Database Develop

Root Frg83(2.2.1) Help please...

Stupid me go back to the stock rom and upgraded to 2.2.1 and lost the root. Ive been trying all day today by following the instruction from this tutorial(http://forum.xda-developers.com/showthread.php?t=736271) but im stuck at the rootshell command. its says permission denied. Can some one please help me..please.. is there any way to root this FRG83, please??

This method does not work anymore.. you have to go a different method..
you can try this method
Code:
adb push rageagainstthecage-arm5.bin /data/local/tmp/
adb shell
$chmod 700 /data/tmp rageagainstthecage
exit
go to sdk/tools
/tools>freenexus.bat
adb shell
$cd data/local/tmp
ls
check if all files are in
rage
su
Superuser.apk
busybox
$./rageagainstthecage
743C[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3084, 3084}[*] Searching for adb ...
[+] Found adb as PID 64[*] Spawning children. Dont type anything and wait for reset![*][*] If you like what we are doing you can send us PayPal money to[*] 7-4-3-C[at]web.de so we can compensate time, effort and HW costs.[*] If you are a company and feel like you profit from our work,[*] we also accept donations > 1000 USD![*][*] adb connection will be reset. restart adb server on desktop and re-login.
DONT TYPE ANYTHING TILL YOU HERE THE ADB ON PHONE RESTARTS.
C:/adb kill-server
C:/adb start-server
adb shell
#
should get pound sign if not run ragecage again and dont do anything to you here the last ding on computer
#cd /data/local/tmp
#./busybox cp busybox /system/bin/
(if get read-only error do this
mount -o remount,rw /dev/block/mtdblock3 /system)
#chmod 4755 /system/bin/busybox
#./busybox cp Superuser.apk /system/app
#./busybox cp su /system/bin/
#chmod 4755 /system/bin/su
#exit
if $ type exit again
then go into terminal on phone, and type su
if you get the # you have root once again! yay!
now to install busybox command
adb shell
$su
#cd /sdcard
#sh ./installbusybox.sh
thats it
i dont have files i will upload in a bit before i have to go
ok for busybox installing on phone..
put installer.sh
and busybox on root of sdcard
then follow rest of instructions..pretty simple
put su,busybox,and all the freenexus stuff in sdktools
http://www.mediafire.com/file/nm7k71ofdgltk5g/root.rar

ilostchild said:
This method does not work anymore.. you have to go a different method..
you can try this method
Code:
adb push rageagainstthecage-arm5.bin /data/local/tmp/
adb shell
$chmod 700 /data/tmp rageagainstthecage
exit
go to sdk/tools
/tools>freenexus.bat
adb shell
$cd data/local/tmp
ls
check if all files are in
rage
su
Superuser.apk
busybox
$./rageagainstthecage
743C[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3084, 3084}[*] Searching for adb ...
[+] Found adb as PID 64[*] Spawning children. Dont type anything and wait for reset![*][*] If you like what we are doing you can send us PayPal money to[*] 7-4-3-C[at]web.de so we can compensate time, effort and HW costs.[*] If you are a company and feel like you profit from our work,[*] we also accept donations > 1000 USD![*][*] adb connection will be reset. restart adb server on desktop and re-login.
DONT TYPE ANYTHING TILL YOU HERE THE ADB ON PHONE RESTARTS.
C:/adb kill-server
C:/adb start-server
adb shell
#
should get pound sign if not run ragecage again and dont do anything to you here the last ding on computer
#cd /data/local/tmp
#./busybox cp busybox /system/bin/
(if get read-only error do this
mount -o remount,rw /dev/block/mtdblock3 /system)
#chmod 4755 /system/bin/busybox
#./busybox cp Superuser.apk /system/app
#./busybox cp su /system/bin/
#chmod 4755 /system/bin/su
#exit
if $ type exit again
then go into terminal on phone, and type su
if you get the # you have root once again! yay!
now to install busybox command
adb shell
$su
#cd /sdcard
#sh ./installbusybox.sh
thats it
i dont have files i will upload in a bit before i have to go
ok for busybox installing on phone..
put installer.sh
and busybox on root of sdcard
then follow rest of instructions..pretty simple
put su,busybox,and all the freenexus stuff in sdktools
http://www.mediafire.com/file/nm7k71ofdgltk5g/root.rar
Click to expand...
Click to collapse
man thanks alot for your help, but im really a noob.
wud u mind telling me step by step, i know it sounds pretty stupid but pls just guide in the right direction. Much appreciated.

Ouch. I hope you can laugh about this one day. I'm sure you'll have root again.
Have you ever heard the term "curiosity kills the cat".
You knew enough to get root, revert to stock so that you could apply 2.2.1, to discover the hard way that the .1 was mainly, if nothing more than a security patch locking out root. And now need coles notes for above. Sorry, that'll be funny after you have root again.
In the meantime, I hope you find solace in paving the road for future noobs starting new from 2.2.1.
Anyway, the majority of the guide above are sequences while in ADB. You had to use some adb to get
root the first time. Google and do a little research on the subject. You need to polish up as I think the warnings above about "don't do anything until", are warnings to avoid bricking. If this procedure is that risky then your ounce of comprehension is worth a ton of hand holding.
Sent from my Nexus One using XDA App

read this thread first

my instructions are the same just more detailed..
and yes gotto do this thru adb
so you get the ragecage arm5
and go to android sdk/tools> and from there do adb push.. and im sure you can do the rest

ilostchild said:
my instructions are the same just more detailed..
and yes gotto do this thru adb
so you get the ragecage arm5
and go to android sdk/tools> and from there do adb push.. and im sure you can do the rest
Click to expand...
Click to collapse
ijust wanted to know which files to download and where to extract themm.. just lik ehow it was mentioned in the freenexus thread, it was defined so clear which fuiles to download and where,,.
Can anyone please help. thanks.

Loveact's post links you to a thread with multiple victims of the patch, links and details to get back root.
Sent from my Nexus One using XDA App

Detailed step-by-step instructions

nexusdue said:
Detailed step-by-step instructions
Click to expand...
Click to collapse
ok so i tried last nite several time but im stuck at the part after
$./rageagainstthecage
its says not found
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
what am i suppose to do now, I am stuck. All my files are in the tools folder
I need your help, please help me out.

If you are running windows, did you run freenexus.bat? I think that step was not mentioned unless u looked at the readme file in the freenexus.zip files.

kpjimmy said:
If you are running windows, did you run freenexus.bat? I think that step was not mentioned unless u looked at the readme file in the freenexus.zip files.
Click to expand...
Click to collapse
Do I have to double click it and run iton windows before i start the process??
is that what you mean??

junooni.1980 said:
ok so i tried last nite several time but im stuck at the part after
$./rageagainstthecage
its says not found
what am i suppose to do now, I am stuck. All my files are in the tools folder
I need your help, please help me out.
Click to expand...
Click to collapse
Congrats for not following the instructions.

nexusdue said:
Congrats for not following the instructions.
Click to expand...
Click to collapse
i did man.. can some one help me then dunno what am i m issing.. here pls.

Looks like you don't have the rageagainstthecage binary on your phone.
Doing 'adb shell ls -l /data/local/tmp' on your computer should get you something like this:
Code:
-rwxrwxrwx shell shell 5392 2010-08-25 01:42 rageagainstthecage-arm5.bin
-rwxr-xr-x shell shell 1926944 2010-03-22 20:29 busybox
-rwxrwxrwx shell shell 26248 2010-07-22 10:20 su
-rwxrwxrwx shell shell 27688 2010-07-22 10:19 Superuser.apk
There might be some other files in there; it's these that matter. If you don't see them then do all the 'adb push' and 'adb shell chmod' stuff in the previously linked instructions.

Egypt Urnash said:
Looks like you don't have the rageagainstthecage binary on your phone.
Doing 'adb shell ls -l /data/local/tmp' on your computer should get you something like this:
Code:
-rwxrwxrwx shell shell 5392 2010-08-25 01:42 rageagainstthecage-arm5.bin
-rwxr-xr-x shell shell 1926944 2010-03-22 20:29 busybox
-rwxrwxrwx shell shell 26248 2010-07-22 10:20 su
-rwxrwxrwx shell shell 27688 2010-07-22 10:19 Superuser.apk
There might be some other files in there; it's these that matter. If you don't see them then do all the 'adb push' and 'adb shell chmod' stuff in the previously linked instructions.
Click to expand...
Click to collapse
what is Doing 'adb shell ls ((-l /data/local/tmp' ))on your computer should get you something like this: i meant what is -I??

If you can't follow these instrucstions, you should NOT be rooting anyhow, since you obviously have NO IDEA what you are doing.
1) Get rageagainstthecage-arm5.bin
http://stealth.openwall.net/xSports/RageAgainstTheCage.tgz
2) Get Superuser.apk, busybox,su
http://dl.dropbox.com/u/1327667/freenexus.zip
3) Get the Android SDK (ADB)
http://dl.google.com/android/android-sdk_r07-windows.zip
4a) Unzip android SDK (e.g. so that the tools folder is F:\ADB\)
4b) connect Nexus One with with "applications=>development=>USB debug enabled" (and install USB driver if necessary)
5) Unzip/unrar files within RageAgainstTheCage.tgz to F:\ADB\
6) Unzip/unrar files within freenexus.zip to F:\ADB\
7) Open command prompt go to F:\ADB
[7b) Verify that your nexus one is connected and responding - type "adb devices" it should list your N1
8) Now within the command prompt do the following (commands in bold - the rest gives you an indication of the results)
(Note: if you get $ instead of #, just go back and repeat the instructions from where it says $ ./rageagainstthecage. Worked like a charm on the second try for me.)
F:\ADB>adb push rageagainstthecage-arm5.bin /data/local/tmp/rageagainstthecage
263 KB/s (5392 bytes in 0.020s)
F:\ADB>adb push Superuser.apk /data/local/tmp/Superuser.apk
263 KB/s (5392 bytes in 0.020s)
F:\ADB>adb push su /data/local/tmp/su
263 KB/s (5392 bytes in 0.020s)
F:\ADB>adb push busybox /data/local/tmp/busybox
263 KB/s (5392 bytes in 0.020s)
F:\ADB>adb shell chmod 700 /data/local/tmp/rageagainstthecage
F:\ADB>adb shell
$
$ cd /data/local/tmp
cd /data/local/tmp
$ ./rageagainstthecage
./rageagainstthecage[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3084, 3084}[*] Searching for adb ...
[+] Found adb as PID 64[*] Spawning children. Dont type anything and wait for reset![*][*] If you like what we are doing you can send us PayPal money to[*] 7-4-3-C[at]web.de so we can compensate time, effort and HW costs.[*] If you are a company and feel like you profit from our work,[*] we also accept donations > 1000 USD![*][*] adb connection will be reset. restart adb server on desktop and re-login.
$
F:\ADB>adb kill-server
F:\ADB>adb start-server
* daemon not running. starting it now *
* daemon started successfully *
F:\ADB>adb shell chmod 755 /data/local/tmp/busybox
F:\ADB>adb shell
#mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
# cd /data/local/tmp
cd /data/local/tmp
# ./busybox cp busybox /system/bin
./busybox cp busybox /system/bin
# chmod 4755 /system/bin/busybox
chmod 4755 /system/bin/busybox
# busybox cp Superuser.apk /system/app
busybox cp Superuser.apk /system/app
# busybox cp su /system/bin
busybox cp su /system/bin
# chmod 4755 /system/bin/su
chmod 4755 /system/bin/su
# exit
F:\ADB>adb shell
# su
su
#mount -o remount,ro -t yaffs2 /dev/block/mtdblock3 /system
mount -o remount,ro -t yaffs2 /dev/block/mtdblock3 /system
# exit
F:\ADB>exit
Click to expand...
Click to collapse

nexusdue said:
If you can't follow these instrucstions, you should NOT be rooting anyhow, since you obviously have NO IDEA what you are doing.
1) Get rageagainstthecage-arm5.bin
http://stealth.openwall.net/xSports/RageAgainstTheCage.tgz
2) Get Superuser.apk, busybox,su
http://dl.dropbox.com/u/1327667/freenexus.zip
3) Get the Android SDK (ADB)
http://dl.google.com/android/android-sdk_r07-windows.zip
4a) Unzip android SDK (e.g. so that the tools folder is F:\ADB\)
4b) connect Nexus One with with "applications=>development=>USB debug enabled" (and install USB driver if necessary)
5) Unzip/unrar files within RageAgainstTheCage.tgz to F:\ADB\
6) Unzip/unrar files within freenexus.zip to F:\ADB\
7) Open command prompt go to F:\ADB
[7b) Verify that your nexus one is connected and responding - type "adb devices" it should list your N1
8) Now within the command prompt do the following (commands in bold - the rest gives you an indication of the results)
(Note: if you get $ instead of #, just go back and repeat the instructions from where it says $ ./rageagainstthecage. Worked like a charm on the second try for me.)
Click to expand...
Click to collapse
Ok perhaps that what i am doing wrong...
so i download android-sdk_r07-windows.zip & unzip it..to a folder F:\ADB.
So i have to create a new folder named ADB and thne unzip all teh stuff in it??
because before i was unzipping the android-sdk_r07-windows.zip & then the folder named android-sdk_r07-windows & i was upzipping freenexus.zip & RageAgainstTheCage.tgz in the tools folder in the android-sdk_r07-windows folder.
So correct me if im wrong instead of android-sdk_r07-windows folder I have to make a new folder named F:\ADB and then unzinp android-sdk_r07-windows.zip & freenexus.zip & RageAgainstTheCage.tgz in teh F;\ADB folder not in the android-sdk_r07-windows tools folder??
Please advise?>?

junooni.1980 said:
Ok perhaps that what i am doing wrong...
so i download android-sdk_r07-windows.zip & unzip it..to a folder F:\ADB.
So i have to create a new folder named ADB and thne unzip all teh stuff in it??
because before i was unzipping the android-sdk_r07-windows.zip & then the folder named android-sdk_r07-windows & i was upzipping freenexus.zip & RageAgainstTheCage.tgz in the tools folder in the android-sdk_r07-windows folder.
So correct me if im wrong instead of android-sdk_r07-windows folder I have to make a new folder named F:\ADB and then unzinp android-sdk_r07-windows.zip & freenexus.zip & RageAgainstTheCage.tgz in teh F;\ADB folder not in the android-sdk_r07-windows tools folder??
Please advise?>?
Click to expand...
Click to collapse
Sorry this is so basic ... if you don't understand folder structures, you really SHOULD NOT ROOT!
Do NOT do it! Maybe after using computers for a couple of years you can "upgrade" to rooting your phone.

nexusdue said:
Sorry this is so basic ... if you don't understand folder structures, you really SHOULD NOT ROOT!
Do NOT do it! Maybe after using computers for a couple of years you can "upgrade" to rooting your phone.
Click to expand...
Click to collapse
I can admire how you're so annoyed but I guess i gotta suck it up cus It I who is in need.
LOL! i've been using computers for a while now & I do undrestand the folder structure pretty well why would i think that? Cus I was able to root the phone the first time.
It's just that i find the description so confusing, I use windows, dunno what OS are you on? But when you extract a zip file it creates a default folder of the same name so...
But i really don't think that my question was that hard, which shot you over the moon & piss you off and made you tell me to learn basic computing first.
All i asked was If I am suppose to make a separate folder named ADB & if I sould extract every thing in it rather than the default unzipped folder that windows makes. But I guess If you're so annoyed then i'l leave it for some one else, I am quite sure one of the purpose of this forum is to get and give help. And im pretty sure that there will be someone who can help me or perhaps i'll find a way myself. But anyways thanks alot for your time, you've been nothing but great help. LOL! And I mean it...

Just so you know S-Off works

http://firewater-soff.com/instructions/
works fine, now s-offed

ticklemepinks said:
http://firewater-soff.com/instructions/
works fine, now s-offed
Click to expand...
Click to collapse
Already???!!! Awesome! :good:

Sim-X said:
Already???!!! Awesome! :good:
Click to expand...
Click to collapse
yep thank me later lol

And confirmed! Can't wait to get rid of ugly development test, bring on the custom hboot. I have only had the phone for not even 2 days and already s-off!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}

I concur.

Looks like it's time to update my Hboot guide.
Sent from my EVO LTE

For some reason when I get to the command "chmod 755 /data/local/tmp/firewater" it's telling me "operation not permitted". Strange cause adb shell has superuser permissions...gonna try on my desktop pc.

FlowingAway said:
For some reason when I get to the command "chmod 755 /data/local/tmp/firewater" it's telling me "operation not permitted". Strange cause adb shell has superuser permissions...gonna try on my desktop pc.
Click to expand...
Click to collapse
I had that too.. check your phone's screen and accept the root request.

I can also confirm it works. I used the HTCDev Unlocked/Rooted method and am now S-Off.

Wow I am S-Off. That was quick and easy. Only complication was having to download an app (USBDebug) from the play store in order to enable usb debugging mode.

knlmwq said:
Wow I am S-Off. That was quick and easy. Only complication was having to download an app (USBDebug) from the play store in order to enable usb debugging mode.
Click to expand...
Click to collapse
Settings/About/Software Information/More/ tap Build number 7 times. Adds Developer options. back to Settings just above Activate this device. Enables USB Debugging there.

Another confirmed success! :GOOD:

I'm getting an error on the last line
"[email protected]_m8whl:/ # chmod 755 /data/local/tmp/firewater
chmod 755 /data/local/tmp/firewater
[email protected]_m8whl:/ #
C:\Users\J>/data/local/tmp/firewater
The system cannot find the path specified."
---------- Post added at 10:29 PM ---------- Previous post was at 10:27 PM ----------
I'm getting an error on the last line
"[email protected]_m8whl:/ # chmod 755 /data/local/tmp/firewater
chmod 755 /data/local/tmp/firewater
[email protected]_m8whl:/ #
C:\Users\J>/data/local/tmp/firewater
The system cannot find the path specified."
---------- Post added at 10:32 PM ---------- Previous post was at 10:29 PM ----------
I'm getting an error on the last line
"[email protected]_m8whl:/ # chmod 755 /data/local/tmp/firewater
chmod 755 /data/local/tmp/firewater
[email protected]_m8whl:/ #
C:\Users\J>/data/local/tmp/firewater
The system cannot find the path specified."
---------- Post added at 10:34 PM ---------- Previous post was at 10:32 PM ----------
I'm getting an error on the last line
"[email protected]_m8whl:/ # chmod 755 /data/local/tmp/firewater
chmod 755 /data/local/tmp/firewater
[email protected]_m8whl:/ #
C:\Users\J>/data/local/tmp/firewater
The system cannot find the path specified."
---------- Post added at 10:35 PM ---------- Previous post was at 10:34 PM ----------
I'm getting an error on the last line
"[email protected]_m8whl:/ # chmod 755 /data/local/tmp/firewater
chmod 755 /data/local/tmp/firewater
[email protected]_m8whl:/ #
C:\Users\J>/data/local/tmp/firewater
The system cannot find the path specified."

confirmed
thank you for the heads up @thicklemepinks
this is ridiculous it took me 3 minutes to get soff with htc dev unlocked and rooted
the guys who made this possible deserve some donations for sure

I'm getting an error on the last line
"[email protected]_m8whl:/ # chmod 755 /data/local/tmp/firewater
chmod 755 /data/local/tmp/firewater
[email protected]_m8whl:/ #
C:\Users\J>/data/local/tmp/firewater
The system cannot find the path specified."

I'm at a loss here.
C:\Users\Matt\Desktop\AndroidSDK\adt-bundle-windows-x86_64-20130917
-tools>adb shell
[email protected]_m8whl:/ $ su
su
[email protected]_m8whl:/ # chmod 755 /data/local/tmp/firewater
chmod 755 /data/local/tmp/firewater
Unable to chmod /data/local/tmp/firewater: Operation not permitted
supersu shows in its log that it allowed "shell"...when i type the cdmod command i am receiving no prompts on the phone screen. should i be?

I'm getting an error on the last line
"[email protected]_m8whl:/ # chmod 755 /data/local/tmp/firewater
chmod 755 /data/local/tmp/firewater
[email protected]_m8whl:/ #
C:\Users\J>/data/local/tmp/firewater
The system cannot find the path specified."

jvs60 said:
I'm getting an error on the last line
"[email protected]_m8whl:/ # chmod 755 /data/local/tmp/firewater
chmod 755 /data/local/tmp/firewater
[email protected]_m8whl:/ #
C:\Users\J>/data/local/tmp/firewater
The system cannot find the path specified."
Click to expand...
Click to collapse
i bolded the part i think you need to cut out

jvs60 said:
I'm getting an error on the last line
"[email protected]_m8whl:/ # chmod 755 /data/local/tmp/firewater
chmod 755 /data/local/tmp/firewater
[email protected]_m8whl:/ #
C:\Users\J>/data/local/tmp/firewater
The system cannot find the path specified."
Click to expand...
Click to collapse
last line tells me you are not in the adb shell anymore. since thats a response from windows are you sure you are not getting kicked out of adb shell.
FlowingAway said:
I'm at a loss here.
C:\Users\Matt\Desktop\AndroidSDK\adt-bundle-windows-x86_64-20130917
-tools>adb shell
[email protected]_m8whl:/ $ su
su
[email protected]_m8whl:/ # chmod 755 /data/local/tmp/firewater
chmod 755 /data/local/tmp/firewater
Unable to chmod /data/local/tmp/firewater: Operation not permitted
supersu shows in its log that it allowed "shell"...when i type the cdmod command i am receiving no prompts on the phone screen. should i be?
Click to expand...
Click to collapse
your case IMO seems to be the system write protection.
Why don't you use the wp_mod.ko from flare.
this is the guide someone wrote on the htc m8 dev forum just to clarify
first reboot to recovery and mount system go to the file manager and you should've downloaded the module from the htc m8 forum here on xda.
copy the module to system/lib/modules and chmod 644
reboot
open up terminal and type su
then
insmod /system/lib/modules/wp_mod.ko
to verify that is loaded type lsmod and see if is loaded.
last thing go to system/etc/ and find the file init.installrecovery.sh and add
insmod /system/lib/modules/wp_mod.ko
to the end of the file save and exit and reboot.
now when you reboot and you open terminal and type lsmod the wp_mod should be loaded and it should say permanent.
now try fire and water again.

Thank you @chemjb it wasn't even that complicated. I guess something went wrong when I flashed the supersu zip the first time. I flashed again and this time it took. Worked first try after that. S-Off and ready to roll.

Patching Sepolicy with Supolicy Tool, modifed file not produced.

I am in the position of having to manually apply the defult sepolicy patch, init,?*init_shell?* and?*recovery?*permissive, and as the title states when using the supolicy tool to modify my supplieded sepolicy it is not being produced and on closer inspection throwing an error. I have attached both the images and the sepolicy file I am trying to applie these change to.
Have I been doing something wrong or is the file corrupted??
If you need more info just ask
Note: when I first tried it inside an adb shell it reported a segumentation fault, but I was unable to reproduce that condition to be provided with as a screen shot.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
EDIT: I at least can say that the possibility of a corrupt file is now smaller becuse I am able to run dumpav and dump its contents to a txt file and then do afb pull back to pc. So amyone know any way to applie the defult P atchs needed to sysyemless root?

@Chainfire Since this is your binary files, you should know the most about it.
Commands to gain application root on emulator
Code:
adb shell df #Check Available Space
adb shell mount -o remount,rw /system
adb push su /system/bin/su
adb shell chmod 0755 /system/bin/su
adb push su /system/xbin/su
adb shell chmod 0755 /system/xbin/su
adb shell su --install
adb shell "su --daemon&"
adb install superuser.apk
adb install rootcheck.apk
I then proceed to patch the sepolicy file with the following commands
Code:
adb push sepolicy /data/local/tmp/sepolicy
adb shell su -c "supolicy --file /data/local/tmp/sepolicy /data/local/tmp/sepolicy_out" #There is no sepolicy_out file
adb shell su -c "chmod 0644 /data/local/tmp/sepolicy_out"
adb pull /data/local/tmp/sepolicy_out sepolicy_out
So what am I able to do?
Are you able to
A) Help me debug the problem
Or
B) Patch the sepolicy file and post the output back to me/here

Matt07211 said:
...
Click to expand...
Click to collapse
Works fine on my device... could be an x86 specific issue? Unfortunately I don't have any x86 devices to test with.

Thanks for that. Yes, I am trying to patch the policy for my armv8 (arm64) cpu device (just realised, but would trying to patch the sepolicy from one architecture using the supolicy for a different architecture have new the problem?, if so I feel dumb). And since I didn't have a spare device devce that met the requirements, I resorted to use the already setup emulator in my Windows installation.
I had proceeded to root and run the supolicy tool for which nothing out-putted (tried different directorys), I then created a new sub-directory, test, in /data/local/tmp and chmod it with read and write permissions. I tried again and failed, I then ran a dumpav in the sepolicy I was trying to patch and outputted it to /data/local/tmp/test/dumpav.txt which worked.
I am just wondering why it didn't work for me .
Thanks again for the sepolic_out file, I really do apperciate it.

Ah you're saying the segmentation fault occurred on the emulator? That's interesting. Might be reproducable on my end.

Note: look at my first image with cms in the foreground and near the bottom of the command window you should see the segfault message, around second last command or so.
To reproduce that segfault (hopefully):
1) https://software.intel.com/en-us/android/articles/android-44-kitkat-x86-emulator-system-image Download the system image from here (had to direct download instead of sdk as internet was running through profile and ask wouldn't work through it)
2) used the 2.78 SuperSu zip and run above commands to gain root
3) run above commands to try and modify sepolicy (it doesn't produce anything)
4) start an adb shell and then run the commands inside the shell. Know the outputs shown was segfault the first time running the commands, every time afterwards it would show the error in the above screenshots
If you figure out what cause the segfault can you please tell me ?

Matt07211 said:
Note: look at my first image with cms in the foreground and near the bottom of the command window you should see the segfault message, around second last command or so.
To reproduce that segfault (hopefully):
1) https://software.intel.com/en-us/android/articles/android-44-kitkat-x86-emulator-system-image Download the system image from here (had to direct download instead of sdk as internet was running through profile and ask wouldn't work through it)
2) used the 2.78 SuperSu zip and run above commands to gain root
3) run above commands to try and modify sepolicy (it doesn't produce anything)
4) start an adb shell and then run the commands inside the shell. Know the outputs shown was segfault the first time running the commands, every time afterwards it would show the error in the above screenshots
If you figure out what cause the segfault can you please tell me ?
Click to expand...
Click to collapse
Before I go do all this, can you make sure the issue persists with the v2.78 SR1 version from the BETA thread ? Some issues with supolicy were fixed in that release.

Started with a fresh emulator and the newest SuperSu and ran these commands to gain root (I am placing everything as described in update-binary in the right places just to eliminate one thing, missing dependencies)
Code:
adb shell df
adb shell mount -o remount,rw /system
adb push Superuser.apk /system/app/Superuser.apk
adb shell chmod 0644 /system/app/Superuser.apk
adb push install-recovery.sh /system/etc/install-recovery.sh
adb shell ln -s /system/etc/install-recovery.sh /system/bin/install-recovery.sh
adb shell chmod 0755 /system/etc/install-recovery.sh
adb push su /system/xbin/su
adb shell chmod 0755 /system/xbin/su
adb push su /system/bin/.ext/.su
adb shell chmod 0755 /system/bin/.ext/.su
adb push su /system/xbin/daemonsu
adb shell chmod 0755 /system/xbin/daemonsu
adb push su /system/xbin/sugote
adb shell chmod 0755 /system/xbin/sugote
adb push supolicy /system/xbin/supolicy
adb shell chmod 0755 /system/xbin/supolicy
adb push libsupol.so /system/lib/libsupol.so
adb shell chmod 0644 /system/lib/libsupol.so
adb push 99SuperSUDaemon /system/etc/init.d/99SuperSUDaemon
adb shell chmod 0755 /system/etc/init.d/99SuperSUDaemon
adb shell su --install
adb shell "su --daemon&"
adb install superuser.apk
adb install rootcheck.apk
No everything should be in place, and we now can eliminate one thing (supolicy not finding needed dependencies)
Opened up SuperSu and let it install/update binary (succesful)
I then proceeded to patch the sepolicy file like so
Code:
adb push sepolicy /data/local/tmp/sepolicy
adb shell su -c "supolicy --file /data/local/tmp/sepolicy /data/local/tmp/sepolicy_out"
I then did "ls" in the directory and no file out-putted. So I went into a shell and ran
Code:
supolicy --file /data/local/tmp/sepolicy /data/local/tmp/sepolicy_out
And it throw the error shown in the image below. First time running that command in shell it says stopped, but the second time it says stopped as well as segfault.
Keep in mind I am trying to patch a sepolicy file that originates from an armv8 cpu (arm64) on an x86 Intel emulator.
Any more info needed? I am happy to help @Chainfire

So, I think it has something to do with your emulator image (perhaps its too old ?)
I took SuperSU's ZIP file and extracted it, changed to that folder, then:
(note that my adb shell to my emulator image has # root by default)
Code:
adb push c:\download\sepolicy /data/local/tmp/sepolicy
adb push x86\. /data/local/tmp/.
adb shell
cd /data/local/tmp
chmod 0755 supolicy
LD_LIBRARY_PATH=/data/local/tmp:$LD_LIBRARY_PATH ./supolicy --file sepolicy sepolicy_out
exit
Resulting in:
Code:
supolicy v2.78 (ndk:x86) - Copyright (C) 2014-2016 - Chainfire
Patching policy [sepolicy] --> [sepolicy_out] ...
- Success
So, I'm really not sure what might be going on with your setup, but I don't think its SuperSU itself, but rather the emulator.
Note that to use supolicy --file, you only need supolicy and libsupol.so, you don't even need root.

Chainfire said:
So, I think it has something to do with your emulator image (perhaps its too old ?)
I took SuperSU's ZIP file and extracted it, changed to that folder, then:
(note that my adb shell to my emulator image has # root by default)
Resulting in:
So, I'm really not sure what might be going on with your setup, but I don't think its SuperSU itself, but rather the emulator.
Note that to use supolicy --file, you only need supolicy and libsupol.so, you don't even need root.
Click to expand...
Click to collapse
Hmm, I really don't know what is wrong, I will try exactly what you have done later today, to see If can reproduce the output. If it doesn't work then we can pin it down to the emulator itself. What emulator image did you use?
I also realise that so emulator are rooted in the sense that web shell has root acess, just wasn't sure what dependices supolicy had at the time.

Matt07211 said:
Hmm, I really don't know what is wrong, I will try exactly what you have done later today, to see If can reproduce the output. If it doesn't work then we can pin it down to the emulator itself. What emulator image did you use?
I also realise that so emulator are rooted in the sense that web shell has root acess, just wasn't sure what dependices supolicy had at the time.
Click to expand...
Click to collapse
I created an API 22 Google Nexus x86_64 AVD in Android Studio

I should be able to try that in about 20-30 mins after I download it, I was using api level 19, Intel's emulator image.

I ran these commands on the Intel api 19 x86 emulator image.
Code:
adb push libsupol.so /system/lib/libsupol.so
adb shell chmod 0644 /system/lib/libsupol.so
adb push /system/xbin/supolicy
adb shell chmod 0755 /system/xbin/supolicy
adb push supolicy /data/local/tmp/supolicy
adb shell chmod 0755 /data/local/tmp/supolicy
adb push sepolicy /data/local/tmp/sepolicy
adb shell
cd /data/local/tmp
chmod 0755 supolicy
LD_LIBRARY_PATH=/data/local/tmp:$LD_LIBRARY_PATH ./supolicy --file sepolicy sepolicy_out
and it results in the error(shown in screenshot)
Code:
libsepol.policydb_read: policydb magic number 0x464c457f does not match expected magic number 0xf97cff8c or 0xf97cff8d
-Failure!
I then tried it on the Intel x86_64 api 22 emulator image (running the same commands as the first one, resulting in a succes, with the file being outputted as the sepolicy_out.
So as you have stated @Chainfire , it looks like a problem with the emulator itself, and most likely not the supolicy tool.

Chainfire said:
So, I think it has something to do with your emulator image (perhaps its too old ?)
I took SuperSU's ZIP file and extracted it, changed to that folder, then:
(note that my adb shell to my emulator image has # root by default)
Code:
adb push c:\download\sepolicy /data/local/tmp/sepolicy
adb push x86\. /data/local/tmp/.
adb shell
cd /data/local/tmp
chmod 0755 supolicy
LD_LIBRARY_PATH=/data/local/tmp:$LD_LIBRARY_PATH ./supolicy --file sepolicy sepolicy_out
exit
Resulting in:
Code:
supolicy v2.78 (ndk:x86) - Copyright (C) 2014-2016 - Chainfire
Patching policy [sepolicy] --> [sepolicy_out] ...
- Success
So, I'm really not sure what might be going on with your setup, but I don't think its SuperSU itself, but rather the emulator.
Note that to use supolicy --file, you only need supolicy and libsupol.so, you don't even need root.
Click to expand...
Click to collapse
@Chainfire, I'm trying to patch sepolicy for a Samsung device running Nougat, so that Supersu can be installed in system mode. Could you confirm if the --sdk=24 parameter is required?
adb shell su -c "supolicy --file /data/local/tmp/sepolicy /data/local/tmp/sepolicy_out --sdk=24"
Thanks, appreciate your time.

ashyx said:
@Chainfire, I'm trying to patch sepolicy for a Samsung device running Nougat, so that Supersu can be installed in system mode. Could you confirm if the --sdk=24 parameter is required?
adb shell su -c "supolicy --file /data/local/tmp/sepolicy /data/local/tmp/sepolicy_out --sdk=24"
Thanks, appreciate your time.
Click to expand...
Click to collapse
Yes it is.
System mode hasn't been tested at all on 7.0 though. I'm not sure anybody has been able to get it to work at this point.
If you do, let me know and with the steps

Chainfire said:
Yes it is.
System mode hasn't been tested at all on 7.0 though. I'm not sure anybody has been able to get it to work at this point.
If you do, let me know and with the steps
Click to expand...
Click to collapse
Hmm wasn't aware of the lack of support for system mode in nougat, any plans to implement?
It seems system mode root renders the device unbootable according to reports from my tester.
Question, if I modify the supersu script to mount su.img from /system am I likely to hit issues?
Seems a strange query I know.
Reason is we have a Samsung device that for some reason will not boot from a source built custom Nougat kernel. Not sure if this is related to AVB yet or something else.
However we can get a half assed TWRP to boot with the stock kernel.
Only problem is, no matter what, only /system can be mounted and accessed with write permission due to permission denied issues with the rest of partitions. Pretty sure this is an SELinux issue.
Meaning systemless root cannot be installed as normal. No access to /data or /cache.
I can patch the boot.img ramdisk manually for systemless, but for root to work I would need to push su.img to system and mount it from there.
Is it possible to still mount su.img from system if I modify the ramdisk init as required?
The other avenue is to flash su.img to /data or /cache via ODIN.
If it was flashed to /cache would supersu automatically pick up its location and copy it to /data or would a flag need to be set?
Just trying to keep my options open here.

ashyx said:
Hmm wasn't aware of the lack of support for system mode in nougat, any plans to implement?
It seems system mode root renders the device unbootable according to reports from my tester.
Click to expand...
Click to collapse
It is on my list of things to test/fix, but that list is long and full of terrors.
Question, if I modify the supersu script to mount su.img from /system am I likely to hit issues?
Is it possible to still mount su.img from system if I modify the ramdisk init as required?
Click to expand...
Click to collapse
I think that could work, yes.
The other avenue is to flash su.img to /data or /cache via ODIN.
If it was flashed to /cache would supersu automatically pick up its location and copy it to /data or would a flag need to be set?
Just trying to keep my options open here.
Click to expand...
Click to collapse
SuperSU should pick it up from /cache. Alternatively, try SuperSU's FRP mode, which stores a copy of the needed files in the boot-image and re-creates /data/su.img as needed.

Chainfire said:
It is on my list of things to test/fix, but that list is long and full of terrors.
I think that could work, yes.
SuperSU should pick it up from /cache. Alternatively, try SuperSU's FRP mode, which stores a copy of the needed files in the boot-image and re-creates /data/su.img as needed.
Click to expand...
Click to collapse
Thanks, great info as always. Finally managed to root the damn thing by adding a short script to the init which copies su.img to cache.
However FRP mode sounds like a more elegant solution if I can work out how to implement it in the Ramdisk.
Much appreciate your input.

ashyx said:
So, I think it has something to do with your emulator image (perhaps its too old ?)
...
Could you confirm if the --sdk=24 parameter is required?
adb shell su -c "supolicy --file /data/local/tmp/sepolicy /data/local/tmp/sepolicy_out --sdk=24"
Thanks, appreciate your time.
Click to expand...
Click to collapse
Yea believe it was segfaulting due to the Android version, I think I was using KitKat and it wasn't working, bumped up to lollipop and above and it worked fine
Oh, the SDK parameter, never heard of it, what does it do? Geuss I'll Google that then.
ashyx said:
Thanks, great info as always. Finally managed to root the damn thing by adding a short script to the init which copies su.img to cache.
However FRP mode sounds like a more elegant solution if I can work out how to implement it in the Ramdisk.
Much appreciate your input.
Click to expand...
Click to collapse
I did the same thing for my device, add a little script to move it to data. Had no other way to get it to a locked down device without TWRP. Hehe. Good job

Can you please tell me how to manually patch init by supersu ?
I've googled a lot, but haven't found a way to manually patch init by supersu.
My model is Honor v10, there isn't a custom recovery, so i have to make a boot.img with supersu inside to get root.

[Q] How to bypass ADB block (or how to reinstall ADB) on Android system?

I have a 65 inch XiaomiTV 3 (note, this is a different flavor of OS from MiBox), it works great until Xiaomi starts to push video ads everytime I turn on the TV. Xiaomi has disabled (likely completely removed ADB) from their system (mine is 1.12.10, any newer version would not be allow u to gain root access in anyway, unless you prove me wrong). Since there is no way to install a new recovery on XiaomiTV 3 (not that I know of, I should add), I tried the only tool that can root this system with an exploit, the 360 Root (http://root.360.cn/). Now this tool itself has some ads, so I will need to remove it later. But at least it allows me to use `su` in a terminal emulator.
Once I gain the root access on my device, I first tried to use ADB by running (and I need to add, XiaomiTV 3 does not have USB debugging port) a terminal emulator (I use Android Terminal Emulator):
Code:
su
stop adbd
setprop service.adb.tcp.port 5555
start adbd
Then I try to connect to my XiaomiTV 3 (its ip is 192.168.123.123) by:
Code:
adb connect 192.168.123.123
It connects, meaning ADB is not removed completely. However if I type `adb devices` it shows 192.168.123.123 is offline.
I then upgraded my Android platform tools and adb by:
Code:
android update sdk no-ui
android update adb
Restart the adb server:
Code:
adb kill-server
adb connect 192.168.123.123
Here it still shows offline, so I restarted both the XiaomiTV 3 and my laptop, and regain root (I will lose root everytime I reboot XiaomiTV 3), did the above all over again. No luck. Then I thought to copy my `~/.android/adbkey.pub` to a usb drive, and then plug it in to XiaomiTV 3, then use a terminal emulator to:
Code:
su
mv /mnt/usb/sdcard/adbkey.pub /data/misc/adb/adb_keys
Then
Code:
stop adbd
setprop service.adb.tcp.port 5555
start adbd
Still, after I
Code:
adb kill-server
adb connect 192.168.123.123
the device is still offline.
Then I tried another approach to get get SuperSU to the system by first copying supersu to a USB drive and then copy it to `/data/superuser` in XiaomiTV 3.
Then I did:
Code:
su
mount -o rw,remount /system
mkdir /system/bin/.ext
chmod 777 /system/bin/.ext
chown root /system/bin/.ext
cp /data/superuser/su /system/bin/.ext/.su
chmod 6755 /system/bin/.ext/.su
chown root /system/bin/.ext/.su
cp /data/superuser/su /system/xbin/su
chmod 755 /system/xbin/su
chown root /system/xbin/su
cp /data/superuser/su /system/xbin/daemonsu
chmod 755 /system/xbin/daemonsu
chown root /system/xbin/daemonsu
cp /data/superuser/supolicy /system/xbin/supolicy
chmod 755 /system/xbin/supolicy
cp /data/superuser/libsupol.so /system/lib/libsupol.so
chmod 644 /system/lib/libsupol.so
mkdir /system/etc/init.d
chmod 644 /system/etc/init.d
cp /data/superuser/99SuperSUDaemon /system/etc/init.d/99SuperSUDaemon
chmod 744 /system/etc/init.d/99SuperSUDaemon
busybox_xm touch /system/etc/.installed_su_daemon
echo 1 >> /system/etc/.installed_su_daemon
chmod 644 /system/etc/.installed_su_daemon
mkdir /system/app/SuperSU
chmod 755 /system/app/SuperSU
cp /data/superuser/SuperSU.apk /system/app/SuperSU/SuperSU.apk
chmod 644 /system/app/SuperSU/SuperSU.apk
cp /data/superuser/install-recovery.sh /system/etc/install-recovery.sh
chmod 755 /system/etc/install-recovery.sh
ln -s /system/etc/install-recovery.sh /system/bin/install-recovery.sh
Then I reboot, apparently, the system overwrites the `/system/xbin/su` (either by 360 root or Xiaomi's OS). So I redid everything above, without reboot. Sadly, SuperSU still asks me to upgrade/update my binary file.
So this is when I stopped knowing what to do next. Any ideas?

Bypass prenormal state method.

Hi. First sorry for my English.
I can erase they prenormal state without wait the 7 days I a A+2019 (A605GN) with binary 3 in Oreo
Need tools: ADB driver's, combination fw for ur model, stock fw, Mixplorer (or an other root file explorer), SuperSu zip, RMM bypass zip, forced encryption disabled zip and Odin 3.13.
Optional TWRP image zip, magisk zip.
First go to download mode and flash the combination fw.
Reboot ur phone when startup go to settings, enable usb debugging.
Unzip the SuperSu zip and make a bat (in Windows) or sh (in Linux) with the following code in the root of SuperSu folder

Code:
adb root
adb remount
adb push common/Superuser.apk /system/app/SuperSU/SuperSU.apk
adb shell chmod 0644 /system/app/SuperSU/SuperSU.apk
adb shell chcon u:object_r:system_file:s0 /system/app/SuperSU/SuperSU.apk
adb push common/install-recovery.sh /system/etc/install-recovery.sh
adb shell chmod 0755 /system/etc/install-recovery.sh
adb shell chcon u:object_r:toolbox_exec:s0 /system/etc/install-recovery.sh
adb shell ln -s /system/etc/install-recovery.sh /system/bin/install-recovery.sh
adb push armv7/su /system/xbin/su
adb shell chmod 0755 /system/xbin/su
adb shell chcon u:object_r:system_file:s0 /system/xbin/su
adb push armv7/su /system/bin/.ext/.su
adb shell chmod 0755 /system/bin/.ext/.su
adb shell chcon u:object_r:system_file:s0 /system/bin/.ext/.su
adb push armv7/su /system/xbin/daemonsu
adb shell chmod 0755 /system/xbin/daemonsu
adb shell chcon u:object_r:system_file:s0 /system/xbin/daemonsu
adb push armv7/supolicy /system/xbin/supolicy
adb shell chmod 0755 /system/xbin/supolicy
adb shell chcon u:object_r:system_file:s0 /system/xbin/supolicy
adb push armv7/libsupol.so /system/lib/libsupol.so
adb shell chmod 0644 /system/lib/libsupol.so
adb shell chcon u:object_r:system_file:s0 /system/lib/libsupol.so
adb shell cp /system/bin/app_process /system/bin/app_process_original
adb shell chmod 0755 /system/bin/app_process_original
adb shell chcon u:object_r:zygote_exec:s0 /system/bin/app_process_original
adb shell cp /system/bin/app_process32 /system/bin/app_process32_original
adb shell chmod 0755 /system/bin/app_process32
adb shell chcon u:object_r:zygote_exec:s0 /system/bin/app_process32_original
adb shell rm -rf /system/bin/app_process32
adb shell rm -rf /system/bin/app_process
adb shell ln -s /system/xbin/daemonsu /system/bin/app_process32
adb shell ln -s /system/xbin/daemonsu /system/bin/app_process
adb shell "echo 1 > /system/etc/.installed_su_daemon"
adb shell /system/xbin/su --install
Open a terminal with ur phone connected and run
Adb root
Adb remount
Then run ur bat or sh file in the terminal if u don't underestandme search how to install SuperSu with ADB.
Reboot the phone.
Open SuperSu and install the binaries normally.
Open Mixplorer and go to root.
Then go to dev\block and open steady with de code Editor of Mixplorer.
The file only show symbols. In the star search prenormal and change to Normal. Search an other prenormal word and change to Normal. Save the file.
Reboot ur phone in recovery mode and then to bootloader.
And the prenormal state are gonne.
Open Odin and DISABLE AUTOREBOOT AND F. LOCK.
Flash the stock FW (all AP BL CSC CL)
When finish no reboot yet. In plug and plug the phone.
Flash TWRP.
Reboot ur phone in recovery mode and TWRP should open.
Then flash the encryption forced disabled. And Format data. (DONT WIPE, USE FORMAT DATA).
Reboot again in recovery mode.
Flash de rmm bypass zip.
Install magisk zip.
Reboot in system.
READY!!!!
U have a Normal State. TWRP and rooted phone. Enjoy.

Su4ck said:
Hi. First sorry for my English.
I can erase they prenormal state without wait the 7 days I a A+2019 (A605GN) with binary 3 in Oreo
Need tools: ADB driver's, combination fw for ur model, stock fw, Mixplorer (or an other root file explorer), SuperSu zip, RMM bypass zip, forced encryption disabled zip and Odin 3.13.
Optional TWRP image zip, magisk zip.
First go to download mode and flash the combination fw.
Reboot ur phone when startup go to settings, enable usb debugging.
Unzip the SuperSu zip and make a bat (in Windows) or sh (in Linux) with the following code in the root of SuperSu folder

Open a terminal with ur phone connected and run
Adb root
Adb remount
Then run ur bat or sh file in the terminal if u don't underestandme search how to install SuperSu with ADB.
Reboot the phone.
Open SuperSu and install the binaries normally.
Open Mixplorer and go to root.
Then go to dev\block and open steady with de code Editor of Mixplorer.
The file only show symbols. In the star search prenormal and change to Normal. Search an other prenormal word and change to Normal. Save the file.
Reboot ur phone in recovery mode and then to bootloader.
And the prenormal state are gonne.
Open Odin and DISABLE AUTOREBOOT AND F. LOCK.
Flash the stock FW (all AP BL CSC CL)
When finish no reboot yet. In plug and plug the phone.
Flash TWRP.
Reboot ur phone in recovery mode and TWRP should open.
Then flash the encryption forced disabled. And Format data. (DONT WIPE, USE FORMAT DATA).
Reboot again in recovery mode.
Flash de rmm bypass zip.
Install magisk zip.
Reboot in system.
READY!!!!
U have a Normal State. TWRP and rooted phone. Enjoy.
Click to expand...
Click to collapse
Have you actually tried this for sure?
I'm a little skeptical as combo firmware no longer gives Eng-root, so not possible to push anything to system.
Not only that, System SuperSU doesn't work on Oreo at all as far as I'm aware.

Su4ck said:
Hi. First sorry for my English.
I can erase they prenormal state without wait the 7 days I a A+2019 (A605GN) with binary 3 in Oreo
Need tools: ADB driver's, combination fw for ur model, stock fw, Mixplorer (or an other root file explorer), SuperSu zip, RMM bypass zip, forced encryption disabled zip and Odin 3.13.
Optional TWRP image zip, magisk zip.
First go to download mode and flash the combination fw.
Reboot ur phone when startup go to settings, enable usb debugging.
Unzip the SuperSu zip and make a bat (in Windows) or sh (in Linux) with the following code in the root of SuperSu folder

Code:
adb root
adb remount
adb push common/Superuser.apk /system/app/SuperSU/SuperSU.apk
adb shell chmod 0644 /system/app/SuperSU/SuperSU.apk
adb shell chcon u:object_r:system_file:s0 /system/app/SuperSU/SuperSU.apk
adb push common/install-recovery.sh /system/etc/install-recovery.sh
adb shell chmod 0755 /system/etc/install-recovery.sh
adb shell chcon u:object_r:toolbox_exec:s0 /system/etc/install-recovery.sh
adb shell ln -s /system/etc/install-recovery.sh /system/bin/install-recovery.sh
adb push armv7/su /system/xbin/su
adb shell chmod 0755 /system/xbin/su
adb shell chcon u:object_r:system_file:s0 /system/xbin/su
adb push armv7/su /system/bin/.ext/.su
adb shell chmod 0755 /system/bin/.ext/.su
adb shell chcon u:object_r:system_file:s0 /system/bin/.ext/.su
adb push armv7/su /system/xbin/daemonsu
adb shell chmod 0755 /system/xbin/daemonsu
adb shell chcon u:object_r:system_file:s0 /system/xbin/daemonsu
adb push armv7/supolicy /system/xbin/supolicy
adb shell chmod 0755 /system/xbin/supolicy
adb shell chcon u:object_r:system_file:s0 /system/xbin/supolicy
adb push armv7/libsupol.so /system/lib/libsupol.so
adb shell chmod 0644 /system/lib/libsupol.so
adb shell chcon u:object_r:system_file:s0 /system/lib/libsupol.so
adb shell cp /system/bin/app_process /system/bin/app_process_original
adb shell chmod 0755 /system/bin/app_process_original
adb shell chcon u:object_r:zygote_exec:s0 /system/bin/app_process_original
adb shell cp /system/bin/app_process32 /system/bin/app_process32_original
adb shell chmod 0755 /system/bin/app_process32
adb shell chcon u:object_r:zygote_exec:s0 /system/bin/app_process32_original
adb shell rm -rf /system/bin/app_process32
adb shell rm -rf /system/bin/app_process
adb shell ln -s /system/xbin/daemonsu /system/bin/app_process32
adb shell ln -s /system/xbin/daemonsu /system/bin/app_process
adb shell "echo 1 > /system/etc/.installed_su_daemon"
adb shell /system/xbin/su --install
Open a terminal with ur phone connected and run
Adb root
Adb remount
Then run ur bat or sh file in the terminal if u don't underestandme search how to install SuperSu with ADB.
Reboot the phone.
Open SuperSu and install the binaries normally.
Open Mixplorer and go to root.
Then go to dev\block and open steady with de code Editor of Mixplorer.
The file only show symbols. In the star search prenormal and change to Normal. Search an other prenormal word and change to Normal. Save the file.
Reboot ur phone in recovery mode and then to bootloader.
And the prenormal state are gonne.
Open Odin and DISABLE AUTOREBOOT AND F. LOCK.
Flash the stock FW (all AP BL CSC CL)
When finish no reboot yet. In plug and plug the phone.
Flash TWRP.
Reboot ur phone in recovery mode and TWRP should open.
Then flash the encryption forced disabled. And Format data. (DONT WIPE, USE FORMAT DATA).
Reboot again in recovery mode.
Flash de rmm bypass zip.
Install magisk zip.
Reboot in system.
READY!!!!
U have a Normal State. TWRP and rooted phone. Enjoy.
Click to expand...
Click to collapse
Thanksssss a Lot........... U'r my savior :laugh:
Confirm it's working

I really didn't expect that this could ever work.
First Problem was to find the Combination FW, after some time searching through google, i finally found a U3 Combination FW.
Flashed it, had a laugh at that boot screen, replugged my micro usb cable, did run the new .bat (looks like USB-Debugging is already on), rebooted, replugged my micro usb cable, opend cmd, executed "adb root" and "adb install mixplorer.apk", opend the steady file with the code editor, replaced Prenormal with Normal, saved the file, rebooted to download mode, flashed my wanted fw (CSC, dont know if HOME_CSC works) (turned auto reboot and flash lock off, i did leave f. reset time on), repluged my micro usb cable, flashed twrp (warning, auto reboot gets reenabled when you reset the odin settings, be careful), unplugged my micro usb cable, tried to reboot the phone, got into upload mode, got out of upload mode and finally in twrp (i did do this whole stuff 3 times now i dont know what i did wrong), installed the a605_oreo_forced_encryption_disabler, formated data, installed the RMM Bypass (Mesa_v2), and rebooted the phone and got in to a boot loop lol. Installed a patched boot.img with magisk and then it worked.
I learned so much new stuff trough this like what the U Version is and what the first number on the Samsung FW meant, so im not even mad that i spend so much time fixing this.
This hobby is so tedious but i also love it so much.
And ashyx, that SuperSU part really worked. Maybe it works because of the Combination FW, who knows.
Used a A605FN with Odin 3.13.1 3B "PatcheD"