Hi, I have a rooted Lenovo B device (Mediatek M6735M) with TWRP recovery. I tried to change some build.prop values using an editor app but the result was I bricked my phone (and had to flash stock firmware again). Now, I wonder if and how I can apply some changes to the system files after flashing the firmware.
I want to ask you: is it possible to modify sys/system files after the firmware has been flashed (even the read-only ones), or is pre-flash manipulation the only solution? For example: is it safe to pull a system file with adb, modify it, then push it to the phone with adb?
Black Heretic said:
Hi, I have a rooted Lenovo B device (Mediatek M6735M) with TWRP recovery. I tried to change some build.prop values using an editor app but the result was I bricked my phone (and had to flash stock firmware again). Now, I wonder if and how I can apply some changes to the system files after flashing the firmware.
I want to ask you: is it possible to modify sys/system files after the firmware has been flashed (even the read-only ones), or is pre-flash manipulation the only solution? For example: is it safe to pull a system file with adb, modify it, then push it to the phone with adb?
Click to expand...
Click to collapse
No. You want to root your android again to do these.
Ashwinrg said:
No. You want to root your android again to do these.
Click to expand...
Click to collapse
I forgot to say that I rooted the phone again. I'd like to know if it is possible to edit system files after flashing a firmware (and rooting the phone) or if I'm forced to apply all system changes before flashing. Also, I'd like to know what kind of changes are allowed and/or forbidden (in order to avoid another brick).
For example, I found a read-only "serialno" file in "sys" folder and this file contains the serial number of the device. Could I pull this file with adb, change the content of this file (with another serial number) then push it into the phone?
Black Heretic said:
I forgot to say that I rooted the phone again. I'd like to know if it is possible to edit system files after flashing a firmware (and rooting the phone) or if I'm forced to apply all system changes before flashing. Also, I'd like to know what kind of changes are allowed and/or forbidden (in order to avoid another brick).
For example, I found a read-only "serialno" file in "sys" folder and this file contains the serial number of the device. Could I pull this file with adb, change this file (with another serial number) then push it into the phone?
Click to expand...
Click to collapse
You can change anything after rooting your phone. Make sure you are doing it correctly. Keep nandroid backup to recover from bad scenarios.
Ashwinrg said:
You can change anything after rooting your phone. Make sure you are doing it correctly. Keep nandroid backup to recover from bad scenarios.
Click to expand...
Click to collapse
Ok, but I'd like to have some general tips or advices before doing that. For example, I read (somewhere, here on xda) that file permissions have to be the same as the original file, so if I edit a read-only file I have to restore its read-only status or I could brick the phone. Is this true?
Black Heretic said:
Ok, but I'd like to have some general tips or advices before doing that. For example, I read (somewhere, here on xda) that file permissions have to be the same as the original file, so if I edit a read-only file I have to restore its read-only status or I could brick the phone. Is this true?
Click to expand...
Click to collapse
Yes. If you change permission to read-write then after modification you want change permission to read-only.
Grab ithat build.prop file and transfer to memory card using TWRP. Edit at PC and restore it
Related
[GUIDE-IMPORTANT!] "rescue-backdoor" - regarding bootloop, do it before change in sys
UPDATE: THIS IS OBSOLETE.
USE S.onyTablet.S [ALLinONE] tool
Below guide/tool use as 'description'
-------------------------------------------------------------------------
Hi guys,
We've got now ROOT. We can do a lot of things, which we couldn't do before.
But before you begin to make changes in system files, first you need to know few things.
Few users experienced "bootloop". Its brick state. There is no access to shell, no adb.
Damaged device.
How to avoid that?
Yes, there is a solution. We need to get proper update zip for our device.
We also need to fool device, that it is a newer file, than the firmware in device.
How to, step by step:
Of course, ROOT is required.
To get proper ota-update-zip for your device you have to edit /build.prop:
- easiest way is via "Root Explorer", or directly via "build.prop Editor" (in market, free),
- do not use "File Manager HD" or other filemanager, which doesn't support root operations (thx kryddan),
- always make backup of files, which you are modifying,
- change value of "ro.sony.build.incremental" to lower one to fake firmware version,
- for example on my device newest firmware has: "ro.sony.build.incremental=111201022" - decrease that value,
in my case to 111201021.
Reboot device.
OTA update notification will appear - click on "Download" button.
Wait until download finishes, but don't click "Update"!!!
I repeat - DON'T CLICK UPDATE! It will reflash firmware,
and you will have to make everything from the beginning (inc. root).
Update zip is located in /cache/ota/signed-nbx03_.......zip - make a copy to safe place - external sd and/or in pc.
Leave build.prop modified. IMPORTANT. Don't revert back changes.
To enter RECOVERY-MODE - power off device,
hold vol-down + power button.
When you want to flash your device, Sony Tablet is checking few things:
is update zip proper one - signed one,
is the update zip - for your region - SKU value,
is the update zip is newer one than firmware in device - equal and higher will not update,
only lower - thats what we're faking.
If you will revert back build.prop = update will fail,
if you will try to update with other region update zip = update fail.
So if we stay with modified build.prop = we can just enter recovery,
and update from external sd card, to our downloaded update zip
Remember, that after reflash in recovery, your build.prop will be updated back
to higher value, then to be safe you need to reapply modification!
I have tested that "rescue-backdoor" on my own device,
deleted some system framework file - of course bootloop, without adb access.
Flashed through recovery - voila, device fixed
Of course, everything what you do with your device, you are doing at your own
risk. I'm sure that in 99% cases with "rescue-backdoor" you will fix your device,
always could be that other 0,01% case.
One condition for sure = build.prop file has to be correct.
[OPTIONAL]
You can disable ota update notification - which appears on every reboot.
To do this use "Titanium Backup" app, look for "System Update" app on list,
and use "Freeze" option
Any questions, suggestions - just ask
PS. I'm thining about writing auto-script for that...
br
condi
great guide, thank you
I think an automated-script would be much appreciated
condi said:
Hi guys,
We've got now ROOT. We can do a lot of things, which we couldn't do before.
But before you begin to make changes in system files, first you need to know few things.
Few users experienced "bootloop". Its brick state. There is no access to shell, no adb.
Damaged device.
How to avoid that?
Yes, there is a solution. We need to get proper update zip for our device.
We also need to fool device, that it is a newer file, than the firmware in device.
How to, step by step:
Of course, ROOT is required.
To get proper ota-update-zip for your device you have to edit /build.prop:
- easiest way is via "Root Explorer", or directly via "build.prop Editor" (in market, free),
- always make backup of files, which you are modifying,
- change value of "ro.sony.build.incremental" to lower one to fake firmware version,
- for example on my device newest firmware has: "ro.sony.build.incremental=111201022" - decrease that value,
in my case to 111201021.
Reboot device.
OTA update notification will appear - click on "Download" button.
Wait until download finishes, but don't click "Update"!!!
I repeat - DON'T CLICK UPDATE! It will reflash firmware,
and you will have to make everything from the beginning (inc. root).
Update zip is located in /cache/ota/signed-nbx03_.......zip - make a copy to safe place - external sd and/or in pc.
Leave build.prop modified. IMPORTANT. Don't revert back changes.
When you want to flash your device, Sony Tablet is checking few things:
is update zip proper one - signed one,
is the update zip - for your region - SKU value,
is the update zip is newer one than firmware in device - equal and higher will not update,
only lower - thats what we're faking.
If you will revert back build.prop = update will fail,
if you will try to update with other region update zip = update fail.
So if we stay with modified build.prop = we can just enter recovery,
and update from external sd card, to our downloaded update zip
I have tested that "rescue-backdoor" on my own device,
deleted some system framework file - of course bootloop, without adb access.
Flashed through recovery - voila, device fixed
Of course, everything what you do with your device, you are doing at your own
risk. I'm sure that in 99% cases with "rescue-backdoor" you will fix your device,
always could be that other 0,01% case.
One condition for sure = build.prop file has to be correct.
[OPTIONAL]
You can disable ota update notification - which appears on every reboot.
To do this use "Titanium Backup" app, look for "System Update" app on list,
and use "Freeze" option
Any questions, suggestions - just ask
PS. I'm thining about writing auto-script for that...
br
condi
Click to expand...
Click to collapse
Thanks Condi! Download worked great but under my cache there is nothing. Could the file be located elsewhere?
It should be under '/cache/ota' ... nowhere else ..
Judah001 said:
Thanks Condi! Download worked great but under my cache there is nothing. Could the file be located elsewhere?
Click to expand...
Click to collapse
Be sure that ota has been download, check again /cache/ota.
If still no zip, then run 'adb shell' then:
Code:
su
find -name *signed*
or
Code:
find -name *.zip
If your ota update will be in different location, then please post it.
br
condi
condi said:
Be sure that ota has been download, check again /cache/ota.
If still no zip, then run 'adb shell' then:
Code:
su
find -name *signed*
or
Code:
find -name *.zip
If your ota update will be in different location, then please post it.
br
condi
Click to expand...
Click to collapse
ok I will try once I am home through adb. So far there is nothing under my cache folder. I am using file manager HD but it should pick up a zip file.
Thank you condi... The instructions worked perfectly!!
Judah001 said:
ok I will try once I am home through adb. So far there is nothing under my cache folder. I am using file manager HD but it should pick up a zip file.
Click to expand...
Click to collapse
Just a little tip. I'd suggest you use Root Explorer instead of File Manager HD.
You see, File Manager HD does not show the files in /cache. (mine didn't)
I tried File Manager HD on my tablet and found nothing inside /cache
But with Root Explorer I found three different directories. There among OTA.
kryddan said:
Just a little tip. I'd suggest you use Root Explorer instead of File Manager HD.
You see, File Manager HD does not show the files in /cache. (mine didn't)
I tried File Manager HD on my tablet and found nothing inside /cache
But with Root Explorer I found three different directories. There among OTA.
Click to expand...
Click to collapse
That did the trick. I used the root browser in rom tool box and copied the zip to my sd card. Thank you for the help guys.
Good advice kyddan ... same on my tab with file manager HD.
I work normally with Root Explorer or File Expert.
Both show the folders and files in /cache .. File Manager HD do not.
my ro.sony.build.incremental is 111201038
Do I have to decrease it by 1 to 111201037 ?
EDIT: nevermind. I did so. Worked.
sebarkh said:
my ro.sony.build.incremental is 111201038
Do I have to decrease it by 1 to 111201037 ?
Click to expand...
Click to collapse
Yep, exacty. And then you will get newest ota zip of 111201038 pozdro
hahahahah I just had brick... I'm working on auto-install script for "rescue-backdoor", and accidentally I've pushed empty 0bytes build.prop - after reboot - sony logo, then black screen.... and guess what...
recovery reads incremental value (which doesnt exists..) as "0" zero
so i've got lower value, and reflash done.
after reboot my tab started correctly, but.. after reboot again brick - black screen.
fortunatelly - after few min with black screen i've got adb access.
but for first - i can't get root access.. 'su' not works.
but... '/system/xbin/su' works root lets check - build.prop still empty,
remounted system as rw, pushed correct build.prop - ahhh again working !!
that was good experience hahah.
-------------edit:
i've got auto-install tool ready... need to make one more full test with my device and will publish it.
full automatic !!!!!
This is driving me crazy. why everyone is getting update message when changing the incremental value while my dumass tablet keeps saying that my system is up to date
ase3000 said:
This is driving me crazy. why everyone is getting update message when changing the incremental value while my dumass tablet keeps saying that my system is up to date
Click to expand...
Click to collapse
Just wait for automatic-tool. Its ready, but need to make final tests.
condi said:
So if we stay with modified build.prop = we can just enter recovery,
and update from external sd card, to our downloaded update zip
Click to expand...
Click to collapse
In which way we can enter to recovery??
riccardo91 said:
In which way we can enter to recovery??
Click to expand...
Click to collapse
power off, hold vol-down + power.
All done! It works well! Thanks! Avoiding bootloop it's even a good thing!
riccardo91 said:
All done! It works well! Thanks! Avoiding bootloop it's even a good thing!
Click to expand...
Click to collapse
Great Just remember one thing - after reflash in recovery, your build.prop will be updated to higher value - then to be safe you need to reapply modification!
--- my 100th post !
condi said:
Great Just remember one thing - after reflash in recovery, your build.prop will be updated to higher value - then to be safe you need to reapply modification!
--- my 100th post !
Click to expand...
Click to collapse
I bricked my XTS playuing with build.prop. Shame I didn't see this post before. For future - how can I edit build.prop in a safe way? I changed file permission then I forgot to restore default. After restart brick. Do I need to change permission to edit build.prop then do i NEED to restore proper permission back? I'm still confused with it
To all those who would like to root your device, please make sure you backup your build.prop file in /system/
If you are not rooted, you may do so using adb:
Code:
adb.exe pull /system/build.prop .
[to devs]
once you have this file, you may almost always be able to restore your device by pushing this build.prop in a bootloader-unlocked+rooted system partition, and use PC companion to force-repair it, tricking it to download the proper system blob for your phone's CDA/Customization (12xx-xxxx).
Or just make an .ftf of your original firmware.. right?
Yakandu said:
Or just make an .ftf of your original firmware.. right?
Click to expand...
Click to collapse
Yes, provided that you know the CDA and already retrieved the file blob to create the ftf.
kazuni said:
To all those who would like to root your device, please make sure you backup your build.prop file in /system/
If you are not rooted, you may do so using adb:
Code:
adb.exe pull /system/build.prop .
[to devs]
once you have this file, you may almost always be able to restore your device by pushing this build.prop in a bootloader-unlocked+rooted system partition, and use PC companion to force-repair it, tricking it to download the proper system blob for your phone's CDA/Customization (12xx-xxxx).
Click to expand...
Click to collapse
You can also use the app "build.prop Cloud Backup" in the google play store to backup really easily on your device. Like you just set a name, click backup, and it backs up to the cloud. And you can make multiple backups - like "original", "mod1", "mod2", "mod3", etc. I use it, and it works great!
Thanks for advice man.
This is not a question about how to root the Atrix. I've already done that.
My question is about what actually is changed in the phone by following the root procedure. (I searched the forum but didn't find elsewhere the answers I look for).
Why do I ask?
1) Because I'd like to have a better understanding of the android OS.
2) Because I'd like to understand and know what do I need to do in case I want to unroot and return to plain stock.
My case:
(I've just rooted my Atrix. I didn't unlock it)
I've followed the "manual" procedure proposed by BriefMobile.
I can essentially understand (more or less) the commands listed (mount, remount, cp, install, chmod 6755, flash...)
What I'd like to understand better is what changes does the command
Code:
fastboot flash preinstall root.img
Does it just copy new files? Or does it copy (and replace) files on the phone?
(In the second case I'm afraid I made a mistake in not backing them up before running that command...)
Thanks in advance for your help.
Putting it in Windows terms (because Android is Linux), root is like having administrator privileges on your computer. It allows you to modify any system files that would normally be kept locked down. It also allows you to run applications, such as SetCPU, which can directly control hardware (in this case CPU frequency/speed and voltage) and low-level system files. Root in Android is comprised of two main files: the "su" binary (which is the command that applications use to invoke a request to do something with root privileges) and the SuperUser.apk (SuperUser app that's in the app drawer). The SuperUser app exists to prompt you whenever an application asks for root permission. So if you go into the terminal and type a low-level command, you'll see something like, "You do not have permission to do this". But if you type "su" before the command, it will run if you hit "Allow" on the SuperUser request.
Get it?
Product F(RED) said:
....
Get it?
Click to expand...
Click to collapse
Thanks Product F(RED) .
Yes I got it.
I already knew what rooting means in general terms.
What I really asked (sorry if I wasn't clear enough) is what does the root "physically" change on the phone.
According to your answer I assume it just adds the "su" binary and the "SuperUser" app (apart from changing some permission on some system folders) and that it doesn't replace any "stock" system file.
I also assume that these new files are extracted from the "root.img" (or "preinstall.img") files flashed by the fastboot command.
Is it so?
I was a little confused because I saw in some other forum a reference to some "stock" files wiped out in the /preinstall/app/ folder by the root process, mining the reversibility of the procedure (in case of no previous full system backup).
sphere314 said:
Thanks Product F(RED) .
Yes I got it.
I already knew what rooting means in general terms.
What I really asked (sorry if I wasn't clear enough) is what does the root "physically" change on the phone.
According to your answer I assume it just adds the "su" binary and the "SuperUser" app (apart from changing some permission on some system folders) and that it doesn't replace any "stock" system file.
I also assume that these new files are extracted from the "root.img" (or "preinstall.img") files flashed by the fastboot command.
Is it so?
I was a little confused because I saw in some other forum a reference to some "stock" files wiped out in the /preinstall/app/ folder by the root process.
Click to expand...
Click to collapse
Pretty much, yes, you're adding those two files (as well as another called BusyBox that allows other files to run, but this you can install after you root). The scenario I'm describing is that you're on a stock ROM and you just rooted your phone for the first time.
Though fastboot is present on every phone, using it to flash those two files seems to be unique to your phone because rooting methods vary from phone to phone. But basically the two most common methods are:
1. You flash a custom recovery from your computer if your phone's bootloader is not locked, and then you can flash the root files (su/SuperUser.apk) to the ROM from there or just flash a custom ROM that includes them.
or
2. You use fastboot/adb/some third-party method to root the stock ROM on your phone from your computer, then you install a custom recovery, and then you can flash custom ROMs/kernels/etc.
That /preinstall/app folder seems to be unique to your phone, but if I had to guess, it has something to do with deleting preloaded bloatware that comes with the phone. Because out of the box you can't, but once you have root permissions, you can go to that folder with a file manager to delete the APKs or use something like Titanium Backup to do it.
Product F(RED) said:
Pretty much, yes, you're adding those two files (as well as another called BusyBox that allows other files to run, but this you can install after you root). The scenario I'm describing is that you're on a stock ROM and you just rooted your phone for the first time.
Though fastboot is present on every phone, using it to flash those two files seems to be unique to your phone because rooting methods vary from phone to phone. But basically the two most common methods are:
1. You flash a custom recovery from your computer if your phone's bootloader is not locked, and then you can flash the root files (su/SuperUser.apk) to the ROM from there or just flash a custom ROM that includes them.
or
2. You use fastboot/adb/some third-party method to root the stock ROM on your phone from your computer, then you install a custom recovery, and then you can flash custom ROMs/kernels/etc.
That /preinstall/app folder seems to be unique to your phone, but if I had to guess, it has something to do with deleting preloaded bloatware that comes with the phone. Because out of the box you can't, but once you have root permissions, you can go to that folder with a file manager to delete the APKs or use something like Titanium Backup to do it.
Click to expand...
Click to collapse
Thanks again Product F(RED).
Things are clearer now.
I wasn't aware of the installation of "BusyBox" (I found it in my phone in the folder /osh/bin/)
I think the root method I used (BriefMobile) is the type 2. I didn't install a custom recovery as I'm not interested yet in flashing custom ROMs/kernels/etc.
So, to summarize...
The basic root methods (no unlock) consists in
1) install the "su" binary
2) install the "busybox" binary
3) install the "superuser.apk" app
4) change some r-w permissions
In my case (probably) the root method also wiped out some preloaded bloatware file in the /preinstall/app folder but that's not essential (unless Moto makes a check for the presence of those files before an OTA update).
They usually do check (and will fail) because OTA's are like patches; not really replacements for the whole /system/ partition. Never take an OTA when you're rooted, especially because they can do things like update and lock your bootloader, among other things. It's safer to wait until rooted versions pop up in the development section for your phone.
Hi all.
I'm trying to copy some files to the system partition after enabling write on read-only partitions and remounting it and everything is success, but when I restart the phone, files get deleted and partition back to original. I tried ES file explore and Total Commander.
Galaxy S2, cMIUI 2.10 JB
Hmm.. seems like a hard question!
Elancore said:
Hi all.
I'm trying to copy some files to the system partition after enabling write on read-only partitions and remounting it and everything is success, but when I restart the phone, files get deleted and partition back to original. I tried ES file explore and Total Commander.
Galaxy S2, cMIUI 2.10 JB
Click to expand...
Click to collapse
Elancore said:
Hmm.. seems like a hard question!
Click to expand...
Click to collapse
Hey,
no not a hard question but a bit confusing
So the copy to system works without probs?
Do u have root-enabled on it?
U can try Solid explorer once, too, to be sure.
CHEERS
I enabled root explorer and I mounted the file system to be writable, yes I have a rooted phone.
I can copy to system root folders anything (media files), the files stay there until I reboot the phone then they disappear, they get deleted maybe? how to disable that?
Thanks
Elancore said:
I enabled root explorer and I mounted the file system to be writable, yes I have a rooted phone.
I can copy to system root folders anything (media files), the files stay there until I reboot the phone then they disappear, they get deleted maybe? how to disable that?
Thanks
Click to expand...
Click to collapse
That listen like u have to save changes?!
Pls try the Solid explorer (for me the best explorer ever)
Copy files and have a look for root-acces request (should be asked for Solid, if it's new)
The copy/replace the file.
CHEERS
Thanks Hannibal for reply, I got no luck on doing it, they still get removed after reboot. Is there a way to flash these files that I want to copy to system as an update.zip?
Elancore said:
Thanks Hannibal for reply, I got no luck on doing it, they still get removed after reboot. Is there a way to flash these files that I want to copy to system as an update.zip?
Click to expand...
Click to collapse
Sure there's a way, but I can't help u with it, sorry.
With new Titanium Backup u can create flashable .zips but for sure only from isntalled apps.
Maybe u have a look at google. I remind for a tool which u just say what u wanna flash an it creates the flashable .zip.
Much success....
CHEERS
Edit: Sorry but couldn't answer u yesterday.
XDA had a prob for a while
Disclaimer: Untested on the following devices:
-A2017U on Oreo B20
-A2017 (chinese version) Oreo B18
-A2017G B03
If you want to test, do so at your own risk!
If it does or does not work, please report back on this thread so i can edit the OP
Yes you read right, finally we can get rid of that nonsense system write protection and get system write permissions on Oreo back!
For those that are eager to know how to do it before i go on mumbling a story about the technical details yada yada yada:
Download this TWRP flashable zip by @raystef66 and flash it: https://androidfilehost.com/?fid=11410963190603874735
Now you have disabled ZTE's protection and got system write permissions (if you are rooted of course, if not then there is still androids native protection; more info on that matter below)
Huge thanks to @raystef66 for creating the zip.
Now to the technical stuff:
As you probably know, since Oreo we can't use "reboot disemmcwp" anymore. Thats because ZTE removed this option.
Why did they do this?
I don't have any idea
Does it make sense?
No, not at all. It doesn't even make sense for ZTE having this write protection implemented in the first place. Why not you ask? Because android itself already has its own native system write protection. If you are not rooted, system is write protected, it's as simple as that. After all, the whole point of rooting your device is to get system access so you can make all kinds of modifciations to your device that wouldn't otherwise be possible without root. Be it simple file edits (build.prop), xposed/magisk modules or any app that requires root and so on.
So what does the zip above do to disable system write protection and give write permissions to system?
To put it simply. The file inside it (emmc_appsboot.mbn) contains various lines regarding system write protection, fastboot etc. Some of those lines are for disabling system write protection. If you flash the zip, it gets disabled.
The original emmc_appsboot.mbn file that comes with the Oreo OTA, doesn't contain these lines. Instead it makes sure that system write protection is intact. Therefore, even if you are rooted, you won't be able to do any modifciations to system (they revert back after reboot).
Can you re-enable ZTE's system write protection?
Nope. Why would you even wanna do that?! Again, android has it's own system write protection (see "Does it make sense?" above). If you want that back, simply unroot.
Wait, you mentioned there are also lines for fastboot in that emmc_appsboot.mbn file, what about that?
Well yes, as mentioned earlier there are some lines regarding fastboot. But i'm unsure of one thing as of now. Was fastboot unavailable in Oreo B02 to any of you guys? If yes, then you should get also fastboot back after having flashed the zip. I could enter fastboot mode when selecting it in the unlocked bootloader warning screen. I forgot test it before disabling system write protection so i am not sure if it already was accessible or got enabled after flashing the zip.
@GodOfPsychos Thanks for your perseverance :good:
Thanks, I will test it on B02. I had install an old Bootstack for write permissions on B02.
On B03 can't flash a working TWRP
I can not install the b03 by edl adding it to the TWRP file for oreo. When trying to restart in twrp the phone turns off. I can not find the solution Therefore I can not flash anything else either.
I'm going to try the Chinese rom Oreo B19.
Thanks for everything! I hope that in the B19 we have good results
In the B19 for the a2017 after starting in EDL the system and rebooting in TWRP installing magisk 16.7 and after the zip I have found that the system only starts in fastboot.
I will continue testing
@GodOfPsychos @raystef66 On the assumption it does not work on B03/B18/B19/B20, can it be implemented on their original emmc_appsboot.mbn?
have tested on Oreo B03 and works. on B03 can only use TWRP 3.2.1-7NFound, but have no access to internal memory.
on B02 and B03 in system/priv-app i can´t delete top folder, inside folder have fully access. in system/app no problems.
blackpac said:
@GodOfPsychos @raystef66 On the assumption it does not work on B03/B18/B19/B20, can it be implemented on their original emmc_appsboot.mbn?
Click to expand...
Click to collapse
That depends. The file itself is not 100% readable via simple notepads (i looked into it with notepadd++ for example). It has a bunch of strange characters besides the bit of clear text. I don't know how or which lines need to put where and how etc. I know i said there are lines regarding disabling write protection in there etc. But the main issue is that not all of the file is fully readable. So there could be even more "unreadable" stuff (weird characters) that need to be taken into consideration besides the readable ones.
See attachment to see what it looks like when you open one of them with notepad++
But yes in theory it is possible if ZTE doesn't change the implementation of their protection.
I hope that anyone who is more of an expert for this sort of stuff can help with this.
Rennert said:
have tested on Oreo B03 and works. on B03 can only use TWRP 3.2.1-7NFound, but have no access to internal memory.
on B02 and B03 in system/priv-app i can´t delete top folder, inside folder have fully access. in system/app no problems.
Click to expand...
Click to collapse
which top folder do you mean? inside system/priv-app i can delete folders without a problem (using root explorer for example).
GodOfPsychos said:
which top folder do you mean? inside system/priv-app i can delete folders without a problem (using root explorer for example).
Click to expand...
Click to collapse
Yes top folder inside System/priv-app, example calendar_stock, can't delete it, but apk and subfolder inside this folder can delete without problems. It's only on priv-app folder, all other folders no problem.
Hmm. Are you trying to delete them via twrp file manager or an app like i mentioned previously?
Noob question whay you guys are booting to reboot disemmcwp,could anyone explain this method usage
GodOfPsychos said:
Hmm. Are you trying to delete them via twrp file manager or an app like i mentioned previously?
Click to expand...
Click to collapse
I use Root Explorer, can create new folder and delete this in priv-app. in TWRP file manager I can't delete folders, only files.
blackpac said:
@GodOfPsychos @raystef66 On the assumption it does not work on B03/B18/B19/B20, can it be implemented on their original emmc_appsboot.mbn?
Click to expand...
Click to collapse
First off, anyone on Oreo U and Oreo CN have to flash the zip and see if he/her can change f.e. build.prop (add a character), save and reboot and see if change has applied. Also test if system folder can be deleted, reboot and see if things boot. If not working i'll take a look into the changes ZTE made and see if I can change some lines into the aboot file. So let me know
Rennert said:
have tested on Oreo B03 and works. on B03 can only use TWRP 3.2.1-7NFound, but have no access to internal memory.
on B02 and B03 in system/priv-app i can´t delete top folder, inside folder have fully access. in system/app no problems.
Click to expand...
Click to collapse
3217 will do. Have you tested the 3218 too?
Rennert said:
Yes top folder inside System/priv-app, example calendar_stock, can't delete it, but apk and subfolder inside this folder can delete without problems. It's only on priv-app folder, all other folders no problem.
Click to expand...
Click to collapse
Normaly you should be able to delete a system folder. It's been tested. Use a Root explorer like Solid and it should work. On B02 it was.
raystef66 said:
Normaly you should be able to delete a system folder. It's been tested. Use a Root explorer like Solid and it should work. On B02 it was.
Click to expand...
Click to collapse
I can delete all folders in system, but can't delete the top folders in priv-app. Tested on B02 and B03. Have removed in TWRP terminal with rmdir and works
Rennert said:
I can delete all folders in system, but can't delete the top folders in priv-app. Tested on B02 and B03. Have removed in TWRP terminal with rmdir and works
Click to expand...
Click to collapse
I haven't any problems with deleting folder under /system/priv-app using MiXplorer on B03.
I tested A2017G.B03 and A2017.B19. Both of them were flashed using EDL full packages by djkuz.
Tested with b20 modified kernel (by Asderdd), Disable_Dm-Verity_ForceEncrypt_12.08.2018 (by zackptg5) and Magisk 18.0.
Haven't any issues. /system is writable and Magisk is working.
Thank you raystef66.
Does that mean we may expect SL!M 7?
Magisk 18 doesn't work on A2017GB02 and B03.
Yes system is writable except system/priv-app/ top folder, it's funny that I can create new folder and delete this and
existing top folders are fails.
Rennert said:
Magisk 18 doesn't work on A2017GB02 and B03.
Yes system is writable except system/priv-app/ top folder, it's funny that I can create new folder and delete this and
existing top folders are fails.
Click to expand...
Click to collapse
Just tried and deleted every folder in /system/priv-app/. Couldn't take a screenshot after that. :cyclops:
What kind of root do you have?
klałn said:
I haven't any problems with deleting folder under /system/priv-app using MiXplorer on B03.
I tested A2017G.B03 and A2017.B19. Both of them were flashed using EDL full packages by djkuz.
Tested with b20 modified kernel (by Asderdd), Disable_Dm-Verity_ForceEncrypt_12.08.2018 (by zackptg5) and Magisk 18.0.
Haven't any issues. /system is writable and Magisk is working.
Thank you raystef66.
Does that mean we may expect SL!M 7?
Click to expand...
Click to collapse
The one that had close contact with ZTE was @GodOfPsychos . All credits go to him
Thnx for reporting also thnx @Rennert
That would be the idea of making a Sl!M one even for U and CN, yes. Hope to find some time free :highfive:
klałn said:
Just tried and deleted every folder in /system/priv-app/. Couldn't take a screenshot after that. :cyclops:
What kind of root do you have?
Click to expand...
Click to collapse
have Magisk 16.7. if i flash Magisk18 it only boot in Bootloader. Flash 16.7 now system boots.
issue on priv-app folder solved. i had install Viper4AndroidFX in Magisk, deinstall and can delete top folder. new install and delete are fail.
Rennert said:
have Magisk 16.7. if i flash Magisk18 it only boot in Bootloader. Flash 16.7 now system boots.
issue on priv-app folder solved. i had install Viper4AndroidFX in Magisk, deinstall and can delete top folder. new install and delete are fail.
Click to expand...
Click to collapse
I've tried several things in Chinese b19: flashing rom by edl and booting with recovery twrp 3.2.1.7. then flashing dm_verity and your zio. In no case I succeed. maximum achievement that I boot in fastboot I do not achieve that. I started flashing magisk. Always in bootloop