Have anyone figured out how to put twrp on version ATT D80010o
If you pull the aboot.img I'll patch twrp for the device
[email protected]:~$ adb shell
[email protected]:/ $ su
[email protected]:/ # dd if=/dev/block/platform/msm_sdcc.1/by-name/aboot of=/data/local/tmp/aboot.img
[email protected]:/ # chmod 644 /data/local/tmp/aboot.img
[email protected]:/ # exit
[email protected]:/ $ exit
[email protected]:~$ adb pull /data/local/tmp/aboot.img
3293 KB/s (2097152 bytes in 0.621s)
datechnerd said:
If you pull the aboot.img I'll patch twrp for the device
[email protected]:~$ adb shell
[email protected]:/ $ su
[email protected]:/ # dd if=/dev/block/platform/msm_sdcc.1/by-name/aboot of=/data/local/tmp/aboot.img
[email protected]:/ # chmod 644 /data/local/tmp/aboot.img
[email protected]:/ # exit
[email protected]:/ $ exit
[email protected]:~$ adb pull /data/local/tmp/aboot.img
3293 KB/s (2097152 bytes in 0.621s)
Click to expand...
Click to collapse
how do i do this
ralphie1267 said:
how do i do this
Click to expand...
Click to collapse
enable usb debugging, plug phone into pc, and you'll need adb in attachments
open the folder you extracted adb to, shift right click in the folder, open command window here, then follow the example in the previous post
datechnerd said:
enable usb debugging, plug phone into pc, and you'll need adb in attachments
open the folder you extracted adb to, shift right click in the folder, open command window here, then follow the example in the previous post
Click to expand...
Click to collapse
i have minumal adb and fastboot can i use this
datechnerd said:
If you pull the aboot.img I'll patch twrp for the device
[email protected]:~$ adb shell
[email protected]:/ $ su
[email protected]:/ # dd if=/dev/block/platform/msm_sdcc.1/by-name/aboot of=/data/local/tmp/aboot.img
[email protected]:/ # chmod 644 /data/local/tmp/aboot.img
[email protected]:/ # exit
[email protected]:/ $ exit
[email protected]:~$ adb pull /data/local/tmp/aboot.img
3293 KB/s (2097152 bytes in 0.621s)
Click to expand...
Click to collapse
sorry for the late response I was at work....
datechnerd said:
If you pull the aboot.img I'll patch twrp for the device
[email protected]:~$ adb shell
[email protected]:/ $ su
[email protected]:/ # dd if=/dev/block/platform/msm_sdcc.1/by-name/aboot of=/data/local/tmp/aboot.img
[email protected]roid:/ # chmod 644 /data/local/tmp/aboot.img
[email protected]:/ # exit
[email protected]:/ $ exit
[email protected]:~$ adb pull /data/local/tmp/aboot.img
3293 KB/s (2097152 bytes in 0.621s)
Click to expand...
Click to collapse
for some reason I cant run command I downloaded it to the desktop
antawnm26 said:
for some reason I cant run command I downloaded it to the desktop
Click to expand...
Click to collapse
put it in a folder, then open the folder, hold shift and right click in a blank spot of the fold and open command window
datechnerd said:
put it in a folder, then open the folder, hold shift and right click in a blank spot of the fold and open command window
Click to expand...
Click to collapse
sweet it came up...Im not that great at it so Im going to need you to walk me through it
[email protected]:~$ adb shell- this should be my user name?
[email protected]:/ $ su
[email protected]:/ # dd if=/dev/block/platform/msm_sdcc.1/by-name/aboot of=/data/local/tmp/aboot.img
[email protected]:/ # chmod 644 /data/local/tmp/aboot.img
[email protected]:/ # exit
[email protected]:/ $ exit
[email protected]:~$ adb pull /data/local/tmp/aboot.img
3293 KB/s (2097152 bytes in 0.621s)
antawnm26 said:
sweet it came up...Im not that great at it so Im going to need you to walk me through it
[email protected]:~$ adb shell- this should be my user name?
[email protected]:/ $ su
[email protected]:/ # dd if=/dev/block/platform/msm_sdcc.1/by-name/aboot of=/data/local/tmp/aboot.img
[email protected]:/ # chmod 644 /data/local/tmp/aboot.img
[email protected]:/ # exit
[email protected]:/ $ exit
[email protected]:~$ adb pull /data/local/tmp/aboot.img
3293 KB/s (2097152 bytes in 0.621s)
Click to expand...
Click to collapse
the username is just from an example
datechnerd said:
the username is just from an example
Click to expand...
Click to collapse
ok im getting errors when I copy ~$ adb shell
C:\Users\Bull\Desktop\adb>~$ adb shell
'~$' is not recognized as an internal or external command,
operable program or batch file.
antawnm26 said:
ok im getting errors when I copy ~$ adb shell
C:\Users\Bull\Desktop\adb>~$ adb shell
'~$' is not recognized as an internal or external command,
operable program or batch file.
Click to expand...
Click to collapse
just type
Code:
adb shell
don't type $ or #
C:\Users\Bull\Desktop\adb>:/ $ su
C:\Users\Bull\Desktop\adb>:/ # dd if=/dev/block/platform/msm_sdcc.1/by-name/aboo
t of=/data/local/tmp/aboot.img
C:\Users\Bull\Desktop\adb>adb shell
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
[email protected]:/ $ su
su
[email protected]:/ # dd if=/dev/block/platform/msm_sdcc.1/by-name/aboot of=/data/loc
al/tmp/aboot.img
dcc.1/by-name/aboot of=/data/local/tmp/aboot.img <
2048+0 records in
2048+0 records out
1048576 bytes transferred in 0.100 secs (10485760 bytes/sec)
[email protected]:/ # chmod 644 /data/local/tmp/aboot.img
chmod 644 /data/local/tmp/aboot.img
[email protected]:/ # exit
exit
[email protected]:/ $ exit
exit
C:\Users\Bull\Desktop\adb>pull /data/local/tmp/aboot.img
'pull' is not recognized as an internal or external command,
operable program or batch file.
C:\Users\Bull\Desktop\adb>~$ adb pull /data/local/tmp/aboot.img
'~$' is not recognized as an internal or external command,
operable program or batch file.
C:\Users\Bull\Desktop\adb>
d80010o
Any success guys?
datechnerd said:
just type
Code:
adb shell
don't type $ or #
Click to expand...
Click to collapse
i have abb running .i have att d80010c i downloaded openrecovery twrp 2.6.3.3 g2att.img .what comand do i need to use thanks
ralphie1267 said:
i have abb running .i have att d80010c i downloaded openrecovery twrp 2.6.3.3 g2att.img .what comand do i need to use thanks
Click to expand...
Click to collapse
think i got it i had to use esfile explorer to get it from the data/local because i suck at adb, but i got all the way with but started getting errors..hold on let me put it in drive
Code:
[CODE]
[/CODE]
antawnm26 said:
C:\Users\Bull\Desktop\adb>:/ $ su
C:\Users\Bull\Desktop\adb>:/ # dd if=/dev/block/platform/msm_sdcc.1/by-name/aboo
t of=/data/local/tmp/aboot.img
C:\Users\Bull\Desktop\adb>adb shell
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
[email protected]:/ $ su
su
[email protected]:/ # dd if=/dev/block/platform/msm_sdcc.1/by-name/aboot of=/data/loc
al/tmp/aboot.img
dcc.1/by-name/aboot of=/data/local/tmp/aboot.img <
2048+0 records in
2048+0 records out
1048576 bytes transferred in 0.100 secs (10485760 bytes/sec)
[email protected]:/ # chmod 644 /data/local/tmp/aboot.img
chmod 644 /data/local/tmp/aboot.img
[email protected]:/ # exit
exit
[email protected]:/ $ exit
exit
C:\Users\Bull\Desktop\adb>pull /data/local/tmp/aboot.img
'pull' is not recognized as an internal or external command,
operable program or batch file.
C:\Users\Bull\Desktop\adb>~$ adb pull /data/local/tmp/aboot.img
'~$' is not recognized as an internal or external command,
operable program or batch file.
C:\Users\Bull\Desktop\adb>
Click to expand...
Click to collapse
Code:
adb pull /data/local/tmp/aboot.img
datechnerd said:
Code:
[CODE]
[/CODE]
Code:
adb pull /data/local/tmp/aboot.img
Click to expand...
Click to collapse
https://www.dropbox.com/sh/xfv49im0n1s3uy3/l6dxsrpKy9
antawnm26 said:
https://www.dropbox.com/sh/xfv49im0n1s3uy3/l6dxsrpKy9
Click to expand...
Click to collapse
NON-flashablezips
flash with loki
if you don't know how rename the .lok to .img and put it on your phone and flash it with flashify instead
datechnerd said:
flash with loki
if you don't know how take the .img put it on your phone and flash it with flashify instead
Click to expand...
Click to collapse
I know its asking a lot but is there a guide on flashing with loki? also, do i just copy the image without the other files to my sdcard and flash with flashify?
Related
Out of the 4 or so times I've successfully rooted the damn thing, I still am not 100% what I am doing right. Since each time I end up with a headache I've written myself a guide which seems to be almost always wrong along somewhere. I'm curious how wrong my latest discovery is. It seems when I use the 2.2.2 Android sbf I can't follow the usual directions listed on the wiki page. I need to run psneuter from another phone's root hack to give me "busybox, psneuter and su. Then I go back to install the bootmenu. Am I missing anything? Cheers:
II.C. Rooting
[EDIT:: It seems for Froyo 2.2.2 ("CEE sbf") you will probably need to follow the psneuter instructions:
http://wiki.cyanogenmod.org/wiki/LG_G2x:_Full_Update_Guide
Then go back and install bootmenu:
http://wiki.cyanogenmod.org/wiki/Motorola_Defy:_Full_Update_Guide ]
Is there anything else?
II.C.1. Connect Defy via USB and set it to "None." Open up terminal and begin pushing the files over:
Code:
$ adb push $PATH/TO/busybox /data/local/
i.e.
Code:
$ adb push /Users/kg/Android/android-sdk-macosx/platform-tools/busybox /data/local/
Push psneuter:
Code:
$ adb push $PATH/TO/psneuter /data/local/
… and su:
Code:
$ dab push $PATH/TO/su /data/local/
Now to change some permissions
Code:
$ adb shell chmod 777 /data/local/busybox
Code:
$ adb shell chmod 777 /data/local/psneuter
Enter into Defy and run psneuter by typing:
Code:
$ adb shell
Code:
$ /data/local/psneuter
Once the command finishes enter:
Code:
$ adb shell
"$" should now be "#."
Code:
# mount -o remount,rw -t ext3 /dev/block/mmcblk0p25 /system
Code:
# mkdir /system/xbin
Should the last command say, "mkdir failed for /system/xbin, File exists" let it be. It tried to create a directory but one with that name already exists. Just move along:
Code:
# /data/local/busybox cp /data/local/su /system/xbin/su
Code:
# chown 0:0 /system/xbin/su
Code:
# chmod 6755 /system/xbin/su
Code:
# ln -s /system/xbin/su /system/bin/su
Code:
# exit
One last push:
Code:
$ adb push $PATH/TO/Superuser.apk /system/app/Superuser.apk
Code:
$ adb reboot
Fin.
II.C.2.To Install the Bootmenu by connecting the Defy via USB, allow memory card access.
Drag and drop the bootmenu folder into the SD card
Rename it "bootmenu"
Eject the SD card and on the Defy set the USB mode to "None."
In Terminal start up adb:
Code:
$ adb shell
Now give it SuperUser permissions, enter the following then unlock the screen on the defy and select "allow":
Code:
$ su
The prompt "$" should now be "#."
Code:
# cp -R /sdcard/bootmenu /data/bootmenu
Code:
# cd /data/bootmenu
Code:
# chmod 755 *
Just let this command run the script to the end (when the user prompt, # is given)
Code:
# ./install.sh
Once finished, don't reboot yet:
Code:
# rm -R /data/bootmenu
Now do so:
Code:
# reboot
If you want to see if it worked, upon the first boot animation/logo watch for the LED to flash blue after a good few seconds. Press Volume-Down upon seeing the light. You should be in the bootmenu!
Hey Folks,
Is there anyone who wants to extract the basic stock kernel from the Oppo Find 5.
I don't have the Oppo Find 5 yet, but I want to make a custom kernel for it.
Instructions:
- Make sure you have ADB set up
- Make sure your device is in USB debugging
Code:
adb shell
su
dd if=/dev/block/mmcblk0p18 of=/sdcard/boot.img
exit
adb pull /sdcard/boot.img
Thanks in advance!
Ps: A big thanks to the one that wants to do this!
brakke97 said:
Hey Folks,
Is there anyone who wants to extract the basic stock kernel from the Oppo Find 5.
I don't have the Oppo Find 5 yet, but I want to make a custom kernel for it.
Instructions:
- Make sure you have ADB set up
- Make sure your device is in USB debugging
Code:
adb shell
su
dd if=/dev/block/mmcblk0p18 of=/sdcard/boot.img
exit
adb pull /sdcard/boot.img
Thanks in advance!
Ps: A big thanks to the one wants to do this!
Click to expand...
Click to collapse
you probably want the ramdisk.gz ?
http://files.ngvincent.com/android/oppo-find-5/kernel/ramdisk.gz
if you want a walk through of building the kernel source
https://git.ngvincent.com/projects/oppo-x909-cm10/wiki
@paperWastage Thanks for the help!
paperWastage said:
you probably want the ramdisk.gz ?
http://files.ngvincent.com/android/oppo-find-5/ramdisk.gz
if you want a walk through of building the kernel source
https://git.ngvincent.com/projects/oppo-x909-cm10/wiki
Click to expand...
Click to collapse
The link from the ramdisk.gz is dead.
Do you have a mirror site?
brakke97 said:
Hey Folks,
Is there anyone who wants to extract the basic stock kernel from the Oppo Find 5.
I don't have the Oppo Find 5 yet, but I want to make a custom kernel for it.
Instructions:
- Make sure you have ADB set up
- Make sure your device is in USB debugging
Code:
adb shell
su
dd if=/dev/block/mmcblk0p18 of=/sdcard/boot.img
exit
adb pull /sdcard/boot.img
Thanks in advance!
Ps: A big thanks to the one that wants to do this!
Click to expand...
Click to collapse
Code:
c:\AndroidSDK\platform-tools>adb shell
[email protected]:/ $ su
su
[email protected]:/ # dd if=/dev/block/mmcblk0p18 of=/sdcard/boot.img
dd if=/dev/block/mmcblk0p18 of=/sdcard/boot.img
20480+0 records in
20480+0 records out
10485760 bytes transferred in 0.552 secs (18995942 bytes/sec)
[email protected]:/ # exit
exit
[email protected]:/ $ adb pull /sdcard/boot.img
adb pull /sdcard/boot.img
* daemon not running. starting it now on port 5038 *
* daemon started successfully *
error: device not found
However found the boot.img on the root of sdcard but failed to open it, maybe you have a better luck
Hello everyone,
I was wondering if there is any support for the T-Mobile LG Optimus F6? I was able to pull the aboot.img from the device, but I am not sure if this is even compatible or not? Here is the aboot.img attached to this post. Is it possible for someone to take a look at this? Thanks!
KaminoReal said:
Code:
c:\AndroidSDK\platform-tools>adb shell
[email protected]:/ $ su
su
[email protected]:/ # dd if=/dev/block/mmcblk0p18 of=/sdcard/boot.img
dd if=/dev/block/mmcblk0p18 of=/sdcard/boot.img
20480+0 records in
20480+0 records out
10485760 bytes transferred in 0.552 secs (18995942 bytes/sec)
[email protected]:/ # exit
exit
[email protected]:/ $ adb pull /sdcard/boot.img
adb pull /sdcard/boot.img
* daemon not running. starting it now on port 5038 *
* daemon started successfully *
error: device not found
However found the boot.img on the root of sdcard but failed to open it, maybe you have a better luck
Click to expand...
Click to collapse
thats because you need to split it first! with
ok here's the lowdown.
Verizon lg g2
rooted = yes
downloaded or a update in December = yes
installed twrp using the freegee app in the app market. not sure if their method implies the Loki boot loader bypass.
my question is is their a way to imply Loki bypass no. twrp does work but I can't successfully flash any roms and I believe it's the lack of Loki being implemented.
Here's loki patched twrp and loki patched boot
extract and flash
datechnerd said:
Here's loki patched twrp and loki patched boot
extract and flash
Click to expand...
Click to collapse
Still kinda new to the whole flash game.. I'm using flashify and it has three flash options
boot image
recovery image
and zip file..
which option do I use to flash.
sorry if the question seems obscene.
joewaz said:
Still kinda new to the whole flash game.. I'm using flashify and it has three flash options
boot image
recovery image
and zip file..
which option do I use to flash.
sorry if the question seems obscene.
Click to expand...
Click to collapse
Those are great questions..
I am having a issue close to yours..
I am going to use the boot as boot and the recovery as recovery.
These phone are quite a bit different than htc
http://forum.xda-developers.com/showthread.php?t=2449670 here's a guide
example for twrp
[email protected]:~$ adb push twrp.lok /data/local/tmp
[email protected]:~$ adb push loki_flash /data/local/tmp
[email protected]:~$ adb shell
[email protected]:/ $ su
[email protected]:/ # /data/local/tmp/loki_flash
Usage: /data/local/tmp/loki_flash [boot|recovery] [in.lok]
[email protected]:/ # /data/local/tmp/loki_flash recovery /data/local/tmp/twrp.lok
[+] Loki validation passed, flashing image.
2253+1 records in
2253+1 records out
9230848 bytes transferred in 0.656 secs (14071414 bytes/sec)
[+] Loki flashing complete!
example for boot
[email protected]:~$ adb push boot.lok /data/local/tmp
[email protected]:~$ adb push loki_flash /data/local/tmp
[email protected]:~$ adb shell
[email protected]:/ $ su
[email protected]:/ # /data/local/tmp/loki_flash
Usage: /data/local/tmp/loki_flash [boot|recovery] [in.lok]
[email protected]:/ # /data/local/tmp/loki_flash boot /data/local/tmp/boot.lok
[+] Loki validation passed, flashing image.
2253+1 records in
2253+1 records out
9230848 bytes transferred in 0.656 secs (14071414 bytes/sec)
[+] Loki flashing complete!
datechnerd said:
http://forum.xda-developers.com/showthread.php?t=2449670 here's a guide
example for twrp
[email protected]:~$ adb push twrp.lok /data/local/tmp
[email protected]:~$ adb push loki_flash /data/local/tmp
[email protected]:~$ adb shell
[email protected]:/ $ su
[email protected]:/ # /data/local/tmp/loki_flash
Usage: /data/local/tmp/loki_flash [boot|recovery] [in.lok]
[email protected]:/ # /data/local/tmp/loki_flash recovery /data/local/tmp/twrp.lok
[+] Loki validation passed, flashing image.
2253+1 records in
2253+1 records out
9230848 bytes transferred in 0.656 secs (14071414 bytes/sec)
[+] Loki flashing complete!
example for boot
[email protected]:~$ adb push boot.lok /data/local/tmp
[email protected]:~$ adb push loki_flash /data/local/tmp
[email protected]:~$ adb shell
[email protected]:/ $ su
[email protected]:/ # /data/local/tmp/loki_flash
Usage: /data/local/tmp/loki_flash [boot|recovery] [in.lok]
[email protected]:/ # /data/local/tmp/loki_flash boot /data/local/tmp/boot.lok
[+] Loki validation passed, flashing image.
2253+1 records in
2253+1 records out
9230848 bytes transferred in 0.656 secs (14071414 bytes/sec)
[+] Loki flashing complete!
Click to expand...
Click to collapse
is this something you have to use adb or can you use flashify
joewaz said:
is this something you have to use adb or can you use flashify
Click to expand...
Click to collapse
Looks like adb to me.
i read a post were someone said you could change .lok to ,img and use flashify, you could give it a shot, they said it the same thing
I am getting errors
C:\max\loki-master>adb devices
List of devices attached
LG-LS980-03a89c4cdf4ce82c device
C:\max\loki-master>adb push loki_flash /data/local/tmp/loki_flash
cannot stat 'loki_flash': No such file or directory
C:\max\loki-master>adb push openrecovery-twrp-2.6.3.2-g2vzw.img /data/local/tmp/
openrecovery-twrp-2.6.3.2
cannot stat 'openrecovery-twrp-2.6.3.2-g2vzw.img': No such file or directory
C:\max\loki-master>adb push loki_flash /data/local/tmp
797 KB/s (3271 bytes in 0.004s)
C:\max\loki-master>adb shell
[email protected]:/ $ su
su
1|[email protected]:/ $ /data/local/tmp/loki_flash
/data/local/tmp/loki_flash
/system/bin/sh: /data/local/tmp/loki_flash: can't execute: Permission denied
126|[email protected]:/ $ su
su
# /data/local/tmp/loki_flash
# /data/local/tmp/loki_flash
1|[email protected]:/ $ # /data/local/tmp/loki_flash
1|[email protected]:/ $ /data/local/tmp/loki_flash [boot|recovery] [in.lok]
/data/local/tmp/loki_flash [boot|recovery] [in.lok]
/system/bin/sh: recovery]: not found
/system/bin/sh: /data/local/tmp/loki_flash: can't execute: Permission denied
127|[email protected]:/ $ # /data/local/tmp/loki_flash recovery /data/local/tmp/twrp
.lok
recovery /data/local/tmp/twrp.lok <
127|[email protected]:/ $ adb push boot.lok /data/local/tmp
adb push boot.lok /data/local/tmp
error: device not found
1|[email protected]:/ $ exit
exit
C:\max\loki-master>adb push boot.lok /data/local/tmp
4553 KB/s (9848832 bytes in 2.112s)
C:\max\loki-master>adb push loki_flash /data/local/tmp
1595 KB/s (3271 bytes in 0.002s)
C:\max\loki-master>adb shell
[email protected]:/ $ su
su
# /data/local/tmp/loki_flash
# /data/local/tmp/loki_flash
1|[email protected]:/ $ # /data/local/tmp/loki_flash
1|[email protected]:/ $ /data/local/tmp/loki_flash [boot|recovery] [in.lok]
/data/local/tmp/loki_flash [boot|recovery] [in.lok]
/system/bin/sh: recovery]: not found
/system/bin/sh: /data/local/tmp/loki_flash: can't execute: Permission denied
127|[email protected]:/ $ # /data/local/tmp/loki_flash boot /data/local/tmp/boot.lok
boot /data/local/tmp/boot.lok <
127|[email protected]:/ $
Try renaming boot.lok to boot.img and twrp.lok to twrp.img and using flashify. If you still can't get it to work let me know
12B?
If yes, you're out of luck.
If no, what datechnerd said.
Steamer86 said:
12B?
If yes, you're out of luck.
If no, what datechnerd said.
Click to expand...
Click to collapse
I patched twrp for 12b I also patched cwm for 12b
@datechnerd I just saw that. Nice. I used the flashify method for CWM ( loki version) on 11A, loki errors. Never got around to pushing loki. Is your CWM pre loki and flashable after extraction? Thinking about flashing and doing the OTA dirty flash of 12B.
Steamer86 said:
@datechnerd I just saw that. Nice. I used the flashify method for CWM ( loki version) on 11A, loki errors. Never got around to pushing loki. Is your CWM pre loki and flashable after extraction? Thinking about flashing and doing the OTA dirty flash of 12B.
Click to expand...
Click to collapse
when i updated, i did temp unroot(ended up being permanent), plugged phone into pc and used lg tool to update. then used ioroot to root again
the cwm is lokied and i believe only works with 12b
datechnerd said:
when i updated, i did temp unroot(ended up being permanent), plugged phone into pc and used lg tool to update. then used ioroot to root again
the cwm is lokied and i believe only works with 12b
Click to expand...
Click to collapse
I had so much trouble trying to modd my phone after the update.. I pushed lg stock ROM on here and am leaving it that way lol.. Now I have cyan mod 11 on here and its working beautifully.. I'm leaving it on as my daily os
Hi everyone,
I'm trying to install Philz Touch recovery on my LG G2 D803. My phone is rooted, and I followed the guide here, but I'm having a few problems.
The first problem is that if I just run the 1-click installer batch, it does this:
Code:
List of devices attached
0162667808d26b13 device
1556 KB/s (6376 bytes in 0.004s)
4421 KB/s (9558016 bytes in 2.111s)
[email protected]:/ $
So, I thought I'd open up the batch and try to run the commands myself. The batch looks like so...
Code:
@echo off
COLOR 07
Title CANADIAN LG G2 D803 CWM Recovery Installer
echo -----------------------------------------------------------
echo -----------------------------------------------------------
echo One Click PHILZ Recovery Installer for Canadian LG G2
echo by phil3759 -- thank him for this!
echo -----------------------------------------------------------
echo -----------------------------------------------------------
echo One Click Installer made by www.theAndroidSoul.com
echo -----------------------------------------------------------
echo -----------------------------------------------------------
pause
cls
adb devices
adb push loki_flash /data/local/tmp/loki_flash
adb push recovery.img /data/local/tmp/recovery.img
adb shell
su
cd /data/local/tmp
chmod 777 loki_flash
./loki_flash recovery /data/local/tmp/recovery.img
exit
exit
adb reboot recovery
echo -----------------------------------------------------------
echo -----------------------------------------------------------
echo Installation successful!
echo Your device will now reboot automatically.
echo -----------------------------------------------------------
echo -----------------------------------------------------------
fastboot reboot
echo to close this window press any key..
pause
exit
After trying to run the next few commands, this is what I get...
Code:
List of devices attached
0162667808d26b13 device
1556 KB/s (6376 bytes in 0.004s)
4421 KB/s (9558016 bytes in 2.111s)
[email protected]:/ $ su
su
1|[email protected]:/ $ cd /data/local/tmp
cd /data/local/tmp
10|[email protected]:/data/local/tmp $ chmod 777 loki_flash
chmod 777 loki_flash
[email protected]:/data/local/tmp $ ./loki_flash recovery /data/local/tmp/recovery.img
data/local/tmp/recovery.img <
[+] loki_flash v2.0
[-] Failed to open aboot for reading.
1|[email protected]:/data/local/tmp $
I'm assuming this is because the su command didn't work and I don't have root permission, but I'm not sure what I'm doing wrong.
[Edit]
After a bit more digging, I figured that part out. The problem was that I needed to run the SuperSU app on my phone as I typed su in the shell to get the popup to grant root permission. However, now I have another problem...
Code:
[email protected]:/ # cd /data/local/tmp
cd /data/local/tmp
[email protected]:/data/local/tmp # chmod 777 loki_flash
chmod 777 loki_flash
[email protected]:/data/local/tmp # ./loki_flash recovery /data/local/tmp/recovery.img
ata/local/tmp/recovery.img <
[+] loki_flash v2.0
[-] Input file is not a Loki image.
Any ideas?
Im having exactly the same problem on LG G2 D802
i've done this on so many devices, samsung s2, s3, and s4, nexus, lg optimus one and so on.... but i've never had as much problems with it as now...
Someone please test this. I can't right now (at work, don't have G5) so please update me. It works on my HTC 10 but I do not know if it will work on the G5...
CODE:
adb push arm64-v8a/dirtycow /data/local/tmp
adb push arm64-v8a/run-as /data/local/tmp
adb shell 'chmod 777 /data/local/tmp/run-as'
adb shell 'chmod 777 /data/local/tmp/dirtycow'
adb shell '/data/local/tmp/dirtycow /system/bin/run-as /data/local/tmp/run-as'
adb shell /system/bin/run-as
Honestly Annoying said:
Someone please test this. I can't right now (at work, don't have G5) so please update me. It works on my HTC 10 but I do not know if it will work on the G5...
CODE:
adb push arm64-v8a/dirtycow /data/local/tmp
adb push arm64-v8a/run-as /data/local/tmp
adb shell 'chmod 777 /data/local/tmp/run-as'
adb shell '/data/local/tmp/dirtycow /system/bin/run-as /data/local/tmp/run-as'
Click to expand...
Click to collapse
I tested those commands but what result are you waiting for ?
YassGo said:
I tested those commands but what result are you waiting for ?
Click to expand...
Click to collapse
Well, what happened?
Also, try and open an adb shell with "adb shell"
EDIT Goddamnit I forgot the last command. My bad! Please try again.
Honestly Annoying said:
Well, what happened?
Also, try and open an adb shell with "adb shell"
Click to expand...
Click to collapse
That's what I've did for the last two commands :
C:\>adb push arm64-v8a/dirtycow /data/local/tmp
[100%] /data/local/tmp/dirtycow
C:\>adb push arm64-v8a/run-as /data/local/tmp
[100%] /data/local/tmp/run-as
C:\>adb shell
[email protected]:/ $ chmod 777 /data/local/tmp/run-as
tmp/dirtycow /system/bin/run-as /data/local/tmp/run-as
/system/bin/sh: /data/local/tmp/dirtycow: can't execute: Permission denied
YassGo said:
That's what I've did for the last two commands :
C:\>adb push arm64-v8a/dirtycow /data/local/tmp
[100%] /data/local/tmp/dirtycow
C:\>adb push arm64-v8a/run-as /data/local/tmp
[100%] /data/local/tmp/run-as
C:\>adb shell
[email protected]:/ $ chmod 777 /data/local/tmp/run-as
tmp/dirtycow /system/bin/run-as /data/local/tmp/run-as
/system/bin/sh: /data/local/tmp/dirtycow: can't execute: Permission denied
Click to expand...
Click to collapse
You aren't running my commands. Just copy and post exactly what I posted
C:\>adb push arm64-v8a/dirtycow /data/local/tmp
[100%] /data/local/tmp/dirtycow
C:\>adb push arm64-v8a/run-as /data/local/tmp
[100%] /data/local/tmp/run-as
C:\>adb shell 'chmod 777 /data/local/tmp/run-as'
/system/bin/sh: chmod 777 /data/local/tmp/run-as: not found
C:\>adb shell '/data/local/tmp/dirtycow /system/bin/run-as /da
s'
/system/bin/sh: /data/local/tmp/dirtycow /system/bin/run-as /d
as: not found
C:\>adb shell /system/bin/run-as
run-as: Usage:
run-as <package-name> [--user <uid>] <command> [<args>]
YassGo said:
C:\>adb push arm64-v8a/dirtycow /data/local/tmp
[100%] /data/local/tmp/dirtycow
C:\>adb push arm64-v8a/run-as /data/local/tmp
[100%] /data/local/tmp/run-as
C:\>adb shell 'chmod 777 /data/local/tmp/run-as'
/system/bin/sh: chmod 777 /data/local/tmp/run-as: not found
C:\>adb shell '/data/local/tmp/dirtycow /system/bin/run-as /da
s'
/system/bin/sh: /data/local/tmp/dirtycow /system/bin/run-as /d
as: not found
C:\>adb shell /system/bin/run-as
run-as: Usage:
run-as <package-name> [--user <uid>] <command> [<args>]
Click to expand...
Click to collapse
It sounds like there's a problem with your /tmp/ directory. Try running "adb shell 'chmod 777 /data/local/tmp/' "
C:\>adb shell 'chmod 777 /data/local/tmp/'
/system/bin/sh: chmod 777 /data/local/tmp/: not found
I can't even ls local directory....but I see your two files in tmp
255|[email protected]:/data/local $ cd tmp
[email protected]:/data/local/tmp $ ls
dirtycow
run-as
[email protected]:/data/local/tmp $
YassGo said:
C:\>adb shell 'chmod 777 /data/local/tmp/'
/system/bin/sh: chmod 777 /data/local/tmp/: not found
I can't even ls local or tmp directory....
Click to expand...
Click to collapse
What the heck dude?? I've never heard of that error... it seems like you just don't have a tmp directory.
Honestly Annoying said:
What the heck dude?? I've never heard of that error... it seems like you just don't have a tmp directory.
Click to expand...
Click to collapse
Sorry dude I edited my message.
adb push arm64-v8a/dirtycow /data/local/tmp
adb push arm64-v8a/run-as /data/local/tmp
adb shell 'chmod 777 /data/local/tmp/run-as'
adb shell 'chmod 777 /data/local/tmp/dirtycow'
adb shell '/data/local/tmp/dirtycow /system/bin/run-as /data/local/tmp/run-as'
--> warning: new file size (5960) and file old size (14192) diffe
size 14192
[*] mmap 0x7f7eb44000
[*] exploit (patch)
[*] currently 0x7f7eb44000=10102464c457f
[*] madvise = 0x7f7eb44000 14192
[*] madvise = 0 1048576
[*] /proc/self/mem 1996488704 1048576
[*] exploited 0x7f7eb44000=10102464c457f
adb shell /system/bin/run-as
--> running as uid 2000
uid 0
YassGo said:
Sorry dude I edited my message.
Click to expand...
Click to collapse
Ah okay see that now. Do this
adb shell
/data/local/tmp/dirtycow /system/bin/run-as /data/local/tmp/run-as
/system/bin/run-as
Basically, this adds the "run-as" to the /system/bin directory, which is only accessible by root
Honestly Annoying said:
Ah okay see that now. Do this
adb shell
/data/local/tmp/dirtycow /system/bin/run-as /data/local/tmp/run-as
/system/bin/run-as
Basically, this adds the "run-as" to the /system/bin directory, which is only accessible by root
Click to expand...
Click to collapse
Okay you forgot chmod 777 on the dirtycow file. Here's what I get now with the last two commands :
adb push arm64-v8a/dirtycow /data/local/tmp
adb push arm64-v8a/run-as /data/local/tmp
adb shell 'chmod 777 /data/local/tmp/run-as'
adb shell 'chmod 777 /data/local/tmp/dirtycow'
adb shell '/data/local/tmp/dirtycow /system/bin/run-as /data/local/tmp/run-as'
--> warning: new file size (5960) and file old size (14192) diffe
size 14192
[*] mmap 0x7f7eb44000[*] exploit (patch)[*] currently 0x7f7eb44000=10102464c457f[*] madvise = 0x7f7eb44000 14192[*] madvise = 0 1048576[*] /proc/self/mem 1996488704 1048576[*] exploited 0x7f7eb44000=10102464c457f
adb shell /system/bin/run-as
--> running as uid 2000
uid 0
YassGo said:
Okay you forgot chmod 777 on the dirtycow file. Here's what I get now with the last two commands :
adb push arm64-v8a/dirtycow /data/local/tmp
adb push arm64-v8a/run-as /data/local/tmp
adb shell 'chmod 777 /data/local/tmp/run-as'
adb shell 'chmod 777 /data/local/tmp/dirtycow'
adb shell '/data/local/tmp/dirtycow /system/bin/run-as /data/local/tmp/run-as'
--> warning: new file size (5960) and file old size (14192) diffe
size 14192
[*] mmap 0x7f7eb44000[*] exploit (patch)[*] currently 0x7f7eb44000=10102464c457f[*] madvise = 0x7f7eb44000 14192[*] madvise = 0 1048576[*] /proc/self/mem 1996488704 1048576[*] exploited 0x7f7eb44000=10102464c457f
adb shell /system/bin/run-as
--> running as uid 2000
uid 0
Click to expand...
Click to collapse
Oh crap so sorry! Now run
adb shell
whoami
cd /data
ls
Please post results of that!
[email protected]:/data/local/tmp $ whoami
shell
[email protected]:/data/local/tmp $ cd /data
[email protected]:/data $ ls
opendir failed, Permission denied
YassGo said:
[email protected]:/data/local/tmp $ whoami
shell
[email protected]:/data/local/tmp $ cd /data
[email protected]:/data $ ls
opendir failed, Permission denied
Click to expand...
Click to collapse
Okay, so here's what I can see of this then. This DOES open a root shell, but it closes the shell right after placing "run-as" into /system/bin. If we can keep the shell open then bam root!
YassGo said:
[email protected]:/data/local/tmp $ whoami
shell
[email protected]:/data/local/tmp $ cd /data
[email protected]:/data $ ls
opendir failed, Permission denied
Click to expand...
Click to collapse
WAIT actually try running
SEE NEXT POST
[email protected]:/data $ cd /data/local/tmp
[email protected]:/data/local/tmp $ run-as cat /init.flo.diag.rc
running as uid 2000
uid 0
YassGo said:
[email protected]:/data $ cd /data/local/tmp
[email protected]:/data/local/tmp $ run-as cat /init.flo.diag.rc
running as uid 2000
uid 0
Click to expand...
Click to collapse
Oops, close that root shell and just do
adb shell
run-as cat /init.flo.diag.rc
C:\>adb shell
[email protected]:/ $ run-as cat /init.flo.diag.rc
running as uid 2000
uid 0
YassGo said:
C:\>adb shell
[email protected]:/ $ run-as cat /init.flo.diag.rc
running as uid 2000
uid 0
Click to expand...
Click to collapse
wtf it should be working.
Here's some to try, tell me if any of these work
adb shell
run-as id
run-as ls -lZ /sbin/
run-as ls -lZ /data/