There is a known way to root phone via zergRush exploit. However, it has some drawbacks (you need to do it again from computer after a reboot, it may cause some stability issues, ...).
I've benn thinking about a way to root Wildfire S without having to modify system partition. There is my idea:
When root privileges are temporarily escalated, you can edit /data/system/packages.xml. There is a list of apps with their uids. If you change an uid of an app to 0, the app have granted root permissions, I think. (Well, a chown would be probably also needed.) If this is true, you can use an app that runs a script on every start (it can be done by DroidWall) and mount a ramdisk with su and busybox on every start.
However:
* The Wildfire S I'd test it on is not my phone.
* From an unknown reason, I haven't found anything about it. But I consider this to be so obvious. It looks like there is a problem.
Related
I have a few noob questions hopefully someone can answer
I rooted using toasts method part 1 and part 2
I have flipz .6 rooted rom and radio 1.39.00.05.31
Do I always have to go into hboot then select recovery every time or is there a direct path to boot into recovery?
Every time I install custom roms will i have to redownload all my apps every time? If so is there a way to easily back up the apps and restore them?
The superuser permissions app is there after rooting what is it used for?
LxMxFxD - the act of "ROOTING" is the act of giving super user. Super users are accounts on a phone or linux/unix device that can do EVERYTHING on the machine. Like the admin on windows. The whole point of rooting a phone is so you can get super user permissoins.
When i select the superuser permissions app i just see a black screen, should it do more than that?
ccapasso - What you are seeing is normal. The SuperUser Permission app is by default blank. However, once you start using apps that require su permission, such as Wireless Tether, it CAN start to have entries in it. I say CAN because you will notice that when you choose the Wireless Tether app, you will get a prompt asking you to allow. If you choose allow, it will continue as always. However, if you choose Always Allow, you will no longer get that prompt. Also, once you choose Always Allow, your SuperUser Permission app will now show a listing in it. If you simply choose Allow instead, you would still have nothing listed in the SuperUser Permission app.
How do I remove the proprietary apps?
you need to be in the recovery
from the cmd window type
Code:
adb shell
mount /dev/block/mtdblock4 /system
cd /system/app
rm amazonmp3.apk
check this post for a list of apps to remove
can anyone help me out with question 1 or 2?
1) http://forum.xda-developers.com/showthread.php?t=702214 - here's one way to do it...
2) Try Titanium Backup in the App Store - I tend to like it quite a bit.
oubravs2b said:
1) http://forum.xda-developers.com/showthread.php?t=702214 - here's one way to do it...
2) Try Titanium Backup in the App Store - I tend to like it quite a bit.
Click to expand...
Click to collapse
thanks!
Hi there!
I'm trying to root Ziio 7 unit I got for a review for PurePC.pl, and so far so good I installed SuperUser app and su and busybox binaries. Now using terminal I can su without any problems. But the thing is, SU only seems to be working in terminal emulator. I've tried using some apps that should use root like ShootMe and ScreenshotIt, SetCPU and they just doesn't work.
ShootMe says "Starting Server failed", plus info that i need to have root access and enabled access to lower graphics (whatever it is).
ScreenshotIt just doesn't work without any information why, and SetCPU FC's after selecting profile. Although it gets me a nice SuperUser dialog, but that's as far as it goes, cause it crashes right after that.
Am I missing something to have a complete root? Interesting thing is that on this device, preferred PATH for executable binaries is /data/busybox/, and not a usual /system/bin. Interestingly, my su binaries refused to work from /data/busybox directory, so I moved them to /system/bin. Rest of the utilities and such are still in /data/busybox, but I don't know if this information is important in any way Have I missed something along the way? Please help. Cheers.
OK, I know why su gave me permission denied when running from /data/busybox. The /data partition was mounted with nosuid. But still the applications such as ShootMe won't work.
I waiting for. If who has a good new. Please tell me to private message.
Have you made any progress on this bagienny?
I originally posted this in the FRX thread, but it actually applies to GRX as well, in addition to every other build that is based on them. If you don't see root prompts when you run root programs, this applies to your build.
Right now XDAndroid is shipped pre-rooted, enabling any app (including off the Market) to access any of your data or connections without any limitation, and it would be completely invisible to the user.
There's an open-source app called Superuser that closes this gaping security hole by enabling root escalation prompts. Most ROMs for other devices that are rooted ship with this.
Unfortunately, just downloading Superuser off the Market doesn't work with our setup, relative to all the other ROMs out there we have a very peculiar way of setting up our systems using the rootfs.
It is possible to make this work by (either via ADB or mounting the files in Linux):
(1) remove the two bind mounts found in the rootfs init for su
(2) remove the outdated /system/xbin/su (in system.ext2)
(3) copy in a newer, compatible su that Highlandsun extracted from his G1 image in /bin/su (on the rootfs). Ensure that permissions are set with chmod to 6755
(4) create a symbolic link in /system/xbin/su (in system.ext2) to /bin/su (on the rootfs). This mirrors the setup of su with its location in /bin with a symlink from /system/xbin of native Android devices.
Now if you install Superuser off the Market, it will work.
Assuming stine is ok with this (I don't see why he wouldn't be) this should make the next builds, both GB and Froyo.
Hello.
I have rooted my phone using
http://htc-one.wonderhowto.com/how-to/unlock-bootloader-root-your-htc-one-m8-0154444/
(in short, it's using SuperSU 2.00)
After some efforts, Root Checker says i am fine. I can get id 0 from adb, and via ssh.
But ... Busybox fails to install.
And if I remount /system RW, and mess in there a bit (like mkdir /system/tmp ), the mess is removed after reboot. Changes are not permanent.
Must I change my su app for superuser mentionned in the FAQ of the section (via recovery) ? Are there things to do before this migration ?
Other possible issues ?
I am used to fully unlocked HTC Sensation, where I changes to /system are easily permanent. But it was done using an exploit, few before HTC allowed rooting officially. Rooted M8 does not seem as much friendly ...
I *really* need busybox to work, and make permanent changes to /system. I am stuck.
Thanks.
doublehp said:
Hello.
I have rooted my phone using
http://htc-one.wonderhowto.com/how-to/unlock-bootloader-root-your-htc-one-m8-0154444/
(in short, it's using SuperSU 2.00)
After some efforts, Root Checker says i am fine. I can get id 0 from adb, and via ssh.
But ... Busybox fails to install.
And if I remount /system RW, and mess in there a bit (like mkdir /system/tmp ), the mess is removed after reboot. Changes are not permanent.
Must I change my su app for superuser mentionned in the FAQ of the section (via recovery) ? Are there things to do before this migration ?
Other possible issues ?
I am used to fully unlocked HTC Sensation, where I changes to /system are easily permanent. But it was done using an exploit, few before HTC allowed rooting officially. Rooted M8 does not seem as much friendly ...
I *really* need busybox to work, and make permanent changes to /system. I am stuck.
Thanks.
Click to expand...
Click to collapse
The /system partition is write protected on stock, meaning you can't add, modify, or delete files there. To disable this, you need to flash a kernel or rom with this disabled. Pretty much all sense based roms/kernels will state this in the features. I believe S-Off also disables it if you want to go the extra mile.
PS: Write protection is disabled in recovery. That is why superuser/root could be installed there.
PPS: Here is the kernel I run (protection disabled): http://forum.xda-developers.com/showthread.php?t=2705613
akitten007 said:
The /system partition is write protected on stock, meaning you can't add, modify, or delete files there. To disable this, you need to flash a kernel or rom with this disabled. Pretty much all sense based roms/kernels will state this in the features. I believe S-Off also disables it if you want to go the extra mile.
PS: Write protection is disabled in recovery. That is why superuser/root could be installed there.
PPS: Here is the kernel I run (protection disabled): http://forum.xda-developers.com/showthread.php?t=2705613
Click to expand...
Click to collapse
So, is there a way to install busybox via recovery ?
I did 3 things in recovery: all in /system/xbin
- chmod +s su
- touch t
- mkdir tmp
after reboot to normal mode, SUID bit was removed, but t and tmp are still here.
So, how do I install busybox ?
New issue: /data has the nodev flag; is it possible to remove it ?
I did not found /dev/shm ; was it moved somewhere else ? Any other place for similar use ? (world write temp folder in RAM).
akitten007 said:
PPS: Here is the kernel I run (protection disabled): http://forum.xda-developers.com/showthread.php?t=2705613
Click to expand...
Click to collapse
If your kernel allows me to install busybox, can i backup my original kernel to restaure it afterwards ?
Can I install busybox manually via recovery+adb ? I don't have any dev suite, but a good linux station; so, I can unzip, list, copy, and so on ... if there is not too much work to do.
doublehp said:
If your kernel allows me to install busybox, can i backup my original kernel to restaure it afterwards ?
Can I install busybox manually via recovery+adb ? I don't have any dev suite, but a good linux station; so, I can unzip, list, copy, and so on ... if there is not too much work to do.
Click to expand...
Click to collapse
Now you're starting to go over my head. If you want to keep your current kernel, I would try using this method here to manually add the module that disables the protection http://forum.xda-developers.com/showthread.php?t=2702575. I usually just install busybox using rom toolbox or any other busybox app. You could search for a busybox zip, but just disabling the write protection is a better option in my opinion. And I have actually 0.00 idea what flags mean on folders (sorry).
I rooted using TWRP recovery and super su. That guide you posted gives unnecessary instructions. TWRP automatically installs the SU binary and Super su the first time you boot into it. I was able to update Super su via google play, no need for the update zip. Just follow the instructions after rebooting to system from TWRP recovery.
I'm s-off, unlocked, my kernel, firmware and os are stock, only thing that isn't is recovery. I have write access to system and external sd card. All I did was make it writable with root explorer and have installed busy box no problem using this app https://play.google.com/store/apps/details?id=stericson.busybox.
I was given a better fix.
http://forum.xda-developers.com/showthread.php?t=2701816
In short:
adb push /mnt/big/tmp/wp_mod_m8.ko /mnt/sdcard/Download/
insmod /mnt/sdcard/Download/wp_mod_m8.ko
mount -o remount,rw /system
cd /system
touch z
mkdir zz
reboot
[email protected]_m8:/storage/emulated/legacy # cd /system/
[email protected]_m8:/system # ls
app
bin
build.prop
customize
etc
fonts
framework
lib
lost+found
media
priv-app
tts
usr
vendor
xbin
z
zz
[email protected]_m8:/system #
The miror is on maintainance for now. So, the guy on IRC gave me his local backup. I will push it here for 30 days:
http://dl.free.fr/gSha53ljz
(server will delete it after 30d nobody downloads it)
Busybox still fails to install; don't know why.
https://redd.it/59n5r9
If its possible to do on other phones that run the un-patched kernel I suppose it can be done on the Spring G5. If so that would be the luckiest break ever lol.
Not sure if its really going to be a root method and let super user work because the owner of the repo said "I put 'root' in quotes, because technically, it isn't rooting. However, it creates a binary called 'run-as' that can execute packages as root.".
He also he mentioned it has'sent been tested on 64-bit
I'm working on trying to understand how exactly the bug works, and to see if it can be replicated. In theory, it should work because even 64-bit desktop kernels are affected. Additionally, the bug still exists in the kernel upstream, so all Android devices should be affected.
Update on this. The exploit does work on the LG Stylo 2, which is running very similar software to the LG G5, but I am having issues installing su, but I do have root...temp root at least.
this will not root your phone to let you run titanium backup or Xposed APIs. If you lucky you can maybe make changes to build.prop and only if the system partition is not signed like the kernel is. So I would not bet on this.
with temp root can you mount system as rw and make changes? if not it's completly pointless
can you provide binary, so we do not have to compile. I would try it as well
lg phone ever not get root?
I have the exploit running on my Stylo 2, but I can't do anything. SELinux is set to enforcing, but I do have a root shell.
Code:
λ adb -d shell
[email protected]:/ $ run-as exec whoami
Warning: setcon transition to 'u:r:init:s0' failed (is SELinux Enforcing?)
root
[email protected]:/ $ run-as exec dd if=/dev/block/bootdevice/by-name/boot of=/sdcard/boot.img
Warning: setcon transition to 'u:r:init:s0' failed (is SELinux Enforcing?)
dd: /dev/block/bootdevice/by-name/boot: Permission denied
1|[email protected]:/ $
can you mount system partition as r/w to modify system files?
We can use the Dirtycow exploit to replace any file in the system memory with a file of the same size, but All files will revert once rebooted thanks to SELinux as mentioned, it enforces whatever file you replaced with same security. Escalated privileges doesn't seem possible while SELinux is enforcing. There is a thread dedicated for more discussion from others with more knowledge below:
http://forum.xda-developers.com/general/security/dirty-cow-t3484879
Believe me many people are working for this to be our Savior.
Couldn't we use this method, modify the update file to be rooted, then let the 7.0 install itself?