Related
Discovering "adb shell" gave joy, experiencing the shell as minimal bash with awful line handling (backspace and command recall) gave annoyance, experiencing "adb root" refusing access gave frustration.
After some tracking, it turns out that adbd behaviour is determined by the property "ro.debuggable" which is set during system init. The initial value is located in the file "/default.prop". In JP6 it is set to 0 resulting is adbd refusing access. However, set to 1, "adbd root" will give the much better response of "restarting adbd as root".
Once set, the property value cannot be changed. To get this fixed you need to change the contents of the file default.prop which is located in the initial ramdisk image.
Optionally, you can put a replacement shell in /sbin of in ramdisk image so that when connected "exec bash" will make things more relaxing. I attached the version I am using, which is statically linked with ncurses/readline.
There is also a simple patch to unlock adbd if you dislike opening and rebuilding the ramdisk image. However, you do need binoffset which is located in the scripts directory of the linux source tree.
Code:
ofs=`scripts/binoffset initramfs.cpio \`echo -n 'debuggable=0' | od -t u1 -An\` 2>/dev/null`
echo 'debuggable=1' | dd bs=1 seek=$ofs conv=notrunc of=initramfs.cpio
Thanks...any help though?
Hi....thanks for the fix....could you point me to a decent howto on editting the initial ramdisk?
Thanks
M
it doesn't sound simple
i will try to figure that one out ...
Dear Hexabit,
I know it's an old topic.
But do you know how can I use this Fix on a windows 7?
tried searching for binoffset software/script..couldn't find anything
I have a Flytouch 3 tablet, rooted(Z4) with terminal emulator and root explorer.
is there a way to use you bash.rar to unlock adb access?
thanks for the help
doekoe87 said:
Dear Hexabit,
I know it's an old topic.
But do you know how can I use this Fix on a windows 7?
tried searching for binoffset software/script..couldn't find anything
I have a Flytouch 3 tablet, rooted(Z4) with terminal emulator and root explorer.
is there a way to use you bash.rar to unlock adb access?
thanks for the help
Click to expand...
Click to collapse
you have to split the kernel, then decompile the ramdisk and edit default.prop and change ro.debuggable to 1, then recompile and flash
confuse but giving me a clue
I use unpackbootimg in my ubuntu pc.
The adb root works not properly after set debuggable=1.
When I saw your thread that told the adbd should be unlocked too, then I replace the adbd with a unlocked one. It works!
Thanks for your help.
I am sorry but I don't understand how to use the file.
teoking said:
I use unpackbootimg in my ubuntu pc.
The adb root works not properly after set debuggable=1.
When I saw your thread that told the adbd should be unlocked too, then I replace the adbd with a unlocked one. It works!
Thanks for your help.
Click to expand...
Click to collapse
Hi,
I can upload nothing to my root catalog of my phone.
So how could I use the adbd file in this case?
Phone is rooted but I have a problem with adb root command like subject of this topic is.
Can u help me with the process because I kept the file in /sbin but still it's not working.
Active system
Sent from my SM-G900T3 using Tapatalk
This workshop was held in #android-learning on irc.freenode.net by XDA Member Adrynalyne. All credit to him for this guide, I simply am taking it and turning it into a guide. Here we go!
You can find the raw IRC log here
Good evening folks, and welcome to my ADB workshop. This is by no means a full explanation on the subject, but more of a crash course to help folks get up to speed, and get more from their devices. There may be some things you already know here, so please be patient and respect those who do not.
Reference Files
http://adrynalyne.us/files/How to install adb.pdf
http://adrynalyne.us/files/Using ADB.pdf
So, lets just start with the basics.
What is ADB?
ADB stands for the android debugging bridge and is used for testing and debugging purposes by developers.
However, we like to get more out of our devices, and its a great way to fix things.
Knowing adb can mean the difference between a paperweight and a working phone.
So, to start with, we will look at installing ADB.
Generally speaking, the Sun/Oracle JDK is required to run all SDK functions.
ADB is but one tool in the SDK arsenal.
So, we begin by downloading and installing the JDK. This can be found here:
https://cds.sun.com/is-bin/[email protected]_Developer
Choose your OS, download and install. I recommend that 64 bit users use the regular x86/32 bit version as well.
Moving ahead, we download the Windows sdk from here:
http://dl.google.com/android/installer_r08-windows.exe
Due to already installing JDK, you won't be stopped by the install process.
Now, if you notice, I installed it to:
C:\android-sdk-windows
I did this because it makes things easier when setting up path variables.
I encourage everyone to do the same, but obviously it is not required.
So, this SDK is handy, but is only good up to 2.2. We want the latest and greatest! (Well I do)
So, we navigate to:
C:\android-sdk-windows\
and we run SDK Manager.exe
If you notice in your PDF file for installing adb, you will notice that you can update, and I made a choice not to include earlier sdk versions.
I won't go into full detail on that, but depending on the version of SDK you have, 8 or 9, it WILL make a difference in using adb.
By default, for version 8 adb.exe resides in C:\android-sdk-windows\tools
By default, for version 9 adb.exe resides in C:\android-sdk-windows\platform-tools
We will assume version 9 in this guide
Really, the SDK is installed and adb is usable right now, but in my humble opinion, its not enough
I like the ability to use adb in ANY directory on my machine.
To do this, we edit Windows's environment variables.
Specifically, the system path.
To do this, we click on start, or the orb (depending on OS), and right click on Computer, left clicking on properties in the menu.
If its windows XP, I believe it brings you into advanced system properties immediatly. Vista and 7 need a second step.
On the left hand side, as you notice I have highlighted in the pdf, left click advanced system settings.
Under advanced tab, we left click environment variables...
There are two boxes here.
We are concerned with system variables, however.
So we scroll down the list and highlight path and click edit.
Ignoring all the extra stuff in here, make sure you are at the end of the line, and type
Code:
;C:\android-sdk-windows\platform-tools
The semicolon allows us to separate it
from the previous path statement.
Click ok all the way out.
We now have ADB setup globally. We can use cmd.exe (I use powershell) and no matter what directory we are in, adb is recognized.
If it is not, make certain you entered the path into system variables, and made no typos.
If you installed to a different location, you will need to adjust the path accordingly.
This concludes the section on installing the Android SDK to use ADB.
This next section will be on using ADB, so please open that pdf now.
Now, this applies to any OS, not just Windows.
Well, with the exception of the USB drivers.
I will not go too much into that, but if you take a look at the PDF, it goes through installing usb drivers for the sdk, and how to download them.
Fiarly straightforward, in that rspect.
Now, to setup our phones to use with the SDK and ADB, we must change some settings.
First, we go to menu softkey, then settings.
We scroll down to Applications and tap it.
Under Development, we will check Enable USB Debugging. Please note the SGS phones are different in this respect.
The USB cable must be unplugged before enabling or disabling this setting.
Once this is done, we are now ready to play with adb
One quick note: If you get device not found/conencted, please reboot your phone. DJ05 has a quirk in it where ADBD randomly crashes on boot.
A reboot will fix this
ADBD= ADB Daemon
Ok, continuing on.
Lets look at installing applications. This is also known as sideloading.
Unlike installing from the SD card, it does not require unknown sources to be enabled.
The command for this is
Code:
adb install packagename
This assumes that you are working from the directory where the file is located.
This will install the application to /data/app.
It will also show sometimes useful errors if install fails.
That is not something you will see from the Android GUI.
Now, a lot of us have probably deleted files with apps like Root Explorer. While this isn't really a bad thing, it leaves behind databases and data for the application removed.
This is where the 0kb applicaiton entries come from.
If you take that application entry name, you can uninstall the extra data via adb.
First we go to the adb shell which logs into the phone.
Code:
adb shell
If we end up with a $, we will want admin rights, in many cases. This is not one of them, I don't beleive.
To get admin rights, you want to type
Code:
su
Look at your phone if this is the first time, it may prompt you to allow access. Else you will get permission denied.
If you are not rooted, this will not work either.
Ok, now that we are logged in, we will type
Code:
pm uninstall packagename
where packagename is the name of the 0kb listing.
Now this seems like a pain in the a** and I agree.
HOWEVER
There will be a time where Manage applications crashes when you try to uninstall it from the phone. In this case, a factory reset, or this method is the only effective way to fix the problem.
Moving on.
How many of us have removed system applications or renamed them? Did you know that you can simply disable them from the system?
Code:
adb shell
su
pm disable appllicationname
This will disable it, and the system will ignore it.
This can be seen as safer than deleting or renaming things, but your mileage may vary.
On the other hand, you can also re-enable these applications.
Code:
adb shell
su
pm enable applicationname
Please note: Not all applications will properly re-enable. I believe a factory reset or reinstall of said application will fix the issue.
Also, application names are absolutely case sensitive.
*nix based Operating Systems see the letter 'a' and 'A' as two different things.
when you log into adb shell, you are playing by android rules
Ok, a lot of us tweak and mod our phones and turning off the device to get to clockwork recovery, or battery pulls, or multiple button holds to get into Download mode are troublesome and annoying at best.
ADB can help us here.
Here, we do not need to be logged into the shell
If we want to merely reboot the phone:
Code:
adb reboot
If we want to go to recovery (works well with voodoo5)
Code:
adb reboot recovery
If we want to go to Download Mode because we need Odin, heaven forbid:
Code:
adb reboot download
Its instant. No waiting on animations or anything else.
Its also handy if Android has locked up, but yet still works in adb.
I for one hate taking my case off to battery pull.
So now we move on to pushing and pulling files.
Sometimes, I don't feel like mounting my sd card to copy a file over to my phone.
I can use this command to push a file straight to my sd card:
Code:
adb push filename /pathtodirectoryonphone
So for instance, if I have test.txt that I want to send, I would type:
Code:
adb push test.txt /sdcard/
and there it goes.
Ok moving on
Pushing files can be done to any directory, however, some are protected.
For instance, /system is going to give you a permission denied or a read only filesystem error.
To get around this, the easiest thing to do is push the file to your sdcard, then log into the shell:
Code:
adb shell
Code:
su
We will then mount the system as writable
Code:
mount -o rw,remount /dev/block/stl9 /system
Then we can use something like
Code:
cp /sdcard/test.txt /system/app/test.txt
cp stands for copy
and it requires the path of the file and destination path. The name of the file is optional
When you copy it, you can rename it to whatever you like.
For instance, if we wanted to backup a file
Code:
cp /sdcard/test.txt /sdcard/backuptest.txt
Now, lets assume you do not have busybox installed.
You non rooted users will not.
Then you must use a slightly more complicated command called dd
This is used like this:
Code:
dd if=/sdcard/test.txt of=/system/app/test.txt
if is for inputfile
of= output file
Not every user friendly, but probably one of the safer copy commands.
Ok, moving on to pulling files.
Lets say you want to get a file from your phone, to modify, backup, etc.
To do this, we simply use adb in this manner:
Code:
adb pull /pathtofile/filename destinationname
For instance, if I wanted to backup ADW launcher in system/app
I would do this
Code:
adb pull /system/app/ADWLaucnher.apk ADWLauncher.apk
And it will pull the file from the phone and put it in the current directory.
Like above, you can specifcy where it goes.
pushing files to the sdcard, it seems prudent to talk about changing permissions.
sdcards are typically fat32, which destroys permisisons, and Android is heavily permission based.
So if you push an application to your sd card, then try to copy it to /system/app/ bad things are going to happen, or the app may not even show up.
So in that case, we use something called chmod.
This is used in this manner
Code:
adb shell
su
chmod 755 /pathtoapplication/applicationname
Keep in mind
you dont want to do this while its still on your sd card.
an example
Code:
adb shell
su
chmod 755 /system/app/ADWLauncher.apk
755 is good for applications and script files.
Just a couple more topics to cover.
Lets go over deleting files.
This becomes especially handy for removing rogue applications.
To do this, we must be in the adb shell.
Code:
adb shell
su
rm /system/app/ADWLauncher.apk
You may need to remount system as writable with:
Code:
mount -o rw,remount /dev/block/stl9 /system
That applies when using chmod as well.
So what I did above was delete ADW Launcher from system/app
However, what if I wanted to delete the entire contents of a directory?
Same thing as before, except
Code:
adb shell
rm -f /data/dalvik-cache/*.*
I just cleared my dalvik-cache with that command
very quick, very effective.
If you just tried that, please reboot your phone now
Ok....this leaves us with the final topic: logcat
logcat allows us to log what the OS is doing, and possibly delve information for when things are not working
its quite simple Reading it is another.
To use logcat
Code:
adb shell
logcat
To logcat to a certain file do
Code:
adb shell
logcat > /sdcard/logcat.txt
Now we let the log settle down to a reasonable amount of data coming in and not a wall of scrolling, then start the app in question. When it gives an error, we hit ctrl-C and kill the adb shell session.
This should have captured enough data to see the error. Now, I prepared an example. A user came to me on IRC, and Google Maps was force closing. Clearing data didnt fix it, Clearing dalvik-cache, and fix permissions did not fix it. In this case, the user did not know how to use adb So I had him grab an app called alogcat from the market and email me the log. This is also a very valid method.
this file explains what the problem was, and highlights what to look for as an example.
http://adrynalyne.us/files/logcat.pdf
___________________________________________________________________
This concludes the guide from Adrynalyne, there will be more workshops such as this one in irc.freenode.net #android-learning.
Thanks to everyone in #samsung-fascinate !
Reserved for possible extension of topic
Great, saves a lot of questions/answers & search
Every new user should read this!!
Thread stuck as valuable reference thread
Just to add, if I may, a little about the permissions...
============================================================
File permissions for Unix... which Android is based, just so those who tinker with the file permissions may know what they are getting into.
============================================================
Use the chmod command to set file permissions.
The chmod command uses a three-digit code as an argument.
The three digits of the chmod code set permissions for these groups in this order:
1.Owner (you)
2.Group (a group of other users that you set up)
3.World (anyone else browsing around on the file system)
Each digit of this code sets permissions for one of these groups as follows. Read is 4. Write is 2. Execute is 1.
The sums of these numbers give combinations of these permissions:
0 = no permissions whatsoever; this person cannot read, write, or execute the file
1 = execute only
2 = write only
3 = write and execute (1+2)
4 = read only
5 = read and execute (4+1)
6 = read and write (4+2)
7 = read and write and execute (4+2+1)
Chmod commands on file apple.txt (use wildcards to include more files)
Command Purpose
chmod 700 apple.txt Only you can read, write to, or execute apple.txt
chmod 777 apple.txt Everybody can read, write to, or execute apple.txt
chmod 744 apple.txt Only you can read, write to, or execute apple.txt Everybody can read apple.txt;
chmod 444 apple.txt You can only read apple.txt, as everyone else.
Detecting File Permissions
You can use the ls command with the -l option to show the file permissions set. For example, for apple.txt, I can do this:
$ ls -l apple.txt
-rwxr--r-- 1 december december 81 Feb 12 12:45 apple.txt
$
The sequence -rwxr--r-- tells the permissions set for the file apple.txt. The first - tells that apple.txt is a file. The next three letters, rwx, show that the owner has read, write, and execute permissions. Then the next three symbols, r--, show that the group permissions are read only. The final three symbols, r--, show that the world permissions are read only.
Compliments and full credit from:
http://www.december.com/unix/ref/chmod.html
Amazing thread just what I needed lol thanks!
cooolone2 said:
Just to add, if I may, a little about the permissions...
============================================================
File permissions for Unix... which Android is based, just so those who tinker with the file permissions may know what they are getting into.
============================================================
Use the chmod command to set file permissions.
The chmod command uses a three-digit code as an argument.
The three digits of the chmod code set permissions for these groups in this order:
1.Owner (you)
2.Group (a group of other users that you set up)
3.World (anyone else browsing around on the file system)
Each digit of this code sets permissions for one of these groups as follows. Read is 4. Write is 2. Execute is 1.
The sums of these numbers give combinations of these permissions:
0 = no permissions whatsoever; this person cannot read, write, or execute the file
1 = execute only
2 = write only
3 = write and execute (1+2)
4 = read only
5 = read and execute (4+1)
6 = read and write (4+2)
7 = read and write and execute (4+2+1)
Chmod commands on file apple.txt (use wildcards to include more files)
Command Purpose
chmod 700 apple.txt Only you can read, write to, or execute apple.txt
chmod 777 apple.txt Everybody can read, write to, or execute apple.txt
chmod 744 apple.txt Only you can read, write to, or execute apple.txt Everybody can read apple.txt;
chmod 444 apple.txt You can only read apple.txt, as everyone else.
Detecting File Permissions
You can use the ls command with the -l option to show the file permissions set. For example, for apple.txt, I can do this:
$ ls -l apple.txt
-rwxr--r-- 1 december december 81 Feb 12 12:45 apple.txt
$
The sequence -rwxr--r-- tells the permissions set for the file apple.txt. The first - tells that apple.txt is a file. The next three letters, rwx, show that the owner has read, write, and execute permissions. Then the next three symbols, r--, show that the group permissions are read only. The final three symbols, r--, show that the world permissions are read only.
Compliments and full credit from:
http://www.december.com/unix/ref/chmod.html
Click to expand...
Click to collapse
Thanks! Added
ih4ckback said:
Amazing thread just what I needed lol thanks!
Click to expand...
Click to collapse
Thanks, all goes to Adrynalyne
Thanks for the guide. Helped me pick out the stupid stupid mistakes I was making...so just a problem. I'm able to use fastboot easily but I seem to be unable to use ADB still on my windows 7. It says there are no devices and I'm dang well sure I have USB debugging on. Is it because Windows 7 is missing drivers for the nexus one or something else?
wonderful guide. I would like to add it to the guides thread.
Really awesome work, thumbs up.
But we should also take a guide on installing adb with Ubuntu/Linux, which isn't a very difficult thing...
mm7490 said:
Really awesome work, thumbs up.
But we should also take a guide on installing adb with Ubuntu/Linux, which isn't a very difficult thing...
Click to expand...
Click to collapse
If I got time tomorrow I could do that. I work primarily in Linux also
Sent from my Samsung Fascinate using Tapatalk Pro
This is good but I have a problem, when I try to remove an .apk file from /system/app it fails and says 'rm failed, Directory not empty'
I have followed exact instructions many time but never succeeded :s any help!!
(I am runnging these commands in device mod)
when I am in recovery mod I get this prompt ~ # and I am not able to enter su mod. how to get rid of this??
Well when the $ changes to # it means you have SU access
mustafa.aziz said:
This is good but I have a problem, when I try to remove an .apk file from /system/app it fails and says 'rm failed, Directory not empty'
Click to expand...
Click to collapse
Please give us the exact command(s) you entered
Here are the commands I entered after adb shell;
su
mount -o rw,remount /dev/block/stl9 /system
rm /system/app/mytouchmusic-signed.apk
exact message returned is 'rm failed for mytouchmusic-signed.apk, Directory not empty'
mustafa.aziz said:
Here are the commands I entered after adb shell;
su
mount -o rw,remount /dev/block/stl9 /system
rm /system/app/mytouchmusic-signed.apk
exact message returned is 'rm failed for mytouchmusic-signed.apk, Directory not empty'
Click to expand...
Click to collapse
Ok i think you need to do a recursive force delete which should be rf but i am not too sure! could somebody please confirm/ correct this?
Well, I don't think so ^^ As he doesn't want to erase a whole directory, but only a file.
What surprises me the most is the returned message... You're trying to delete an apk, and it says it's a directory :/
Could you please give us the output of this :
Code:
su
mount -o rw,remount /dev/block/stl9 /system
ls -l /system/app/mytouch*
Perhaps you don't even need the su and mount lines, but I'm not sure about that, and that can't harm your system ^^
Khoral said:
Well, I don't think so ^^ As he doesn't want to erase a whole directory, but only a file.
Click to expand...
Click to collapse
I know he doesn't want to delete a whole directory, but since the apk isn't compressed perhaps android looks at is as a directory and not a file? i don't know since what was returned suggested that it was a directory i presumed it was a directory! :S
mustafa.aziz said:
Here are the commands I entered after adb shell;
su
mount -o rw,remount /dev/block/stl9 /system
rm /system/app/mytouchmusic-signed.apk
exact message returned is 'rm failed for mytouchmusic-signed.apk, Directory not empty'
Click to expand...
Click to collapse
rm -rf /blah/blah
here is your desired output:
sh-3.2# su
su
sh-3.2# mount -o rw,remount /dev/block/stl9 /system
mount -o rw,remount /dev/block/stl9 /system
sh-3.2# ls -l /system/app/mytouch*
ls -l /system/app/mytouch*
-rw-r--r-- root root 299838 2008-08-01 18:00 mytouchmusic-signed.apk
sh-3.2#
Hello,
Thanks for looking at this post! I wanted to post it to the rooting thread, but I'm too much of a noob to have access to developer threads. I searched around (both here and google), but couldn't find any useful info on my problem.
I'll get right to the point. I rooted my Acer A500 (after doing an OTA update to 4.0.3), as per the instructions on this thread:
http://forum.xda-developers.com/showthread.php?t=1546593
Everything seems to have worked well (I have root access, etc), but there is something quirky with Busybox. Every time I type a command in terminal (it doesn't matter which - I use both connectbot and terminal emulator), I get a "precmd: not found" message (even for simple things like directory changes). The odd thing is: the commands work, but I still get the message. For instance, if I ask for a directory listing, I'll get the listing, and at the end, it will say precmd: not found (usually with the name of the command it's referencing, e.g. bash: precmd: not found).
It seems to be looking for it in /system/xbin/bash, but bash is in /data/local; I tried creating a symlink but it didn't work ("link failed Cross-device link"). This is really a nuisance, and I'd like to try installing some linux user-land tools, but I fear the outcome might be disastrous if the busybox tools are misconfigured somehow.
I'd appreciate and help/suggestions. Many thanks.
mdhobbes said:
"precmd: not found" message
Click to expand...
Click to collapse
Connectbot seems to set shell variable 'PS1' to "$(precmd)[email protected]$HOSTNAME:${PWD:-?} $ ".
It means your shell (the busybox's ash applet) will try to use output from 'precmd' as a part of a command prompt.
So when 'precmd' was not provided, error messages will be generated wenever a prompt was to be shown.
Though the messages should be safe to ignore, you may get rid of them by setting something harmless to PS1 like:
PS1="> ", or reset PS1 by:
unset PS1from your (busybox) shell.
# The same method should work for terminal emulator.
precmd is a shell function.
To display it run this from the default shell:
Code:
typeset -f
You will see something like
Code:
function precmd {
typeset e=$?
let " e " && print -n "$e|"
}
If you add that to one of your shell's startup files (".profile", ".bashrc", etc.) you will have a working precmd.
It works (function runs), but shows nothing neither 0 or error code. What is it?
[edit]
Nvm, my fault, figured it out
HOW TO ROOT YOUR LENOVO IDEATAB A1000
<DISCLAIMER>
By attempting these steps, your warranty will be void. Even worse than that, it might cause crashes, freezes, random explosions, 2nd degree burns, or even turn your beloved tab into $100+ paperweight. What works on mine might not work on yours, so don't attempt if you don't know what you're doing. Do at your own risk. Corrections are welcome. I must admit that I'm not an expert, so any info I posted might be wrong, and I can't offer you much help. I'm not responsible for anything arising from the use of this how-to. I can only wish you good luck.
<WHY ROOT?>
- Without root or OTA upgrades (at time of writing, Indonesian customers still can't get it), you'll be stuck with ~500MB internal memory. That's annoying.
- You're stuck with the default IO scheduler (cfq) and governor (hybrid, haven't heard that one..)
- You have an incredibly large amount of bloatware you can't get rid of, in that already cramped up internal storage
- Did I mention freedom?
<REQUIREMENTS>
This method is originally used to root Acer Iconia B1-A71. Somehow I noticed that the two actually has the same chipset, MTK8317 (if it really was relevant ). So I tried the method, and through sheer n00b's luck, it worked like a charm!
Lenovo IdeaPad A1000-G --> 4GB storage, 2G/EDGE. This method haven't been tested on A1000-T/F, different storage cap (16GB, etc.) or other variants, but it should work with slight modification. Screenshots of my specs are attached below. Remember, proceed at your own risk!
A Linux System. Never tried on Windows or Mac. I personally used Linux Mint 15. The source post uses Ubuntu.
working ADB (android-tools-adb). You can get this from synaptics, apt-get, etc. If your system can detect adb devices, you should be fine.
Superuser Binary
Busybox Binary (You can get these two from the links on original post. XDA says noobs can't post links :'( )
ORIGINAL THREAD
<CREDITS>
XDA Senior Member entonjackson, for writing such a noob-friendly how-to for rooting Acer Iconia B1-A71 and for allowing me to use it for this how-to.
XDA Member alba81, for discovering the method as acknowledged on the original post by entonjackson
All awesome gurus on XDA which I can't mention one by one.
<THE STEPS>
1. Extract the android sdk to your home folder, e.g. a user named Bob will use like /home/bob
2. Open a terminal
3. Now plug your A1000 into your machine and turn on Debugging Mode (Go into Settings -> Developer Tools, turn on Developer tools, then turn on USB Debugging Mode)
4. Now back at the keyboard of your Linux machine in your terminal type:
Code:
sudo adb devices
The output should be something like:
Code:
123456789ABCDEF device
If it's not, google for it. Somehow your Linux hasn't detected the A1000, although the android sdk for Linux brings all needed drivers with it.
If your device was found, congratulations. The adb connection between your linux machine and your tablet is intact.
5. Now extract the downloaded busybox archive to your home folder, in it there should be a busybox binary. So Bob does:
Code:
sudo ./adb push /home/bob/busybox /data/local/tmp
Code:
sudo ./adb shell
Code:
chmod 755 /data/local/tmp/busybox
6. You should copy the busybox binary into a directory where you can access it as a plain non-root user on the tablet. We need this binary. so we can apply unix tools like telnet, dd, cat, etc. But for now we need it to establish a telnet session between our tablet and our linux machine.
(This point is written on original post. Seems important, but as soon as I finished step 5, I can use those tools)
7. Dial *#*#3646633#*#* to enter Engineer Mode
8. Go to Connectivity -> CDS Information -> Network Utility
9. type the following command:
Code:
/data/local/tmp/busybox telnetd -l /system/bin/sh -p 1234
Advice from original poster: copy and paste it from the browser on your tablet, because dependent on which keyboard app installed, this can be freakin tricky. In the next step you will learn, why it's so important why this command should be correct.
10. Tap on Run. You won't get any feedback, so you will never know if the entered command runs properly or not. That's why you should make sure the command is ok.
Now we have started our telnet server on the tablet.
11. Back in the terminal type:
Code:
/data/local/tmp/busybox telnet 127.0.0.1 1234
If you now get an error like couldn't find busybox or something, then either adb push failed or you forgot to chmod, in step 5
12. Now enter:
Code:
cat /proc/dumchar_info
You should get a bunch of lines, try to find a line containing the partition named android
{..... partition list .....}
android 0x0000000028A00000 0x00000000020E8000 2 /dev/block/mmcblk0p3
{..... partition list .....}
13. We will create a dump of our android system. This is the point where different variants *MIGHT* have different parameters. This step is important, as wrong parameter will result in unmountable image.
Stop. Take a deep breath. If you're not familiar with dd, find a good doc of it. There's a plethora of them.
Get yourself a programmer's calculator (Linux Mint 15 has one built in).
Here's what you'll do :
Convert the hex number on the 3rd column into decimal. In my case (0x20E8000) will yield 34504704. Divide by 4096. The result (8424) goes to the skip parameter.
Convert the hex number on the 2nd column. In my case (0x28A00000) will yield 681574400. Divide by 4096. The result (166400) goes to the count parameter.
So the full dd command will look like :
Code:
dd if=/dev/block/mmcblk0 bs=4096 skip=8424 count=166400 | gzip > /cache/system.img.gz
Do a full sanity check before hitting enter! It will take about 5 minutes.
14. After it's finished we must make the image readable for adb, so we do:
Code:
chmod 777 /cache
and
Code:
chmod 777 /cache/system.img.gz
15. Leave the telnet, and then adb shell session by:
Code:
exit
Code:
exit
16. Now we pull our image by
Code:
sudo adb pull /cache/system.img.gz
wait 1-2 minutes.
It should be then located inside /home/bob. It did for me. If not, do a search . It should be a .gz, extract it right there (or /home/bob if it isn't there)
17. Now we need to modify our system image by adding the tiny but helpful su binary. Extract the SU binary to /home/bob.
18. We create a folder where we will mount our system image to. To create it do:
Code:
sudo mkdir /media/a1000
19. Now we mount it:
Code:
sudo mount -o loop /home/bob/system.img /media/a1000
if it fails, then you entered wrong parameters on step 13
20. Now we copy our SU binary to our mounted system image:
Code:
sudo cp /home/bob/su /media/a1000/bin
21. the su binary needs to have the proper rights to make it usable, so we 'suid' it with:
Code:
sudo chmod 06755 /media/a1000/bin/su
22. Let's unmount our baby by:
Code:
sudo umount /media/a1000
and because bob doesn't like a messed up system, he does:
Code:
sudo rm -rf /media/a1000
because he hopefully won't need it anymore.
23. We have to gzip it again to bring it back to where it belongs to. this we do by:
Code:
cd /home/bob
Code:
gzip /home/bob/system.img
24. So here we are now, we made it to the final Boss fight! The next steps are dangerous and should be performed with caution. We copy back our modified system image, which can brick your device, if you do a mistake! Enter adb shell again :
Code:
sudo adb shell
25. Remove the old boring image:
Code:
rm /cache/system.img.gz
26. Leave adb shell
Code:
exit
27. copy our cool new system image containing the su binary:
Code:
sudo adb push /home/bob/system.img.gz /cache
28. Enter adb shell again
Code:
sudo adb shell
29. Usually the telnet server on the tablet is still running, at least in my case it's been like that. That's why we can directly connect to the telnet server with:
Code:
/data/local/tmp/busybox telnet 127.0.0.1 1234
If this doesn't work, then obviously your telnet server isn't running anymore. So on your tablet if the telnet command is still entered (see step 9), tap on Run again and repeat step 29.
30. Now this is the most dangerous step in this how to (no it wasn't the mkdir one). You can copy following command to make sure everything is fine and paste it into your telnet session on your linux terminal.
<WARNING! SANITY CHECK! MAKE SURE *ALL* THE DD PARAMETERS MATCH THE FIRST DD (STEP 13) OR YOUR A1000 WILL TURN INTO A VERY EXPENSIVE PAPERWEIGHT!>
Code:
[B]/data/local/tmp/busybox zcat /cache/system.img.gz | dd of=/dev/block/mmcblk0 bs=4096 seek=8424 count=166400[/B]
After 1-2 minutes you're done, if your tablet or pc or yourself didn't catch fire, everything's fine.
31. Leave telnet / adb shell by doing
Code:
exit
Code:
exit
32. Reboot your A1000 via ADB, then exit
Code:
sudo adb reboot
Code:
exit
33. Unplug your tablet from PC
34. Install Superuser (No, not SuperSU, cause it won't work!). I personally use Superuser by ChainsDD, from Play Store
35. Be lucky. Your tablet and thus you are now free!
Don't forget to hit thanks, if this helps
hi, after step 13 (i double checked the command), i get this error
Code:
/system/bin/sh: can't create /cache/system.img.gz: Permission denied
/dev/block/mmcblk0: cannot open for read: Permission denied
I have the WiFi 4G version
Im too stuck in step 13.....nothing wrong with the script, can u give me a solution?
Im using A1000G also
@ts
Your guide work perfectl, in windows enviroment but mount step still need linux,
I've question are you using DirectoryBinding? Mine always close when playing Real Racing, its very annoying
You have suggeztion or alternative for DirectoryBinding?
Root with Windows ?
Hi,
I am a new member because i bought this tblet but i can't root. I don't have a linux environment, so there is a solution with W8 Pro 64 ?
Thanks a lot for you help,
ulisez said:
hi, after step 13 (i double checked the command), i get this error
Code:
/system/bin/sh: can't create /cache/system.img.gz: Permission denied
/dev/block/mmcblk0: cannot open for read: Permission denied
I have the WiFi 4G version
Click to expand...
Click to collapse
have you chmod-ed the busybox (or is the chmod successful without error)? Try chmod-ing the /cache before attempting step 13. It seems that you still don't have access to the NAND device (mmcblk0). Have you updated firmware via OTA?
artonelico said:
Im too stuck in step 13.....nothing wrong with the script, can u give me a solution?
Im using A1000G also
Click to expand...
Click to collapse
Do you encounter the same error message like ulisez had? Could you post the screenshot of the partition list (the lines after you execute dumchar_info)?
rmage said:
@ts
Your guide work perfectl, in windows enviroment but mount step still need linux,
I've question are you using DirectoryBinding? Mine always close when playing Real Racing, its very annoying
You have suggeztion or alternative for DirectoryBinding?
Click to expand...
Click to collapse
I personally use Link2SD by Bulent Akpinar to link apps to 2nd partition on my SDcard.
Letsar said:
Hi,
I am a new member because i bought this tblet but i can't root. I don't have a linux environment, so there is a solution with W8 Pro 64 ?
Thanks a lot for you help,
Click to expand...
Click to collapse
The original developer who posted the method (entonjackson) plans to integrate the method in the next release his toolkit, the Acer Iconia Toolkit. I think you should check his thread : http://forum.xda-developers.com/showthread.php?t=2240029
sammymaddog said:
have you chmod-ed the busybox (or is the chmod successful without error)? Try chmod-ing the /cache before attempting step 13. It seems that you still don't have access to the NAND device (mmcblk0). Have you updated firmware via OTA?
Do you encounter the same error message like ulisez had? Could you post the screenshot of the partition list (the lines after you execute dumchar_info)?
I personally use Link2SD by Bulent Akpinar to link apps to 2nd partition on my SDcard.
The original developer who posted the method (entonjackson) plans to integrate the method in the next release his toolkit, the Acer Iconia Toolkit. I think you should check his thread : http://forum.xda-developers.com/showthread.php?t=2240029
Click to expand...
Click to collapse
Link2SD doesn't link app data, do you have any option?
yes i had same message with ulyses, by the way im from indonesia too can i contact you through chat client?
oh yeah im using windows 7 and using cmd as a terminal in linux
thx before bro
sammymaddog said:
The original developer who posted the method (entonjackson) plans to integrate the method in the next release his toolkit, the Acer Iconia Toolkit. I think you should check his thread : http://forum.xda-developers.com/showthread.php?t=2240029
Click to expand...
Click to collapse
Ok, i see his toolkit. It's very good. I'll wait
rmage said:
Link2SD doesn't link app data, do you have any option?
Click to expand...
Click to collapse
I'm not sure whether the stock kernel of our devices supports init.d, thus supports CronMod/Data2SD. Lenovo locked our bootloader, and currently there's no way around it. So I personally think, Link2SD method are the best option for now.
Let's give it several months until our dev gurus bring their miracles upon this device
The attached image shows mt6577 Hardware, can u provide the Soc details please
Hi, Can any one upload Lenovo ideatab A1000 system.img
in step 20, it appears you are writing to a /bin directory on the android system. However such a directory is not visible either through shell or the system telnet account.
Do I need to understand something else about android to make sense of this.
regards
vidya
one month gone past but the op seems to be in caves or has bricked the device
STOCK ROM
CAN ANY BODY PROVIDE ME A STOCK ROM OF THIS DEVISE
I HV ROOTED SUCCESSFULLY BY A VERY EASY METHOD
BUT SCREWED UP WHILE UPDATING IT SO PLZ PLZ HELP ME OUT
THE DEVICE BOOTS BUT ALL THE APP CRASHES :crying::crying:
VR.gtmini said:
The attached image shows mt6577 Hardware, can u provide the Soc details please
Click to expand...
Click to collapse
VR.gtmini said:
one month gone past but the op seems to be in caves or has bricked the device
Click to expand...
Click to collapse
sorry to make you wait. I'm a last grader university student, and final project stuffs have got me pinned down. Hope you understand
Actually the SoC is MT8317. For some god-knows reason Mediatek have made this SoC with signatures similar to MT6577. But somehow CPU tweaker correctly detects the SoC (MT8317). Maybe it's the CPU-Z bug?
unknown_world said:
Hi, Can any one upload Lenovo ideatab A1000 system.img
Click to expand...
Click to collapse
zod0070 said:
CAN ANY BODY PROVIDE ME A STOCK ROM OF THIS DEVISE
I HV ROOTED SUCCESSFULLY BY A VERY EASY METHOD
BUT SCREWED UP WHILE UPDATING IT SO PLZ PLZ HELP ME OUT
THE DEVICE BOOTS BUT ALL THE APP CRASHES :crying::crying:
Click to expand...
Click to collapse
I'm uploading the modified .img. Let's pray my old HSPA modem won't catch fire by the morning.
vidyadhara said:
in step 20, it appears you are writing to a /bin directory on the android system. However such a directory is not visible either through shell or the system telnet account.
Do I need to understand something else about android to make sense of this.
regards
vidya
Click to expand...
Click to collapse
I think you got it wrong. The write process does not take place on the device. It's on the loop-mounted .img in /mnt/a1000 on your computer (step 18-19). Cheers!
Here's the ALREADY BUSYBOX-ED .img for Ideapad A1000-G 4GB EDGE version. Hope it helps :
www dropbox com/s/rmpnz7c285t5sqz/system.7z
sammymaddog said:
Here's the ALREADY BUSYBOX-ED .img for Ideapad A1000-G 4GB EDGE version. Hope it helps :
www.dropbox.com/s/rmpnz7c285t5sqz/system.7z
Click to expand...
Click to collapse
Thanks for coming back, could u post the MD5 of the system.7z & system.zip.
Also could u provide simple way/steps to directly flash this .img without extracting existing stock system image
My tab A1000-G
do you have stockROM for lenovo A1000G
I need this :crying:
raffly said:
do you have stockROM for lenovo A1000G
I need this :crying:
Click to expand...
Click to collapse
Don't worry, the above link is a stock Lenovo A1000 G ROM, but with pre-root files having no superuser app. Just extract the .7z file
System.7z MD5: 658CA71AC8A230B244F267513857F9A5
@Zaphodspeaks
Z,
okay i found a lead here http://stackoverflow.com/questions/...-android-device-failing-to-bind-tcp-port-5037
Android enforces its Internet Permission via a modification to the Linux Kernel which checks that a process is a member of an associated unix group before allowing it to open sockets in the AF_INET domain.
Such membership is inherited, so native code executed, either as a JNI library or by invoking a distinct executable, will only be able to perform network operations if it is either run as a privileged user automatically having this membership (such as adb's "shell" account, or as root on an engineering build) or run under the identify of an application package having the Internet permission in its manifest.
Click to expand...
Click to collapse
i'm going to snoop around the source and se if i can figure out how to tweak android tools source to build a modded adb and daemon and try it out.
interesting side note, even without root as long as adb is insecure you can push and run certain scripts and binaries seemingly outside of security if you work out of /data/local/tmp
for anyone wondering i had a though that maybe i could use the tab's in-house adb to connect to "itself" and achieve a root prompt.
m
EDIT- I found Q&A !!! i think ? umm this is q&a right? xD
This looks promising and fascinating.. If you pull this off, I think you will be the first to ever of done anything like this..
Zaphodspeaks said:
This looks promising and fascinating.. If you pull this off, I think you will be the first to ever of done anything like this..
Click to expand...
Click to collapse
I'd like to try it, i've been working with some simple c programming execises for the last few days
trying to figure out how to get certain system calls to work for miscellanious hooliganery! xD
i found out if you run /init in terminal you will reboot your device to recovery.
i have to re-flash a clean instance of the lp 5.1.1 firmware and then the unsecured boot.img so selinux is still intact,
then push a copy of the init binary to /data/local/tmp via adb and execute it.
if it works , then i have some neat ideas!
m
edit- i also have a new boot image which automatically mounts my debian chroot and exports the $PATH to my gcc
to anyone who needs to mount a custom block device
you need an entry like this in init.environ.rc
# Debian CHROOT
export DEBIAN_ROOT /debian
export TMPDIR /tmp
mount -t proc none /debian/proc
mount -t sysfs none /debian/sys
mount -o bind /dev /debian/dev
mount -o bind /proc/net /debian/proc/net
mount -t devpts none /debian/dev/pts
[this is for mounting my chroot, so all i have to do is run the chroot command itself and all my needed mounts are already in place]
and amend your path and ld library entries
export PATH /sbin:/vendor/bin:/system/sbin:/system/bin:/system/gcc/bin:/system/xbin:/bin:/usr/bin:/usr/sbin
export LD_LIBRARY_PATH /system/lib:/system/gcc/lib:/system/vendor/lib
NOTE TO SELF- pipe the output of strace <command> to text
strace id &> narc.txt
moonbutt74 said:
I'd like to try it, i've been working with some simple c programming execises for the last few days
trying to figure out how to get certain system calls to work for miscellanious hooliganery! xD
i found out if you run /init in terminal you will reboot your device to recovery.
i have to re-flash a clean instance of the lp 5.1.1 firmware and then the unsecured boot.img so selinux is still intact,
then push a copy of the init binary to /data/local/tmp via adb and execute it.
if it works , then i have some neat ideas!
m
Click to expand...
Click to collapse
Damn I wish I had your skills.. Programming is NOT my forte.... Hardware repair and PC diagnostics is what I'm best at..
@Zaphodspeaks
OKAY,
stumbled across something interesting, this will be slightly interrupted as i need to switch to tab for the second part of the post,
[via adb shell]
strace adb shell
one line in particular caught my notice in the output of strace
Code:
connect(3, {sa_family=AF_FILE, path="[COLOR="Red"]/tmp/5037[/COLOR]"}, 12) = 0
back in a minute... okay, i'm on tab from clean reboot,
when running adb shell [remember the above] i get this
Code:
[email protected]:/ # adb shell
* daemon not running. starting it now on port 5038 *
* daemon started successfully *
error: device not found
1|[email protected]:/ #
okay now [with unsecured boot.img] as normal user in tab you cannot do this part, BUT you can via adb shell on pc-side
Code:
mkdir /data/local/tmp/5038
EDITED - see edit below [dammit, i really have to start taking notes]
EDIT
that's maybe a "HIT" of some kind. How to make it work from there i'm not sure yet.
okay i goofed by mkdir 5038 should actually be a link to socket [DERP]
i'll get back to this after some breakfast so as to avoid brain death from overcaffination. xD
i had to edit this, i lost a step somewhere, should have posted all of this from the first time around
I'm trying to understand sockets and pipes, yay!
m
okay
i learnded me how to create a symlink to a socket
ln socket:[5038] /blah-blah/5038 [sort of ]
i'm guessing i need to be looking at how /proc works
for an example in /proc/5743/fd
10 -> socket:[41910]
from http://www.linuxquestions.org/quest...an-i-create-a-socket-file-248399/#post4398605
Lots of misunderstanding here; let's see if I can clarify.
A socket file is not a regular file, it's more like an IP address (it is also not a fifo, although those are similar). A socket file is created by the system when a program calls bind on a unix domain socket, which is a special kind of network socket that can only be internal to one computer. The system then associates this special file with the socket file descriptor that the program bound (or more specifically, the "inode" to which that file descriptor refers).
From that point on, the program that created the socket has no interaction with the socket by the filename. If you move it elsewhere, create new links to it, or remove it, you may confuse other programs that are trying to talk to the program in question, but the program itself won't see it at all. You are only changing the set of names that point at that inode (and you can connect to the listening program at that new name!). Thinking of the filename as a domain name, the inode as the ip address, and the filesystem as DNS isn't so very far off.
Click to expand...
Click to collapse
i'm guessing sock_create is a c thing http://linux.die.net/man/2/socket
i have authbind "working" after getting the source configured for ndk-build , but i don't yet know what a good example of it's usage would be to prove that it functions as it should.
@osm0sis,
okay, as per your instucts , i did this
[email protected]:/ # cat /sdcard/dooby
#!/system/bin/sh
cd /sdcard
setprop service.adb.tcp.port 5555
stop adbd && start adbd
adb connect 192.168.254.42
pwd
adb shell pwd
[email protected]:/ # /sdcard/./dooby
connected to 192.168.254.42:5555
/sdcard
/
[email protected]:/ #
now of i understand this correctly i am connecting to myself via my router, right?
you know, if i remount / and touch this script there and run it with a little modification i can probably create a loop, xD
Sounds fun. Glad to be of service.