After so many tutorials on Forum for nv_data.bin permission denied, none of them worked for me. Is there any 100% working tutorial.
regards
karabey said:
After so many tutorials on Forum for nv_data.bin permission denied, none of them worked for me. Is there any 100% working tutorial.
regards
Click to expand...
Click to collapse
There's an app called mount system on the market. Install it & ask it mount always as r/w access at boot.
PS : You need to have root access.
Thanks but not worked.. Cant still read the nv_data.bin
Ok have saved now the bml3.bak but there is no Code saved if i try to extract by sgux2.exe
HEX
53534E56A6A7FA1A0709542A1E85E257F98A6F14E2E19CA932EBEC93945930F6D0D9713DF61AB70CA4D57F7F9BCEDD924B888C6AAE9074B9D49D8FEEC8C021A97D4882BEFF922E8B004646464646464646000000000000000000000000000000000000000000000000323332303523
323332303523 = 23205
Any help?
My friend who use the Phone could read the Codes and made an Froyo Update. But after the Update Code were not able to enter. It gave the Error that is wrong.
ProductCode: GT-i9000HKDONE
You can get permission by adb shell or terminal emulator by typing:
su
busybox chown 1001:1001 /efs/nv_data.bin
(reboot)
I tried your method, but I still get permission denied. Here is what I did and the list of the file under /efs:
C:\SDK\tools>adb shell
$ su
su
# busybox chown 1001:1001 /efs/nv_data.bin
busybox chown 1001:1001 /efs/nv_data.bin
# reboot
reboot
C:\SDK\tools>adb shell
$ su
su
# ls -l /efs
ls -l /efs
-rwx------ radio radio 2097152 2010-10-30 04:57 nv_data.bin
drwxrwxrwx radio radio 2010-07-17 09:31 imei
-rwx------ radio radio 32 2010-10-30 04:57 nv_data.bin.md5
#
iScream^ said:
You can get permission by adb shell or terminal emulator by typing:
su
busybox chown 1001:1001 /efs/nv_data.bin
(reboot)
Click to expand...
Click to collapse
lan_baba said:
I tried your method, but I still get permission denied. Here is what I did and the list of the file under /efs:
C:\SDK\tools>adb shell
$ su
su
# busybox chown 1001:1001 /efs/nv_data.bin
busybox chown 1001:1001 /efs/nv_data.bin
# reboot
reboot
C:\SDK\tools>adb shell
$ su
su
# ls -l /efs
ls -l /efs
-rwx------ radio radio 2097152 2010-10-30 04:57 nv_data.bin
drwxrwxrwx radio radio 2010-07-17 09:31 imei
-rwx------ radio radio 32 2010-10-30 04:57 nv_data.bin.md5
#
Click to expand...
Click to collapse
not workinggg.......
Why do you want to read the file?
Have you lost your imei? If so, was the phone sold to you?
Don't bother with the codes. Use the hex edit method to change the lock status to 0:
http://forum.xda-developers.com/showthread.php?t=761045
p.s. you should delete the file you posted... that's some bad security there.
I am having issues with file permission on su when either I cook a clockwork mod or DFT NAND Rom.
I have verified that su has the following permissions inside the .zip or .img file:
Code:
-rwxr-xr-x
Once flashed to phone when I check the permissions they have been changed to:
Code:
-rwsr-sr-x
SuperUser will crash until I issue the following commands via adb:
Code:
adb shell chmod 4755 /system/bin/su
adb shell chmod 4755 /system/xbin/su
adb reboot
After reboot the permissions are correct wtih:
Code:
-rwxr-xr-x
Anyone have any thoughts or know why this is happening? I am using Ubuntu v10 with the root account.
Thanks
-CMYLXGO
Hi there,
I tried if it is possible root on stock ROM 1.82.405.1 on HTC Desire Z. YES, we can!
This is a little "how to" with all previous roots and updates from "1.34.." to actual 1.82.405.1 stock ROM:
Permanent root on HTC ESIRE Z using linux
Software No. 1.34...
Necessary files:
adb (Android SDK)
gfree_02
psneuter
Terminal emulator (Android)
Optional files:
gfree_verify
Settings on Phone:
Menu-Settings-Applications-Development-USB debugging [yop]
USB connected to PC – only charge (card not mounted to PC)
Procedure on PC:
Check your device is properly conneted:
$ ./adb devices
It has to be like this : SH0BFRT00451 device
Than continue:
$ ./adb push su /sdcard/su
$ ./adb push Superuser.apk /sdcard/Superuser.apk
$ ./adb push rage /data/local/tmp/rage
$ ./adb push busybox /data/local/tmp/busybox
$ ./adb push root /data/local/tmp/root
$ ./adb shell chmod 0755 /data/local/tmp/*
On Android:
Launch Terminal Emulator
$ /data/local/tmp/rage
Wait for the message: "Forked #### childs."
Menu > Reset Term - Terminal Emulator will exit.
Launch Terminal Emulator, it Force Closes. Launch a second time, and you'll have a root shell
Procedure on PC:
$ ./adb push gfree /data/local
On Android:
# cd /data/local
# chmod 777 gfree
# ./gfree -f
# sync
# /data/local/tmp/root
# sync
there can be some errors with directory create – it is ok.
update to 1.72 via system and do following again:
./adb push su /sdcard/su
./adb push Superuser.apk /sdcard/Superuser.apk
./adb push busybox /data/local/tmp/busybox
./adb push root /data/local/tmp/root
./adb shell chmod 0755 /data/local/tmp/*
./adb push psneuter /data/local/tmp/psneuter
./adb shell chmod 777 /data/local/tmp/psneuter
./adb shell /data/local/tmp/psneuter
./adb shell
Finally execute this inside the shell you opened with the previous command >adb shell<:
/data/local/tmp/root
restart mobile and you have root....
update from 1.72 to 1.82 via system and again root:
./adb push su /sdcard/su
./adb push Superuser.apk /sdcard/Superuser.apk
./adb push busybox /data/local/tmp/busybox
./adb push root /data/local/tmp/root
./adb shell chmod 0755 /data/local/tmp/*
./adb push psneuter /data/local/tmp/psneuter
./adb shell chmod 777 /data/local/tmp/psneuter
./adb shell /data/local/tmp/psneuter
./adb shell
Finally execute this inside the shell you opened with the previous command >adb shell<:
/data/local/tmp/root
restart mobile and you have root....
Superusere error is patchable by this:
http://forum.xda-developers.com/showthread.php?t=886999
check /sys/devices/system/cpu/cpu0/cpufreq/current_scaling_freq
But do we need to be already on 1.82++ or do we need to downgrade to 1.34++ because I don't really understand what we have to do!
PS: really really thank you!!!!! (all other root methods failed for me, so fingers crossed that this one will work!)
You need to have S-OFF; if you don't you need to go to 1.34 to get it, then upgrade back up the chain...
oh, thanks... I guess I'll have to downgrade then, wouldn't I
I guess so, but should only have to do it once...
Sent from my HTC Vision using XDA App
I rooted my 1.72 device a while ago with this tut: http://forum.xda-developers.com/showthread.php?t=905261
Should I be fine by just executing the latest part off this tut?
Code:
update from 1.72 to 1.82 via system and again root:
./adb push su /sdcard/su
./adb push Superuser.apk /sdcard/Superuser.apk
./adb push busybox /data/local/tmp/busybox
./adb push root /data/local/tmp/root
./adb shell chmod 0755 /data/local/tmp/*
./adb push psneuter /data/local/tmp/psneuter
./adb shell chmod 777 /data/local/tmp/psneuter
./adb shell /data/local/tmp/psneuter
./adb shell
Finally execute this inside the shell you opened with the previous command >adb shell<:
/data/local/tmp/root
restart mobile and you have root....
I got error:
E:signature verification failed
I'm using clockwork recovery 2.5.1.3. I think that's the reason, anyone got a fix for this?
hi, I have desire Z with bootloader 1.82.405.1 , from which stage should I start the rooting process?
Here's the problem from a logcat after trying to run titanium backup:
E/su ( 6867): Getting exe path failed with 13: Permission denied
I AM rooted. I remounted /system as read/write. Permissions are perfect:
from /system/bin:
# pwd
/system/bin
#ls -l su
-rwxr-xr-x root shell 22240 2008-02-29 20:33 su
#
Just to prove that I have root permissions:
# chmod 666 su
# ls -l su
-rw-rw-rw- root shell 22240 2008-02-29 20:33 su
#
Just for the heck of it I tried a 777 - same problem.
This is duhRIVing me nuts!
Someone please test this. I can't right now (at work, don't have G5) so please update me. It works on my HTC 10 but I do not know if it will work on the G5...
CODE:
adb push arm64-v8a/dirtycow /data/local/tmp
adb push arm64-v8a/run-as /data/local/tmp
adb shell 'chmod 777 /data/local/tmp/run-as'
adb shell 'chmod 777 /data/local/tmp/dirtycow'
adb shell '/data/local/tmp/dirtycow /system/bin/run-as /data/local/tmp/run-as'
adb shell /system/bin/run-as
Honestly Annoying said:
Someone please test this. I can't right now (at work, don't have G5) so please update me. It works on my HTC 10 but I do not know if it will work on the G5...
CODE:
adb push arm64-v8a/dirtycow /data/local/tmp
adb push arm64-v8a/run-as /data/local/tmp
adb shell 'chmod 777 /data/local/tmp/run-as'
adb shell '/data/local/tmp/dirtycow /system/bin/run-as /data/local/tmp/run-as'
Click to expand...
Click to collapse
I tested those commands but what result are you waiting for ?
YassGo said:
I tested those commands but what result are you waiting for ?
Click to expand...
Click to collapse
Well, what happened?
Also, try and open an adb shell with "adb shell"
EDIT Goddamnit I forgot the last command. My bad! Please try again.
Honestly Annoying said:
Well, what happened?
Also, try and open an adb shell with "adb shell"
Click to expand...
Click to collapse
That's what I've did for the last two commands :
C:\>adb push arm64-v8a/dirtycow /data/local/tmp
[100%] /data/local/tmp/dirtycow
C:\>adb push arm64-v8a/run-as /data/local/tmp
[100%] /data/local/tmp/run-as
C:\>adb shell
[email protected]:/ $ chmod 777 /data/local/tmp/run-as
tmp/dirtycow /system/bin/run-as /data/local/tmp/run-as
/system/bin/sh: /data/local/tmp/dirtycow: can't execute: Permission denied
YassGo said:
That's what I've did for the last two commands :
C:\>adb push arm64-v8a/dirtycow /data/local/tmp
[100%] /data/local/tmp/dirtycow
C:\>adb push arm64-v8a/run-as /data/local/tmp
[100%] /data/local/tmp/run-as
C:\>adb shell
[email protected]:/ $ chmod 777 /data/local/tmp/run-as
tmp/dirtycow /system/bin/run-as /data/local/tmp/run-as
/system/bin/sh: /data/local/tmp/dirtycow: can't execute: Permission denied
Click to expand...
Click to collapse
You aren't running my commands. Just copy and post exactly what I posted
C:\>adb push arm64-v8a/dirtycow /data/local/tmp
[100%] /data/local/tmp/dirtycow
C:\>adb push arm64-v8a/run-as /data/local/tmp
[100%] /data/local/tmp/run-as
C:\>adb shell 'chmod 777 /data/local/tmp/run-as'
/system/bin/sh: chmod 777 /data/local/tmp/run-as: not found
C:\>adb shell '/data/local/tmp/dirtycow /system/bin/run-as /da
s'
/system/bin/sh: /data/local/tmp/dirtycow /system/bin/run-as /d
as: not found
C:\>adb shell /system/bin/run-as
run-as: Usage:
run-as <package-name> [--user <uid>] <command> [<args>]
YassGo said:
C:\>adb push arm64-v8a/dirtycow /data/local/tmp
[100%] /data/local/tmp/dirtycow
C:\>adb push arm64-v8a/run-as /data/local/tmp
[100%] /data/local/tmp/run-as
C:\>adb shell 'chmod 777 /data/local/tmp/run-as'
/system/bin/sh: chmod 777 /data/local/tmp/run-as: not found
C:\>adb shell '/data/local/tmp/dirtycow /system/bin/run-as /da
s'
/system/bin/sh: /data/local/tmp/dirtycow /system/bin/run-as /d
as: not found
C:\>adb shell /system/bin/run-as
run-as: Usage:
run-as <package-name> [--user <uid>] <command> [<args>]
Click to expand...
Click to collapse
It sounds like there's a problem with your /tmp/ directory. Try running "adb shell 'chmod 777 /data/local/tmp/' "
C:\>adb shell 'chmod 777 /data/local/tmp/'
/system/bin/sh: chmod 777 /data/local/tmp/: not found
I can't even ls local directory....but I see your two files in tmp
255|[email protected]:/data/local $ cd tmp
[email protected]:/data/local/tmp $ ls
dirtycow
run-as
[email protected]:/data/local/tmp $
YassGo said:
C:\>adb shell 'chmod 777 /data/local/tmp/'
/system/bin/sh: chmod 777 /data/local/tmp/: not found
I can't even ls local or tmp directory....
Click to expand...
Click to collapse
What the heck dude?? I've never heard of that error... it seems like you just don't have a tmp directory.
Honestly Annoying said:
What the heck dude?? I've never heard of that error... it seems like you just don't have a tmp directory.
Click to expand...
Click to collapse
Sorry dude I edited my message.
adb push arm64-v8a/dirtycow /data/local/tmp
adb push arm64-v8a/run-as /data/local/tmp
adb shell 'chmod 777 /data/local/tmp/run-as'
adb shell 'chmod 777 /data/local/tmp/dirtycow'
adb shell '/data/local/tmp/dirtycow /system/bin/run-as /data/local/tmp/run-as'
--> warning: new file size (5960) and file old size (14192) diffe
size 14192
[*] mmap 0x7f7eb44000
[*] exploit (patch)
[*] currently 0x7f7eb44000=10102464c457f
[*] madvise = 0x7f7eb44000 14192
[*] madvise = 0 1048576
[*] /proc/self/mem 1996488704 1048576
[*] exploited 0x7f7eb44000=10102464c457f
adb shell /system/bin/run-as
--> running as uid 2000
uid 0
YassGo said:
Sorry dude I edited my message.
Click to expand...
Click to collapse
Ah okay see that now. Do this
adb shell
/data/local/tmp/dirtycow /system/bin/run-as /data/local/tmp/run-as
/system/bin/run-as
Basically, this adds the "run-as" to the /system/bin directory, which is only accessible by root
Honestly Annoying said:
Ah okay see that now. Do this
adb shell
/data/local/tmp/dirtycow /system/bin/run-as /data/local/tmp/run-as
/system/bin/run-as
Basically, this adds the "run-as" to the /system/bin directory, which is only accessible by root
Click to expand...
Click to collapse
Okay you forgot chmod 777 on the dirtycow file. Here's what I get now with the last two commands :
adb push arm64-v8a/dirtycow /data/local/tmp
adb push arm64-v8a/run-as /data/local/tmp
adb shell 'chmod 777 /data/local/tmp/run-as'
adb shell 'chmod 777 /data/local/tmp/dirtycow'
adb shell '/data/local/tmp/dirtycow /system/bin/run-as /data/local/tmp/run-as'
--> warning: new file size (5960) and file old size (14192) diffe
size 14192
[*] mmap 0x7f7eb44000[*] exploit (patch)[*] currently 0x7f7eb44000=10102464c457f[*] madvise = 0x7f7eb44000 14192[*] madvise = 0 1048576[*] /proc/self/mem 1996488704 1048576[*] exploited 0x7f7eb44000=10102464c457f
adb shell /system/bin/run-as
--> running as uid 2000
uid 0
YassGo said:
Okay you forgot chmod 777 on the dirtycow file. Here's what I get now with the last two commands :
adb push arm64-v8a/dirtycow /data/local/tmp
adb push arm64-v8a/run-as /data/local/tmp
adb shell 'chmod 777 /data/local/tmp/run-as'
adb shell 'chmod 777 /data/local/tmp/dirtycow'
adb shell '/data/local/tmp/dirtycow /system/bin/run-as /data/local/tmp/run-as'
--> warning: new file size (5960) and file old size (14192) diffe
size 14192
[*] mmap 0x7f7eb44000[*] exploit (patch)[*] currently 0x7f7eb44000=10102464c457f[*] madvise = 0x7f7eb44000 14192[*] madvise = 0 1048576[*] /proc/self/mem 1996488704 1048576[*] exploited 0x7f7eb44000=10102464c457f
adb shell /system/bin/run-as
--> running as uid 2000
uid 0
Click to expand...
Click to collapse
Oh crap so sorry! Now run
adb shell
whoami
cd /data
ls
Please post results of that!
[email protected]:/data/local/tmp $ whoami
shell
[email protected]:/data/local/tmp $ cd /data
[email protected]:/data $ ls
opendir failed, Permission denied
YassGo said:
[email protected]:/data/local/tmp $ whoami
shell
[email protected]:/data/local/tmp $ cd /data
[email protected]:/data $ ls
opendir failed, Permission denied
Click to expand...
Click to collapse
Okay, so here's what I can see of this then. This DOES open a root shell, but it closes the shell right after placing "run-as" into /system/bin. If we can keep the shell open then bam root!
YassGo said:
[email protected]:/data/local/tmp $ whoami
shell
[email protected]:/data/local/tmp $ cd /data
[email protected]:/data $ ls
opendir failed, Permission denied
Click to expand...
Click to collapse
WAIT actually try running
SEE NEXT POST
[email protected]:/data $ cd /data/local/tmp
[email protected]:/data/local/tmp $ run-as cat /init.flo.diag.rc
running as uid 2000
uid 0
YassGo said:
[email protected]:/data $ cd /data/local/tmp
[email protected]:/data/local/tmp $ run-as cat /init.flo.diag.rc
running as uid 2000
uid 0
Click to expand...
Click to collapse
Oops, close that root shell and just do
adb shell
run-as cat /init.flo.diag.rc
C:\>adb shell
[email protected]:/ $ run-as cat /init.flo.diag.rc
running as uid 2000
uid 0
YassGo said:
C:\>adb shell
[email protected]:/ $ run-as cat /init.flo.diag.rc
running as uid 2000
uid 0
Click to expand...
Click to collapse
wtf it should be working.
Here's some to try, tell me if any of these work
adb shell
run-as id
run-as ls -lZ /sbin/
run-as ls -lZ /data/