Better Mobile App

[Q] Has anybody know how to root GT-I9001

Hi,
Is there some way to root I9001 now or I have to wait.
Firmware I9001XXKE8
Android 2.3.3
Kernel 2.6.35.7
I tried several methods (Superoneclick 1.7, 1.9.1, Gingerbreak 1.2) available for I9000 but nothing positive.
If someone can guide me in this process will be very appreciated.

Go here for step by step instructions: http://androidhogger.com/how-to-root-samsung-galaxy-s2-heres-the-tutorial.html.

Hi,
It is guide for I9100 but I have I9001 it is completely different hardware, so I doubt that the same guide can be applied to I9001.

Any news on rooting? Have you sucseeded?

No, still waiting, but it starts to sell to mass in Russia so soon will get news.

Since yesterday the new 2.3.4 firmware is out:
http://netload.in/datei5X4ZyAkNkO/I9001XXKP4_v2.3.4.rar.htm
(edit: maybe its not 2.3.4 ... samfirmware write 2.3.3)
... but we wait still for the root...
SPOOKY

afaik 2.3.x cannot be rooted. only 2.2.x

sweetnsour said:
afaik 2.3.x cannot be rooted. only 2.2.x
Click to expand...
Click to collapse
Say what? Ofcourse 2.3.x can be rooted. We just have to get more attention to the 9001 so that the rom builders actively start devving this device.

Any one knows how to root this device?
Sent from my GT-I9001 using XDA Premium App

I'm looking for a solution as well, please don't make me use Touchwiz..

Have tried to look into ways to root this phone. It looks like it'll need to be root in similar way to i9100. So guess will need to wait for dev to come up with a special kernel for rooting.

İ hope they they ll come up with new karnel as soon.as possible
Sent from my GT-I9001 using Tapatalk

sweetnsour said:
afaik 2.3.x cannot be rooted. only 2.2.x
Click to expand...
Click to collapse
Here http://forum.xda-developers.com/archive/index.php/t-1136781.html is afaik 2.3.3 rotted. I think there is a posibility to root I9001.

I hope so ....! Did u try this method?
Sent from my GT-I9001 using Tapatalk

westcrip said:
I hope so ....! Did u try this method?
Sent from my GT-I9001 using Tapatalk
Click to expand...
Click to collapse
Nope but I will try in this weekend. I found how to restore phone when you brick it (if something happen) , and it's not so hard. That's why I will use different method to root it. I just wonder if one of brick is avilable or more. I only know how to unbrick by this method http://www.youtube.com/watch?v=2qB4RNoXTd8 . Its very simple just install software downoladed from http://www.samfirmware.com/WEBPROTECT-i9001.htm our software is in the middle I9001XXKF8 ##. Odin as well recognize my phone.

I have managed it to root the i9001. So far it is very complicated, and the detailed guide as well as the analysis of SMD archives is only in German available:
http://www.android-hilfe.de/samsung...g-galaxy-s-plus-i9001-rooten.html#post1911955
As always: You are responsible for your Phone! If someone bricks his device using this guide, I am not responsible for that! Bad Luck, I have warned you! Its a dangerous job! You really shouldn't do it.
In short:
- extract the PDA SMD File
- mount system.ext4
- copy su binary and Superuser.apk into the mounted image
- adjust the file permissions (especially the suid bit for su)
- umount system.ext4
- repack the PDA SMD.
I have created two Linux bash scripts for extracting and packing SMD Archives. Warning: I'm not very experienced in bash scripting. If someone is here who is capable of making a nice script of it, feel free! The scripts are working, that's all so far. They won't win a price in a beauty contest.
First the extract.sh:
Code:
#!/bin/bash
base=0
length=1
while (( length > 0 ))
do
# calculate Length
let "skip = base + 18"
length=`hexdump -e '"%d"' -s ${skip} -n 2 ${1}`
let "length = length * 65536"
let "skip = base + 16"
length2=`hexdump -e '"%d"' -s ${skip} -n 2 ${1}`
let "length += length2"
let "length = length / 512" # Number of 512-Byte blocks
# calculate offset
let "skip = base + 22"
offset=`hexdump -e '"%d"' -s ${skip} -n 2 ${1}`
let "offset = offset * 65536"
let "skip = base + 20"
offset2=`hexdump -e '"%d"' -s ${skip} -n 2 ${1}`
let "offset += offset2"
let "offset = offset / 512" # Number of 512-Byte blocks
# save header in case of first loop
if (( base == 0 ))
then
dd if=${1} bs=512 of=header count=${offset}
fi
# extract filename
let "skip = base + 32"
filename=`dd if=${1} skip=${skip} count=16 bs=1 2>/dev/null`
# and finally: extract image
if (( length > 0 ))
then
echo "Length: ${length}"
echo "Offset: ${offset}"
echo "Filename: ${filename}"
dd if=${1} bs=512 of=${filename} skip=${offset} count=${length} 2>/dev/null
fi
# next header
let "base += 64"
done
Syntax: ./extract.sh Archive.smd
The script will extract the archive and create a lot of local files (system.ext, boot.img and so on). Well, the content of the Archive obviously.
Root the system.ext4:
I have used the newest su and Superuser.apk from here (3.0-beta4 at the moment. Newer ones should be ok):
http://goo-inside.me/superuser
The steps for rooting a system.ext4:
Code:
mkdir system
sudo mount -o loop system.ext4 system
sudo cp su system/xbin/
sudo chown 0.0 system/xbin/su
sudo chmod 4755 system/xbin/su
sudo cp Superuser.apk system/app/
sudo chown 0.0 system/app/Superuser.apk
sudo chmod 644 system/app/Superuser.apk
sudo umount system
And the pack.sh. Note: The pack.sh so far expects an existing "header" file created from an extract action and all files to be added into the archive. The resulting archive will have the same contents, as the starting archive (of course with a modified system.ext4). MD5 Checksums in the archive are calculated automatically.
Code:
#!/bin/bash
base=16
length=0
filename=dummy
# save the beginning
dd if=header of=newheader bs=1 count=16 2>/dev/null
# First create the MD5 checksums of all included (and maybe modified) files and generate the new header
while [ ! -z "${filename}" ]
do
# Length, offset, etc. is unchanged, just copy it.
let "skip = base"
dd if=header of=newheadertmp bs=1 skip=${skip} count=32 2>/dev/null
cat newheadertmp >> newheader
rm newheadertmp
# extract filename
let "skip = base + 16"
filename=`dd if=header skip=${skip} count=16 bs=1 2>/dev/null`
if [ ! -z "${filename}" ]
then
echo "creating MD5Sum of: ${filename}"
checksum=`md5sum ${filename} | tr '[a-z]' '[A-Z]'`
echo -n ${checksum:0:32} >> newheader
fi
# next header
let "base += 64"
done
# save the rest of the old header.
filesize=$(stat -c%s header)
let "base -= 32"
let "size = filesize - base"
dd if=header of=newheadertmp bs=1 skip=${base} count=${size} 2>/dev/null
cat newheadertmp >> newheader
rm newheadertmp
# the new header is the first content of the new archive.
cat newheader > ${1}
# now add all files to the archive.
filename=dummy
base=16
while [ ! -z "${filename}" ]
do
# extract filename
let "skip = base + 16"
filename=`dd if=header skip=${skip} count=16 bs=1 2>/dev/null`
if [ ! -z "${filename}" ]
then
echo "Adding: ${filename}"
cat ${filename} >> ${1}
fi
# next header
let "base += 64"
done
rm newheader
Syntax: ./pack.sh Archive.smd
Flash the resulting .smd files using Odin Multi Downloader an be happy about a rooted SGS Plus.
Note: The procedure has been tested with European KF6 and KP4 firmware. the scripts are capable of extracting and packing other SMD Archives as well, like Modem or CSC SMDs. But you don't need it for rooting (but maybe for debranding or customizing ROMs).
I'm thinking about an simpler root method like a modified kernel with a "magic" initramfs (like CF Root is working). This would make rooting of course much easier. But I have to investigate a lot of things handling boot.imgs.

Nice one RiverSource! Let's hope this is the start of more to come (ie. easier root, custom roms..).

Hello,
ok, next step for rooting the SGS Plus: The FMROOT (hehe). FMROOT is the original untouched Samsung Kernel with a modified init.rc. The init.rc calls a script which places the su binary and the Superuser.apk into the /system partition.
As always: You are responsible for your Phone! If someone bricks his device using this guide, I am not responsible for that! Bad Luck, I have warned you! Its a dangerous job! You really shouldn't do it.
Howto:
Download the appropriate file for your firmware.
Extract it
There should be 2 Files: AriesVE.ops and FMROOT_?????.smd
Use Odin Multi Downloader
Put "AriesVE.ops" in OPS
Put "FMROOT_?????.smd" in PDA
Flash. Wait 5 Seconds. Phone reboots. Phone is rooted. Normally without loosing data or settings.
Please ask here, if your Firmware is not available. It should be possible to create an appropriate FMROOT Kernel.
Credits:
astuermer for pointing me to the correct su and Superuser binaries.
Chainfire here from XDA Developers. My script is based on the CF-Root
Paul from Madaco. I had a closer look into his "superboot".
Lots and Lots of Custom ROM Developers for i9000 and i9100. I have learned a lot about Android Images on Samsung phones from them.
For the developers: the FMBOOT Script called by init.rc:
Code:
mount -o rw,remount -t ext4 /dev/block/mmcblk0p15 /system
rm /system/xbin/su
rm /system/bin/su
mkdir /system/xbin
cat /fmboot/su > /system/xbin/su
chmod 4755 /system/xbin/su
cat /fmboot/Superuser.apk > /system/app/Superuser.apk
mount -o ro,remount -t ext4 /dev/block/mmcblk0p15 /system
And the calling code inside the init.rc:
Code:
start fmboot
class_start default
## Daemon processes to be run by init.
##
service fmboot /system/bin/sh /fmboot/fmboot.sh
user root
group root
oneshot
If someone is interested, I can post a howto on modifying boot.imgs for SGS Plus. Don't hesitate to ask. BTW, i have also coded a script which is capable of generating SMD archives with any content (not based on a previous SMD archive). I can also post it, if someone is interested.
I think, I will optimize the script in the future. Checking if the phone is already rooted and skip the thing for example. Or adding busybox. Are there any additional ideas?

Thank you very [email protected]@@@ Come on!

THX, THX,..
It works, rooted..!!

[Q] How to root Fujitsu Arrows X F-10D? I cannot understand the guide

Hello, I am wondering deciding whether or not I will buy the Fujitsu Arrows X, and it depends on whether I can have root on the phone or not.
I read on the internet that Goroh_Kun got root on the phone, but I am not experienced at rooting phones and ADB, so I cannot understand the source code and binary posted online, nor can I understand a guide of how he got root.
All I could tell was that root was gained for the phone through a vulnerability in "aeswipe" aka the fingerprint scanning thing. However, I cannot follow along with the steps, because I cannot understand it.
I don't know how to use the source code or binary for anything.
Will someone read the pages and summarize the steps for rooting the phone so I can understand it?
I cannot post URLs, so please reply if you need the URLs.
Sarcasticphoenix

Bump
Bumped post, need a reply.

!!!!!!!!!! Caution rooting can be risk your devices. !!!!!!!!!!!
!!!!!!!!!! CAUTION ROOTING CAN BE RISK YOUR DEVICES. !!!!!!!!!!!
YOU MUST HAVE TO KNOW WHAT YOU DO. BEFORE YOU MAKE A THING.
obtain root privileges on the f-10d
Things Require
1. Root Kit
2. ADB Driver For F-10D
3. PC With android SDK
4. Little Knowledge with linux command line
Things to do
Right click on folded you save extract of root kit. that you download
(1) On command prompt put command "adb restore f-10d_2.ab" without "…"
Press OK certification will appear on the screen
(2) You must verify that
(3) after restore is finished. Put command
> adb shell
$ cd / data / data / com.android.settings / a /
$ ls -l-d
drwxrwxrwx system system a
⇒ a directory that exists and is world readable, writable to
$ ls -l
⇒ up to file00 ~ file99 directory exists
(4) Once removed file00 ~ file99
> adb shell
$ cd /data/data/com.android.settings/
$ rm -r a
(Please go but out ※ error)
(5) Make /data permissions to 777. Input command.
$ while:; do ln -s /data a/file99; done
On your screen should infinite run.While doing this, open new command line. Don't closed running windows.
Now input command in new windows
>adb restore f-10d_2.ab
Confirm on your f-10d to complete the restore
After you have finished, exit the old infinite running windows
(6) Check the permissions on the /data
> adb shell
$ ls -l-d /data
drwxrwxrwx system system data
(7) Execute the following command
> adb push mkdevsh /data/local.org/tmp/mkdevsh
> adb shell chmod 777 /data/local.org/tmp/mkdevsh
(8) On or Off Wifi, and then execute
> echo /data/local.org/tmp/mkdevsh>/sys/kernel/uevent_helper
> adb shell
$ ls -l /dev/sh
-rwsr-sr-x root root 151964 2012-08-06 19:34 sh
$ /Dev/sh
# ************ Tempolary insecure root shell ************
(9) Copy lsm_disabler.ko and f10dunlock to /data/local
>adb push f10dunlock /sdcard
>adb push lsm_disabler.ko /sdcard
>dab shell
# dd if=/mnt/sdcard/f10dunlock of=/data/local/f10dunlock
# dd if=/mnt/sdcard/lsm_disabler.ko of=/data/local/lsm_disabler.ko
(10) release LSM lock
********* "x" and "y" is option for f10dunlock
For x=0 if you're on F-10D Build number V16R45C
x=1 if you're ISW13D Device
x=2 if you're on F-10D Build number V18R46F
IF you can't insert module lsm_disabler.ko after execute f10dunlock "x" you can add option "y" at last one example f10dunlock 0 2 or f10dunlock 0 1 and then try to insert module lsm_disabler.ko **********
# cd /data/local
# chmod 777 f10dunlock
# chown root.root / data/local/f10dunlock
# /data/local/f10dunlock x y
/data/local/f10dunlock
fdaes = -1
open aeswipe error, so try to disable LSM without recovery g_lptsAuthContext
fdaes2 = 3
use new F-10D address
# /data/local/f10dunlock 2
/data/local/f10dunlock 2
fdaes = -1
open aeswipe error, so try to disable LSM without recovery g_lptsAuthContext
fdaes2 = 3
# ./f10dunlock
./f10dunlock
fdaes = -1
open aeswipe error, so try to disable LSM without recovery g_lptsAuthContext
fdaes2 = 3
# lsmod
# mount-o rw, remount / system
mount-o rw, remount / system
# cd /system
cd /system
# chmod 777 / system
chmod 777 / system
# mkdir test
mkdir test
# ls-al
(11) Set su busybox
# sync; sync; sync
sync; sync; sync
# dd if=/mnt/sdcard/su of=/system/bin/su
dd if=/mnt/sdcard/su of=/system/bin/su
743 +1 records in
743 +1 records out
380532 bytes transferred in 0.079 secs (4816860 bytes / sec)
# chown root.shell /system/bin/su
chown root.shell /system/bin/su
# chmod 06755 /system/bin/su
chmod 06755 /system/bin/su
# sync; sync; sync
sync; sync; sync
# dd if=/mnt/sdcard/su of=/system/xbin/su
dd if=/mnt/sdcard/su of=/system/xbin/su
743 +1 records in
743 +1 records out
380532 bytes transferred in 0.034 secs (11192117 bytes / sec)
# chown root.shell /system/xbin/su
chown root.shell /system/xbin/su
# chmod 06755 /system/xbin/su
chmod 06755 /system/xbin/su
# sync; sync; sync
sync; sync; sync
# dd if = /data/local.org/tmp/busybox of=/system/xbin/busybox
dd if=/data/local.org/tmp/busybox of=/system/xbin/busybox
2099 +1 records in
2099 +1 records out
1075144 bytes transferred in 0.085 secs (12648752 bytes / sec)
# chown root.shell /system/xbin/busybox
chown root.shell /system/xbin/busybox
# chmod 04755 /system/xbin/busybox
chmod 04755 /system/xbin/busybox
# ls-al
ls-al
drwxr-xr-x root root 2012-09-01 03:31 app
drwxrwxrwx root shell 2012-09-01 23:59 bin
-rw-r - r - root root 4093 2012-09-01 03:31 build.prop
drwxr-xr-x root shell 2012-09-02 01:05 xbin
# cd /system/xbin
cd /system/xbin
# ls -al
ls -al
-rwxr-xr-x root shell 10028 2012-07-07 21:17 agent
-rwsr-xr-x root shell 1075144 2012-09-02 01:05 busybox
-rwxr-xr-x root shell 9780 2012-07-07 21:17 dbus-monitor
-rwxr-xr-x root shell 5708 2012-07-07 21:17 sdptest
-rwsr-sr-x root shell 380532 2012-09-02 01:03 su
#
(12) Set up SuperUser
Install from the market SuperSU etc..
k you must have permission to launch the app root, root authorization confirmation screen will appear if
Remark form me(yes, me not goroh_kun) : if you reboot your device. It's has re-lock /system. Even you have root access you can't remount /system to r/o until you re-execute f10dunlock. So you should think and plan by carefully that you want to move SuperSU.apk form /data/app to/system/app for more safer factory reset in future or not.
Thank you for the dear goroh_kun.

Ugh...what a convoluted process... I'm really on the edge about doing this.
I also heard that this causes the fingerprint reader to stop working. Can anyone confirm this? I use the fingerprint reader a lot so I'd hate to lose that functionality.

Hi,
thanks for the explanation.
But I am stuck at some point:
A. step (8) says on or off WiFi - what does this mean?
B. next, cannot output from mkdevsh to /sys/kernel/udev_helper: permission denied
mkdevsh cannot be executed, says error "syntax error: '^A' unexpected and /bin/sh is not available
C. lsm_disabler.ko is not supplied in ZIP file
Can you please help?`
Thanks

tuxsurfer said:
Hi,
thanks for the explanation.
But I am stuck at some point:
A. step (8) says on or off WiFi - what does this mean?
B. next, cannot output from mkdevsh to /sys/kernel/udev_helper: permission denied
mkdevsh cannot be executed, says error "syntax error: '^A' unexpected and /bin/sh is not available
C. lsm_disabler.ko is not supplied in ZIP file
Can you please help?`
Thanks
Click to expand...
Click to collapse
You manage to get this working? Just wondering as I have an F-10D on the way. I know you can disable a decent bit of bloatware with the ICS disable feature, but I want to disable all of the bloat, if possible.
Anyway, the process does seem simple enough, but the things pointed out above will keep me hesitant on this matter. Does "on or off WiFi", mean turn on and then off?
Thanks

tuxsurfer said:
Hi,
thanks for the explanation.
But I am stuck at some point:
A. step (8) says on or off WiFi - what does this mean?
Ohhhh, Excuse me right thing is " ON and then OFF WIFI" this the hole on android from Sony Ericsson X10
B. next, cannot output from mkdevsh to /sys/kernel/udev_helper: permission denied
mkdevsh cannot be executed, says error "syntax error: '^A' unexpected and /bin/sh is not available
Make sure "echo /data/local.org/tmp/mkdevsh > /sys/kernel/uevent_helper" without quote " " and this can operate after WIFI Hole step
C. lsm_disabler.ko is not supplied in ZIP file
for lsm_disabler.ko not required for the new method just unlocked
Can you please help?`
Thanks
Click to expand...
Click to collapse
I'm So Busy,Sorry for late answer.

tum.osx said:
!!!!!!!!!! CAUTION ROOTING CAN BE RISK YOUR DEVICES. !!!!!!!!!!!
YOU MUST HAVE TO KNOW WHAT YOU DO. BEFORE YOU MAKE A THING.
obtain root privileges on the f-10d
Things Require
1. Root Kit
2. ADB Driver For F-10D
3. PC With android SDK
4. Little Knowledge with linux command line
Things to do
Right click on folded you save extract of root kit. that you download
(1) On command prompt put command "adb restore f-10d_2.ab" without "…"
Press OK certification will appear on the screen
(2) You must verify that
(3) after restore is finished. Put command
> adb shell
$ cd / data / data / com.android.settings / a /
$ ls -l-d
drwxrwxrwx system system a
⇒ a directory that exists and is world readable, writable to
$ ls -l
⇒ up to file00 ~ file99 directory exists
(4) Once removed file00 ~ file99
> adb shell
$ cd /data/data/com.android.settings/
$ rm -r a
(Please go but out ※ error)
(5) Make /data permissions to 777. Input command.
$ while:; do ln -s /data a/file99; done
On your screen should infinite run.While doing this, open new command line. Don't closed running windows.
Now input command in new windows
>adb restore f-10d_2.ab
Confirm on your f-10d to complete the restore
After you have finished, exit the old infinite running windows
(6) Check the permissions on the /data
> adb shell
$ ls -l-d /data
drwxrwxrwx system system data
(7) Execute the following command
> adb push mkdevsh /data/local.org/tmp/mkdevsh
> adb shell chmod 777 /data/local.org/tmp/mkdevsh
(8) On or Off Wifi, and then execute
> echo /data/local.org/tmp/mkdevsh>/sys/kernel/uevent_helper
> adb shell
$ ls -l /dev/sh
-rwsr-sr-x root root 151964 2012-08-06 19:34 sh
$ /Dev/sh
# ************ Tempolary insecure root shell ************
(9) Copy lsm_disabler.ko and f10dunlock to /data/local
>adb push f10dunlock /sdcard
>adb push lsm_disabler.ko /sdcard
>dab shell
# dd if=/mnt/sdcard/f10dunlock of=/data/local/f10dunlock
# dd if=/mnt/sdcard/lsm_disabler.ko of=/data/local/lsm_disabler.ko
(10) release LSM lock
********* "x" and "y" is option for f10dunlock
For x=0 if you're on F-10D Build number V16R45C
x=1 if you're ISW13D Device
x=2 if you're on F-10D Build number V18R46F
IF you can't insert module lsm_disabler.ko after execute f10dunlock "x" you can add option "y" at last one example f10dunlock 0 2 or f10dunlock 0 1 and then try to insert module lsm_disabler.ko **********
# cd /data/local
# chmod 777 f10dunlock
# chown root.root / data/local/f10dunlock
# /data/local/f10dunlock x y
/data/local/f10dunlock
fdaes = -1
open aeswipe error, so try to disable LSM without recovery g_lptsAuthContext
fdaes2 = 3
use new F-10D address
# /data/local/f10dunlock 2
/data/local/f10dunlock 2
fdaes = -1
open aeswipe error, so try to disable LSM without recovery g_lptsAuthContext
fdaes2 = 3
# ./f10dunlock
./f10dunlock
fdaes = -1
open aeswipe error, so try to disable LSM without recovery g_lptsAuthContext
fdaes2 = 3
# lsmod
# mount-o rw, remount / system
mount-o rw, remount / system
# cd /system
cd /system
# chmod 777 / system
chmod 777 / system
# mkdir test
mkdir test
# ls-al
(11) Set su busybox
# sync; sync; sync
sync; sync; sync
# dd if=/mnt/sdcard/su of=/system/bin/su
dd if=/mnt/sdcard/su of=/system/bin/su
743 +1 records in
743 +1 records out
380532 bytes transferred in 0.079 secs (4816860 bytes / sec)
# chown root.shell /system/bin/su
chown root.shell /system/bin/su
# chmod 06755 /system/bin/su
chmod 06755 /system/bin/su
# sync; sync; sync
sync; sync; sync
# dd if=/mnt/sdcard/su of=/system/xbin/su
dd if=/mnt/sdcard/su of=/system/xbin/su
743 +1 records in
743 +1 records out
380532 bytes transferred in 0.034 secs (11192117 bytes / sec)
# chown root.shell /system/xbin/su
chown root.shell /system/xbin/su
# chmod 06755 /system/xbin/su
chmod 06755 /system/xbin/su
# sync; sync; sync
sync; sync; sync
# dd if = /data/local.org/tmp/busybox of=/system/xbin/busybox
dd if=/data/local.org/tmp/busybox of=/system/xbin/busybox
2099 +1 records in
2099 +1 records out
1075144 bytes transferred in 0.085 secs (12648752 bytes / sec)
# chown root.shell /system/xbin/busybox
chown root.shell /system/xbin/busybox
# chmod 04755 /system/xbin/busybox
chmod 04755 /system/xbin/busybox
# ls-al
ls-al
drwxr-xr-x root root 2012-09-01 03:31 app
drwxrwxrwx root shell 2012-09-01 23:59 bin
-rw-r - r - root root 4093 2012-09-01 03:31 build.prop
drwxr-xr-x root shell 2012-09-02 01:05 xbin
# cd /system/xbin
cd /system/xbin
# ls -al
ls -al
-rwxr-xr-x root shell 10028 2012-07-07 21:17 agent
-rwsr-xr-x root shell 1075144 2012-09-02 01:05 busybox
-rwxr-xr-x root shell 9780 2012-07-07 21:17 dbus-monitor
-rwxr-xr-x root shell 5708 2012-07-07 21:17 sdptest
-rwsr-sr-x root shell 380532 2012-09-02 01:03 su
#
(12) Set up SuperUser
Install from the market SuperSU etc..
k you must have permission to launch the app root, root authorization confirmation screen will appear if
Remark form me(yes, me not goroh_kun) : if you reboot your device. It's has re-lock /system. Even you have root access you can't remount /system to r/o until you re-execute f10dunlock. So you should think and plan by carefully that you want to move SuperSU.apk form /data/app to/system/app for more safer factory reset in future or not.
Thank you for the dear goroh_kun.
Click to expand...
Click to collapse
Anything for F-02E??

the same problem
Rudeyllah said:
Anything for F-02E??
Click to expand...
Click to collapse
I have the same problem with the same phone model,i tried to root but i'm stuck at 7.-permision denied and 8.-on and off wifi...i try all but i can't pass this steps......maybe the tutorial need more detail or maybe it is about diferences between versions of phone.

Build
The Root for F-10D has different Command for Rooting,depending BUILD on Device..
Option is different depending on the version and model.
F-10D build number V16R45C: → 0
ISW13D: → 1
F-10D build number V18R46F: → 2
F-10D build number V20R47F: → 3
My Device is V20R47F and the Following Command for V16R45C ... Cannot be use on V20R47F.. i always get Error after -7 ..
Can anyone help for V20R47F ?
CMD
C:> adb restore f-10d_2.ab
~ ~ ~ To allow restore ~ ​​~ ~ Android terminal
C:> adb shell
shell @ android :/ $ cd / data / data / com.android.settings / a /
cd / data / data / com.android.settings / a /
shell @ android :/ data / data / com.android.settings / a $ ls-l-d
ls-l-d
drwxrwxrwx system system 2011-01-01 09:09.
shell @ android :/ data / data / com.android.settings / a $ ls-l
ls-l
drwxrwxrwx system system 2011-01-01 09:09 file00
drwxrwxrwx system system 2011-01-01 09:09 file01
drwxrwxrwx system system 2011-01-01 09:09 file02
~ ~ ~ ~ ~ ~ Omitted
~ ~ ~ ~ ~ ~ Omitted
drwxrwxrwx system system 2011-01-01 09:09 file97
drwxrwxrwx system system 2011-01-01 09:09 file98
drwxrwxrwx system system 2011-01-01 09:09 file99
shell @ android :/ data / data / com.android.settings / a $ cd / data / data / com.android.settings /
com.android.settings / <
shell @ android :/ data / data / com.android.settings $ ls-l
ls-l
drwxrwxrwx system system 2011-01-01 09:09 a
drwxr-xr-x system system 2011-01-01 09:00 lib
shell @ android :/ data / data / com.android.settings $ rm-ra
rm-r a
rm failed for a, Permission denied
255 | shell @ android :/ data / data / com.android.settings $ while:; do ln-s / data a/file99; done
ln-s / data a/file99; done <
link failed File exists
link failed File exists
link failed File exists
~ ~ ~ Leaving the ~ ~ ~ endlessly
~ ~ ~ Leaving the ~ ~ ~ endlessly
~ ~ ~ ↓ ↓ ↓ ~ ~ ~ to open and run one more command line
C:> adb restore f-10d_2.ab
~ ~ ~ To allow restore ~ ​​~ ~ Android terminal
~ ~ ~ ↑ ↑ ↑ ~ ~ ~ to open and run one more command line
I made a restore link failed No such file or directory ← here
link failed No such file or directory
link failed No such file or directory
link failed No such file or directory
link failed No such file or directory
link failed No such file or directory
link failed No such file or directory
link failed No such file or directory
link failed No such file or directory
link failed No such file or directory
link failed No such file or directory
link failed No such file or directory
link failed No such file or directory
link failed File exists
link failed File exists
link failed File exists
~ ~ ~ Leaving the ~ ~ ~ endlessly
~ ~ ~ Leaving the ~ ~ ~ endlessly
^ I interrupted by C ← CTRL + C.
C:>
C:> adb shell
shell @ android :/ $ ls-l-d / data
ls-l-d / data
drwxrwxrwx system system 2011-01-01 09:11 data
shell @ android :/ $ exit
exit
C:> adb push mkdevsh / data / local / tmp /
2702 KB / s (648486 bytes in 0.234s)
C:> adb shell
shell @ android :/ $ ls-l-d / data / local
ls-l-d / data / local
drwxr-x - x root root 2011-01-01 09:00 local
shell @ android :/ $ ls-l-d / data / local / tmp
ls-l-d / data / local / tmp
drwxrwx - x shell shell 2011-01-01 09:12 tmp
shell @ android :/ $ ls-l / data / local / tmp
ls-l / data / local / tmp
-Rw-rw-rw-shell shell 648486 2012-09-01 03:47 mkdevsh
shell @ android :/ $ chmod 777 / data / local / tmp / mkdevsh
chmod 777 / data / local / tmp / mkdevsh
shell @ android :/ $ ls-l / data / local / tmp /
ls-l / data / local / tmp /
-Rwxrwxrwx shell shell 648486 2012-09-01 03:47 mkdevsh
shell @ android :/ $ mv / data / local / data / local.org
mv / data / local / data / local.org
shell @ android :/ $ ls-l / data / local.org / tmp
ls-l / data / local.org / tmp
-Rwxrwxrwx shell shell 648486 2012-09-01 03:47 mkdevsh
shell @ android :/ $ mkdir / data / local
mkdir / data / local
shell @ android :/ $ ls-l-d / data / local /
ls-l-d / data / local /
drwxrwxrwx shell shell 2011-01-01 09:12
shell @ android :/ $ ln-s / sys / kernel / uevent_helper / data / local / tmp
ln-s / sys / kernel / uevent_helper / data / local / tmp
shell @ android :/ $ ls-l / data / local / tmp
ls-l / data / local / tmp
lrwxrwxrwx shell shell 2011-01-01 09:12 tmp -> / sys / kernel / uevent_helper
shell @ android :/ $ exit
exit
C:> adb push su / data /
2972 KB / s (380532 bytes in 0.125s)
C:> adb reboot
C:> adb wait-for-device shell
echo / data / local.org / tmp / mkdevsh> / sys / kernel / uevent_helper
echo / data / local.org / tmp / mkdevsh> / sys / kernel / uevent_helper
sh> / sys / kernel / uevent_helper <
shell @ android :/ $
shell @ android :/ $ ls-l / sys / kernel / uevent_helper
ls-l / sys / kernel / uevent_helper
-Rwxrwx - x shell shell 4096 2011-01-01 09:00 uevent_helper
shell @ android :/ $ ls-l / dev / sh
ls-l / dev / sh
-Rwsr-sr-x root root 151964 2011-01-01 09:00 sh
shell @ android :/ $ ls-l / data / su
ls-l / data / su
-Rw-rw-rw-shell shell 380532 2008-02-29 02:33 su
shell @ android :/ $ / dev / sh
/ Dev / sh
# ← root Kita! (It takes a permanent root in the rewritable system area by the mount rw)
# Mount-o rw, remount / system / system
mount-o rw, remount / system / system
# Ls-l / system / bin / su
ls-l / system / bin / su
/ System / xbin / su: No such file or directory
# Dd if = / data / su of = / system / bin / su
dd if = / data / su of = / system / bin / su
743 +1 records in
743 +1 records out
380532 bytes transferred in 0.047 secs (8096425 bytes / sec)
# Chown root.root / system / bin / su
chown root.root / system / bin / su
# Chmod 06755 / system / bin / su
chmod 06755 / system / bin / su
# Ls-l / system / bin / su
ls-l / system / bin / su
-Rwsr-sr-x root root 380532 2011-01-01 09:01 su
# Ls-l / system / xbin / su
ls-l / system / xbin / su
/ System / xbin / su: No such file or directory
# Dd if = / data / su of = / system / xbin / su
dd if = / data / su of = / system / xbin / su
743 +1 records in
743 +1 records out
380532 bytes transferred in 0.045 secs (8456266 bytes / sec)
# Chown root.root / system / xbin / su
chown root.root / system / xbin / su
# Chmod 06755 / system / xbin / su
chmod 06755 / system / xbin / su
# Ls-l / system / xbin / su
ls-l / system / xbin / su
-Rwsr-sr-x root root 380532 2011-01-01 09:02 su
# Mount-o ro, remount / system / system
mount-o ro, remount / system / system
# Dd if = / data / su of = / system / bin / su
dd if = / data / su of = / system / bin / su
/ System / bin / su: cannot open for write: Read-only file system
# Rm / data / local / tmp
rm / data / local / tmp
# Mv / data / local / data / local.ln
mv / data / local / data / local.ln
# Mv / data / local.org / data / local
mv / data / local.org / data / local
# Ls-l-d / data / local *
ls-l-d / data / local *
drwxr-x - x root root 2011-01-01 09:00 local
drwxr-x - x root root 2011-01-01 09:02 local.ln
# Sync; sync; sync
sync; sync; sync
# Reboot
reboot
Click to expand...
Click to collapse

any significant improvements in battery life after rooting?
spec-wise it is a very good phone but i really regret the decision of buying this phone cos it heats up so fast and battery life is non-existent.

Rudeyllah said:
Anything for F-02E??
Click to expand...
Click to collapse
Can you please review this phone F-02E? I am really thinking of buying it.
How is the camera, battery life, screen, is the processor capable of working smoothly even with the full HD display, does it get unneccesarily hot, how is the build quality?

lapucele said:
any significant improvements in battery life after rooting?
spec-wise it is a very good phone but i really regret the decision of buying this phone cos it heats up so fast and battery life is non-existent.
Click to expand...
Click to collapse
I am in the same shoe as you with my F-02E, heat so fast and it restarts from 44 degrees centigrade.

Booting Fujitsu F-10D not powering on
My phone suddenly dosent power on. I tested the battery with a tester and it's fully charged. Anyone had a power problem with an Arrows X? Please help me!
The weird thing is I bought my phone at the same time as a friend and his phone stopped working a week ago also!!
When I press the power button, the red charging light blinks 3 time. Any debugging idea?Help me
Thanks

lythekhang said:
My phone suddenly dosent power on. I tested the battery with a tester and it's fully charged. Anyone had a power problem with an Arrows X? Please help me!
The weird thing is I bought my phone at the same time as a friend and his phone stopped working a week ago also!!
When I press the power button, the red charging light blinks 3 time. Any debugging idea?Help me
Thanks
Click to expand...
Click to collapse
I have the same problem too, mobile doesn't start.
When I press the power button, the red charging light blinks 3 time too.
Don't know what a problem, and how this fix.

can anyone confirm if this is working?

Using F-02E ones may work but don't do this. You can never get back when system files go wrong. I already turned mine to paperweight after reboot.

try this
Hi folks
I have Arrows X F-10D , I tried all methods to root it but no hope, I think the build number V22R49C is unrootable
Anyway I suggest to try this lovely program which I found in this site. http://www.mgyun.com/vroot
I have already attached the program, you can download it and give it a try if your build number is lower than above

try this too
Here is another program I have download it from here

help please
Guys help me please
I need DoCoMo apps system
I lost one app by mistake which is for DoCoMo account numbers
When I create new contact it shows me only Google account to save in, but no phone contacts
Please help
Somebody upload this app for me

[Q] Superboot image for Motorola Moto G

I'm trying to root my german Motorola Moto G using a superboot image. This topic is very new for me so I followed the Instructions of Mikael Q Kuisma using the original boot.img from the stock ROM. In addition I want to have my image to install a superuser App. So I registered a service in the `init.rc` file which just runs the installer shell script. I register the service like this:
Code:
service installsu /system/bin/sh /superuser/install.sh
class main
user root
group root
oneshot
As far as i understood this service is run once as root when all other services of the class main are run. Am I right?
The superuser app I want to install is the one from Koushik Doutta. My install.sh script looks like this:
Code:
#!/system/bin/sh
mount -o remount,rw /system
chattr -i /system/bin/su
chattr -i /system/xbin/su
rm -f /system/bin/su
rm -f /system/xbin/su
rm -f /system/app/Superuser.*
rm -f /system/app/Supersu.*
rm -f /system/app/superuser.*
rm -f /system/app/supersu.*
rm -f /system/app/SuperUser.*
rm -f /system/app/SuperSU.*
cp /superuser/su /system/xbin/su
chown 0:0 /system/xbin/su
chmod 6755 /system/xbin/su
ln -s /system/xbin/su /system/bin/su
cp /superuser/Superuser.apk /system/app
chmod 644 /system/app/Superuser.apk
chattr -i /system/etc/install-recovery.sh
cp /superuser/install-recovery.sh /system/etc/install-recovery.sh
chmod 755 /system/etc/install-recovery.sh
touch /system/etc/.installed_su_daemon
mount -o remount,ro /system
This is basically the update-android script from the archive but without all the conditionals.
"ls -l" inside the superuser folder gives:
Code:
-rw-rw-r-- 1 root root 44 Nov 30 22:18 install-recovery.sh
-rwxr-x--- 1 root root 737 Jan 7 11:29 install.sh
-rwxr-xr-x 1 root root 283084 Nov 30 22:25 reboot
-rwxr-xr-x 1 root root 311872 Nov 30 22:25 su
-rw-rw-r-- 1 root root 2025538 Nov 30 22:25 Superuser.apk
I think this are the correct permissions?!
The image splitting tool of Mikael Q Kuisma warned me that a different version of mkbootimg was used to create the original boot image an suggested which variables I had to change in the source code. I did this and compiled my own version. The unmkbootimg tool also gave me the complete command including parameters to build the new image. I used it without any modifications.
Finally, the problem: It doesn't root my phone.
It seems like the installer script is never run, because I can't find the su binary using "adb shell ls /system/xbin/". Also the phone does not boot directly into Android. It shows me the Motorola logo, turns black, shows the unlock warning, shows boot animation and then Android is loaded. I don't have a reboot command inside the script, so shouldn't it boot straight to Android when I boot with "fastboot boot <new boot.img>"?
Is it possible to get kernel logs without being root?

[GUIDE] Disable selinux to allow Xposed framework for Oneplus 2

This is a quick guide for disabling selinux to allow installation of Xposed framework on OsygenOS 2.2.x. Tested on my OPT.
This means changing the boot partition settings to allow permissive selinux and re-writing it.
It could work theoretically on any other Lollipops, perhaps Marshmallow, however... needs to be tested.
The red disclaimer: you perform all these changes at your own risk!
My current configuration:
- OxygenOS 2.2.1 (rooted, BETA-SuperSU-v2.67-20160121175247, Boeffla-Kernel 1.1-beta11)
- xposed-v80-sdk22-arm64
- mkbootimg-tools
Steps
You can use adb shell from a prompt (windows is quite ugly though).
For windows I recommend Puttytray (https://puttytray.goeswhere.com/) and connect using adb.
For future ROM updated, assuming you keep patch.sh, just use the terminal embedded in TWRP to run it right from the phone, generate the new boot image and apply it again.
Reboot in recovery (I use TWRP 3.0.0-2)
Make sure /system partition is mounted
Code:
mount /system
unzip mkbootimg_tools-master.zip
cd mkbootimg_tools-master/ARM
Create the patch.sh script (the wrapper for the mkbooting tools)
Code:
vi patch.sh
paste the contents of the attached script:
Code:
#!/system/bin/sh
############################################
# Script to alter the boot image and set selinux=permissive
# WARNING! use this at our own risk, I am not responsible for bricking your phone by corrupting the boot partition
# Tested on OxygenOS 2.1.1, 2.2.0, 2.2.1 (Lollipop 5.1.1)
#
# v1.0.2015-12-30
# Author: cr1cr1
############################################
# Mount /system partition rw, if not already mounted
mount -o rw /system 2>/dev/null
# Set some variables
ORIBOOT=ori-boot.img
PATCHEDBOOT=../new-boot.img
OUTDIR=boot~tmp
# Get the actual boot block partition
BOOTPART=`busybox readlink -f /dev/block/platform/*/by-name/boot`
if [ ! -r $BOOTPART ]; then
echo "Boot partition not found at: $BOOTPART!"
exit 1
fi
echo "Using boot partition: $BOOTPART"
# Copy the boot partition
set -x
busybox dd if=$BOOTPART of=$ORIBOOT
set +x
RETCODE=$?
if [ $RETCODE -ne 0 ]; then
echo "Failed to copy boot part using DD utility, retcode=$RETCODE"
exit $RETCODE
fi
# Unpack the boot image
set -x
./mkboot $ORIBOOT $OUTDIR
set +x
RETCODE=$?
if [ $RETCODE -ne 0 ]; then
echo "Failed to run mkboot utility, retcode=$RETCODE"
exit $RETCODE
fi
if [ ! -w $OUTDIR/img_info ]; then
echo "$OUTDIR/img_info is not writable, exiting!"
exit 1
fi
# Change the kernel command line parameters
if [ "$(busybox grep selinux $OUTDIR/img_info)" == "" ]; then
set -vx
busybox sed -i "s/cmd_line\='/cmd_line\='androidboot.selinux=permissive /" $OUTDIR/img_info
set +vx
else
set -vx
busybox sed -Ei 's/\.selinux=[^ '\'']+/.selinux=permssive/' $OUTDIR/img_info
set +vx
fi
# Repack the boot image
set -x
./mkboot $OUTDIR $PATCHEDBOOT
set +x
Set the execute permission
Code:
chmod +x patch.sh
Execute the script to patch the boot image
Code:
./patch.sh
You should now have a patched and repacked image:
new-boot.img
Install the new boot image using twrp:
- press install
- press "Install Image"
- select new-boot.img
- Select the partition "boot"
Apparently there is a need to also explicitly disable selinux on startup as well.
For this, yet another script must be used:
Code:
vi /system/etc/init.d/08customscript
Paste the following:
Code:
#!/system/bin/sh
mount -o remount,rw /system
/system/xbin/su 0 setenforce 0
echo "0" > /sys/fs/selinux/enforce
mount -o remount,ro /system
Set the appropriate permissions
Code:
chmod u=rwx,go=r /system/etc/init.d/08customscript

There isn't a plugin for kernel adiutor that does the same?
Enviado desde mi ONE A2003

Zalpa said:
There isn't a plugin for kernel adiutor that does the same?
Enviado desde mi ONE A2003
Click to expand...
Click to collapse
Probably, I have seen last night with Boeffla's kernel editor you have the option to disable Selinux.
However, this will NOT work unless you change the boot image as well.

cr1cr1 said:
Probably, I have seen last night with Boeffla's kernel editor you have the option to disable Selinux.
However, this will NOT work unless you change the boot image as well.
Click to expand...
Click to collapse
Thanks
Enviado desde mi ONE A2003

Installing SuperSU root on Mi 5c

Here's a guide + script for installing SuperSU root on the Mi 5c.
I haven't yet managed to build a TWRP recovery image for it (I haven't really tried) - so this can be used to get root in the mean-time. (I also saw a Chinese TWRP ROM on the MIUI forums, but I haven't tried it myself)
Obviously modifying the phone system is risky, you may void the warranty, break it etc. I take no responsibility for that, and you use the instructions below at your own risk.
The script, and a few other tools I'm using for the Mi 5c can be found in my git repo: github.com/usedbytes/meri_tools
To use the script, you'll need a linux (or Mac, probably) computer with gcc and git installed, as well as a new-ish version of adb and fastboot. I'm running it on Arch Linux fine.
First get the phone into developer mode (tap on the MIUI version in About Phone 7 times), and enable adb debugging, and approve your computer to access debugging.
Then you need to download and extract the SuperSU "Installable Recovery" zip, and the Xiaomi stock ROM, which we will use for the install files.
Then, run the script below (meri_root.sh in the git repo).
The script installs all the bits needed, then reboots the phone with a rooted boot image. To make the root persistent, you need to flash the boot.supersu.img to the boot partition with fastboot (it just boots it by default).
Code:
#!/bin/bash
#
# Script to root the Xiaomi Mi 5c, by manually installing SuperSU
#
# Copyright 2017 Brian Starkey
#
# Permission is hereby granted, free of charge, to any person obtaining a
# copy of this software and associated documentation files (the "Software"),
# to deal in the Software without restriction, including without limitation
# the rights to use, copy, modify, merge, publish, distribute, sublicense,
# and/or sell copies of the Software, and to permit persons to whom the
# Software is furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
# OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
# DEALINGS IN THE SOFTWARE.
#
# -- Disclaimer
#
# Obviously modifying your phone can be dangerous, void the warranty etc. etc.
# Use this script and the instructions within it at your own risk.
#
# -- Description
#
# The SuperSU installer seems to assume you already have root, and is intended
# to be run from a custom recovery (like TWRP). We don't have that, so we'll do
# some funny dances to do a systemless root without having root to begin with.
#
# The crux of the matter is using SuperSU's tools to patch the ramdisk and
# sepolciy (in /data/local/tmp, without root), then building a ramdisk with
# those components
#
# -- Usage
#
# Plug in the phone, make sure you have (persistent) adb debugging permissions
# and run this script like so:
# meri_root.sh SUPERSU_DIR ROM_DIR
# Where SUPERSU_DIR is a directory where you have downloaded and extracted the
# SuperSU "Recovery Flashable" zip file: http://www.supersu.com/download
# and ROM_DIR is a directory where you have downloaded and extracted the ROM
# from Xiaomi's download page: http://en.miui.com/download-322.html
#
# The script will make and boot a boot.img which enacts a systemless root.
# To make it persisent, you must flash it instead:
# fastboot flash boot.supersu.img
#
# By default, SuperSU removes dm-verity from /system and encryption from /data
# To prevent this, set PRESERVE_VERITY=1 before running the script:
# PRESERVE_VERITY=1 ./meri_root.sh ...
if [ $# -ne 2 ];
then
cat >&2 <<EOM
Usage: $(basename $0) SUPERSU_DIR ROM_DIR
Extract SuperSU zip file into SUPERSU_DIR, and the Xiaomi ROM into ROM_DIR,
then run this script.
EOM
exit 1
fi
SUPERSU_DIR=$1
echo ${SUPERSU_DIR}/arm64/su
if [ ! -f ${SUPERSU_DIR}/arm64/su ]
then
echo "Invalid SUPERSU_DIR" >&2
exit 1
fi
ROM_DIR=$2
if [ ! -f ${ROM_DIR}/boot.img ]
then
echo "Invalid ROM_DIR" >&2
exit 1
fi
# 1. Get mkbootimg and build it
git clone --depth 1 https://github.com/osm0sis/mkbootimg.git || exit 1
cd mkbootimg
make || ( cd .. && exit 1 )
cd ..
# 2. Copy the SuperSU binaries to the device
echo "Waiting for device..."
adb wait-for-usb-device
adb push ${SUPERSU_DIR}/arm64/*su* /data/local/tmp/ || exit 1
adb shell chmod +x /data/local/tmp/su*
# 3. Create the SuperSU systemless root image
# Ideally we'd set up security contexts too, but then you need to be running
# on an SELinux-enabled kernel in permissive mode.
# Instead, we will fix it on first boot.
dd if=/dev/zero bs=1M count=96 of=su.img
mkfs.ext4 su.img
mkdir mnt
sudo mount su.img mnt
sudo mkdir mnt/{bin,xbin,lib,etc,su.d}
sudo chmod 0751 mnt/bin
sudo chmod 0755 mnt/{xbin,lib,etc}
sudo chmod 0700 mnt/su.d
sudo cp ${SUPERSU_DIR}/arm64/{su,sukernel} mnt/bin/
sudo cp ${SUPERSU_DIR}/arm64/su mnt/bin/daemonsu
sudo cp ${SUPERSU_DIR}/arm64/supolicy mnt/bin/supolicy_wrapped
sudo ln -s /su/bin/su mnt/bin/supolicy
sudo chown root:root mnt/bin/{su,daemonsu,sukernel,supolicy_wrapped}
sudo chmod 0755 mnt/bin/{su,daemonsu,sukernel,supolicy_wrapped}
sudo cp ${SUPERSU_DIR}/arm64/libsupol.so mnt/lib/libsupol.so
sudo chown root:root mnt/lib/libsupol.so
sudo chmod 0644 mnt/lib/libsupol.so
# Run a script at first-boot to fix up the SELinux contexts on the image
# It will remove itself after running
sudo bash -c "cat > mnt/su.d/firstboot.rc" <<EOF
#/system/bin/sh
chcon -hR u:object_r:system_data_file:s0 /su /data/local/tmp/su.img
rm /su/su.d/firstboot.rc
sync
EOF
sudo chmod 0750 mnt/su.d/firstboot.rc
sync
sudo umount mnt
# 4. Copy the systemless root image to the device
adb push su.img /data/local/tmp/su.img
# 5. Extract boot.img
mkdir bootimg
mkbootimg/unpackbootimg -o bootimg -i ${ROM_DIR}/boot.img
# 6. Unzip the ramdisk
cat bootimg/boot.img-ramdisk.gz | gunzip > ramdisk
# 7. Copy the ramdisk to the device, for patching
adb push ramdisk /data/local/tmp
# 8. Patch sepolicy and the ramdisk, using the SuperSU tools we copied over
# earlier
adb shell "
cd /data/local/tmp
LD_LIBRARY_PATH=. ./supolicy --file /sepolicy ./sepolicy.patched
LD_LIBRARY_PATH=. ./sukernel --patch ./ramdisk ramdisk.patched
"
# 9. Pull back the patched files
adb pull /data/local/tmp/sepolicy.patched /data/local/tmp/ramdisk.patched .
# 10. Extract the patched ramdisk, and install the patched sepolicy into it
mkdir ramdir
cat ramdisk.patched | sudo cpio --no-absolute-filenames -D ramdir -i
sudo cp sepolicy.patched ramdir/sepolicy
sudo chown root:root ramdir/sepolicy
sudo chmod 0644 ramdir/sepolicy
# 11. Install the SuperSU init scripts
sudo mkdir ramdir/su
sudo chmod 755 ramdir/su
sudo cp ${SUPERSU_DIR}/common/launch_daemonsu.sh ramdir/sbin
sudo chmod 744 ramdir/sbin/launch_daemonsu.sh
sudo chown root:root ramdir/sbin/launch_daemonsu.sh
sudo cp ${SUPERSU_DIR}/common/init.supersu.rc ramdir
sudo chmod 750 ramdir/init.supersu.rc
sudo chown root:root ramdir/init.supersu.rc
# 12. Patch the initscript for our img location and set the su.img context
sudo sed -i 's;/data/su.img;/data/local/tmp/su.img;' ramdir/init.supersu.rc
sudo sed -i '\;on property:sukernel.mount=1;a\ \ \ \ restorecon /data/local/tmp/su.img' ramdir/init.supersu.rc
sudo bash -c "echo /data/local/tmp/su.img u:object_r:system_data_file:s0 >> ramdir/file_contexts"
# Optional: Preserve dm-verity on /system, encryption on /data
if [ ! -z "$PRESERVE_VERITY" ] && [ $PRESERVE_VERITY -ne 0 ]
then
echo "Preserving dm-verity"
mkdir ramdir-stock
cat ramdisk | sudo cpio --no-absolute-filenames -D ramdir-stock -i
sudo cp ramdir-stock/{fstab.song,verity_key} ramdir/
sudo rm -rf ramdir-stock
fi
# 13. Repack the ramdisk
cd ramdir
sudo find . ! -path . | sudo cpio -H newc -o | gzip > ../ramdisk.gz
cd ..
# 14. Repack the boot image
mkbootimg/mkbootimg \
--kernel bootimg/boot.img-zImage \
--ramdisk ramdisk.gz \
--cmdline "console=ttyS0,115200 earlyprintk=uart8250-32bit,0xF900B000 androidboot.hardware=song no_console_suspend debug user_debug=31 loglevel=8" \
--base 0x0 \
--pagesize 4096 \
--kernel_offset 0x0a080000 \
--ramdisk_offset 0x0c400000 \
--dt bootimg/boot.img-dtb \
--tags_offset 0xc200000 \
--os_version 0.0.0 \
--os_patch_level 0 \
--second_offset 0x00f00000 \
--hash sha256 \
--id \
-o boot.supersu.img
# 15. Boot it! (flash it if you want to make it persistent)
adb reboot-bootloader
fastboot boot boot.supersu.img
echo "Waiting for device..."
adb wait-for-usb-device

Hi ,
Can you give me some advice on how to run this on Windows? I can get a adb shell but thats as far as I can get. I don't know how I am supposed to run the script.
Thanks
Stewart

Hello,
I am trying to root my mi 5c with your script, but I can't find sepolicy file on my phone, so for example this line can't be executed:
Code:
LD_LIBRARY_PATH=. ./supolicy --file /sepolicy ./sepolicy.patched
Do you know where I could find this file? I am using xiaomi.eu_multi_MI5c_7.4.6_v8-7.1 rom.

Hello,
I've had exactly the same issue on a multirom and on xiaomi.eu_multi_MI5c_7.4.20(although i'm not sure if installed rom has something to do with it)
blagon said:
...I am trying to root my mi 5c with your script, but I can't find sepolicy file on my phone...
Click to expand...
Click to collapse