limited root account - Upgrading, Modifying and Unlocking

I managed to get root shell via adb using dirty cow exploit on my unrooted xperia m4 phone running android 6.01, but it can not execute any command I type in (pm disable appName etc), it just shows #root... and does nothing.
Do you know how can I use this root shell to freeze or delete system apps, and also do you know what is the purpose of having this limited root shell on android?

Related

how to get root shell after inputting "adb shell"?

Hello everyone!!!
I want to know if there is a way to get a root shell after obtaining shell prompt using "adb shell".
I tried pushing some files, moving directories into "/data" and type "ls" but linux always gave me a "Permissioin denied" error.
What I want to do is to run a console program which is compiled by ARM compiler in a console mode. So I need to get an access to run a program in console mode of HTC Desire HD.
If you let me know, I will very very appreciate your help.
Thanks in advance.
Type command:
su
Click to expand...
Click to collapse
It will give you root shell if you have a rooted phone.
Um.. I already installed VISIONary. So I guess the phone I got is a rooted one.
Actually I'm a kind of outsiders about smart-phones~~!
So do I need to install some apps to make a rooted phone?
Just installing VISIONary doesn't seem enough.. right?
Visionary temproot or permroot is enough, just type "su" in adb shell.
Despite that I installed VISIONary, run permroot and reboot my phone, su doesn't give root shell.
I don't know why
do you know what root shell is? when you type su if a # appears on the next line ur logged into root
AndroHero said:
do you know what root shell is? when you type su if a # appears on the next line ur logged into root
Click to expand...
Click to collapse
Sure.
I got root shell afterwards.
Thank you~~~!

[Q] Can't access /data in android (rooted)

Hi, I've tried SuperSU and SuperUser.
apps and adb shell can't access the /data partition.
it says that I don't have enough permissions ...
with adb shell I can cd to it, but even an "ls" says operation not permitted
I can access it just fine in CWM using adb shell
all other root directory works fine....
Does anybody know what's going on ? did i miss something ? I'm no expert when it comes to this
thanks for your help
kout said:
Hi, I've tried SuperSU and SuperUser.
apps and adb shell can't access the /data partition.
it says that I don't have enough permissions ...
with adb shell I can cd to it, but even an "ls" says operation not permitted
I can access it just fine in CWM using adb shell
all other root directory works fine....
Does anybody know what's going on ? did i miss something ? I'm no expert when it comes to this
thanks for your help
Click to expand...
Click to collapse
After typing adb shell and entering you have to type su and press enter again, then you`ll have the permissions you need
But how come root browser can't access that directory?
And why can I go to /system without having to type su first
kout said:
But how come root browser can't access that directory?
And why can I go to /system without having to type su first
Click to expand...
Click to collapse
How do you mean: root browser/ file manager on the phone to access system date? You have to be rooted to access system data on the phone. What exactly do you want to do?
Weird stuff, it's working with solid explorer, I had tried with rom toolbox browser and some other root browser from the play store and it wouldn't work
Thanks for the "su" tip I forgot you had to be su to access that folder :-S
kout said:
Weird stuff, it's working with solid explorer, I had tried with rom toolbox browser and some other root browser from the play store and it wouldn't work
Thanks for the "su" tip I forgot you had to be su to access that folder :-S
Click to expand...
Click to collapse
Is you`re phone rooted mate? The su command is for adb from your computer!
Of course it's rooted, I do have a bit of experience with that. It's just weird that certain root browser can't access the data partition despite having granted su permission to the app. Anyway its working great with solid explorer now, and with adb I've got the su command
I actually have the voice stuck on the same street in navigation, (known bug) so I had to delete some cached speech data in the data partition
I did it through cwm but I was wondering why it wasn't letting me do it once booted. Anyway thanks

[NOW WORKS] Obtaining root with master key vulnerability

One click root with impactor now works. Works on <4.3. No need for unlocked bootloader. Does not wipe data.
http://www.saurik.com/id/17
Copy over the superuser.apk and the such binary onto your phone, then use the MV command to move it to /system/app and /system/xbin respectively.
Beamed from my Grouper
Mach3.2 said:
Copy over the superuser.apk and the such binary onto your phone, then use the MV command to move it to /system/app and /system/xbin respectively.
Beamed from my Grouper
Click to expand...
Click to collapse
What should the permissions on each be?
EDIT: Can you alternatively only push the su binary and download superuser from gplay?
krackers said:
What should the permissions on each be?
EDIT: Can you alternatively only push the su binary and download superuser from gplay?
Click to expand...
Click to collapse
If the binary is wrong, the one from play store may not work.
Permission should be rw-r-r(0644) for the su.apk and rwsr-sr-x(0645) for the su binary.
Beamed from my Maguro.
I tried it myself and while it appears that commands do run, they don't appear to work. I think it might have to do with running as system vs running as root. Why else would saurik use an indirect method of gaining root (using ro.kernel.quemu) as opposed to directly pushing the su binaries.
krackers said:
I tried it myself and while it appears that commands do run, they don't appear to work. I think it might have to do with running as system vs running as root. Why else would saurik use an indirect method of gaining root (using ro.kernel.quemu) as opposed to directly pushing the su binaries.
Click to expand...
Click to collapse
This is correct: sometime in the Android 4.1 release cycle, they removed the ability to use /data/local.prop as an attack vector to go from system->root. The signature bug lets you modify the code of any APK, but the most powerful user an app can ever run as is system, not root.
However, in an update to Impactor today, I've added a system->root escalation. This allows one-click rooting, and even though the system->root I'm using has already been patched in AOSP (the idea was not to waste something to go along with a shell->system that is already long burned) it works on my 4.2.2 Nexus 4 (and so I'd imagine will also work fine on a Galaxy Nexus) as Android sucks at getting patches to real devices ;P.
Using Impactor on my Panasonic Eluga dl01 does somehow not work.
(Android 4.0.4)
I get following error message:
/data/local/tmp/impactor-6[3]: /data/local/tmp/impactor-4: Operation not permitted
I also tried and played around with the command line in Impactor.
"adb devices" won't list my phone
But when I use the adb from the current Android SDK I just installed, it will display my phone with "adb devices".
I also downloaded a ICS 4.04 root zip file with a script and adb files inside. When using that adb version, my phone won't be displayed too. Now when I run adb from the android SDK, it will say something like "server is outdated" then something like "kill and restart with new server" --> "adb devices" lists my phone correctly again.
May be the adb version used in Impactor is outdated and responsible for the error message?
I would really appreciate any help with this topic, because the Panasonic Eluga phone was never rooted until now and no known root method is available. I always kinda hoped that someone would use the masterkey thing to make a universal rooting tool
saurik said:
This is correct: sometime in the Android 4.1 release cycle, they removed the ability to use /data/local.prop as an attack vector to go from system->root. The signature bug lets you modify the code of any APK, but the most powerful user an app can ever run as is system, not root.
However, in an update to Impactor today, I've added a system->root escalation. This allows one-click rooting, and even though the system->root I'm using has already been patched in AOSP (the idea was not to waste something to go along with a shell->system that is already long burned) it works on my 4.2.2 Nexus 4 (and so I'd imagine will also work fine on a Galaxy Nexus) as Android sucks at getting patches to real devices ;P.
Click to expand...
Click to collapse
Do you need to have an unlocked bootloader for the root exploit to work? I am hoping to get root without having to wipe the device by unlocking.
To the poster above me: Try using a different computer and if that doesn't work, switch operating systems.
krackers said:
Do you need to have an unlocked bootloader for the root exploit to work? I am hoping to get root without having to wipe the device by unlocking.
Click to expand...
Click to collapse
That's the whole point in securing Android, not that people have easier ways instead of unlocking a device.
Tested and works great. I now have root. Yay!
Does it show any of the problems that chainfire's superSU 1.41 shows?
Sent from my Galaxy Nexus using xda app-developers app
The root exploit only places the su binary and sets the right permissions. You can use any root manager you want (I used clockworkmod's superuser app).
mercuriussan said:
Using Impactor on my Panasonic Eluga dl01 does somehow not work.
(Android 4.0.4)
Click to expand...
Click to collapse
The feature of installing su will not work on every device: a lot of emphasis is put on "rooting" Android devices, but on many devices even root can't do things like modify the files in /system; I'd use the term "jailbreak" as to being what people really want to do with their device, but Android people seem to have that term ;P. What this means is that you really need a kernel exploit, not just a shell->system->root escalation.
mercuriussan said:
I get following error message:
/data/local/tmp/impactor-6[3]: /data/local/tmp/impactor-4: Operation not permitted
Click to expand...
Click to collapse
This error message actually indicates that Impactor succeeded in obtaining root control over your phone. However, when it tried to then, as root, remount /system writable so it could copy the su binary in place, it wasn't allowed to do so. A future version of Impactor will make it easier to drop to a root shell so you can test things out manually, but this means that while you can run code as root, you won't be able to install su.
However, if you have the time to play with it, get a copy of busybox and use adb to push it to /data/local/tmp (this is also something Impactor should help you do, but does not yet). (You will also need to make it executable, don't forget: "chmod 755 /data/local/tmp/busybox".) Then run the suggested Impactor command involving telnetd. Finally, via a shell, run "/data/local/tmp/busybox telnet 127.0.0.1 8899": you are now root.
You can verify that you are root because you will now have a # as a prompt instead of a $. Then run "mount -o remount,rw '' /system" (<- note, that's two single quotation marks as an argument between remount,rw and /system). This is the command that should fail with the "Operation not permitted" message. You are, however, root, so maybe there's something you want to do on the device at that point ;P.
mercuriussan said:
I also tried and played around with the command line in Impactor.
"adb devices" won't list my phone
But when I use the adb from the current Android SDK I just installed, it will display my phone with "adb devices".
Click to expand...
Click to collapse
The "Open Shell" in Impactor connects you to the device via adb: if you run adb on the device and ask for a list of devices attached to the device--something I didn't even realize was possible until you pointed it out here ;P I tested it, though, and wow: that actually is possible--you will get a blank list. However, suffice it to say that if you were able to type that at all, it can see your device.
Thanks for the suggestion, I'll try my luck in finding some exploit I can use...
So since Google patched this in 4.3, does this mean almost all devices before 4.2.2 can be rooted with this method?
bmg1001 said:
So since Google patched this in 4.3, does this mean almost all devices before 4.2.2 can be rooted with this method?
Click to expand...
Click to collapse
Yup - assuming they haven't been patched against the methods used (most haven't been).
Very interesting read. Thanks saurik & OP.
Eluga DL1
Hi there,
this post is in some ways a duplicate but different people seem to follow this thread because it is directly involving sauriks impactor.
Is there anything available that i can throw at Elugas 4.0.4 kernel to get r/w on the system partition?
I will try everything that is suggested to me.

[Q] Get FULL ADB Root access, how to?

Hi all.
Tab 3 8 T311.
I need to get adb root to use such firmware like QtADB or Android Commander and others.
And I want to keep stock kernel in my device (do not want to flash other customized boots).
So I`ve flashed TWRP, got system root with SuperSu, installed BusyBox.
In my stock boot.img I`ve edit default.prop to set:
ro.secure=0
ro.adb.secure=0
ro.debuggable=1
replaced adbd to (a few different, one - from ADBInsecure.apk) patched (one of them works fine on my other phone)
and still have no success...
I`ve system root and can use such programs like RootExplorer and so on... when I type in cmd line "adb root" - it tells me - already run as root
but when I type "adb shell" I get $ instead of #.
if I type "su" after $ - I got #
- it means - there`s no adb root. and my QtADB CWM edition - can`t work properly - it has no acces to system or data folders.
so I need some push to right way - because it`s so lazzy to clean system folder from garbage with rootexplorer... you understand me...

I9195 Rooted device, but unable to get root access using adb shell su

Hi All,
I did root my device following this procedure by arco68: http://forum.xda-developers.com/showthread.php?t=2364980
Worked perfectly and naming few applications they are ok, like Terminal Emulator, BusyBox, ES File exploree, etc, and ran different root verifiers program which confirmed root status.
But when using adb shell su, I'm unable to get root access as you can see here
Code:
C:\Users\marco\Downloads\Android\adt-bundle-windows-x86_64-20140702\sdk\platform
-tools>adb devices
List of devices attached
08985214 device
C:\Users\marco\Downloads\Android\adt-bundle-windows-x86_64-20140702\sdk\platform
-tools>adb shell
[email protected]:/ $ su
su
1|[email protected]:/ $
1|[email protected]:/ $
1|[email protected]:/ $ id
id
uid=2000(shell) gid=2000(shell) groups=1003(graphics),1004(input),1007(log),1009
(mount),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt)
,3003(inet),3006(net_bw_stats) context=u:r:shell:s0
[email protected]:/ $
It does generate a new prompt adding "1|", and as soon as you execute a comand it returns to the original prompt, but never you have root access
I've been researching across, but unable to find something similar.
All the procedures for permission denied that I have found point to rooting the device which is why I already did.
I have redone the procedure in case something was wrong, but no changes.
Hope somebody knows what is happening
Thanks in advance
Hi,
I had this problem on terminal emulator (same when typing su) on the s4 mini rooted the same way yours is.
It occurred after I installed some apps including some google updates I installed manually - I don't know which of them caused that. But after I had this problem I realised that all apps don't have the root access anymore - SuperSU, RootChecker... And SuperSU didn't gave apps like TerminalEmulator and RootExplorer anymore root access.
This problem has been solved itself after I restarted my phone (because of another reason). And I had my rooted phone again.
So after your problem occurred - did you try another app that needs root access again? Does it have still root access? If no, try restarting too (if you haven't done that already) - maybe it helps you too...

Categories

Resources