Is it possible to root the "Nokia 8110 4G" running KaiOS ? - General Questions and Answers

Hello everyone.
Can we please get root on this phone?
Specs are:
Operating System: KaiOS
System chip: Qualcomm Snapdragon 205 MSM8905
Processor: Dual-core, 1100 MHz, ARM Cortex-A7, 32-bit, 28 nm
Graphics processor: Adreno 304
System memory: 0.5 GB RAM
Built-in storage: 4 GB
Storage expansion: up to 64 GB

sgmarouf said:
Hello everyone.
Can we please get root on this phone?
Specs are:
Operating System: KaiOS
System chip: Qualcomm Snapdragon 205 MSM8905
Processor: Dual-core, 1100 MHz, ARM Cortex-A7, 32-bit, 28 nm
Graphics processor: Adreno 304
System memory: 0.5 GB RAM
Built-in storage: 4 GB
Storage expansion: up to 64 GB
Click to expand...
Click to collapse
Im also wondering the same thing

Yes, have been able to flash my own system and it is also possible to get ADB.
I am currently working on it, but it might take some days to get something useful out of it. As I just created a new account here, I am currently not able to post any links, but you can find my stuff linked on Twitter via @nexus511.

nexus511 said:
Yes, have been able to flash my own system and it is also possible to get ADB.
I am currently working on it, but it might take some days to get something useful out of it. As I just created a new account here, I am currently not able to post any links, but you can find my stuff linked on Twitter via @nexus511.
Click to expand...
Click to collapse
Good job! :good:

0312birdzhang said:
Good job! :good:
Click to expand...
Click to collapse
Short update:
I have been able to gain root and I have also been able to modify selinux policies on the device. Then I have been running into some strange behavior. It actually looks like the kernel is telling to be running in permissive mode but even a permissive context seems to be enforcing instead.
I will try to use something like "Magisk" instead and see, if a service can solve this issue.
For anyone interested: The kernel-config can be extracted via /proc/config.gz. The dtb is compiled into the kernel image. Maybe I try extracting the dtb and building a codeaurora kernel for the device and see, how far I get with that. This might resolve the strange selinux issues I currently see.

nexus511 said:
Short update:
I have been able to gain root and I have also been able to modify selinux policies on the device. Then I have been running into some strange behavior. It actually looks like the kernel is telling to be running in permissive mode but even a permissive context seems to be enforcing instead.
I will try to use something like "Magisk" instead and see, if a service can solve this issue.
For anyone interested: The kernel-config can be extracted via /proc/config.gz. The dtb is compiled into the kernel image. Maybe I try extracting the dtb and building a codeaurora kernel for the device and see, how far I get with that. This might resolve the strange selinux issues I currently see.
Click to expand...
Click to collapse
This is a good news! I just bought a "banana" today, waiting for your good news :fingers-crossed:

nexus511 said:
Short update:
I have been able to gain root and I have also been able to modify selinux policies on the device. Then I have been running into some strange behavior. It actually looks like the kernel is telling to be running in permissive mode but even a permissive context seems to be enforcing instead.
I will try to use something like "Magisk" instead and see, if a service can solve this issue.
For anyone interested: The kernel-config can be extracted via /proc/config.gz. The dtb is compiled into the kernel image. Maybe I try extracting the dtb and building a codeaurora kernel for the device and see, how far I get with that. This might resolve the strange selinux issues I currently see.
Click to expand...
Click to collapse
Sounds like you've made some impressive progress here, can't wait for more details!
Will you be posting a more detailed tutorial/how-to here or on your blog in the future?
Keep up the great work! :good:

Great work, would be great to uninstalled preinstalled *tty demo games.

@nexus511, any way you could please share the root procedure or point to some resources?
Or...at the very least when you get a spare second, how you did manage to unlock your bootloader knowing Nokia has publicly acknowledge disabling Device > Developer?
Muchas,
nexus511 said:
Short update:
I have been able to gain root and I have also been able to modify selinux policies on the device. Then I have been running into some strange behavior. It actually looks like the kernel is telling to be running in permissive mode but even a permissive context seems to be enforcing instead.
I will try to use something like "Magisk" instead and see, if a service can solve this issue.
For anyone interested: The kernel-config can be extracted via /proc/config.gz. The dtb is compiled into the kernel image. Maybe I try extracting the dtb and building a codeaurora kernel for the device and see, how far I get with that. This might resolve the strange selinux issues I currently see.
Click to expand...
Click to collapse

fpb4 said:
@nexus511, any way you could please share the root procedure or point to some resources?
Or...at the very least when you get a spare second, how you did manage to unlock your bootloader knowing Nokia has publicly acknowledge disabling Device > Developer?
Muchas,
Click to expand...
Click to collapse
Use OmniJB can enable "Developer Mode".
Tested on sideload mode

0312birdzhang said:
Use OmniJB can enable "Developer Mode".
Tested on sideload mode
Click to expand...
Click to collapse
Cheers mate :good: , that's a step forward (and cookie points to OmniJB's dev for the firefox 52.9 esr trick) - now WebIDE lists all runtime apps in Unrestricted DevTools privileges...which is great should I be willing to debug any of those or create my own. What I am looking for though is a way to *delete/un-install/remove* (no cigar remounting /system/b2g/webapps rw without root) some of the certified pre-installed applications (assistant to start with or the bunch of packaged Gameloft bloatware). Any idea - i've pm'ed @nexus511 for some root procedure but no answer yet?

0312birdzhang said:
Use OmniJB can enable "Developer Mode".
Tested on sideload mode
Click to expand...
Click to collapse
Is there anyway I could revert installing omniJB? I'd love to be able to install factory updates again.

hello all, just give an update on how's everything regarding nokia 8110 is going

fpb4 said:
Cheers mate :good: , that's a step forward (and cookie points to OmniJB's dev for the firefox 52.9 esr trick) - now WebIDE lists all runtime apps in Unrestricted DevTools privileges...which is great should I be willing to debug any of those or create my own. What I am looking for though is a way to *delete/un-install/remove* (no cigar remounting /system/b2g/webapps rw without root) some of the certified pre-installed applications (assistant to start with or the bunch of packaged Gameloft bloatware). Any idea - i've pm'ed @nexus511 for some root procedure but no answer yet?
Click to expand...
Click to collapse
Could you remove the pre-installed apps?

Hi!
It's possible, to get full ADB-Root by injecting a patched adbd-binary. And with real swap instead of zram, the device is more responsive (background-tasks like Launcher/Homescreen are killed less often...)
As soon, as I have build my own patched adbd, I will provide an 'update.zip' -- it seems chainfire doens't like others to use his version. (OpenSource -- anyone? )
BTW: no, I don't have 'su' -- only my own priviledged additional startscript and ADB-Root but for me this is more than enough to 'work'
(my goal is to create native apps with Ada/Gnoga - meaning native but with HTML5-GUI. First tests are working well...)

I would love to have this phone without the pre-installed social media and game garbage, would your planned update.zip allow someone reasonably competent at following instructions to do this easily or is experience required?

It should be possible to remove those apps - but for me it's hard to say how. On my device there were no preinstalled apps/games other than snake. Everything else is (un)installable normally. Could be a region-thing
(I've got the european/german version)
-- but on my device the store seems to be a 'static' bunch of zips - so it could kill the store to just remove those.
(i think I would need to adjust configs for the store if I want to clean them up)
If I remember correctly, there is a flag in the app-manifest to config if an app is removeable... my first try would be to edit this flag and check if I could uninstall it normally after this
On the other hand: there is nearly no need to uninstall - KaiOS-Apps are small and with a sdcard....
(I created an extra 1GB-Swap on /data - even then enough space left)
BTW: if You have a little experience with android-stuff, rooting is simple when You know how
Enable adb --> just type *#*#33284#*#* on keypad of your phone (the digits spell 'debug' )
-- build an update.zip - sign with AOSP-Test-Keys
--- let it create '/data/opt', '/data/opt/bin'
--- put an patched adbd (chainfire's v22 works) in /data/opt/bin
--- create /data/opt/init as a shellscript, remounting / rw, replace /sbin/adbd with patched one, remount / ro kill adbd so it restarts the patched version. (you may add commands for other stuff on boot - I disable zram, enable swapfile, start en Ada-Server....)
--- and add a call to '/data/opt/init' as last line to '/etc/init.qcom.post_boot.sh' so this 'init' will start with root-rights on startup.
This way /data/opt/init will inherit root from /etc/init.qcom.post_boot.sh, so it can replace adbd - and because the patched version won't drop it's root-rights you'll have a root shell over adb.
As You see - it's quite trivial, but at the moment I don't have a patched adbd which I'm allowed to include.
(I hadn't time to build an AOSP-tree until now)

Has anyone tried installing OmniJB from 4pda.ru website? (Sorry can't post links)
If you google "4pda 890710" it will bring it up.
Also, anyway of installing whatsapp yet?

PolePolisher said:
I would love to have this phone without the pre-installed social media and game garbage, would your planned update.zip allow someone reasonably competent at following instructions to do this easily or is experience required?
Click to expand...
Click to collapse
root or create an update to edit /data/local/webapps/webapps.json
it worked on my phone no more s*** games and google stuff

Can I not just replace the /sbin/adbd from the boot.img?
(by extracting the boot.img with a flashable zip, and then unpack/repack with kitchen)

Related

[DEV] Lenovo Ideapad A1 Kernel Development/Testing

Warning/disclaimer: This thread is intended for those who already know how to compile a kernel and have a working knowledge of Linux and its derivatives. There shouldn't be a great deal of risk involved, but you are responsible for what happens if you decide to follow these instructions.
Polite request: Please don't post replies to this thread that aren't of a technical nature directly related to compiling, modifying, or testing the kernel.
Introduction:
It appears as if Lenovo have released a buildable and bootable kernel source. I've done some preliminary testing with it. However, it would be better if we could get lots of people building and running the kernel, so that we can spot any remaining problems. This is also an opportunity to start hacking it to add/fix features such as USB OTG, etc.
Kernel source:
Get it from the Github repository at: https://github.com/gmarkall/lenovo_a1_07_kernel
Toolchain:
The Makefile seems to suggest that Codesourcery 2010q1 has been used by Lenovo to compile the kernel. Get it from https://sourcery.mentor.com/sgpp/lite/arm/portal/release1293, and make sure that the arm-none-linux-gnueabi-* binaries are on your path.
Building the source:
You may wish to edit the Makefile around line 192 to set CROSS_COMPILE=arm-none-linux-gnueabi- instead of the hardcoded path that is the default.
Then, to build the kernel:
Code:
make distclean
make a1_07_defconfig
make uImage
Booting the kernel
Normally, Android devices have two boot images that consist of a kernel and a ramdisk. One boot image is for the recovery, and the other is for the Android system. This makes it safe to flash a new boot image containing an untested kernel for the Android system, since the recovery can always boot up using the other boot image. However, the A1, by some bad design decision, only has one kernel - the bootloader always loads the same kernel, and just loads a different ramdisk depending whether it is to boot into recovery or system. As a result, it is not safe to flash a kernel to your A1 unless it's already been tested, since a bad kernel will make it impossible to boot from the internal memory, and you'll need a bootable SD card.
The solution to this problem is to make a bootable SD card for loading the kernel and ramdisk from. A bootable SD card consists of two partitions:
* A small bootable VFAT partition, that holds the X-Loader (MLO), U-Boot (u-boot.bin) and the kernel (uImage).
* An ext2 partition that holds the root filesystem.
In order to create a bootable SD card, use the omap3-mkcard.sh script that is attached below. To invoke it for making /dev/mmcblk0 a bootable SD card:
Code:
sudo omap3-mkcard.sh /dev/mmcblk0
You may need to hack the script if your SD card device isn't a /dev/mmcblk* one, since the script searches for partitions denoted "p1" and "p2" - this may need changing to just "1" and "2" respectively (thanks Xbdesign and Brancaleone for this).
This will create the necessary partitions, set the bootable flag, and format them. You will then need to mount the first partition (e.g. /dev/mmcblk0p1), and copy MLO and u-boot.bin to it (also linked below). Then, copy the uImage that you built from your kernel tree, which will be located in /arch/arm/boot. You can now unmount this partition.
Next, mount the second partition (e.g. /dev/mmcblk0p2). This will need to contain the same set of files that the initial ramdisk contains. There are two different ramdisks that you might want to use - one is from the Cyanogenmod 7 build, and the other one is from the stock system. Download links for these are also below. To extract the ramdisk, copy it onto the SD card second partition, then run the following commands (assuming the ramdisk is called ramdisk.ub):
Code:
dd if=ramdisk.ub of=ramdisk.img.gz bs=64 skip=1 # Strip off the U-Boot header
gunzip ramdisk.img.gz # Unzip
sudo cpio -idmv < ramdisk.img # Extract the cpio archive
Then, unmount the second partition of the SD card.
You should now be able to remove the SD card and insert it into your A1. Power down the A1 and power up again, and it should hopefully boot from the SD card and load your kernel. If it's booted from the SD card and loaded your kernel, you should be able to see that it was compiled on your host by looking in Settings -> About Phone -> Kernel Version.
Troubleshooting:
This is not a comprehensive guide, just a few pointers to where a problem might be - please post replies to the thread to get troubleshooting suggestions.
System boots up, but is not running my kernel - it didn't boot from the SD card. If the A1 is plugged into the charger/USB, you sometimes need to reboot multiple times before it boots off the SD card (I think it doesn't always turn off fully when the charger is plugged in).
The static Lenovo logo flashes up over and over again - it's booted from the SD card, but didn't manage to load your kernel
The static Lenovo logo comes up and stays there/goes to a black screen - it's probably loaded your kernel and mounted the root file system, but failed to mount /system. Try running adb shell to see what happens. If you get something like
Code:
/system/bin/sh: no such file or directory
then your kernel is running but /system isn't mounted.
IRC Channel
Join #ideapad-a1 on irc.freenode.net to discuss the kernel and other A1 development-related topics!
Download Links:
MLO
u-boot.bin
omap3-mkcard.sh
Ramdisk for Cyanogenmod 7
Ramdisk for ROW 2643 stock release
I've added the two ramdisks that I suspect will be most common - if you need another ramdisk, you'll have to extract it from an OTA.
Also, I compiled a tun.ko - www.doc.ic.ac.uk/~grm08/ideapad/tun.ko
Here's a cifs.ko - http://www.doc.ic.ac.uk/~grm08/ideapad/cifs.ko
EDIT: AutobahnA1 and infraredevans have confirmed that tun.ko works on ROW_2643.
EDIT 2/3: Please test out cifs.ko! (It doesn't work - it needs slow-work.ko. Will get that done when I can. Thanks to Ilikecokethree on the Lenovo forums for pointing that one out).
你懂中文吗,大神!
我是中国人 关注你的帖子很久了,我不懂英文,用翻译软件看的大概,我们这里很多人支持你,都在用你的rom 很棒!比联想官方的好多了,谢谢!
I think I did exactly the steps as you told, but it still boots the original kernel, may something be wrong? Thank you very much.
PS: I'm a chinese too, and my English is not good either
gmarkall said:
This is also an opportunity to start hacking it to add/fix features such as USB OTG, etc.
Click to expand...
Click to collapse
Please do not forget to try the WiFi-based geolocation, which is also missing!
I wish I had the knowledge to work on it myself but I am far from taking over such tasks...do not have the slightest idea about how these things work.
Good luck and please keep us informed!
geoponer said:
Please do not forget to try the WiFi-based geolocation, which is also missing!
Click to expand...
Click to collapse
Geolocation bug has nothing to do with kenerl. It's a missing entry in framework-res.apk in ROM from Lenovo
see : forums.lenovo.com/t5/IdeaPad-Slate-Tablets/A1-Geocode-Bug-in-Firmware-Solution/td-p/709701
betabox said:
Geolocation bug has nothing to do with kenerl. It's a missing entry in framework-res.apk in ROM from Lenovo
see : forums.lenovo.com/t5/IdeaPad-Slate-Tablets/A1-Geocode-Bug-in-Firmware-Solution/td-p/709701
Click to expand...
Click to collapse
Also, it's working in CM7.
hohoxu_hao115 said:
I think I did exactly the steps as you told, but it still boots the original kernel, may something be wrong?
Click to expand...
Click to collapse
Sounds like it's booting from eMMC instead.
Can you post the partition table of the SD card as listed by fdisk, and also a directory listing of each of the two partitions? I ask this to confirm what's happened - seems like you're the first person to follow these instructions, and it's quite possible I made a mistake somewhere.
betabox said:
Geolocation bug has nothing to do with kenerl. It's a missing entry in framework-res.apk in ROM from Lenovo
see : forums.lenovo.com/t5/IdeaPad-Slate-Tablets/A1-Geocode-Bug-in-Firmware-Solution/td-p/709701
Click to expand...
Click to collapse
Apologies for the off-topic, but I think that we are discussing two different things here: I am referring to the Geolocation bug, which prevents me from e.g. checking in with Foursquare by using only WiFi location information (active GPS signal is needed) while you have solved the Geocoding bug, which has nothing to do with the Geolocation one...
Please correct me if I am wrong.
@Graham: I plan to install the CM7 that you have been working on (with the feedback from other users - I keep an eye on that thread!) but since I use my A1 for professional purposes as well, I would like to make sure that everything is working fine before moving to CM7. Apologies for not being able to contribute to the beta testing of CM7 but I am really looking forward to seeing a version based on the source code provided by Lenovo, which I think will lead to a more stable version of your CM7. I cannot thank you enough for taking the time to work on this, really!
geoponer said:
Apologies for the off-topic, but I think that we are discussing two different things here: I am referring to the Geolocation bug, which prevents me from e.g. checking in with Foursquare by using only WiFi location information (active GPS signal is needed) while you have solved the Geocoding bug, which has nothing to do with the Geolocation one...
Please correct me if I am wrong.
Click to expand...
Click to collapse
I think that whether it works in CM7 or not, it almost certainly isn't a kernel issue. I'll test it by signing up for Foursquare and give it a try out on CM7 to see if it works later on. Will post my findings in the CM7 thread.
Hi Graham,
just gonna pile up several questions/thinkings and feel free to comment them the or answer on your liking
We do have few hickups on CM7 but I am more excited about idea of having proper recovery then ironing current CM rom that works more than satisfactory right now. Do we have enough code (I assume that target here is u-boot) on our hands that someone can implement necessary changes to internal partitions and boot procedures?
what is your opinion on replacement of u-boot with something else? for example LK loader or to be more precise with its current HD2 implementation known as cLK. it allready has some neat features like HBOOT like GUI, ability to change partition sizes on device itself (without computer), ability to boot from different partitions (would be nice to have android and ubuntu side by side loaded on our devices) and last but not least it has fastboot support enabled...or is it better way fill up u-boot with desired features if possible?
so...just my wishful thinking...not enough knowledge on my side to do anything regarding all this just hoping that some of you, more capable guys gets interested in this
dusko_m said:
Hi Graham,
just gonna pile up several questions/thinkings and feel free to comment them the or answer on your liking
We do have few hickups on CM7 but I am more excited about idea of having proper recovery then ironing current CM rom that works more than satisfactory right now. Do we have enough code (I assume that target here is u-boot) on our hands that someone can implement necessary changes to internal partitions and boot procedures?
what is your opinion on replacement of u-boot with something else? for example LK loader or to be more precise with its current HD2 implementation known as cLK. it allready has some neat features like HBOOT like GUI, ability to change partition sizes on device itself (without computer), ability to boot from different partitions (would be nice to have android and ubuntu side by side loaded on our devices) and last but not least it has fastboot support enabled...or is it better way fill up u-boot with desired features if possible?
so...just my wishful thinking...not enough knowledge on my side to do anything regarding all this just hoping that some of you, more capable guys gets interested in this
Click to expand...
Click to collapse
I do want to implement something that's pretty much as you describe. My biggest motivation is that it's currently not safe to flash a kernel since you can break both system and recovery that way in one go - I really want to make the boot process more robust.
gmarkall said:
Also, I compiled a tun.ko - tun.ko
I haven't tested it yet - is anyone able to try it please?
Click to expand...
Click to collapse
The module loaded without a problem on my 2643_ROW Kernel. Installed "Rooted AnyConnect" from the "Play Place". Now I can connect to my company VPN.
gmarkall: YOU ROCK! THANK YOU!!!
tun.ko
Graham
The tun.ko module works perfectly with openvpn on 2643_ROW.
I can now access my Amahi home server,awsome.
Thanks a lot you are doing a great job.
Dont want to sound presumptuous but any chance of a cifs.ko to go with it .
Cheers
Infraredevans said:
Dont want to sound presumptuous but any chance of a cifs.ko to go with it .
Click to expand...
Click to collapse
I'll give it a whirl... give me a few minutes.
gmarkall said:
I'll give it a whirl... give me a few minutes.
Click to expand...
Click to collapse
Here it is: http://www.doc.ic.ac.uk/~grm08/ideapad/cifs.ko
To compile it I had to copy md5.h from another kernel source to fs/cifs in the kernel tree. I also had to edit init/Kconfig so that CONFIG_SLOW_WORK defaulted to yes. I configured the module with the options:
Support Legacy LANMAN servers which use weaker security
CIFS Extended attributes
CIFS POSIX attributes
and without statistics, debugging, or experimental features. Let me know if this is a suitable config - I could always tweak it and build another one.
arm-2010q1-202-arm-none-linux-gnueabi.bin
Did someone manage to install arm-2010q1-202-arm-none-linux-gnueabi.bin on 64bit system?
xbdesign said:
Did someone manage to install arm-2010q1-202-arm-none-linux-gnueabi.bin on 64bit system?
Click to expand...
Click to collapse
I did - I didn't have any problems, but my random guess about how to solve it could be to install ia32-libs. If installing that doesn't solve it, can you post a bit more detail about the problem?
I am using ubuntu 10.04 LTS and just cant install / find Getlibs to install a 32-bit version of xulrunner :-(
xbdesign said:
I am using ubuntu 10.04 LTS and just cant install / find Getlibs to install a 32-bit version of xulrunner :-(
Click to expand...
Click to collapse
Do you need that to run the installer? I just downloaded the tar version instead and extracted it. I saw there was an installer as well, but I thought it would be more hassle than using the tarball so I just ignored it.

ViPER4Android Universal Fix CM13 Android 6.0/+

So... here I will share 2 scripts I made to fix permissions for ViPER4Android running with enforced SELinux.
Why 2 scripts?
I like to keep everything open-source. Here I like to notice, Cyanogenmod is taking the wrong direction in my point of view. Every update takes out something of the customization possibilities of the user, so I am thinking of choosing new ROM. I faced real nightmare with SELinux permissions (well... SELinux is good, but Cyanogenmod doesn't provide any tool or way to manage those permissions). The more funny part is that with branch 13.0 of cyanogenmod there is no more init.d. Before someone corrects me - yeah... there is init.d, but SELinux blocks any script from executing at boot time, so don't use it. You will get your logs spammed by error messages. So... I've tried to enable init.d again, but there is no way to manage init.d to work as before. I've tried lots of different fixes from other posts, but nothing seems to work anymore, because of SELinux restrictions. I didn't managed to find any way to run scripts on boot time with root permissions in a suitable way... without messing with other system files or rebuilding build.img... so I came with those 2 solutions:
ViPER4Android (OpenSource) This is the solution I recommend to all of you. It is full open source. It doens't mess with you current system and it should work on any device/ROM. The zip file contains ViPER4Android app and driver, sepolicy-inject tool from setools-android so we can set permissions for ViPER4Android to work with enforced SELinux and Universal Init.d.
sepolicy-inject is open source equivalent to supolicy tool of Chainfire's SuperSU. I strongly recommend sepolicy-inject over supolicy, because every root closed source app should be threaten as security risk as the code can't be examined. I don't trust it esepcially when it is part of your android root manager
Universal init.d is just a application - it simulates init.d function. Imagine it like init.d on the user side... sadly enough you need to be pre-rooted to get it running.
ViPER4Android (Legacy) Maybe more of you will like this solution as it is more automated and it doesn't require any user action after installing the zip. This zip will do the same as the one above - it will install ViPER4Android removing all other DSP apps, but here come the difference - THIS SCRIPT WILL INSTALL CHAINFIRE'S SUPERSU in order to set SELinux policies for ViIPER4Android. Chainfire's SuperSU uses supolicy-tool - it let you manage SELinux policies on boot time. Chainfire's SuperSU will run everything in /system/su.d/ so again... you have init.d support - this is the real pain in the ass.
Before you download and flash, please read:
Both scripts WILL REMOVE other DSP apps from your device and will install ViPER4Android 2.4.0.1. I STRONGLY RECOMMEND TO USE SOLUTION 1 AS IT IS FULL OPEN SOURCE! Support open source software!!!
INSTRUCTIONS
ViPER4Android (OpenSource) - IN ORDER TO WORK, YOUR DEVICE MUST BE ROOTED! (Your device need to be rooted as Unversal Init.d needs root permissions in order to simulate init.d functionality)Download the .zip; Flash and reboot; Open Universal Init.d and grant root permission if asked; Reboot once more in case it don't work!
Sometimes Universal init.d is not fully initialized and needs some root permissions. That's why you need to reboot second time - then everything works. No further actions needed.
ViPER4Android (Legacy) - Just flash and reboot... but once more - SUPPORT OPEN SOURCE AND CHOOSE SOLUTION 1!!!!
For Samsung devices - if the scripts above doesn't work for you, check this post. Thx to Viper4713 for the instructions and voshchronos for solving the issue!!!
Hope to make someone happy
PS: If u want to make me happy with some beer, here you can donate a small amount. Thank you for your support.
Can i flash it on android one device running on 6.0.1
Yes. If you have any issues, please let me know!
rpangelov said:
Yes. If you have any issues, please let me know!
Click to expand...
Click to collapse
Hi, i tried to install the open source version on my kltedv running resurrection remix 6.0.1 however it is still not working. The init.d shows the kernel doesnt support init.d, and v4a drivers status is abnormal. It is also cause screen freeze and random restart. Any ideas? Your kind input would be very much appreciated. Thanks.
hiropandaz said:
Hi, i tried to install the open source version on my kltedv running resurrection remix 6.0.1 however it is still not working. The init.d shows the kernel doesnt support init.d, and v4a drivers status is abnormal. It is also cause screen freeze and random restart. Any ideas? Your kind input would be very much appreciated. Thanks.
Click to expand...
Click to collapse
I've just readed some info about the ROM you use. As it is based on Cyanogenmod I assume there is root manager builded in. Maybe it is disabled as CM root access is disabled by defaults? Look at: Settings -> Developer Options -> Root Access - turn in on by "Apps only".
Then just follow this steps:
1. Start Universal Init.d
2. Turn it off from the toggle button
3. Run test from the button on the bottom of Universal Init.d
4. If ask for root permissions, grant them!
5. Turn Universal Init.d ON from the toggle (step 2 you turned it off)
6. Restart your device and check once more!
If you still have any issues, please let me know!
Greetz,
Angelov
---------- Post added at 10:44 PM ---------- Previous post was at 10:42 PM ----------
rpangelov said:
I've just readed some info about the ROM you use. As it is based on Cyanogenmod I assume there is root manager builded in. Maybe it is disabled as CM root access is disabled by defaults? Look at: Settings -> Developer Options -> Root Access - turn in on by "Apps only".
Then just follow this steps:
1. Start Universal Init.d
2. Turn it off from the toggle button
3. Run test from the button on the bottom of Universal Init.d
4. If ask for root permissions, grant them!
5. Turn Universal Init.d ON from the toggle (step 2 you turned it off)
6. Restart your device and check once more!
If you still have any issues, please let me know!
Greetz,
Angelov
Click to expand...
Click to collapse
Hi Angelov, many thanks for your helpful instruction. I couldnt get it work with open source version. However it is working now after i install V4A legacy version. Many Thanks once again.
hiropandaz said:
---------- Post added at 10:44 PM ---------- Previous post was at 10:42 PM ----------
Hi Angelov, many thanks for your helpful instruction. I couldnt get it work with open source version. However it is working now after i install V4A legacy version. Many Thanks once again.
Click to expand...
Click to collapse
You are welcome! As I mentioned in the instructions - the legacy script will work always, but I don't like the implementation of it. I am working on new version of the opensource script, so there won't be any issues of that kind. When I am ready I will upload it here after updating my first post.
Greetz,
Angelov
This "universal" fix has been shared several months ago on XDA and a simple root shell is enough to use V4A in enforcing mode.
FYI init.d is deprecated now but it's not related to CM. Use su.d instead.
Primokorn said:
This "universal" fix has been shared several months ago on XDA and a simple root shell is enough to use V4A in enforcing mode.
FYI init.d is deprecated now but it's not related to CM. Use su.d instead.
Click to expand...
Click to collapse
Can you provide me a link to this universal fix you are talking about?
PS: init.d is deprecated in AOSP, i get that. Please read my first post once more, obviously isn't clear enough. Using su.d will result in using closed source tools to manage your Selinux policy's. As I mentioned it above - please support open source software. Every closed source root app has to be threaten as security risk. My opinion...
rpangelov said:
Can you provide me a link to this universal fix you are talking about?
PS: init.d is deprecated in AOSP, i get that. Please read my first post once more, obviously isn't clear enough. Using su.d will result in using closed source tools to manage your Selinux policy's. As I mentioned it above - please support open source software. Every closed source root app has to be threaten as security risk. My opinion...
Click to expand...
Click to collapse
Check the official V4A thread for instance. Others have opened threads in device specific forums or in the App & Games forum.
Have a look at this thread, it might interest you: http://forum.xda-developers.com/android/software-hacking/wip-selinux-capable-superuser-t3216394
FYI I do support open-source free/libre softwares, as much as I can.
Primokorn said:
Check the official V4A thread for instance. Others have opened threads in device specific forums or in the App & Games forum.
Have a look at this thread, it might interest you: http://forum.xda-developers.com/android/software-hacking/wip-selinux-capable-superuser-t3216394
FYI I do support open-source free/libre softwares, as much as I can.
Click to expand...
Click to collapse
I've seen phh's SuperUser but I didn't tried it - this is one of my tasks for this/next week.
As I've tried the most scripts, I didn't liked all the actions needed to be taken before running the .zip script in order to get viper working. I compile my own Cyanogenmod and I don't use gapps. Almost all apps I use on my device are opensource as I use F-droid as my only market (well... I need whatsapp, but I download it just from the website). Anyway... Cyanogenmod has it's own root manager builded in.... so why I need to install one more, which contains closed source tools in it? That is also the reason I don't advice people to use it... and I don't see that as solution to my problem. AOSP is opensource, but nowadays it is very dependent on some closed-source elements and I want to wipe them all out and use open source alternatives for. I hope you understand why using su.d isn't solution in this case. You just make your self and others dependent on one more closed source app, so I don't get where is the support for open source? I think that opensource script is good solution to the problem without using any closed source tool.
To make it easy as possible - just flash the .zip and you are ready to go, I included the latest version of Chainfire's SuperSu in the legacy script, so you don't need to install it before running the .zip. It looks easier to me....
Actually it is very stupid because the result of using the scripts (doesn't matter which one) you will end up with rooted device anyway (if it isnt already), but in order to get opensource script working your device has to be rooted before running the .zip, but if your device is already rooted, you just flash the zip and you are ready to go.
rpangelov said:
I've seen phh's SuperUser but I didn't tried it - this is one of my tasks for this/next week.
As I've tried the most scripts, I didn't liked all the actions needed to be taken before running the .zip script in order to get viper working. I compile my own Cyanogenmod and I don't use gapps. Almost all apps I use on my device are opensource as I use F-droid as my only market (well... I need whatsapp, but I download it just from the website). Anyway... Cyanogenmod has it's own root manager builded in.... so why I need to install one more, which contains closed source tools in it? That is also the reason I don't advice people to use it... and I don't see that as solution to my problem. AOSP is opensource, but nowadays it is very dependent on some closed-source elements and I want to wipe them all out and use open source alternatives for. I hope you understand why using su.d isn't solution in this case. You just make your self and others dependent on one more closed source app, so I don't get where is the support for open source? I think that opensource script is good solution to the problem without using any closed source tool.
To make it easy as possible - just flash the .zip and you are ready to go, I included the latest version of Chainfire's SuperSu in the legacy script, so you don't need to install it before running the .zip. It looks easier to me....
Actually it is very stupid because the result of using the scripts (doesn't matter which one) you will end up with rooted device anyway (if it isnt already), but in order to get opensource script working your device has to be rooted before running the .zip, but if your device is already rooted, you just flash the zip and you are ready to go.
Click to expand...
Click to collapse
I mentioned su.d because that's a solution with newer Android versions but I didn't say it's the best one. Using FLOSS softwares is a good move but you are using proprietary codes with CM.
Hi everyone, i flashed both of the zips with TWRP but i got an error code : 255. Any idea how to fix it ? Please help me. I'm using an x86 phone btw
trongtin64 said:
Hi everyone, i flashed both of the zips with TWRP but i got an error code : 255. Any idea how to fix it ? Please help me. I'm using an x86 phone btw
Click to expand...
Click to collapse
I think it's because your phone architecture... anyway - I will look at it today and I will let you know if I find a solution for your problem. Can you tell me which phone exactly you own ? Thank you.
Greetz, Angelov
rpangelov said:
I think it's because your phone architecture... anyway - I will look at it today and I will let you know if I find a solution for your problem. Can you tell me which phone exactly you own ? Thank you.
Greetz, Angelov
Click to expand...
Click to collapse
i'm using a zenfone 5 (A501CG) with resurrection remix mm 5.6.7
trongtin64 said:
i'm using a zenfone 5 (A501CG) with resurrection remix mm 5.6.7
Click to expand...
Click to collapse
You have a x86 architecture and this zip is probably for arm only. I guess you need the updater-binary for x86 and place it into the zip in META-INF/com/google/android.
Primokorn said:
You have a x86 architecture and this zip is probably for arm only. I guess you need the updater-binary for x86 and place it into the zip in META-INF/com/google/android.
Click to expand...
Click to collapse
Ok so i need an updater-binary for x86 right? Can i copy it from other zip to your zip? Will it work?
trongtin64 said:
Ok so i need an updater-binary for x86 right? Can i copy it from other zip to your zip? Will it work?
Click to expand...
Click to collapse
AFAIK you can use the one from a custom rom. You need a compatible custom recovery of course.
Primokorn said:
AFAIK you can use the one from a custom rom. You need a compatible custom recovery of course.
Click to expand...
Click to collapse
I'll use the one from my custom rom . Thank you for helping me :good:
It works great. thanks.
my bad for not following the instructions.

OC-K1 Nougat

3.0
given up using peoples dirty code, so downloaded nvidias dirty code instead lol
cleaned the code up best i could, things ive noticed while playing games on the tablet is -
when i play "nitro nation" the first race no longer stutters
when popups appear they dont take a while to appear..
when i play "word mind" it doesnt take ages to load with crackling sound
when using "kernel auditor" if you set the GPU max and min values high (i only did this trying to keep the values standard), when the GPU gets hot, it cant scale down the GPU frequency so it starts trying to kill tasks.
i dont think you need to download/flash blobs as they are for flashing binary stuff, but i cant find a need for it, think its more of a precaution to ensure the kernel boots.. but dont think i have flashed them
-----------------------------------------------------------------------------------------
3.1 : FINAL,
dunno what changes i made but ive recently upgraded my tablet so figured id upload my latest and last
obveously i have had to start again running 3.10.96 but done alot of work to make it as fast as i can so far, but i deleted all references to my old code and cant find them anymore,
GPU is now at 914 MAX as ive found its the GPU that generates a lot of heat, which causes it to throttle, and found values higher than this just degraded performance.
ive known for a long time that "DT2W" works great while connected to USB, due to the custom USB wakelock, i know the app "wakelock revamp - power manager" would resolve it. but ive found tapping where "notifications" would be wakes the screen (ive found bottom right where the camera would be is a good spot) im trying to figure out how to apply the wake lock better.
scores on PCMARK are above the scale on most values
scores on 3DMARK are around 3250 ~ 3320
=========================================
if you want to create your own, i created a guide, also the website i used to help me understand
https://************/how-to-build-android-kernel-on-windows-10/ appuals . com
-----------------------------------------------------------------
Thanks to :
-----------------------------------------------------------------
"hazel nut" for his support, as if he never said "cant wait for it to come out" i dont think it would of pushed me so much
----------------------------------------------------------------
"BitOBSessiOn" for his source code
https://github.com/BitOBsessiOn/android_kernel_nvidia_shieldtablet
-----------------------------------------------------------------
"laufersteppenwolf" for his source code and commits to overclocking and DT2W/STW
https://github.com/laufersteppenwolf/android_kernel_nvidia_shieldtablet
-----------------------------------------------------------------
"Christopher83" for his cross compiler
https://github.com/Christopher83/arm-cortex_a15-linux-gnueabihf-linaro_4.9
-----------------------------------------------------------------
Microsoft, if i didnt hate windows 10 so much, and didnt get a message regarding dropping support for windows 7,
i would still be using a virtual machine which due to it being so slow, i would of probably given up a long time ago
----------------------------------------------------------------
thanks to everyone that has said thank you
Nice to see that you open a thread.
Appreciate a bit companionship here.
In your guide didn't you specify how you create thr zip file.
I used the nethunter installer, which is based on lazy flashed in regard of the external modules, this come in handy, but I found relatively little among the Shield kernel support.
I noticed that you set the make command with the addition of the specifications of the number of CPUs, which are to be used, before every command.
Is this a typo, or is this the correct procedure when you compile with Windows?
Did you mean with
"bin-bash-command"
Click to expand...
Click to collapse
-
cd ~
Click to expand...
Click to collapse
?
PS
1
response
That's just how I make the command, as if you tap the up key, you can scroll through previous inputs, if it makes it faster- that's a bonus.. but you're right about being very little support.
With regards to the zip file - you could use mine or any other zip that is a kernel flash - as long as you drop it into the kernel folder.. I believe there is an "anykernel.zip" somewhere if you prefer to use that.. also if you wish to add your own personal touch, you can modify the script file in the metadata folder
Response
I also chose different colours in the guide and placed it in a separate line so people could understand the exact typing.. or they could copy and paste..
But with regards to support it is one of the reasons I made the guide, in hopes the Nvidia community could follow it, understand how to achieve their own kernel, and improve the tablet. As there seems to be a serious lack of support..
I had to learn on my own, through Google and YouTube, but hopefully this will speed up what took me a month of trial and error..
Is it compatible with stock based fw (5.4)? Just need to flash blobs, then kernel and reboot?
Respond
Yeah, extract the blobs before flashing.. only available for stock/stock+ rom
Reply
Oh, by the way, you can’t compile with windows unless you’re using a virtual machine.. has to be Linux/terminal
Bleeblun said:
Yeah, extract the blobs before flashing.. only available for stock/stock+ rom
Click to expand...
Click to collapse
Thank you, I will try out as soon as I can get to my computer. I have downloaded the wakelock v3 app and kernel adiutor an I can't enable wakelock in kernel adiutor (I can't see any option for it). Only this new kernel will support this option, am I right?
Reply
attom93 said:
Thank you, I will try out as soon as I can get to my computer. I have downloaded the wakelock v3 app and kernel adiutor an I can't enable wakelock in kernel adiutor (I can't see any option for it). Only this new kernel will support this option, am I right?
Click to expand...
Click to collapse
You must of done something wrong as “wake” is below “gpu”
You extract> then flash the blob at the fastboot menu via typing - fastboot flash staging <blobfilename>
Then via TWRP recovery you install the “OC K1” kernel without extracting.. I have 3 tablets and it’s worked on them all.. hope this helps,
Bleeblun said:
You must of done something wrong as “wake” is below “gpu”
You extract> then flash the blob at the fastboot menu via typing - fastboot flash staging <blobfilename>
Then via TWRP recovery you install the “OC K1” kernel without extracting.. I have 3 tablets and it’s worked on them all.. hope this helps,
Click to expand...
Click to collapse
Yeah, everything worked, awesome, thank you!!
Response
attom93 said:
Yeah, everything worked, awesome, thank you!!
Click to expand...
Click to collapse
Thanks for letting me know, originally you wouldn’t of needed the “wake v3” app, but I started fresh, which gained performance, and I decided to look for an easier way to stop the tablet “deep sleeping” on me.. less of a headache this way :laugh:

General (OPEN DEV) BruteRoot - A collection of Root Tactics (Possibly Force Bootloader unlock on NA Samsung S22?)

Devices & Linux Versions I or other Testers have Successfully Gained Root on:
(Likely All) MTK CPU Based Android devices UP TO 11 (Maybe 12? I haven't tested) (I.e LG, Sony, Select Samsung devices)
Android Devices with LINUX KERNEL VERSIONS - 5.8 - 4.14 - Maybe More? (Needs Testing)
-THIS GUIDE IS NOT BEGINNER FRIENDLY - BASIC UNDERSTANDING OF PYTHON, UNIX/LINUX ETC WILL BE REQUIRED!-​
If you have been holding off updating your device, well here's some good news, your device may still be vulnerable to a method to gain root access (and subsequently, possibly the ability to edit Build.prop and therefore allow the ability for OEM unlocking on USA based devices.) <- correct me if I'm wrong, but this should be possible, and once done, should persist across updates, correct?
As of the time of writing this, there is not currently a simplified APK method, but, still this process is relatively straight forward.
Alot of the methods used HAVE been patched from what I understand, but there have got to be plenty of devices out there still which are not updated. This project aims to compile all current, former and future Root methods into an APK that will do all the leg-work. If its able to find a working method, the GUI will pop a root shell for the end user. This SHOULD work, regardless of the setting of the "OEM UNLOCK" option in the dev options. A bypass, essentially.
Regardless, The project linked below uses a myriad of known exploits & vulnerabilities and looks to find one that will work.
Methods used are:
Nearly all of GTFOBins
Writeable docker.sock
CVE-2022-0847 (Dirty pipe)
CVE-2021-4034 (pwnkit)
CVE-2021-3560
It'll exploit most sudo privileges listed in GTFOBins to pop a root shell, as well as exploiting issues like a writable docker.sock, or the recent dirty pipe (CVE-2022-0847). More methods to root will be added over time too.
There is also an alternative (Dirty Pipe) injection method the uses @topjohnwu 's Magisk , this should be implemented into the apk. See this Github repo, Here.
I would imagine this could be implented in a way to target devices that have stopped being supported for updates, aswell, that do not have TWRP, such as the SM-T307U.
One big note - I am betting there are still ALOT of devices that are in inventory at retailers that remain on the vulnerable OS. So keeping that in mind, I'd say this is worth building.
What needs to be done:
TESTING!
Build APK - HELP NEEDED WITH THIS!
Deploy
Main Goals:
Get bootloader unlock ability for devices normally not unlockable (I.e North American Samsung Galaxy S22, Etc)
Above can be achieved by getting temp root via methods detailed here or otherwise, then editing build.prop, altering the below settings (The settings may be worded differently or simply not present at all, depending on device and Firmware version):
sys.oem_unlocking_allowed to 1
ro.oem_unlock_supported to 1 (most devices are set to 1 by default.)
ro.boot.flash.locked to 0
ro.secure to 0
ro.debuggable to 1
I think there may be one or two more that pretaint to Flash.locked. I.e flash.locked.other--or something very close.
Locally, gain temp root (System preferred, but any root will do.) on as many device types as possible.
Give device control back to end user.
Stay up-to-date on new exploits for root access & update apk accordingly.
STAY ETHICAL!!!! This is, in the end, a research project. Meaning all work preformed in the context of this project could result in a damaged or bricked device. By participating in this project you acknoledge these risks and accept them, and agree to not hold me, XDA, or anyone else responsible if you do some dumb ****. - k0mraid3
Github Project link: HERE for my fork & HERE for the original project.
My fork will incorporate the original project, as well as other found root access methods, such as the magisk injection method mentioned above - my repo is mainly used as a hub for the APK's dev - i don't have enough time to work on it at the moment but all are welcome to help.
July 15th 2022 (UPDATE) (SAMSUNG DEVICES ONLY): A new Escalation method has been found via the Galaxy app store (Versions BEFORE Galaxy Store 4.5.41.8). No details known yet, but it is said to be very easy. See CVE-2022-33708 (July132022). Unknown if downgrading the app to 4.5.0.0 will enable the method again or not.
Cred: liamg
One method to run Traitor on device - Thanks @DevinDking for sharing this.
Steps to get script on phone.
//
#!/bin/sh
set -e
dir=/data/local/tmp
adb=${adb:-"adb"}
$adb push traitor ${dir} //This puts file on phone make sure to run the terminal where its located
$adb shell chmod 755 ${dir}/traitor"
//
Now to run script start a new terminal
//
adb shell
#!/bin/sh
set -e
dir=/data/local/tmp
adb=${adb:-"adb"}
${dir}/traitor //script opens
//
But I assume this wouldn't work right, and isn't right.
Idk trying my best here xD
Click to expand...
Click to collapse
Tools & References:
Linux (and Android, FTMP) Privilege Escalation Techniques
Dirty Pipe - Magisk Injection
Traitor - Main Repo
GTFOBins
CVE Database (Public Database for exploits, vulnerabilities, etc.)
Windows Subsystem For Linux (Great for Dev)
ADB App Control - Cred @Cyber.Cat
Leaked Samsung Source Code ***Mod Edit: Link Removed***
Crontab Root Template script (File Attached - you still must edit crontab with "crontab -e" and point it to this file, see comments for guide, I will add one to post later)
Android Image Kitchen Used to create custom image's etc.
MTK Client
MTK Meta Utility (Source-???)
Will add more as time goes on and more found.
Interesting Attack vectors -
GFX Componets of a system.
Issues with Linux itself (i.e Dirty Pipe)
Privilage escalation via any means (I.e GTFOBins)
unprotected system process - Hijack them if possible (i.e RILService Mode, and a wide range of other OEM apps left on devices after ship)
7/24/22 - Samsung, LG & Other OEM's obfuscating (Intentionally Hiding) Fastboot and ADB Bootloader interfaces on PC
So over the last week or so i dived head first into USB Dev - ill save you the time and sum it up.
Vendors and OEM's are actively obfuscating the USB connection between your smartphone and the PC to keep you from Rooting. As far as im aware, there is no Universal way to fix this as each OEM screws with the USB drivers differently. THIS needs to be a point of focus for the rooting community. However, i have found a few tools for Dev if you wish to screw with this. (I'll upload them tonight)
7/24/22 - MTK (MediaTek) based Exploits
I Will try to compile a few methods for FORCING Bootloader Unlock on MTK based Devices as well as a way for manipulating said devices. I will attach two tools to this thread, these tools are EXTREMELY POWERFUL and can completely **** up your device. When i say REALLY F*CK UP your device, I mean to the point you cant even access recovery, Download OR bootloader mode. I'm Talking a blank DEAD device. So use with caution.
With that said, lets talk about the tools. You will need a basic understanding of Python to make use of MTK Client
First up, we have MTK Meta Utility (Currently Version 44) (Download Below)
Next we have MTK Client (Github Link)
So what can you do? Well, you can crash the Preloader to Brom with MTK Meta Utility while at the same time using MTK Client to send any payload you like to the device via Fastboot.
I know, vague right now, but ill add detail over the coming days.
I will continue to update the below list as new methods are discovered.
If you find Guides, tutorials or new exploits, please link them in the comments so I can include them in future development!
Telegram Channel: Here.
Information on Vulnerabilities, exploits & methods - CVE-2022-0847 (Jfrog) - The Story Of "Dirty Pipe" - XDA - Dirty Pipe - PWNKIT (CVE--2021-4034) - CVE-2021-3560 - Docker Breakout / Privilege Escalation - CVE-2022-33708 (July132022) - CVE-2022-33701 (July122022) - CVE-2022-22268 (Unlock Knox Guard with DEX) (JAN2022) - MTK Client -
Dev Team & credit to -
@topjohnwu - LiamG - @wr3cckl3ss1 - bkerler -
UPDATED - 7/29/22
There is also a new vulnerability exploit by Zhenpeng Lin that allows for privilege escalation on Pixel 6 and and Galaxy S22 devices running 5.10 kernel.
Don't update... destroyer of worlds
I feel like I'm missing something because wouldn't their normally be a million responses of hype, hope and nay-saying going on here? Has this been shot down already?
olivehue512 said:
I feel like I'm missing something because wouldn't their normally be a million responses of hype, hope and nay-saying going on here? Has this been shot down already?
Click to expand...
Click to collapse
Lol, everybody already updated the patch
blackhawk said:
Lol, everybody already updated the patch
Click to expand...
Click to collapse
This is just sad panda. I'm gonna skip next update anyways unless it comes with an actual other phone that is BL unlocked. I feel like everyone wants this so bad it can't be that far out before it happens.
Does the Magisk injection method work after July patch? I was reading through the work they did to get it done. Props to those guys.
sierratango88 said:
There is also a new vulnerability exploit by Zhenpeng Lin that allows for privilege escalation on Pixel 6 and and Galaxy S22 devices running 5.10 kernel.
Click to expand...
Click to collapse
Has it got a fancy number yet?! Eager to try this!!!! Maybe it can be put in with the others.
olivehue512 said:
I feel like I'm missing something because wouldn't their normally be a million responses of hype, hope and nay-saying going on here? Has this been shot down already?
Click to expand...
Click to collapse
Well, because they are known and accepted vulnerabilities and exploits. A very few have even been marked as "WONTFIX" such as the TTY method.
olivehue512 said:
This is just sad panda. I'm gonna skip next update anyways unless it comes with an actual other phone that is BL unlocked. I feel like everyone wants this so bad it can't be that far out before it happens.
Does the Magisk injection method work after July patch? I was reading through the work they did to get it done. Props to those guys.
Click to expand...
Click to collapse
Honestly, it's worth a shot but I doubt it.
One of the goals behind building the APK compilation of all these different tactics is to enable the end user to "give it a shot" easily on different devices, without having to know how to run all of this manually. Basically imagine an apk that just tries all the above methods and if ones successful the gui will pop a root shell open. From there, the possibilities are endless. Edit Build.prop, SELinux, Verity, Etc.
FYI even you applied the July update, seems like the Kernel version is still from June 21st, is still 5.10xxxx so we could still benefit from this exploit. Very interested in how we can get root here in the US.
K0mraid3 said:
Has it got a fancy number yet?! Eager to try this!!!! Maybe it can be put in with the others.
Click to expand...
Click to collapse
There hasn't been a CVE assigned to it yet that I am aware of.
xgerryx said:
FYI even you applied the July update, seems like the Kernel version is still from June 21st, is still 5.10xxxx so we could still benefit from this exploit. Very interested in how we can get root here in the US.
Click to expand...
Click to collapse
Go to the Github linked and try the different methods, see if you can pop a root and nano build.prop to allow OEM unlocking?
sierratango88 said:
There hasn't been a CVE assigned to it yet that I am aware of.
Click to expand...
Click to collapse
GREAT news for us! LEts get this temp root! lol
Looks like another new one! CVE-2022-33708
Another Samsung Exclusive - CVE-2022-33701
So, ive just spent my entire friday and friday night MANUALLY testing all the GTFOBins & reproducing some of the newer CVE's on Samsung Galaxy S7 Edge (Android 9) -Galaxy tab A 8.4, (Android 11), Galaxy S21 & S22 (Android 12) --- A little bit of progress made. Again, ill need someone with better working knowledge on APKs & Java to really move forward. All i can say so far, is this all must be awk for sammie, because cronie is looking promising
"crontab -e"
interesting find. not "New" but still new-ish enough some may be able to use. CVE-2022-22268 (Unlock Knox Guard with DEX)
New to this all but not rooting. Anyone recommend a way tutorial on how to try these methods on Win 11?
I don't have a deep understanding of Linux, I have tried, debian and unbuntu. I get traitor to run but it's detecting the Linux kernel and not my phones. How can I get the program to search for vulnerability on my phone not my Linux. I would love a more in depth guide and I'd love to give feedback on methods.
DevinDking said:
I don't have a deep understanding of Linux, I have tried, debian and unbuntu. I get traitor to run but it's detecting the Linux kernel and not my phones. How can I get the program to search for vulnerability on my phone not my Linux. I would love a more in depth guide and I'd love to give feedback on methods.
Click to expand...
Click to collapse
i had the same issue but cant remember how i worked that out. let me see if i can find out what i did on win11

Question Is there anyway to run 32 bit apps?

I don't know if this is the right place to ask or if it already has been or not, but is there any possible way to get 32 bit apps to run in some type of compatibility mode or something like that? For the most part the majority of my old apps came over from my old phone, however there are some apps I have and used regularly which are not compatable with this phone and I am not sure if the developers are still active or not. I'm assuming the answer is no, or would require root if it were possible and rooting is out of the question for me because I have Verizon. I am expecting to be SOL but figured it was worth asking about here.
This question has been asked and discussed in length, try search
I will not be rude and the short answer is no. Apps on the play store had roughly 2 years to switch 64 bit. For s**ts and giggles I did try to do a search with zero results.
If the devs are still active and they havn't updated to 64bit by now then they are a lost cause.
No Google's heads up to devs gave them ample amounts of time to switch all their apps from 32bit over to 64bit. Tough shiz if the devs didn't take the arning seriously and switched their apps over whenthey had the cance to do so. I'm genuinely curious of 32bit compatibility is a concern and/or a necessity for you why you would buy a smartphone that doesn't support it? I really don't see how that makes much sense when you could have chose from a lot of other new flagships with 32bit support in tact.
Get a Galaxy S22 Ultra, Motorola Edge 30 Ultra or OnePlus 10 Pro. It's likely next year's flagships of any brand will be 64 bit only, so the forced shift is coming.
I did not even know this was a thing prior to buying the phone and don't remember seeing anything posted about it until after I got the phone and google'd and found people talking about it on reddit but I did not find anything on here going into detail about it.
I never stated it was a "necessity" and I have no idea if the developers are active or not. They are older apps that are not overly popular that everyone uses however they were things I used on a regular basis and have no idea how I would even check to have known if they were 32 or 64 bit until I got the new phone and they didn't work and wouldn't let me install them. It's not the absolute end of the world, it's just an inconvenience and means I need to try and find replacements or reach out to the devs but it doesn't hurt to ask here because I figured there would be a way around it but obviously not.
This might be of some help to run 32 bit apps you want:
GitHub - ThomasKing2014/Pixel7_32bit_helper
Contribute to ThomasKing2014/Pixel7_32bit_helper development by creating an account on GitHub.
github.com
Interesting I will have to check this out
Not working for my Pixel 7 Pro, version 13 (TD1A.221105.001) : (
I dirty flash patched init_boot.img, and replace Magisk app to initial version of that repo.
VergeDX said:
Not working for my Pixel 7 Pro, version 13 (TD1A.221105.001) : (
I dirty flash patched init_boot.img, and replace Magisk app to initial version of that repo
Click to expand...
Click to collapse
Remove "stock' magisk
Install the patched magisk apk
Patch the stock init boot with the patched magisk apk
Flash the new patched init boot
on a clean install it works for me (beta: cheetah-t1b3.221003.008)
lunacies said:
I did not even know this was a thing prior to buying the phone and don't remember seeing anything posted about it until after I got the phone and google'd and found people talking about it on reddit but I did not find anything on here going into detail about it.
I never stated it was a "necessity" and I have no idea if the developers are active or not. They are older apps that are not overly popular that everyone uses however they were things I used on a regular basis and have no idea how I would even check to have known if they were 32 or 64 bit until I got the new phone and they didn't work and wouldn't let me install them. It's not the absolute end of the world, it's just an inconvenience and means I need to try and find replacements or reach out to the devs but it doesn't hurt to ask here because I figured there wld be a way around it but obvio
Click to expand...
Click to collapse
That's what I meant by and or sorry if me misinterpreting what you meant
bhammler said:
on a clean install it works for me (beta: cheetah-t1b3.221003.008)
Click to expand...
Click to collapse
I've compiled Magisk with the supplied patch from the repo and it isn't working for me. I've verified that the init does include the changes to override ro.zygote, however none of the Zygote processes start as the adb server never starts up, and well it doesn't boot.
Tested with the modified Magisk APK from the repo, same deal.
Strange that a clean install is necessary.
don't bother with a clean install, after I've installed some Mgaisk modules, I had a bootloop ;-)
It's nice to see there may be an option and I hope it works for everyone else. I am stuck with a Verizon phone so rooting is out of the question for me and I figured something like this would require root but hopefully other people are successful in getting it to work.
This works now, the problem was not the modules. If you enabled the zygisk in the 24 manager app than you got stuck in the bootlogo „G“. It’s fixed now, there is a new 25 magisk patched manager app that works with zygisk enabled. All my 32 Bit apps working now.
Wouldn't it be easier to just patch build.prop with a magisk module instead of patching the boot image?
Pixel7_32bit_helper/patch.diff at main · ThomasKing2014/Pixel7_32bit_helper
Contribute to ThomasKing2014/Pixel7_32bit_helper development by creating an account on GitHub.
github.com
hahimot483 said:
Wouldn't it be easier to just patch build.prop with a magisk module instead of patching the boot image?
Pixel7_32bit_helper/patch.diff at main · ThomasKing2014/Pixel7_32bit_helper
Contribute to ThomasKing2014/Pixel7_32bit_helper development by creating an account on GitHub.
github.com
Click to expand...
Click to collapse
No as I discuss here.
Namelesswonder said:
Didn't sleep, I have gotten closer, but Magisk modules aren't going to be the solution.
The earliest Magisk allows you to modify properties is after the post-fs-data trigger, which is well inside the init.rc. This is problematic because the property needs to be set before init.rc is even read.
Using a Magisk module to replace the init.rc with something else also isn't possible, since Magisk doesn't setup the overlays until well into the boot process.
This replacing is necessary because init.zygote64_32.rc actually has the secondary zygote service disabled, so the file needs to be modified to enable it, or with control over init.rc just stuffing a custom zygote service into it.
I don't think slipstreaming a modified init.rc and init.zygote64_32.rc into the ramdisk in init_boot will work since they would be overwritten once the system partition mounts. Could just modify the system partition, but that'll be for another day.
Click to expand...
Click to collapse
Gerr1 said:
This works now, the problem was not the modules. If you enabled the zygisk in the 24 manager app than you got stuck in the bootlogo „G“. It’s fixed now, there is a new 25 magisk patched manager app that works with zygisk enabled. All my 32 Bit apps working now.
Click to expand...
Click to collapse
Does it? I tried with building my own 24300, 25200, and 25205 and the result was the same on all of them. I didn't remove all modules and kept Zygisk on, so I guess I will have to try completely deleting all Magisk data.
Namelesswonder said:
No as I discuss here.
Does it? I tried with building my own 24300, 25200, and 25205 and the result was the same on all of them. I didn't remove all modules and kept Zygisk on, so I guess I will have to try completely deleting all Magisk data.
Click to expand...
Click to collapse
Yes it works now with the new magisk Manager APK.

Categories

Resources