, as I heard about the Dirty Cow exploit just the other day and spent time trying to root my 64 bit Samsung smartphone to no avail. I did hear that it works on 32 bit android platforms and how about this for a case in point.
Jersacct, thanks for making this available to the community! I can understand that the first hurdle is getting the system to stop blocking / removing non-whitelisted apps and it sounds like you are just getting to this point now. Keep up the good work and please let us know if there are any minor details that you need worked out that can be delegated to the community, i.e. testing, troubleshooting or research.
Looking forward to having more capabilities with my 2016 Honda Pilot!
purespin said:
Did you update whitelist.xml file directly or update the whitelist.xml file in ApplistUpdate.apk?
Click to expand...
Click to collapse
I've attempted both approaches, with no luck. It may be that my ApplistUpdate.apk replacement was flawed somehow, so I'm not sure there. Because you modify the zipped whitelist.xml in the APK, you also have to resign the APK before installation, Android won't reinstall an app with different signatures without uninstalling original, and because it's a system app it won't let you uninstall.....blah blah I deleted the original (after backing up) and replaced it with modified version, still no positive result. I attempted to add eu.chainfire.supersu (picked at random, could be anything) to the list of allowed apps in these cases but still couldn't get it installed.
I think my next approach will be to edit the system services (in /system/framework/services.(.jar,.odex)) and see if I can disable all whitelist checks.
Now that root is available, it's only a matter of time before someone gets around Honda's restrictions.
Hi all,
According to you, is rooting your device or unlock its bootloader a way for making it less secure, more vulnerable to attacks ?
Is it a false idea or a real subject ?
iwanttoknow said:
Hi all,
According to you, is rooting your device or unlock its bootloader a way for making it less secure, more vulnerable to attacks ?
Is it a false idea or a real subject ?
Click to expand...
Click to collapse
Yes it definitely is less seure
IronRoo said:
Yes it definitely is less seure
Click to expand...
Click to collapse
Thanks for your reply.
Coud you please give us more details ?
Do you mean that it can be hacked ?
What device's components are less secure when the it's rooted ?
iwanttoknow said:
Thanks for your reply.
Coud you please give us more details ?
Do you mean that it can be hacked ?
What device's components are less secure when the it's rooted ?
Click to expand...
Click to collapse
Yes, basically everything is less secure. Eg
quote "By gaining root access, you get total control over the entire system. With the right skills and tools, you can read and modify almost any parameter on your device. This is the reason why some apps, as as SuperSU, require root access in order to work properly. However, this type of access is a double edged sword as with root access nothing is there to prevent malicious applications from wreaking havoc on your system: system files can be corrupted or deleted, personal information can be skimmed, and you could even soft brick your device."
https://www.androidpit.com/5-reasons-not-to-root-your-device
And possible even just having su binary installed is an issue, though it's not clear to me whether this has been confirmed, it seems precautionary to me, if it's just a LinageOS issue or more devices are vulnerable, however this weeks update to Linage OS is trying to address this. Anyhow the fix seems to have some extra benefits
https://lineageos.org/Changelog-9/
Also, just to be clear, you are still able to be hacked even if you are not rooted, but it's a whole lot more difficult.
iwanttoknow said:
Thanks for your reply.
Coud you please give us more details ?
Do you mean that it can be hacked ?
What device's components are less secure when the it's rooted ?
Click to expand...
Click to collapse
Also just to be a tad bit more correct in nature,
Rooting or unlocking your bootloader do NOT necessarily mean your device is any less secure than it is when you first turn it on after purchase.
Many people tend to misunderstand what rooting a phone is intended for, and most of the popular "One-Click" methods are simple apps you download install and run on your phone to acquire root access through a process called "Privlidge Escalation" which gains permission as root by simply climbing a chain that eventually lets it give you access to all your phones internals,
Thus in theory, any given app could be injected with that same code & then used to MALICIOUSLY root your device (without your knowledge or control) which would obviously be a MAJOR security flaw *Cough Cough* on Google's end *Cough Cough* but since it is generally only used by geeks who want to use a phone properly they don't look too much deeper past that. However rooting your device by yourself, unlocking your bootloader by yourself, controlling root permissions via SuperSU or like application ensures if anything TRIES to gain root access YOU being the owner of YOUR device can deny the possible threat instead of never being aware of it........
Thanks for your reply.
What is *Cough Cough* ?
BTW I understand that a malicious application can take control of my device without I know it, if it's not rooted, by using the same code as applications rooting your device.
Do I have well understood what you wrote ?
But how can I have the insurance that I always will be warned by an application like SuperSU or others ?
I have necessarily to TRUST this type of application which could be also a malicious application...
It's a veritable vicious circle.
?
The question you should be asking yourself is this. Why do I want to root my device?
Though, any device may have vulnerabilities which can be exploited to gain root like mentioned. If you want to keep your device secure, do not install or use anything from an unknown source.
samehb said:
The question you should be asking yourself is this. Why do I want to root my device?
Click to expand...
Click to collapse
My main raison to root my device (if I did), would be to have a finest control on it.
But it's seems to be a difficult goal... like security in general.
?
iwanttoknow said:
My main raison to root my device (if I did), would be to have a finest control on it.
But it's seems to be a difficult goal... like security in general.
?
Click to expand...
Click to collapse
SuperSU will automatically deny anything asking it to provide root access by default . When you have an app for rooted phones installed and you run it for the first time you will get a pop-up from the SuperSU app to say "Yes, go ahead" or "No!" to anything before it even runs. So for me I always try to get devices with a way to root available because its the only way I know if stuff is trying to gain root access without my permission & watch it's actions.
@LilAnt530
Thanks for your reply.
My previous device was rooted and I used SuperSU.
But as I wrote before, "how can I have the insurance that I always will be warned by an application like SuperSU or others ?
I have necessarily to TRUST this type of application which could be also a malicious application..."
iwanttoknow said:
@LilAnt530
Thanks for your reply.
My previous device was rooted and I used SuperSU.
But as I wrote before, "how can I have the insurance that I always will be warned by an application like SuperSU or others ?
I have necessarily to TRUST this type of application which could be also a malicious application..."
Click to expand...
Click to collapse
Oh okay dude apologies the Open Source alternative to SuperSU is Phh's SuperUser & you can find it in the magisk related forum. SuperUser is only questioned as "Malicious" because ChainFire keeps the source closed from what I understand, so I believe it was Phusssion who came to light abt showing us systemless root methods with his open source root management app . You may need to root your phone with an unsafe method, & install Magisk Manager & deploy a magisk install to get the open source variant to work though, not 100% sure
It seems that it will be more and more difficult to root a mobile with new Android's versions.
iwanttoknow said:
It seems that it will be more and more difficult to root a mobile with new Android's versions.
Click to expand...
Click to collapse
I agree! And it also feels like its becoming a very heavy marketing plot aspect instead of another thing that made Android great. Like are we just supposed to pay ridiculously for the Pixel to obtain root? & for the record, that "Essential" phone, is still sorta essentially too expensive......
iwanttoknow said:
@LilAnt530
Thanks for your reply.
My previous device was rooted and I used SuperSU.
But as I wrote before, "how can I have the insurance that I always will be warned by an application like SuperSU or others ?
I have necessarily to TRUST this type of application which could be also a malicious application..."
Click to expand...
Click to collapse
Phh superuser with Magisk is a 100% open source method for managing root access on your device
Also discussed there: https://forum.xda-developers.com/showthread.php?t=2687933
Primokorn said:
Also discussed there: https://forum.xda-developers.com/showthread.php?t=2687933
Click to expand...
Click to collapse
Thanks I was trying to find one of those lol. As ive seen this question asked hundreds of times within recent months across forums
iwanttoknow said:
Hi all,
According to you, is rooting your device or unlock its bootloader a way for making it less secure, more vulnerable to attacks ?
Is it a false idea or a real subject ?
Click to expand...
Click to collapse
Rooting is a way to access the root-user on Android. It is the exact same as logging in as the root user in UNIX based operating systems. The windows equivalent of 'root' user, is an administrator account. Only difference is, within other UNIX based operating systems, the root user account is easily accessible. In android, it is blocked, so you need to do some process to gain access to the root user account. This process is known as "rooting".
Now, with administrative privileges, you gain the ability to modify the system, which is very useful, if kept in the right hands. But GOD FORBID, you get some nasty malware, such as a trojan or virus on your rooted device, that piece of malware now has access to administrative privileges, and can virtually do ANYTHING it wants to your system.
If you get some malware while the device does not have root access, the scenario is a lot less serious, as the malware cannot access system files, UNLESS there is an exploit designed SPECIFICALLY for that device or software version.
Now, unlocking bootloader in theory is a security flaw.... but then again, freedom is always inversely proportional to security... you have to sacrifice a bit of one to acquire the other. Theoretically, if all the custom operating systems you install are from trusted sources, and there is no embedded backdoors or spyware, or rootkits, or trojans, it is perfectly alright, software vulnerabilities, it is alright. But you simply cannot trust what these developers of custom roms actually embed into their roms, without actually examining the code itself.
I would recommend if you root and unlock the bootloader, install a custom recovery software such as TWRP. That way, in case your device gets compromised by hackers/malware, you can completely reformat the drive, and flash the stock firmware, thereby removing the malware.
Hope this helps.
Hope this helps.
---------- Post added at 09:31 AM ---------- Previous post was at 09:28 AM ----------
iwanttoknow said:
It seems that it will be more and more difficult to root a mobile with new Android's versions.
Click to expand...
Click to collapse
Yes, but the difficulty isn't because of the operating system necessarily. It is mostly because the phone manufacturers lock the bootloader, which makes the process of getting root very difficult. In addition to that, certain exploits that we use to gain root access are also being patched in the newer Android versions.
BIG_BADASS said:
Rooting is a way to access the root-user on Android. It is the exact same as logging in as the root user in UNIX based operating systems. The windows equivalent of 'root' user, is an administrator account. Only difference is, within other UNIX based operating systems, the root user account is easily accessible. In android, it is blocked, so you need to do some process to gain access to the root user account. This process is known as "rooting".
Now, with administrative privileges, you gain the ability to modify the system, which is very useful, if kept in the right hands. But GOD FORBID, you get some nasty malware, such as a trojan or virus on your rooted device, that piece of malware now has access to administrative privileges, and can virtually do ANYTHING it wants to your system.
If you get some malware while the device does not have root access, the scenario is a lot less serious, as the malware cannot access system files, UNLESS there is an exploit designed SPECIFICALLY for that device or software version.
Now, unlocking bootloader in theory is a security flaw.... but then again, freedom is always inversely proportional to security... you have to sacrifice a bit of one to acquire the other. Theoretically, if all the custom operating systems you install are from trusted sources, and there is no embedded backdoors or spyware, or rootkits, or trojans, it is perfectly alright, software vulnerabilities, it is alright. But you simply cannot trust what these developers of custom roms actually embed into their roms, without actually examining the code itself.
I would recommend if you root and unlock the bootloader, install a custom recovery software such as TWRP. That way, in case your device gets compromised by hackers/malware, you can completely reformat the drive, and flash the stock firmware, thereby removing the malware.
Hope this helps.
Hope this helps.
---------- Post added at 09:31 AM ---------- Previous post was at 09:28 AM ----------
Yes, but the difficulty isn't because of the operating system necessarily. It is mostly because the phone manufacturers lock the bootloader, which makes the process of getting root very difficult. In addition to that, certain exploits that we use to gain root access are also being patched in the newer Android versions.
Click to expand...
Click to collapse
Thanks a lot for your detailed answer.
If you need security, just root and install supersu or magisk.
If you have xposed framework, then try a nice fire wall like Xprivacy
As far as I can tell both SuperSU and Magisk are trusted and reliable, people wouldn't be using them, if they were untrustworthy. And I agree with Big's comments, freedom and ability to manipulate what you want in the device comes with a significant security issue. You are going to have to be careful about this either way.