I have a Meizu M3 phone, which can be rooted only in older firmware versions using the "normal" meizu procedures.
As it is very easy to downgrade versions (back to an older "rooteable" one - 5.1.4.0), I've made my mind in doing some tests.
I've decide to give a try to flashfire to help me go from a rooted (but older) firmware version into a new version without loosing root:
I've choose the update.zip file of a newer version (5.6.8.30), configured everRoot to inject SuperSU into system and tried 2 approaches:
with and without mounting system R/W.
In both approaches the system is upgraded.
su is available in shell (# sign, after calling it).
But the system is NOT really rooted - tools complaining about no root, ES Explorer can't recognize the root, flashfire stays forever waiting for root access, and so on ....
Also, when trying to mount system as RW fails:
su
mount -o rw,remount /system
"Operation not permitted"
I ask the forum for suggestions:
Is there any suggestion with flashfire to help-me update versions without loosing root ?
Alternatively, should I repack update.zip removing both boot.img and recovery.img (editing also the update script) ?
Two possibilities:
1. setuid bit is not set for su. fire up a terminal, run
Code:
ls -al `which su`
and post the result.
2. there is a SELinux issue. this is more complicated...
Related
This question originally got posted on the relevant thread in the Android dev forum, but didn't get any replies so am trying it here in hope....I'm looking for advice on what I can try next which would be safe to try.
I installed and ran the Google Nexus 7 TOOLKIT V4.0.0, but the root failed (and I was also unable to backup the ROM, probably because the root failed). I did the following using the toolkit:
- unlocked the bootloader
- tried rooting using the SuperSU Method (I'm running build JOP40D on a brand new tablet
- got the "downloading boot.img" message (OK), and it rebooted
- did the Android setup after the reboot
- selected USB debugging mode - the tablet rebooted.
During the above process I noticed the message "remount failed: operation not permitted" amongst a stream of other messages.
The subsequent install of BusyBox also failed, with the following messages amongst others:
Code:
Setting permissions..
Unable to chmod /system/xbin/su: No such file or directory
Unable to chmod /system/app/Supervisor.apk: No such file or directory"
...
Testing busybox has been installed properly
...
/system/bin/sh: su: not found
Sending the command 'ls -l /system/xbin/' to device..
You should see a list of all busybox commands
/system/bin/sh: su: not found
Completed
How can I establish what the current state of my machine is, and what is the safest next step in my attempts to root it?
unlocked the bootloader? then all you have to do is fastboot flash a custom recovery then flash the su binaries or a custom rom then reboot. btw, dont use root toolkits, especially if your not familiar with basic procedures. nexus devices dont need root toolkits, its just as easy to root your device the right way.
simms22 said:
unlocked the bootloader? then all you have to do is fastboot flash a custom recovery then flash the su binaries or a custom rom then reboot. btw, dont use root toolkits, especially if your not familiar with basic procedures. nexus devices dont need root toolkits, its just as easy to root your device the right way.
Click to expand...
Click to collapse
Well, I think the Unlock Bootloader part worked. How could I check if it was successful?
itm said:
Well, I think the Unlock Bootloader part worked. How could I check if it was successful?
Click to expand...
Click to collapse
It seems that my attempt to unlock the bootloader wasn't successful - when I re-tried the Root option from the toolkit I got a message saying that the bootloader was locked.
So....I tried to unlock the bootloader again (with the tablet in Fastboot mode). I got the Yes/No option on tablet and selected Yes. I saw red text at the bottom of the Fastboot screen saying "Lock state - unlocked". So I then selected the option to Root (option 2, using the Chainfire method. This failed with the following errors:
remount failed: Operation not permitted
(then a few "no such file" messages removing old root files)
Pushing superuser.apk and su binary..
failed to copy root\su to /system/xbin/su : Read-only file system
failed to copy root\Superuser.apk to /system/app/Superuser.apk : Read-only file system
Setting permissions..
Unable to chmod /system/xbin/su: no such file or directory
Unable to chmod /system/app/Superuser.apk: no such file or directory
It looks like it's not being allowed write access to the drive???
Hi all,
Ive spent to weekend reading about rooting and ROMS/Kernels and decided to try it. I used a root kit found here from Mskip (great kit). Ive sucessfully rooted, and then sucessfully installed Smooth Rom 4.3 with the Motley kernel.
Ive downloaded Titanium Backup and Rom Manager. TB worked and I did a backup (which I now cant find) (i have ES File Explorer). I upgraded to Titanium Pro, and now when I open the app is states root was denied. I remember when I first opened TB SuperSu asked me to grant it access. After a reboot I opened SuperSu and stated a Binary update was necessary and performed it.
Now TB pro states root was denied, when I open SuperSu there is nothing there in the apps list, and I dont know how to manually grant TB root access.
Sorry if this is noobish, not sure what to do and I dont want to keep going without a backup.
Edit: When I try to backup in ROM Manager I hit backup, it brings up the notification to name the backup, I hit ok and nothing happens.
cam75 said:
After a reboot I opened SuperSu and stated a Binary update was necessary and performed it.
Now TB pro states root was denied, when I open SuperSu there is nothing there in the apps list, and I dont know how to manually grant TB root access.
Click to expand...
Click to collapse
That sort of sounds like the SuperSU "su" update might have failed. Can you get root with other apps? (e.g. go in to a terminal emulator and type "su")
Note there is a chicken-and-egg problem if (either) SuperSU/su or Superuser/su fail: they need root themselves to remount /system so that the "su" binary can be updated.
If no apps can get root, then you sort of have "lost root", and the fix is to manually insert the .apk and su binary into /system/app and /system/bin/su (or /system/xbin/su depending on flavor!) either with a flash package in recovery, or manually via the adb shell command line (with custom recovery running).
HTH
PS you should be able to just manually start the recovery and do a backup in the meantime, no? The fact that ROM manager isn't doing anything could either be a lack-of-root problem or something else (a busybox dependency?)
bftb0 said:
That sort of sounds like the SuperSU "su" update might have failed. Can you get root with other apps? (e.g. go in to a terminal emulator and type "su")
Note there is a chicken-and-egg problem if (either) SuperSU/su or Superuser/su fail: they need root themselves to remount /system so that the "su" binary can be updated.
If no apps can get root, then you sort of have "lost root", and the fix is to manually insert the .apk and su binary into /system/app and /system/bin/su (or /system/xbin/su depending on flavor!) either with a flash package in recovery, or manually via the adb shell command line (with custom recovery running).
HTH
PS you should be able to just manually start the recovery and do a backup in the meantime, no? The fact that ROM manager isn't doing anything could either be a lack-of-root problem or something else (a busybox dependency?)
Click to expand...
Click to collapse
thx for the quick response, however much of that is WAY over my head. I opened terminal emulator and typed su and this is what popped up. 1 [email protected]:/ $
When TB is opened it states error "sorry I could not acquire root privilegdes. this applidation will not work. please verify that your rom is rooted and try again. this attempt was made using the "/system/xbin/su" command.
I dont see busybox in my app drawer
cam75 said:
thx for the quick response, however much of that is WAY over my head. I opened terminal emulator and typed su and this is what popped up. 1 [email protected]droid:/ $
Click to expand...
Click to collapse
If the SuperSU app (and companion binary) were working correctly, you should have seen one of those "Accept / Deny" pop-up messages coming from the SuperSU app... assuming that you didn't previously grant root access to that terminal emulator app. You didn't mention that happening.... ?
Also, usually the command prompt usually changes from $ to # when you have root, but not always; the explicit way to check would be to (after you have tried the "su" command) to type in "id" and hit return at the prompt - that will tell you explicitly if you are root or not. (That's the letter "i" followed by the letter "d" followed by the return key).
From the way you describe this, it is sounding like you lost root.
I gotta go watch part of the game. In the meantime, perhaps you should at least create a backup manually.
As I said, the simplest fix-up would be to get Superuser.apk/su or SuperSU/su re-installed into /system/app and /system/{x}bin/su (it seems that chainsDD and chainfire use different locations).
There might be floating around someplace a flashable zip file with this stuff in it - to be used for "lightly rooting" a stock ROM after a custom recovery is in place. But things have been in flux recently with both the SuperSU (chainfire) and Superuser (chainsDD) kits because of the JellyBean multi-user support, so the version you might need is important. So you would have to do the research to figure out where.
gotta go - good luck.
bftb0 said:
If the SuperSU app (and companion binary) were working correctly, you should have seen one of those "Accept / Deny" pop-up messages coming from the SuperSU app... assuming that you didn't previously grant root access to that terminal emulator app. You didn't mention that happening.... ?
Also, usually the command prompt usually changes from $ to # when you have root, but not always; the explicit way to check would be to (after you have tried the "su" command) to type in "id" and hit return at the prompt - that will tell you explicitly if you are root or not. (That's the letter "i" followed by the letter "d" followed by the return key).
From the way you describe this, it is sounding like you lost root.
I gotta go watch part of the game. In the meantime, perhaps you should at least create a backup manually.
As I said, the simplest fix-up would be to get Superuser.apk/su or SuperSU/su re-installed into /system/app and /system/{x}bin/su (it seems that chainsDD and chainfire use different locations).
There might be floating around someplace a flashable zip file with this stuff in it - to be used for "lightly rooting" a stock ROM after a custom recovery is in place. But things have been in flux recently with both the SuperSU (chainfire) and Superuser (chainsDD) kits because of the JellyBean multi-user support, so the version you might need is important. So you would have to do the research to figure out where.
gotta go - good luck.
Click to expand...
Click to collapse
Thanks again.
Im watching Superbowl as well. I didnt grant Terminal access. I rebooted into recovery and restored to right after I rooted. SuperSu auto updated through the play store, and stated the binary need updated. I canceled that. TB and ROM manager are showing up in SuperSu. So now Im rebooting into recovery again to after I installed the Smooth Rom/Motley Kernal. I did make a backup of where SuperSu lost root. I now have three backups.
Question on installing the SuperSu apk file. I want to be sure I do it right, if needed. Download the file on my 7. it will go to my download folder. Move it to the system folder and open/run it? what do i do with the current SuperSu folder?
thanks again
I went to my restore point after root and reinstalled 4.3 Smooth ROM Mkernel. I did not take the SuperSu update, (ill wait for the next update) and everything is fine TB an ROM manager working fine, did a backup in both.
Thanks for your help on this.
cam75 said:
Question on installing the SuperSu apk file. I want to be sure I do it right, if needed. Download the file on my 7. it will go to my download folder. Move it to the system folder and open/run it? what do i do with the current SuperSu folder?
Click to expand...
Click to collapse
Dealing with .apk's is not that difficult - drop them into the correct place and reboot.
In Android, apps (.apk files) are stored in one of two places: /system/app or /data/app. It is even possible for two versions of an app to be on the phone - one in /system/app and one in /data/app; that is how upgrades of factory-installed apps happen: the pre-installed app is in /system/app... and never gets deleted (read-only filesystem), whereas update versions get dropped into /data/app. Generally you can just drop an .apk file into either of these locations, wipe the dalvik cache and reboot. During the android boot, these files are compiled into .dex objects in the dalvik-cache, and various version, consistency, rights and permissions are cross-checked.
Think of it this way: when you boot a new ROM for the first time, /data starts out completely empty. Everything needed to support each pre-installed app in /system/app gets created automatically during the android layer start-up.
The "su" native binary is a bit more complicated - it needs to be:
- owned by the user.group root.root
- be executable
- be setuid/setgid
Imagine that you had a copy of these two files on your "/sdcard". If you booted into the custom recovery, you could affect these changes like this:
C:\foo> adb shell
# mount # show what is already mounted
# mount /sdcard # if needed
# mount /system # if needed
# mv /system/app/SuperSU.apk /system/app/SuperSU.apk.old
# cp /sdcard/SuperSU.apk /system/app/SuperSU.apk
# mv /system/xbin/su /system/xbin/su.old
# cp /sdcard/su /system/xbin/su
# chown root.root /system/xbin/su
# chmod 6755 /system/xbin/su
# cd /
# umount /system
# exit
C:\foo>
*
As a practical matter, it is probably easier to just make sure to make a fresh backup if you are about to update the su binary - in case anything goes wrong. It might also be useful to use a root-aware file manager to remount the /system partition in rw mode prior to doing the "update su binary" procedure in the SuperSU app.
Good luck
* note that SuperSU and Superuser apps choose different locations for the su executable file - one uses /system/bin/su and the other /system/xbin/su. There might also be a symlink between these locations. Best policy is probably to examine a known-working installation to determine how to proceed.
Everyone please share your modified stock kernel for your Z5 series models with specifics here ...........
- Model
- ROOT working
- TWRP
- SuperSU
- Busybox
and so on....
As there is way to much ambiguous information out there right now for perfectly rooting the nougat on Z5 series and even one can achieve root with DRM fix there seems to be no R/W permission on SYSTEM partition !!!!
So please the people here who have successfully achieve ROOT with W/R SYSTEM, SU , DRM and other capabilities and are happy with them , please do upload your kernels here mentioning proper model and other things mentioned above.
Its for general good
try using this
https://forum.xda-developers.com/xperia-z5/general/ub-drm-fix-dm-verity-off-root-t3539999
I successfuly rooted my phone and have /system R/W permission, just make sure to flash SR5 SuperSu 2.78. PM me with results.
L33Tgod said:
try using this
https://forum.xda-developers.com/xperia-z5/general/ub-drm-fix-dm-verity-off-root-t3539999
I successfuly rooted my phone and have /system R/W permission, just make sure to flash SR5 SuperSu 2.78. PM me with results.
Click to expand...
Click to collapse
I did try that.
And all the other methods currently available to this point.
Created / patched several kernels and the best I could achieve is a fully rooted kernel with DRM and SU.
The only problem is when I delete some thing inside the system folder, it comes back after 1 sec like nothing ever happened to it in the first place.
Searched for the issue a bit more , find 2 possible cures and tried them too but no luck---- so I am now asking people to upload their kernel here so that I can find out which is which and so on............
I'm on the Au firmware on E6653. Used rootkernel and answered yes to all questions except for Su and xposed. Then I installed phh's superuser from recovery and the app from the play store. Everything is working fine.
I shared weeks ago..
download terminal on google play
open terminal
write "su" command and give root permission
then you will see "#"
after that, write this command:
Code:
echo 0 > /sys/kernel/security/sony_ric/enable
then you write this command:
Code:
mount -o rw,remount /system
if you see "#" again, it worked
but if you see "mount: Operation not permitted" it has not, sorry
@sceryavuz
My Phone
6653, flashed 32.3.A.0.372 AU, TWRP 3.0.2 and AndroPlusKernel v41. Root Checked.
Cannot get access to system obviously because of sony_ric....
ive tried following your steps on terminal but each time i try the code line " echo 0 > /sys/kernel/security/sony_ric/enable" it keeps saying cannot find that...
on terminal i typed :
SU Command ( which shows E6653:/data/data/com.termux/files/home #)
then i tried typing
echo 0 > /sys/kernel/security/sony_ric/enable (which shows sush: Echo: not found)
what am i doing wrong?
Gezzaman8 said:
@sceryavuz
My Phone
6653, flashed 32.3.A.0.372 AU, TWRP 3.0.2 and AndroPlusKernel v41. Root Checked.
Cannot get access to system obviously because of sony_ric....
ive tried following your steps on terminal but each time i try the code line " echo 0 > /sys/kernel/security/sony_ric/enable" it keeps saying cannot find that...
on terminal i typed :
SU Command ( which shows E6653:/data/data/com.termux/files/home #)
then i tried typing
echo 0 > /sys/kernel/security/sony_ric/enable (which shows sush: Echo: not found)
what am i doing wrong?
Click to expand...
Click to collapse
If you use AndroPlusKernel kernel, then you are not in stock.
Check a root browser "/sys/kernel/security/sony_ric/" folder is exist or not?
Hallo.Thanks for watching.
I am rooting Android's Z581KL.
I am rooting Android's Z581KL.
Here, I download and unpack the file ....
hZtZtpsZ://wZwZwZ.axfc.net/u/3777377
Z←remove
(PASS Z581KL) (差分=Difference,キーワード=KEYWORD,ダウンロード=Download,こちら=HERE,cacheに置くもの=Things to put in the cache)
Turn USB debug mode on,
adb reboot recovery
Enter recovery at.
After that, mount the system using the terminal volume button and the power button
adb push dirtycow /tmp/
adb push run-as /tmp/
adb shell
cd /tmp
chmod 777 dirtycow
chmod 777 run-as
./dirtycow ./run-as /system/bin/run-as
run-as
dd if=/dev/block/mmcblk0p41 of=/tmp/boot.img
This will dump boot to /tmp/boot.img.
According to the developer, I am introducing SuperSU systemly by twinkling the boot area.
Since this model is recovery so that SELinux is permissive and adb can be used,
You can rewrite the boot area by using dirtycow.
So dump the boot area once and raise it to the PC and then install SuperSU
You can manually apply the script and write back to the terminal.
As a point of note, if the size of initrd differs from the original, it will not start,
It is necessary to adjust the size by erasing and compressing unnecessary files.
After dumping boot.img with exploit and developing it appropriately
Supersu's systemless script adapted locally
After re-packing it will be written in the same place with dd in reverse to extraction.
I have never read the script of supersu, but write the arm64 file
You can manually execute a place where apk is placed in the data area or something.
Perhaps by default / data is encrypted so place the file in / cache.
The file of arm64 will create an image file called su.img in ext4 and put it in it.
I mean, I do not know the procedure after dd if = / dev / block / mmcblk 0p 41 of = / tmp / boot.img.
So, if you let me know, it will be helpful.
this method won't work on lastest firmware (3.3.20) - they patched dirtycow exploit
Sorry to forget writing. I am doing at 3.3.18. 3.3.18 What about?
NOW THE TABLET IS UPGRADED TO ANDROID 7
any method for rooting this version?
All firmware versions are provided on ASUS website. Can it be downgraded?
from asus page: "Software update cannot transfer the software SKU and downgrade the software version."
official firmware V3.3.20.0 zip includes boot.img
Can not you edit this and use it?
I can't wait to root this tablet. It has so much bloat (that cannot be disabled) that its 2 GB of RAM feel like 1...
I posted rooting method.
ttps://forum.xda-developers.com/android/help/guides-links-how-to-root-asus-zenpad-3-t3602408
Doesn't that work only for <= 3.3.18? Mine came from factory with 3.3.20...
doberek said:
from asus page: "Software update cannot transfer the software SKU and downgrade the software version."
Click to expand...
Click to collapse
I just tried to downloaded the 3.3.18.0 firmware and rename it 5.3.9.0. I was able to downgrade by updating it from 3.3.20.0 back to 3.3.18.0.
However, I don't get the instruction here: ttps://forum.xda-developers.com/android/help/guides-links-how-to-root-asus-zenpad-3-t3602408
Anyone who is able to successfully root the device please help for a more vulgar guide.
I already upgraded to Nougat 5.3.9.0. Could I downgrade to 3.3.18 without bricking it?
After and reboot Recovery, the tablet reboot normaly and non enter in recovery, solution????
ot
i own a z581 by vodafone (still on android MM), is there a way to flash the ww image from asus website?
Hello dear community,
I'm now struggling for some days to enable ad-blocking on my Huawei Nova with Android 7 Nougat (CAN-L01C432B340). I simply only need root to edit the hosts file and then un-root my device (that can be easily done by flashing boot.img via fastboot again). Reason for un-root is to be able to play Pokemon Go which has a root-block.
Following steps have been tried with root enabled
First things first: The normal way of using AdAway to create a hosts file does not work anymore: It seems to be impossible to remount the /system partition with r/w (read more) with the app.
So I tried many things so far to gain r/w while Android is booted up
Reversed the order on how we give the options to mount as suggested in chainfires posts: mount -o rw,remount /system fails (same does mount -o remount,rw /system)
Installing busybox to have another (probably working) mount command: Installation fails because of no rw on /system (doh)
Flashing busybox installable zip: The binaries seem to be gone when Android is booted up (but are visible in TWRP)
Using another busybox installer seem to be able to at least temporary flash busybox to /system/bin. Yet, busybox mount -o rw,remount /system did not make /system rw.
Flashing systemless AdAway also fails (similar to flashing busybox, the files are written but mystically, all changes are gone after booting into android).
Now I unrooted my device
Then I thought, why not use TWRP and mount the partition with rw there and copy my own custom-made hosts-file to /system. And hey, mounting with rw works! Also even writing and all kind of stuff.
But now the bummer: No matter what I do, the hosts file, formerly written to e.g. the /system partition is reverted back to default after a reboot to android. The strange thing: My modification is still there and visible in TWRP
Investigating on how the hosts file is managed in a booted-up android, I found out, /system/etc/hosts is symlinked to /vendor/etc/hosts.
So I mounted the /vendor partition in TWRP and copied the hosts file there.
mount /dev/block/platform/soc/7824900.sdhci/by-name/vendor /system && cp /external_sd/hosts /system/etc
After a reboot, I noticed /vendor/etc/hosts (= /system/etc/hosts) just has the default entries :crying: Strangely, when I now root my device again, the hosts-file shows my entries (but I need to be un-rooted )
It seems like that all changes done to any partition are somehow reverted back by the kernels drive-mapper. Does anyone have an idea on how to write a hosts-file to my system, which persists when I boot up android and does not require to be permanently rooted?