I am attempting to get Cyanogenmod onto my Nexus One, but am running into far more problems than expected. The information on rooting Android devices seems heavily fragmented across the web and the tools unreliable. At least in my case, SuperOneClick has proven a complete misnomer. So I'd like to go back to basics - executing as many of the commands as possible from a Linux terminal to get the phone rooted/unlocked/whatever else has to happen to get Cyanogenmod installed. The two constraints I'm working with here are as follows:
1. The device is running Android 2.2.1 (I downgraded from 2.3.x using the PASSIMG method).
2. The power button on the device is broken, so any method which requires pressing/holding it is ruled out.
The problem I am having is that even after following Linux-centric guides, I get to the point of installing the SuperUser app followed by the ROM Manager app, but I'm never prompted to give ROM Manager superuser permissions and so can't flash the ClockworkMod recovery.
Below I describe the steps I've been taking so far, based on the "How To Root Nexus One Running Android 2.2.1 From Ubuntu Linux" guide (Google it, I can't post hyperlinks).
- Download/extract/move Nexus One Softroot files to same directory as adb
- From adb directory, execute the following commands:
sudo ./adb push psneuter /data/local/tmp/psneuter
sudo ./adb push busybox /data/local/tmp/busybox
sudo ./adb push su /data/local/tmp/su
sudo ./adb shell chmod 755 /data/local/tmp/psneuter
sudo ./adb shell chmod 755 /data/local/tmp/busybox
sudo ./adb shell chmod 755 /data/local/tmp/su
sudo ./adb shell cd /data/local/tmp ./psneuter
sudo ./adb shell
After executing sudo ./adb shell as above, I get the # prompt, which is purported to indicate that rooting was successful.
- Still following the guide, I then execute the commands which purportedly make root permanent:
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
cd /data/local/tmp
./busybox cp busybox /system/bin
chmod 4755 /system/bin/busybox
busybox cp su /system/bin
chmod 4755 /system/bin/su
exit
exit
- Again, still following the guide, I execute the commands which purportedly set the /system partition back to read-only:
sudo ./adb shell
su
mount -o remount,ro -t yaffs2 /dev/block/mtdblock3 /system
exit
exit
- Now, I download the SuperUser app from the Android Market and open it to make sure it's running.
- Next, I download the ROM Manager app from Google Play (looks like it pulled a sneaky and upgraded from Android Market to Google Play here).
- I run ROM Manager and choose Flash ClockworkMod Recovery. I'm prompted to confirm the phone is a Google Nexus One and then ROM Manager runs for about 30 seconds (yellow program bar goes all the way) before spitting out An error occurred while attempting to run privileged commands!. And this is the point I am stuck at.
I should note that at no point am I prompted by the SuperUser app to give the ROM Manager app super user permissions. I don't restart the phone or do anything else throughout all of the steps I've described above, so I can't see any reason for root to have been lost at any point. In fact, if I execute the command sudo ./adb shell after all this, I still get the # prompt indicating root. And when I execute id afterwards, I get uid=0(root) gid=0(root) -- further confirmation of root. I really am stuck on this one. I've spent a lot of time digging through forum posts and online articles, but the signal to noise ratio is poor and I haven't been able to find anything that actually works. Can someone suggest where I am going wrong?
Programs might expect su to be in /system/xbin rather than /system/bin, which is probably your case.
Also, use SuperSU instead of Superuser.
Also, make sure the su you're using is matching the relevant control program - which means, downloading Superuser from the Play Store won't help, if it can't work with the binary you have. So download a complete ZIP from XDA with SuperSU.apk and su binary, and use those. The last version I used was 0.89 and it was on XDA just like I described above.
interesting problem with ez fix, get new phone. n1's are $100 on ebay, thats how i got mine.
Kernel support auto Root Android 5.1.1
Galaxy S6 AT&T G920A, Galaxy S6 edge AT&T G925A & Galaxy S6 edge+ G928A AT&T
Download Kernel Root G920A Android 5.1.1
File: G920A_Kernel_Root_5.1.1_SamFirm.NET.tar.md5
MD5: FCAA9182 - 7015BA72 - AD583332 - D34CAD87
Download Kernel Root G925A Android 5.1.1
File: G925A_Kernel_Root_5.1.1_SamFirm.NET.tar.md5
MD5: CA8612FB - 7F8A6EFC - A540E84E - 29200775
Download Kernel Root G928A Android 5.1.1
File: G928A_Kernel_Root_5.1.1_SamFirm.NET.tar.md5
MD5: BA904163 - 18B28E36 - F3C29CFD - B6BA2E92
How to Root G920A Android 5.11. & Root G925A Android 5.1.1:
- Download Kernel support Root Android 5.1.1 for G920A or G925A
- On your phoen, into Download mode
- Connect to PC
- Open Odin 3.10.7, click AP & choose Kernel file
- Click Start to flash Kernel
- Reboot, your devices have Root access now !
How to use ?
Use adb shell or Terminal command for mount and modified system,... without su binary !!!
Example:
Code:
adb root
adb shell
mount -o remount,rw /system
rm -fR /system/app/*Knox*
...
tried this method and the phone hangs on boot. i was able to flash the kernel but nothing else.
Anybody else try this ?
Could you please assist in finding a stock image to unbrick our phones? Instructions would be appreciated too. Thanks!
Hold volume down plus power and home key. Get into download mode and flash stock Odin files located in the general section. I'll just wait till s6 gets marshmallow.
Anybody found some more progress with this in other locations ?
This doesn't work.
Capt said:
This doesn't work.
Click to expand...
Click to collapse
Try use adb shell mount and edit system
adb root
adb shell
mount -o remount,rw /system
Manh_IT said:
Try use adb shell mount and edit system
adb root
adb shell
mount -o remount,rw /system
Click to expand...
Click to collapse
Still doesn't work.
already a thread on these files. this is not root and really shouldnt be flashed as they do nothing for our 920A s6. unless a dev can use these to get full root then these will not benifit anyone right now thats needs root for root apps or anything else really.
Worked for me. I have adb root but can't do much. I tried to perform a manual install of supersu, but no luck in getting it working fully.
From a directory that has the arm64 and common files from SuperSU zip flle I tried the following:
Code:
adb shell mount -o rw,remount /
adb shell mount -o rw,remount /system
adb shell mkdir /system/bin/.ext
adb shell chmod 0777 /system/bin/.ext
adb push arm64\su /system/bin/.ext/.su
adb shell chmod 06755 /system/bin/.ext/.su
adb push arm64\su /system/xbin/su
adb shell chmod 06755 /system/xbin/su
adb push arm64\su /system/xbin/daemonsu
adb shell chmod 06755 /system/xbin/daemonsu
adb shell mkdir /system/app/SuperSU
adb shell chmod 0755 /system/app/SuperSU
adb push common\superuser.apk /system/app/SuperSU/SuperSU.apk
adb shell chmod 0644 system/app/SuperSU/SuperSU.apk
adb shell adb shell SYSTEMLIB=/system/lib64
adb shell LD_LIBRARY_PATH=$SYSTEMLIB /system/xbin/su --install
adb shell /system/xbin/su --install
adb shell rm /system/bin/app_process
adb shell ln /system/xbin/daemonsu /system/bin/app_process
adb shell rm -r /data/dalvik-cache
adb reboot
i am a user of S6 active,does the thread work on mine?please~
通过我的 SM-G890A 上的 Tapatalk发言
G890A is private still.
Apexseal said:
G890A is private still.
Click to expand...
Click to collapse
oh,it is disappointing
通过我的 Nexus 4 上的 Tapatalk发言
Succeed after installing kingroot. Trying to figure out how to make Supersu work.
dreamyy5 said:
Succeed after installing kingroot. Trying to figure out how to make Supersu work.
Click to expand...
Click to collapse
This image is a copy from the OP, beware this could soft brick your phone. Test this method with caution.
metalcated said:
This image is a copy from the OP, beware this could soft brick your phone. Test this method with caution.
Click to expand...
Click to collapse
I also tried to push the files to following place, supersu still cannot work properly. Couldn't figure out why.
/system/etc/init.d/99SuperSUDaemon
/system/etc/install-recovery.sh
/system/bin/install-recovery.sh
/system/xbin/supolicy
/system/lib64/libsupol.so
Can get it working on first boot. But retaining it is an issue. Still need more time. Anyone else who's good here can PM me and I'll provide my steps. Please only someone who's familiar with rooting on a technical level. ROM devs etc. Thanks
So what I have figured at this point is that SeLinux needs to be set to permissive from kernel cmdline and unfortunately without an unlocked BL or a Kernel that is flashable that already has Selinux set to permissive, I am stuck running this manually through adb shell each boot and the boot itself takes about 5 minutes before adb responds again. I can provide this method but its not 100% working obviously due to lacking the ability to run kernel cmdline. I am open to suggestions.
Root method Q&A = http://forum.xda-developers.com/att-galaxy-s6/general/root-5-1-1-qa-oj7-root-snag-t3334546
I am in the position of having to manually apply the defult sepolicy patch, init,?*init_shell?* and?*recovery?*permissive, and as the title states when using the supolicy tool to modify my supplieded sepolicy it is not being produced and on closer inspection throwing an error. I have attached both the images and the sepolicy file I am trying to applie these change to.
Have I been doing something wrong or is the file corrupted??
If you need more info just ask
Note: when I first tried it inside an adb shell it reported a segumentation fault, but I was unable to reproduce that condition to be provided with as a screen shot.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
EDIT: I at least can say that the possibility of a corrupt file is now smaller becuse I am able to run dumpav and dump its contents to a txt file and then do afb pull back to pc. So amyone know any way to applie the defult P atchs needed to sysyemless root?
@Chainfire Since this is your binary files, you should know the most about it.
Commands to gain application root on emulator
Code:
adb shell df #Check Available Space
adb shell mount -o remount,rw /system
adb push su /system/bin/su
adb shell chmod 0755 /system/bin/su
adb push su /system/xbin/su
adb shell chmod 0755 /system/xbin/su
adb shell su --install
adb shell "su --daemon&"
adb install superuser.apk
adb install rootcheck.apk
I then proceed to patch the sepolicy file with the following commands
Code:
adb push sepolicy /data/local/tmp/sepolicy
adb shell su -c "supolicy --file /data/local/tmp/sepolicy /data/local/tmp/sepolicy_out" #There is no sepolicy_out file
adb shell su -c "chmod 0644 /data/local/tmp/sepolicy_out"
adb pull /data/local/tmp/sepolicy_out sepolicy_out
So what am I able to do?
Are you able to
A) Help me debug the problem
Or
B) Patch the sepolicy file and post the output back to me/here
Matt07211 said:
...
Click to expand...
Click to collapse
Works fine on my device... could be an x86 specific issue? Unfortunately I don't have any x86 devices to test with.
Thanks for that. Yes, I am trying to patch the policy for my armv8 (arm64) cpu device (just realised, but would trying to patch the sepolicy from one architecture using the supolicy for a different architecture have new the problem?, if so I feel dumb). And since I didn't have a spare device devce that met the requirements, I resorted to use the already setup emulator in my Windows installation.
I had proceeded to root and run the supolicy tool for which nothing out-putted (tried different directorys), I then created a new sub-directory, test, in /data/local/tmp and chmod it with read and write permissions. I tried again and failed, I then ran a dumpav in the sepolicy I was trying to patch and outputted it to /data/local/tmp/test/dumpav.txt which worked.
I am just wondering why it didn't work for me .
Thanks again for the sepolic_out file, I really do apperciate it.
Ah you're saying the segmentation fault occurred on the emulator? That's interesting. Might be reproducable on my end.
Note: look at my first image with cms in the foreground and near the bottom of the command window you should see the segfault message, around second last command or so.
To reproduce that segfault (hopefully):
1) https://software.intel.com/en-us/android/articles/android-44-kitkat-x86-emulator-system-image Download the system image from here (had to direct download instead of sdk as internet was running through profile and ask wouldn't work through it)
2) used the 2.78 SuperSu zip and run above commands to gain root
3) run above commands to try and modify sepolicy (it doesn't produce anything)
4) start an adb shell and then run the commands inside the shell. Know the outputs shown was segfault the first time running the commands, every time afterwards it would show the error in the above screenshots
If you figure out what cause the segfault can you please tell me ?
Matt07211 said:
Note: look at my first image with cms in the foreground and near the bottom of the command window you should see the segfault message, around second last command or so.
To reproduce that segfault (hopefully):
1) https://software.intel.com/en-us/android/articles/android-44-kitkat-x86-emulator-system-image Download the system image from here (had to direct download instead of sdk as internet was running through profile and ask wouldn't work through it)
2) used the 2.78 SuperSu zip and run above commands to gain root
3) run above commands to try and modify sepolicy (it doesn't produce anything)
4) start an adb shell and then run the commands inside the shell. Know the outputs shown was segfault the first time running the commands, every time afterwards it would show the error in the above screenshots
If you figure out what cause the segfault can you please tell me ?
Click to expand...
Click to collapse
Before I go do all this, can you make sure the issue persists with the v2.78 SR1 version from the BETA thread ? Some issues with supolicy were fixed in that release.
Started with a fresh emulator and the newest SuperSu and ran these commands to gain root (I am placing everything as described in update-binary in the right places just to eliminate one thing, missing dependencies)
Code:
adb shell df
adb shell mount -o remount,rw /system
adb push Superuser.apk /system/app/Superuser.apk
adb shell chmod 0644 /system/app/Superuser.apk
adb push install-recovery.sh /system/etc/install-recovery.sh
adb shell ln -s /system/etc/install-recovery.sh /system/bin/install-recovery.sh
adb shell chmod 0755 /system/etc/install-recovery.sh
adb push su /system/xbin/su
adb shell chmod 0755 /system/xbin/su
adb push su /system/bin/.ext/.su
adb shell chmod 0755 /system/bin/.ext/.su
adb push su /system/xbin/daemonsu
adb shell chmod 0755 /system/xbin/daemonsu
adb push su /system/xbin/sugote
adb shell chmod 0755 /system/xbin/sugote
adb push supolicy /system/xbin/supolicy
adb shell chmod 0755 /system/xbin/supolicy
adb push libsupol.so /system/lib/libsupol.so
adb shell chmod 0644 /system/lib/libsupol.so
adb push 99SuperSUDaemon /system/etc/init.d/99SuperSUDaemon
adb shell chmod 0755 /system/etc/init.d/99SuperSUDaemon
adb shell su --install
adb shell "su --daemon&"
adb install superuser.apk
adb install rootcheck.apk
No everything should be in place, and we now can eliminate one thing (supolicy not finding needed dependencies)
Opened up SuperSu and let it install/update binary (succesful)
I then proceeded to patch the sepolicy file like so
Code:
adb push sepolicy /data/local/tmp/sepolicy
adb shell su -c "supolicy --file /data/local/tmp/sepolicy /data/local/tmp/sepolicy_out"
I then did "ls" in the directory and no file out-putted. So I went into a shell and ran
Code:
supolicy --file /data/local/tmp/sepolicy /data/local/tmp/sepolicy_out
And it throw the error shown in the image below. First time running that command in shell it says stopped, but the second time it says stopped as well as segfault.
Keep in mind I am trying to patch a sepolicy file that originates from an armv8 cpu (arm64) on an x86 Intel emulator.
Any more info needed? I am happy to help @Chainfire
So, I think it has something to do with your emulator image (perhaps its too old ?)
I took SuperSU's ZIP file and extracted it, changed to that folder, then:
(note that my adb shell to my emulator image has # root by default)
Code:
adb push c:\download\sepolicy /data/local/tmp/sepolicy
adb push x86\. /data/local/tmp/.
adb shell
cd /data/local/tmp
chmod 0755 supolicy
LD_LIBRARY_PATH=/data/local/tmp:$LD_LIBRARY_PATH ./supolicy --file sepolicy sepolicy_out
exit
Resulting in:
Code:
supolicy v2.78 (ndk:x86) - Copyright (C) 2014-2016 - Chainfire
Patching policy [sepolicy] --> [sepolicy_out] ...
- Success
So, I'm really not sure what might be going on with your setup, but I don't think its SuperSU itself, but rather the emulator.
Note that to use supolicy --file, you only need supolicy and libsupol.so, you don't even need root.
Chainfire said:
So, I think it has something to do with your emulator image (perhaps its too old ?)
I took SuperSU's ZIP file and extracted it, changed to that folder, then:
(note that my adb shell to my emulator image has # root by default)
Resulting in:
So, I'm really not sure what might be going on with your setup, but I don't think its SuperSU itself, but rather the emulator.
Note that to use supolicy --file, you only need supolicy and libsupol.so, you don't even need root.
Click to expand...
Click to collapse
Hmm, I really don't know what is wrong, I will try exactly what you have done later today, to see If can reproduce the output. If it doesn't work then we can pin it down to the emulator itself. What emulator image did you use?
I also realise that so emulator are rooted in the sense that web shell has root acess, just wasn't sure what dependices supolicy had at the time.
Matt07211 said:
Hmm, I really don't know what is wrong, I will try exactly what you have done later today, to see If can reproduce the output. If it doesn't work then we can pin it down to the emulator itself. What emulator image did you use?
I also realise that so emulator are rooted in the sense that web shell has root acess, just wasn't sure what dependices supolicy had at the time.
Click to expand...
Click to collapse
I created an API 22 Google Nexus x86_64 AVD in Android Studio
I should be able to try that in about 20-30 mins after I download it, I was using api level 19, Intel's emulator image.
I ran these commands on the Intel api 19 x86 emulator image.
Code:
adb push libsupol.so /system/lib/libsupol.so
adb shell chmod 0644 /system/lib/libsupol.so
adb push /system/xbin/supolicy
adb shell chmod 0755 /system/xbin/supolicy
adb push supolicy /data/local/tmp/supolicy
adb shell chmod 0755 /data/local/tmp/supolicy
adb push sepolicy /data/local/tmp/sepolicy
adb shell
cd /data/local/tmp
chmod 0755 supolicy
LD_LIBRARY_PATH=/data/local/tmp:$LD_LIBRARY_PATH ./supolicy --file sepolicy sepolicy_out
and it results in the error(shown in screenshot)
Code:
libsepol.policydb_read: policydb magic number 0x464c457f does not match expected magic number 0xf97cff8c or 0xf97cff8d
-Failure!
I then tried it on the Intel x86_64 api 22 emulator image (running the same commands as the first one, resulting in a succes, with the file being outputted as the sepolicy_out.
So as you have stated @Chainfire , it looks like a problem with the emulator itself, and most likely not the supolicy tool.
Chainfire said:
So, I think it has something to do with your emulator image (perhaps its too old ?)
I took SuperSU's ZIP file and extracted it, changed to that folder, then:
(note that my adb shell to my emulator image has # root by default)
Code:
adb push c:\download\sepolicy /data/local/tmp/sepolicy
adb push x86\. /data/local/tmp/.
adb shell
cd /data/local/tmp
chmod 0755 supolicy
LD_LIBRARY_PATH=/data/local/tmp:$LD_LIBRARY_PATH ./supolicy --file sepolicy sepolicy_out
exit
Resulting in:
Code:
supolicy v2.78 (ndk:x86) - Copyright (C) 2014-2016 - Chainfire
Patching policy [sepolicy] --> [sepolicy_out] ...
- Success
So, I'm really not sure what might be going on with your setup, but I don't think its SuperSU itself, but rather the emulator.
Note that to use supolicy --file, you only need supolicy and libsupol.so, you don't even need root.
Click to expand...
Click to collapse
@Chainfire, I'm trying to patch sepolicy for a Samsung device running Nougat, so that Supersu can be installed in system mode. Could you confirm if the --sdk=24 parameter is required?
adb shell su -c "supolicy --file /data/local/tmp/sepolicy /data/local/tmp/sepolicy_out --sdk=24"
Thanks, appreciate your time.
ashyx said:
@Chainfire, I'm trying to patch sepolicy for a Samsung device running Nougat, so that Supersu can be installed in system mode. Could you confirm if the --sdk=24 parameter is required?
adb shell su -c "supolicy --file /data/local/tmp/sepolicy /data/local/tmp/sepolicy_out --sdk=24"
Thanks, appreciate your time.
Click to expand...
Click to collapse
Yes it is.
System mode hasn't been tested at all on 7.0 though. I'm not sure anybody has been able to get it to work at this point.
If you do, let me know and with the steps
Chainfire said:
Yes it is.
System mode hasn't been tested at all on 7.0 though. I'm not sure anybody has been able to get it to work at this point.
If you do, let me know and with the steps
Click to expand...
Click to collapse
Hmm wasn't aware of the lack of support for system mode in nougat, any plans to implement?
It seems system mode root renders the device unbootable according to reports from my tester.
Question, if I modify the supersu script to mount su.img from /system am I likely to hit issues?
Seems a strange query I know.
Reason is we have a Samsung device that for some reason will not boot from a source built custom Nougat kernel. Not sure if this is related to AVB yet or something else.
However we can get a half assed TWRP to boot with the stock kernel.
Only problem is, no matter what, only /system can be mounted and accessed with write permission due to permission denied issues with the rest of partitions. Pretty sure this is an SELinux issue.
Meaning systemless root cannot be installed as normal. No access to /data or /cache.
I can patch the boot.img ramdisk manually for systemless, but for root to work I would need to push su.img to system and mount it from there.
Is it possible to still mount su.img from system if I modify the ramdisk init as required?
The other avenue is to flash su.img to /data or /cache via ODIN.
If it was flashed to /cache would supersu automatically pick up its location and copy it to /data or would a flag need to be set?
Just trying to keep my options open here.
ashyx said:
Hmm wasn't aware of the lack of support for system mode in nougat, any plans to implement?
It seems system mode root renders the device unbootable according to reports from my tester.
Click to expand...
Click to collapse
It is on my list of things to test/fix, but that list is long and full of terrors.
Question, if I modify the supersu script to mount su.img from /system am I likely to hit issues?
Is it possible to still mount su.img from system if I modify the ramdisk init as required?
Click to expand...
Click to collapse
I think that could work, yes.
The other avenue is to flash su.img to /data or /cache via ODIN.
If it was flashed to /cache would supersu automatically pick up its location and copy it to /data or would a flag need to be set?
Just trying to keep my options open here.
Click to expand...
Click to collapse
SuperSU should pick it up from /cache. Alternatively, try SuperSU's FRP mode, which stores a copy of the needed files in the boot-image and re-creates /data/su.img as needed.
Chainfire said:
It is on my list of things to test/fix, but that list is long and full of terrors.
I think that could work, yes.
SuperSU should pick it up from /cache. Alternatively, try SuperSU's FRP mode, which stores a copy of the needed files in the boot-image and re-creates /data/su.img as needed.
Click to expand...
Click to collapse
Thanks, great info as always. Finally managed to root the damn thing by adding a short script to the init which copies su.img to cache.
However FRP mode sounds like a more elegant solution if I can work out how to implement it in the Ramdisk.
Much appreciate your input.
ashyx said:
So, I think it has something to do with your emulator image (perhaps its too old ?)
...
Could you confirm if the --sdk=24 parameter is required?
adb shell su -c "supolicy --file /data/local/tmp/sepolicy /data/local/tmp/sepolicy_out --sdk=24"
Thanks, appreciate your time.
Click to expand...
Click to collapse
Yea believe it was segfaulting due to the Android version, I think I was using KitKat and it wasn't working, bumped up to lollipop and above and it worked fine
Oh, the SDK parameter, never heard of it, what does it do? Geuss I'll Google that then.
ashyx said:
Thanks, great info as always. Finally managed to root the damn thing by adding a short script to the init which copies su.img to cache.
However FRP mode sounds like a more elegant solution if I can work out how to implement it in the Ramdisk.
Much appreciate your input.
Click to expand...
Click to collapse
I did the same thing for my device, add a little script to move it to data. Had no other way to get it to a locked down device without TWRP. Hehe. Good job
Can you please tell me how to manually patch init by supersu ?
I've googled a lot, but haven't found a way to manually patch init by supersu.
My model is Honor v10, there isn't a custom recovery, so i have to make a boot.img with supersu inside to get root.