Database Develop

[ROOTING] Finding a hole in Tattoos kernel to get root

This little gem of a phone is a tough little thing to custom install apps on, but that didn't stop the Coburn from being able to get busybox installed.
Therefore, introducing Busybox for your HTC Click/Tattoo!
FOLLOW THIS TUTORIAL CAREFULLY. This guide may brick or NOT brick your Tattoo (most likely the latter), however I cannot assure you that it's 100% fail proof. I have installed it successfully. IN OTHER WORDS: THIS IS NOT FOR THE FAINT HEARTED! IF YOU DO NOT KNOW WHAT 'FLASH','ADB' OR 'HACK' MEANS, PLEASE DO NOT CONTINUE.
Requirements:
1 HTC Tattoo (The Victim)
1 MS Windows Powered Computer (I used Win7 64Bit)
1 HTC Tattoo -> USB Cable (Included with phone... Well, it was in the box).
Download the package attached to this post. Extract all files to a directory like C:\BUSYCLICK . (Actually, please extract them there).
Installation
Connect your Tattoo to your phone, make sure USB Debugging is enabled (Settings -> Applications -> Development) and sit back. Windows should say "New Hardware! OMG!" and ask "What is this piece of tech?" (aka New Hardware Install Wizard). On XP, allow to search Windows Update. On Vista/7, I'm going to have to get back to you on that. The installed driver will be like "HTC Dream blah blah blah ADB Interface" or something. Odd why it says it's a HTC Dream...
Anyway, go to the folder where you extracted the files, and run the Installation.bat file. It's the one that says "Installation" With the cogs icon.
You'll get a DOS Prompt and some text, PAY ATTENTION! My installer will hold your hand and explain what's happening. Should any errors occur, you may be out of space on your Tattoo's internal memory or something. If you do get errors, please post them here! I'll try to fix them for you guys and girls.
Post-install tasks
When complete, run the TestBusybox.bat script in the same folder where you extracted the BusyBox files, and you should get some output. If not, busybox failed to install... Let me know what the error is and I'll try to fix it.
Notes:
You can use the busybox commands in /data/local/bin from "adb shell" or a terminal emulator on the phone itself... /data/local/bin/sh DOES NOT work from adb shell, I don't know why. It will work using a terminal emulator. Try "/data/local/bin/free" and such for some memory read outs, etc, etc.
Feel free to love/like/hate/kill/shoot my work, you can expect to see ROMs and the like in the near future as I love hacking devices.
Cheers,
Coburn64

What about this one?
I have no experiences in Android-Developing, I'm just a normal long-term Linux-User.
What is about that?
http://www.milw0rm.com/exploits/8678
It's an exploit for Kernel 2.6.29 - my be this could work for us or is it patched in Tattoos 2.6.29?
I wish I would find the time to dive in the Android-SDK and cross-compiling a little bit but it won't happen until April :-(
So just for your personal motivation: There are thousands of people out there watching this forum and crossing fingers! So keep up your work and don't stop trying!
Good luck!
Bastian
Moderatoredit: Link repaired - have a nice day

My fingers are crossed

+1 Can't wait till the Tattoo gets rooted.

Yeah, crossing fingers for you - nothing more cool than wifi tethering

Wooh, how fast it can be april...
But until now I'm even unable to sucsessfully compile the exploit. I set up a cross-compile-environment on my laptop, but all I get is:
[email protected]:~/Desktop> /opt/cross/bin/arm-linux-gnueabi-gcc -static -o shoryuken shoryuken.c
shoryuken.c:49:24: error: linux/user.h: No such file or directory
I don't get it, there is a user.h in the cross-compile-environment in gnueeabi's searchpath. Sorry, semes to be a job for real developers if I already got my problems before real problems begin.
And my girlfriend has innumerable methods in killing me in cruel ways if I don't pay her more attention in exactly 2 minutes. Strange. "I want to root my tattoo! Thats very important!" doesn't seem to make any differences, she arguments that I could not even have a tattoo, she sees me naked periodically and she had never seen one...
So real experts, the fields of war belongs to you!
Bastian

The first step is finding the patch that closes this bug. Then, verify if has been aplied in the source that HTC released a couple days ago (very likely, since the exploit is dated from April and our kernel was compiled in November).
If it is not patched, we would need some ARM shellcode, but that is probably easily obtainable in the usual places. Worst case, we would need a ARM dev to write it.

I did my best to help. Because as i already said I'm not a developer I will describe what I did to prevent starting someone to work on something that could never work.
I searched for the patch that closes this hole:
Code:
CVE-2009-1527 :
Race condition in the ptrace_attach function in kernel/ptrace.c in
the Linux kernel before 2.6.30-rc4 allows local users to gain
privileges via a PTRACE_ATTACH ptrace call during an exec system call
that is launching a setuid application, related to locking an
incorrect cred_exec_mutex object.
---------
and in the Changelog for Kernel 2.6.29.3
Code:
commit 2c9ca2baf3f368a2b747124d39bf31b779eb7571
Author: Oleg Nesterov
Date: Mon Apr 27 01:41:34 2009 +0200
ptrace: ptrace_attach: fix the usage of ->cred_exec_mutex
commit cad81bc2529ab8c62b6fdc83a1c0c7f4a87209eb upstream.
ptrace_attach() needs task->cred_exec_mutex, not current->cred_exec_mutex.
Signed-off-by: Oleg Nesterov
Acked-by: Roland McGrath
Acked-by: David Howells
Signed-off-by: James Morris
Signed-off-by: Greg Kroah-Hartman
So I looked for commit cad81bc2529ab8c62b6fdc83a1c0c7f4a87209eb and there is the .diff:
Code:
kernel/ptrace.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/kernel/ptrace.c
+++ b/kernel/ptrace.c
@@ -186,7 +186,7 @@ int ptrace_attach(struct task_struct *ta
/* Protect exec's credential calculations against our interference;
* SUID, SGID and LSM creds get determined differently under ptrace.
*/
- retval = mutex_lock_interruptible(&current->cred_exec_mutex);
+ retval = mutex_lock_interruptible(&task->cred_exec_mutex);
if (retval < 0)
goto out;
@@ -230,7 +230,7 @@ repeat:
bad:
write_unlock_irqrestore(&tasklist_lock, flags);
task_unlock(task);
- mutex_unlock(&current->cred_exec_mutex);
+ mutex_unlock(&task->cred_exec_mutex);
out:
return retval;
}
Then I downloaded and extracted the Tattoo-Kernel-Source from HTCs Website. The patch is small so I looked into ptrace.c by myself. And what should I say, I think HTC missed to close that hole. From HTC's ptrace.c:
Code:
retval = mutex_lock_interruptible(&current->cred_exec_mutex);
if (retval < 0)
goto out;
and:
Code:
bad:
write_unlock_irqrestore(&tasklist_lock, flags);
task_unlock(task);
mutex_unlock(&current->cred_exec_mutex);
out:
return retval;
}
If the patch would have been applied, it should be &task->cred_exec_mutex but it is still &current->cred_exec_mutex.
Am I right? Could that realy be our chance? If yes, it is on you or someone else to go one, I could only help testing things later one.
Bastian

The implementation is full of mutex ... The problem is that they function as a lock if a process is in a mutex, other processes can not enter.
If the root process closes a mutex (mutex_lock), the rest of the processes are kept waiting has to open the mutex (mutex_unlock). Just why we can not access to root processes with another process.And we can not get the root of the tattoo
thx

-bm- said:
I did my best to help. Because as i already said I'm not a developer I will describe what I did to prevent starting someone to work on something that could never work.
Click to expand...
Click to collapse
Well, I think you did a wonderfull job I also confirm your findings, I've checked ptrace.c in the HTC released source and the patch that you refer to as not been applied.
I've long forgotten allmost everything I knew about writing shellcode and x86 asm and never had any experience with arm, but I'll try to take a closer look at this during the weekend. I hope someone else will look into it too

@loen1984
That is over my technical horizon... ;-)
In my limited understanding, for the exploit we need a process that already runs with root-privileges to channel in, right?
I don't know anything about Androids architecture, is there nothing running with root-privileges in the background, no process, no daemon?
@mainframe3
I don't know anybody who's firm with arm developing, I hope you do
we would need some ARM shellcode, but that is probably easily obtainable in the usual places
Click to expand...
Click to collapse
And I think we should move this in a separate thread, it has not so much to do with Coburns BusyBox hack!

I think that all processes in the root before running, close access to the processor, so running in privileged mode as well tell you.
Should be found in the code, when running a root process,that not close the execution of other processes.
thx
PD:Sorry for my english I'm Spanish ..

leon1984 said:
I think that all processes in the root before running, close access to the processor, so running in privileged mode as well tell you.
Should be found in the code, when running a root process,that not close the execution of other processes.
Click to expand...
Click to collapse
I think that is what happens after the posted security patch is applied, but HTC didn't do that. But I will leave that field for the experts and cross fingers...
PD:Sorry for my english I'm Spanish ..
Click to expand...
Click to collapse
I'm german, mine won't be much better ;-)
Bastian

leon1984 said:
I think that all processes in the root before running, close access to the processor, so running in privileged mode as well tell you.
Should be found in the code, when running a root process,that not close the execution of other processes.
thx
PD:Sorry for my english I'm Spanish ..
Click to expand...
Click to collapse
I really can't spend any more time with this, or my boss will probably fire me
Quick look at the exploit, we need a setuid program for this to work. Guess what ?
Code:
$ ls -l /system/bin/pppd
ls -l /system/bin/pppd
-rwsr-xr-x root shell 147648 2009-10-14 10:39 pppd
Also, someone else has already ported this to arm:
http://forum.xda-developers.com/showthread.php?t=619003
I couldn't download the modified code, because of permission problems, but I contacted the author to see if he will send it to me
PS - Yes, we should move this discussion out of this thread

Then you should really get back to work
Mod is already contacted!

So here you are, dudes. Dunno why the first post remains, but it does.

Here is the arm port, I could download the file with bubisch's help. I also uploaded it here:
http://www.fileuploadx.de/673586

I could'n get my fingers completly of from this (even there is many other work to do...) that day so I set up and compiled a local Android-SDK on my Laptop and crosscompiled the exploid for the Tattoo (I hope). This should be a ready-to-run binary:
http://www.fileuploadx.de/755003
Even if I want to satisfy my curiosity there is no time for me left to do it today. I will get on it again later, but if anybody wants to give it an early try feel free. Instructions how to push it on your phone in an executable directory you will find here in the second half of the first post: http://forum.xda-developers.com/showthread.php?t=619003
In the sourcecode of the exploid there is the explanation on how to use it:
Code:
[email protected]:~$ while `/bin/true/`;do ./shoryuken;done
* [... much scroll removed, go make coffee, get a job, do something while running ...]
* /dev/sda1 on / type ext3 (rw,relatime,errors=remount-ro)
* proc on /proc type proc (rw,noexec,nosuid,nodev)
* /sys on /sys type sysfs (rw,noexec,nosuid,nodev)
* varrun on /var/run type tmpfs (rw,noexec,nosuid,nodev,mode=0755)
* varlock on /var/lock type tmpfs (rw,noexec,nosuid,nodev,mode=1777)
* udev on /dev type tmpfs (rw,mode=0755)
* devshm on /dev/shm type tmpfs (rw)
* devpts on /dev/pts type devpts (rw,gid=5,mode=620)
* securityfs on /sys/kernel/security type securityfs (rw)
* gvfs-fuse-daemon on /home/matthew/.gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev,user=matthew)
* [ WIN! 18281
* [ Overwritten 0xb8097430
* # id
* uid=0(root) gid=1000(matthew) groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),30(dip),
* 44(video),46(plugdev),107(fuse),109(lpadmin),115(admin),1000(matthew)
* #
As mainframe3 posted, pppd ist setuid. Maybe we have to do something to make pppd doing something to be running if it doesn't already.
So cross fingers again everybody - this could break the wall or make us sitting back in tears.
I hope some experts could use this, I will also give it a try later on.
Bastian

No questions about where I got the time an what about my motivation about the books I have to read.
Just some short lines about how far I get for the rest to go further.
I pushed my posted binary to the tattoo:
Code:
adb push shoryuken /data/local/shoryuken
In that location it is executable! The rest I don't understand realy. In general: I'm able to run the program in a shell:
Code:
$ id
uid=2000(shell) gid=2000(shell) groups=1003(graphics),1004(input),1007(log),1011(adb),1015(sdcard_rw),3001(net_bt_admin),3002(net_bt),3003(inet)
$ ./shoryuken
[ WIN! 3347
Wrote shellcode 9148 line 0
Wrote shellcode 914c line 4
Wrote shellcode 9150 line 8
[ Overwritten 0xb001049c
$ rootfs / rootfs ro 0 0
tmpfs /dev tmpfs rw,mode=755 0 0
devpts /dev/pts devpts rw,mode=600 0 0
proc /proc proc rw 0 0
sysfs /sys sysfs rw 0 0
tmpfs /sqlite_stmt_journals tmpfs rw,size=4096k 0 0
/dev/block/mtdblock3 /system yaffs2 ro 0 0
/dev/block/mtdblock5 /data yaffs2 rw,nosuid,nodev 0 0
/dev/block/mtdblock4 /cache yaffs2 rw,nosuid,nodev 0 0
/dev/block//vold/179:1 /sdcard vfat rw,dirsync,nosuid,nodev,noexec,uid=1000,gid=1015,fmask=0000,dmask=0000,allow_utime=0022,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8 0 0
$id
uid=2000(shell) gid=2000(shell) groups=1003(graphics),1004(input),1007(log),1011(adb),1015(sdcard_rw),3001(net_bt_admin),3002(net_bt),3003(inet)
$
When I start shoryuken it returns what you see above without any delay. I'm not sure but shouldn't he say "WIN" when the exploit was successful? As you can see my priviliges didn't change. In his sourcecode shoryuken is run with "while `/bin/true/`;do ./shoryuken;done" That generates an endless loop, doesn't it? Or am I getting something wrong? I wonder how it might terminate somehow...
/bin/true doesn't exist on tattoo, so I generated an endless loop with "while i=1; do ./shoryuken; done"
As expected much text scrolls by on the screen, after a minute the output freezes. I hit ^C and got my prompt back, but when I ran "id" it shows that nothing changed.
So do I understand shoryukens function totaly wrong? What's going wrong and does that mean shoryuken is not working as it should because it says "WIN" every time I run it?
I already said it 5 times, but now I realy can't do anything more with my simple homeuser knowledge and will leave the field for the developers.
Good night!
Bastian

I've been searching... and pppd is on /system/bin/pppd
But now... I've no idea... what I can test? I have to run pppd in order to get xploited?

Boot-Time Auto-SuperLog! [12 Apr 2013]

Boot-Time Auto-Superlog! [12 Apr 2013]
USERS --- TESTERS --- DEVS​Plumb the depths of Middle Droid with Auto-Superlog!​
So…
Your device doesn't finish booting
It reboots on its own (and you may not know it)
An application or feature crashes (and you may not know it)
Generally speaking, any manually-launched app or tool could miss key events leading to random reboot or application crash.
Problem addressed with Auto-Superlog!​
cm10-auto-superlog-v1.0.zip (3MB): http://www.mediafire.com/?cf5f9rq4z7p6gep
This flashable zip is tested working on my Atrix running CWM Recovery 5.0.2.0 and CM10 SuperLite. It should also work on epinter’s CM10 4.1.x builds and on close relatives. Not sure about 4.2.x yet.
In this exciting age of alpha-beta ROM testing, my lightweight Auto-Superlog, presently built on epinter’s versatile CM10 boot image (for demo purposes), can help just about anyone, whether end-user, tester or developer!
In fact it is already helping me track down abnormal battery drain and shutdown problems!
Alternatively instead of flashing the boot-time version, you can extract “auto-superlog.sh” from the flashable zip and manually execute it at run time.
Features
Automatically launches at boot-time under “class_start core” --- just after ROM filesystems are mounted, thus maximizing the likelihood of capturing key events, even if phone does not finish booting
Comprehensive log set includes: system build properties (getprop), kernel configuration file (from /proc/config.gz), kernel dmesg and system logcat --- all in sync, all in ASCII text format, and all stored in a single gzipped, time-stamped tar file on $EXTERNAL_STORAGE/auto-superlog for easy access and analysis.
Android events are quietly, nimbly and continuously streamed via kernel “dmesg” and system “logcat” commands. The dmesg log is pushed at 2-second intervals (default) with a 1MB ring buffer which is cleared on each pass. Logcat is configured to log “main” and “system” events with a generous 10MB buffer to help in discerning error trends.
Access real-time dmesg and logcat output right on your device by tapping the /data/auto-superlog directory using a (root) file explorer.
Log file contents are time stamped using absolute time ([YYYY-]MM-DD HH:MM:SS), enabling users to correlate Android events with the outside world
Filename timestamps show when your system was rebooted
Self-cleaning feature: On reboot, your most recent superlog is gzipped and archived to $EXTERNAL_STORAGE and then is removed from /data/auto-superlog so only your most recent superlog remains on the /data partition.
Shell script: auto-superlog.sh is stored under /system/bin, enabling users to extract and execute it at run-time and/or customize.
How to kill dmesg and logcat? Use the ps and grep commands: http://stackoverflow.com/questions/3117095/stopping-an-android-app-from-console (It’s a sheepish way of saying “mechanization of this feature is still in work” lol)
Instructions
Nandroid Backup current ROM (security blanket)
Flash zip if running epinter CM10 4.1.x or close relative (e.g. SuperLite)
Reboot and relax.
…OR, if you don’t want to flash the zip, but still want the run-time features of auto-superlog, simply extract /system/bin/auto-superlog.sh from zip and do this…
copy auto-superlog.sh to /system/bin (Tip: mount /system/bin as read-write (rw), then revert to ro when done)
chmod 0755 /system/bin/auto-superlog.sh
sh /system/bin/auto-superlog.sh (using Script Manager or other tool, as root)
Click to expand...
Click to collapse
After launching the script, just tap the Home button to resume other activity as the loggers are now running in background. Then you will have real-time streaming dmesg and logcat (as well as getprop and kernel config) at your fingertips --- literally.
The advantage of flashing the zip (if it’s compatible with your ROM) is that you are more likely to capture key events leading to a failed boot, random reboot or application crash.
Screenshots
​
Boot Image Source Code
This is the only change I made to CM10 boot.img...
Code:
ramdisk/init.olympus.rc ...
# sendust7 (12 Apr 2013)
service auto-superlog /system/bin/sh /system/bin/auto-superlog.sh
class core
# class main
# class late_start
user root
group system
# disabled
oneshot
# sendust7 (12 Apr 2013)
Documentation
dmesg: http://unixhelp.ed.ac.uk/CGI/man-cgi?dmesg+8
logcat: http://developer.android.com/tools/debugging/debugging-log.html#outputFormat
Android Encryption: http://source.android.com/tech/encryption/android_crypto_implementation.html
from Android Encryption…"This magic was accomplished by requiring all services to be in 1 of 3 groups: core, main and late_start. Core services are never shut down after starting. main services are shutdown and then restarted after the disk password is entered. late_start services are not started until after /data has been decrypted and mounted.”
Click to expand...
Click to collapse
Thoughts and Ideas: This has been a fun project so far. Time permitting, I may be able to service bug fixes and add more goodies like event filtering.
Disclaimer: Standard disclaimers apply.
Credits:Emerson Pinter (CM10 for Atrix 4g), Cyanogenmod Team

Very nice!
The OS considers the internal SD as EXTERNAL_STORAGE in assigning the env variable which is perhaps the reason you should too:
Booted without external sd mounted:
Code:
[email protected]:/ $ echo $EXTERNAL_STORAGE
/storage/sdcard0
Booted with external sd mounted:
Code:
[email protected]:/ $ echo $EXTERNAL_STORAGE
/storage/sdcard0
Possibly just tweak this part of your script:
Before
Code:
/system/bin/mount -t vfat /dev/block/mmcblk1p1 $EXTERNAL_STORAGE
After
Code:
/system/bin/mount -t vfat /dev/block/mmcblk0p18 $EXTERNAL_STORAGE
This then sends the archive to a location that will always exist (sdcard0).
I mention as I don't always have external SD mounted.
Sent from my MB860 using Tapatalk 2

Thanks sendust7
Good job !

[UNIVERSAL][LOGCAT]How to get & read a logcat/ Troubleshoot your own issues!

DUE TO REAL LIFE TIME CONSTRAINTS I AM UNABLE TO CONTINUE READING AND DIAGNOSING LOGS FOR MEMBERS. PLEASE USE THIS THREAD AS INTENDED, AS A STARTING POINT IN LEARNING TO READ THESE LOGS AND DIAGNOSE PROBLEMS YOURSELF. THANK YOU!
The Basics​
I'm starting this thread in hopes of sharing some very useful information to all our new members and hopefully either teaching something new or being a good refresher for our experienced members. I've been asked before how to tell what errors are present in logcats, how I can understand all that mess, etc...
Well, I'm going to try my best to explain all of it. In this way, you can get your own logs and try to fix the problems, or know exactly what is causing your problems to help out the developers so they aren't looking through thousands of lines of code for each persons issue.
Help us help you!​
ATTENTION:
Due to the recent feature in the portal, my thread has become increasingly popular, and as such I am getting a lot of requests for help. You may post your logs here, but please do so in either pastebin format, or use hide tags. Please DO NOT request help via pm. This is for a couple of reasons:
I can't keep up with all the requests.
Your logs may be solved by another member, I have requested that any willing RC's, RD's, Moderators, or members willing to help, to do so.
If you post your logs here, any member may look at it and help you solve them.
Thank you.
To begin with, we'll need to have some understanding of adb. Check out this thread by @bigtoysrock and be sure to thank him!
Logcats​
First, we'll need to know how to get a logcat. With the plethora of new users this has been the subject of many, many discussions. When asked to get a logcat, they don't know how.
Tools and Requirements​
First of all, you'll absolutely NEED to have usb debugging enabled. To do this go to SETTINGS, navigate down to DEVELOPER OPTIONS and select it, if they are not on use the toggle in the top right corner and select USB DEBUGGING ( See attached screen shots )
Secondly, you'll absolutely NEED to have the ANDROID SDK grab it here
Install the SDK on the root of your computer. DO NOT change the SDK name to include any spaces as it will fail!
Also be sure to grab your device specific drivers, if they aren't already installed. Some devices will install them automatically, while others require a simple google search.
Now that you've got everything you need, lets grab a logcat!
Update: 15 Second ADB installer for windows is an excellent alternative for the above instructions, and while you're there be sure to thank @Snoop05
How to get a Logcat
Windows​Navigate to where you've installed the sdk. Once you've gotten into the sdk, you're going to look for "PLATFORM TOOLS" folder, inside hold shift + right click on any empty space, select "OPEN COMMAND WINDOW HERE"
Connect your phone to your PC via usb cable, in the command window type "adb devices" without the quotes. If you've set everything up properly it should return an alpha-numeric value, this is your device ID. If not, you've missed a step or installed sdk in the wrong manner. Go back and double check your steps.
Now that we know you're connected there are a few options, you can run the logcat in command window, or you can export it to a .txt file.
To see the log in command window just type "adb logcat" (again no quotes) and the log will scroll through your screen. To stop scrolling so you can investigate hit ctrl + c
To export to a .txt file (I personally prefer this method) type "adb logcat > logcat.txt". You can name the logcat anything you want, for example "adb logcat > MyError.txt" just be sure not to include spaces or special characters in the name of the file.
MAC/Linux​
"Instructions:
Install your device driver for using adb. Everything you need will you find here
Download adb executable for your OS (Download: Windows | Linux | Mac). Paste it somewhere.
Connect your android device.
Verify if "Settings > Developer options > USB debugging" is checked, if not, simply check it.
Open a command promt (windows) or terminal (linux / mac). How to do it: On Windows: windows + r > enter "cmd" (without quotes) > click enter | On Linux: You don't know how to open a terminal? LOL | On Mac: Type Terminal into Spotlight and open it
CD to the directory where the adb executable is located. On Windows: Go to the directory where you downloaded the adb executable, Shift+Right Click and select "Open Console" (or similar) | On Linux / Mac: Rightclick in the directory and select "Open Terminal here" (or simply CD into the directory)
Type in your cmd/terminal: adb devices to verify your device is properly connected.
If your device is properly selected, type in adb logcat to show the mighty and magic logcat aka stacktrace.
Reproduce your error (or whatever) on your device.
Right after, paste the whole cmd / terminal window into a paste-service like http://pastebin.com/ and send it to us." - Quoted from Leandros here

Reading and understanding logcat output
Reading a Logcat​
Ok, so now we have our log but what do we do with it?
There are a few things that you need to know before you'll understand what is what.
Preceding every line in a logcat is a class, you can learn about them here.
These will look like this and I have placed the meaning next to each:
Code:
E/ Error - I would hope this is self explanatory
F/ Fatal Error - Again pretty self explanatory
I/ Information - This is pretty tricky, the information class shows what the system is doing, but it can also show you errors so read it carefully!
D/ Dalvikvm - This class will show what the dalvik processes are doing, but can also show you where mistakes are
W/ Warning - Warnings are basically errors, but less severe. Usually it will show you missing resources, conflicting or missing paths, etc...
V/ Verbose - Basically everything the phone is doing
S/ Silent - You will not see silent
Ok so lets see some examples. Some of these will be more in-depth than others simply because there is more to it.
Code:
[COLOR="Red"]D/dalvikvm( 1853): DexOpt: --- BEGIN 'core.jar' (bootstrap=1) ---[/COLOR]
Here we see that the dalvik process has begun to optimize our system files.
[COLOR="red"]D/dalvikvm( 2162): DexOpt: 'Lcom/sec/android/seccamera/SecCamera$OnMultiFrameShotEventListener;' has an earlier definition; blocking out[/COLOR]
Here you can see that the Dalvik process has already defined the called method, and is skipping the optimization
[COLOR="red"]I/PackageManager( 2130): /system/app/sCloudSyncBrowser.apk changed; collecting certs[/COLOR]
The information class is showing that there has been a change made to this apk, and is verifying the signature.
[COLOR="red"]W/ResourceType( 2130): Failure getting entry for 0x7f050020 (t=4 e=32) in package 0 (error -75)
D/PhoneStatusBar( 2792): Added status bar view
D/PhoneStatusBar( 2792): disable: < expand icons alerts ticker system_info back home recent clock >
W/PackageManager( 2130): Failure retrieving xml 0x7f050020 in package com.maxmpz.audioplayer
W/PackageManager( 2130): android.content.res.Resources$NotFoundException: Resource ID #0x7f050020
W/PackageManager( 2130): at android.content.res.Resources.getValue(Resources.java:1339)
W/PackageManager( 2130): at android.content.res.Resources.loadXmlResourceParser(Resources.java:2445)
W/PackageManager( 2130): at android.content.res.Resources.getXml(Resources.java:1227)
W/PackageManager( 2130): at android.app.ApplicationPackageManager.getXml(ApplicationPackageManager.java:1080)
W/PackageManager( 2130): at android.content.pm.PackageItemInfo.loadXmlMetaData(PackageItemInfo.java:227)
W/PackageManager( 2130): at com.android.server.AppWidgetServiceImpl.parseProviderInfoXml(AppWidgetServiceImpl.java:1264)
W/PackageManager( 2130): at com.android.server.AppWidgetServiceImpl.addProviderLocked(AppWidgetServiceImpl.java:1162)
W/PackageManager( 2130): at com.android.server.AppWidgetServiceImpl.loadAppWidgetList(AppWidgetServiceImpl.java:1148)
W/PackageManager( 2130): at com.android.server.AppWidgetServiceImpl.ensureStateLoadedLocked(AppWidgetServiceImpl.java:391)
W/PackageManager( 2130): at com.android.server.AppWidgetServiceImpl.systemReady(AppWidgetServiceImpl.java:211)
W/PackageManager( 2130): at com.android.server.AppWidgetService.systemReady(AppWidgetService.java:156)
W/PackageManager( 2130): at com.android.server.ServerThread$1.run(SystemServer.java:1882)
W/PackageManager( 2130): at com.android.server.am.ActivityManagerService.systemReady(ActivityManagerService.java:8250)
W/PackageManager( 2130): at com.android.server.am.ActivityManagerService$9$1.run(ActivityManagerService.java:8152)
W/PackageManager( 2130): at android.os.Handler.handleCallback(Handler.java:615)
W/PackageManager( 2130): at android.os.Handler.dispatchMessage(Handler.java:92)
W/PackageManager( 2130): at android.os.Looper.loop(Looper.java:137)
W/PackageManager( 2130): at com.android.server.am.ActivityManagerService$AThread.run(ActivityManagerService.java:1563)
W/ResourceType( 2130): Failure getting entry for 0x7f050021 (t=4 e=33) in package 0 (error -75)
W/PackageManager( 2130): Failure retrieving xml 0x7f050021 in package com.maxmpz.audioplayer
W/PackageManager( 2130): android.content.res.Resources$NotFoundException: Resource ID #0x7f050021
W/PackageManager( 2130): at android.content.res.Resources.getValue(Resources.java:1339)
W/PackageManager( 2130): at android.content.res.Resources.loadXmlResourceParser(Resources.java:2445)
W/PackageManager( 2130): at android.content.res.Resources.getXml(Resources.java:1227)
W/PackageManager( 2130): at android.app.ApplicationPackageManager.getXml(ApplicationPackageManager.java:1080)
W/PackageManager( 2130): at android.content.pm.PackageItemInfo.loadXmlMetaData(PackageItemInfo.java:227)
W/PackageManager( 2130): at com.android.server.AppWidgetServiceImpl.parseProviderInfoXml(AppWidgetServiceImpl.java:1264)
W/PackageManager( 2130): at com.android.server.AppWidgetServiceImpl.addProviderLocked(AppWidgetServiceImpl.java:1162)
W/PackageManager( 2130): at com.android.server.AppWidgetServiceImpl.loadAppWidgetList(AppWidgetServiceImpl.java:1148)
W/PackageManager( 2130): at com.android.server.AppWidgetServiceImpl.ensureStateLoadedLocked(AppWidgetServiceImpl.java:391)
W/PackageManager( 2130): at com.android.server.AppWidgetServiceImpl.systemReady(AppWidgetServiceImpl.java:211)
W/PackageManager( 2130): at com.android.server.AppWidgetService.systemReady(AppWidgetService.java:156)
W/PackageManager( 2130): at com.android.server.ServerThread$1.run(SystemServer.java:1882)
W/PackageManager( 2130): at com.android.server.am.ActivityManagerService.systemReady(ActivityManagerService.java:8250)
W/PackageManager( 2130): at com.android.server.am.ActivityManagerService$9$1.run(ActivityManagerService.java:8152)
W/PackageManager( 2130): at android.os.Handler.handleCallback(Handler.java:615)
W/PackageManager( 2130): at android.os.Handler.dispatchMessage(Handler.java:92)
W/PackageManager( 2130): at android.os.Looper.loop(Looper.java:137)
W/PackageManager( 2130): at com.android.server.am.ActivityManagerService$AThread.run(ActivityManagerService.java:1563)[/COLOR]
Here is a great example of the warning class showing missing resources.
[COLOR="red"]I/dalvikvm( 1853): Could not find method android.app.IActivityManager.resizeArrangedWindow, referenced from method android.app.ActivityManager.resizeArrangedWindow
W/dalvikvm( 1853): VFY: unable to resolve interface method 3769: Landroid/app/IActivityManager;.resizeArrangedWindow (IILandroid/graphics/Rect;)Landroid/graphics/Rect;
D/dalvikvm( 1853): VFY: replacing opcode 0x72 at 0x0004[/COLOR]
A prime example of Information class showing an "error", these will usually be listed in information class if they don't have a great impact of the functionality of the device.
[COLOR="red"]F/PackageManager( 2014): Unable to backup package manager settings, current changes will be lost at reboot
E/DropBoxManagerService(2014): Can't write: system_server_wtf
E/DropBoxManagerService(2014): java.io.FileNotFoundException: /data/system/dropbox/drop21.tmp: open failed: EROFS (Read-only file system)
E/DropBoxManagerService(2014): at libcore.io.IoBridge.open(IoBridge.java:416)
E/DropBoxManagerService(2014): at java.io.FileOutputStream.(FileOutputStream.java:88)
E/DropBoxManagerService(2014): at java.io.FileOutputStream.(FileOutputStream.java:73)
E/DropBoxManagerService(2014): at com.android.server.DropBoxManagerService.add(DropBoxManagerService.java:208)
E/DropBoxManagerService(2014): at android.os.DropBoxManager.addText(DropBoxManager.java:272)
E/DropBoxManagerService(2014): at com.android.server.am.ActivityManagerService$13.run(ActivityManagerService.java:8281)
E/DropBoxManagerService(2014): at com.android.server.am.ActivityManagerService.addErrorToDropBox(ActivityManagerService.java:8288)
E/DropBoxManagerService(2014): at com.android.server.am.ActivityManagerService.handleApplicationWtf(ActivityManagerService.java:8099)
E/DropBoxManagerService(2014): at com.android.internal.os.RuntimeInit.wtf(RuntimeInit.java:329)
E/DropBoxManagerService(2014): at android.util.Log$1.onTerribleFailure(Log.java:103)
E/DropBoxManagerService(2014): at android.util.Log.wtf(Log.java:278)
E/DropBoxManagerService(2014): at android.util.Log.wtf(Log.java:255)
E/DropBoxManagerService(2014): at com.android.server.pm.Settings.writeLPr(Settings.java:1115)
E/DropBoxManagerService(2014): at com.android.server.pm.PackageManagerService.unloadMediaPackages(PackageManagerService.java:9314)
E/DropBoxManagerService(2014): at com.android.server.pm.PackageManagerService.updateExternalMediaStatusInner(PackageManagerService.java:9128)
E/DropBoxManagerService(2014): at com.android.server.pm.PackageManagerService.access$3800(PackageManagerService.java:165)
E/DropBoxManagerService(2014): at com.android.server.pm.PackageManagerService$10.run(PackageManagerService.java:9017)
E/DropBoxManagerService(2014): at android.os.Handler.handleCallback(Handler.java:615)
E/DropBoxManagerService(2014): at android.os.Handler.dispatchMessage(Handler.java:92)
E/DropBoxManagerService(2014): at android.os.Looper.loop(Looper.java:137)
E/DropBoxManagerService(2014): at android.os.HandlerThread.run(HandlerThread.java:60)
E/DropBoxManagerService(2014): Caused by: libcore.io.ErrnoException: open failed: EROFS (Read-only file system)
E/DropBoxManagerService(2014): at libcore.io.Posix.open(Native Method)
E/DropBoxManagerService(2014): at libcore.io.BlockGuardOs.open(BlockGuardOs.java:110)
E/DropBoxManagerService(2014): at libcore.io.IoBridge.open(IoBridge.java:400)
E/DropBoxManagerService(2014): ... 20 more[/COLOR]
Here we have the Fatal and Error classes.
Ok, so now we have seen some examples, lets learn to decipher them:highfive:
The beautiful thing about these logs is that they tell you exactly what and where everything is, as long as you know what you're looking at.
I'm only going to use the one line to show you how to read a log, as the format is exactly the same for any class.
Code:
E/DropBoxManagerService(2014): at com.android.server.am.ActivityManagerService.addErrorToDropBox(ActivityManagerService.java:8288)
So here we have the printed error from logcat, the format used is as follows
Class/Process/Location
[b]Important! The log WILL NOT tell you what apk or jar the error occurs in, this is the hardest part of debugging![/b]
In the above error we see
Class = E/
Process = DropBoxManagerService
Location = com.android.server.am.ActivityManagerService.addErrorToDropBox(ActivityManagerService.java:8288) (Folder directory.File Name. Method)
I know from all my digging that the specified path is in services.jar so once I have services.jar decompiled I'll follow the path laid out. (Decompile "apkname".odex for odexed roms and classes.dex for deodexed roms)
These paths will always be located in the smali folder! For example I open my classes.dex folder after decompiling and see a smali folder, I'll open that and then I have options. The . after every word is a folder directory ( same as / in your computer directory )
The specified path says com. so I'll open the com folder, next I'm directed to android, then server, then am folder.
Now I should see a bunch of files and possibly some folders, [b]if there is no folder name that matches the next directory it is a file![/b]
ActivityManagerService is a filename, so I'll open that file using NotePad++ and search for the specified method which is addErrorToDropBox.
From here I can use another file to compare the lines to find my error, or I can know exactly where the error occured and report my problem to a helpful dev or member.
I hope that this has been a good learning experience and will help you to understand any issues you are facing.
:victory:

Bootloops and Filtering your logs
Getting a Logcat during the dreaded Bootloop​
The only difference between grabbing a logcat while running and grabbing one during a bootloop is the program you're going to use. Instead of the standard adb bridge, we'll be using the adb monitor tool. You can find this tool under the "TOOLS" folder. Open the "Tools" folder, right click on any empty space and select "Open Command Window Here"
Once the window is open, type "monitor" (without the quotes) and press enter. A whole new program will open listing the device ID and subfolders (your devices partitions)
IMPORTANT! The device ID may not show up right away, THIS IS OK! I found that it took about three bootloop cycles to actually connect.
Once you see the device ID, within a few seconds you should see the "system" partition listed underneath. Select it.
Down in the bottom left corner select the "Logcat" tab. From here, you can grab the logcat in a txt format or just watch it scroll.
I have taken screenshots of the process, and are available here
There's a great guide here that goes a little more in depth and has updated information about the requirements for a log during bootloops.
How to Filter your Logcat​
Lets say you want to find only the logs for a specific app or process, searching through thousands of lines can be a pain. Luckily, adb allows you to filter your logs based on application tags!
Here's how:
Code:
adb logcat ActivityManager:I MyApp:D *:S
This filter basically says "Show me only logs for ActivityManager at an Information or above level, and all logs for 'MyApp' with a priority level of Debug and higher" The *:S is important here, this makes all other tags Silent so that it ensures only the filtered tags are shown in your log.How's that for handy?
Demesg (kernel) Logs​
For a demesg log you'll want to follow the same instructions as above to get into adb terminal.
Once there, type adb devices to verify you're connected. Now you can pull a log by simply typing "adb shell dmesg > dmesg.txt" (without the quotatons" This will place the logs in the same folder that you launched terminal from (platform-tools)
Also, for more detailed information and a few other useful commands check out this site

Apps and Reference
Apps for grabbing Logcats
Mobile Apps
alogcat
This app is great for seeing your logs, especially on older Android versions. The biggest issue I have with this app is that the share function doesn't work properly on jellybean. Yet...
You can grab it here
CatLog
I personally have no experience with this app, but it's highly rated in Play Store and has an easy to use User Interface.
Grab it here
getlogs
This is my favorite of these apps, I can use it to grab almost any log I want. Highly recommended for any developer, themer, or enthusiast!
Simple, clean, effective. The way getting your logs should be
Grab it here
Logcat Reader
Grab it here
Logcat Extreme
This one looks pretty cool, it has a "floating logcat" feature. Grab it here
PC Applications
A pretty neat logcat tool is AIOlog found here, contains versions for Windows, Linux and MacOS's by 32 and 64 bit systems.
Here's a neat tool for you windows users, an AIO Logcat manager. Grab it, and view the orignal thread here
Another for you windows users, Easy Logcat Maker is an executable GUI that looks pretty neat.
Another cool logging tool is here created by the genius behind VTS!
A new Windows tool by @FuzzyMeep Two, the aptly named Logcat Tool will parse your logcat to show you how many of each entry your logs contain, and then it organizes your logs into separate files based on the type of entry (Warning, Error, Verbose, etc...), and more! This could easily become my favorite desktop method of grabbing logs.
Misc. Apps and Tools​
For those of you using linux there is a neat tool that color codes your logcat output to make it easier to read. You can find it here
Not a logcat app, per se, but a pretty entertaining and live logcat boot animation courtesy of @Chainfire can be found here. Download it and see your device boot in real time!
There are a lot more apps available than what I've covered here. These are simply the most widely known (possibly with the exception of getlogs) and widely used/recommended. If you find or make any more of these apps, please feel free to post the link here and share with the community!
PLEASE NOTE THAT IT IS AGAINST XDA RULES TO LINK TO PAID APPS, SO DO NOT LINK TO PAID SERVICES OR THE POST WILL BE REPORTED AND LIKELY REMOVED
Reference Links:
Googles Logcat Help Pages
How to get useful logs by tonyp
Guide to logcats provided by Deadly
Color Coding Your Logcat World
Please be sure to thank the developers of these fantastic tools for their time and efforts!​

I almost did a no-no, I almost quoted the OP
Nice Job....adding it in my OP....Thanks

Shadow_God said:
I almost did a no-no, I almost quoted the OP
Nice Job....adding it in my OP....Thanks
Click to expand...
Click to collapse
LOL, Thanks bro

Oh man, I just noticed tapatalk doesn't hide the content:screwy:
I sincerely apologize to anyone on the app
Slithering from the nether regions of a twisted mind and tarnished soul

For some reason every time I try to run a logcat I get this
Sent from my SPH-L710 using xda premium

brikzpapi said:
For some reason every time I try to run a logcat I get this
Sent from my SPH-L710 using xda premium
Click to expand...
Click to collapse
Huh. And I thought that was just me

Great info. Well done, and thank you very much for sharing :thumbup:

@ stryke_the_orc. Great job.. will add this to useful thread links in my guide..
Btw.. you have code tags inside hide.. so it doesn't appear hidden in app.. try putting code outside of hide or something.. usually indent or code tags inside hide makes hide not to work on app..
______________________________________
Anyone who doesn't think there are two sides to an argument is probably in one.

Deadly said:
@ stryke_the_orc. Great job.. will add this to useful thread links in my guide..
Btw.. you have code tags inside hide.. so it doesn't appear hidden in app.. try putting code outside of hide or something.. usually indent or code tags inside hide makes hide not to work on app..
______________________________________
Anyone who doesn't think there are two sides to an argument is probably in one.
Click to expand...
Click to collapse
Thanks, I couldn't figure out why the tags didn't work on app
Slithering from the nether regions of a twisted mind and tarnished soul

CNexus said:
Huh. And I thought that was just me
Click to expand...
Click to collapse
What are you doing in here? Lol. What's up?

I guess you'll have to add that they must install their device specific drivers(it needs to be done with my device) else adb doesn't detects the device
Sent from my LG-P990 using xda premium

Anurag pandey said:
I guess you'll have to add that they must install their device specific drivers(it needs to be done with my device) else adb doesn't detects the device
Sent from my LG-P990 using xda premium
Click to expand...
Click to collapse
Op updated, thank you:thumbup:
Slithering from the nether regions of a twisted mind and tarnished soul

Anurag pandey said:
I guess you'll have to add that they must install their device specific drivers(it needs to be done with my device) else adb doesn't detects the device
Sent from my LG-P990 using xda premium
Click to expand...
Click to collapse
True, my brother's computer wouldn't even pick up my sd without them

Updated OP to include how to get logcat in bootloop.:good:
Edit - Also included a link to another great guide on logcats, please be sure to thank Deadly:thumbup::beer:

Very nice write up! :beer:

Should I ask about getting this stickied? What do you guys think?
Slithering from the nether regions of a twisted mind and tarnished soul

Stryke_the_Orc said:
Should I ask about getting this stickied? What do you guys think?
Slithering from the nether regions of a twisted mind and tarnished soul
Click to expand...
Click to collapse
+1
Sent from my SPH-L720 using Xparent Skyblue Tapatalk 2

motorola razr i camera unable to initialize

I get a used razr i with this problem,and i did anything to fix it....
Factory reset,unlock bootloader,root,flashed custom ROM still nothing.
Also front camera and led flash do not work.
I get to divice/system/app folder reinstall camera app but i get error.
I get to apps/camera i deleted cache,i closed it, reopened but still nothing...
My ROM is KTR-ROM v1.12 but had this problem before

Enyone???

Last thing u can try is doing a factory flash with rsd-lite. Use latest rsd-lite and latest official firmware for your phone.
If that doesn't work I am out of ideas for that one
Verstuurd van mijn GT-P5110

Hazou said:
Last thing u can try is doing a factory flash with rsd-lite. Use latest rsd-lite and latest official firmware for your phone.
If that doesn't work I am out of ideas for that one
Verstuurd van mijn GT-P5110
Click to expand...
Click to collapse
I will go for it..anything i have to watch out?

Have correct Motorola drivers installed, use latest rsd-lite version 6.1.X. And always use correct actual (latest) firmware. Jellybean 4.1.2 and if u have EU firmware use EU, if BR use BR and so fort. Then nothing can go wrong.
Verstuurd van mijn GT-P5110

I have EU divice...how to see my filmware exactly?

Settings>system info (lowest one) and than look at system version. I don't have an English version so the names could be wrong. Mine is 91.2.26001.XT890.Retail.en.Eu so I need to have that one.
Verstuurd van mijn GT-P5110

Ok i will try it at night and i will tell you tommorow the news...

Nazgul1379 said:
Ok i will try it at night and i will tell you tommorow the news...
Click to expand...
Click to collapse
I did that but nothing...still both cameras and led flash does not work

Nazgul1379 said:
I did that but nothing...still both cameras and led flash does not work
Click to expand...
Click to collapse
Any other ideas???

Nazgul1379 said:
Any other ideas???
Click to expand...
Click to collapse
no sorry

Hazou said:
no sorry
Click to expand...
Click to collapse
got the same problem.. no solution until now... what if the camera is disconnected?' is it possible?

francoarg said:
got the same problem.. no solution until now... what if the camera is disconnected?' is it possible?
Click to expand...
Click to collapse
Could be. Can u have a look at this directory (/sys/module) and see if it contains the following folders:
ov7736 (camera, front (i gues))
mt9e013 (camera back)
lm3556 (camera flash)
U may need a root explorer. But even non root could access this section as read only.

Hazou said:
Could be. Can u have a look at this directory (/sys/module) and see if it contains the following folders:
ov7736 (camera, front (i gues))
mt9e013 (camera back)
lm3556 (camera flash)
U may need a root explorer. But even non root could access this section as read only.
Click to expand...
Click to collapse
I have look at sys/modules and there are all three folders.. Do i have to do something with that?

francoarg said:
I have look at sys/modules and there are all three folders.. Do i have to do something with that?
Click to expand...
Click to collapse
The modules are loaded correctly i assume. Can u make a logcat and a kernel logcat (kmsg/dmesg same) at the moment it gives the error. Might be a hardware problem indeed.

Hazou said:
The modules are loaded correctly i assume. Can u make a logcat and a kernel logcat (kmsg/dmesg same) at the moment it gives the error. Might be a hardware problem indeed.
Click to expand...
Click to collapse
i have not idea how to make logcat and kernel logcat

francoarg said:
i have not idea how to make logcat and kernel logcat
Click to expand...
Click to collapse
Search out how to get adb working. Then search out how to get a logcat and kmsg/dmesg working.
If u know how do the following:
1. ensure the device is connected, adb works and u have a terminal (cmd) open
2. execute the command "adb logcat > logcat.txt"
3. now open the camera till it gives the error
4. Close the terminal and post the logcat.
The same with the kernel but then:
1. ensure the device is connected, adb works and u have a terminal (cmd) open
2. execute the command "adb shell cat /proc/kmsg > kernellog.txt"
3. now open the camera till it gives the error
4. Close the terminal and post the logcat.

Hazou said:
Search out how to get adb working. Then search out how to get a logcat and kmsg/dmesg working.
If u know how do the following:
1. ensure the device is connected, adb works and u have a terminal (cmd) open
2. execute the command "adb logcat > logcat.txt"
3. now open the camera till it gives the error
4. Close the terminal and post the logcat.
The same with the kernel but then:
1. ensure the device is connected, adb works and u have a terminal (cmd) open
2. execute the command "adb shell cat /proc/kmsg > kernellog.txt"
3. now open the camera till it gives the error
4. Close the terminal and post the logcat.
Click to expand...
Click to collapse
logcat of camera
D/Camera_HAL( 147): ATOM_GetCameraInfo
D/Camera_HAL( 147): ATOM_GetCameraInfo
D/Camera_HAL( 147): ATOM_GetCameraInfo
D/Camera_HAL( 147): ATOM_GetCameraInfo
I/CameraClient( 147): Opening camera 0
D/Camera_HAL( 147): ATOM_OpenCameraHardware
D/Camera_ISP( 147): Kernel with multiplexed preview and main devices detected
E/Camera_ISP( 147): Error stat video device /dev/video0: No such file or directory
W/Camera_ISP( 147): Open device 0 with fd -1
E/Camera_ISP( 147): V4L2: capture_open failed: No such file or directory
E/Camera_ISP( 147): Failed to open first device!
E/Camera_ControlThread( 147): Error initializing ISP with id 0
E/Camera_HAL( 147): Error initializing ControlThread
E/CameraClient( 147): Could not open camera 0: -19
E/CameraClient( 147): initialize: Camera 0: unable to initialize device: No such device (-19)
I/CameraClient( 147): Destroying camera 0
W/CameraBase( 4878): An error occurred while connecting to camera: 0

Get the output of "adb shell lsmod"
Get a file manager and go to root. See if u can find in the folder dev: video0, video1, video2

Hazou said:
Get the output of "adb shell lsmod"
Get a file manager and go to root. See if u can find in the folder dev: video0, video1, video2
Click to expand...
Click to collapse
wl12xx_sdio 12640 0 - Live 0x00000000
wl12xx 141661 0 - Live 0x00000000
mac80211 230650 1 wl12xx, Live 0x00000000
cfg80211 136760 2 wl12xx,mac80211, Live 0x00000000
compat 12450 0 - Live 0x00000000
atomisp 345090 0 - Live 0x00000000
lm3556 12336 0 - Live 0x00000000
ov7736 20600 0 - Live 0x00000000
lc898211 12336 0 - Live 0x00000000
mt9e013 28720 0 - Live 0x00000000
videobuf2_memops 12435 1 atomisp, Live 0x00000000
videobuf2_core 20968 1 atomisp, Live 0x00000000
gps_drv 12515 2 - Live 0x00000000

Read-only file system on Virtual Device

I am trying to get a simple "Hello World" app running in Android Studio but am having a surprising amount of trouble. My current issue seems to be that Android Studio is unable to write to the virtual device. Although my virtual device takes a long time to start up it does eventually get going and seems to present as 'working'.
The output for the device in the "Run" windows shows:
C:\Users\Slarti\AppData\Local\Android\sdk\tools\emulator.exe -netdelay none -netspeed full -avd Nexus_5_API_23_x86
emulator: device fd:928
HAXM is working and emulator runs in fast virt mode
creating window 43 59 329 583
emulator: emulator window was out of view and was recentered
emulator: UpdateChecker: skipped version check​However the output in the "app" log of the "Run" window reads:
Target device: Nexus_5_API_23_x86 [emulator-5554]
Installing APK: C:\Users\Slarti\Documents\...
Uploading file to: /data/local/tmp/...
com.android.ddmlib.SyncException: Read-only file system​
and the "Event Log" shows:
2:01:53 PM Gradle sync started
2:04:30 PM Gradle sync completed
2:04:35 PM Executing tasks: [:app:generateDebugSources, :app:generateDebugAndroidTestSources]
2:04:56 PM Gradle build finished in 25s 136ms
2:10:33 PM Unable to obtain result of 'adb version'
2:11:03 PM Executing tasks: [:app:assembleDebug]
2:11:40 PM Gradle build finished in 36s 851ms
2:11:43 PM transfer error: Read-only file system
2:11:43 PM Error during Sync: Read-only file system​
I've spent a lot of time searching for a solution for this, including re-installing Android Studio but I still keep having the same problem. Does anyone know what could be causing this and how I can fix it? The program itself is a very simple "Hello World!" program and I have left most things in Android Studio at their default values but clearly something somewhere must be set incorrectly. Any ideas as to what it could be?
Thanks for any help,
Slarti.