So, when I first applied the JI6 update from OTA, the phone stopped booting (I had RyanZA's lagfix applied at that time). Restored to stock w/ Odin and applied the JI6 that had been posted here and that worked fine. Today i re-applied the same ext2 lagfix, but had to adjust it a tad to add a remount command for /system because it failed setting up userinit.sh for rebooting, but that worked fine.
The problems appeared after a reboot. several apps were misbehaving, and i saw these messages in logcat:
Code:
E/ApplicationContext( 3232): Couldn't create directory for SharedPreferences file [COLOR="red"]/data/data/[/COLOR]com.alfray.timeriffic/share
d_prefs/com.alfray.timeriffic_preferences.xml
E/AndroidRuntime( 3232): Uncaught handler: thread main exiting due to uncaught exception
E/AndroidRuntime( 3232): java.lang.RuntimeException: Unable to resume activity {com.alfray.timeriffic/com.alfray.timerif
fic.profiles.ProfilesUI}: android.database.sqlite.SQLiteException: [COLOR="Red"]database is locked[/COLOR]
The first one immediately raised a red flag for me, and the second is concerning (I'm not sure where these databases are stored but i think they may be /data/data).
So i open adb shell as root and tried to create a file in my new ext2 partition and i get this:
Code:
# echo "" > com.alfray.timeriffic_preferences.xml
cannot create com.alfray.timeriffic_preferences.xml: [COLOR="red"]remote access failed[/COLOR]
#
but the file was created at some point, i did these things a few minutes later:
Code:
# pwd
pwd
/data/ext2data/data/com.alfray.timeriffic/shared_prefs
# mount
mount
rootfs / rootfs ro 0 0
tmpfs /dev tmpfs rw,mode=755 0 0
devpts /dev/pts devpts rw,mode=600 0 0
proc /proc proc rw 0 0
sysfs /sys sysfs rw 0 0
/dev/block/stl6 /mnt/.lfs j4fs rw 0 0
tmpfs /sqlite_stmt_journals tmpfs rw,size=4096k 0 0
none /dev/cpuctl cgroup rw,cpu 0 0
/dev/block/stl9 /system rfs ro,vfat,log_off,check=no,gid/uid/rwx,iocharset=utf8 0 0
/dev/block/mmcblk0p2 /data rfs rw,nosuid,nodev,vfat,llw,check=no,gid/uid/rwx,iocharset=utf8 0 0
/dev/block/mmcblk0p3 /data_tmo rfs rw,nosuid,nodev,vfat,llw,check=no,gid/uid/rwx,iocharset=utf8 0 0
/dev/block/stl10 /dbdata rfs rw,nosuid,nodev,vfat,llw,check=no,gid/uid/rwx,iocharset=utf8 0 0
/dev/block/stl11 /cache rfs rw,nosuid,nodev,vfat,llw,check=no,gid/uid/rwx,iocharset=utf8 0 0
/dev/block/stl3 /efs rfs rw,nosuid,nodev,vfat,llw,check=no,gid/uid/rwx,iocharset=utf8 0 0
[COLOR="red"]/dev/loop0 /data/ext2data ext2 rw,noatime,nodiratime,errors=continue 0 0[/COLOR]
/dev/block//vold/179:1 /sdcard vfat rw,dirsync,nosuid,nodev,noexec,uid=1000,gid=1015,fmask=0102,dmask=0002,allow_utime=0
020,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro 0 0
/dev/block//vold/179:9 /sdcard/sd vfat rw,dirsync,nosuid,nodev,noexec,uid=1000,gid=1015,fmask=0000,dmask=0000,allow_utim
e=0022,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro 0 0
# ls
ls
[COLOR="Red"]com.alfray.timeriffic_preferences.xml[/COLOR]
#
Huh? Then i tried to read or delete that file:
Code:
# cat com.alfray.timeriffic_preferences.xml
cat com.alfray.timeriffic_preferences.xml
com.alfray.timeriffic_preferences.xml: [COLOR="red"]Stale NFS file handle[/COLOR]
# rm com.alfray.timeriffic_preferences.xml
rm com.alfray.timeriffic_preferences.xml
rm failed for com.alfray.timeriffic_preferences.xml, Stale NFS file handle
#
So, any suggestions?
"Today i re-applied the same ext2 lagfix, but had to adjust it a tad to add a remount command for /system because it failed setting up userinit.sh for rebooting, but that worked fine."
I don't understand why you had to adjust anything and that should be the first indicator that you did something wrong.
Odin back to stock, making sure to use the 512 pit file. Odin to JI6, no pit file needed. Download OCLF from the market, root and then try again. I've used OCLF probably 20 times and never had any issues.
Or, take a look in the development forum. There is a new lagfix that I am using, Z4Mod. Works pretty well.
Edit: Actually, I should say that it works remarkably well. Here is the link: http://forum.xda-developers.com/showthread.php?t=822964
Hmm? The /system was mounted as read-only and the script i was using assumed it was read/write mounted. I remounted it rw and didn't change anything else. Thanks for the advice but i don't really need to reflash back to stock, that's an incredible hassle so i just put my phone back the way it was manually and it's working fine now. I didn't use the OCLF from the market but the original shell scripts that were released... That's more comfortable for me because i can know what the scripts are doing and roll the changes back manually if it goes sideways, like in this case.
I'm guessing that my phone crashed and corrupted the ext2 file, i did find it to be powered off unexpectedly but i thought my battery had just run down.
hy cracks
I have a car radio with windows ce - manufacturer lg.
I would like to customize the firmware upgrade (change images....).
somebody has an idea how I can unpack the upgrade.LGU file and pack again later?
can´t find tools for this
thank you for your help
voila !
nordic09 said:
hy cracks
I have a car radio with windows ce - manufacturer lg.
I would like to customize the firmware upgrade (change images....).
somebody has an idea how I can unpack the upgrade.LGU file and pack again later?
can´t find tools for this
thank you for your help
Click to expand...
Click to collapse
here you go - download attachment
it's a tool to convert lgu files to directory and vice versa
to be used in command line this way:
lgu2dir <path to lgu file> <path to folder where where the contents will be unpacked>
ex: lgu2dir upgrade.lgu root
lost_things said:
here you go - download attachment
it's a tool to convert lgu files to directory and vice versa
to be used in command line this way:
lgu2dir <path to lgu file> <path to folder where where the contents will be unpacked>
ex: lgu2dir upgrade.lgu root
Click to expand...
Click to collapse
thank you - you are my hero
the tool works great
you know a way to convert the files back to a lgu-file too?
nordic09 said:
thank you - you are my hero
the tool works great
you know a way to convert the files back to a lgu-file too?
Click to expand...
Click to collapse
yes, see the attachment
Usage: dir2lgu <content name> <in folder> <out lgu file>
thank you again lost_things
lost_things said:
yes, see the attachment
Usage: dir2lgu <content name> <in folder> <out lgu file>
Click to expand...
Click to collapse
Unfortunately dir2lgu does not work on windows xp.
Can you make a version that also works on my old operating system.
Thank you.
need working windows version this one is not win32 valid application or i miss something
thanks
changing only one file within the LGU without extracting anything is possible?
Hello guys, first thanks for the help with the file compression and decompression of the LGU, but I have a problem when compressing the file again made a change in one of the firmware files and recompile the file is not accepted as update my device I believe it has something to do dir2lgu different from the original build program which makes it invalid on the device, so I wonder if there is any header possibilidede the only LGU that change a file without extract, because I need to unlock a device and only need need to change an exe within the LGU, is this possible? who developed these programs that kind of compression they use? I'm 3 months in search of a solution and nothing would be grateful for an answer that will help many people.
need a new lgu2dir for a newer version of .lgu files
Hello guys,
seems like lg made a new version of the car radio with windows ce, and the new .lgu files can not be opened by the old tools.
Thanks.
Same here, new version of lgu, cannot be opened, file signature (or magic number if u prefer) is now ULC2.
And the archive in the lgu container is no more RAR but a Zip tipe, as usual seen inside the file with the hex editor, i tried to cut out the archive but archive won't work i suspect that's somenthing like a byte shift or other kind of "protection".
I have spotted that at address from block 18 to 1B is stored that crc in reverse way.
But i'm not found the way to recover the internal archive.
@lost_things Did you have a new version? (If u are still around here, seems that these posts are the only 2 that you are ever made )
Thank you in advice.
@viberfm
Are you working with new medianav evolution firmware too?
New lgu tools available
Warm thanks ! You made a really great job djeman !!
Works perfectly both for 'old' and 'new' files. Be careful to position appropriate 'content-name' and 'label' when recompressing, your car application may need it to work appropriately.
Hi,
@djeman the new dir2lgu.exe, don't get any options, if you try to pass -l o -u, don't care it create always an lgu0 type, and -n and -p don't work at all, i hope u can fix it.
Thank you for you work anyway
sala_test said:
Hi,
@djeman the new dir2lgu.exe, don't get any options, if you try to pass -l o -u, don't care it create always an lgu0 type, and -n and -p don't work at all, i hope u can fix it.
Thank you for you work anyway
Click to expand...
Click to collapse
+1 same here.
Sorry but all works fine
I'm trying right now in win 7 and win 10, with -u option it crate a lgu0 file, with -n something, it show me the help like I have put something wrong, lgu2dir instead works fine.
@djeman
Tested now:
-u ulc2 format not work as you can see here
Code:
E:\testxda>dir2lgu.exe -u test test.lgu
creating C:\Temp\TFRC451.tmp
file test.txt crc 0
file C:\Temp\TFRC451.tmp crc 8bb6d8f8
E:\testxda>dir
Il volume nell'unità E è Volume
Numero di serie del volume: 7807-6F2B
Directory di E:\testxda
19/05/2016 16:37 <DIR> .
19/05/2016 16:37 <DIR> ..
19/05/2016 16:36 123.392 dir2lgu.exe
19/05/2016 16:36 96.256 lgu2dir.exe
19/05/2016 16:36 <DIR> test
19/05/2016 16:37 1.152 test.lgu
E:\testxda>type test.lgu
LGU0 Ç °ÏÂï 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■ ■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■ ■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■ ■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■ ■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■- u ■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■■ d▀4DÐ%■ñ╠$‗<í×êÑÆRFyµ+UÊÜØrj½‗┬_8█wÌPG5c%\▄os0╦Ë·ZÉeÍ░:Llü└ │¤=W Rar!»è╝Ý╝ìyRíù┴2NáÑ[¹z`L"µ█"NzDO┐ª┤ï\÷iå^¹Ï2e
and with -n don't do nothing like you can see here:
Code:
E:\testxda>dir2lgu.exe -n comment test test.lgu
Usage: dir2lgu [options] <content name> <in folder> <out lgu file>
-n <name> name label (" " by default)
-l lgu0 format (default)
-u ulc2 format
-p <m1|m2> preset medianav 1 or 2
Arf ... I forget to protect the execution when one argument is missing ^^
Usage: dir2lgu [options] <content name> <in folder> <out lgu file>
-n <name> name label (" " by default)
-l lgu0 format (default)
-u ulc2 format
-p <m1|m2> preset medianav 1 or 2
Click to expand...
Click to collapse
In "dir2lgu.exe -u test test.lgu":
[options] = -u
<content name> = test
<in folder> = test.lgu
<out lgu file> =
And for "dir2lgu.exe -n comment test test.lgu" you have make the same mistake, one argument is missing
djeman said:
Arf ... I forget to protect the execution when one argument is missing ^^
In "dir2lgu.exe -u test test.lgu":
[options] = -u
<content name> = test
<in folder> = test.lgu
<out lgu file> =
And for "dir2lgu.exe -n comment test test.lgu" you have make the same mistake, one argument is missing
Click to expand...
Click to collapse
Oh crap, I have confused the -n option with the <content name>, so to put the content name name i use -n :silly: Ok i made a big mistake, but i'm happy that i'm not the only one, seems that @sala_test had done the same mistake
Ok, so, to avoid other mistakes, what is the -n option "label"? And what is the difference to use -l and -u instead of -p m1 or m2?
Anyway i'm a dumbass , thank you for your work
'dir2lgu -p m1 <content name> <in folder> <out lgu file>' is equal to 'dir2lgu -l -n "*MEDIA-NAV*" <content name> <in folder> <out lgu file>'.
'dir2lgu -p m2 <content name> <in folder> <out lgu file>' is equal to 'dir2lgu -u -n "*MEDIA-NAV2*" <content name> <in folder> <out lgu file>'.
Do not use -p option with an another, it's just for rapid preset.
"content name" is the name of the content of your update, the name shows on the device in the update dialog.
"name label" ... it's a device label, this label is used by the update software, it's a protection to not flash a bad update. All devices do not use it.
Ok @djeman thanks for explaination, thank you
Inviato dal mio Asus Zenfone 2
**UPDATE**
Here is my collection of scripts for rooting, blocking updates, and all kinds of stuff for ALL fire tv:
https://github.com/pwntrik/firetv/
Here's the video (2 parts) on howto root Fire TV 1st gen using soldering:
https://youtu.be/yhwYfudGiM8
https://youtu.be/Kn7zmXf08bk
**/UPDATE**
Greetings, AFTV hackers!
I have successfully soldered an emmc reader to the Fire TV 1st Gen, and I have complete r/w access. However, the tutorial for rooting appears to be a bit dated as the hacker (@maximus64) at the time was able to just copy the su binary to /system/xbin, modify the permissions, and run it.
Since FireOS 5.2.0.0, however, SELinux now prevents the binary from being executed:
(At this point, I have already copied su binary, chmod 6755 it, chown 0:0 it)
Code:
[email protected]:/ $ ls -la /system/xbin/su
ls -la /system/xbin/su
/system/xbin/su: Permission denied
1|[email protected]:/ $ su
su
/system/bin/sh: su: not found
127|[email protected]:/ $ ls -ld /system/xbin
ls -ld /system/xbin
drwxr-xr-x root shell 2017-01-05 01:35 xbin
[email protected]:/ $ ls -l /system/xbin/
ls -l /system/xbin/
-rwxr-xr-x root shell 63880 2016-05-27 17:00 dexdump
-rwxr-xr-x root shell 49816 2016-05-27 17:00 sqlite3
lstat '/system/xbin//su' failed: Permission denied
-rwxr-xr-x root shell 813248 2016-05-27 17:00 tcpdump
-rwxr-xr-x root shell 9384 2016-05-27 17:00 trapz
-rwxr-xr-x root shell 46456 2016-05-27 17:00 vitals_collection_agent
And just to make sure I did everything correctly, I hooked it up again then checked the binary:
Code:
[email protected]:/media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b1/xbin# ls -la
total 1092
drwxr-xr-x. 2 root 2000 4096 Jan 5 04:35 .
drwxr-xr-x. 16 root root 4096 Jan 6 17:07 ..
-rwxr-xr-x. 1 root 2000 63880 May 27 2016 dexdump
-rwxr-xr-x. 1 root 2000 49816 May 27 2016 sqlite3
-rwsr-sr-x 1 root root 112576 Jan 5 04:31 su
-rwxr-xr-x. 1 root 2000 813248 May 27 2016 tcpdump
-rwxr-xr-x. 1 root 2000 9384 May 27 2016 trapz
-rwxr-xr-x. 1 root 2000 46456 May 27 2016 vitals_collection_agent
So at this point, I did some research and it seems that SELinux prevents this from being run. Does anyone have a workaround or could tell me how to give this binary permission? I have zero experience with SELinux, and even if anyone can point me to a similar thread for rooting when you have full r/w access, that'd be excellent..
Thanks!
cancelyourcable said:
Greetings, AFTV hackers!
I have successfully soldered an emmc reader to the Fire TV 1st Gen, and I have complete r/w access. However, the tutorial for rooting appears to be a bit dated as the hacker (@maximus64) at the time was able to just copy the su binary to /system/xbin, modify the permissions, and run it.
Since FireOS 5.2.0.0, however, SELinux now prevents the binary from being executed:
(At this point, I have already copied su binary, chmod 6755 it, chown 0:0 it)
Code:
[email protected]:/ $ ls -la /system/xbin/su
ls -la /system/xbin/su
/system/xbin/su: Permission denied
1|[email protected]:/ $ su
su
/system/bin/sh: su: not found
127|[email protected]:/ $ ls -ld /system/xbin
ls -ld /system/xbin
drwxr-xr-x root shell 2017-01-05 01:35 xbin
[email protected]:/ $ ls -l /system/xbin/
ls -l /system/xbin/
-rwxr-xr-x root shell 63880 2016-05-27 17:00 dexdump
-rwxr-xr-x root shell 49816 2016-05-27 17:00 sqlite3
lstat '/system/xbin//su' failed: Permission denied
-rwxr-xr-x root shell 813248 2016-05-27 17:00 tcpdump
-rwxr-xr-x root shell 9384 2016-05-27 17:00 trapz
-rwxr-xr-x root shell 46456 2016-05-27 17:00 vitals_collection_agent
And just to make sure I did everything correctly, I hooked it up again then checked the binary:
Code:
[email protected]:/media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b1/xbin# ls -la
total 1092
drwxr-xr-x. 2 root 2000 4096 Jan 5 04:35 .
drwxr-xr-x. 16 root root 4096 Jan 6 17:07 ..
-rwxr-xr-x. 1 root 2000 63880 May 27 2016 dexdump
-rwxr-xr-x. 1 root 2000 49816 May 27 2016 sqlite3
-rwsr-sr-x 1 root root 112576 Jan 5 04:31 su
-rwxr-xr-x. 1 root 2000 813248 May 27 2016 tcpdump
-rwxr-xr-x. 1 root 2000 9384 May 27 2016 trapz
-rwxr-xr-x. 1 root 2000 46456 May 27 2016 vitals_collection_agent
So at this point, I did some research and it seems that SELinux prevents this from being run. Does anyone have a workaround or could tell me how to give this binary permission? I have zero experience with SELinux, and even if anyone can point me to a similar thread for rooting when you have full r/w access, that'd be excellent..
Thanks!
Click to expand...
Click to collapse
bueller_recovery_v2.zip begins with a shell script. If you open it in a text editor, you can see it. mkdir /system/recovery, unzip the contents of that zip to /system/recovery, and do the mv and ln commands. Make sure the selinux contexts of /system/recovery and it's contents match the other contents of /systems.
And also make sure the contents are chmod 755.
rbox said:
bueller_recovery_v2.zip begins with a shell script. If you open it in a text editor, you can see it. mkdir /system/recovery, unzip the contents of that zip to /system/recovery, and do the mv and ln commands. Make sure the selinux contexts of /system/recovery and it's contents match the other contents of /systems.
And also make sure the contents are chmod 755.
Click to expand...
Click to collapse
Thanks, rbox! I've managed to rewrite the script to do all that, but how do I make sure the SELinux contexts match? Sorry, not familiar with SELinux.
Is this the ACTUAL partition table, or is this the way the eMMC reader loads it?
Code:
[email protected]:/media/root# ls 5*
57f8f4bc-abf4-655f-bf67-946fc0f9f25b:
adb backup hostapd property system?
anr bugreports key_provisioning prReset time
app connectivity local radio tombstones
app-asec dalvik-cache logd resource-cache user
app_ext data lost+found securedStorageLocation vitals
app-lib debug_service media securestop webcrypto
app_ms dontpanic mediadrm security wiper
app-private dpm misc shared wpstiles
audio drm playready ssh
autotrace fota proffline system
57f8f4bc-abf4-655f-bf67-946fc0f9f25b1:
data lost+found usf
57f8f4bc-abf4-655f-bf67-946fc0f9f25b2:
com.amazon.avod.apk lost+found
com.amazon.venezia.apk recovery
com.amazon.vizzini-550901810.apk signed_com.amazon.kso.blackbird-1550000810.apk
dalvik-cache signed_CSAppFireTV-fireOs-release_v112.apk
57f8f4bc-abf4-655f-bf67-946fc0f9f25b3:
data lost+found usf
57f8f4bc-abf4-655f-bf67-946fc0f9f25b4:
app etc lib priv-app sqfs vendor
bin fonts lost+found recovery-from-boot.p tts xbin
build.prop framework media security usr
I ask because /system/bin is actually on a completely separate partition using this method. Is it possible to copy the actual init2stub in place of e2fsck instead of symlinking it? (in case the symlink doesn't work)
Here's my modified version of your script:
Code:
# Put your `recovery' folder in here, unzipped
SHARED="/media/sf_Shared"
# This is the directory created by the MMC reader
LABEL="/media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b"
SYSTEM="${LABEL}/system"
BIN="${LABEL}4/bin"
echo "Copying recovery..."
cp -rf $SHARED/recovery $SYSTEM
echo "Chmodding..."
chmod -R 755 $SYSTEM/recovery
echo "Backup the old e2fsck..."
mv $BIN/e2fsck $BIN/e2fsck.real
echo "Symlink e2fsck to 2ndinitstub..."
# If symlink doesn't work, can I copy 2ndinitstub completely?
ln -sf ../recovery/2ndinitstub $BIN/e2fsck
echo "Done."
Thanks for your help otherwise I'd be so SCREWED! :laugh:
cancelyourcable said:
Thanks, rbox! I've managed to rewrite the script to do all that, but how do I make sure the SELinux contexts match? Sorry, not familiar with SELinux.
Is this the ACTUAL partition table, or is this the way the eMMC reader loads it?
Code:
[email protected]:/media/root# ls 5*
57f8f4bc-abf4-655f-bf67-946fc0f9f25b:
adb backup hostapd property system?
anr bugreports key_provisioning prReset time
app connectivity local radio tombstones
app-asec dalvik-cache logd resource-cache user
app_ext data lost+found securedStorageLocation vitals
app-lib debug_service media securestop webcrypto
app_ms dontpanic mediadrm security wiper
app-private dpm misc shared wpstiles
audio drm playready ssh
autotrace fota proffline system
57f8f4bc-abf4-655f-bf67-946fc0f9f25b1:
data lost+found usf
57f8f4bc-abf4-655f-bf67-946fc0f9f25b2:
com.amazon.avod.apk lost+found
com.amazon.venezia.apk recovery
com.amazon.vizzini-550901810.apk signed_com.amazon.kso.blackbird-1550000810.apk
dalvik-cache signed_CSAppFireTV-fireOs-release_v112.apk
57f8f4bc-abf4-655f-bf67-946fc0f9f25b3:
data lost+found usf
57f8f4bc-abf4-655f-bf67-946fc0f9f25b4:
app etc lib priv-app sqfs vendor
bin fonts lost+found recovery-from-boot.p tts xbin
build.prop framework media security usr
I ask because /system/bin is actually on a completely separate partition using this method. Is it possible to copy the actual init2stub in place of e2fsck instead of symlinking it? (in case the symlink doesn't work)
Here's my modified version of your script:
Code:
# Put your `recovery' folder in here, unzipped
SHARED="/media/sf_Shared"
# This is the directory created by the MMC reader
LABEL="/media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b"
SYSTEM="${LABEL}/system"
BIN="${LABEL}4/bin"
echo "Copying recovery..."
cp -rf $SHARED/recovery $SYSTEM
echo "Chmodding..."
chmod -R 755 $SYSTEM/recovery
echo "Backup the old e2fsck..."
mv $BIN/e2fsck $BIN/e2fsck.real
echo "Symlink e2fsck to 2ndinitstub..."
# If symlink doesn't work, can I copy 2ndinitstub completely?
ln -sf ../recovery/2ndinitstub $BIN/e2fsck
echo "Done."
Thanks for your help otherwise I'd be so SCREWED! :laugh:
Click to expand...
Click to collapse
That is /data. Not /system. ls -lZ will show you contexts.
rbox said:
That is /data. Not /system. ls -lZ will show you contexts.
Click to expand...
Click to collapse
Well, not sure exactly what happened but I booted it back up and /system/recovery doesn't exist. Even if that's normal behavior, it didn't run TWRP.
The shell script I pasted above, it runs chcon and chmod, but perhaps chcon has no effect since it's being run on a host system (linux), instead of the actual android system (I kinda expected that.)
Code:
[email protected]:/system/bin $ ls -Z e2*
ls -Z e2*
e2fsck: Permission denied
e2fsck.real: Permission denied
Is there an init file I can edit to run chcon or completely disable selinux? Seems like that's probably preventing it. I can't see log files as user, but I feel like that might be part of it.
Thanks
cancelyourcable said:
Well, not sure exactly what happened but I booted it back up and /system/recovery doesn't exist. Even if that's normal behavior, it didn't run TWRP.
The shell script I pasted above, it runs chcon and chmod, but perhaps chcon has no effect since it's being run on a host system (linux), instead of the actual android system (I kinda expected that.)
Code:
[email protected]:/system/bin $ ls -Z e2*
ls -Z e2*
e2fsck: Permission denied
e2fsck.real: Permission denied
Is there an init file I can edit to run chcon or completely disable selinux? Seems like that's probably preventing it. I can't see log files as user, but I feel like that might be part of it.
Thanks
Click to expand...
Click to collapse
Did you properly unmount the filesystem after you were done changing it? That's really the only way the changes wouldn't stick and recovery wouldn't be there. You definitely need to verify all the permissions and contexts manually before booting back in. Don't just assume a script worked. Also, I think chcon isn't going to work, now that I think about it. I remember when I was messing around with this stuff with the Fire TV 2 I wound up having to use extended attributes manually. This page: http://unix.stackexchange.com/quest...on-mounted-ext4-image-from-non-selinux-system explains how to do. As for disabling selinux... that's half the whole point of 2ndinit
rbox said:
Did you properly unmount the filesystem after you were done changing it? That's really the only way the changes wouldn't stick and recovery wouldn't be there. You definitely need to verify all the permissions and contexts manually before booting back in. Don't just assume a script worked. Also, I think chcon isn't going to work, now that I think about it. I remember when I was messing around with this stuff with the Fire TV 2 I wound up having to use extended attributes manually. This page: http://unix.stackexchange.com/quest...on-mounted-ext4-image-from-non-selinux-system explains how to do. As for disabling selinux... that's half the whole point of 2ndinit
Click to expand...
Click to collapse
Ya, definitely unmounted it. I'm like 99% sure it's because of this selinux thing. Ideally if I can get these extended attributes to work and run either `su' or get the recovery to load, that'd be best.
But /system and /recovery are on two separate partitions. When I look at the layout from linux when I mount it using the soldering method, it looks like this:
Code:
# /dev/sdb1 on /media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b3 type ext4 (rw,nosuid,nodev,relatime,data=ordered,uhelper=udisks2)
# /dev/sdb19 on /media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b2 type ext4 (rw,nosuid,nodev,relatime,data=ordered,uhelper=udisks2)
# /dev/sdb2 on /media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b1 type ext4 (rw,nosuid,nodev,relatime,data=ordered,uhelper=udisks2)
# /dev/sdb20 on /media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b type ext4 (rw,nosuid,nodev,relatime,data=ordered,uhelper=udisks2)
# /dev/sdb18 on /media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b4 type ext4 (rw,nosuid,nodev,relatime,data=ordered,uhelper=udisks2)
And from the firetv using adb shell, here's all the mounts:
Code:
[email protected]:/ $ mount
mount
rootfs / rootfs ro,relatime 0 0
tmpfs /dev tmpfs rw,seclabel,nosuid,relatime,mode=755 0 0
devpts /dev/pts devpts rw,seclabel,relatime,mode=600 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,seclabel,relatime 0 0
selinuxfs /sys/fs/selinux selinuxfs rw,relatime 0 0
debugfs /sys/kernel/debug debugfs rw,relatime 0 0
none /acct cgroup rw,relatime,cpuacct 0 0
none /sys/fs/cgroup tmpfs rw,seclabel,relatime,mode=750,gid=1000 0 0
tmpfs /mnt/asec tmpfs rw,seclabel,relatime,mode=755,gid=1000 0 0
tmpfs /mnt/obb tmpfs rw,seclabel,relatime,mode=755,gid=1000 0 0
none /dev/cpuctl cgroup rw,relatime,cpu 0 0
/dev/block/platform/msm_sdcc.1/by-name/system /system ext4 ro,seclabel,relatime,data=ordered 0 0
/dev/block/platform/msm_sdcc.1/by-name/cache /cache ext4 rw,seclabel,nosuid,nodev,noatime,data=ordered 0 0
/dev/block/platform/msm_sdcc.1/by-name/userdata /data ext4 rw,seclabel,nosuid,nodev,noatime,nomblk_io_submit,nobarrier,commit=20,data=ordered 0 0
/dev/block/platform/msm_sdcc.1/by-name/modem /firmware vfat ro,context=u:object_r:firmware_file:s0,relatime,uid=1000,gid=1000,fmask=0337,dmask=0227,codepage=cp437,iocharset=iso8859-1,shortname=lower,errors=remount-ro 0 0
/dev/block/loop0 /mnt/sqfs squashfs ro,context=u:object_r:squashfs_file:s0,relatime 0 0
/dev/block/platform/msm_sdcc.1/by-name/persist /persist ext4 rw,context=u:object_r:persist_file:s0,nosuid,nodev,noatime,data=ordered 0 0
/dev/fuse /mnt/shell/emulated fuse rw,nosuid,nodev,noexec,relatime,user_id=1023,group_id=1023,default_permissions,allow_other 0 0
/dev/fuse /mnt/shell/emulated/0 fuse rw,nosuid,nodev,noexec,relatime,user_id=1023,group_id=1023,default_permissions,allow_other 0 0
It looks very different. Like the /bin that appears in /system on the fire tv is actually on /media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b4, yet /system appears on a completely separate partition /media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b it's weird. Copying e2fsck did make it appear there, yet adding /system/recovery did nothing:
Code:
[email protected]:/ $ cd /system/recovery
cd /system/recovery
/system/bin/sh: cd: /system/recovery: No such file or directory
Not sure whether this is the firetv or the emmc reader which is displaying it oddly.
I'll wire it back up tomorrow and see if I can get extended permissions as well as try to figure out why the recovery dir is not showing up at all.
Thanks!
cancelyourcable said:
Ya, definitely unmounted it. I'm like 99% sure it's because of this selinux thing. Ideally if I can get these extended attributes to work and run either `su' or get the recovery to load, that'd be best.
But /system and /recovery are on two separate partitions. When I look at the layout from linux when I mount it using the soldering method, it looks like this:
Code:
# /dev/sdb1 on /media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b3 type ext4 (rw,nosuid,nodev,relatime,data=ordered,uhelper=udisks2)
# /dev/sdb19 on /media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b2 type ext4 (rw,nosuid,nodev,relatime,data=ordered,uhelper=udisks2)
# /dev/sdb2 on /media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b1 type ext4 (rw,nosuid,nodev,relatime,data=ordered,uhelper=udisks2)
# /dev/sdb20 on /media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b type ext4 (rw,nosuid,nodev,relatime,data=ordered,uhelper=udisks2)
# /dev/sdb18 on /media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b4 type ext4 (rw,nosuid,nodev,relatime,data=ordered,uhelper=udisks2)
And from the firetv using adb shell, here's all the mounts:
Code:
[email protected]:/ $ mount
mount
rootfs / rootfs ro,relatime 0 0
tmpfs /dev tmpfs rw,seclabel,nosuid,relatime,mode=755 0 0
devpts /dev/pts devpts rw,seclabel,relatime,mode=600 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,seclabel,relatime 0 0
selinuxfs /sys/fs/selinux selinuxfs rw,relatime 0 0
debugfs /sys/kernel/debug debugfs rw,relatime 0 0
none /acct cgroup rw,relatime,cpuacct 0 0
none /sys/fs/cgroup tmpfs rw,seclabel,relatime,mode=750,gid=1000 0 0
tmpfs /mnt/asec tmpfs rw,seclabel,relatime,mode=755,gid=1000 0 0
tmpfs /mnt/obb tmpfs rw,seclabel,relatime,mode=755,gid=1000 0 0
none /dev/cpuctl cgroup rw,relatime,cpu 0 0
/dev/block/platform/msm_sdcc.1/by-name/system /system ext4 ro,seclabel,relatime,data=ordered 0 0
/dev/block/platform/msm_sdcc.1/by-name/cache /cache ext4 rw,seclabel,nosuid,nodev,noatime,data=ordered 0 0
/dev/block/platform/msm_sdcc.1/by-name/userdata /data ext4 rw,seclabel,nosuid,nodev,noatime,nomblk_io_submit,nobarrier,commit=20,data=ordered 0 0
/dev/block/platform/msm_sdcc.1/by-name/modem /firmware vfat ro,context=u:object_r:firmware_file:s0,relatime,uid=1000,gid=1000,fmask=0337,dmask=0227,codepage=cp437,iocharset=iso8859-1,shortname=lower,errors=remount-ro 0 0
/dev/block/loop0 /mnt/sqfs squashfs ro,context=u:object_r:squashfs_file:s0,relatime 0 0
/dev/block/platform/msm_sdcc.1/by-name/persist /persist ext4 rw,context=u:object_r:persist_file:s0,nosuid,nodev,noatime,data=ordered 0 0
/dev/fuse /mnt/shell/emulated fuse rw,nosuid,nodev,noexec,relatime,user_id=1023,group_id=1023,default_permissions,allow_other 0 0
/dev/fuse /mnt/shell/emulated/0 fuse rw,nosuid,nodev,noexec,relatime,user_id=1023,group_id=1023,default_permissions,allow_other 0 0
It looks very different. Like the /bin that appears in /system on the fire tv is actually on /media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b4, yet /system appears on a completely separate partition /media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b it's weird. Copying e2fsck did make it appear there, yet adding /system/recovery did nothing:
Code:
[email protected]:/ $ cd /system/recovery
cd /system/recovery
/system/bin/sh: cd: /system/recovery: No such file or directory
Not sure whether this is the firetv or the emmc reader which is displaying it oddly.
I'll wire it back up tomorrow and see if I can get extended permissions as well as try to figure out why the recovery dir is not showing up at all.
Thanks!
Click to expand...
Click to collapse
You're not looking for a partition with a directory called system in it. The partition IS /system. So the partition with 'bin' and 'xbin' is the /system partition. That other one is /data.
rbox said:
You're not looking for a partition with a directory called system in it. The partition IS /system. So the partition with 'bin' and 'xbin' is the /system partition. That other one is /data.
Click to expand...
Click to collapse
Alright, so I made some big progress
Here's my script which successfully installed your TWRP zip:
Code:
# Put your `recovery' folder in here, unzipped
SHARED="/media/sf_Shared"
# This is the directory created by the MMC reader
LABEL="/media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b"
# WARNING: this CHANGED from 4 to 3. Always CHECK FIRST
SYSTEM="${LABEL}3"
if [ ! -e "${SYSTEM}/xbin" ]; then
echo "ERROR: couldn't find /system/xbin - is the mount point correct?"
exit 1
fi
echo "Copying recovery..."
cp -rf $SHARED/recovery $SYSTEM
echo "Backup the old e2fsck..."
cp -i $SYSTEM/bin/e2fsck $SHARED/e2fsck.real
mv -i $SYSTEM/bin/e2fsck $SYSTEM/bin/e2fsck.real
echo "Chmodding and chconing RECOVERY..."
chown -R 0:2000 $SYSTEM/recovery
chmod -R 755 $SYSTEM/recovery
chcon -R --reference=$SYSTEM/bin $SYSTEM/recovery
echo "Copying, chmodding and chconing SU (in case recovery doesn't work out)..."
cp $SHARED/su $SYSTEM/xbin/
chown 0:2000 $SYSTEM/xbin/su
chmod 6755 $SYSTEM/xbin/su
chcon --reference=$SYSTEM/xbin/trapz $SYSTEM/xbin/su
echo "Symlink e2fsck to 2ndinitstub..."
ln -sf ../recovery/2ndinitstub $SYSTEM/bin/e2fsck
echo "Done."
Then I booted into TWRP successfully.
However, when I tried to install your bueller-5.2.1.1-rooted_r1 I got this:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
After a long time it was clearly hung, so I rebooted and now it's bricked. But I did do a `dd if=/dev/sdb123 of=system.img` so i have that.
Would it be possible to just overwrite that partition with your system prerooted image while I have it connected to the emmc reader?
Thanks again for all the help!
cancelyourcable said:
Alright, so I made some big progress
Here's my script which successfully installed your TWRP zip:
Code:
# Put your `recovery' folder in here, unzipped
SHARED="/media/sf_Shared"
# This is the directory created by the MMC reader
LABEL="/media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b"
# WARNING: this CHANGED from 4 to 3. Always CHECK FIRST
SYSTEM="${LABEL}3"
if [ ! -e "${SYSTEM}/xbin" ]; then
echo "ERROR: couldn't find /system/xbin - is the mount point correct?"
exit 1
fi
echo "Copying recovery..."
cp -rf $SHARED/recovery $SYSTEM
echo "Backup the old e2fsck..."
cp -i $SYSTEM/bin/e2fsck $SHARED/e2fsck.real
mv -i $SYSTEM/bin/e2fsck $SYSTEM/bin/e2fsck.real
echo "Chmodding and chconing RECOVERY..."
chown -R 0:2000 $SYSTEM/recovery
chmod -R 755 $SYSTEM/recovery
chcon -R --reference=$SYSTEM/bin $SYSTEM/recovery
echo "Copying, chmodding and chconing SU (in case recovery doesn't work out)..."
cp $SHARED/su $SYSTEM/xbin/
chown 0:2000 $SYSTEM/xbin/su
chmod 6755 $SYSTEM/xbin/su
chcon --reference=$SYSTEM/xbin/trapz $SYSTEM/xbin/su
echo "Symlink e2fsck to 2ndinitstub..."
ln -sf ../recovery/2ndinitstub $SYSTEM/bin/e2fsck
echo "Done."
Then I booted into TWRP successfully.
However, when I tried to install your bueller-5.2.1.1-rooted_r1 I got this:
View attachment 3996750
After a long time it was clearly hung, so I rebooted and now it's bricked. But I did do a `dd if=/dev/sdb123 of=system.img` so i have that.
Would it be possible to just overwrite that partition with your system prerooted image while I have it connected to the emmc reader?
Thanks again for all the help!
Click to expand...
Click to collapse
UPDATE...
I flashed my original system.img and brought it back to a working state. After that, I set up recovery again then tried to install bueller-5.2.1.1-rooted_r1.zip. Same as before, it froze, but this time at 80%:
Here's the only "log" I could find:
Code:
[email protected]:/media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b4/recovery# cat log
Installing new recovery image: failed
So now I have the emmc reader connected again, and I'm *hoping* I can just flash the image in your bueller-5.2.1.1-rooted_r1.zip directly to the mmc using `dd if=system.new.dat of=/dev/sdb19`
But I thought I'd run it by your first before I brick it again :laugh:
Thanks again, @rbox
cancelyourcable said:
UPDATE...
I flashed my original system.img and brought it back to a working state. After that, I set up recovery again then tried to install bueller-5.2.1.1-rooted_r1.zip. Same as before, it froze, but this time at 80%:
View attachment 3997946
Here's the only "log" I could find:
Code:
[email protected]:/media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b4/recovery# cat log
Installing new recovery image: failed
So now I have the emmc reader connected again, and I'm *hoping* I can just flash the image in your bueller-5.2.1.1-rooted_r1.zip directly to the mmc using `dd if=system.new.dat of=/dev/sdb19`
But I thought I'd run it by your first before I brick it again :laugh:
Thanks again, @rbox
Click to expand...
Click to collapse
The thread for TWRP talks about what to do if it hangs. You can use adb. You'll need to check the log while it's running. /tmp/recovery.log. The image in the rom is sparse, so you'll have to run sdat2img.py on it. And then you'll have to do all the steps listed in the updater-script. The image itself is 100% pure stock.
rbox said:
The thread for TWRP talks about what to do if it hangs. You can use adb. You'll need to check the log while it's running. /tmp/recovery.log. The image in the rom is sparse, so you'll have to run sdat2img.py on it. And then you'll have to do all the steps listed in the updater-script. The image itself is 100% pure stock.
Click to expand...
Click to collapse
I discovered your "updater-script" so I understand the process a lot better now (wish I had found this earlier)
How do I know which image to use for boot: boot.img or boot_unlocked.img? I'm running from a host system so I can't check the value of ro.boot.unlocked_kernel from within linux.
Thanks!
P.S. Almost finished a bash script others can use to flash your image from an emmc reader - I will post a guide on here!
cancelyourcable said:
I discovered your "updater-script" so I understand the process a lot better now (wish I had found this earlier)
How do I know which image to use for boot: boot.img or boot_unlocked.img? I'm running from a host system so I can't check the value of ro.boot.unlocked_kernel from within linux.
Thanks!
P.S. Almost finished a bash script others can use to flash your image from an emmc reader - I will post a guide on here!
Click to expand...
Click to collapse
Since it's running OS5, you have to use the regular boot.img, since your bootloader isn't unlocked.
cancelyourcable said:
P.S. Almost finished a bash script others can use to flash your image from an emmc reader - I will post a guide on here!
Click to expand...
Click to collapse
I would really appreciate this.
zexma said:
I would really appreciate this.
Click to expand...
Click to collapse
It's almost done! Will post very soon
cancelyourcable said:
It's almost done! Will post very soon
Click to expand...
Click to collapse
Don't want to bother, you
Is there any progress to expect, cause I'm stuck at the very same point, SELinux prevents loading su
(/system/xbin//su' failed: Permission denied)
Thanks in advance.
pwntrik said:
It's almost done! Will post very soon
Click to expand...
Click to collapse
Any progress on this?
zexma said:
Any progress on this?
Click to expand...
Click to collapse
Yes, it works 100%. Literally just ordered an overhead camera tripod for recording a video of the whole process. Sit tight -- I promise it's coming soon!
@pwntrik : any tricks to have your Linux (Ubuntu) box recognizing the FireTV in fastboot mode?
I can get it to connect in fastboot with Win7 on the same machine, but in Ubuntu 16.04 I'm not able to.
I did add ATTR{idVendor}== "1949" and ATTR{idProduct}=="0401" to /etc/udev/51-android.rules and rebooted, but no luck...
My FireTV (1st gen, last firmware was 5.0.5, rooted) is currently , after unsuccessful flash of "rooted-5.0.5_r1" ROM in TWRP stuck at this screen:
.
I know it's a longshot to recover it, but I have patience....
Sent from space
kozmo2k4 said:
@pwntrik : any tricks to have your Linux (Ubuntu) box recognizing the FireTV in fastboot mode?
I can get it to connect in fastboot with Win7 on the same machine, but in Ubuntu 16.04 I'm not able to.
I did add ATTR{idVendor}== "1949" and ATTR{idProduct}=="0401" to /etc/udev/51-android.rules and rebooted, but no luck...
My FireTV (1st gen, last firmware was 5.0.5, rooted) is currently , after unsuccessful flash of "rooted-5.0.5_r1" ROM in TWRP stuck at this screen:
.
I know it's a longshot to recover it, but I have patience....
Sent from space
Click to expand...
Click to collapse
I've been using Win10 for that. I only use Linux for writing the images.