** Update ****************
************************
Posted a .zip with scripts for both Windows and *nix users to automate the process.
Linux:
-----
Unzip the contents of the attached ICS404root.zip anywhere on your computer and run the script aptly named "runme_root_script.sh". It should take care of the rest. Make sure you have USB Debugging enabled and you put the phone in Camera mode, not mass storage device.
Windows:
---------
Unzip ICS404root.zip wherever you want and then run "rootscript.bat". Make sure you have USB Debugging enabled and you put the phone in Camera mode, not mass storage device.
*************************
*************************
Credit to miloj for finding this technique on the Transformer. (See the thread noted below and be sure to thank him!) I modified it to work on our devices.
http://forum.xda-developers.com/showthread.php?t=1704209
I'll put together a script to automate this process shortly, but if you're antsy like me, here's the lowdown:
1. Download the following files:
su: http://db.tt/ShPzea6I
debugfs: http://db.tt/bGFh43LZ
2. Save the two files downloaded above on /sdcard. (ie: mount your sdcard in windows and copy them over, or "adb push" them to /sdcard).
**Make sure you have your phone on Mount Camera mode, not as a mass storage device; otherwise, you won't be able to access your /sdcard directory via adb. **
3. In a linux terminal/Windows command prompt:
Code:
adb shell
[email protected]_maserati:/ $ cd /sdcard
[email protected]_maserati:/ $ cp su /data/local/12m/
[email protected]_maserati:/ $ cp debugfs /data/local/12m/
[email protected]_maserati:/ $ cd /data/local/12m
[email protected]_maserati:/ $ chmod 755 debugfs
[email protected]_maserati:/ $ chmod 755 su
[email protected]_maserati:/ $ mv batch batch.bak
[email protected]_maserati:/ $ ln -s /dev/block/mmcblk1p20 batch
[email protected]_maserati:/ $ exit
adb reboot
4. While you are waiting for the phone to reboot, type the following into your terminal/command window:
Code:
adb wait-for-device shell
5. Once you're back into the android shell:
Code:
[email protected]_maserati:/ $ cd /data/local/12m
[email protected]_maserati:/ $ rm batch
[email protected]_maserati:/ $ mv batch.bak batch
[email protected]_maserati:/ $ /data/local/12m/debugfs -w /dev/block/mmcblk1p20
(The following is entered at the "debugfs:" prompt)
debugfs: # cd xbin
debugfs: # write /data/local/12m/su su
debugfs: # set_inode_field su mode 0104755
debugfs: # set_inode_field su uid 0
debugfs: # set_inode_field su gid 0
debugfs: # quit
[email protected]_maserati:/ $ cd /data/local/12m
[email protected]_maserati:/ $ rm su
[email protected]_maserati:/ $ rm debugfs
[email protected]_maserati:/ $ exit
adb reboot
Done deal. Now you've got the "su" binary pushed to your /system partition and set with the proper permissions for execution. Download the Superuser app from the market and you're good to go. Make sure you update the su binary within the Superuser app as well to make sure you're up to date.
Awesome! Were you able to upgrade to the latest leak and not lose root? Btw, what carrier are you on? I figured out how to get tethering fully functional on rogers but the process requires root...
Sent from my XT894 running ICS
You bet. I had to fastboot the leaked .208 update over top of the .206 update yesterday because I messed up my /system partition; I had used the OTA Rootkeeper to keep root permissions when upgrading from .219 but had foolishly disabled it right before I bungled everything up.
So to sum it up, this method didn't require anything to be done before updating to the .208 leak; since it has nothing to do with the technical details of the kernel itself, I'm fairly certain it should work for the .200 or .206 leaks as well. Root permissions were obtained from a completely stock system.
I'm in Canada with Bell but it doesn't matter because I imported the phone from the US; Verizon is the only carrier that has this phone. At any rate, this method is pretty universal, it is preying on a vulnerability present in the stock init.rc file and I bet it would work on other phones such as the RAZR as well.
So we can confirm this is 100% working with Fastbooting back and moving to 208? If so I will probably jump on this immediately.
I am trying to do this method but I cant adb to detect my phone. Im on the .208 leak. Can anybody help?
Have you enabled USB Debugging in the Settings->Developer Options menu?
Rick#2 said:
Have you enabled USB Debugging in the Settings->Developer Options menu?
Click to expand...
Click to collapse
Yep.
Not able to reboot, trying manually...
Code:
debugfs: /data/local/12m/su: Permission denied
debugfs: su: File not found by ext2_lookup
debugfs: su: File not found by ext2_lookup
debugfs: su: File not found by ext2_lookup
Had to reboot manually twice. This is the only error message I received. Tried Superuser, but it stops.
I'm on .200 btw.
droidian1441 said:
Yep.
Click to expand...
Click to collapse
I'm having the same issue. I'm on the 208 leak. I start command prompt in windows then type "adb shell" and I get the "device not found" message. I enabled usb debugging and my phone is connected as mass storage.
Likewise, Reboot requires su access, manual only. When I go and run the write command in debugfs permission denied. Any ideas what would cause this? Based on the code shown in the first post, SU had been already acquired(# vs $), which makes me wonder here.
Die Bruine said:
Not able to reboot, trying manually...
Code:
debugfs: /data/local/12m/su: Permission denied
debugfs: su: File not found by ext2_lookup
debugfs: su: File not found by ext2_lookup
debugfs: su: File not found by ext2_lookup
Had to reboot manually twice. This is the only error message I received. Tried Superuser, but it stops.
I'm on .200 btw.
Click to expand...
Click to collapse
Looks like you're doing something wrong with the debugfs command; you don't want to enter /data/local/12m/su at that prompt.
Running su from any partition other than /system will lead to a permissions error, so you don't want to bother trying to execute it from the /data/local/12m location.
(The following is entered at the "debugfs:" prompt, ie: after executing /data/local/12m/debugfs -w /dev/block/mmcblk1p20; see step 5.)
Code:
debugfs: # cd xbin
debugfs: # write /data/local/12m/su su
debugfs: # set_inode_field su mode 0104755
debugfs: # set_inode_field su uid 0
debugfs: # set_inode_field su gid 0
debugfs: # quit
Grizzy3 said:
I'm having the same issue. I'm on the 208 leak. I start command prompt in windows then type "adb shell" and I get the "device not found" message. I enabled usb debugging and my phone is connected as mass storage.
Click to expand...
Click to collapse
Ive got the same situation over here. I can stick without root, just the fact that I would have it again would be just the single reason to do it. Lol.
Sent from my DROID4 using Tapatalk 2
Code:
debugfs 1.42 (29-Nov-2011)
debugfs: cd xbin
cd xbin
debugfs: write /data/local/12m/su su
write /data/local/12m/su su
/data/local/12m/su: Permission denied
Rick, that's what we're putting in. From the code you posted it shows that you had root access already. Do you have any other suggestions on this? Because that's the in and out I get.
---------- Post added at 04:57 AM ---------- Previous post was at 04:53 AM ----------
Problem resolved. Need to run the following code:
Code:
chmod 755 debugfs
chmod 755 su
Then continue with rooting.
gdeeble said:
From the code you posted it shows that you had root access already.
Click to expand...
Click to collapse
Not sure where you're making this assumption from. I just wrote the "#" symbol in there to signal where to start entering commands... though I suppose you're correct in pointing out that the "#" shows up on a root prompt. A smarter choice probably would have been "$".
Trust me, I'm not an idiot. I wouldn't have gone through the hassle of writing up the guide in the first post if it didn't work.
Didn't mean it that way, just looked like it already had root, which was what confused me. But thanks again for this. :-D
Tried it again. This time no errors and the phone rebooted. But now Superuser keeps on FC .
Reinstalled superuser, updated and busybox. Now rooted! Thnx.
BTW, you might wanna update the OP. Do not batch the commands under windows. I tried several times. I think there is something wrong with the timing. Manually entering all the commands in a shell works. But putting them in a batch will enter them too fast for ADB to handle (under Windows shell) I guess.
Die Bruine said:
BTW, you might wanna update the OP. Do not batch the commands under windows. I tried several times.
Click to expand...
Click to collapse
I don't know, it seemed to work fine for me with the script I made. Anyways, glad it worked out for you.
Now that we can re-root as well as (somewhat convolutedly) fastboot ourselves back on track, we're good to go.
droidian1441 said:
Ive got the same situation over here. I can stick without root, just the fact that I would have it again would be just the single reason to do it. Lol.
Sent from my DROID4 using Tapatalk 2
Click to expand...
Click to collapse
As stated in the guide, you need to be in camera mode not mass storage.
Sent from my DROID4 using XDA
I was trying to do it manually last night before the OP posted the batch file, and it was not working because I was in MTP instead of PTP. SO make sure you use PTP.
Put your phone in camera (PTP) mode for the USB connection and it should work fine. Also, after it completes, download Superuser from the market.
I ran Titanium Backup after everything and it told me it needed to fix my su binary permissions or something like that... I let it do its thing... Either way, IT WORKED!!!!!
I put it in camera mode and made sure usb debugging is enabled. Then I ran the script for windows. Still getting the device not found error throughout. Really don't know what's going on.
Related
Sogarth's webtop2sd will be released soon, you really should wait and install that instead of this! Thanks -The Management
No longer breaks on 1.83, thanks to Romracer
Update: This script worked on my phone. Mind you I was installing it from a fresh SBF flash, but it should work on your phone too. Absolutely no guarantees as usual.
Update 11th April 2011, 06:59 PM: Won't be getting CWM package because it'd be huuuuuuuuuge.
Update 28th April 2011. 16:38 PM: Removing BETA tag since there have been no issues with the script for quite some time.
First off I would like to thank Sogarth for making this script in the first place as well as Romracer for fixing it for 1.83. Since he is busy doing more important work I decided to do this little hack for those of us that updated to 1.5.7 and dont feel like flashing back to earlier versions to get full Ubuntu working.
Again, this is only necessary if you're already running 1.5.7 or 1.8.3.
Secondly, I am still working on this script so it may not work for you. If you have a problem you may post in the thread or PM me showing exactly the error message, word for word, that you receive.
Updates will be included in the OP from time to time as I fix errors.
Instructions:
1) install.bat (from your computer)
2) adb shell (get a shell on your phone)
3) su (get root on your phone in that shell)
4) . /data/local/tmp/install.sh (run the install script *on your phone* don't forget the "." and the space after the dot, or you will have to chmod 755 the shell script manually)
5) ?????
6) profit\
Noob instructions, written by Viamonte (I take no credit or responsibility):
Thanks again for all your help. Now the noob instructions:
"1-Download "Terminal Emulator" from the market, on your phone (or any other terminal), and the file anexed in this thread to your computer.
2-Connect the Atrix to the computer via USB, configuring the connection mode to "None" and enabling USB Debugging mode (Settings>Applications>Development>USB debugging)
3-Unzip the file you downloaded on your pc, and run Install.bat. This will push the script to your phone.
4-Go back to your phone and open the emulator you downloaded. Then type "su" (without quotes) and press enter. Then type ". /data/local/tmp/install.sh" (without quotes) and press enter again.
The script should begin running now. It will stop in two moments where you'll be instructed to get a cup of coffee, and may take several minutes to continue form this point. When finished, the Atrix will reboot.
To check if this worked, use the Webtop either on your multimidia dock or your lapdock and verify if new itens appeared on your task bar and on the right upper side of the screen"
0.3.1 release
0.2 release
0.1 first release
Changelog
0.3.1 fix to gconf file's mdate so it does what its supposed to do =)
0.3 Small typo fixes and cpp package install fix by romracer, now works on 1.83 =)
0.2 Fixed some typos in uninstall.sh and make sure the %gconf file wound up in the right spot.
0.1 - first version. NOT CWM install but ready to be packaged for that more or less
Nice, I'll give this a shot later.
Ill give it a shot when I get home!
Sent from Motorola Atrix on TELUS.
My phone is working perfectly, so why not ruin it?
I'm giving this a try right now!
1.4.57 - Rooted and gingerblurred with HDMI Mirroring and Webtop hack.
I'll update as progress goes along:
Edit 1:
Initial try gave me this
Checking device state...
Obtaining temporary root access...pushing shell scripts
A filesystem file already exists. Reset it? [n] y
Mounting the filesystem...
07.sh
--------------------------------------------
EXECUTION FAILED
Unable to mount the filesystem file. ERR 07
--------------------------------------------
Press any key to continue . . .
Edit 2:
Ok, it doesnt work with resetting it. How about removing?
Checking device state...
Obtaining temporary root access...pushing shell scripts
A filesystem file already exists. Reset it? [n] n
A filesystem file already exists. Delete it? [n] y
Deleting the filesystem file...
--------------------------------------
EXECUTION FAILED
Unable to delete the filesystem file.
--------------------------------------
Press any key to continue . . .
Edit 3:
Ok, only one option left then.
Checking device state...
Obtaining temporary root access...pushing shell scripts
A filesystem file already exists. Reset it? [n] n
A filesystem file already exists. Delete it? [n] n
--------------------------------------------------------------------------
EXECUTION FAILED
The filesystem file already exists, but no operations have been selected.
--------------------------------------------------------------------------
Press any key to continue . . .
=====================================================================
Edit 4:
Since execution is failing I'm trying to find the problem. Using ADB Shell i tried to manually run the shell scripts and stumbled here:
(I tried chmod 777 @ 02.sh to see if that was the problem, no change is results)
# ls -l
...
...
-rwsr-sr-x shell shell 87 2011-04-06 12:13 03.sh
-rwxrwxrwx shell shell 82 2011-04-06 12:11 02.sh
-rwsr-sr-x shell shell 251 2011-04-06 12:04 01.sh
# pwd
pwd
/data/tmp/shell
# /data/tmp/shell/02.sh
/data/tmp/shell/02.sh
/data/tmp/shell/02.sh: not found
I had the same issue as flybob when I tried to run the script.
Sent from my MB860 using XDA Premium App
Good effort, but 1.57 changes how we have to run commands as root. On a normal linux box, I'm sure your methods would work fine, but we're not dealing with a normal su binary. You should look into doing this as CWM as opposed to .bat files. I had a hell of a time getting around the restrictions since the psneuter exploit was closed.
Ah, I did not think about that Ririal, thanks for the info. I am not familiar with CWM though.
Why is the /tmp directory in /data ? That would certainly cause every script to fail.
I'll look at this some more tonight.
Ririal said:
Good effort, but 1.57 changes how we have to run commands as root. On a normal linux box, I'm sure your methods would work fine, but we're not dealing with a normal su binary. You should look into doing this as CWM as opposed to .bat files. I had a hell of a time getting around the restrictions since the psneuter exploit was closed.
Click to expand...
Click to collapse
How about a shell script that we can run in terminal emulator ? and the output goes to screen and a log file for debug !
molotof said:
How about a shell script that we can run in terminal emulator ? and the output goes to screen and a log file for debug !
Click to expand...
Click to collapse
most of the script is now run by shell scripts, no reason you couldn't run them in the terminal emulator, just get the order right. There are also a few lines I didn't translate to shell so you'd have to enter them by hand.
In any case I'll keep working on this until Sogarth releases his version with union mounts =D
You might be interested to know this;
# cd /tmp
cd /tmp
# pwd
pwd
/data/tmp
# ls -l /tmp
lrwxrwxrwx root root 2011-04-09 14:47 tmp -> /data/tmp
I'll happily help with the script, i know tons of linux and got my Atrix ready to be bricked
flybob said:
You might be interested to know this;
# cd /tmp
cd /tmp
# pwd
pwd
/data/tmp
# ls -l /tmp
lrwxrwxrwx root root 2011-04-09 14:47 tmp -> /data/tmp
I'll happily help with the script, i know tons of linux and got my Atrix ready to be bricked
Click to expand...
Click to collapse
That's just a symlinked directory. I won't make a difference if you call either.
Yes, just replied to the previous question
Why is the /tmp directory in /data ? That would certainly cause every script to fail.
I'll look at this some more tonight.
Click to expand...
Click to collapse
However, why doesn't the scripts run as wanted...?
# cat /tmp/shell/02.sh
cat /tmp/shell/02.sh
#!/bin/sh
/system/bin/su
/bin/rm /data/ubuntu.disk > /dev/null 2>&1 && echo PASS#
# ls -l /tmp/shell/02.sh
ls -l /tmp/shell/02.sh
-rwxrwxrwx shell shell 82 2011-04-06 12:11 02.sh
# /tmp/shell/02.sh
/tmp/shell/02.sh
/tmp/shell/02.sh: not found
flybob said:
Yes, just replied to the previous question
However, why doesn't the scripts run as wanted...?
# cat /tmp/shell/02.sh
cat /tmp/shell/02.sh
#!/bin/sh
/system/bin/su
/bin/rm /data/ubuntu.disk > /dev/null 2>&1 && echo PASS#
# ls -l /tmp/shell/02.sh
ls -l /tmp/shell/02.sh
-rwxrwxrwx shell shell 82 2011-04-06 12:11 02.sh
# /tmp/shell/02.sh
/tmp/shell/02.sh
/tmp/shell/02.sh: not found
Click to expand...
Click to collapse
Ah ok my mistake, you didn't quote anything I didn't realize that's what you were responding too
Likely noexec flag causing that issue.
Also, you can't invoke su from inside a shell script. It just doesn't work with this su binary.
yeah, I guess not. I hadn't realized that it wasn't a real 'su' before making this... too bad.
If anyone figures out how to get around that we'll be in business Unfortunately that's way beyond my expertise.
Okay, after fiddling a little bit and talking to a friend I may have solved some of the problems, mainly with the scripts executing and su working.
I will have to rewrite a bunch of things but should report back tonight.
the2dcour said:
Okay, after fiddling a little bit and talking to a friend I may have solved some of the problems, mainly with the scripts executing and su working.
I will have to rewrite a bunch of things but should report back tonight.
Click to expand...
Click to collapse
su -c "command"
You'll have to allow superuser on the phone for every single command.
PM'd you my error. I tried manually editing the permissions, but that didn't work.
Running on GladAtrix2 v3
USB debugging on; USB set to none
Checking device state...
Obtaining temporary root access...pushing shell scripts
-------------------------
EXECUTION FAILED
Unable to chmod scripts.
-------------------------
Press any key to continue . . .
Changed /sdcard-ext to /sdcard in script. Got this error
Checking device state...
Obtaining temporary root access...pushing shell scripts
-------------------------
EXECUTION FAILED
Unable to chmod scripts.
-------------------------
* server not running *
Press any key to continue . . .
Running BETA_ubuntu-1.0.6.4.zip. File extracts to BETA_ubuntu-1.0.6.2 directory. Ran ubuntu-1.5.7.bat
Moved BETA_ubuntu-1.0.6.2 to C:\ Same error
The only easy workaround to that I can see at the moment is to
Code:
adb shell
su
chmod 777 /path-to-scripts/*
ls -l /path-to-scripts/*
make sure all the files are executable (should say rwxrwxrwx)
then remove the bit of code from 1.5.7.bat
Code:
set retval=
for /f "tokens=*" %%l in ('%~dps0adb.exe shell "/bin/chmod 6755 /mnt/sdcard-ext/shell/* > /dev/null 2>&1 && echo PASS"') do set retval=%%l
if "%retval%" neq "PASS" set message=Unable to chmod scripts. && goto abort
If anyone can help me fix this problem I should be able to automate the chmod process using ririal's suggestion of su -c. The problem is that there are too many nested quotation marks in this section of the batch file, and I can't for the life of me figure out how to escape quotes so they pass through to adb:
Code:
set retval=
for /f "tokens=*" %%l in ('%~dps0adb.exe shell "/system/bin/su -c [U]'/bin/chmod 6755 /mnt/sdcard-ext/shell/*'[/U] > /dev/null 2>&1 && echo PASS"') do set retval=%%l
if "%retval%" neq "PASS" set message=Unable to chmod scripts. && goto abort
The underlined bit is where I need to escape either single or double quotes.
the2dcour said:
The only easy workaround to that I can see at the moment is to
Code:
adb shell
su
chmod 777 /path-to-scripts/*
ls -l /path-to-scripts/*
make sure all the files are executable (should say rwxrwxrwx)
then remove the bit of code from 1.5.7.bat
Code:
set retval=
for /f "tokens=*" %%l in ('%~dps0adb.exe shell "/bin/chmod 6755 /mnt/sdcard-ext/shell/* > /dev/null 2>&1 && echo PASS"') do set retval=%%l
if "%retval%" neq "PASS" set message=Unable to chmod scripts. && goto abort
If anyone can help me fix this problem I should be able to automate the chmod process using ririal's suggestion of su -c. The problem is that there are too many nested quotation marks in this section of the batch file, and I can't for the life of me figure out how to escape quotes so they pass through to adb:
Code:
set retval=
for /f "tokens=*" %%l in ('%~dps0adb.exe shell "/system/bin/su -c [U]'/bin/chmod 6755 /mnt/sdcard-ext/shell/*'[/U] > /dev/null 2>&1 && echo PASS"') do set retval=%%l
if "%retval%" neq "PASS" set message=Unable to chmod scripts. && goto abort
The underlined bit is where I need to escape either single or double quotes.
Click to expand...
Click to collapse
^ escapes batch, \ escapes shell. Hope this helps. If you zip up and send me the whole process in a single .sh file I can wrap it up in CWM for you.
The ICS404root script package has a fatal bug if a broken su already exists. Here's what happened on my D4.
I had root working fine on the GB version that shipped when I got the phone
I updated my stock (but rooted) D4 to 6.13.219 using normal OTA update and like an idiot, I forgot to use a root-keeper.
Confirmed root was broken as expected
Updated to ICS with "D4 6.16.217.zip". (I did no wipes other than the cache partition).
Everything worked fine and ICS is up and running
I ran the ICS404root.zip script package and get the following:
Code:
ICS404root # sh linux_runme_root_script.sh
Pushing files from root package to device...
4393 KB/s (586212 bytes in 0.130s)
4554 KB/s (1862336 bytes in 0.399s)
15 KB/s (660 bytes in 0.042s)
473 KB/s (22364 bytes in 0.046s)
Removing local copies.
Setting permissions.
Rebooting device...
Waiting for device to boot...
Attempting to place su binary on /system...
debugfs 1.42 (29-Nov-2011)
debugfs: debugfs: write: The file 'su' already exists
debugfs: debugfs: debugfs: debugfs: Cleaning up...
Rooting completed, must reboot.
Rebooting device...
Rooted.
So I have an old broken root on my phone, and this breaks the root script. I tried reinstalling superuser, but could only "uninstall updates" rather than uninstalling. (Uninstalling updates and re-installing them did not work.) I tried installing busybox but got root denied messages.
I *really* don't want to wipe my /system to fix this. Can the script be modified to deal with pre-existing su binaries?
UPDATE: (partially solved)
I ran debugfs in interactive mode and did a
Code:
debugfs: cd xbin
debugfs: rm su
debugfs: cd ..
debugfs: cd bin
debugfs: rm su
Then I completed the root hack manually and rebooted. I then updated Superuser and ran Titanium since I saw somewhere in a thread the TB will correct permissions on the su binary if they were funky. Sure enough it changed su from 4755 to 6755. After a reboot, everything was fine!
So... Root is attainable on ICS in the presence of a broken GB root, but the script should still be updated to deal with this.
ryanmcdonald said:
UPDATE: (partially solved)
I ran debugfs in interactive mode and did a
Code:
debugfs: cd xbin
debugfs: rm su
debugfs: cd ..
debugfs: cd bin
debugfs: rm su
Then I completed the root hack manually and rebooted. I then updated Superuser and ran Titanium since I saw somewhere in a thread the TB will correct permissions on the su binary if they were funky. Sure enough it changed su from 4755 to 6755. After a reboot, everything was fine!
So... Root is attainable on ICS in the presence of a broken GB root, but the script should still be updated to deal with this.
Click to expand...
Click to collapse
looks like i have the same issue except i got there a different way. i did use rootkeeper (though didn't do temp unroot before allowing OTA update to run), so i lost root when going to ics. not a big deal though, as the ics404root util worked fine to re-root.
well, i was having some odd issues like no sound when getting an sms, among others, so decided to do factory reset (without unrooting first). su is gone from the app drawer, but apparently it's still there as i get the same "debugfs: debugfs: write: The file 'su' already exists". i had to add a pause to the end of the batch file to be able to see that message, since it quits whether it worked or not, and you never see it.
i'm not familiar with what you mentioned about running debugfs in interactive. i tried using adb shell to poke around to see if i could find su and mv it to a .bak or something, but my linux command line skills are apparently too rusty. i found su in /system, but since /system is mounted as read only, i can't do anything. i eventually figured out how to get into interactive mode (forgot i had to specify the full path to debugfs since it's not in the default search path), but it tells me fs not open. i try to open, but i don't know what to give it for things like block size, etc:
Code:
[email protected]_maserati:/ $ /data/local/12m/debugfs
/data/local/12m/debugfs
debugfs 1.42 (29-Nov-2011)
debugfs: cd xbin
cd xbin
cd: Filesystem not open
debugfs: open_filesys
open_filesys
open_filesys: Usage: open [-s superblock] [-b blocksize] [-c] [-w] <device>
when looking around in adb shell, i could only find an su in /system/xbin - if i could come up with a way to delete this via adb, i think i could just run the regular root script and be done. any ideas?
still broken. i found a command that let me remount /system as rw, then i used rm su and verified it was gone w/ ls. re-ran ics404root batch file. no errors this time, but still no root on the phone. it seems to be putting su in there, but apparently it's corrupt. the way i check for root is to simply start titanium. right away it says it couldn't get root privileges.
Code:
C:\temp\droid4\ICS404root>adb shell
[email protected]_maserati:/ $ su
su
[email protected]_maserati:/ # mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /syste
m
2 /dev/block/mtdblock3 /system <
[email protected]_maserati:/ # cd /system/xbin
cd /system/xbin
[email protected]_maserati:/system/xbin # ls s*
ls s*
script
scriptreplay
sed
sendmail
seq
setarch
setconsole
setfont
setkeycodes
setlogcons
setsid
setuidgid
sh
sha1sum
sha256sum
sha512sum
showkey
slattach
sleep
smemcap
softlimit
sort
split
start-stop-daemon
stat
strings
stty
su
su.bak
sulogin
sum
sv
svlogd
swapoff
swapon
switch_root
sync
sysctl
syslogd
[email protected]_maserati:/system/xbin # rm su
rm su
[email protected]_maserati:/system/xbin # ls s*
ls s*
script
scriptreplay
sed
sendmail
seq
setarch
setconsole
setfont
setkeycodes
setlogcons
setsid
setuidgid
sh
sha1sum
sha256sum
sha512sum
showkey
slattach
sleep
smemcap
softlimit
sort
split
start-stop-daemon
stat
strings
stty
su.bak
sulogin
sum
sv
svlogd
swapoff
swapon
switch_root
sync
sysctl
syslogd
[email protected]_maserati:/system/xbin # rm su.bak
rm su.bak
[email protected]_maserati:/system/xbin # ls s*
ls s*
script
scriptreplay
sed
sendmail
seq
setarch
setconsole
setfont
setkeycodes
setlogcons
setsid
setuidgid
sh
sha1sum
sha256sum
sha512sum
showkey
slattach
sleep
smemcap
softlimit
sort
split
start-stop-daemon
stat
strings
stty
sulogin
sum
sv
svlogd
swapoff
swapon
switch_root
sync
sysctl
syslogd
[email protected]_maserati:/system/xbin # exit
exit
[email protected]_maserati:/ $ exit
exit
i have modified the batch file. i turned echo on and rem'd out the delete statements so i could see what was going on and so i wouldn't have to unzip it every time i tried it. (why does it delete the local stuff anyway?) i also added a pause at the end.
Code:
C:\temp\droid4\ICS404root>echo Connect your phone via USB to your PC and be sure
Connect your phone via USB to your PC and be sure
C:\temp\droid4\ICS404root>echo it ISN'T set to mount as a mass storage device.
it ISN'T set to mount as a mass storage device.
C:\temp\droid4\ICS404root>echo (ENTER to continue or push Ctrl-C to exit)
(ENTER to continue or push Ctrl-C to exit)
C:\temp\droid4\ICS404root>pause
Press any key to continue . . .
C:\temp\droid4\ICS404root>echo "Pushing files from root package to device..."
"Pushing files from root package to device..."
C:\temp\droid4\ICS404root>adb push busybox /data/local/12m/
2434 KB/s (586212 bytes in 0.235s)
C:\temp\droid4\ICS404root>adb push debugfs /data/local/12m/
2774 KB/s (1862336 bytes in 0.655s)
C:\temp\droid4\ICS404root>adb push rooter /data/local/12m/
71 KB/s (660 bytes in 0.009s)
C:\temp\droid4\ICS404root>adb push su /data/local/12m/
1818 KB/s (22364 bytes in 0.012s)
C:\temp\droid4\ICS404root>echo "Removing local copies."
"Removing local copies."
C:\temp\droid4\ICS404root>rem del busybox
C:\temp\droid4\ICS404root>rem del debugfs
C:\temp\droid4\ICS404root>rem del rooter
C:\temp\droid4\ICS404root>rem del su
C:\temp\droid4\ICS404root>echo "Setting permissions."
"Setting permissions."
C:\temp\droid4\ICS404root>adb shell chmod 755 /data/local/12m/busybox
C:\temp\droid4\ICS404root>adb shell chmod 755 /data/local/12m/debugfs
C:\temp\droid4\ICS404root>adb shell chmod 755 /data/local/12m/rooter
C:\temp\droid4\ICS404root>adb shell chmod 755 /data/local/12m/su
C:\temp\droid4\ICS404root>adb shell mv /data/local/12m/batch /data/local/12m/bat
ch.bak
C:\temp\droid4\ICS404root>adb shell ln -s /dev/block/mmcblk1p20 /data/local/12m/
batch
C:\temp\droid4\ICS404root>echo "Rebooting device..."
"Rebooting device..."
C:\temp\droid4\ICS404root>adb reboot
C:\temp\droid4\ICS404root>echo "Waiting for device to boot..."
"Waiting for device to boot..."
C:\temp\droid4\ICS404root>adb wait-for-device shell /data/local/12m/rooter
Attempting to place su binary on /system...
debugfs 1.42 (29-Nov-2011)
debugfs: debugfs: Allocated inode: 4359
debugfs: debugfs: debugfs: debugfs: Cleaning up...
Rooting completed, must reboot.
C:\temp\droid4\ICS404root>adb shell rm /data/local/12m/rooter
C:\temp\droid4\ICS404root>echo "Rebooting device..."
"Rebooting device..."
C:\temp\droid4\ICS404root>adb reboot
C:\temp\droid4\ICS404root>echo "Rooted."
"Rooted."
C:\temp\droid4\ICS404root>rem del AdbWinUsbApi.dll
C:\temp\droid4\ICS404root>rem del AdbWinApi.dll
C:\temp\droid4\ICS404root>rem del adb.exe
C:\temp\droid4\ICS404root>rem del linux_runme_root_script.sh
C:\temp\droid4\ICS404root>del
The syntax of the command is incorrect.
C:\temp\droid4\ICS404root>pause
Press any key to continue . . .
C:\temp\droid4\ICS404root>
i'm kinda stuck at this point, but at least my phone isn't bricked. but considering all the issues i've had w/ ICS (the separate notification and ringtone volumes which cannot be linked being the TOP of my sh*t list, right after the crappy dialer, the lousy SMS client (seriously, gray on black? i cant read that!) and the list goes on and on...) i'd honestly rather go back to stock rooted GB. chrome was the only other reason i wanted ics and it seemed to be pretty poorly implemented to me, so i have no more interest in ICS.
i almost wonder if it's worth intentionally bricking it and bringing it back to vzw for exchange, and hopefully the new one won't have ics yet.
ok, i am rooted again! i had to use the Droid 4 Utility ICS Only to do it. the links to the LITE version are broken, so i had to download the entire 600mb package, but it worked to root my phone. now to start reinstalling stuff w/ titanium!
Firstly what i would like to say is this is not a one click root like update.zip or superoneclick you will need to have some basic knowledge of adb and ubuntu and a little bit working mind which can follow the provided steps.
Requirements:-
*cwm recovery already flashed (if not refer here)
* Working linux distro (ubuntu, mint, kubuntu etc.) with atleast sudo rights
* adb setted-up (if not refer here, may not need to follow the usb drivers steps)
* must know how to use adb
* superuser package from here
Click to expand...
Click to collapse
So we are now ready to start
STEPS:-
1. Extract all file (su, busybox) from the downloaded package to the folder where you have adb setted-up
2. open a terminal
3. cd to the directory where you have placed adb and files
4. boot your phone into cwm recovery mode (home power) connect through usb
5. type "sudo chown root:shell /path to su"
6. type "sudo chmod 06755 /path to su"
7. type " sudo chmod 04755 /path to busybox"
8. type " adb devices" if you will see anything attached you are good to go
9. type " adb remount" if you get remount succedd then you can do below steps if not you are doing something wrong do again
10. type "adb push su /system/xbin"
11. type "adb push busybox /system/xbin
12. type adb push supersu.apk ( or what it is called) /system/app
13. now type "adb shell"
14. type su if accepted then you are rooted
15. now type "reboot"
Click to expand...
Click to collapse
you are successfully rooted
enjoy your phone
awesome guide buddy very useful for n0obs
First of all great guide! But please correct these:
You have to mount the system partition manually. Adb remount won't do it!
adb shell
# mount -rw -t rfs /dev/block/stl12 /system
Do chmod/chown in adb. It isn't enough to set it before copying.
# chown root:shell /system/xbin/*
# chmod 06755 /system/xbin/su
# chmod 04755 /system/xbin/busybox
# chmod 04755 /system/xbin/sqlite3
# chmod 04755 /system/xbin/ssh
if we were able to chmod with adb there was no need to use ubuntu
we cannot chmod it shows operation not permitted as as we yet dont have root
have you tried to do adb remount or just saying that i will not do the work
and thanks for chown part
dheeraj (dhlalit11) said:
if we were able to chmod with adb there was no need to use ubuntu
we cannot chmod it shows operation not permitted as as we yet dont have root
have you tried to do adb remount or just saying that i will not do the work
Click to expand...
Click to collapse
Hi!
For me, adb remount didn't work. It exited with an error code. I don't remember the exact error code... (cwm couldn't mount too)
When I experienced "operation not permitted" while chmoding, the partition was mounted as vfat! Because if you do "mount /dev/... /system" without switches, it automatically mounts it as vfat. In vfat you can't set setuid, setgid permissions.
I think it was just a coincidence that i could rooted with ubuntu. But it worked, so better to use linux (better adb perhaps?).
Rooting is a bit strange in this new firmware. For example when you do "adb shell" while the phone is in cwm, you have root access. So you have to do those things manually while you have temporary root access.
how can you mount rfs file system as vfat i dont think it can be done
dheeraj (dhlalit11) said:
how can you mount rfs file system as vfat i dont think it can be done
Click to expand...
Click to collapse
Yes it's really strange. I don't know how this thing possible too...
But I checked multiple times with "cat /proc/mounts" , and mounting without "-t rfs" it was mounted as vfat.
a bit of googling:
"You can mount as rfs as Fat in ubuntu and read/copy the files
editing them wont work at all ."
So maybe it is possible.
Device is pre-rooted, but only lets you do stuff via terminal. I didn't find a way to install Superuser/busybox on Mac, so I decided to make a simple guide. Took me all of 3min to complete, well since I already had the sdk and everything else installed.
You'll need this Superuser.apk, su binary and busybox.apk, dL the files from here http://d-h.st/BBk, once you have the files installed and launch Superuser it will ask you to update the binary, just click yes. Place the 3 files in your sdk/platform-tools folder.
Open Terminal cd sdk/platform-tools
On your Desktop go to Go…Go to Folder and type ~/.android, open adb_usb.ini and add 0x2836 to that file, save and close.
To verify it's listed:
./adb kill-server
echo 0x2836
./adb start-server
./adb devices
Your device should be listed here. If you want wireless adb access so you're not always hooked up to the console do the following, make sure your device is still connected via usb:
./adb tcpip 5555
unplug console
./adb connect xxx.xxx.xxx.xxx (this is the ip of your console, this is listed under manage…system…console info, should be the second line)
You're set, now you can install apps wirelessly to your OUYA console. You need to make the console read/write to do this do the following
./adb shell
su
mount -o rw,remount -t ext4 /dev/block/platform/sdhci-tegra.3/by-name/APP
mount -o rw,remount -t ext4 /dev/block/platform/sdhci-tegra.3/by-name/UDA
mount -o rw,remount -t ext4 /dev/block/platform/sdhci-tegra.3/by-name/CAC
Now we will install su binary, superuser and busybox
./adb push su/system/bin/su /sdcard/su
./adb shell
su
cat /sdcard/su > /system/xbin/su
ln -s /system/xbin/su /system/bin/su
chmod 6755 /system/xbin/su
exit
exit
./adb install com.koushikdutta.superuser.apk
./adb install stericson.busybox.apk
Should be up and running, if this helped you please thank me or donate a couple bucks
You rock!
I was at this for a while before I found your post. I'm on windows, but this is the only thread I could find that had anything useful Mind if I share this around on other forums?
Just link them back, steps are almost identical for Windows. Just need to remove the ./ from the adb commands
Sent from my HTC One using Tapatalk 4 Beta
WinDroidGuy said:
Device is pre-rooted, but only lets you do stuff via terminal. I didn't find a way to install Superuser/busybox on Mac, so I decided to make a simple guide. Took me all of 3min to complete, well since I already had the sdk and everything else installed.
You'll need this Superuser.apk, su binary and busybox.apk, dL the files from here http://d-h.st/BBk, once you have the files installed and launch Superuser it will ask you to update the binary, just click yes. Place the 3 files in your sdk/platform-tools folder.
Open Terminal cd sdk/platform-tools
On your Desktop go to Go…Go to Folder and type ~/.android, open adb_usb.ini and add 0x2836 to that file, save and close.
To verify it's listed:
./adb kill-server
echo 0x2836
./adb start-server
./adb devices
Your device should be listed here. If you want wireless adb access so you're not always hooked up to the console do the following, make sure your device is still connected via usb:
./adb tcpip 5555
unplug console
./adb connect xxx.xxx.xxx.xxx (this is the ip of your console, this is listed under manage…system…console info, should be the second line)
You're set, now you can install apps wirelessly to your OUYA console. You need to make the console read/write to do this do the following
./adb shell
su
mount -o rw,remount -t ext4 /dev/block/platform/sdhci-tegra.3/by-name/APP
mount -o rw,remount -t ext4 /dev/block/platform/sdhci-tegra.3/by-name/UDA
mount -o rw,remount -t ext4 /dev/block/platform/sdhci-tegra.3/by-name/CAC
Now we will install su binary, superuser and busybox
./adb push su/system/bin/su /sdcard/su
./adb shell
su
cat /sdcard/su > /system/bin/su
cat /sdcard/su > /system/xbin/su
exit
exit
./adb install com.koushikdutta.superuser.apk
./adb install stericson.busybox.apk
Should be up and running, if this helped you please thank me or donate a couple bucks
Click to expand...
Click to collapse
It's pure luck that this works. There's several things wrong with it.
There's no reason to have two copies of su. There should only be one, and at most have the other be a symlink.
the su binary should be chmodded '6755'.
It works because piping the contents of a file to another file usually leaves the permissions intact. So, sort of works - it leaves a broken copy of su in /system/bin and a luckily working one in /system/xbin.
So, tl;dr, the guide should be:
Code:
./adb push su/system/bin/su /sdcard/su
./adb shell
su
cat /sdcard/su > /system/xbin/su
ln -s /system/xbin/su /system/bin/su
chmod 6755 /system/xbin/su
exit
exit
./adb install com.koushikdutta.superuser.apk
rayman said:
It's pure luck that this works. There's several things wrong with it.
There's no reason to have two copies of su. There should only be one, and at most have the other be a symlink.
the su binary should be chmodded '6755'.
It works because piping the contents of a file to another file usually leaves the permissions intact. So, sort of works - it leaves a broken copy of su in /system/bin and a luckily working one in /system/xbin.
So, tl;dr, the guide should be:
Code:
./adb push su/system/bin/su /sdcard/su
./adb shell
su
cat /sdcard/su > /system/xbin/su
ln -s /system/xbin/su /system/bin/su
chmod 6755 /system/xbin/su
exit
exit
./adb install com.koushikdutta.superuser.apk
Click to expand...
Click to collapse
Thanks, this was my first time doing anything like this...figured I'd try to hack together something from other guides, since I didn't see very many people with the device yet. I will change it now
WinDroidGuy said:
mount -o rw,remount -t ext4 /dev/block/platform/sdhci-tegra.3/by-name/UDA
mount -o rw,remount -t ext4 /dev/block/platform/sdhci-tegra.3/by-name/CAC
Click to expand...
Click to collapse
This is really pointless, userdata is already RW, cache should be RW, but more importantly you do nothing that would require them to be remounted
I'm not sure what I am doing wrong here. Can anyone help? All the files are there.
TadeoNYC said:
I'm not sure what I am doing wrong here. Can anyone help? All the files are there.
Click to expand...
Click to collapse
The command should be "adb push su /sdcard/su" (pushing su to the sdcard).
Setup wired and/or wireless ADB
(Optional) Put adb.exe in your Windows PATH variable so you can run it from anywhere
Download and unzip the SuperUser files from http://d-h.st/BBk
Open an ADB shell with elevated permissions
Code:
adb shell
su
Mount the system partition as read-write
Code:
mount -o rw,remount -t ext4 /dev/block/platform/sdhci-tegra.3/by-name/APP
Exit the ADB shell
Code:
exit
exit
or CTRL + C
Push su to the sdcard
Code:
adb push su /sdcard/su
Open an ADB shell with elevated permissions
Code:
adb shell
su
Cat su into /system/xbin
Code:
cat /sdcard/su > /system/xbin/su
Create a symbolic link to su in /system/xbin from /system/bin (safer/cleaner than just putting su directly in the bin folder)
Code:
ln -s /system/xbin/su /system/bin/su
Set the su permissions to -rwsr-sr-x
Code:
chmod 6755 /system/xbin/su
Exit the ADB shell
Code:
exit
exit
or CTRL + C
Install SuperUser
Code:
adb install com.koushikdutta.superuser.apk
Install BusyBox
Code:
adb install stericson.busybox.apk
Run SuperUser on the OUYA (Make > Software > SuperUser) and allow it to update
Thank you Elmero.
I'm so glad I gave up and went to bed last night. It could not have gone smoother. I followed the instructions for setting up wireless adb from here http://forum.xda-developers.com/showthread.php?t=2272266 as well.
TIP: I wasted an hour or more trying to figure out why PC was not recognizing the OUYA at all. It was the stupid Micro usb port, compunding the fact that all the ports are to close to begin with the micro usb port is very deep. Neither of my Samsung cables worked, fortunately I have a kodak pocket video cam and the cable for that is a few mm longer and worked perfectly.
And who said Kodac isn't relevant anymore?
Sent from my Nexus 7 using xda premium
The link to the Superuser.apk is not working.
pdelponte said:
The link to the Superuser.apk is not working.
Click to expand...
Click to collapse
Working fine for me...
Sent from my HTC One using Tapatalk 4 Beta
WinDroidGuy said:
Working fine for me...
Sent from my HTC One using Tapatalk 4 Beta
Click to expand...
Click to collapse
Not working for me either.
This webpage is not available
The webpage at http://fs1.d-h.st/download/00044/BBk/superuser.zip might be temporarily down or it may have moved permanently to a new web address.
Click to expand...
Click to collapse
There is an issue with the website. Just try back until it connects.
Sent from my GT-P3113 using Tapatalk 2
just to be clear. once its rooted, can i install any android apk to the console? the one that i've bought from android play market?
tanush said:
just to be clear. once its rooted, can i install any android apk to the console? the one that i've bought from android play market?
Click to expand...
Click to collapse
1) It's already rooted.
2) You can already sideload anything you want to it, same as (almost) any android device, whether it is rooted or not. (http://forum.xda-developers.com/showpost.php?p=41796467&postcount=11)
elmerohueso said:
The command should be "adb push su /sdcard/su" (pushing su to the sdcard).
Setup wired and/or wireless ADB
(Optional) Put adb.exe in your Windows PATH variable so you can run it from anywhere
Download and unzip the SuperUser files from http://d-h.st/BBk
Open an ADB shell with elevated permissions
Code:
adb shell
su
Mount the system partition as read-write
Code:
mount -o rw,remount -t ext4 /dev/block/platform/sdhci-tegra.3/by-name/APP
Exit the ADB shell
Code:
exit
exit
or CTRL + C
Push su to the sdcard
Code:
adb push su /sdcard/su
Open an ADB shell with elevated permissions
Code:
adb shell
su
Cat su into /system/xbin
Code:
cat /sdcard/su > /system/xbin/su
Create a symbolic link to su in /system/xbin from /system/bin (safer/cleaner than just putting su directly in the bin folder)
Code:
ln -s /system/xbin/su /system/bin/su
Set the su permissions to -rwsr-sr-x
Code:
chmod 6755 /system/xbin/su
Exit the ADB shell
Code:
exit
exit
or CTRL + C
Install SuperUser
Code:
adb install com.koushikdutta.superuser.apk
Install BusyBox
Code:
adb install stericson.busybox.apk
Run SuperUser on the OUYA (Make > Software > SuperUser) and allow it to update
Click to expand...
Click to collapse
So what steps need to be repeated after the OTA?
from my limited understanding I think it should be steps 4 through 12. Or does the system partition not need to be mounted as read-write again?
Sent from my GT-P3113 using Tapatalk 4 Beta
Yup 4-12
Edit
If su is still on the sdcard you can skip 6-8... wont hurt if you do them though...
Sent from my SAMSUNG-SGH-I337 using xda app-developers app
professorpoptart said:
Yup 4-12
Edit
If su is still on the sdcard you can skip 6-8... wont hurt if you do them though...
Sent from my SAMSUNG-SGH-I337 using xda app-developers app
Click to expand...
Click to collapse
Might be a good idea to do them. The OTA version of such is different from the one in this guide. I had tried keeping the stock su and superuser complained
Sent from my Nexus 7 using xda premium
Do you still have access to the ouya store after SU installed? I heard rumors that access to the store was blocked until root access removed?
Sent from my GT-N7100 using Tapatalk 2
I am in the position of having to manually apply the defult sepolicy patch, init,?*init_shell?* and?*recovery?*permissive, and as the title states when using the supolicy tool to modify my supplieded sepolicy it is not being produced and on closer inspection throwing an error. I have attached both the images and the sepolicy file I am trying to applie these change to.
Have I been doing something wrong or is the file corrupted??
If you need more info just ask
Note: when I first tried it inside an adb shell it reported a segumentation fault, but I was unable to reproduce that condition to be provided with as a screen shot.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
EDIT: I at least can say that the possibility of a corrupt file is now smaller becuse I am able to run dumpav and dump its contents to a txt file and then do afb pull back to pc. So amyone know any way to applie the defult P atchs needed to sysyemless root?
@Chainfire Since this is your binary files, you should know the most about it.
Commands to gain application root on emulator
Code:
adb shell df #Check Available Space
adb shell mount -o remount,rw /system
adb push su /system/bin/su
adb shell chmod 0755 /system/bin/su
adb push su /system/xbin/su
adb shell chmod 0755 /system/xbin/su
adb shell su --install
adb shell "su --daemon&"
adb install superuser.apk
adb install rootcheck.apk
I then proceed to patch the sepolicy file with the following commands
Code:
adb push sepolicy /data/local/tmp/sepolicy
adb shell su -c "supolicy --file /data/local/tmp/sepolicy /data/local/tmp/sepolicy_out" #There is no sepolicy_out file
adb shell su -c "chmod 0644 /data/local/tmp/sepolicy_out"
adb pull /data/local/tmp/sepolicy_out sepolicy_out
So what am I able to do?
Are you able to
A) Help me debug the problem
Or
B) Patch the sepolicy file and post the output back to me/here
Matt07211 said:
...
Click to expand...
Click to collapse
Works fine on my device... could be an x86 specific issue? Unfortunately I don't have any x86 devices to test with.
Thanks for that. Yes, I am trying to patch the policy for my armv8 (arm64) cpu device (just realised, but would trying to patch the sepolicy from one architecture using the supolicy for a different architecture have new the problem?, if so I feel dumb). And since I didn't have a spare device devce that met the requirements, I resorted to use the already setup emulator in my Windows installation.
I had proceeded to root and run the supolicy tool for which nothing out-putted (tried different directorys), I then created a new sub-directory, test, in /data/local/tmp and chmod it with read and write permissions. I tried again and failed, I then ran a dumpav in the sepolicy I was trying to patch and outputted it to /data/local/tmp/test/dumpav.txt which worked.
I am just wondering why it didn't work for me .
Thanks again for the sepolic_out file, I really do apperciate it.
Ah you're saying the segmentation fault occurred on the emulator? That's interesting. Might be reproducable on my end.
Note: look at my first image with cms in the foreground and near the bottom of the command window you should see the segfault message, around second last command or so.
To reproduce that segfault (hopefully):
1) https://software.intel.com/en-us/android/articles/android-44-kitkat-x86-emulator-system-image Download the system image from here (had to direct download instead of sdk as internet was running through profile and ask wouldn't work through it)
2) used the 2.78 SuperSu zip and run above commands to gain root
3) run above commands to try and modify sepolicy (it doesn't produce anything)
4) start an adb shell and then run the commands inside the shell. Know the outputs shown was segfault the first time running the commands, every time afterwards it would show the error in the above screenshots
If you figure out what cause the segfault can you please tell me ?
Matt07211 said:
Note: look at my first image with cms in the foreground and near the bottom of the command window you should see the segfault message, around second last command or so.
To reproduce that segfault (hopefully):
1) https://software.intel.com/en-us/android/articles/android-44-kitkat-x86-emulator-system-image Download the system image from here (had to direct download instead of sdk as internet was running through profile and ask wouldn't work through it)
2) used the 2.78 SuperSu zip and run above commands to gain root
3) run above commands to try and modify sepolicy (it doesn't produce anything)
4) start an adb shell and then run the commands inside the shell. Know the outputs shown was segfault the first time running the commands, every time afterwards it would show the error in the above screenshots
If you figure out what cause the segfault can you please tell me ?
Click to expand...
Click to collapse
Before I go do all this, can you make sure the issue persists with the v2.78 SR1 version from the BETA thread ? Some issues with supolicy were fixed in that release.
Started with a fresh emulator and the newest SuperSu and ran these commands to gain root (I am placing everything as described in update-binary in the right places just to eliminate one thing, missing dependencies)
Code:
adb shell df
adb shell mount -o remount,rw /system
adb push Superuser.apk /system/app/Superuser.apk
adb shell chmod 0644 /system/app/Superuser.apk
adb push install-recovery.sh /system/etc/install-recovery.sh
adb shell ln -s /system/etc/install-recovery.sh /system/bin/install-recovery.sh
adb shell chmod 0755 /system/etc/install-recovery.sh
adb push su /system/xbin/su
adb shell chmod 0755 /system/xbin/su
adb push su /system/bin/.ext/.su
adb shell chmod 0755 /system/bin/.ext/.su
adb push su /system/xbin/daemonsu
adb shell chmod 0755 /system/xbin/daemonsu
adb push su /system/xbin/sugote
adb shell chmod 0755 /system/xbin/sugote
adb push supolicy /system/xbin/supolicy
adb shell chmod 0755 /system/xbin/supolicy
adb push libsupol.so /system/lib/libsupol.so
adb shell chmod 0644 /system/lib/libsupol.so
adb push 99SuperSUDaemon /system/etc/init.d/99SuperSUDaemon
adb shell chmod 0755 /system/etc/init.d/99SuperSUDaemon
adb shell su --install
adb shell "su --daemon&"
adb install superuser.apk
adb install rootcheck.apk
No everything should be in place, and we now can eliminate one thing (supolicy not finding needed dependencies)
Opened up SuperSu and let it install/update binary (succesful)
I then proceeded to patch the sepolicy file like so
Code:
adb push sepolicy /data/local/tmp/sepolicy
adb shell su -c "supolicy --file /data/local/tmp/sepolicy /data/local/tmp/sepolicy_out"
I then did "ls" in the directory and no file out-putted. So I went into a shell and ran
Code:
supolicy --file /data/local/tmp/sepolicy /data/local/tmp/sepolicy_out
And it throw the error shown in the image below. First time running that command in shell it says stopped, but the second time it says stopped as well as segfault.
Keep in mind I am trying to patch a sepolicy file that originates from an armv8 cpu (arm64) on an x86 Intel emulator.
Any more info needed? I am happy to help @Chainfire
So, I think it has something to do with your emulator image (perhaps its too old ?)
I took SuperSU's ZIP file and extracted it, changed to that folder, then:
(note that my adb shell to my emulator image has # root by default)
Code:
adb push c:\download\sepolicy /data/local/tmp/sepolicy
adb push x86\. /data/local/tmp/.
adb shell
cd /data/local/tmp
chmod 0755 supolicy
LD_LIBRARY_PATH=/data/local/tmp:$LD_LIBRARY_PATH ./supolicy --file sepolicy sepolicy_out
exit
Resulting in:
Code:
supolicy v2.78 (ndk:x86) - Copyright (C) 2014-2016 - Chainfire
Patching policy [sepolicy] --> [sepolicy_out] ...
- Success
So, I'm really not sure what might be going on with your setup, but I don't think its SuperSU itself, but rather the emulator.
Note that to use supolicy --file, you only need supolicy and libsupol.so, you don't even need root.
Chainfire said:
So, I think it has something to do with your emulator image (perhaps its too old ?)
I took SuperSU's ZIP file and extracted it, changed to that folder, then:
(note that my adb shell to my emulator image has # root by default)
Resulting in:
So, I'm really not sure what might be going on with your setup, but I don't think its SuperSU itself, but rather the emulator.
Note that to use supolicy --file, you only need supolicy and libsupol.so, you don't even need root.
Click to expand...
Click to collapse
Hmm, I really don't know what is wrong, I will try exactly what you have done later today, to see If can reproduce the output. If it doesn't work then we can pin it down to the emulator itself. What emulator image did you use?
I also realise that so emulator are rooted in the sense that web shell has root acess, just wasn't sure what dependices supolicy had at the time.
Matt07211 said:
Hmm, I really don't know what is wrong, I will try exactly what you have done later today, to see If can reproduce the output. If it doesn't work then we can pin it down to the emulator itself. What emulator image did you use?
I also realise that so emulator are rooted in the sense that web shell has root acess, just wasn't sure what dependices supolicy had at the time.
Click to expand...
Click to collapse
I created an API 22 Google Nexus x86_64 AVD in Android Studio
I should be able to try that in about 20-30 mins after I download it, I was using api level 19, Intel's emulator image.
I ran these commands on the Intel api 19 x86 emulator image.
Code:
adb push libsupol.so /system/lib/libsupol.so
adb shell chmod 0644 /system/lib/libsupol.so
adb push /system/xbin/supolicy
adb shell chmod 0755 /system/xbin/supolicy
adb push supolicy /data/local/tmp/supolicy
adb shell chmod 0755 /data/local/tmp/supolicy
adb push sepolicy /data/local/tmp/sepolicy
adb shell
cd /data/local/tmp
chmod 0755 supolicy
LD_LIBRARY_PATH=/data/local/tmp:$LD_LIBRARY_PATH ./supolicy --file sepolicy sepolicy_out
and it results in the error(shown in screenshot)
Code:
libsepol.policydb_read: policydb magic number 0x464c457f does not match expected magic number 0xf97cff8c or 0xf97cff8d
-Failure!
I then tried it on the Intel x86_64 api 22 emulator image (running the same commands as the first one, resulting in a succes, with the file being outputted as the sepolicy_out.
So as you have stated @Chainfire , it looks like a problem with the emulator itself, and most likely not the supolicy tool.
Chainfire said:
So, I think it has something to do with your emulator image (perhaps its too old ?)
I took SuperSU's ZIP file and extracted it, changed to that folder, then:
(note that my adb shell to my emulator image has # root by default)
Code:
adb push c:\download\sepolicy /data/local/tmp/sepolicy
adb push x86\. /data/local/tmp/.
adb shell
cd /data/local/tmp
chmod 0755 supolicy
LD_LIBRARY_PATH=/data/local/tmp:$LD_LIBRARY_PATH ./supolicy --file sepolicy sepolicy_out
exit
Resulting in:
Code:
supolicy v2.78 (ndk:x86) - Copyright (C) 2014-2016 - Chainfire
Patching policy [sepolicy] --> [sepolicy_out] ...
- Success
So, I'm really not sure what might be going on with your setup, but I don't think its SuperSU itself, but rather the emulator.
Note that to use supolicy --file, you only need supolicy and libsupol.so, you don't even need root.
Click to expand...
Click to collapse
@Chainfire, I'm trying to patch sepolicy for a Samsung device running Nougat, so that Supersu can be installed in system mode. Could you confirm if the --sdk=24 parameter is required?
adb shell su -c "supolicy --file /data/local/tmp/sepolicy /data/local/tmp/sepolicy_out --sdk=24"
Thanks, appreciate your time.
ashyx said:
@Chainfire, I'm trying to patch sepolicy for a Samsung device running Nougat, so that Supersu can be installed in system mode. Could you confirm if the --sdk=24 parameter is required?
adb shell su -c "supolicy --file /data/local/tmp/sepolicy /data/local/tmp/sepolicy_out --sdk=24"
Thanks, appreciate your time.
Click to expand...
Click to collapse
Yes it is.
System mode hasn't been tested at all on 7.0 though. I'm not sure anybody has been able to get it to work at this point.
If you do, let me know and with the steps
Chainfire said:
Yes it is.
System mode hasn't been tested at all on 7.0 though. I'm not sure anybody has been able to get it to work at this point.
If you do, let me know and with the steps
Click to expand...
Click to collapse
Hmm wasn't aware of the lack of support for system mode in nougat, any plans to implement?
It seems system mode root renders the device unbootable according to reports from my tester.
Question, if I modify the supersu script to mount su.img from /system am I likely to hit issues?
Seems a strange query I know.
Reason is we have a Samsung device that for some reason will not boot from a source built custom Nougat kernel. Not sure if this is related to AVB yet or something else.
However we can get a half assed TWRP to boot with the stock kernel.
Only problem is, no matter what, only /system can be mounted and accessed with write permission due to permission denied issues with the rest of partitions. Pretty sure this is an SELinux issue.
Meaning systemless root cannot be installed as normal. No access to /data or /cache.
I can patch the boot.img ramdisk manually for systemless, but for root to work I would need to push su.img to system and mount it from there.
Is it possible to still mount su.img from system if I modify the ramdisk init as required?
The other avenue is to flash su.img to /data or /cache via ODIN.
If it was flashed to /cache would supersu automatically pick up its location and copy it to /data or would a flag need to be set?
Just trying to keep my options open here.
ashyx said:
Hmm wasn't aware of the lack of support for system mode in nougat, any plans to implement?
It seems system mode root renders the device unbootable according to reports from my tester.
Click to expand...
Click to collapse
It is on my list of things to test/fix, but that list is long and full of terrors.
Question, if I modify the supersu script to mount su.img from /system am I likely to hit issues?
Is it possible to still mount su.img from system if I modify the ramdisk init as required?
Click to expand...
Click to collapse
I think that could work, yes.
The other avenue is to flash su.img to /data or /cache via ODIN.
If it was flashed to /cache would supersu automatically pick up its location and copy it to /data or would a flag need to be set?
Just trying to keep my options open here.
Click to expand...
Click to collapse
SuperSU should pick it up from /cache. Alternatively, try SuperSU's FRP mode, which stores a copy of the needed files in the boot-image and re-creates /data/su.img as needed.
Chainfire said:
It is on my list of things to test/fix, but that list is long and full of terrors.
I think that could work, yes.
SuperSU should pick it up from /cache. Alternatively, try SuperSU's FRP mode, which stores a copy of the needed files in the boot-image and re-creates /data/su.img as needed.
Click to expand...
Click to collapse
Thanks, great info as always. Finally managed to root the damn thing by adding a short script to the init which copies su.img to cache.
However FRP mode sounds like a more elegant solution if I can work out how to implement it in the Ramdisk.
Much appreciate your input.
ashyx said:
So, I think it has something to do with your emulator image (perhaps its too old ?)
...
Could you confirm if the --sdk=24 parameter is required?
adb shell su -c "supolicy --file /data/local/tmp/sepolicy /data/local/tmp/sepolicy_out --sdk=24"
Thanks, appreciate your time.
Click to expand...
Click to collapse
Yea believe it was segfaulting due to the Android version, I think I was using KitKat and it wasn't working, bumped up to lollipop and above and it worked fine
Oh, the SDK parameter, never heard of it, what does it do? Geuss I'll Google that then.
ashyx said:
Thanks, great info as always. Finally managed to root the damn thing by adding a short script to the init which copies su.img to cache.
However FRP mode sounds like a more elegant solution if I can work out how to implement it in the Ramdisk.
Much appreciate your input.
Click to expand...
Click to collapse
I did the same thing for my device, add a little script to move it to data. Had no other way to get it to a locked down device without TWRP. Hehe. Good job
Can you please tell me how to manually patch init by supersu ?
I've googled a lot, but haven't found a way to manually patch init by supersu.
My model is Honor v10, there isn't a custom recovery, so i have to make a boot.img with supersu inside to get root.