Hey
It seems that Samsung disabled the exec command in their /sbin/init binary (from ramdisk)
Standard Android init compiled from sources is unfortunately a no-go, Samsung modified their init in large proportions.
Does anybody confirm that, or found another working init binary ? (perhaps with sources)
I just checked my samsung galaxy S and it's init.rc makes use of the exec command.
On my i9100, the exec command appears to be used but the commands it is calling do not exist anywhere in the initramfs. Additionally my own exec lines don't seem to work. Perhaps they are using exec to mean something else (like some kind of internal command system)?
b0nafide: do the exec commands that your init.rc call actually exist?
Related
Hello, I've been with XDA Developers since before I got my XDAii. You've helped me with every problem faced so far, and I would love it if you could try help me with this one. please.
I've Downloaded some version of SynCE (which is supposed to be the Linux version of ActiveSync) but I need to compile it with the ./ command. My only problem is SuSE doesn't have a ./ command and the Packages I've downloaded are useless. Does anyone know where I can get SunCE so it will (Atleast) install under SuSE.. If it is not possible Novell is getting an email :twisted:
Thankyou in advance.
./ ???? I think you should read better the instructions... there's no ./ command in Linux (Nor SuSE, nor Debian, Nor everyone) dot slash in Linux refers to actual directory. It's: In windows (MS-DOS command line) you can run any command simply typing it's name and intro because actual path is a path that windows recognize.
For security issues Linux doesn't include actual path in its execution paths so when you want to run some command in actual directory you should write, before the command you want to run, the dot slash in order to say Linux where to find the command you want to run.
After all this, I think you forgot to type the instruction to compile the SynCE so better try to read better the README's or INSTALL's.txt and type the command after ./ And wait to call Novel... specially if your smiley indicates that it's going to be a flaming mail
I'm a linux user and have been for over 5 years now, and ./ is to run a application after you chmodded it properly so the user can run it. SynCE is compatible with any linux because any linux is modable to install any application even though it says it might not be able too! Linux is all editable, all the files, etc. You can get anything running, I sure have.
Discovering "adb shell" gave joy, experiencing the shell as minimal bash with awful line handling (backspace and command recall) gave annoyance, experiencing "adb root" refusing access gave frustration.
After some tracking, it turns out that adbd behaviour is determined by the property "ro.debuggable" which is set during system init. The initial value is located in the file "/default.prop". In JP6 it is set to 0 resulting is adbd refusing access. However, set to 1, "adbd root" will give the much better response of "restarting adbd as root".
Once set, the property value cannot be changed. To get this fixed you need to change the contents of the file default.prop which is located in the initial ramdisk image.
Optionally, you can put a replacement shell in /sbin of in ramdisk image so that when connected "exec bash" will make things more relaxing. I attached the version I am using, which is statically linked with ncurses/readline.
There is also a simple patch to unlock adbd if you dislike opening and rebuilding the ramdisk image. However, you do need binoffset which is located in the scripts directory of the linux source tree.
Code:
ofs=`scripts/binoffset initramfs.cpio \`echo -n 'debuggable=0' | od -t u1 -An\` 2>/dev/null`
echo 'debuggable=1' | dd bs=1 seek=$ofs conv=notrunc of=initramfs.cpio
Thanks...any help though?
Hi....thanks for the fix....could you point me to a decent howto on editting the initial ramdisk?
Thanks
M
it doesn't sound simple
i will try to figure that one out ...
Dear Hexabit,
I know it's an old topic.
But do you know how can I use this Fix on a windows 7?
tried searching for binoffset software/script..couldn't find anything
I have a Flytouch 3 tablet, rooted(Z4) with terminal emulator and root explorer.
is there a way to use you bash.rar to unlock adb access?
thanks for the help
doekoe87 said:
Dear Hexabit,
I know it's an old topic.
But do you know how can I use this Fix on a windows 7?
tried searching for binoffset software/script..couldn't find anything
I have a Flytouch 3 tablet, rooted(Z4) with terminal emulator and root explorer.
is there a way to use you bash.rar to unlock adb access?
thanks for the help
Click to expand...
Click to collapse
you have to split the kernel, then decompile the ramdisk and edit default.prop and change ro.debuggable to 1, then recompile and flash
confuse but giving me a clue
I use unpackbootimg in my ubuntu pc.
The adb root works not properly after set debuggable=1.
When I saw your thread that told the adbd should be unlocked too, then I replace the adbd with a unlocked one. It works!
Thanks for your help.
I am sorry but I don't understand how to use the file.
teoking said:
I use unpackbootimg in my ubuntu pc.
The adb root works not properly after set debuggable=1.
When I saw your thread that told the adbd should be unlocked too, then I replace the adbd with a unlocked one. It works!
Thanks for your help.
Click to expand...
Click to collapse
Hi,
I can upload nothing to my root catalog of my phone.
So how could I use the adbd file in this case?
Phone is rooted but I have a problem with adb root command like subject of this topic is.
Can u help me with the process because I kept the file in /sbin but still it's not working.
Active system
Sent from my SM-G900T3 using Tapatalk
Hi.
My problem is on a SGSII, but I suppose it could be on any phone.
All last rom I flashed had problems with adb : after flashing, I am unable to use some adb command. For example :
Code:
$ adb uninstall <mypackage>
/sbin/sh: pm: not found
the pm script exists in /system/bin, but is not useable "as is" because it lacks of "#!/system/bin/sh" on the first line.
What I have to do is
Code:
mount -o remount,rw - /
echo '#!/system/bin/sh' >/sbin/am
cat /system/bin/am >>/sbin/am
chmod 0777 /sbin/am
echo '#!/system/bin/sh' >/sbin/pm
cat /system/bin/pm >>/sbin/pm
chmod 0777 /sbin/pm
mount -o remount,ro - /
And then it works again.
But my problem is that on each reboot I have to do this again.
So my questions are :
- do you know why those rom (I'm actually using Lite'ning) does not have those scripts ?
- how can I make those change permanent ? how /system is build ? for example, there is a "build.prop" file in it but it is nowhere else on my phone ...
Thanks a lot for your help !
Mike
The problem is twofold. First, a proper shell script should have the first line as a path to the command interpreter ("#!/system/bin/sh"), but for some reason, am and pm scripts don't have this. The second part of the problem is that the default shell as shipped in the AOSP code base ignores that line and happily executes these broken shell scripts. Depending on just how your rooted ROM was cooked, you may have any of a number of shell interpreters; bash, busybox sh, and the original sh being the most common. Bash is more tolerant of broken scripts, but the busybox interpreter won't execute these.
I don't know why your editing doesn't keep between boots though. It seems it should based on what's posted above. I don't have any knowledge of the internals of the SGSII so you probably need to ask that question in a forum dedicated to that device.
Tanks for your reply.
OK, it don't work anymore because default shell has been changed.
2 questions remains :
- why those scrips are not any more in /sbin
- why they don't stay when I reboot.
If anybody knows ...
I'll try to ask on the rom maker thread ...
Mike
I must have missed that. /sbin is part of the ramdisk. It is stored in the boot image and gets expanded to RAM at every boot, so any changes in /sbin will be destroyed on next boot.
all I have to do then is find where this ramdisk and update it ? ...
I'll try and let you know
Thanks again !
mbaroukh said:
all I have to do then is find where this ramdisk and update it ? ...
I'll try and let you know
Thanks again !
Click to expand...
Click to collapse
The ramdisk is a cpio archive gzipped to save space, then concatenated with a kernel into a single file. A short header on the whole thing tells where to split the two, and the kernel command lines and some other housekeeping tasks. Together that all makes up the boot.img partition (at least this is how it is on most androids I've played with). When the bootloader launches, it loads the header that tells where the kernel is in the file. It then loads the kernel into RAM. It then passes control to the kernel. The kernel knows how to gunzip the cpio archive and how to create a ramdisk partition of the required size. It then un-archives it into the newly created ramdisk, then passes control to `init' to do the rest of the boot process.
You can't just modify the ramdisk on the device. You have to extract the whole boot.img from flash, then separate its two parts (ramdisk and kernel) then gunzip and un-archive the cpio filesystem somewhere (preferably a *nix system that understands unix permissions, simlinks, etc), then modify whatever it is you want, then archive the contents again to a cpio archive, gzip it up, then recombine it with the kernel and the appropriate header for the whole thing, then re-flash it to the NAND partition on your device where the boot.img normally resides.
Thanks !
This is my next week-end task to try all this.
I'll let you know if I succeed or not.
I copied over the debian image i made for my sgs i9000 to try and run on my galaxy tab since i think the much larger screen, double RAM and faster cpu would make the image run smoother. I hoped the p7510 might be able to replace my laptop for word processing by running openoffice in chroot. I remembed to set the path, user and home variables. After mounting the image i go to chroot but i get the error
"chroot: can't execute /system/bin/sh"
I tried installing 10 other versions of busybox from the market. I am currently using the latest bindroid rom and pershoot kernel. The image worked on my sgs when it ran stock roms and now cm7.1. Is it the bindroid rom? I also tried to use apk manage 4.9 to decompile the rom's framework-res to enable crt off but it always errors out recompiling.
I realize that /system/bin/sh is where android has sh but i thought busybox would be smart enough to know that normal linux like my laptop has it in /bin/sh. My sgs seemed to know its directory of sh was not normal.
i'm having the same problem as well setting up debian to my galaxy tab, same model as you. when i mounted debian, it doesn't have /system/bin/sh, it's just /bin/sh. maybe you should try to specify /bin/sh at the end of the command, if you don't, it will default to /system/bin/sh. maybe you'll have more luck than me. i mounted debian in /data/local/debian and typed chroot /data/local/debian /bin/sh but it says "/bin/sh: precmd: not found". if you or anybody else figures out how to get past that, that would be awesome! thanks!
EDIT: look at the directory structure and see if it's /bin/sh instead of /system/bin/sh and if it is, specify /bin/sh at the end of the chroot command then hit enter and you might get an error, if you do, type: unset PS1 PROMPT_COMMAND .. that worked for me and then you'll get a command prompt and you'll be in linux now and not android. i hope i helped
@Zaphodspeaks
Z,
okay i found a lead here http://stackoverflow.com/questions/...-android-device-failing-to-bind-tcp-port-5037
Android enforces its Internet Permission via a modification to the Linux Kernel which checks that a process is a member of an associated unix group before allowing it to open sockets in the AF_INET domain.
Such membership is inherited, so native code executed, either as a JNI library or by invoking a distinct executable, will only be able to perform network operations if it is either run as a privileged user automatically having this membership (such as adb's "shell" account, or as root on an engineering build) or run under the identify of an application package having the Internet permission in its manifest.
Click to expand...
Click to collapse
i'm going to snoop around the source and se if i can figure out how to tweak android tools source to build a modded adb and daemon and try it out.
interesting side note, even without root as long as adb is insecure you can push and run certain scripts and binaries seemingly outside of security if you work out of /data/local/tmp
for anyone wondering i had a though that maybe i could use the tab's in-house adb to connect to "itself" and achieve a root prompt.
m
EDIT- I found Q&A !!! i think ? umm this is q&a right? xD
This looks promising and fascinating.. If you pull this off, I think you will be the first to ever of done anything like this..
Zaphodspeaks said:
This looks promising and fascinating.. If you pull this off, I think you will be the first to ever of done anything like this..
Click to expand...
Click to collapse
I'd like to try it, i've been working with some simple c programming execises for the last few days
trying to figure out how to get certain system calls to work for miscellanious hooliganery! xD
i found out if you run /init in terminal you will reboot your device to recovery.
i have to re-flash a clean instance of the lp 5.1.1 firmware and then the unsecured boot.img so selinux is still intact,
then push a copy of the init binary to /data/local/tmp via adb and execute it.
if it works , then i have some neat ideas!
m
edit- i also have a new boot image which automatically mounts my debian chroot and exports the $PATH to my gcc
to anyone who needs to mount a custom block device
you need an entry like this in init.environ.rc
# Debian CHROOT
export DEBIAN_ROOT /debian
export TMPDIR /tmp
mount -t proc none /debian/proc
mount -t sysfs none /debian/sys
mount -o bind /dev /debian/dev
mount -o bind /proc/net /debian/proc/net
mount -t devpts none /debian/dev/pts
[this is for mounting my chroot, so all i have to do is run the chroot command itself and all my needed mounts are already in place]
and amend your path and ld library entries
export PATH /sbin:/vendor/bin:/system/sbin:/system/bin:/system/gcc/bin:/system/xbin:/bin:/usr/bin:/usr/sbin
export LD_LIBRARY_PATH /system/lib:/system/gcc/lib:/system/vendor/lib
NOTE TO SELF- pipe the output of strace <command> to text
strace id &> narc.txt
moonbutt74 said:
I'd like to try it, i've been working with some simple c programming execises for the last few days
trying to figure out how to get certain system calls to work for miscellanious hooliganery! xD
i found out if you run /init in terminal you will reboot your device to recovery.
i have to re-flash a clean instance of the lp 5.1.1 firmware and then the unsecured boot.img so selinux is still intact,
then push a copy of the init binary to /data/local/tmp via adb and execute it.
if it works , then i have some neat ideas!
m
Click to expand...
Click to collapse
Damn I wish I had your skills.. Programming is NOT my forte.... Hardware repair and PC diagnostics is what I'm best at..
@Zaphodspeaks
OKAY,
stumbled across something interesting, this will be slightly interrupted as i need to switch to tab for the second part of the post,
[via adb shell]
strace adb shell
one line in particular caught my notice in the output of strace
Code:
connect(3, {sa_family=AF_FILE, path="[COLOR="Red"]/tmp/5037[/COLOR]"}, 12) = 0
back in a minute... okay, i'm on tab from clean reboot,
when running adb shell [remember the above] i get this
Code:
[email protected]:/ # adb shell
* daemon not running. starting it now on port 5038 *
* daemon started successfully *
error: device not found
1|[email protected]:/ #
okay now [with unsecured boot.img] as normal user in tab you cannot do this part, BUT you can via adb shell on pc-side
Code:
mkdir /data/local/tmp/5038
EDITED - see edit below [dammit, i really have to start taking notes]
EDIT
that's maybe a "HIT" of some kind. How to make it work from there i'm not sure yet.
okay i goofed by mkdir 5038 should actually be a link to socket [DERP]
i'll get back to this after some breakfast so as to avoid brain death from overcaffination. xD
i had to edit this, i lost a step somewhere, should have posted all of this from the first time around
I'm trying to understand sockets and pipes, yay!
m
okay
i learnded me how to create a symlink to a socket
ln socket:[5038] /blah-blah/5038 [sort of ]
i'm guessing i need to be looking at how /proc works
for an example in /proc/5743/fd
10 -> socket:[41910]
from http://www.linuxquestions.org/quest...an-i-create-a-socket-file-248399/#post4398605
Lots of misunderstanding here; let's see if I can clarify.
A socket file is not a regular file, it's more like an IP address (it is also not a fifo, although those are similar). A socket file is created by the system when a program calls bind on a unix domain socket, which is a special kind of network socket that can only be internal to one computer. The system then associates this special file with the socket file descriptor that the program bound (or more specifically, the "inode" to which that file descriptor refers).
From that point on, the program that created the socket has no interaction with the socket by the filename. If you move it elsewhere, create new links to it, or remove it, you may confuse other programs that are trying to talk to the program in question, but the program itself won't see it at all. You are only changing the set of names that point at that inode (and you can connect to the listening program at that new name!). Thinking of the filename as a domain name, the inode as the ip address, and the filesystem as DNS isn't so very far off.
Click to expand...
Click to collapse
i'm guessing sock_create is a c thing http://linux.die.net/man/2/socket
i have authbind "working" after getting the source configured for ndk-build , but i don't yet know what a good example of it's usage would be to prove that it functions as it should.
@osm0sis,
okay, as per your instucts , i did this
[email protected]:/ # cat /sdcard/dooby
#!/system/bin/sh
cd /sdcard
setprop service.adb.tcp.port 5555
stop adbd && start adbd
adb connect 192.168.254.42
pwd
adb shell pwd
[email protected]:/ # /sdcard/./dooby
connected to 192.168.254.42:5555
/sdcard
/
[email protected]:/ #
now of i understand this correctly i am connecting to myself via my router, right?
you know, if i remount / and touch this script there and run it with a little modification i can probably create a loop, xD
Sounds fun. Glad to be of service.