Hi,
i post here, because i dont have access to the dev part (10 posts limit maybe).
For the french guys, i have the working files for the hw keyboard.
I'll post them when i get up !
Edit : This is a simple zip file , dont use it with recovery mode !!!!!
Instructions :
unzip file, connect to the phone in adb shell , make /system rw , put the file in /system/usr/keychars (.bin) and /system/usr/keylayout (.kl) . Make the symbolic links to the scholes file. reboot !
I'll test with a more simple(generic) solution.
It's not possible to have an apk?
Nice pat972 I test it now !!
can you explain " Make the symbolic links to the scholes file" please ? (In french toooo )
Ok , let me know if you have a problem with the menu key ! i'll correct it !
For the symbolic links : when you are in the directory , you can do a "ls -l" , you'll see a file pointing to another one, originally pointing to something with "jordan".
you have to do "ln -s /system/usr/keylayout/file.kl sholes-keypad.kl".
No , i don't know how to do apk files !
Thanks for your answer but this don't work.. I have run the folowing command :
>adb remount
remount succeeded
>adb shell
# mount -o rw,remount -t ext3 /dev/block/mmcblk1p21 /system
# cp /mnt/sdcard/a/umts_milestone2-keypad.kcm.bin /system/usr/keychars
# cp /mnt/sdcard/a/umts_milestone2-keypad.kl /system/usr/keylayout
# cd /system/usr/keychars/
# ln -s /system/usr/keylayout/umts_milestone2-keypad.kl sholes-keypad.kl
# mount -o ro,remount -t ext3 /dev/block/mmcblk1p21 /system
# exit
exit
>adb reboot
It's good? or I do a mistake ?
Ok it 's good , but you mix all the symbolic and directories !
so here it is :
# cd /system/usr/keychars/
# ln -s /system/usr/keychars/umts_milestone2-keypad.kcm.bin sholes-keypad.kcm.bin
# cd ../keylayout/
# ln -s /system/usr/keylayout/umts_milestone2-keypad.kl sholes-keypad.kl
pat972 said:
Ok it 's good , but you mix all the symbolic and directories !
so here it is :
# cd /system/usr/keychars/
# ln -s /system/usr/keylayout/umts_milestone2-keypad.kcm.bin sholes-keypad.kcm.bin
# cd ../keylayout/
# ln -s /system/usr/keylayout/umts_milestone2-keypad.kl sholes-keypad.kl
Click to expand...
Click to collapse
Sorry for this BIG mistake ... but this don't work too....... I think because I do this mistake ! So I come back tomorrow to do new test
Thanks for help!
Sorry for this BIG mistake ... but this don't work too....... I think because I do this mistake ! So I come back tomorrow to do new test
Thanks for help!
Oups it's me, bad bad , sorry i copy paste your line, but there is a mistake in it again !
For the bin file, it is , keychars directory :
# ln -s /system/usr/keychars/umts_milestone2-keypad.kcm.bin sholes-keypad.kcm.bin
then you do a "ls -l" to verify the symlink in each directory :
# ls -l
-rw-r--r-- root root 896 2011-08-24 06:26 umts_milestone2-keypad.kcm.bin
-rw-r--r-- root root 896 2011-07-12 22:00 qwerty2.kcm.bin
-rw-r--r-- root root 896 2011-07-12 22:00 qwerty.kcm.bin
lrwxrwxrwx root root 2011-08-24 05:13 sholes-keypad.kcm.bin -> /system/usr/keychars/umts_milestone2-keypad.kcm.bin
You see that the sholes file point the umts one in the keychars directory not the keylayout !
In fact, this is the problem but when I do this commande line, the result is :
"Link failed file exist"
What I must delete ?
You must delete:
/system/usr/keychars/umts_milestone2-keypad.kcm.bin
so do a
Code:
rm /system/usr/keychars/umts_milestone2-keypad.kcm.bin
Thanks for your answer, but always the same message ...
I have delete "sholes-keypad.kcm.bin" after and can finish all code line but don't work............. I test to restore ROM and restart this
Edit : Now it's work, so the commande line are (if you have put the 2 files on the "a" folder in the SDcard ) :
Code:
>adb shell
# mount -o rw,remount -t ext3 /dev/block/mmcblk1p21 /system
# cp /mnt/sdcard/a/umts_milestone2-keypad.kcm.bin /system/usr/keychars
# cp /mnt/sdcard/a/umts_milestone2-keypad.kl /system/usr/keylayout
# cd /system/usr/keychars/
# rm sholes-keypad.kcm.bin
# ln -s /system/usr/keychars/umts_milestone2-keypad.kcm.bin sholes-keypad.kcm.bin
# cd /system/usr/keylayout/
# rm sholes-keypad.kl
# ln -s /system/usr/keylayout/umts_milestone2-keypad.kl sholes-keypad.kl
# mount -o ro,remount -t ext3 /dev/block/mmcblk1p21 /system
# exit
>adb reboot
Hi, did someone test this. If you select different country (like german) did the hardware keyboard also switch?
Hi, no i did not, but i would say no ! I have an idea , but i need to test it ! I'll change the bin file and let you know! While im here, it just test your new bluremail.apk and it doesnt seems to work with classic mail ! Said no connection.
Sent from my MotoA953 using XDA App
@walter79 : Yes I have test to change country, but nothing change !
@pat972 : all the "alt" are not good ! (numbers, etc...)
@alex could you do a "ls -l" in each directory and post it here !
@walter : I do some quick test, what appears to me is that my keyboard is always in azerty no matter what locale i put in build.prop or when i change the language setting in the menu.
I also replace my modified keychars by the froyo one, and the keyboard is again in azerty. They are minor differences , more particularly the froyo keychars mix azerty and qwerty layout !
what i think is that the language menu don't change the hw.keyboard layout
I can't see in "cd /system/usr/keychars/" the "Shole.....bin" ....
Code:
# cd /system/usr/keylayout
cd /system/usr/keylayout
# ls -l
ls -l
-rw-r--r-- root root 3295 2011-08-25 11:34 umts_milestone2-k
eypad.kl
-rw-r--r-- root root 4132 2011-08-25 11:16 qwerty.kl
-rw-r--r-- root root 245 2011-08-25 11:16 AVRCP.kl
-rw-r--r-- root root 75 2011-08-25 11:16 cpcap-key.kl
lrwxrwxrwx root root 2011-08-25 11:37 sholes-keypad.k
l -> /system/usr/keylayout/umts_milestone2-keypad.kl
# cd /system/usr/keychars/
cd /system/usr/keychars/
# ls -l
ls -l
----rwxr-x root root 896 2011-08-25 11:36 umts_milestone2-k
eypad.kcm.bin
-rw-r--r-- root root 896 2011-08-25 11:16 qwerty2.kcm.bin
-rw-r--r-- root root 896 2011-08-25 11:16 qwerty.kcm.bin
#
pat972 said:
Oups it's me, bad bad , sorry i copy paste your line, but there is a mistake in it again !
For the bin file, it is , keychars directory :
# ln -s /system/usr/keychars/umts_milestone2-keypad.kcm.bin sholes-keypad.kcm.bin
then you do a "ls -l" to verify the symlink in each directory :
# ls -l
-rw-r--r-- root root 896 2011-08-24 06:26 umts_milestone2-keypad.kcm.bin
-rw-r--r-- root root 896 2011-07-12 22:00 qwerty2.kcm.bin
-rw-r--r-- root root 896 2011-07-12 22:00 qwerty.kcm.bin
lrwxrwxrwx root root 2011-08-24 05:13 sholes-keypad.kcm.bin -> /system/usr/keychars/umts_milestone2-keypad.kcm.bin
You see that the sholes file point the umts one in the keychars directory not the keylayout !
Click to expand...
Click to collapse
So , your problem is you don't have the link in the keychars ! so do it , it must look like my previous post (quote) .
# ln -s /system/usr/keychars/umts_milestone2-keypad.kcm.bin sholes-keypad.kcm.bin
and do a ls -l to verify it !
All works now ! Sorry ...but I don't understand why the 1rst time this command line don't work....pearhap's can't do the 2 files in the same time (reboot between) ???
Thanks for your help !
Related
After so many tutorials on Forum for nv_data.bin permission denied, none of them worked for me. Is there any 100% working tutorial.
regards
karabey said:
After so many tutorials on Forum for nv_data.bin permission denied, none of them worked for me. Is there any 100% working tutorial.
regards
Click to expand...
Click to collapse
There's an app called mount system on the market. Install it & ask it mount always as r/w access at boot.
PS : You need to have root access.
Thanks but not worked.. Cant still read the nv_data.bin
Ok have saved now the bml3.bak but there is no Code saved if i try to extract by sgux2.exe
HEX
53534E56A6A7FA1A0709542A1E85E257F98A6F14E2E19CA932EBEC93945930F6D0D9713DF61AB70CA4D57F7F9BCEDD924B888C6AAE9074B9D49D8FEEC8C021A97D4882BEFF922E8B004646464646464646000000000000000000000000000000000000000000000000323332303523
323332303523 = 23205
Any help?
My friend who use the Phone could read the Codes and made an Froyo Update. But after the Update Code were not able to enter. It gave the Error that is wrong.
ProductCode: GT-i9000HKDONE
You can get permission by adb shell or terminal emulator by typing:
su
busybox chown 1001:1001 /efs/nv_data.bin
(reboot)
I tried your method, but I still get permission denied. Here is what I did and the list of the file under /efs:
C:\SDK\tools>adb shell
$ su
su
# busybox chown 1001:1001 /efs/nv_data.bin
busybox chown 1001:1001 /efs/nv_data.bin
# reboot
reboot
C:\SDK\tools>adb shell
$ su
su
# ls -l /efs
ls -l /efs
-rwx------ radio radio 2097152 2010-10-30 04:57 nv_data.bin
drwxrwxrwx radio radio 2010-07-17 09:31 imei
-rwx------ radio radio 32 2010-10-30 04:57 nv_data.bin.md5
#
iScream^ said:
You can get permission by adb shell or terminal emulator by typing:
su
busybox chown 1001:1001 /efs/nv_data.bin
(reboot)
Click to expand...
Click to collapse
lan_baba said:
I tried your method, but I still get permission denied. Here is what I did and the list of the file under /efs:
C:\SDK\tools>adb shell
$ su
su
# busybox chown 1001:1001 /efs/nv_data.bin
busybox chown 1001:1001 /efs/nv_data.bin
# reboot
reboot
C:\SDK\tools>adb shell
$ su
su
# ls -l /efs
ls -l /efs
-rwx------ radio radio 2097152 2010-10-30 04:57 nv_data.bin
drwxrwxrwx radio radio 2010-07-17 09:31 imei
-rwx------ radio radio 32 2010-10-30 04:57 nv_data.bin.md5
#
Click to expand...
Click to collapse
not workinggg.......
Why do you want to read the file?
Have you lost your imei? If so, was the phone sold to you?
Don't bother with the codes. Use the hex edit method to change the lock status to 0:
http://forum.xda-developers.com/showthread.php?t=761045
p.s. you should delete the file you posted... that's some bad security there.
I was the first person I know on the internet to compile nmap for android and this guy ( http://wjholden.com/nmap/ ) took it to the next level got a new phone ( CM6 with OC ) nbow it does not work
* can't write to /system even with rw remount
* if I boot recovery I can' write to /systm but its just a temp fs so failsause ...
* can't ADB shell (read below ) to find out where system is really mounted OR mount the real /system my self ..
* remouted / but anything I add gets wipped on reboot ...
* onlything that works is remount / , copy nmap and then add PATH hackery to EXEC nmap ... on EVERY reboot ...
NOTES BELOW:
Code:
http://forum.xda-developers.com/showthread.php?t=701589&page=4
I think its because /system is protected in CM5+ ? even with remount
command... ?
let me know what I need to copy where in recovery mode to /system to
get yours to run properly :/
you could also have your installer check for this and have notes etc ..
# uname -a
Linux localhost 2.6.29.6-cyanogenmod #1 PREEMPT Fri Sep 17 16:05:39
PDT 2010 arm v6l GNU/Linux
# ls
ls
NMAP FOR ANDROID CROSS COMPILE ARM.html
NMAP.zip
nmap
nmap-4.01-1.spec
nmap-mac-prefixes
nmap-os-fingerprints
nmap-protocols
nmap-rpc
nmap-service-probes
nmap-services
# cp * /system/bin
cp * /system/bin
cp: can't create '/system/bin/NMAP FOR ANDROID CROSS COMPILE ARM.html': Out of m
emory
cp: can't create '/system/bin/NMAP.zip': Out of memory
cp: can't create '/system/bin/nmap': Out of memory
cp: can't create '/system/bin/nmap-4.01-1.spec': Out of memory
cp: can't create '/system/bin/nmap-mac-prefixes': Out of memory
cp: can't create '/system/bin/nmap-os-fingerprints': Out of memory
cp: can't create '/system/bin/nmap-protocols': Out of memory
cp: can't create '/system/bin/nmap-rpc': Out of memory
cp: can't create '/system/bin/nmap-service-probes': Out of memory
cp: can't create '/system/bin/nmap-services': Out of memory
# df /system
df /system
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/block/mtdblock3 245760 240824 4936 98% /system
# mount
mount
...
/dev/block/mtdblock3 on /system type yaffs2 (rw)
Code:
mount -o rw,remount -t yaffs2 /
rm -Rf /nmap
mkdir /nmap
echo 'export PATH=$PATH:/nmap' > path
cd /nmap
wget http://rmccurdy.com/stuff/G1/BINS/NMAP/NMAP.zip
unzip NMAP.zip
chmod 777 /nmap/*
export PATH=$PATH:/nmap
echo run /nmap/path before you start nmap
nmap -vvv 127.0.0.1
rmccurdy.com/nmap.sh (tested on CM6 / mytouch slide )
in normal mode ..
Code:
bash
localhost / # mount -o rw,remount -t yaffs2 /system
mount -o rw,remount -t yaffs2 /system
localhost / # cd /system
cd /system
localhost system # for i in `ls` ;do mkdir $i\\nmap ;done
for i in `ls` ;do mkdir $i\\nmap ;done
mkdir: can't create directory 'app\nmap': Out of memory
mkdir: can't create directory 'bin\nmap': Out of memory
mkdir: can't create directory 'build.prop\nmap': Out of memory
mkdir: can't create directory 'etc\nmap': Out of memory
mkdir: can't create directory 'fonts\nmap': Out of memory
mkdir: can't create directory 'framework\nmap': Out of memory
mkdir: can't create directory 'lib\nmap': Out of memory
mkdir: can't create directory 'lost+found\nmap': Out of memory
mkdir: can't create directory 'media\nmap': Out of memory
mkdir: can't create directory 'usr\nmap': Out of memory
mkdir: can't create directory 'xbin\nmap': Out of memory
in "Android system recovery (2e)" :
( note: /system is also a vfs I think .. I adb push to it and reboot and the file is gone ... )
Code:
C:\Documents and Settings\Administrator\nmap>adb shell
- exec '/system/bin/sh' failed: No such file or directory (2) -
C:\Documents and Settings\Administrator\nmap>
You can't write in /system in normal boot mode as security is on (s-on), remounting rw does you no good.
In recovery you will need to mount /system from clockwork before you can do anything.
I do have Clockwork Recovery 2.5.0.1 but I am not sure how to get to a shell and or find /system mount path as I can't adb shell ( read above ) so I can't remount or mount /system
rmccurdy.com/nmap.sh * this is what I am using for nmap as of now ..
Usage:
bash -x /sdcard/nmap.sh localhost
etc ...
There's an option in clockwork under partitions to allow you to mount the system. I'm not sure why but a lot of people have an issue getting into su with adb when they are in recovery, the constant /system/bin/sh error is annoying. Also, if I remember right, yaffs2 is not what you use to mount the system when using that command. It's mtdblock3 or something like that if I'm thinking along the correct lines here.
Maybe you should try putting it in a zip file as a script and running it that way since you use a different command (and much easier) to mount the system and write to it. Then again, I'm not sure what you're trying to so so I could just be talking out of my a$$
I can't do anything usefull in recovery ... reboot and apply update.zip but I dont how how nor do I really want to make a .zip / script to mount system etc .. do you know a zip I can work from as an example
rmccurdy said:
I can't do anything usefull in recovery ... reboot and apply update.zip but I dont how how nor do I really want to make a .zip / script to mount system etc .. do you know a zip I can work from as an example
Click to expand...
Click to collapse
The slide doesn't have S-Off, most HTC phones have them now...So you have to wait for Alpharev 2.0 to be released.
Ace42 said:
The slide doesn't have S-Off, most HTC phones have them now...So you have to wait for Alpharev 2.0 to be released.
Click to expand...
Click to collapse
Yes, but in recovery we can mount the system and write to it. Phones with s-off can do that while booted normally because the NAND is unlocked and the system is no longer protected.
You can do it one of two ways. This one is easiest if you know linux commands but are unfamiliar with update-script format. Make an update script and put this in there:
Code:
show_progress 0.5 0
run_program PACKAGE:example.sh
show_progress 0.5 10
You don't have to use the show_progress line, it's just for aesthetics.
Make a .sh script, name it whatever you want and put the linux commands you want to execute in the script. For example:
Code:
#!/sbin/sh
#
##############################################
mount /system;
rm -rf /nmap
mkdir /nmap
echo 'export PATH=$PATH:/nmap' > path
cd /nmap
wget http://rmccurdy.com/stuff/G1/BINS/NMAP/NMAP.zip
unzip NMAP.zip
chmod 777 /nmap/*
export PATH=$PATH:/nmap
echo run /nmap/path before you start nmap
nmap -vvv 127.0.0.1
exit 0;
Or what ever you're trying to get done. I'll upload an example file of all this since hands on is always better. Looking at this though, you may want to have the files in the zip (in the directories they will be installed to) because wget probably wont work since the radio is off while in recovery.
interesting thanks ! ... do you have to resign it and all or can you just edit and rezip it ?
rmccurdy said:
interesting thanks ! ... do you have to resign it and all or can you just edit and rezip it ?
Click to expand...
Click to collapse
As long as you're using clockwork you just edit and zip. Might be easier to use an archive explorer to open (without uzipping it) then drag and drop, but do what's easiest for you.
Thats right Folks, I am sitting here holding a ROOTED Acer A200 In my hands...
This was done on ICS 4.0.3 Leaked.
However This SHOULD work for the OTA update.
I hate to have to say this. but........
YOU ARE TAKING RESPONSIBILITY FOR DOING THIS, AND YOU ALONE ASSUME ALL RISKS. THIS HAS WORKED FOR ME BUT I ASSUME NO RESPONSIBILITY IF YOU BRICK YOUR TABLET!
Credit goes to saurik (hxxps://github.com/saurik/mempodroid) for the root method, Jason A. Donenfeld (zx2c4) (Linux Local Privilege Escalation via SUID /proc/pid/mem Write | Nerdling Sapple) for finding the exploit
and to Rkeene (Rooting the Toshiba Thrive) for Getting around the /system mount as RW issue.
First,
( You are going to need to have the android sdk installed, so you have ADB, There are plenty of docs on doing this )
then go here
hxxps://github.com/saurik/mempodroid...ster/README.md
get the precompiled binary, (mempodroid )
then
adb push mempodroid /data/local
adb push su /data/local
adb shell
chmod 777 /data/local/mempodroid
Once you have this completed.
goto Rkeenes Site.
hxxp://rkeene.org/projects/info/wiki/210
skip down to step 16.
Follow the instructions there.. Mind you there is a specific offset that you must use for your acer. ( It is listed on his page now )
but this WILL work.
I have done it..
Please please please. Give MASSIVE Credit where Credit is due on this, Saurik, Jason A. Donenfeld (zx2c4), and RKeene.
In Our case here, RKeene took the time to work with me to get the offsets for the Acer, so we can get the /system folder mounted RW. ( I would say an hour or two )
-Hex
Have anyone confirmed this working?
Quick Question
Does the root process being taken require access to a linux machine or can it be done from windows. Most of the commands look like they take place in adb shell but some of the adb push commands look like they are run from a linux command line. I know sounds stupid but not sure and dont want to brick device. The reson I ask is because I run mempodroid and run mkdir command. gets
"[email protected]:/ $ /data/local/mempodroid 0xd9f0 0xad4b -o remount,re "/system
/data/local/mempodroid 0xd9f0 0xad4b -o remount,re "/system
> /data/local/mempodroid 0xd9f0 0xaf47 sh
/data/local/mempodroid 0xd9f0 0xaf47 sh
> mkdir /data/x-root
mkdir /data/x-root
> mkdir /data/x-root/bin
mkdir /data/x-root/bin
> ^C
C:\Program Files\Android\android-sdk\platform-tools>adb push busybox /data/x-root/bin/busybox
failed to copy 'busybox' to '/data/x-root/bin/busybox': No such file or directory"
What am i missing?
Update
Now it shows this
"[email protected]:/ $ chmod 777 data/local/mempodroid
chmod 777 data/local/mempodroid
[email protected]:/ $ /data/local/mempodroid 0xd9f0 0xaf47 mount -o remount,rw /system
0xaf47 mount -o remount,rw /system <
mount: Operation not permitted"
This is killing me!?
I get to here
mount -o ro -t ext4 /dev/loop0 /dev/tmpdir
and it tells me
mount: invalid argument
what the?
---------- Post added at 12:47 PM ---------- Previous post was at 11:55 AM ----------
Ok, this was a pain in the arse!
I hope I can remember the steps I took in order to get this done.
By the way, I'm using windows
adb push mempodroid /data/local
adb push su /data/local
adb shell
$ chmod 777 /data/local/mempodroid
Click to expand...
Click to collapse
Then I went to here as directed,
http://rkeene.org/projects/info/wiki/210
but didn't follow the steps as they were shown because I got stuck many times and had to start over.
So here are my steps.
1.
$ /data/local/mempodroid 0xd9f0 0xaf47 sh
Click to expand...
Click to collapse
which then should turn the $ into a #
2.
# mkdir /data/x-root /data/x-root/bin
Click to expand...
Click to collapse
3. Download this,
http://www.rkeene.org/projects/info/resources/diatribes/root-toshiba-thrive/busybox
and then move the file to where you have mempodroid and su so you can adb push them easier
4.
adb push busybox /data/x-root/bin/busybox
adb push su /data/x-root/bin/su
adb shell
Click to expand...
Click to collapse
5. This is where it got tricky. If you don't pay close attention, you will most likely do what I did and put files where they aren't supposed to go. So please, PAY ATTENTION!
If you still have the # in the shell, move forward. Otherwise,
/data/local/mempodroid 0xd9f0 0xaf47 sh
Click to expand...
Click to collapse
and then move forward once # is confirmed.
# cd /data/x-root/bin
# chmod 755 busybox
# ./busybox bash
Click to expand...
Click to collapse
Now, there is no doubting it, you will get the "bash: precmd: not found" error.
# unset PS1 PROMPT_COMMAND
# ./busybox bash
# for tool in $(./busybox --list); do ln -s busybox $tool; done
# PATH="${PATH}:/data/x-root/bin"; export PATH
Click to expand...
Click to collapse
6. AGAIN, PAY CLOSE ATTENTION HERE!!
# mknod /dev/loop0 b 7 0
# losetup -o 25165824 /dev/loop0 /dev/block/mmcblk0
Click to expand...
Click to collapse
7. This is where I ran into another problem, so pay attention.
# cd /
# mkdir /dev/tmpdir
# ls -l /dev/tmpdir
Click to expand...
Click to collapse
You will see nothing as the steps describe. This is because we skipped a step. Why? Because mount -o ro -t ext4 /dev/loop0 /dev/tmpdir for some strange reason wouldn't unmount so I could mount the next step. So instead, we move on and then check again.
Here is the removed step
# mount -o ro -t ext4 /dev/loop0 /dev/tmpdir
# ls -l /dev/tmpdir
# umount /dev/tmpdir
Click to expand...
Click to collapse
You can try this but I advise not to or you could very well run into the same issue I had where you can't unmount in order to move on with the root process
# mount -t ext4 /dev/loop0 /dev/tmpdir
# ls -l /dev/tmpdir
Click to expand...
Click to collapse
And now you will see /system mounted.
8.
# cp /data/x-root/bin/su /dev/tmpdir/bin/
# chmod 4555 /dev/tmpdir/bin/su
# umount /dev/tmpdir
# losetup -d /dev/loop0
# sync
# reboot
Click to expand...
Click to collapse
9. Now once your A200 reboot and displays the home screen, we will confirm.
adb shell
[email protected]:/ $ su
Click to expand...
Click to collapse
If the $ doesn't turn into a #, you did something wrong...
Thank you hexmare, for opening this thread and giving the guidance.
Thank you d10369319, for "/data/local/mempodroid 0xd9f0 0xaf47 sh", I would have never figured this out.
Thank you RKeene, for writing out the guide to Root the Toshiba Thrive
And Thank you Saurik along with zx2c4, for mempodroid
By the way, I'm posting this in the Dev section...
been away
Thanks for clearing up the questions. I have been gone the past couple hours. Also thanks for reposting this in the dev section as well, I would have but I don't have enough posts on here to post under that section yet.
-Hex
So i'm stucks again
where did i go wrong?
/data/x-root/bin # #PATH="${PATH}:/data/x-root/bin";export PATH
#PATH="${PATH}:/data/x-root/bin";export PATH
/data/x-root/bin # cd /
cd /
/ # mknod /dev/loop0 b 7 0
mknod /dev/loop0 b 7 0
bash: mknod: not found
Anytime, buddy. I figured if I was having problems rooting, others would have problems as well so I wanted to make it as simple as possible...
---------- Post added at 03:40 PM ---------- Previous post was at 03:37 PM ----------
d10369319 said:
where did i go wrong?
/data/x-root/bin # #PATH="${PATH}:/data/x-root/bin";export PATH
#PATH="${PATH}:/data/x-root/bin";export PATH
/data/x-root/bin # cd /
cd /
/ # mknod /dev/loop0 b 7 0
mknod /dev/loop0 b 7 0
bash: mknod: not found
Click to expand...
Click to collapse
I think you might have missed these steps.
# unset PS1 PROMPT_COMMAND
# ./busybox bash
# for tool in $(./busybox --list); do ln -s busybox $tool; done
Click to expand...
Click to collapse
Something that I want to point out as well. Especially those that are trying this root on a200's that have the OTA update.
Please for the love of all that is holy, MOUNT AS READ ONLY FIRST. You need to make sure that you have the correct offset for the system area that you mount.
If you have the wrong offset, mount as RW, and write to it, you can REALLY hose up your tablet and possibly brick it.
mount -o ro -t ext4 /dev/loop0 /dev/tmpdir
ls -l /dev/tmpdir
ls -l /system
** COMPARE THEM if they pass then continue.**
umount /dev/tmpdir
mount -t ext4 /dev/loop0 /dev/tmpdir
sorry for the several caps spots. But this is really important. I don't want Shiny bricks being formed.
-Hex
Tryed agin get this
philosophics said:
Anytime, buddy. I figured if I was having problems rooting, others would have problems as well so I wanted to make it as simple as possible...
---------- Post added at 03:40 PM ---------- Previous post was at 03:37 PM ----------
I think you might have missed these steps.
Click to expand...
Click to collapse
I tried it again and still got same error. When i run it i get
[email protected]:/data/x-root/bin # unset PS1 PROMPT_COMMAND
unset PS1 PROMPT_COMMAND
[email protected]/busybox bash
./busybox bash
/data/x-root/bin # for tool in $(./busybox --list); do ln -s busybox $tool; done
for tool in $(./busybox --list); do ln -s busybox $tool; done
link failed File exists
link failed File exists<====This shows up a bunch
/data/x-root/bin # #PATH="${PATH}:/data/x-root/bin";export PATH
#PATH="${PATH}:/data/x-root/bin";export PATH
/data/x-root/bin # cd /
cd /
/ # mknod /dev/loop0 b 7 0
mknod /dev/loop0 b 7 0
bash: mknod: not found
---------- Post added at 12:08 AM ---------- Previous post was at 12:06 AM ----------
Are you running the OTA update or the dev leak ICS?
d10369319 said:
for tool in $(./busybox --list); do ln -s busybox $tool; done
link failed File exists
link failed File exists<====This shows up a bunch
Click to expand...
Click to collapse
This is because you've already completed this step so it's already there.
---------- Post added at 12:08 AM ---------- Previous post was at 12:06 AM ----------
Are you running the OTA update or the dev leak ICS?
Click to expand...
Click to collapse
I am running the OTA
And by the way, I think I know what's wrong. I put one step in the wrong place.
Before you cd / try this
# mknod /dev/loop0 b 7 0
# losetup -o 25165824 /dev/loop0 /dev/block/mmcblk0
then try cd / and continue.
If that's what went wrong, I will revise the guide
---------- Post added at 04:25 PM ---------- Previous post was at 04:22 PM ----------
hexmare said:
Something that I want to point out as well. Especially those that are trying this root on a200's that have the OTA update.
Please for the love of all that is holy, MOUNT AS READ ONLY FIRST. You need to make sure that you have the correct offset for the system area that you mount.
If you have the wrong offset, mount as RW, and write to it, you can REALLY hose up your tablet and possibly brick it.
mount -o ro -t ext4 /dev/loop0 /dev/tmpdir
ls -l /dev/tmpdir
ls -l /system
** COMPARE THEM if they pass then continue.**
umount /dev/tmpdir
mount -t ext4 /dev/loop0 /dev/tmpdir
sorry for the several caps spots. But this is really important. I don't want Shiny bricks being formed.
-Hex
Click to expand...
Click to collapse
Yes, but this is where I got stuck. When I tried to run the umount command for this, it basically told me no. This is why I intentionally left that particular step out...
Well since you are running OTA, ( Which was my main concern ) and you didn't brick it I guess we are in good shape for the offsets. Since mine is the leaked version, I didn't want people on OTA to try and arf up.
so Thumbs up to you.
now since you have the OTA and root. Would you mind pulling a System Dump, including Boot and recovery images so those of us on leak can move back to official??
-Hex
I ran it from the point were i got
"link failed File exists
link failed File exists
/data/x-root/bin # #PATH="${PATH}:/data/x-root/bin";export PATH
#PATH="${PATH}:/data/x-root/bin";export PATH
/data/x-root/bin # cd /
cd /
/ # mknod /dev/loop0 b 7 0
mknod /dev/loop0 b 7 0
bash: mknod: not found"
Still same problem
---------- Post added at 12:37 AM ---------- Previous post was at 12:31 AM ----------
Started completely over from sctratch 4 times and still get stuck in the same exact spot. Completely insane.
hexmare said:
now since you have the OTA and root. Would you mind pulling a System Dump, including Boot and recovery images so those of us on leak can move back to official??
-Hex
Click to expand...
Click to collapse
I would be glad to do so, but have never done it before. Mind throwin me the steps for that?
---------- Post added at 04:42 PM ---------- Previous post was at 04:40 PM ----------
d10369319 said:
I ran it from the point were i got
"link failed File exists
link failed File exists
/data/x-root/bin # #PATH="${PATH}:/data/x-root/bin";export PATH
#PATH="${PATH}:/data/x-root/bin";export PATH
/data/x-root/bin # cd /
cd /
/ # mknod /dev/loop0 b 7 0
mknod /dev/loop0 b 7 0
bash: mknod: not found"
Still same problem
---------- Post added at 12:37 AM ---------- Previous post was at 12:31 AM ----------
Started completely over from sctratch 4 times and still get stuck in the same exact spot. Completely insane.
Click to expand...
Click to collapse
I just updated the guide. Misplaced some steps. Try it again with the revised steps.
Are there any specific device settings that your running other than usb debuging on your device, and what version of windows are you using cause im thinking maybe device drivers may be an issue.
I'm running windows 7
If you are able to use adb with the A200, then drivers would not be an issue.
GOT ROOT!!!!!!!!!!!!
Found the error
"/data/x-root/bin # PATH="${PATH}:/data/x-root/bin"; export PATH
PATH="${PATH}:/data/x-root/bin"; export PATH
/data/x-root/bin # mknod
mknod
BusyBox v1.19.3-Stericson (2011-11-01 20:22:18 CDT) multi-call binary.
Usage: mknod [-m MODE] NAME TYPE MAJOR MINOR
Create a special file (block, character, or pipe)
-m MODE Creation mode (default a=rw)
TYPE:
b Block device
c or u Character device
p Named pipe (MAJOR and MINOR are ignored)
/data/x-root/bin # mknod /dev/loop0 b 7 0
mknod /dev/loop0 b 7 0
/data/x-root/bin # losetup -o 25165824 /dev/loop0 /dev/block/mmcblk0
losetup -o 25165824 /dev/loop0 /dev/block/mmcblk0
/data/x-root/bin # cd /
cd /
/ # mkdir /dev/tmpdir
mkdir /dev/tmpdir
/ # ls -l /dev/tmpdir
ls -l /dev/tmpdir
/ # mount -t ext4 /dev/loop0 /dev/tmpdir
mount -t ext4 /dev/loop0 /dev/tmpdir
/ # ls -l /dev/tmpdir
ls -l /dev/tmpdir
drwxr-xr-x root root 2012-02-16 16:27 app
drwxr-xr-x root shell 2012-02-16 16:27 bin
-rw-r--r-- root root 1939 2008-08-01 08:00 build.prop
drwxr-xr-x root root 2012-02-16 16:27 etc
drwxr-xr-x root root 2012-02-16 16:27 fonts
drwxr-xr-x root root 2012-02-16 16:27 framework
drwxr-xr-x root root 2012-02-16 16:27 lib
drwxr-xr-x root root 1969-12-31 19:00 lost+found
drwxr-xr-x root root 2012-02-16 16:27 media
-rw-r--r-- root root 595088 2008-08-01 08:00 recovery-from-boot.p
drwxr-xr-x root root 2012-02-16 16:27 tts
drwxr-xr-x root root 2012-02-16 16:27 usr
drwxr-xr-x root shell 2012-02-16 16:27 vendor
drwxr-xr-x root shell 2012-02-16 16:27 xbin
/ # cp /data/x-root/bin/su /dev/tmpdir/bin/
cp /data/x-root/bin/su /dev/tmpdir/bin/
/ # chmod 4555 /dev/tmpdir/bin/su
chmod 4555 /dev/tmpdir/bin/su
/ # unmount /dev/tmpdir
unmount /dev/tmpdir
bash: unmount: not found
/ # umount /dev/tmpdir
umount /dev/tmpdir
/ # losetup -d /dev/loop0
losetup -d /dev/loop0
losetup: /dev/loop0: No such device or address
/ # losetup -d /devo/loop0
losetup -d /devo/loop0
losetup: /devo/loop0: No such file or directory
/ # sync
sync
/ # reboot
reboot
reboot returned
/ #
C:\Program Files\Android\android-sdk\platform-tools>adb shell
[email protected]:/ $ su
su
[email protected]:/ #"
run #PATH="${PATH}:/data/x-root/bin"; export PATH
Thats were the error occured and was causing a problem.
Thanx to saurik (hxxps://github.com/saurik/mempodroid) for the root method, Jason A. Donenfeld (zx2c4) (Linux Local Privilege Escalation via SUID /proc/pid/mem Write | Nerdling Sapple) for finding the exploit
And a big thanks to philosophics for helping me out.
---------- Post added at 01:17 AM ---------- Previous post was at 01:15 AM ----------
philosophics said:
I'm running windows 7
If you are able to use adb with the A200, then drivers would not be an issue.
Click to expand...
Click to collapse
Turns out it was a typo in the direction's, only needs one # for the path command and thats whats was causing the error. Ty so much for your help philosophics.
You are most welcome. I remember what the original android days were like. Kind of a pain to get anything done...
Grats on the root!!!
Before I dive in head first, will my iconia be wiped while performing this root?? Just want to back up if need be.
And it's confirmed working on the OTA??
No, your device will not be wiped...
Yes, I performed this on the OTA
Hi guys,
For the Nexus 7, is there a command I can execute in adb shell root to mount the /system/ to enable reading and writing?
For example for the Galaxy Nexus it was...
mount -o rw,remount -t ext4 /dev/block/platform/omap/omap_hsmmc.0/by- name/system /system
What is it for the Nexus 7?
Thanks!
mdrdroid said:
Hi guys,
For the Nexus 7, is there a command I can execute in adb shell root to mount the /system/ to enable reading and writing?
For example for the Galaxy Nexus it was...
mount -o rw,remount -t ext4 /dev/block/platform/omap/omap_hsmmc.0/by- name/system /system
What is it for the Nexus 7?
Thanks!
Click to expand...
Click to collapse
Shot in the dark:
Code:
adb shell
su
mount -o remount rw /system
then, for example, you should be able to do:
Code:
cp /system/build.prop [destination]
cp [source] /system/
cwoggon said:
Shot in the dark:
Code:
adb shell
su
mount -o remount rw /system
then, for example, you should be able to do:
Code:
cp /system/build.prop [destination]
cp [source] /system/
Click to expand...
Click to collapse
Thank you for replying!
I did try your shot in the dark, however when I tried to do a mkdir test for example I still got:
[email protected]:/ # mkdir test
mkdir failed for test, Read-only file system
I believe the format is like:
Usage: mount [-r] [-w] [-o options] [-t type] device directory
But I don't know the specifics. Any thoughts is appreciated!
What I posted above works on my GNex, was /system your active directory when you tried to mkdir?
I would try on my N7, but its ready to be RMA'd...
Code:
[email protected]:/system # mount -o remount rw /system
mount -o remount rw /system
[email protected]:/system # mkdir test
mkdir test
[email protected]:/system # ls
ls
app
bin
build.prop
etc
fonts
framework
lib
media
test
usr
vendor
xbin
[email protected]:/system # rmdir test
rmdir test
[email protected]:/system # ls
ls
app
bin
build.prop
etc
fonts
framework
lib
media
usr
vendor
xbin
[email protected]:/system #
cwoggon said:
What I posted above works on my GNex, was /system your active directory when you tried to mkdir?
I would try on my N7, but its ready to be RMA'd...
Code:
[email protected]:/system # mount -o remount rw /system
mount -o remount rw /system
[email protected]:/system # mkdir test
mkdir test
[email protected]:/system # ls
ls
app
bin
build.prop
etc
fonts
framework
lib
media
test
usr
vendor
xbin
[email protected]:/system # rmdir test
rmdir test
[email protected]:/system # ls
ls
app
bin
build.prop
etc
fonts
framework
lib
media
usr
vendor
xbin
[email protected]:/system #
Click to expand...
Click to collapse
Your advice worked, I over complicated it. I just did this again on my N7 and worked perfectly. Thank you very much!!!
Hello Defy Experts! There are other posts on here about deleting system files, but I seem to have the opposite problem. i'm trying to mess with system problems, and am having a hard time. see my progress below? What can i do to change ownership and permissions, just a simple chown?
Code:
$ cd bp_nvm_default
$ ls
File_Audio File_Audio4_AMR_WB File_GSM
File_Audio1_AMR_WB File_Audio5 File_Logger
File_Audio2 File_Audio5_AMR_WB File_Seem_Flex_Tables
File_Audio2_AMR_WB File_Audio6 File_UMA
File_Audio3 File_Audio7 bp_nvm_default
File_Audio3_AMR_WB File_Audio8 generic_pds_init
File_Audio4 File_GPRS
$ sudo
sudo: not found
$ su
# rm File_Audio
rm: remove 'File_Audio'? y
rm: can't remove 'File_Audio': Read-only file system
# exit
$ exit
[email protected]:~$
limantour said:
Hello Defy Experts! There are other posts on here about deleting system files, but I seem to have the opposite problem. i'm trying to mess with system problems, and am having a hard time. see my progress below? What can i do to change ownership and permissions, just a simple chown?
Code:
$ cd bp_nvm_default
$ ls
File_Audio File_Audio4_AMR_WB File_GSM
File_Audio1_AMR_WB File_Audio5 File_Logger
File_Audio2 File_Audio5_AMR_WB File_Seem_Flex_Tables
File_Audio2_AMR_WB File_Audio6 File_UMA
File_Audio3 File_Audio7 bp_nvm_default
File_Audio3_AMR_WB File_Audio8 generic_pds_init
File_Audio4 File_GPRS
$ sudo
sudo: not found
$ su
# rm File_Audio
rm: remove 'File_Audio'? y
rm: can't remove 'File_Audio': Read-only file system
# exit
$ exit
[email protected]:~$
Click to expand...
Click to collapse
Your system is not mounted as r/w, that's why you get this error.
Perhaps you should try it with a file manager like ES or RootExplorer which is configured to mount the system and data partition as r/w. As far as I can see these files are in /data/bp_nvm. I cannot see a folder "bp_nvm_default"...
filepaths and roadblocks
these files exist here:
/etc/motorola/bp_nvm_default
which appears to be, by all accounts, the files that change the baseband frequency tuning. it is my goal to mess with the tuning. I'm avoiding the app baseband switcher until a last resort ( i'm suspicious of apps i don't see the code for that aren't market based).
i haven't tried a chown yet, mostly because I'm unclear of whom I'm chowning to.... the bridge doesn't list the current user like a standard linux interface.
thanks!,
A
limantour said:
these files exist here:
/etc/motorola/bp_nvm_default
which appears to be, by all accounts, the files that change the baseband frequency tuning. it is my goal to mess with the tuning. I'm avoiding the app baseband switcher until a last resort ( i'm suspicious of apps i don't see the code for that aren't market based).
i haven't tried a chown yet, mostly because I'm unclear of whom I'm chowning to.... the bridge doesn't list the current user like a standard linux interface.
thanks!,
A
Click to expand...
Click to collapse
Uhh OK. I am not a dev or even a Linux-User so I am not familiar with chmod, chown commands etc. But I see another folder ("basebands") which contains a lot of zips separated by continents. These zips all contain a set of your mentioned files. So I guess the Basebandswitcher just extracts the files to the appropriate path...
Did you try to use adb to manipulate the files?
yeah
Swift2603 said:
Uhh OK. I am not a dev or even a Linux-User so I am not familiar with chmod, chown commands etc. But I see another folder ("basebands") which contains a lot of zips separated by continents. These zips all contain a set of your mentioned files. So I guess the Basebandswitcher just extracts the files to the appropriate path...
Did you try to use adb to manipulate the files?
Click to expand...
Click to collapse
Yes, I've been using adb from the get-go, thus the term screen shots. I've discovered the problem.
The issue is:! I seem not to be able to mount /system in adb as a writeable entity.
The solution? I have to mount within adb, and not use the command adb remount, which is fail, and I don't know why.
see my solution in action here:
Code:
[email protected]:/$ adb devices
List of devices attached
0163DD9312025018 device
[email protected]:/$ adb shell
$ mount -o rw,remount /system
mount: permission denied (are you root?)
$ su
# mount -o rw,remount /system
# cd /etc/motorola/bp_nvm_default
# ls
File_Audio File_Audio4_AMR_WB File_GSM
File_Audio1_AMR_WB File_Audio5 File_Logger
File_Audio2 File_Audio5_AMR_WB File_Seem_Flex_Tables
File_Audio2_AMR_WB File_Audio6 File_UMA
File_Audio3 File_Audio7 bp_nvm_default
File_Audio3_AMR_WB File_Audio8 generic_pds_init
File_Audio4 File_GPRS
# rm File_Audio
# ls
File_Audio1_AMR_WB File_Audio5 File_Logger
File_Audio2 File_Audio5_AMR_WB File_Seem_Flex_Tables
File_Audio2_AMR_WB File_Audio6 File_UMA
File_Audio3 File_Audio7 bp_nvm_default
File_Audio3_AMR_WB File_Audio8 generic_pds_init
File_Audio4 File_GPRS
File_Audio4_AMR_WB File_GSM
#
Thanks a bunch!
A.
manual update causes boot fail : (
ok, well I was able to swap all the files in the directory /etc/motorola/bp_nvm_default , but when i reboot , it just endlessly reboots on the red motorola icon. FAIL. why does this happen? any dev experts to answer?
here is my deal from start to finish..
Code:
[email protected]:~$ adb devices
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
List of devices attached
0163DD9312025018 device
[email protected]:~$ adb shell
$ su
# exit
$ mount -o rw,remount /system
Usage: mount [-r] [-w] [-o options] [-t type] device directory
$ mount -o rw,remount /dev/block/mmcblk0p1 /system
mount: Operation not permitted
$ su
# mount -o rw,remount /dev/block/mmcblk0p1 /system
# cd /sdcard/winter
# ls
File_Audio
File_Audio1_AMR_WB
File_Audio2
File_Audio2_AMR_WB
File_Audio3
File_Audio3_AMR_WB
File_Audio4
File_Audio4_AMR_WB
File_Audio5
File_Audio5_AMR_WB
File_Audio6
File_Audio7
File_Audio8
File_GPRS
File_GSM
File_Logger
File_Seem_Flex_Tables
File_UMA
# cd ..
# cd ..
# ls
asec
secure
sdcard
# cd ..
# ls
preinstall
tmp
pds
cdrom
config
cache
sdcard
acct
mnt
d
etc
system
sys
sbin
proc
init_prep_keypad.sh
init.rc
init.mapphone_umts.rc
init.mapphone_cdma.rc
init.goldfish.rc
init
default.prop
data
root
dev
# cd ..
# ls
preinstall
tmp
pds
cdrom
config
cache
sdcard
acct
mnt
d
etc
system
sys
sbin
proc
init_prep_keypad.sh
init.rc
init.mapphone_umts.rc
init.mapphone_cdma.rc
init.goldfish.rc
init
default.prop
data
root
dev
# cd /etc/motorola/bp_nvm_default
# ls
File_Audio7
File_Audio5
generic_pds_init
File_Audio1_AMR_WB
File_Audio3
File_Audio2
File_Audio4
File_Logger
File_Audio3_AMR_WB
File_GSM
File_GPRS
File_Audio5_AMR_WB
File_Audio
File_Audio8
File_Audio4_AMR_WB
File_Seem_Flex_Tables
File_UMA
File_Audio2_AMR_WB
File_Audio6
# rm *
# ls
# cd ..
# ls
comm_drv
com.motorola.android.dm.service
com.android.browser
com.motorola.blur.weather
visualization
bplogd.conf
com.motorola.nabsync
tcmd
com.motorola.im
com.android.phone
com.motorola.blur.conversations
sourcePreferences.xml
com.motorola.blur.datamanager.app
com.motorola.android.fota
bp_nvm_default
com.android.providers.settings
com.motorola.vf360
com.motorola.android.providers.settings
ap_flex_version.txt
com.motorola.blur.setup
com.motorola.settings.anr.provider
com.motorola.blur.home
panic_daemon.config
com.motorola.blur.service.blur
# cd bp_nvm_default
# ls
# cd ..
# cd ..
# cd ..
# ls
default.prop
etc
xbin
media
build.prop
bin
framework
preinstall
usr
tts
fonts
app
lib
lost+found
# cd ..
# ls
preinstall
tmp
pds
cdrom
config
cache
sdcard
acct
mnt
d
etc
system
sys
sbin
proc
init_prep_keypad.sh
init.rc
init.mapphone_umts.rc
init.mapphone_cdma.rc
init.goldfish.rc
init
default.prop
data
root
dev
# cp -r /sdcard/winter/* /etc/motorola/bp_nvm_default
# cd ..
# ls
preinstall
tmp
pds
cdrom
config
cache
sdcard
acct
mnt
d
etc
system
sys
sbin
proc
init_prep_keypad.sh
init.rc
init.mapphone_umts.rc
init.mapphone_cdma.rc
init.goldfish.rc
init
default.prop
data
root
dev
# cd /etc/motorola/bp_nvm_default
# ls
File_Audio
File_Audio1_AMR_WB
File_Audio2
File_Audio2_AMR_WB
File_Audio3
File_Audio3_AMR_WB
File_Audio4
File_Audio4_AMR_WB
File_Audio5
File_Audio5_AMR_WB
File_Audio6
File_Audio7
File_Audio8
File_GPRS
File_GSM
File_Logger
File_Seem_Flex_Tables
File_UMA
# exit
$ exit
[email protected]:~$ adb reboot
[email protected]:~$