Hi i have problem with Kindle Fire,
i changed permissions folder system/app with app Root explorer and then I restart Kindle Fire and now dont want start. I think this is problem permissons for this directory.
Pleas can you send me setting permissions folder APP and how i can change it by ADB SHELL?
I have tried:
adb shell
su
chmod 644 app
Unable to chmod app: Read-only file system
THX very much .-(
Sory my english is very bad.
adb shell
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
chmod 755 /system/app
or look here:
http://forum.xda-developers.com/showthread.php?t=1356257
guys please use the search function !
I have tried it but:
$ mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
mount: Operation not permitted
$ chmod 755 /system/app
chmod 755 /system/app
Unable to chmod /system/app: Read-only file system
THX I'm a little desperate
pitrsonek said:
I have tried it but:
$ mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
mount: Operation not permitted
$ chmod 755 /system/app
chmod 755 /system/app
Unable to chmod /system/app: Read-only file system
THX I'm a little desperate
Click to expand...
Click to collapse
you need root before you can do any of those (i.e. su)
But i think i have root because I install Google market and other app. Or how i can check if i have root?
THX!
c:\Program Files (x86)\Android\android-sdk\platform-tools>adb devices
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
List of devices attached
4D1A002600000001 device
c:\Program Files (x86)\Android\android-sdk\platform-tools>adb shell
$ ls
ls
config
dropbox
cache
sdcard
acct
mnt
vendor
d
etc
ueventd.rc
ueventd.omap4430.rc
ueventd.goldfish.rc
system
sys
sbin
proc
init.rc
init.omap4430.rc
init.goldfish.rc
init
default.prop
data
root
dev
$
at the $ prompt type
su
should turn to # instead of $
Then you are Root.
krelvinaz said:
at the $ prompt type
su
should turn to # instead of $
Then you are Root.
Click to expand...
Click to collapse
Yes, what he said...you're confusing having root on the command line for "I installed su and superuser to their correct locations"
adb shell
$ su
su
[1] + Stopped (signal) su
$ su
su
[2] + Stopped (signal) su
[1] Segmentation fault su
$
I have try install root by this manual: http://rootkindlefire.com/kindle-fire-root/how-to-root-kindle-fire/
I see device when i write: adb devices
I have executed runme.bat
but SU dont go
pitrsonek said:
adb shell
$ su
su
[1] + Stopped (signal) su
$ su
su
[2] + Stopped (signal) su
[1] Segmentation fault su
$
I have try install root by this manual: http://rootkindlefire.com/kindle-fire-root/how-to-root-kindle-fire/
I see device when i write: adb devices
I have executed runme.bat
but SU dont go
Click to expand...
Click to collapse
Something is wrong with your device then.
as a first step look if you have superuser.apk in \system\app\
Ho i dont have Superuser.apk in /system/app/
b63 said:
as a first step look if you have superuser.apk in \system\app\
Click to expand...
Click to collapse
Doesn't really matter if su is not working. Superuser.apk is just a wrapper for su and he's trying to do things on the command line so su is what he's calling to, not SuperUser.apk.
He either didnt root correctly to begin with or he did something after that messed things up. Temp rooting with zergRush and redoing things is most likely what he needs to do.
Is ther somebody who can help me online on gtalk? I will pay you by PayPal. If anybody has freetime send me PM. THX
Ther is content dir app:
c:\Program Files (x86)\Android\android-sdk\platform-tools>adb shell
$ ls /system/app
ls /system/app
-------------------------------------------------------------------------
ATVAndroidClient.apk
AccountAndSyncSettings.apk
AmazonVenezia.apk
ApplicationsProvider.apk
AudibleAndroidApplication-venezia.apk
CSApp-unsigned.apk
CalendarProvider.apk
CertInstaller.apk
Cloud9-unsigned.apk
Cloud9SystemBrowserProvider-unsigned.apk
Contacts.apk
ContactsProvider.apk
DefaultContainerService.apk
DownloadProvider.apk
DownloadProviderUi.apk
DrmProvider.apk
Email.apk
Facebook.apk
Gallery3D.apk
HTMLViewer.apk
IMDb-2.3.apk
KindleForOtter.apk
LatinIME.apk
Launcher.apk
LiveWallpapers.apk
LiveWallpapersPicker.apk
MagicSmokeWallpapers.apk
MarketIntentProxy.apk
MediaProvider.apk
MyAccount-unsigned.apk
OOBE-unsigned.apk
OTASilentInstall.apk
OtterAppManager.apk
OtterTutorial.apk
PackageInstaller.apk
PicoTts.apk
Provision.apk
Pulse-amazon.apk
QuickSearchBox.apk
QuickSettings.apk
Quickoffice_AMAZON_4.1.408_VC.apk
Settings.apk
SettingsProvider.apk
SystemUI.apk
TtsService.apk
UserDictionaryProvider.apk
VisualizationWallpapers.apk
VpnServices.apk
Windowshop.apk
air_runtime.apk
amazonmp3-unsigned.apk
com.amazon.dcp.apk
oem_install_flash_player_signed.apk
Superuser.apk
Vending.apk
$
agree - but it's an indication that his device is not rooted
i would suggest to install superoneclick to the computer and root again
all you need is here : http://forum.xda-developers.com/showpost.php?p=19789892&postcount=35
pitrsonek said:
Is ther somebody who can help me online on gtalk? I will pay you by PayPal. If anybody has freetime send me PM. THX
$
Click to expand...
Click to collapse
Maybe on Thursday I can. Busy until then.
I just run SuperOneClick and there is log http://jsfiddle.net/tVnDv/ from this program.
Kindle Fire is Back
Jupiiie Kindle Fire is back.
So first i try SuperOneClikck install root, but this code doesnt go:
adb shell
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
chmod 755 /system/app
Then i tried unroot and this code go?
How my Kindle Fire start ,-) Its crazy but true.
Thank you very much guys...
glad to help ...
pitrsonek said:
Jupiiie Kindle Fire is back.
So first i try SuperOneClikck install root, but this code doesnt go:
adb shell
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
chmod 755 /system/app
Then i tried unroot and this code go?
How my Kindle Fire start ,-) Its crazy but true.
Thank you very much guys...
Click to expand...
Click to collapse
I'm having the same issue, but when I go to change the mount permissions I get permission denied. Anyone care to give me some insight on how to fix it?
you have the $ prompt !!!
type su - the prompt has to change to #
then do the commands ...
Sparkym3 released an automated tool for this, please see here http://forum.xda-developers.com/showpost.php?p=31730134&postcount=1
Please DO NOT donate to nor credit me me for this matter, this was not my find, we just tried an existing exploit on the device.
Dear bloggers, source this when copying:
http://www.androidpolice.com/2012/09/17/amazon-kindle-fire-hd-7-already-rooted-heres-how-to-do-it/
Amazon failed to fix the bug sparkym3 (http://forum.xda-developers.com/member.php?u=4411543) found in ICS, whoops.
http://downloads.noshufou.netdna-cdn.com/superuser/Superuser-3.1.3-arm-signed.zip
unzip the zip, get su from /system/bin/ and Superuser.apk from /system/app/ and put them in your current directory
adb shell
rm -r /data/local/tmp
ln -s /data/ /data/local/tmp
exit
adb reboot
adb shell
echo 'ro.kernel.qemu=1' > /data/local.prop
exit
adb reboot
adb shell mount -o remount,rw /system
adb push su /system/xbin/su
adb shell
chown 0.0 /system/xbin/su
chmod 06755 /system/xbin/su
rm /data/local.prop
exit
adb reboot
adb install Superuser.apk
SWEET!
jcase said:
Please DO NOT donate to nor credit me me for this matter, this was not my find, we just tried an existing exploit on the device.
Dear bloggers, source this when copying:
http://www.androidpolice.com/2012/09/17/amazon-kindle-fire-hd-7-already-rooted-heres-how-to-do-it/
Amazon failed to fix the bug sparkym3 (http://forum.xda-developers.com/member.php?u=4411543) found in ICS, whoops.
http://downloads.noshufou.netdna-cdn.com/superuser/Superuser-3.1.3-arm-signed.zip
unzip the zip, get su from /system/bin/ and Superuser.apk from /system/app/ and put them in your current directory
adb shell
rm /data/local/tmp
ln -s /data/ /data/local/tmp
exit
adb reboot
adb shell
echo 'ro.kernel.qemu=1' > /data/local.prop
exit
adb reboot
adb shell mount -o remount,rw /system
adb push su /system/xbin/su
adb shell
chown 0.0 /system/xbin/su
chmod 06755 /system/xbin/su
rm /data/local.prop
exit
adb reboot
adb install Superuser.apk
Click to expand...
Click to collapse
This is really exciting news! Been hoping for some good news on this front! Just got my new Fire over the weekend. Looking forward to getting the play store working.
Was there a way with the old fires to block Amazon's automatic updates?
As always thanks for your work man!!
ThaPirato said:
As always thanks for your work man!!
Click to expand...
Click to collapse
Not my work, thank sparkym3. We just went testing older exploits before releasing a new one, and this worked.
Jcase , you love these kindles don't you. Thanks for helping us out
Sent from my Nexus 7 using Tapatalk 2
how do i get my kindle to be recognized when i type "adb shell" in the command line? I enabled adb in the security settings
stu5797 said:
how do i get my kindle to be recognized when i type "adb shell" in the command line? I enabled adb in the security settings
Click to expand...
Click to collapse
If you have the SDK installed and you get "error: device not found" you need to do the following steps. This worked for me.
Navigate to the [your user name]/.android folder. It is under C:\Users
Edit the adb_usb.ini file, adding the following line of code at the end:
0×1949
Close and save that file.
Now find the folder where your SDK is installed, and open the usb_driver folder. In that folder, find the file android_winusb.inf and add the following code to both the [Google.NTx86] and [Google.NTamd64] sections:
;Kindle Fire
%SingleAdbInterface% = USB_Install, USB\VID_1949&PID_0006
%CompositeAdbInterface% = USB_Install, USB\VID_1949&PID_0006&MI_01
Reboot and then run adb shell again. It should recognize your device.
Jcase is the android locksmith. Just about every device I have seen he has atleast helped unlock. Now if a working recovery can get made, I can see my self getting one of these puppies down the road.
sent from my Nokia 5110 using t9
jcase said:
Please DO NOT donate to nor credit me me for this matter, this was not my find, we just tried an existing exploit on the device.
Dear bloggers, source this when copying:
http://www.androidpolice.com/2012/09/17/amazon-kindle-fire-hd-7-already-rooted-heres-how-to-do-it/
Amazon failed to fix the bug sparkym3 (http://forum.xda-developers.com/member.php?u=4411543) found in ICS, whoops.
http://downloads.noshufou.netdna-cdn.com/superuser/Superuser-3.1.3-arm-signed.zip
unzip the zip, get su from /system/bin/ and Superuser.apk from /system/app/ and put them in your current directory
adb shell
rm /data/local/tmp
ln -s /data/ /data/local/tmp
exit
adb reboot
adb shell
echo 'ro.kernel.qemu=1' > /data/local.prop
exit
adb reboot
adb shell mount -o remount,rw /system
adb push su /system/xbin/su
adb shell
chown 0.0 /system/xbin/su
chmod 06755 /system/xbin/su
rm /data/local.prop
exit
adb reboot
adb install Superuser.apk
Click to expand...
Click to collapse
Thanks for your sharing!
Thanks Cameron Summerson!
Awesome work guys, especially for jcase and sparkym3...
Qemu automated root problem
Kindle Fire HD 7.2.1 using the Qemu auto - thing keeps stalling at step 3 "looking for access"
The filename, directory name, or volume label syntax is incorrect.
It's leaving me an unstable device that requires a factory reset to operate. Any insight would be appreciated.
BELASCO said:
Kindle Fire HD 7.2.1 using the Qemu auto - thing keeps stalling at step 3 "looking for access"
The filename, directory name, or volume label syntax is incorrect.
It's leaving me an unstable device that requires a factory reset to operate. Any insight would be appreciated.
Click to expand...
Click to collapse
Mine did the same, simply ignore it..
CTRL c
to stop
restart the script and start with step 4 --> it will stall again but will work..
Scsi
scs1man said:
Mine did the same, simply ignore it..
CTRL c
to stop
restart the script and start with step 4 --> it will stall again but will work..
Scsi
Click to expand...
Click to collapse
Happily rooted and hunting through Gplay.
Root works great with KFHD7 (firmware 7.2.1)
someonhe has sucessfuly rooted a 7.2.2 version?
7.2.2
So my system updated to 7.2.2 - darn!
So what's the current status...
- Google Chrome, Play store and frameworks still present - and working.
- ES Explorer is not able to enable Root Explorer, so root obviously shorted.
- The Superuser app remains, but is useless without the 'su' file.
- GoLauncher was completely removed.
- The Qemu exploit is not working. Gives error on cmd line: echo 'ro.kernel.qemu=1' > /data/local.prop
Hope everyone still on 7.2.1 puts up their firewalls. And :angel: praying that our developer legends work something out on what Amazon did to lock 7.2.2.
Also, an additional warning about the 7.2.2 update... I don't know if this happened to anyone else, but I had the Swype Beta installed on my rooted KFHD. The new update also came with Swype, and for some reason, instead of overwriting mine, there's this bizarre conflict with the two. When attempting to type, Swype tells me have an incorrect license, and refuses to work and tells me to redownload the beta. On top of that, attempts at removal or reinstallation are impossible since I no longer have root (Swype is in the system/apps directory).
Just about everything else works (minus apps needing root), including Nova Launcher Prime. I still can't type though. Yay Amazon.
I had Swype too, but I used nook tools to choose the Amazon keyboard and it works fine.
Sent from my KFTT using Tapatalk 2
VbSin said:
So my system updated to 7.2.2 - darn!
- GoLauncher was completely removed.
Click to expand...
Click to collapse
That's interesting. I had ADWLauncher before the update and it stayed. I've lost my desktop layout, I can't bind it to the home button and I can't add widgets but otherwise it works OK.
No root yet for 7.2.2
maxx1985 said:
someonhe has sucessfuly rooted a 7.2.2 version?
Click to expand...
Click to collapse
I tried and tried, but no success. With the automatic procedure I get always the same error ( screenshot attached) and it sends me to NOROOT-
Going to try the cmd one, let's hope!
**UPDATE**
Here is my collection of scripts for rooting, blocking updates, and all kinds of stuff for ALL fire tv:
https://github.com/pwntrik/firetv/
Here's the video (2 parts) on howto root Fire TV 1st gen using soldering:
https://youtu.be/yhwYfudGiM8
https://youtu.be/Kn7zmXf08bk
**/UPDATE**
Greetings, AFTV hackers!
I have successfully soldered an emmc reader to the Fire TV 1st Gen, and I have complete r/w access. However, the tutorial for rooting appears to be a bit dated as the hacker (@maximus64) at the time was able to just copy the su binary to /system/xbin, modify the permissions, and run it.
Since FireOS 5.2.0.0, however, SELinux now prevents the binary from being executed:
(At this point, I have already copied su binary, chmod 6755 it, chown 0:0 it)
Code:
[email protected]:/ $ ls -la /system/xbin/su
ls -la /system/xbin/su
/system/xbin/su: Permission denied
1|[email protected]:/ $ su
su
/system/bin/sh: su: not found
127|[email protected]:/ $ ls -ld /system/xbin
ls -ld /system/xbin
drwxr-xr-x root shell 2017-01-05 01:35 xbin
[email protected]:/ $ ls -l /system/xbin/
ls -l /system/xbin/
-rwxr-xr-x root shell 63880 2016-05-27 17:00 dexdump
-rwxr-xr-x root shell 49816 2016-05-27 17:00 sqlite3
lstat '/system/xbin//su' failed: Permission denied
-rwxr-xr-x root shell 813248 2016-05-27 17:00 tcpdump
-rwxr-xr-x root shell 9384 2016-05-27 17:00 trapz
-rwxr-xr-x root shell 46456 2016-05-27 17:00 vitals_collection_agent
And just to make sure I did everything correctly, I hooked it up again then checked the binary:
Code:
[email protected]:/media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b1/xbin# ls -la
total 1092
drwxr-xr-x. 2 root 2000 4096 Jan 5 04:35 .
drwxr-xr-x. 16 root root 4096 Jan 6 17:07 ..
-rwxr-xr-x. 1 root 2000 63880 May 27 2016 dexdump
-rwxr-xr-x. 1 root 2000 49816 May 27 2016 sqlite3
-rwsr-sr-x 1 root root 112576 Jan 5 04:31 su
-rwxr-xr-x. 1 root 2000 813248 May 27 2016 tcpdump
-rwxr-xr-x. 1 root 2000 9384 May 27 2016 trapz
-rwxr-xr-x. 1 root 2000 46456 May 27 2016 vitals_collection_agent
So at this point, I did some research and it seems that SELinux prevents this from being run. Does anyone have a workaround or could tell me how to give this binary permission? I have zero experience with SELinux, and even if anyone can point me to a similar thread for rooting when you have full r/w access, that'd be excellent..
Thanks!
cancelyourcable said:
Greetings, AFTV hackers!
I have successfully soldered an emmc reader to the Fire TV 1st Gen, and I have complete r/w access. However, the tutorial for rooting appears to be a bit dated as the hacker (@maximus64) at the time was able to just copy the su binary to /system/xbin, modify the permissions, and run it.
Since FireOS 5.2.0.0, however, SELinux now prevents the binary from being executed:
(At this point, I have already copied su binary, chmod 6755 it, chown 0:0 it)
Code:
[email protected]:/ $ ls -la /system/xbin/su
ls -la /system/xbin/su
/system/xbin/su: Permission denied
1|[email protected]:/ $ su
su
/system/bin/sh: su: not found
127|[email protected]:/ $ ls -ld /system/xbin
ls -ld /system/xbin
drwxr-xr-x root shell 2017-01-05 01:35 xbin
[email protected]:/ $ ls -l /system/xbin/
ls -l /system/xbin/
-rwxr-xr-x root shell 63880 2016-05-27 17:00 dexdump
-rwxr-xr-x root shell 49816 2016-05-27 17:00 sqlite3
lstat '/system/xbin//su' failed: Permission denied
-rwxr-xr-x root shell 813248 2016-05-27 17:00 tcpdump
-rwxr-xr-x root shell 9384 2016-05-27 17:00 trapz
-rwxr-xr-x root shell 46456 2016-05-27 17:00 vitals_collection_agent
And just to make sure I did everything correctly, I hooked it up again then checked the binary:
Code:
[email protected]:/media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b1/xbin# ls -la
total 1092
drwxr-xr-x. 2 root 2000 4096 Jan 5 04:35 .
drwxr-xr-x. 16 root root 4096 Jan 6 17:07 ..
-rwxr-xr-x. 1 root 2000 63880 May 27 2016 dexdump
-rwxr-xr-x. 1 root 2000 49816 May 27 2016 sqlite3
-rwsr-sr-x 1 root root 112576 Jan 5 04:31 su
-rwxr-xr-x. 1 root 2000 813248 May 27 2016 tcpdump
-rwxr-xr-x. 1 root 2000 9384 May 27 2016 trapz
-rwxr-xr-x. 1 root 2000 46456 May 27 2016 vitals_collection_agent
So at this point, I did some research and it seems that SELinux prevents this from being run. Does anyone have a workaround or could tell me how to give this binary permission? I have zero experience with SELinux, and even if anyone can point me to a similar thread for rooting when you have full r/w access, that'd be excellent..
Thanks!
Click to expand...
Click to collapse
bueller_recovery_v2.zip begins with a shell script. If you open it in a text editor, you can see it. mkdir /system/recovery, unzip the contents of that zip to /system/recovery, and do the mv and ln commands. Make sure the selinux contexts of /system/recovery and it's contents match the other contents of /systems.
And also make sure the contents are chmod 755.
rbox said:
bueller_recovery_v2.zip begins with a shell script. If you open it in a text editor, you can see it. mkdir /system/recovery, unzip the contents of that zip to /system/recovery, and do the mv and ln commands. Make sure the selinux contexts of /system/recovery and it's contents match the other contents of /systems.
And also make sure the contents are chmod 755.
Click to expand...
Click to collapse
Thanks, rbox! I've managed to rewrite the script to do all that, but how do I make sure the SELinux contexts match? Sorry, not familiar with SELinux.
Is this the ACTUAL partition table, or is this the way the eMMC reader loads it?
Code:
[email protected]:/media/root# ls 5*
57f8f4bc-abf4-655f-bf67-946fc0f9f25b:
adb backup hostapd property system?
anr bugreports key_provisioning prReset time
app connectivity local radio tombstones
app-asec dalvik-cache logd resource-cache user
app_ext data lost+found securedStorageLocation vitals
app-lib debug_service media securestop webcrypto
app_ms dontpanic mediadrm security wiper
app-private dpm misc shared wpstiles
audio drm playready ssh
autotrace fota proffline system
57f8f4bc-abf4-655f-bf67-946fc0f9f25b1:
data lost+found usf
57f8f4bc-abf4-655f-bf67-946fc0f9f25b2:
com.amazon.avod.apk lost+found
com.amazon.venezia.apk recovery
com.amazon.vizzini-550901810.apk signed_com.amazon.kso.blackbird-1550000810.apk
dalvik-cache signed_CSAppFireTV-fireOs-release_v112.apk
57f8f4bc-abf4-655f-bf67-946fc0f9f25b3:
data lost+found usf
57f8f4bc-abf4-655f-bf67-946fc0f9f25b4:
app etc lib priv-app sqfs vendor
bin fonts lost+found recovery-from-boot.p tts xbin
build.prop framework media security usr
I ask because /system/bin is actually on a completely separate partition using this method. Is it possible to copy the actual init2stub in place of e2fsck instead of symlinking it? (in case the symlink doesn't work)
Here's my modified version of your script:
Code:
# Put your `recovery' folder in here, unzipped
SHARED="/media/sf_Shared"
# This is the directory created by the MMC reader
LABEL="/media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b"
SYSTEM="${LABEL}/system"
BIN="${LABEL}4/bin"
echo "Copying recovery..."
cp -rf $SHARED/recovery $SYSTEM
echo "Chmodding..."
chmod -R 755 $SYSTEM/recovery
echo "Backup the old e2fsck..."
mv $BIN/e2fsck $BIN/e2fsck.real
echo "Symlink e2fsck to 2ndinitstub..."
# If symlink doesn't work, can I copy 2ndinitstub completely?
ln -sf ../recovery/2ndinitstub $BIN/e2fsck
echo "Done."
Thanks for your help otherwise I'd be so SCREWED! :laugh:
cancelyourcable said:
Thanks, rbox! I've managed to rewrite the script to do all that, but how do I make sure the SELinux contexts match? Sorry, not familiar with SELinux.
Is this the ACTUAL partition table, or is this the way the eMMC reader loads it?
Code:
[email protected]:/media/root# ls 5*
57f8f4bc-abf4-655f-bf67-946fc0f9f25b:
adb backup hostapd property system?
anr bugreports key_provisioning prReset time
app connectivity local radio tombstones
app-asec dalvik-cache logd resource-cache user
app_ext data lost+found securedStorageLocation vitals
app-lib debug_service media securestop webcrypto
app_ms dontpanic mediadrm security wiper
app-private dpm misc shared wpstiles
audio drm playready ssh
autotrace fota proffline system
57f8f4bc-abf4-655f-bf67-946fc0f9f25b1:
data lost+found usf
57f8f4bc-abf4-655f-bf67-946fc0f9f25b2:
com.amazon.avod.apk lost+found
com.amazon.venezia.apk recovery
com.amazon.vizzini-550901810.apk signed_com.amazon.kso.blackbird-1550000810.apk
dalvik-cache signed_CSAppFireTV-fireOs-release_v112.apk
57f8f4bc-abf4-655f-bf67-946fc0f9f25b3:
data lost+found usf
57f8f4bc-abf4-655f-bf67-946fc0f9f25b4:
app etc lib priv-app sqfs vendor
bin fonts lost+found recovery-from-boot.p tts xbin
build.prop framework media security usr
I ask because /system/bin is actually on a completely separate partition using this method. Is it possible to copy the actual init2stub in place of e2fsck instead of symlinking it? (in case the symlink doesn't work)
Here's my modified version of your script:
Code:
# Put your `recovery' folder in here, unzipped
SHARED="/media/sf_Shared"
# This is the directory created by the MMC reader
LABEL="/media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b"
SYSTEM="${LABEL}/system"
BIN="${LABEL}4/bin"
echo "Copying recovery..."
cp -rf $SHARED/recovery $SYSTEM
echo "Chmodding..."
chmod -R 755 $SYSTEM/recovery
echo "Backup the old e2fsck..."
mv $BIN/e2fsck $BIN/e2fsck.real
echo "Symlink e2fsck to 2ndinitstub..."
# If symlink doesn't work, can I copy 2ndinitstub completely?
ln -sf ../recovery/2ndinitstub $BIN/e2fsck
echo "Done."
Thanks for your help otherwise I'd be so SCREWED! :laugh:
Click to expand...
Click to collapse
That is /data. Not /system. ls -lZ will show you contexts.
rbox said:
That is /data. Not /system. ls -lZ will show you contexts.
Click to expand...
Click to collapse
Well, not sure exactly what happened but I booted it back up and /system/recovery doesn't exist. Even if that's normal behavior, it didn't run TWRP.
The shell script I pasted above, it runs chcon and chmod, but perhaps chcon has no effect since it's being run on a host system (linux), instead of the actual android system (I kinda expected that.)
Code:
[email protected]:/system/bin $ ls -Z e2*
ls -Z e2*
e2fsck: Permission denied
e2fsck.real: Permission denied
Is there an init file I can edit to run chcon or completely disable selinux? Seems like that's probably preventing it. I can't see log files as user, but I feel like that might be part of it.
Thanks
cancelyourcable said:
Well, not sure exactly what happened but I booted it back up and /system/recovery doesn't exist. Even if that's normal behavior, it didn't run TWRP.
The shell script I pasted above, it runs chcon and chmod, but perhaps chcon has no effect since it's being run on a host system (linux), instead of the actual android system (I kinda expected that.)
Code:
[email protected]:/system/bin $ ls -Z e2*
ls -Z e2*
e2fsck: Permission denied
e2fsck.real: Permission denied
Is there an init file I can edit to run chcon or completely disable selinux? Seems like that's probably preventing it. I can't see log files as user, but I feel like that might be part of it.
Thanks
Click to expand...
Click to collapse
Did you properly unmount the filesystem after you were done changing it? That's really the only way the changes wouldn't stick and recovery wouldn't be there. You definitely need to verify all the permissions and contexts manually before booting back in. Don't just assume a script worked. Also, I think chcon isn't going to work, now that I think about it. I remember when I was messing around with this stuff with the Fire TV 2 I wound up having to use extended attributes manually. This page: http://unix.stackexchange.com/quest...on-mounted-ext4-image-from-non-selinux-system explains how to do. As for disabling selinux... that's half the whole point of 2ndinit
rbox said:
Did you properly unmount the filesystem after you were done changing it? That's really the only way the changes wouldn't stick and recovery wouldn't be there. You definitely need to verify all the permissions and contexts manually before booting back in. Don't just assume a script worked. Also, I think chcon isn't going to work, now that I think about it. I remember when I was messing around with this stuff with the Fire TV 2 I wound up having to use extended attributes manually. This page: http://unix.stackexchange.com/quest...on-mounted-ext4-image-from-non-selinux-system explains how to do. As for disabling selinux... that's half the whole point of 2ndinit
Click to expand...
Click to collapse
Ya, definitely unmounted it. I'm like 99% sure it's because of this selinux thing. Ideally if I can get these extended attributes to work and run either `su' or get the recovery to load, that'd be best.
But /system and /recovery are on two separate partitions. When I look at the layout from linux when I mount it using the soldering method, it looks like this:
Code:
# /dev/sdb1 on /media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b3 type ext4 (rw,nosuid,nodev,relatime,data=ordered,uhelper=udisks2)
# /dev/sdb19 on /media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b2 type ext4 (rw,nosuid,nodev,relatime,data=ordered,uhelper=udisks2)
# /dev/sdb2 on /media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b1 type ext4 (rw,nosuid,nodev,relatime,data=ordered,uhelper=udisks2)
# /dev/sdb20 on /media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b type ext4 (rw,nosuid,nodev,relatime,data=ordered,uhelper=udisks2)
# /dev/sdb18 on /media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b4 type ext4 (rw,nosuid,nodev,relatime,data=ordered,uhelper=udisks2)
And from the firetv using adb shell, here's all the mounts:
Code:
[email protected]:/ $ mount
mount
rootfs / rootfs ro,relatime 0 0
tmpfs /dev tmpfs rw,seclabel,nosuid,relatime,mode=755 0 0
devpts /dev/pts devpts rw,seclabel,relatime,mode=600 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,seclabel,relatime 0 0
selinuxfs /sys/fs/selinux selinuxfs rw,relatime 0 0
debugfs /sys/kernel/debug debugfs rw,relatime 0 0
none /acct cgroup rw,relatime,cpuacct 0 0
none /sys/fs/cgroup tmpfs rw,seclabel,relatime,mode=750,gid=1000 0 0
tmpfs /mnt/asec tmpfs rw,seclabel,relatime,mode=755,gid=1000 0 0
tmpfs /mnt/obb tmpfs rw,seclabel,relatime,mode=755,gid=1000 0 0
none /dev/cpuctl cgroup rw,relatime,cpu 0 0
/dev/block/platform/msm_sdcc.1/by-name/system /system ext4 ro,seclabel,relatime,data=ordered 0 0
/dev/block/platform/msm_sdcc.1/by-name/cache /cache ext4 rw,seclabel,nosuid,nodev,noatime,data=ordered 0 0
/dev/block/platform/msm_sdcc.1/by-name/userdata /data ext4 rw,seclabel,nosuid,nodev,noatime,nomblk_io_submit,nobarrier,commit=20,data=ordered 0 0
/dev/block/platform/msm_sdcc.1/by-name/modem /firmware vfat ro,context=u:object_r:firmware_file:s0,relatime,uid=1000,gid=1000,fmask=0337,dmask=0227,codepage=cp437,iocharset=iso8859-1,shortname=lower,errors=remount-ro 0 0
/dev/block/loop0 /mnt/sqfs squashfs ro,context=u:object_r:squashfs_file:s0,relatime 0 0
/dev/block/platform/msm_sdcc.1/by-name/persist /persist ext4 rw,context=u:object_r:persist_file:s0,nosuid,nodev,noatime,data=ordered 0 0
/dev/fuse /mnt/shell/emulated fuse rw,nosuid,nodev,noexec,relatime,user_id=1023,group_id=1023,default_permissions,allow_other 0 0
/dev/fuse /mnt/shell/emulated/0 fuse rw,nosuid,nodev,noexec,relatime,user_id=1023,group_id=1023,default_permissions,allow_other 0 0
It looks very different. Like the /bin that appears in /system on the fire tv is actually on /media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b4, yet /system appears on a completely separate partition /media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b it's weird. Copying e2fsck did make it appear there, yet adding /system/recovery did nothing:
Code:
[email protected]:/ $ cd /system/recovery
cd /system/recovery
/system/bin/sh: cd: /system/recovery: No such file or directory
Not sure whether this is the firetv or the emmc reader which is displaying it oddly.
I'll wire it back up tomorrow and see if I can get extended permissions as well as try to figure out why the recovery dir is not showing up at all.
Thanks!
cancelyourcable said:
Ya, definitely unmounted it. I'm like 99% sure it's because of this selinux thing. Ideally if I can get these extended attributes to work and run either `su' or get the recovery to load, that'd be best.
But /system and /recovery are on two separate partitions. When I look at the layout from linux when I mount it using the soldering method, it looks like this:
Code:
# /dev/sdb1 on /media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b3 type ext4 (rw,nosuid,nodev,relatime,data=ordered,uhelper=udisks2)
# /dev/sdb19 on /media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b2 type ext4 (rw,nosuid,nodev,relatime,data=ordered,uhelper=udisks2)
# /dev/sdb2 on /media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b1 type ext4 (rw,nosuid,nodev,relatime,data=ordered,uhelper=udisks2)
# /dev/sdb20 on /media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b type ext4 (rw,nosuid,nodev,relatime,data=ordered,uhelper=udisks2)
# /dev/sdb18 on /media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b4 type ext4 (rw,nosuid,nodev,relatime,data=ordered,uhelper=udisks2)
And from the firetv using adb shell, here's all the mounts:
Code:
[email protected]:/ $ mount
mount
rootfs / rootfs ro,relatime 0 0
tmpfs /dev tmpfs rw,seclabel,nosuid,relatime,mode=755 0 0
devpts /dev/pts devpts rw,seclabel,relatime,mode=600 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,seclabel,relatime 0 0
selinuxfs /sys/fs/selinux selinuxfs rw,relatime 0 0
debugfs /sys/kernel/debug debugfs rw,relatime 0 0
none /acct cgroup rw,relatime,cpuacct 0 0
none /sys/fs/cgroup tmpfs rw,seclabel,relatime,mode=750,gid=1000 0 0
tmpfs /mnt/asec tmpfs rw,seclabel,relatime,mode=755,gid=1000 0 0
tmpfs /mnt/obb tmpfs rw,seclabel,relatime,mode=755,gid=1000 0 0
none /dev/cpuctl cgroup rw,relatime,cpu 0 0
/dev/block/platform/msm_sdcc.1/by-name/system /system ext4 ro,seclabel,relatime,data=ordered 0 0
/dev/block/platform/msm_sdcc.1/by-name/cache /cache ext4 rw,seclabel,nosuid,nodev,noatime,data=ordered 0 0
/dev/block/platform/msm_sdcc.1/by-name/userdata /data ext4 rw,seclabel,nosuid,nodev,noatime,nomblk_io_submit,nobarrier,commit=20,data=ordered 0 0
/dev/block/platform/msm_sdcc.1/by-name/modem /firmware vfat ro,context=u:object_r:firmware_file:s0,relatime,uid=1000,gid=1000,fmask=0337,dmask=0227,codepage=cp437,iocharset=iso8859-1,shortname=lower,errors=remount-ro 0 0
/dev/block/loop0 /mnt/sqfs squashfs ro,context=u:object_r:squashfs_file:s0,relatime 0 0
/dev/block/platform/msm_sdcc.1/by-name/persist /persist ext4 rw,context=u:object_r:persist_file:s0,nosuid,nodev,noatime,data=ordered 0 0
/dev/fuse /mnt/shell/emulated fuse rw,nosuid,nodev,noexec,relatime,user_id=1023,group_id=1023,default_permissions,allow_other 0 0
/dev/fuse /mnt/shell/emulated/0 fuse rw,nosuid,nodev,noexec,relatime,user_id=1023,group_id=1023,default_permissions,allow_other 0 0
It looks very different. Like the /bin that appears in /system on the fire tv is actually on /media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b4, yet /system appears on a completely separate partition /media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b it's weird. Copying e2fsck did make it appear there, yet adding /system/recovery did nothing:
Code:
[email protected]:/ $ cd /system/recovery
cd /system/recovery
/system/bin/sh: cd: /system/recovery: No such file or directory
Not sure whether this is the firetv or the emmc reader which is displaying it oddly.
I'll wire it back up tomorrow and see if I can get extended permissions as well as try to figure out why the recovery dir is not showing up at all.
Thanks!
Click to expand...
Click to collapse
You're not looking for a partition with a directory called system in it. The partition IS /system. So the partition with 'bin' and 'xbin' is the /system partition. That other one is /data.
rbox said:
You're not looking for a partition with a directory called system in it. The partition IS /system. So the partition with 'bin' and 'xbin' is the /system partition. That other one is /data.
Click to expand...
Click to collapse
Alright, so I made some big progress
Here's my script which successfully installed your TWRP zip:
Code:
# Put your `recovery' folder in here, unzipped
SHARED="/media/sf_Shared"
# This is the directory created by the MMC reader
LABEL="/media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b"
# WARNING: this CHANGED from 4 to 3. Always CHECK FIRST
SYSTEM="${LABEL}3"
if [ ! -e "${SYSTEM}/xbin" ]; then
echo "ERROR: couldn't find /system/xbin - is the mount point correct?"
exit 1
fi
echo "Copying recovery..."
cp -rf $SHARED/recovery $SYSTEM
echo "Backup the old e2fsck..."
cp -i $SYSTEM/bin/e2fsck $SHARED/e2fsck.real
mv -i $SYSTEM/bin/e2fsck $SYSTEM/bin/e2fsck.real
echo "Chmodding and chconing RECOVERY..."
chown -R 0:2000 $SYSTEM/recovery
chmod -R 755 $SYSTEM/recovery
chcon -R --reference=$SYSTEM/bin $SYSTEM/recovery
echo "Copying, chmodding and chconing SU (in case recovery doesn't work out)..."
cp $SHARED/su $SYSTEM/xbin/
chown 0:2000 $SYSTEM/xbin/su
chmod 6755 $SYSTEM/xbin/su
chcon --reference=$SYSTEM/xbin/trapz $SYSTEM/xbin/su
echo "Symlink e2fsck to 2ndinitstub..."
ln -sf ../recovery/2ndinitstub $SYSTEM/bin/e2fsck
echo "Done."
Then I booted into TWRP successfully.
However, when I tried to install your bueller-5.2.1.1-rooted_r1 I got this:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
After a long time it was clearly hung, so I rebooted and now it's bricked. But I did do a `dd if=/dev/sdb123 of=system.img` so i have that.
Would it be possible to just overwrite that partition with your system prerooted image while I have it connected to the emmc reader?
Thanks again for all the help!
cancelyourcable said:
Alright, so I made some big progress
Here's my script which successfully installed your TWRP zip:
Code:
# Put your `recovery' folder in here, unzipped
SHARED="/media/sf_Shared"
# This is the directory created by the MMC reader
LABEL="/media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b"
# WARNING: this CHANGED from 4 to 3. Always CHECK FIRST
SYSTEM="${LABEL}3"
if [ ! -e "${SYSTEM}/xbin" ]; then
echo "ERROR: couldn't find /system/xbin - is the mount point correct?"
exit 1
fi
echo "Copying recovery..."
cp -rf $SHARED/recovery $SYSTEM
echo "Backup the old e2fsck..."
cp -i $SYSTEM/bin/e2fsck $SHARED/e2fsck.real
mv -i $SYSTEM/bin/e2fsck $SYSTEM/bin/e2fsck.real
echo "Chmodding and chconing RECOVERY..."
chown -R 0:2000 $SYSTEM/recovery
chmod -R 755 $SYSTEM/recovery
chcon -R --reference=$SYSTEM/bin $SYSTEM/recovery
echo "Copying, chmodding and chconing SU (in case recovery doesn't work out)..."
cp $SHARED/su $SYSTEM/xbin/
chown 0:2000 $SYSTEM/xbin/su
chmod 6755 $SYSTEM/xbin/su
chcon --reference=$SYSTEM/xbin/trapz $SYSTEM/xbin/su
echo "Symlink e2fsck to 2ndinitstub..."
ln -sf ../recovery/2ndinitstub $SYSTEM/bin/e2fsck
echo "Done."
Then I booted into TWRP successfully.
However, when I tried to install your bueller-5.2.1.1-rooted_r1 I got this:
View attachment 3996750
After a long time it was clearly hung, so I rebooted and now it's bricked. But I did do a `dd if=/dev/sdb123 of=system.img` so i have that.
Would it be possible to just overwrite that partition with your system prerooted image while I have it connected to the emmc reader?
Thanks again for all the help!
Click to expand...
Click to collapse
UPDATE...
I flashed my original system.img and brought it back to a working state. After that, I set up recovery again then tried to install bueller-5.2.1.1-rooted_r1.zip. Same as before, it froze, but this time at 80%:
Here's the only "log" I could find:
Code:
[email protected]:/media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b4/recovery# cat log
Installing new recovery image: failed
So now I have the emmc reader connected again, and I'm *hoping* I can just flash the image in your bueller-5.2.1.1-rooted_r1.zip directly to the mmc using `dd if=system.new.dat of=/dev/sdb19`
But I thought I'd run it by your first before I brick it again :laugh:
Thanks again, @rbox
cancelyourcable said:
UPDATE...
I flashed my original system.img and brought it back to a working state. After that, I set up recovery again then tried to install bueller-5.2.1.1-rooted_r1.zip. Same as before, it froze, but this time at 80%:
View attachment 3997946
Here's the only "log" I could find:
Code:
[email protected]:/media/root/57f8f4bc-abf4-655f-bf67-946fc0f9f25b4/recovery# cat log
Installing new recovery image: failed
So now I have the emmc reader connected again, and I'm *hoping* I can just flash the image in your bueller-5.2.1.1-rooted_r1.zip directly to the mmc using `dd if=system.new.dat of=/dev/sdb19`
But I thought I'd run it by your first before I brick it again :laugh:
Thanks again, @rbox
Click to expand...
Click to collapse
The thread for TWRP talks about what to do if it hangs. You can use adb. You'll need to check the log while it's running. /tmp/recovery.log. The image in the rom is sparse, so you'll have to run sdat2img.py on it. And then you'll have to do all the steps listed in the updater-script. The image itself is 100% pure stock.
rbox said:
The thread for TWRP talks about what to do if it hangs. You can use adb. You'll need to check the log while it's running. /tmp/recovery.log. The image in the rom is sparse, so you'll have to run sdat2img.py on it. And then you'll have to do all the steps listed in the updater-script. The image itself is 100% pure stock.
Click to expand...
Click to collapse
I discovered your "updater-script" so I understand the process a lot better now (wish I had found this earlier)
How do I know which image to use for boot: boot.img or boot_unlocked.img? I'm running from a host system so I can't check the value of ro.boot.unlocked_kernel from within linux.
Thanks!
P.S. Almost finished a bash script others can use to flash your image from an emmc reader - I will post a guide on here!
cancelyourcable said:
I discovered your "updater-script" so I understand the process a lot better now (wish I had found this earlier)
How do I know which image to use for boot: boot.img or boot_unlocked.img? I'm running from a host system so I can't check the value of ro.boot.unlocked_kernel from within linux.
Thanks!
P.S. Almost finished a bash script others can use to flash your image from an emmc reader - I will post a guide on here!
Click to expand...
Click to collapse
Since it's running OS5, you have to use the regular boot.img, since your bootloader isn't unlocked.
cancelyourcable said:
P.S. Almost finished a bash script others can use to flash your image from an emmc reader - I will post a guide on here!
Click to expand...
Click to collapse
I would really appreciate this.
zexma said:
I would really appreciate this.
Click to expand...
Click to collapse
It's almost done! Will post very soon
cancelyourcable said:
It's almost done! Will post very soon
Click to expand...
Click to collapse
Don't want to bother, you
Is there any progress to expect, cause I'm stuck at the very same point, SELinux prevents loading su
(/system/xbin//su' failed: Permission denied)
Thanks in advance.
pwntrik said:
It's almost done! Will post very soon
Click to expand...
Click to collapse
Any progress on this?
zexma said:
Any progress on this?
Click to expand...
Click to collapse
Yes, it works 100%. Literally just ordered an overhead camera tripod for recording a video of the whole process. Sit tight -- I promise it's coming soon!
@pwntrik : any tricks to have your Linux (Ubuntu) box recognizing the FireTV in fastboot mode?
I can get it to connect in fastboot with Win7 on the same machine, but in Ubuntu 16.04 I'm not able to.
I did add ATTR{idVendor}== "1949" and ATTR{idProduct}=="0401" to /etc/udev/51-android.rules and rebooted, but no luck...
My FireTV (1st gen, last firmware was 5.0.5, rooted) is currently , after unsuccessful flash of "rooted-5.0.5_r1" ROM in TWRP stuck at this screen:
.
I know it's a longshot to recover it, but I have patience....
Sent from space
kozmo2k4 said:
@pwntrik : any tricks to have your Linux (Ubuntu) box recognizing the FireTV in fastboot mode?
I can get it to connect in fastboot with Win7 on the same machine, but in Ubuntu 16.04 I'm not able to.
I did add ATTR{idVendor}== "1949" and ATTR{idProduct}=="0401" to /etc/udev/51-android.rules and rebooted, but no luck...
My FireTV (1st gen, last firmware was 5.0.5, rooted) is currently , after unsuccessful flash of "rooted-5.0.5_r1" ROM in TWRP stuck at this screen:
.
I know it's a longshot to recover it, but I have patience....
Sent from space
Click to expand...
Click to collapse
I've been using Win10 for that. I only use Linux for writing the images.