Hey, thank you!
Yes, I really have some very important questions for someone who knows their stuff!
So: I have an almost unknown smartphone, a Beafon X5. With Android 7.0.
A great device, just for one.. "Modder" like me, a bit problematic, because absolutely no custom software can be found for it...
But now I've managed to trying Rootaccess For the device.. With your Awesome app, Mtk Easy root and magisk.
My questions :
# can I somehow change the /system/ directory to rwx 7777 for me? Because now it doesn't work, just because of the systemless root. (at least I think) The chown/chmod commands Not working.
It will be" read-only file system" every time printed. I just want to replace the boot animation.
# Question 2:
Why can I only use after every reboot, mtk-Easy-root again from new, to activate magisk?? Why didnt work magisk, Although the SU is insatlled? Only if the mtk script has been run before, I can use the superuser in the magisk Manager Serve.
Have you an idea for this Problem?
Thank you, and best wishes from germany!
by Felix
Rootbbit said:
Hey, thank you!
Yes, I really have some very important questions for someone who knows their stuff!
So: I have an almost unknown smartphone, a Beafon X5. With Android 7.0.
A great device, just for one.. "Modder" like me, a bit problematic, because absolutely no custom software can be found for it...
But now I've managed to trying Rootaccess For the device.. With your Awesome app, Mtk Easy root and magisk.
My questions :
# can I somehow change the /system/ directory to rwx 7777 for me? Because now it doesn't work, just because of the systemless root. (at least I think) The chown/chmod commands Not working.
It will be" read-only file system" every time printed. I just want to replace the boot animation.
# Question 2:
Why can I only use after every reboot, mtk-Easy-root again from new, to activate magisk?? Why didnt work magisk, Although the SU is insatlled? Only if the mtk script has been run before, I can use the superuser in the magisk Manager Serve.
Have you an idea for this Problem?
Thank you, and best wishes from germany!
by Felix
Click to expand...
Click to collapse
For question 1:
Android as a system (linux-like) mounts the system partition as ro (Read-only) by default when booting. In order to be able to modify it, you need to remount the desired partition as rw (read-write) as follows:
While being a root user (#) enter this command in adb or terminal on your phone:
Code:
mount -o rw,remount /system
To revert back to ro (you should do it after you're done), use:
Code:
mount -o ro,remount /system
For question 2:
That app is based on Mtk-su exploit. You can read an article from xda here. Basically, your device's bootloader stays locked, but root resets every reboot, because the attained privileges are only temporary. (su gets to run from /data/local/tmp).
Remember!!! You Bootloader is still locked, meaning AVB and dm-verity are still active. If you modify system (changing the total checksum), you will brick your device!!! And if you unlock the Bootloader, then what's the point of Mtk-su ..........
Hope I helped you somehow.
Schlank K:
Thank you, but I'm not a complete noobThank you, but I'm not a complete noob Thanks, really. But I tried these methods ed for a long time...
The same thing still happens, I mounted, there is no contradiction, but then nothing actually happened either...
Individual blocks can be mounted in the main directory, but not specifically the system/block. I actually only planned to do this stupid boot animation from the system/media folder. Delete/replace/rename/move zip, whatever, to finally get rid of the thing for my own ani...
And there it started. I've already spent several hours on the net to find a way. There are many options, but none have worked for me so far..
Looks like dm-verity is in effect. Disable it and then mount should work.
xXx yYy said:
Looks like dm-verity is in effect. Disable it and then mount should work.
Click to expand...
Click to collapse
Hey, thanks
I've already tried that. Detects my system Not.
AVB ( dm-verity ) is bootloader related. You typically use Fastboot to disable it.
Rootbbit said:
Hey, thanks
I've already tried that. Detects my system Not.
Click to expand...
Click to collapse
Rootbbit said:
Hey, thanks
I've already tried that. Detects my system Not.
Click to expand...
Click to collapse
In addition
xXx yYy said:
AVB ( dm-verity ) is bootloader related. You typically use Fastboot to disable it.
Click to expand...
Click to collapse
I've already tried that. My fastboot gets the same message. I have already tried the system block mounting, via dev/blocks/ but there I also get the read-only message.
Or mounting via busybox, I've already done everything.
I've googled a lot about it, and found nothing else that helps , otherwise I wouldn't have asked here on xda.
There are these read-only ROMs, how do I recognize them? Is ext4 not also read-only from manufacturer from
Thanks, guys
is your bootloader unlocked!?
you know disable-verity is adb applet, don't you?
you have been warned don't do this on locked bootloader. happy bricking..
btw there is such thing like magisk modules no need to modify system partition at all. just read the Magisk Developer Guides Module Tricks section
Related
Hello
Have unlocked the phone and installed custom android OS a while ago, but then all of a sudden i do not have root access anymore, even tryed to reinstall the phone. Though i do have a bad feeling about it wasn't needed
My problems is that im unable to give programs root access, it looks like the phone is not rooted acording to the programs.
Also if i try the following:
adb shell
su
then i get "permission denied"
Can't seem to figure out where my flaw is. Even tryed to
Anyone got an idea to what the problem might be? Have looked through the nexus s forum for clues but no luck.
/Fonain
fonain said:
Hello
Have unlocked the phone and installed custom android OS a while ago, but then all of a sudden i do not have root access anymore, even tryed to reinstall the phone. Though i do have a bad feeling about it wasn't needed
My problems is that im unable to give programs root access, it looks like the phone is not rooted acording to the programs.
Also if i try the following:
adb shell
su
then i get "permission denied"
Can't seem to figure out where my flaw is. Even tryed to
Anyone got an idea to what the problem might be? Have looked through the nexus s forum for clues but no luck.
/Fonain
Click to expand...
Click to collapse
Most likely the permissions on the su binary are f'd up (assuming it's present). The easiest fix is just to reflash the su binary (mount /system first) through CWM.
do you by any chance have a guide to do that? or a link to one?
fonain said:
do you by any chance have a guide to do that? or a link to one?
Click to expand...
Click to collapse
There are several rooting guides here if you do not have CWM installed:
http://forum.xda-developers.com/showthread.php?t=1067813
They will go over quite a few things. However, if you are unlocked and have fastboot set up it's as simple as downloading the recovery image, and then using fastboot to flash the recovery (fastboot flash recovery recovery.image.name.img)
Once CWM is installed boot into recovery and flash the su binary here:
http://forum.xda-developers.com/showthread.php?t=682828
well the funny thing is that i already have 2.3.6.1 installed, but i still dont have su rights.
When i try to follow the buttom guide where to install superuser. where it states that i should write "adb remount". Then i get the message back where it says "Operation not allowed", or when i type su i get the message "permission denied".
I seriously don't understand what i have done wrong :S
/Fonain
krohnjw said:
Most likely the permissions on the su binary are f'd up (assuming it's present). The easiest fix is just to reflash the su binary (mount /system first) through CWM.
Click to expand...
Click to collapse
Thanks for this, solved my issue
thanks figured it out
/Fonain
Sorry to bring back an old topic, but Ive petty much done everything and still the SU no permission no root access for everything occurs. NO TIT backup, no rommanager, no nothing T_T, why???
try chmod the folder/file or using sudo
james7132 said:
try chmod the folder/file or using sudo
Click to expand...
Click to collapse
Can you elaborate please. Whats chmod or sudo and how do I go about doing them?
Hi!
Is there a root available or in the works for the dual-screen NEC Medias W N-05E?
The question has been asked (no answer so far) at the end of a thread under the N-05D but that's a quite different model.
I'd like to create a separate thread for this model to give it more visibility. Hope that's ok!
Thanks in advance!
bohemianRhapsody said:
Hi!
Is there a root available or in the works for the dual-screen NEC Medias W N-05E?
The question has been asked (no answer so far) at the end of a thread under the N-05D but that's a quite different model.
I'd like to create a separate thread for this model to give it more visibility. Hope that's ok!
Thanks in advance!
Click to expand...
Click to collapse
OK! I've made some progress on this: the japanese blogger "dupondroid" appears to say that run_root_shell (hosted at github)
successfully gives temp root. At least, that's my necessarily blurry understanding via google translate. Would any japanese readers here be able to post a better translation?
And a thread at r-2ch dot com links to the github commit in run_root_shell which made that possible: it's commit ID 811be8639aed64c158798a72a1d520a4d21e8b8b "Support N-05E"
Code:
+ { "N-05E", "A1000311", 0xc0094430, 0xc0093ebc }
So it definitely seems temp root is possible.
Sorry for the lack of links but I'm a new user so can't add them for now.
root is easy
bohemianRhapsody said:
OK! I've made some progress on this: the japanese blogger "dupondroid" appears to say that run_root_shell (hosted at github)
successfully gives temp root. At least, that's my necessarily blurry understanding via google translate. Would any japanese readers here be able to post a better translation?
And a thread at r-2ch dot com links to the github commit in run_root_shell which made that possible: it's commit ID 811be8639aed64c158798a72a1d520a4d21e8b8b "Support N-05E"
Code:
+ { "N-05E", "A1000311", 0xc0094430, 0xc0093ebc }
So it definitely seems temp root is possible.
Sorry for the lack of links but I'm a new user so can't add them for now.
Click to expand...
Click to collapse
root is easy via a tool called impactor.
however it's only temporary, I couldn't get /system mounted for rw. so I made a new recovery image to push.
that didn't work either, although I cannot write to recovery there is no error. recoverybkp was successful.
Also I found that the code to enter in recovery mode is based on your imei.
If I remember correctly digit 2,12,13,14 of your imei.
So possible attack vectors are:
1) kernel module to unlock partitions
2) figure out how update.dat files are constructed.
3) write to recovery partition
it0 said:
root is easy via a tool called impactor.
however it's only temporary, I couldn't get /system mounted for rw. so I made a new recovery image to push.
that didn't work either, although I cannot write to recovery there is no error. recoverybkp was successful.
Also I found that the code to enter in recovery mode is based on your imei.
If I remember correctly digit 2,12,13,14 of your imei.
So possible attack vectors are:
1) kernel module to unlock partitions
2) figure out how update.dat files are constructed.
3) write to recovery partition
Click to expand...
Click to collapse
I can't seem to get anything to work i'v tried Impactor did not work just gave me errors also tried run_root_shell but had to have some device.db file with I didn't really figured out, could some one please help?
Lukas_a_1996 said:
I can't seem to get anything to work i'v tried Impactor did not work just gave me errors also tried run_root_shell but had to have some device.db file with I didn't really figured out, could some one please help?
Click to expand...
Click to collapse
I used impactor 0.9.14, you just hook up the phone using microusb and put the phone in usb debugging mode under development options. then selecct "# start telnetd as root on port 22" from the pulldown and click start.
Then using a tool like putty ,telnet to your phone on port 22 (make sure it's connected to you wifi network when you do).
What android version are you running ? 4.1.2 is vulnarable for this attack.
it0 said:
I used impactor 0.9.14, you just hook up the phone using microusb and put the phone in usb debugging mode under development options. then selecct "# start telnetd as root on port 22" from the pulldown and click start.
Then using a tool like putty ,telnet to your phone on port 22 (make sure it's connected to you wifi network when you do).
What android version are you running ? 4.1.2 is vulnarable for this attack.
Click to expand...
Click to collapse
Thanks for the reply . I tried to run the command in impactor but whatever i do i get "Signature bugs unavailable" could it be that i have the wrong ADB drivers installed or is my Impactor setup wrong?
Edit: yeah im running 4.1.2 Build A1001231
You could try if you can just get an adb connection working.
with commands like
adb devices
adb shell
If that works then the rest should work as well.
it0 said:
You could try if you can just get an adb connection working.
with commands like
adb devices
adb shell
If that works then the rest should work as well.
Click to expand...
Click to collapse
All the adb commands basically work but nothing works with impactor i just get error
it0 said:
You could try if you can just get an adb connection working.
with commands like
adb devices
adb shell
If that works then the rest should work as well.
Click to expand...
Click to collapse
Bump!
How to Root Medias N05e
Dear All Pro
Does anyone show me how to root N05e? because there is very few information about that. I want to Swapfile to increase Ram size but it required N05e must be rooted.
So if anyone have any information about N05e, please share. Thanks
nguyenbuulam said:
Dear All Pro
Does anyone show me how to root N05e? because there is very few information about that. I want to Swapfile to increase Ram size but it required N05e must be rooted.
So if anyone have any information about N05e, please share. Thanks
Click to expand...
Click to collapse
There is a way for temp root N05E, basically u can use pm disable command or other su stuff. But u cannot mount system rw right now.
Some news about rooting
If someone in doubt, temp root is 100% working with run_root_shell https://github.com/android-rooting-tools/android_run_root_shell
With this I was able to copy full system, boot and recovery image. But I can't push new boot or recovery.
More than that, almost all fuctions in standard recovery mode (available through "reboot recovery" in root shell) are protected with some code. And it's not 2,11,12,13 numbers of IMEI.
Anyone know where to get this code? Or how to write new boot, recovery image? If we do so, we can get permanent root access =)
Maybe someone have Japanese friends? Search all English web, but maybe in Japan web there are some info.
P.S. with Impactor you only can start talnetd from root, becouse Impactor can't remount /system in rw mode and ro.kernel.qemu=1 option is not working
How to enter recovery mode?
Despite starting this thread, in the end I never did bother to attempt rooting.
Anyway, unfortunately now the phone refuses to boot. Not triggered by anything obvious, haven't installed any new software recently, etc. Just hung one day and then when I removed and re-inserted the battery, it won't get any further than the "docomo" splash screen. I.e. the OS doesn't appear to be getting bootstrapped at all. The "docomo" splash screen appears and disappears then the phone sits there with both screens powered up but blank.
As it happens, I had ADB Debug enabled in the developer options at the time, so I've tried to see if I can adb shell into the device, but no luck. Not surprised as it's clearly not getting far enough into the boot for that to work.
Any other suggestions? From the way it happened I do suspect it might just be hardware failure....
Not even sure how I enter recovery mode -- what are the key combinations for this?
bohemianRhapsody said:
Despite starting this thread, in the end I never did bother to attempt rooting.
Any other suggestions? From the way it happened I do suspect it might just be hardware failure....
Not even sure how I enter recovery mode -- what are the key combinations for this?
Click to expand...
Click to collapse
In recovery mode, clear cache, etc..
To get there hold volume down and power at the same time,then you'll see the broken android then wait/ press vol down a couple of times to see the menu.
GRbit said:
Some news about rooting
If someone in doubt, temp root is 100% working with run_root_shell https://github.com/android-rooting-tools/android_run_root_shell
With this I was able to copy full system, boot and recovery image. But I can't push new boot or recovery.
More than that, almost all fuctions in standard recovery mode (available through "reboot recovery" in root shell) are protected with some code. And it's not 2,11,12,13 numbers of IMEI.
Anyone know where to get this code? Or how to write new boot, recovery image? If we do so, we can get permanent root access =)
Maybe someone have Japanese friends? Search all English web, but maybe in Japan web there are some info.
P.S. with Impactor you only can start talnetd from root, becouse Impactor can't remount /system in rw mode and ro.kernel.qemu=1 option is not working
Click to expand...
Click to collapse
did you ever figure out the recovery keys?
hamishhhhs said:
did you ever figure out the recovery keys?
Click to expand...
Click to collapse
No I didn't(
I'm actually sold this phone and lost interest in the topic.
GRbit said:
No I didn't(
I'm actually sold this phone and lost interest in the topic.
Click to expand...
Click to collapse
do you by chance still have the files you dumped?
Ive teamed with a friend in twitter to try and make a rom for this but I haven't gotten very far
hamishhhhs said:
do you by chance still have the files you dumped?
Ive teamed with a friend in twitter to try and make a rom for this but I haven't gotten very far
Click to expand...
Click to collapse
Sorry, but this was too long time ago. Nothing left
GRbit said:
Sorry, but this was too long time ago. Nothing left
Click to expand...
Click to collapse
how would j be able to get the files from my phone?
hamishhhhs said:
how would j be able to get the files from my phone?
Click to expand...
Click to collapse
I dunno man.
I've already described (in the first post you have quoted) what I achieved with this github repo https://github.com/android-rooting-tools/android_run_root_shell . That's all I've got.
Have a question about the mount settings in my recovery. I know that target box means it is mounted/RW and untagged is unmounted/Ro. But my /system partition keeps getting set to Ro and when i need to flash things it needs to be on RW. Is that bc my device is Samsung and thereforth has protected bootloader set? I'v been reading trough script files and think i can adjust some of them so they mount as RW instead of Ro. I know that /system is set to RO bc of safe against accidental alteration/removement. But it would be much easier to flash or install updates/programs/apps/etc that way. Hope anyone can give some advice for me.
P.S. i use the ROM Toolbox Lite Scripter bc it has a lot standard scripts already and changing them is easy. And u can just copy that script into an Terminal Emulgator thats rooted and then run it to alter/install it so u can read back whats been changed?
A. Nieveen said:
Have a question about the mount settings in my recovery. I know that target box means it is mounted/RW and untagged is unmounted/Ro. But my /system partition keeps getting set to Ro and when i need to flash things it needs to be on RW. Is that bc my device is Samsung and thereforth has protected bootloader set? I'v been reading trough script files and think i can adjust some of them so they mount as RW instead of Ro. I know that /system is set to RO bc of safe against accidental alteration/removement. But it would be much easier to flash or install updates/programs/apps/etc that way. Hope anyone can give some advice for me.
P.S. i use the ROM Toolbox Lite Scripter bc it has a lot standard scripts already and changing them is easy. And u can just copy that script into an Terminal Emulgator thats rooted and then run it to alter/install it so u can read back whats been changed
Click to expand...
Click to collapse
Usually, the ROM updater script will mount/unmount system. I do not know if that is the case here.
Hello All! I am me2151.
I am here to tell you some kind of good news.
We have achieved a temporary root shell using a modified recowvery script. Originally Recowvery installed a custom "recovery" but I have modified it to instead create a temporary root shell using the System_Server SELinux context and disable the flashing portion of the script. Yes we are still limited until we can get Kernel or Init context but I am working on that as well.
This exploit will be useful down the line because of one major thing. WE CAN INSERT KERNEL MODULES!!! But they need to be signed. So I am releasing this out here so we can take the next step into our full root! We also have rw to the /data partition and changes save over a reboot.
If we can get someone to sign a kernel module that the system accepts we can set SELinux to permissive.
This exploit SHOULD work for all variants.
NOTE: This should only be used by devs who know what they are doing.
Instructions(this should work on MacOS and Linux only!):
Download linked file below.
Extract to either adb directory OR a directory you have adb access in.
Give execute permissions to temp.sh.
Run temp.sh.
When you are all done with your exploring and stuff type "Reboot" to reboot normally.
https://drive.google.com/open?id=0B8CP3g3AqMuHcmNJUUJWLUJUelE
Credit:
@jcadduono - For recowvery, and pointing me in the right direction on IRC.
@brenns10 - Wrote the lsh used in the exploit to spawn the shell.
The group over here for ideas and solutions.
Very cool work! Glad to see people putting my shell (such as it is) to good use. Wish I had a V20 to try it out
I don't think you'll ever be able to sign a kernel module (SHA512 hash). You'd probably have better luck signing your own boot image.
Here's a theory to toy with:
I think the way to do it would be to gain read access to /init binary allowing you to dirtycow /init with the same init binary but change a very specific (but not vital to system integrity) set of instructions to point back to the setenforce code with a value of 0 without disturbing the rest of the binary/instructions. This way, init should continue running without crashing and taking down the whole system, and you can do something that might trigger that specific instruction set - which would then result in selinux becoming permissive.
This is beyond me, unfortunately. This method would also be very device specific until someone also finds an intelligent way to read init, modify instructions, then dirtycow it back.
I think system server context might be able to read init?
Once you get your permissive selinux, you'll also have to deal with Unix capabilities limitations (find a way around them).
jcadduono said:
I don't think you'll ever be able to sign a kernel module (SHA512 hash). You'd probably have better luck signing your own boot image.
Here's a theory to toy with:
I think the way to do it would be to gain read access to /init binary allowing you to dirtycow /init with the same init binary but change a very specific (but not vital to system integrity) set of instructions to point back to the setenforce code with a value of 0 without disturbing the rest of the binary/instructions. This way, init should continue running without crashing and taking down the whole system, and you can do something that might trigger that specific instruction set - which would then result in selinux becoming permissive.
This is beyond me, unfortunately. This method would also be very device specific until someone also finds an intelligent way to read init, modify instructions, then dirtycow it back.
I think system server context might be able to read init?
Once you get your permissive selinux, you'll also have to deal with Unix capabilities limitations (find a way around them).
Click to expand...
Click to collapse
if system_server can read init then thats a serious flaw.... Question for you. you said it would be very device specific. does that mean its unique for each individual phone or each model?
EDIT:Unfortunately we only have access to the init.rc not the binary it self.
@jcadduono I appreciate your input and direction in this matter another idea we have been toying with is
We have the aboot boot recovery and system dump. From the tmob variant would it be possible to make a tot from that for our devices changing the props to match our device, build, and carrier info? We can also pull apks from /system/apps and /privapps to our ext sdcard
@me2151, @jcadduono, @brenns10: Great work guys, keep it up. Good to see some people are trying for root. What model/s are being tested, or should this theoretically work on all models? Whilst you probably aren't doing it for the cash, there is a bounty I hope someone can claim soon, for a functonal root alone (not boot unlock) posted on this board.
RoOSTA
roosta said:
@me2151, @jcadduono, @brenns10: Great work guys, keep it up. Good to see some people are trying for root. What model/s are being tested, or should this theoretically work on all models? Whilst you probably aren't doing it for the cash, there is a bounty I hope someone can claim soon, for a functonal root alone (not boot unlock) posted on this board.
RoOSTA
Click to expand...
Click to collapse
It should work on all models. I personally use a sprint model(LS997). I think it MAY have been tested on VZW as well.
I can confirm that work on H990DS
Sent from my MI PAD using XDA-Developers mobile app
We know from earlier LG phone releases that the laf partition when bypassed in some way (corrupted, etc) aboot will boot to fastboot when going into download mode. It was my thought that the bootloader could be unlocked from there. However corrupting laf eliminates device recovery. Catch-22.
I think the best way to proceed is to get a working .TOT first which is just a waiting game. That would ensure device recovery and replacing the bootloader in the .TOT and signing it with something unlockable.
This is a great way to explore the locked phones in the meantime, thanks.
ATT Pretty Please
me2151 said:
Hello All! I am me2151.
I am here to tell you some kind of good news.
We have achieved a temporary root shell using a modified recowvery script. Originally Recowvery installed a custom "recovery" but I have modified it to instead create a temporary root shell using the System_Server SELinux context and disable the flashing portion of the script. Yes we are still limited until we can get Kernel or Init context but I am working on that as well.
This exploit will be useful down the line because of one major thing. WE CAN INSERT KERNEL MODULES!!! But they need to be signed. So I am releasing this out here so we can take the next step into our full root! We also have rw to the /data partition and changes save over a reboot.
If we can get someone to sign a kernel module that the system accepts we can set SELinux to permissive.
This exploit SHOULD work for all variants.
NOTE: This should only be used by devs who know what they are doing.
Instructions(this should work on MacOS and Linux only!):
Download linked file below.
Extract to either adb directory OR a directory you have adb access in.
Give execute permissions to temp.sh.
Run temp.sh.
When you are all done with your exploring and stuff type "Reboot" to reboot normally.
https://drive.google.com/open?id=0B8CP3g3AqMuHcmNJUUJWLUJUelE
Credit:
@jcadduono - For recowvery, and pointing me in the right direction on IRC.
@brenns10 - Wrote the lsh used in the exploit to spawn the shell.
The group over here for ideas and solutions.
Click to expand...
Click to collapse
At the moment all I am using root for is to add a line within my build.prop to disable Tethering checks, so I can tether at full 4G speed and not get throttled. Would this be possible using the method above, or would build.prop immediately get replaced at the reboot?
Thanks, and keep up the good work!
NRadonich said:
At the moment all I am using root for is to add a line within my build.prop to disable Tethering checks, so I can tether at full 4G speed and not get throttled. Would this be possible using the method above, or would build.prop immediately get replaced at the reboot?
Thanks, and keep up the good work!
Click to expand...
Click to collapse
no. it is a tcp root shell that can only do a few things such as kernel modules.. only section we were able to write to and have it stick was the /data partition which wont help you in this scenario
elliwigy said:
no. it is a tcp root shell that can only do a few things such as kernel modules.. only section we were able to write to and have it stick was the /data partition which wont help you in this scenario
Click to expand...
Click to collapse
So if we can write to data partition then in theory can we adb push to it using this? I ask because I'd like to install some tbo apps that normally would require flashing. But if we could push them we would be solid
markbencze said:
So if we can write to data partition then in theory can we adb push to it using this? I ask because I'd like to install some tbo apps that normally would require flashing. But if we could push them we would be solid
Click to expand...
Click to collapse
Unfortunately its a tcp shell. not a pure adb shell. so we cannot push or pull to those directories
Wow great progress keep up the good work. You guys are helping those assholes from LG sell more phones. Obviously some people have not made the switch because the lack of root. Root users are very influential leaders to get others to try out a new device.
Sent from my LG-LS997 using XDA-Developers mobile app
Works on the LG G5 also...
Hey guys, with the expectation of many that 'root is coming' to the other v20 models...are we likely to see the same type of root format that applied to the LG G4, where you have to (either) download or rip your own image to a PC. Use commands to insert root, then reflash to the device?
Any root is better than nothing, I know...but I ask because with the amount of software updates for the G4 (v10c software through to v10k before MM came out), meant the sheer amount of times you'd have to go through this process to keep your phone up to date whilst maintaining root was extremely frustrating - as it also meant xposed and related settings/apps needed to be reinstalled each time you performed an OTA update and re-flashed root.
Is this going to be a side effect of dealing with a locked bootloader? PS: If I sound dumb, it's probably because I am.
RoOSTA
roosta said:
Hey guys, with the expectation of many that 'root is coming' to the other v20 models...are we likely to see the same type of root format that applied to the LG G4, where you have to (either) download or rip your own image to a PC. Use commands to insert root, then reflash to the device?
Any root is better than nothing, I know...but I ask because with the amount of software updates for the G4 (v10c software through to v10k before MM came out), meant the sheer amount of times you'd have to go through this process to keep your phone up to date whilst maintaining root was extremely frustrating - as it also meant xposed and related settings/apps needed to be reinstalled each time you performed an OTA update and re-flashed root.
Is this going to be a side effect of dealing with a locked bootloader? PS: If I sound dumb, it's probably because I am.
RoOSTA
Click to expand...
Click to collapse
it shouldnt be an expectation as weve made it clear we do not have root and are hitting hurdles.. we have been advised we need to atack selinux and or the bl but at this point were wanting to try to use debug firmware which hoprfully would allow a bl unlock..
unfortunately nobody can creat a .tot with the debug firmware at al and theres no way at all to flash the images..
we need to somehow leverage an exploit to gain a temp adb root shell before we could even attempt anything and this has not been done in a way thats useful to us..
unfortunately we need more experienced devs at this point.
LG Australia (and as such, Taiwan) have effectively confirmed their H990DS v20 mobile phone's bootloader is confirmed as being unlockable. However (and for no apparent reason) they will not confirm why one region have released a variant of the phone with the bootloader unlock and why they are refusing this to others phones/regions. Because of course, they have zero training and information about anything related to their company expect for goods released in a specific region. That comes from a 'product expert'
Titanium Backup
Howdy,
Just reading through the thread, I understand that it's not quite a "full" root, but would it be enough to run Titanium Backup? I'm hoping to move away from root access with my V20 but it would be really helpful if I could do it temporarily, restore some application and data backups, reboot and uninstall Titanium.
Tim
most of members the old method didn't work with him so i decide to make a pre rooted rom
*Do It AT YOUR OWN RISK!* I am not responsible for ANY damage to your device
Here is the video in how to install it all link that you will need it i put it in description of the video
please don't forget to hit thanks it takes 5 days from me to upload it
[YOUTUBE]
https://www.youtube.com/watch?v=NS0Ggcq0TfU[/YOUTUBE]
also you can open the video from here
https://www.youtube.com/watch?v=q8OT36kfo24
Tears of Joy . Woks Perfect.. Thank you @faw_wal
DDwhite said:
Tears of Joy . Woks Perfect.. Thank you @faw_wal
Click to expand...
Click to collapse
You Welcome
Many thanks faw_wal
I could place it in writing. the steps to follow
I do not know which file I should download first.
Additional I would like to know if you could share a script or a way to remove verizon apps, and keep a clean phone as if it were a total samsung
Thanks for this faw_wal
zpeady said:
Many thanks faw_wal
Click to expand...
Click to collapse
Enjoy
jotademanuel said:
I could place it in writing. the steps to follow
I do not know which file I should download first.
Additional I would like to know if you could share a script or a way to remove verizon apps, and keep a clean phone as if it were a total samsung
Click to expand...
Click to collapse
I'm sorry but it's a lot of steps to write it follow the video if video show to you black screen tonight i'm gonna to fix this problem
no-go
Tried many times, unable to get past the mounting of /system. Hard lock-up.
Edit: Had root on 7.0 finally. Looked like I was using the wrong sboot. I have too many...
Note: Tried to update superSU after I had everything how I wanted it. Lost root. Had to start over. Use caution...
I have gotten my phone rooted thanks for your help.
Now we need to find a way to bypass the system rw,remount freeze, which I think is being controlled by smu_protection or something like that.
EvilRubberDuck said:
Thanks for this faw_wal
Click to expand...
Click to collapse
You Welcome
AndroidFan16 said:
I have gotten my phone rooted thanks for your help.
Now we need to find a way to bypass the system rw,remount freeze, which I think is being controlled by smu_protection or something like that.
Click to expand...
Click to collapse
I think you phone now is rooted and you can mount system as rw just start adb
write adb shell then write su it will ask to get root from your device and then retry if doesn't work with download any explorer app like root explorer and you can edit system from it
lyphe said:
Tried many times, unable to get past the mounting of /system. Hard lock-up.
Click to expand...
Click to collapse
did you get root in super su ?
It works for the mount /system via adb? because I did it from root explorer but it freezes again, if works via adb, tell me, Im now in the 5.1.1 android rom version
does not work video ((
faw_wal said:
You Welcome
I think you phone now is rooted and you can mount system as rw just start adb
write adb shell then write su it will ask to get root from your device and then retry if doesn't work with download any explorer app like root explorer and you can edit system from it
Click to expand...
Click to collapse
Tried it on both, including
Code:
mount -o rw,remount /system
Freezing up
Especially with Amaze. Tried to write on the system partition and it hangs until I do a fresh reboot.
Has anyone tried if Samsung pay still works after root?
Ok, I'm in this nougat rom now, but the writable system still as a dream for us. I'll go back to the stock and enjoy of my Samsung apps instead of freezing my phone. Has someone knowledge about change the imei of this device? I want root for this. Or, if you know how to reboot the lollipop rooted rom correctly, can you explain me how?
Sent from my SM-G920V using XDA-Developers Legacy app
faw_wal said:
did you get root in super su ?
Click to expand...
Click to collapse
Edited original post. Finally got it working, but then lost it trying to update superSU binary.
ok i will corporate with @AndroidFan16 to figure what is the problem and when solve it i will publish it here
aceisaneight said:
Has anyone tried if Samsung pay still works after root?
Click to expand...
Click to collapse
Unsure if it "works" or not, as I never use it. However... It is bothering me to add my VISA-XXXX to Android Pay after boot. I'd say fairly good chance it does, simply because this root has thus far not touched /system for most of us. I do believe that is the red flag for SafetyNet/Pay (but I dunno. It does ask me however...)