I've done it before but it seems like it's just not giving in this time. I had the phone rooted before and had to unroot for what I thought was going to be an insurance claim through my work (T-Mobile) and ended up just having some friends replace the screen for me. I went back to root the device again and still had all the same original files that I used to originally root and even locked and unlocked the bootloader again hoping that would fix my issue but I'm still getting hung at the logcat -s recowvery command. It shows <------- Beginning of system> <-------- Beginning of main> and just hangs and does nothing else.
text posted of every command I used to the exact instructions on @jcadduono post on how to root the h918
can't post screenshots because of new member.
Code:
C:\Users\Mike\Desktop\mini tools>adb devices
List of devices attached
LGH9185c391d6e device
C:\Users\Mike\Desktop\mini tools>adb push dirtycow /data/local/tmp
dirtycow: 1 file pushed. 0.3 MB/s (9984 bytes in 0.030s)
C:\Users\Mike\Desktop\mini tools>adb push recowvery-applypatch /data/local/tmp
recowvery-applypatch: 1 file pushed. 1.7 MB/s (18472 bytes in 0.011s)
C:\Users\Mike\Desktop\mini tools>adb push recowvery-app_process64 /data/local/tmp
recowvery-app_process64: 1 file pushed. 1.0 MB/s (10200 bytes in 0.010s)
C:\Users\Mike\Desktop\mini tools>adbpush recowvery-run-as /data/local/tmp
'adbpush' is not recognized as an internal or external command,
operable program or batch file.
C:\Users\Mike\Desktop\mini tools>adb push recowvery-run-as /data/local/tmp
recowvery-run-as: 1 file pushed. 0.9 MB/s (10192 bytes in 0.011s)
C:\Users\Mike\Desktop\mini tools>adb shell
elsa:/ $ cd /data/local/tmp
elsa:/data/local/tmp $ chmod 0777 *
/dirtycow /system/bin/applypatch recowvery-applypatch <
warning: new file size (18472) and file old size (165144) differ
size 165144
[*] mmap 0x7e70077000
[*] exploit (patch)
[*] currently 0x7e70077000=10102464c457f
[*] madvise = 0x7e70077000 165144
[*] madvise = 0 1048576
[*] /proc/self/mem 1367343104 1048576
[*] exploited 0x7e70077000=10102464c457f
./dirtycow /system/bin/app_process64 recowvery-app_process64 <
warning: new file size (10200) and file old size (18600) differ
size 18600
[*] mmap 0x7ddae0d000
[*] exploit (patch)
[*] currently 0x7ddae0d000=10102464c457f
[*] madvise = 0x7ddae0d000 18600
[*] madvise = 0 1048576
[*] /proc/self/mem -1971322880 1048576
[*] exploited 0x7ddae0d000=10102464c457f
elsa:/data/local/tmp $ exit
C:\Users\Mike\Desktop\mini tools>adb logcat -s recowvery
--------- beginning of system
--------- beginning of main
how to fix lgh918 recowvery issue
OfficialVillager said:
I've done it before but it seems like it's just not giving in this time. I had the phone rooted before and had to unroot for what I thought was going to be an insurance claim through my work (T-Mobile) and ended up just having some friends replace the screen for me. I went back to root the device again and still had all the same original files that I used to originally root and even locked and unlocked the bootloader again hoping that would fix my issue but I'm still getting hung at the logcat -s recowvery command. It shows <------- Beginning of system> <-------- Beginning of main> and just hangs and does nothing else.
text posted of every command I used to the exact instructions on @jcadduono post on how to root the h918
can't post screenshots because of new member.
Code:
C:\Users\Mike\Desktop\mini tools>adb devices
List of devices attached
LGH9185c391d6e device
C:\Users\Mike\Desktop\mini tools>adb push dirtycow /data/local/tmp
dirtycow: 1 file pushed. 0.3 MB/s (9984 bytes in 0.030s)
C:\Users\Mike\Desktop\mini tools>adb push recowvery-applypatch /data/local/tmp
recowvery-applypatch: 1 file pushed. 1.7 MB/s (18472 bytes in 0.011s)
C:\Users\Mike\Desktop\mini tools>adb push recowvery-app_process64 /data/local/tmp
recowvery-app_process64: 1 file pushed. 1.0 MB/s (10200 bytes in 0.010s)
C:\Users\Mike\Desktop\mini tools>adbpush recowvery-run-as /data/local/tmp
'adbpush' is not recognized as an internal or external command,
operable program or batch file.
C:\Users\Mike\Desktop\mini tools>adb push recowvery-run-as /data/local/tmp
recowvery-run-as: 1 file pushed. 0.9 MB/s (10192 bytes in 0.011s)
C:\Users\Mike\Desktop\mini tools>adb shell
elsa:/ $ cd /data/local/tmp
elsa:/data/local/tmp $ chmod 0777 *
/dirtycow /system/bin/applypatch recowvery-applypatch <
warning: new file size (18472) and file old size (165144) differ
size 165144
[*] mmap 0x7e70077000
[*] exploit (patch)
[*] currently 0x7e70077000=10102464c457f
[*] madvise = 0x7e70077000 165144
[*] madvise = 0 1048576
[*] /proc/self/mem 1367343104 1048576
[*] exploited 0x7e70077000=10102464c457f
./dirtycow /system/bin/app_process64 recowvery-app_process64 <
warning: new file size (10200) and file old size (18600) differ
size 18600
[*] mmap 0x7ddae0d000
[*] exploit (patch)
[*] currently 0x7ddae0d000=10102464c457f
[*] madvise = 0x7ddae0d000 18600
[*] madvise = 0 1048576
[*] /proc/self/mem -1971322880 1048576
[*] exploited 0x7ddae0d000=10102464c457f
elsa:/data/local/tmp $ exit
C:\Users\Mike\Desktop\mini tools>adb logcat -s recowvery
--------- beginning of system
--------- beginning of main
Click to expand...
Click to collapse
this is exzactly what happened to me any ideas how to correct it?
I recommend getting the stock kdz and flashing it to get you back to a true stock state. Don't use any kdz after 10j.
Who knows what was left behind when you unrooted. Unrooting doesn't return you to stock. It just unrooted you.
Once on a true stock system, recowvey should work.
androiddiego said:
I recommend getting the stock kdz and flashing it to get you back to a true stock state. Don't use any kdz after 10j.
Who knows what was left behind when you unrooted. Unrooting doesn't return you to stock. It just unrooted you.
Once on a true stock system, recowvey should work.
Click to expand...
Click to collapse
Unfortunately, that won't be the case on 10q or 10r. According to @runningnak3d, they've not only locked down qualcomm processors, but have also basically removed fastboot. There isn't any way to root beyond that update. not yet at least. and with antirollback being enabled now, no way to downgrade. We're stuck in a rut.
OfficialVillager said:
Unfortunately, that won't be the case on 10q or 10r. According to @runningnak3d, they've not only locked down qualcomm processors, but have also basically removed fastboot. There isn't any way to root beyond that update. not yet at least. and with antirollback being enabled now, no way to downgrade. We're stuck in a rut.
Click to expand...
Click to collapse
What firmware is the phone currently on?
androiddiego said:
What firmware is the phone currently on?
Click to expand...
Click to collapse
You'd have to check the about settings of your phone to know what you're on. The most recent is 10r. Im on 10q.
OfficialVillager said:
You'd have to check the about settings of your phone to know what you're on. The most recent is 10r. Im on 10q.
Click to expand...
Click to collapse
You're on 10q. That's why recowvery won't work. It work on 10j and below.
OfficialVillager said:
You'd have to check the about settings of your phone to know what you're on. The most recent is 10r. Im on 10q.
Click to expand...
Click to collapse
Sorry bud you can't root and if you try to go back to a rootable version you'll brick. This is even if you got there through a TWRP flashable zip, since they still update everything except recovery.
Try running logcat -s recowvery directly in an adb shell on the target device.
Related
trying too root.. and im looking at this
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Valued Customer>cd\
C:\>cd c:\AndroidSDK\tools
C:\androidsdk\Tools>adb push su /sdcard/su
320 KB/s (0 bytes in 26264.000s)
C:\androidsdk\Tools>adb push rage.bin /data/local/tmp/rage.bin
65 KB/s (0 bytes in 5392.000s)
C:\androidsdk\Tools>adb push busybox /sdcard/busybox
395 KB/s (0 bytes in 1867568.004s)
C:\androidsdk\Tools>adb shell
$ cd /data/local/tmp
cd /data/local/tmp
$ chmod 0755 rage.bin
chmod 0755 rage.bin
$ ./rage.bin
./rage.bin
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3712, 3712}
[*] Searching for adb ...
[+] Found adb as PID 19393
[*] Spawning children. Dont type anything and wait for reset!
[*]
[*] If you like what we are doing you can send us PayPal money to
[*] [email protected] so we can compensate time, effort and HW costs.
[*] If you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 USD!
[*]
[*] adb connection will be reset. restart adb server on desktop and re-login.
$ adb shell
adb shell
adb: not found
$
what do i do now????
The $ means you are still in the shell. You have to wait till it goes back to the Command prompt (c
Sent from my SCH-I500 using XDA App
ace5198 said:
trying too root.. and im looking at this
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Valued Customer>cd\
C:\>cd c:\AndroidSDK\tools
C:\androidsdk\Tools>adb push su /sdcard/su
320 KB/s (0 bytes in 26264.000s)
C:\androidsdk\Tools>adb push rage.bin /data/local/tmp/rage.bin
65 KB/s (0 bytes in 5392.000s)
C:\androidsdk\Tools>adb push busybox /sdcard/busybox
395 KB/s (0 bytes in 1867568.004s)
C:\androidsdk\Tools>adb shell
$ cd /data/local/tmp
cd /data/local/tmp
$ chmod 0755 rage.bin
chmod 0755 rage.bin
$ ./rage.bin
./rage.bin
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3712, 3712}
[*] Searching for adb ...
[+] Found adb as PID 19393
[*] Spawning children. Dont type anything and wait for reset!
[*]
[*] If you like what we are doing you can send us PayPal money to
[*] [email protected] so we can compensate time, effort and HW costs.
[*] If you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 USD!
[*]
[*] adb connection will be reset. restart adb server on desktop and re-login.
$ adb shell
adb shell
adb: not found
$
what do i do now????
Click to expand...
Click to collapse
You haven't waited long enough. That last step should kick you out of the shell, and back into the command prompt, where your 'adb shell' command will work.
adb is used on the windows command prompt, not the phone's shell.
To exit the shell, and get back to the windows command prompt, you can always type "exit" and hit enter at the $ or # prompt.
just wait?
ace5198 said:
just wait?
Click to expand...
Click to collapse
Ideally yes. Many people report having to wait up to 2 minutes. I don't know what you've done since then, best to just start over. To be safe, just reboot the phone, then start again.
ok i rebooted and got past that point now im at this line and stuck
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Valued Customer>cd\
C:\>cd c:\AndroidSDK\tools
C:\androidsdk\Tools>adb push su /sdcard/su
320 KB/s (0 bytes in 26264.000s)
C:\androidsdk\Tools>adb push rage.bin /data/local/tmp/rage.bin
87 KB/s (0 bytes in 5392.000s)
C:\androidsdk\Tools>adb push busybox /sdcard/busybox
410 KB/s (0 bytes in 1867568.004s)
C:\androidsdk\Tools>adb shell
$ cd /data/local/tmp
cd /data/local/tmp
$ chmod 0755 rage.bin
chmod 0755 rage.bin
$ ./rage.bin
./rage.bin
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3712, 3712}
[*] Searching for adb ...
[+] Found adb as PID 2200
[*] Spawning children. Dont type anything and wait for reset!
[*]
[*] If you like what we are doing you can send us PayPal money to
[*] [email protected] so we can compensate time, effort and HW costs.
[*] If you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 USD!
[*]
[*] adb connection will be reset. restart adb server on desktop and re-login.
$
C:\androidsdk\Tools>adb shell
error: device not found
C:\androidsdk\Tools>
help please.. im totally lost and cant find anything about this anywhere
hahahahah wooohoooo.. i did it... benchmark 2155 =) thank your so much to everyone that helped me... you are all awesome.. tanks dirrk for the step by step instructions..and a huuuuuggggeee shoutout to poulosjr couldnt have done it without you.. thank you all sooo much
Hello ace5198,
How did u do it? I am facing exactly the same issue...
$ chmod 4755 /data/local/tmp/rageagainstthecage
$ chmod 4755 /data/local/tmp/busybox
$ cd /data/local/tmp
$ ./rageagainstthecage
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3341, 3341}
[*] Searching for adb ...
[+] Found adb as PID 1941
[*] Spawning children. Dont type anything and wait for reset!
[*]
[*] If you like what we are doing you can send us PayPal money to
[*] [email protected] so we can compensate time, effort and HW costs.
[*] If you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 USD!
[*]
[*] adb connection will be reset. restart adb server on desktop and re-login.
$
[email protected]:~/android-sdk-linux_86/platform-tools$ ./adb shell
error: device not found
There is a new root method by dirrk on one of the stickies in android development... I would link you directly, but I can't from my phone. look for the one that says roll up
Hi there. I got an Epic 4G not too long ago, and I've been attempting to root and install Clockwork to get some custom ROMs on it.
Installed Samsung drivers, phone connects fine. I'm not mounting the SD card, and I've tried it in Charge Only and USB Mass Storage modes.
I ran the sticky'd root method (2.2.6) from the Development subforum under the Epic 4G. Here is my log from that:
Code:
C:\Users\___>CD C:\Users\___\Desktop\Root
C:\Users\___\Desktop\root>adb devices
List of devices attached
D70024857e4d device
C:\Users\___\Desktop\root>run.bat
exploit and busybox made by joeykrim and one click installer made by noobnl and
firon
Press any key to continue . . .
copy and run the exploit (may take 2 minutes)
128 KB/s (5392 bytes in 0.041s)
3 KB/s (88 bytes in 0.026s)
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3712, 3712}
[*] Searching for adb ...
[+] Found adb as PID 2208
[*] Spawning children. Dont type anything and wait for reset!
[*]
[*] If you like what we are doing you can send us PayPal money to
[*] so we can compensate time, effort and HW costs.
[*] If you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 USD!
[*]
[*] adb connection will be reset. restart adb server on desktop and re-login.
make it RW and move files
30 KB/s (687 bytes in 0.022s)
246 KB/s (26264 bytes in 0.104s)
355 KB/s (196521 bytes in 0.540s)
327 KB/s (14428 bytes in 0.043s)
9 KB/s (201 bytes in 0.020s)
413 KB/s (511436 bytes in 1.207s)
8 KB/s (203 bytes in 0.024s)
24 KB/s (479 bytes in 0.019s)
set permission
install busybox
push any key to reboot the phone
Press any key to continue . . .
Alright, so it rebooted. I can see SuperUser, and I can run apps that require root work perfectly (that screenshot one, etc).
So, I go to install Clockwork from the SDX forum (crossposted [link to noobnl's post spliced]). I ran "run-try-first.bat"
Code:
C:\Users\___>CD C:\Users\Media\Desktop\clockwork
C:\Users\___\Desktop\clockwork>adb devices
List of devices attached
D70024857e4d device
C:\Users\___\Desktop\clockwork>adb shell
$ su
su
# exit
exit
$ exit
exit
C:\Users\___\Desktop\clockwork>run-try-first.bat
one click installer and Clockworkmod Recovery v2.5.1.0 made by noobnl, skeeters
lint, and koush
Press any key to continue . . .
remove stock recovery patcher
mount: Operation not permitted
rm failed for /system/etc/install-recovery.sh, Read-only file system
rm failed for /system/recovery-from-boot.p, Read-only file system
copy kernel and flasher
432 KB/s (313888 bytes in 0.708s)
462 KB/s (5820868 bytes in 12.299s)
flashing kernel
RedBend Update Agent 6,1,14,1
FOTA : Make Block Device Nodes
lcd_init(498): start!
lcd_init(507): fb0 open success
lcd_init(514): width = 480, height = 800
open device file: Permission denied
bmldevice_get_size: bmldevice_open failed!src: /sdcard/zImage
dst: /dev/block/bml8 partition size: 0x0
part_size: 0x0
reboot: Operation not permitted
wait 60 second
cleanup
done
Press any key to continue . . .
C:\Users\___\Desktop\clockwork>
So, that seems like it didn't really work. I rebooted and went to recovery with ADB on the computer, with the volume + camera + power method, and got the stock recovery each time.
I went back in and installed ROM Manager, and flashed the newest build for the Epic, didn't work, stock recovery with the E: verification failed error.
I returned to my PC to try "run-try-last.bat"
Code:
C:\Users\___\Desktop\clockwork>run-try-last.bat
one click installer and Clockworkmod Recovery v2.5.1.0 made by noobnl, skeetersl
int, and koush
Press any key to continue . . .
copy and run the exploit (may take 2 minutes)
146 KB/s (5392 bytes in 0.036s)
4 KB/s (88 bytes in 0.020s)
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3712, 3712}
[*] Searching for adb ...
[+] Found adb as PID 2209
[*] Spawning children. Dont type anything and wait for reset!
[*]
[*] If you like what we are doing you can send us PayPal money to
[*] so we can compensate time, effort and HW costs.
[*] If you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 USD!
[*]
[*] adb connection will be reset. restart adb server on desktop and re-login.
remove stock recovery patcher
rm failed for /system/etc/install-recovery.sh, No such file or directory
rm failed for /system/recovery-from-boot.p, No such file or directory
copy kernel and flasher
459 KB/s (313888 bytes in 0.667s)
343 KB/s (5820868 bytes in 16.535s)
flashing kernel
RedBend Update Agent 6,1,14,1
FOTA : Make Block Device Nodes
lcd_init(498): start!
lcd_init(507): fb0 open success
lcd_init(514): width = 480, height = 800
page_msize: 4096, phy_unit_size: 262144
src: /sdcard/zImage
dst: /dev/block/bml8 partition size: 0x780000
part_size: 0x780000
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 262144 bytes
read 53700 bytes
read finished
wait 60 second
cleanup
done
Press any key to continue . . .
C:\Users\___\Desktop\clockwork>adb reboot recovery
Same thing, didn't work. I am currently guessing that the:
Code:
rm failed for /system/etc/install-recovery.sh, No such file or directory
rm failed for /system/recovery-from-boot.p, No such file or directory
is the problem, since I can't seem to remove these files? I don't know.
Help is appreciated! Thanks much!
EDIT
Code:
C:\Users\Media>CD C:\Users\Media\Desktop\Root
C:\Users\Media\Desktop\root>adb shell mount -t rfs -o remount,rw /dev/block/stl9
/system
mount: Operation not permitted
C:\Users\Media\Desktop\root>adb shell
$ su
su
# mount -t rfs -o remount,rw /dev/block/stl9 /system
mount -t rfs -o remount,rw /dev/block/stl9 /system
# rm /system/etc/install-recovery.sh
rm /system/etc/install-recovery.sh
rm failed for /system/etc/install-recovery.sh, No such file or directory
# rm /system/recovery/recovery-from-boot.p
rm /system/recovery/recovery-from-boot.p
rm failed for /system/recovery/recovery-from-boot.p, No such file or directory
#
These files actually don't exist or something
I am having this exact same problem. When I try to use clockwork it goes to the stock android recovery mode and I receive the signature error.
are you rooted first?
nevermind sorry
I can finally answer w/ a why (in addition to an answer) - I think!
Before running the run last script open up an adb shell and type
Code:
su
remount rw
exit
exit
now run the script
I think this happens because the joeykim root leaves the system readonly?
Two other options if the above doesn't work:
1)Start fresh (reflash) from Odin and then install clockwork BEFORE rooting
2)Open up an adb shell and type the commands in the runlast script manually
hope that helps
jimmyz said:
I can finally answer w/ a why (in addition to an answer) - I think!
Before running the run last script open up an adb shell and type
Code:
su
remount rw
exit
exit
now run the script
I think this happens because the joeykim root leaves the system readonly?
Two other options if the above doesn't work:
1)Start fresh (reflash) from Odin and then install clockwork BEFORE rooting
2)Open up an adb shell and type the commands in the runlast script manually
hope that helps
Click to expand...
Click to collapse
I tried to do this and here is what I got. I may have messed up since I am new to this.
c:\samsung>adb shell
$ su
su
remount rw
remount rw
Permission denied
$ Remounting /system </dev/st19> in read/write mode
mount: Operation not permitted
$
Does anyone think it could be caused by the system update that has been rolling out? I downloaded that before I rooted.
I am having the same problem while trying to get Clockwork to work correctly on my Epic.
I also think that the problem is related to the install-recovery.sh and recovery-from-boot.p files. If I run a batch file (run.bat or run-try-first.bat or run-try-last.bat) the first problem is always when it tries to remove these files.
First I tried to just remove the install-recover.sh file
>adb shell rm /system/etc/install-recovery.sh
rm failed for /system/etc/install-recovery.sh, Read-only file system
The system reported that the file system was read-only.
Next I changed the file system to be writable.
>adb shell
$ su
su
# remount rw
remount rw
Remounting /system (/dev/stl9) in read/write mode
# exit
exit
$ exit
exit
This seemed to work ok and no errors were reported
Last I tried to delete the file again.
>adb shell rm /system/etc/install-recovery.sh
rm failed for /system/etc/install-recovery.sh, No such file or directory
This time the system reported that the file (or directory) was not found.
All of the updates have been applied to this phone.
I'm just getting into the Android world so I'm pretty lost right now. I am able to get into the clockwork recovery if I hold the volume-down, camera button and the power button down until the phone is fully turned on. I am not able to update the phone's rom and this problem seems to be tied back to that the phone is not "really" rooted (this is pretty much just a guess...)
Thank you in advance for any help or suggestions you may offer!
Scott
Hi there.
I've redone the entire phone a few times now with Odin. Each time I try a new method of root/flashing clockwork. I've tried in every combination:
-Using Noobl's stuff, including 2.2.7, 2.2.6, and I guess 2.2.5 or whatever he published before that
-Using Koush's clockwork and noobl's clockwork things, both -first and -last
-Pulling the battery during the clockwork reboot and using the camera + volume + power
-Using ADB rebooting and quick rebooting
-Remounting the system RW between root and clockwork, before both, etc
Nothing has worked, tried with no updates applied and with all 3, and with the first one. I guess this android stuff just isn't my cup of tea after all. Time to wait for WP7, I suppose (can't stand this 5 hour battery crap, was hoping to fix it). Tried it on 3 computers, done it every conceivable way.
Thanks to the modding community, rooting community, and everybody who writes the guides. I guess I'm just unlucky or something.
EDIT: Disregard that, randomly worked after pulling the battery during the reboot following Noobl's clockwork install...... well then
If you want to try one last time I would try to manually root etc by entering one line at a time via adb
Sent from my SPH-D700 using XDA App
Installed The Boss Mod V.3
JuiceDefender, Superuser, ROM Manager
I can still only reach Clockwork via the Power + Volume + Camera, not through adb reboot or the clockwork menu...
juchmis said:
Installed The Boss Mod V.3
JuiceDefender, Superuser, ROM Manager
I can still only reach Clockwork via the Power + Volume + Camera, not through adb reboot or the clockwork menu...
Click to expand...
Click to collapse
This is expected behavior if you just used noobnl one click- it installs to bml8. IF you want to reach clockwork through Rom Manager you need to have a modified kernel (on bml7) which many of the custom Roms have built in. After you you do that adb reboot will work but only if you keep the appropriate clockworkwod mod update.zip in the root of your sdcard and select it through the "stock" recovery- this is "fakeflash"
I am attempting to follow instructions on page...
https://forum.xda-developers.com/v20/development/ls997vs995h910-dirtysanta-bootloader-t3519410
I am using a Linux host to do this.
If I type adb devices, it returns the device ID so my computer sees the phone.
I then type in one console
Code:
[email protected] ~/Downloads/platform-tools - becca $ bash ./RUNMEFIRST.sh
I then open another terminal and type...
Code:
bash ./step1.sh
I get this return..
Code:
[email protected] ~/Downloads/platform-tools - becca $ bash ./step1.sh
dirtysanta: 1 file pushed. 0.6 MB/s (18760 bytes in 0.030s)
aboot.img: 1 file pushed. 9.4 MB/s (2097152 bytes in 0.213s)
dirtycow: 1 file pushed. 0.6 MB/s (9984 bytes in 0.016s)
my-run-as: 1 file pushed. 1.0 MB/s (13796 bytes in 0.013s)
warning: new file size (13796) and file old size (14360) differ
size 14360
[*] mmap 0x7bd7874000
[*] exploit (patch)
[*] currently 0x7bd7874000=10102464c457f
[*] madvise = 0x7bd7874000 14360
[*] madvise = 0 1048576
[*] /proc/self/mem -2122317824 1048576
[*] exploited 0x7bd7874000=10101464c457f
warning: new file size (9984) and file old size (165144) differ
size 165144
[*] mmap 0x7d83a80000
[*] exploit (patch)
[*] currently 0x7d83a80000=10102464c457f
[*] madvise = 0x7d83a80000 165144
[*] madvise = 0 1048576
[*] /proc/self/mem 1367343104 1048576
[*] exploited 0x7d83a80000=10102464c457f
elsa:/ $
I don't ever receive the error it warns me about... Don't know if that's good or bad.
Then I complete the next steps...
Code:
elsa:/ $ run-as con
run-as: Package 'con' is unknown
254|elsa:/ $ chmod 0777 /storage/emulated/0/*
chmod: chmod '/storage/emulated/0/Alarms' to 40777: Operation not permitted
chmod: chmod '/storage/emulated/0/Android' to 40777: Operation not permitted
chmod: chmod '/storage/emulated/0/DCIM' to 40777: Operation not permitted
chmod: chmod '/storage/emulated/0/Download' to 40777: Operation not permitted
chmod: chmod '/storage/emulated/0/LGBackup' to 40777: Operation not permitted
chmod: chmod '/storage/emulated/0/Movies' to 40777: Operation not permitted
chmod: chmod '/storage/emulated/0/Music' to 40777: Operation not permitted
chmod: chmod '/storage/emulated/0/Notifications' to 40777: Operation not permitted
chmod: chmod '/storage/emulated/0/Pictures' to 40777: Operation not permitted
chmod: chmod '/storage/emulated/0/Podcasts' to 40777: Operation not permitted
chmod: chmod '/storage/emulated/0/Quickset Setup' to 40777: Operation not permitted
chmod: chmod '/storage/emulated/0/Ringtones' to 40777: Operation not permitted
chmod: chmod '/storage/emulated/0/aboot.img' to 100777: Operation not permitted
chmod: chmod '/storage/emulated/0/dirtysanta' to 100777: Operation not permitted
1|elsa:/ $
Right here is where it seems to be going completely wrong. I am not sure how to verify con is a user on the system. I do know unix but there is no /etc/passwd file where I would normally verify a user exists.
If I open the emulator app on the phone, I do get the untrusted error like I'm supposed to.
I get a usage error. I type in
applypatch /system/bin/atd /storage/emulated/0/dirtysanta
I receive the error
usage: appypatch [-b <bonus file>] <src-file> <tgt-file>... (I don't feel like typing the rest. but basically stating I typed it in wrong.)
The step1.sh window never tells me to run step 2. So, I know it's not working right. Any ideas what I'm doing wrong?
I had a pin on the security that I setup. I was wondering if the security pin was blocking it. I couldn't remove it so I just defaulted the phone and set it up without a pin and same error...
I just setup adb in a virtual machine running windows 10 and ran through the windows batch files and received identical errors.
dorlow said:
I am attempting to follow instructions on page...
https://forum.xda-developers.com/v20/development/ls997vs995h910-dirtysanta-bootloader-t3519410
I am using a Linux host to do this.
If I type adb devices, it returns the device ID so my computer sees the phone.
I then type in one console
Code:
[email protected] ~/Downloads/platform-tools - becca $ bash ./RUNMEFIRST.sh
I then open another terminal and type...
Code:
bash ./step1.sh
I get this return..
Code:
dav[email protected] ~/Downloads/platform-tools - becca $ bash ./step1.sh
dirtysanta: 1 file pushed. 0.6 MB/s (18760 bytes in 0.030s)
aboot.img: 1 file pushed. 9.4 MB/s (2097152 bytes in 0.213s)
dirtycow: 1 file pushed. 0.6 MB/s (9984 bytes in 0.016s)
my-run-as: 1 file pushed. 1.0 MB/s (13796 bytes in 0.013s)
warning: new file size (13796) and file old size (14360) differ
size 14360
[*] mmap 0x7bd7874000
[*] exploit (patch)
[*] currently 0x7bd7874000=10102464c457f
[*] madvise = 0x7bd7874000 14360
[*] madvise = 0 1048576
[*] /proc/self/mem -2122317824 1048576
[*] exploited 0x7bd7874000=10101464c457f
warning: new file size (9984) and file old size (165144) differ
size 165144
[*] mmap 0x7d83a80000
[*] exploit (patch)
[*] currently 0x7d83a80000=10102464c457f
[*] madvise = 0x7d83a80000 165144
[*] madvise = 0 1048576
[*] /proc/self/mem 1367343104 1048576
[*] exploited 0x7d83a80000=10102464c457f
elsa:/ $
I don't ever receive the error it warns me about... Don't know if that's good or bad.
Then I complete the next steps...
Code:
elsa:/ $ run-as con
run-as: Package 'con' is unknown
254|elsa:/ $ chmod 0777 /storage/emulated/0/*
chmod: chmod '/storage/emulated/0/Alarms' to 40777: Operation not permitted
chmod: chmod '/storage/emulated/0/Android' to 40777: Operation not permitted
chmod: chmod '/storage/emulated/0/DCIM' to 40777: Operation not permitted
chmod: chmod '/storage/emulated/0/Download' to 40777: Operation not permitted
chmod: chmod '/storage/emulated/0/LGBackup' to 40777: Operation not permitted
chmod: chmod '/storage/emulated/0/Movies' to 40777: Operation not permitted
chmod: chmod '/storage/emulated/0/Music' to 40777: Operation not permitted
chmod: chmod '/storage/emulated/0/Notifications' to 40777: Operation not permitted
chmod: chmod '/storage/emulated/0/Pictures' to 40777: Operation not permitted
chmod: chmod '/storage/emulated/0/Podcasts' to 40777: Operation not permitted
chmod: chmod '/storage/emulated/0/Quickset Setup' to 40777: Operation not permitted
chmod: chmod '/storage/emulated/0/Ringtones' to 40777: Operation not permitted
chmod: chmod '/storage/emulated/0/aboot.img' to 100777: Operation not permitted
chmod: chmod '/storage/emulated/0/dirtysanta' to 100777: Operation not permitted
1|elsa:/ $
Right here is where it seems to be going completely wrong. I am not sure how to verify con is a user on the system. I do know unix but there is no /etc/passwd file where I would normally verify a user exists.
If I open the emulator app on the phone, I do get the untrusted error like I'm supposed to.
I get a usage error. I type in
applypatch /system/bin/atd /storage/emulated/0/dirtysanta
I receive the error
usage: appypatch [-b <bonus file>] <src-file> <tgt-file>... (I don't feel like typing the rest. but basically stating I typed it in wrong.)
The step1.sh window never tells me to run step 2. So, I know it's not working right. Any ideas what I'm doing wrong?
Click to expand...
Click to collapse
Are you running VS99512A, VS99513A or VS99514B?
If your running VS99514B you have to downgrade to either VS99512A or VS99513a with LGUP. I had successfully downgraded my VS995 to software from VS99514B to VS99512A and the dirty santa worked. I did not use Linux I was on Windows 10. But I watch https://www.youtube.com/watch?v=aNnEe8ExhxA he has a Verizon V20 in the video it may help with issues your having.
Hey all -
I'm trying to root my V20 with some complications along the way!
I'm currently at the Recowvery setup (I've tried manual & "Easy Recowvery") and I cannot seem to get past the "adb logcat -s recowvery" step.
On my command prompt, all I end up seeing is:
--------- beginning of system
--------- beginning of main
to no end. I've waited hours. No "successful" message as stated there should be when it finishes what it needs to do.
I have a feeling this is a permission issue, because when I tried to use the "Easy Recowvery" method, it had said it could not create log files, etc in the directory that I was trying to run the easy setup from.
I then tried to run CMD w/ administrative privileges - same problem, still stuck at the aforementioned information displayed. The only way I can then get out of this is escaping via "Ctrl+C", and nothing ends up being done, because when I try the next step "adb shell reboot recovery", my phone goes to a black screen that just says, "No Command" - and then I have to go into the usual recovery by holding the power button, then volume-up.
Are there any suggestions that could be made here? Tips, etc? I'm using the H918 version of the V20 and I would really like to get it rooted - wanted to use crDroid :3
EDIT (Guides I'm following):
The one from theunlockr
and then the dirtycow git page that's linked in another guide (I cannot post actual links yet, apparently :S)
EDIT2 (add'l info):
C:\adb>adb shell
elsa:/ $ cd /data/local/tmp
elsa:/data/local/tmp $ chmod 0777 *
elsa:/data/local/tmp $ ./dirtycow /system/bin/applypatch recowvery-applypatch
warning: new file size (18472) and file old size (165144) differ
size 165144
[*] mmap 0x747ac24000
[*] exploit (patch)
[*] currently 0x747ac24000=10102464c457f
[*] madvise = 0x747ac24000 165144
[*] madvise = 0 1048576
[*] /proc/self/mem 1367343104 1048576
[*] exploited 0x747ac24000=10102464c457f
dirtycow /system/bin/app_process64 recowvery-app_process64 <
warning: new file size (10200) and file old size (18600) differ
size 18600
[*] mmap 0x7331eb7000
[*] exploit (patch)
[*] currently 0x7331eb7000=10102464c457f
[*] madvise = 0x7331eb7000 18600
[*] madvise = 0 1048576
[*] /proc/self/mem -1971322880 1048576
[*] exploited 0x7331eb7000=10102464c457f
elsa:/data/local/tmp $ exit
Not sure if something perhaps went wrong here? Before having to execute the adb logcat -s recowvery command?
EDIT3 (Removed -s from logcat command to see what was going on):
I removed the -s flag from the logcat command to see where it might be stalling..... But after doing this I realized truly what was going on (logcat... duh, logging) - but I never get any kind of message that is said would occur:
adb logcat -s recowvery
"<wait for it to tell you it was successful>"
"[CTRL+C]"
I never get that message, with or without the silent flag.
I feel like the purpose of this step was to log recowvery running? Instead it seems like it's logging EVERYTHING.
Another guide I found said I should be putting my phone in the bootloader/fastloader before running the last bit of steps, but if I do that and try running the adb commands, it will say "null, no device available", or something along those lines.
I no longer know what is going wrong.
EDIT4 (-s is not silent flag when using adb?):
So it turns out the -s flag when using adb isn't the silent flag? Unless it is for logcat? Either way still nothing working. I never get "beginning of crash" like I'm apparently supposed to when running "adb logcat -s recowvery". Halp.
same issue
bump
This issue has been resolved elsewhere. If needed I will make an edit to show the solution once I'm capable of doing so.
May have a working solution. Testing it now and will reply if it works.
---------- Post added at 04:49 AM ---------- Previous post was at 04:47 AM ----------
Yeah, I managed to find the solution myself. Not sure if its the same solution but it was a matter of downgrading my firmware to the previous patch from 10k to 10j through LGUP and it's working fine as of now.
Downgrade from V20 version k to version j
After downgrading from version k to j (via LGUP tool) and having the proper files to go along with it. If I am allowed to post a link to the Reddit post that ended up helping me, I will - however it seems by default I am unable to do so.
hello
i have a lg v20 h990ds and i want to install twrp for install custom rom on my Phone
i Download Version 7 Android Firmware KDZ and Downgrade with lg up from android 8 to 7 and After try for install twrp recovery fail !
i,m downloaded any rev of android 7 kdz and flash with lg up and try to install twrp is fail !
list android 7 KDZ Rev i downloaded and try :
H990ds10h_00_OPEN_AME_DS_OP_0117.kdz
H990ds10e_00_OPEN_AME_DS_OP_0417.kdz
H990ds10b_00_OPEN_AME_DS_OP_1103.kdz
H990ds10d_00_OPEN_AME_DS_OP_1216.kdz
after flash firmware with lgup i try to install twrp have this Problem :
Step 1 :
C:\adb>step1.bat
C:\adb>adb push dirtysanta /storage/emulated/0
654 KB/s (18760 bytes in 0.027s)
C:\adb>adb push aboot.img /storage/emulated/0
2219 KB/s (2097152 bytes in 0.922s)
C:\adb>adb push dirtycow /data/local/tmp
1218 KB/s (9984 bytes in 0.008s)
C:\adb>adb push my-run-as /data/local/tmp
1349 KB/s (13796 bytes in 0.009s)
C:\adb>adb shell chmod 0777 /data/local/tmp/*
C:\adb>adb shell /data/local/tmp/dirtycow /system/bin/run-as /data/local/tmp/my-run-as
warning: new file size (13796) and file old size (14360) differ
size 14360
[*] mmap 0x743cc53000
[*] exploit (patch)
[*] currently 0x743cc53000=10102464c457f
[*] madvise = 0x743cc53000 14360
[*] madvise = 0 1048576
[*] /proc/self/mem -2122317824 1048576
[*] exploited 0x743cc53000=10101464c457f
C:\adb>adb shell /data/local/tmp/dirtycow /system/bin/applypatch /data/local/tmp/dirtycow
warning: new file size (9984) and file old size (165144) differ
size 165144
[*] mmap 0x76d9697000
[*] exploit (patch)
[*] currently 0x76d9697000=10102464c457f
[*] madvise = 0x76d9697000 165144
[*] madvise = 0 1048576
[*] /proc/self/mem 1367343104 1048576
[*] exploited 0x76d9697000=10102464c457f
C:\adb>adb shell
elsa:/ $ run-as con
elsa:/ # chmod 0777 /storage/emulated/0/*
elsa:/ # id
uid=0(root) gid=0(root) groups=0(root),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats),3009(readproc) context=u:r:shell:s0
elsa:/ #
Step 2 :
C:\adb>step2.bat
C:\adb>adb pull /storage/emulated/0/bootbackup.img
remote object '/storage/emulated/0/bootbackup.img' does not exist
C:\adb>adb pull /storage/emulated/0/abootbackup.img
remote object '/storage/emulated/0/abootbackup.img' does not exist
C:\adb>adb reboot bootloader
Step 3 :
C:\adb>step3.bat
C:\adb>fastboot flash boot boot1.img
target reported max download size of 536870912 bytes
sending 'boot' (40960 KB)...
OKAY [ 1.341s]
writing 'boot'...
FAILED (remote: device is locked. Cannot flash images)
finished. total time: 1.365s
C:\adb>fastboot flash recovery twrp.img
target reported max download size of 536870912 bytes
sending 'recovery' (24964 KB)...
OKAY [ 0.828s]
writing 'recovery'...
FAILED (remote: device is locked. Cannot flash images)
finished. total time: 0.854s
C:\adb>fastboot reboot
rebooting...
finished. total time: 0.009s
Please help me to resolve this problem
Thanks , Regards
mo4sa said:
Please help me to resolve this problem
Click to expand...
Click to collapse
The solution to your problem it's simple enough... You don't follow the instructions the way they are supposed to be follow.
This thread you open about the TWRP failed to install, but it's failing to unlock your device, and it has an entire thread about it. Recently there's one user who has some problems on how to perform this unlock and since I'll not write again (because you and everyone can search ) So this is my most recent post with my considerations/instructions.
How can I say with confidence that you aren't following the instructions? Because on the same thread the most appropriate guide for the H990DS (I have the same device by the way) don't need the step3. And this clear message device is locked, so the unlock failed.
So take your time, read with care and attention what was already discussed on the links that I share here, and if you still have problems, post to the right thread and we can continue this discussion there so others could benefit of this experience as well.