To get a privileged shell you need to modify the following lines to the given values in the default.prop file
ro.secure=0
ro.debuggable=1
persist.service.adb.enable=1
Click to expand...
Click to collapse
I have the extracted the recovery image of my phone model : So is it possible to modify the following values in the default.prop file, repack the image and flash it using fastboot(bootloader is unlocked) to get a privileged shell, and then copy the su binary after remounting system as read/write?
Do I need to change any other values in any of the files? And will it work, theoretically at least?
What are the chances of it messing up anything?
[I posted this on android.stackexchange but not much activity there]
No chances of bricking at all
Going further I would suggest you to tag in a shell script within init.rc so that it copies superuser apk and binary automatically as you boot
That's great
And is there any way to confirm that the recovery (downloaded) that I have is indeed from my device? Is the data within the prop files such as build and model no. etc enough?
Sent from my A9 using xda app-developers app
It didn't work. Either it wasn't the stock recovery in the first place, or the process isn't that easy. This can be closed now.
Modify boot.img
I think it is only the boot.img which is to be flashed. You don't need to flash recovery as whole.
If you have root access, you could manually edit default.prop. But, the modifications exist only till reboot. Once you reboot, boot.img will reload all the necessary system files to original. So, edit boot.img.
Adriel David said:
Hello I want to modify default.prop to modify it I need root access now I rooted my phone and cwm installed I want to make a flashable zip backup of default.prop can you provide me the script to be flashed by cwm because I am afraid bricking my phone
Click to expand...
Click to collapse
default.prop is on ramdisk or initrd which is part of the boot.img.
I use abootimg to edit boot, some use mkbootimg. Google editing initrd will give you info you need
varun.chitre15 said:
No chances of bricking at all
Going further I would suggest you to tag in a shell script within init.rc so that it copies superuser apk and binary automatically as you boot
Click to expand...
Click to collapse
Sorry to call on such an old post, but wouldnt this mean that on each boot (if modified on boot.img. On each fireup of recovery if on recovery.img) the superuser apk and binaries are reinstalled? Because this /is/ init.rc we're referring to. Please correct me if I am wrong, and also tell me if this is the best way to go about it I'm trying to come up with a way to root my device without using dirtycow haha
Related
I was playing around with some scripts from Caulkin on some other versions of Froyo to try and improve performance. I have read up on the init.rc script and use of the init.d folder. I have set all this up and have edited the init.rc script to run the init.d scripts, but it gets overridden by the base init.rc on reboot. I had read somewhere that you cannot directly edit the init.rc and that it will be overridden on boot from the boot.img. Can someone confirm that? I thought most roms now have the ability to use init.d out of the box, but it doesn't look like it on Brilliant Corners. Can someone confirm that? Do you know of any Froyo ROMS, other than Caulkins, that has init.d capability? Thanks
markmac said:
I have set all this up and have edited the init.rc script to run the init.d scripts, but it gets overridden by the base init.rc on reboot.
Click to expand...
Click to collapse
Are you using the run-parts program?
I had read somewhere that you cannot directly edit the init.rc and that it will be overridden on boot from the boot.img. Can someone confirm that?
Click to expand...
Click to collapse
That's correct.
Thanks for the response. I was editing the init.rc directly which obviously won't work. So i need to look into building my own boot.img or another option. I was using run-parts setup as a service. I would have thought most kernels/ROMs would support this now, but it does not appear that way.
markmac said:
So i need to look into building my own boot.img or another option.
Click to expand...
Click to collapse
You don't need to build your own new image; you can just modify the existing one by flashing. Take a look at the attachements in these 2 posts where I've done just that. Just make sure the script is idempotent if other people will use it.
Post 1
Post 2
Thanks will definitely check this out.
Looked at this. So to update the init.rc file I would have to edit and package into a boot.img file, then flash the img file with adb or nvflash correct?
markmac said:
So to update the init.rc file I would have to edit and package into a boot.img file, then flash the img file with adb or nvflash correct?
Click to expand...
Click to collapse
No. That's too much work for the user. My technique is meant to be like flashing a new kernel. No external utilities are needed. Just CWM (or, possibly, even standard recovery).
How permanently modify default.prop in neo v ICS
What do you need to edit it for?
I want to change ro.semc.version.sw The Android Phone software version....
I had tried all the possible means but nothing worked form me from editing the kernel.sin and then flashing it to the phone but not worked ...
please help...
Permanently edit default.prop
dendenny01 said:
How permanently modify default.prop in neo v ICS
Click to expand...
Click to collapse
default.prop'll be rewritten from boot partition(boot.img) everytime the device is rebooted. So , take a backup of boot partition. Extract it. Find default.prop among the extracted contents. Make the necessary modifications. One important modification is:
ro.secure=0
It allows root privileges in adb shell. For more details ref:http://forum.xda-developers.com/member.php?u=4424641
Now pack the contents back to boot.img and flash it to device.
This boot.img, attached, provides a root shell directly over adb. It is a simple modification of the stock XXALJL boot.img and could be useful for ROM developers who need to adb remount frequently, while still using the stock boot/kernel. I do not recommend this method for users in general since it is very insecure (SuperUser gives you more fine-grained permission control).
Flash it with Odin or under Linux:
Code:
heimdall flash --18 XXALJL-rooted.boot.img
WARNING: contrary to the system.img root method, this WILL increase your download count!
EDIT: in fact it would be better to simply dd the img file into mmcblk0p20, should not increase the download count.
Be careful, this also disables auto updates (now it says the device has been modified, and won't allow OTA updating).
xd.bx said:
Be careful, this also disables auto updates (now it says the device has been modified, and won't allow OTA updating).
Click to expand...
Click to collapse
are you tested if work with custom recovery ?
xd.bx said:
This boot.img, attached, provides a root shell directly over adb. It is a simple modification of the stock XXALJL boot.img and could be useful for ROM developers who need to adb remount frequently, while still using the stock boot/kernel. I do not recommend this method for users in general since it is very insecure (SuperUser gives you more fine-grained permission control).
Flash it with Odin or under Linux:
Code:
heimdall flash --18 XXALJL-rooted.boot.img
WARNING: contrary to the system.img root method, this WILL increase your download count!
Click to expand...
Click to collapse
I just dumped your image and....
Forgive for being i bit confused but in order to have a rooted Insecure image don't you need to set ro.secure=0?
This your Default.prop dumped from your image
Code:
ro.secure=1
ro.allow.mock.location=0
ro.debuggable=0
persist.service.adb.enable=1
Also why is there no root binarys in the image?
So, as far as i can see the only thing this image will do is increase you binary count, nothing else.
If im wrong i apologize in advance.
faria said:
So, as far as i can see the only thing this image will do is increase you binary count, nothing else.
If im wrong i apologize in advance.
Click to expand...
Click to collapse
I did try setting ro.secure to 0 but it didn't work. So I simply patched the setuid/setgid arm instructions inside adbd so that it never drops its privileges, no matter what. (it's very straightforward to do with objdump+a hex editor).
spawk said:
are you tested if work with custom recovery ?
Click to expand...
Click to collapse
I haven't, no.
xd.bx said:
I did try setting ro.secure to 0 but it didn't work. So I simply patched the setuid/setgid arm instructions inside adbd so that it never drops its privileges, no matter what. (it's very straightforward to do with objdump+a hex editor).
Click to expand...
Click to collapse
I see,
I believe that the best way to achieve what you want is to split the boot image ,then dump the the ram disk, edit its contents then rebuild the image.
I have wrote a linux script that does all of that if you are interested .
faria said:
I see,
I believe that the best way to achieve what you want is to split the boot image ,then dump the the ram disk, edit its contents then rebuild the image.
I have wrote a linux script that does all of that if you are interested .
Click to expand...
Click to collapse
Thanks, indeed I am. BTW I just realized it would be much better to root through system.img and then flash by using dd into mmcblk0p20. This way the download count should stay the same.
xd.bx said:
Thanks, indeed I am. BTW I just realized it would be much better to root through system.img and then flash by using dd into mmcblk0p20. This way the download count should stay the same.
Click to expand...
Click to collapse
Our current method of rooting, using the System image does not increase the binary count.
Here is the script
You will need the abootimg tools installed in linux.
unzip the package ,delete everything inside the folder except the unpack file.
Copy the boot.img to the folder.
double click on the unpack file and launch as terminal
Follow the instructions in terminal window.
Hi, I have a rooted Lenovo B device (Mediatek M6735M) with TWRP recovery. I tried to change some build.prop values using an editor app but the result was I bricked my phone (and had to flash stock firmware again). Now, I wonder if and how I can apply some changes to the system files after flashing the firmware.
I want to ask you: is it possible to modify sys/system files after the firmware has been flashed (even the read-only ones), or is pre-flash manipulation the only solution? For example: is it safe to pull a system file with adb, modify it, then push it to the phone with adb?
Black Heretic said:
Hi, I have a rooted Lenovo B device (Mediatek M6735M) with TWRP recovery. I tried to change some build.prop values using an editor app but the result was I bricked my phone (and had to flash stock firmware again). Now, I wonder if and how I can apply some changes to the system files after flashing the firmware.
I want to ask you: is it possible to modify sys/system files after the firmware has been flashed (even the read-only ones), or is pre-flash manipulation the only solution? For example: is it safe to pull a system file with adb, modify it, then push it to the phone with adb?
Click to expand...
Click to collapse
No. You want to root your android again to do these.
Ashwinrg said:
No. You want to root your android again to do these.
Click to expand...
Click to collapse
I forgot to say that I rooted the phone again. I'd like to know if it is possible to edit system files after flashing a firmware (and rooting the phone) or if I'm forced to apply all system changes before flashing. Also, I'd like to know what kind of changes are allowed and/or forbidden (in order to avoid another brick).
For example, I found a read-only "serialno" file in "sys" folder and this file contains the serial number of the device. Could I pull this file with adb, change the content of this file (with another serial number) then push it into the phone?
Black Heretic said:
I forgot to say that I rooted the phone again. I'd like to know if it is possible to edit system files after flashing a firmware (and rooting the phone) or if I'm forced to apply all system changes before flashing. Also, I'd like to know what kind of changes are allowed and/or forbidden (in order to avoid another brick).
For example, I found a read-only "serialno" file in "sys" folder and this file contains the serial number of the device. Could I pull this file with adb, change this file (with another serial number) then push it into the phone?
Click to expand...
Click to collapse
You can change anything after rooting your phone. Make sure you are doing it correctly. Keep nandroid backup to recover from bad scenarios.
Ashwinrg said:
You can change anything after rooting your phone. Make sure you are doing it correctly. Keep nandroid backup to recover from bad scenarios.
Click to expand...
Click to collapse
Ok, but I'd like to have some general tips or advices before doing that. For example, I read (somewhere, here on xda) that file permissions have to be the same as the original file, so if I edit a read-only file I have to restore its read-only status or I could brick the phone. Is this true?
Black Heretic said:
Ok, but I'd like to have some general tips or advices before doing that. For example, I read (somewhere, here on xda) that file permissions have to be the same as the original file, so if I edit a read-only file I have to restore its read-only status or I could brick the phone. Is this true?
Click to expand...
Click to collapse
Yes. If you change permission to read-write then after modification you want change permission to read-only.
Grab ithat build.prop file and transfer to memory card using TWRP. Edit at PC and restore it
I want to root my redmi6a but it has no boot ramdisk so I'll have to root it via recovery.img but i can't seem to find it on the stock firmware zip any help would be appreciated thanks!
To root Android you neither have to fiddle around with phone's boot.img nor with phone's recovery.img. Rooting Android simply is adding a binary called su to Android's filesystem and make it executable. This can get achieved by means of ADB.
xXx yYy said:
To root Android you neither have to fiddle around with phone's boot.img nor with phone's recovery.img. Rooting Android simply is adding a binary called su to Android's filesystem and make it executable. This can get achieved by means of ADB.
Click to expand...
Click to collapse
I mean i want to root it with magisk