I want to root my redmi6a but it has no boot ramdisk so I'll have to root it via recovery.img but i can't seem to find it on the stock firmware zip any help would be appreciated thanks!
To root Android you neither have to fiddle around with phone's boot.img nor with phone's recovery.img. Rooting Android simply is adding a binary called su to Android's filesystem and make it executable. This can get achieved by means of ADB.
xXx yYy said:
To root Android you neither have to fiddle around with phone's boot.img nor with phone's recovery.img. Rooting Android simply is adding a binary called su to Android's filesystem and make it executable. This can get achieved by means of ADB.
Click to expand...
Click to collapse
I mean i want to root it with magisk
Related
To get a privileged shell you need to modify the following lines to the given values in the default.prop file
ro.secure=0
ro.debuggable=1
persist.service.adb.enable=1
Click to expand...
Click to collapse
I have the extracted the recovery image of my phone model : So is it possible to modify the following values in the default.prop file, repack the image and flash it using fastboot(bootloader is unlocked) to get a privileged shell, and then copy the su binary after remounting system as read/write?
Do I need to change any other values in any of the files? And will it work, theoretically at least?
What are the chances of it messing up anything?
[I posted this on android.stackexchange but not much activity there]
No chances of bricking at all
Going further I would suggest you to tag in a shell script within init.rc so that it copies superuser apk and binary automatically as you boot
That's great
And is there any way to confirm that the recovery (downloaded) that I have is indeed from my device? Is the data within the prop files such as build and model no. etc enough?
Sent from my A9 using xda app-developers app
It didn't work. Either it wasn't the stock recovery in the first place, or the process isn't that easy. This can be closed now.
Modify boot.img
I think it is only the boot.img which is to be flashed. You don't need to flash recovery as whole.
If you have root access, you could manually edit default.prop. But, the modifications exist only till reboot. Once you reboot, boot.img will reload all the necessary system files to original. So, edit boot.img.
Adriel David said:
Hello I want to modify default.prop to modify it I need root access now I rooted my phone and cwm installed I want to make a flashable zip backup of default.prop can you provide me the script to be flashed by cwm because I am afraid bricking my phone
Click to expand...
Click to collapse
default.prop is on ramdisk or initrd which is part of the boot.img.
I use abootimg to edit boot, some use mkbootimg. Google editing initrd will give you info you need
varun.chitre15 said:
No chances of bricking at all
Going further I would suggest you to tag in a shell script within init.rc so that it copies superuser apk and binary automatically as you boot
Click to expand...
Click to collapse
Sorry to call on such an old post, but wouldnt this mean that on each boot (if modified on boot.img. On each fireup of recovery if on recovery.img) the superuser apk and binaries are reinstalled? Because this /is/ init.rc we're referring to. Please correct me if I am wrong, and also tell me if this is the best way to go about it I'm trying to come up with a way to root my device without using dirtycow haha
This boot.img, attached, provides a root shell directly over adb. It is a simple modification of the stock XXALJL boot.img and could be useful for ROM developers who need to adb remount frequently, while still using the stock boot/kernel. I do not recommend this method for users in general since it is very insecure (SuperUser gives you more fine-grained permission control).
Flash it with Odin or under Linux:
Code:
heimdall flash --18 XXALJL-rooted.boot.img
WARNING: contrary to the system.img root method, this WILL increase your download count!
EDIT: in fact it would be better to simply dd the img file into mmcblk0p20, should not increase the download count.
Be careful, this also disables auto updates (now it says the device has been modified, and won't allow OTA updating).
xd.bx said:
Be careful, this also disables auto updates (now it says the device has been modified, and won't allow OTA updating).
Click to expand...
Click to collapse
are you tested if work with custom recovery ?
xd.bx said:
This boot.img, attached, provides a root shell directly over adb. It is a simple modification of the stock XXALJL boot.img and could be useful for ROM developers who need to adb remount frequently, while still using the stock boot/kernel. I do not recommend this method for users in general since it is very insecure (SuperUser gives you more fine-grained permission control).
Flash it with Odin or under Linux:
Code:
heimdall flash --18 XXALJL-rooted.boot.img
WARNING: contrary to the system.img root method, this WILL increase your download count!
Click to expand...
Click to collapse
I just dumped your image and....
Forgive for being i bit confused but in order to have a rooted Insecure image don't you need to set ro.secure=0?
This your Default.prop dumped from your image
Code:
ro.secure=1
ro.allow.mock.location=0
ro.debuggable=0
persist.service.adb.enable=1
Also why is there no root binarys in the image?
So, as far as i can see the only thing this image will do is increase you binary count, nothing else.
If im wrong i apologize in advance.
faria said:
So, as far as i can see the only thing this image will do is increase you binary count, nothing else.
If im wrong i apologize in advance.
Click to expand...
Click to collapse
I did try setting ro.secure to 0 but it didn't work. So I simply patched the setuid/setgid arm instructions inside adbd so that it never drops its privileges, no matter what. (it's very straightforward to do with objdump+a hex editor).
spawk said:
are you tested if work with custom recovery ?
Click to expand...
Click to collapse
I haven't, no.
xd.bx said:
I did try setting ro.secure to 0 but it didn't work. So I simply patched the setuid/setgid arm instructions inside adbd so that it never drops its privileges, no matter what. (it's very straightforward to do with objdump+a hex editor).
Click to expand...
Click to collapse
I see,
I believe that the best way to achieve what you want is to split the boot image ,then dump the the ram disk, edit its contents then rebuild the image.
I have wrote a linux script that does all of that if you are interested .
faria said:
I see,
I believe that the best way to achieve what you want is to split the boot image ,then dump the the ram disk, edit its contents then rebuild the image.
I have wrote a linux script that does all of that if you are interested .
Click to expand...
Click to collapse
Thanks, indeed I am. BTW I just realized it would be much better to root through system.img and then flash by using dd into mmcblk0p20. This way the download count should stay the same.
xd.bx said:
Thanks, indeed I am. BTW I just realized it would be much better to root through system.img and then flash by using dd into mmcblk0p20. This way the download count should stay the same.
Click to expand...
Click to collapse
Our current method of rooting, using the System image does not increase the binary count.
Here is the script
You will need the abootimg tools installed in linux.
unzip the package ,delete everything inside the folder except the unpack file.
Copy the boot.img to the folder.
double click on the unpack file and launch as terminal
Follow the instructions in terminal window.
Okay so I have a tablet that not many have CWM was not supported. a Pyle Astro 7 Tablet
Heres what i did so far.
1. Got Root Access and busybox successfully
2. Backed up Recovery.img System.img kernel.img Boot.img successfully via terminal emulator.
3. Used builder.clockworkmod.com and made CMW recovery for my device by extracting the recovery.fstab and using the stock device recovery.img
4.moved it to device
5. removed the install-recovery.sh
6. couldnt locate any other recovery related .sh or .p files except autorecoveryon.sh and autorecovery.off.sh also removed them for the time being.
7. attempted to flash cmwrecovery.img via terminal via following code.
flash_image recovery /sdcard/cwmrecovery.img (i named file cwmrecovery.img for easier access.
8.rebooted device into recovery.
Still stock recovery...
Am I missing anything?
Any help would be awesome! If needed i can upload the System.img Boot.img Recovery.img CWMrecovery.img and Kernel.img
Thank you in advance!
zonark said:
Okay so I have a tablet that not many have CWM was not supported. a Pyle Astro 7 Tablet
Heres what i did so far.
1. Got Root Access and busybox successfully
2. Backed up Recovery.img System.img kernel.img Boot.img successfully via terminal emulator.
3. Used builder.clockworkmod.com and made CMW recovery for my device by extracting the recovery.fstab and using the stock device recovery.img
4.moved it to device
5. removed the install-recovery.sh
6. couldnt locate any other recovery related .sh or .p files except autorecoveryon.sh and autorecovery.off.sh also removed them for the time being.
7. attempted to flash cmwrecovery.img via terminal via following code.
flash_image recovery /sdcard/cwmrecovery.img (i named file cwmrecovery.img for easier access.
8.rebooted device into recovery.
Still stock recovery...
Am I missing anything?
Any help would be awesome! If needed i can upload the System.img Boot.img Recovery.img CWMrecovery.img and Kernel.img
Thank you in advance!
Click to expand...
Click to collapse
How did you root your Pyle tablet? Any tips on the procedure? Im having trouble getting mine rooted.
Thanks!
Custom adb root boot image with chainfires adbd kernel from adbd insecure as the phones adbd.. it has a few other tweaks and a custom permissive kernel and systemless root from chainfires supersu... the rsa fingerprint doesn't pop up when you connect a computer but it can be bypassed with adb in a custom recovery and found out if you use adbd insecure and let it patch chainfires adbd kernel it makes the phone as attached device in for adb devices instead of the plain unauthorized device and vendor keys not set. ... if you use it now you get adb root access and regular root access with the su binary but due to the rsa fingerprint not popping up you have to use adbd insecure until a recovery comes out cause it bypasses rsa fingerprint.. credits to come... to use adb root access you need a custom recovery with adb... adbd insecure app... adb on you're computer.... android sdk/android studio... java... boost mobile j7 running build f3 but you can just run systemless root until a recovery comes through. You can grab systemless root from here http://forum.xda-developers.com/galaxy-j7/how-to/root-samsung-galaxy-j7-sm-j700p-t3430185
And use it with the boot image.. but i just added systemless root patches to the boot image so all you have to do is flash the boot image.
Stock boot image below incase you want to unroot and go back to stock which can be flashed in flashfire link below. You can take this boot image and use flashfire to flash the stock firmware or stock boot image and you can root or not root when you flash with flashfires inject systemless root.
Flashfire below
https://play.google.com/store/apps/details?id=eu.chainfire.flash
Stock boot image below
https://drive.google.com/file/d/0B6d5ZB2mhxuHQWlqT2RDMDJNWlE/view?usp=drivesdk
All i did was add adb root access to the ramdisk.. and a few other ramdisk tweaks and added supersu systemless root patch to the boot image and chainfires adbd insecure kernel as the phones adbd. And added the stock boot image in a odin flashable tar.
Custom adb root access and regular systemless root Boot image below
https://drive.google.com/file/d/0B6d5ZB2mhxuHUUpkandKRUpEdXc/view?usp=drivesdk
Credits....
@messi2050 from xda for original boot image and permissive kernel..
@messi2050 from xda for providing instructions on how to root with cf auto root
@Chainfire from xda for adbd kernel and adbd insecure app
@Chainfire from xda for cf auto root tar
@Chainfire from xda for systemless root and supersu
@Chainfire from xda for flashfire
@ANyOne from xda or anywhere else who tests it.
Updated op with a new test build it has systemless root patches from chainfires supersu systemless root and roots you when you flash it in odin.
Added stock boot image to op... incase you want to remove root and the tweaks. Its simple to remove the roots and tweaks by just flashing the stock boot image in odin or flashfire.
Ive been testing as i go.. i haven't had any problems with root access it works pretty good and runs smoothly.
Added flashfire and some minor boot image flashing instructions to get back to stock rooted.
Test build #4 is up.. did some changes in default prop in ramdisk.. should make adb root access more smoother when it gets used in a custom recovery...
Update after some tweaking my last tweaks allow you to access the apn menu and edit apns and add apns.. in regular stock boot image its locked down and you cant access it but you can with this boot image.
Now works with adbd insecure app just let it patch chainfires adbd kernel and it lets you bypass the rsa fingerprint so you can run adb shell without having to wait for a custom recovery. Be sure to test adb shell and adb root access.
In the process of testing adb shell and adb root access some more....
After extensive testing for the past 3 hours using every adb command and adb shell command i can find.... the results are they all work...
Snapping screen shots and screen recording works pretty good too..
For the moment use titanium backup pro or app quarantine to disable/freeze the security logs and stop the pop up cause the permissive kernel running permissive instead of enforcing.
App quarantine
https://play.google.com/store/apps/details?id=com.ramdroid.appquarantine
[email protected]:/#
/sbin/adbdsh:
Bravo!!
Sent from my SM-J700F using XDA-Developers mobile app
Modified adbd uses /sbin/adbd : as its terminal shell
Original adbd uses /system/bin/sh as its terminal shell
One of the mods i did if youre curious but due to usb debugging being secure in newer android versions aka the rsa fingerprint having to match both on computer and phone and the fact you cant just reset the rsa key on stock cause it removes the revoke usb debugging authorization to reset the rsa fingkey and key so you dont get the full luxury of this old mod which has been around awhile and is not new... to grant root on stock firmware you need a custom recovery with adb or chainfires adbd insecure app... oh how times have changed in android...
Get Android Image Kitchen and extract it to your PC;
2. Open your_favorite_kernel.zip with 7zip and extract boot.img file to Android Image Kitchen folder;
3. Drag and Drop boot.img over unpackimg.bat. Kernel is unpacked and you will see 2 new folders - ramdisk and split_img;
4. Go to ramdisk folder and open default.prop file with text editor. This probably is not necessary but just in case change ro.secure and ro.adb.secure to 0 (zero):
Code:
ro.secure=0
ro.adb.secure=0
5. Get Chainfire's adbd Insecure v1.30, open it with 7zip, in assets folder you will see 3 .png files. Extract adbd.17.png to ramdisk\sbin folder;
6. Delete original kernel adbd file and rename adbd.17.png to adbd;
7. Go back to Android Image Kitchen folder and run repackimg.bat by just click on it. This will repack the modified kernel to image-new.img file ready for flashing;
8. Rename image-new.img to boot.img and replace the original one in your_favorite_kernel.zip by Drag and Drop in 7zip window;
9. Close 7zip, copy modified your_favorite_kernel.zip to /sdcard and flash it in recovery.
10. Enjoy ADB full root access for /system;
Android Sdk/ Android Studio
https://developer.android.com/studio/index.html
Java for devs and java for consumers
https://www.oracle.com/java/index.html
For development and adb purposes ill just leave this here.. its big enough to have its own thread but it goes with this mod so ill just leave it here..
CoffeeNAndroid said:
One of the mods i did if youre curious but due to usb debugging being secure in newer android versions aka the rsa fingerprint having to match both on computer and phone and the fact you cant just reset the rsa key on stock cause it removes the revoke usb debugging authorization to reset the rsa fingkey and key so you dont get the full luxury of this old mod which has been around awhile and is not new... to grant root on stock firmware you need a custom recovery with adb or chainfires adbd insecure app... oh how times have changed in android...
Get Android Image Kitchen and extract it to your PC;
2. Open your_favorite_kernel.zip with 7zip and extract boot.img file to Android Image Kitchen folder;
3. Drag and Drop boot.img over unpackimg.bat. Kernel is unpacked and you will see 2 new folders - ramdisk and split_img;
4. Go to ramdisk folder and open default.prop file with text editor. This probably is not necessary but just in case change ro.secure and ro.adb.secure to 0 (zero):
Code:
ro.secure=0
ro.adb.secure=0
5. Get Chainfire's adbd Insecure v1.30, open it with 7zip, in assets folder you will see 3 .png files. Extract adbd.17.png to ramdisk\sbin folder;
6. Delete original kernel adbd file and rename adbd.17.png to adbd;
7. Go back to Android Image Kitchen folder and run repackimg.bat by just click on it. This will repack the modified kernel to image-new.img file ready for flashing;
8. Rename image-new.img to boot.img and replace the original one in your_favorite_kernel.zip by Drag and Drop in 7zip window;
9. Close 7zip, copy modified your_favorite_kernel.zip to /sdcard and flash it in recovery.
10. Enjoy ADB full root access for /system;
Click to expand...
Click to collapse
Hello
Thanks for this tutorial !
I remain on the Samsung logo written with "recovery is not enforcing blah"
Yet I do exactly what's in the tutorial. I boot with the SM-J710FN
Could you help me please?
thank you in advance
hello in order to install magisk I need to get the recovery.img file from my phone, I already located it but I can't copy it with DD since I don't have root permissions, any suggestion?