Related
First you must to install yaffs!!!
Download attached archive and unpack it to /usr/sbin/ folder with your File Manager or Terminal window. I preffered File Manager, it is simpliest way.
After copyed mkfs.yaffs2 and unyaffs, you must to change permissions on these two files.
Open Terminal if you don`t previously opened and write...
[email protected]_name:~$ sudo nautilus
Nautilus is File Explorer on Ubuntu Linux. On other Linux distribution you may have other File Explorer. Anyway... open it with sudo command.
Enter your root password and navigate to /usr/sbin folder.
Find these two files mkfs.yaffs2 and unyaffs.
Right click mouse on it then click to see "Properties".
In properties tab you will see "Permissions" tab.
Click on it and set "read and write" option for all users and group in this tab then close window and Terminal.
You can change permission in the Terminal window with this command if you want...
[email protected]_name:~$ sudo chmod 667 /usr/sbin/mkfs.yaffs2
[email protected]_name:~$ sudo chmod 667 /usr/sbin/unyaffs
This is it for install mkfs.yaffs2 and unyaffs.
After that, create new folders on your desktop named as "newrom".
Copy system.img from ROM instalation folder to newrom folder and run unyaffs.
Open terminal and type... Only type BOLD text.
[email protected]_name:~$ cd /home/your_name/Desktop/newrom
[email protected]_name:~/Desktop/newrom$ unyaffs /home/your_name/Desktop/newrom/system.img
Wait unyaffs to uncompress all files and folders from system.img
When unyaffs has been completed uncompress procedure, you will see something like that...
end of image
[email protected]_name:~/Desktop/newrom$
Close terminal window if you want to close.
Open folder newrom and delete system.img file. Folder "newrom" contains everything from your system.img file. You may to change, delete or something else to create your new Android build. Yes you may to be ROM cookers.
After your intervention on files and many other stuff in your "new rom", you will be prepare to create your new "system.img" file.
This process must to be in other folder with diference name. Not to be in same folder where is your previous uncopressed folders and files. In my case this folder is "newrom".
Folder for new "system.img is my Desktop.
Ok, let see what we must to do... In case when you previous closed Terminal window, you must be placed on Desktop uses CD command in Terminal.
[email protected]_name:~$ cd Desktop
You must see this...
[email protected]_name:~/Desktop$
Enter this...
[email protected]_name:~/Desktop$ mkfs.yaffs2 newrom/ system.img
And you must see this...
mkfs.yaffs2: Android YAFFS2 Tool,Build by PowerGUI
at http://www.openhandsetalliance.org.cn
Building...
Build Ok.
[email protected]_name:~/Desktop$
After that you will see new system.img on your Desktop.
For boot.img file, procedure is same except name of *.img file.
That`s it. I hope that is help.
Thanks to everyone who helped me to write this guide.
Enjoy.
FileFixer.
so much thanks. i'll have a try~
Ignore this
I have extracted the files in to the directories as suggested but when I run the command to extract the system.img I get access is denied. I have tried this as my standard user account and logged on as root any ideas?
Edit: modified the permissions on the two files I dumped in to sbin and resolved the issue!
Yes... If you don`t permission you can login as root and change rigts on this two files.
In my case i just copy these two files in /usr/sbin folder and everything work fine.
This is, maybe i think,for per user mod.
I would be to edit thread for this problem...
Works very well very nice thread man. I was able to fully extract the img file from a gingerbread build and play arround with it and rebuild it cheers!
Pictures or video's?
You will be free to create them. I have no much time for this. if you try my procedure step by step, you can learn something...
@FileFixer
Maybe you could also post a way for us to edit the initrd.gz files in the rom builds, so we can make some changes that are necessary for SD builds to work with MAGLDR "AD SD" option ourselves?
Thanks, Santroph.
Unpack initrd.gz on your desktop and open cpio archive. Inside is a few scripts and few elf files.
I am not developer but i will trying to learn more about this.
Pretty useful tutorial i will try that soon.
FileFixer said:
Unpack initrd.gz on your desktop and open cpio archive. Inside is a few scripts and few elf files.
I am not developer but i will trying to learn more about this.
Click to expand...
Click to collapse
Cool guide did you have any help you would like to credit
No, i don`t have any help about this. I just playing with some files.
FileFixer said:
No, i don`t have any help about this. I just playing with some files.
Click to expand...
Click to collapse
KillaHurtz said:
Cool guide did you have any help you would like to credit
Click to expand...
Click to collapse
hehe
(10 chars)
When I use the command unyaffs /home/your_name/Desktop/newrom/system.img I get an error open image file failed.
Why is this not working for me?
...
Never mind, it worked!
Very useful topic!
Yo MUST be placed in to your "newrom" folder before start unyaffs command.
[email protected]_name:~$ cd /home/your_name/Desktop/newrom
then type this...
[email protected]_name:~/Desktop/newrom$ unyaffs /home/your_name/Desktop/newrom/system.img
Only type BOLD text.
Never mind, it worked for you!
After repack - no root
I did unpack and repack system.img according this guide (without any changes - only for testing). After flash the ROM works fine, but is not rooted. Original ROM is rooted.
Why? I didn't make any changes in unpacked system.img.
Can anyone help me with this, please?
Thanks.
I think that you must set permissions to all before pack img file.
santroph said:
@FileFixer
Maybe you could also post a way for us to edit the initrd.gz files in the rom builds, so we can make some changes that are necessary for SD builds to work with MAGLDR "AD SD" option ourselves?
Thanks, Santroph.
Click to expand...
Click to collapse
Hi,
Here's a quick howto
* mkdir initrd-temp
* cp initrd.gz initrd-temp
* cd initrd-temp
* gunzip initrd.gz -c | cpio --extract --make-directories
* rm initrd.gz
* Make your changes
* find .|cpio -H newc -o|gzip -9 -c - > ../initrd.gz
I hope that helps
Hey,
thanks for this useful thread!
I have problems in this whole process of booting a custom rom ( in my case Miui) in the Emulator . I have compiled the whole rom on a Linux VM with your Guide and pushed it in a Windows system into android-9/images/system.img but it won't boot I don't know what I am doing wrong. My system.img is 2 GB big I think this is not normal. if i am replacing the system.img with the original out of the emulator, it is booting. I just want to boot the Miui rom to port some features to Cyanogenmod... Thanks in advance. I have a HTC Legend btw .
I'm new @xda and @SGy. Please tell me how to get boot.img of my kernel(As boot.img file)
(This file is for my f***ing bro. I don't let him to touch my SGy.)
Pls tell a easier method.
••••Rocking SGy™••••
Use root explorer and extract. Or andro zip. Any file manager free
Sent from City of Angels
Install Terminal Emulator from Google Play Store and enter these commands one after the other:
su
dd if=/dev/block/bml7 of=/sdcard/boot.img
tar cvf /sdcard/kernel-backup.tar /sdcard/boot.img
Boot.img and Kernel-backup.tar (for Odin flash) will be created.
Raol Emostar said:
Install Terminal Emulator from Google Play Store and enter these commands one after the other:
su
dd if=/dev/block/bml7 of=/sdcard/boot.img
tar cvf /sdcard/kernel-backup.tar /sdcard/boot.img
Boot.img and Kernel-backup.tar (for Odin flash) will be created.
Click to expand...
Click to collapse
Hi Raol,
I typed the command above and got my boot.img. However, when I try to work on it with Kitchen, it tells me that I must first root my ROM... but my ROM is already rooted. Is there someting missing in my boot.img? Is there another command to include the su binaries in the boot.img?
NB: I have a Samsung Galaxy Y Duos
JohnNAVI said:
Hi Raol,
I typed the command above and got my boot.img. However, when I try to work on it with Kitchen, it tells me that I must first root my ROM... but my ROM is already rooted. Is there someting missing in my boot.img? Is there another command to include the su binaries in the boot.img?
NB: I have a Samsung Galaxy Y Duos
Click to expand...
Click to collapse
nothing missing ............(BTW What Is Ur File Size)
root is usually stored outside the kernel. some of kernel have build in root, but it's only on custom kernel. stock kernel never have build in root. btw, what are you trying to do with your kernel? dsixda kitchen only have limited option to modify kernel. as far as I know it only has extract, build, and add init.d option. I've been doing that for several times and it succed. all my modified kernel is created via dsixda's kitchen.
kurotsugi said:
root is usually stored outside the kernel. some of kernel have build in root, but it's only on custom kernel. stock kernel never have build in root. btw, what are you trying to do with your kernel? dsixda kitchen only have limited option to modify kernel. as far as I know it only has extract, build, and add init.d option. I've been doing that for several times and it succed. all my modified kernel is created via dsixda's kitchen.
Click to expand...
Click to collapse
I'm triying to add init.d option to my rooted stock kernel. Unfortunately, I always get the following message in Kitchen:
'su' binary not found under working folder!
You must root your ROM first.
But if, as you say, root is stored outside the kernel, I understand why it doesn't work. Is there another way to add init.d to my stock kernel?
BTW, my boot.img file is 5120Ko.
search mikstev's post about droidwall. you can find the tut inside his zip file. extract that file then check readme.txt
EDIT: I forgot that you're using sgy duos. you'll need to extract boot.img via kitchen, find init.rc. add these script
Code:
start sysinit
class_start default
and
Code:
service sysinit /system/bin/logwrapper /system/xbin/busybox run-parts /system/etc/init.d
disabled
oneshot
please refer to mikstev's init.rc to find where to put those script.
I tried to extract boot.img via Kitchen following mikstev's tuto, but it didn't work.
I have my boot.img in a folder called /kitchen/WORKING_XXX. In kitchen, I choose 0, then 20 and 'w'. And I get the following message:
Working folder found
Error: system folder not found under working folder!
I could extract boot.img with 'a'. I then get a file called zImage and a folder called boot.img-ramdisk. In boot.img-ramdisk I find the init.rc file. I modify it by adding the scripts following mikstev's tuto. But then, I cannot build a new boot.img as the 'b' option in not available in kitchen.
Do you have any idea why I cannot complete mikstev's tuto?
EDIT: Please do not take into account what I wrote above. My problem was that the file called zImage and the folder called boot.img-ramdisk must be placed in a folder named BOOT-EXTRACTED and not EXTRACTED_BOOT as mentioned in mikstev's tuto.
ah...thats it. you don't have system folder in working_xxx folder. if you have cwm, make a backup of your rom, copy system.rfs.tar to your computer, extract the file, then put whole system folder into working_xxx.
kurotsugi said:
ah...thats it. you don't have system folder in working_xxx folder. if you have cwm, make a backup of your rom, copy system.rfs.tar to your computer, extract the file, then put whole system folder into working_xxx.
Click to expand...
Click to collapse
I tried your method and that's probably the best way to make it work.
But I found a way around. What I did is extract my boot.img with the 'a' option (no need for system folder), rename the folder where boot.img has been extracted to BOOT-EXTRACTED, modify init.rc and build a new boot.img with 'b' option. Maybe not as clean as your method, but it's a newbie way .
I then installed the new boot.img and I checked that the init.rc file in my root was the modified one (which was the case). However, it seems that init.d support is not working as the scripts installed in the init.d folder didn't execute. Is it due to my noob method? Should I try your method instead?
Thanks a lot for helping me in my first steps in the Android world.
how did you test the init.d script? a simple way to test init.d script is by make a file in init.d contain
Code:
#!/system/bin/sh
touch /data/kurotsugi.txt
make sure that you have installed busybox and set the file permission to 777 (rwxrwxrwx). if the init.d script is working you'll find kurotsugi.txt in /data
kurotsugi said:
how did you test the init.d script? a simple way to test init.d script is by make a file in init.d contain
Code:
#!/system/bin/sh
touch /data/kurotsugi.txt
make sure that you have installed busybox and set the file permission to 777 (rwxrwxrwx). if the init.d script is working you'll find kurotsugi.txt in /data
Click to expand...
Click to collapse
I set the permission to 777 and your test file (called 03test) in init.d but nothing happens.
What I did in fact is to put the following command line in the updater-script of my update.zip file (used to transfer the 03test file to init.d):
Code:
set_perm(0, 0, 0777, "/system/etc/init.d/03test");
Any idea why this doesn't work?
have you install the busybox?
if that method didn't work you can try the other method that I've given to you.
I have busybox installed. But when I want to
Code:
chmod 777 03test
I get the following error message:
Unable to chmod 03test: Read-only file system
That's why I have to go through the update.zip method.
I also reinstalled the new boot.img created with your method but nothing changes. The scripts in init.d don't run at startup.
JohnNAVI said:
I think I have found the reason why it doesn't work. I have installed Busybox v1.18.14 and it looks like run-parts is not supported in this version. I will install a new version of Busybox and I will keep you posted.
Click to expand...
Click to collapse
It was a problem with the old Busybox version that did not support run-parts. I installed v1.19.4 and everything is working fine now.
Thank you so much for helping me kurotsugi. Have a nice day.
First off, I can't take credit for this. ninthsense and etherfish discovered the missing information in the ICS files. There are missing permissions for the keyboard backlight in the boot image, and the actual file that controls lights, /system/lib/hw/lights.n1.so is missing some stuff.
This also fixes force-close related freezes by setting the default.prop to insecure and debuggable.
manual method
Now with CWM goodness!
DOWNLOAD LH2 file for official ICS RELEASE
Awesome!
does not work for me...
Worked perfect here, that fixes my only serious issue with the ICS rom.
I'm glad i was of some help . My first significant contribution to android. Will have to get back home to test it.
does not work for me either. used Root Explorer to take the "lights.n1.so" file from download and overwrote it at /system/lib/hw/lights.n1.so, and rebooted several times, and still got nothing
The_Bizzel said:
does not work for me either. used Root Explorer to take the "lights.n1.so" file from download and overwrote it at /system/lib/hw/lights.n1.so, and rebooted several times, and still got nothing
Click to expand...
Click to collapse
Overwriting the file won't work in my opinion. As these files are part of the boot.img and resides inside the ramdisk. So even if you change something in the ramdisk and then reboot you'll return to the original version.
I guess the only way is to flash the boot.img with the files inbuilt in to the ramdisk. So the boot.img posted by "Nardholio" should work.
Mhh just copying the .so file does not work for me to, even after wiping the caches.
I'm going to try this boot.img thing later this day.
Nardholio said:
First off, I can't take credit for this. ninthsense and etherfish discovered the missing information in the ICS files. There are missing permissions for the keyboard backlight in the boot image, and the actual file that controls lights, /system/lib/hw/lights.n1.so is missing some stuff. To fix it, just copy the version from Gingerbread over the ICS version and reboot. Note this requires root. The attached post contains the file you need and an optional boot.img mod that will fix force-close related freezes and will enable the keyboard light to be controlled by third party utilities.
http://forum.xda-developers.com/showpost.php?p=30591025&postcount=42
Click to expand...
Click to collapse
Didn't work for me at first either after I copied and pasted it. But when I went through and opened up a Terminal on my phone to install everything (I always thought I had to use Ubuntu on my computer for it. I don't know why I never even thought of using a Terminal on my phone to do editing on it and all...) and went through the steps on the link (didn't clear my cache), and it all works. Just a heads up for anyone who might be as slow as I was
Both files are required then I guess. Thanks for letting me know.
Sent from my SGH-I927 using xda premium
Nardholio said:
Both files are required then I guess. Thanks for letting me know.
Sent from my SGH-I927 using xda premium
Click to expand...
Click to collapse
confirmed working after both files were pushed. warning to others, do not wipe /dev/block/mmcblk0p9 if you have not verified that boot.img is on /sdcard via terminal emulator or adb shell:
Code:
cd /sdcard
ls
goodluck!
Can anyone help me with this via step by step?
I could use a little help as well
Sent from my SGH-I927 using xda app-developers app
Yea, i could use some help too, after re-writing over the existing file didn't work
OK guys here is the step by step guide :
I'm assuming that you're rooted and are on windows PC :
1. Install root explorer or root browser lite (free) from market. And copy the boot.img and lights.n1.so from keyboard_fix.rar in root of your sdcard(phone).
2. Launch the root explorer and Delete the existing lights.n1.so file from /system/lib/hw (probably you can keep a copy somewhere)
3. Copy the lights.n1.so from your sdcard directory to /system/lib/hw
3. Make sure that the file is presen/copiedt in the directory.
4. Download fastboot.zip file attached to the post and extract it in one of your directory on the pc.
5. Connect your phone through a usb cable and i'm assuming you've the usb drivers for your phone already installed on your pc.
6. Goto command prompt and change to the directory you extracted the zip file into.
7. issue the command "adb shell"
8. You should get a android prompt. Issue the command "su"
9. Issue cd sdcard and then issue "ls". Just to make sure that the boot.img is there.
10. Now issue the following commands:
Code:
dd if=/dev/zero of=/dev/block/mmcblk0p9
dd if=/sdcard/boot.img of=/dev/block/mmcblk0p9
11. Reboot and you should get your lights.
Copying the boot.img worked for me
For those who having trouble, look at the Link, posted in the OP
How I did it:
Copy files to sdcard: Use a network enabled file manager or email or drop box (or, or, or) to get boot.img and lights.n1.so to /sdcard
Setup ADB: Google "xda setup adb"
Boot into CWMR: Reboot phone, holding power down (Link: Get CWMR)
Choose in CWMR:
Mounts > Mount sdcard
Mounts > Mound system
Execute Commands on pc
Open Shell/Cmd
Type: adb shell
Type: ls
you should geht a file listening of your root file system
Type: dd if=/dev/zero of=/dev/block/mmcblk0p9
Type: dd if=/sdcard/boot.img of=/dev/block/mmcblk0p9
Type: cp /sdcard/lights.n1.so /system/lib/hw/lights.n1.so
Choose in CWMR:
Wipe Cache
Advanced > Wipe dalvik cache
Reboot system
That was the steps as I remember, no guarantee don't brick your device if you do: use one-click-ics-leak-tool and start from scratch
ninthsense said:
OK guys here is the step by step guide :
I'm assuming that you're rooted and are on windows PC :
1. Install root explorer or root browser lite (free) from market. And copy the boot.img and lights.n1.so from keyboard_fix.rar in root of your sdcard(phone).
2. Launch the root explorer and Delete the existing lights.n1.so file from /system/lib/hw (probably you can keep a copy somewhere)
3. Copy the lights.n1.so from your sdcard directory to /system/lib/hw
3. Make sure that the file is presen/copiedt in the directory.
4. Download fastboot.zip file attached to the post and extract it in one of your directory on the pc.
5. Connect your phone through a usb cable and i'm assuming you've the usb drivers for your phone already installed on your pc.
6. Goto command prompt and change to the directory you extracted the zip file into.
7. issue the command "adb shell"
8. You should get a android prompt. Issue the command "su"
9. Issue cd sdcard and then issue "ls". Just to make sure that the boot.img is there.
10. Now issue the following commands:
Code:
dd if=/dev/zero of=/dev/block/mmcblk0p9
dd if=/sdcard/boot.img of=/dev/block/mmcblk0p9
11. Reboot and you should get your lights.
Click to expand...
Click to collapse
Worked! thanks abunch man
LuckRocks said:
Worked! thanks abunch man
Click to expand...
Click to collapse
You are welcome. I also did it just before posting the steps and glad that the biggest bug for the leaked ROM is now fixed.
I see that the lights go off very quickly unless you keep pressing something. It's related to "Touch Key Light Duration" under "display" in the settings. But i see only 1.5 seconds which is set currently and 6 seconds. If i change to 6 it's too much.
Does somebody know how to modify this value according to whatever we need ?
Hello ninthsense,
perfect tutorial, keyboard light is working now.
Thanks,
Mister.Knister
Hummm is their gonna b a flashable zip for this ?
Many of you have been asking me how I customize my Defy mini.
Well there you go with a tutorial.
So first things first.
-- Your phone must be rooted
-- Somewhere on your computer you have the Android Debug Bridge (adb) and fastboot
-- I supposed you know what you are doing so if it doesn't work / brick your phone / etc... you and you only are responsible for this.
-- I can help you make it work, but please provide me enough information so can really help you
-- All the files you should need are in the tools.rar archive attached
So, this being said, let's begin.
First things first. To proceed, you will need to extract two files. framework-res.apk and systemUI.apk
Code:
adb pull /system/framework/framework-res.apk framework-res.apk
adb pull /system/app/systemUI.apk systemUI.apk
Then go to http://uot.dakra.lt/ with your favorite browser :laugh:
Go to kitchen, go through your customization.
Do try to change the loockscreen it won't work
If you change the battery icon, the animation when charging will not work
You can select gingerbread option.
Resolution has to be set to mdpi (320x480)
In the File upload section
Select your rom from kitchen's list, and upload your own files : choose Upload system files and upload the systemUI and framework-res extracted earlier
Choose any update binary on the list.
Then go to summary. If everything's green you are good to go, you can submit your work to kitchen.
You'll get a order number. Then just wait in the pickup section to get back your new, awesomely customize files !
Before install this update with CWM recovery, you have to change the updater-binary.
To do so open the UOT zip with 7zip for instance. And change the META-INF\com\google\android\updater-binary with the one in the tools archive
Then your good for installation !
Code:
adb push UOT-XX-XX-XX-XX-X.zip /sdcard/UOT.zip
adb reboot bootloader
fastboot boot recovery.img
Choose install zip form sd card, reboot and enjoy !
Hi.
Code:
adb pull /system/framework-res.apk framework-res.apk
adb pull /app/systemUI.apk systemUI.apk
File not Found.
Do u try that ? i'm not sure :'D
U mean this or ? ->
Code:
adb pull /system/framework/framework-res.apk
adb pull /system/app/SystemUI.apk
Thanks for this TUT
Tubii said:
Hi.
Code:
adb pull /system/framework-res.apk framework-res.apk
adb pull /app/systemUI.apk systemUI.apk
File not Found.
Do u try that ? i'm not sure :'D
U mean this or ? ->
Code:
adb pull /system/framework/framework-res.apk
adb pull /system/app/SystemUI.apk
Thanks for this TUT
Click to expand...
Click to collapse
You are right. I'll correct that, thanks.
Note: Found out there is one small problem with this mode - "adb logcat" is not working. As a workaround run "adb shell su -c logcat"
The Problem:
I am a heavy ADB user (QtADB) and was having problems getting it to mount /system rw and pushing/editing files in real time. Had no problems doing all this by mounting /system in recovery but rebooting the phone just to make some system files changes is kind of inconvenient. So I did some research and found this:
HEXcube said:
The real reason behind adb root or insecure adb is the adb daemon in the device running at root permissions. In pre-Android 4.1 versions, this is usually decided by some initialisation script(like init.rc) at boot time. The script checks for value in default.prop,local.propand other environment variables.
If it finds build.prop,default.prop or local.prop property file with ro.secure=0 adbd is allowed to run as root. You'll get adb root and hence will be able to do commands like adb remount,adb root and adb shell's prompt'll be # by default. The user may be displayed as [email protected] or [email protected] adb GUIs like Android Commander and QtADB will get to work in Root mode.
But,if it's ro.secure=1, adb daemon is made to work in secure mode, and adb won't change to root mode on issuing adb root command. However, if su binary is present in $PATH, u can still call su command from adb shell. But, it's not enough for Android Commander to get Root Access. It is possible to attain adb root through any one of the following methods:
1.For CyanoGenMod based ROMs there is an option in Settings->Developer Settings->Root access to control root access. Choose ADB only or Apps and ADB in options to get adb root.
2.Else use adbd Insecure app by chainfire if you have a rooted device. This is useful, especially for Android 4.1+ devices.
3.Or, you may manually edit default.prop to set it's value to 0, but original default.prop will be restored from boot partition everytime you reboot(this is the reason why adb Insecure cannot permanently do adb root, though there is an option to repeat the rooting procedure everytime the device boots). This method is called temporary adb root. On pre-Android 4.0 ROMs default.prop file was located in / directory. I read that from Android 4.x this file is in ramdisk and so more difficult to edit. But Android 4.0 has local.prop which is easier to modify than default.prop( See method 5)
4.For permanent adb root, you'll have to extract boot.img, change default.prop, repack and then flash it back to device.
5. In Android 4.0 there's local.prop file in /data partition. Setting ro.secure=0 in this file will do adb root permanently. Else you can set another property ro.kernel.qemu=1 in the same file. But, this value makes the system think that it is running in an android emulator. Many exploits and root methods set this property temporarily to gain root. But, it may cause side effects if used permanently. Setting ro.secure=0 is recommended. Do this command in terminal app or adb shell:
echo ro.secure=0 >/data/local.prop
or you can manually copy a local.prop file with ro.secure=0 as it's content to /data.
6.Note that method 3,4 and 5 won't work in Android 4.0 Jelly Bean onwards. According to Dan Rosenburg(drjbliss in XDA),the researcher who discovered adb root emulator exploit and many other exploits, Jelly Bean doesn't parse any property files to set the ownership of adb daemon. The stock adbd will have to be replaced with an insecure one to gain adb root. But still,as adbd is located in /sbin whose contents are reloaded everytime on reboot from boot.img, it won't be permanent.
7. For permanent adb root, you may flash an insecure boot.img(one that contains and insecure adbd)
8. If you're really desperate and can't get adb root to work with any of the above methods use an exploit. Most of the adb based rooting methods utilise some exploit to make the adb daemon run as root. By studying the exploit and implementing it you could gain adb root atleast temporarily.I'm not recommending this method but as a last resort you could try them.
Acknowledgements: Thanks to Dan Rosenberg for explaining the reasons behind adb root, especially the one in Jelly Bean.
Click to expand...
Click to collapse
Original thread: Can't get ADB Root Access in certain ROMs?
So I desided to modify my favorite kernel img and give it a try. I used Imoseyon's leanKernel but it should work with any kernel.
How To:
1. Get Android Image Kitchen and extract it to your PC;
2. Open your_favorite_kernel.zip with 7zip and extract boot.img file to Android Image Kitchen folder;
3. Drag and Drop boot.img over unpackimg.bat. Kernel is unpacked and you will see 2 new folders - ramdisk and split_img;
4. Go to ramdisk folder and open default.prop file with text editor. This probably is not necessary but just in case change ro.secure and ro.adb.secure to 0 (zero):
Code:
ro.secure=0
ro.adb.secure=0
5. Get Chainfire's adbd Insecure v1.30, open it with 7zip, in assets folder you will see 3 .png files. Extract adbd.17.png to ramdisk\sbin folder;
6. Delete original kernel adbd file and rename adbd.17.png to adbd;
7. Go back to Android Image Kitchen folder and run repackimg.bat by just click on it. This will repack the modified kernel to image-new.img file ready for flashing;
8. Rename image-new.img to boot.img and replace the original one in your_favorite_kernel.zip by Drag and Drop in 7zip window;
9. Close 7zip, copy modified your_favorite_kernel.zip to /sdcard and flash it in recovery.
10. Enjoy ADB full root access for /system;
Warnings:
I can't guarantee 100% success with this mod. I did this only with leanKernel and it works great, Haven't tried any other kernels so I am note sure how all this will end up. IT CAN SOFT BRICK YOUR PHONE!!! Keep a copy of the original kernel on your /sdcard!!!
Doing this while trying to find the correct tools for proper repack of the modified kernel sometime I was ending up with the phone not booting to Android, goes straight to download mode. Don't panic... Just remove battery, place it back, hold Volume Up + Home + Power buttons booting to recovery. Flash the original kernel and you are back all good.
The usual stuff:
I AM NOT RESPONSIBLE FOR ANYTHING ... bla-bla-bla...
All the credits goes for the developers created the great tools used for this mod.
If you think it's useful fill free to say THEM and me thanks.
@nijel8
Thanks for sharing this. I will test this out on my device. If successful I would like to share this over in the One SV forums.
I never even considered this idea smh lol.
Edit: confirmed working
Thanks so much for sharing this. I too use adb a lot and need an insecure kernel.
Success. Nexus 5 and I changed Franco kernel to insecure.
Franco kernels used to be insecure but none thus far have been on the N5. Any reason behind this?
Fuzzy13 said:
Thanks so much for sharing this. I too use adb a lot and need an insecure kernel.
Success. Nexus 5 and I changed Franco kernel to insecure.
Franco kernels used to be insecure but none thus far have been on the N5. Any reason behind this?
Click to expand...
Click to collapse
My guess is devs play it safe so average Joe don't mess with /system... ha-ha
btw is "adb logcat" working for you?
Only problem with the adbd from chainfires ADB Insecure is that it breaks adb wireless,any solution ?
nijel8 said:
Note: Found out there is one small problem with this mode - "adb logcat" is not working. As a workaround run "adb shell su -c logcat"
The Problem:
I am a heavy ADB user (QtADB) and was having problems getting it to mount /system rw and pushing/editing files in real time. Had no problems doing all this by mounting /system in recovery but rebooting the phone just to make some system files changes is kind of inconvenient. So I did some research and found this:
Original thread: Can't get ADB Root Access in certain ROMs?
So I desided to modify my favorite kernel img and give it a try. I used Imoseyon's leanKernel but it should work with any kernel.
How To:
1. Get Android Image Kitchen and extract it to your PC;
2. Open your_favorite_kernel.zip with 7zip and extract boot.img file to Android Image Kitchen folder;
3. Drag and Drop boot.img over unpackimg.bat. Kernel is unpacked and you will see 2 new folders - ramdisk and split_img;
4. Go to ramdisk folder and open default.prop file with text editor. This probably is not necessary but just in case change ro.secure and ro.adb.secure to 0 (zero):
Code:
ro.secure=0
ro.adb.secure=0
5. Get Chainfire's adbd Insecure v1.30, open it with 7zip, in assets folder you will see 3 .png files. Extract adbd.17.png to ramdisk\sbin folder;
6. Delete original kernel adbd file and rename adbd.17.png to adbd;
7. Go back to Android Image Kitchen folder and run repackimg.bat by just click on it. This will repack the modified kernel to image-new.img file ready for flashing;
8. Rename image-new.img to boot.img and replace the original one in your_favorite_kernel.zip by Drag and Drop in 7zip window;
9. Close 7zip, copy modified your_favorite_kernel.zip to /sdcard and flash it in recovery.
10. Enjoy ADB full root access for /system;
Warnings:
I can't guarantee 100% success with this mod. I did this only with leanKernel and it works great, Haven't tried any other kernels so I am note sure how all this will end up. IT CAN SOFT BRICK YOUR PHONE!!! Keep a copy of the original kernel on your /sdcard!!!
Doing this while trying to find the correct tools for proper repack of the modified kernel sometime I was ending up with the phone not booting to Android, goes straight to download mode. Don't panic... Just remove battery, place it back, hold Volume Up + Home + Power buttons booting to recovery. Flash the original kernel and you are back all good.
The usual stuff:
I AM NOT RESPONSIBLE FOR ANYTHING ... bla-bla-bla...
All the credits goes for the developers created the great tools used for this mod.
If you think it's useful fill free to say THEM and me thanks.
Click to expand...
Click to collapse
Some time ago I 've tried to do this for a Nexus6, running Marshmallow.
Android has tighten up security, so I got bootloops.
Anyone has managed to do this?
Thank you!
nijel8 said:
Note: Found out there is one small problem with this mode - "adb logcat" is not working. As a workaround run "adb shell su -c logcat"
The Problem:
I am a heavy ADB user (QtADB) and was having problems getting it to mount /system rw and pushing/editing files in real time. Had no problems doing all this by mounting /system in recovery but rebooting the phone just to make some system files changes is kind of inconvenient. So I did some research and found this:
Original thread: Can't get ADB Root Access in certain ROMs?
So I desided to modify my favorite kernel img and give it a try. I used Imoseyon's leanKernel but it should work with any kernel.
How To:
1. Get Android Image Kitchen and extract it to your PC;
2. Open your_favorite_kernel.zip with 7zip and extract boot.img file to Android Image Kitchen folder;
3. Drag and Drop boot.img over unpackimg.bat. Kernel is unpacked and you will see 2 new folders - ramdisk and split_img;
4. Go to ramdisk folder and open default.prop file with text editor. This probably is not necessary but just in case change ro.secure and ro.adb.secure to 0 (zero):
Code:
ro.secure=0
ro.adb.secure=0
5. Get Chainfire's adbd Insecure v1.30, open it with 7zip, in assets folder you will see 3 .png files. Extract adbd.17.png to ramdisk\sbin folder;
6. Delete original kernel adbd file and rename adbd.17.png to adbd;
7. Go back to Android Image Kitchen folder and run repackimg.bat by just click on it. This will repack the modified kernel to image-new.img file ready for flashing;
8. Rename image-new.img to boot.img and replace the original one in your_favorite_kernel.zip by Drag and Drop in 7zip window;
9. Close 7zip, copy modified your_favorite_kernel.zip to /sdcard and flash it in recovery.
10. Enjoy ADB full root access for /system;
Warnings:
I can't guarantee 100% success with this mod. I did this only with leanKernel and it works great, Haven't tried any other kernels so I am note sure how all this will end up. IT CAN SOFT BRICK YOUR PHONE!!! Keep a copy of the original kernel on your /sdcard!!!
Doing this while trying to find the correct tools for proper repack of the modified kernel sometime I was ending up with the phone not booting to Android, goes straight to download mode. Don't panic... Just remove battery, place it back, hold Volume Up + Home + Power buttons booting to recovery. Flash the original kernel and you are back all good.
The usual stuff:
I AM NOT RESPONSIBLE FOR ANYTHING ... bla-bla-bla...
All the credits goes for the developers created the great tools used for this mod.
If you think it's useful fill free to say THEM and me thanks.
Click to expand...
Click to collapse
Can this work with Note 3 N900 (exynos kernel) sir? Or just only for snapdragon chipsrt kernel? Thanks sir!
does this work on locked bootloader devices?
a custom kernel exists for my devices (G928A) with AdB Insecure , but its got a few qwirks that need worked out ( that require fully rooting the device )
all im looking for is insecure Adb, ( which I have tried to change ro.secure=0 and adb.secure=0 both with Echo commands in shell) for temporary adb root on the device
how did ManIT make his custom kernel undetectable/passable by the bootloader but with modifications?
if this will work ... then I will just edit an image pulled from the devices current boot.img and do the same adb insecure edit to the ramdisk.. to update the root flash kernel... shes a bit dated.... and there isn't one for marshmallow specific one yet.
I was also reading about a filler file due to block sizing when repacking the image ... so I created a copy file and edited the contents till it zipped back to within 1kb of data... will this be detected and flagged at boot?
help please
Great tutorial.
I did it by following the steps in your post.
Thank you for clear and precise explanation.
Anybody have a pre-patched / adb root enabled adbd at hand (10.0.36 or higher - current is 10.0.41 I think)?