Related
I have seen many questions as to how to get tethering back after upgrading to Android 5.0+ on the Stock rom. There are answers but only after searching 30+ pages of information. For those that have ADB set up you can simply run a few commands to get it to work below:
Code:
--Reneable tethering on Nexus 5 VIA ADB
adb shell content insert --uri content://settings/global --bind name:s:tether_dun_required --bind value:i:0
--Check Fix is still installed
adb shell content query --uri content://settings/global --where "name='tether_dun_required' AND value="0"
For those of you that do not have it set up I have provided an archive of everything you need with a batch file to run it automatically, just unzip the file and click on the batch.
As this is only adding a database table and modifies nothing else, there should be no ill affects of applying it to a non-compatible device. A NAND backup is always recommended with any mod done, the same applies here.
Probably a stupid question but is this nexus 5 specific?
Not that I know of. This should work on any stock android or AOSP/AOKP build, however if you are using a custom rom like Cyanogen Mod this table has been cooked into the rom already. If it doesnt work it shouldn't cause any problems, however a NAND backup is always recommended.
Hi,
I have developed a tool to exploit the dirtycow vulnerability and get TEMPORAL ROOT
It bypass the selinux in lollipop 32bits system only, we are working now in a 64bits and Marshmallow version and will be soon, have a lot of work to do it universal.
Im bringing 2 tools, one apk (no computer required) and one rar for adb and linux.
With this tool we will access to those partitions and start the attack there, but in the actual state if you have locked your bootloader a good choice is to have root even temporal one.
·APK
Required: SDCARD
The apk exploits this vuln in the vold context so, is necessary to have a sdcard and mount or extract it, when the app requires, one time per session.
This tool has some utilities for flash boot and system partition, also for backup and 2 methods of root:
·Attack init process (lollipop 32 bits only)
·Attack app_process.(all devices, not really good)
·Get root
Uninstall any supersu manager before root.
The way to use this app is first click in check perms(optional) and you will see if you have permissions to /init file.
If you have permisisons and lollipop 32 you can use the first method to get root.
Also in check permissions you will see if you have rights to backup/flash boot and system partition.
The process takes until 2 minutes to finish so wait please and watch the log window.
# ISSUES #
If you get reboot after get root you can:
-Clean init (restore init process sometimes crash the device, but is safe)
-Install selinux permissive (Set permanent the new selinux policy, not tested)
The first option is safe you just can get a reboot.
The second option is just tested in 3 devices(oppo,xperia,Moto E), so test it with a recovery system working, can break some selinux rule..
·ADB
The adb rar contains some utilities to get root via run-as and init and is only working in Lollipop 32bits.
To execute it:
-Pass rar:"nox"
-Extract the rar in /data/local/tmp/
Code:
chmod 755 /data/local/tmp/exploit.sh
cd /data/local/tmp/
./exploit.sh
This process take some time 1-2 minutes but you will see the progress in the console, please wait,
After will ask to turn off bluetooth do even sometimes is not required, it can accelerate the process.
It will ask to install selinux permissive, if you don't have reboot problems, don't install it, otherwise be sure you have a recovery system working and a stock rom ready to flash, this feature is stable but need more testing.
if all is ok you will see this:
Code:
#Type run-as -s1 to get a shell"
#Type run-as -s2 to execute su daemon"
The run-as -s1 give you a shell with init context but some restrictions because selinux autotransfer domain to run-as
The run-as -s2 will execute su dameon and a su init context with no restrictions.
# ISSUES #
If you get reboot after get root you can:
·mount system partition with flag abort:
Code:
mount -o remount,abort /system
You won't able to mount system in write mode.
This app is in BETA BETA state for now, just 7/9 devices passed not bad at all
I'll add more devices in the list soon
List of rooted devices:
Moto G 5.1 lollipop
Xperia 5.1 lollipop
Oppo 5.1 lollipop
Emulator 5.1 lollipop
XT1528 (MOTO E Verizon prepaid) 5.0.2 lollipop(reboot issues)
Asus Zenfone Go ZB452KG Lollipop(5.1.1)
Smartfren Andromax A / Haier a16c3h (Lollipop 5.1 Firmware 12.2)
Version:0.4
Adb:http://www.mediafire.com/file/r3i900n7jb2zfoo/EXPLOIT_ADB.rar
Apk:http://www.mediafire.com/file/38tyscsaxms00sa/croowt%282%29.apk
Implemented selinux pemissive after reboot.(adb,apk)
Enforce mode working.(adb,apk)
Version: 0.3
Fixed bug creating bl instruction.
Version: 0.2
-Fix bug in apk for some devices
Version: 0.1
-More compatible adb with lollipop 32 bits
-Fixed bug in the shellcode.
-64 bits version of run-as-dirtycow.
Todo:
-Working in Marshmallow 32 bits.
-Apk some fix.
Thanks to n0x for his great help debugging the shellcode issue in Moto G
Great work!
Waiting for 64 bit
I will gladly test with my v10 I've been able to get a temp root shell with dcow. Happy holidays!
Sweet ! Has anyone tested on Note 4? N910A on 5.1.1
I'm currently on 6.0.1 MM so I'm waiting for that release.
Anyone know if this will work with the November Security patch of 2016?
Sent from my SAMSUNG-SM-N910A using Tapatalk
Really cool. I am having a problem trying to connect my device over adb wifi and now this!!! I have a locked head unit and i can't install any apps (all installations blocked and developer mode, usb debug all hidden. ) any way for me to install this onto my phone and attack my device via bluetooth or something? Or autorun once connected to usb? It's a long shot but hey its Christmas!!
Merry Christmas by the way
Can we have access to the run-as-dirtycow source code?
Thanks.
Exploit process
For the developers that are testing this exploit or want to know how it works deeply:
First we dirtycow some privileged process, for example run-as has suid 0 given by selinux capabilities not by the bit setuid.
When we have overwritten run-as, this binary can read /init path, so we copy to other place with our run-as "trojan".
In our run-as we need to put some code to read files, my run-as-dirtycow does:
run-as /init
Will print this file to the stdout(console), if we redirect this output to a file:
run-as /init > /data/local/tmp/init.dmp
We copy /init file through our dirtycowed run-as that has root privileges, and is permitted by Selinux.
We patch init.dmp to create our init.patch with a shellcode to load new policy.
We will use run-as to dirtycow again our init.dmp but patched with a shellcode.
So our run-as trojan also will have the dirtycow exploit and when we exec this binary with the right arguments also will dirtycow any file with read permissions to root.
run-as /init /data/local/tmp/init.patch
Once finish and when the new policy is loaded exec run-as trojan wiht the special parameter -s1 or -s2 give to you a shell root or install su in the device TEMPORAL, no modifies any partition but mount a ext4 partition in /system/xbin with the su binary.
Well this is the process to do it in adb shell, in the apk i am using fsck_msdos to do all this chain of steps.
I like to get some different init from lollipop 32 bits and Marshmallow 32bits to adjust the patcher to Marshmallow.
jucaroba said:
Can we have access to the run-as-dirtycow source code?
Thanks.
Click to expand...
Click to collapse
Is very simple just have the dirtycow exploit original and some code to copy files read and puts.
Anyways soon ill post here, has no many secrets lol, just copy file or execute sh, the main problem now is the patcher, to make it working in Marshamallow and 64bits, i don't have any device with 64bits, yes one xperiaZ that i can install a custom rom with Marshmallow.
But i think the first is to check if the patcher is working in lollipop32 bits well, even ive tested 2 devices and reversed some other inits is not enough to be completely sure that all is ok.
kryz said:
Is very simple just have the dirtycow exploit original and some code to copy files read and puts.
Anyways soon ill post here, has no many secrets lol, just copy file or execute sh, the main problem now is the patcher, to make it working in Marshamallow and 64bits, i don't have any device with 64bits, yes one xperiaZ that i can install a custom rom with Marshmallow.
But i think the first is to check if the patcher is working in lollipop32 bits well, even ive tested 2 devices and reversed some other inits is not enough to be completely sure that all is ok.
Click to expand...
Click to collapse
Thanks for your answer.
I'm trying to use your exploit to be able to read my /data/misc/vold/expand_*.key file. My wife has a Moto G 2014 mobile with official (non rooted) Android 6 Marshmallow. The bootloader is locked. She has deleted accidentally all the pictures in her SD card, that is configured as adopted card (not portable). I have made a cloned copy of the SD in my linux laptop with dd command, but I can not mount the partitions in the SD because I have to know the encryption key.
I can not unlock the bootloader, because the phone will be reseted to factory and the encryption key will be deleted. And I can not read the key file without being root, because of the permissions of the file. I have tried your run-as-dirtycow trojan in the phone, and I can read files I have no permissions for, such as /init.rc. The only missing piece now is that I don't know the exact name of the key file. I only know that it is of the form "expand_*.key". Can your trojan run-as-dirtycow be modified to be able to read the files with this pattern name in a given directory?
Thanks in advance.
kryz said:
Is very simple just have the dirtycow exploit original and some code to copy files read and puts.
Anyways soon ill post here, has no many secrets lol, just copy file or execute sh, the main problem now is the patcher, to make it working in Marshamallow and 64bits, i don't have any device with 64bits, yes one xperiaZ that i can install a custom rom with Marshmallow.
But i think the first is to check if the patcher is working in lollipop32 bits well, even ive tested 2 devices and reversed some other inits is not enough to be completely sure that all is ok.
Click to expand...
Click to collapse
I'm trying to root my boost max+ running 5.1.I tried the check perm option but couldn't remount sdcard,it just froze.Upon reboot it hang at starting apps.Had to remove sdcard to get phone to boot properly.
Sent from my N9521 using Tapatalk
tnomtlaw said:
I'm trying to root my boost max+ running 5.1.I tried the check perm option but couldn't remount sdcard,it just froze.Upon reboot it hang at starting apps.Had to remove sdcard to get phone to boot properly.
Sent from my N9521 using Tapatalk
Click to expand...
Click to collapse
When you mount the sdcard is normal that doesn't mount again, the process hijack fsck_msdos, you have to come back to the application, wait and watch the window log.
It depends on mount will get 1-5 seconds to see the information.
If you see that init is OK, you can proceed with the get root.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
jucaroba said:
Thanks for your answer.
I'm trying to use your exploit to be able to read my /data/misc/vold/expand_*.key file. My wife has a Moto G 2014 mobile with official (non rooted) Android 6 Marshmallow. The bootloader is locked. She has deleted accidentally all the pictures in her SD card, that is configured as adopted card (not portable). I have made a cloned copy of the SD in my linux laptop with dd command, but I can not mount the partitions in the SD because I have to know the encryption key.
I can not unlock the bootloader, because the phone will be reseted to factory and the encryption key will be deleted. And I can not read the key file without being root, because of the permissions of the file. I have tried your run-as-dirtycow trojan in the phone, and I can read files I have no permissions for, such as /init.rc. The only missing piece now is that I don't know the exact name of the key file. I only know that it is of the form "expand_*.key". Can your trojan run-as-dirtycow be modified to be able to read the files with this pattern name in a given directory?
Thanks in advance.
Click to expand...
Click to collapse
The run-as context can't see /data or even /data/misc folders, anyways i will implement the list of directories in the next update.
kryz said:
The run-as context can see /data or even /data/misc folders, anyways i will implement the list of directories in the next update.
Click to expand...
Click to collapse
Yes, I know it can see those folders, I only need to know the name of the file I am interested in.
If you implement the "list of directories" functionality it will be fantastic. Thanks for it.
I will also be very grateful to see the full source code of the trojan.
Waiting eagerly for both things.
Thanks in advance.
jucaroba said:
Yes, I know it can see those folders, I only need to know the name of the file I am interested in.
If you implement the "list of directories" functionality it will be fantastic. Thanks for it.
I will also be very grateful to see the full source code of the trojan.
Waiting eagerly for both things.
Thanks in advance.
Click to expand...
Click to collapse
Sorry wrong type i wanted to say that run-as context can not see those folders.
I mean ive implemented all ready that function "-d" and run-as can not list those folders:
run-as -d /system/etc
Attached run-as-dirtycow.c
kryz said:
Sorry wrong type i wanted to say that run-as context can not see those folders.
I mean ive implemented all ready that function and run-as can not list those folders.
Click to expand...
Click to collapse
Mmmm, so the only way to be able to read a file in /data/misc/vold/ is to be root?
If that is the case, then I suppose I have to wait til your exploit can be used to root a Marshmallow phone.
Am I correct?
Thanks.
jucaroba said:
Mmmm, so the only way to be able to read a file in /data/misc/vold/ is to be root?
If that is the case, then I suppose I have to wait til your exploit can be used to root a Marshmallow phone.
Am I correct?
Thanks.
Click to expand...
Click to collapse
I think so, i don't have that folder in my devices, but i was trying to read on /data folder and no success in one of its sub folders.
Btw what cpu is your device 32 o 64 bits?
Can you post your init file?
kryz said:
I think so, i don't have that folder in my devices, but i was trying to read on /data folder and no success in one of its sub folders.
Btw what cpu is your device 32 o 64 bits?
Can you post your init file?
Click to expand...
Click to collapse
My CPU is 32 bits. It is a Moto G 2014.
I suppose you don't have the /data/misc/vold folder because you are not looking at a Marshmallow system.
What file are you interested in? The /init.rc file?
jucaroba said:
My CPU is 32 bits. It is a Moto G 2014.
I suppose you don't have the /data/misc/vold folder because you are not looking at a Marshmallow system.
What file are you interested in? The /init.rc file?
Click to expand...
Click to collapse
I'm interested in /init file and 32 bits is great
kryz said:
I'm interested in /init file and 32 bits is great
Click to expand...
Click to collapse
No /init file in Marshmallow. At least not in that path.
---------- Post added at 02:19 AM ---------- Previous post was at 01:48 AM ----------
kryz said:
I'm interested in /init file and 32 bits is great
Click to expand...
Click to collapse
Sorry, the file exist, but I can not read it. I can not copy it with your trojan run-as (run-as-dirtycow) either.
Hi kryz,
Please find the /init from 32bit 6.0.1
It is from Xperia Z2 with custom rooted rom (Mx ROM v8.6.0)
How can i copy /init from my boot locked, unrooted, stock 6.0.1 64bit X Performance?
Hi, is there any solution to root an Xtrons Android 8.0 Device?
Kingoroot plus SuperSu was a perfect solution in past, but did not work longer.
Kingoroot keep crashing on startup on oreo.
Need help
Me too. I need a sollution for rooting. And second... I need to know if I can use others theme. I want a black theme. Not gray.
I don't think its out yet. KingoRoot, Kingroot, and *#hct#root# don't work. I'm gonna try to do KingoRoot or unlock the bootloader with adb from a computer. If that doesn't work, I'll try downgrading the firmware and try all the appropriate root procedures. Outside of all that, I'm at a loss of what else to try. I have an GS MTCD/E.
jdisco1 said:
I don't think its out yet. KingoRoot, Kingroot, and *#hct#root# don't work. I'm gonna try to do KingoRoot or unlock the bootloader with adb from a computer. If that doesn't work, I'll try downgrading the firmware and try all the appropriate root procedures. Outside of all that, I'm at a loss of what else to try. I have an GS MTCD/E.
Click to expand...
Click to collapse
You have succeeded in making root on Oreo?
One is to flash the Magisk patch created by kumarai.
https://forum.xda-developers.com/showpost.php?p=75741195&postcount=519
Some people said this mod worked, but it was unstable and unusable for my GS unit.
Another is to install Malaysk ROM.
https://forum.xda-developers.com/an...-malaysk-roms-px5-2-4-gb-8-0-android-t3762724
This worked for my GS, but the cold startup time doubled, the overheating problem also got worse.
But I want you to remember. Our Chinese android unit was originally backdoor open.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Using the terminal emulator, enter the following command...
PHP:
setprop persist.adb.tcp.port 5555
setprop sys.rkadb.root 1
Once restarted, you can delete, add, or change system files via wi-fi adb.
So I returned to stock ROM, deleted bloatware via adb, modified the build.prop add custom apk and used it.
warata said:
But I want you to remember. Our Chinese android unit was originally backdoor open.
Using the terminal emulator, enter the following command...
PHP:
setprop persist.adb.tcp.port 5555
setprop sys.rkadb.root 1
Once restarted, you can delete, add, or change system files via wi-fi adb.
So I returned to stock ROM, deleted bloatware via adb, modified the build.prop add custom apk and used it.
Click to expand...
Click to collapse
Great news, thanks!
Where can I find a tutorial about that? All the instructions tell them that we need to connect usb to the computer, but our units do not have a usb port.
Thanks!
adioperator said:
Great news, thanks!
Where can I find a tutorial about that? All the instructions tell them that we need to connect usb to the computer, but our units do not have a usb port.
Thanks!
Click to expand...
Click to collapse
No, only Wi-Fi adb can be used. I do not know how to USB debug.
By inputting the command with the terminal emulator and restarting it, you can make adb connection via wi-fi from the PC on the same network.
However, it may need to enable USB debugging for developer options.
If people need an instructions I will make it in a few days.
warata said:
No, only Wi-Fi adb can be used. I do not know how to USB debug.
By inputting the command with the terminal emulator and restarting it, you can make adb connection via wi-fi from the PC on the same network.
However, it may need to enable USB debugging for developer options.
If people need an instructions I will make it in a few days.
Click to expand...
Click to collapse
It would be great if you make an tutorial about how to push an app to system over wifi, without root. I would like to replace canbus.apk from system app.
Thanks!
ADB via Wi-Fi You can edit system files with stock ROM
PHP:
setprop persist.adb.tcp.port 5555
setprop sys.rkadb.root 1
Enter the above command with the terminal emulator. I learned this content at 4pda(Thanks to booroondooks).
But you may not be able to use virtual keyboard(AOSP) to enter the command.If so, please use another keyboard or connect a USB keyboard.
Restart and check the HU's IP address.
(Settings, Networks, Wi-Fi, and tap the connected network)
PHP:
adb kill-server
adb connect ##.##.##.##
Open a command prompt as an administrator on a PC connected to the same network and enter the above command.(##.##.##.## is your HU's IP address)
If you see the message"connected to ##.##.##.##:5555", you are connected successfully.
If not, restart PC and HU and try again.
"ADB ROOT"
This command is necessary to run adb with administrator privileges.
PHP:
adb root
"ADB REMOUNT"
This command is needed first to manipulate system files.
PHP:
adb remount
"PULL"
You can download any files with this command.
PHP:
adb pull
"PUSH"
You can upload any files with this command.
PHP:
adb push
"CD"
Please change the directory before downloading the file. Android files should not be downloaded to the Windows system folder.
PHP:
cd
"ADB SHELL"
You can operate the terminal emulator from the PC.
PHP:
adb shell
"chmod"(emulator command)
This command can change the permissions of the system file.
PHP:
chmod
***Very important***
The system file uploaded from the PC needs to give correct authority.
Most system apks require 644 privileges and will not work if they are missing.
Aiso build.prop needs 644. If you forget this, the system will be a brick.
"rm -rf "(emulator command)
You can delete system files with this command.
However, some system files may not work properly when deleted.
PHP:
rm -rf
I am not an English speaker and I am not familiar with the unix commands. So from an advanced level I may be doing something useless or dangerous.But I tried all the contents introduced here with my own HU.I attached an example of command use as an image, so I want you to compensate for the missing explanation. Good luck!
Thanks it work, i use my Archlinux Laptop to use adb wifi (android-tools), and I could change my boot logo (alfa 1024x600 for me) :
https://forum.xda-developers.com/an...evelopment/mod-boot-animation-toyota-t3351617
mum1989 said:
Thanks it work, i use my Archlinux Laptop to use adb wifi (android-tools), and I could change my boot logo (alfa 1024x600 for me) :
https://forum.xda-developers.com/an...evelopment/mod-boot-animation-toyota-t3351617
Click to expand...
Click to collapse
Did you try adding a custom boot logo in factory settings?
You Can only choose a static picture,
I want boot animation.
mum1989 said:
You Can only choose a static picture,
I want boot animation.
Click to expand...
Click to collapse
https://play.google.com/store/apps/details?id=com.jrummy.apps.boot.animations&hl=en
Try this. You can add a few custom animations with this. It works, and it works with Oreo, but it might not work with your radio. YMMV.
I would say I can't change to an boot animation in the setting
so manualy I add news boot_animation_droid file. (with root)
mum1989 said:
I would say I can't change to an boot animation in the setting
so manually I add news boot_animation_droid file. (with root)
Click to expand...
Click to collapse
Mostly that is correct, there is a an option in the "factory settings" menu of the radio to change the boot animation to be one of any number of car manufacturer logos, or a static picture, as you said, but perhaps not a custom animation like you suggest.
Custom boot logos are touchy things, they have to be the proper size, proper resolution and cannot take up too much space. They have to be written to the system in the proper fashion, and if you overwrite into another part of the system you brick your unit and must recover.
You've heard of Project Treble, right?
https://www.xda-developers.com/project-treble-custom-rom-development/
https://www.xda-developers.com/how-project-treble-revolutionizes-custom-roms-android-oreo/
TWRP-type recovery with Project Treble currently allow you to flash a custom boot animation. Sadly, we don't have TWRP or Treble for these px5 units. Some people have gotten close, but no cigar, as we say.
Even with TWRP, I've heard of people bricking their phones after a custom bootanimation.zip flash, then they have to recover and re-flash the ROM. I had to restore one of these units after a failed root flashing attempt in Oreo and it took hours (sitting in a hot car, on a hot 38°C day) unit we were fully restored and back to where I wanted the OS to be. It can be done but if you screw up, or the animation isn't exactly perfect, you're in trouble.
So the short answer is, use the boot animations from that app or a similar app and be satisfied with that.
---------- Post added at 12:35 PM ---------- Previous post was at 12:26 PM ----------
warata said:
...
"chmod"(emulator command)
This command can change the permissions of the system file.
PHP:
chmod
***Very important***
The system file uploaded from the PC needs to give correct authority.
Most system apks require 644 privileges and will not work if they are missing.
Aiso build.prop needs 644. If you forget this, the system will be a brick.
"rm -rf "(emulator command)
You can delete system files with this command.
However, some system files may not work properly when deleted.
PHP:
rm -rf
Click to expand...
Click to collapse
This is excellent, thank you for sharing.
As a general note, if you are rooted, you can use Titanium Backup app to rapidly freeze or uninstall unneeded system apps, like the Easter Egg, printing services, gMail, etc. It can be done with the terminal but you can do it much faster with Titanium.
I've tried installing the LineageOS terminal, from https://www.apkmirror.com/?post_type=app_release&searchtype=apk&s=terminal but although it claims to have installed, its not not appearing as an icon on any of the screens, and when I tried to launch it from the APK launcher App (that comes built into the Xtrons Oreo unit), it doesnt seem to start
Any ideas ???
Ignore my last post.
I found an terminal emulator that worked.
Finally got this working with my Xtrons unit
ro.build.id=OPR5.170623.007
ro.build.display.id=px5-userdebug 8.0.0 OPR5.170623.007 eng.hct.20180504.142413 test-keys
ro.build.version.incremental=eng.hct.20180504.142413
ro.build.version.sdk=26
ro.build.version.preview_sdk=0
ro.build.version.codename=REL
ro.build.version.all_codenames=REL
ro.build.version.release=8.0.0
ro.build.version.security_patch=2017-10-05
ro.build.version.base_os=
ro.build.date=Fri May 4 14:24:13 CST 2018
ro.build.date.utc=1525415053
I initially miss-typed the setprop persis command, but now I got that right, I've been able to pull virtually everything off the unit, (albeit surprisingly slowly, considering the HU is sitting right next to my WiFi router)
Edit.
BTW. Is there any way to push SuperSU etc onto the device to root it using this method ?
I don't seem to be allowed to post a link to it but, here is the path to the topic about rooting the xtrons unit
android-auto/mtcd-discussion-questions-development/how-to-root-ctrons-oreo-android-8-0-t3747975
Note the processed described in the post isn't actually how to root the device, but how to use ADB to make changes when its given root privilages
There is also a replacement ROM, which is pre-rooted, but the installation process carries risks, and I've seen some people report they have gone back to the stock ROM because of issues with the replacement ROM
Hello friends, i was just wondering if it would be possible to use adb from a laptop to send just a line of command to the Head unit via a male to male usb cable since my xtrons unit has 3usb out.
I'm really fed up of using here maps, Google maps, YouTube and shuttle+ (my music player) with the notification bar always showing up and the system ui tuner app allows to remove it in a per app basis without root.
Many thanks in advance.
########################################################################
EDIT ::: First Non-Alpha Release.
#>>Download LINK <<#
http://www.mediafire.com/file/rhmimk5dojt492b/DirtyCow + Double SuperSu Injection.zip
########################################################################
######Screenshot's######
PROOF.SH <<--- Click-able --- <<<
Kernel + SEpolicy Informations <<--- Click-able --- <<<
Succesfully Granted Termux Root <<--- Click-able --- <<<
SuperSu is at Lastest V2.82 <<--- Click-able --- <<<
######PROOFS######
But Technicly this works on ANY Android , Tested on 5.1.1, 6.0.1, 7.0,
SM-G920V
My Bootloader is Locked/ Doesnt Exist?
I use FLashFire, which will be installed using this method, but i also used Official TWRP to understand how the S6 Bootloader IS Picky I will only Accept STOCK.
I SUCCESFULLY Booted in TWRP with FISHY... I was working on TEMP Recovery and i thought...(Useless because you cant MODIFY THE OS -_- else Bootloader trigger)
But how about Booting a ROM instead of TWRP?! So i am working on this right now, Currently have a WORKING METHOD For Lg G4 h812 and succefully Booted Custom ROM)
This(Dirty-Cow Exploit) also Worked for my LG G4 But with Different Security Disabling Methods(OEM UNLOCK), Bluestack, Ubuntu 16, My raspberry PIE.... Pretty much... ARM32/64... but there is one for EVERY arch anyway.
I wish you guys a GOOD root.... Not to Exploit the exploit.
Scan.rar :Note: IF This is INFECTED"... well i had no clue, i want to Declare that i have NOT inject any Virus, i just Found the files on a XDA and Slighty modified a Root-Tool and Merged it with another, Writed .bat to make it Function at least with VERIZON and ROGERS.
::::::::::::::::::::::::::::::::::::::::::::::I want also to Declare that IF IT IS INFECTED , PLEASE REPORT BECAUSE... i am RUNNING THIS on my phone.*facepalm*::::::::::::::::::::::::
https://www.virustotal.com/fr/file/...19598dfec975f6511e20ed70/analysis/1519884568/
6 / 58
Antivirus Résultat Mise à jour
Antiy-AVL Trojan/Linux.TSGeneric 20180301
Avast ELF:CVE-2016-5195-T [Expl] 20180301
AVG ELF:CVE-2016-5195-T [Expl] 20180301
CAT-QuickHeal Exploit.dirtycow.A18c7 20180228
ESET-NOD32 a variant of Android/Exploit.CVE-2016-5195.A 20180301
Ikarus Trojan.AndroidOS.Exploit 20180228
Download Link ::
http://www.mediafire.com/file/n2r3obszwkxf31n/Arm32-DirtyCow-MixSploit.rar
What's going on here? No input is being accepted.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Wasted time, no root....
Anyway of making linux version? and maybe another option for dirtycow app_process32
EDIT --
YOU MUST disabled KNOX - Find My Device - Reactivation LOCK.
You must run DIsable Samsung Securities.. it might bug on Lockscreen or Knox. But CTRL + X/C ; would you like to terminate bat (y/n?) = N , just skips the stuck steps(most of the time)
But i really recommend doing all commands 1 by 1.
i figured much about android since using DIrtyCow and other Rootkits
Think about your / (root path) as an Standart UBUNTU/Linux, whitout YET the SUDO(which is added using BUSYBOX to your System/bin)
I also want to add that With ANY ANDROID.. or almost, in this case my Sm-g920V 5.1.1:: I succefully Flashed NETHunter for Arm64, still trying to compile it for ANdroid 7.0... Might as well just install CyanogenMod if i can Get Root and TWRP Working again.
FISH script is USING DIrtyCow. so should GET YOU ROOT. if you dont have it already.
Try running the .bat commands 1 by 1
the Run_for_arm.bat is to get a shell, then if you copy dirtycow.sh to the /system/usr/tmp (something like that) you can do with the SHell that run_for_arm.bat has open something similar to this :
--This Runs a Shell with Dirtycow(modified sh Function to allow Root) + My-run-as(which Elevates to Root)
*****************Run a Dirtycow(elevated) Shell ADB ************************
adb shell
/data/local/tmp/dirtycow /system/bin/run-as /data/local/tmp/my-run-as
#OR#
adb shell "/data/local/tmp/dirtycow /system/bin/run-as /data/local/tmp/my-run-as"
-- You can after that Operate Root Commands from this shell. EXEMPLE :::
Code:
*******Remove Old DirtyCow**********
files\adb shell rm /data/local/tmp/dirtycow
files\adb shell rm /data/local/tmp/my-run-as
files\adb shell rm /data/local/tmp/init
files\adb shell rm /data/local/tmp/init_patched
files\adb shell rm /data/local/tmp/sh
files\adb shell rm /data/local/tmp/a.out
files\adb shell rm /data/local/tmp/sepolicy
*******PUsh DIrty Cow Via ADB **********
files\adb push files/armeabi-v7a/dirtycow /data/local/tmp/dirtycow
files\adb push files/armeabi-v7a/my-run-as /data/local/tmp/my-run-as
files\adb push init_patched /data/local/tmp/init
files\adb push a.out /data/local/tmp/a.out
files\adb push sh /data/local/tmp/sh
files\adb push sepolicy /data/local/tmp/sepolicy
*******Change the Permission of the FIles inside /tmp/ and attemp to unrestrict the tmp folder itself **********
files\adb shell chmod 0777 /data/local/tmp/
files\adb shell chmod 0777 /data/local/tmp/*
files\adb shell chmod 0777 /data/local/tmp/dirtycow
files\adb shell chmod 0777 /data/local/tmp/my-run-as
files\adb shell chmod 0777 /data/local/tmp/init
files\adb shell chmod 0777 /data/local/tmp/init_patched
files\adb shell chmod 0777 /data/local/tmp/a.out
files\adb shell chmod 0755 /data/local/tmp/sh
files\adb shell chmod 0777 /data/local/tmp/sepolicy
*****************Remount /system as Read/write ************************
adb shell "/data/local/tmp/dirtycow /data/local/tmp/my-run-as mount -o rw,remount /system"
adb shell mount -o rw,remount /system
adb push push_system /system
adb shell mount -o rw,remount /system
adb shell mount -o rw,remount rootfs /
**************Install SuperSU APK and FlashFIRE********************
adb install -r SuperSU-v2.82.apk
adb install -r FlashFire.apk
**********Push The SuperSu Binary(Flashed .zip to an Empty Android Partition Format)**********************
adb push SuperSU-v2.82.img /data/su.img
adb push launch_daemonsu.sh /system/etc/launch_daemonsu.sh
adb push init.sec.boot.sh /system/etc/init.sec.boot.sh
adb shell < supersu.cmds
adb shell < supersu1.cmds
-- The Trick is to try and open a Terminal emulator with My-run-as
Like so
I'l try to make it simpler... sorry I'm a noob as well. BUT I CAN TELL YOU
THAT I Succefully ROOTED once... now i reflashed stock, I'l try to do it again and make a Working, .bat script. sorry for inconviniente..
I Was so drunk.
########################################################################
EDIT ::: First Non-Alpha Release.
http://www.mediafire.com/file/rhmimk5dojt492b/DirtyCow + Double SuperSu Injection.zip
########################################################################
after Running Security Disabler AND Disabling Reactivation LOCK:::
Samsung/Security Disabler.Bat
1) Here it is, Copy and paste this new Run_for_arm(complete).bat
Just run that root.bat in this .zip file
And then Run This one.
Warrior1988 said:
Anyway of making linux version? and maybe another option for dirtycow app_process32
Click to expand...
Click to collapse
Took me an week to Find DirtyCow.Exploit
Took me an 3 Days to Figure out how it works(still not quite shure)
Took me a Whole day to install Kali-Linux, but EVERYTIME i finish install. Password changes?
I have now Ubuntu 17.01 , and it is My First time.
You can Probably rename <root.bat >---> root.sh>
Since Most Commands are "echo"(Unix-Basic) and "adb"(Downloadable Library) which can be performed on both environement almost natively.
In Fact , If you have an: ROOTED-Arm64-Android-Device(Exemple : "LG G4 H812" ) ++ OTG CABLE
(((NOTE :: If you Have an ROOTED-Arm32-Android-Device INSTEAD:;
1) :: EITHER ::
---Modifie the STEP 2 script (Which is SUPOSED to work for EITHER ARM32 or ARM64)
((( TO instead use the "/Step 2/push_system/lib" :: INSTEAD OF :: "/Step 2/Push_system/lib64" )))
2) :: EITHER ::
---Copy the "/Step 2/push_system/lib" Folder FILES to "/Step 2/Push_system/lib64"
0); you can EASILY ROOT your NON Rooted Arm64-device :
(1) Plug your UNIX USB_Debugable_-_arm64.-device : to : OTG_Cable-Usb3_ >> _-_Rooted Android Device;
(2) install ADB from terminal or Github to your Rooted Android Device;
(3) Extract DirtyCow + Double SuperSu Injection.zip >> /storage/emulated/0/WORKFOLDER
(4) Extract /Step 0 / Step 1 / Step 1.5 / Step 2.0 / (No worryes They have Folders Named Accordingly in Every .zip)
(5) For Every "Step X" folder, Find and rename Root.bat >> Root.sh
(6) Execute the RENAMED root.bat >-> Root.sh ; FROM Android Terminal Emulator(Requires Root, or does it?)
#OR#
run the ADB's Manually, which links to supersu.cmds, WHICH runs .sh Scripts.....
Anyone actually get this to work other than the OP? I have a 920v sitting here rotting i would rather use since my note5 will never have root
Icetech3 said:
Anyone actually get this to work other than the OP? I have a 920v sitting here rotting i would rather use since my note5 will never have root
Click to expand...
Click to collapse
op is a noob
there is no root on devices with dm-verity enabled
you can't make any changes to /system making this useless
What i thought. no idea why i have any hope on these things thanks.
Legitsu said:
op is a noob
there is no root on devices with dm-verity enabled
you can't make any changes to /system making this useless
Click to expand...
Click to collapse
its not workble j3119 ,but device have RL, i already disable all knox pakgs,
is thery any method which can give us temporally root access for all androids ,samsung lg etc
I have been trying to figure out how to make the github source code to work.
Hello. Did this end up not working? I have a Samsung galaxy s6 att SMG920A. It's been impossible to root it seems. It has a locked bootloader from what I've been told but it's not locked to The service provider . That being said I've rooted successfully s5, j7, LG k7, LG 330, and a few others I can't recall . I'm as new as it gets but I'm learning fast. I rooted the s5 by flashing old versions of the s5 stock rom, bricking it and reflashing. I was told back then that it was impossible especially since it was from T-Mobile. I have been told the s6 7.0 att is impossible but I think impossible means lazy sometimes. It's still up and running and not bricked and I have flashed with Odin every stock rom I came across and a few twrp that claimed they would work. I thrown noencryptnoencrptverity files and every super su u app on play store, modded play store and the free store at it. I've tried using lucky patcher, Apk editor and every flasher app i could. I recently decrypted one of the recorded recovery and found that dirty cow is being used on this phone and because I'm a noobe and don't know what I'm looking at; I think this phone is or was possibly rooted; but I doubt it root checker says it's not. Then again I rooted and flashed my wife's j7 with custom note 8 rom and root checker also says it's stock and not rooted. How does that work? I have three Alcatel 5041c and they have custom builds from the factory? Anyways I'm head strong to figure out how to make this dirty cow work and hopefully be universal because I have a bunch of cheap phones id like to see the full potential on and all the Obama phones everyone is selling for dirty cheap. I would also like to add I tried kingroot, kingoroot, drfone toolkit, drfone root, superoneclick every adb command I could find and even the sites offering paid roots can't touch it. Recovery mode has an option to boot to bootloader but it only just starts the phone. I'm confused on that. Fastboot commands don't work on Samsung so what would booting to the bootloader be used for with a Samsung? I'm honestly surprised this phone doesn't have more info on it or people working on it together. It's an octacore with 64 gigs of space. It walks faster than my rooted LG runs AND would take both the rooted jay7 and LG combined in a speed test and has and it's stock I've also used a usb hub and and otg cable and was able to add 184 gigs of external with no problems. Last I would like to add I have the internal parts of another s6 that was damaged and is running an older version I had a backup that I can't seem to find anywhere.
does it work running G920VVRU4DRE1 ? I know that was the major concern and problem with all the other methods. I just was to verify so I dont brick my phone.
so glad i posted this couples years ago. btw i was 16 years old.
it still work tho for my sw900w8:armv7
idk why but the boot image in step 1.5 gives me root (in ADB, not SuperSU). DirtyCOW seems to be patched (I wrote my own exploit and it didn't work either). Where'd you get the boot image?????
Superseani2 said:
########################################################################
EDIT ::: First Non-Alpha Release.
#>>Download LINK <<#
http://www.mediafire.com/file/rhmimk5dojt492b/DirtyCow + Double SuperSu Injection.zip
########################################################################
######Screenshot's######
PROOF.SH <<--- Click-able --- <<<
Kernel + SEpolicy Informations <<--- Click-able --- <<<
Succesfully Granted Termux Root <<--- Click-able --- <<<
SuperSu is at Lastest V2.82 <<--- Click-able --- <<<
######PROOFS######
But Technicly this works on ANY Android , Tested on 5.1.1, 6.0.1, 7.0,
SM-G920V
My Bootloader is Locked/ Doesnt Exist?
I use FLashFire, which will be installed using this method, but i also used Official TWRP to understand how the S6 Bootloader IS Picky I will only Accept STOCK.
I SUCCESFULLY Booted in TWRP with FISHY... I was working on TEMP Recovery and i thought...(Useless because you cant MODIFY THE OS -_- else Bootloader trigger)
But how about Booting a ROM instead of TWRP?! So i am working on this right now, Currently have a WORKING METHOD For Lg G4 h812 and succefully Booted Custom ROM)
This(Dirty-Cow Exploit) also Worked for my LG G4 But with Different Security Disabling Methods(OEM UNLOCK), Bluestack, Ubuntu 16, My raspberry PIE.... Pretty much... ARM32/64... but there is one for EVERY arch anyway.
I wish you guys a GOOD root.... Not to Exploit the exploit.
Scan.rar :Note: IF This is INFECTED"... well i had no clue, i want to Declare that i have NOT inject any Virus, i just Found the files on a XDA and Slighty modified a Root-Tool and Merged it with another, Writed .bat to make it Function at least with VERIZON and ROGERS.
::::::::::::::::::::::::::::::::::::::::::::::I want also to Declare that IF IT IS INFECTED , PLEASE REPORT BECAUSE... i am RUNNING THIS on my phone.*facepalm*::::::::::::::::::::::::
https://www.virustotal.com/fr/file/...19598dfec975f6511e20ed70/analysis/1519884568/
6 / 58
Antivirus Résultat Mise à jour
Antiy-AVL Trojan/Linux.TSGeneric 20180301
Avast ELF:CVE-2016-5195-T [Expl] 20180301
AVG ELF:CVE-2016-5195-T [Expl] 20180301
CAT-QuickHeal Exploit.dirtycow.A18c7 20180228
ESET-NOD32 a variant of Android/Exploit.CVE-2016-5195.A 20180301
Ikarus Trojan.AndroidOS.Exploit 20180228
Download Link ::
http://www.mediafire.com/file/n2r3obszwkxf31n/Arm32-DirtyCow-MixSploit.rar
Click to expand...
Click to collapse
Modifying recovery to boot ROM go anywhere?
LOOKS LIKE THIS ONLY WORKS FOR 5.6.1.0 AND UP BUT YOU CAN ALWAYS TRY IF YOU WANT, THIS *SHOULD* NOT DAMAGE YOUR DEVICE
THIS DOES NOT WORK ON NEW 2018 MODELS.
You can use this method in any tools or scripts, but you must add a link to this thread in these threads, videos, etc.
Hi!
This is a guide on how to disable system apps on 7th Generation or older Fire tablets.
This guide *should* work in theory for every Fire tablet, in every version, but I only tried this is my HD 8, version 5.6.1.0.
(Also the "pm hide" command does not just hide the app, it is almost completely identical to "pm disable", only the system interprets it differently. So, yes, you will notice a good increase in performance after you do this!)
Please hit thanks if this helped, it is easier than commenting thanks...
--You'll require a PC with ADB installed.--
--------
MANUAL METHOD:
1.) I attached an APK for "Amazon Facebook Share" below,(edit: it is not displaying properly in this thread, see post #1) install it with ADB, or copy it into the device and install it manually.
2.) Reboot.
3.) Now open the command prompt, and type:
Code:
adb shell
run-as com.amazon.unifiedsharefacebook
id
4.) If the "id" command output *does not* start with "uid=2000" then you are good to go! Just run "pm hide" on every system app package you want to disable, you can find some lists in this forums. (If it does not, PM me your output or reply in this thread with the output)
5.) So, it looks like that this sheet works well.
SEMI-AUTOMATIC METHOD:
SORRY, CURRENTLY THE SEMI AUTO METHOD IS BROKEN, I'LL TRY TO FIX IT.
1.) Download the attached .ZIP and extract it, see post #30.
2.) Run the batch file, (it will reboot your device).
3.) Now continue the step #3 from above.
--------
If you try to access a disabled app, it will show an annoying warning, (like accessing "System Updates" in Device Options after disabling OTA)
Code:
The requested action is not permitted. Check Parental Controls settings and retry.
IMPORTANT- If you disable com.amazon.firelauncher, everything will work almost perfectly, but you will see the warning message I mentioned above every time you press home.
--------
Good Luck with disabling, and don't disable critical parts!
Here is the APK.
Sadly didnt work, have a Fire HD 8, 5.6.0.1
Installed it via adb install -r -d with the following error.
Failure [INSTALL_FAILED_MISSING_SHARED_LIBRARY]
Works !
works on 5.6.2.0
removed the apps from the bloatware spreadsheet
Not yet rebooted my fire hd8
Need help with my fire HD 8 running fire OS 5.6.2.0
Supersonic27543 said:
THIS IS STILL UNCONFIRMED, AND MAY OR MAY NOT WORK. BUT IT JUST WORKED FOR MY DEVICE.
Hi, I'll be unable to be in this forums for some time, maybe for a couple of months, (I will still check the forums when I can) so I'm going to leave a gift for everyone!
This guide *should* work in theory for every Fire tablet, in every version, but I only tried this is my HD 8, versions 5.6.0.1 & 5.6.1.0.
(Also the "pm hide" command does not just hide the app, it is almost completely identical to "pm disable", only the system interprets it differently. So, yes, you will notice a good increase in performance after you do this!)
-You'll require a PC with ADB installed.
1.) I attached an APK for "Amazon Facebook Share" below,(edit: it is not displaying properly in this thread, see post #1) install it with ADB, or copy it into the device and install it manually.
2.) Reboot.
3.) Now open the command prompt, and type:
Code:
adb shell
run-as com.amazon.unifiedsharefacebook
id
4.) If the "id" command output *does not* start with "uid=2000" then you are good to go! Just run "pm hide" on every system app package you want to disable, you can find some lists in this forums. (If it does not, PM me your output or reply in this thread with the output)
If you try to access a disabled app, it will show an annoying warning, (like accessing "System Updates" in Device Options after disabling OTA)
Code:
The requested action is not permitted. Check Parental Controls settings and retry.
IMPORTANT- If you disable com.amazon.firelauncher, everything will work almost perfectly, but you will see the warning message I mentioned above every time you press home.
Good Luck with disabling, and don't disable critical parts!
Click to expand...
Click to collapse
hey, I am trying to get rid of some apps on the fire HD 8 and what this post said was not working and I was hoping you could help me out...
1. when I put the apk in the storage and try to install it on my Fire it comes back and says "app not installed" but I tried to push it with ADB and still no luck...so I try my luck and try all the commands anyway and here is the script I got back:
C:\Tools\platform-tools_r28.0.0-windows\platform-tools>adb shell
[email protected]:/ $ run-as com.amazon.unifiedsharefacebook
run-as: Package 'com.amazon.unifiedsharefacebook' is not debuggable
1|[email protected]:/ $ id
uid=2000(shell) gid=2000(shell) groups=1003(graphics),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats) context=u:r:shell:s0
[email protected]:/ $
anything would help.
Thanks
Rangerclass said:
hey, I am trying to get rid of some apps on the fire HD 8 and what this post said was not working and I was hoping you could help me out...
1. when I put the apk in the storage and try to install it on my Fire it comes back and says "app not installed" but I tried to push it with ADB and still no luck...so I try my luck and try all the commands anyway and here is the script I got back:
C:\Tools\platform-tools_r28.0.0-windows\platform-tools>adb shell
[email protected]:/ $ run-as com.amazon.unifiedsharefacebook
run-as: Package 'com.amazon.unifiedsharefacebook' is not debuggable
1|[email protected]:/ $ id
uid=2000(shell) gid=2000(shell) groups=1003(graphics),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats) context=u:r:shell:s0
[email protected]:/ $
anything would help.
Thanks
Click to expand...
Click to collapse
i've copied the apk in /sdcard and then pm install -r -d /sdcard/com.amazon.unifiedsharefacebook.apk
t0x1cSH said:
i've copied the apk in /sdcard and then pm install -r -d /sdcard/com.amazon.unifiedsharefacebook.apk
Click to expand...
Click to collapse
I just got the tablet on Prime day and have not yet got the sdcard...
is there anyway i could do it without and what Tablet do you have?
mine is a Fire HD 8 7th gen running OS 5.6.2.0
thanks for the advice and hope we can figure something out.
Rangerclass said:
I just got the tablet on Prime day and have not yet got the sdcard...
is there anyway i could do it without and what Tablet do you have?
mine is a Fire HD 8 7th gen running OS 5.6.2.0
thanks for the advice and hope we can figure something out.
Click to expand...
Click to collapse
simply copy the apk on the device via usb cable in the root directory
open adb shell on your pc
run pm install -r -d /sdcard/com.amazon.unifiedsharefacebook.apk
then run run-as com.amazon.unifiedsharefacebook
and then check your id
t0x1cSH said:
simply copy the apk on the device via usb cable in the root directory
open adb shell on your pc
run pm install -r -d /sdcard/com.amazon.unifiedsharefacebook.apk
then run run-as com.amazon.unifiedsharefacebook
and then check your id
Click to expand...
Click to collapse
Thanks you so much.
I was doing /local not /sdcard because I thought that local would be it because I did not have a SD card yet.
the ID has now changed and I should be able to complete the first post.
Thank you so much for your time and help.
t0x1cSH said:
simply copy the apk on the device via usb cable in the root directory
open adb shell on your pc
run pm install -r -d /sdcard/com.amazon.unifiedsharefacebook.apk
then run run-as com.amazon.unifiedsharefacebook
and then check your id
Click to expand...
Click to collapse
I still get the [INSTALL_FAILED_MISSING_SHARED_LIBRARY] error
edt: not sure if I want to update if sooner or later an exploit might be found..? what do you guys think
Worked for HD7 (7th Edition) with OS 5.6.1.0
Now I can disable ("hide") further OTA updates.
Thank you very much.
Edit: I bought my HD7 last year, which came with O.S. 5.4.0.0. However, after "pm uninstall" Special Offer and a few Amazon Apps, I forgot to "pm uninstall" OTA. Consequently, it continued to get OTA updates till now.
Dan_firehd said:
Worked on HD7 (7th Edition) with OS 5.6.1.0
Now I can disable ("hide") further OTA updates.
Thank you very much.
Click to expand...
Click to collapse
It worked for HD 7? Nice :good:
vierlex said:
I still get the [INSTALL_FAILED_MISSING_SHARED_LIBRARY] error
edt: not sure if I want to update if sooner or later an exploit might be found..? what do you guys think
Click to expand...
Click to collapse
That error shows when the device does not support the APK. Is it a HD 8 2016? Also, do not update if you don't have to, 5.6.1.0 is considerably reinforced against exploits than previous versions. But if you really want to disable, it may be worth a try.
This is awesome! This worked on my 7th gen HD 8.
I followed the list of apps in this thread for what to hide (plus a little more): https://forum.xda-developers.com/hd8-hd10/general/debloat-fire-hd-2017-kindle-prime-music-t3729209
But I think I hid something important as I have a red line across the bottom of my screen now....
I know you said we need a PC with adb installed, but would this not also work with a terminal emulator?
Sent from my SAMSUNG-SM-G935A using Tapatalk
I get INSTALL_FAILED_INVALID_URI when trying to install on a Fire HD 8 2017 with 5.6.2 is it blocked in 5.6.2
I am so hoping this works for me! When I have the time to give it a try I will let you know.
getochkn said:
I get INSTALL_FAILED_INVALID_URI when trying to install on a Fire HD 8 2017 with 5.6.2 is it blocked in 5.6.2
Click to expand...
Click to collapse
I tried to link to the path /sdcard/Download/com.blabla.apk and it installed no problem.
I still cant properly hide the apps tho. All apps I try get hidden from the launcher but still exist and are active according to the settings/apps.
However, the apps cannot be run by any means...so this may work afterall.
Rollercoaster this one.
Edit: Vesion 5.6.2.0 install date: 11.07.2018
I'll post an update on the OTA check, if no automatic check is done!
You have to reinstall the apk every time you reboot, before you try the "run-as" command:
Code:
adb install -r -d .\com.amazon.unifiedsharefacebook.apk
I didn't have to rename the apk.
Yes, the apps still show up in the Settings and don't show as disabled in there, but the apps don't show in the launcher and can't be run, which is really what I'm looking for.
Badass post, Supersonic27543. You keep killin it!