Related
HI Guys,
Maybe somewhat can help me out here, in my attempt to update my Acer A500, I may have in a kind of way bricked my phone. I attempted to replace wpa_supplicant file as per some of the instructions, needless to say the update failed and me in my pure genius figure I would simply factory reset and reboot. Which I ended up doing, the problem now is that the WIFI does not turn on and my tab has been unrooted, I no longer have any file explorer app on the phone and I can't download anything. Does anybody know how I can gain access to the root files so that I may revert back the old file, or somehow install an apk file from the mini sdcard or even get access to the internet via bluetooth or USB. Anything would be helpful.
FYI - I am trying to gain access to my root files using Android SDK, but I've always had problems getting any of my pc to find any of the android stuff when plugged in.
Ph0tin0 said:
HI Guys,
Maybe somewhat can help me out here, in my attempt to update my Acer A500, I may have in a kind of way bricked my phone. I attempted to replace wpa_supplicant file as per some of the instructions, needless to say the update failed and me in my pure genius figure I would simply factory reset and reboot. Which I ended up doing, the problem now is that the WIFI does not turn on and my tab has been unrooted, I no longer have any file explorer app on the phone and I can't download anything. Does anybody know how I can gain access to the root files so that I may revert back the old file, or somehow install an apk file from the mini sdcard or even get access to the internet via bluetooth or USB. Anything would be helpful.
FYI - I am trying to gain access to my root files using Android SDK, but I've always had problems getting any of my pc to find any of the android stuff when plugged in.
Click to expand...
Click to collapse
I was in this court just yesterday, swearing up and down for some reason.
You'll need the root explorer apk, gingerbreak apk and the original wpa_supplicant file posted all over XDA.
Download and install Android SDK. It will also make you download the Java SDK too before you install the Android one. Start installing the Android SDK. It will seem like it's going to take forever, but you really only need what's in the folders 2 minutes in.
Go into the program files folder where the SDK stuff is and rip the 3 ADB files out and place them in their own folder. Mine were in: c:\program files\android\android-sdk\platform-tools\
I took the 3 files out and placed them in c:\and\
Place the apks in the c:\and\ folder
Make sure the driver files are installed from the Acer website.
Make sure USB bugging and apps from outside sources are enabled in settings on the tab.
Plug the tab into the PC via USB.
Open up the command prompt and go to the c:\and\ folder
then type
adb install c:\and\rootexplorer.apk
ENTER
then
adb install c:\and\gingerbreak-v1.20.apk
ENTER
The apps should be now installed on the tab.
Then just transfer the wpa_supplicant file over and you're right where you need to be.
Make sure you change the permissions on the wpa_supplicant file like you did the first time (enable everything read/write/etc etc) by holding on the wpa_supplicant file that you paste.
rorytmeadows said:
Open up the command prompt and go to the c:\and\ folder
then type
adb install c:\and\rootexplorer.apk
ENTER
then
adb install c:\and\gingerbreak-v1.20.apk
ENTER
The apps should be now installed on the tab.
Then just transfer the wpa_supplicant file over and you're right where you need to be.
Make sure you change the permissions on the wpa_supplicant file like you did the first time (enable everything read/write/etc etc) by holding on the wpa_supplicant file that you paste.
Click to expand...
Click to collapse
You are my new hero, all this time I've been trying to get Android ADK to recognize my tablet, but to no success. All I had to do was run ADB, which Ironically I had done, but only to see if it recognizes my unit. I was not aware I can install apps with it.
I'm not worthy... I'm not worthy
A million thank you's, now to try and get 3.1 installed and hopefully Googel/android was smart enough to put in a stock file explorer.
Not working wifi hardware
Somewhat similar to what happened to this guy. But to be specific, I am using an acer a500 originally on a rooted ics 4.0.3, i remember using lucky patcher and using the custom patch on adobe flash player then i saw an update regarding busybox and superSU...i was able to install the busybox updater but not the superSU since i remembered i already had superuser. I opened superuser and then it updated...from then on...I lost my wifi...at start it was still there but it can't connect. also, i lost my root because i no longer am able to use titanium backup. double checking it, i downloaded a root checker and it displayed not properly rooted. seeing this, i thought it's been a long time since i've updated my rom so i might as well upgrade everything...my bootloader, kernel, rom. So i first degraded it by flashing to the full package stock HC 3.1 ROM (it had an old HC 3.1 bootloader). Then i noticed i can no longer turn on my wifi and use my old apps...I flashed it back to a NON-rooted stock ics 4.0.3 thinking it might fix it...but it did not. HELP please...
Update/SOLVED: the guide for Gapps by zedomax wasn't working for me, but by going through and re-reading the Complete Video Guide (here) I found the video specifically for installing the android market (here) and was able to follow it successfully. There were several steps that noobs like me wouldn't have known to do just from the other guide.
Click to expand...
Click to collapse
Hi, I've been trying for a few days to install the google apps (gapps) package on my kindle fire, which during that time has been rooted via kindlewater on version 6.2.2 and now has been flashed with the rooted 6.3 rom.
I am able to verify that I am rooted, can adb into the device and can sideload apps over usb. I have root explorer, es file manager, file expert, etc but am never able to get past the first install of the gapps package, where i'm supposed to navigate to the GoogleServicesFramework.apk and install it. Every time I try to install it i get an error "application not installed" and it doesn't seem to matter that I'm rooted and that the app (e.g. file expert) has its settings set to "root" level permissions.
I also note that I am unable to move vending.apk from its location to the system/app folder, no idea how I am to achieve a read/write setting on that folder. I am able to "see" that i have rwxr or something like it but that doesnt let me move the file into that folder so not sure what to do.
Is there some critical step I am missing?
Thanks!
summary: kindle fire rooted on 6.3 via the secured rom found on this forum, mac is running osx 10.6.8.
Edit: Sorry for not maintaining this thread for a long time (rl stuff) but after all I really recommend you switching to LineageOS. It's very straightforward, you have full Play Store and Amazon access and a smooth, nice, customizable and clean android. Also you don't have to worry about your device getting incompatible to the Play Store^^ or bricking your device by accidental updates.
Srsly, don't do anything below here. It's old and not supported anymore. Also before doing anything to your tablet: Unlock the Bootloader here
So you finally rooted your Kindle Fire HDX 7/8.9 on 4.5.2
and you want to start using it but remembered that amazons updates kill everything, searched for a method to bypass it and fortunately found this thread.(You Sir are very lucky)
So lets start:
1. How to disable OTA updates
Step 1:
Get a file explorer which has root access (I used ES File Explorer because it was already in the Amazon App Store but every other file explorer should work too)
Step 2:
Browse to /system/priv-app/ and search for DeviceSoftwareOTA.apk
Step 3:
Just rename DeviceSoftwareOTA.apk to whatever you like (Important: After renaming the file mustn't end with .apk)
Step 4:
Profit! You can now access the internet freely without the fear of evil amazon updates
But you want to install apps on your Kindle so
2. How to install Google Play Apps
Step 1:
Aquire the GApps for KitKat. Preferably here
Step 2:
Extract it to your Kindle and copy everything except for PrebuiltGMSCore.apk, META-INF and addon.d in the similar system folder (apps in system/app folder go to system/app folder (the real one))
Step 3:
Install PrebuiltGMSCore.apk manually like you would install any normal apk
Step 4:
Reboot (eventually it takes a bit longer)
Step 5:
PROFIT!!!! You have a fully working Play Store!
Obviously i don't take any responsibility if anything goes wrong (even though this procedure should be pretty safe)
Just rename DeviceSoftwareOTA.apk to whatever you like
Click to expand...
Click to collapse
You need specify that need to change the extension exactly
Potato_of_Doom said:
Step 5:
PROFIT!!!! You have a fully working Play Store!
Click to expand...
Click to collapse
Worked great but for some reason on my kindle hdx 7" running 4.5.2 when I booted up the SetupWizard came up to select my language and then when I clicked the big arrow it dumped me into the wireless settings screen and I was stuck. I had to eventually remove /system/priv-app/SetupWizard.apk. You might want to recommend users not including this as well on the off chance it causes the same problem I had. After I fixed this I just clicked on the play store and it prompted me to login.
Potato_of_Doom said:
So you finally rooted your Kindle Fire HDX 7/8.9 on 4.5.2
and you want to start using it but remembered that amazons updates kill everything, searched for a method to bypass it and fortunately found this thread.(You Sir are very lucky)
So lets start:
1. How to disable OTA updates
Step 1:
Get a file explorer which has root access (I used ES File Explorer because it was already in the Amazon App Store but every other file explorer should work too)
Step 2:
Browse to /system/priv-app/ and search for DeviceSoftwareOTA.apk
Step 3:
Just rename DeviceSoftwareOTA.apk to whatever you like (Important: After renaming the file mustn't end with .apk)
Step 4:
Profit! You can now access the internet freely without the fear of evil amazon updates
But you want to install apps on your Kindle so
2. How to install Google Play Apps
Step 1:
Aquire the GApps for KitKat. Preferably here
Step 2:
Extract it to your Kindle and copy everything except for PrebuiltGMSCore.apk, META-INF and addon.d in the similar system folder (apps in system/app folder go to system/app folder (the real one))
Step 3:
Install PrebuiltGMSCore.apk manually like you would install any normal apk
Step 4:
Reboot (eventually it takes a bit longer)
Step 5:
PROFIT!!!! You have a fully working Play Store!
Obviously i don't take any responsibility if anything goes wrong (even though this procedure should be pretty safe)
Click to expand...
Click to collapse
do i put <app etc framework lib priv-app> in /system dir
candiflan said:
do i put <app etc framework lib priv-app> in /system dir
Click to expand...
Click to collapse
Yes you can copy everything, just look out for /priv-app/PrebuiltGMSCore.apk (If you try to copy it you'll get a memory error)
@awinston
Thats strange. On my kindle it worked without any issues
Potato_of_Doom said:
Yes you can copy everything, just look out for /priv-app/PrebuiltGMSCore.apk (If you try to copy it you'll get a memory error)
@awinston
Thats strange. On my kindle it worked without any issues
Click to expand...
Click to collapse
Got it thanks
awinston said:
Worked great but for some reason on my kindle hdx 7" running 4.5.2 when I booted up the SetupWizard came up to select my language and then when I clicked the big arrow it dumped me into the wireless settings screen and I was stuck. I had to eventually remove /system/priv-app/SetupWizard.apk. You might want to recommend users not including this as well on the off chance it causes the same problem I had. After I fixed this I just clicked on the play store and it prompted me to login.
Click to expand...
Click to collapse
How did you remove /system/priv-app/SetupWizard.apk
After doing this to get gapps, I am receiving license error when attempting to play amazon instant videos. Any ideas?
Edit: obviously did something to drm as I can't access kindle books either.
Anyone know a way to fix? Thanks
candiflan said:
How did you remove /system/priv-app/SetupWizard.apk
Click to expand...
Click to collapse
Never mind I rename SetupWizard.apk to SetupWizard.apk.old this is what I did
adb shell "su -c 'mount -o rw,remount /system'"
adb shell "su -c 'mv /system/priv-app/SetupWizard.apk /system/priv-app/SetupWizard.apk.old'"
adb shell "su -c 'mount -o ro,remount /system'"
Is there a recommendation on installing the gapps via this method, versus the HDXposed method?
It sounds like this is easier and slightly less risky.
Sent from my KFTHWI using Tapatalk
Potato_of_Doom said:
So you finally rooted your Kindle Fire HDX 7/8.9 on 4.5.2
and you want to start using it but remembered that amazons updates kill everything, searched for a method to bypass it and fortunately found this thread.(You Sir are very lucky)
So lets start:
1. How to disable OTA updates
Step 1:
Get a file explorer which has root access (I used ES File Explorer because it was already in the Amazon App Store but every other file explorer should work too)
Step 2:
Browse to /system/priv-app/ and search for DeviceSoftwareOTA.apk
Step 3:
Just rename DeviceSoftwareOTA.apk to whatever you like (Important: After renaming the file mustn't end with .apk)
Step 4:
Profit! You can now access the internet freely without the fear of evil amazon updates
But you want to install apps on your Kindle so
2. How to install Google Play Apps
Step 1:
Aquire the GApps for KitKat. Preferably here
Step 2:
Extract it to your Kindle and copy everything except for PrebuiltGMSCore.apk, META-INF and addon.d in the similar system folder (apps in system/app folder go to system/app folder (the real one))
Step 3:
Install PrebuiltGMSCore.apk manually like you would install any normal apk
Step 4:
Reboot (eventually it takes a bit longer)
Step 5:
PROFIT!!!! You have a fully working Play Store!
Obviously i don't take any responsibility if anything goes wrong (even though this procedure should be pretty safe)
Click to expand...
Click to collapse
Doesnt work on my Apollo. I downloaded GAPPS 036 (320DPI) and follow your steps. But it doesn't work and I cannot copy phonesky.apk, i have to manually install it. I copied system folder using ES Explorer. Do I have to set permit for files??
Thanks
tuanda82 said:
Doesnt work on my Apollo. I downloaded GAPPS 036 (320DPI) and follow your steps. But it doesn't work and I cannot copy phonesky.apk, i have to manually install it. I copied system folder using ES Explorer. Do I have to set permit for files??
Thanks
Click to expand...
Click to collapse
I had issues when I tried ES Explorer. I used Root Explorer with no issues. Also, make sure to set perms to RW R R to match other files in all the directories.
tuanda82 said:
Doesnt work on my Apollo. I downloaded GAPPS 036 (320DPI) and follow your steps. But it doesn't work and I cannot copy phonesky.apk, i have to manually install it. I copied system folder using ES Explorer. Do I have to set permit for files??
Thanks
Click to expand...
Click to collapse
Did you get an error message?
Notifications not working
Anyone else having problems not receiving notifications? I am not receiving notifications about updates from google play and I am not receiving notifications from apps where they have been enabled. I took a quick look at some test apps on the store and I never receive the notifications through those apps either. Below is a log cat from a test notifications app. I did some reading and it seems to suggest maybe the individual apps are not configured correctly but I will need to keep digging. Will keep digging, just not very familiar with c2dm so wanted to ask.
03-03 11:17:24.787 2024-4230/? I/GCM﹕ GCM message com.firstrowria.pushnotificationtester 0:1425403044280977%c5da679ff9fd7ecd
03-03 11:17:24.797 2024-2024/? W/GCM-DMM﹕ broadcast intent callback: result=CANCELLED forIntent { act=com.google.android.c2dm.intent.RECEIVE pkg=com.firstrowria.pushnotificationtester (has extras) }
03-03 11:17:24.797 937-966/? W/BroadcastQueue﹕ Permission Denial: broadcasting Intent { act=com.google.android.c2dm.intent.RECEIVE flg=0x10 pkg=com.firstrowria.pushnotificationtester (has extras) } from com.google.android.gsf (pid=2024, uid=10003) requires com.google.android.c2dm.permission.SEND due to receiver com.firstrowria.pushnotificationtester/.broadcast.GCMReceiver
Potato_of_Doom said:
Did you get an error message?
Click to expand...
Click to collapse
@riggsandroid: I tried root explorer and set permissions, same results.
@Potato_of_Doom: It closed without message. On the first boot, I can log in my account but after the home screen loading, PlayStore closed without warning. next time playstore close without warning (very fast). It is seem another Google service still working except playstore. I can log in to my play games account and load Clash of clans data without problems.
tuanda82 said:
@riggsandroid: I tried root explorer and set permissions, same results.
Click to expand...
Click to collapse
@tuanda82 I had similar issues when I didn't remember to install the GMS Core apk after moving all files over. Just a thought.
awinston said:
Anyone else having problems not receiving notifications?
Click to expand...
Click to collapse
Discovered a fix. I had to install Xposed and HDXposed. This leads me to wonder whether the technique used to install gapps with HDXposed might not be the better and safer solution if notifications only work with HDXposed. Anyone else have notifications working without HDXposed installed? After looking through the HDXposed code it looks like this is probably the only solution but maybe I am missing something.
candiflan said:
do i put <app etc framework lib priv-app> in /system dir
Click to expand...
Click to collapse
I don't want to confuse anyone, but you really don't want to overwrite the folders, just add files to their corresponding location within their like-named partition directories.
If you are comfortable with adb shell commands, I find it easiest to actually move all the folders from the zip into the data or a newly created system folder & then use batch scripts that take advantage of the * wildcard call, such as *.apk, to change ownership & permission setting to 644 for all files at one time. I don't have time to list it all out all the steps right now, but if you have been playing with adb for a while, you probably already know what I am talking about. You can also do the same thing, live in the system folder, but I personally like to segregate the new files so I can check several & then move them all over at once, after I am confident all the changes were made via the shell commands.
Potato_of_Doom said:
So you finally rooted your Kindle Fire HDX 7/8.9 on 4.5.2
and you want to start using it but remembered that amazons updates kill everything, searched for a method to bypass it and fortunately found this thread.(You Sir are very lucky)
So lets start:
1. How to disable OTA updates
Step 1:
Get a file explorer which has root access (I used ES File Explorer because it was already in the Amazon App Store but every other file explorer should work too)
Step 2:
Browse to /system/priv-app/ and search for DeviceSoftwareOTA.apk
Step 3:
Just rename DeviceSoftwareOTA.apk to whatever you like (Important: After renaming the file mustn't end with .apk)
Step 4:
Profit! You can now access the internet freely without the fear of evil amazon updates
But you want to install apps on your Kindle so
2. How to install Google Play Apps
Step 1:
Aquire the GApps for KitKat. Preferably here
Step 2:
Extract it to your Kindle and copy everything except for PrebuiltGMSCore.apk, META-INF and addon.d in the similar system folder (apps in system/app folder go to system/app folder (the real one))
Step 3:
Install PrebuiltGMSCore.apk manually like you would install any normal apk
Step 4:
Reboot (eventually it takes a bit longer)
Step 5:
PROFIT!!!! You have a fully working Play Store!
Obviously i don't take any responsibility if anything goes wrong (even though this procedure should be pretty safe)
Click to expand...
Click to collapse
There's another way to get working playstore:
You need enough system store to flash gapps by recovery. To get this, change some system apps to user apps (for example by titanium backup). Don't do this with 'really' system apps, but there are many Amazon apps, you can change (for example kindle reader, music, audible). You can still use these apps after change. Then you can flash with twrp a small gapps package.
Security path is of june 2017. ro.build.version.security_patch=2017-06-01
We can try all exploits which came after that.
So far not able to find any exploit for tank, I'm sharing the latest bin and extract so we can collectively find some.
Drive Link
Succeeded with this exploit https://www.xda-developers.com/janus-vulnerability-android-apps/.
Able to modify and update system apps and gain system app privilege.
Script used > https://github.com/V-E-O/PoC/tree/master/CVE-2017-13156
i have only tested this on tank since i don't have other devices. Theoretically it should also work on all fire devices which don't have latest security patch.
install this apk to block installing new update from amazon. it will still download the ota bin file for you to experiment, but the ota install will fail as the install code is removed.
I'm not that expert so can you clarify for me? Can you use this exploit to add supersu or any other root method?
I have a US fire TV 3, a US FireTvStick 2 and an italian FireTvStick 2 Basic edition. Can I test this on any of them?
EDIT: All of them have updates blocked on my router. Can't rempember on what Os version they are though. But pretty sure a very early one.
EDIT#2: Reading better I guess it's not possible cause the exploit can only modify SYSTEM APPS permissions? Not sure if a non system app installed by user crafted to install su binaries can work?
EDIT#3: Reading better I understood that if you craft a dex file makiing it look like a legitimate update of a high privileged system app you can inherit its privileges and execute your code. So maybe there are hopes. Thanks again for your effort. Really interesting.
Thanks and nice work.
puppinoo said:
I'm not that expert so can you clarify for me? Can you use this exploit to add supersu or any other root method?
I have a US fire TV 3, a US FireTvStick 2 and an italian FireTvStick 2 Basic edition. Can I test this on any of them?
EDIT: All of them have updates blocked on my router. Can't rempember on what Os version they are though. But pretty sure a very early one.
EDIT#2: Reading better I guess it's not possible cause the exploit can only modify SYSTEM APPS permissions? Not sure if a non system app installed by user crafted to install su binaries can work?
EDIT#3: Reading better I understood that if you craft a dex file makiing it look like a legitimate update of a high privileged system app you can inherit its privileges and execute your code. So maybe there are hopes. Thanks again for your effort. Really interesting.
Thanks and nice work.
Click to expand...
Click to collapse
As of now no super user, still looking for loop holes to use system permission to disable SELinux security.
Yes you can try installing. But if it fails, you will have to pull your system app and modify.
This apk is based on Fire OS 5.2.6.3 bin also works on Fire OS 5.2.6.2.
ranjeet choudhary said:
install this apk to block installing new update from amazon. it will still download the ota bin file for you to experiment, but the ota install will fail as the install code is removed.
Click to expand...
Click to collapse
Where does the downloaded OTA sit? Will this blocking app work for other Fire devices such as Fire tablets?
ranjeet choudhary said:
As of now no super user, still looking for loop holes to use system permission to disable SELinux security.
Yes you can try installing. But if it fails, you will have to pull your system app and modify.
This apk is based on Fire OS 5.2.6.3 bin also works on Fire OS 5.2.6.2.
Click to expand...
Click to collapse
I researched Fire system app permissions a while ago, see this post https://forum.xda-developers.com/showpost.php?p=75226706&postcount=65
You can use a script like this to dump info for all system apps, and then look through the output:
Code:
for p in `pm list package -s | ./busybox awk -F"package:" '{print $2}'`; do echo -n "$p: "; dumpsys package $p ; done
(this requires that you upload 'busybox' to /data/local/tmp, and run it there)
What I observed is that SuperSu adds a whole new level of permissions to the system (a giant hole, if you will). None of the existing apps have that level of access. Of the existing system apps, it seemed that devicesoftwareota had some of the juicer permissions, which that still is not much. All it effectively does is that it grabs the update bin from the Internet, sticks it to a designated directory, and reboots to recovery which will continue the update. This can already be achieved on tablets via the sideloading option in recovery. I don't recall I spotted an existing app that could read the whole /data directory, as to enable backups in a simple format.
I've attached the output for devicesoftwareota for FireHD 10 2017, but that should be similar to the Fire stick.
Anyway, please do share if you find anything good!!!
ranjeet choudhary said:
Security path is of june 2017. ro.build.version.security_patch=2017-06-01
We can try all exploits which came after that.
So far not able to find any exploit for tank, I'm sharing the latest bin and extract so we can collectively find some.
Drive Link
Click to expand...
Click to collapse
Good job! I have not seen the bin file available elsewhere - Amazon obfuscated the links to it quite well.
Just for kicks, I unpacked it, and installed com.amazon.tv.launcher on top of the one I had. So I now have an updated launcher:
Code:
Package [com.amazon.tv.launcher] (2b2540ce):
userId=32072 gids=[3003, 1028, 1015, 3002]
pkg=Package{c86435c com.amazon.tv.launcher}
codePath=/data/app/com.amazon.tv.launcher-1
versionCode=600612610 targetSdk=22
versionName=6.0.0.6-126
...
Hidden system packages:
Package [com.amazon.tv.launcher] (3f5557eb):
userId=32072 gids=[]
pkg=Package{22e23948 com.amazon.tv.launcher}
codePath=/system/priv-app/com.amazon.tv.launcher
versionCode=573001710 targetSdk=22
versionName=5.7.3-17
I may try your devicesoftwareota.apk at some point too.
bibikalka said:
Where does the downloaded OTA sit? Will this blocking app work for other Fire devices such as Fire tablets?
I researched Fire system app permissions a while ago, see this post https://forum.xda-developers.com/showpost.php?p=75226706&postcount=65
You can use a script like this to dump info for all system apps, and then look through the output:
Code:
for p in `pm list package -s | ./busybox awk -F"package:" '{print $2}'`; do echo -n "$p: "; dumpsys package $p ; done
(this requires that you upload 'busybox' to /data/local/tmp, and run it there)
What I observed is that SuperSu adds a whole new level of permissions to the system (a giant hole, if you will). None of the existing apps have that level of access. Of the existing system apps, it seemed that devicesoftwareota had some of the juicer permissions, which that still is not much. All it effectively does is that it grabs the update bin from the Internet, sticks it to a designated directory, and reboots to recovery which will continue the update. This can already be achieved on tablets via the sideloading option in recovery. I don't recall I spotted an existing app that could read the whole /data directory, as to enable backups in a simple format.
I've attached the output for devicesoftwareota for FireHD 10 2017, but that should be similar to the Fire stick.
Anyway, please do share if you find anything good!!!
Click to expand...
Click to collapse
You can find the ota files here
/sdcard/Android/data/com.amazon.device.software.ota/
Haven't tested on Fire tablets, you can try and let us know.
ranjeet choudhary said:
You can find the ota files here
/sdcard/Android/data/com.amazon.device.software.ota/
Haven't tested on Fire tablets, you can try and let us know.
Click to expand...
Click to collapse
is there a way to get a 5.2.6.3 flashable zip for the fire tv 2 box from this?
Which launcher do you have now? can we replace that launcher with any other launcher? I could code a gui for drag/drop so we add the apk then the exploit generates the apk. Of course the tool would tell us which system apps are available and with what they could be replaced. Another interesting question is would we be able to remove the bloatware by adding replacing system apps with empty apks?
bibikalka said:
Good job! I have not seen the bin file available elsewhere - Amazon obfuscated the links to it quite well.
Just for kicks, I unpacked it, and installed com.amazon.tv.launcher on top of the one I had. So I now have an updated launcher:
Code:
Package [com.amazon.tv.launcher] (2b2540ce):
userId=32072 gids=[3003, 1028, 1015, 3002]
pkg=Package{c86435c com.amazon.tv.launcher}
codePath=/data/app/com.amazon.tv.launcher-1
versionCode=600612610 targetSdk=22
versionName=6.0.0.6-126
...
Hidden system packages:
Package [com.amazon.tv.launcher] (3f5557eb):
userId=32072 gids=[]
pkg=Package{22e23948 com.amazon.tv.launcher}
codePath=/system/priv-app/com.amazon.tv.launcher
versionCode=573001710 targetSdk=22
versionName=5.7.3-17
I may try your devicesoftwareota.apk at some point too.
Click to expand...
Click to collapse
Anyone have any pre-configured apk's available to replace the amazon launcher with an alternative using the janus exploit?
I cannot get the janus exploit to work with windows + phyton 2.7
Code:
cd_start_addr = struct.unpack("<L", apk_data[cd_end_addr+16:cd_end_addr+20])[0]
struct.error: unpack requires a string argument of length 4
Will need to try linux, mac, or python 3.0
juanse254 said:
Which launcher do you have now? can we replace that launcher with any other launcher? I could code a gui for drag/drop so we add the apk then the exploit generates the apk. Of course the tool would tell us which system apps are available and with what they could be replaced. Another interesting question is would we be able to remove the bloatware by adding replacing system apps with empty apks?
Click to expand...
Click to collapse
Im using appstarter. Yes you can replace launcher. And Yes its possible to replacing system apps with empty apks.
You can try the attached dummy apk which is replacing com.amazon.tv.oobe.apk. oobe is responsible for triggering default launcher and apply any locks by amazon to block the device and also prevent BOOT_COMPLETED. This dummy apk kills the oobe so that we can listen for BOOT_COMPLETED in other apps and replace launcher.
ranjeet choudhary said:
Im using appstarter. Yes you can replace launcher. And Yes its possible to replacing system apps with empty apks.
You can try the attached dummy apk which is replacing com.amazon.tv.oobe.apk. oobe is responsible for triggering default launcher and apply any locks by amazon to block the device and also prevent BOOT_COMPLETED. This dummy apk kills the oobe so that we can listen for BOOT_COMPLETED in other apps and replace launcher.
Click to expand...
Click to collapse
Sigh
This looked to be the best chance I had at killing the Amazon TV Launcher on my FireTV 2 (5.2.6.2) but it said it was already installed when I tried (adb install out1.apk)
It 'succeeded' when I forced a reinstall (adb install -r out1.apk) but on a reboot the TV Launcher came up
Anything else I can try?
ranjeet choudhary said:
install this apk to block installing new update from amazon. it will still download the ota bin file for you to experiment, but the ota install will fail as the install code is removed.
Click to expand...
Click to collapse
can i use this to stop my tank 5.2.6.3 from updating to 5.2.6.7?
have router blocking working (with some...tinkering), but would like to be able to connect to other networks without worry of update.
A request
Hello,
I'm sure you have noticed the flurry of successfully rooted Fire TV devices lately, including the Fire TV Stick 2, Fire TV 3 and Cube.
Which would seem to make this exploit now obsolete. But not your modified DeviceSoftwareOTA.apk, which I used on my stick to block updates until I recently rooted it.
At current, the Fire TV Stick 2 has the most up to date software. But the Cube and Pendant are behind on updates because there is no way to download them without
some risk of the possibility of losing root for which the exploit has now been patched. But a modified DeviceSoftwareOTA.apk for these devices that would download the
update and not initiate an install would be an elegant solution. Allowing us to pull the update from the device and install it in a different manner.
This type of modification is unfortunately beyond my skill level, so I have attached a link to the current apk from one of these devices.
And am asking, if you have time, could you please have a look at it. And tell me if yours would work in its place, or modify it as you did yours by removing the install code.
Your help would be greatly appreciated.
Thanks.
DeviceSoftwareOTA.apk
2WhlWzrd said:
But a modified DeviceSoftwareOTA.apk for these devices that would download the
update and not initiate an install would be an elegant solution. Allowing us to pull the update from the device and install it in a different manner.
Click to expand...
Click to collapse
This exploit was patched above 5.2.6.3., if your FTV3/Cube is at a higher firmware, forget about this...
2WhlWzrd said:
Hello,
I'm sure you have noticed the flurry of successfully rooted Fire TV devices lately, including the Fire TV Stick 2, Fire TV 3 and Cube.
Which would seem to make this exploit now obsolete. But not your modified DeviceSoftwareOTA.apk, which I used on my stick to block updates until I recently rooted it.
At current, the Fire TV Stick 2 has the most up to date software. But the Cube and Pendant are behind on updates because there is no way to download them without
some risk of the possibility of losing root for which the exploit has now been patched. But a modified DeviceSoftwareOTA.apk for these devices that would download the
update and not initiate an install would be an elegant solution. Allowing us to pull the update from the device and install it in a different manner.
This type of modification is unfortunately beyond my skill level, so I have attached a link to the current apk from one of these devices.
And am asking, if you have time, could you please have a look at it. And tell me if yours would work in its place, or modify it as you did yours by removing the install code.
Your help would be greatly appreciated.
Thanks.
DeviceSoftwareOTA.apk
Click to expand...
Click to collapse
Thanks for the update on root, i totally missed it. this opens a whole lot of modification possible. Let me check if the exploit still works. Even if it doesn't work, with root we can force replace with modified apk.
I read some time ago that there will be a new update that will block Kodi is this an update that could do this ?
ranjeet choudhary said:
Thanks for the update on root, i totally missed it. this opens a whole lot of modification possible. Let me check if the exploit still works. Even if it doesn't work, with root we can force replace with modified apk.
Click to expand...
Click to collapse
Thank you, for your reply.
I thought that it should be possible to force this with root, these devices have Fire OS 6 — Based on Android 7.1 (API level 25).
So I don't think the vulnerability would apply, would it? Unlike the 2nd generation stick with Fire OS 5 — Based on Android 5.1 (API Level 22).
But there still may be hope.
We are rooted with Magisk and I have installed the Magisk port of Xposed. And there is HDXposed, which is said to be able to
disable the signature check. But I don't see anyone using it with Fire OS 6 yet, only Fire OS 5 mods. So I don't know it will work anyway.
I shall patiently await your reply.
Thanks again for your efforts.
[deleted]
So, I tried This on my hd 8 2017 after rooting it. it didn't work and i ended up deleting /system/priv-app/FireTabletSettings instead of just the apk (when it didn't work) so i couldn't/can't open settings. this was my first time rooting, so i don't know anything, and thinking factory resetting would fix it, i reset it using recovery. turns out that doesn't do anything to system modifications. not even if i can get a settings apk, i can't enable ADB because i can't go into settings to enable it. i think i still have root at least. Any help?
D Miller said:
So, I tried This on my hd 8 2017 after rooting it. it didn't work and i ended up deleting /system/priv-app/FireTabletSettings instead of just the apk (when it didn't work) so i couldn't/can't open settings. this was my first time rooting, so i don't know anything, and thinking factory resetting would fix it, i reset it using recovery. turns out that doesn't do anything to system modifications. not even if i can get a settings apk, i can't enable ADB because i can't go into settings to enable it. i think i still have root at least. Any help?
Click to expand...
Click to collapse
If you have a copy of your settings APK, you'll just copy it back to its place. You can use any root file explorer e.g. FX or ES File Explorer to do this job. I have the same device so I could provide you my version.
Amazon also offers factory images for recovery that will restore your system partition.
lassemacchiato said:
If you have a copy of your settings APK, you'll just copy it back to its place. You can use any root file explorer e.g. FX or ES File Explorer to do this job. I have the same device so I could provide you my version.
Amazon also offers factory images for recovery that will restore your system partition.
Click to expand...
Click to collapse
I can't copy it though, because I can't install any uknown apps, because I can't enable it through settings. Edit: i also don't have a copy.
D Miller said:
I can't copy it though, because I can't install any uknown apps, because I can't enable it through settings.
Click to expand...
Click to collapse
Download a factory image from Amazon and flash it via recovery. https://www.amazon.com/gp/help/customer/display.html?nodeId=202144610
lassemacchiato said:
What if you copy a file explorer to the /system/app directory and reboot?
Click to expand...
Click to collapse
I don't think i can get to the root directory to put it there...
Download the latest software for your device from Amazon (the US site seems to have the latest version) or at least use a version no lower than your current one. Copy it to the same folder as your ADB driver. Reboot to recovery mode, connect to your PC by USB cable and do an ADB sideload of the software. When it is done you will have to re-root and disable unwanted system apps etc.
Edit. Same solution as post #4