Related
I am trying to get a simple "Hello World" app running in Android Studio but am having a surprising amount of trouble. My current issue seems to be that Android Studio is unable to write to the virtual device. Although my virtual device takes a long time to start up it does eventually get going and seems to present as 'working'.
The output for the device in the "Run" windows shows:
C:\Users\Slarti\AppData\Local\Android\sdk\tools\emulator.exe -netdelay none -netspeed full -avd Nexus_5_API_23_x86
emulator: device fd:928
HAXM is working and emulator runs in fast virt mode
creating window 43 59 329 583
emulator: emulator window was out of view and was recentered
emulator: UpdateChecker: skipped version checkHowever the output in the "app" log of the "Run" window reads:
Target device: Nexus_5_API_23_x86 [emulator-5554]
Installing APK: C:\Users\Slarti\Documents\...
Uploading file to: /data/local/tmp/...
com.android.ddmlib.SyncException: Read-only file system
and the "Event Log" shows:
2:01:53 PM Gradle sync started
2:04:30 PM Gradle sync completed
2:04:35 PM Executing tasks: [:app:generateDebugSources, :app:generateDebugAndroidTestSources]
2:04:56 PM Gradle build finished in 25s 136ms
2:10:33 PM Unable to obtain result of 'adb version'
2:11:03 PM Executing tasks: [:app:assembleDebug]
2:11:40 PM Gradle build finished in 36s 851ms
2:11:43 PM transfer error: Read-only file system
2:11:43 PM Error during Sync: Read-only file system
I've spent a lot of time searching for a solution for this, including re-installing Android Studio but I still keep having the same problem. Does anyone know what could be causing this and how I can fix it? The program itself is a very simple "Hello World!" program and I have left most things in Android Studio at their default values but clearly something somewhere must be set incorrectly. Any ideas as to what it could be?
Thanks for any help,
Slarti.
Any idea why the alarm stats permission is unknown?
Phone is a Huawei P Smart 2019 with EMUI 9.1.0.264 (Android 9.0).
Code:
adb -d shell pm grant com.asksven.betterbatterystats android.permission.APPOPS_USAGE_STATS
Exception occurred while executing:
java.lang.IllegalArgumentException: Unknown permission: android.permission.APPOPS_USAGE_STATS
at com.android.server.pm.permission.PermissionManagerService.grantRuntimePermission(PermissionManagerService.java:1417)
at com.android.server.pm.permission.PermissionManagerService.access$900(PermissionManagerService.java:93)
at com.android.server.pm.permission.PermissionManagerService$PermissionManagerInternalImpl.grantRuntimePermission(PermissionManagerService.java:2112)
at com.android.server.pm.PackageManagerService.grantRuntimePermission(PackageManagerService.java:6057)
at com.android.server.pm.PackageManagerShellCommand.runGrantRevokePermission(PackageManagerShellCommand.java:1773)
at com.android.server.pm.PackageManagerShellCommand.onCommand(PackageManagerShellCommand.java:239)
at android.os.ShellCommand.exec(ShellCommand.java:103)
at com.android.server.pm.PackageManagerService.onShellCommand(PackageManagerService.java:23637)
at android.os.Binder.shellCommand(Binder.java:642)
at android.os.Binder.onTransact(Binder.java:540)
at android.content.pm.IPackageManager$Stub.onTransact(IPackageManager.java:2804)
at com.android.server.pm.PackageManagerService.onTransact(PackageManagerService.java:4427)
at com.android.server.pm.HwPackageManagerService.onTransact(HwPackageManagerService.java:432)
at android.os.Binder.execTransact(Binder.java:739)
After installing betterbatterystats_xdaedition_debug_2.5-341.apk I also had your exact error. Magisk was installed before installing the app. I started the app and granted the root permission in the Magisk popup.
The app weirdly still required two permissions (READ_PHONE_STATE and APPOPS_USAGE_STATS), which were shown with a red background in the app:
$ sudo adb shell
[email protected]:/ $ su
[email protected]:/ # pm grant com.asksven.betterbatterystats_xdaedition android.permission.READ_PHONE_STATE
Click to expand...
Click to collapse
worked (I restarted phone and the red background color went away), but
# pm grant com.asksven.betterbatterystats_xdaedition android.permission.APPOPS_USAGE_STATS
Click to expand...
Click to collapse
didn't work and the error you have came up. I solved it by clicking on the bottom "OK" error message on the app and rechecked [it was already set to the right/allow] the permissions slider.
Having the same problem. Can't fix it...
Same here. On first installation and permissions configuration was working OK. Maybe it scanned the system further and noticed that it didnt have the proper permissions. Not rebooted yet. Probably will try to reboot and also I will read some thing in this forum.
Of course I enabled again all the USB debugging things and tried to add the permission, without success:
Code:
~\AppData\Local\Android\Sdk\platform-tools> .\adb.exe -d shell pm grant com.asksven.betterbatterystats_xdaedition android.permission.APPOPS_USAGE_STATS
Exception occurred while executing 'grant':
java.lang.IllegalArgumentException: Unknown permission: android.permission.APPOPS_USAGE_STATS
at com.android.server.pm.permission.PermissionManagerService.grantRuntimePermissionInternal(PermissionManagerService.java:1467)
at com.android.server.pm.permission.PermissionManagerService.grantRuntimePermission(PermissionManagerService.java:1426)
at com.android.server.pm.PackageManagerShellCommand.runGrantRevokePermission(PackageManagerShellCommand.java:2287)
at com.android.server.pm.PackageManagerShellCommand.onCommand(PackageManagerShellCommand.java:249)
at android.os.BasicShellCommandHandler.exec(BasicShellCommandHandler.java:98)
at android.os.ShellCommand.exec(ShellCommand.java:44)
at com.android.server.pm.PackageManagerService.onShellCommand(PackageManagerService.java:22207)
at android.os.Binder.shellCommand(Binder.java:932)
at android.os.Binder.onTransact(Binder.java:816)
at android.content.pm.IPackageManager$Stub.onTransact(IPackageManager.java:4687)
at com.android.server.pm.PackageManagerService.onTransact(PackageManagerService.java:4419)
at android.os.Binder.execTransactInternal(Binder.java:1162)
at android.os.Binder.execTransact(Binder.java:1126)
But @fdxw solution solved it. However you should probably add your solution with more emphasis, I didnt see it the first time.
Solution
I solved it by clicking on the bottom "OK" error message on the app and rechecked it was already set to allow (disable it, enable it again) the permissions slider.
Click to expand...
Click to collapse
+1 Xiaomi Mi9
Using ADB shell i was able to uninstall bloatware apps from my OPPO F9 pro ,and all those apps that i uninstalled using -
Code:
adb shell
pm uninstall -k --user 0 <package_name>
were also those apps being identified by app inspector ,means i was able to see the their package name in app inspector and they were system apps as well but ,there are some other system apps like oppo appstore,compass, oppo theme store,oppo game center,etc those are neither shown in app inspector(idk why) where package information of other system+user apps is available and nor i can delete them ,BUT they are installed in my phone.
I receive the following error while uninstalling these system apps(taking example when i try 2 uninstall game center)-
Code:
adb shell
pm uninstall -k --user 0 com.coloros.gamespace
Failure [not installed for 0]
Now , "Failure [not installed for 0]" is the error when i try to uninstall any app that already is uninstalled (OR) doesn't exist on the android, BUT again ,these apps those im facing error to uninstall are actually there in my phone.
You might also wish 2 know that for these same apps ,how do i got the package name like the one in the example;com.coloros.gamespace since its package was not even shown in app inspector(or any other app) ,then i would like 2 tell u that i just searched in google typing "list of oppo bloatware" ,searched for the package name of these apps from websites those app inspector was unable to identify.
If anyone can help me in this issue i would really be thankful
... probably NOT in the S21ULTRA thread....
armankang said:
If anyone can help me in this issue i would really be thankful
Click to expand...
Click to collapse
Not an OPPO thread but you need to look for your phone specific packages with:
adb shell pm list packages
Using the above ADB Shell command, you can print the list of the app package names for all apps installed on your Android device. You can use this command with different parameters to get a more specific list of app packages.
For instance, if you want to list the system apps only, use
adb shell pm list packages -s
In order to list all third-party apps installed on your Android phone or tablet, you issue the following command.
adb shell pm list packages -3
Do you want ADB Shell to show the list of all enabled or disabled apps on your device, try the command with parameters like ‘-d‘ (for disabled apps), ‘-e‘ (for enabled apps), and ‘-u‘ (for uninstalled apps).
adb shell pm list packages -d
adb shell pm list packages -epm list packages
adb shell pm list packages -u
To list app packages with specific keywords filter.
adb shell pm list packages <keywords>
To find the list of apps along with their associated packages, execute the following command
adb shell pm list packages -f
You can easily get a list of group packages by a certain manufacturer, or come common term. For instance, if you want to list all apps by Google, you can use the following command.
adb shell pm list packages | grep 'google'
You can replace “google” with “samsung”, “huawei”, “xiaomi”, “miui”, “evenwell”, “android”, “facebook”, etc. to get desired list of packages.
Ipse_Tase said:
... probably NOT in the S21ULTRA thread....
Click to expand...
Click to collapse
sorry bro i will change it i was just confused as it was my 3rd time only using xda threads to ask questions
mzsquared said:
Not an OPPO thread but you need to look for your phone specific packages with:
adb shell pm list packages
Using the above ADB Shell command, you can print the list of the app package names for all apps installed on your Android device. You can use this command with different parameters to get a more specific list of app packages.
For instance, if you want to list the system apps only, use
adb shell pm list packages -s
In order to list all third-party apps installed on your Android phone or tablet, you issue the following command.
adb shell pm list packages -3
Do you want ADB Shell to show the list of all enabled or disabled apps on your device, try the command with parameters like ‘-d‘ (for disabled apps), ‘-e‘ (for enabled apps), and ‘-u‘ (for uninstalled apps).
adb shell pm list packages -d
adb shell pm list packages -epm list packages
adb shell pm list packages -u
To list app packages with specific keywords filter.
adb shell pm list packages <keywords>
To find the list of apps along with their associated packages, execute the following command
adb shell pm list packages -f
You can easily get a list of group packages by a certain manufacturer, or come common term. For instance, if you want to list all apps by Google, you can use the following command.
adb shell pm list packages | grep 'google'
You can replace “google” with “samsung”, “huawei”, “xiaomi”, “miui”, “evenwell”, “android”, “facebook”, etc. to get desired list of packages.
Click to expand...
Click to collapse
Thanks for replying bro.
So i got to know that i was getting that "Failure [not installed for 0]" error because the app packages given(for the same apps) those i searched for in google were not the same as for mine device's system apps ,so i got that error.
So when i just opened the list of packages using "pm list packages -___" i got the package names for those apps ,BUT still even now when i try to uninstall
those system apps using adb command with their correct package name i get a new error-
Code:
adb shell
pm uninstall --user 0 <package_name>
Failure [DELETE_FAILED_INTERNAL_ERROR]
In fact i can't even disable them like usually i can disable other system apps/user apps.
*When i use command pm disable for those apps showing no error-
Code:
adb shell
pm disable-user --user 0 <pkg_name>
Package <pkg_name> new state: disabled-user
*When i get error(maybe not error but app stays in default state with no change) for other system apps-
Code:
adb shell
pm disable-user --user 0 <pkg_name>
Package <pkg_name> new state: default
In short, neither i am able to uninstall them nor i can disable them, if it is because the system isn't giving me permission to do so then is there any other adb command that needed to be executed before these to get access first and then uninstall/disable.
BTW im fully relying on ADB shell to grant permissions or perform any operation ,i don't have root in my phone ,so plz tell if there is any method for non-rooted devices,thx
PLZ help.
without root you wont be able to delete system level apps.
uicnren said:
without root you wont be able to delete system level apps.
Click to expand...
Click to collapse
ok bro thanks
armankang said:
Thanks for replying bro.
So i got to know that i was getting that "Failure [not installed for 0]" error because the app packages given(for the same apps) those i searched for in google were not the same as for mine device's system apps ,so i got that error.
So when i just opened the list of packages using "pm list packages -___" i got the package names for those apps ,BUT still even now when i try to uninstall
those system apps using adb command with their correct package name i get a new error-
Code:
adb shell
pm uninstall --user 0 <package_name>
Failure [DELETE_FAILED_INTERNAL_ERROR]
In fact i can't even disable them like usually i can disable other system apps/user apps.
*When i use command pm disable for those apps showing no error-
Code:
adb shell
pm disable-user --user 0 <pkg_name>
Package <pkg_name> new state: disabled-user
*When i get error(maybe not error but app stays in default state with no change) for other system apps-
Code:
adb shell
pm disable-user --user 0 <pkg_name>
Package <pkg_name> new state: default
In short, neither i am able to uninstall them nor i can disable them, if it is because the system isn't giving me permission to do so then is there any other adb command that needed to be executed before these to get access first and then uninstall/disable.
BTW im fully relying on ADB shell to grant permissions or perform any operation ,i don't have root in my phone ,so plz tell if there is any method for non-rooted devices,thx
PLZ help.
Click to expand...
Click to collapse
Are Google Apps, system apps?
****Hawk said:
Are Google Apps, system apps?
Click to expand...
Click to collapse
Afaik every app that you can't uninstall without adb is a system app
Overview
This rooting method is based on a vulnerability in the ARM Mali GPU driver (CVE-2022-38181) discovered by security researcher Man Yue Mo at GitHub Security Lab, to gain root access to the 3rd gen Cube that is on firmware PS7613/3701 or older. Newer method for PS7646 here.
The exploit program (gazelle_shrinker) is run directly on the Cube to spawn a temporary root shell for quick access. It can also be run automatically on every boot in combination with @diplomatic's bootless Magisk script to grant apps root access.
For best results, run gazelle_shrinker 30-90sec after boot up, when loading is complete and the device is idle.
Two options for root depending on your needs & comfort level
1) Temporary ADB root - Open an ADB root shell for quick access (PS7613/3701 or older)
Pros:
Access all files and folders from ADB
Simple to use, runs in RAM and doesn't make any changes to the Cube, no chance of bricking.
Remove app package protection so that you can enable/disable any app even without root (eg custom launchers, disabling updates, debloat, etc).
Cons:
Only enables ADB root
gazelle_shrinker occasionally crashes/reboots the Cube when being run. Run it 30-90sec after bootup for greater reliability.
NOTE: gazelle_shrinker won't brick your device, but what you do with that root access can. DM-verity is still in place checking the integrity of the system/vendor partitions, do NOT modify anything in those directories, or the boot partition!!
2) Bootless Magisk - Automatically start a lite version of Magisk that runs entirely from the data partition, (PS7613/3701 or older).
Pros:
Both ADB root and ability to grant root to apps through Magisk Manager
Once the Magisk dameon has started, root can be granted stably whenever needed
Doesn't modify boot or system/vendor partitions, DM-verity is preserved
Cons:
This is experimental, use at your own risk! It's been working stabably during my testing but it's impossible to foresee every issue.
Still relies on gazelle_shrinker to start, and may occasionally crash when gazelle_shrinker runs at boot
Most Magisk modules don't work.
NOTE: Be careful of what apps you give root access to. Giving root access to an app that modifies the boot, system or vendor partitions will brick your device. Again, DM-verity is still actively checking that no changes have been made to system/vendor directories.
Contributors:
Man Yue Mo, @Functioner, @Pro-me3us
@ Thanks to @diplomatic for bootless Magisk script, and @SweenWolf for Launcher Manager
@ Thanks to @Renate for many great tools
@ Thanks to all the folks who have worked on TWRP & Magisk
Temporary ADB root (PS7613/3701 or older)
Disclaimer: Use this at your own risk, I'm not responsible for any data loss or corruption to your device. There is a nonzero chance of bricking the Cube, and little to no recovery options.
Instructions
Enable ADB debugging in FireOS settings
Download, unzip and copy gazelle_shrinker to your Cube
Code:
adb push gazelle_shrinker /data/local/tmp/
Give gazelle_shrinker executable permissions
Code:
adb shell
chmod +x /data/local/tmp/gazelle_shrinker
Open an adb shell and run the program
For best results, run gazelle_shrinker 30-90sec after boot up, when loading is complete and the device is idle.
Code:
adb shell
/data/local/tmp/gazelle_shrinker
setenforce 0
How to disable package protection
Use gazelle_shrinker to open a root shell, setenforce 0 and delete all the apps listed in the file /data/system/PackageManagerDenyList
Code:
/data/local/tmp/gazelle
setenforce 0
Code:
echo '<?xml version="1.0" encoding="utf-8" standalone="yes" ?><map><set name="DenyListKeyPackages"></set></map>' > /data/system/PackageManagerDenyList
Clear Arcus Proxy, disable Arcus Proxy
Code:
pm clear com.fireos.arcus.proxy
pm disable-user com.fireos.arcus.proxy
Optional but strongly recommended, disable updates
Code:
pm disable-user com.amazon.device.software.ota
pm clear com.amazon.device.software.ota
pm disable-user com.amazon.device.software.ota.override
pm disable-user com.amazon.tv.forcedotaupdater.v2
A reboot is required before the protection removal changes take effect.
Verify that any apps you disable actually are disabled. Then reboot, and verify again!
Code:
pm list packages -d
Bootless Magisk (PS7613/3701 or older)
These instructions use an adapted version of @diplomatic's bootless Magisk script & @SweenWolf's Launcher Manager to autoboot, it's recommended you read the original Bootless Magisk post to better understand how it works, and it's limitations.
Disclaimer: Use this at your own risk, I'm not responsible for any data loss or corruption to your device. There is a nonzero chance of bricking the Cube, and little to no recovery options.
Instructions
Enable ADB debugging in FireOS settings
Download gazelle_bootless_magisk, unzip it, and copy it to your Cube keeping the same directory structure
Code:
adb shell mkdir /data/local/tmp/bin
adb push gazelle_bootless_magisk/* /data/local/tmp/
adb shell pm install -r /data/local/tmp/magisk_manager.apk
Give scripts & binaries executable permissions
Code:
adb shell
chmod +x /data/local/tmp/magisk-boot.sh
chmod +x /data/local/tmp/start.sh
chmod +x /data/local/tmp/bin/magiskinit
chmod +x /data/local/tmp/bin/gazelle_shrinker
Install Launcher Manager on your Cube, open, navigate to 'other settings', 'ADB Commands'
Tap on the + icon in the top right corner to create a new command
Enter Name: Start Magisk
Enter Command: sleep 30 && /data/local/tmp/start.sh
Check 'Execute on Boot'
Save
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
When you reboot your Cube, bootless Magisk will automatically start ~30sec after your homescreen loads. It's important that FireOS has loaded and that the device isn't busy, so don't open any apps until after Magisk has loaded. There's a greater chance that gazelle_shrinker will fail or reboot the Cube while launching Magisk if the device is busy.
TO AVOID BRICKING YOUR DEVICE:
Be careful of what apps you give root access to. Giving root access to an app that modifies the boot, system or vendor partitions will brick your device. DM-verity is still actively checking that system/vendor directories haven't been tampered with.
Don't run the boot-magisk.sh script (from either ADB or Launcher Manager) more than once per boot. Doing so will mess up the mounting and module initiation.
Never toggle ADB debugging off/on in the Developer's menu while Magisk is running. This will kill the Magisk daemon running in the background, and could corrupt your device if it's in the middle of an important process.
Only use WiFi ADB, not USB ADB. Booting the Cube with an USB attached computer puts USB in device mode, and ADB will close and kill Magisk when the Cube sleeps in device mode.
This release includes Magisk v21.4 (magiskinit) and Magisk Manager v8.0.7. Don't update Magisk! Patching your boot image will brick your device!
Manually update new 3rd gen Cube firmware PS7299/3052 --> PS7613/3701
New 3rd gen Cubes are (as of June 7th, 2023) shipped with firmware PS7299/3052. To update the device firmware to the latest version (PS7613/3701) that gazelle_shrinker still works on, follow these steps:
Download PS7613/3701 firmware to your Cube's 'Download' folder (Downloader code: 271370)
Run the following commands:
gazelle:/ $ /data/local/tmp/gazelle_shrinker
gazelle:/ # setenforce 0
gazelle:/ # mv /sdcard/Download/update-kindle-gazelle-PS7613_user_3701_0025401652612.bin /data/ota_package/update-kindle-gazelle-PS7613_user_3701_0025401652612.bin
gazelle:/ # echo 'recovery\n--update_package=/data/ota_package/update-kindle-gazelle-PS7613_user_3701_0025401652612.bin' > /cache/recovery/command
gazelle:/ # reboot recovery
Done. The Cube will reboot to recovery and update. This method requires root access, and can only be used to upgrade firmware, NOT downgrade firmware.
reserved
This is really interesting and exciting. I wonder if this vulnerability affects any other Fire HD devices as well (obviously those using Mali GPUs). If you don't mind me asking, what are your plans regarding the PoC's source code? (nevermind, I think I found the original POC here). Could you give some hints regarding to what needs to be changed in order to port the exploit to other devices? I'd love to test it and learn more about this CVE.
Rortiz2 said:
I wonder if this vulnerability affects any other Fire HD devices
Click to expand...
Click to collapse
I made a post on the FireHD section about this yesterday, I can add details there. I want to keep this thread focused on the 3rd gen Cube and issues with the rooting binary
Amazing work @Pro-me3us! I'm soon going to buy one if I have the time and try it out before it's patched. I wonder how @k4y0z unlocked the sheldon/p devices with the decryption to see what we can do to decrypt the 3rd gen Cube as well since it sounds so similar to this thread with the firmware version to unlock the sheldon/p and root the device. And for what it's worth it's better to stay locked on 7.6.1.3 and below like you said.
Skel40 said:
since it sounds so similar to this thread with the firmware version to unlock the sheldon/p and root the device. And for what it's worth it's better to stay locked on 7.6.1.3 and below like you said.
Click to expand...
Click to collapse
I admit I haven't followed the MTK exploits closely. Any bootloader unlocking these days is going to require 2 (or more) exploits. One exploit for the bootloader itself, and a second exploit to put that first exploit in place. Gazelle is missing a bootloader exploit. Amlogic and MTK devices use very different bootloaders, and aren't likely to have any overlapping vulnerabilities. I hope that gazelle_shrinker can give someone else a foot in the door to find something, but bootloader vulnerabilities are rare.
Sorry, I know this is an absolutely idiotic question but how to I do this
Use gazelle_shrinker to open a root shell, setenforce 0 and delete all the apps listed in the file /data/system/PackageManagerDenyList
I'm using the concole in adblink2. I know nothing about this stuff so was basically just following the guide, but no idea what that means. Again, I realise it’s probably stupid, but if I don't ask I don't learn.
Jerri1240 said:
Use gazelle_shrinker to open a root shell, setenforce 0 and delete all the apps listed in the file /data/system/PackageManagerDenyList
Click to expand...
Click to collapse
No problem, in the guide above I'm summarizing the instructions, an then providing the commands to copy and paste below each summary.
I'm assuming that you have already copied gazelle_shrinker to /data/local/tmp/ on your Cube
Instead of using ADBLink's console button, use the ADB shell button, to open a terminal window on your Cube where you can enter the commands in the instructions (you will see this gazelle:/ $ prompt). Hopefully this gives you an idea of the flow of the instructions:
You want to paste in each of these commands one by one
gazelle:/ $ chmod +x /data/local/tmp/gazelle_shrinker
gazelle:/ $ /data/local/tmp/gazelle_shrinker
gazelle:/ # setenforce 0
gazelle:/ # echo '<?xml version="1.0" encoding="utf-8" standalone="yes" ?><map><set name="DenyListKeyPackages"></set></map>' > /data/system/PackageManagerDenyList
gazelle:/ # pm clear com.fireos.arcus.proxy
gazelle:/ # pm disable-user com.fireos.arcus.proxy
You are going to want to disable updates, since Amazon is definitely going to patch this type of access to the Cube
Got one yesterday and tried the temp shrinker root and all works good for now. I just want to give a heads up to anybody trying this guide to go ahead and update to 7.6.1.3. Disable HDR is available instead of Adaptive and the Always HDR mode. I'm now stuck on the Magisk temp root guide above.
Pro-me3us said:
No problem, in the guide above I'm summarizing the instructions, an then providing the commands to copy and paste below each summary.
I'm assuming that you have already copied gazelle_shrinker to /data/local/tmp/ on your Cube
Instead of using ADBLink's console button, use the ADB shell button, to open a terminal window on your Cube where you can enter the commands in the instructions (you will see this gazelle:/ $ prompt). Hopefully this gives you an idea of the flow of the instructions:
You want to paste in each of these commands one by one
gazelle:/ $ chmod +x /data/local/tmp/gazelle_shrinker
gazelle:/ $ /data/local/tmp/gazelle_shrinker
gazelle:/ # setenforce 0
gazelle:/ # echo '<?xml version="1.0" encoding="utf-8" standalone="yes" ?><map><set name="DenyListKeyPackages"></set></map>' > /data/system/PackageManagerDenyList
gazelle:/ # pm clear com.fireos.arcus.proxy
gazelle:/ # pm disable-user com.fireos.arcus.proxy
You are going to want to disable updates, since Amazon is definitely going to patch this type of access to the Cube
Click to expand...
Click to collapse
Thank you, really do appreciate it.
I basically don't want to look at Amazon's launcher so had been using sweenwolfs manager, but if I can disable updates that's even better. I've been using wolf launcher on my gen2 cube and just got the gen3 this week so really happy to have been able to do this. Thanks again for the idiots guide.
Second idiot question, is there a lost of things I should install, and if updates are stuck on 'checking now...' I assume turning off updates has worked? And lastly, do I want to install bootless magisk too?
Jerri1240 said:
Second idiot question, is there a lost of things I should install, and lastly, if updates are stuck on 'checking now...' I assume turning off updates has worked?
Click to expand...
Click to collapse
Other than the temp gazelle exploit shell you inputted the only thing left is Magisk temp root which you'd have to be careful in case you want to have root apps. Since the updates are stuck on 'Checking now' yes it means it has worked and typing in adb shell pm list packages -d should show com.amazon.device.software.ota and other packages disabled meaning it has worked. To be safe to verify reboot and run the command again to quickly check that the system didn't encrypt the package manager.
Skel40 said:
Other than the temp gazelle exploit shell you inputted the only thing left is Magisk temp root which you'd have to be careful in case you want to have root apps. Since the updates are stuck on 'Checking now' yes it means it has worked and typing in adb shell pm list packages -d should show com.amazon.device.software.ota and other packages disabled meaning it has worked
Click to expand...
Click to collapse
Thank you. No, I just want to be able to use a launcher I like and not have an Amazon update disable it. So I can just leave as is.
Jerri1240 said:
Thank you. No, I just want to be able to use a launcher I like and not have an Amazon update disable it. So I can just leave as is.
Click to expand...
Click to collapse
No problem and yeah honestly due to its limitations I'd rather not take any risks given the price of the device but we're definitely getting somewhere for sure with having control at least.
Jerri1240 said:
is there a lost of things I should install, and if updates are stuck on 'checking now...' I assume turning off updates has worked? And lastly, do I want to install bootless magisk too?
Click to expand...
Click to collapse
When you disable the OTA apps, you should get a near instant 'Update Error' when checking updates
gazelle:/ $ pm disable-user com.amazon.device.software.ota
gazelle:/ $ pm disable-user com.amazon.device.software.ota.override
gazelle:/ $ pm disable-user com.amazon.tv.forcedotaupdater.v2
Now that you have removed the package protections, you can use Launcher Manager to disable the OTA packages above
Launcher Manager / Other settings / Amazon OS Updates / Block updates
This will have Launcher Manager run the pm disable-user commands for you.
Do as @Skel40 recommended, verify that all the apps you disabled, are actually disabled from the command line, especially Arcus Proxy.
gazelle:/ $ pm list packages -d
I also agree with Skel40 about Magisk, if you don't need it for any apps you are using, it's an extra complication that you are better off without.
@Skel40 thanks for confirming everything is working! If you have any issues getting bootless Magisk working let me know. You can enable/disable it by just checking/unchecking 'execute on boot' in Launcher Manager and rebooting the Cube.
Pro-me3us said:
pm disable-user com.amazon.device.software.ota
Click to expand...
Click to collapse
No update error. just 'checking now', launcher manager lists update status as blocked, though.
pm list packages -d gets me the following
package:com.android.nfc
package:com.fireos.arcus.proxy
package:com.amazon.tv.forcedotaupdater.v2
package:com.amazon.device.software.ota
package:com.amazon.device.software.ota.override
Jerri1240 said:
No update error. just 'checking now', launcher manager lists update status as blocked, though.
pm list packages -d gets me the following
package:com.android.nfc
package:com.fireos.arcus.proxy
package:com.amazon.tv.forcedotaupdater.v2
package:com.amazon.device.software.ota
package:com.amazon.device.software.ota.override
Click to expand...
Click to collapse
Since pm list packages -d has it listed as disabled, that's all that really matters.
Pro-me3us said:
Since pm list packages -d has it listed as disabled, that's all that really matters.
Click to expand...
Click to collapse
Thanks again for the help. Really appreciate it.
Overview
This rooting method is based on a new vulnerability in the ARM Mali GPU driver (CVE-2022-46395) discovered by security researcher Man Yue Mo at GitHub Security Lab, to gain root access to the 3rd gen Cube that is on firmware PS7646/3550 or older. You can also check the older root method that works up to firmware PS7613/3701.
The exploit program (gazelle_buf) is run directly on the Cube to spawn a temporary root shell for quick access. On average it takes 20-60sec for the exploit to gain root access. For best results, run gazelle_buf after a fresh reboot.
Temporary Root
Open an adb root shell to for quick access admin access
Pros:
Access all files and folders from ADB
Simple to use, runs in RAM and doesn't make any changes to the Cube, no chance of bricking.
Remove app package protection so that you can enable/disable any app even without root (eg custom launchers, disabling updates, debloat, etc).
Cons:
Only enables ADB root
NOTE: raven_buf won't brick your device, but what you do with that root access can. DM-verity is still in place checking the integrity of the system/vendor partitions, do NOT modify anything in those directories, or the boot partition!!
Instructions
Enable ADB debugging in FireOS settings
Download, unzip and copy gazelle_buf to your Cube
adb push gazelle_buf /data/local/tmp/
Open an ADB shell and give gazelle_buf execution permission (only needs to be done once)
adb shell ---> opens a 'gazelle: / $' prompt
gazelle:/ $ chmod +x /data/local/tmp/gazelle_buf
Run the program. Takes 20-60sec on average.
Root access is gained when the '$' prompt changes to '#' (gazelle:/ $ --> gazelle:/ #)
gazelle:/ $ /data/local/tmp/gazelle_buf
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Disable package protections
Use gazelle_shrinker to open a root shell and delete all the apps listed in the file /data/system/PackageManagerDenyList
gazelle:/ # setenforce 0
gazelle:/ # echo '<?xml version="1.0" encoding="utf-8" standalone="yes" ?><map><set name="DenyListKeyPackages"></set></map>' > /data/system/PackageManagerDenyList
Disable Arcus Proxy, to keep package protections off
gazelle:/ # pm clear com.fireos.arcus.proxy
gazelle:/ # pm disable-user com.fireos.arcus.proxy
Disable Amazon's ability to block apps on your device (eg Launcher Manager)
gazelle:/ # pm disable-user com.amazon.adep
gazelle:/ # pm clear com.amazon.adep
Disable OTA updates
gazelle:/ # pm disable-user com.amazon.device.software.ota
gazelle:/ # pm clear com.amazon.device.software.ota
gazelle:/ # pm disable-user com.amazon.device.software.ota.override
gazelle:/ # pm disable-user com.amazon.tv.forcedotaupdater.v2
A reboot is required before the package protections removal takes effect. Check & confirm the list of disabled apps:
gazelle:/ $ pm list packages -d
Contributors:
Man Yue Mo, @Functioner, @Pro-me3us
Thanks to @Renate for many great tools
@RiCkLaR for tip on disabling ADEP and AppBlockList
reserved
reserved
is this for the latest update for the cube?
Eagle1337 said:
is this for the latest update for the cube?
Click to expand...
Click to collapse
Yes, this will work on any 3rd gen firmware including the most recent PS7646 from the last two weeks.
If you are still on PS7613/3701 and using the older method, I don't recommend updating to PS7646. I haven't seen any benefits to the new firmware, and it's likely just got more Amazon tricks & restrictions to look out for.
IF you care about an eventual bootloader unlock, if anyone ever finds a way , staying on an older firmware increases the chances of being able to use it.
Hello. Followed your instructions on my 3rd gen Fire TV Cube, and saw the ADB Shell prompt change from $ to #.
Then entered in the suggested shell commands to disable OTA updates etc.
I then rebooted my device.
I am a bit confused, as when I re-established ADB connection, the shell prompt is back to a $, and not #.
Is that normal?, ie. to change anything, I have to redo the process after each restart?
Excuse my ignorance, kind of new to all this stuff.
three6zerocool said:
Hello. Followed your instructions on my 3rd gen Fire TV Cube, and saw the ADB Shell prompt change from $ to #.
Then entered in the suggested shell commands to disable OTA updates etc.
I then rebooted my device.
I am a bit confused, as when I re-established ADB connection, the shell prompt is back to a $, and not #.
Is that normal?, ie. to change anything, I have to redo the process after each restart?
Excuse my ignorance, kind of new to all this stuff.
Click to expand...
Click to collapse
Read:
4. Run the program. Takes 20-60sec on average.
Root access is gained when the '$' prompt changes to '#' (gazelle:/ $ --> gazelle:/ #)
No you dont need to do it after every restart. It's disabled until you change it back..
three6zerocool said:
I am a bit confused, as when I re-established ADB connection, the shell prompt is back to a $, and not #.
Is that normal?, ie. to change anything, I have to redo the process after each restart?
Click to expand...
Click to collapse
Yeah that's to be expected. If you cleared the PackageManagerDenyList described in the op instructions, then you won't need root access anymore to disable/enable any apps.
If you need root access for something else, then you only need to run gazelle_buf again
gazelle:/ $ /data/local/tmp/gazelle_buf
gazelle:/# setenforce 0
If you need routine root access or to be able to grant SU to apps, you can check the description of bootless Magisk from the previous exploit. That would give you the ability to open a root shell whenever you type gazelle:/ $ su
I still consider bootless Magisk experimental until a handful of people report back that they have been using it for a month+. I can update the older start script to work with gazelle_buf if you want to test it out.
Pro-me3us said:
Yeah that's to be expected. If you cleared the PackageManagerDenyList described in the op instructions, then you won't need root access anymore to disable/enable any apps.
If you need root access for something else, then you only need to run gazelle_buf again
gazelle:/ $ /data/local/tmp/gazelle_buf
gazelle:/# setenforce 0
If you need routine root access or to be able to grant SU to apps, you can check the description of bootless Magisk from the previous exploit. That would give you the ability to open a root shell whenever you type gazelle:/ $ su
I still consider bootless Magisk experimental until a handful of people report back that they have been using it for a month+. I can update the older start script to work with gazelle_buf if you want to test it out.
Click to expand...
Click to collapse
Thanks for the reply and explanation.
I mainly wanted to use this exploit to stop Amazon auto removing Launcher Manager, as I like to use custom Launcher.
I think I have done things correctly, but just noticed that Launcher Manager has been removed again.
I am sure I entered all the commands in correctly, as I noticed inside LM that Amazon Updates etc were already blocked.
Could it be the settings I have used in LM?
ie. I used the old method and it brought up an ADB permission request, then I enabled the original handler, and chose my custom launcher. (Wolf Launcher)
Have also tried the new method, but LM still keeps getting removed.
What's been happening is that Launcher Manager disappears, and home button still goes to Wolf Launcher, but I can no longer access any settings menus. (until I reinstall LM)
three6zerocool said:
I mainly wanted to use this exploit to stop Amazon auto removing Launcher Manager, as I like to use custom Launcher.
Click to expand...
Click to collapse
@RiCkLaR posted about this earlier, and I think he's right. I'll add it to the instructions in the OP in a day once it's confirmed.
For now, it appears that Launcher Manager is disabled by the app Adep. You can disable it, and that should be enough to stop having to do any more reinstalls.
gazelle:/ $ pm disable-user com.amazon.adep
gazelle:/ $ pm clear com.amazon.adep
Since you have root, if you want, you can keep Amazon Launcher enabled, and only disable the Amazon homescreen. This will allow you to use your custom launcher, and not break Amazon Launcher dependent functions. Things that will work: Amazon App Store search, homescreen search, FireOS settings menu, remote recent button, other things i'm forgetting
EDIT: I forgot that doing this causes the LiveTV app to hammer the OS, so that app has to be disabled. Clearing the LiveTV app data appears to be enough to keep that app from misbehaving.
To do this follow these steps:
gazelle:/ $ pm disable-user com.amazon.firehomestarter
gazelle:/ $ pm enable com.amazon.tv.launcher
gazelle:/ $ /data/local/tmp/gazelle_buf
gazelle:/ # setenforce 0
gazelle:/ # pm disable com.amazon.tv.launcher/.ui.HomeActivity_vNext
gazelle:/ # pm clear com.amazon.tv.livetv
gazelle:/ # exit
Pro-me3us said:
Since you have root, if you want, you can keep Amazon Launcher enabled, and only disable the Amazon homescreen. This will allow you to use your custom launcher, and not break Amazon Launcher dependent functions. Things that will work: Amazon App Store search, homescreen search, FireOS settings menu, remote recent button, other things i'm forgetting
EDIT: I forgot that doing this causes the LiveTV app to hammer the OS, so that app has to be disabled.
To do this follow these steps:
gazelle:/ $ pm disable-user com.amazon.firehomestarter
gazelle:/ $ pm enable com.amazon.tv.launcher
gazelle:/ $ pm disable-user com.amazon.tv.livetv
gazelle:/ $ /data/local/tmp/gazelle_buf
gazelle:/ # setenforce 0
gazelle:/ # pm disable com.amazon.tv.launcher/.ui.HomeActivity_vNext
gazelle:/ # exit
Click to expand...
Click to collapse
Thankyou oh so much, that is fantastic advice, and I followed your above instructions, and it worked wonderfully.
You are right, it is really nice using the native preferences over Launcher Manager ones.
Also it is really good to be able to search for apps etc.
Thankyou once again!.
I was taking another look at the method in post #10, I think it's fine to keep com.amazon.tv.livetv enabled, and that just clearing the app data after disabling the Amazon homescreen is enough to keep the LiveTV app from hammering the OS. I made a small edit to the steps to clear data, rather than disable LiveTV.
Since you already ran through the steps above, you can just clear the LiveTV app data, and re-enable the app without root
gazelle:/ $ pm clear com.amazon.tv.livetv
gazelle:/ $ pm enable com.amazon.tv.livetv
To verify that there are no apps acting up, use
gazelle:/ $ top
It will show all the running apps, memory & CPU usage. When you are on your custom launcher homescreen, the Cube should idle at ~720-750% CPU usage free (800% total = 100% x 8 cores). Verify that LiveTV app isn't at the top of the CPU usage list using +50-100%.