Hello everybody,
I rooted my dream phone with :
Code:
fastboot boot boot.img
# mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
# cd system
# cd bin
# cat sh > su
# chmod 4755 su
All work fine !
I tried to install busybox like this :
Code:
adb push busybox /data/local/tmp
cat /data/local/tmp/busybox > /system/bin/busybox
chmod 4755 /system/bin/busybox
No problem with this step, but now if I type :
Code:
$su
#busybox ls /data
I have a permission denied
If I type
Code:
$su
#ls /data
all work fine
(ls is an symbolic link to toolbox)
ls -l /system/bin
Code:
-rwsr-xr-x root root 1745016 2009-07-28 11:01 busybox
-rwsr-xr-x root root 86936 2009-07-28 11:11 su
-rwxr-xr-x root shell 68472 2009-03-03 22:31 toolbox
...
I think busybox is not launch with root permission.. why?
I tried : ln -s busybox ls
but same problem !
What is wrong ?
Thanks.
Any particular reason why you setuid busybox? Try chmod 0755 busybox; chown root:shell busybox
Tell me what I'm doing wrong here. I'm trying to make a script that will remove some apps whenever I flash a new rom. Here's what I thought would work:
Code:
mount -o remount,rw /dev/block/mtdblock3 /system
cd /system/app
rm com.amazon*.apk
rm Mail.apk
rm Development.apk
rm LatinIME.apk
To use it I type:
Code:
$ su
# sh /sdcard/apps.sh
and it just fails at every line. Any help would be appreciated.
On the first line try
mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
or your could shortcut it by using
mount /system
Stupid question, but do you have the permissions set to allow root access?
I've done that a few times to realize what my "mistake" was.
well you could just make a script for your PC something along the lines of
Code:
@echo off
adb remount
adb shell rm /system/app/com.amazon*.apk
adb shell rm /system/app/Mail.apk
adb shell rm /system/app/Development.apk
adb shell rm /system/app/LatinIME.apk
adb shell reboot
and rename it to a .bat or .cmd file
jackslim said:
On the first line try
mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
or your could shortcut it by using
mount /system
Click to expand...
Click to collapse
Ok so I did that and the script appears to be working. I'll test it when Cyanogen release another update with amazon... Adding the -t yaffs2, what exactly did that do?
The -t is a trigger saying that your going to specify what type of filesystem your mounting, yaffs2 is the type of filesystem
Hi guys,
I just got a problem while flashing a recovery. I tried to use RomManager to flash the clockworkmod on my click, but while booting into it I just can enter the normal android recovery
I've read a little about this problem and found out, that I need to push the flash_image command line into the /system/bin - and there is the problem!
There're 2 different problems ... first one is permission denied - but I am root ...
Does someone has an idea why I can't push the flash_image?
Also tried http://forum.xda-developers.com/showpost.php?p=9192029&postcount=21 but it won't work - even with mounting the folders ...
Hope you can help me
Regards,
Smoky
Re
$ adb push flash_image /sdcard/
$ adb shell
# mount -o remount,rw -t yaffs2 /system
# mv /sdcard/flash_image /system/bin
# chmod 755 /system/bin/flash_image
# cd /system/bin
# ./flash_image recovery /sdcard/recovery.img
# mount -o remount,ro -t yaffs2 /system
Ok, found a solution
http://forum.xda-developers.com/showthread.php?t=950759
Thx, ready to close
For reference, these are my thoughts on the matter.
We have 3 ways to do this:
1. Get hold of SBL, change it and flash it
Currently impossible afaik.
2. Get an init.d bash script to reboot into recovery if key is pressed
Most likely possible taking these 2 assumptions into account:
a) Bash allows to detect a pressed key, something like this:
Code:
_key()
{
local kp
ESC=$'\e'
_KEY=
read -d '' -sn1 _KEY
case $_KEY in
"$ESC")
while read -d '' -sn1 -t1 kp
do
_KEY=$_KEY$kp
case $kp in
[a-zA-NP-Z~]) break;;
esac
done
;;
esac
printf -v "${1:-_KEY}" "%s" "$_KEY"
}
_key x
case $x in
$'\e[15~') reboot recovery ;;
esac
Replacing this key code for one of OB's.
But for this, we need assumption number 2:
b) Key codes mapping is the same for recoveries.
Now, while this is the method of the greatest chance to work, it is also fairly useless. Developers will often break the boot before the init.d scripts are ran. So, this code should be ran before. Hence, the third method.
3. Start a custom service in init.rc (@ ramdisk) that will detect pressed key
This would be the perfect solution as it can't be broken from kernel (zImage) or system changes. However, init.rc has its own programming language (android init language) and there's no way to run this kind of listener.
However, it is possible to run an external script located for example in /system/bin/. These can be both an executable compiled from c (higher chances of working) or a bash scripting like the aforementioned one (lower chances of working since android probably doesn't start a console on boot).
Code for this would be something like:
Code:
service exampleservice /system/bin/exampleservice
user exampleservice
group exampleservice
oneshot
So uh, am I missing anything?
Anyone has other ideas?
a lot of times i heared about pressing "G" and "Power" would boot into some kind of save mode... if thats true i guess its easyer to reprogramm that keycombo to do something else... so does that keycombo anything? i couldnt figure out^^
Sent from my LG-P970 using XDA App
Are others devices has the key combination code in SBL?
I wish I have enough knowledge about android system so i can help...
i04055 said:
Are others devices has the key combination code in SBL?
I wish I have enough knowledge about android system so i can help...
Click to expand...
Click to collapse
Yes there are devices heaving the key-combo in SBL if that answers your question. The "Samsung Galaxy S GT-I9000" e.g. has them there afaik. With that device it was possible flashing the SBL to add a "booting directly into recovery" key-combo...
So I don´t know why there should not be a solution to do the same to the OB but Noejn surely has good reason for telling its impossible.
But hey what about booting into recovery on every system startup and only boot into the system through the recovery? It´s a "quick & dirty" solution even if its possible but better than developing the way we do isn´t it? I´m not sure if its easier to change the startup that way than to add or modify a key-combo but maybe someone here does?
I'm sure (or hope..) someone can, but perhaps we should move this Thread to another part of the Forum so someone with the knowledge how to do this will read it.
d0n22 said:
But hey what about booting into recovery on every system startup and only boot into the system through the recovery? It´s a "quick & dirty" solution even if its possible but better than developing the way we do isn´t it? I´m not sure if its easier to change the startup that way than to add or modify a key-combo but maybe someone here does?
Click to expand...
Click to collapse
Yeah, i prefer that way if poosibble rather than nothing.
But if put it that way, when the phone get bootloop is it still posibbe to boot into recovery?
Sent from my LG-P970 using XDA App
This is how it's done on Xperia X8 phone.
The /system/bin/chargemon is usb-charge daemon that is being hijacked on boot (it's binary is replaced with this script)
Original chargemon is copied into "charger" to keep it's functionality.
Than "sleep 3" waits for any keypress, and checks the dump, if keys were pressed, it launches the recovery binary.
quite simple.
Code:
#!/system/bin/busybox sh
/system/bin/charger
cat /dev/input/event1 > /dev/keycheck&
sleep 3
kill -9 $!
if [ -s /dev/keycheck -o -f /data/local/tmp/xrecovery ]
then
rm -f /data/local/tmp/xrecovery
# remount rootfs rw
mount -o remount,rw rootfs /
# Umount MTDs
umount -l /dev/block/mtdblock1
umount -l /dev/block/mtdblock2
umount -l /dev/block/mtdblock3
# Mount recovery partition
cd /
rm -r /sbin
rm -f etc
tar -xf /system/bin/xrecovery.tar
# Umount /system
umount -l /dev/block/mtdblock0
# chroot
chroot / /init
fi
# remount rootfs rw
mount -o remount,rw rootfs /
chmod 0777 /dev -R
chown 0.2000 /dev/oncrpc -R
cd /
rm init*
rm logo.rle
rm default.prop
tar -xf /system/bin/ramdisk.tar
mkdir -p /minicm
cd /minicm
tar -xf /system/bin/ramdisk.tar
# Umount /system, data and cache
umount -l /dev/block/mtdblock0
umount /dev/block/mtdblock3
umount /dev/block/mtdblock1
rmdir /system /data /cache /mnt
racht said:
This is how it's done on Xperia X8 phone.
The /system/bin/chargemon is usb-charge daemon that is being hijacked on boot (it's binary is replaced with this script)
Original chargemon is copied into "charger" to keep it's functionality.
Than "sleep 3" waits for any keypress, and checks the dump, if keys were pressed, it launches the recovery binary.
quite simple.
Code:
#!/system/bin/busybox sh
/system/bin/charger
cat /dev/input/event1 > /dev/keycheck&
sleep 3
kill -9 $!
if [ -s /dev/keycheck -o -f /data/local/tmp/xrecovery ]
then
rm -f /data/local/tmp/xrecovery
# remount rootfs rw
mount -o remount,rw rootfs /
# Umount MTDs
umount -l /dev/block/mtdblock1
umount -l /dev/block/mtdblock2
umount -l /dev/block/mtdblock3
# Mount recovery partition
cd /
rm -r /sbin
rm -f etc
tar -xf /system/bin/xrecovery.tar
# Umount /system
umount -l /dev/block/mtdblock0
# chroot
chroot / /init
fi
# remount rootfs rw
mount -o remount,rw rootfs /
chmod 0777 /dev -R
chown 0.2000 /dev/oncrpc -R
cd /
rm init*
rm logo.rle
rm default.prop
tar -xf /system/bin/ramdisk.tar
mkdir -p /minicm
cd /minicm
tar -xf /system/bin/ramdisk.tar
# Umount /system, data and cache
umount -l /dev/block/mtdblock0
umount /dev/block/mtdblock3
umount /dev/block/mtdblock1
rmdir /system /data /cache /mnt
Click to expand...
Click to collapse
yeah ,from this we can see what is running before logo screen and we can mod that file
so.. is that mean we can boot to recovery mode same as x8?
racht said:
This is how it's done on Xperia X8 phone.
The /system/bin/chargemon is usb-charge daemon that is being hijacked on boot (it's binary is replaced with this script)
Original chargemon is copied into "charger" to keep it's functionality.
Than "sleep 3" waits for any keypress, and checks the dump, if keys were pressed, it launches the recovery binary.
quite simple.
Code:
#!/system/bin/busybox sh
/system/bin/charger
cat /dev/input/event1 > /dev/keycheck&
sleep 3
kill -9 $!
if [ -s /dev/keycheck -o -f /data/local/tmp/xrecovery ]
then
rm -f /data/local/tmp/xrecovery
# remount rootfs rw
mount -o remount,rw rootfs /
# Umount MTDs
umount -l /dev/block/mtdblock1
umount -l /dev/block/mtdblock2
umount -l /dev/block/mtdblock3
# Mount recovery partition
cd /
rm -r /sbin
rm -f etc
tar -xf /system/bin/xrecovery.tar
# Umount /system
umount -l /dev/block/mtdblock0
# chroot
chroot / /init
fi
# remount rootfs rw
mount -o remount,rw rootfs /
chmod 0777 /dev -R
chown 0.2000 /dev/oncrpc -R
cd /
rm init*
rm logo.rle
rm default.prop
tar -xf /system/bin/ramdisk.tar
mkdir -p /minicm
cd /minicm
tar -xf /system/bin/ramdisk.tar
# Umount /system, data and cache
umount -l /dev/block/mtdblock0
umount /dev/block/mtdblock3
umount /dev/block/mtdblock1
rmdir /system /data /cache /mnt
Click to expand...
Click to collapse
soundes quite promising... have you tried it?
Can this be usefull?
http://forum.xda-developers.com/showthread.php?t=991276
Noejn have you abandoned us ? Or are u planning to take a look at this ? Would be nice if u get OB up and running
recovery
Hi,
has there been any success with booting into recovery mode?
BR,
J
logitec said:
Hi,
has there been any success with booting into recovery mode?
BR,
J
Click to expand...
Click to collapse
No,I try to boot directly into recovery through boot.img,but I get a big "error" form the LG Security Team!
Hijacking a daemon would work if Optimus Black had those binaries. I took a quick glance at a backup and I didn't see chargemon in /system/bin.
Besides, a xRecovery is limited as it's dependent on system files so a /format can't be done which isn't really that "comfy", especially when changing fs.
But yeah, better than nothing. Still, the method you described is only possible in Xperia phones, as far as I know.
I still say injecting a service on the init.rc is the way to go.
However, I can't test this now.
racht said:
This is how it's done on Xperia X8 phone.
The /system/bin/chargemon is usb-charge daemon that is being hijacked on boot (it's binary is replaced with this script)
Original chargemon is copied into "charger" to keep it's functionality.
Than "sleep 3" waits for any keypress, and checks the dump, if keys were pressed, it launches the recovery binary.
quite simple.
Code:
#!/system/bin/busybox sh
/system/bin/charger
cat /dev/input/event1 > /dev/keycheck&
sleep 3
kill -9 $!
if [ -s /dev/keycheck -o -f /data/local/tmp/xrecovery ]
then
rm -f /data/local/tmp/xrecovery
# remount rootfs rw
mount -o remount,rw rootfs /
# Umount MTDs
umount -l /dev/block/mtdblock1
umount -l /dev/block/mtdblock2
umount -l /dev/block/mtdblock3
# Mount recovery partition
cd /
rm -r /sbin
rm -f etc
tar -xf /system/bin/xrecovery.tar
# Umount /system
umount -l /dev/block/mtdblock0
# chroot
chroot / /init
fi
# remount rootfs rw
mount -o remount,rw rootfs /
chmod 0777 /dev -R
chown 0.2000 /dev/oncrpc -R
cd /
rm init*
rm logo.rle
rm default.prop
tar -xf /system/bin/ramdisk.tar
mkdir -p /minicm
cd /minicm
tar -xf /system/bin/ramdisk.tar
# Umount /system, data and cache
umount -l /dev/block/mtdblock0
umount /dev/block/mtdblock3
umount /dev/block/mtdblock1
rmdir /system /data /cache /mnt
Click to expand...
Click to collapse
Good news, I'm getting close.
ok, thank you for everithing
Noejn said:
Good news, I'm getting close.
Click to expand...
Click to collapse
good news indeed^^ im working on it as well but im not feeling like getting close :-\ pls let me know what you did and how you did it as soon as its done... again thank you very much for your efforts!
Sent from my LG-P970 using XDA App
d0n22 said:
good news indeed^^ im working on it as well but im not feeling like getting close :-\ pls let me know what you did and how you did it as soon as its done... again thank you very much for your efforts!
Sent from my LG-P970 using XDA App
Click to expand...
Click to collapse
Well, I've succeed injecting the script on boot.
However, I'm getting some problems on the event0 > keycheck; I don't think at this time of boot /dev entries are up.
But I've already thought of a workaround and I'll test it tomorrow.
I´m thinking, if i compile kernel of ubuntu and install it in recovery partition, not possible then run ubuntu in native mode from sdcard with dualboot?
I FINALY FOUND MY PROBLEM
I have two binaries one in /system/xbin/su and the other in /system/bin/su
#ls -l /system/*/su gives me this:
-rwxrwxr- system sdcard_rw 380532 2013-05-22 17:13 su
-rwsr-xr-x root root 22236 2013-05-22 17:13 su
#chmod 06775 /system/bin/su gives me this:
unable to chmod /system/bin/su: readonly filesystem
#echo $PATH gives me this
/system/bin/su: /system/Xbin/su
so what should i do next?
is it possible to swap the path variables
i mean to make "echo $path give /system/Xbin/su:/system/bin/su"
10Q
GAEENG said:
I FINALY FOUND MY PROBLEM
I have two binaries one in /system/xbin/su and the other in /system/bin/su
#ls -l /system/*/su gives me this:
-rwxrwxr- system sdcard_rw 380532 2013-05-22 17:13 su
-rwsr-xr-x root root 22236 2013-05-22 17:13 su
#chmod 06775 /system/bin/su gives me this:
unable to chmod /system/bin/su: readonly filesystem
#echo $PATH gives me this
/system/bin/su: /system/Xbin/su
so what should i do next?
is it possible to swap the path variables
i mean to make "echo $path give /system/Xbin/su:/system/bin/su"
10Q
Click to expand...
Click to collapse
Switch to SuperSU!