Hi, I was wondering if I can get a permroot without flashing a custom rom.
I have done Revolutionary - worked superb + I added Superuser.
SetCpu works fine with various kernels - no worries there. But adb refuses to allow me su access. I can't push / pull things... some apps aquire root, others don't - Titanium Backup doesn't for example...
Now is this fixable - or do I HAVE to flash a custom rom?
Try to install busybox with busybox installer from the market
Sent from my HTC Wildfire using XDA App
fireplayer said:
Hi, I was wondering if I can get a permroot without flashing a custom rom.
I have done Revolutionary - worked superb + I added Superuser.
SetCpu works fine with various kernels - no worries there. But adb refuses to allow me su access. I can't push / pull things... some apps aquire root, others don't - Titanium Backup doesn't for example...
Now is this fixable - or do I HAVE to flash a custom rom?
Click to expand...
Click to collapse
Which version of superuser have you flashed, and how did you do it? Because it is very strange that Titanium Backup doesn't ask you for superuser access. When you open the Titanium Backup, what do you see next to "Root access:"?
As for adb: /system is mounted as r/o by default, so you have to remount it first. you can do this in adb by typing:
adb remount
Click to expand...
Click to collapse
and wait for the line that say that the remount is successful.
It seems that most of the community is gravitating toward disabling forced encryption, so I might be alone here, but I actually like the idea of having the device encrypted.
I rooted my device without flashing twrp (I'll cover the steps I took in just a second) so that it could retain the original stock recovery. I'm trying to keep the device as stock as possible, just with root and xposed.
Steps I took are as follows...
Download
Minimal ADB and Fastboot
TWRP
SuperSU (beta)
Xposed
Enable developer mode on device
Code:
adb reboot fastboot
Code:
fastboot boot twrp*.img
(I had to nuke /data at this point, otherwise it wouldn't boot)
Turn on ADB sideload in TWRP
Code:
adb sideload BETA*.zip
Code:
adb sideload xposed*.zip
It's successfully rooted and xposed framework is installed, but it's not encrypted, and if I go into Settings -> Security -> Encryption and attempt to encrypt the device, it will just hang for hours at a time.
If anyone can offer any insight as to how I can get it rooted with xposed framework while retaining device encryption, that would be super helpful.
Figured it out.
Have to create a flag file for SuperSU. It can be any of the following (note leading dot to indicate it's a hidden file)...
/data/.supersu
/cache/.supersu
/system/.supersu
In it, the file needs to contain the following:
Code:
KEEPFORCEENCRYPT=true
Easiest way to accomplish this, for my purposes, is to do
Code:
adb shell 'echo "KEEPFORCEENCRYPT=true" >/data/.supersu'
I restored completely to stock before doing this, to avoid any possible issues. Also, this currently only works with BETA version (SuperSU 2.74). This particular flag's behavior might be inverted in the future, i.e., SuperSU might leave forceencrypt flag by default and require a flag to disable forceencrypt.
This guide presupposes that you have Supersu installed as systemless, and that you have access to adb.
This will bypass provisioning checks for builtin tether app. The modded apk should work with future updates without touching /system at all.
Installation
Method 1 - Manual install
Download the attached CarrierEntitlement apk.
If you have su.img su:
Code:
adb push CarrierEntitlement.apk /sdcard/CarrierEntitlement.apk
adb shell
su
mkdir /su/CarrierEntitlement
cp /sdcard/CarrierEntitlement.apk /su/CarrierEntitlement/CarrierEntitlement.apk
chmod 644 /su/CarrierEntitlement/CarrierEntitlement.apk
echo "mount -o bind /su/CarrierEntitlement/CarrierEntitlement.apk /system/priv-app/CarrierEntitlement/CarrierEntitlement.apk" > /su/su.d/05TetherMod
chmod +x /su/su.d/05TetherMod
reboot
If you have sbin su (Android 8.0+)
Code:
adb push CarrierEntitlement.apk /sdcard/CarrierEntitlement.apk
adb shell
su
mkdir /sbin/supersu/CarrierEntitlement
cp /sdcard/CarrierEntitlement.apk /sbin/supersu/CarrierEntitlement/CarrierEntitlement.apk
chmod 644 /sbin/supersu/CarrierEntitlement/CarrierEntitlement.apk
echo "mount -o bind /sbin/supersu/CarrierEntitlement/CarrierEntitlement.apk /system/priv-app/CarrierEntitlement/CarrierEntitlement.apk" > /sbin/supersu/su.d/05TetherMod
chmod +x /sbin/supersu/su.d/05TetherMod
reboot
Method 2 - Flashable Zip (su.img only)
Code:
1. Download attached zip.
2. Flash in TWRP (Last tested in alpha 2)
Information
This mod is accomplished by replacing the following function:
Code:
.method public static getCarrierEntitlement(Landroid/content/Context;)Lcom/google/android/carrierentitlement/CarrierEntitlement;
.registers 2
.param p0, "context" # Landroid/content/Context;
.prologue
.line 56
const/4 v0, 0x0
return-object v0
.end method
NOTE: Post install
You may need to edit your APNs to get tethering working for your carrier.
On sprint, where editing APNs is disabled, the fix is here: Sprint Fix
Be sure to thank @Builtfordtough1 for all his help in diagnosing the issue at this post: The Solution!
Be sure to thank sb1893 for sbin su instructions.
Worked Perfectly
This worked perfectly. Fantastic job!
So I am on stock with unlocked bootloader, twrp installed, and rooted with SuperSU. Because this is an apk file, do i just download onto the phone and install as I would with any other .apk file?
coolhandz said:
So I am on stock with unlocked bootloader, twrp installed, and rooted with SuperSU. Because this is an apk file, do i just download onto the phone and install as I would with any other .apk file?
Click to expand...
Click to collapse
The directions clearly state in adb speak that you need to create a directory for the file. Move to said directory, change permissions, etc etc. Nothing about installing via the apk.
pcriz said:
The directions clearly state in adb speak that you need to create a directory for the file. Move to said directory, change permissions, etc etc. Nothing about installing via the apk.
Click to expand...
Click to collapse
well, i can follow basic commands in minimal adb & fastboot. I think this may be above me unless there is an idiots' guide.
coolhandz said:
well, i can follow basic commands in minimal adb & fastboot. I think this may be above me unless there is an idiots' guide.
Click to expand...
Click to collapse
Do you have access to adb? They are pretty straight forward. May need to view them on the website but if you are using an app it may throw the word wrap off and make the commands seem confusing. The directions are pretty word for word.
pcriz said:
Do you have access to adb? They are pretty straight forward. May need to view them actually on the website but if you are using an app it may throw the word wrap off and make the commands seem confusing. The directs are pretty word for word.
Click to expand...
Click to collapse
If by adb you mean minimal adb & fastboot, then yes I have access and I could probably brave it.
coolhandz said:
If by adb you mean minimal adb & fastboot, then yes I have access and I could probably brave it.
Click to expand...
Click to collapse
I wouldn't suggest doing it how I did it but I downloaded the file to my phone. I created the directory using a root enabled file browser (see mkdir command {make directory}). I even used the file properties option in solid explorer to change the permissions (see chmod 644). Every other command I did on the phone from a terminal emulator. Just had to ignore the adb shell command because I am actually doing them on the device and not through a shell on my computer.
pcriz said:
I wouldn't suggest doing it how I did it but I downloaded the file to my phone. I created the directory using a root enabled file browser (see mkdir command {make directory}). I even used the file properties option in solid explorer to change the permissions (see chmod 644). Every other command I did on the phone from a terminal emulator. Just had to ignore the adb shell command because I am actually doing them on the device and not through a shell on my computer.
Click to expand...
Click to collapse
yeah, all that is definitely outside of my comfort zone, but thank you for the info.
Can you normally update your device with OTA-updates like a un-rooted device, without flashfire or connect to your computer?
Is there an advantage to doing this over adding "net.tethering.noprovisioning=true" to the build.prop file?
airmaxx23 said:
Is there an advantage to doing this over adding "net.tethering.noprovisioning=true" to the build.prop file?
Click to expand...
Click to collapse
This mod is systemless, and should survive OTAs. That mod changes the build.prop on the system partition, which could prevent taking OTAs.
njeri123 said:
Can you normally update your device with OTA-updates like a un-rooted device, without flashfire or connect to your computer?
Click to expand...
Click to collapse
Any modification to the boot image *should* prevent OTAs from working at all. However, you can flash back to stock boot images, and take OTAs as long as you have not modified /system, which this mod does not do.
Furthermore, as long as you don't wipe /data/ this mod will live in su.img and survive when you flash newer system software.
Fenny said:
This mod is systemless, and should survive OTAs. That mod changes the build.prop on the system partition, which could prevent taking OTAs.
Any modification to the boot image *should* prevent OTAs from working at all. However, you can flash back to stock boot images, and take OTAs as long as you have not modified /system, which this mod does not do.
Furthermore, as long as you don't wipe /data/ this mod will live in su.img and survive when you flash newer system software.
Click to expand...
Click to collapse
Thanks for the explanation, I removed the build.prop line and used this method and it's working fine. Thank you.
@Fenny
Thank you so much for putting this into a .zip file. It is greatly appreciated!
is there a non root method to bypass the checks? i dont plan on unlocking or rooting since i use android pay...
ddarvish said:
is there a non root method to bypass the checks? i dont plan on unlocking or rooting since i use android pay...
Click to expand...
Click to collapse
I also use Android pay, so I have two boot images ready to fastboot or flash. I have a boot image with root, and a boot image without root running a kernel that hides the bootloader unlocked flag.
So, the way I handle this, I flash the unrooted (bootloader flag hidden) image as my daily driver kernel, this passes safetynet, and allows me to use Android pay.
I make a backup of that boot image. Then, I install TWRP, my custom kernel, and SuperSU. I make a backup of that image as well.
So I have two backed up boot images:
rooted.img
HideBLUnlock.img
I flash HideBLUnlock.img to boot a, and boot b, safetynet passes.
Whenever I need to tether I have my computer with me, so I "fastboot boot rooted.img" which leaves me rooted until my next reboot.
Depending on your usage you might want to reverse that.
All my mods get stored in su.img, so switching out the boot images is all I need to have the best of both worlds.
Is it possible to fastboot boot twrp and flash the zip without being rooted or having twrp actually installed? O unlocked my bootloader but that's been it
Ocelot13 said:
Is it possible to fastboot boot twrp and flash the zip without being rooted or having twrp actually installed? O unlocked my bootloader but that's been it
Click to expand...
Click to collapse
You can use the fastboot twrp image to install this mod but you MUST have SuperSu. I have basic validation to check that in my update.zip. If you don't have a su.img in /cache or /data, this mod cannot be installed.
Flashed via TWRP and now i finally have a fully functioning hotspot!!
Fenny said:
I also use Android pay, so I have two boot images ready to fastboot or flash. I have a boot image with root, and a boot image without root running a kernel that hides the bootloader unlocked flag.
So, the way I handle this, I flash the unrooted (bootloader flag hidden) image as my daily driver kernel, this passes safetynet, and allows me to use Android pay.
I make a backup of that boot image. Then, I install TWRP, my custom kernel, and SuperSU. I make a backup of that image as well.
So I have two backed up boot images:
rooted.img
HideBLUnlock.img
I flash HideBLUnlock.img to boot a, and boot b, safetynet passes.
Whenever I need to tether I have my computer with me, so I "fastboot boot rooted.img" which leaves me rooted until my next reboot.
Depending on your usage you might want to reverse that.
All my mods get stored in su.img, so switching out the boot images is all I need to have the best of both worlds.
Click to expand...
Click to collapse
This is facinating, do you ever think where we can use boot a and boot b in a multiboot like fashion so that when you turn on the device you can choose what to boot?
Hello,
I am trying to root my own Android. I was able to get dirty cow exploit running, which allows me to write to files that I should not be to, including files in /system directory. How can I take advantage of that?
I was able to take advantage of binary with setuid, I overwritten it with my binary, which ran setpropes to enable adb over Wifi (setprop service.adb.tcp.port 6565). Otherwise I don't have access to adb, it doesn't work over USB for some reason, but now I lost the binary file.
Apart from that I was able to modify /etc/hosts, which is helpful, but not that groundbreaking.
Version is 4.4.2, kernel 3.0.19. No adb.
What would you recommend to do?
Edit:
A managed to turn on wifi over adb by overriding " /system/bin/fsck_msdos" and plugging in usb. Now I can access adb over wifi. Also reading trough this:
https://forum.xda-developers.com/general/security/dirty-cow-t3484879/page4
I think I already know the answer but you'll never know.....
I am looking into options to use LOS17 in combination with LOS recovery because then it is possible to have OTA updates even when storage is encrypted.
Though, I would like to have the option to use a script so I can remove some system apps, add some stuff to build.prop and remove some temporary files after every OTA.
As far as I know the only way this is possible is to add an a script to /system/addon.d.
Therefor I have tried using adb to push a file, though when phone is not rooted, it is not possible to use adb root and then adb remount rw and adb push.
So here the questons;
- Is is possible to add a script to /system/addon.d, though without root and without TWRP?
- When not; is there another way to run a script after every OTA without root and without TWRP?
Setup:
LOS 17.1 without root, encrypted and locked bootloader
I will answer myself as it seems OR a stupid question OR something else....
But, as already expected, without root en with a locked bootloader, the recovery is the only place where you can do something root-related when the recovery is giving this option ofcourse. LOS recovery, automatic OTA updates and additional scripts is therefor not possible because you can not place or modify stuff in /system (as it should be out of security concerns on non-rooted devices).
Though, @nvertigo67 posted a nice post about this topic. After reading I realised that, as I want to be in control of my phone AND I want to pay something back to our great dev's, I will definitely stick with TWRP and flashing and running scripts myself.
How to install LOS with TWRP, encrypt en relock bootloader can be found here.
Topic closed for me.
I messed it up myself with my modified build.prop settings:
By design adb root command works in development builds only (i.e. eng and userdebug which have ro.debuggable=1 by default). So to enable the adb root command the ro.debuggable=1 line must be in build.prop, which I have set to 0 for CTS reasons.
Unfortunately it seems my banking app is looking for this parm because when set to 1 the app is giving an error message on startup.
So no adb root for me as long as I want to use the banking app.