Database Users

[Q] Custom ROM developing

Hi just asking if anyone knows any links or archives or anything i can read through, im looking to build my own ROM. any help would be much appreciated and dont mind donating to someone that can help me start to learn.
Thanks

Well, first of all you need to be able to compile Android. This is pretty easy and it's explained directly in the developers google website. If you're not running a Nexus One or a Nexus S, you can't actually compile a working android copy for your own phone "as is" from AOSP. Because of this, you firstly need to change / create some dirs and files in order to add the support for your particular device. I'd start searching on CM repositories for this (I've got the Nexus One and thus I don't have such problems).
After you've compiled Android for your device and your changes (for example root), you'll have some disk images (you can find them all under out/target/product/PHONE_MODEL/, they are the .img files). You can directly flash them via fastboot ("fastboot flash boot boot.img" etc.). You can though create an update.zip file, and this can be made extracting the system.img file in a folder. Remember that you'll have to recreate the symlinks (to toolbox and/or busybox if you want to include it in your build) and set permissions, as zip doesn't save the permissions of the files once compressed.
Thus so far, if you succeed making every single step you should have your ROM on your phone

[Q] What about the Alcatel OT Fire C (4019X)?

Hello!
I've been trying to see if there's any root exploits, ROMs, whatever for this phone. Is it Hamachi (4012) compatible? Or is it another species? It does seem there's not much about it.

The only thing I've found is this mail thread.
comments DOT gmane DOT org / gmane DOT comp DOT mozilla DOT devel DOT b2g / 12487
The Fire C is a Jelly Bean based one. Start from there.
If I can successfully flash mine will post results. Wish me luck.
resetreboot said:
Hello!
I've been trying to see if there's any root exploits, ROMs, whatever for this phone. Is it Hamachi (4012) compatible? Or is it another species? It does seem there's not much about it.
Click to expand...
Click to collapse

mancvso said:
The only thing I've found is this mail thread.
comments DOT gmane DOT org / gmane DOT comp DOT mozilla DOT devel DOT b2g / 12487
The Fire C is a Jelly Bean based one. Start from there.
If I can successfully flash mine will post results. Wish me luck.
Click to expand...
Click to collapse
Nope. Bricked phone.
Anyone knows how to use this files?
forum DOT gsmhosting DOT com / vbb / f272 / flash-file-request-alcatel-4019x-1883599

Where did you find these files? Can you point me to them?
Maybe I can make something out of it. The MTK Droid Tools is totally unable of dumping anything from this phone and it's supposedly designed for these kind of phones (the chipset is a MediaTek).
If only I could snatch the boot image...! But the /dev/ block devices do not make any sense to me, otherwise I'd have at least something to go back when I screw the boot loader.

The URL is in the post above, just replace " DOT " with "." and delete spaces.
Anyway, the direct link is
mediafireDOTcom/?t6x77dxpb9bucbf
Which one is boot, system, userdata? Do you have the original file sizes?
I've tried with various Hamachi (4012X) boot.img but none of them works.
PD: I cannot post links.

I managed to fix my phone!!
In the folder above (Mediafire)
boot.img is B1TC000112R0.mbn
recovery.img is R1TC000112R0.mbn
system.img Y1TC000112R0.mbn
Be sure to explicitly start in fastboot mode (Power+Volume down)
As a side note, if load recovery.img in boot.img the phone will start in that mode. I've had to do that to make it boot (and them flash boot.img)
Good luck. Pass it on.

Wonderful! This is really useful info.
Now we can try to couple it with the FFOS SDK and try to get root and maybe upgrade to 2.0...
D'loading so I can start hacking...

resetreboot said:
Wonderful! This is really useful info.
Now we can try to couple it with the FFOS SDK and try to get root and maybe upgrade to 2.0...
D'loading so I can start hacking...
Click to expand...
Click to collapse
Please do so! An upgrade to 2.x is crucial even for copy/pasting text.

mancvso said:
I managed to fix my phone!!
In the folder above (Mediafire)
boot.img is B1TC000112R0.mbn
recovery.img is R1TC000112R0.mbn
system.img Y1TC000112R0.mbn
Be sure to explicitly start in fastboot mode (Power+Volume down)
As a side note, if load recovery.img in boot.img the phone will start in that mode. I've had to do that to make it boot (and them flash boot.img)
Good luck. Pass it on.
Click to expand...
Click to collapse
Great news, remember you can type *#3228# to know what are all these filenames in your device.
I have a 4019M (sold unlocked in this country) and I am interested on this, however I don't have experience flashing yet, as this is my first smartphone. If you need to do some tests from here for this particular device to get root and upgrades, feel free to ask!
This device is qualcomm based and gonk is jelly bean based, if I recall correctly.

Some news, they finally uploaded this month 4019X / 4019A GPL compliance sources into sourceforge · net / projects / alcatel / files /

Some progress to get a proper factory image
When using One Touch Update, I tried to figure what happens with the factory image download from the vendor. It downloads a bunch of 64 KiB files stored in a downloaded/ subdir of the programfiles application folder. They are downloaded via TCP, not using HTTP. Once the download is complete, out1.data and out2.data are generated, I guess all these files get somewhat assembled into these. They are placed in the programfiles application folder too, 203 MiB each. They look like a couple of Android sparse image files, according to header magic numbers. These files should be copypasted somewhere before ending the flash operation and closing the application, otherwise they will be deleted. Maybe these files contain interesting stuff :good:. There is also a log file showing addresses where is flashing and sizes of the images of the factory flashing operation.
Maybe some USB sniffing is worth, but not tested.

4019X Brick
Hi guys.
I have a 4019X bricked becasuse i tried to install a wrong system.img.
Can you upload again the factory flash images? The mediafire link is broken.
I made a backup of the original system with adb pull /system /system as mozilla´s recommend in the Firefox OS build prerequisites.
But i dont know how to compile to restore my phone. I tried this:
ANDROIDFS_DIR=<path to system backup> ./config.sh tarako
ANDROIDFS_DIR=<path to system backup> ./build.sh
but always fail.
If you dont know, can you tell me how to use the source code of alcatel to unbrik my phone:
sourceforge.net ... OT_FF_4019X_20150408.tar.xz
Thanks

Backup of the stock One Touch Fire C files
https://www.dropbox.com/s/nzn6g4qhh585ho4/4019X-2[X=A,B,C,D]TBHU1.rar?dl=0
Please keep us informed on any progress, now that Firefox has freed itself.

can u tell me if this rom has portuguese language? i need 4019x android or firefox with portuguese language? or anyway to add language?
best regards

mancvso said:
I managed to fix my phone!!
In the folder above (Mediafire)
boot.img is B1TC000112R0.mbn
recovery.img is R1TC000112R0.mbn
system.img Y1TC000112R0.mbn
Be sure to explicitly start in fastboot mode (Power+Volume down)
As a side note, if load recovery.img in boot.img the phone will start in that mode. I've had to do that to make it boot (and them flash boot.img)
Good luck. Pass it on.
Click to expand...
Click to collapse
Hi! I can not fix my Alcatel OT- 4019A yet. ¿could you please help me with that?
I don't know exactly what do with that archives.
Thanks!

Gsmfanatic said:
can u tell me if this rom has portuguese language? i need 4019x android or firefox with portuguese language? or anyway to add language?
best regards
Click to expand...
Click to collapse
The firmware doesn't have the Portuguese language, flashed it myself ...

Possible way to self-sign Recovery and Rom's on S7, Just need some help.

Hey, I noticed while looking through the Stock Firmware AP file, that in meta-data/fota.zip there are .jar files that have to do with package signing. Only issue is that the zip is password protected. If someone has the Compute power and skills to decrypt a zip and look at the jar files and ****, maybe we could find a way to sign our own TWRP recoveries and roms. Just a thought, i'll post a link to the fota.zip file i was talking about in a bit if anyone wants to take a crack at it. (Google drive is taking forever to upload cause of AT&T's ****ty DSL speeds, sorry)
Download Link: htt*ps:/*/drive.*google*.com/file/*d/0B9tb-svjqaVD*b3Y0V0tXR3drSzA/vie*w?usp=sharing (Remove all *'s from link, stupid 10 post until you can post links limitation)
Thanks,
Lavavex

Did you saw this Thread?
https://forum.xda-developers.com/an...signing-boot-images-android-verified-t3600606
About fota.zip...
Did you heard about plain text attack?
In few Seconds... minutes done... no password required but you can unpack.
Best Regards

Yesterday I have download this fota.zip... and yes... same password as for instance from my prior test with:
SM-J330F and 1 more...
Here are the 3 keys to decrypt if somebody want try...
Code:
2b4d493c
6142b289
1b7024aa
Code:
Key0
Key1
Key2
I have used Advanced Archive Password Recovery from elcomsoft...
Best Regards

adfree said:
Yesterday I have download this fota.zip... and yes... same password as for instance from my prior test with:
SM-J330F and 1 more...
Here are the 3 keys to decrypt if somebody want try...
Code:
2b4d493c
6142b289
1b7024aa
Code:
Key0
Key1
Key2
I have used Advanced Archive Password Recovery from elcomsoft...
Best Regards
Click to expand...
Click to collapse
Which will allow unpacking of the above zip? I thought it needed a zip password.

osm0sis said:
Which will allow unpacking of the above zip? I thought it needed a zip password.
Click to expand...
Click to collapse
We never found the Password... but for Decryption you need only these 3 Keys...
They can be easily found in few Minutes... with the right Tool...
Code:
2b4d493c
6142b289
1b7024aa
Here Key0 Key1 Key2 for Samsungs fota.zip...
This is really no rocket science...
Simple read about plain-text attack...
You can see all filenames...
You can see all filesizes etc...
Many files are floating around the Internet... to create ZIP for attack...
Then result is in few Minutes possible... :angel:
Use these 3 Keys in Tool:
Code:
Advanced Archive Password Recovery
And try self to unpack...
Best Regards
Edit 1.
Screenshot added...
Then maybe more clear...
Trial Version have mabye limtations... but to see it work... it is enough to play with trial.

@adfree or to anyone who can answer.
Quick question, what are the legal limitations to what is going on here? I may or not have a file from inside the fota.zip, but will sharing it put me in the legal wrong? If it is within the legal boundaries, I'd be happy to upload it for anyone to take a look at, but I don't want to land on the wrong side of the law by doing so. Please do let me know, as this is the most exciting development we've had when it comes to bootloader unlocking in a while. Also, it seems as though we can't view the entirety of the contents of the fota.zip with the trial version of the zip extraction tool mentioned in this thread, so if someone with more knowledge about this can confirm we could unlock our bootloaders with the contents of the zip (based on what is currently known about this), I'd be happy to bite the bullet of paying for the premium version given we can do this within the boundaries of the law.
Thanks.

1.
Maybe you can answer your question self...
Samsung PROTECTED this ZIP with password.
2.
IMHO it is Kernel related...
Yeah I know... Boot is every irritating...
But it is not sboot.bin related...
3.
About decrypting all files...
There are floating around Command Line Tool...
Code:
pkcrack
Try to Google it...
I have not tried...
I am 1 click Button user...
Best Regards

zipdecrypt from the pkcrack package plus those 3 keys worked flawlessly. :good:
Edit: Crazy number of utilities in this zip, but no script to run them all, and a lot of references to external files. No smoking gun like a "sbootimg_signer" binary or anything to make their proprietary footer signature, and no Samsung signature files.

the password for that zip is fotatest1234

Correct. All fota zips passwords are fotatest1234

Drdra3 said:
Correct. All fota zips passwords are fotatest1234
Click to expand...
Click to collapse
@lavavex , @osm0sis
Yes it is, but now the question still to be answered is, do the tools within the fota.zip file, actually work for legitimately repacking the boot/recovery image? Because in the fota.zip I checked from Android Pie's release it mentioned the "user/test-keys" and very much so had all of the compiled tools to actually patch a system and create and ADB flashable zip for stock recovery.
Could we technically make a signed sideloadable update.zip if the the update package was created on the device itself? The scripts included, along with the updated compiled binary tools, really do seem to be the Toolkit we've been looking for but have overlooked. I haven't tested it out fully, but I'm still reading about how to proceed. It isn't just the S7 either. So are the tools customized to the device, the android branch, or the bootloader?

Delgoth said:
@lavavex , @osm0sis
Yes it is, but now the question still to be answered is, do the tools within the fota.zip file, actually work for legitimately repacking the boot/recovery image? Because in the fota.zip I checked from Android Pie's release it mentioned the "user/test-keys" and very much so had all of the compiled tools to actually patch a system and create and ADB flashable zip for stock recovery.
Could we technically make a signed sideloadable update.zip if the the update package was created on the device itself? The scripts included, along with the updated compiled binary tools, really do seem to be the Toolkit we've been looking for but have overlooked. I haven't tested it out fully, but I'm still reading about how to proceed. It isn't just the S7 either. So are the tools customized to the device, the android branch, or the bootloader?
Click to expand...
Click to collapse
Presumably what I previously said still stands:
osm0sis said:
Crazy number of utilities in this zip, but no script to run them all, and a lot of references to external files. No smoking gun like a "sbootimg_signer" binary or anything to make their proprietary footer signature, and no Samsung signature files.
Click to expand...
Click to collapse

persistant changes to hosts file following reboot?

Hi everyone. I'm scratching my head here and struggling to find a solution that doesn't require root.
I've got a hosts file that I love as it blocks nearly all advert servers on my phone.
I know there are several adblocking apps but they all require root.
I have had to remove root as I have some critical apps that still don;t work, even after hiding magisk from the apps within the Magisk Manager.
I've got a magisk patched image that I can "fastboot boot" with and can edit the hosts file (after remounting /system as rw) but when I then reboot afterwards, the hosts file has been overwritten.
Can anyone help me please or give me a pointer of how to make the hosts edits remain following a reboot?
edit2add
I am using stock ROM with latest August patches on my Mi A1

You can't without root even if you do it your system partition will be modified and it will result in phone not booting or just safetynet won't pass.
Use a vpn or I'm pretty sure there's app that can fake a vpn with a ad ban list

Dead-neM said:
You can't without root even if you do it your system partition will be modified and it will result in phone not booting or just safetynet won't pass.
Use a vpn or I'm pretty sure there's app that can fake a vpn with a ad ban list
Click to expand...
Click to collapse
Interesting idea regarding spoof VPN.
Do you know how the hosts file is generated? If it's copied over from somewhere during boot then could I edit the source file it's copied from?
If it's generated procedurally, might I be able to script it to add my edits during creation?

wodgey said:
Interesting idea regarding spoof VPN.
Do you know how the hosts file is generated? If it's copied over from somewhere during boot then could I edit the source file it's copied from?
If it's generated procedurally, might I be able to script it to add my edits during creation?
Click to expand...
Click to collapse
System partition ? so that's a good idea but you'll have to compile a rom to change this file. On Linux distro the host file is a thing you can modify easily. On android it's just deprecated by google as it's use mostly used as an adfilter. And google is an ad company. That's my guess.
Anyway host file will always need root even on Linux.
Simply because it can be used against you.
The problem is more on apps that blocks you because you're rooted than being rooted for changing this file.
If any app could modify host then bang you go to YouTube and it redirect you to something else.
Maybe for you it's just an adblock file but it's a little more than that.
So sorry but it's root or vpn.

Dead-neM said:
System partition ? so that's a good idea but you'll have to compile a rom to change this file. On Linux distro the host file is a thing you can modify easily. On android it's just deprecated by google as it's use mostly used as an adfilter. And google is an ad company. That's my guess.
Anyway host file will always need root even on Linux.
Simply because it can be used against you.
The problem is more on apps that blocks you because you're rooted than being rooted for changing this file.
If any app could modify host then bang you go to YouTube and it redirect you to something else.
Maybe for you it's just an adblock file but it's a little more than that.
So sorry but it's root or vpn.
Click to expand...
Click to collapse
So? Could I possibly extract the system.img from the stock ROM, make the edits there and then recompile?
(I've got a copy of payload.bin that I extracted a few weeks ago, when trying to flash the August security patches (this was before I did a compete flash of stock ROM using fastboot)
That actually seems like it wouldn't take too much effort

wodgey said:
So? Could I possibly extract the system.img from the stock ROM, make the edits there and then recompile?
(I've got a copy of payload.bin that I extracted a few weeks ago, when trying to flash the August security patches (this was before I did a compete flash of stock ROM using fastboot)
That actually seems like it wouldn't take too much effort
Click to expand...
Click to collapse
This will lead to a corrupt system partition modified. As i said the worse thing is you could not boot and the good just won't pass safetynet.

Dead-neM said:
This will lead to a corrupt system partition modified. As i said the worse thing is you could not boot and the good just won't pass safetynet.
Click to expand...
Click to collapse
Ok I understand.
How does the device 'know' that the system partition is corrupt? Does it perform a hash check perhaps?
How would compiling my own custom ROM avoid this same problem?

wodgey said:
Ok I understand.
How does the device 'know' that the system partition is corrupt? Does it perform a hash check perhaps?
How would compiling my own custom ROM avoid this same problem?
Click to expand...
Click to collapse
It does many thing to know that its have been touched. You'll have to modify some stuff and it will work. You'll loose certification but you'll have you own rom.

Dead-neM said:
It does many thing to know that its have been touched. You'll have to modify some stuff and it will work. You'll loose certification but you'll have you own rom.
Click to expand...
Click to collapse
Any chance you can outline the other stuff I'd need to change?
If it's really in-depth then don't worry but if it's just a few bullet-points that I can Google more info on, I'd appreciate it.

wodgey said:
Any chance you can outline the other stuff I'd need to change?
If it's really in-depth then don't worry but if it's just a few bullet-points that I can Google more info on, I'd appreciate it.
Click to expand...
Click to collapse
Search "dm-verity" and "safetynet". The first one is what will look at any r/o partition like system and kernel. It's been a long time since i dig into this. I'm not into this anymore.
But You can disable it but you'll loose safetynet, encrypted partition etc... (i may be wrong but you got the idea). And safetynet look if partition have been modified and you are a certified device if it won't pass the banking app and apps like Pokemon go etc won't work.
Magisk hide the fact that the kernel img have been touch and most app that detect it detect just the app itself. That means magisk capability (su, hide and module)
So you could maybe compile stock rom with a custom host file. Never touch vendor partition! Make a backup before! By booting and not flashing twrp. Do not flash twrp just use the "fastboot boot command"
You'll need to make a custom kernel and system img to flash in order to do it.
I'll try to do a rom without anything modded except kernel without dm verity and system with your host and i guess it needs change too.
I dunno if it will pass safetynet after.
Just don't brick your phone ?
Keep in mind that you'll loose ota. There's a chance that the rom work with just some changes but i can be a mess to do.
Why not trying a custom rom like lineage os?
Using their supersu zip won't you be able to replace the host file then remove root?
Once you make a backup a move it to a pc as a savestate. You are free to try different solution

Dead-neM said:
Search "dm-verity" and "safetynet". The first one is what will look at any r/o partition like system and kernel. It's been a long time since i dig into this. I'm not into this anymore.
But You can disable it but you'll loose safetynet, encrypted partition etc... (i may be wrong but you got the idea). And safetynet look if partition have been modified and you are a certified device if it won't pass the banking app and apps like Pokemon go etc won't work.
Magisk hide the fact that the kernel img have been touch and most app that detect it detect just the app itself. That means magisk capability (su, hide and module)
So you could maybe compile stock rom with a custom host file. Never touch vendor partition! Make a backup before! By booting and not flashing twrp. Do not flash twrp just use the "fastboot boot command"
You'll need to make a custom kernel and system img to flash in order to do it.
I'll try to do a rom without anything modded except kernel without dm verity and system with your host and i guess it needs change too.
I dunno if it will pass safetynet after.
Just don't brick your phone ?
Keep in mind that you'll loose ota. There's a chance that the rom work with just some changes but i can be a mess to do.
Why not trying a custom rom like lineage os?
Using their supersu zip won't you be able to replace the host file then remove root?
Once you make a backup a move it to a pc as a savestate. You are free to try different solution
Click to expand...
Click to collapse
Thanks for info I'll investigate later in the week when I have more time. Monday has arrived too quickly!
Appreciated though

There is a magisk module to mount r/w?

Hi , so apperntly the only way currently to modify system files of OnePlus 8 Pro is through flashing magisk modules , Tried using several file explorers but couldn't change permissions , tried via twrp but system won't be mounted , so my question is if there is a magisk module that someone made to mount r/w , if there is , I would like to get it , if there isn't , I would appreciate if anyone can create that for me , and please don't tell me to go to terminal and type commands because IT DOESN'T WORK, I don't know exactly what flashing magisk modules do but I figured out that it's the only way I can change system files , please help

Mounting system as R/W is impossible on stock software (OOS, OneUI etc).
This applies to all devices launched with Android 10, so, 7T/Pro and up.
https://source.android.com/devices/tech/ota/dynamic_partitions/implement
Your best shot is to create a module that 'modifies' the system systemless-ly.

Lossyx said:
Mounting system as R/W is impossible on stock software (OOS, OneUI etc).
This applies to all devices launched with Android 10, so, 7T/Pro and up.
https://source.android.com/devices/tech/ota/dynamic_partitions/implement
Your best shot is to create a module that 'modifies' the system systemless-ly.
Click to expand...
Click to collapse
That's literally the magisk module i'm asking for

ilan0098 said:
That's literally the magisk module i'm asking for
Click to expand...
Click to collapse
Literally not. You asked for a module that could make system R/W.
Anyway good luck

As mentioned, no r/w module...

galaxys said:
As mentioned, no r/w module...
Click to expand...
Click to collapse
Anyway such a module won't do any good IMHO. System/product/vendor partitions are combined into a single "super" partition.
The individual parts for /system, /vendor, /product are then mounted from there.
You will never be able to physically write on files in those partitions (if that is/was your intention).
However, you can write a Magisk module (easily) which replaces files with others (e.g. I replaced my /system/etc/hosts files with a version that has ad-blocked IP addresses). You can "delete" files by making them "empty" with a Magisk module (e.g. I have hidden the OnePlus phone/dialer/calculator/messages/notes apps in this way as I prefer the Google variants).
It's not that hard ... assuming you have a bit of Linux dev skills.
Can you be more specific about what exactly you want to do? Edit some file?

foobar66 said:
Anyway such a module won't do any good IMHO. System/product/vendor partitions are combined into a single "super" partition.
The individual parts for /system, /vendor, /product are then mounted from there.
You will never be able to physically write on files in those partitions (if that is/was your intention).
However, you can write a Magisk module (easily) which replaces files with others (e.g. I replaced my /system/etc/hosts files with a version that has ad-blocked IP addresses). You can "delete" files by making them "empty" with a Magisk module (e.g. I have hidden the OnePlus phone/dialer/calculator/messages/notes apps in this way as I prefer the Google variants).
It's not that hard ... assuming you have a bit of Linux dev skills.
Can you be more specific about what exactly you want to do? Edit some file?
Click to expand...
Click to collapse
Also if I do want to edit a system file , I can't , it won't let me do that , the file I edited just won't save

foobar66 said:
Anyway such a module won't do any good IMHO. System/product/vendor partitions are combined into a single "super" partition.
The individual parts for /system, /vendor, /product are then mounted from there.
You will never be able to physically write on files in those partitions (if that is/was your intention).
However, you can write a Magisk module (easily) which replaces files with others (e.g. I replaced my /system/etc/hosts files with a version that has ad-blocked IP addresses). You can "delete" files by making them "empty" with a Magisk module (e.g. I have hidden the OnePlus phone/dialer/calculator/messages/notes apps in this way as I prefer the Google variants).
It's not that hard ... assuming you have a bit of Linux dev skills.
Can you be more specific about what exactly you want to do? Edit some file?
Click to expand...
Click to collapse
I would very much like to edit the build.prop file, and let Adaway (F-droid) edit the hosts file to add its adblocking lists.
Are either of those things possible? Thanks!

R2-Brute said:
I would very much like to edit the build.prop file, and let Adaway (F-droid) edit the hosts file to add its adblocking lists.
Are either of those things possible? Thanks!
Click to expand...
Click to collapse
Enable systemless hosts in magisk manager and adaway will work. And for editing build prop, look up "resetprop", it's a magisk tool to modify build prop systemlessly.

Thank you so much! Adaway is up and running! I just got a new phone, and got so worried when it dawned on me that the System folder was locked down!
And I found "MagiskHide Props Config". Is it better or worse than Resetprop, or the same? "Props Config" has already flaked on me in the half hour I've been using it, but since a reinstall, it's working again.
I'm hoping it's just getting comfortable, but if you think Resetprop is more stable, please tell me.
And thanks again! Feeling good about technology.

I have ROOTED, rooted mean now you are Administrator of all in your phone. But live is not like a dream, I can't delete or modify anything in system folder on my rooted samsung phone, when using Z Archiver to delete empty and junk folder it says failed even sometimes it says Access Denied ( maybe the problem is here) converted RO->RW, tried through ES File it says in use or busy, Root Explorer is useless even if I adds write permission, but when using lucky patcher to uninstall & install and apps as system then it can creates or delete in systm app, which means there may be a way for me to modify it, if the trash can't be deleted then the system partition will be filled with garbage forever and can only get fatter. Who know how to solve it?

You have to patch super image to make everything r/w.
[GUIDE] How to make your System RW / Super R/W read/write-able
Welcome to the one and only, the original, universal SystemRW / SuperRW feat. MakeRW / ro2rw by lebigmac This script removes the read-only lock of all partitions embedded in the super partition of your stock firmware. This allows you to mount...
forum.xda-developers.com

in case someone still struggling with that
i wanted to copy trusted certificate ".0" file from storage to /system/etc/security/cacerts
i couldn't and tried to do the adb mount thing but i couldn't
anyway it worked when i tried MT manager ( i literally shocked ) its not in play store but you can find it online
if that didn't work i guess you have two option
1) open platform tools after enabling usb debugging and do "adb push /sdcard/yourfile /system/etc/security/cancerts
that will copy the file from sdcard to system/etc/security/cancerts
second option i didn't really tried but i saw it worked for some
is magisk module called "overlayfs" if you can't find it online i will attach it here
BUT before all that try MT manager .. idk how it really worked lol

Mazen550 said:
in case someone still struggling with that
i wanted to copy trusted certificate ".0" file from storage to /system/etc/security/cacerts
i couldn't and tried to do the adb mount thing but i couldn't
anyway it worked when i tried MT manager ( i literally shocked ) its not in play store but you can find it online
if that didn't work i guess you have two option
1) open platform tools after enabling usb debugging and do "adb push /sdcard/yourfile /system/etc/security/cancerts
that will copy the file from sdcard to system/etc/security/cancerts
second option i didn't really tried but i saw it worked for some
is magisk module called "overlayfs" if you can't find it online i will attach it here
BUT before all that try MT manager .. idk how it really worked lol
Click to expand...
Click to collapse
i have installed overlay fs but i can edit only /system, /product and some files in /vendor and /system_ext, i have android 13 with one ui 5.1