Related
Discovering "adb shell" gave joy, experiencing the shell as minimal bash with awful line handling (backspace and command recall) gave annoyance, experiencing "adb root" refusing access gave frustration.
After some tracking, it turns out that adbd behaviour is determined by the property "ro.debuggable" which is set during system init. The initial value is located in the file "/default.prop". In JP6 it is set to 0 resulting is adbd refusing access. However, set to 1, "adbd root" will give the much better response of "restarting adbd as root".
Once set, the property value cannot be changed. To get this fixed you need to change the contents of the file default.prop which is located in the initial ramdisk image.
Optionally, you can put a replacement shell in /sbin of in ramdisk image so that when connected "exec bash" will make things more relaxing. I attached the version I am using, which is statically linked with ncurses/readline.
There is also a simple patch to unlock adbd if you dislike opening and rebuilding the ramdisk image. However, you do need binoffset which is located in the scripts directory of the linux source tree.
Code:
ofs=`scripts/binoffset initramfs.cpio \`echo -n 'debuggable=0' | od -t u1 -An\` 2>/dev/null`
echo 'debuggable=1' | dd bs=1 seek=$ofs conv=notrunc of=initramfs.cpio
Thanks...any help though?
Hi....thanks for the fix....could you point me to a decent howto on editting the initial ramdisk?
Thanks
M
it doesn't sound simple
i will try to figure that one out ...
Dear Hexabit,
I know it's an old topic.
But do you know how can I use this Fix on a windows 7?
tried searching for binoffset software/script..couldn't find anything
I have a Flytouch 3 tablet, rooted(Z4) with terminal emulator and root explorer.
is there a way to use you bash.rar to unlock adb access?
thanks for the help
doekoe87 said:
Dear Hexabit,
I know it's an old topic.
But do you know how can I use this Fix on a windows 7?
tried searching for binoffset software/script..couldn't find anything
I have a Flytouch 3 tablet, rooted(Z4) with terminal emulator and root explorer.
is there a way to use you bash.rar to unlock adb access?
thanks for the help
Click to expand...
Click to collapse
you have to split the kernel, then decompile the ramdisk and edit default.prop and change ro.debuggable to 1, then recompile and flash
confuse but giving me a clue
I use unpackbootimg in my ubuntu pc.
The adb root works not properly after set debuggable=1.
When I saw your thread that told the adbd should be unlocked too, then I replace the adbd with a unlocked one. It works!
Thanks for your help.
I am sorry but I don't understand how to use the file.
teoking said:
I use unpackbootimg in my ubuntu pc.
The adb root works not properly after set debuggable=1.
When I saw your thread that told the adbd should be unlocked too, then I replace the adbd with a unlocked one. It works!
Thanks for your help.
Click to expand...
Click to collapse
Hi,
I can upload nothing to my root catalog of my phone.
So how could I use the adbd file in this case?
Phone is rooted but I have a problem with adb root command like subject of this topic is.
Can u help me with the process because I kept the file in /sbin but still it's not working.
Active system
Sent from my SM-G900T3 using Tapatalk
The purpose of this tutorial is not to teach you everything. It's just to give the less-than-average user (noob) an idea of why certain steps are taken and how to prevent and or troubleshoot problems that most people have when rooting or flashing ROMs on their device. I am also assuming that if you do decide to root your device you have at least a basic working knowledge of a computer. If you don't know what a desktop is or how to find the "any" key, you have no business being anywhere near a computer much less an android device…continue no further. Read my tutorial…If you like it, let me know. If I missed anything or got something wrong, let me know…I'll try to fix it. If you're impartial to it, I couldn't care less. If you hate it, PM me…I have some important information for you about anger management.
ROOTING
While there are different rooting "methods" they all rely on the same basic concept. Get temporary root access to your system in order to use the adb (Android Debug Bridge) to transfer necessary files and change permissions to permanently root (take ownership of) the device.
Before programs like KindleFireUtility and KindleWater, rooting the Kindle Fire was done manually through a command line interface (command prompt). Although those programs still use the same methods, you never see it. But why use command prompt? What do those commands mean anyway? Anyone can point and click but if you don't know what is going on behind the scenes then you are big trouble when things go wrong…and they inevitably will. So, let's get started.
From here on out we will consider this the beginning of the tutorial. Read everything first before doing anything. Pay close attention to what's being said and follow instructions carefully. Now...
Before anything your device needs to be fully charged and have the Android SDK and the Kindle adb drivers installed onto your computer. I'm not going to go into how to install SDK or Kindle adb drivers here because there are millions of pages on the internet that will teach you, and quite frankly that's not the purpose of this tutorial. That being said, lets get down to business and talk about the older (manual) methods of rooting the Kindle Fire.
First, lets start with the device turned on. Now go to your Kindle Fire settings and scroll down and select "Devices". Make sure "Allow Installation of Applications" is set to ON. This allows you to install apps not downloaded from the Amazon App Store. Next we open the App Store and search for and install a file management utility (ES File Explorer is a good one to start with). This will be necessary to temporarily root your device. Exit the App Store.
Now plug your device into the computer. For the purposes of this exercise there are two USB modes you will need to know, USB debugging and USB file transfer. On stock devices when you plug into your computer you will see a black screen that says "You can now transfer files from your computer to Kindle". This we will call USB file transfer mode. You will use this to transfer a program to your device that will give you temporary root permissions. The old program for this was ZergRush, nowadays its BurritoRoot and tomorrow it will probably be something else. Whatever it is, find whichever one works for your device's software version and transfer it to your device using Explorer (Windows) or Finder (Mac). Since you don't have root access yet, everything you put on your device for now will go directly to the SDcard partition, far away from system folders (for all intents and purposes).
Press "disconnect" on your Kindle Fire. Now, and by default, your Kindle is in USB debugging mode. What that means is that when you are not in USB file transfer mode your device is constantly listening for debugging commands coming from the USB port. We will be using this to send adb commands to the device which are necessary for rooting and setting up recovery. Now open the file management app you installed from the App Store, navigate to the temporary root program you transferred from your computer and open it. Install and follow the instructions, if any. Next go to your computer and navigate to your Android SDK folder and look for a folder called "platform-tools" if you don't see it, open the tools folder and double-click the file named "Android". Select "platform-tools" and install.
To make things simple, lets to take the platform-tools folder and place it on your desktop (just be sure to put it back when this is all over).
At this point we need to get Superuser. This is what we will use to give your apps root access. Go to http://www.androidsu.com/superuser and download the one for Gingerbread. Extract the superuser.zip file, open the folder and navigate to the system folder inside. There, inside the "app" and "bin" folders you will see two files called "superuser.apk" and "SU". Place them in the platform-tools folder that is now on your desktop. And now the fun part, it's time to start rooting.
Open your command prompt (or terminal for mac users) and type and enter:
cd Desktop/platform-tools
Here, you are telling the computer to cd (change directory) to the platform-tools folder located inside the Desktop folder. This is going to be your workspace. Everything you do from here on will be done from this folder. If you don't get any errors then you are in good shape. Otherwise you messed up somewhere and probably skipped a step...go back and read from the beginning. Make sure your Kindle Fire is turned on and NOT in USB file transfer mode. If you are not sure what mode you're in, go back to the beginning. If this is your second time around, stop. You need to learn more about how to change directories using command line interface.
When you are in the platform-tools folder, type and enter this command:
adb devices
Mac and Linux users will put ./ before all adb and fastboot commands from here on out. It will look like: ./adb devices
Here you are using the adb program to print a list of connected devices. You should see a bunch of numbers that mean nothing to you at this skill level. Move on. If you don't see any numbers then you either don't have your drivers installed properly or you skipped a step; go back to the beginning.
If you do get a bunch of numbers your device is connected. Now type and enter:
adb root
...gives root permissions to the adb
adb remount
...mounts the system partition to a "read/write" state allowing you to make changes to system files and folders. Consequentially, if you enter adb remount a second time, you will change it back to "read only". Don't do that.
adb push su /system/xbin/su
...will push (transfer) the file named "SU" that is in your workspace (platform-tools folder) to the su folder inside the xbin folder of your device's system folder. The SU binary file is what other apps call to when they need superuser rights.
adb shell chown 0.0 /system/xbin/su
...this is where it gets a little funky. It opens a shell interface within the adb in order to chown (give ownership permissions) to user 0.0 for the su folder. A shell is a piece of software with a particular set of commands built in to act as sort of a go-between between the user, operating system and hardware kernel services. But who is user 0.0? [Edit:] User 0.0 is the root user. Thanks to b63 for that piece of knowledge
adb shell chmod 06755 /system/xbin/su
...opens a shell within the adb to chmod (change mode) of the su folder to 06755. What that basically means is you are changing the folder permissions to rwxr-xr-x or read/write/execute for the owner, and read/execute for the group and others.
adb install superuser.apk
...installs the program superuser.apk located in the platform-tools folder. Superuser.apk maintains a database of what apps you allow to access SU binary file.
That's how the rooting process works. Again if you get any errors, you did something wrong. Go back to the beginning and read it all over again. Attention is key.
Also, I suggest you skip the one-click methods for rooting and get used to using the command line interface so you understand how the process works in order to quickly troubleshoot problems should they arise. Oh and congratulations, you are rooted.
RECOVERY
Now lets install a custom recovery utility and a new boot-loader. For this you will be using the fastboot command. Before we go on, one thing you absolutely must get your head around is the difference between how fastboot interacts with your device versus how adb interacts with your device. fastboot deals with the boot portion of the device whereas adb only deals with the system portion. What that means is adb will only work when the device is completely booted. If for some reason your device doesn't boot properly then you should not be issuing adb commands. It's like trying to light a match in a vacuum. Fastboot works in the same way in that you must be in the fastboot bootmode in order to issue fastboot commands. Unless you have custom recovery installed or a factory programming cable there is only one way to get into fastboot mode. We'll talk about that later.
Installing recovery is a simple process but it is where people tend to have the most problems. Part of the reason is the misunderstanding of the different bootmodes. For now, you only need to be concerned with two of them; normal bootmode (4000) and fastboot bootmode (4002). The main reason people run into trouble is that once you are in a particular bootmode, it doesn't change until you tell it to (with the exception of temporary fastboot which we will get into later).
In normal bootmode your device will boot...normally (imagine that). With the fastboot bootmode the boot-loader will hang at the Kindle Fire splash screen (or yellow triangle if you have recovery installed) to wait for further commands. If this happens to you, chances are your only problem is you are in the wrong bootmode, which is easy to fix. Knowing that, installing a custom recovery should be a breeze.
First find whatever recovery you want to use (unzip it if you have to) and place the .img file into your platform-tools folder that you were using earlier. We're going to use adb to change the bootmode to fastboot in order to install custom recovery. Remember, anything that pertains to the boot-loader, (Kindle Fire logo/yellow triangle) will be done in the fastboot bootmode; that includes custom recovery installation. For more information on Kindle Fire bootmodes, boot-loaders, fastboot and just about everything else, see this post:
http://forum.xda-developers.com/showthread.php?t=1552547
From your command prompt type and enter:
adb shell
su
idme bootmode 4002
reboot
What that does is tells adb to open a shell and su (substitute user) for the root user, change the bootmode from normal (4000) to fastboot (4002) and reboot. The root user has the necessary permissions to change the bootmode from the adb. Your device will reboot then hang at the splash screen because it is in the fastboot bootmode.
Now install your custom recovery (we'll call it customrecovery.img for now)
fastboot -i 0x1949 boot customrecovery.img
again, for Mac and Linux you would type: ./fastboot -i 0x1949 boot customrecovery.img
That tells your computer to, using the fastboot program that is in your platform-tools folder, boot the device with the ID of 0x1949 (your Kindle) with the file named "customrecovery.img"
After installation, reboot, but you will still be in the fastboot bootmode. So type:
fastboot -i 0x1949 oem idme bootmode 4000
fastboot reboot
…tells the device to reset the partition where the recovery(?) is located, change the bootmode to normal (4000) and reboot.
TROUBLESHOOTING
Flashing custom ROMS are another source of frustrations as they add too many variables to the equation. Some ROMS can be very unstable and cause weird things to happen to your device. But just knowing how this stuff works will help you fix 90% of the problems that may come up. If you are having trouble with your device, troubleshoot the problem:
Does the device turn on?
No
Is it fully charged?
No--> Charge it
Is it fully charged?
Yes--> Hold the power button for 30 seconds and restart
Does the device turn on?
No--> Hold the power button for 3 minutes and restart
Does the device turn on?
No--> Google search "Motorola USB factory programming cable"
Does it boot normally?
No
Do you have custom recovery installed
No--> You need to get into fastboot mode to issue fastboot commands. Google search "Motorola USB factory programming cable"
Do you have custom recovery installed?
Yes--> During the first 5 seconds of seeing the boot splash screen (this is temporary fastboot mode that comes with custom recovery) issue fastboot command to change bootmode to 4000. Reboot
Does it boot normally?
No
Can you get into recovery?
No--> During the first 5 seconds of seeing the boot splash screen (temporary fastboot mode) issue fastboot command to install a new customrecovery.img. Reboot.
Can you get into recovery?
Yes--> Re-flash your ROM. Reboot.
Does it boot normally?
No--> Enter recovery, factory reset, wipe cache, wipe dalvik cache, re-flash your ROM. Reboot
Does it boot normally?
No--> Enter recovery, factory reset, wipe cache, wipe dalvik cache, flash a different ROM. Reboot
Does it boot normally?
No--> Post your problem on the XDA forum. Include all pertinent information such as what rom you are using, what the exact problem is, what you were doing before the problem occurred and all the steps you have taken to try and fix the problem.
Does it boot normally?
Yes--> Give yourself a pat on the back, because you rock!
Do you Rock?
No--> Start over from the beginning
nice
--sent from my glacier.
I am getting the following error when I try to pull a TWRP backup from my Nexus 4. Can anyone please help?
Code:
remote object '/sdcard/TWRP' does not exist
It doesn't exist there. /sdcard/ is really a symlink. The actual location is /data/media/0/TWRP, but try /storage/emulated/0/TWRP as well.
Next time type "adb shell" to go into the phone, then type:
find / -type d -iname twrp
this will search the entire phone for folders with the name TWRP and list their path.
/ is the root folder of the phone to search in
-type d means search for folders only, leave it out if you want to search for file names
-iname means to search for terms case insensitive
sent from xda premium app
Thanks for the help eksasol. I've tried to pull many different paths and they all return the same remote object does not exist error. I've even tried sudo adb pull, with the same result. I've tried this, find / -type d -iname twrp but, all I get is Permission denied. If anyone else has got some ideas I'd be happy to hear them. Thanks. :good:
If you are using Ubuntu or linux, typing 'find' only search what is in your PC. You get permission denied because you want to search in a root directly that required root permission.
To search for files in your phone, you need to log into your phone by typing "adb shell". TWRP give you root by default, then you can use the find command.
Since you have root by default in TWRP, you don't need to use sudo, also Android do not have "sudo" installed. The correct way to gain root privilege in linux (Android) is by typing: su -
To tell if you have are root, you should see # where your user name is in the command window.
Once you are done finding the path, you need to exit the adb shell in order to make contact with your PC, so just type exit. Only then you can start using "adb pull".
by the way, its "adb pull /data/media/0/TWRP/ \home\username\backup\"
Rememer in linux (Android), it's case sensitive.
OK, I see my mistakes now. I was not exiting adb shell when typing adb pull. Anyway, thanks to your help, everything is working correctly now. Thank you again, I really appreciate it. Now I can flash the 4.4 update safely.
eksasol said:
If you are using Ubuntu or linux, typing 'find' only search what is in your PC. You get permission denied because you want to search in a root directly that required root permission.
...
by the way, its "adb pull /data/media/0/TWRP/ \home\username\backup"
Rememer in linux (Android), it's case sensitive.
Click to expand...
Click to collapse
Thanks for helping me re-learn that linux (Android) is case sensitive
MoFo - Image Modification Methods
I have been helping people with other devices to make rooted ext4 images for their devices using @btdownloads7's method here:
http://forum.xda-developers.com/showpost.php?p=60389310&postcount=177
Works great. If they have the system images as sparse chunks, you can use @tal.aloni's SparseConverter.exe found here:
http://forum.xda-developers.com/showthread.php?t=2749797
to make an ext4 single image system.img but you have to use a hex editor to remove the header and the footer following tal.aloni's instructions in the thread, which I summarized here:
http://forum.xda-developers.com/showpost.php?p=61130622&postcount=41
Then you can use btdownloads7's method above to root it.
The problem is that for some devices like the XT1058 there was only the fxz available as a single file system.img, which is not an ext4 file. I don't know how to convert it to an ext4 image but I have an unlocked XT1060 and at least for the XT1058 what I found I could do was flash the XT1058 system.img to my XT1060 using mfastboot, then boot into recovery and go to Mount and check System. Then from an adb shell run the mount command. That told me where the system image was. On the XT1060 it was /dev/block/mmcblk0p38. Then from the adb shell I ran the command:
dd if=dev/block/mmcblk0p38 of=/sdcard/new_image.img
where if = input file, of = output file and dd is a command that copies the data in the input file to the output file.
Then I exited the adb shell and ran the command
adb pull /sdcard/new_image.img
to get the new_image.img on my computer. new_image.img is an ext4 file that you can flash using mfastboot if your bootloader is unlocked or mofo.exe if your bootloader is locked.
Since my XT1060's bootloader is unlocked and the XT1058 image boots on the XT1060, I could mod the XT1058 image while running android - install Xposed, busy box, etc. - then boot into recovery and run the commands above. I am sure I can also install a custom ROM in TWRP and then pull the image. The point being that for the XT1058 and the non-Dev Ed XT1060's,, which have locked bootloaders, I can modify the images using this method. My XT1060 won't work as a phone running an XT1058 image, but I can use wifi to connect to the playstore to download apps and then install them.
So, I was hoping that this would work the same for the XT1095 and our XT1096 devices. I can boot the Pure Edition XT1095 ext4 image fine on my XT1096 after flashing it with mofo.exe (although it won't make calls) so I think the XT1096 image would run on the XT1095. If someone has an XT1095, they should be able to make a nandroid of their sytem, do all of that above, add in whatever we want to the XT1096 image while running it, then boot into recovery, do the steps above and pull it as an ext4 file using adb, then restore their phone using the nandroid.
To summarize the method:
1) Make a nandroid of XT1095;
2) Use mfastboot to flash XT1096 system.img to XT1095;
3) Boot into TWRP recovery, wipe cache and data partitions, adb push SuperSU zip to /sdcard, install SuperSU zip and then boot into system;
4) Enable USB Debugging, add in Xposed, CFLumen, etc. while running Android and reboot as necessary;
5) Boot into Recovery;
6) Open an adb shell and type the command mount to determine where /system is in /dev/block;
7) Run the command dd if=dev/block/correctplace of=/sdcard/new_image.img, where correctplace is wherever /system is in /dev/block;
8) Exit adb shell and run command adb pull /sdcard/new_image.img; and
9) Restore the XT1095 to its previous state using the nandroid backup.
new_image.img would be an XT1096 rooted ext4 mofo.exe flashable file with Xposed, CFLumen, etc. baked in. In step #1, I would also copy the nandroid to my computer so that I would have a backup copy in case anything strange happened. It shouldn't but it is always better to be safe.
Note that my qe converts to 2/1 when I flash a different model's image but it returns to 1/1 once I reflash an XT1096 image.
How To Make an Ext4 Image from a Single File System.img
Requires an Android device of the same model as the system.img is for with an unlocked bootloader and TWRP installed as the custom recovery.
1) Flash the system.img using mfastboot;
2) Boot into TWRP, start an adb shell and run the command mount - note what folder /system is in /dev/block;
3) From the adb shell run the command:
dd if=dev/block/correctplace of=/sdcard/new_image.img
where correctplace is the folder you noted in Step #2.
4) Exit the adb shell and run the command
adb pull /sdcard/new_image.img
to get the new_image.img onto your computer. new_image.img is an ext4 file that you can flash using mfastboot if your bootloader is unlocked or mofo.exe if your bootloader is locked.
How To Make an Ext4 Image From Sparse Chunks
If you have the sparse chunks for your model - i.e., system.img_sparsechunk1, etc. - then you can use SparseConverter.exe to make a single file ext4 system.img that is flashable by mfastboot and mofo.exe:
http://forum.xda-developers.com/showthread.php?t=2749797
The command is:
SparseConverter.exe /decompress C:\system.img_sparsechunk1 C:\system.img
And it is run from the directory where SparseConverter.exe is. Of course, if your sparse chunks aren't in c:\ you would put in the path to where they are in the command above. And sometimes the first sparse chunk is not sparsechunk1 but rather sparsechunk0 and if so, of course you would start with sparsechunk0.
The system.img you make using SparseConverter.exe will have a header and a footer in it that need to be removed before the system.img is flashable by mfastboot and mofo.exe. The instructions for how to do that are here.
How to Root an Ext4 Image - Requires a Bootloader Unlocked Android Device With TWRP
Requires an Android device with an unlocked bootloader and TWRP installed as the custom recovery. Originally posted here.
btdownloads7 said:
Yes, but there was a slight change in the process (at least on the Nexus 7) from they way I described it originally. Since the image is huge, and wouldn't fit onto the system partition of the Nexus 7, i couldn't just flash it as a system image from fastboot. Here's what I ened up doing:
1. Make sure that you have at least 6 GB free on the SD card, and boot into TWRP
2. Copy the clean ext4 image file to the SD card (the links are a few pages back in this thread)
3. Create a "supersu" folder on the SD card
4. Download the SuperSU update zip (the current version is 2.46)
5. Extract the "armv7" and "common" folders from the update zip to the "supersu" folder from Step 3.
6. Extract the "update-script" binary from the attached zip, and copy it to the same "supersu" folder. It's a script from tha update binary that I modified for our purposes.
7. In TWRP gui, wipe the system partition (this may not have been necessary, but I did it just in case)
8. In TWRP gui, unmount the system partition from the TWRP menus
9. open ADB shell
10. run "rm -r /system", and disregard any errors that it gives you. This will clear the mount point for our image
11. run "mkdir /system", and ignore any errors it gives you
12. run "mount -t ext4 -o loop /sdcard/system.img /system"
13. run "chmod +x /sdcard/supersu/update-script"
14 run "cd /sdcard/supersu" followed by "./update-script". You might see some errors when it's running, but you can disregard them
15. In ADB shell, run "mount", and that should list all the partitions. Remember which path is for the system partition (on my end it was "/dev/block/loop0")
16. run "dd if=dev/block/loop0 of=/sdcard/new_image.img". Obviously replace "/dev/block/loop0" with whatever you got in the previous step
And thats it. Copy the new image back to your PC, and you're ready to flash it with mofo
Click to expand...
Click to collapse
General Info On Modding Images Using Linux
@Ekkoria's tutorial here provides general information on how to mod images using linux.
@ClydeDroid - can you give a synopsis of what needs to be done to add a symlink for the AdAway hosts files? I would like to add it to this thread. Thanks!
Adding Free WiFi Tether to a System Image
To add free WiFi tether to a system image, the /system/build.prop file needs to be edited to include the following line:
net.tethering.noprovisioning=true
The line can be added anywhere in the build.prop file. Please note that editing the build.prop file in some instances resulted in HDR camera problems (force close when a picture was taken with HDR on). Be sure to use NotePad++ to edit the build.prop file, not another editor.
Adding Xposed for Lollipop to a System Image
Here and here are the instructions for @mikeoswego's method for installing Xposed for Lollipop in a system image.
You need to download both the apk and the zip from this thread:
http://forum.xda-developers.com/showthread.php?t=3034811
as well as the script that is attached to this post (unzip the script).
mikeoswego said:
1) You must mount the image that you want to install Xposed to /system on your Linux box (or edit the script some more.)
2) Make the script executable (chmod 755) and then run the script like this:
sudo [full path to script] [full path to zip file]
On my system it looks like this:
sudo /home/mike/InstallXposed /home/mike/xposed-sdk21-arm-20150430.zip
There will be some chcon errors but it still sets the permissions correctly.
3) Before you flash the image having Xposed in it to your device, download the XposedInstaller apk to your phone from the first post in this thread: http://forum.xda-developers.com/showthread.php?p=58948978#post58948978 and delete the following folders from your /data partition:
/data/dalvik-cache/arm
/data/dalvik-cache/profiles
4) On reboot, it will take a little longer at the red Verizon screen, then it will upgrade/optimize apps claiming a very large number of apps to process but most of them go by very quickly. On subsequent reboots it upgrades/optimizes one app each time. Otherwise I've not noticed any other problems or side effects.)
Click to expand...
Click to collapse
reserved 7
JulesJam said:
reserved 4
@btdownloads7 Is it possible for you to write up a synopsis of how you got Busy Box and SQLite into the image? It doesn't have to be a step by step guide, but whatever insight you could give even a high level summary would be appreciated. Thanks!
Click to expand...
Click to collapse
Sqlite is easy -- you just put the binary into /system/xbin, and chmod 755 it.
Busybox is harder. The overall process is very similar to rooting it, but you have to run most of the script in a virtual machine, and one command in TWRP. You have to get the update zip for it, extract the proper binaries for the arm7 architecture, and extract the update script. Then modify the update script to remove any mention of the mounting/dismounting of partition, and to move the the extracted binaries instead of having the script extract them. At the very end of the script, it runs a "busybox --install" command, and that has to be run on the actual device (in TWRP).
@mikeoswego - did I get the instructions correct here? I wanted to combine 2 of your posts into 1 set of instructions. Please let me know if I paraphrased you correctly, thanks!
JulesJam said:
@mikeoswego - did I get the instructions correct here? I wanted to combine 2 of your posts into 1 set of instructions. Please let me know if I paraphrased you correctly, thanks!
Click to expand...
Click to collapse
Looks good!
---------- Post added at 06:45 PM ---------- Previous post was at 06:41 PM ----------
JulesJam said:
net.tethering.noprovisioning=true
Click to expand...
Click to collapse
I'm not sure this works for carriers other than Verizon.
mikeoswego said:
I'm not sure this works for carriers other than Verizon.
Click to expand...
Click to collapse
AFAIK it works for ATT but the problem is that ATT is not subject to the Block C license restrictions so if you enable it, you still need to hide the fact that you are tethering from ATT. There are ways to modify the /system partition to do that but idk how to do it.
If you have UDP and don't tether very much, from all I have read, ATT lets it go. But if you are going to use lots of data per month tethering, they send you a letter telling you that you are violating their TOS and if you don't stop, they will take away your UDP or terminate your contract, I can't remember which. So those with UDP have to hide that they are tethering somehow.
JulesJam said:
6) Open an adb shell and type the command mount to determine where /system is in /dev/block;
7) Run the command dd if=dev/block/correctplace of=/sdcard/new_image.img, where correctplace is wherever /system is in /dev/block;
Click to expand...
Click to collapse
Just so you know, there's an easier way to do this part. The directory "/dev/block/platform/msm_sdcc.1/by-name" contains links to all the partitions so you don't have to remember weird numbers like "mmcblk0p38". The app "DiskInfo" can also show you which partitions map to which block devices, and it doesn't even need root. Hope this helps.
Mmcblk0p38 on my XT1095
btdownloads7 said:
Sqlite is easy -- you just out the binary into /system/xbin, and chmod 755 it.
Click to expand...
Click to collapse
Where do you get the binary and what is "out"?
JulesJam said:
Where do you get the binary and what is "out"?
Click to expand...
Click to collapse
I don't remember where I originally got the binary, but if you do a google search, you should be able to easily find it. Here's a good place to start.
And "out" was a typo. Should have said "put"
btdownloads7 said:
And "out" was a typo. Should have said "put"
Click to expand...
Click to collapse
I thought so but I wanted to make sure in case it was some linux command I am not familiar with, lol!
I'm trying to do something that should be very simple using the Linux method: change the boot animation. No matter what bootanimation.zip I put into /system/media, set permissions to 644 and ownership to root:root, the animation seems to default to a pulsating text "android" logo. When I also change the bootanimation file in /system/bin I only get the pre-boot Motorola logo until boot up is complete.
Pulling a MoFo Flashable Image From an XT1095
This is useful for the AT&T XT1097. You can flash modified XT1095 images to an AT&T XT1097 since they both work on AT&T. Here is how you can pull a MoFo flashable image from an XT1095.
Open an adb shell by typing adb shell at the command prompt. Then type the command su. Then run this command:
dd if=/dev/block/mmcblk0p38 of=/sdcard/system.img
Then pull the image using the adb pull command:
adb pull /sdcard/system.img c:\
joshnat said:
I'm trying to do something that should be very simple using the Linux method: change the boot animation. No matter what bootanimation.zip I put into /system/media, set permissions to 644 and ownership to root:root, the animation seems to default to a pulsating text "android" logo. When I also change the bootanimation file in /system/bin I only get the pre-boot Motorola logo until boot up is complete.
Click to expand...
Click to collapse
@mikeoswego may be able to explain to you how to do it.
DO NOT FOLLOW THIS GUIDE IF YOU HAVE ANDROID 12
Visit this thread for more information
________________________________________________________
CAVEAT
I've only tested this on my device running Android 11 (KB2005 / KB05AA), but it should be universally helpful as it's using your own boot.img so there's no need to find a matching package for your variant and os version.
CREDIT
The steps were buried across a few threads, I'm posting this so it'll be easier for others to find the information. All credit goes to xb360, FullOfHell, and TheUnkn0wn.
INFOThe basic rundown is:
Use the semi-broken TWRP package to give yourself temporary su access through adb.
Extract the boot.img your phone is currently using to your pc.
Reboot to OxygenOS, copy over the boot.img you just extracted and then use Magisk to patch it.
Copy the boot.img back to your pc and use adb to temporarily boot your phone with it, giving you root access until reboot.
Use your temporary root access to allow Magisk to patch your internal as-yet unmodified boot.img to give you permanent root.
There seems to be some confusion in the thread, I'll try to clear up what's happening and why:
The primary issue at hand is that you can't root your device without already having root privileges, for security reasons. Without a custom recovery like TWRP, there are a few more steps than usual (but mostly simple stuff).
Because we don't flash anything with this guide, it shouldn't cause any permanent bootloops if you use the wrong boot.img, if you get stuck in one just power cycle your phone.
Updating with OTAs should be the same process as the other guides here.
Because of changes in Android, devices that launched with Android 10 and above will not allow you to modify the system partition, even with root. This is not a fault of this rooting method.
Prerequisites:
ADB and Fastboot installed.
An unlocked bootloader and USB debugging enabled.
Android 11. (Android 12 introduced problems with this method, per other users. See link at top of page)
________________________________________________________
STEPS:
1. Connect your phone to your pc and boot it into fastboot mode. You can leave it connected throughout this guide.
2. On your computer open a terminal/cmd prompt. Set the directory (on your pc) you want to work from, I'm using the desktop:
for Windows, type cd C:\Users\Yourname\Desktopfor Mac, type cd desktop or cd /Users/yourname/Desktop
Spoiler: How to set up adb and fastboot properly
To usb adb and fastboot commands outside of the folder those programs are located in, you'll need to add their location to the PATH list so your terminal can still find them when it's pointing to a different folder. If you want to skip this step, set the directory to the folder that contains adb instead of the desktop.
3. Next, use the terminal to check which A/B partition is active on your phone:
Code:
fastboot getvar all
a. You'll find it on this line: (bootloader) current-slot:a/bb. For simplicity I'll be referring to boot_a.img throughout the guide, make sure to use boot_b.img if that's the one marked as active on your device.
4. Download the semi-broken TWRP package to your desktop. We'll be using it to extract a copy of your active boot_a.img. It will give you temporary su access via adb, but there won't be a gui. Only boot from it, DO NOT FLASH IT:
Code:
fastboot boot recovery.img
adb shell
dd if=/dev/block/by-name/boot_a of=/sdcard/boot_a.img
exit
adb pull /sdcard/boot_a.img boot_a.img
adb reboot
5. Copy the extracted boot_a.img file to a user accessible area of your phone, like your downloads folder.
6. Install the latest Magisk Canary apk on your phone. Open it and:
a. Select the Install option.b. Use Select and Patch a File on boot_a.img
7. Copy the patched magisk_patched_a.img file back to your computer. In terminal, type adb reboot bootloader to get back to fastboot mode.
8. Temporarily boot with the patched image that corresponds to the active partition, DO NOT FLASH IT:
Code:
fastboot boot magisk_patched_a.img
Spoiler: Why we're booting and not flashing.
You could flash this boot.img, but it's safer to temporarily boot from it without overwriting your existing image in case anything went wrong along the way. The effect is that you still get root access without modifying your device, and then you can use the much safer Magisk direct install option, which has some safeguards in place.
9. By booting with the patched image, you now have temporary root access. To make it permanent open Magisk:
a. Select the Install option.b. Use Direct Install (Recommended) to root your internal boot.img
10. Reboot and verify it worked.
Forgot to tag it... if an admin is able to do so I'd appreciate it.
Just applied for a bootloader unlock today. When i get approved ill attempt this guide.
I am currently on T-Mobile 11.0.5.7.KB09CB.
Unlike other methods prvoided here for the 8T I got this method to work. Thank you very much!
clarification update: I own the t-mobile kb2007 model of phone
a couple of notes for any either newBs or old OPO users rejoining the party with a new onplus phone..
Some prework I had to do for my OnePlus 8T KB2005
-ensure you have the correct ADB driver installed, I installed the "15sec adb installer 1.4.2" found here on xda, watch the videos provided.
-ensure to unlock your bootloader first (*this will wipe your device.. didn't think about that..no pain no gain...)
-With device in bootloader/fastboot, run: fastboot flashing unlock
-verify with your phone to accept
-phone will reboot, just through the setup, I just skipped it all and opted for offline setup..
-renable OEM lock and USB debug
-restart back into bootloader/fastboot
-now you are ready to root
Just came here to say that this is the most genius way to go about it and thanks OP for this solution. To add your screen would flicker in TWRP but you just want to type adb reboot bootloader after you are done copying off the boot files from your phone. Thanks OP!
After performing this, I am unable to write to /system even with root?
Unable to get through with es explorer, root explorer pro, or even use a app like Titanium to move a user app to system,unable to get r/w access.
Thanks in advance
lordxcom said:
After performing this, I am unable to write to /system even with root?
Unable to get through with es explorer, root explorer pro, or even use a app like Titanium to move a user app to system,unable to get r/w access.
Thanks in advance
Click to expand...
Click to collapse
I'm having the same issue although its more tied in with removing youtube as a system app for vanced
lordxcom said:
After performing this, I am unable to write to /system even with root?
Unable to get through with es explorer, root explorer pro, or even use a app like Titanium to move a user app to system,unable to get r/w access.
Thanks in advance
Click to expand...
Click to collapse
Actually Is not possible on devices borned with android 10 or above.
giacomowrc said:
Actually Is not possible on devices borned with android 10 or above.
Click to expand...
Click to collapse
To be clear, you're saying this isn't a fault with this root method and is just a security measure since Android 10?
Mpolo87 said:
To be clear, you're saying this isn't a fault with this root method and is just a security measure since Android 10?
Click to expand...
Click to collapse
Yes of course.
Mpolo87 said:
CAVEAT
I've only tested this on my device (KB2005 / KB05AA), but it should be universally helpful as it's using your own boot.img so there's no need to find a matching package for your variant.
CREDIT
The steps were buried across a few threads, I'm posting this so it'll be easier for others to find the information. All credit goes to xb360, FullOfHell, and TheUnkn0wn.
INFOThe basic rundown is:
Use the semi-broken TWRP package to give temporary su access through adb.
Extract boot_a.img and boot_b.img to your computer.
Reboot into OxygenOS and copy boot_a.img and boot_b.img back to your phone.
Use Magisk to patch both images.
Copy the patched images back to your computer.
Use fastboot to temporarily boot using the patched image, giving you temporary root.
Use Magisk to direct install for permanent root.
Prerequisites:
ADB and Fastboot installed.
An unlocked bootloader and USB debugging enabled.
________________________________________________________
STEPS:
1. Get the semi-broken TWRP .img. This won't give you a gui but will give you su access over adb. You DON'T want to flash this, we're just booting with it temporarily.
2. Restart your phone into fastboot mode.
3. On your computer open a terminal/cmd prompt and set the directory where you want to dump the files (ex: cd /your/path/here). Run the following:
Code:
fastboot boot recovery.img
adb shell
dd if=/dev/block/by-name/boot_a of=/sdcard/boot_a.img
dd if=/dev/block/by-name/boot_b of=/sdcard/boot_b.img
exit
adb pull /sdcard/boot_a.img boot_a.img
adb pull /sdcard/boot_b.img boot_b.img
4. Copy the extracted files to a user accessible area of your phone.
5. Install the latest Magisk Canary release to your phone.
a. Select the Install option.b. Use Select and Patch a File on both boot_a.img and boot_b.imgc. You should rename them or make note of the new names given by Magisk. You'll need to use one or the other depending on which partition is active.
6. Copy the patched .img files back to your computer.
7. Restart your phone back into fastboot mode.
8. On your computer, run:
Code:
fastboot getvar all
9. Find which A/B partition is active on this line: (bootloader) current-slot:a/b
10. Temporarily boot with the patched image that corresponds to the active partition, DO NOT FLASH IT:
Code:
fastboot boot patched-boot-a/b.img
11. You now have temporary root access, to make it permanent open Magisk:
a. Select the Install option.b. Use Direct Install (Recommended) to root your internal boot.img
12. Reboot and verify it worked.
Click to expand...
Click to collapse
hey there! I was just about to try this method but confused with this syntax -- don't mind the quotes
"On your computer open a terminal/cmd prompt and set the directory where you want to dump the files (ex: cd /your/path/here)"
I'm painfully confused about this: cd /your/path/here. is this done during fastboot? I know fastboot commands but adb is where my brain doesn't get it. Please elaborate further and thanks.
sameog said:
hey there! I was just about to try this method but confused with this syntax -- don't mind the quotes
"On your computer open a terminal/cmd prompt and set the directory where you want to dump the files (ex: cd /your/path/here)"
I'm painfully confused about this: cd /your/path/here. is this done during fastboot? I know fastboot commands but adb is where my brain doesn't get it. Please elaborate further and thanks.
Click to expand...
Click to collapse
When you open a terminal or command prompt on your computer it is, by default, 'pointing' to a certain folder. Since we're pulling files from the phone to pc it'll dump there, so it's easiest to set the location in advance, for your own convenience. You can just make a folder on your desktop and drag it onto the terminal window to automatically input that path after typing cd, which just means 'change directory'. This isn't a fastboot or adb thing, just a feature of terminals, so you'd do this in advance.
Mpolo87 said:
When you open a terminal or command prompt on your computer it is, by default, 'pointing' to a certain folder. Since we're pulling files from the phone to pc it'll dump there, so it's easiest to set the location in advance, for your own convenience. You can just make a folder on your desktop and drag it onto the terminal window to automatically input that path after typing cd, which just means 'change directory'. This isn't a fastboot or adb thing, just a feature of terminals, so you'd do this in advance.
Click to expand...
Click to collapse
Attached are 2 photos -- the 1st photo is the "before" I dragged my intended folder into command prompt. the 2nd photo is the "after" I dragged my intended folder into command prompt. Still hella confused.
Please note: I love this guide. It's cohesive and well-written. I just need pictures to "see" on what and where to do. I'm visual.
UPDATE: I followed the tuturial to the best of my ability and I got nothing. I'm giving up and taking a step back.
PS C:\Program Files (x86)\platform-tools_r30.0.5-windows> ./fastboot boot recovery.img
Sending 'boot.img' (64964 KB) OKAY [ 1.660s]
Booting OKAY [ 0.084s]
Finished. Total time: 1.939s
PS C:\Program Files (x86)\platform-tools_r30.0.5-windows> ./adb shell
* daemon not running; starting now at tcp:5037
* daemon started successfully
OnePlus8T:/ # dd if=/dev/block/by-name/boot_a of=/sdcard/boot_a.img
196608+0 records in
196608+0 records out
100663296 bytes (96 M) copied, 0.194981 s, 492 M/s
OnePlus8T:/ # dd if=/dev/block/by-name/boot_b of=/sdcard/boot_b.img
196608+0 records in
196608+0 records out
100663296 bytes (96 M) copied, 0.185497 s, 518 M/s
OnePlus8T:/ # exit
PS C:\Program Files (x86)\platform-tools_r30.0.5-windows> ./adb pull /sdcard/boot_a.img boot_a.img
/sdcard/boot_a.img: 1 file pulled, 0 skipped. 27.7 MB/s (100663296 bytes in 3.470s)
PS C:\Program Files (x86)\platform-tools_r30.0.5-windows> ./adb pull /sdcard/boot_b.img boot_b.img
/sdcard/boot_b.img: 1 file pulled, 0 skipped. 32.0 MB/s (100663296 bytes in 2.997s)
PS C:\Program Files (x86)\platform-tools_r30.0.5-windows> ./adb reboot
PS C:\Program Files (x86)\platform-tools_r30.0.5-windows>
sameog said:
Attached are 2 photos -- the 1st photo is the "before" I dragged my intended folder into command prompt. the 2nd photo is the "after" I dragged my intended folder into command prompt. Still hella confused.
Click to expand...
Click to collapse
You're missing the command "cd" before the path to change the directory to the new one. It should be cd C:\Users\Mr. Lew\Desktop\oneplus 8t boot image then press enter. Now you can reference any file in that folder by just the name without its entire path as a prefix being required.
A difficult method
zengin said:
Diğer yöntemden hiç de kolay değil.
Click to expand...
Click to collapse
huh?
Honestly, if there's a kind of soul out there who can share their unpatched kb2007 boot image (tmobile version), I would greatly appreciate it. I'm been banging my head on the wall with this for about 2 months with no help. I've received TONS of half-baked one liner answers but no "full-scale" tutorial. I'm giving up on this.
NOTE: I'm just frustrated guys. Not bashing the OP. It shouldn't be this hard but it became this way.
sameog said:
Honestly, if there's a kind of soul out there who can share their unpatched kb2007 boot image (tmobile version), I would greatly appreciate it. I'm been banging my head on the wall with this for about 2 months with no help. I've received TONS of half-baked one liner answers but no "full-scale" tutorial. I'm giving up on this.
NOTE: I'm just frustrated guys. Not bashing the OP. It shouldn't be this hard but it became this way.
Click to expand...
Click to collapse
While this is a temporary solution, it is also a bad solution because you can land with not being able to boot your phone every time an incremental update comes along.