This is a guide on how to obtain temporary root on marshmallow stock ROM for the Honor5x. Works on KIW-L24 and should work fine for other models.
1. Install Android Studio.
2. Install NDK within android studio.
3. If you run
Code:
ndk-build
and it says command not found, you'll need to add the ndk-build path to your environmental variable. After you install NDK, 'ndk-build' file will exist on your computer. In Linux, the path location is ~/Android/Sdk/ndk/22.1.7171670/build/ndk-build
Ex.
Code:
export PATH=$PATH:/home/user123/Android/Sdk/ndk/22.1.7171670/build/
4. Download Dirty COW exploit and extract zip to a folder: https://github.com/timwr/CVE-2016-5195
5. Open terminal and navigate to 'CVE-2016-5195' directory.
6. Plug your phone in and make sure you can 'adb devices'.
7.
Code:
make root && adb shell;
8.a If you get error 'CANNOT LINK EXECUTABLE cannot locate symbol'. Then go to ~/Android/Sdk/ndk/22.1.7171670/build/gmsl and modify line 512 of '__gmsl' to say:
Code:
int_encode = $(__gmsl_tr1)$(wordlist 1,$(words $1),$(__gmsl_input_int))
More Info See: https://stackoverflow.com/questions/17131691/non-numeric-second-argument-to-wordlist
8.b.
Code:
make root && adb shell;
9. If everything goes right, you should be inside the shell of the phone and you should see '#' instead of '$', which indicates root.
The command that gets executed that puts you in temporary root is
Code:
adb shell /system/bin/run-as
Now what I don't know is how to obtain permanent root from here. Most people are going to say 'unlock your bootloader and flash a different ROM'. While I agree, this is the ideal solution. But if you can't unlock bootloader then the next best thing is permanent root on your current build.
I got # after step 9. But how that is temporary root? Root checker app doesn't recognize as rooted device.
Related
Hey Boys and Girls,
where i can find an manual to root the tattoo with a mac?
sorry, i have search for this, but i cant find information for this
I don't thing that there is a difference.
As soon as you have SDK installed and adb works, the commands are the same.
hi,
i'm also doing all the rooting process from mac, just put the directory contain 'adb' shell into your home/user places and executing it with 'terminal'..
Same here, using a Mac ever since and also using it for Android development. Due to the underlying Unix core of OS X you just have to follow the steps as described for Linux. If it's just adb commands it's the same on every platform anyway.
You might want to add a
Code:
export PATH=${PATH}:/Users/yourusername/android.sdk/tools
to your .bash_profile file in your home folder so you don't have to cd to the SDK tools folder everytime. Happy rooting!
Mod. edit: not dev related, moved to general
Okay thanks for yours answers but i'm a newbie.
the background story is, I want to edit the boot.mp3. Because the startsound is really annoying
So i have download SDK, open the terminal and switch to usb-debbugging mode on my tattoo.
And now? sorry, I'm still missing a few knowledge
thanks for your help
well just use the various adb commands in Terminal Just type in "adb", press enter and you'll get a list of all possible commands. Assuming you've added the path to your sdk tools folder to your bash profile. Otherwise just drag & drop the adb binary from the tools folder onto your Terminal window, et voila.
The most used commands are probably push and pull where you can, well, push stuff to your phone or pull it to your computer.
So if you want to modify the boot.mp3 you would pull the original from the phone to your computer, modify it and push it back, overwriting the original file. In Terminal speak: ;-)
adb pull /system/media/bootscreen/boot.mp3
adb push /path/to/boot.mp3 /system/media/bootscreen/boot.mp3
Please note depending on the ROM you're using the paths may be different. To browse the device via Terminal type in "adb shell" and make a simple "ls" to list the directories, "cd" to change directories etc.
Or if you just want to use another mp3:
adb push /path/to/whatever.mp3 /system/media/bootscreen/boot.mp3
Again, on the Mac you can just drag & drop files onto the Terminal to get their full Unix paths like to your custom mp3
Thanks a lot. i love it its really simple
and now i have load and edit the the boot.mp3. But i can't push it to my tattoo, because i can only read but not write
I have tried to root my phone with "adb root" but it is the message "adbd cannot run as root in production builds"
Terminal: "adb remount", then push again
damn the next bad message "remount failed: Operation not permitted"
You need to root your phone first.
http://forum.xda-developers.com/showthread.php?t=637927
Okay i have executed the instructions. But I've stop at this part:
You should get something like this:
Code:
# id
uid=0(root) gid=1000(shell) groups=1003(graphics),1004(input),1007(log),1011(adb),1015(sdcard_rw),3001(net_bt_admin),3002(net_bt),3003(inet)
uid=0(root) is important.
Click to expand...
Click to collapse
Yes i've root but i'cant download the "su binary" because its doesnt exist.
But its absolute essential to need the "su binary" to only copy the boot.mp3 to my phone? Or there is an other way? What are the commands to push the boot.mp3 back to may tattoo then i'm in the root mode like >> "#".
okay hope you understand me
You need "su" to do root stuff... no other way.
Download the package from 1 click root thread and find "su" there...
http://forum.xda-developers.com/showthread.php?t=644279
now, i have install the su binary. Then i does this command
user:~ user$ /Users/user/android-sdk-mac_86/tools/adb shell
$ /data/local/bin/su
#
Click to expand...
Click to collapse
And now? Is there a comand to push the boot.mp3 back to the phone in this mode >> "#" ?
I have try to open an new terminal window and type
adb push /path/to/boot.mp3 /system/media/bootscreen/boot.mp3
Click to expand...
Click to collapse
but the answer is
failed to copy '/Users/android-sdk-mac_86/boot.mp3' to '/system/media/bootscreen/boot.mp3': Permission denied
Click to expand...
Click to collapse
and adb remount doesnt work to
You also need tattoo-hack.ko file and do insmod tattoo-hack.ko to make /system writable.
Or even better... flash custom amon_ra recovery image and then a custom rom with all this already included.
Mine for example http://forum.xda-developers.com/showthread.php?t=702401
It doesnt have boot sound enabled
Okay thank you very much.
now it was successful
I have a tip for everyone who use adb and fastboot in linux.
In most of the tutorials i see that you have go to exac folder to use them, but there is quite simple think you can do to use them from anywhere in your consol. All you have to do is
1. go in consol to the folder where you have adb and fastboot
2. then give command
Code:
sudo nautilus
or
Code:
su
nautilus
This should open a window with root permissions
3. in this windows you need to create shourtcats for adb and fastboot by right click mouse menu.
4. Next you need to cut shourtcats you created and place in folder /bin (you need to do this in the same window beacose you need to have root permissions to paste anything there.
5. And last think you need to do when you paste them it`s change there name`s for adb and fastboot.
Now you can use this commands without "./" and firstly you do not need to go to the folder where they realy are.
Now let say you have an system.img in /home/user/data you can now flash your phone in this way
Code:
su
cd /home/user/data
fastboot flash system system.img
or
Code:
su
fastboot flash system /home/user/data/system.img
su gives root permitions
Now i want to apologize for my english
If any one want to add this to his tutorial please give link for this thread or just write it`s made by me
abrams89 said:
I have a tip for everyone who use adb and fastboot in linux.
In most of the tutorials i see that you have go to exac folder to use them, but there is quite simple think you can do to use them from anywhere in your consol. All you have to do is
1. go in consol to the folder where you have adb and fastboot
2. then give command
Code:
sudo nautilus
or
Code:
su
nautilus
This should open a window with root permissions
3. in this windows you need to create shourtcats for adb and fastboot by right click mouse menu.
4. Next you need to cut shourtcats you created and place in folder /bin (you need to do this in the same window beacose you need to have root permissions to paste anything there.
5. And last think you need to do when you paste them it`s change there name`s for adb and fastboot.
Now you can use this commands without "./" and firstly you do not need to go to the folder where they realy are.
Now let say you have an system.img in /home/user/data you can now flash your phone in this way
Code:
su
cd /home/user/data
fastboot flash system system.img
or
Code:
su
fastboot flash system /home/user/data/system.img
su gives root permitions
Now i want to apologize for my english
If any one want to add this to his tutorial please give link for this thread or just write it`s made by me
Click to expand...
Click to collapse
Sometimes SU alone wont switch to the root user in some distributions (eg. Ubuntu Variants) If you want to switch to root, type sudo su or type "sudo <name of program>" and it will run that program as root.
Jack
Hello all. I created a quick fix for a minor annoyance when using ADB on Ubuntu. It seems that at every reboot the adb server would not start as root and as a result i would end up with an error having to do with insufficient privileges when trying to run an adb command.
I created a fix; this might not be the right way to go so i'm open to suggestions, but so far it works for me.
I created a script to quickly restart the ADB server as root.
The script contains the following commands
adb kill-server
cd android-sdk-linux_x86/platform-tools
sudo ./adb start-server
adb devices
Notes:
1. If adb is located somewhere else on your computer, modify the 2nd line to match that location.
2. It will ask you to elevate your privileges when you run it.
3. I placed the script in my home folder and gave it executable permissions so that i could run it by simply typing "./adbrestart" without the quotes from a freshly opened terminal. I recommend unzipping this into your home folder for that reason
Again, this is just a method that works well for me, if someone has a better method of doing this, please feel free to chime in.
Note read other installation methods for windows and mac. This might help fill in the blanks.
I know us linux users don't understand all the wordy talk in android so I will be short and specific.
Because adb and fastboot are not native to ubuntu or any linux distro you must place these executable files in /bin or /usr/bin folder.
Open terminal type sudo Nautilus.
You must be superuser to copy and paste to /bin file system.
Next select View>Extra Panel
Third step go into Home>Downloads adt-bundle-linux-x86.zip
Unzip and extract file
Now Open extracted folder adt-bundle-linux-x86>sdk>platform-tools
The folder above is where you will find both adb and fastboot just drag and drop them into /bin
Must also get Supersu.zip
As well as ClockworkMod
Ready to Unlock Bootloader, flash image and gain Root access.
Type:
1. adb reboot bootloader = will show if any items are unlocked will be in red writing.
Unlock Bootloader
2. fastboot oem unlock - will unlock bootloader and flash information. Means you lose the data.
Root Device
1. adb reboot bootloader - at this point the bootloader should be in red because it is unlocked.
2. sudo fastboot flash recovery '/home/unityman/Downloads/recovery-clockwork-6.0.2.0-mako.img'
What should follow is
sending 'recovery (7804 KB)... OKAY
writing 'recovery'... OKAY
This point proceed to Clockworkmod by selecting it with the up and down volume
When in Clockworkmod select from sdcard again use up and down arrows and power button to confirm selection.
It should load the SuperSu.zip and show you have superuser permissions. Not when reboot SuperSu will ask if you want to grant su permissions select yes.
Note for ubuntu users. Because you loaded foreign terminal commands such as adb and fastboot. U will get error msg something wrong with file system. Nothing happens Ubuntu just complains about error in file system. I've ignored message and updated ubuntu twice.
Well got to run and load Ubuntu emulator
Cheers!
Happy Holidays
PS. What the biggest misunderstanding between linux and android is we don't grant Su or root permissions permanently. We grant superuser or temporary root permissions. Could you imagine if every person got onto your personal computer had root access system would be toast in 10 mins.
Thanks for the write up bro. I just wanted to point out that adb and fastboot are natively supported in Ubuntu 12.10.
Sent from my Nexus 4 using Tapatalk 2
culaterout said:
Note read other installation methods for windows and mac. This might help fill in the blanks.
I know us linux users don't understand all the wordy talk in android so I will be short and specific.
Because adb and fastboot are not native to ubuntu or any linux distro you must place these executable files in /bin or /usr/bin folder.
Open terminal type sudo Nautilus.
You must be superuser to copy and paste to /bin file system.
Next select View>Extra Panel
Third step go into Home>Downloads adt-bundle-linux-x86.zip
Unzip and extract file
Now Open extracted folder adt-bundle-linux-x86>sdk>platform-tools
The folder above is where you will find both adb and fastboot just drag and drop them into /bin
Must also get Supersu.zip
As well as ClockworkMod
Ready to Unlock Bootloader, flash image and gain Root access.
Type:
1. adb reboot bootloader = will show if any items are unlocked will be in red writing.
Unlock Bootloader
2. fastboot oem unlock - will unlock bootloader and flash information. Means you lose the data.
Root Device
1. adb reboot bootloader - at this point the bootloader should be in red because it is unlocked.
2. sudo fastboot flash recovery '/home/unityman/Downloads/recovery-clockwork-6.0.2.0-mako.img'
What should follow is
sending 'recovery (7804 KB)... OKAY
writing 'recovery'... OKAY
This point proceed to Clockworkmod by selecting it with the up and down volume
When in Clockworkmod select from sdcard again use up and down arrows and power button to confirm selection.
It should load the SuperSu.zip and show you have superuser permissions. Not when reboot SuperSu will ask if you want to grant su permissions select yes.
Note for ubuntu users. Because you loaded foreign terminal commands such as adb and fastboot. U will get error msg something wrong with file system. Nothing happens Ubuntu just complains about error in file system. I've ignored message and updated ubuntu twice.
Well got to run and load Ubuntu emulator
Cheers!
Happy Holidays
PS. What the biggest misunderstanding between linux and android is we don't grant Su or root permissions permanently. We grant superuser or temporary root permissions. Could you imagine if every person got onto your personal computer had root access system would be toast in 10 mins.
Click to expand...
Click to collapse
Thanks for the guide. I used this on my Ubuntu 12.10 box.
A few notes:
- I had to do add "sudo" for fastboot oem unlock so:
Code:
sudo fastboot oem unlock
- fastboot and adb are part of Ubuntu now as mentioned above, so I just installed using
Code:
sudo apt-get install android-tools-fastboot
sudo apt-get install android-tools-adb
Thanks again!
Thanks guys. I just successfully installed CWM and rooted my phone using the combination of your instructions.
I agree. Simple and clear instructions. Thanks for writing this up.
I downloaded the Android ADT package for Linux x64 (I run Debian Wheezy/Testing). Google distributes this as a zip, and it includes ADB etc, along with eclipse to start developing apps. I want to do that at some point so decided to download the whole thing. The problem though is that while the Eclipse binary included in the package is built for x64, adb and other tools are instead built for i386. So if you ./adb in the platform-tools directory, you will get a 'file or directory not found' error. To fix this -
Code:
sudo dpkg --add-architecture i386
sudo apt-get update
sudo apt-get install ia32-libs
You should now be able to execute adb, fastboot etc. I also recommend creating symlinks in the /usr/bin or similar for the tools you use frequently.
Please do never ever use sudo nautilus !!!
This might override the rights of some of your ~/ directory.
Use gksu/ gksudo instead.
Sent from my Nexus 4 using xda app-developers app
Nexus 4 Root via Linux Notes
I rooted my Nexus 4 with my Linux machine (Linux Mint) earlier today. I had a couple hiccups, notably:
If you download the 64-bit/x86_64 version of ADT (Android Developer Tools, i.e. adb/Eclipse/etc. for Android development), the executable tools such as adb and fastboot are actually 32-bit. If you have a relatively fresh Linux install, you need to install the 32-bit executable binaries (see note below). Otherwise you will get strange errors even though the files are marked executable.
I sometimes had issues with my computer connecting to the phone via USB, especially after rebooting the phone. I found simply swapping USB ports (switching between the mouse and the phone, for example) would cause the phone to be recognized again.
Otherwise the process was smooth.
Here are the notes I collected as I searched the forums and web for how to root the phone in case they are helpful to someone. They're not really in any particular order; it's just a collection of what I found.
I used the following instructions:
http://makegadgetswork.blogspot.com/2013/01/root-nexus-4-on-linux-mint-13-and.html
Code:
# It had been so long since I used my personal Linux box that I
# forgot the root password :).
# Reset root password and main user password
http://community.linuxmint.com/tutorial/view/339
# Boils down to:
1) Enter grub by holding down shift key during boot.
2) Change:
linux /boot/vmlinuz-3.0.0-12-generic root=UUID=[letters and numbers]\[letters and numbers] ro quiet splash vt.handoff=7
to:
linux /boot/vmlinuz-3.0.0-12-generic root=UUID=[letters and numbers]\[letters and numbers] rw init=/bin/bash
# In x86_64 disto of ADT (Android Developer Tools), ADB libs are 32-bit.
#
# Running the 32-bit libs without 32-bit support will cause strange errors
# such as 'adb: No such file or directory'
#
# Here is how to install 32-bit binary runtime support on your 64-bit OS:
apt-get install ia32-libs
# Also install Java:
apt-get install sun-java6-jdk
# How to mount Nexus 4 in Linux
http://forum.xda-developers.com/showthread.php?t=2004182
# How to backup phone prior to unlocking (unlocking will cause a factory reset)
http://forum.xda-developers.com/showpost.php?p=34744848&postcount=4
# Linux root guide (this is what I followed)
http://makegadgetswork.blogspot.com/2013/01/root-nexus-4-on-linux-mint-13-and.html
# Another good root guide (Windows oriented)
http://forum.xda-developers.com/showthread.php?t=2018179
# Linux root guide on XDA
http://forum.xda-developers.com/showthread.php?t=35217628
# Root guides (didn't really use these)
http://www.cultofandroid.com/23782/rooting-the-google-nexus-4-the-right-way-how-to/
http://forum.xda-developers.com/showthread.php?t=2010312&highlight=+waiting+for+device+
# How to fix Android devices not recognized by ADB
# (check that ~/.android is not owned by root)
http://www.tuxtrix.com/2013/03/how-to-fix-android-devices-not.html
# SuperSU download link:
http://download.chainfire.eu/282/SuperSU/
# CWM link:
http://www.clockworkmod.com/rommanager
# Setup device support for N4
sudo vi /etc/udev/rules.d/51-android.rules
# My /etc/udev/rules.d/51-android.rules
> cat /etc/udev/rules.d/51-android.rules
#LG - Nexus 4 - MTP (mount as media device)
SUBSYSTEM=="usb", ATTR{idVendor}=="1004", MODE="0666"
# Bootloader Nexus 4
SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="4ee0", MODE="0660", OWNER="ankit"
# Normal Nexus 4
SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="4ee1", MODE="0660", OWNER="ankit"
# Debug & Recovery Nexus 4
SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="4ee2", MODE="0660", OWNER="ankit"
# Aliases to mount device as MTP
alias n4_mt 'sudo mtpfs -o allow_other /media/nexus4'
alias n4_umt 'sudo umount /media/nexus4'
# File that contains USB/device settings for N4
/etc/udev/rules.d/51-android.rules
# Restart devices
sudo service udev restart
# Print USB devices
lsusb
# Print ADB help
adb
# Print connected devices
adb devices
# Print device serial number
adb get-serialno
# Print device state
adb get-state
# Restart ADB server
adb kill-server ; adb start-server
# Restore sdcard backup
adb push ~/n4_bak_7_28/sdcard /sdcard/
# Reboot device to bootloader mode (needed to run fastboot)
adb reboot bootloader
# Reboot device to recovery (needed for flashing partitions (i.e. custom recovery, ROM)
adb reboot recovery
# Restore backed up data
adb restore ~/n4_bak_7_28/backup.ab
# Run shell on device
adb shell
# Show devices connected to fastboot
sudo fastboot devices
# Unlock phone (must be running in bootloader mode)
sudo fastboot oem unlock
# Flash custom recovery
sudo fastboot flash recovery /home/femtodude/install_adb/adt-bundle-linux-x86_64-20130717/sdk/platform-tools/recovery-clockwork-touch-6.0.3.4-mako.img
Further research proves this has been done before, although perhaps not on our device. While root in a technical sense, it's severely SElinux-limited & thus not of significant utility as it is. I've made some inroads re. patching init going toward full root, but nothing certain yet. Either way, what exists should be enough to get us to an unlocked bootloader if we can get our hands on the right CID & aboot.
------
This is how I achieved temproot on the P605V. This is not a permanent root as, since our tablets run a Samsung eMMC and are/should be vulnerable to the eMMC bug, if we have the right CID and aboot & if my understanding is correct, we can convert these to developer units and unlock their bootloader!
What this basically does is downgrade to a dirtycow-vulnerable kernel & launch a temporary root shell. At the moment it can't do much as it runs within dnsmasq's SElinux context, but it's a start.
This does not apply if you're on 4.4.2, there are probably better rooting methods then. Do not upgrade to 5.1.1 in that case as you will burn fuses and will be unable to downgrade back to 4.4.2.
However, we can still crossflash between 5.1.1 versions! For our tablet, there are two: P605VVRSDPL1 (latest, patched) and P605VVRUDOH2 (earlier, unpatched). You must downgrade to P605VVRUDOH2. You will need the P605VVRUDOH2 tar.md5 and Odin - this is covered extensively for every Samsung device (including the non-VZW version of ours) so I will not repeat it here.
Once you're on P605VVRUDOH2, go through the initial setup, enable Developer Tools, then enable ADB.
The manual process (compiling from source):
Spoiler
You will need to obtain the following (on Linux, not tested on Windows):
- the Android 22 NDK
- https://github.com/timwr/CVE-2016-5195
- https://github.com/freddierice/trident
0. If you don't yet have it installed, install the Android NDK. I don't usually compile for Android, so I installed Android Studio from https://developer.android.com/studio/#downloads and added NDK 22 from its menus. You can likely (and perhaps should) use an earlier NDK, such as 14 or 15. Your mileage may vary.
1. Extract CVE-2016-5195 and trident
2. In CVE-2016-5195, rename 'run-as.c' to 'old-run-as.c'
3. Copy 'reverse.c' from trident into CVE-2016-5195
4. In CVE-2016-5195, rename the copied 'reverse.c' to 'run-as.c' - we're basically replacing the original payload from CVE-2016-5195 with a reverse shell from trident
5. Edit the Makefile and replace the 'root: push' section as follows:
root: push
adb shell 'chmod 777 /data/local/tmp/dcow'
adb push libs/$(ARCH)/run-as /data/local/tmp/run-as
adb shell '/data/local/tmp/dcow /data/local/tmp/run-as /system/bin/dnsmasq'
6. Run 'make root'
7. On the tablet, go into Settings -> More networks -> Mobile Hotspot, and turn it on. You will need a SIMcard to do this, any SIM will do - even if the device is still Verizon-locked. As we've written our reverse root shell spawning code into dnsmasq, and dnsmasq as root, our shell will run as root as well!
8. Verify it worked by running 'adb shell' and running 'netstat' - you should see a process listening on 0.0.0.0:4040. That's our shell! If you run 'ps' you should also see /system/bin/dnsmasq followed by /system/bin/shell, both running as root.
9. Run 'adb forward tcp:4040 tcp:4040'
10. Run netcat to connect to the shell: 'nc localhost 4040' (on Windows, you can get a precompiled netcat binary from http://nmap.org/dist/ncat-portable-5.59BETA1.zip )
11. Profit!
The precompiled process (easier, binaries attached to this post):
Spoiler
1. Download and unzip the attached package.
2. Open up a shell/command prompt, change into the directory you unzipped the files into, and run:
adb push dcow /data/local/tmp/dcow
adb push rshell /data/local/tmp/rshell
adb shell 'chmod 777 /data/local/tmp/*'
adb shell '/data/local/tmp/dcow /data/local/tmp/rshell /system/bin/dnsmasq'
3. On the tablet, go into Settings -> More networks -> Mobile Hotspot, and turn it on. You will need a SIMcard to do this, any SIM will do - even if the device is still Verizon-locked. As we've written our reverse root shell spawning code into dnsmasq, and dnsmasq as root, our shell will run as root as well!
4. Verify it worked by running 'adb shell' and running 'netstat' - you should see a process listening on 0.0.0.0:4040. That's our shell! If you run 'ps' you should also see /system/bin/dnsmasq followed by /system/bin/shell, both running as root.
5. Run 'adb forward tcp:4040 tcp:4040'
6. Run netcat to connect to the shell: 'nc localhost 4040' (on Windows, you can get a precompiled netcat binary from http://nmap.org/dist/ncat-portable-5.59BETA1.zip )
7. Profit!
Keep in mind, this is only temporary; a reboot will clear it and you'll have to exploit again. It is also not an extensive root as my end goal is to unlock the bootloader and get rid of the (awful) stock firmware.
Credits to timwr and all involved in the dirtycow exploit, freddierice for trident, as well as everyone on XDA whose research and comments over the past 4 years pointed me in the right direction. This tablet is still quite decent in 2020/2021, it deserves to be "free"!
----
As I understand it, as per @beaups https://github.com/beaups/SamsungCID & SamDunk, we will need two things - I hope someone in the community will volunteer these!
1. A dev-edition CID
2. An aboot dump from a dev-edition P605V (I'm not sure the regular P605 will work)
@ryanbg has made much inroad here as well. All input/assistance is appreciated!
Should these turn out to be unobtainium in some time, I will look into a permanent root solution.