Develop Bugs

Now that we have root access...

Hello,
Now that we have root access it is possible to remove preinstalled apps like :
- Peep
- Stock
- Stock Widget
- Quick Office
- PDF Reader
- etc.
And how it is possible to do this?
Thanks a lot for the futur answers and have a nice day with your rooted HTC Desire!!!

http://forum.xda-developers.com/showthread.php?t=672352
This ROM has those applications removed. If you want to remove them yourself, you can just try mv'ing the APKs out of the way and see if the phone detects them, but I haven't tried this so advice is issued without warranty. If the apps are in /system you'll need to use the recovery + adb shell mount /system to modify it (try in the OS and the phone will just reboot), if they're not in /system or any other protected dirs, you should just be able to mv them straight.
I haven't rooted my phone yet, but I will later on so this is just ideas at this point.

Thanks for the ROM but I want to customize my phone myself^^
Is there a step by step guide that explain what you say because I'm just starting with android.
Thanks for the answer

Sebacestmoi said:
Is there a step by step guide that explain what you say because I'm just starting with android.
Click to expand...
Click to collapse
+1 on that!
I moved to Desire from a Touch HD, and while I never got into ROM cooking for WinMo, I wouldn't mind dabbling a bit with Android, mostly to remove some of the bloatware that comes with the stock ROM. Trouble is... I have no idea where/how to start Such a 'beginner's guide' would be great to get hold of, if anything exists!
EDIT - found these guides here on XDA:
http://forum.xda-developers.com/showthread.php?t=532719 - ADB, Fastboot and Nandroid for Noobs
http://forum.xda-developers.com/showthread.php?t=502010 - ADB for dummies
(I would have expected to see these in the Android section, not in a device-specific forum; oh well... )

And if we delete the .apk and .odex in the "system/app" folder from the "rootedupdate.zip" that Paul from MoDaCo has given to us before flashing?
Does the ROM will flash and work correctly but without these annoying apps?

Sebacestmoi said:
And if we delete the .apk and .odex in the "system/app" folder from the "rootedupdate.zip" that Paul from MoDaCo has given to us before flashing?
Does the ROM will flash and work correctly but without these annoying apps?
Click to expand...
Click to collapse
Try and find out
Personally I would just delete (rename) the odex + apks from your current installation by rebooting into recovering and using a variation of these commands:
Code:
adb shell
At your PC to get a root shell. Then
Code:
cd /system/app/
Code:
mv theapp.apk theapp.bye.apk
Code:
ls
You will need to use a variation of the above commands, "ls" is list files in this directory, "cd" is change directory, and "mv" is rename file.

All the .apk are readonly so I can't uninstall or rename them...
Waht can I do?

The phone has to be in recovery mode in order to get write permissions to the /system partition.
Pretty obvious, I know, but I missed this and I kept banging my head against the keyboard when getting 'read-only' errors (with the phone in USB Disk Drive + debugging)

So I turn on my phone with the "Sound Down" button and I go on the Recovery screen (with red triangle).
Then I connect my HTC Desire to my computer.
But after that I can't go to system partition...
What command are you writing in the shell to load the system partition and do some stuff on it?
I'm sorry I'm very good with Windows but I'm a total noob wit Linux

I have tried the adb shell command (don't know if it's useful for me...) and the computer return me :
- exec '/system/bin/sh' failed: No such file or directory (2) -
and adb remount return me :
remount failed: Invalid argument

Wait... you tried adb with the phone still showing the red triangle?
First you need to bring it to recovery (the screen with green text).
This is how I do it:
- boot off the .iso provided for rooting
- mount the cdrom as described in the guide, but skip ./step1.sh
- put phone in HBOOT (to get the screen with the red triangle) then connect it to the machine
- run 'sudo ./step2.sh' which will push the files needed for recovery to the device - then you'll get the green screen, just like when you flashed the ROM
- then, on the computer:
'sudo ./adb shell' - brings you to the shell prompt of adb
'mount /system' - mounts the protected partition, but you have write permissions
'cd /system/app/' and then delete whatever I want
when done, 'cd /' and 'umount /system' and 'exit'
Clear the cache so that you won't get dead links in the menus later...

Perfect thanks, I had it in recovery mode, but it couldn't locate the app folder under /system/
but after the mount /system it appeared

Tahnk you a hundred times cezarL.
Now I have cleaned my phone from everything I don't need.
For those who are interested by my work I've done the following commands from the recovery screen :
cd C:\AndroidSDK\tools
adb shell
mount /system
cd /system/app/
rm com.htc.NewsReaderWidget.apk
rm com.htc.NewsReaderWidget.odex
rm com.htc.StockWidget.apk
rm com.htc.StockWidget.odex
rm com.htc.TwitterWidget.apk
rm com.htc.TwitterWidget.odex
rm Facebook.apk
rm Facebook.odex
rm Flickr.apk
rm Flickr.odex
rm HtcFMRadio.apk
rm HtcFMRadio.odex
rm HtcFootprints.apk
rm HtcFootprints.odex
rm HtcFootprintsWidget.apk
rm HtcFootprintsWidget.odex
rm HtcRingtoneTrimmer.apk
rm HtcRingtoneTrimmer.odex
rm htcsearchwidgets.apk
rm htcsearchwidgets.odex
rm HtcSoundRecorder.apk
rm HtcSoundRecorder.odex
rm HtcSyncwidget.apk
rm HtcSyncwidget.odex
rm HtcTwitter.apk
rm HtcTwitter.odex
rm MagicSmokeWallpapers.apk
rm MagicSmokeWallpapers.odex
rm Mode10Wallpapers.apk
rm Mode10Wallpapers.odex
rm NewsReader.apk
rm NewsReader.odex
rm PDFViewer.apk
rm PDFViewer.odex
rm PicoTts.apk
rm PicoTts.odex
rm Quickoffice.apk
rm Quickoffice.odex
rm RSS.apk
rm RSS.odex
rm Stk.apk
rm Stk.odex
rm Stock.apk
rm Stock.odex
rm VpnServices.apk
rm VpnServices.odex
rm WidgetDownloadManager.apk
rm WidgetDownloadManager.odex
cd /
umount /system
exit
Then a reboot with a Clear Storage and every app listed above are gone an there is no bug at all with the phone.

Need Settings.apk and Settings.odex

I did a search on the forums and google and can't find a solution. While removing bloat ware on my phone I some how removed my settings apk and odex.
I'm not sure how or why I did this but I think it was because I was using the "up" button in the cmd prompt so I wouldn't have to retype file names when changing apk to odex and some how or another deleted Settings.apk/odex on some fluke (a copy and paste of the commands I typed in below).
Does anyone know where I can get these two files back (Settings.apk and Settings.odex), and what the commands are to put them back in the proper directory.
Thank you for any help.
Code:
/system/app # rm Sprint_NASCAR.apk
rm Sprint_NASCAR.apk
/system/app # rm Sprint_NFL.apk
rm Sprint_NFL.apk
/system/app # rm Settings.odex
rm Settings.odex
/system/app # rm Settings.apk
rm Settings.apk
/system/app # rm com.htc.StockWidget.odex
rm com.htc.StockWidget.odex
/system/app # rm com.htc.StockWidget.apk
rm com.htc.StockWidget.apk
edit: did a advanced nanroid restore of my system and all is good. sorry for the obvious problem and fix, I am a bit new.

Downgrading from 2.3 Gingerbread to 1.32 to S-OFF, root, update to 2.3 RUU question

Hi can someone explain to me in nice and easy terms how to downgrade from this user guide please as I have seen a few people asking so it would help them too.
http://forum.xda-developers.com/showthread.php?t=905003
Section 2b [For Gingerbread ROMs, 2.x]
Connect Desire HD to a computer. Charge only, USB Debugging enabled!
Open up a cmd and go to Downgrade folder, execute commands:
Right this is where I get stuck what exactly do you put in the command line in cmd? is the Downgrade folder the PD98IMG.zip file you put on your SD card or what do you actually type?
The PD98IMG.zip file is on my K: drive on the SD card if that's relevant in anyway.
and then after obviously I could then follow on with the next steps of the rest being the following
execute commands:
Code:
adb push misc_version /data/local/tmp
adb push GingerBreak /data/local/tmp
adb shell chmod 777 /data/local/tmp/misc_version
adb shell chmod 777 /data/local/tmp/GingerBreak
adb shell
./data/local/tmp/GingerBreak
Section 3
If you got "#" in the result, you have temporary root! Proceed with commands:
Code:
cd /data/local/tmp
./misc_version -s 1.31.405.6
Close the CMD. Reboot while holding volume down, it will go to the bootloader
Follow the instructions (start the update)

Hi,
Where did you put the downgrade folder? The attachment from the first post?
If you placed it directly on your C: Drive, the example would be, from within a cmd window -
Code:
cd C:\Downgrade
adb push misc_version /data/local/tmp
adb push GingerBreak /data/local/tmp
adb shell chmod 777 /data/local/tmp/misc_version
adb shell chmod 777 /data/local/tmp/GingerBreak
adb shell
./data/local/tmp/GingerBreak

Hi Andy,
From Section 1 I put the PD98IMG on my desktop and then copied it onto my SD card which is on my K: drive where my DHD is attached via USB cable.
Do I need to put the PD98IMG on my desktop in a folder called 'Downgrade' or something?

No, look at the first post again. Download the Downgrade_v2.zip file right at the bottom of the post. Extract the contents to your C:\
For the sake of ease make sure its
C:\Downgrade\<files should be in here>

andyharney said:
Hi,
Where did you put the downgrade folder? The attachment from the first post?
If you placed it directly on your C: Drive, the example would be, from within a cmd window -
Code:
cd C:\Downgrade
adb push misc_version /data/local/tmp
adb push GingerBreak /data/local/tmp
adb shell chmod 777 /data/local/tmp/misc_version
adb shell chmod 777 /data/local/tmp/GingerBreak
adb shell
./data/local/tmp/GingerBreak
Click to expand...
Click to collapse
one thing @andy.... maybe i´m talking about the same thing like you.... sometimes the languaje bothers me
maybe he can´t execute adb commands from c:/ if he don´t fixed it for the adb parameters works from all directories(supposing he use Windows)...
maybe he should to write it from this directory:
Code:
c:/cd sdk
c:/sdk/cd platform-tools
c:/sdk/platform-tools
adb push misc_version /data/local/tmp
adb push GingerBreak /data/local/tmp
adb shell chmod 777 /data/local/tmp/misc_version
adb shell chmod 777 /data/local/tmp/GingerBreak
adb shell
./data/local/tmp/GingerBreak
[
maybe i´m mistaken... i don´t have any idea about windoze lol

I'm assuming ToneyEricsson hasn't added adb to his Windows environment. I think it would be simplest to put the directory on his C:\
I know what you mean, I float between XP, archlinux, and Ubuntu. Remembering what in where can get confusing.
EDIT: /Off Topic does clicking this link make you feel better?

@toney... you have installed into your computer htc sync (for obtain drivers for "android usb debug "adb) and installed the "SDK of ANDROID into your sistem?
if not take it:
http://developer.android.com/sdk/index.html

andyharney said:
I'm assuming ToneyEricsson hasn't added adb to his Windows environment. I think it would be simplest to put the directory on his C:\
I know what you mean, I float between XP, archlinux, and Ubuntu. Remembering what in where can get confusing.
Click to expand...
Click to collapse
aaaaahhh ok ok i supossed it and
in adition...ouch! i wrote my post of avobe before read your last post, sorry..
i said the same think like you... sorry @andy

I'm using Windows 7 64bit Ultimate - I have only HTC Sync installed.
I have put the Downgrade onto C: drive and get this when running the Section 2b [For Gingerbread ROMs, 2.x] command
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\user>cd C:\Downgrade
C:\Downgrade>adb push misc_version /data/local/tmp
1546 KB/s (15837 bytes in 0.010s)
C:\Downgrade>adb push GingerBreak /data/local/tmp
2054 KB/s (16830 bytes in 0.008s)
C:\Downgrade>adb shell chmod 777 /data/local/tmp/misc_version
C:\Downgrade>adb shell chmod 777 /data/local/tmp/GingerBreak
C:\Downgrade>adb shell
$ ./data/local/tmp/GingerBreak
./data/local/tmp/GingerBreak
[**] Gingerbreak/Honeybomb -- android 2.[2,3], 3.0 softbreak
[**] (C) 2010-2011 The Android Exploid Crew. All rights reserved.
[**] Kudos to jenzi, the #brownpants-party, the Open Source folks,
[**] Zynamics for ARM skills and Onkel Budi
[**] donate to [email protected] if you like
[**] Exploit may take a while!
[+] Plain Gingerbread mode!
[+] Found system: 0xafd17fd5 strcmp: 0xafd38065
[+] Found PT_DYNAMIC of size 232 (29 entries)
[+] Found GOT: 0x00014360
[+] Using device /devices/platform/goldfish_mmc.0[*] vold: 5483 GOT start: 0x00014360 GOT end: 0x000143a0[*] vold: 5483 idx: -3072 fault addr: 0x000132b4
[+] fault address in range (0x000132b4,idx=-3072)
[+] Calculated idx: -2005
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?

Backup files from your SDcard to your computer and format your SDcard. Its failing to see it. Or put it in, if you removed it.

andyharney said:
Backup files from your SDcard to your computer and format your SDcard. Its failing to see it. Or put it in, if you removed it.
Click to expand...
Click to collapse
The 32GB SD card is in my DHD. I have a few SD cards here I'll format a smaller one put the PD98IMG on it and try again.
So you have seen this before?

Ok, any SDcard will do. Yes I've seen this before.

Toney, when you have your HD connected to the PC at that stage, also make sure it is in Charge mode only, not disk mode.

Done formatting an 8GB SD card and put PD98IMG on the SD card and now back in Charge only mode with USB debugging enabled.
I have now both HTC Sync and Android SDK on my pc I will try the commands again as before.

nednapalm said:
Toney, when you have your HD connected to the PC at that stage, also make sure it is in Charge mode only, not disk mode.
Click to expand...
Click to collapse
Completely forgot about that. That could be the cause.

andyharney said:
Completely forgot about that. That could be the cause.
Click to expand...
Click to collapse
caught me out once too!

Well I got HTC Sync and Android SDK installed, Charge only, USB debugging enabled and just ran the same command line as earlier and get the exact same
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\user>cd C:\Downgrade
C:\Downgrade>adb push misc_version /data/local/tmp
adb server is out of date. killing...
* daemon started successfully *
1718 KB/s (15837 bytes in 0.009s)
C:\Downgrade>adb push GingerBreak /data/local/tmp
1494 KB/s (16830 bytes in 0.011s)
C:\Downgrade>adb shell chmod 777 /data/local/tmp/misc_version
C:\Downgrade>adb shell chmod 777 /data/local/tmp/GingerBreak
C:\Downgrade>adb shell
$ ./data/local/tmp/GingerBreak
./data/local/tmp/GingerBreak
[**] Gingerbreak/Honeybomb -- android 2.[2,3], 3.0 softbreak
[**] (C) 2010-2011 The Android Exploid Crew. All rights reserved.
[**] Kudos to jenzi, the #brownpants-party, the Open Source folks,
[**] Zynamics for ARM skills and Onkel Budi
[**] donate to [email protected] if you like
[**] Exploit may take a while!
[+] Plain Gingerbread mode!
[+] Found system: 0xafd17fd5 strcmp: 0xafd38065
[+] Found PT_DYNAMIC of size 232 (29 entries)
[+] Found GOT: 0x00014360
[+] Using device /devices/platform/goldfish_mmc.0
[*] vold: 1226 GOT start: 0x00014360 GOT end: 0x000143a0
[*] vold: 1226 idx: -3072 fault addr: 0x000132b4
[+] fault address in range (0x000132b4,idx=-3072)
[+] Calculated idx: -2005
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?

ToneyEricsson said:
Well I got HTC Sync and Android SDK installed, Charge only, USB debugging enabled and just ran the same command line as earlier and get the exact same
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\user>cd C:\Downgrade
C:\Downgrade>adb push misc_version /data/local/tmp
adb server is out of date. killing...
* daemon started successfully *
1718 KB/s (15837 bytes in 0.009s)
C:\Downgrade>adb push GingerBreak /data/local/tmp
1494 KB/s (16830 bytes in 0.011s)
C:\Downgrade>adb shell chmod 777 /data/local/tmp/misc_version
C:\Downgrade>adb shell chmod 777 /data/local/tmp/GingerBreak
C:\Downgrade>adb shell
$ ./data/local/tmp/GingerBreak
./data/local/tmp/GingerBreak
[**] Gingerbreak/Honeybomb -- android 2.[2,3], 3.0 softbreak
[**] (C) 2010-2011 The Android Exploid Crew. All rights reserved.
[**] Kudos to jenzi, the #brownpants-party, the Open Source folks,
[**] Zynamics for ARM skills and Onkel Budi
[**] donate to [email protected] if you like
[**] Exploit may take a while!
[+] Plain Gingerbread mode!
[+] Found system: 0xafd17fd5 strcmp: 0xafd38065
[+] Found PT_DYNAMIC of size 232 (29 entries)
[+] Found GOT: 0x00014360
[+] Using device /devices/platform/goldfish_mmc.0
[*] vold: 1226 GOT start: 0x00014360 GOT end: 0x000143a0
[*] vold: 1226 idx: -3072 fault addr: 0x000132b4
[+] fault address in range (0x000132b4,idx=-3072)
[+] Calculated idx: -2005
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
Click to expand...
Click to collapse
you need to enter the commands like the post 5 of this thread....
ensure you that you are leaved in platform-tools folder of the sdk the downgradev2 folder

Toney, I would also try downloading the RUU for 2.36 from XDA and flashing that to get a clean start (don't set up any accounts just skip the setup till you get to the launcher and start the process again).

nednapalm said:
Toney, I would also try downloading the RUU for 2.36 from XDA and flashing that to get a clean start (don't set up any accounts just skip the setup till you get to the launcher and start the process again).
Click to expand...
Click to collapse
I have the 2.3 RUU already downloaded but I need to downgrade to 1.32, get rooted with Visionary and and S-OFF with the tool and then after that update with 2.3 RUU.
Edit: All done, S-OFF and rooted in 2.3 with Gingerbreak.
P.S Sergie is the man! a big thanks!

[MOD] Remove carrier label from status bar (odex/deodex)

Hi guys,
so, if you have an unlocked bootloader and have root access, you may apply my following mod. I'll guide you step through step as we got no CWM recovery yet, so you must do it manually.
If you have downloaded this mod previously and everything works, you are fine, but as reported by @geminihc he had no bars (navbar, status bar) after install, so you have to CHMOD the file, I added this to the code you have to enter:
- download your preferred version (BHR = back, home, recent, RHB = recent, home, back) and rename it to SystemUI.apk
- move it to your internal SD card with an explorer or via adb:
Code:
adb push SystemUI.apk /sdcard/
- after that type in the following commands (red lines backup the old files), beware that su wants you to grant root access (SuperSU popup)
Code:
adb shell
su
stop
mount -o rw,remount /system/ /system/
[COLOR="Red"]mv /system/app/SystemUI.apk /system/app/SystemUI.apk.bak
mv /system/app/SystemUI.odex /system/app/SystemUI.odex.bak[/COLOR]
cp /sdcard/SystemUI.apk /system/app/
rm /system/app/SystemUI.odex
chmod 644 /system/app/SystemUI.apk
mount -o ro,remount /system/ /system/
reboot
Done! Enjoy this mod
Reminder: Although this mod was tested on my device, I'll take no responsibility if you damage your system, so just do it if you know what you do!
If we have CWM, I will provide flashable .zip's then.

Thanks for this mod, just ordered my Moto G, will install it as soon as I get it
Just one question, does that also change the 3G icon to a more elegant and minimalistic H and H+ icon like on the Nexus? If not, is it hard to make such SystemUI.apk?

Thanks for this.
Just a quick suggestion: It might be a good idea to add a command that backs up the original SystemUI before overwriting it... It would be easier to restore the original if something goes wrong for someone.
EDIT: also, could you tell us how you managed to achieve this please?

flargen said:
It might be a good idea to add a command that backs up the original SystemUI before overwriting it...
[...]
EDIT: also, could you tell us how you managed to achieve this please?
Click to expand...
Click to collapse
I hope that someone who hacks with the adb console knows how to backup and restore as I said, I don't take any responsibility for damaging your system.
You may copy the original files to a temporary directory for sure before overwriting them:
Code:
cp /system/app/SystemUI.* /sdcard/tmp/
Notice that SystemUI.apk is odexed in original stock ROM, so you have to backup 2 files. When you apply my mod, you copy a DEodexed file to the system directory, so you need to remove the corresponding .odex file as you see in my how-to.
But for your convenience, I attached the original SystemUI.apk (14.71.8) to this post. This is already deodexed, so in case you don't like my mod, simply copy the .apk to /system/app and reboot, just as above. No need to deal with .odex-files.
Manage to achieve "what"? Navbar mod or the carrier label remove?
I edited statur_bar.xml for the carrier, and navigation_bar.xml for the navbar. Both are located in res/layout/

Anyone interested in a semi-transparent status bar?
In my case the launcher is Nova Launcher 2.3beta which supports transparent navbar, but status bar remained black, so I modded the SystemUI again.

shaftenberg said:
I hope that someone who hacks with the adb console knows how to backup and restore as I said, I don't take any responsibility for damaging your system.
You may copy the original files to a temporary directory for sure before overwriting them:
Code:
cp /system/app/SystemUI.* /sdcard/tmp/
Notice that SystemUI.apk is odexed in original stock ROM, so you have to backup 2 files. When you apply my mod, you copy a DEodexed file to the system directory, so you need to remove the corresponding .odex file as you see in my how-to.
But for your convenience, I attached the original SystemUI.apk (14.71.8) to this post. This is already deodexed, so in case you don't like my mod, simply copy the .apk to /system/app and reboot, just as above. No need to deal with .odex-files.
Manage to achieve "what"? Navbar mod or the carrier label remove?
I edited statur_bar.xml for the carrier, and navigation_bar.xml for the navbar. Both are located in res/layout/
Click to expand...
Click to collapse
Yep, I did mean "how to achieve removing the carrier label" Thanks for the info. I guess you're right about people who mess around with ADB in the first place!!

Why they aren't like this by default I do not know. Android dev team do realise our thumbs aren't that long?

theoneofgod said:
Android dev team do realise our thumbs aren't that long?
Click to expand...
Click to collapse
Maybe they are all lefties

shaftenberg said:
Hi guys,
- after that type in the following commands, beware that su wants you to grant root access (SuperSU popup)
Code:
adb shell
su
stop
mount -o rw,remount /system/ /system/
cp /sdcard/SystemUI.apk /system/app/
rm /system/app/SystemUI.odex
mount -o ro,remount /system/ /system/
reboot
Done! Enjoy this mod
.
Click to expand...
Click to collapse
sorry for a possibly stupid question, where do i enter these commands? I got terminal emulator on android but it doesn't seem to use these commands. thanks,
NVM: i figured i get to get the android SDK. cheers,

sorry to bump this up again, but i did somehting that screwed up my system. when rebooted, it keeps saying "Unforunately System UI has stopped" . when i first did it, i did screw up in that i accidentally closed my command prompt after i did "rm /system/app/SystemUI.odex"
but anyway, I re-did the whole thing again, reboot and that error showed.
So i tried to revert back to original using your backed up Systemui.apk but it is still saying that error. also when i try to do "rm /system/app/SystemUI.odex", it says file not found.
can someone please help? thanks!
update: i also tried fixing permissions via chmod 755 /system/app but still same error.. getting desperate will this help? this is a ls -l listing of my system/app around the systemui.apk . did i do something i'm not supposed to? note that this is using the OP's deodexed modified systemui.apk thanks,
-rw-r--r-- root root 79474 2013-10-26 11:20 SoundRecorder.apk
-rw-r--r-- root root 25704 2013-10-26 11:20 SoundRecorder.odex
-rw-r--r-- root root 28190 2013-10-26 11:20 Stk.apk
-rw-r--r-- root root 77592 2013-10-26 11:20 Stk.odex
-rw-r--r-- root root 264451 2013-10-26 11:20 Street.apk
--w----r-T root root 1966976 2008-08-01 05:00 Superuser.apk
-rwxr-xr-x root root 3099269 2013-12-01 10:44 SystemUI.apk
-rw-r--r-- root root 245294 2013-10-26 11:20 TagGoogle.apk
-rw-r--r-- root root 59251 2013-10-26 11:20 TelephonyProvider.apk
-rw-r--r-- root root 136496 2013-10-26 11:20 TelephonyProvider.odex
-

geminihc said:
update: i also tried fixing permissions via chmod 755 /system/app but still same error.. getting desperate
Click to expand...
Click to collapse
Which ROM? Country? But that shouldn't be a problem.
I'm trying out in mind where your error occurred...

Well, I don't know what you did, but try the following:
download attachment and put the content(!! - not the archive but the .apk and .odex) to your SD card manually or via adb:
Code:
adb push SystemUI.apk /sdcard/
adb push SystemUI.odex /sdcard/
then one after the other:
Code:
adb shell
su
stop
mount -o rw,remount /system/ /system/
cp /sdcard/SystemUI.apk /system/app/
cp /sdcard/SystemUI.odex /system/app/
rm -r /cache/*
rm /data/dalvik-cache/*
mount -o ro,remount /system/ /system/
reboot
this might help.

shaftenberg said:
Which ROM? Country? But that shouldn't be a problem.
I'm trying out in mind where your error occurred...
Click to expand...
Click to collapse
canada, the stock ROM (rooted and unlocked bootloader)

I advise you to copy the lines with crtl-c and insert it into your console just to avoid typing errors.
[edit]
you set the wrong permissions!!
type
Code:
chmod 644 /system/app/SystemUI.apk
chmod 644 /system/app/SystemUI.odex

shaftenberg said:
Well, I don't know what you did, but try the following:
download attachment and put the content(!! - not the archive but the .apk and .odex) to your SD card manually or via adb:
Code:
adb push SystemUI.apk /sdcard/
adb push SystemUI.odex /sdcard/
then one after the other:
Code:
adb shell
su
stop
mount -o rw,remount /system/ /system/
cp /sdcard/SystemUI.apk /system/app/
cp /sdcard/SystemUI.odex /system/app/
rm -r /cache/*
rm /data/dalvik-cache/*
mount -o ro,remount /system/ /system/
reboot
this might help.
Click to expand...
Click to collapse
thank you! it did not fully fix it but at least now it does not keep showing the error loop so i can use my phone, BUT i'm missing the bottom system bar (the back home recent buttons).. lol.. i'm going SOMEWHERE

geminihc said:
thank you! it did not fully fix it but at least now it does not keep showing the error loop so i can use my phone, BUT i'm missing the bottom system bar (the back home recent buttons).. lol.. i'm going SOMEWHERE
Click to expand...
Click to collapse
read my edit, you set the wrong permissions.

shaftenberg said:
read my edit, you set the wrong permissions.
Click to expand...
Click to collapse
i fixed the permissions back, cleared both the cache but still missing bar after reboot. now the listing is:
-rw-r--r-- root root 28190 2013-10-26 11:20 Stk.apk
-rw-r--r-- root root 77592 2013-10-26 11:20 Stk.odex
-rw-r--r-- root root 264451 2013-10-26 11:20 Street.apk
--w----r-T root root 1966976 2008-08-01 05:00 Superuser.apk
-rw-r--r-- root root 2948805 2013-12-01 11:16 SystemUI.apk
-rw-r--r-- root root 695088 2013-12-01 11:16 SystemUI.odex
-rw-r--r-- root root 245294 2013-10-26 11:20 TagGoogle.apk
-rw-r--r-- root root 59251 2013-10-26 11:20 TelephonyProvider.apk
-rw-r--r-- root root 136496 2013-10-26 11:20 TelephonyProvider.odex
is something preventing the systemUI from loading..?

geminihc said:
is something preventing the systemUI from loading..?
Click to expand...
Click to collapse
The only thing I can guess is that the retail SystemUI.apk is not compatible to the canadian version, but I don't think so.
Pretty weird... Have you backed up your SystemUI.apk? Otherwise you have to flash your ROM again as a last resort :/

shaftenberg said:
The only thing I can guess is that the retail SystemUI.apk is not compatible to the canadian version, but I don't think so.
Pretty weird... Have you backed up your SystemUI.apk? Otherwise you have to flash your ROM again as a last resort :/
Click to expand...
Click to collapse
unfortunately i didnt back it up stupid me. but the version should be the 8GB global version (not the US version). i believe there are only 2 versions of this phone.
i realize that the notification bar is also gone, i guess thats part of the systemui.apk

geminihc said:
i realize that the notification bar is also gone, i guess thats part of the systemui.apk
Click to expand...
Click to collapse
Yes, this is part of SystemUI.apk
So sad, sorry
I added a warning to the opening post. Never thought of an incompatibility, but maybe there are language resources missing between german and canadian version.
However, using RSDlite is quite easy, there is a thread here.

[XZ2c] temp root exploit via CVE-2020-0041 including magisk setup

temp root exploit for sony xperia XZ2/XZ2c/XZ2p/XZ3 with android 10 firmware​Get a root shell with still locked bootloader.
The main thread is located in xz2 forum section here.

j4nn said:
temp root exploit for sony xperia XZ2/XZ2c/XZ2p/XZ3 with android 10 firmware
Get a root shell with still locked bootloader.
The main thread is located in xz2 forum section here.
Click to expand...
Click to collapse
Great news! I just bought a used XZ2c without knowing your latest success. This is a very pleasant surprise!

Warning: "H8314_Proximus (Vfe) BE_1313-6147_52.1.A.0.618_R1C" is the last firmware available via XperiFirm that is a target for the exploit. Other firmware versions must be searched elsewhere. I downloaded this one before it is to late.

@SGH-i200, I can upload also H8314_Customized FR_1313-2468_52.1.A.0.618_R4C if you like. Or any other mentioned in the main thread.

implemented magisk setup from temproot
finally got magisk from temp root working including permission asking feature - released as tama-mroot.zip - get it here

j4nn said:
finally got magisk from temp root working including permission asking feature - released as tama-mroot.zip - get it here
Click to expand...
Click to collapse
Did it actually work, I am facing issue while accessing `/data/local/tmp` directory using adb
Code:
127|H8324:/data $ ls
ls
ls: .: Permission denied
1|H8324:/data $ ls -al
---------- Post added at 06:38 PM ---------- Previous post was at 06:27 PM ----------
ahzam said:
Did it actually work, I am facing issue while accessing `/data/local/tmp` directory using adb
Code:
127|H8324:/data $ ls
ls
ls: .: Permission denied
1|H8324:/data $ ls -al
Click to expand...
Click to collapse
I was able to copy the zip files from within the adb shell after copying the files to /sdcard/tmp location and then accessing /data/local/tmp

@ahzam, that's normal behaviour of standard adb shell user. You just need to 'adb push the-files /data/local/tmp' and within 'adb shell' just 'cd /data/local/tmp'.

j4nn said:
@ahzam, that's normal behaviour of standard adb shell user. You just need to 'adb push the-files /data/local/tmp' and within 'adb shell' just 'cd /data/local/tmp'.
Click to expand...
Click to collapse
Thanks, now the root is done, but it goes off with reboots, and trick to keep this on after reboot?
I was not able to install Xposed, and not able to run the rootcloak as well. This root is of little use I guess.

@ahzam, hey, this is a temp root, so it is obvious you lose it with reboot.
Normally only adb shell is provided with an exploit. I have implemented a working start of magisk from the exploit including asking for su permission from apps.
That allows great use of the temp root vs plain temp root shell.
Not only that you may backup locked TA for eventual restore of drm keys.
You can permanently modify oem partition for debloat or ims support.
Or you can use backup apps that require root.
Or iptables based firewall is great too you know.
There may be many other working use cases, like ads removal, if implemented properly (system less-ly), not tested though.
Do you think that's little use? If someone is not allowed to BL unlock (or does not want to) it looks like it actually is something!

Is there any way I can get the customized de h8324 Image or knows how I could get it?
Sent from my iPhone using Tapatalk

If you can find it somewhere...
You may download H8324_Customized FR_1313-2469_52.1.A.0.618_R2C.zip and skip flashing oem*.sin if you are running a Customized DE android 10 fw already.
I can upload following versions:
H8116_Customized IBE_1313-3189_52.1.A.0.618_R3C
H8166_Customized FR_1313-2540_52.1.A.0.618_R4C
H8216_Customized UK_1313-4679_52.1.A.0.618_R5C
H8266_Customized FR_1313-2481_52.1.A.0.618_R4C
H8296_Customized TW_1313-6119_52.1.A.0.618_R4C
H8314_Customized FR_1313-2468_52.1.A.0.618_R4C
H8324_Customized FR_1313-2469_52.1.A.0.618_R2C
H8416_Customized IBE_1316-6423_52.1.A.0.618_R5C
H9436_Customized FR_1316-3076_52.1.A.0.618_R6C
H9493_Customized HK_1316-2331_52.1.A.0.532_R2C

Can I flash a oem from a newer android 10 version?
Sent from my iPhone using Tapatalk

j4nn said:
@ahzam, hey, this is a temp root, so it is obvious you lose it with reboot.
Normally only adb shell is provided with an exploit. I have implemented a working start of magisk from the exploit including asking for su permission from apps.
That allows great use of the temp root vs plain temp root shell.
Not only that you may backup locked TA for eventual restore of drm keys.
You can permanently modify oem partition for debloat or ims support.
Or you can use backup apps that require root.
Or iptables based firewall is great too you know.
There may be many other working use cases, like ads removal, if implemented properly (system less-ly), not tested though.
Do you think that's little use? If someone is not allowed to BL unlock (or does not want to) it looks like it actually is something!
Click to expand...
Click to collapse
Thank you @j4nn, looking for some more information, is there a way to run these scrips phone directly? I started using the firewall, but I had to connect to ADB to regain root.
I have been using some banking application, which after detecting root do not work, and that happens with this temp-root as well, is there a way to hide the root from these app. I tried to install rootcloak, but that didn't work. And final question, I have is how do I move an application Android Firewall for example to permanent app with root access if there is a way to do so.
I appreciate your help!!

@ahzam, that's right, the exploit needs to be run from adb. It would need to be extended to allow privilege escalation from an untrusted app context, i.e. to run it from a normal app / terminal emulator on the phone without use of adb. As it is temproot, you need to start it after each reboot.
Cannot help you with hiding, did not test that.
But I would assume magiskhide could eventually work. If it did not for some app, it may help to restart (and data erase) such app. Due to magisk started late from exploit instead of during boot, some modules may get started too late and therefore look like not working - restarting involved apps/services could help.
When an app asks for root, there is an option if it should be allowed once or permanently. Just select what you need. If you want to change that decision later, you can do that in magisk manager.

magiskpolicy is inaccessible or not found
Hi @j4nn! Thanks for giving me hope using my old H8324 XZ2c dual in a new way with temp root!
I followed your instructions and all worked so far. But now I´m stuck at the point where I want wo activate temp root and start magisk.
The command "./tama-mroot" works as expected but at the next step "./magisk-start.sh -1" I always get the error that the magiskpolicy is inaccessible or not found.
"root_by_cve-2020-0041:/data/local/tmp # ./magisk-start.sh -1
+ FRESH=false
+ '[' -1 '=' --fresh ']'
+ '[' ! -e /data/adb/magisk/busybox ']'
+ ./magiskpolicy --live --magisk 'allow dumpstate * * *'
./magisk-start.sh[33]: ./magiskpolicy: inaccessible or not found"
Maybe it´s easy to solve or I do something wrong but I´m a newbie at this and don´t find a mistake.
Do you have an idea what´s the problem?
Thanks in advance for your answer!
Also thanks @ferluna18 for the perfect guide to downgrade my XZ2c with locked bootloader to a FW that works with the temp root.

@Dom195, have you run the prepare step, with the unzip and magisk-setup.sh? That should make magiskpolicy available.

@j4nn Yes, I did it.
But when I typed "chmod 755 tama-mroot magisk-setup.sh magisk-start.sh" in the adb shell I got no reaction. Unfortunately my skill are far too low to understand what this command exactly is for. But in another comment I saw in the code that there also was no reaction. Therefore I didn´t see a problem with that. I looked at it once again, compared it with my cmd and on my phone it doesn´t seem to unzip the magisk-v20.4.zip file.
I just did it again. Do you see any mistake here?:
"D:\Downloads>adb push tama-mroot.zip Magisk-v20.4.zip /data/local/tmp
tama-mroot.zip: 1 file pushed, 0 skipped. 0.3 MB/s (21355 bytes in 0.064s)
Magisk-v20.4.zip: 1 file pushed, 0 ski...d. 24.9 MB/s (5942417 bytes in 0.228s)
2 files pushed, 0 skipped. 18.2 MB/s (5963772 bytes in 0.313s)
D:\Downloads>adb shell
H8324:/ $ cd /data/local/tmp
H8324:/data/local/tmp $ unzip tama-mroot.zip
Archive: tama-mroot.zip
replace magisk-start.sh? [y]es, [n]o, [A]ll, [N]one: y
inflating: magisk-start.sh
replace magisk-setup.sh? [y]es, [n]o, [A]ll, [N]one: y
inflating: magisk-setup.sh
replace tama-mroot? [y]es, [n]o, [A]ll, [N]one: y
inflating: tama-mroot
H8324:/data/local/tmp $ chmod 755 tama-mroot magisk-setup.sh magisk-start.sh
H8324:/data/local/tmp $ ./magisk-setup.sh
+ '[' '' '=' --cleanup ']'
+ ZIPFILE=Magisk-v20.4.zip
+ '[' ! -d magisk ']'
H8324:/data/local/tmp $ ls
Magisk-v20.4.zip magisk-setup.sh magisk-v20.4.zip tama-mroot
magisk magisk-start.sh magiskpolicy tama-mroot.zip
H8324:/data/local/tmp $ "
Thanks in advance!

@Dom195, it looks ok, so continue with next steps...

@j4nn: I continued and again got the info that magiskpolicy is inaccessible or not found when using command "./magisk-start.sh -1". See attached:
"D:\Downloads>adb devices
List of devices attached
BH900A5ZBZ device
D:\Downloads>adb shell
H8324:/ $ cd data/local/tmp
H8324:/data/local/tmp $ ls
Magisk-v20.4.zip magisk-setup.sh magisk-v20.4.zip tama-mroot
magisk magisk-start.sh magiskpolicy tama-mroot.zip
H8324:/data/local/tmp $ ./tama-mroot
[+] Detected H8324-52.1.A.0.618 target
[+] Mapped 200000
[+] selinux_enforcing before exploit: 1
[+] pipe file: 0xffffffd1a9589f00
[+] file epitem at ffffffd1c9535e80
[+] Reallocating content of 'write8_inode' with controlled data......[DONE]
[+] Overwriting 0xffffffd1a9589f20 with 0xffffffd1c9535ed0...[DONE]
[+] Write done, should have arbitrary read now.
[+] file operations: ffffff9a6621ebf8
[+] kernel base: ffffff9a65080000
[+] Reallocating content of 'write8_selinux' with controlled data........[DONE]
[+] Overwriting 0xffffff9a6748f000 with 0x0...[DONE]
[+] init_cred: ffffff9a6722fcd0
[+] memstart_addr: 0xffffffef40000000
[+] First level entry: 13093e003 -> next table at ffffffd1f093e000
[+] Second level entry: 12f2ab003 -> next table at ffffffd1ef2ab000
[+] sysctl_table_root = ffffff9a6725c710
[+] Reallocating content of 'write8_sysctl' with controlled data..............[D
ONE]
[+] Overwriting 0xffffffd2316ae468 with 0xffffffd1da891000...[DONE]
[+] Injected sysctl node!
[+] Node write8_inode, pid 30891, kaddr ffffffd20b528900
[+] Replaced sendmmsg dangling reference
[+] Replaced sendmmsg dangling reference
[+] Replaced sendmmsg dangling reference
[+] Node write8_selinux, pid 30971, kaddr ffffffd1c5da4e00
[+] Replaced sendmmsg dangling reference
[+] Replaced sendmmsg dangling reference
[+] Replaced sendmmsg dangling reference
[+] Node write8_sysctl, pid 31023, kaddr ffffffd1a16d3180
[+] Replaced sendmmsg dangling reference
[+] Replaced sendmmsg dangling reference
[+] Replaced sendmmsg dangling reference
[+] Cleaned up sendmsg threads
[+] epitem.next = ffffffd1a9589f20
[+] epitem.prev = ffffffd1a9589fd8
[+] Launching privileged shell
root_by_cve-2020-0041:/data/local/tmp # ./magisk-start.sh -1
+ FRESH=false
+ '[' -1 '=' --fresh ']'
+ '[' ! -e /data/adb/magisk/busybox ']'
+ FRESH=true
+ ./magiskpolicy --live --magisk 'allow dumpstate * * *'
./magisk-start.sh[33]: ./magiskpolicy: inaccessible or not found
127|root_by_cve-2020-0041:/data/local/tmp #"
Do you see an error here which I don´t see?

@Dom195, hmm, that's strange, looks good to me.
Could you please try it again and when you get a root shell running the exploit, try following before starting magisk-setup.sh:
Code:
pwd
ls -lZ ./magiskpolicy
ls -lZ ./magisk/magiskinit64
id
id -Z
groups
cat ./magiskpolicy > /dev/null
cat ./magisk/magiskinit64 > /dev/null