Looking for how to change System Images for Droid Turbo - Verizon Motorola Droid Turbo General

I believe the next step for the Droid Turbo are system images.
With MofoRoot, the next goal is to create a system image that is lollipop 5.1 and has root.
I've only flashed system images that were created up to this point but I'd be interested in learning how to take apart a system image and go as far as changing/manipulating it have wifi tether and root. Anyone have any good suggestions on where to start learning?
I plan to collect what I discover in this thread.

windraver said:
I believe the next step for the Droid Turbo are system images.
With MofoRoot, the next goal is to create a system image that is lollipop 5.1 and has root.
I've only flashed system images that were created up to this point but I'd be interested in learning how to take apart a system image and go as far as changing/manipulating it have wifi tether and root. Anyone have any good suggestions on where to start learning?
I plan to collect what I discover in this thread.
Click to expand...
Click to collapse
You will need a different kernel to work with a 5.1 or 5.0 system image. We cannot flash a kernel with this method yet just system images.

Right, so the only thing we can do are modified "roms" based on stock. Can't flash recovery or kernel since those are on separate partitions.

This tool, yaffy, might be of some help. I'm downloading it now to see if it works...

timmyk465 said:
This tool, yaffy, might be of some help. I'm downloading it now to see if it works...
Click to expand...
Click to collapse
Not going to work. You need to mount an ext4 image which is not what that tool is designed for. I'm currently doing so by using Linux and mounting the image as a loop device. I can create a guide for doing so if there's demand.

Ekkoria said:
Not going to work. You need to mount an ext4 image. I'm currently doing so by using Linux and mounting the image as a loop device. I can create a guide for doing so if there's demand.
Click to expand...
Click to collapse
I'd definitely be interested in a guide. I just wish there was a tool for windows that would work.

You can do it on windows but it's way easier on Linux.
I'm gonna get Linux back up and running and see what I can cook up.

Ekkoria said:
Not going to work. You need to mount an ext4 image which is not what that tool is designed for. I'm currently doing so by using Linux and mounting the image as a loop device. I can create a guide for doing so if there's demand.
Click to expand...
Click to collapse
All I want to do is build a flashable img with a modified hosts file. I've found a guide for mounting the image as a loop (which Ive done....) the issue Im running into is changing permissions to be able to actually edit the file once its mounted.
Guess I'll read more and keep tinkering..

ntxct said:
All I want to do is build a flashable img with a modified hosts file. I've found a guide for mounting the image as a loop (which Ive done....) the issue Im running into is changing permissions to be able to actually edit the file once its mounted.
Guess I'll read more and keep tinkering..
Click to expand...
Click to collapse
Open your file manager as root, then open the file.
---------- Post added at 11:49 PM ---------- Previous post was at 11:44 PM ----------
I wrote up and posted a quick guide (which probably sucks) for this purpose.

Related

Unpack stock System.img?

Hello Moto
I've just downloaded Verizon Jelly Bean 4.1.1 by "Firmware Team".
Just to play with it a little, extract apks and test them on Galaxy SII Skyrocket.
The thing is i'm having a hard time opening system.img.
Now i've tried LinuxReader, Unyaffs and ext2explore/read but none of these can open it, they all say that it's an unrecognized image.
Do you guys know how to properly open a stock moto System.img?
lingowistico said:
Hello Moto
I've just downloaded Verizon Jelly Bean 4.1.1 by "Firmware Team".
Just to play with it a little, extract apks and test them on Galaxy SII Skyrocket.
The thing is i'm having a hard time opening system.img.
Now i've tried LinuxReader, Unyaffs and ext2explore/read but none of these can open it, they all say that it's an unrecognized image.
Do you guys know how to properly open a stock moto System.img?
Click to expand...
Click to collapse
Google for a tool called simg2img (I used the python script that appears in get first few results, there should be other versions as well). That will unpack the image into a plain ext4 image that you can mount with any Linux pc (I recommend using a virtual machine if you have windows or mac).
Happy hacking!
Sent from my XT907
aslomagic, did you try this with the firmware lingowistico is talking about? I also tried before to unpack system.img from this package, and system.img.ext4 from ICS package, and another ICS soft for XT897, and all of them give "Bad magic" error in simg2img. All of those softs are published by the same "Firmware Team" - maybe that's the case? I also tried dsixda kitchen (which also uses simg2img, but anyway...) and it also didn't work. Might be also some custom Motorola's approach to system.img....
Could you possibly help? Thanks.
micx_pl said:
aslomagic, did you try this with the firmware lingowistico is talking about? I also tried before to unpack system.img from this package, and system.img.ext4 from ICS package, and another ICS soft for XT897, and all of them give "Bad magic" error in simg2img. All of those softs are published by the same "Firmware Team" - maybe that's the case? I also tried dsixda kitchen (which also uses simg2img, but anyway...) and it also didn't work. Might be also some custom Motorola's approach to system.img....
Could you possibly help? Thanks.
Click to expand...
Click to collapse
Well, I know for a fact that those images are packed ext4, but I haven't tried specifically with that one.
Now that you mention, I think I remember signed images (like those ones) have some additional header, maybe that needs to be removed with an hex editor, or with dd of you like
If I get a chance, I'll try and report back...
Sent from my XT907
aslomagic said:
Well, I know for a fact that those images are packed ext4, but I haven't tried specifically with that one.
Now that you mention, I think I remember signed images (like those ones) have some additional header, maybe that needs to be removed with an hex editor, or with dd of you like
If I get a chance, I'll try and report back...
Click to expand...
Click to collapse
Ok, I tried, and yes, it complains it cannot find the magic (again, I'm using the python script). I modified the script to look for the magic value in the first 50Mb of the file, and if it finds it, it starts unpacking from there. Python scripts are very easy to play with
It seems to work for me, but I don't have a linux vm handy to see if it mounts correctly (I'm currently on a mac). micx_pl, can you give it a try and let me know?
I had to zip the file even though it's very small because the forum won't let me upload a .py file... who knows, just unzip it.
Holy cow! It works! You're the master I was looking for such solution everywhere, and was stunned to see barely few topics with similar problem, and no solution at all. Thanks!
micx_pl said:
Holy cow! It works! You're the master I was looking for such solution everywhere, and was stunned to see barely few topics with similar problem, and no solution at all. Thanks!
Click to expand...
Click to collapse
You're welcome, glad I could help!
Sent from my XT907
aslomagic said:
Ok, I tried, and yes, it complains it cannot find the magic (again, I'm using the python script). I modified the script to look for the magic value in the first 50Mb of the file, and if it finds it, it starts unpacking from there. Python scripts are very easy to play with
It seems to work for me, but I don't have a linux vm handy to see if it mounts correctly (I'm currently on a mac). micx_pl, can you give it a try and let me know?
I had to zip the file even though it's very small because the forum won't let me upload a .py file... who knows, just unzip it.
Click to expand...
Click to collapse
HOLY $#!+ THANKS!!! I've been trying to decompress the moto images for awhile and have never been able to do it until now
Would it be possible to modify make_ext4fs to re-sparse the image and copy the original signature?
Q9Nap said:
Would it be possible to modify make_ext4fs to re-sparse the image and copy the original signature?
Click to expand...
Click to collapse
You're welcome to try ... my guess is that it could be made to work if the image was an official, originally signed image that was unpacked by the script above or equivalent, but if you want to modify it, re-pack it and re-attach the signature, most likely the signature won't match the content. But I may be wrong, so if somebody is willing to try, best of luck to you
If your goal is just to create a packed image, but not necessarily signed (needs bootloader unlock), then I'd say it's definitely possible, search around here.
aslomagic said:
You're welcome to try ... my guess is that it could be made to work if the image was an official, originally signed image that was unpacked by the script above or equivalent, but if you want to modify it, re-pack it and re-attach the signature, most likely the signature won't match the content. But I may be wrong, so if somebody is willing to try, best of luck to you
If your goal is just to create a packed image, but not necessarily signed (needs bootloader unlock), then I'd say it's definitely possible, search around here.
Click to expand...
Click to collapse
i'm sure you're right about the signature not working on a modified image; it was just wishful thinking. the idea of course would be to inject superuser.apk and su, which wouldn't be necessary on a bootloader unlocked device.
for bootloader unlocked devices though, the ability to repack a modified image does give you another way to build custom roms. here's the code to unpack and repack images with simg2img.py and make_ext4fs:
Code:
mkdir system
./simg2img.py system.img.ext4 system.raw
sudo mount -t ext4 -o loop system.raw system/
#make changes, then:
wc -c system.raw #lists size in bytes of system.raw
sudo make_ext4fs -s -l 1234567890 -a system system.img system/ #where 1234567890 is output from wc -c
sudo umount system
rm -rf system
i've used this proecess with samsung system images, should work for moto images now too (bootloader unlocked, of course)
Yep, it's a good cheat sheet reference
Besides, on razr m and hd at least, you can also use this with safestrap without unlocking the bootloader.
aslomagic said:
Besides, on razr m and hd at least, you can also use this with safestrap without unlocking the bootloader.
Click to expand...
Click to collapse
Not sure what you mean by this; do you mean you could mount a modified system.img with safestrap? I guess it's possible since safestrap uses a system.img on the emmc, interesting idea
Q9Nap said:
Not sure what you mean by this; do you mean you could mount a modified system.img with safestrap? I guess it's possible since safestrap uses a system.img on the emmc, interesting idea
Click to expand...
Click to collapse
Yes, that's what I mean, more or less. You don't need safestrap to just mount it (use the terminal and "mount"), but you can use it to boot from it and try it.
I did this to try the Telstra image that pjcons dumped, which is pre-rooted and not signed (there it's no official signed image to date), and with a few tricks it worked without me having to unlock the bootloader.
Sent from my XT907
aslomagic said:
Google for a tool called simg2img (I used the python script that appears in get first few results, there should be other versions as well). That will unpack the image into a plain ext4 image that you can mount with any Linux pc (I recommend using a virtual machine if you have windows or mac).
Happy hacking!
Sent from my XT907
Click to expand...
Click to collapse
hello, i cant find anything on the basics of how this works, could you point me somewhere that explains it step by step or do one here. sorry of the noob question
TheWhiteChallenger said:
hello, i cant find anything on the basics of how this works, could you point me somewhere that explains it step by step or do one here. sorry of the noob question
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?t=1588461
CNexus said:
http://forum.xda-developers.com/showthread.php?t=1588461
Click to expand...
Click to collapse
Thanks for the link I need to go learn Linux now. Lol I dontbgt the virtual machine thing at all. Its basically a Linux emulator right?
Sent from my XT1080 using XDA Premium 4 mobile app
TheWhiteChallenger said:
Thanks for the link I need to go learn Linux now. Lol I dontbgt the virtual machine thing at all. Its basically a Linux emulator right?
Sent from my XT1080 using XDA Premium 4 mobile app
Click to expand...
Click to collapse
No need to
http://sourceforge.net/projects/androidicsjbext/
CNexus said:
No need to
http://sourceforge.net/projects/androidicsjbext/
Click to expand...
Click to collapse
oh damn it. ok first i do appreciate the help. but that sucked. that was the frist program i tryed and it gives me "unknown file format" have i just been screwing up from the begining?

Req: file - System/bin/debuggerd

Tried updating from 4.2.1 to 4.2.2.
But assert check failed returning above file in results. Somehow it's been modified. No idea when and how.
Anyone running 4.2.1, could you please provide me this file.
Thanks in anticipation.
Sent from my Nexus 7 using Tapatalk HD
gurudev32 said:
Tried updating from 4.2.1 to 4.2.2.
But assert check failed returning above file in results. Somehow it's been modified. No idea when and how.
Anyone running 4.2.1, could you please provide me this file.
Thanks in anticipation.
Sent from my Nexus 7 using Tapatalk HD
Click to expand...
Click to collapse
I have the exact same issue!
Here is the list of only apps with root access in my tab.
Carbon - App backup and restore, Solid explore, Stick mount, SuperSU, System tuner pro and Terminal Emulator.
Thought to seek out the culprit!
Sent from my Nexus 7 using Tapatalk HD
https://dl.dropbox.com/u/17326185/debuggerd
MD5: B59443115C4181F49A57C1290EE3225B
https://dl.dropbox.com/u/17326185/build.prop
MD5: D9D1855E0C90049DC410A4406B802259
Pulled this from the 4.2.1 factory image. I seem to have got past the debuggerd error message now (though I need to revert my build.prop entirely, apparently).
Included build.prop (not yet tested) from 4.2.1 image too.
Working for me and now running 4.2.2.
At your own risk, yadda yadda, not responsible for explosions or anything less terrible, blah blah.
FWIW, I had been using Stickmount and superSU.
PhoenixTank said:
Pulled this from the 4.2.1 factory image. I seem to have got past the debuggerd error message now (though I need to revert my build.prop entirely, apparently).
Included build.prop (not yet tested) from 4.2.1 image too.
Working for me and now running 4.2.2.
At your own risk, yadda yadda, not responsible for explosions or anything less terrible, blah blah.
FWIW, I had been using Stickmount and superSU.
Click to expand...
Click to collapse
Thanks Now 'm on 4.2.2
In the future, If you want to pull arbitrary file(s) from Google N7 factory images, a useful skill set is to figure out how to use "sim2img" utility and loopback mounts (Windows need not apply).
Those system.img files shipped by Google are "sparse ext4 images" - they can not be directly mounted as a loopback, but that's where the "sim2img" utility comes in
The sequence goes like this:
- use sim2img to convert Google image file to regular ext4 image file
- loopback mount reg. image file
- grab whatever files you want (and check user/GRP ownership & modes)
It really is just that easy.
The "sim2img" utility is part of the android ext4_utils toolset. See this XDA thread from the Galaxy S forums for more details. (Yes the N7 system.img files from Google are also in this format.)
cheers
PhoenixTank said:
https://dl.dropbox.com/u/17326185/debuggerd
MD5: B59443115C4181F49A57C1290EE3225B
https://dl.dropbox.com/u/17326185/build.prop
MD5: D9D1855E0C90049DC410A4406B802259
Pulled this from the 4.2.1 factory image. I seem to have got past the debuggerd error message now (though I need to revert my build.prop entirely, apparently).
Included build.prop (not yet tested) from 4.2.1 image too.
Working for me and now running 4.2.2.
At your own risk, yadda yadda, not responsible for explosions or anything less terrible, blah blah.
FWIW, I had been using Stickmount and superSU.
Click to expand...
Click to collapse
How to make it? and i will lose all data? thanks
TheRejzo said:
How to make it? and i will lose all data? thanks
Click to expand...
Click to collapse
Big thanks.
Replacing the debuggerd file allowed twrp to load the 4.2.2 update.
Also interesting, other than titanium, the only other root app on this device is Stickmount.
Did not work for me ...
I have a N7 3G and the same message when trying to update. Replaced mine with the one from the download, no change, same error.
diba320 said:
Did not work for me ...
I have a N7 3G and the same message when trying to update. Replaced mine with the one from the download, no change, same error.
Click to expand...
Click to collapse
First of all, thanks a lot to PhoenixTank who provides me the solution. :good:
In fact to make it work, I had to change the permissions allowed on that file named "debuggerd", I checked what permissions were allowed on the original file and do the same on the copied one. I did it with ES explorer in root mod.
TheRejzo said:
How to make it? and i will lose all data? thanks
Click to expand...
Click to collapse
You'd need to backup and rename the existing debuggerd then move/copy the 4.2.1 debuggerd file to /system/bin/
Then match the permissions of the old debuggerd (I think it was 644, but I wouldn't swear by it).
The OTA zip should actually go through after that, or at least tell you about a new file you need to fix. You shouldn't lose any data, but you should probably clear cache and dalvik cache.
I did most of this via adb shell, but there are root file managers that can help. If you aren't confident about doing this and how it works, my posting was not really for you. Strongly suggest reading up until you feel confident before you start changing things around in the system partition.
diba320 said:
Did not work for me ...
I have a N7 3G and the same message when trying to update. Replaced mine with the one from the download, no change, same error.
Click to expand...
Click to collapse
Unfortunately the 3G version is different to the Wifi Nexus 7, and as you've found, the files will not work.
Since I posted, Google pulled the 4.2.1 factory images from the download site - I'm not really in a good position to help you here.
The 4.2.2 factory image might be of more use if you can't source the 3G specific files. i.e. flash the new factory image.
Had this same problem. Will try solution tomorrow morning. Probably will download the links rather than trying to extract them myself (though I may leave that for a later exercise).
Would like to note that I also use StickMount as well as SixAxis Controller, Wifi Key Recovery, AppSync and LMT Launch err.
Seems like stick mount is the common one though.
Sent from my Nexus 7 using xda app-developers app
PhoenixTank said:
https://dl.dropbox.com/u/17326185/debuggerd
MD5: B59443115C4181F49A57C1290EE3225B
https://dl.dropbox.com/u/17326185/build.prop
MD5: D9D1855E0C90049DC410A4406B802259
Pulled this from the 4.2.1 factory image.
Click to expand...
Click to collapse
bftb0 said:
In the future, If you want to pull arbitrary file(s) from Google N7 factory images, a useful skill set is to figure out how to use "sim2img" utility and loopback mounts (Windows need not apply).
Those system.img files shipped by Google are "sparse ext4 images" - they can not be directly mounted as a loopback, but that's where the "sim2img" utility comes in
The sequence goes like this:
- use sim2img to convert Google image file to regular ext4 image file
- loopback mount reg. image file
- grab whatever files you want (and check user/GRP ownership & modes)
It really is just that easy.
The "sim2img" utility is part of the android ext4_utils toolset. See this XDA thread from the Galaxy S forums for more details. (Yes the N7 system.img files from Google are also in this format.)
cheers
Click to expand...
Click to collapse
Thanks guys
Those 2 files worked.
I got past "Verifying current system" and am now on 4.2.2.
I wanted to try to get the files myself as an exercise but Google pulled the 4.2.1 images from their website.
What is weird... is that I noticed a /system/bin/debuggerd.bak file that I didn't make myself, don't know what did (though StickMount seems to be the current suspect).
The weird thing is that debuggerd and debuggerd.bak were exactly the same.
FunkyELF said:
I wanted to try to get the files myself as an exercise but Google pulled the 4.2.1 images from their website.
Click to expand...
Click to collapse
oldblue910 (OP of the OTA thread) has got you covered. Select the link on the rhs of the page as appropriate for your device (nakasi/nakasig)
cheers
I want to do this, but I can't find the system/bin folder, what root explorer apps do you guys use?
EDIT: Used Total Commander, copied the permissions from old file to new and voilah! It worked.
No need to download build prop.
Now I am on 4.2.2
EDIT 2: Now WiFi only says SAVED and not CONNECTED.
Just want to say THANK YOU!! I've been researching this error since Friday and finally found the solution here! And yes, I too have Stickmount!
Rody2k6 said:
I want to do this, but I can't find the system/bin folder, what root explorer apps do you guys use?
EDIT: Used Total Commander, copied the permissions from old file to new and voilah! It worked.
No need to download build prop.
Now I am on 4.2.2
EDIT 2: Now WiFi only says SAVED and not CONNECTED.
Click to expand...
Click to collapse
Can only recommend that you clear cache and dalvik cache. I have not experienced Wifi issues since the update.
To anyone I've helped, you are very welcome and I appreciate those thanks clicks too.
bftb0 said:
In the future, If you want to pull arbitrary file(s) from Google N7 factory images, a useful skill set is to figure out how to use "sim2img" utility and loopback mounts (Windows need not apply).
Those system.img files shipped by Google are "sparse ext4 images" - they can not be directly mounted as a loopback, but that's where the "sim2img" utility comes in
The sequence goes like this:
- use sim2img to convert Google image file to regular ext4 image file
- loopback mount reg. image file
- grab whatever files you want (and check user/GRP ownership & modes)
It really is just that easy.
The "sim2img" utility is part of the android ext4_utils toolset. See this XDA thread from the Galaxy S forums for more details. (Yes the N7 system.img files from Google are also in this format.)
cheers
Click to expand...
Click to collapse
can i do the reverse ? i.e. ext4 partition back to flashable img ?
that way it would be easier to root as I just need to dump a copy of su into it then flash.
And for Windows, just get oracle virtualbox(or your favorite VM, even virtual PC should work) and boot a copy of debian
chimpanzeexda said:
can i do the reverse ? i.e. ext4 partition back to flashable img ?
that way it would be easier to root as I just need to dump a copy of su into it then flash.
And for Windows, just get oracle virtualbox(or your favorite VM, even virtual PC should work) and boot a copy of debian
Click to expand...
Click to collapse
Yes. I did exactly the same thing, but for 4.2.1. Guess I need to repeat it now for 4.2.2. Note in this case "flashable" means the fastboot way (as with the Factory ROM flashes), not via custom recovery.
Uhh let's see - the script tool used for re-packing is ./mkuserimg.sh - see the links I provided above
I need some help... I'm rather noobie. Had issue with upgrading to 4.2.2 so copied the debuggerd and build.prop files over to the system/bin directory. Still failed to upgrade. Tried it again today and now the N7 will not boot up. I can see it's on but it just stops at a blank screen. I have stock 4.2.1 w/root. Stock bootloader. I'm thinking its refusing to boot because I forgot to change the file permissions on the debuggerd file but not sure how to try and fix it. Please advise...
UPDATE: Managed to flash the system partition for 4.2.2 so hoping I'm good to go. Asked this question in another post but is it necessary to update any of the other partitions?

MoFo Root for Moto X 2013 4.4.4 is Coming - Need Help Making Rooted system.img file

So the DT 4.4.4 has root now, but it does not turn off write protection. It is a different kind of root in that what it lets you do is flash a pre-rooted system image (system.img). So you have to make any mods to the image BEFORE you flash, which is not something your average joe or joette knows how to do.
But for me at least, the Moto X didn't need much modding, just Xposed with Gravity Box, Root Cloaker and Moto Tether.
I have a Dev Ed so I don't need this exploit but I did pull all of the system images from my rooted Dev Ed. The only thing I don't know how to do is to put those into a flashable image file. Does anyone here know how to do that?
I also have the TWRP ext4 system file if that helps.
JulesJam said:
So the DT 4.4.4 has root now, but it does not turn off write protection. It is a different kind of root in that what it lets you do is flash a pre-rooted system image. So you have to make any mods to the image BEFORE you flash, which is not something your average joe or joette knows how to do.
But for me at least, the Moto X didn't need much modding, just Xposed with Gravity Box, Root Cloaker and Moto Tether.
I have a Dev Ed so I don't need this exploit but I did pull all of the system images from my rooted Dev Ed. The only thing I don't know how to do is to put those into a flashable image file. Does anyone here know how to do that?
I also have the TWRP ext4 system file if that helps.
Click to expand...
Click to collapse
thats not a boot unlock and not a write protection disable ... its just ability to install rooted custom system img ....... i think
Javajohn said:
thats not a boot unlock and not a write protection disable
Click to expand...
Click to collapse
Yes I know what it is.
Javajohn said:
... its just ability to install rooted custom system img ....... i think
Click to expand...
Click to collapse
Yes that is what I said it is.
Do you know how I can use the files I have from the system dump and TWRP nandroid ext4 file to create a flashable rooted system.img? That is what I am asking.
JulesJam said:
...
Do you know how I can use the files I have from the system dump and TWRP nandroid ext4 file to create a flashable rooted system.img? That is what I am asking.
Click to expand...
Click to collapse
edit: I misunderstood the question. Of course a CWM/TWRP flashable .zip is not a fastboot flashable system.img...
I'll 'take a stab at this'. I've done it a few times... (I'm sure there is a better guide, but I didn't attempt to find it...) You asked - please don't blame (or hate) me if I help you brick your phone... If you only modify /system, you should be able to restore using CWM/TWRP.
First, find a CWM/TWPR flashable .zip to use it's /META-INFO/ directory as a template. It's best to use a .zip made for your model (so the system mount and format work), and if you can find one for your android version even better. (Do not use an OTA .zip for this template.)
This template will likely [at least] do the following in the "/META-INFO/com/google/android/updater-script" script:
1) mount /system
2) format /system
3) copy /system directory from .zip (need to replace this directory)
4) create symlinks (might need work)
5) set permissions (probably needs work)
If you are only working on /system, then you should remove all superfluous sections (like flashing boot or the modem.)
So, first you need to prepare your new /system: In linux, take your dumped (or backup) /system and copy it to a new /system directory without symlinks. Now you have the new /system for your new flashable .zip
Then you need to modify the "updater-script" script and handle the creation of the symlinks. The easiest way to find this part of the script is locate a flashable zip (or OTA) that patches to your current model/android version. This will handle the bulk of the symlinks.
Next you need to handle the permissions in the "updater-script" script. The aforementioned .zip will also have the permissions scripted, but the root files may not be handled properly. You can find those script commands in a modern flashable zip with root 'baked in.'
Finally take your new /system and new "updater-script" and dump them in your template.... BACKUP (copy off phone) and test.
Good luck...
Ctrl-Freak said:
I'll 'take a stab at this'. I've done it a few times... (I'm sure there is a better guide, but I didn't attempt to find it...) You asked - please don't blame (or hate) me if I help you brick your phone... If you only modify /system, you should be able to restore using CWM/TWRP.
Click to expand...
Click to collapse
Yeah, I am not worrying about a brick as I can wipe my OS entirely and still get into bootloader and recovery so all is good.
Ctrl-Freak said:
First, find a CWM/TWPR flashable .zip to use it's /META-INFO/ directory as a template.
Click to expand...
Click to collapse
My TWRP nandroid of the rooted 4.4.4 system has a meta-info folder with 3 files in it - manifest.mf, cert.sf and cert.rsa.
Ctrl-Freak said:
/META-INFO/com/google/android/updater-script
Click to expand...
Click to collapse
What is this?
Ctrl-Freak said:
So, first you need to prepare your new /system: In linux, take your dumped (or backup) /system and copy it to a new /system directory without symlinks. Now you have the new /system for your new flashable .zip
Click to expand...
Click to collapse
Guess I need to learn what a symlink is first, lol!
JulesJam said:
My TWRP nandroid of the rooted 4.4.4 system has a meta-info folder with 3 files in it - manifest.mf, cert.sf and cert.rsa. !
Click to expand...
Click to collapse
I did not mean your nandroid. Find a flashable zip (made for your device/version) by someone to flash a [custom] ROM. If it flashes a ROM for your device/version, it should be a good starting point.
I looked under xda -> droid turbo and this was the only ROM I found: http://forum.xda-developers.com/dro.../moto-maxx-xt1225-cm12-0-pre-release-t3060089 It says it is for a Moto Maxx xt1225, but again it is only a template, and it might be close.
/META-INFO/com/google/android/updater-script is a text based script that controls what/how CWM / TWRP flashes. AFAIK it is within all flashable zips.
Ctrl-Freak said:
I did not mean your nandroid. Find a flashable zip (made for your device/version) by someone to flash a [custom] ROM. If it flashes a ROM for your device/version, it should be a good starting point.
Click to expand...
Click to collapse
OK thanks, I am doing this for the Moto X 2013, not DT.
Ctrl-Freak said:
/META-INFO/com/google/android/updater-script is a text based script that controls what/how CWM / TWRP flashes. AFAIK it is within all flashable zips.
Click to expand...
Click to collapse
got it.
If this is successful, would there be a way to do it on the AT&T Moto 2013 running 4.4.4?
Sent from my XT1058 using XDA Free mobile app
hexbox117 said:
If this is successful, would there be a way to do it on the AT&T Moto 2013 running 4.4.4?
Click to expand...
Click to collapse
yes, if someone has a GSM Moto X Dev Ed. I don't.
JulesJam said:
yes, if someone has a GSM Moto X Dev Ed. I don't.
Click to expand...
Click to collapse
And would we be able to use Xposed?
Sent from my XT1058 using XDA Free mobile app
hexbox117 said:
And would we be able to use Xposed?
Click to expand...
Click to collapse
Someone has to create a pre-rooted system image with Xposed installed. I think you can then add modules as long as you only do soft reboots. If you do hard reboots, you lose the modules as write protection is still on.
But someone could make a pre-rooted system image with Xposed and the modules you want installed, then it would survive hard reboots AFAIK.
I am still working on how to make a pre-rooted flashable system image, lol!
JulesJam said:
Someone has to create a pre-rooted system image with Xposed installed. I think you can then add modules as long as you only do soft reboots. If you do hard reboots, you lose the modules as write protection is still on.
But someone could make a pre-rooted system image with Xposed and the modules you want installed, then it would survive hard reboots AFAIK.
I am still working on how to make a pre-rooted flashable system image, lol!
Click to expand...
Click to collapse
Interesting. I think you should take a look at this, it sounds like it could be better than what you're trying to accomplish.
http://forum.xda-developers.com/showthread.php?p=59702152
Sent from my XT1058 using XDA Free mobile app
hexbox117 said:
Interesting. I think you should take a look at this, it sounds like it could be better than what you're trying to accomplish.
http://forum.xda-developers.com/showthread.php?p=59702152
Sent from my XT1058 using XDA Free mobile app
Click to expand...
Click to collapse
That was discussed on the DT forums, there is a problem with that on 4.4.4.
For now, the only hope is maiko1's exploit on 4.4.4.
JulesJam said:
That was discussed on the DT forums, there is a problem with that on 4.4.4.
For now, the only hope is maiko1's exploit on 4.4.4.
Click to expand...
Click to collapse
I'm not familiar with what the exploit is. Do you think you could explain it or link me to his post?
Sent from my XT1058 using XDA Free mobile app
hexbox117 said:
I'm not familiar with what the exploit is. Do you think you could explain it or link me to his post?
Click to expand...
Click to collapse
http://forum.xda-developers.com/general/paid-software/mofo-root-turbo-t3064404
So far, it is for the DT only. I want to test it on the Moto X 2013 and then the Moto X 2014. But first, a pre-rooted flashable system.img needs to be created for the Moto X 2013.
JulesJam said:
OK thanks, I am doing this for the Moto X 2013, not DT.
Click to expand...
Click to collapse
If you modify the updater-script to remove the flashing of the kernel (below), then this .zip should be perfect for your testing pleasure:
http://forum.xda-developers.com/moto-x/development/rom-krypton-v1-2-v1-3b1-6-9-2014-t2716657 (download 4.4.4 Krypton v1.4.1 )
Remove this line:
Code:
package_extract_file("boot.img", "/dev/block/platform/msm_sdcc.1/by-name/boot");
Good testing...
Ctrl-Freak said:
If you modify the updater-script to remove the flashing of the kernel (below), then this .zip should be perfect for your testing pleasure:
http://forum.xda-developers.com/moto-x/development/rom-krypton-v1-2-v1-3b1-6-9-2014-t2716657 (download 4.4.4 Krypton v1.4.1 )
Remove this line:
Code:
package_extract_file("boot.img", "/dev/block/platform/msm_sdcc.1/by-name/boot");
Good testing...
Click to expand...
Click to collapse
Thanks, I took a look at the Eclipse Moto X, which is 4.4.4 kitkat based.
http://forum.xda-developers.com/moto-x/development/rom-eclipse-moto-x-v3-2-2-4-4-2-blur-t2521509
But now that I am thinking about it, do these custom ROMs need specific kernels or can you just flash the system w/o flashing the kernel? I guess I will try it and see what happens.
If someone will give me a detailed instruction how to flash a pre-rooted firmware with xposed installed I will try to do so on my AT&T XT1053
RabbitRu said:
If someone will give me a detailed instruction how to flash a pre-rooted firmware with xposed installed I will try to do so on my AT&T XT1053
Click to expand...
Click to collapse
You have to pay $20 to get set up with the exploit, but for now, the guy is only doing Droid Turbos. It is on the paid software forum.
I am trying to see if the exploit works on the Moto X. The dev needs to get back to me but first, I need to try to create a pre-rooted system image.
JulesJam said:
You have to pay $20 to get set up with the exploit, but for now, the guy is only doing Droid Turbos. It is on the paid software forum.
I am trying to see if the exploit works on the Moto X. The dev needs to get back to me but first, I need to try to create a pre-rooted system image.
Click to expand...
Click to collapse
I don't think it will work on the 2013 X... see -> http://forum.xda-developers.com/mot...e-protection-motowpnomo-t2551113/post59731261
And remember, Beaups had an hand in the root exploit and tool for the Droid Turbo along with Jcase... So if Beaups says no, it wont help the 2013 X with 4.4.4, its a pretty sure bet that it wont.

Modify the system partition on Android Nougat?

Hi all,
has anyone been able to do this? Following the guide here, no longer works for Android N. The phone boots, but ignores all changes to system. How do I modify both build.prop and hosts? It seems that there are now possibly two system partitions?
Thanks!
Same issue on Nexus 5X
No answer on this? How is it that nobody else seems to be having this issue?
What I've done
It looks to me like everyone has moved to systemless and the /system partition cannot be adequately modified in this way anymore.
Maybe this will help others:
I was modifying the system directory for two reasons: 1. modify /system/etc/hosts to remove ads and modifying build.prop to increase lcd.density. I found that here are the alternatives for each:
Removing Ads
Using something similar to AdAway_systemless_hosts_v2.zip (google it for a copy) and modifying the hosts file in that zip file to be the one I use (and rezipping, deploying on the Android device). This basically mounts over /system/etc/hosts with a custom hosts file instead of actually modifying the system specific hosts file which is no longer writable.
The alternative is to use Netguard which routes non https network traffic through a private VPN where you can block ads according to a hosts file. This seems to work OK, but I have noticed that websites seem to take longer to load.
Modifying lcd.density
You can use the same trick as AdAway_systemless_hosts_v2.zip uses, but modify it to also mount a modified copy of build.prop. Alternatively just use the Android N Display settings that are small (what I did anyhow).
I have been able to edit build.prop and still maintain systemless root.
Sent from my Nexus 6P using XDA-Developers mobile app
I was able to modify my system partition; by installing busy box to /su/xbin and running "su busybox mount -o rw,remount system" (no quotes) in material terminal with root
ArminasAnarion said:
I was able to modify my system partition; by installing busy box to /su/xbin and running "su busybox mount -o rw,remount system" (no quotes) in material terminal with root
Click to expand...
Click to collapse
Have you been able to do this with simply fastboot boot <twrp-image>, mounting system in rw mode and modifying it? I did that as I didn't want to root the phone, and while it looks like it did the write, it does not affect the system partition that is used by the phone after boot. I think there are two system partitions, and twrp mounts only one in rw mode. It does seem like it may be possible to do what you say using adb though after the phone is fully booted up. I'll try that!
dontblinkwatchout said:
Have you been able to do this with simply fastboot boot <twrp-image>, mounting system in rw mode and modifying it? I did that as I didn't want to root the phone, and while it looks like it did the write, it does not affect the system partition that is used by the phone after boot. I think there are two system partitions, and twrp mounts only one in rw mode. It does seem like it may be possible to do what you say using adb though after the phone is fully booted up. I'll try that!
Click to expand...
Click to collapse
I had the same problem. I don't want to root but I do make a few changes to my /system partition through adb in recovery such as the hosts file and some font files (namely the Emoji font file). I had modified stock boot image to not enforce encryption. I would boot back up into the system and couldn't see any changes made. The only thing I found that worked was installing a custom kernel (I use ElementalX). After that, changes I made to /system in TWRP were reflected in the OS. I don't know enough about kernel development to understand why on (mostly) stock kernel my changes couldn't be seen but on a custom one they were.
I never had this "problem" prior to Nougat.
Same issue here. Something has changed with how this is handled in Nougat.
I don't want to root just to overwrite the hosts file...
I'll keep debugging but my capability in this is definitely limited!
I use a similar approach as described in the OP's linked guide except I use my own recovery image that I compiled as an engineering build from source, and I am also experiencing the same behavior. Modifying the hosts file seems to have no impact on the system though the changes persist. Comparing the host file I installed and the host file from the latest Nexus 5X image with 'ls -lZ' the SELinux info looks to be the same. The only information that appears to differ is the modified date and one additional line in the file itself for testing. I thought I was doing something wrong with my hosts file, even though I have been using this approach since Android 6.0. However, I agree, it appears that changes to system are being ignored. Further, changing the system partition no longer shows the red warning at boot about the system being corrupted.
---------- Post added at 09:58 PM ---------- Previous post was at 09:38 PM ----------
DanRyb;68654939 I would boot back up into the system and couldn't see any changes made.[/QUOTE said:
Oooh. You're right. Neither /etc/hosts or /system/etc/hosts is modified in the booted OS after I modify it from live image, but the change is retained when I reboot into live image and mount system. Hmm, so either:
1) Need to figure out where the the system files are being loaded from and modify them from live image if possible
2) Use a mechanism similar to what dontblinkwatchout described AdAway is using of having a custom mount setup (have to reverse engineer AdAway I guess to see what it's doing)
3) ?
Click to expand...
Click to collapse
There's absolutely no way to modify or mount system partition r+w unless you disable dm-verity
Enviado desde mi Nexus 6P mediante Tapatalk
alexiuss said:
There's absolutely no way to modify or mount system partition r+w unless you disable dm-verity
Enviado desde mi Nexus 6P mediante Tapatalk
Click to expand...
Click to collapse
dm-verity has been around since Android 4.4. Are you saying there is something new around this in Android 7.0?
You can modify the system partition by compiling an engineering build of Android and booting it, then mounting the system partition and modifying it. I've been doing this to update the hosts file since Android 6.0 for every OTA update (since more recently OTA updates bomb out unless you reflash the clean "uncorrupted" system.img first). Changing the system image before Android 7.0 did result in an extra screen with a red warning about a corrupted something or other (I'm sure because dm-verity checking failed). Regardless, you can still change the system partition, the information just no longer seems to be used, which is a bit perplexing to me atm.
crashenx said:
dm-verity has been around since Android 4.4. Are you saying there is something new around this in Android 7.0?
Click to expand...
Click to collapse
Android 7.0 introduced redundant bits for reed solomon forward error correction into the system and vendor partitions and code in the kernel to perform the error correction.
Your changes are being written to emmc but when you boot with 7.0 kernel with dm-verity enabled your changes are being treated as data corruption and on-the-fly error corrected back to original.
You can see your changes if you boot into twrp because it has dm-verity disabled. However if you boot into android with dm-verity enabled it will look like original image again even though your changes are technically still there.
It took me a day to figure out what was really going on because i initially had no idea they added this feature to Android N.
The simple way to disable dm-verity is to install SuperSU, but you can also accomplish the same patching your own kernel, installing pre-patched kernel, installing custom kernel, etc.
sfhub said:
Android 7.0 introduced redundant bits for reed solomon forward error correction into the system and vendor partitions and code in the kernel to perform the error correction.
Your changes are being written to emmc but when you boot with 7.0 kernel with dm-verity enabled your changes are being treated as data corruption and on-the-fly error corrected back to original.
You can see your changes if you boot into twrp because it has dm-verity disabled. However if you boot into android with dm-verity enabled it will look like original image again even though your changes are technically still there.
It took me a day to figure out what was really going on because i initially had no idea they added this feature to Android N.
The simple way to disable dm-verity is to install SuperSU, but you can also accomplish the same patching your own kernel, installing pre-patched kernel, installing custom kernel, etc.
Click to expand...
Click to collapse
That's good info and makes total sense. Thanks! Pretty neat actually, just a bummer for me.
Yeah so SuperSU path is not really one I want to pursue. I could learn how to update the dm-verity shas used for verification. That'd probably be the most secure, but it's gonna be a PITA I bet. I imagine I'd need to compile my own image similar to how I made my live image and update a few things. Might have to deal with encryption which is probably an even bigger headache. Also, I bet it would break OTA and have to reflash to update, though that's true now.
I'm really curious what AdAway is doing. Maybe I should pursue reverse engineering that.
I really appreciate you pointing us in the right direction.
I am glad found this thread..willing to assist here without permanent root..
Ericarthurc said:
I was able to modify my system partition; by installing busy box to /su/xbin and running "su busybox mount -o rw,remount system" (no quotes) in material terminal with root
Click to expand...
Click to collapse
I was trying to create a /system/xbin/post-boot but couldn't remount /system, and so I added busybox to the front of my command. I am not using adb so I cut that part off. Thanks a lot!

persistant changes to hosts file following reboot?

Hi everyone. I'm scratching my head here and struggling to find a solution that doesn't require root.
I've got a hosts file that I love as it blocks nearly all advert servers on my phone.
I know there are several adblocking apps but they all require root.
I have had to remove root as I have some critical apps that still don;t work, even after hiding magisk from the apps within the Magisk Manager.
I've got a magisk patched image that I can "fastboot boot" with and can edit the hosts file (after remounting /system as rw) but when I then reboot afterwards, the hosts file has been overwritten.
Can anyone help me please or give me a pointer of how to make the hosts edits remain following a reboot?
edit2add
I am using stock ROM with latest August patches on my Mi A1
You can't without root even if you do it your system partition will be modified and it will result in phone not booting or just safetynet won't pass.
Use a vpn or I'm pretty sure there's app that can fake a vpn with a ad ban list
Dead-neM said:
You can't without root even if you do it your system partition will be modified and it will result in phone not booting or just safetynet won't pass.
Use a vpn or I'm pretty sure there's app that can fake a vpn with a ad ban list
Click to expand...
Click to collapse
Interesting idea regarding spoof VPN.
Do you know how the hosts file is generated? If it's copied over from somewhere during boot then could I edit the source file it's copied from?
If it's generated procedurally, might I be able to script it to add my edits during creation?
wodgey said:
Interesting idea regarding spoof VPN.
Do you know how the hosts file is generated? If it's copied over from somewhere during boot then could I edit the source file it's copied from?
If it's generated procedurally, might I be able to script it to add my edits during creation?
Click to expand...
Click to collapse
System partition ? so that's a good idea but you'll have to compile a rom to change this file. On Linux distro the host file is a thing you can modify easily. On android it's just deprecated by google as it's use mostly used as an adfilter. And google is an ad company. That's my guess.
Anyway host file will always need root even on Linux.
Simply because it can be used against you.
The problem is more on apps that blocks you because you're rooted than being rooted for changing this file.
If any app could modify host then bang you go to YouTube and it redirect you to something else.
Maybe for you it's just an adblock file but it's a little more than that.
So sorry but it's root or vpn.
Dead-neM said:
System partition ? so that's a good idea but you'll have to compile a rom to change this file. On Linux distro the host file is a thing you can modify easily. On android it's just deprecated by google as it's use mostly used as an adfilter. And google is an ad company. That's my guess.
Anyway host file will always need root even on Linux.
Simply because it can be used against you.
The problem is more on apps that blocks you because you're rooted than being rooted for changing this file.
If any app could modify host then bang you go to YouTube and it redirect you to something else.
Maybe for you it's just an adblock file but it's a little more than that.
So sorry but it's root or vpn.
Click to expand...
Click to collapse
So? Could I possibly extract the system.img from the stock ROM, make the edits there and then recompile?
(I've got a copy of payload.bin that I extracted a few weeks ago, when trying to flash the August security patches (this was before I did a compete flash of stock ROM using fastboot)
That actually seems like it wouldn't take too much effort
wodgey said:
So? Could I possibly extract the system.img from the stock ROM, make the edits there and then recompile?
(I've got a copy of payload.bin that I extracted a few weeks ago, when trying to flash the August security patches (this was before I did a compete flash of stock ROM using fastboot)
That actually seems like it wouldn't take too much effort
Click to expand...
Click to collapse
This will lead to a corrupt system partition modified. As i said the worse thing is you could not boot and the good just won't pass safetynet.
Dead-neM said:
This will lead to a corrupt system partition modified. As i said the worse thing is you could not boot and the good just won't pass safetynet.
Click to expand...
Click to collapse
Ok I understand.
How does the device 'know' that the system partition is corrupt? Does it perform a hash check perhaps?
How would compiling my own custom ROM avoid this same problem?
wodgey said:
Ok I understand.
How does the device 'know' that the system partition is corrupt? Does it perform a hash check perhaps?
How would compiling my own custom ROM avoid this same problem?
Click to expand...
Click to collapse
It does many thing to know that its have been touched. You'll have to modify some stuff and it will work. You'll loose certification but you'll have you own rom.
Dead-neM said:
It does many thing to know that its have been touched. You'll have to modify some stuff and it will work. You'll loose certification but you'll have you own rom.
Click to expand...
Click to collapse
Any chance you can outline the other stuff I'd need to change?
If it's really in-depth then don't worry but if it's just a few bullet-points that I can Google more info on, I'd appreciate it.
wodgey said:
Any chance you can outline the other stuff I'd need to change?
If it's really in-depth then don't worry but if it's just a few bullet-points that I can Google more info on, I'd appreciate it.
Click to expand...
Click to collapse
Search "dm-verity" and "safetynet". The first one is what will look at any r/o partition like system and kernel. It's been a long time since i dig into this. I'm not into this anymore.
But You can disable it but you'll loose safetynet, encrypted partition etc... (i may be wrong but you got the idea). And safetynet look if partition have been modified and you are a certified device if it won't pass the banking app and apps like Pokemon go etc won't work.
Magisk hide the fact that the kernel img have been touch and most app that detect it detect just the app itself. That means magisk capability (su, hide and module)
So you could maybe compile stock rom with a custom host file. Never touch vendor partition! Make a backup before! By booting and not flashing twrp. Do not flash twrp just use the "fastboot boot command"
You'll need to make a custom kernel and system img to flash in order to do it.
I'll try to do a rom without anything modded except kernel without dm verity and system with your host and i guess it needs change too.
I dunno if it will pass safetynet after.
Just don't brick your phone ?
Keep in mind that you'll loose ota. There's a chance that the rom work with just some changes but i can be a mess to do.
Why not trying a custom rom like lineage os?
Using their supersu zip won't you be able to replace the host file then remove root?
Once you make a backup a move it to a pc as a savestate. You are free to try different solution
Dead-neM said:
Search "dm-verity" and "safetynet". The first one is what will look at any r/o partition like system and kernel. It's been a long time since i dig into this. I'm not into this anymore.
But You can disable it but you'll loose safetynet, encrypted partition etc... (i may be wrong but you got the idea). And safetynet look if partition have been modified and you are a certified device if it won't pass the banking app and apps like Pokemon go etc won't work.
Magisk hide the fact that the kernel img have been touch and most app that detect it detect just the app itself. That means magisk capability (su, hide and module)
So you could maybe compile stock rom with a custom host file. Never touch vendor partition! Make a backup before! By booting and not flashing twrp. Do not flash twrp just use the "fastboot boot command"
You'll need to make a custom kernel and system img to flash in order to do it.
I'll try to do a rom without anything modded except kernel without dm verity and system with your host and i guess it needs change too.
I dunno if it will pass safetynet after.
Just don't brick your phone ?
Keep in mind that you'll loose ota. There's a chance that the rom work with just some changes but i can be a mess to do.
Why not trying a custom rom like lineage os?
Using their supersu zip won't you be able to replace the host file then remove root?
Once you make a backup a move it to a pc as a savestate. You are free to try different solution
Click to expand...
Click to collapse
Thanks for info I'll investigate later in the week when I have more time. Monday has arrived too quickly!
Appreciated though

Categories

Resources