[HOWTO] Unlock TF700T in 2020 - Asus Transformer TF700

UPDATE: Asus has updated the servers. Older protocols for HTTPS, which are required for older Android versions, are no longer supported. Unfortunately, some additional steps are needed for the unlock now. See this post for step by step instructions.
I recently got my hands on a Asus TF700T with a locked boot loader. The official unlock app did not work, so I took a closer look. What I found is that the Asus servers are still up and running, but connection fails due to certificate pinning. And that can be dealt with
So here are the instructions:
The device must be rooted. KingoRoot (the app) worked for me.
Download the unlock bundle from the link below. I didn't find a way to directly attach files here.
Copy both apks to /system/app, change the permission to 0644
For this, a remount of the system partition may be needed:
mount -o remount,rw -t ext4 /dev/block/mmcblk0p1 /system
DMClient.apk replaces the original DMClient.apk and DMClient.odex (i.e. you have to rename/move/delete the .odex file)
The modified unlock app cannot be installed like any other and must be installed that way
Reboot the device. On startup Android shows that one app is optimized (that's DMClient). The unlock app is now installed.
Use the unlock app. Google account does not matter.
Watch logcat to get some more information on what the unlock app does. On success the device immediately reboots, so redirect adb logcat to a file if you want to keep the log.
I only tested on a TF700T with WW SKU, V10.6.1.14.10. I assume that other firmware versions work as well.
The unlock app for TF700T also supports TF201, TF300T, TF300TG, and TF300TL, but a modified DMClient is needed.
In case something goes wrong and your device gets stuck at the boot screen, this advice may be helpful:
Bricked my Asus TF300T? Manual JB update
First, my device failed to get the OTA Update because I deleted some system apps (see my original post). Then I found this post where another user restored original APKs in /system/apps and manage...
android.stackexchange.com
(thanks @DieAbrissbirne)
Download links
Unlock app and DMClient for TF700T
https://leo.pfweb.eu/dl/OaKdx
Spoiler: Successfully used on
WW_epad-10.6.1.14.10
JOP40D.US_epad-10.6.1.14.10-20130801
DMClient for TF300T
https://leo.pfweb.eu/dl/vUHnp
DMClient for TF300TG
https://leo.pfweb.eu/dl/xphHy
DMClient for TF201
https://leo.pfweb.eu/dl/pKvEA
Spoiler: Successfully used on
WW_epad_10.4.2.17
---------------------------------------------------------------------
Unlock app and DMClient for TF701T
https://leo.pfweb.eu/dl/2AcpB
DMClient for ME301T (also seems to work for ME302KL)
https://leo.pfweb.eu/dl/uiJPN

Dealing with this same issue, but can't get your method to work... Do I need to already have the v7 unlock tool installed before this? And do I just remove the DMClient.odex file from /system/app since there is only the replacement file for DMClient.apk?
Any help is appreciated!

You don't need the original unlock app. I recommend uninstalling it. DMClient.odex is not needed, you can rename or delete it. I don't know what happens if you keep it as is.
At which point does it fail?
Is the unlock app installed after restart? If not, check the permissions of both files. It must be 644 (-rw-r--r--).
If you can start the modified unlock app: Do you get an error message? Is there anything relevant in logcat (search for "unlock")? Is the internet connection ok?

Code:
-rw-r--r-- root root 442064 2020-09-02 22:19 UnLock_App_V7_update.apk
Removed both DMClient.apk and .odex and don't have any original unlock apps installed. But I don't have the modified unlock app installed after restart.

Which firmware version do you have?
The permissions look good. Basically all apks in /system/app should have the same owner and permissions.
If I understand correctly, you have removed the original DMClient.apk and DMClient.odex and copied the modified one from the download. Is the permission correct?
If permissions are ok, it's hard to say, what is wrong. I would suggest to rename UnLock_App_V7_update.apk to something else (maybe unlock.apk) and reboot the device. This forces a reinstall. Best would be if you could watch logcat during startup. The log will tell you why the installation fails.
Edit: Are you sure, the app is not installed? Depending on the locale it may not be literally translated as "unlock app". The icon is a gear with a lock.

JOP40D.US_epad-10.6.1.14.10-20130801
Code:
W/ActivityManager( 524): No content provider found for permission revoke: file:///data/local/tmp/UnLock_App_V7_update.apk
W/ActivityManager( 524): No content provider found for permission revoke: file:///data/local/tmp/UnLock_App_V7_update.apk
I/PackageManager( 524): Copying native libraries to /data/app-lib/vmdl1192069982
W/PackageParser( 524): Exception reading classes.dex in /data/app/vmdl1192069982.tmp
W/PackageParser( 524): java.lang.SecurityException: META-INF/MANIFEST.MF has invalid digest for classes.dex in /data/app/vmdl1192069982.tmp
W/PackageParser( 524): at java.util.jar.JarVerifier.invalidDigest(JarVerifier.java:131)
W/PackageParser( 524): at java.util.jar.JarVerifier.access$100(JarVerifier.java:53)
W/PackageParser( 524): at java.util.jar.JarVerifier$VerifierEntry.verify(JarVerifier.java:123)
W/PackageParser( 524): at java.util.jar.JarFile$JarFileInputStream.read(JarFile.java:119)
W/PackageParser( 524): at java.io.BufferedInputStream.read(BufferedInputStream.java:304)
W/PackageParser( 524): at android.content.pm.PackageParser.loadCertificates(PackageParser.java:447)
W/PackageParser( 524): at android.content.pm.PackageParser.collectCertificates(PackageParser.java:634)
W/PackageParser( 524): at com.android.server.pm.PackageManagerService.installPackageLI(PackageManagerService.java:7959)
W/PackageParser( 524): at com.android.server.pm.PackageManagerService.access$1900(PackageManagerService.java:180)
W/PackageParser( 524): at com.android.server.pm.PackageManagerService$5.run(PackageManagerService.java:6108)
W/PackageParser( 524): at android.os.Handler.handleCallback(Handler.java:725)
W/PackageParser( 524): at android.os.Handler.dispatchMessage(Handler.java:92)
W/PackageParser( 524): at android.os.Looper.loop(Looper.java:137)
W/PackageParser( 524): at android.os.HandlerThread.run(HandlerThread.java:60)
E/PackageParser( 524): Package com.asus.unlock has no certificates at entry classes.dex; ignoring!
Does this SO post make sense as the issue? stackoverflow DOT com/questions/44386464/android-app-installation-failed-package-com-my-app-has-no-certificates-at-entry

That's interesting. The app isn't signed at all, that's why "normal install" does not work. But as system app things worked for me and there was no error.
Besides rooting the device I had unlocked developer options and allowed install from unknown sources. But I wouldn't expect these to make any difference.
Is there anything about DMClient in the log? The same applies here. It would be strange if it works for one and not for the other.

Got it to work. After digging a bit deeper into the logs I think it was confused because I had already installed and uninstalled the original unlock tool. It was complaining about the unlock package already existing, etc.
So, I just went all the way back to a factory reset to remove everything and then did your original steps and it worked. I was watching logcat and it didn't say anything about the unlock package for the time it worked too btw. I guess uninstalling the original and restarting wasn't enough to truly get rid of it enough without a factory reset.
Thanks for your help and effort to put this together!

Great! Do you mean, there was no output from the unlock app at all? There should have been some information starting with
Code:
/****Unlock
. However, it does not persist reboot, so you have to watch live or redirect to a file.

I was watching it live and did a find on the output for 'unlock' once it restarted and didn't see anything but I suppose I could have missed it.

It's only a couple of lines so indeed easy to miss. Thanks for the feedback :good:

d.l.i.w said:
It's only a couple of lines so indeed easy to miss. Thanks for the feedback :good:
Click to expand...
Click to collapse
Didn't work for me, unfotunatly . I still get message - "Failed to unlock your device, please try again later".
Device: TF300TG.
FW: WW_epad-10.4.3.9-20121106
Android: 4.1.1
Tried to reset to factory settings. Didn't help either.
Please, tell me - can I use V7 apk with Android 4.2 / 4.2.1 or i need patched version of Unlock_V8.apk ?
I/*** Unlock: request( 2000): h t t p s: //mdm.asus.com/DMServer/DeviceState?id=XXXXXXXXXXXX&AUTH=YYYYYYYYYYYYYYY&ACTION=get
D/dalvikvm( 2000): GC_CONCURRENT freed 269K, 5% free 6796K/7111K, paused 16ms+20ms, total 86ms
D/DMServerUnlock( 2000): index of line: 1
D/DMServerUnlock( 2000): DM Server Response: 0
W/GoogleVerify( 2000): no google account
I/UnLockActivity( 2000): no Google account and pin code
Click to expand...
Click to collapse
Of course, I changed variable values in request URL.

iserver said:
Device: TF300TG
Click to expand...
Click to collapse
Obviously DMClient is specific to each device model. So, the modified DMClient is not compatible with devices other than TF700T.
Is the original firmware for the TF300TG available somewhere? If so, I might be able to create a modified DMClient also for this model, but I can't promise anything.

So I am fairly early into this root / unlock of my new tf700t.
I rooted / unlocked my old tf300t at least 8 years ago now.
I recently dusted it off and immediately after getting 7.1.2 installed on it and having it set up just right, stepped on it by accident.
So I bought a tf700t and have been trying to root it for a whole day with out success....
I have successfully upgraded the boot loader from 10.4.4.25 to WW 10.6.1.14.8 and gotten Motochopper to root.
Can you go over the tools and method you used to put the two files from the package into the system/apps folder with he new permissions?
When I try and move the files my go-to rooted file explorer (Ghost commander) refuses to change the permissions or move the files.
Is it possible that GhostCommander and TotalCommander simply don't work with the motochopper version of rooting? or am I missing something more fundamental?
I get that given the age of the tablet I will not be able to unlock with the normal v7 unlocker and b/c Asus are bastards.
What a Deus-ex it was to find a post from only a few weeks ago on the topic.
I love XDA.

Down0038 said:
Can you go over the tools and method you used to put the two files from the package into the system/apps folder with he new permissions?
When I try and move the files my go-to rooted file explorer (Ghost commander) refuses to change the permissions or move the files.
Is it possible that GhostCommander and TotalCommander simply don't work with the motochopper version of rooting? or am I missing something more fundamental?
I get that given the age of the tablet I will not be able to unlock with the normal v7 unlocker and b/c Asus are bastards.
Click to expand...
Click to collapse
Total Commander worked for me just fine. It asked if the system partition should be mounted writable and then copied the files. The same with setting permissions.
I used KingoRoot, because Motochopper does not work on the latest firmware, but this shouldn't make any difference. You could try to copy the files via adb shell.
I was quite surprised that the Asus servers are still running and functional. The only issue is that the original unlock app does not trust the new server certificates.

"the device is unlocked"

Thanks for this work! Dusted off an old TF700T, but I'm unable to unlock, with the following logs (grepped for unlock):
Code:
I/ActivityManager( 520): START u0 {act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10200000 cmp=com.asus.unlock/.EulaActivity} from pid 835
I/ActivityManager( 520): Start proc com.asus.unlock for activity com.asus.unlock/.EulaActivity: pid=1715 uid=1000 gids={41000, 3003, 1015, 1028, 3002, 3001, 1006, 3007}
I/ActivityManager( 520): START u0 {cmp=com.asus.unlock/.UnLockActivity} from pid 1715
D/DMServerUnlock( 1715): get DMServer Response retry count = 3
I/*** Unlock: md5 input( 1715): 50465d2a5837unknown8bf0d93b7649a513c736f4016495a5ec5b2ab8a0dm_servernEEd_query_STATe
I/*** Unlock: request( 1715): [url]https://mdm.asus.com/DMServer/DeviceState?id=50465d2a5837&AUTH=OsYXBMvoh62t24Ukl025Lw&ACTION=get[/url]
D/DMServerUnlock( 1715): index of line: 3
D/DMServerUnlock( 1715): DM Server Response: 105
I/ActivityManager( 520): START u0 {act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] flg=0x10200000 cmp=com.asus.unlock/.EulaActivity} from pid 835
I/UnLockActivity( 1715): ============= UnLockActivity onStart =======================
I/UnLockActivity( 1715): ============= UnLockActivity onResume =======================
D/DMServerUnlock( 1715): get DMServer Response retry count = 3
I/*** Unlock: md5 input( 1715): 50465d2a5837unknown8bf0d93b7649a513c736f4016495a5ec5b2ab8a0dm_servernEEd_query_STATe
I/*** Unlock: request( 1715): [url]https://mdm.asus.com/DMServer/DeviceState?id=50465d2a5837&AUTH=OsYXBMvoh62t24Ukl025Lw&ACTION=get[/url]
D/DMServerUnlock( 1715): index of line: 3
D/DMServerUnlock( 1715): DM Server Response: 105
D/DMServerUnlock( 1715): get DMServer Response retry count = 3
I/*** Unlock: md5 input( 1715): 50465d2a5837unknown8bf0d93b7649a513c736f4016495a5ec5b2ab8a0dm_servernEEd_query_STATe
I/*** Unlock: request( 1715): [url]https://mdm.asus.com/DMServer/DeviceState?id=50465d2a5837&AUTH=OsYXBMvoh62t24Ukl025Lw&ACTION=get[/url]
D/DMServerUnlock( 1715): index of line: 3
D/DMServerUnlock( 1715): DM Server Response: 105
I fear I have one of those TF700's that doesn't have a valid serial number, so it can't unlock?

For me unlock worked, although the Asus website did not recognize the serial number when I tried to register my device.
I don't know what the response 105 means, but this does not necessarily mean an error. It could be that the modified DMClient was not installed correctly.
Which firmware version do you have? Did you do a factory reset before?

d.l.i.w said:
For me unlock worked, although the Asus website did not recognize the serial number when I tried to register my device.
I don't know what the response 105 means, but this does not necessarily mean an error. It could be that the modified DMClient was not installed correctly.
Which firmware version do you have? Did you do a factory reset before?
Click to expand...
Click to collapse
Yes, I factory reset before installing. I had rooted with Kingo Root / Superuser, but had to root via ADB, because I couldn't download and run the apk directly on the tablet after the factory reset. I did allow it to install all the associated root utilities/apps. I used a console/terminal app called "Material Terminal" (by Yaroslav Shevchuk) installed by the play store to su, mv the DMClient and Unlock_App_v7 apk files to /system/app and chmod 0644 them... every reboot shows it "Optimizing the app".
I have Android v 4.2.1 Kernel version 3.1.10-gb1a9af5 dated Aug 1 2013
I'll probably try doing another factory reset, root, and install again just to be sure.

Does someone have a correct version of Kingoroot apk that does work for ICS tf700t please :fingers-crossed:? I tried all i've found it doesnt work
EDIT: Found it
The tutorials works!!! Thank you very much ))
TF700T 4.2.1 - 10.6.1.14.10-20130801

Related

Exploiting Android systems locally (without a computer)

A call to ROM modders:
As you all know, there is a known method for exploiting Android devices and gain root privilges within the application itself without the use of a computer. This is a major security risk as any application can gain root and control the device without the users' knowledge.
To make your ROM/MOD protected, make sure you replace the adbd binary in your initramfs using the latest adbd from google sources. Thats it.
More details can be found here: www.androidsec.net
galaxys
Hi. I got galaxy s with voodoo kernel 5.3 but after install app close. Any idea?
Thanks
Also force close.
I installed the immunizer.apk from your website, but get a FC when trying to start it.
Galaxy S
Speedmod Kernel (all partitions ext4)
FC here as well.
Samsung Captivate running Perception 10.2/Firebird2-v05 #54.
I'd appreciate if you can look at the logcat to watch for any error.
By next week I should be able to test Immunizer on some more Android devices so I hope to be able to debug most of the problems. I'll post updates soon.
Fails to do anything:
Code:
W/ActivityManager( 3008): Process ProcessRecord{4879e6906820:androidsec.net/10159} failed to attach
*NOTE: Running KA7 voodoo injected kernel and KA7 modem on a Vibrant.
I installed v1.1 from the site.
Isn't this the same exploit used in Visionary? To get Temp Root access on the G2 and MyTouch 4G and such
if we were to be watching logcat, what should be looking for?
Version 1.3 starts without FC. If I press immunize and then press yes when it asks whether it should immunize and reboot, it waits for about 10 seconds, then I get a black screen, and finally it returns to the app list and nothing happened (if I reboot manually and start immunizer it still says the system is vulnerable).
dasunsrule32 said:
Fails to do anything:
Code:
W/ActivityManager( 3008): Process ProcessRecord{4879e6906820:androidsec.net/10159} failed to attach
*NOTE: Running KA7 voodoo injected kernel and KA7 modem on a Vibrant.
I installed v1.1 from the site.
Click to expand...
Click to collapse
kasper_h said:
Version 1.3 starts without FC. If I press immunize and then press yes when it asks whether it should immunize and reboot, it waits for about 10 seconds, then I get a black screen, and finally it returns to the app list and nothing happened (if I reboot manually and start immunizer it still says the system is vulnerable).
Click to expand...
Click to collapse
Same issue...
kasper_h said:
Version 1.3 starts without FC. If I press immunize and then press yes when it asks whether it should immunize and reboot, it waits for about 10 seconds, then I get a black screen, and finally it returns to the app list and nothing happened (if I reboot manually and start immunizer it still says the system is vulnerable).
Click to expand...
Click to collapse
Same here... :\
Please try latest version (1.4) and post results.
Also, if Immunizer failes, please provide output of the following commands (using 'adb shell' or similar):
Code:
ls -l /sbin/adbd
getprop ro.build.version.release
getprop ro.build.version.sdk
1.4 caused system to FC on reboot. Thank god for CWM advanced restore.
I'm not near a computer I can use to pull logs, sorry.
Thanks for your efforts, but I'm done with this project until it's stable.
Sent from my SGH-I897 using XDA App
I installed 1.4 over voodoo 5.3 kernel. I run it then ask me for aplly and reboot. I select apply and reboot and freeze on this screen. As soom as possible i'll paste adb logcat.
Regards
Sent from my Galaxy S. Darkyy Rom xxjpy with voodoo 5.3 (supercurio), voodoo app, bln!!!
Immunizer 1.4 -web- (galaxy i9000 +voodoo 5.03)
Code:
getprop ro.build.version.release 2.2.1
getprop ro.build.version.sdk 8
(Start & freeze after applying)
Code:
Start proc androidsec.net:remote for broadcast androidsec.net/.ExploitedAlarmReceiver: pid=8699 uid=10155 gids={3003, 1015}
I/Zygote ( 8699): Zygote: pid 8699 has INTERNET permission, then set capability for CAP_NET_RAW
D/dalvikvm( 8699): Trying to load lib /data/data/androidsec.net/lib/libandroidterm.so 0x489224e8
D/dalvikvm( 8699): Added shared lib /data/data/androidsec.net/lib/libandroidterm.so 0x489224e8
I/Exec ( 8699): JNI_OnLoad
I/ActivityManager( 2943): No longer want com.android.settings (pid 7028): hidden #16
D/dalvikvm( 2943): GC_FOR_MALLOC freed 29465 objects / 1138576 bytes in 358ms
D/dalvikvm( 2943): GC_FOR_MALLOC freed 43742 objects / 1823120 bytes in 218ms
D/dalvikvm( 6970): GC_EXPLICIT freed 4946 objects / 398088 bytes in 374ms
D/NativeCrypto( 6970): Freeing OpenSSL session
D/NativeCrypto( 6970): Freeing OpenSSL session
after apply
Code:
ls -l /sbin/adbd
lrwxrwxrwx root root 2011-01-27 23:35 adbd -> ../voodoo/root/sbin/adb
I'll be following this thread with great interest. Greetings. Dan
very interesting

[Tutorial] How To Logcat

Here's how to use logcat:
There are two main ways to do a logcat, within android, and through adb.
Logcat within android can be done one of two ways, through a Logcat app:
Here are two good examples are either: aLogcat or Catlog
I prefer catlog, because in my opinion it has a little bit nicer UI. Both of these programs can dump their logs to a txt file, which is very useful for debugging. Or, you can do it in terminal emulator (same rules as running through adb(see below))
From Moscow Desire:
Moscow Desire said:
Just a little more info when doing logcat.
Remember, Logcat will run till you end the session. And it won't always create the file till you do so. It's possible you may not see the logfile for a minute or so.
Edit: For phones/tablets with internal storage & external sd:
(note that the location naming convention may be different depending on device)
Open your terminal app;
Type: logcat > /sdcard/logcat.txt (this should create it in internal memory on the tablet)
To send to ext sd card: logcat > /mnt/external_sd/logcat.txt
I use a tablet for example Phones may have a different naming convention.
MD
Click to expand...
Click to collapse
On the other hand, using adb to run logcat, in my opinion is much more useful, because you can start using it when android boots (i.e. once the boot animation appears.)
The code for logcat to output to a file is
Code:
adb logcat > name of problem.txt
you can also do
Code:
adb logcat -f name of problem.txt
how I prefer to do it is this way:
Code:
adb logcat -v long > name of problem.txt
with the -v flag & the long argument, it changes output to long style, which means every line of logcat will be on its own line (makes it a little neater, imo)
Note: When outputting to a file, you will see a newline, but nothing printed, this is normal. To stop logcat from writting to a file, you need to press ctrl+c.
Here's where using logcat (via adb makes life really easy)
Lets say you find a problem you're having after looking at a logcat.
For example:
When I was trying to use a different ramdisk, wifi wouldn't work so I got a logcat that's almost 1300 lines long (a lot of stuff happens in the background)
So if you are searching for an error in the logcat file (it's always e/ for error, f/ for fatal. Those are the two main things that will break a system.)
Code:
D/dalvikvm( 871): GC_CONCURRENT freed 472K, 6% free 10224K/10823K, paused 1ms+6ms
V/AmazonAppstore.DiskInspectorServiceImpl( 871): Available blocks: 21981, Block size: 4096, Free: 90034176, Threshold: 5242880, withinThreshold? true
D/AmazonAppstore.UpdateService( 871): Received action: null from intent: Intent { cmp=com.amazon.venezia/com.amazon.mas.client.framework.UpdateService }
W/AmazonAppstore.UpdateService( 871): Confused about why I'm running with this intent action: null from intent: Intent { cmp=com.amazon.venezia/com.amazon.mas.client.framework.UpdateService }
D/dalvikvm( 890): GC_CONCURRENT freed 175K, 4% free 9375K/9671K, paused 2ms+3ms
V/AmazonAppstore.ReferenceCounter( 871): Reference (MASLoggerDB) count has gone to 0. Closing referenced object.
E/WifiStateMachine( 203): Failed to reload STA firmware java.lang.IllegalStateException: Error communicating to native daemon
V/AmazonAppstore.UpdateService( 871): runUpdateCommand doInBackground started.
V/AmazonAppstore.UpdateService( 871): Running UpdateCommand: digitalLocker
V/AmazonAppstore.UpdateCommand( 871): Not updating key: digitalLocker from: 1334228488057
V/AmazonAppstore.UpdateService( 871): Finished UpdateCommand: digitalLocker
V/AmazonAppstore.UpdateService( 871): Running UpdateCommand: serviceConfig
V/AmazonAppstore.MASLoggerDB( 871): performLogMetric: Metric logged: ResponseTimeMetric [fullName=com.amazon.venezia.VeneziaApplication_onCreate, build=release-2.3, date=Wed Apr 11 13:10:55 CDT 2012, count=1, value=1601.0]
V/AmazonAppstore.MASLoggerDB( 871): onBackgroundTaskSucceeded: Metric logged: ResponseTimeMetric [fullName=com.amazon.venezia.VeneziaApplication_onCreate, build=release-2.3, date=Wed Apr 11 13:10:55 CDT 2012, count=1, value=1601.0]
W/CommandListener( 118): Failed to retrieve HW addr for eth0 (No such device)
D/CommandListener( 118): Setting iface cfg
D/NetworkManagementService( 203): rsp
D/NetworkManagementService( 203): flags
E/WifiStateMachine( 203): Unable to change interface settings: java.lang.IllegalStateException: Unable to communicate with native daemon to interface setcfg - com.android.server.NativeDaemonConnectorException: Cmd {interface setcfg eth0 0.0.0.0 0 [down]} failed with code 400 : {Failed to set address (No such device)}
W/PackageParser( 203): Unknown element under : supports-screen at /mnt/asec/com.android.aldiko-1/pkg.apk Binary XML file line #16
D/wpa_supplicant( 930): wpa_supplicant v0.8.x
D/wpa_supplicant( 930): random: Trying to read entropy from /dev/random
D/wpa_supplicant( 930): Initializing interface 'eth0' conf '/data/misc/wifi/wpa_supplicant.conf' driver 'wext' ctrl_interface 'N/A' bridge 'N/A'
D/wpa_supplicant( 930): Configuration file '/data/misc/wifi/wpa_supplicant.conf' -> '/data/misc/wifi/wpa_supplicant.conf'
D/wpa_supplicant( 930): Reading configuration file '/data/misc/wifi/wpa_supplicant.conf'
D/wpa_supplicant( 930): ctrl_interface='eth0'
D/wpa_supplicant( 930): update_config=1
D/wpa_supplicant( 930): Line: 4 - start of a new network block
D/wpa_supplicant( 930): key_mgmt: 0x4
(mind you, that's 29 lines out of 1300ish, just for example)
I then could do the following with logcat:
Code:
adb logcat WifiStateMachine:E *:S -v long > name of problem.txt
and this will only print out any errors associated with WifiStateMachine, and anything which is fatal, which makes it about a million times easier to figure out what's going on!
In WifiStateMachine:E, the :E = to look for Errors, the full list of options is as follows:
V — Verbose (lowest priority)
D — Debug
I — Info (default priority)
W — Warning
E — Error
F — Fatal
S — Silent (highest priority, on which nothing is ever printed)
You can replace the :E with any other letter from above to get more info.
In order to filter out anything other than what you are looking for (in this case, WifiStateMachine) you must put a *:S after your last command (i.e. WifiStateMachine:E ThemeChoose:V ... ... AndroidRuntime:E *:S)
Sources: http://developer.android.com/tools/help/logcat.html
http://developer.android.com/tools/help/adb.html
Update for windows users:
Thank go to FuzzyMeep Two, Here's what he's posted for windows
FuzzyMeep Two said:
I have made a tool to simplify this for people. I will send you the .bat version, to see the validity of the file, and post the .exe for everyone else.
http://logcat-tool.googlecode.com/files/logcatHELPER.exe
I made this in about a half hour, so if you fnd any issues let me know. I believe i worked out all functionality issues, and do plan on expanding functionality in the future.
Click to expand...
Click to collapse
(If you used his tool, here's his post, thank him for his work!)
Very nicely done, now i have something i can refer people to
Perfect tutorial. Well done. ... I'll translate your tutorial into my language to share it other people.
pRo_lama said:
Perfect tutorial. Well done. ... I'll translate your tutorial into my language to share it other people.
Click to expand...
Click to collapse
Thank you! And thanks for taking your time to translate it!
If you need me to clarify anything shoot me a PM, and I'll help! (Same goes for anybody else interested in porting to their language)
Pax
Very nice, but I do have a question (and I started programming for Android recently): What do you do when the system reboots while debugging (in my case musb_hdrc.ko)? I tried catlog, but the logs are empty... Is there another way to do that?
Thank you in advance
Krain said:
Very nice, but I do have a question (and I started programming for Android recently): What do you do when the system reboots while debugging (in my case musb_hdrc.ko)? I tried catlog, but the logs are empty... Is there another way to do that?
Thank you in advance
Click to expand...
Click to collapse
Use adb instead of an in-android method to capture the logs, you can start when the boot animation starts (note: Not when the kernel splash screen appears) and when it reboots, it'll automatically end. (i.e. run the following in command prompt:
Code:
adb logcat *:E > oh_nos_it_crashed.txt
)
If you're not getting to the boot animation (keeps cycling on the Kernel splash screen) then you have kernel issues, and you need a kernel that has integrated last_kmsg (a whole different ball of wax that I'm still learning about) to figure out what's going on. (kmesg's are direct kernel output)
Maybe if someone like AdamOutler (or any other Dev who has a much better handle on them than myself) were to explain them, it'd help
Pax
Hey man regarding your guide .
I was testing a built of cm9 from my htc one v and it wasnt booting so the dev told me to do a logcat for it .
Just wondering what the process and commands would be?
Thanks.
Just a little more info when doing logcat.
Remember, Logcat will run till you end the session. And it won't always create the file till you do so. It's possible you may not see the logfile for a minute or so.
But what if you can't connect ADB to your device? You can do this
(note that the location naming convention may be different depending on device)
Open your terminal app;
Type: logcat > /sdcard/logcat.txt (this should create it in internal memory on the tablet)
To send to ext sd card: logcat > /mnt/external_sd/logcat.txt
I use a tablet for example Phones may have a different naming convention.
Nice definition of the display terminology
MD
tranceph0rmer said:
Hey man regarding your guide .
I was testing a built of cm9 from my htc one v and it wasnt booting so the dev told me to do a logcat for it .
Just wondering what the process and commands would be?
Thanks.
Click to expand...
Click to collapse
What you'll wanna do is run the following,
Code:
adb logcat *:E > crash.txt
And look at the output file specifically for lines that say 0x0deadbaad (if you see that, that means there's a problem with the Java libraries it references above it) otherwise look for other F/ lines, that'll point you in the right direction.
If you're having issues where and is not accessible for to buy having USB debugging turned off because of doing a /data wipe (factory data reset) first install a similar Rom (in your case, a prior, stable CM9, boot into it, turn on usb debugging, reboot into recovery & only write /cache & dalvik cache before installing the offending Rom & getting your logcat (sorry if I rambled, just got done working a double )
Pax
Sent from my R800x using Tapatalk 2
Moscow Desire said:
Just a little more info when doing logcat.
Remember, Logcat will run till you end the session. And it won't always create the file till you do so. It's possible you may not see the logfile for a minute or so.
But what if you can't connect ADB to your device? You can do this
(note that the location naming convention may be different depending on device)
Open your terminal app;
Type: logcat > /sdcard/logcat.txt (this should create it in internal memory on the tablet)
To send to ext sd card: logcat > /mnt/external_sd/logcat.txt
I use a tablet for example Phones may have a different naming convention.
Nice definition of the display terminology
MD
Click to expand...
Click to collapse
Thanks, MD!
The problem is when you can't access terminal (bootloops, fc'ing like it's going out of style, etc.) that adb is really useful. Sometimes to trick the system into working, you can (esp with AOSP based roms) install a same version of android (I.e. 4.0.4) & not wipe /data (after turning on usb debugging) & still have an access (I learned this after spending about 2-3 months crack flashing my own builds & getting tired of titanium restoring all my apps)
Pax
Sent from my R800x using Tapatalk 2
Great guide, thanks! Found it through the portal. I just added to my sig so maybe it will help stop some of those questions.
paxChristos said:
What you'll wanna do is run the following,
Code:
adb logcat *:E > crash.txt
And look at the output file specifically for lines that say 0x0deadbaad (if you see that, that means there's a problem with the Java libraries it references above it) otherwise look for other F/ lines, that'll point you in the right direction.
If you're having issues where and is not accessible for to buy having USB debugging turned off because of doing a /data wipe (factory data reset) first install a similar Rom (in your case, a prior, stable CM9, boot into it, turn on usb debugging, reboot into recovery & only write /cache & dalvik cache before installing the offending Rom & getting your logcat (sorry if I rambled, just got done working a double )
Pax
Sent from my R800x using Tapatalk 2
Click to expand...
Click to collapse
Thanks for the info.
Will do that the next time i get stuck at the boot animation
can anyone tell me how to clear / reset logcat?
Thanks in advance
riteshbendre said:
can anyone tell me how to clear / reset logcat?
Thanks in advance
Click to expand...
Click to collapse
Why would you want to do that?
To my knowledge, the only way logcat is reset is if you reboot your phone.
That's why filtering your results is very helpful, because no matter how long it's been running, you can get the info that you want without extraneous information
Pax
Thanks for the clarifications
Man thank you so much for the awesome guide!
Now I can actually filter out my logcat results instead of searching through the entire log.
Sent using Tapatalk
Helpful Tool
paxChristos said:
Here's how to use logcat.....
Click to expand...
Click to collapse
I have made a tool to simplify this for people. I will send you the .bat version, to see the validity of the file, and post the .exe for everyone else.
FIXED HUGE ISSUE CAUSING EMPTY FILES
DOWNLOAD
PM or post here if you run into any issues. They WILL be addressed.
I have made a tool to simplify Logcat creation for people. The creation of this tool was inspired, and guided, by the thread started HERE by paxChristos.
UPDATE 4.1
Corrected an issue causing empty files.
apparently, if the process id contained a space ( 1234) the file would parse correctly, but if the numbers came up to the parenthesis (12345) it would output an empty file named ACTIVITY(12345) with no extension.
This was a huge issue, and i apologize for not seeing it sooner. It has been corrected, and the logcat tool works better than ever. I just ran through a 20,000 line logcat without any empty files appearing.
a couple more things to help with stability.
Underscores (_) will be replaced by dashes (-)
Brackets ([]) and arrows (<>) will be replaced with paranthesis(())
-------------------------------------------------------------------------------------------------------------
HUGE UPDATE
Added the ability to "SUPER PARSE" Files, which separates files into folders by log level and creates a TXT file for each activity
Super parse DOES NOT Work with LONG format Logs.
SUPER PARSE is in its infancy I do expect errors, please let me know if you run into anything.
OLD STUFF
EDIT V3.6 DONE
Added ability to filter logcats by activity name. (logcat -s "FILTER")
Fixed Log Level Setting
EDIT V3.5 DONE
NOW PROPERLY PARSES "LONG" FORMAT LOGCATS.
Thank you to Senior Member jes0411 for pointing out the issues that lead me to create V3.4 and 3.5. If any of you have an issue please let me know. It could be hours before i get to it or weeks, but i will get to fixing it.
EDIT V3.4 DONE
Changed the way the date variable was handled to hopefully fix issues experienced by users of non-English versions of windows.
EDIT V3.3 DONE
EDIT V 3.2 Finished
Google code won't allow any new uploads, so i uploaded the new update to XDA in a ZIP file.
Fixed ADB Location settings, some users were having trouble if they input the ADB folder with any quotation marks in the path name, it will now automatically remove quotation marks to ensure correct syntax.
Fixed issue with ADB Location setting not exiting to previous menu.
Fixed issue with Log Level setting not exiting to previous menu.
Capitalized some stuff
Added a feature that will automatically create the selected folder if no output folder exists and the user attempts to run a log.
Added a check when selecting an output folder that will ask if you want the folder created if it does not exist
EDIT V3.1 DONE
FIXED OPTIONS 7 & 8, URLS WERE MISSING A "?"
CHANGELOG EDITS
SAVES AND PARSES FILES IN TO DIFFERENT OUPUT FILES BASED ON LOG LEVEL (E , I , D , W , ETC)
LOGCAT TOOL v1.1 by FuzzyMeep TWO
I made this in about a half hour, so if you fnd any issues let me know. I believe i worked out all functionality issues, and do plan on expanding functionality in the future.
reposted HERE
Edit: source here.
Batch Source
EDIT: UPDATED TO V1.1
added the framework to add filtering to your logcat, it is in the exe, but not utilized yet (still bugy). i have also worked out a few minor bugs in this release.
Very nice tut. Will try
thanks a ton for the in depth guide. I was always fairly confused on how to approach this, so now I'll have something to refer to in order to help all of the awesome devs here.
mcmb03 said:
thanks a ton for the in depth guide. I was always fairly confused on how to approach this, so now I'll have something to refer to in order to help all of the awesome devs here.
Click to expand...
Click to collapse
+1

[Q] Rooting with OSX

Im Looking to root my Verizon GS3. only catch is im using OSX, OSX doesn't seem to be highly supported in the android realm. I found a thread on androidcentral about 'mac-root-tool-s3-casual-verizon-s3'
so my question is since that thread seems a bit dead, is will this work with build, VRALHE?
(For Mac/Linux/*Windows) How to install Adam Outler's Casual for Rooting/Unlocking Bootloader/CWM recovery
*This method does not work for VRBLI5/J1/K1 JellyBean
* I have successfully installed and ran Casual on Windows 7, but I recomend Windows users refer to section 1 of my guide
*More Information on Casual can be found HERE
Step 1: Download and install these files to your pc:
Samsung driver- http://tinyw.in/Fdoz
Adam Outler's Casual- http://d-h.st/ypJ
Java JDK-http://www.oracle.com/technetwork/java/javase/downloads/jdk-7u4-downloads-1591156.html(Should only be needed for windows users)
Step 2: On your device, Make sure USB Debugging(settings/developer options/usb debugging) and Install of Unknown Sources(settings/security/unknown source) is checked.(Also, make sure there are no other android devices, emulators, or any tethering programs running!!).
Step 3: Open the Casual file you downloaded in step1. you should here a voice say "casual", then the program should open.
Step 4: While fully booted up into android, connect the pc to the device using the oem usb cable. Casual should come up in green letters saying "device connected".
Step 5: Congrats, you are now ready to flash away.
Step 6: If you are not currently rooted, then flash DebugFSroot first, DO IT!
Step 7: Next flash unsecure aboot to unlock bootloader, DO IT!
Step 8: Finally flash ClockWork Mod Recovery(it should be version cwm 6.0.1), DO IT!
It works!
Everything works fine! i was able to root, i used EZ-unlock from the play store instead, but i was able to Load CM10 successfully onto it.
Thanks!
I wish I saw this post earlier
Replacement Phone
So are we sure that Casual still works for the "VRALHE" update? I just got a replacement phone today that ran this version and I'm not having any luck. I ran Casual on my phone when it first came out without a hitch. This time around it just gets stuck on: "Copying Su:" any ideas?
Edit: After a couple of restarts I made it past that stage and I'm faced with an error at the end...
"tep 1 - Setup...
Copying files:
Copying su:1147 KB/s (380532 bytes in 0.323s)
Copying debugfs:987 KB/s (1862336 bytes in 1.841s)
Copying debugfsinput:44 KB/s (144 bytes in 0.003s)
...done copying files.
Linking /system to tmp...
...done linking /system
Rebooting...
Step 2 - Rooting...* daemon not running. starting it now on port 5037 *
* daemon started successfully *
debugfs 1.42 (29-Nov-2011)
debugfs: debugfs: rm: File not found by ext2_lookup while trying to resolve filename
debugfs: debugfs: debugfs:
debugfs: Allocated inode: 2144
debugfs: debugfs: debugfs: debugfs:
Cleaning up...
Restoring tmp...
...done restoring tmp
Removing files...protocol failureerror: device not found
done. "
sspediacci said:
So are we sure that Casual still works for the "VRALHE" update? I just got a replacement phone today that ran this version and I'm not having any luck. I ran Casual on my phone when it first came out without a hitch. This time around it just gets stuck on: "Copying Su:" any ideas?
Edit: After a couple of restarts I made it past that stage and I'm faced with an error at the end...
"tep 1 - Setup...
Copying files:
Copying su:1147 KB/s (380532 bytes in 0.323s)
Copying debugfs:987 KB/s (1862336 bytes in 1.841s)
Copying debugfsinput:44 KB/s (144 bytes in 0.003s)
...done copying files.
Linking /system to tmp...
...done linking /system
Rebooting...
Step 2 - Rooting...* daemon not running. starting it now on port 5037 *
* daemon started successfully *
debugfs 1.42 (29-Nov-2011)
debugfs: debugfs: rm: File not found by ext2_lookup while trying to resolve filename
debugfs: debugfs: debugfs:
debugfs: Allocated inode: 2144
debugfs: debugfs: debugfs: debugfs:
Cleaning up...
Restoring tmp...
...done restoring tmp
Removing files...protocol failureerror: device not found
done. "
Click to expand...
Click to collapse
I don't know why this worked or why I thought of it, but I installed Samsung Kies and restarted my computer just for ****s and giggles. After that it rooted, flashed the unsecure bootloader, and flash CWM without a hitch.
droidstyle said:
(For Mac/Linux/*Windows) How to install Adam Outler's Casual for Rooting/Unlocking Bootloader/CWM recovery
*This method does not work for VRBLI5/J1/K1 JellyBean
* I have successfully installed and ran Casual on Windows 7, but I recomend Windows users refer to section 1 of my guide
*More Information on Casual can be found HERE
Step 1: Download and install these files to your pc:
Samsung driver- http://tinyw.in/Fdoz
Adam Outler's Casual- http://d-h.st/ypJ
Java JDK-http://www.oracle.com/technetwork/java/javase/downloads/jdk-7u4-downloads-1591156.html(Should only be needed for windows users)
Step 2: On your device, Make sure USB Debugging(settings/developer options/usb debugging) and Install of Unknown Sources(settings/security/unknown source) is checked.(Also, make sure there are no other android devices, emulators, or any tethering programs running!!).
Step 3: Open the Casual file you downloaded in step1. you should here a voice say "casual", then the program should open.
Step 4: While fully booted up into android, connect the pc to the device using the oem usb cable. Casual should come up in green letters saying "device connected".
Step 5: Congrats, you are now ready to flash away.
Step 6: If you are not currently rooted, then flash DebugFSroot first, DO IT!
Step 7: Next flash unsecure aboot to unlock bootloader, DO IT!
Step 8: Finally flash ClockWork Mod Recovery(it should be version cwm 6.0.1), DO IT!
Click to expand...
Click to collapse
when i download first link it downloads a windows file that doesnt open on mac
i know old thread but if some one can point me into the direction of a new thread or answers for a mac that would be great
You don't need the drivers for Mac. I think you will have to downgrade your software to stock ICS in order to root with your Mac using Casuals.
HHF2 said:
You don't need the drivers for Mac. I think you will have to downgrade your software to stock ICS in order to root with your Mac using Casuals.
Click to expand...
Click to collapse
And is there a download for that? You'll have to excuse my ignorance, I haven't had an android phone since the htc evo was out. I have been on iPhone. But trying to maybe go back to android with s3
I *THINK* that Casual works for the verizon galaxy sIII again... anybody try it yet?

IKeyStore Force Closes

I had the 4.4.4 CarbonRom flashed and decided to try out the new 5.X.
Without updating my bootloader ( It was 4109 I think) I clean wiped my phone and flashed the euphoria rom. I was unable to open the Security Settings menu or uninstall any app. I posted the logcat from the 5.1 rom in the euphoria thread.
Since I was on the old bootloader I updated to the 4118 versione without a problem but I still couldnt open Security or uninstall any app. I tried other roms such as the AOSP 5.1, but it still wasn't working. So I tried going back to the stock 4.4.4 rom but I'm still having the same problems. The logcat from the 4.4.4 stock is attached. I've also tried the 5.1 stock rom, same result.
Any idea on how to fix this?
Ok I managed to fix this by searching for another string I found in the logcat, specifically :
Code:
E/QSEECOMAPI: ( 6008): Error::Cannot open the file /vendor/firmware/keymaster/keymaster.mdt
E/QSEECOMAPI: ( 6008): Error::Cannot open the file /firmware/image/keymaste.mdt
I'm reposting the solution and the relevant logcat lines for any poor soul that has the same problem in the future:
Code:
E/AndroidRuntime(19798): java.lang.RuntimeException: Unable to resume activity {com.android.settings/com.android.settings.SubSettings}: java.lang.NullPointerException: Attempt to invoke interface method 'int android.security.IKeystoreService.is_hardware_backed(java.lang.String)' on a null object reference
E/AndroidRuntime(20411): java.lang.RuntimeException: Unable to start activity ComponentInfo{com.android.settings/com.android.settings.SubSettings}: java.lang.NullPointerException: Attempt to invoke interface method 'int android.security.IKeystoreService.zero()' on a null object reference
E/AndroidRuntime(25642): java.lang.NullPointerException: Attempt to invoke interface method 'int android.security.IKeystoreService.clear_uid(long)' on a null object reference
I found the solution in this thread. You have to copy the keymaster files I attached in the zip into the /firmware/image/ folder after mounting the /firmware with read write permissions. Be sure to chmod 644 all the files too.

Cannot install downloaded apk

Hello,
I downloaded an apk (yalp store) from the browser app and just cannot install it (I included screenshots). Even after redownloading it from the phone or computer then saving in the micro sd for the phone, it doesn't work.
This happens to all apks in both external (micro sd card) and internal storage.
So I fired up the logcat and found this shortly after tapping install.
Code:
6-21 20:48:51.234 1704 1718 W : Unable to open '/storage/emulated/0/Download/com.github.yeriomin.yalpstore_42.apk': Permission denied
06-21 20:48:51.234 1704 1718 W zipro : Error opening archive /storage/emulated/0/Download/com.github.yeriomin.yalpstore_42.apk: I/O Error
06-21 20:48:51.234 1704 1718 D asset : failed to open Zip archive '/storage/emulated/0/Download/com.github.yeriomin.yalpstore_42.apk'
06-21 20:48:51.236 1704 1718 W DefContainer: Failed to parse package at /storage/emulated/0/Download/com.github.yeriomin.yalpstore_42.apk: android.content.pm.PackageParser$PackageParserException: Failed to parse /storage/emulated/0/Download/com.github.yeriomin.yalpstore_42.apk
06-21 20:48:51.241 591 655 I art : Starting a blocking GC Explicit
I can install apks through the play store and
Code:
adb install
but not through a root shell with
Code:
pm install
I'm in android 6.0.1 with everything wiped out and micro sdcard is not plugged-in.
If it could help, I am currently bringing up Android Marshmallow on my device so it's possible to modify some source code and init files.
Any ideas how to install the apk from the phone?
So, the new permissions can be found on frameworks/base/data/etc/platform.xml.
Okay, it's now solved. The permission denied thingy is because of that. Since the platform.xml in the build is from the official android 4.4 kitkat build, the permission is not there yet. Manually adding the permissions made it work, well... for me I have to do a factory reset first.
One thing more, the platform.xml seems that it needs to be in unix line endings.

Categories

Resources