I want to root my Android 4.0.4 virtual device for developing.......... How to root it?
Here you go ... ;-)
Paresh Kalinani said:
I want to root my Android 4.0.4 virtual device for developing.......... How to root it?
Click to expand...
Click to collapse
The following method is actually for 2.2 virtual machine ... but should work fine for 4.0 too ... i'll confirm after i have tested it ... meanwhile you can try it ..
You'll require
'su' binary
and
'busybox binary'
SU BINARY : See post's end
BUSY BOX BINARY : see posts end
Then, we need to start the emulator by providing extra partition size to /system. This can be done only through command-line
Code:
emulator -avd MyAndroid -partition-size 128 -no-snapshot-load
Make sure the AVD “MyAndroid” is already created. The “-no-snapshot-load” option is used if we enabled the snapshot. As a result, we will start the emulator with extra disk space for /system. By this, we can adding extra files to /system later.
Then, we need to use “adb shell” to remount the /system so that we have write access to the /system.
Code:
adb shell mount -o rw,remount -t yaffs2 /dev/block/mtdblock0 /system
Then, we can push the su and busybox to the /system/xbin.
Code:
adb push su /system/xbin/
adb push busybox /system/xbin/
Now, to actually make the su work properly, we need to chmod it,
Code:
adb shell chmod 06755 /system/xbin/su
adb shell chmod 06755 /system/xbin/busybox
Now, we need to install Superuser.apk (which you can get together with “su”). We can install it with “adb install” command. It is required when the other apps request for “su”.
We can try our “su” with Root Checker Basic or Stericson Busy-box.
Now, that is rooting. You might feel happy with it. However, if we restart the emulator, without snapshot, all the “su” does not work any more. So, we are going to customise the ROM image.
Failures
Now, if we restart the emulator, everything will return to default. No more “su” and Android Market. Why? The reason is because whatever we done to the /system, it will not save to the ROM image.
The /system is actually from the system.img, installed with android-2.2 in my case. This file is mounted in emulator as yaffs2 file system format. In order to customise this ROM image, I have tried several ways.
Using unyaffs, it can only extract the image, but I cannot continue. I can simply pull the /system using adb command without it.
Using yaffs2utils, unyaffs2 produced nothing. And the image built by mkyaffs2 does not allow the emulator to boot.
Using mkyaffsimage, also not work as above.
Some resources mentioned that, we can get the mkyaffs2image utility when building the Android source. But the problem is, to get the source, it requires a lot of disk space and need a long time to download.
So, what is the best way to modify the system.img? I even tried the low level way using dd to extract the /dev/block/mtdblock0, but failed.
Solution
Finally, I tried to solve it with userdata-qemu.img. This is the /data folder that will always modified when we install apps in the emulator. Restarting the emulator does not reset /data. Therefore, we can simply create the ROM image from /data. We can done it simply clean all the /data.
Code:
adb shell busybox rm -R /data/*
This will remove everything is /data, except “lost+found” folder.
Code:
adb shell busybox ls /data
Check with ls command, make sure only “lost+found” left.
Now, since the /system contains the “su”, “busybox”, Market and Google Services Framework we have done earlier, we need to copy the whole /system to the /data.
Code:
adb shell busybox cp -a /system/* /data/
adb shell busybox ls /data
As a result, the /data is identical to the /system.
Now, we have the userdata-qemu.img file in the AVD folder, which is modified. Close the emulator. Then, we can use the userdata-qemu.img file as the system image. We can rename it to system.img, or calling it as the system with “-system” option from the emulator command-line.
Start the emulator with this customised system.img, now, we have busybox by default, and also Android Market. :good::highfive:
Tip
If you are doing this on windows make sure you CD to here for issuing the commands:
%profilename%\AppData\Local\Android\android-sdk\tools
Don't use the stuff in C:\Program Files\Android. That is the wrong location.
The below gets your GAPPS too. You can download Cyanogens GAPPS to get what you need. Just edit the necessary lines below.
cd %profilename%\AppData\Local\Android\android-sdk\
.\tools\emulator -avd MyAndroid -partition-size 2047 -no-snapshot-load -verbose
echo wait for boot
pause
.\platform-tools\adb shell mount -o rw,remount -t yaffs2 /dev/block/mtdblock0 /system
.\platform-tools\adb push %~dp0platform-tools\su /system/xbin/
.\platform-tools\adb push %~dp0platform-tools\busybox /system/xbin/
.\platform-tools\adb shell chmod 06755 /system/xbin/su
.\platform-tools\adb shell chmod 06755 /system/xbin/busybox
.\platform-tools\adb shell busybox rm -R /data/*
.\platform-tools\adb shell busybox ls /data
.\platform-tools\adb shell busybox ls /data
.\platform-tools\adb push %profilename%\Downloads\gapps-ics-20120317-signed\system /system
.\platform-tools\adb shell busybox cp -a /system/* /data/
Which busybox binary?
You don't say which of the various busybox files in the .7z archive is to be used on the AVD?
I try to push the su, I got this message:
C:\adb>adb push sources\root\su /system/xbin
failed to copy 'sources\root\su' to '/system/xbin/su': Directory not empty
Then try push the Superuser.apk
C:\adb>adb push sources\root\system\app\Superuser.apk /system/app/Superuser.apk
failed to copy 'sources\root\system\app\Superuser.apk' to '/system/app/Superuser
.apk': Out of memory
I think that's because of this:
View attachment 1617834
How to make the System ROM space more freely???
----------------------------------------------------------------------------
Sorry for my noob question. Now, I see.
I have done untill rename userdata-qemu.img to system.img
But while I run from AVD Manager, my AVD got bootloop.
That's because you haven't started your emulator with additional space. Use the -partition-size option as per niranjan94's post above.
I found an even better way to make a /system image, and adapted it for use on Windows hosts and using the x86 emulator images now available.
References:
http://blog.thecobraden.com/2012/06/making-persistent-changes-to-android.html
http://code.google.com/p/android-group-korea/downloads/detail?name=mkfs.yaffs2.x86
Place this batch file in the same folder as the mkfs.yaffs2.x86 binary and you'll get an emulator image updated to your liking and ready to run.
Code:
@echo off
adb -e remount
echo Pushing mkfs.yaffs2.x86 to device...
adb -e push mkfs.yaffs2.x86 /data/local/
echo Executing chmod 770 /data/local/mkfs.yaffs2.x86
adb -e shell chmod 770 /data/local/mkfs.yaffs2.x86
echo Setting /system partition to read-only (Just to be safe!)
adb -e shell mount -o ro,remount /dev/block/mtdblock0 /system
echo Creating YAFFS2 image of /system
adb -e shell /data/local/mkfs.yaffs2.x86 /system/ /mnt/sdcard/_system.img
echo Pulling image to local directory...
adb -e pull /mnt/sdcard/_system.img
echo Cleaning....
adb -e shell rm /data/local/mkfs.yaffs2.x86
adb -e shell rm /mnt/sdcard/_system.img
echo OK
pause
Don't work on 4.2.2 emulator
Ι mean I push it, give permissions, install su.apk ... still nothing...
On 4.2.2 emulator
Hi,
I got the same error on 4.2.2 emulator.
So I tried with size 256:
emulator -avd Andy2 -partition-size 256 -no-snapshot-load
and it worked fine.
Also, I'm using CPU ARM (armeabi-v7a). So for busybox I used the binary from this thread:
http://forum.xda-developers.com/showthread.php?t=1380278
Error while trying to permanent patch rooted android
Hi,
While trying to root my android emulator where I delete all the files in the /data/ folder and copy files from /system/ to /data/, I am getting the following error,
Code:
cp: write error: No space left on device
cp: write error: No space left on device
cp: write error: No space left on device
cp: write error: No space left on device
cp: write error: No space left on device
cp: write error: No space left on device
cp: write error: No space left on device
cp: write error: No space left on device
cp: write error: No space left on device
cp: write error: No space left on device
cp: write error: No space left on device
cp: write error: No space left on device
cp: write error: No space left on device
cp: write error: No space left on device
cp: write error: No space left on device
cp: write error: No space left on device
cp: write error: No space left on device
cp: write error: No space left on device
cp: write error: No space left on device
cp: write error: No space left on device
cp: write error: No space left on device
cp: write error: No space left on device
cp: write error: No space left on device
cp: write error: No space left on device
cp: write error: No space left on device
Could anyone help me how to overcome this issue?
Hi,
i've followed your instructions step by step and didn't encounter any problems while executing the commands, but the emulator is not getting rooted according to the Root Checker app (see also the screenshot attached). Could you help me please to solve this issue?
Here is an enumeration of the commands I've entered into the console:
emulator -avd Huawei -partition-size 256 -no-snapshot-load
adb shell mount -o rw,remount -t yaffs2 /dev/block/mtdblock0 /system
adb push "C:\Users\Admin\Desktop\Superuser-3.0.7-efghi-signed\system\bin\su" /system/xbin/
adb push "C:\Users\Admin\Desktop\busybox binary\busybox" /system/xbin/
adb shell chmod 06755 /system/xbin/su
adb shell chmod 06755 /system/xbin/busybox
adb install "C:\Users\Admin\Desktop\Superuser-3.0.7-efghi-signed\system\app\Superuser.apk"
adb install "C:\Users\Admin\Desktop\Root Checker App.apk"
Hi,
I have the device created in AVD, started, but for the life of me I cannot open ADB:
Code:
[email protected]:~$ sudo adb devices
[sudo] password for joel:
List of devices attached
[email protected]:~$
What to I have to do to trick the virtual device in advertising ADB? Developer is on, USB debugging is on. Using a virtual device as closely matching the LG Optimus F3Q as I can recall (so API 16 / Android 4.1.2 loaded).
Many thanks.
EDIT: Figured it out. Need to use the adb provided in the Android SDK (in the platform-tools directory), not any other version (I was using the Debian-provided one).
Unable to root nexus 4 avd
I tried to root Nexus_4_API_21.avd (lollipop) following commands from the post exactly.
I used latest versions of superuser, and busybox.
But at the end emulator is not rooted.
Could someone help with with this, if you have rooted avd please share it so that I can download.
Thank you.
Regards
I tried to root with Lollipop, Kitkat, and even Gingerbread, but it doesn't work.
Under Lollipop and Kitkat, it's not rooted, but under Gingerbread, I can't install any application afterwards.
When I try to, the emulator looks like it reboots, but it never goes to the end, and keeps showing the Android logo glowing.
For android 4, 5 and 6 I write manual in russian. Read it here: http://4pda.ru/forum/index.php?showtopic=318487&view=findpost&p=45421931
Worked for me with AVD Lollipop and Marshmallow.
I have a non-rooted Android device with stock ROM 4.4.2 and I have the following test shell script:
Code:
adb push test.sh /data/local/tmp
adb shell "cd /data/local/tmp; chmod 755 test.sh"
adb.exe shell "sh /data/local/tmp/test.sh > /dev/null 2>&1 &"
If I run this over ADB from PC to my device, it simply works.
Now convert this to:
Code:
cp test.sh /data/local/tmp
cd /data/local/tmp; chmod 755 test.sh
/system/bin/sh /data/local/tmp/test.sh > /dev/null 2>&1 &"
and it doesn't work. It says permission denied on /data/local/tmp.
Is there any other EXT4 place on a non-rooted device that I can do this?
Well, I cd to /data/local/tmp and even submitting a 'ls' command inside Terminal Emulator doesn't work, it says permission denied, but when doing it from PC to Android using ADB it's fine. Is there any workaround for this? I want to be able to do this on the device itself.
Thanks
idoit said:
I have a non-rooted Android device with stock ROM 4.4.2 and I have the following test shell script:
Code:
adb push test.sh /data/local/tmp
adb shell "cd /data/local/tmp; chmod 755 test.sh"
adb.exe shell "sh /data/local/tmp/test.sh > /dev/null 2>&1 &"
If I run this over ADB from PC to my device, it simply works.
Now convert this to:
Code:
cp test.sh /data/local/tmp
cd /data/local/tmp; chmod 755 test.sh
/system/bin/sh /data/local/tmp/test.sh > /dev/null 2>&1 &"
and it doesn't work. It says permission denied on /data/local/tmp.
Is there any other EXT4 place on a non-rooted device that I can do this?
Well, I cd to /data/local/tmp and even submitting a 'ls' command inside Terminal Emulator doesn't work, it says permission denied, but when doing it from PC to Android using ADB it's fine. Is there any workaround for this? I want to be able to do this on the device itself.
Thanks
Click to expand...
Click to collapse
No there isnt, not if you try using /data partition. ADB can read this partition (and that too was added around android kitkat itself for purpose of adb backup
etc). So ADB can read this partition, but terminal emulator and such cannot.
Assuming that you have a great reason to simply not copy the sh file to user-usable internal memory, /system partition is the one place where you can copy things without actually having root (and even access them with terminal emulator, but not manipulate them), and this isn't that simple either. Rather, the method will be device dependent. For instance, if you have a phone like Nexus phones, simply download stock firmware, open/extract it depending on what format it is (img or tar), add your sh file and repack the firmware, then flash it into the phone. The firmware should be same as your current installed so your applications dont mess up. But this method is not only long (and messy if your device has integrity checks on firmware files), but also not possible on some phones (as far as I know).
You can also try copying the sh file with adb to /data/data/com.android.terminal. Then you should be able to access this with terminal emulator (since an app has permissions inside its own data folder). However I have not tested this method and I am not sure it will work.
Besides this, every app (including terminal emulator) runs in a sandbox and does not have access to anything except /system (read-only access), emulated user-storage and its own data inside /data/data/. So in phone itself, you cannot read the file unless you copy it to /system or user-memory. And this finally implies that except above two methods, there is no other way to copy file to some other place except user-memory and be able to read it using some app inside phone itself without rooting.
Thanks for your comprehensive reply. I resolved the problem. Yes, it's right, I can simply run the shell script without even moving it to /data/local/tmp... so now I can conveniently running it directly from my phone without having to turn a computer on and do it over ADB.
thankx
Hi, I'd like to ask a general question (I suppose) about device boot process. I've made some changes in init.rc and I packed again boot.img. Then I flashed it. So, phone shows logo screen. I've changed boot.img again to enable adb by making changes to default.prop.
So, I've packed boot.img and flashed it again. So, phone shows logo screen and I can use adb during boot process, but I don't know how to use adb to get info about android failed boot (adb has not root permissions, though).
What methods could I follow in these cases? Any ideas?
P.S.
My changes at boot.img: I've moved /system, /usrdata and /cache mount commands into an .sh script in ramdisk root directory.
P.P.S.
I've tried also adb pull last_kmsg and I don't see error messages in the little log (~87 kb). When I look at last_kmsg, I see some lines about phone charging (connected to pc), so I think these messages could be related at the moment which phone is connected to pc but turned off (I'm not sure, though) because last_kmsg is related to previous boot process (charging mode with phone turned off?) and the current one (I think). I'd like to read kmsg and not last_kmsg, however, but kmsg can be read only by root (and my current adb has not root permissions, as I said before).
P.P.P.S.
During the boot process, I can pull directories and files from ramdisk root directory (related to boot partition) into my pc by using adb pull command. I've found that 'dev', 'proc' and 'sys' are very well populated of files and sub-directories. Instead, 'data' and 'system' directories are sadly empty. So, I suppose /usrdata and /system related partitions are not mounted at that moment and such thing prevents to load android system.
Solved
I've found a way to get dmesg without using adb shell. It's possible to use busybox dmesg command inside a shell script (placing busybox binary and shell script into ramdisk root directory of boot.img) and run the script by busybox ash command from init.rc, redirecting the output to a logfile. The command inside shell script should look like as the following:
Code:
/busybox dmesg >> /path/to/my/logfile.txt 2>&1
(That way, stderr and stdout will be redirected to a log file, that can be pulled down by adb pull command)
Hi, I'd like to ask a general question about device boot. I've made some changes in init.rc and I packed again boot.img. In particular, I've added a .sh script to ramdisk root directory.
The script is named mount_partitions.sh and it does just this task. However, boot.img needs a shell to execute it, but /system is not mounted yet, at that point. So, I need to add a shell to to ramdisk root directory so that init executable can run the .sh script.
Exactly, how I could add shell support in boot.img without mounting the system partition? Any ideas?
Solved
I've found a way to use a shell before mounting system partition. Essentially, it's possible to place a busybox binary (i.e. taken from /system/xbin directory located in another android phone with installed busybox) into ramdisk root directory of boot.img, giving it execute permission in init.rc by chmod command, after remounted ramdisk root directory in read-write mode (by mount command put always in init.rc). It could be also be needed to give execute permission to the shell script (always by chmod command).
Then, it's needed run the shell script by busybox ash command, putting it into init.rc. The line looks like as following:
Code:
exec /busybox ash /myscript.sh
Don't forget to put also a line for remounting ramdisk root directory in read-only mode, after ash shell finished to execute the script (always using mount command in init.rc).
Remember to use the following shebang at the beginning of the shell script:
Code:
#!/busybox sh
shouldn't the shebang end with "ash" instead of just "sh"?
it's just a sh script but it could be true.
Hi, I'd like to ask a general question about busybox. I've added busybox binary into ramdisk root directory of boot.img. I've set busybox binary permissions to 0777 in init.rc, in order to be sure not getting any denied permissions issues.
I've put an exec command into init.rc for using busybox cp and it worked because it really made a copy of default.prop in ramdisk root directory. I've also put a start service line into init.rc That service is essentially a busybox sh call for launching a shell script. Unfortunately, it seems shell script is not executed because some cp and echo commands which I put inside it have not effects.
Looking for around the www, it looked like redirection ('>', '>>', ...) is not prohibited by busybox. So, i've also tried to redirect
command output to a file, but file was not created.
So, how could I debug busybox? Any ideas?