Hello,
I'm trying to make /system to ext4 image and boot up
I found that in system/extras/ext4_utils/mkuserimg.sh, the command is
make_ext4fs -s -l $SIZE -a $LABEL $OUTPUT_FILE $SRC_DIR
the out image with option "-s" cannot be mounted when bootup
but without the "-s" option, image can be mounted successful
I checked the image diff, the image with "-s" add crc header and spare format, so it definitly cannot be mounted directly , right ?
My question is : what the option "-s" used for ? Am I need this option in my experiment ?
Thanks
As far as i know -s = silent mode "no shell lines displayed during execution"
GchildT said:
As far as i know -s = silent mode "no shell lines displayed during execution"
Click to expand...
Click to collapse
Appriciate your reply
But, are you sure?... the option '-s' indeed pased as 'spare' in source code, and the out image cannot be mounted...
-s is sparse
you need to use the simg2img tool
This is what we do at work (TI)
From: omappedia.org/wiki/Using_EMMC_on_OMAP4_devices
./simg2img system.img system.img.raw
mkdir tmp
sudo mount -t ext4 -o loop system.img.raw tmp/
<<change stuff>>
sudo ./make_ext4fs -s -l 512M -a system system.img.new tmp/
sudo umount tmp
rm -rf tmp
Hope this helps
/chris
PS: The forum won't let me link the URL above
ufgeek said:
-s is sparse
you need to use the simg2img tool
This is what we do at work (TI)
From: omappedia.org/wiki/Using_EMMC_on_OMAP4_devices
./simg2img system.img system.img.raw
mkdir tmp
sudo mount -t ext4 -o loop system.img.raw tmp/
<<change stuff>>
sudo ./make_ext4fs -s -l 512M -a system system.img.new tmp/
sudo umount tmp
rm -rf tmp
Hope this helps
/chris
PS: The forum won't let me link the URL above
Click to expand...
Click to collapse
If you don't mind me asking,
What does simg2img do exactly? and what would be the potential risk if not using -s option?
steeldusk said:
If you don't mind me asking,
What does simg2img do exactly? and what would be the potential risk if not using -s option?
Click to expand...
Click to collapse
I figured it out. simg2img is just a bin file to strip sparsed image and make non-sparsed image, and not using -s just build system without any header. so as long as you can burn image to a right partition, you don't need -s option
make_ext4fs -s -l command
This is how i make my ext4 images. I did not got to test on real device my self yet.
Im building my images from cm source btw. This is the command i use to build recovery: make -j4 recoveryimage
After i build a image i run the make_ext4fs command.(userdata.img and system.img seem to be ext4 build by default for me)
make_ext4fs -s -l 1073741824 -a data out/target/product/m805_892x/userdata.img out/target/product/m805_892x/data
make_ext4fs -s -l 10485760 -a data out/target/product/m805_892x/boot.img out/target/product/m805_892x/data
make_ext4fs -s -l 10485760 -a data out/target/product/m805_892x/recovery.img out/target/product/m805_892x/data
make_ext4fs -s -l 314572800 -a data out/target/product/m805_892x/system.img out/target/product/m805_892x/data
gives:
Creating filesystem with parameters:
Size: 314572800
Block size: 4096
Blocks per group: 32768
Inodes per group: 6400
Inode size: 256
Journal blocks: 1200
Label:
Blocks: 76800
Block groups: 3
Reserved block group size: 23
Created filesystem with 911/19200 inodes and 31635/76800 blocks
Install system fs image: out/target/product/m805_892x/system.img
out/target/product/m805_892x/system.img+out/target/product/m805_892x/obj/PACKAGING/recovery_patch_intermediates/recovery_from_boot.p total size is 126213892
[email protected]:~/ICS$
I my BoardConfig i have this:
BOARD_BOOTIMAGE_PARTITION_SIZE := 10485760
BOARD_RECOVERYIMAGE_PARTITION_SIZE := 10485760
BOARD_SYSTEMIMAGE_PARTITION_SIZE := 314572800
BOARD_USERDATAIMAGE_PARTITION_SIZE := 1073741824
(Google for: build android from source if you dont get what im doing..)
The sizes need to be in bytes it seems.
DD dump you´re partitions and you see the amount of bytes.
Just edding some nice info to a old post
what of for a 128mb phone
ufgeek said:
-s is sparse
you need to use the simg2img tool
This is what we do at work (TI)
From: omappedia.org/wiki/Using_EMMC_on_OMAP4_devices
./simg2img system.img system.img.raw
mkdir tmp
sudo mount -t ext4 -o loop system.img.raw tmp/
<<change stuff>>
sudo ./make_ext4fs -s -l 512M -a system system.img.new tmp/
sudo umount tmp
rm -rf tmp
Hope this helps
/chris
PS: The forum won't let me link the URL above
Click to expand...
Click to collapse
my phone refuses to flash the image and i think its because of its size 145mb. how do i create a system.img for a 12mb internal memory phone
$ make_ext4fs
Expected filename after options
make_ext4fs [ -l <len> ] [ -j <journal size> ] [ -b <block_size> ]
[ -g <blocks per group> ] [ -i <inodes> ] [ -I <inode size> ]
[ -L <label> ] [ -f ] [ -a <android mountpoint> ]
[ -S file_contexts ]
[ -z | -s ] [ -t ] [ -w ] [ -c ] [ -J ]
<filename> [<directory>]
All is very simply
-s sparse (cut empty bytes)
-l len (size image)
Dear all,
I almost managed to root my A1 810... But I need advice to effectively achieve it.
Here are the main steps I followed :
Under linux (Ubuntu 14.04) (These are not detailed instructions, only the main steps. I will post a detailed step by step once finalized)
Code:
- From PC : upload busybox binary file to the tablet
- From Tablet : install "ExDialer & Contacts"
- From Tablet : initiate engineer mode (Dial *#*#3646633#*#* from ExDialer)
- From Tablet : initiate telnetd (run command from MTKlogger from within ExDialer)
- From PC : initiate a shell on tablet with adb
- From the shell : initiate a telnet local connection to tablet
- From the telnet session find out the position of the Android partition (cat /proc/dumchar_info)
- From the telnet session dump the android partition to a gzip file (dd if=/dev/block/mmcblk0 bs=4096 skip=17664 count=262144 | gzip > /data/local/tmp/system.img.gz)
- From PC : download the system image
- From PC : mount the system image on a loop device
- From PC : copy a su binary file to /system/bin ()within the mounted system image)
- From PC : set the correct permissions to the su executable (sudo chmod 06755 su) => it's here that you really getting the root permission
- From PC : unmount image
- From PC : upload the upaded image to the tablet (adb push)
- From the telnet session copy the updated system image to the android partition (zcat /data/local/tmp/system.img.gz | dd of=/dev/block/mmcblk0 bs=4096 seek=17664 count=262144) (Take care that's the dangerous part !!!!)
- Restart the tablet.
I didn't brick my tablet ... But it is not effectively rooted either
I checked from the terminal emulator that "su" has the correct properties :
ls -l su
-rwsr-sr-x root shell 311872 2014-08-15 23:16 su
But when I try something like :
su
ls /data
I get : opendir failed. Permission denied.
Obviously, I am not root...
Any idea ?
You can root with:
POOT: This app is a one click root app. No computer needed
Framaroot: Framaroot is a oneclick root app . No computer needed
This is the most popular one!
Z4Root: Z4Root is an oneclick root app . No computer needed
Towelroot: Towelroot is an oneclick root app. No computer needed
Baidu: No information
Vroot: No information
Gingerbreak: This app can root almost all gingerbread devices
Downloads:
Poot - Download the app >>here<<
Framaroot - Download the app inside this XDA Thread - >> CLICK HERE <<
Z4ROOT - Download the app inside this XDA Thread - >> CLICK HERE <<
Towelroot - Download the app inside this XDA Thread - >> CLICK HERE <<
Baidu ROOT - Download the app >> HERE <<
vROOT - Download the app >> HERE <<
Gingerbreak - Download the app inside this XDA Thread - >> CLICK HERE <<
Flash a SU ZIP - Download the ZIP >> HERE << and flash it on your unlocked bootloader phone !
Hit thanks if you liked this post or this post has helped you out !<br/>
Sent through my Galaxy Note using Tapatalk 4
Bink Feed: Thank you for trying.
There are many people trying to root this tablet since KitKat OTA has been issued... without any success.
Most or all the tools you listed have already been tested, again, without any success.
(see [ToolKit] Acer Iconia v0.8.3)
Since KitKat, the [ToolKit] Acer Iconia v0.8.3 does not work anymore. The main reason is that the "run command" used in engineering mode disappeared.
Yesterday, I found it again : it is now in the parameters from MTKLogger (!)
With that finding, I now have access to the guts of the android system.
I need help from the community to understand what I is missing :
Based on the rooting guide Acer Iconia B1 A71 Root written by entonjackson (many thanks to him)
I managed to extract a valid system image (dd if=/dev/block/mmcblk0 ... | gzip > system.img.gz)
I mounted that image (mount -o loop system.img /media/iconia)
I changed the permission of /system/xbin/su (chmod 06755 su)
I wrote back the system image to the tablet android partition (zcat system.img.gz | dd of=/dev/block/mmcblk0 ...)
et voilà !
... the only remaining problem is that I did not gain root access, even if su has now the correct properties (-rwsr-sr-x root root)
Anybody can tell me what else should I change in the android system image ?
Answering to myself...
##STANDARD DISCLAIMER => No responsibility, blah, blah, ...##
With KitKat, it is also necessary to have a running "su daemon".
A solution is to create a "install-recovery.sh" file in /system/etc. This script is executed at each boot.
Detailed step by step:
Files: (remove [grr] from ht[grr]tp)
busybox binary, for example from ht[grr]tp://busybox.net/downloads/binaries/latest/busybox-armv7l (to be renamed to busybox)
su binary, Superuser.apk and install-recovery.sh to be extracted from ht[grr]tp://download.clockworkmod.com/superuser/superuser.zipOperating system:
Any decent Linux distribution (I'm on Ubuntu since years)1/ copy busybox binary to the tablet
[email protected]:~$ adb push busybox /data/local/tmp/
[email protected]:~$ adb shell
[email protected]:/ $ chmod 755 /data/local/tmp/busybox2/ start a telnet daemon on the tablet
install "ExDialer - Dialer & Contacts" on the tablet
Initiate engineering mode: dial *#*#ENGMODE#*#*
Go to the "Log and Debugging" tab
Launch MTKLogger
Go to the settings
Select "Run Command"
Type: /data/local/tmp/busybox telnetd -l /system/bin/sh -p 1234
Press ok. Now a telnet daemon should be running on the tablet with some kind of privileges.3/ connect to the tablet (adb shell + telnet):
[email protected]:~$ adb shell
[email protected]:/ $ /data/local/tmp/busybox telnet 127.0.0.1 12344/ Find out the start address and size of the System partition
[email protected]:/ $ cat /proc/dumchar_info
Code:
Part_Name Size StartAddr Type MapTo
preloader 0x0000000000c00000 0x0000000000000000 2 /dev/misc-sd
mbr 0x0000000000080000 0x0000000000000000 2 /dev/block/mmcblk0
ebr1 0x0000000000080000 0x0000000000080000 2 /dev/block/mmcblk0p1
pmt 0x0000000000400000 0x0000000000100000 2 /dev/block/mmcblk0
pro_info 0x0000000000300000 0x0000000000500000 2 /dev/block/mmcblk0
nvram 0x0000000000500000 0x0000000000800000 2 /dev/block/mmcblk0
protect_f 0x0000000000a00000 0x0000000000d00000 2 /dev/block/mmcblk0p2
protect_s 0x0000000000a00000 0x0000000001700000 2 /dev/block/mmcblk0p3
seccfg 0x0000000000020000 0x0000000002100000 2 /dev/block/mmcblk0
uboot 0x0000000000060000 0x0000000002120000 2 /dev/block/mmcblk0
bootimg 0x0000000000600000 0x0000000002180000 2 /dev/block/mmcblk0
recovery 0x0000000000a00000 0x0000000002780000 2 /dev/block/mmcblk0
sec_ro 0x0000000000600000 0x0000000003180000 2 /dev/block/mmcblk0p4
misc 0x0000000000080000 0x0000000003780000 2 /dev/block/mmcblk0
logo 0x0000000000300000 0x0000000003800000 2 /dev/block/mmcblk0
expdb 0x0000000000a00000 0x0000000003b00000 2 /dev/block/mmcblk0
android 0x0000000040000000 0x0000000004500000 2 /dev/block/mmcblk0p5
cache 0x000000002bc00000 0x0000000044500000 2 /dev/block/mmcblk0p6
usrdata 0x0000000332020000 0x0000000070100000 2 /dev/block/mmcblk0p7
bmtpool 0x0000000000000000 0x00000000ff3f00a8 2 /dev/block/mmcblk0
Part_Name:Partition name you should open;
Size:size of partition
StartAddr:Start Address of partition;
Type:Type of partition(MTD=1,EMMC=2)
MapTo:actual device you operate
Look at the line "android". Convert the associated start address and the size in number of 4096 blocks. Considering the values above, I obtained: start adress = 17664x4096, size = 262144x4096.5/ dump the content of the android partition (it's there that the su binary will go)
[email protected]:/ $ dd if=/dev/block/mmcblk0 bs=4096 skip=17664 count=262144 | /data/local/tmp/busybox gzip > /data/local/tmp/system.img.gz6/ copy that file to the PC and make a copy (who knows... it may be useful)
[email protected]:~$ adb pull /data/local/tmp/system.img.gz
[email protected]:~$ cp system.img.gz system.img.untouched.gz7/ mount that file (change "user" to your current user name in the following instructions)
[email protected]:~$ mkdir /home/user/Iconia_system
[email protected]:~$ gunzip system.img.gz
[email protected]:~$ sudo mount -o loop system.img /home/user/Iconia_system8/ make some change to the android file system (removing old su binary, backing up old install-recovery.sh, installing new su, new install-recovery.sh):
[email protected]:~$ sudo rm -f /home/user/Iconia_system/bin/su
[email protected]:~$ sudo rm -f home/user/Iconia_system/xbin/su
[email protected]:~$ sudo rm -f /system/app/Superuser.*
[email protected]:~$ sudo rm -f /system/app/Supersu.*
[email protected]:~$ sudo rm -f /system/app/superuser.*
[email protected]:~$ sudo rm -f /system/app/supersu.*
[email protected]:~$ sudo rm -f /system/app/SuperUser.*
[email protected]:~$ sudo rm -f /system/app/SuperSU.*
[email protected]:~$ sudo cp /home/user/Iconia_system/etc/install-recovery.sh /home/user/Iconia_system/etc/install-recovery.sh.bak
[email protected]:~$ sudo cp su /home/user/Iconia_system/xbin/su
[email protected]:~$ sudo chown root.root /home/user/Iconia_system/xbin/su
[email protected]:~$ sudo chmod 6755 /home/user/Iconia_system/xbin/su
[email protected]:~$ sudo ln -s /system/xbin/su /home/user/Iconia_system/bin/su
[email protected]:~$ sudo cp Superuser.apk /home/user/Iconia_system/app
[email protected]:~$ sudo chmod 644 /home/user/Iconia_system/app/Superuser.apk
[email protected]:~$ sudo cp install-recovery.sh /home/user/Iconia_system/etc/install-recovery.sh
[email protected]:~$ sudo chmod 755 /home/user/Iconia_system/etc/install-recovery.sh9 remove some bloatware (optional)
[email protected]:~$ sudo rm /home/user/Iconia_system/app/e.g. PlusOne.apk
[email protected]:~$ sudo rm /home/user/Iconia_system/priv-app/e.g. AccuWeather.apk10/ unmount the android file system
[email protected]:~$ sudo umount /home/user/Iconia_system11/ compress the file
[email protected]:~$ gzip system.img12/ push it back to the tablet
[email protected]:~$ adb push system.img.gz /data/local/tmp/13/ connect to the tablet and "burn" the modified file system (be patient, will take up to 10 minutes)
[email protected]:~$ adb shell
[email protected]:/ $ /data/local/tmp/busybox telnet 127.0.0.1 1234
[email protected]:/ $ /data/local/tmp/busybox zcat /data/local/tmp/system.img.gz | dd of=/dev/block/mmcblk0 bs=4096 seek=17664 count=262144
[email protected]:/ $ exit
[email protected]:/ $ exit14/ restart the tablet
Huge Thanx, works for me too Great work
Edit: Mhh, OK, The system boots with "preinstalled" Superuser, but if i try to give some apps root permission, there is no root popup from superuser, and no root. Can you Plesse upload your system.img.gz to test it with that?
Maybe it works With the SuperSu Binarys...
I confirm it works with superuser.apk from clockworkmod.
SuperSU seems a little bit more tricky to install if you don't have direct rw access to /system.
Did you copy the install-recovery.sh script into /system/etc and set the correct rights (755) ?
Maybe you need to clean some cache ?
Do you have another supersuser app (or binary) installed ?
The "su" command from adb shell works ?
I am uploading my system.img.gz (be careful, it is for Acer_AV0K0_A1-810_RV0BRC01_WW_GEN1) (2 hours left)
Optimissimus99 said:
Huge Thanx, works for me too Great work
Edit: Mhh, OK, The system boots with "preinstalled" Superuser, but if i try to give some apps root permission, there is no root popup from superuser, and no root. Can you Plesse upload your system.img.gz to test it with that?
Maybe it works With the SuperSu Binarys...
Click to expand...
Click to collapse
Bruno25 said:
I confirm it works with superuser.apk from clockworkmod.
SuperSU seems a little bit more tricky to install if you don't have direct rw access to /system.
Did you copy the install-recovery.sh script into /system/etc and set the correct rights (755) ?
Maybe you need to clean some cache ?
Do you have another supersuser app (or binary) installed ?
The "su" command from adb shell works ?
I am uploading my system.img.gz (be careful, it is for Acer_AV0K0_A1-810_RV0BRC01_WW_GEN1) (2 hours left)
Click to expand...
Click to collapse
Im getting the same problems as @Optimissimus99.
install-recovery has the right perms, using superuser from cwm, su in adb shell works, but i cant remount /system
Code:
[email protected] ~/iconia $ adb shell
[email protected]:/ $ su
[email protected]:/ # mount -o rw,remount /system
mount: Operation not permitted
fREAST0 said:
Im getting the same problems as @Optimissimus99.
install-recovery has the right perms, using superuser from cwm, su in adb shell works, but i cant remount /system
Code:
[email protected] ~/iconia $ adb shell
[email protected]:/ $ su
[email protected]:/ # mount -o rw,remount /system
mount: Operation not permitted
Click to expand...
Click to collapse
I think it is not the same problem: I also cannot remount /system rw. It seems to be a new security level introduced with KitKat on the A1-810.
I am still looking for a solution.
A potential solution is to change the content default.prop in boot.img.
Code:
#
# ADDITIONAL_DEFAULT_PROPERTIES
#
ro.secure=1
ro.allow.mock.location=0
persist.mtk.aee.aed=on
ro.debuggable=0
ro.adb.secure=1
persist.sys.usb.config=mtp
persist.service.acm.enable=0
ro.mount.fs=EXT4
ro.persist.partition.support=no
I read that ro.secure=1 should be change to ro.secure=0 and ro.debuggable=0 to ro.debuggable=1
But for that, boot.img has to be dumped, splitted (kernel + ramdisk), ramdisk has to be "uncpio", changed, "cpio", merged back with the kernel and write back to the tablet.
The standard tools (abootimg, unpack-bootimg.pl, ...) cannot split correctly boot.img (they look for a gzip magic number preceded by some zeros... But in that case, the gzip magic numbers are preceded by FFs...).
Moreover, the boot.img (dumped directly from the tablet since it is not available from Acer web site) has 3 ramdisks, which is really unusual !
I am a little bit scared to brick my tablet...
Bruno25 said:
I think it is not the same problem: I also cannot remount /system rw. It seems to be a new security level introduced with KitKat on the A1-810.
I am still looking for a solution.
A potential solution is to change the content default.prop in boot.img.
Code:
#
# ADDITIONAL_DEFAULT_PROPERTIES
#
ro.secure=1
ro.allow.mock.location=0
persist.mtk.aee.aed=on
ro.debuggable=0
ro.adb.secure=1
persist.sys.usb.config=mtp
persist.service.acm.enable=0
ro.mount.fs=EXT4
ro.persist.partition.support=no
I read that ro.secure=1 should be change to ro.secure=0 and ro.debuggable=0 to ro.debuggable=1
But for that, boot.img has to be dumped, splitted (kernel + ramdisk), ramdisk has to be "uncpio", changed, "cpio", merged back with the kernel and write back to the tablet.
The standard tools (abootimg, unpack-bootimg.pl, ...) cannot split correctly boot.img (they look for a gzip magic number preceded by some zeros... But in that case, the gzip magic numbers are preceded by FFs...).
Moreover, the boot.img (dumped directly from the tablet since it is not available from Acer web site) has 3 ramdisks, which is really unusual !
I am a little bit scared to brick my tablet...
Click to expand...
Click to collapse
That sounds like a probable cause for the system partition.
Anyway i got root working (still no system R/W), using files and the binaries from http://download.chainfire.eu/supersu with a modified script (update-binary form that zip, which is used in recovery) to work while the system.img is mounted.
sudo mkdir /home/user/iconia
cd /home/user/iconia/
sudo mkdir system
wget http://download.chainfire.eu/452/SuperSU/UPDATE-SuperSU-v2.02.zip?retrieve_file=1
unzip UPD[...] -d supersu
wget http://fs1.d-h.st/download/00138/WBX/update-binary
sudo chmod u+x update-binary
sudo mount -o loop system.img system
sudo ./update-binary
sudo umount system
gzip system.img and so on
Click to expand...
Click to collapse
fREAST0 said:
That sounds like a probable cause for the system partition.
Anyway i got root working (still no system R/W), using files and the binaries from http://download.chainfire.eu/supersu with a modified script (update-binary form that zip, which is used in recovery) to work while the system.img is mounted.
Click to expand...
Click to collapse
Thank you fo the tip ! I didn't ever think to use the update-binary script offline !
Bruno25 said:
I confirm it works with superuser.apk from clockworkmod.
SuperSU seems a little bit more tricky to install if you don't have direct rw access to /system.
Did you copy the install-recovery.sh script into /system/etc and set the correct rights (755) ?
Maybe you need to clean some cache ?
Do you have another supersuser app (or binary) installed ?
The "su" command from adb shell works ?
I am uploading my system.img.gz (be careful, it is for Acer_AV0K0_A1-810_RV0BRC01_WW_GEN1) (2 hours left)
Click to expand...
Click to collapse
Upload finished (remove [grr] from ht[grr]tp) => ht[grr]tp://mq3dk1y9c3.mesfichiers.org/
fREAST0 said:
Im getting the same problems as @Optimissimus99.
install-recovery has the right perms, using superuser from cwm, su in adb shell works, but i cant remount /system
Code:
[email protected] ~/iconia $ adb shell
[email protected]:/ $ su
[email protected]:/ # mount -o rw,remount /system
mount: Operation not permitted
Click to expand...
Click to collapse
In A1-810, you need this command to remount /system:
Code:
mount -o remount,rw /system /system/
twu2 said:
In A1-810, you need this command to remount /system:
Code:
mount -o remount,rw /system /system/
Click to expand...
Click to collapse
@twu: are you sure the special mount is still used in the A1-810 using KK? I thought it was only a JB special, but you could be right...
I will play with the rooting method of this thread as soon as my A1-810 is on KK...
twu2 said:
In A1-810, you need this command to remount /system:
Code:
mount -o remount,rw /system /system/
Click to expand...
Click to collapse
No joy
Code:
[email protected]:/ # mount -o remount,rw /system /system/
mount: permission denied (are you root?)
By the way, I noticed that my mount command is weird :
Code:
[email protected]:/ # which mount
/system/bin/mount
[email protected]:/ # ls -l /system/bin/mount
lrwxrwxrwx root root 2013-08-23 12:51 mount -> wrapper.sh
Content of wrapper.sh :
Code:
#!/system/bin/sh
CMD=`basename $0`
ARG="$*"
NEWARG="-o remount,rw /system /system/"
LArg=$(eval echo \$$#)
case "$CMD" in
"busybox")
if [ $1 == "mount" ] && (([ $2 == "-o" ] && ([ $3 == "rw,remount" ] || [ $3 == "remount,rw" ])) || [ $2 == "-oremount,rw" ] || [ $2 == "-oremount,rw" ]); then
if [ $LArg == "/system" ] || [ $LArg == "/system/" ]; then
/system/xbin/.mount_wrapper/mount $NEWARG
# return $?
return 0
fi
fi
/system/xbin/busybox $ARG
# return $?
return 0
;;
"mount")
if ([ $1 == "-o" ] && ([ $2 == "rw,remount" ] || [ $2 == "remount,rw" ])) || [ $1 == "-oremount,rw" ] || [ $1 == "-orw,remount" ]; then
if [ $LArg == "/system" ] || [ $LArg == "/system/" ]; then
/system/xbin/.mount_wrapper/mount $NEWARG
# return $?
return 0
fi
fi
/system/bin/toolbox mount $ARG
# return $?
return 0
;;
esac
exit 0
It may come from a previous JB busybox installation (?)
If I force the use of toolbox :
Code:
[email protected]:/ # toolbox mount -o remount,rw /system /system/
mount: Operation not permitted
Am I the only one with that messy configuration ?
Bruno25 said:
No joy
Code:
[email protected]:/ # mount -o remount,rw /system /system/
mount: permission denied (are you root?)
By the way, I noticed that my mount command is weird :
Code:
[email protected]:/ # which mount
/system/bin/mount
[email protected]:/ # ls -l /system/bin/mount
lrwxrwxrwx root root 2013-08-23 12:51 mount -> wrapper.sh
Content of wrapper.sh :
Code:
#!/system/bin/sh
CMD=`basename $0`
ARG="$*"
NEWARG="-o remount,rw /system /system/"
LArg=$(eval echo \$$#)
case "$CMD" in
"busybox")
if [ $1 == "mount" ] && (([ $2 == "-o" ] && ([ $3 == "rw,remount" ] || [ $3 == "remount,rw" ])) || [ $2 == "-oremount,rw" ] || [ $2 == "-oremount,rw" ]); then
if [ $LArg == "/system" ] || [ $LArg == "/system/" ]; then
/system/xbin/.mount_wrapper/mount $NEWARG
# return $?
return 0
fi
fi
/system/xbin/busybox $ARG
# return $?
return 0
;;
"mount")
if ([ $1 == "-o" ] && ([ $2 == "rw,remount" ] || [ $2 == "remount,rw" ])) || [ $1 == "-oremount,rw" ] || [ $1 == "-orw,remount" ]; then
if [ $LArg == "/system" ] || [ $LArg == "/system/" ]; then
/system/xbin/.mount_wrapper/mount $NEWARG
# return $?
return 0
fi
fi
/system/bin/toolbox mount $ARG
# return $?
return 0
;;
esac
exit 0
It may come from a previous JB busybox installation (?)
If I force the use of toolbox :
Code:
[email protected]:/ # toolbox mount -o remount,rw /system /system/
mount: Operation not permitted
Am I the only one with that messy configuration ?
Click to expand...
Click to collapse
IIRC that wrapper is included in the toolkit for the A1 root, i think @twu2 made it
Skickat från min GT-I9505 via Tapatalk
fREAST0 said:
IIRC that wrapper is included in the toolkit for the A1 root, i think @twu2 made it
Skickat från min GT-I9505 via Tapatalk
Click to expand...
Click to collapse
You remembered well: the wrapper and all the busybox links comes from the toolkit (inside the a1su.tgz file).
Bruno25 said:
You remembered well: the wrapper and all the busybox links comes from the toolkit (inside the a1su.tgz file).
Click to expand...
Click to collapse
I don't have kitkat in my a1-810 (not got any OTA about this).....
in JB, yes, mount /system command will force to use busybox to mount it (toolbox not work).
twu2 said:
I don't have kitkat in my a1-810 (not got any OTA about this).....
in JB, yes, mount /system command will force to use busybox to mount it (toolbox not work).
Click to expand...
Click to collapse
Dear twu2, since you are still with JB , could you post the content of your /default.prop ? I would like to check what should be changed in mine to get rw access to /system
/default.prop, Android 4.4.2, Acer Iconia A1-810
Code:
#
# ADDITIONAL_DEFAULT_PROPERTIES
#
ro.secure=1
ro.allow.mock.location=0
persist.mtk.aee.aed=on
ro.debuggable=0
ro.adb.secure=1
persist.sys.usb.config=mtp
persist.service.acm.enable=0
ro.mount.fs=EXT4
ro.persist.partition.support=no
Kitkat Root
twu2 said:
In A1-810, you need this command to remount /system:
Code:
mount -o remount,rw /system /system/
Click to expand...
Click to collapse
Bruno25 said:
No joy
Code:
[email protected]:/ # mount -o remount,rw /system /system/
mount: permission denied (are you root?)
By the way, I noticed that my mount command is weird :
Code:
[email protected]:/ # which mount
/system/bin/mount
[email protected]:/ # ls -l /system/bin/mount
lrwxrwxrwx root root 2013-08-23 12:51 mount -> wrapper.sh
Content of wrapper.sh :
Code:
#!/system/bin/sh
CMD=`basename $0`
ARG="$*"
NEWARG="-o remount,rw /system /system/"
LArg=$(eval echo \$$#)
case "$CMD" in
"busybox")
if [ $1 == "mount" ] && (([ $2 == "-o" ] && ([ $3 == "rw,remount" ] || [ $3 == "remount,rw" ])) || [ $2 == "-oremount,rw" ] || [ $2 == "-oremount,rw" ]); then
if [ $LArg == "/system" ] || [ $LArg == "/system/" ]; then
/system/xbin/.mount_wrapper/mount $NEWARG
# return $?
return 0
fi
fi
/system/xbin/busybox $ARG
# return $?
return 0
;;
"mount")
if ([ $1 == "-o" ] && ([ $2 == "rw,remount" ] || [ $2 == "remount,rw" ])) || [ $1 == "-oremount,rw" ] || [ $1 == "-orw,remount" ]; then
if [ $LArg == "/system" ] || [ $LArg == "/system/" ]; then
/system/xbin/.mount_wrapper/mount $NEWARG
# return $?
return 0
fi
fi
/system/bin/toolbox mount $ARG
# return $?
return 0
;;
esac
exit 0
It may come from a previous JB busybox installation (?)
If I force the use of toolbox :
Code:
[email protected]:/ # toolbox mount -o remount,rw /system /system/
mount: Operation not permitted
Am I the only one with that messy configuration ?
Click to expand...
Click to collapse
For the RW workaround, you need to place a superuser app in /system/app, an su binary in /system/bin an su binary in /system/xbin, a busybox binary in /system/bin, and an su binary in /system/bin/.ext4. The one in /system/bin/.ext4 lets you do a mount -o remount,RW /system /system/ for RW workaround. You need all 3 su binaries. Take this system.IMG.gz as an example. Do a mount -o loop to see contents. Do not flash it to tablet because it is a jellybean a1-810 image. I repeat, do not flash it.
http://forum.xda-developers.com/showthread.php?t=2240029
Press a1-810 and download the pa_cus1 image. I can't post the direct link due to the 10 post policy.
carl031462 said:
For the RW workaround, you need to place a superuser app in /system/app, an su binary in /system/bin an su binary in /system/xbin, a busybox binary in /system/bin, and an su binary in /system/bin/.ext4. The one in /system/bin/.ext4 lets you do a mount -o remount,RW /system /system/ for RW workaround. You need all 3 su binaries. Take this system.IMG.gz as an example. Do a mount -o loop to see contents. Do not flash it to tablet because it is a jellybean a1-810 image. I repeat, do not flash it.
http://forum.xda-developers.com/showthread.php?t=2240029
Press a1-810 and download the pa_cus1 image. I can't post the direct link due to the 10 post policy.
Click to expand...
Click to collapse
No joy, yet,
Code:
[email protected]:/ # ls -al /system/bin/.ext4/
lrwxrwxrwx root root 2014-08-29 22:08 su -> /system/xbin/su
[email protected]:/ # busybox mount -o remount,rw /system /system/
mount: permission denied (are you root?)
Hi All
two days ago I rooted my LAB Onepluse 7 pro , after that we succeed to connect trough ADB shell .
to connected as like as root (sudo ) we re edited the build.prop (ro.secure=0 and ro.debuggable=1 ) but after changing the ro.secure to 0 we failed to connect at all via adb ( adb devices not showing the phone ) and if we are setting only the
ro.debuggable=1 we are able to do adb shell but if we are trying to do adb root we are losing the adb connectivity .
First i suggest u to install TWRP through fastboot. And interact with it. Also check Magisk utility for better ROOT contol.
Before the build.prop was modified
jimmy123322 said:
First i suggest u to install TWRP through fastboot. And interact with it. Also check Magisk utility for better ROOT contol.
Click to expand...
Click to collapse
First the mobile was rooted with
twrp - 3.4.0.0 img , twrp-3.4.0.0 installer and Magisk-v20.4
After that i used prop editor to allowing the su root access
but unfortunately I able to access only to the shell with no option to access like adb root
and when the ro.secure is modified to 0 there is no option to access via ADB at all .
can you please be more accurate what to do.
Someone can answer
I'm quite new and have to know what to do
[email protected] said:
I'm quite new and have to know what to do
Click to expand...
Click to collapse
Try an earlier version of twrp
how to executing files via shell
last week i've asked about adb root but i didn't succeed to solve it .
means ro.secure=0 is still blocking my adb shell or adb root.
my question now is that we are trying to running iperf via the shell and not via the vysor.
but we are rejecting because permission deny.
drwxr-xr-x 3 root root 60 1970-04-21 23:37 vendor
1|OnePlus7Pro:/mnt $ ./ipef
/system/bin/sh: ./ipef: inaccessible or not found
127|OnePlus7Pro:/mnt $ ./iperf
/system/bin/sh: ./iperf: can't execute: Permission denied
126|OnePlus7Pro:/mnt $ ./iperf
/system/bin/sh: ./iperf: can't execute: Permission denied
126|OnePlus7Pro:/mnt $ ls -lrt
ls: ./media_rw: Permission denied
ls: ./asec: Permission denied
ls: ./product: Permission denied
total 168
drwxr-xr-x 3 root root 60 1970-04-21 23:37 user
drwx------ 3 root root 60 1970-04-21 23:37 secure
drwxr-xr-x 2 root system 40 1970-04-21 23:37 obb
drwxrwx--x 2 system system 40 1970-04-21 23:37 expand
lrwxrwxrwx 1 root root 21 1970-04-21 23:37 sdcard -> /storage/self/primary
drwx------ 6 root root 120 1970-04-21 23:37 runtime
drwx--x--x 2 root root 40 1970-04-21 23:37 appfuse
drwxr-xr-x 3 root root 60 1970-04-21 23:37 vendor
-rwxr-xr-x 1 root root 170480 2020-07-14 11:06 iperf
1|OnePlus7Pro:/mnt $ cd user
OnePlus7Pro:/mnt/user $ ls
0
OnePlus7Pro:/mnt/user $ cd ..
OnePlus7Pro:/mnt $ cp iperf /mnt/user/
cp: /mnt/user//iperf: Permission denied
1|OnePlus7Pro:/mnt $ cp iperf /mnt/user/
cp: /mnt/user//iperf: Permission denied
1|OnePlus7Pro:/mnt $
1|OnePlus7Pro:/mnt $
1|OnePlus7Pro:/mnt $
1|OnePlus7Pro:/mnt $
1|OnePlus7Pro:/mnt $
1|OnePlus7Pro:/mnt $
1|OnePlus7Pro:/mnt $
1|OnePlus7Pro:/mnt $
1|OnePlus7Pro:/mnt $ exit
MacBook-Pro-de-Victor-2latform-tools root#
MacBook-Pro-de-Victor-2latform-tools root#
MacBook-Pro-de-Victor-2latform-tools root# ./adb shell /data/iperf -h
/system/bin/sh: /data/iperf: can't execute: Permission denied
MacBook-Pro-de-Victor-2latform-tools root#
replaying to my self
Have use x-plore app to changing /data/app permission then iperf file was copied to this folder
1|OnePlus7Pro:/bin $
1|OnePlus7Pro:/bin $ cd /data/app
OnePlus7Pro:/data/app $ ./iperf -h
Usage: iperf [-s|-c host] [options]
iperf [-h|--help] [-v|--version]
Client/Server:
-f, --format [kmKM] format to report: Kbits, Mbits, KBytes, MBytes
-i, --interval # seconds between periodic bandwidth reports
-l, --len #[KM] length of buffer to read or write (default 8 KB)
-m, --print_mss print TCP maximum segment size (MTU - TCP/IP header)
-o, --output <filename> output the report or error message to this specified file
-p, --port # server port to listen on/connect to
-u, --udp use UDP rather than TCP
-w, --window #[KM] TCP window size (socket buffer size)
-B, --bind <host> bind to <host>, an interface or multicast address
-C, --compatibility for use with older versions does not sent extra msgs
-M, --mss # set TCP maximum segment size (MTU - 40 bytes)
-N, --nodelay set TCP no delay, disabling Nagle's Algorithm
-V, --IPv6Version Set the domain to IPv6
Server specific:
-s, --server run in server mode
-U, --single_udp run in single threaded UDP mode
-D, --daemon run the server as a daemon
Client specific:
-b, --bandwidth #[KM] for UDP, bandwidth to send at in bits/sec
(default 1 Mbit/sec, implies -u)
-c, --client <host> run in client mode, connecting to <host>
-d, --dualtest Do a bidirectional test simultaneously
-n, --num #[KM] number of bytes to transmit (instead of -t)
-r, --tradeoff Do a bidirectional test individually
-t, --time # time in seconds to transmit for (default 10 secs)
-F, --fileinput <name> input the data to be transmitted from a file
-I, --stdin input the data to be transmitted from stdin
-L, --listenport # port to receive bidirectional tests back on
-P, --parallel # number of parallel client threads to run
-T, --ttl # time-to-live, for multicast (default 1)
-Z, --linux-congestion <algo> set TCP congestion control algorithm (Linux only)
Miscellaneous:
-x, --reportexclude [CDMSV] exclude C(connection) D(data) M(multicast) S(settings) V(server) reports
-y, --reportstyle C report as a Comma-Separated Values
-h, --help print this message and quit
-v, --version print version information and quit
[KM] Indicates options that support a K or M suffix for kilo- or mega-
The TCP window size option can be set by the environment variable
TCP_WINDOW_SIZE. Most other options can be set by an environment variable
IPERF_<long option name>, such as IPERF_BANDWIDTH.
Report bugs to <[email protected]>
1|OnePlus7Pro:/data/app $
Hello all,
I'd like to braindump how I managed to make android emulator v30 work with mitm, hope that helps someone.
Since it was not possible to neither write nor make writable the /system partition, I decided to roll my own system.img and that actually worked. I'm not going to upload a script because I might not remember 100%, but I'll going to descibe the steps in full, even though they exist elsewhere. The commands might not be exact, too, so if there's a typo you'll need to figure it out yourself.
Also, it will be a bit confusing because I shall refer to 2 files named system.img, one is the 2G file that comes with android, the other is 700M or something file that you will be creating in the process. I'll refer them as #1 and #2.
1. What is needed: android studio and emulator, linux, xattr, https://github.com/LonelyFool/lpunpack_and_lpmake , https://github.com/tytso/e2fsprogs, mitmproxy, parted. Build these github projects, you'll need their binaries in the process.
also, 'mkdir build' somewhere.
2. Find system.img (#1) in your android studio installation, then extract the system partition:
$ losetup -f system.img
$ losetup -a | grep system.img
/dev/loop5
$ partprobe /dev/loop5
$ ls /dev/loop5p*
/dev/loop5p1 /dev/loop5p2
$ lpunpack_and_lpmake/bin/lpunpack /dev/loop5p2 build
$ ls build
system.img system-ext.img product.img vendor.img
$ losetup -d /dev/loop5
3. Make system.img (#2) writable and usable. This is ext4 crunched with feature shared_blocks, which makes it not really writable even in theory, as it deduplicates identical blocks in the filesystem. You'll need to convert that to a normal ext4, but, there's not enough space to do that operation. So you'll need to expand the partition to accomodate for this. How much? Empirically, I added 30M to a 700M partition:
$ ls -l system.img
700000000 # for example
$ e2fsprogs/resize/resize2fs system.img 730M
$ ls -l system.img
730000000 # for example
$ e2fsprogs/e2fsck/e2fsck -f system.img
$ e2fsprogs/e2fsck/e2fsck -E unshared_blocks system.img
$ e2fsprogs/e2fsck/e2fsck -f system.img
4. Modify the now writable partiton to your heart's content (we're still with system.img #2 here). I needed to add just one file, mitmproxy-ca-cert.cer . According to the mitmproxy docs, the name must be the hash of the certificate:
$ losetup -f system.img
$ losetup -a | grep system.img
/dev/loop6
$ mount /dev/loop6 /mnt
$ hashed_name=`openssl x509 -inform PEM -subject_hash_old -in mitmproxy-ca-cert.cer | head -1
$ echo $hashed_name
c8750f0d
$ cp mitmproxy-ca-cert.cer /mnt/system/ext/security/cacerts/$hashed_name.0
$ cd /mnt/system/ext/security/cacerts/
$ chmod 644 $hashed_name.0
Now check if your android has extra attributes in these certificate files. Mine does:
$ xattr 00abcde.0 # some random certificate
security.selinux
$ xattr -p security.selinux 00abcde.0
ubject_r:system_security_cacerts_file:s0
if yes, you'll need it on this file too:
$ xattr -w security.selinux ubject_r:system_security_cacerts_file:s0 $hashed_name.0
and be done with the partition
$ umount /mnt
$ losetup -d /dev/loop6
5. Create new super-partition, the one we used as /dev/loop5p2. You'll need the file sizes of your .img partitions, and your command to create a super.img file will look like this:
$ cat repack
#!/bin/sh
P=/android/super/1
~/src/lpunpack_and_lpmake/bin/lpmake --metadata-size 65536 --super-name super --metadata-slots 2 --device super:2496462848 --group main:2647101440 \
--partition system:readonly:786432000:main --image system=$P/system.img \
--partition system_ext:readonly:131952640:main --image system_ext=$P/system_ext.img \
--partition product:readonly:1468575744:main --image product=$P/product.img \
--partition vendor:readonly:102739968:main --image vendor=$P/vendor.img \
--output $P/super2.img
the interesting numbers are the corresponding partition sizes (in --partition), and, if f ex you increased the system.img #2 to 30M in the step 3, the number in --device:super should be the size of /dev/loop5p2 in bytes plus at least these 30M (but also okay if a bit more).
6. Finally, create a new system.img #1 . Create a backup copy of it, and then append some 30M there, and fix the partition
$ dd if=/dev/zero of=system-new.img flags=append bs=1M size=30
$ losetup -f system-new.img
$ losetup -a | grep system-new.img
/dev/loop7
$ parted /dev/loop7
GNU Parted 3.3
Using /dev/loop7
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) p
Model: Loopback device (loopback)
Disk /dev/loop7: 2444MB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags:
Number Start End Size File system Name Flags
1 1049kB 2097kB 1049kB vbmeta
2 2097kB 2443MB 2441MB super
you will need to expand the partion 2 to the max (plus minus same 30M). If is fails fix the number and retry:
(parted) resizepart 2 24460MB
Error: The location 24460MB is outside of the device /dev/loop7.
and finally copy data back:
$ partprobe /dev/loop7
$ dd if=super.img of=/dev/loop7p2 bs=1M
$ losetup -d /dev/loop7
and that's it. After that, rename system-new.img to system.img, and hopefully the emulator could run this new image.
Also, to check that the certificate is there and recognized, go to the setting/certificates/trusted certificates, the mitmproxy one should be in the list.
Hopefully this will be helpful.
Cheers!
/dk