Hello,
Could someone having access to a rooted Zenfone 6 do me a favour by dumping a partition on their device?
As root, execute the following commands:
Code:
# dump the sec partition to /data/local/tmp/sec.img
# it might be in /dev/block/platform/soc/<something>/by-name/
dd if=/dev/block/by-name/sec of=/data/local/tmp/sec.img
chmod 755 /data/local/tmp/sec.img
Then use ADB to retrieve the file from your device:
Code:
adb pull /data/local/tmp/sec.img
There is no personal data in this partition. It is either empty, or what's in it is the same for all devices.
Thanks a lot for the help!
Related
This phone is kinda diehard. Thanks to dirtycow and free time, now I have root on this phone. But only shell root access.
Code:
255|[email protected]:/ # id
uid=0(root) gid=0(root) groups=1003(graphics),1004(input),1007(log),1009(mount),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats) context=u:r:runas:s0
[email protected]:/ # mount -o remount,rw /system
mount: Operation not permitted
There are custom bootloaders, is there a way install them directly from the phone? All the info I got is fancy app/gui. There is no hardcore docs on how to gain the full root access or flash the bootloader.
I have access to the /cache partition. I also have access to the /cache/delta/boot_delta.bin (looks like it is encrypted), I can reboot to the recovery menu and pass commands into /cache/recovery/command
I can use dd to dump whole flash (read access works). But dd doesn't work with /dev/block/ devices on write (it works without problems, but when you check actual content - it appeared to be unmodified at all). Is it a common write protection or something?
Also there is a FOTA partition. How can I determine which reboot command should I send to reboot to the fota recovery?
A few days ago, I flashed a zip onto my phone that set SELinux to permissive. However, there was a problem: it deleted logd, which is essential to adb logcat. Considering I'm an Android developer, that isn't a good thing! It took me a bit to figure out how to get it back, so I'm making this guide to share with you guys to help whatever poor soul has to fix this next.
Note that these steps were designed with Linux in mind, though they might be adaptable to Cygwin/OSX with some effort.
Also, make sure you delete any SELinux permissive scripts from init.d/su.d first!
Prerequisites
The OTA or custom rom zip that your device is currently running
adb
simg2img (available in the Ubuntu software repositories)
sdat2img (available here)
Instructions
Put your OTA/custom ROM zip file in a new folder and unzip it (this example is using the Pure Nexus ZIP):
Code:
mkdir restore_logd
cp pure_nexus_hammerhead-7.0-20161025-HOMEMADE.zip restore_logd
cd restore_logd
unzip pure_nexus_hammerhead-7.0-20161025-HOMEMADE.zip
Now, look for a file named either system.new.dat or system.img.
If you have system.img, then run:
Code:
simg2img system.img system.raw.img
If you have system.new.dat AND system.transfer.list, instead run:
Code:
sdat2img.py system.transfer.list system.new.dat system.raw.img
Either way, you should now have a file named system.raw.img. Next, mount it:
Code:
mkdir system_mnt
sudo mount -t ext4 -o loop system.raw.img system_mnt
This will mount the system image onto the system_mnt folder.
Plug in your device to your computer and make sure USB debugging is enabled, then run:
Code:
adb push system_mnt/bin/logd /sdcard/logd
adb shell
You should now be in a shell connected to your device. Inside, run:
Code:
su
mount -o rw,remount /system
cp /sdcard/logd /system/bin/logd
chmod 755 /system/bin/logd
exit
This will install the logd binary and close the shell.
This next part is very important! Making sure you closed the adb shell and are still inside the directory you created, run:
Code:
ls -Z system_mnt/bin/logd
If the output looks like this:
Code:
? system_mnt/bin/logd
then you have nothing else to do. Otherwise, it might look a bit like this:
Code:
u:object_r:logd_exec:s0 system_mnt/bin/logd
Copy part before the path; in this case, it's:
Code:
u:object_r:logd_exec:s0
Then, run:
Code:
adb shell su root chcon permission /system/bin/logd
replacing permission with the string you copied.
Now you can unplug and restart your device; logd should now be fully working!
Last but not least, run:
Code:
sudo fusermount -u system_mnt
to unmount the system image from your computer.
Enjoy!
Execute command failed while replacing permission
Code:
adb shell su root chcon permission /system/bin/logd
u:object_r:logd_exec:s0
/system/bin/sh: <stdin>[1]: u:object_r:logd_exec:s0: not found
I have tried following command on ADB to extract partition, but failed.
source:fciotti.com/2017/02/26/clone-android-memory
Code:
chmod +r /dev/block/mmcblk0
returns
Code:
Bad mode
Code:
adb pull /dev/block/mmcblk0 "mmc.img"
returns
Code:
remote permission denied
I have post a question on stack exchange, and found a command working but failed after dumping 4gb on sdcard (not directly to pc) because of file system.
source:android.stackexchange.com/questions/185433/problem-with-coping-mmcblk0-to-pc?noredirect=1#
Code:
adb exec-out "su -c 'cat /dev/block/mmcblk0'" > mmc.img
but it create a 0kb img file.
Please anyone help.
Hello,
Could someone having access to a rooted Zenfone 4 Pro do me a favour by dumping a partition on their device?
As root, execute the following commands:
Code:
# dump the sec partition to /data/local/tmp/sec.img
# it might be in /dev/block/platform/soc/<something>/by-name/
dd if=/dev/block/by-name/sec of=/data/local/tmp/sec.img
chmod 755 /data/local/tmp/sec.img
Then use ADB to retrieve the file from your device:
Code:
adb pull /data/local/tmp/sec.img
There is no personal data in this partition. It is either empty, or what's in it is the same for all devices.
Thanks a lot for the help!
You still need this?
ROM: LineageOS 18.1, Recovery: LineageOS 18.1 recovery
I messed up and put my build.prop in an invalid state. I got the default build.prop from the rom zip,rebooted the phone to recovery (lineageos 18.1 recovery), mounted the system partition on /mnt/system, and tried to write build.prop to default via adb shell and then cat >/mnt/system/system/build.prop and writing whatever stuff I want. However, even after remounting as rw, I get the following error message:
Code:
cat: xwrite: No space left on device
The same thing happens if I just edit on my PC and do adb push
Code:
$ adb push build.prop /mnt/system/system/build.prop
build.prop: 1 file pushed, 0 skipped. 89.9 MB/s (2662 bytes in 0.000s)
adb: error: failed to copy 'build.prop' to '/mnt/system/system/build.prop': remote write failed: No space left on device
Now what does this even mean?? There is 3.1M free space, as confirmed by df -h. I really searched I cannot find anything on this. Any help would be really appreciated!
---
I can confirm it is mounted as rw by checking this line in /proc/mounts
Code:
/dev/block/dm-0 /mnt/system ext4 rw,seclabel,relatime 0 0
adb remount also fails with
/system/bin/sh: remount: inaccessible or not found
I'm at my wit's end, any guidance here? I feel this should really not be this difficult! I just want to rewrite build.prop from adb/recovery!
---
It might have something to do with overlayfs, as seen here https://android.googlesource.com/platform/system/core/+/master/fs_mgr/README.overlayfs.md. However adb remount merely says /system/bin/sh: remount: inaccessible or not found! How should I get this to work?
---
Finally: maybe I could just try to flash a zip containing only the build.prop via adb sideload? Will adb sideload wipe anything (e.g. system) or just overwrite the files which are present in the zip?
---
Just ended up flashing again. It worked without deleting apps or data