Ezonetronics CT-0008 root - SuperSU

hi so bit of a noob,
but i discovered that i can get root access via adb on this device. here's its build prop
ro.build.id=MMB29M
ro.build.display.id=K2001M_DW_S212101.20170322.11081609
ro.build.version.incremental=20170221
ro.build.version.sdk=23
ro.build.version.preview_sdk=0
ro.build.version.codename=REL
ro.build.version.all_codenames=REL
ro.build.version.release=6.0.1
ro.build.version.security_patch=2015-12-01
ro.build.version.base_os=
ro.build.date=2017/02/21[21:11:06]
ro.build.date.utc=1487682666
ro.build.type=user
ro.build.user=app-zenggf
ro.build.host=APP-PE730
ro.build.tags=test-keys
ro.build.flavor=t3_k2001_nwd-user
ro.product.model=QUAD-CORE T3 K2001M
ro.product.brand=Allwinner
ro.product.name=K2001M_DW_S212101
ro.product.device=t3-k2001-nwd
ro.product.board=exdroid
ro.product.cpu.abi=armeabi-v7a
ro.product.cpu.abi2=armeabi
ro.product.cpu.abilist=armeabi-v7a,armeabi
ro.product.cpu.abilist32=armeabi-v7a,armeabi
ro.product.cpu.abilist64=
ro.product.manufacturer=Allwinner
ro.product.locale=en-US
ro.wifi.channels=
ro.board.platform=t3
ro.build.product=t3-k2001-nwd
ro.build.description=t3_k2001_nwd-user 6.0.1 MMB29M 20170221 test-keys
ro.build.fingerprint=Allwinner/t3_k2001_nwd/t3-k2001-nwd:6.0.1/MMB29M/20170221:user/test-keys
ro.build.characteristics=tablet
ro.config.ringtone=Ring_Synth_04.ogg
ro.config.notification_sound=pixiedust.ogg
ro.carrier=unknown
ro.config.alarm_alert=Alarm_Classic.ogg
wifi.interface=wlan0
wifi.supplicant_scan_interval=15
keyguard.no_require_sim=true
ro.kernel.android.checkjni=0
ro.opengles.version=131072
debug.hwui.render_dirty_regions=false
persist.sys.strictmode.visual=0
persist.sys.strictmode.disable=1
ro.sys.cputype=QuadCore-T3
ro.product.firmware=v0.1
drm.service.enabled=true
ro.sys.widevine_oemcrypto_level=1
service.adb.tcp.port=5555
ro.adb.secure=0
persist.service.adb.enable=1
ro.debuggable=1
ro.product.platform=K2001M
ro.lockscreen.disable.default=true
sys.whitelist.enable=true
sys.wake.app.self.start.enable=true
ro.fastdexopt.enable=true
ro.fastdexopt.by.both=true
ro.sw.embeded.telephony=false
persist.sys.usb.config=mtp,adb
rw.logger=0
persis.sys.bluetooth_goc=0
ro.zygote.disable_gl_preload=true
ro.sf.lcd_density=160
persist.sys.tfpath.flag=0
ro.display.sdcard=1
ro.part.sdcard=1
ro.sf.nwdrotation=0
ro.spk_dul.used=false
persist.sys.timezone=Asia/Shanghai
persist.sys.country=CN
persist.sys.language=zh
persist.fw.force_adoptable=true
persist.sys.dalvik.vm.lib.2=libart
dalvik.vm.isa.arm.variant=cortex-a7
dalvik.vm.isa.arm.features=default
net.bt.name=Android
dalvik.vm.stack-trace-file=/data/anr/traces.txt
ro.expect.recovery_id=0x5f19ef07be82d797cc3082e26587dfd2557a73cb000000000000000000000000
I've tried to manually root using this guide:
https://forum.xda-developers.com/showthread.php?t=2684210
with no joy superuser app detects the binary but no other apps can get root.
i can mount /system/ for write etc if anyone can point me in the correct direction etc maybe twrp or something.
Also any ideas what this might be for:
sys.whitelist.enable=true

if anyone interested i managed to get root from this script over ADB
adb shell "mount -o remount,rw /system"
adb push common/Superuser.apk /system/app/SuperSU/SuperSU.apk
adb shell chmod 0644 /system/app/SuperSU/SuperSU.apk
adb shell chcon ubject_r:system_file:s0 /system/app/SuperSU/SuperSU.apk
adb push common/install-recovery.sh /system/etc/install-recovery.sh
adb shell chmod 0755 /system/etc/install-recovery.sh
adb shell chcon ubject_r:toolbox_exec:s0 /system/etc/install-recovery.sh
adb push armv7/su /system/bin/.ext/.su
adb shell chmod 0755 /system/bin/.ext/.su
adb shell chcon ubject_r:system_file:s0 /system/bin/.ext/.su
adb push armv7/su /system/bin/.ext/.su
adb shell chmod 0755 /system/bin/.ext/.su
adb shell chcon ubject_r:system_file:s0 /system/bin/.ext/.su
adb push armv7/su /system/xbin/daemonsu
adb shell chmod 0755 /system/xbin/daemonsu
adb shell chcon ubject_r:system_file:s0 /system/xbin/daemonsu
adb push armv7/su /system/xbin/sugote
adb shell chmod 0755 /system/xbin/sugote
adb shell chcon ubject_r:zygote_exec:s0 /system/xbin/sugote
adb push armv7/supolicy /system/xbin/supolicy
adb shell chmod 0755 /system/xbin/supolicy
adb shell chcon ubject_r:system_file:s0 /system/xbin/supolicy
adb push armv7/libsupol.so /system/lib(64)/libsupol.so
adb shell chmod 0755 /system/lib\(64\)/libsupol.so
adb shell chcon ubject_r:system_file:s0 /system/lib\(64\)/libsupol.so
adb shell touch /system/etc/.installed_su_daemon
adb shell chmod 0644 /system/etc/.installed_su_daemon
adb shell chcon ubject_r:system_file:s0 /system/etc/.installed_su_daemon
adb shell cp /system/bin/sh /system/xbin/sugote-mksh
adb shell chmod 0755 /system/xbin/sugote-mksh
adb shell chcon ubject_r:system_file:s0 /system/xbin/sugote-mksh
adb shell cp /system/bin/app_process32 /system/bin/app_process32_original
adb shell chmod 0755 /system/bin/app_process32_original
adb shell chcon ubject_r:zygote_exec:s0 /system/bin/app_process32_original
adb shell mv /system/bin/app_process /system/bin/app_process_original
adb shell chmod 0755 /system/bin/app_process_original
adb shell chcon ubject_r:zygote_exec:s0 /system/bin/app_process_original
adb shell mv /system/bin/app_process32 /system/bin/app_process_init
adb shell chmod 0755 /system/bin/app_process_init
adb shell chcon ubject_r:system_file:s0 /system/bin/app_process_init
adb shell ln -s /system/xbin/daemonsu /system/bin/app_process
adb shell ln -s /system/xbin/daemonsu /system/bin/app_process32
adb shell ln -s /system/etc/install-recovery.sh /system/bin/install-recovery.sh
which i found here
https://tinkerboarding.co.uk/forum/thread-264.html
works great i now have root!

Hi, I have a similar unit but having problems looking for ROM. Can you share sources or your ROM please?
Mine is a generic head unit model id T3 K2001M which I managed to root after x number of tries using kingroot apk
My issue now is that most settings are locked (not enabled). I think the manufacturer stripped some of the OS system files.
I tried using the Bonroad ROM for T3-P3 but it's saying not compatible.
MCUVER: V1.3-FF01-20170328-A02-CAN0000-00-00-DVD01044201-00
SoC Model: Allwinner A23
SoC FamilyAllWinner 4x ARM [email protected]
OS: Android 6.0 out of the box

yes mine also has menus in settings missing i used a few apps like,
Hidden menu (playstore)
google settings(playstore)
settings pro (playstore)

bandit250 said:
yes mine also has menus in settings missing i used a few apps like,
Hidden menu (playstore)
google settings(playstore)
settings pro (playstore)
Click to expand...
Click to collapse
Great. Thanks for the suggestion will try that out. I hope we can get some ROMs soon. Will let you know if I stumble on any.

Hi, how did you connect to the unit to run ADB commands? My unit only has full-size USB connectors so I would need a USB-A to USB-A cable. The only other thing I can think of is to connect an android phone to it and run adb from there somehow. I've installed a terminal app on the unit so could copy the files onto a usb stick or sdcard and run the commands directly on the unit....?
bandit250 said:
if anyone interested i managed to get root from this script over ADB
adb shell "mount -o remount,rw /system"
adb push common/Superuser.apk /system/app/SuperSU/SuperSU.apk
adb shell chmod 0644 /system/app/SuperSU/SuperSU.apk
adb shell chcon ubject_r:system_file:s0 /system/app/SuperSU/SuperSU.apk
adb push common/install-recovery.sh /system/etc/install-recovery.sh
adb shell chmod 0755 /system/etc/install-recovery.sh
adb shell chcon ubject_r:toolbox_exec:s0 /system/etc/install-recovery.sh
adb push armv7/su /system/bin/.ext/.su
adb shell chmod 0755 /system/bin/.ext/.su
adb shell chcon ubject_r:system_file:s0 /system/bin/.ext/.su
adb push armv7/su /system/bin/.ext/.su
adb shell chmod 0755 /system/bin/.ext/.su
adb shell chcon ubject_r:system_file:s0 /system/bin/.ext/.su
adb push armv7/su /system/xbin/daemonsu
adb shell chmod 0755 /system/xbin/daemonsu
adb shell chcon ubject_r:system_file:s0 /system/xbin/daemonsu
adb push armv7/su /system/xbin/sugote
adb shell chmod 0755 /system/xbin/sugote
adb shell chcon ubject_r:zygote_exec:s0 /system/xbin/sugote
adb push armv7/supolicy /system/xbin/supolicy
adb shell chmod 0755 /system/xbin/supolicy
adb shell chcon ubject_r:system_file:s0 /system/xbin/supolicy
adb push armv7/libsupol.so /system/lib(64)/libsupol.so
adb shell chmod 0755 /system/lib\(64\)/libsupol.so
adb shell chcon ubject_r:system_file:s0 /system/lib\(64\)/libsupol.so
adb shell touch /system/etc/.installed_su_daemon
adb shell chmod 0644 /system/etc/.installed_su_daemon
adb shell chcon ubject_r:system_file:s0 /system/etc/.installed_su_daemon
adb shell cp /system/bin/sh /system/xbin/sugote-mksh
adb shell chmod 0755 /system/xbin/sugote-mksh
adb shell chcon ubject_r:system_file:s0 /system/xbin/sugote-mksh
adb shell cp /system/bin/app_process32 /system/bin/app_process32_original
adb shell chmod 0755 /system/bin/app_process32_original
adb shell chcon ubject_r:zygote_exec:s0 /system/bin/app_process32_original
adb shell mv /system/bin/app_process /system/bin/app_process_original
adb shell chmod 0755 /system/bin/app_process_original
adb shell chcon ubject_r:zygote_exec:s0 /system/bin/app_process_original
adb shell mv /system/bin/app_process32 /system/bin/app_process_init
adb shell chmod 0755 /system/bin/app_process_init
adb shell chcon ubject_r:system_file:s0 /system/bin/app_process_init
adb shell ln -s /system/xbin/daemonsu /system/bin/app_process
adb shell ln -s /system/xbin/daemonsu /system/bin/app_process32
adb shell ln -s /system/etc/install-recovery.sh /system/bin/install-recovery.sh
which i found here
https://tinkerboarding.co.uk/forum/thread-264.html
works great i now have root!
Click to expand...
Click to collapse

On the unit download adb over wi-fi from playstore make sure both laptop and unit are on same wi-fi network, look into adb over wi-fi.

thanks for the script, i managed to root mine
Do you use tasker on this device? I try to but my accessibility are always revoked, so i can't use application start event.
Also, if you launch music with another then the original music player, when you return to home menu, does it turn of the player?

bandit250 said:
but i discovered that i can get root access via adb on this device. here's its build prop
Click to expand...
Click to collapse
because of you and your root method, I just find where I can stop the CT-0008 to stop an app when return to home screen
So, you just have to add your package name in the list:
/config/app/TaskWhiteList.xml

Hi yeah I did see that. Not tried it yet trying to figure out how to play Bluetooth music in background. Also not used tasker either

hey guys just read this, I also have a generic T3 K2001M, here's my question lets see if you can help me:
the device automatically runs radio app at start up (boot), this is the only thing I wanna change, I want it to run the music app instead. I surffed to all possible options and I haven't managed to do it. Do I need root for that? any idea how to do it? thanks a lot!

You've got to root it and make a profil wich start music player when radio start. I didn't find another way

Hi,
I tried to root CT008 as well, and I've got an error on the last line.
adb shell ln -s /system/etc/install-recovery.sh /system/bin/install-recovery.sh
Cannot install link already exists or something similar.
Now, when I start SuperSu, I've got an error that binaries are occupied. I can't uninstall supersu (no option to do so).
Kindly please give me your advice on this

reflash with original rom and try again
Original rom here (update.img)
is your sdcard keeping unmonut after sleep?

arnauet11 said:
hey guys just read this, I also have a generic T3 K2001M, here's my question lets see if you can help me:
the device automatically runs radio app at start up (boot), this is the only thing I wanna change, I want it to run the music app instead. I surffed to all possible options and I haven't managed to do it. Do I need root for that? any idea how to do it? thanks a lot!
Click to expand...
Click to collapse
I guess you have trouble with wires. Is your unit for car unit. If it is car unit you have to check to red and yellow wires. Red one is must connect to acc + and yellow one must to connect to battery +
Or you must connect both of that two cable to battery +.

JuuuuuuuuL said:
You've got to root it and make a profil wich start music player when radio start. I didn't find another way
Click to expand...
Click to collapse
In My case, I have managed to start music player at start-up. I have to cross check the settings. Will let you know.
You could access the factory settings with code: 1617
Presently looking for a complete player which can play wma files too and I can associate it with the car launcher widget.
---------- Post added at 12:53 PM ---------- Previous post was at 12:52 PM ----------
ceyrekoto said:
I guess you have trouble with wires. Is your unit for car unit. If it is car unit you have to check to red and yellow wires. Red one is must connect to acc + and yellow one must to connect to battery +
Or you must connect both of that two cable to battery +.
Click to expand...
Click to collapse
You can change it in factory settings

Related

For those su is not working under Term

it has already been said multiple time su has to be chmod 4755
but is as also to have these credentials: root.shell
mine was root.root so as a shell user you get an "access denied."
so a chmod root.shell /system/bin helps
after you need to re-chmod 4755 has it's loosing +s.
Also, if you pushed su to /data/local/bin, do this:
rm /data/local/bin/su
Because normal shell looks in /data/local/bin BEFORE /system/bin. It's part of the path.
thanx
my terminal now works as root
I've removed "m7" and "su" from /data/local/bin after root thanks to coolbits.

[HOWTO] Root Nexus One 2.2.1 FRG83D without OEM unlock

This guide is for people who want root but want to keep their stock rom, not breaking the warranty, unlocking bootloader etc.
A proud ubuntu user, I am writing this in a new thread purely because the manual rageagainstthecage method and SuperOneClick method did not not work for me, see link to my conclusion below if you care
http://forum.xda-developers.com/showpost.php?p=11305312&postcount=2526
What did work however was via adb shell using psneuter and its fairly simple if you follow the following commands.
This guide assumes you know how to get access to the shell via adb, if you dont then search elsewhere for a useful guide
OK lets get to business!
1. Download the attached nexus_one_softroot.tar from the bottom of this post and extract contents to the same folder as adb
2. Open up your terminal, cd to the same folder as adb and the extracted files
3. Enter the following commands:
Code:
sudo ./adb push psneuter /data/local/tmp/psneuter
sudo ./adb push busybox /data/local/tmp/busybox
sudo ./adb push su /data/local/tmp/su
sudo ./adb shell chmod 755 /data/local/tmp/psneuter
sudo ./adb shell chmod 755 /data/local/tmp/busybox
sudo ./adb shell chmod 755 /data/local/tmp/su
sudo ./adb shell
After this you should see only a $ which tells us that we at the android command line with user privileges only, lets continue
Code:
$ cd /data/local/tmp
$ ls
busybox
su
psneuter
$ ./psneuter
property service neutered.
killing adbd. (should restart in a second or two)
You will now be kicked out of android shell, lets go back in
Code:
sudo ./adb shell
After this you should see only a # which tells us that we root baby! If you want to double check issue this command
Code:
# id
uid=0(root) gid=0(root)
Lets continue on. From this point we will install busybox and su which will make root permanent
Code:
# mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
# cd /data/local/tmp
# ./busybox cp busybox /system/bin
# chmod 4755 /system/bin/busybox
# busybox cp su /system/bin
# chmod 4755 /system/bin/su
# exit
For some reason I sometimes have to enter exit twice to leave the android shell. Again, re-access the android shell
Code:
sudo ./adb shell
Now in the android shell we can finish up
Code:
# su
# mount -o remount,ro -t yaffs2 /dev/block/mtdblock3 /system
# exit
# exit
Lastly we must install Superuser, and I did this from the android market so I knew its the latest version, its simple to get, less command input etc.
Now you have root! I hope this was simple enough to follow, I have not really written a guide before but from lots of searching I just could not find a solution for my Nexus One 2.2.1 FRG83D, especially any guide that uses psneuter.
Anyway, glad to contribute
EDIT - also, being new to starting threads, this may not quite be in the right section of the forum, sorry if thats the case mods
Added link to the thread from Wiki.
upgraded to gingerbread 2.3.3. after copying and setting permissions, got this:
PHP:
$ cd /data/local/tmp
$ ls -l
-rwxr-xr-x shell shell 26248 2010-07-22 10:20 su
-rwxr-xr-x shell shell 1062992 2010-10-16 22:29 busybox
-rwxr-xr-x shell shell 585731 2011-01-08 18:02 psneuter
su
busybox
psneuter
$ ./psneuter
Failed to set prot mask (Inappropriate ioctl for device)
second time threw me out of shell. again adb shell gives this:
PHP:
$ id
uid=2000(shell) gid=2000(shell) groups=1003(graphics),1004(input),1007(log),1009(mount),1011(adb),1015(sdcard_rw),3001(net_bt_admin),3002(net_bt),3003(inet)
mfkr said:
upgraded to gingerbread 2.3.3. after copying and setting permissions, got this:
Code:
$ ./psneuter
Failed to set prot mask (Inappropriate ioctl for device)
Click to expand...
Click to collapse
I believe this is due to a change in the kernel as it is upgraded into gingerbread, the input/output controls have changed, leaving psneuter out of date with the current kernel.
However if an exploit is found with the kernel used in 2.3.3, you can use it in place of psneuter with the above method.

[Q] How to bypass ADB block (or how to reinstall ADB) on Android system?

I have a 65 inch XiaomiTV 3 (note, this is a different flavor of OS from MiBox), it works great until Xiaomi starts to push video ads everytime I turn on the TV. Xiaomi has disabled (likely completely removed ADB) from their system (mine is 1.12.10, any newer version would not be allow u to gain root access in anyway, unless you prove me wrong). Since there is no way to install a new recovery on XiaomiTV 3 (not that I know of, I should add), I tried the only tool that can root this system with an exploit, the 360 Root (http://root.360.cn/). Now this tool itself has some ads, so I will need to remove it later. But at least it allows me to use `su` in a terminal emulator.
Once I gain the root access on my device, I first tried to use ADB by running (and I need to add, XiaomiTV 3 does not have USB debugging port) a terminal emulator (I use Android Terminal Emulator):
Code:
su
stop adbd
setprop service.adb.tcp.port 5555
start adbd
Then I try to connect to my XiaomiTV 3 (its ip is 192.168.123.123) by:
Code:
adb connect 192.168.123.123
It connects, meaning ADB is not removed completely. However if I type `adb devices` it shows 192.168.123.123 is offline.
I then upgraded my Android platform tools and adb by:
Code:
android update sdk no-ui
android update adb
Restart the adb server:
Code:
adb kill-server
adb connect 192.168.123.123
Here it still shows offline, so I restarted both the XiaomiTV 3 and my laptop, and regain root (I will lose root everytime I reboot XiaomiTV 3), did the above all over again. No luck. Then I thought to copy my `~/.android/adbkey.pub` to a usb drive, and then plug it in to XiaomiTV 3, then use a terminal emulator to:
Code:
su
mv /mnt/usb/sdcard/adbkey.pub /data/misc/adb/adb_keys
Then
Code:
stop adbd
setprop service.adb.tcp.port 5555
start adbd
Still, after I
Code:
adb kill-server
adb connect 192.168.123.123
the device is still offline.
Then I tried another approach to get get SuperSU to the system by first copying supersu to a USB drive and then copy it to `/data/superuser` in XiaomiTV 3.
Then I did:
Code:
su
mount -o rw,remount /system
mkdir /system/bin/.ext
chmod 777 /system/bin/.ext
chown root /system/bin/.ext
cp /data/superuser/su /system/bin/.ext/.su
chmod 6755 /system/bin/.ext/.su
chown root /system/bin/.ext/.su
cp /data/superuser/su /system/xbin/su
chmod 755 /system/xbin/su
chown root /system/xbin/su
cp /data/superuser/su /system/xbin/daemonsu
chmod 755 /system/xbin/daemonsu
chown root /system/xbin/daemonsu
cp /data/superuser/supolicy /system/xbin/supolicy
chmod 755 /system/xbin/supolicy
cp /data/superuser/libsupol.so /system/lib/libsupol.so
chmod 644 /system/lib/libsupol.so
mkdir /system/etc/init.d
chmod 644 /system/etc/init.d
cp /data/superuser/99SuperSUDaemon /system/etc/init.d/99SuperSUDaemon
chmod 744 /system/etc/init.d/99SuperSUDaemon
busybox_xm touch /system/etc/.installed_su_daemon
echo 1 >> /system/etc/.installed_su_daemon
chmod 644 /system/etc/.installed_su_daemon
mkdir /system/app/SuperSU
chmod 755 /system/app/SuperSU
cp /data/superuser/SuperSU.apk /system/app/SuperSU/SuperSU.apk
chmod 644 /system/app/SuperSU/SuperSU.apk
cp /data/superuser/install-recovery.sh /system/etc/install-recovery.sh
chmod 755 /system/etc/install-recovery.sh
ln -s /system/etc/install-recovery.sh /system/bin/install-recovery.sh
Then I reboot, apparently, the system overwrites the `/system/xbin/su` (either by 360 root or Xiaomi's OS). So I redid everything above, without reboot. Sadly, SuperSU still asks me to upgrade/update my binary file.
So this is when I stopped knowing what to do next. Any ideas?

Bootloop problem during the installation of root on Android Nougat on Raspberry Pi 3B

Hi
I am trying to install root on Android 7.1.1 (from geektillithertz.com, rom: and7_1-tablet-23012017.img) on Raspberry Pi 3 B.
When I manually execute the following commands via ADB, the system does not start after reboot.
Code:
adb shell "mount -o rw,remount /system"
adb push common/Superuser.apk /system/app/SuperSU/SuperSU.apk
adb shell chmod 0644 /system/app/SuperSU/SuperSU.apk
adb shell chcon u:object_r:system_file:s0 /system/app/SuperSU/SuperSU.apk
adb push common/install-recovery.sh /system/etc/install-recovery.sh
adb shell chmod 0755 /system/etc/install-recovery.sh
adb shell chcon u:object_r:toolbox_exec:s0 /system/etc/install-recovery.sh
adb push armv7/su /system/xbin/daemonsu
adb shell chmod 0755 /system/xbin/daemonsu
adb shell chcon u:object_r:system_file:s0 /system/xbin/daemonsu
adb push armv7/su /system/xbin/sugote
adb shell chmod 0755 /system/xbin/sugote
adb shell chcon u:object_r:zygote_exec:s0 /system/xbin/sugote
adb push armv7/supolicy /system/xbin/supolicy
adb shell chmod 0755 /system/xbin/supolicy
adb shell chcon u:object_r:system_file:s0 /system/xbin/supolicy
adb push armv7/libsupol.so /system/lib/libsupol.so
adb shell chmod 0755 /system/lib/libsupol.so
adb shell chcon u:object_r:system_file:s0 /system/lib/libsupol.so
adb shell touch /system/etc/.installed_su_daemon
adb shell chmod 0644 /system/etc/.installed_su_daemon
adb shell chcon u:object_r:system_file:s0 /system/etc/.installed_su_daemon
adb shell cp /system/bin/sh /system/xbin/sugote-mksh
adb shell chmod 0755 /system/xbin/sugote-mksh
adb shell chcon u:object_r:system_file:s0 /system/xbin/sugote-mksh
adb shell cp /system/bin/app_process32 /system/bin/app_process32_original
adb shell chmod 0755 /system/bin/app_process32_original
adb shell chcon u:object_r:zygote_exec:s0 /system/bin/app_process32_original
adb shell mv /system/bin/app_process /system/bin/app_process_original
adb shell chmod 0755 /system/bin/app_process_original
adb shell chcon u:object_r:zygote_exec:s0 /system/bin/app_process_original
adb shell mv /system/bin/app_process32 /system/bin/app_process_init
adb shell chmod 0755 /system/bin/app_process_init
adb shell chcon u:object_r:system_file:s0 /system/bin/app_process_init
adb shell ln -s /system/xbin/daemonsu /system/bin/app_process
adb shell ln -s /system/xbin/daemonsu /system/bin/app_process32
adb shell ln -s /system/etc/install-recovery.sh /system/bin/install-recovery.sh
Stuck on the screen with animation "android."
When I restore the /system/app_process file to the original version, the system starts (but with no root).
I tried SuperSU 2.76, 2.78, 2.79 and 2.82.
Unfortunately, I have always had the same effect.
I also tried Android Marshmallow (andrpi3-20160626.img) but it also ended with a bootloop.
When I manually run su daemon through ADB, root is working fine, but it is not permanent (after reboot there is no root).
What to do to make the system start with root?

Issue with SuperSU on AndroidThings 1.0

I tried to perform a manual installation of SuperSU (2.82 SR5) on my Raspberry Pi running the developer version of AndroidThings 1.0.4, which is based on Android 8.1.0 / API 27. Rather than flashing the zip in recovery, as I'm not sure where to start with that on the Things platform, I manually pushed files and set file permissions and contexts via adb shell. My guide for this was the summary at the top of the script at SuperSU/META-INF/com/google/android/update-binary.
The new su binary appears to work for the most part. I can execute su and read/write with the interactive shell. However, when I attempt to execute the same operations as a command through su (ie: su -c mkdir /system/testdirectory), it responds saying its a read-only filesystem. The filesystem has been remounted with adb remount. I'm unable to perform the remount with the mount command, as /system is not listed in /proc/filesystems. From my understanding, this is due to some recent security model changes in Android. That being said, after the adb remount, all other normal interactions with the filesystem seem to work without issue. I have verified that selinux is in permissive mode.
I don't have busybox installed. These efforts are to allow for installation of busybox for other projects.
Does anybody know whats causing the commands proxied through su to not work correctly?
Here are the commands I used to perform my manual installation.
Code:
cd ~/Downloads/SuperSU-2.82-SR5
adb connect [IP_ADDRESS]:5555
adb root
adb remount
adb push common/install-recovery.sh /system/etc/install-recovery.sh
adb shell chmod 0755 /system/etc/install-recovery.sh
adb shell chcon u:object_r:toolbox_exec:s0 /system/etc/install-recovery.sh
adb shell ln -s /system/etc/install-recovery.sh /system/bin/install-recovery.sh
adb shell chcon -h u:object_r:toolbox_exec:s0 /system/bin/install-recovery.sh
cd armv7
# adding as `su_next` to prevent any issues before dropping it in
adb push su /system/xbin/su_next
adb shell chmod 0755 /system/xbin/su_next
adb shell chcon u:object_r:system_file:s0 /system/xbin/su_next
adb push su /system/xbin/daemonsu
adb shell chmod 0755 /system/xbin/daemonsu
adb shell chcon u:object_r:system_file:s0 /system/xbin/daemonsu
adb push supolicy /system/xbin/supolicy
adb shell chmod 0755 /system/xbin/supolicy
adb shell chcon u:object_r:system_file:s0 /system/xbin/supolicy
adb push libsupol.so /system/lib/libsupol.so
adb shell chmod 0644 /system/lib/libsupol.so
adb shell chcon u:object_r:system_file:s0 /system/lib/libsupol.so
adb shell cp /system/bin/app_process32 /system/bin/app_process32_original
adb shell cp /system/bin/app_process32 /system/bin/app_process_init
adb shell rm /system/bin/app_process
adb shell ln -s /system/xbin/daemonsu /system/bin/app_process
adb shell rm /system/bin/app_process32
adb shell ln -s /system/xbin/daemonsu /system/bin/app_process32
adb shell chmod 0755 /system/bin/app_process
adb shell chmod 0755 /system/bin/app_process32
adb shell chcon u:object_r:system_file:s0 /system/bin/app_process
adb shell chcon u:object_r:zygote_exec:s0 /system/bin/app_process32
# Swapping new su binary in
adb shell cp /system/xbin/su /system/xbin/su_original
adb shell rm /system/xbin/su
adb shell mv /system/xbin/su_next /system/xbin/su
adb shell /system/xbin/su --install
adb reboot
I need to correct myself: the new su binary can only read with privileges. It cannot write at all. I am only able to write either as the adb root shell, or with the stock su binary. I noticed that the device's adbd process relaunches with its own privileged context passed to it when adb remount is run. (adbd --root_seclabel=u:r:su:s0)
If I've run adb root and adb remount, adb shell, and then enter the su binary, I lose the ability to write to the remounted filesystem. So it appears that there is something wrong with the new su binary and its related files.
Anyway, this isn't critical to my project, so I'm abandoning my efforts for now. If anyone has any ideas on what is wrong here, I'd love to hear them and give this another shot!

Categories

Resources