Related
I found this website: http://www.androidkit.com/steps-to-install-and-uninstall-apk-file-on-android-g1-device
Section 3: Uninstalling the .apk file from the G1 device before installing the same .apk again.
1. In the G1 Phone, Go to Applications Menu ->Settings->Manage Applications.
2. Select the application which you want to Uninistall, and click on the ‘Uninstall’ button.
3. Follow steps 6 and 7 of Section 1.
Section 4: Uninstalling the .apk file (from the Device or Emulator) using adb shell.
There is an adb uninstall command which always shows Failure!!!
Using adb shell :
Important: The device has to be unplugged from USB if you are trying to uninstall from the emulator, else emulator should not be open and device needs to be plugged in the USB of the PC if you are trying to uninstall from the G1 Device. If either of them are not connected the adb shell command will not work
Go to the shell and making sure adb is in PATH:
Go to shell (from cmd->adb shell or directly through a terminal)
#
#cd data
#cd app
#cd ls
You will get a list of installed application with the complete package name of the package containing the main activity. e.g com.company.product.apk
#rm com.company.product.apk
#cd ls
You will not find the application – you just removed it!.
Click to expand...
Click to collapse
So, when I type:
Cd Data
Cd App
Cd ls
in my command prompt I get:
cd: can't cd to ls
$
as a prompt feedback.
----
I found an .APK to enable my headphone adapter working ( see this thread: http://forum.xda-developers.com/showthread.php?t=575534 ) via this board ( see this thread: http://forum.xda-developers.com/showthread.php?t=511704 ), and if it doesn't work, I'm taking precautions on how to uninstall it.
Anyone know why it's doing this?
Thanks people.
Minifig said:
I found this website: http://www.androidkit.com/steps-to-install-and-uninstall-apk-file-on-android-g1-device
So, when I type:
Cd Data
Cd App
Cd ls
in my command prompt I get:
cd: can't cd to ls
$
as a prompt feedback.
----
I found an .APK to enable my headphone adapter working ( see this thread: http://forum.xda-developers.com/showthread.php?t=575534 ) via this board ( see this thread: http://forum.xda-developers.com/showthread.php?t=511704 ), and if it doesn't work, I'm taking precautions on how to uninstall it.
Anyone know why it's doing this?
Thanks people.
Click to expand...
Click to collapse
the command should be "ls" not "cd ls"
also, if you know the package name you could use adb: adb uninstall <package_name>
and if you're just trying to install an app that you already have (such as updating the app) you could use adb and not have to uninstall first with: adb install -r app_name.apk
OK.
I'm just going to make sure before I even install this thing:
http://code.google.com/p/toggleheadset/downloads/detail?name=ToggleHeadset.apk&can=2&q=
This is just a widget, so it won't replace anything in my phone..
If I can't find it on the shell command, I'll be able to uninstall it via the phone like the Date widget I have as well?
Right?
I hid some apps (adb shell pm hide package) back when I got this tablet for my mom and lost the list of everything I hid. She tried to shop the kindle store for books and is getting the error, "The requested action is not permitted. Check parental controls settings and retry."
I don't know if one of the hidden apps is what's causing the issue but can anyone help on this issue?
InunoTaishou said:
I hid some apps (adb shell pm hide package) back when I got this tablet for my mom and lost the list of everything I hid. She tried to shop the kindle store for books and is getting the error, "The requested action is not permitted. Check parental controls settings and retry."
I don't know if one of the hidden apps is what's causing the issue but can anyone help on this issue?
Click to expand...
Click to collapse
Yes, the issue an app is hidden
see Adb Shell Pm Hide as much bloat and amazon as you can by k3ll0gs
You can start un-hiding apps, rebooting maybe necessary for some of them
Just do not unhide com.amazon.otaverifier and com.amazon.device.software.ota
Code:
adb shell pm unhide com.amazon.webapp
adb shell pm unhide com.amazon.kindle.otter
adb shell pm unhide com.amazon.kindle.otter.oobe
adb shell pm unhide com.amazon.kindle
adb shell pm unhide com.audible.application.kindle
adb shell pm unhide com.amazon.tahoe
adb shell pm unhide com.amazon.client.metrics
adb shell pm unhide com.amazon.device.backup
adb shell pm unhide com.amazon.platform
adb shell pm unhide com.amazon.photos
adb shell pm unhide com.nuance.edr.androidservice.service
adb shell pm unhide com.amazon.whisperlink.core.android
adb shell pm unhide com.goodreads.kindle
adb shell pm unhide com.amazon.csapp
adb shell pm unhide com.amazon.venezia
adb shell pm unhide com.amazon.h2settingsfortablet
adb shell pm unhide com.amazon.weather
adb shell pm unhide com.amazon.kindle.personal_video
adb shell pm unhide com.amazon.avod
adb shell pm unhide com.amazon.windowshop
adb shell pm unhide com.amazon.cloud9
adb shell pm unhide com.amazon.ags.app
adb shell pm unhide com.amazon.mp3
adb shell pm unhide com.amazon.photos.importer
adb shell pm unhide com.amazon.zico
adb shell pm unhide com.amazon.calculator
adb shell pm unhide com.android.calendar
adb shell pm unhide com.android.email
adb shell pm unhide com.android.contacts
adb shell pm unhide com.amazon.camera
adb shell pm unhide com.amazon.kindle.kso
adb shell pm unhide com.amazon.kor.provider.permission.READ_PROVIDER
I'm not sure which apps are required for what services, for sure.
You may find gatesjunior's Debloader tool, here on xda, helpful for seeing which of the apps in sd_shadow's list are hidden/disabled--and re-enabling them.
DoLooper said:
You may find gatesjunior's Debloader tool, here on xda, helpful for seeing which of the apps in sd_shadow's list are hidden/disabled--and re-enabling them.
Click to expand...
Click to collapse
This? V3.90 Debloater(Lets remove all that carrier bloat !! Root not required..) by gatesjunior
sd_shadow said:
This? V3.90 Debloater(Lets remove all that carrier bloat !! Root not required..) by gatesjunior
Click to expand...
Click to collapse
Thanks for link. You know this, yes?
DoLooper said:
Thanks for link. You know this, yes?
Click to expand...
Click to collapse
seen it mentioned before, but have not used it my self.
sd_shadow said:
seen it mentioned before, but have not used it my self.
Click to expand...
Click to collapse
Oh, hope you'll give it a try! I usually give pm commands from console, but Debloader is great for testing and easily seeing what's hidden/disabled.
Fantastic! Thanks for the replies, I'll check out the Debloater and see if I can find the culprit
run adb shell pm hide com.fw.upgrade
Overview
This rooting method is based on a vulnerability in the ARM Mali GPU driver (CVE-2022-38181) discovered by security researcher Man Yue Mo at GitHub Security Lab, to gain root access to the 3rd gen Cube that is on firmware PS7613/3701 or older. Newer method for PS7646 here.
The exploit program (gazelle_shrinker) is run directly on the Cube to spawn a temporary root shell for quick access. It can also be run automatically on every boot in combination with @diplomatic's bootless Magisk script to grant apps root access.
For best results, run gazelle_shrinker 30-90sec after boot up, when loading is complete and the device is idle.
Two options for root depending on your needs & comfort level
1) Temporary ADB root - Open an ADB root shell for quick access (PS7613/3701 or older)
Pros:
Access all files and folders from ADB
Simple to use, runs in RAM and doesn't make any changes to the Cube, no chance of bricking.
Remove app package protection so that you can enable/disable any app even without root (eg custom launchers, disabling updates, debloat, etc).
Cons:
Only enables ADB root
gazelle_shrinker occasionally crashes/reboots the Cube when being run. Run it 30-90sec after bootup for greater reliability.
NOTE: gazelle_shrinker won't brick your device, but what you do with that root access can. DM-verity is still in place checking the integrity of the system/vendor partitions, do NOT modify anything in those directories, or the boot partition!!
2) Bootless Magisk - Automatically start a lite version of Magisk that runs entirely from the data partition, (PS7613/3701 or older).
Pros:
Both ADB root and ability to grant root to apps through Magisk Manager
Once the Magisk dameon has started, root can be granted stably whenever needed
Doesn't modify boot or system/vendor partitions, DM-verity is preserved
Cons:
This is experimental, use at your own risk! It's been working stabably during my testing but it's impossible to foresee every issue.
Still relies on gazelle_shrinker to start, and may occasionally crash when gazelle_shrinker runs at boot
Most Magisk modules don't work.
NOTE: Be careful of what apps you give root access to. Giving root access to an app that modifies the boot, system or vendor partitions will brick your device. Again, DM-verity is still actively checking that no changes have been made to system/vendor directories.
Contributors:
Man Yue Mo, @Functioner, @Pro-me3us
@ Thanks to @diplomatic for bootless Magisk script, and @SweenWolf for Launcher Manager
@ Thanks to @Renate for many great tools
@ Thanks to all the folks who have worked on TWRP & Magisk
Temporary ADB root (PS7613/3701 or older)
Disclaimer: Use this at your own risk, I'm not responsible for any data loss or corruption to your device. There is a nonzero chance of bricking the Cube, and little to no recovery options.
Instructions
Enable ADB debugging in FireOS settings
Download, unzip and copy gazelle_shrinker to your Cube
Code:
adb push gazelle_shrinker /data/local/tmp/
Give gazelle_shrinker executable permissions
Code:
adb shell
chmod +x /data/local/tmp/gazelle_shrinker
Open an adb shell and run the program
For best results, run gazelle_shrinker 30-90sec after boot up, when loading is complete and the device is idle.
Code:
adb shell
/data/local/tmp/gazelle_shrinker
setenforce 0
How to disable package protection
Use gazelle_shrinker to open a root shell, setenforce 0 and delete all the apps listed in the file /data/system/PackageManagerDenyList
Code:
/data/local/tmp/gazelle
setenforce 0
Code:
echo '<?xml version="1.0" encoding="utf-8" standalone="yes" ?><map><set name="DenyListKeyPackages"></set></map>' > /data/system/PackageManagerDenyList
Clear Arcus Proxy, disable Arcus Proxy
Code:
pm clear com.fireos.arcus.proxy
pm disable-user com.fireos.arcus.proxy
Optional but strongly recommended, disable updates
Code:
pm disable-user com.amazon.device.software.ota
pm clear com.amazon.device.software.ota
pm disable-user com.amazon.device.software.ota.override
pm disable-user com.amazon.tv.forcedotaupdater.v2
A reboot is required before the protection removal changes take effect.
Verify that any apps you disable actually are disabled. Then reboot, and verify again!
Code:
pm list packages -d
Bootless Magisk (PS7613/3701 or older)
These instructions use an adapted version of @diplomatic's bootless Magisk script & @SweenWolf's Launcher Manager to autoboot, it's recommended you read the original Bootless Magisk post to better understand how it works, and it's limitations.
Disclaimer: Use this at your own risk, I'm not responsible for any data loss or corruption to your device. There is a nonzero chance of bricking the Cube, and little to no recovery options.
Instructions
Enable ADB debugging in FireOS settings
Download gazelle_bootless_magisk, unzip it, and copy it to your Cube keeping the same directory structure
Code:
adb shell mkdir /data/local/tmp/bin
adb push gazelle_bootless_magisk/* /data/local/tmp/
adb shell pm install -r /data/local/tmp/magisk_manager.apk
Give scripts & binaries executable permissions
Code:
adb shell
chmod +x /data/local/tmp/magisk-boot.sh
chmod +x /data/local/tmp/start.sh
chmod +x /data/local/tmp/bin/magiskinit
chmod +x /data/local/tmp/bin/gazelle_shrinker
Install Launcher Manager on your Cube, open, navigate to 'other settings', 'ADB Commands'
Tap on the + icon in the top right corner to create a new command
Enter Name: Start Magisk
Enter Command: sleep 30 && /data/local/tmp/start.sh
Check 'Execute on Boot'
Save
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
When you reboot your Cube, bootless Magisk will automatically start ~30sec after your homescreen loads. It's important that FireOS has loaded and that the device isn't busy, so don't open any apps until after Magisk has loaded. There's a greater chance that gazelle_shrinker will fail or reboot the Cube while launching Magisk if the device is busy.
TO AVOID BRICKING YOUR DEVICE:
Be careful of what apps you give root access to. Giving root access to an app that modifies the boot, system or vendor partitions will brick your device. DM-verity is still actively checking that system/vendor directories haven't been tampered with.
Don't run the boot-magisk.sh script (from either ADB or Launcher Manager) more than once per boot. Doing so will mess up the mounting and module initiation.
Never toggle ADB debugging off/on in the Developer's menu while Magisk is running. This will kill the Magisk daemon running in the background, and could corrupt your device if it's in the middle of an important process.
Only use WiFi ADB, not USB ADB. Booting the Cube with an USB attached computer puts USB in device mode, and ADB will close and kill Magisk when the Cube sleeps in device mode.
This release includes Magisk v21.4 (magiskinit) and Magisk Manager v8.0.7. Don't update Magisk! Patching your boot image will brick your device!
Manually update new 3rd gen Cube firmware PS7299/3052 --> PS7613/3701
New 3rd gen Cubes are (as of June 7th, 2023) shipped with firmware PS7299/3052. To update the device firmware to the latest version (PS7613/3701) that gazelle_shrinker still works on, follow these steps:
Download PS7613/3701 firmware to your Cube's 'Download' folder (Downloader code: 271370)
Run the following commands:
gazelle:/ $ /data/local/tmp/gazelle_shrinker
gazelle:/ # setenforce 0
gazelle:/ # mv /sdcard/Download/update-kindle-gazelle-PS7613_user_3701_0025401652612.bin /data/ota_package/update-kindle-gazelle-PS7613_user_3701_0025401652612.bin
gazelle:/ # echo 'recovery\n--update_package=/data/ota_package/update-kindle-gazelle-PS7613_user_3701_0025401652612.bin' > /cache/recovery/command
gazelle:/ # reboot recovery
Done. The Cube will reboot to recovery and update. This method requires root access, and can only be used to upgrade firmware, NOT downgrade firmware.
reserved
This is really interesting and exciting. I wonder if this vulnerability affects any other Fire HD devices as well (obviously those using Mali GPUs). If you don't mind me asking, what are your plans regarding the PoC's source code? (nevermind, I think I found the original POC here). Could you give some hints regarding to what needs to be changed in order to port the exploit to other devices? I'd love to test it and learn more about this CVE.
Rortiz2 said:
I wonder if this vulnerability affects any other Fire HD devices
Click to expand...
Click to collapse
I made a post on the FireHD section about this yesterday, I can add details there. I want to keep this thread focused on the 3rd gen Cube and issues with the rooting binary
Amazing work @Pro-me3us! I'm soon going to buy one if I have the time and try it out before it's patched. I wonder how @k4y0z unlocked the sheldon/p devices with the decryption to see what we can do to decrypt the 3rd gen Cube as well since it sounds so similar to this thread with the firmware version to unlock the sheldon/p and root the device. And for what it's worth it's better to stay locked on 7.6.1.3 and below like you said.
Skel40 said:
since it sounds so similar to this thread with the firmware version to unlock the sheldon/p and root the device. And for what it's worth it's better to stay locked on 7.6.1.3 and below like you said.
Click to expand...
Click to collapse
I admit I haven't followed the MTK exploits closely. Any bootloader unlocking these days is going to require 2 (or more) exploits. One exploit for the bootloader itself, and a second exploit to put that first exploit in place. Gazelle is missing a bootloader exploit. Amlogic and MTK devices use very different bootloaders, and aren't likely to have any overlapping vulnerabilities. I hope that gazelle_shrinker can give someone else a foot in the door to find something, but bootloader vulnerabilities are rare.
Sorry, I know this is an absolutely idiotic question but how to I do this
Use gazelle_shrinker to open a root shell, setenforce 0 and delete all the apps listed in the file /data/system/PackageManagerDenyList
I'm using the concole in adblink2. I know nothing about this stuff so was basically just following the guide, but no idea what that means. Again, I realise it’s probably stupid, but if I don't ask I don't learn.
Jerri1240 said:
Use gazelle_shrinker to open a root shell, setenforce 0 and delete all the apps listed in the file /data/system/PackageManagerDenyList
Click to expand...
Click to collapse
No problem, in the guide above I'm summarizing the instructions, an then providing the commands to copy and paste below each summary.
I'm assuming that you have already copied gazelle_shrinker to /data/local/tmp/ on your Cube
Instead of using ADBLink's console button, use the ADB shell button, to open a terminal window on your Cube where you can enter the commands in the instructions (you will see this gazelle:/ $ prompt). Hopefully this gives you an idea of the flow of the instructions:
You want to paste in each of these commands one by one
gazelle:/ $ chmod +x /data/local/tmp/gazelle_shrinker
gazelle:/ $ /data/local/tmp/gazelle_shrinker
gazelle:/ # setenforce 0
gazelle:/ # echo '<?xml version="1.0" encoding="utf-8" standalone="yes" ?><map><set name="DenyListKeyPackages"></set></map>' > /data/system/PackageManagerDenyList
gazelle:/ # pm clear com.fireos.arcus.proxy
gazelle:/ # pm disable-user com.fireos.arcus.proxy
You are going to want to disable updates, since Amazon is definitely going to patch this type of access to the Cube
Got one yesterday and tried the temp shrinker root and all works good for now. I just want to give a heads up to anybody trying this guide to go ahead and update to 7.6.1.3. Disable HDR is available instead of Adaptive and the Always HDR mode. I'm now stuck on the Magisk temp root guide above.
Pro-me3us said:
No problem, in the guide above I'm summarizing the instructions, an then providing the commands to copy and paste below each summary.
I'm assuming that you have already copied gazelle_shrinker to /data/local/tmp/ on your Cube
Instead of using ADBLink's console button, use the ADB shell button, to open a terminal window on your Cube where you can enter the commands in the instructions (you will see this gazelle:/ $ prompt). Hopefully this gives you an idea of the flow of the instructions:
You want to paste in each of these commands one by one
gazelle:/ $ chmod +x /data/local/tmp/gazelle_shrinker
gazelle:/ $ /data/local/tmp/gazelle_shrinker
gazelle:/ # setenforce 0
gazelle:/ # echo '<?xml version="1.0" encoding="utf-8" standalone="yes" ?><map><set name="DenyListKeyPackages"></set></map>' > /data/system/PackageManagerDenyList
gazelle:/ # pm clear com.fireos.arcus.proxy
gazelle:/ # pm disable-user com.fireos.arcus.proxy
You are going to want to disable updates, since Amazon is definitely going to patch this type of access to the Cube
Click to expand...
Click to collapse
Thank you, really do appreciate it.
I basically don't want to look at Amazon's launcher so had been using sweenwolfs manager, but if I can disable updates that's even better. I've been using wolf launcher on my gen2 cube and just got the gen3 this week so really happy to have been able to do this. Thanks again for the idiots guide.
Second idiot question, is there a lost of things I should install, and if updates are stuck on 'checking now...' I assume turning off updates has worked? And lastly, do I want to install bootless magisk too?
Jerri1240 said:
Second idiot question, is there a lost of things I should install, and lastly, if updates are stuck on 'checking now...' I assume turning off updates has worked?
Click to expand...
Click to collapse
Other than the temp gazelle exploit shell you inputted the only thing left is Magisk temp root which you'd have to be careful in case you want to have root apps. Since the updates are stuck on 'Checking now' yes it means it has worked and typing in adb shell pm list packages -d should show com.amazon.device.software.ota and other packages disabled meaning it has worked. To be safe to verify reboot and run the command again to quickly check that the system didn't encrypt the package manager.
Skel40 said:
Other than the temp gazelle exploit shell you inputted the only thing left is Magisk temp root which you'd have to be careful in case you want to have root apps. Since the updates are stuck on 'Checking now' yes it means it has worked and typing in adb shell pm list packages -d should show com.amazon.device.software.ota and other packages disabled meaning it has worked
Click to expand...
Click to collapse
Thank you. No, I just want to be able to use a launcher I like and not have an Amazon update disable it. So I can just leave as is.
Jerri1240 said:
Thank you. No, I just want to be able to use a launcher I like and not have an Amazon update disable it. So I can just leave as is.
Click to expand...
Click to collapse
No problem and yeah honestly due to its limitations I'd rather not take any risks given the price of the device but we're definitely getting somewhere for sure with having control at least.
Jerri1240 said:
is there a lost of things I should install, and if updates are stuck on 'checking now...' I assume turning off updates has worked? And lastly, do I want to install bootless magisk too?
Click to expand...
Click to collapse
When you disable the OTA apps, you should get a near instant 'Update Error' when checking updates
gazelle:/ $ pm disable-user com.amazon.device.software.ota
gazelle:/ $ pm disable-user com.amazon.device.software.ota.override
gazelle:/ $ pm disable-user com.amazon.tv.forcedotaupdater.v2
Now that you have removed the package protections, you can use Launcher Manager to disable the OTA packages above
Launcher Manager / Other settings / Amazon OS Updates / Block updates
This will have Launcher Manager run the pm disable-user commands for you.
Do as @Skel40 recommended, verify that all the apps you disabled, are actually disabled from the command line, especially Arcus Proxy.
gazelle:/ $ pm list packages -d
I also agree with Skel40 about Magisk, if you don't need it for any apps you are using, it's an extra complication that you are better off without.
@Skel40 thanks for confirming everything is working! If you have any issues getting bootless Magisk working let me know. You can enable/disable it by just checking/unchecking 'execute on boot' in Launcher Manager and rebooting the Cube.
Pro-me3us said:
pm disable-user com.amazon.device.software.ota
Click to expand...
Click to collapse
No update error. just 'checking now', launcher manager lists update status as blocked, though.
pm list packages -d gets me the following
package:com.android.nfc
package:com.fireos.arcus.proxy
package:com.amazon.tv.forcedotaupdater.v2
package:com.amazon.device.software.ota
package:com.amazon.device.software.ota.override
Jerri1240 said:
No update error. just 'checking now', launcher manager lists update status as blocked, though.
pm list packages -d gets me the following
package:com.android.nfc
package:com.fireos.arcus.proxy
package:com.amazon.tv.forcedotaupdater.v2
package:com.amazon.device.software.ota
package:com.amazon.device.software.ota.override
Click to expand...
Click to collapse
Since pm list packages -d has it listed as disabled, that's all that really matters.
Pro-me3us said:
Since pm list packages -d has it listed as disabled, that's all that really matters.
Click to expand...
Click to collapse
Thanks again for the help. Really appreciate it.
Overview
This rooting method is based on a new vulnerability in the ARM Mali GPU driver (CVE-2022-46395) discovered by security researcher Man Yue Mo at GitHub Security Lab, to gain root access to the 3rd gen Cube that is on firmware PS7646/3550 or older. You can also check the older root method that works up to firmware PS7613/3701.
The exploit program (gazelle_buf) is run directly on the Cube to spawn a temporary root shell for quick access. On average it takes 20-60sec for the exploit to gain root access. For best results, run gazelle_buf after a fresh reboot.
Temporary Root
Open an adb root shell to for quick access admin access
Pros:
Access all files and folders from ADB
Simple to use, runs in RAM and doesn't make any changes to the Cube, no chance of bricking.
Remove app package protection so that you can enable/disable any app even without root (eg custom launchers, disabling updates, debloat, etc).
Cons:
Only enables ADB root
NOTE: raven_buf won't brick your device, but what you do with that root access can. DM-verity is still in place checking the integrity of the system/vendor partitions, do NOT modify anything in those directories, or the boot partition!!
Instructions
Enable ADB debugging in FireOS settings
Download, unzip and copy gazelle_buf to your Cube
adb push gazelle_buf /data/local/tmp/
Open an ADB shell and give gazelle_buf execution permission (only needs to be done once)
adb shell ---> opens a 'gazelle: / $' prompt
gazelle:/ $ chmod +x /data/local/tmp/gazelle_buf
Run the program. Takes 20-60sec on average.
Root access is gained when the '$' prompt changes to '#' (gazelle:/ $ --> gazelle:/ #)
gazelle:/ $ /data/local/tmp/gazelle_buf
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Disable package protections
Use gazelle_shrinker to open a root shell and delete all the apps listed in the file /data/system/PackageManagerDenyList
gazelle:/ # setenforce 0
gazelle:/ # echo '<?xml version="1.0" encoding="utf-8" standalone="yes" ?><map><set name="DenyListKeyPackages"></set></map>' > /data/system/PackageManagerDenyList
Disable Arcus Proxy, to keep package protections off
gazelle:/ # pm clear com.fireos.arcus.proxy
gazelle:/ # pm disable-user com.fireos.arcus.proxy
Disable Amazon's ability to block apps on your device (eg Launcher Manager)
gazelle:/ # pm disable-user com.amazon.adep
gazelle:/ # pm clear com.amazon.adep
Disable OTA updates
gazelle:/ # pm disable-user com.amazon.device.software.ota
gazelle:/ # pm clear com.amazon.device.software.ota
gazelle:/ # pm disable-user com.amazon.device.software.ota.override
gazelle:/ # pm disable-user com.amazon.tv.forcedotaupdater.v2
A reboot is required before the package protections removal takes effect. Check & confirm the list of disabled apps:
gazelle:/ $ pm list packages -d
Contributors:
Man Yue Mo, @Functioner, @Pro-me3us
Thanks to @Renate for many great tools
@RiCkLaR for tip on disabling ADEP and AppBlockList
reserved
reserved
is this for the latest update for the cube?
Eagle1337 said:
is this for the latest update for the cube?
Click to expand...
Click to collapse
Yes, this will work on any 3rd gen firmware including the most recent PS7646 from the last two weeks.
If you are still on PS7613/3701 and using the older method, I don't recommend updating to PS7646. I haven't seen any benefits to the new firmware, and it's likely just got more Amazon tricks & restrictions to look out for.
IF you care about an eventual bootloader unlock, if anyone ever finds a way , staying on an older firmware increases the chances of being able to use it.
Hello. Followed your instructions on my 3rd gen Fire TV Cube, and saw the ADB Shell prompt change from $ to #.
Then entered in the suggested shell commands to disable OTA updates etc.
I then rebooted my device.
I am a bit confused, as when I re-established ADB connection, the shell prompt is back to a $, and not #.
Is that normal?, ie. to change anything, I have to redo the process after each restart?
Excuse my ignorance, kind of new to all this stuff.
three6zerocool said:
Hello. Followed your instructions on my 3rd gen Fire TV Cube, and saw the ADB Shell prompt change from $ to #.
Then entered in the suggested shell commands to disable OTA updates etc.
I then rebooted my device.
I am a bit confused, as when I re-established ADB connection, the shell prompt is back to a $, and not #.
Is that normal?, ie. to change anything, I have to redo the process after each restart?
Excuse my ignorance, kind of new to all this stuff.
Click to expand...
Click to collapse
Read:
4. Run the program. Takes 20-60sec on average.
Root access is gained when the '$' prompt changes to '#' (gazelle:/ $ --> gazelle:/ #)
No you dont need to do it after every restart. It's disabled until you change it back..
three6zerocool said:
I am a bit confused, as when I re-established ADB connection, the shell prompt is back to a $, and not #.
Is that normal?, ie. to change anything, I have to redo the process after each restart?
Click to expand...
Click to collapse
Yeah that's to be expected. If you cleared the PackageManagerDenyList described in the op instructions, then you won't need root access anymore to disable/enable any apps.
If you need root access for something else, then you only need to run gazelle_buf again
gazelle:/ $ /data/local/tmp/gazelle_buf
gazelle:/# setenforce 0
If you need routine root access or to be able to grant SU to apps, you can check the description of bootless Magisk from the previous exploit. That would give you the ability to open a root shell whenever you type gazelle:/ $ su
I still consider bootless Magisk experimental until a handful of people report back that they have been using it for a month+. I can update the older start script to work with gazelle_buf if you want to test it out.
Pro-me3us said:
Yeah that's to be expected. If you cleared the PackageManagerDenyList described in the op instructions, then you won't need root access anymore to disable/enable any apps.
If you need root access for something else, then you only need to run gazelle_buf again
gazelle:/ $ /data/local/tmp/gazelle_buf
gazelle:/# setenforce 0
If you need routine root access or to be able to grant SU to apps, you can check the description of bootless Magisk from the previous exploit. That would give you the ability to open a root shell whenever you type gazelle:/ $ su
I still consider bootless Magisk experimental until a handful of people report back that they have been using it for a month+. I can update the older start script to work with gazelle_buf if you want to test it out.
Click to expand...
Click to collapse
Thanks for the reply and explanation.
I mainly wanted to use this exploit to stop Amazon auto removing Launcher Manager, as I like to use custom Launcher.
I think I have done things correctly, but just noticed that Launcher Manager has been removed again.
I am sure I entered all the commands in correctly, as I noticed inside LM that Amazon Updates etc were already blocked.
Could it be the settings I have used in LM?
ie. I used the old method and it brought up an ADB permission request, then I enabled the original handler, and chose my custom launcher. (Wolf Launcher)
Have also tried the new method, but LM still keeps getting removed.
What's been happening is that Launcher Manager disappears, and home button still goes to Wolf Launcher, but I can no longer access any settings menus. (until I reinstall LM)
three6zerocool said:
I mainly wanted to use this exploit to stop Amazon auto removing Launcher Manager, as I like to use custom Launcher.
Click to expand...
Click to collapse
@RiCkLaR posted about this earlier, and I think he's right. I'll add it to the instructions in the OP in a day once it's confirmed.
For now, it appears that Launcher Manager is disabled by the app Adep. You can disable it, and that should be enough to stop having to do any more reinstalls.
gazelle:/ $ pm disable-user com.amazon.adep
gazelle:/ $ pm clear com.amazon.adep
Since you have root, if you want, you can keep Amazon Launcher enabled, and only disable the Amazon homescreen. This will allow you to use your custom launcher, and not break Amazon Launcher dependent functions. Things that will work: Amazon App Store search, homescreen search, FireOS settings menu, remote recent button, other things i'm forgetting
EDIT: I forgot that doing this causes the LiveTV app to hammer the OS, so that app has to be disabled. Clearing the LiveTV app data appears to be enough to keep that app from misbehaving.
To do this follow these steps:
gazelle:/ $ pm disable-user com.amazon.firehomestarter
gazelle:/ $ pm enable com.amazon.tv.launcher
gazelle:/ $ /data/local/tmp/gazelle_buf
gazelle:/ # setenforce 0
gazelle:/ # pm disable com.amazon.tv.launcher/.ui.HomeActivity_vNext
gazelle:/ # pm clear com.amazon.tv.livetv
gazelle:/ # exit
Pro-me3us said:
Since you have root, if you want, you can keep Amazon Launcher enabled, and only disable the Amazon homescreen. This will allow you to use your custom launcher, and not break Amazon Launcher dependent functions. Things that will work: Amazon App Store search, homescreen search, FireOS settings menu, remote recent button, other things i'm forgetting
EDIT: I forgot that doing this causes the LiveTV app to hammer the OS, so that app has to be disabled.
To do this follow these steps:
gazelle:/ $ pm disable-user com.amazon.firehomestarter
gazelle:/ $ pm enable com.amazon.tv.launcher
gazelle:/ $ pm disable-user com.amazon.tv.livetv
gazelle:/ $ /data/local/tmp/gazelle_buf
gazelle:/ # setenforce 0
gazelle:/ # pm disable com.amazon.tv.launcher/.ui.HomeActivity_vNext
gazelle:/ # exit
Click to expand...
Click to collapse
Thankyou oh so much, that is fantastic advice, and I followed your above instructions, and it worked wonderfully.
You are right, it is really nice using the native preferences over Launcher Manager ones.
Also it is really good to be able to search for apps etc.
Thankyou once again!.
I was taking another look at the method in post #10, I think it's fine to keep com.amazon.tv.livetv enabled, and that just clearing the app data after disabling the Amazon homescreen is enough to keep the LiveTV app from hammering the OS. I made a small edit to the steps to clear data, rather than disable LiveTV.
Since you already ran through the steps above, you can just clear the LiveTV app data, and re-enable the app without root
gazelle:/ $ pm clear com.amazon.tv.livetv
gazelle:/ $ pm enable com.amazon.tv.livetv
To verify that there are no apps acting up, use
gazelle:/ $ top
It will show all the running apps, memory & CPU usage. When you are on your custom launcher homescreen, the Cube should idle at ~720-750% CPU usage free (800% total = 100% x 8 cores). Verify that LiveTV app isn't at the top of the CPU usage list using +50-100%.