Related
I've been trying to fix my kindle fire for a while now. My ultimate problem is that my build.prop is not in my /system/ but I have been trying to push a replacement build.prop to that directory to no avail. It looks like I have superuser installed. Superuser.apk is in system/app/ and there are a few SU directories around my file system.
My problem is that even though I have SU in my file system, I am not getting the correct permissions when accessing the KF through adb. Whenever I type in su it says permission denied. Similarly, whenever I try to change the permissions for /system/ I am denied as well. Whenever I type in su, it says "segementation fault".
It seems to me that there are three possibilities:
1. I somehow have the superuser files in place but the SU program itself is not installed.
2. SU is installed but because I can't fully boot up my KF, I can't give ADB Root access through SU because I can't pull up the "allow access" dialog box.
3. Something stupd like I"m trying the wrong commands.
Maybe your kindle auto updated and broke root? But if you've already updated and re-rooted I'm not sure what the issue would be.
Sent from my Nexus S 4G using XDA App
hmmm...I think a main thing I need to know for sure before I continue is if my phone is even rooted for sure. I have the superuser.apk in system/app. I don't have anything in data/local. I have a SU directory in a couple places. Is there any way for ADB to recognize if a phone is rooted (perhaps if the file system is set up a current way?) without having access to root priveledges itself?
Same here, BurritoRoot, I've tried this on both Linux/Mac, but either way, I can never get su to work so my Kindle can be r/w.
Maybe try
adb shell
$su
If $ changes to # you have root.
When installing su check the file permissions on the directory as well.
Sent from my Kindle Fire using Tapatalk
just a try:
adb shell
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
what's the answer ?
if the response is not a failure you should have r/w
b63 said:
just a try:
adb shell
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
what's the answer ?
if the response is not a failure you should have r/w
Click to expand...
Click to collapse
That worked, thank you!
---------- Post added at 02:37 AM ---------- Previous post was at 02:29 AM ----------
But then I lose them after a reboot.
---------- Post added at 02:44 AM ---------- Previous post was at 02:37 AM ----------
$su doesn't give me a # anymore either.
Jessical said:
That worked, thank you!
---------- Post added at 02:37 AM ---------- Previous post was at 02:29 AM ----------
But then I lose them after a reboot.
---------- Post added at 02:44 AM ---------- Previous post was at 02:37 AM ----------
$su doesn't give me a # anymore either.
Click to expand...
Click to collapse
that command only remounts the system partition r/w - not permanent !
but after issuing the comand:
you can copy files, change permission or whatever
you can also run kfu to permantly root with superuser
Fixxxxxxxxxx!
http://forum.xda-developers.com/showthread.php?p=21034648#post21034648
That thread I started has the fix for your issue
taseedorf said:
http://forum.xda-developers.com/showthread.php?p=21034648#post21034648
That thread I started has the fix for your issue
Click to expand...
Click to collapse
It just stalls at:
fastboot -i 0x1949 boot twrp-blaze-2.0.0RC0.img
downloading 'boot.img'...
Then nothing.
Did you download the image file? You can just renamed the command and use the twrp from fire utility recovery directory
taseedorf said:
Did you download the image file? You can just renamed the command and use the twrp from fire utility recovery directory
Click to expand...
Click to collapse
How would I do that? I downloaded twrp-blaze-2.0.0RC0.img
I have used the terminal in the past, even compiled stuff like Chrome OS, but I don't know anything except the stuff that people put in the instructions...
Where is the boot.img itself coming from?
hey guys I removed some systemapps and now I cant install the new row update. can some one please upload a titanium backup
thanks
titanium backup won't work for system apps. you will need a system dump. which apps do you need? i have a dump but i won't upload the whole dump cause its about 1 gb.
ok. thanks for the quick reply. im not sure but it sholud only be the music app. it would be great if you could upload it.
just unpack it and copy both files into the /system/app folder with i.e. rootexplorer etc.
here i uploaded nearly the whole dump:
System Dump
i am the same don't know how to do now.
---------- Post added at 06:11 PM ---------- Previous post was at 06:08 PM ----------
@bananenlarry
I delete some app after root,then I unroot for some reason.
I can't not get root again,and also can not update OTA2 because missing APP.
waht can I do now?
@feskey
how did you unroot? did you delete superuser.apk from /system/app? then download Superuser from market again. because the su file from /system/xbin/ should still be there.
@bananenlarry
Unroot by following command.Su was clean up.
Instructions
1. Follow instructions to set up ADB.
2-Run "adb shell" from a command prompt.
3-In the ADB shell, type the following commands:
su
(this will cause a prompt to come up on the phone asking you to grant root permissions, accept this)
Then, back in ADB shell:
mount -o rw,remount /dev/block/system /system
rm /system/app/Superuser.apk
rm /system/xbin/su
rm /system/bin/su
omg you really unrooted your device thought you just deleted the superuser.apk. i don't know exactly how the root exploit works but as i know it uses a lenovo app to do so. if you also deleted that app, root isn't possible in your case. you will have to wait until there will be another method for rooting.
With s-off you can write to /system should you wish.
Code:
adb shell
su
mount -o rw,remount -t ext4 /dev/block/mmcblk0p45 /system
will do the business and give you full read/write access to allow you to delete those pesky apps HTC want you to have at all costs. Facebook and Twitter system apps? No thanks!
I should be able to run this in terminal emulator, right?
Yes. Just miss out the adb bit, obviously.
I use FX File Explorer with the Root add-on.
You can then simply choose to open the system folder as root and then there's an option to remount R/W.
Beautiful guide......
Sent from my GT-I9001 using xda app-developers app
---------- Post added at 03:14 PM ---------- Previous post was at 03:09 PM ----------
You can also use Es file explorer that work like Root Explorer but it's free.....
Sent from my GT-I9001 using xda app-developers app
sjeffrey said:
I use FX File Explorer with the Root add-on.
You can then simply choose to open the system folder as root and then there's an option to remount R/W.
Click to expand...
Click to collapse
Ditto ! Works a charm
Missed out the adb bit.
Is there a way to mount system as rw on every boot?
The latest update to .368 restricts access to /system, in particular 'mount -o remount,rw /system' won't give write access.
With the SuperSU 'supolicy' tool and a current busybox there is an easy way around the protection:
Code:
/system/xbin/supolicy --live \
"allow init_shell unlabeled file {execute execute_no_trans}"\
"allow {init_shell kernel} {device unlabeled mmc_block_device} blk_file {getattr read write open ioctl}"\
"allow init_shell kernel process setsched"\
"allow init_shell {rootfs labeledfs} filesystem {mount umount remount}"
mknod /dev/loop2 b 7 2
losetup /dev/loop2 /dev/block/mmcblk0 -o 96468992
mount -t ext4 /dev/loop2 /system
The number in the losetup command is the position of the system partition in bytes in the internal memory. (This number in blocks (bytes = blocks * 512) is displayed in the expert mode of fdisk)
This works because we do not use the device corresponding to the system partition but construct an equivalent device.
Chainfires adbd Insecure app. Try the app first but if you still can't mount and push files read this thread - [HOW TO]Make your favorite kernel adbd insecure to run ADB as root on /system
Click to expand...
Click to collapse
I can now just adb remount and have access to the system.
I could not write to /system because I somehow lost the XZDualRecovery during the last update. When installed that does the magic at startup and enables a "remount,rw" of /system. In particular it has nothing to do with .368 as I initially suspected.
The flashable zip of the XZDualRecovery contains the necessary scripts and modules.
The method proposed in my initial post has the advantage, that it builds on (heavily used) features of the (Linux) kernel and is independent of the kernel version. Kernel modules on the other hand often only work with the kernel they were compiled for.
Far from an expert, so please let me know what I'm missing. Ran all commands successfully, rebooted, but still seems like no system rw access. Does this actually create that access, or does this only enable the ability to get access, and now there's another step? Thanks
Those commands grant immediate write access, but this is not persistent.
If you need a persistent solution, you should install the XZDualrecovery (which you should do anyway!).
Then a "mount -o remount,rw /system" gives you write access.
njhuiz said:
Those commands grant immediate write access, but this is not persistent.
If you need a persistent solution, you should install the XZDualrecovery (which you should do anyway!).
Then a "mount -o remount,rw /system" gives you write access.
Click to expand...
Click to collapse
Thanks, I'll give it a try, (switched ROMs at the moment, but not for long).
I have an unlocked Bootloader, root (working!) and XZDualRecovery. I' running prerooted 5.1 Android Stock ROM. I can't write to system... I tried many commands via ADB.
Is there any workaround?
FrikandelChris said:
I have an unlocked Bootloader, root (working!) and XZDualRecovery. I' running prerooted 5.1 Android Stock ROM. I can't write to system... I tried many commands via ADB.
Is there any workaround?
Click to expand...
Click to collapse
This works for me - [2014.11.10][ROOT] adbd Insecure v2.00, install it, tick Enable insecure adb, then run...
Code:
[B]adb remount[/B]
...and that should allow you.
mount -o remount,rw /system
Works for me on 5.1 with XZDualRecovery installed (locked BL, Xposed installed, Linux adb host).
I just spent a long time trying to get write access on my Z1C, too. I'm on MX ROM and wanted to debloat some of the software.
Turns out I just had to set the SE Linux from Enforced to Permissive, then using the mount -o remount,rw /system went fine.
Code:
su -c setenforce 0
mount -o remount,rw /system
exit
EDIT:
The "su -c setenforce 0" should make the change to Permissive permanent. Will check.
EDIT 2:
I had to get the app SELinuxModeChanger (http://forum.xda-developers.com/showthread.php?t=2524485) in conjunction with the adbd Insecure app to finally get it to work reliably, now...
I tried all the solution in this post but I failed every time... Someone to explain me how I have to do?
Envoyé de mon D5503 en utilisant Tapatalk
xander59 said:
I tried all the solution in this post but I failed every time... Someone to explain me how I have to do?
Envoyé de mon D5503 en utilisant Tapatalk
Click to expand...
Click to collapse
Did you try all of them, (terminal commands in op, adb insecure app, mount -o remount command, selinux permission change..)? If so, and you still can't rw, I'd say it might be a problem with your ROM. I have used RockZ1 and MX ROM recently, and initially had issues, but at least one of these things worked for me.
In fact, I read again the topic and I have the version 21 of dual recovery, so I have the r/w permission... But i can't still see an app when I'm moving its to /system/app and set right permission
Envoyé de mon D5503 en utilisant Tapatalk
With a root browser or a terminal app you should be able so see all files... which app did you use?
xander59 said:
In fact, I read again the topic and I have the version 21 of dual recovery, so I have the r/w permission... But i can't still see an app when I'm moving its to /system/app and set right permission
Envoyé de mon D5503 en utilisant Tapatalk
Click to expand...
Click to collapse
Not sure about that... I've definitely had apps that won't install or won't open before. I'm not sure what makes something compatible or not. Maybe email developer.
It was an issue to kill the app before moving it to system app
Envoyé de mon D5503 en utilisant Tapatalk
SGP621-RICDefeat
The SGP621-RICDefeat.zip will work on latest .216 stock. It's not a flashable zip but it contains a install.bat file, wich will remove the write to system protection. Then you can download an app from play store to mount system as RW and RO.
Don't remember where i found it though, but it was somewhere in the Z1 compact forum.
XperienceD said:
This works for me - [2014.11.10][ROOT] adbd Insecure v2.00, install it, tick Enable insecure adb, then run...
Code:
[B]adb remount[/B]
...and that should allow you.
Click to expand...
Click to collapse
well when i try to tick the enable insecure adb it says could not patch,,
i am currently on 14.6.A.1.236
ok well kingroot saves the day.,
Look at this. Worked for me. Very easy. http://forum.xda-developers.com/z3-...-sgp621-lollipop-23-1-0-690-noba-ftf-t3058400
Hi guys, I didnt have much luck with the Easy Recowvery method on my G5 (20A)
Sooo, i thought i'd share with you, (what i like to call) Hard Recowvery method.
This is the most effective way i've rooted & installed TWRP my H830 on 7.0 (Nougat)
First lets download the neccessary recowvery files located here (Put them all in a folder): https://build.nethunter.com/android-tools/dirtycow/arm64/
Make sure you have the latest twrp for your phone: https://twrp.me/devices/lgg5h830.html
Latest Verity zip: https://build.nethunter.com/android-tools/no-verity-opt-encrypt/
Latest SuperSU: https://download.chainfire.eu/1021/SuperSU/SR3-SuperSU-v2.79-SR3-20170114223742.zip
---
Shift+Open Command window in Recowvery folder
Note: Use app_process32 on 32-bit targets.
once in cmd window from your recowvery folder follow these steps:
---
adb push dirtycow /data/local/tmp
adb push recowvery-applypatch /data/local/tmp
adb push recowvery-app_process64 /data/local/tmp
adb push recowvery-run-as /data/local/tmp
adb shell
$ cd /data/local/tmp
$ chmod 0777 *
$ ./dirtycow /system/bin/applypatch recowvery-applypatch
"<wait for completion>"
$ ./dirtycow /system/bin/app_process64 recowvery-app_process64
"<wait for completion, your phone will look like it's crashing>"
$ exit
adb logcat -s recowvery
"<wait for it to tell you it was successful>"
"[CTRL+C]"
adb shell reboot recovery
"<wait for phone to boot up again, your recovery will be reflashed to stock>"
adb shell
$ getenforce
"<it should say Permissive, adjust source and build for your device!>"
$ cd /data/local/tmp
$ ./dirtycow /system/bin/run-as recowvery-run-as
$ run-as exec ./recowvery-applypatch boot
"<wait for it to flash your boot image this time>"
$ run-as su
(You need to rename the twrp img to "twrp.img" and put in the root of your internal storage, OR you can use this adb push command. The next two steps wont be neccessary if already done so.)
adb push twrp-3.0.2-x-xxxx.img /sdcard/twrp.img
adb shell
run-as exec dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery
"<wait for it to complete>"
$ reboot recovery
---
You should be in TWRP now,
flash supersu and the verity 4.1 zips. [Format Data] will remove internal storage encryption. so back up everything you need to with nandroid. lg backup, or titanium. (So i saw that they have updated verity zips but i just used 4.1)
I prefer lg backup, its easiest.
After you format data reflash supersu and verity zips for the hell of it. (you dont have to i dont think but i just did anyway)
Now just reboot, & enjoy
This isnt a method i created, i got it from this thread. and made the steps i felt were neccessary.
https://forum.xda-developers.com/v20/development/h918-recowvery-unlock-v20-root-shell-t3490594
Works until "run-as exec dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery" then says:
Current uid: 0
We have root access!
------------
Executing: 'dd' with 2 arguments
dd: /sdcard/twrp.img: No such file or directory
1|h1:/data/local/tmp #
No Twrp recovery any help?
---------- Post added at 08:47 PM ---------- Previous post was at 08:07 PM ----------
Forgot to rename recovery.
---------- Post added at 09:32 PM ---------- Previous post was at 08:47 PM ----------
Problem solved! Forgot to rename img.
Tinbender418 said:
Works until "run-as exec dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery" then says:
Current uid: 0
We have root access!
------------
Executing: 'dd' with 2 arguments
dd: /sdcard/twrp.img: No such file or directory
1|h1:/data/local/tmp #
No Twrp recovery any help?
---------- Post added at 08:47 PM ---------- Previous post was at 08:07 PM ----------
Forgot to rename recovery.
---------- Post added at 09:32 PM ---------- Previous post was at 08:47 PM ----------
Problem solved! Forgot to rename img.
Click to expand...
Click to collapse
The 2 agreement how did u type it BC I had that but I didn't know what to type so I use the toolkit instead
Sent from my LG-H830 using Tapatalk
Rename to twrp.omg move to internal sd card.
Sent from my LG-H830 using Tapatalk
sorry guys i was busy! & yes you need to rename the recovery img to "twrp.img". i will add the step to rename the twrp file!
djevil said:
The 2 agreement how did u type it BC I had that but I didn't know what to type so I use the toolkit instead
Sent from my LG-H830 using Tapatalk
Click to expand...
Click to collapse
Just copy and paste everything as you see it. and if you mean you didnt know how to rename twrp recover just rename to "twrp.img"
so my getenforce keeps saying enforcing?
---------- Post added at 10:39 AM ---------- Previous post was at 10:35 AM ----------
and the command to run-as exec says no exec found?
---------- Post added at 10:50 AM ---------- Previous post was at 10:39 AM ----------
Hmm so after looking it up, apparently my brand new G5 I just got today is on 20c and not 20a. I guess that is the problem?
hello?
jdkzombie said:
hello?
Click to expand...
Click to collapse
Yes that is the problem Read Autoprime's thread on the H83020c update. He explains a way to root device by downgrading to H83020a using LGUP.
Sent from my LG-H830 using Tapatalk
I don't seem to get passed the adb logcat step because I do so and it says that all process was done correctly but my phone won't at all boot up after he T-Mobile logo
Tried and did everything step by step and this is always the problem and can't get passed it
Someone please help
Sent from my iPhone using Tapatalk
Just use the Automagically thread a few below this one. You have to be on 20A for it to work. I used that method and it worked on the first try. Now I'm on 20C and I'm rooted as well. This way is way too complicated.
djerick3 said:
Just use the Automagically thread a few below this one. You have to be on 20A for it to work. I used that method and it worked on the first try. Now I'm on 20C and I'm rooted as well. This way is way too complicated.
Click to expand...
Click to collapse
The easy recovery method that runs the script? I have tried it countless times and also doesn't seem to work
wadamean said:
The easy recovery method that runs the script? I have tried it countless times and also doesn't seem to work
Click to expand...
Click to collapse
First you need to run the script and follow the instructions to the letter. If you read into the thread you'll see that you need to turn off verification before you run it. I forget what option it is but ill check and post it for you. Worked smooth for me first try.
Stuck
I seem to be stuck at adb logcat -s recowvery
"<wait for it to tell you it was successful>"
"[CTRL+C]"
It's been a while. It hasn't moved from there and it won't let me input anything else. I got stuck after beginning of main and beginning of system.
Will this work starting from MM or only once on Nougat? My phone hasn't downloaded the update yet and it won't let me force it. Trying it on MM doesn't seem to complete.
Sent from my LG-H830 using XDA-Developers Legacy app
---------- Post added at 04:17 AM ---------- Previous post was at 03:48 AM ----------
Rican39 said:
Deleted
Sent from my LG-H830 using XDA-Developers Legacy app
Click to expand...
Click to collapse
Sent from my LG-H830 using XDA-Developers Legacy app
Well this is interesting. The script the people above are talking about never worked for me. So I came here and got my hands dirty and did it the manual way. Everything worked great until I formatted data and reflashed verity and su zips. After booting, all I can get the phone to do is boot to twrp. I've successfully flashed the 20A kdz back to stock with unlocked bootloader. Just wondering what I did wrong?
Once I get into TWRP the steps used were:
1 - Flash SuperSU
2- Flash verity zip
3- Format Data
4- Flash SuperSU again (for good measure)
5- Flash verity zip again (for good measure)
All these instructions make sense but at the top of the OP it says to NOT swipe to allow system modifications. I thought after formatting data and flashing the verity zip that we can swipe to allow. If we can't modify the system partition, how do we access it for busybox, etc..
Sorry for the odd questions - just looking for clarity!
UPDATE: Sorry, I resolved my own problem. Just don't ever swipe to modify system in TWRP and you're good. Not sure why this was the case.
eliolicious said:
I seem to be stuck at adb logcat -s recowvery
"<wait for it to tell you it was successful>"
"[CTRL+C]"
It's been a while. It hasn't moved from there and it won't let me input anything else. I got stuck after beginning of main and beginning of system.
Click to expand...
Click to collapse
I have this same problem. Did you figure out the issue?
codahq said:
I have this same problem. Did you figure out the issue?
Click to expand...
Click to collapse
I figured out the issue. There are a bunch of threads floating around here that seem to think that the dirtycow exploit will work on 20A and 20C. That is definitely not the case. 20C it is patched so you have to KDZ back to 20A and then exploit. Then you can TWRP flash 20C if you want to go back to 20C.
I'm was on 20C though and dirtycow definitely doesn't work.
Noob question
I got this phone lg g 5 tmobile variant yesterday. I was on marshmallow rooted with Xposed Framework Flashed 7.0 thinking it was a rom. I lost root and lost custom recovery I'm trying to root on 7.0 via dirty cow but instructions r too complicated. Can anybody tell me what dirty cow files to download and were to put the folder pls