Related
Hi all.
I have a HTC desire (s-on) which i rooted the other day using unrevoked 3.21 and i think it worked because i have the superuser app in the drawer.
I want to have a2sd+ support for my stock rom. I believe i need init.d enabled before i can have a2sd+ but for init.d to be enabled i need busybox installing correctly to /system/xbin
I dont want to install another rom
1) Can someone tell me how to install busybox to the /system/xbin folder? I have managed to push the binary file into the folder from recovery mode, do i need to do any more?
2) while attempting to enable init.d (following this method http://forum.xda-developers.com/showpost.php?p=10216688&postcount=1 ) it says to ensure you have 'flash_image binary, usually provided by unrEVOked under /data/local/flash_image' how can i check i have this?
3) in step 5 of the above post it says to obtain shell and become root. How is this done? if a type 'adb shell' and press enter the type 'su' it says sbin/sh: su: not found.
Is there an update.zip that can do all this for me? (lazy i know)
Sorry for the long post.
Hello,
i am working on chinese android tablet called "MID-U705B". The device came half rooted i guess. I am getting an # in the adb shell, even without running "su", right from the start of adb shell. Nevertheless i am not able to run any root apps. When i am trying to call a root shell command from my app i am getting: [java.io.IOException] : write failed: EPIPE (Broken pipe).
There is a su file inside my /system/xbin folder and i also created a symbolic link to it in /system/bin.
Does someone know how to get full root access on this devices? Whats missing?
Thanks for your help and advice!
Best regards,
Hans
skatehans said:
Hello,
i am working on chinese android tablet called "MID-U705B". The device came half rooted i guess. I am getting an # in the adb shell, even without running "su", right from the start of adb shell. Nevertheless i am not able to run any root apps. When i am trying to call a root shell command from my app i am getting: [java.io.IOException] : write failed: EPIPE (Broken pipe).
There is a su file inside my /system/xbin folder and i also created a symbolic link to it in /system/bin.
Does someone know how to get full root access on this devices? Whats missing?
Thanks for your help and advice!
Best regards,
Hans
Click to expand...
Click to collapse
If you can get root on ADB then just install SuperSU app and its binaries and you are good to go.
Flashing the attached ZIP will install SuperSU app and everything it requires to function.
NOTE: You probably need a custom recovery because the zip isn't signed.
Thanks for your reply!
Unfortunately i dont have a custom recovery because its a no name device an there does not exist a custom recovery for this device. Is there any way to install this without a custom recovery? What happens when i try to flash it from a (chinese) stock-recovery?
skatehans said:
Thanks for your reply!
Unfortunately i dont have a custom recovery because its a no name device an there does not exist a custom recovery for this device. Is there any way to install this without a custom recovery? What happens when i try to flash it from a (chinese) stock-recovery?
Click to expand...
Click to collapse
You should be able to flash it via fastboot.
Thats the next Problem. I cant boot into fastboot mode. When i execute "adb reboot bootloader" or "adb reboot download" the device boots up like normal, so i guess fastboot is not available on this device.
Do you know any other way?
I was wondering in a inid script how would I get a root command to execute a root command on a systemless install of SuperSU.
Because the
#!/system/bin/sh
Doesn't work
Phone is Samsung A50 (A505F), Android 11,
1) As title.. how do you do that? I will keep stock ROM.
Only want to root to debloat, and add other apps that require root.
2) Also if you use kingroot, does it unlock the bootloader?
3) If you relock a bootloader does it remove root?
Will relocking erase user data?
Thank you
Generally speaking - with regards to this thread's title:
Rooting phone's Android works without unlocking it's bootloader. Rooting Android simply is adding an user called "superuser ( AKA root )" to Android.
Reason why people unlock bootloader is to be able to flash custom ROMS.
rossrosh007 said:
1) As title.. how do you do that?
2) Also if you use kingroot, does it unlock the bootloader?
Is the kingroot app required to be installed at all times to keep root?
3) If you relock a bootloader does it remove root?
Will relocking erase user data?
Phone is Samsung A50 (A505F)
Thank you
Click to expand...
Click to collapse
Rooting without unlocking bootloader only works on
4.2 jellybean
4.4 KitKat
5.0 lollipop
5.1.1. lollipop
All of the other version of android will not work because in android 6 marshmallow google patched root without unlocking bootloader so this means if u are on Android 6 marshmallow it will not work also if u are on Android 6 marshmallow and higher don't brother with kingroot or all of that one click root because that will not work I would recommend magisk to root your phone
@rossrosh007
Hint: Add Samsung A50 (A505F) to this thread's title thus mainly owners of such a device get addressed.
Austinredstoner said:
Rooting without unlocking bootloader only works on
4.2 jellybean
4.4 KitKat
5.0 lollipop
5.1.1. lollipop
All of the other version of android will not work because in android 6 marshmallow google patched root without unlocking bootloader so this means if u are on Android 6 marshmallow it will not work also if u are on Android 6 marshmallow and higher don't brother with kingroot or all of that one click root because that will not work I would recommend magisk to root your phone
Click to expand...
Click to collapse
I'm on Android 11.
Ok, so I have to patch boot.img with magisk or magisk manager (I don't know the difference)? On GitHub the latest version is just magisk v22.
So to use magisk unlocking bootloader is required... I'll be keeping stock ROM. So will I be able to relock bootloader after patching and rooting?
jwoegerbauer said:
Generally speaking - with regards to this thread's title:
Rooting phone's Android works without unlocking it's bootloader. Rooting Android simply is adding an user called "superuser ( AKA root )" to Android.
Reason why people unlock bootloader is to be able to flash custom ROMS.
Click to expand...
Click to collapse
I'm on Android 11, and I'll keep stock Rom.
How can I flash SuperSU without custom recovery or unlocking bootloader?
If I have to unlock bootloader, can I relock it after flashing SuperSU?
rossrosh007 said:
I'm on Android 11, and I'll keep stock Rom.
How can I flash SuperSU without custom recovery or unlocking bootloader?
If I have to unlock bootloader, can I relock it after flashing SuperSU?
Click to expand...
Click to collapse
Don't confuse SuperSU ( what is an application which lets you manage root permissions for apps which require root access) and SU ( AKA superuser and/or root ): Totally different things.
SuperSU app relies on presence of SU applet.
Installing SU applet doesn't require phone's bootloader gets unlocked, but it's required Android's DM-VERITY feature permanently gets disabled before, this because content of /system partition gets altered.
Look also inside here:
SuperSU: Installation Guide (Rooted and Unrooted Devices)
There are two ways to install SuperSU. If you have a Rooted Device then you can simply download this APK file and install it on your device. For unrooted de
www.squto.com
jwoegerbauer said:
Don't confuse SuperSU ( what is an application which lets you manage root permissions for apps which require root access) and SU ( AKA superuser and/or root ): Totally different things.
SuperSU app relies on presence of SU applet.
Installing SU applet doesn't require phone's bootloader gets unlocked, but it's required Android's DM-VERITY feature permanently gets disabled before, this because content of /system partition gets altered.
Look also inside here:
SuperSU: Installation Guide (Rooted and Unrooted Devices)
There are two ways to install SuperSU. If you have a Rooted Device then you can simply download this APK file and install it on your device. For unrooted de
www.squto.com
Click to expand...
Click to collapse
Ok. SuperSU app is the permission manager.
How do I go about implementing superuser without unlocking bootloader on Android 11?
Unlocking BL is required when using magisk. I'll be keeping stock ROM, so will I be able to relock BL after patching boot.img with magisk? Will root/superuser stay if I relock BL?
Some threads say the magisk patched boot.img is considered tampered and the DM-verity will cause issues when relocking BL. Unless you sign it... Is that true? (Different users saying true and false, so I don't know what is what)
1. You install matching SU applet by means of ADB. The SU applet can get fetched from here
LineageOS Downloads
download.lineageos.org
2. Can't tell you what is right or wrong: never made use of Magisk or TWRP.
jwoegerbauer said:
1. You install matching SU applet by means of ADB. The SU applet can get fetched from here
LineageOS Downloads
download.lineageos.org
2. Can't tell you what is right or wrong: never made use of Magisk or TWRP.
Click to expand...
Click to collapse
Fair enough on point 2
The SU from LineageOS not a problem to use on Samsung stock Rom? I mean that SU applet not developed to be compatible with LineageOS only or something?
Any instruction on how to apply this SU applet will be useful. (I'm searching through the forum as well)
Only to clarify things:
SU is a Linux command, Android is based on Linux kernel, hence SU applet compiled for mobile's CPU architecture always works, regardless of mobile's brand / model / Android release.
As I already mentioned here, you can install SU by means of a ADB command-sequence which typically looks like this
Code:
adb disable-verity
adb reboot
adb shell "mount -t auto -o rw,remount /system"
adb push <SU-BINARY-LOCATION-ON-PC-HERE> /system/bin
adb shell "chown root:root /system/bin/su"
adb shell "chmod 06755 /system/bin/su"
adb shell "chcon '/system/bin/su' u:object_r:su_exec:s0"
jwoegerbauer said:
Only to clarify things:
SU is a Linux command, Android is based on Linux kernel, hence SU applet compiled for mobile's CPU architecture always works, regardless of mobile's brand / model / Android release.
As I already mentioned here, you can install SU by means of a ADB command-sequence which typically looks like this
Code:
adb disable-verity
adb reboot
adb shell "mount -t auto -o rw,remount /system"
adb push <SU-BINARY-LOCATION-ON-PC-HERE> /system/bin
adb shell "chown root:root /system/bin/su"
adb shell "chmod 06755 /system/bin/su"
adb shell "chcon '/system/bin/su' u:object_r:su_exec:s0"
Click to expand...
Click to collapse
True, it's all Linux based, but thought the directories might be different manufacturer to manufacturer. With the verify functions and all... Didn't want to modify a wrong directory and get bricked.
Nice, thanks for the help and ADB commands. Also just came across LADB (on-phone ADB shell), will give it a go on that.
Will update back.
Austinredstoner said:
Rooting without unlocking bootloader only works on
4.2 jellybean
4.4 KitKat
5.0 lollipop
5.1.1. lollipop
All of the other version of android will not work because in android 6 marshmallow google patched root without unlocking bootloader so this means if u are on Android 6 marshmallow it will not work also if u are on Android 6 marshmallow and higher don't brother with kingroot or all of that one click root because that will not work I would recommend magisk to root your phone
Click to expand...
Click to collapse
rossrosh007 said:
I'm on Android 11.
Ok, so I have to patch boot.img with magisk or magisk manager (I don't know the difference)? On GitHub the latest version is just magisk v22.
So to use magisk unlocking bootloader is required... I'll be keeping stock ROM. So will I be able to relock bootloader after patching and rooting?
Click to expand...
Click to collapse
Hope you can give me some insight on this. Would be good to learn.
jwoegerbauer said:
Only to clarify things:
SU is a Linux command, Android is based on Linux kernel, hence SU applet compiled for mobile's CPU architecture always works, regardless of mobile's brand / model / Android release.
As I already mentioned here, you can install SU by means of a ADB command-sequence which typically looks like this
Code:
adb disable-verity
adb reboot
adb shell "mount -t auto -o rw,remount /system"
adb push <SU-BINARY-LOCATION-ON-PC-HERE> /system/bin
adb shell "chown root:root /system/bin/su"
adb shell "chmod 06755 /system/bin/su"
adb shell "chcon '/system/bin/su' u:object_r:su_exec:s0"
Click to expand...
Click to collapse
Can I install supersu.apk (root access manager) after this?
If I need to revert things back to how they were (unroot, enable dm-verity) ... How do I do that?
rossrosh007 said:
Can I install supersu.apk (root access manager) after this?
Click to expand...
Click to collapse
SuperSU APK is just like any other Android application. It only will properly work if SU is runing as Android service, means gets started at Android's boot up
Code:
# su daemon
service su_daemon /system/bin/su --daemon
seclabel u:r:sudaemon:s0
oneshot
on property:persist.sys.root_access=1
start su_daemon
what requires Android's boot file init.rc must got patched accordingly.
frequently conversing - with thoughts to this thread's headline:
I am rooting the phone's Android products externally, unfastening its bootloader. Rooting Android only is combining a user-designated "superuser ( AKA motive )" toward Android.
Special purpose how? Somebody unlock bootloaders is to be capable of flashing system ROMS.
jwoegerbauer said:
Only to clarify things:
SU is a Linux command, Android is based on Linux kernel, hence SU applet compiled for mobile's CPU architecture always works, regardless of mobile's brand / model / Android release.
As I already mentioned here, you can install SU by means of a ADB command-sequence which typically looks like this
Code:
adb disable-verity
adb reboot
adb shell "mount -t auto -o rw,remount /system"
adb push <SU-BINARY-LOCATION-ON-PC-HERE> /system/bin
adb shell "chown root:root /system/bin/su"
adb shell "chmod 06755 /system/bin/su"
adb shell "chcon '/system/bin/su' u:object_r:su_exec:s0"
Click to expand...
Click to collapse
I've just found this thread and wanted to understand something. Does adb disable-verity work without unlocking bootloader?
Do you mean that if you install su on the system via adb on the above sequence then the system is essentially rooted no matter whether you unlock the bootloader or not?
Earlier it was mentioned that you need to run a service in order for the superuser apps to work and this requires the boot.img to be modified and this needs the bootloader to be unlocked. Will superuser apps like superuser apk work just with su on the system?
I mean can I just soft start the daemon with a terminal app without adding it as a startup service?
Again: Rooting Android is adding an user named SUPERUSER to Android OS - not to get confused with Android's default user named root - an user who has elevated rights ( comparable to Administrator in Windows OS ).
The SuperSU app what you're referring to is a manager app that runs a database where apps which request superuser right are stored.
The SuperSu service ( read: sudaemond ) is a complete other thing, it serves another purpose: it's needed to have SuperSU app working.
It's not possible to add any binary or user or rooting app without unlocking your bootloader. All partitions except /data are not writable.
More nonsense is hardly possible.
Hi!
I'm running Android 13. I've used Magisk to root the device but the command
Code:
adb root
results in
Code:
adbd cannot run as root in production builds
I already tried "adbd Insecure v2.00.apk" but it fails with the message
Code:
Could not patch adbd !
Is there a way to fix this?
you can overlay /system/bin/adbd with magisk module. create new directory in /data/adb/modules and place your files
Code:
/data/adb/modules/my_module/system/bin/adbd
/data/adb/modules/my_module/module.prop
https://topjohnwu.github.io/Magisk/guides.html#magisk-modules
or escalate to privileged shell and stream file content over stdin/stdout (linux only)
Code:
adb shell "su -c 'dd bs=1m if=/dev/block/bootdevice/by-name/boot 2> /dev/null'" > boot.img
adb shell "su -c 'dd bs=1m of=/dev/block/bootdevice/by-name/boot'" < path/to/boot.img
alecxs said:
you can overlay /system/bin/adbd with magisk module. create new directory in /data/adb/modules and place your files
Code:
/data/adb/modules/my_module/system/bin/adbd
/data/adb/modules/my_module/module.prop
https://topjohnwu.github.io/Magisk/guides.html#magisk-modules
or escalate to privileged shell and stream file content over stdin/stdout (linux only)
Code:
adb shell "su -c 'dd bs=1m if=/dev/block/bootdevice/by-name/boot 2> /dev/null'" > boot.img
adb shell "su -c 'dd bs=1m of=/dev/block/bootdevice/by-name/boot'" < path/to/boot.img
Click to expand...
Click to collapse
Thank you very much for your reply.
How would method 1 work? I find a different binary of adbd that has the root feature enabled and overlay the original with it through a Magisk module?
mattdeox said:
I already tried "adbd Insecure v2.00.apk" but it fails with the message
Click to expand...
Click to collapse
you found already, just unzip the assets/adbd.21.png from apk
alecxs said:
you found already, just unzip the assets/adbd.21.png from apk
Click to expand...
Click to collapse
I checked the file you mentioned and it has those contents:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
What should I do with them?
mattdeox said:
. I've used Magisk to root the device but the command
Code:
adb root
results in
Code:
adbd cannot run as root in production builds
Click to expand...
Click to collapse
Why do you need this?
WoKoschekk said:
Why do you need this?
Click to expand...
Click to collapse
I would like to do some automated testing on my device using Appium to check if my website works correctly.
As I understood, adb root is needed to do it properly.
just rename the file > adbd
/data/data/eu.chainfire.adbd/files/adbd.21.png: ELF executable, 32-bit LSB arm, static, stripped
mattdeox said:
I would like to do some automated testing on my device using Appium to check if my website works correctly.
As I understood, adb root is needed to do it properly.
Click to expand...
Click to collapse
Basically: ADB is a commandline tool which acts as a client-server programm. You send ADB commands (usually from a desktop PC, but also possible from a rooted mobile) as a client to the adbd (daemon) on another device. The adbd executes those commands on the other device as user:shell. If you want the adbd acts as user:root then you have to execute adb root. BUT it's not possible to grant the adbd root permissions on a stock ROM (production builds). Even if the other device is rooted with Magisk it's still a production build!
The only way to execute commands as root via ADB on another device is
Code:
adb shell
su
alecxs said:
just rename the file > adbd
/data/data/eu.chainfire.adbd/files/adbd.21.png: ELF executable, 32-bit LSB arm, static, stripped
Click to expand...
Click to collapse
I created the structure you recommended
Code:
/data/adb/modules/adbRoot/module.prop
/data/adb/modules/adbRoot/system/bin/adbd
I opened Magisk and could see the module enabled.
Then restarted adbd
Code:
setprop ctl.restart adbd
But there was still the error
adbd cannot run as root in production builds
Click to expand...
Click to collapse
Then I found out on this page https://source.android.com/docs/core/ota/modular-system/adbd
that adbd moved on Android 13, supposedly to this location:
Code:
/apex/com.android.adbd/bin/adbd
Then I also created this file for the Magisk module
Code:
/data/adb/modules/adbRoot/system/apex/com.android.adbd/bin/adbd
Again, I restarted adb
Code:
setprop ctl.restart adbd
But the result still is the same
adbd cannot run as root in production builds
Click to expand...
Click to collapse
Anything else I could do/something that is wrong?
WoKoschekk said:
Basically: ADB is a commandline tool which acts as a client-server programm. You send ADB commands (usually from a desktop PC, but also possible from a rooted mobile) as a client to the adbd (daemon) on another device. The adbd executes those commands on the other device as user:shell. If you want the adbd acts as user:root then you have to execute adb root. BUT it's not possible to grant the adbd root permissions on a stock ROM (production builds). Even if the other device is rooted with Magisk it's still a production build!
The only way to execute commands as root via ADB on another device is
Code:
adb shell
su
Click to expand...
Click to collapse
Thank you very much for your input.
Are you saying there is nothing that can be done by replacing the adbd file or the config?
Do you think the solution by alecxs to replace the binary is not working?
mattdeox said:
Thank you very much for your input.
Are you saying there is nothing that can be done by replacing the adbd file or the config?
Do you think the solution by alecxs to replace the binary is not working?
Click to expand...
Click to collapse
Still do not understand the reason. Assume the command adb root is successful. how to proceed then?
Here's what you need for adb root:
daemon/main.cpp - platform/system/adb - Git at Google
These criterias have to be met to execute adb root.
In case the adbd gets root permissions, then you keep the privileges to run:
Code:
adb disable-verity
enable-verity
sideload OTAPACKAGE
remount [-R]
unroot
(For further information see 'adb help')
All the other ADB commands don't require the adbd to be rooted.
the insecure adbd by @Chainfire according to this logcat requires some additional sepolicy rules and probably therefore does not work with magisk out of the box.
found some magisk modules, maybe one of these binaries work for android 13 if you place it system/apex
[MODULE] Insecure adbd for Pixel devices
Hi everyone, I made a simple module for my own needs and I figured I'd share it here as well. This module enables "insecure adbd" on Pixel devices, which allows you to restart adbd in root mode via "adb root" and push/pull to/from the /data...
forum.xda-developers.com
[MODULE] Debugging modules: ADB Root, SELinux Permissive, Enable Eng
These modules are not meant for everyday use. They are intended for debugging and modification of a firmware. They significantly lower security of your device while active and even could softbrick it. You've been warned. ADB Root Magisk Module...
forum.xda-developers.com
Do I understand correctly:
To use/install the patched adbd I need a device with root permissions. Otherwise it wouldn't be possible to copy the adbd to /system/bin and make it executable. Having that patched adbd in /system/bin, I'm able to use the command adb root which let's me execute ADB commands with root permissions.
Why not using
Code:
adb shell
su
? Why I need a adbd with root permissions on a rooted device?
@WoKoschekk most likely he don't need it. we don't know. but there are cases where it can be useful, for example
Code:
adb pull /dev/block/bootdevice/by-name/userdata
alecxs said:
@WoKoschekk most likely he don't need it. we don't know. but there are cases where it can be useful, for example
Code:
adb pull /dev/block/bootdevice/by-name/userdata
Click to expand...
Click to collapse
Apart from the fact that it's not possible to restore such an image (e.g. corrupted encryption) you have to copy 128GB (minus the system) or more via USB. There is a reason why TWRP saves the data as a TAR archive and splits it into 1GB chunks.
I know there are more examples for a rooted adbd. But it could all be done in a root shell, too.
TWRP is useful for backup only if encryption is supported, which is not the case for Samsung encryption. But for forensic and recovery of deleted files full partition image is required. on FBE that /dev/block/bootdevice/by-name/userdata is already decrypted during runtime. for FDE one must adb pull /dev/block/dm-0 or whatever is mounted /data of course. Restoring works fine btw. just some encryption related files (like locksettings.db) must deleted.
I have posted workaround for streaming partitions with su (refer to 2. method in post #2) but it does not work on windows (not even with dos2unix)
TWRP was only an example for how /data could be backed up. In the most cases you restore /data after a wipe or when /data gets formatted. Then you will have a conflict with the already established encryption. After /data gets formatted the system generates a new master key during the next boot. You can't decrypt an old encryption with that master key.
The partition mirrors ~/dm-0 and so on are based on AVB and the device-mapper layer.
alecxs said:
I have posted workaround for streaming partitions with su
Click to expand...
Click to collapse
Yes, I know the 'netcat' method. Of course it's better to have a desktop PC and its storage for large images like /data. Better than an external sd. But you could also use the device's shell to create tar files.
WoKoschekk said:
Then you will have a conflict with the already established encryption.
Click to expand...
Click to collapse
Nope. works fine, as the partition image does not contain any encryption at all. consider it's already decrypted in AFU state.
WoKoschekk said:
After /data gets formatted the system generates a new master key during the next boot. You can't decrypt an old encryption with that master key.
Click to expand...
Click to collapse
Yes. only for FBE, for FDE it's static key. But encryption type doesn't matter, it contains plain files - same as TWRP backup.