it has already been said multiple time su has to be chmod 4755
but is as also to have these credentials: root.shell
mine was root.root so as a shell user you get an "access denied."
so a chmod root.shell /system/bin helps
after you need to re-chmod 4755 has it's loosing +s.
Also, if you pushed su to /data/local/bin, do this:
rm /data/local/bin/su
Because normal shell looks in /data/local/bin BEFORE /system/bin. It's part of the path.
thanx
my terminal now works as root
I've removed "m7" and "su" from /data/local/bin after root thanks to coolbits.
hi so bit of a noob,
but i discovered that i can get root access via adb on this device. here's its build prop
ro.build.id=MMB29M
ro.build.display.id=K2001M_DW_S212101.20170322.11081609
ro.build.version.incremental=20170221
ro.build.version.sdk=23
ro.build.version.preview_sdk=0
ro.build.version.codename=REL
ro.build.version.all_codenames=REL
ro.build.version.release=6.0.1
ro.build.version.security_patch=2015-12-01
ro.build.version.base_os=
ro.build.date=2017/02/21[21:11:06]
ro.build.date.utc=1487682666
ro.build.type=user
ro.build.user=app-zenggf
ro.build.host=APP-PE730
ro.build.tags=test-keys
ro.build.flavor=t3_k2001_nwd-user
ro.product.model=QUAD-CORE T3 K2001M
ro.product.brand=Allwinner
ro.product.name=K2001M_DW_S212101
ro.product.device=t3-k2001-nwd
ro.product.board=exdroid
ro.product.cpu.abi=armeabi-v7a
ro.product.cpu.abi2=armeabi
ro.product.cpu.abilist=armeabi-v7a,armeabi
ro.product.cpu.abilist32=armeabi-v7a,armeabi
ro.product.cpu.abilist64=
ro.product.manufacturer=Allwinner
ro.product.locale=en-US
ro.wifi.channels=
ro.board.platform=t3
ro.build.product=t3-k2001-nwd
ro.build.description=t3_k2001_nwd-user 6.0.1 MMB29M 20170221 test-keys
ro.build.fingerprint=Allwinner/t3_k2001_nwd/t3-k2001-nwd:6.0.1/MMB29M/20170221:user/test-keys
ro.build.characteristics=tablet
ro.config.ringtone=Ring_Synth_04.ogg
ro.config.notification_sound=pixiedust.ogg
ro.carrier=unknown
ro.config.alarm_alert=Alarm_Classic.ogg
wifi.interface=wlan0
wifi.supplicant_scan_interval=15
keyguard.no_require_sim=true
ro.kernel.android.checkjni=0
ro.opengles.version=131072
debug.hwui.render_dirty_regions=false
persist.sys.strictmode.visual=0
persist.sys.strictmode.disable=1
ro.sys.cputype=QuadCore-T3
ro.product.firmware=v0.1
drm.service.enabled=true
ro.sys.widevine_oemcrypto_level=1
service.adb.tcp.port=5555
ro.adb.secure=0
persist.service.adb.enable=1
ro.debuggable=1
ro.product.platform=K2001M
ro.lockscreen.disable.default=true
sys.whitelist.enable=true
sys.wake.app.self.start.enable=true
ro.fastdexopt.enable=true
ro.fastdexopt.by.both=true
ro.sw.embeded.telephony=false
persist.sys.usb.config=mtp,adb
rw.logger=0
persis.sys.bluetooth_goc=0
ro.zygote.disable_gl_preload=true
ro.sf.lcd_density=160
persist.sys.tfpath.flag=0
ro.display.sdcard=1
ro.part.sdcard=1
ro.sf.nwdrotation=0
ro.spk_dul.used=false
persist.sys.timezone=Asia/Shanghai
persist.sys.country=CN
persist.sys.language=zh
persist.fw.force_adoptable=true
persist.sys.dalvik.vm.lib.2=libart
dalvik.vm.isa.arm.variant=cortex-a7
dalvik.vm.isa.arm.features=default
net.bt.name=Android
dalvik.vm.stack-trace-file=/data/anr/traces.txt
ro.expect.recovery_id=0x5f19ef07be82d797cc3082e26587dfd2557a73cb000000000000000000000000
I've tried to manually root using this guide:
https://forum.xda-developers.com/showthread.php?t=2684210
with no joy superuser app detects the binary but no other apps can get root.
i can mount /system/ for write etc if anyone can point me in the correct direction etc maybe twrp or something.
Also any ideas what this might be for:
sys.whitelist.enable=true
if anyone interested i managed to get root from this script over ADB
adb shell "mount -o remount,rw /system"
adb push common/Superuser.apk /system/app/SuperSU/SuperSU.apk
adb shell chmod 0644 /system/app/SuperSU/SuperSU.apk
adb shell chcon ubject_r:system_file:s0 /system/app/SuperSU/SuperSU.apk
adb push common/install-recovery.sh /system/etc/install-recovery.sh
adb shell chmod 0755 /system/etc/install-recovery.sh
adb shell chcon ubject_r:toolbox_exec:s0 /system/etc/install-recovery.sh
adb push armv7/su /system/bin/.ext/.su
adb shell chmod 0755 /system/bin/.ext/.su
adb shell chcon ubject_r:system_file:s0 /system/bin/.ext/.su
adb push armv7/su /system/bin/.ext/.su
adb shell chmod 0755 /system/bin/.ext/.su
adb shell chcon ubject_r:system_file:s0 /system/bin/.ext/.su
adb push armv7/su /system/xbin/daemonsu
adb shell chmod 0755 /system/xbin/daemonsu
adb shell chcon ubject_r:system_file:s0 /system/xbin/daemonsu
adb push armv7/su /system/xbin/sugote
adb shell chmod 0755 /system/xbin/sugote
adb shell chcon ubject_r:zygote_exec:s0 /system/xbin/sugote
adb push armv7/supolicy /system/xbin/supolicy
adb shell chmod 0755 /system/xbin/supolicy
adb shell chcon ubject_r:system_file:s0 /system/xbin/supolicy
adb push armv7/libsupol.so /system/lib(64)/libsupol.so
adb shell chmod 0755 /system/lib\(64\)/libsupol.so
adb shell chcon ubject_r:system_file:s0 /system/lib\(64\)/libsupol.so
adb shell touch /system/etc/.installed_su_daemon
adb shell chmod 0644 /system/etc/.installed_su_daemon
adb shell chcon ubject_r:system_file:s0 /system/etc/.installed_su_daemon
adb shell cp /system/bin/sh /system/xbin/sugote-mksh
adb shell chmod 0755 /system/xbin/sugote-mksh
adb shell chcon ubject_r:system_file:s0 /system/xbin/sugote-mksh
adb shell cp /system/bin/app_process32 /system/bin/app_process32_original
adb shell chmod 0755 /system/bin/app_process32_original
adb shell chcon ubject_r:zygote_exec:s0 /system/bin/app_process32_original
adb shell mv /system/bin/app_process /system/bin/app_process_original
adb shell chmod 0755 /system/bin/app_process_original
adb shell chcon ubject_r:zygote_exec:s0 /system/bin/app_process_original
adb shell mv /system/bin/app_process32 /system/bin/app_process_init
adb shell chmod 0755 /system/bin/app_process_init
adb shell chcon ubject_r:system_file:s0 /system/bin/app_process_init
adb shell ln -s /system/xbin/daemonsu /system/bin/app_process
adb shell ln -s /system/xbin/daemonsu /system/bin/app_process32
adb shell ln -s /system/etc/install-recovery.sh /system/bin/install-recovery.sh
which i found here
https://tinkerboarding.co.uk/forum/thread-264.html
works great i now have root!
Hi, I have a similar unit but having problems looking for ROM. Can you share sources or your ROM please?
Mine is a generic head unit model id T3 K2001M which I managed to root after x number of tries using kingroot apk
My issue now is that most settings are locked (not enabled). I think the manufacturer stripped some of the OS system files.
I tried using the Bonroad ROM for T3-P3 but it's saying not compatible.
MCUVER: V1.3-FF01-20170328-A02-CAN0000-00-00-DVD01044201-00
SoC Model: Allwinner A23
SoC FamilyAllWinner 4x ARM [email protected]
OS: Android 6.0 out of the box
yes mine also has menus in settings missing i used a few apps like,
Hidden menu (playstore)
google settings(playstore)
settings pro (playstore)
bandit250 said:
yes mine also has menus in settings missing i used a few apps like,
Hidden menu (playstore)
google settings(playstore)
settings pro (playstore)
Click to expand...
Click to collapse
Great. Thanks for the suggestion will try that out. I hope we can get some ROMs soon. Will let you know if I stumble on any.
Hi, how did you connect to the unit to run ADB commands? My unit only has full-size USB connectors so I would need a USB-A to USB-A cable. The only other thing I can think of is to connect an android phone to it and run adb from there somehow. I've installed a terminal app on the unit so could copy the files onto a usb stick or sdcard and run the commands directly on the unit....?
bandit250 said:
if anyone interested i managed to get root from this script over ADB
adb shell "mount -o remount,rw /system"
adb push common/Superuser.apk /system/app/SuperSU/SuperSU.apk
adb shell chmod 0644 /system/app/SuperSU/SuperSU.apk
adb shell chcon ubject_r:system_file:s0 /system/app/SuperSU/SuperSU.apk
adb push common/install-recovery.sh /system/etc/install-recovery.sh
adb shell chmod 0755 /system/etc/install-recovery.sh
adb shell chcon ubject_r:toolbox_exec:s0 /system/etc/install-recovery.sh
adb push armv7/su /system/bin/.ext/.su
adb shell chmod 0755 /system/bin/.ext/.su
adb shell chcon ubject_r:system_file:s0 /system/bin/.ext/.su
adb push armv7/su /system/bin/.ext/.su
adb shell chmod 0755 /system/bin/.ext/.su
adb shell chcon ubject_r:system_file:s0 /system/bin/.ext/.su
adb push armv7/su /system/xbin/daemonsu
adb shell chmod 0755 /system/xbin/daemonsu
adb shell chcon ubject_r:system_file:s0 /system/xbin/daemonsu
adb push armv7/su /system/xbin/sugote
adb shell chmod 0755 /system/xbin/sugote
adb shell chcon ubject_r:zygote_exec:s0 /system/xbin/sugote
adb push armv7/supolicy /system/xbin/supolicy
adb shell chmod 0755 /system/xbin/supolicy
adb shell chcon ubject_r:system_file:s0 /system/xbin/supolicy
adb push armv7/libsupol.so /system/lib(64)/libsupol.so
adb shell chmod 0755 /system/lib\(64\)/libsupol.so
adb shell chcon ubject_r:system_file:s0 /system/lib\(64\)/libsupol.so
adb shell touch /system/etc/.installed_su_daemon
adb shell chmod 0644 /system/etc/.installed_su_daemon
adb shell chcon ubject_r:system_file:s0 /system/etc/.installed_su_daemon
adb shell cp /system/bin/sh /system/xbin/sugote-mksh
adb shell chmod 0755 /system/xbin/sugote-mksh
adb shell chcon ubject_r:system_file:s0 /system/xbin/sugote-mksh
adb shell cp /system/bin/app_process32 /system/bin/app_process32_original
adb shell chmod 0755 /system/bin/app_process32_original
adb shell chcon ubject_r:zygote_exec:s0 /system/bin/app_process32_original
adb shell mv /system/bin/app_process /system/bin/app_process_original
adb shell chmod 0755 /system/bin/app_process_original
adb shell chcon ubject_r:zygote_exec:s0 /system/bin/app_process_original
adb shell mv /system/bin/app_process32 /system/bin/app_process_init
adb shell chmod 0755 /system/bin/app_process_init
adb shell chcon ubject_r:system_file:s0 /system/bin/app_process_init
adb shell ln -s /system/xbin/daemonsu /system/bin/app_process
adb shell ln -s /system/xbin/daemonsu /system/bin/app_process32
adb shell ln -s /system/etc/install-recovery.sh /system/bin/install-recovery.sh
which i found here
https://tinkerboarding.co.uk/forum/thread-264.html
works great i now have root!
Click to expand...
Click to collapse
On the unit download adb over wi-fi from playstore make sure both laptop and unit are on same wi-fi network, look into adb over wi-fi.
thanks for the script, i managed to root mine
Do you use tasker on this device? I try to but my accessibility are always revoked, so i can't use application start event.
Also, if you launch music with another then the original music player, when you return to home menu, does it turn of the player?
bandit250 said:
but i discovered that i can get root access via adb on this device. here's its build prop
Click to expand...
Click to collapse
because of you and your root method, I just find where I can stop the CT-0008 to stop an app when return to home screen
So, you just have to add your package name in the list:
/config/app/TaskWhiteList.xml
Hi yeah I did see that. Not tried it yet trying to figure out how to play Bluetooth music in background. Also not used tasker either
hey guys just read this, I also have a generic T3 K2001M, here's my question lets see if you can help me:
the device automatically runs radio app at start up (boot), this is the only thing I wanna change, I want it to run the music app instead. I surffed to all possible options and I haven't managed to do it. Do I need root for that? any idea how to do it? thanks a lot!
You've got to root it and make a profil wich start music player when radio start. I didn't find another way
Hi,
I tried to root CT008 as well, and I've got an error on the last line.
adb shell ln -s /system/etc/install-recovery.sh /system/bin/install-recovery.sh
Cannot install link already exists or something similar.
Now, when I start SuperSu, I've got an error that binaries are occupied. I can't uninstall supersu (no option to do so).
Kindly please give me your advice on this
reflash with original rom and try again
Original rom here (update.img)
is your sdcard keeping unmonut after sleep?
arnauet11 said:
hey guys just read this, I also have a generic T3 K2001M, here's my question lets see if you can help me:
the device automatically runs radio app at start up (boot), this is the only thing I wanna change, I want it to run the music app instead. I surffed to all possible options and I haven't managed to do it. Do I need root for that? any idea how to do it? thanks a lot!
Click to expand...
Click to collapse
I guess you have trouble with wires. Is your unit for car unit. If it is car unit you have to check to red and yellow wires. Red one is must connect to acc + and yellow one must to connect to battery +
Or you must connect both of that two cable to battery +.
JuuuuuuuuL said:
You've got to root it and make a profil wich start music player when radio start. I didn't find another way
Click to expand...
Click to collapse
In My case, I have managed to start music player at start-up. I have to cross check the settings. Will let you know.
You could access the factory settings with code: 1617
Presently looking for a complete player which can play wma files too and I can associate it with the car launcher widget.
---------- Post added at 12:53 PM ---------- Previous post was at 12:52 PM ----------
ceyrekoto said:
I guess you have trouble with wires. Is your unit for car unit. If it is car unit you have to check to red and yellow wires. Red one is must connect to acc + and yellow one must to connect to battery +
Or you must connect both of that two cable to battery +.
Click to expand...
Click to collapse
You can change it in factory settings
I have a 65 inch XiaomiTV 3 (note, this is a different flavor of OS from MiBox), it works great until Xiaomi starts to push video ads everytime I turn on the TV. Xiaomi has disabled (likely completely removed ADB) from their system (mine is 1.12.10, any newer version would not be allow u to gain root access in anyway, unless you prove me wrong). Since there is no way to install a new recovery on XiaomiTV 3 (not that I know of, I should add), I tried the only tool that can root this system with an exploit, the 360 Root (http://root.360.cn/). Now this tool itself has some ads, so I will need to remove it later. But at least it allows me to use `su` in a terminal emulator.
Once I gain the root access on my device, I first tried to use ADB by running (and I need to add, XiaomiTV 3 does not have USB debugging port) a terminal emulator (I use Android Terminal Emulator):
Code:
su
stop adbd
setprop service.adb.tcp.port 5555
start adbd
Then I try to connect to my XiaomiTV 3 (its ip is 192.168.123.123) by:
Code:
adb connect 192.168.123.123
It connects, meaning ADB is not removed completely. However if I type `adb devices` it shows 192.168.123.123 is offline.
I then upgraded my Android platform tools and adb by:
Code:
android update sdk no-ui
android update adb
Restart the adb server:
Code:
adb kill-server
adb connect 192.168.123.123
Here it still shows offline, so I restarted both the XiaomiTV 3 and my laptop, and regain root (I will lose root everytime I reboot XiaomiTV 3), did the above all over again. No luck. Then I thought to copy my `~/.android/adbkey.pub` to a usb drive, and then plug it in to XiaomiTV 3, then use a terminal emulator to:
Code:
su
mv /mnt/usb/sdcard/adbkey.pub /data/misc/adb/adb_keys
Then
Code:
stop adbd
setprop service.adb.tcp.port 5555
start adbd
Still, after I
Code:
adb kill-server
adb connect 192.168.123.123
the device is still offline.
Then I tried another approach to get get SuperSU to the system by first copying supersu to a USB drive and then copy it to `/data/superuser` in XiaomiTV 3.
Then I did:
Code:
su
mount -o rw,remount /system
mkdir /system/bin/.ext
chmod 777 /system/bin/.ext
chown root /system/bin/.ext
cp /data/superuser/su /system/bin/.ext/.su
chmod 6755 /system/bin/.ext/.su
chown root /system/bin/.ext/.su
cp /data/superuser/su /system/xbin/su
chmod 755 /system/xbin/su
chown root /system/xbin/su
cp /data/superuser/su /system/xbin/daemonsu
chmod 755 /system/xbin/daemonsu
chown root /system/xbin/daemonsu
cp /data/superuser/supolicy /system/xbin/supolicy
chmod 755 /system/xbin/supolicy
cp /data/superuser/libsupol.so /system/lib/libsupol.so
chmod 644 /system/lib/libsupol.so
mkdir /system/etc/init.d
chmod 644 /system/etc/init.d
cp /data/superuser/99SuperSUDaemon /system/etc/init.d/99SuperSUDaemon
chmod 744 /system/etc/init.d/99SuperSUDaemon
busybox_xm touch /system/etc/.installed_su_daemon
echo 1 >> /system/etc/.installed_su_daemon
chmod 644 /system/etc/.installed_su_daemon
mkdir /system/app/SuperSU
chmod 755 /system/app/SuperSU
cp /data/superuser/SuperSU.apk /system/app/SuperSU/SuperSU.apk
chmod 644 /system/app/SuperSU/SuperSU.apk
cp /data/superuser/install-recovery.sh /system/etc/install-recovery.sh
chmod 755 /system/etc/install-recovery.sh
ln -s /system/etc/install-recovery.sh /system/bin/install-recovery.sh
Then I reboot, apparently, the system overwrites the `/system/xbin/su` (either by 360 root or Xiaomi's OS). So I redid everything above, without reboot. Sadly, SuperSU still asks me to upgrade/update my binary file.
So this is when I stopped knowing what to do next. Any ideas?
I tried to perform a manual installation of SuperSU (2.82 SR5) on my Raspberry Pi running the developer version of AndroidThings 1.0.4, which is based on Android 8.1.0 / API 27. Rather than flashing the zip in recovery, as I'm not sure where to start with that on the Things platform, I manually pushed files and set file permissions and contexts via adb shell. My guide for this was the summary at the top of the script at SuperSU/META-INF/com/google/android/update-binary.
The new su binary appears to work for the most part. I can execute su and read/write with the interactive shell. However, when I attempt to execute the same operations as a command through su (ie: su -c mkdir /system/testdirectory), it responds saying its a read-only filesystem. The filesystem has been remounted with adb remount. I'm unable to perform the remount with the mount command, as /system is not listed in /proc/filesystems. From my understanding, this is due to some recent security model changes in Android. That being said, after the adb remount, all other normal interactions with the filesystem seem to work without issue. I have verified that selinux is in permissive mode.
I don't have busybox installed. These efforts are to allow for installation of busybox for other projects.
Does anybody know whats causing the commands proxied through su to not work correctly?
Here are the commands I used to perform my manual installation.
Code:
cd ~/Downloads/SuperSU-2.82-SR5
adb connect [IP_ADDRESS]:5555
adb root
adb remount
adb push common/install-recovery.sh /system/etc/install-recovery.sh
adb shell chmod 0755 /system/etc/install-recovery.sh
adb shell chcon u:object_r:toolbox_exec:s0 /system/etc/install-recovery.sh
adb shell ln -s /system/etc/install-recovery.sh /system/bin/install-recovery.sh
adb shell chcon -h u:object_r:toolbox_exec:s0 /system/bin/install-recovery.sh
cd armv7
# adding as `su_next` to prevent any issues before dropping it in
adb push su /system/xbin/su_next
adb shell chmod 0755 /system/xbin/su_next
adb shell chcon u:object_r:system_file:s0 /system/xbin/su_next
adb push su /system/xbin/daemonsu
adb shell chmod 0755 /system/xbin/daemonsu
adb shell chcon u:object_r:system_file:s0 /system/xbin/daemonsu
adb push supolicy /system/xbin/supolicy
adb shell chmod 0755 /system/xbin/supolicy
adb shell chcon u:object_r:system_file:s0 /system/xbin/supolicy
adb push libsupol.so /system/lib/libsupol.so
adb shell chmod 0644 /system/lib/libsupol.so
adb shell chcon u:object_r:system_file:s0 /system/lib/libsupol.so
adb shell cp /system/bin/app_process32 /system/bin/app_process32_original
adb shell cp /system/bin/app_process32 /system/bin/app_process_init
adb shell rm /system/bin/app_process
adb shell ln -s /system/xbin/daemonsu /system/bin/app_process
adb shell rm /system/bin/app_process32
adb shell ln -s /system/xbin/daemonsu /system/bin/app_process32
adb shell chmod 0755 /system/bin/app_process
adb shell chmod 0755 /system/bin/app_process32
adb shell chcon u:object_r:system_file:s0 /system/bin/app_process
adb shell chcon u:object_r:zygote_exec:s0 /system/bin/app_process32
# Swapping new su binary in
adb shell cp /system/xbin/su /system/xbin/su_original
adb shell rm /system/xbin/su
adb shell mv /system/xbin/su_next /system/xbin/su
adb shell /system/xbin/su --install
adb reboot
I need to correct myself: the new su binary can only read with privileges. It cannot write at all. I am only able to write either as the adb root shell, or with the stock su binary. I noticed that the device's adbd process relaunches with its own privileged context passed to it when adb remount is run. (adbd --root_seclabel=u:r:su:s0)
If I've run adb root and adb remount, adb shell, and then enter the su binary, I lose the ability to write to the remounted filesystem. So it appears that there is something wrong with the new su binary and its related files.
Anyway, this isn't critical to my project, so I'm abandoning my efforts for now. If anyone has any ideas on what is wrong here, I'd love to hear them and give this another shot!
REMOVED
Mods please close thread
Code:
adb push su98 /data/local/tmp
adb shell cd data/local/tmp && adb shell chmod 775 su98 && adb shell ./su98 && adb shell su
adb push recovery /sdcard
adb shell cat /dev/zero >> /dev/mtd/mtd2 && adb shell cd /sdcard && adb shell flash_image recovery /sdcard/recovery.img
adb shell rm /sdcard/recovery.img
adb shell reboot
sorry this is incomplete, more like a PoC
I think will not work if bootloader still locked
GiaiPhapAndroid said:
I think will not work if bootloader still locked
Click to expand...
Click to collapse
yEs