Related
so i have adb setup and have it adb.exe in the gfree folder so when i go to command prompt im permission denied after
su
cd /data/local
chmod 777 gfree
./gfree -f
sync
Click to expand...
Click to collapse
what am i doing wrong
heres a pic
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
after cd /data/local it says permission denied what do i do?
zbrah said:
so i have adb setup and have it adb.exe in the gfree folder so when i go to command prompt im permission denied after
what am i doing wrong
heres a pic
after cd /data/local it says permission denied what do i do?
Click to expand...
Click to collapse
are you working from this page? http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision#Rooting_the_G2
why are you cd'ing to data/local? what's in that folder? in the other thread you said you had your files in gfree_02??
http://forum.xda-developers.com/showthread.php?t=855764
im using this method
why would you cd to data/local? you need to put files there, not pull files from there...
martonikaj said:
why would you cd to data/local? you need to put files there, not pull files from there...
Click to expand...
Click to collapse
what should i do then
what commands do i do thanks for the help i appreciate it
On your computer's terminal/command line, navigate to where the gfree file is, and then...
Code:
adb push gfree /data/local
adb shell
This copies gfree to your phone, then puts you in your phone's terminal. Then do this:
Code:
su
cd /data/local
chmod 777 gfree
./gfree -f
sync
Click to expand...
Click to collapse
thats what is says on this thread http://forum.xda-developers.com/showthread.php?t=855764
zbrah said:
thats what is says on this thread http://forum.xda-developers.com/showthread.php?t=855764
Click to expand...
Click to collapse
Aren't you supposed to be running the commands:
Code:
su
cd /data/local
chmod 777 gfree
./gfree -f
sync
In terminal emulator on your phone? from what I remember this is the way I did it. Could be mistaken by the wording though... I just remember using ADB to push all the files then just running terminal emulator on my phone instead of running a shell. Worth a try if you can't get ADB shell to work properly.
zbrah said:
so i have adb setup and have it adb.exe in the gfree folder so when i go to command prompt im permission denied after
what am i doing wrong
heres a pic
after cd /data/local it says permission denied what do i do?
Click to expand...
Click to collapse
From the look of this you still have a $ sign this means you dont have root permission, it should be a # sign after typing su in adb shell . Looks like your temp root didn't work or your not allowing root user permission on your phone right after typing su in adb shell.
The guide you are trying to use specifically says "So we're assuming you've permarooted already and usb debugging is on" but from the thread title, it sounds like you are trying to get permanent root. The guide does not work if you don't already have root.
You should probably use the guide in the Wiki linked to earlier.
The problem is the very first command you type into the command prompt on your phone, i.e. "su", is giving you "permission denied". So as others have said, you are not getting root permissions. If you have rooted previously then the "Superuser" app pops up and asks for permissions the first time you try "su", check it's not coming up with a box on your phone which you're failing to see (then it times out after a few seconds and says "permission denied").
Can't believe I was FINALLY able to achive this! Most of the hard work was put in by others for the original root (although tethered), I just tweaked the process a bit to come up with a non-tethered root solution...no more PC is needed upon reboot!
Thx to lalaihvfivfi - hxxp://forum.xda-developers.com/showthread.php?t=2194770 for the original post
Sorry for the lack of real links, I don't have 10 posts yet so I am not allowed to provide proper links - mods, fix this if necessary!
Also, not sure how if this will work on other models or rom versions, and listed below are my phone's specs:
System Version: 9.3.102.201M.SBM.en.JP
Model Number: 201M
Android Version: 4.1.2
Baseband Version: SM_T_BP_1539.000.35.03P
Kernel Version: 3.0.42-g721d60d
Build Number: 9.8.2Q-34_SMJ-102
1)Prep
- Download the Android SDK and USB drivers from the motorola homepage
- Download the following files:
- XT902_SBM ( hxxp://www1.axfc.net/uploader/so/2991543)
- su( hxxp://www1.axfc.net/uploader/so/2918729 password:f10d)
- Download Motopoclpyse ( hxxp://vulnfactory.org/blog/2013/04/08/motorola-bootloader-unlocking/ )
- Download the correct CWM for your phone from here --> ( hxxp://forum.xda-developers.com/showthread.php?t=2298521%E3%81%AE201M )
- Download the auto_root.sh file attached to this post
- Unzip the files and make note of the directory (I just dumped them all in the SDK > platform_tools folder as the adb files are newer than those contained in the zips above)
2) Plug the 201M in to the mac/win pc
3) Go to the directory where you Perform an adb push on the following files to the /data/local/tmp directory on the phone
- adb push su /data/local/tmp
- adb push Superuser.apk /data/local/tmp
- adb push busybox /data/local/tmp
- adb push auto_root.sh /data/local/tmp
- adb push unlock_security_module /data/local/tmp
- adb push break_setresuid /data/local/tmp/
- adb push mole-plough-ccsecurity.so /data/local/tmp/
- adb push mole-plough-lsm.so /data/local/tmp/
3) Use unlock_security_module to obtain temporary root
- adb shell
- [email protected]:/ $ cd /data/local/tmp/
- [email protected]:/data/local/tmp $ chmod 777 *
- [email protected]:/data/local/tmp $ ./unlock_security_module
- [email protected]:/data/local/tmp $ ./break_setresuid
4) You should see a stream of messages talking about the rooting process. If everything goes ok you should see:
- Unlocked LSM.
and
- Do setresuid...
Among the messages (sorry I don't remember the exact messages)
5) You should now be able to load su,Superuser.apk,busybox on to the system
- [email protected]:/data/local/tmp # mount -o rw,remount /system /system
- [email protected]:/data/local/tmp # cat /data/local/tmp/su > /system/xbin/su
- [email protected]:/data/local/tmp # cat /data/local/tmp/busybox > /system/xbin/busybox
- [email protected]:/data/local/tmp # cat /data/local/tmp/Superuser.apk > /system/app/Superuser.apk
- [email protected]:/data/local/tmp # chmod 644 /system/app/Superuser.apk
- [email protected]:/data/local/tmp # cd /system/xbin
- [email protected]:/system/xbin # chown root.root su
- [email protected]:/system/xbin # chown root.root busybox
- [email protected]:/system/xbin # chmod 6755 su
- [email protected]:/system/xbin # chmod 755 busybox
- [email protected]:/system/xbin # mount -o ro,remount /system /system
6) After the opperation is done it is ok to remove the cable from the pc. Check and see if SuperSU was installed. If it wasn't download Chainfire from the play store (which you should probably do anyway to update su)
7) Next, download Busybox from the playstore and run the updates
8) By this point you should have a fully upgraded Superuser, su, and busybox installation - however the access is only temporary and will be reset on reboot
9) Put the CWM.img you downloaded in motoapoclypse directory you created in step 10
10) Plug the 201M back in to the mac/win pc
11) Run the following commands to prepare for CWM install and reconfirm root is enabled
- adb push unlock /data/local/tmp/
- adb push cwm.img /data/local/tmp/cwm.img > nul
- adb shell chmod 755 /data/local/tmp/unlock
- adb shell
- [email protected]:/ $ cd /data/local/tmp/
- [email protected]:/ $ chmod 777 *
- [email protected]:/ $ ./unlock_security_module
- [email protected]:/ $ ./break_setresuid
- [email protected]:/ $ ./unlock
If you get a mention that the phone is already rooted, it's ok...these steps are just to make sure!
12) Inserting CWM
- [email protected]:/ $ su -c 'mount -o remount,rw /system'
- [email protected]:/ $ su -c 'mv /system/etc/install-recovery.sh /system/etc/install-recovery.bak'
- [email protected]:/ $ su -c 'mv /system/recovery-from-boot.p /system/recovery-from-boot.bak'
- [email protected]:/ $ su -c 'dd if=/data/local/tmp/cwm.img of=/dev/block/platform/msm_sdcc.1/by-name/recovery'
- [email protected]:/ $ su -c 'rm /data/local/tmp/cwm.img'
- [email protected]:/ $ reboot recovery
13) Upon reboot, you should be in CWM!
14) Exit out of CWM and let the phone boot up normally - you will notice you no longer have root, but fortunately you do not have to go through the above process all over again
15) Renable root by running the following command (Thx to kprower - hxxp://forum.xda-developers.com/showpost.php?p=46842021&postcount=19)
- adb shell "./data/local/tmp/unlock_security_module"
16) Download Script Manager - S Manager ( hxxps://play.google.com/store/apps/details?id=os.tools.scriptmanager&hl=en ) or use your own preference
17) Download the script attached to the thread (feel free to read through it and make it better if you can! - Thx to Sepero for BootBuddy - hxxp://androidforums.com/rooted-devices-only/693743-bootbuddy-run-boot-scripts- as a base)
18) Using script manager, go to the /data/local/tmp directory and click on auto_root.sh and open as a Script/Executable
19) Toggle the Su picture to turn on the ability to run as SU, then click save, then run.
20) The script should run (hopefully w/o any errors) and create the necessary file with the proper permissions
21) At this point, shut down the phone and reboot....you should have permanent root!
Click to expand...
Click to collapse
Any questions or spot any mistakes? Please ask and/or feel free to modify and update as necessary!
how to update 4.1.2?
hungln03 said:
how to update 4.1.2?
Click to expand...
Click to collapse
I just did the OTA (over the air) update back in March under Settings -> About Phone --> System Update
Though, if you can install CWM using the method above, you should be able to update that way as well (just make sure you have the right rom)
Bootloader unlock? can update?
---------- Post added at 03:37 AM ---------- Previous post was at 03:10 AM ----------
step17 link die
hungln03 said:
Bootloader unlock? can update?
---------- Post added at 03:37 AM ---------- Previous post was at 03:10 AM ----------
step17 link die
Click to expand...
Click to collapse
Yes, the bootloader is unlocked! As far as update...no idea as I already had the newest rom...
And Step 17, don't download the link there --> download the attached file on the bottom of the original post called auto_lock.sh.zip -- don't go the the androidforum's link!
The zip attached to the this thread is ok, I just downloaded it! Good luck!
Will this root a phone that took the November OTA update and has locked bootloader?
wolfpack99 said:
Will this root a phone that took the November OTA update and has locked bootloader?
Click to expand...
Click to collapse
No idea...last update Softbank (Japan) models received was last March....give it a try as this method should allow you to unlock the bootloader as well, but not sure if it will work or not outside of the SB model
It won't work on the XT907 with 9.8.1Q-78 or 9.8.1Q-94, since the bugs were fixed here, so that "unlock_security_module" will cause a segfault.
It might work on 9.8.1Q-66 and older versions, but there you also have the regular motopocalypse. So it's really just for the 201M.
okay this is good news, but can anybody enlight me how execute those steps above since i'm new to this thing?
stuck on chmod777* can't go through
Congratulations about the Root & unlock!! Great Job LostInInaka!!
Is there a source for the latest SB xml?
SIM Free?
It may be a stupid question, but does unlocking the Bootloader and rooting the device make it SIM free?
Thanks for sharing all this exiting stuff.
:good::good::good:
root 201M
what am I doing wrong?
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Sumkos said:
what am I doing wrong?
Click to expand...
Click to collapse
What you have to type in step 3 is:
adb shell
cd /data/local/tmp/
chmod 777 *
./unlock_security_module
./break_setresuid
No hostnames, no prompt sings.
root 201M
lem22 said:
What you have to type in step 3 is:
adb shell
cd /data/local/tmp/
chmod 777 *
./unlock_security_module
./break_setresuid
No hostnames, no prompt sings.
Click to expand...
Click to collapse
many thanks! deal with it, but now another problem:
You get a segfault, just like I mentioned in #8.
Do you really have a SoftBank 201M?
201M
lem22 said:
You get a segfault, just like I mentioned in #8.
Do you really have a SoftBank 201M?
Click to expand...
Click to collapse
in principle without difference already. the bootloader unlocked. recovery was flashed (TWRP) by fastboot comand. But sim lock didn't disappear. I flash different firmware (xt905, xt907, AOKP 4.4) and different radio. very sad
Bricked?
Hi guys. I got up to step 6 and after installing Chanfire and updating it rebooted my phone now I am stuck on the boot screen with only =SoftBank logo showing.
Help!:crying:
OMG!
After trying a few different things i am now completely stuck in the Fastboot Flash Mode.
at the bottom it says:
Fastboot Reason: Flash Failure
usb connected
Bricked
This is what I am currently seeing:
AP Fastboot Flash Mode (S)
10.9B(*) (sha-e92be7d, 2013-03-29 01:58:14)
eMMC Info: Size 8GB
Deivice is LOCKED, Status Code: 0
Battery OK
Transfer Mode:
USB Connected
Fastbook Reason: Flash Failure
usb connected
---------------------------------------update
From CMD i sent the following command: fastboot continue
Now it shows the Softbank logo but it doesn't seem to be going anywhere. However, Windows did suddenly notice the device as soon as the logo came up and started to install the MTP USB Device, Motorola Networking Interface, and Motorola ADB Interface which all failed.
---------------------------------------update 2
Whilst in the Softbank logo screen I was able to send ADM commands so I tried going through the steps again to see what would happen.
Now this is what I have:
AP Fastboot Flash Mode (S)
10.9B(*) (sha-e92be7d, 2013-03-29 01:58:14)
eMMC Info: Size 8GB
Deivice is UNLOCKED, Status Code: 3
Battery OK
Transfer Mode:
USB Connected
Fastbook Reason: Flash Failure
usb connected
Thank you so much!!!!
Thank you so much for this. After a month or so of tinkering with my 201m, I had resigned myself to a locked controlled Android phone. This makes it so much better. I really cannot thank you enough!!!!:laugh::laugh::laugh:
im trying to get soff but it just keeps hanging like this
C:\Users\KingKong\Desktop\platform-tools>adb reboot
C:\Users\KingKong\Desktop\platform-tools>adb wait-for-device push firewater /dat
a/local/tmp
ive waiting over 10 mins and nothing has been sent to my phone please help
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Looks like you haven't authorised adb. Revoke the usb debugging authorizations in developer settings and disable then re-enable usb debugging. Reboot then reconnect and try again this time authorise adb then just type adb devices before running firewater. If it says offline again you need to sort that before continuing otherwise it won't work.
ashyx said:
Looks like you haven't authorised adb. Revoke the usb debugging authorizations in developer settings and disable then re-enable usb debugging. Reboot then reconnect and try again this time authorise adb then just type adb devices before running firewater. If it says offline again you need to sort that before continuing otherwise it won't work.
Click to expand...
Click to collapse
i just tried what you said and its still hanging at the same place i have no idea why its doing it
Are you still getting the offline message? It won't continue with that message. Make sure the developers options are actually switched on. Check the slider at the top. Also make sure to use the original usb cable.
i checked devices and found my phone then i done adb reboot. it rebooted then i put adb wait-for-device push firewater /data/local/tmp and now its stuck like that command prompt now will not let me type into it
tommydee90 said:
i checked devices and found my phone then i done adb reboot. it rebooted then i put adb wait-for-device push firewater /data/local/tmp and now its stuck like that command prompt now will not let me type into it
Click to expand...
Click to collapse
No don't run that command until you have typed 'adb devices' if it shows offline there is no point going any further.
Try this type the command above if it doesn't show any devices attached or says offline. Unplug the usb cable and plug into another usb port then type 'adb devices again'
Does it show any devices attached?
i did do adb devices and it still doing it
C:\Users\KingKong\Desktop\platform-tools>adb devices
List of devices attached
HT453WM04355 device
C:\Users\KingKong\Desktop\platform-tools>adb reboot
C:\Users\KingKong\Desktop\platform-tools>adb wait-for-device push firewater /dat
a/local/tmp
and when i unplug the device this happends
C:\Users\KingKong\Desktop\platform-tools>adb wait-for-device push firewater /dat
a/local/tmp
4306 KB/s (4522136 bytes in 1.025s)
C:\Users\KingKong\Desktop\platform-tools>
i think ive found the problem i do adb devices phones shows like normal then i do adb reboot phone reboots then i do adb device agin just to check it says device offline ?
Dont do adb reboot . As long as your device shows up in adb then follow the instruction on firewater if your device can achieve s-off
C:\Users\KingKong\Desktop\platform-tools>adb wait-for-device push firewater /dat
a/local/tmp
5842 KB/s (4522136 bytes in 0.755s)
C:\Users\KingKong\Desktop\platform-tools>adb shell
[email protected]_m8:/ $ su
su
1|[email protected]_m8:/ $ chmod 755 /data/local/tmp/firewater
chmod 755 /data/local/tmp/firewater
[email protected]_m8:/ $ /data/local/tmp/firewater
/data/local/tmp/firewater
error, run firewater as root. su or FU!!!!!!
1|[email protected]_m8:/ $
this is what i get now
C:\Users\KingKong\Desktop\platform-tools>adb wait-for-device push firewater /dat
a
Are you not rooted? You need root first to run su.
i had to accept it on my phone.. thank you for the help now onto flashing it with google play edition lol
STEP 1: Root the phone with the link provided in the op7t forum.Now you have magisk.
STEP 2: Install the SE LINUX SWITCH APP link: https://labs.xda-developers.com/store/app/com.ibuprophen.selinux
STEP 3: change selinux to permissive. now to go settings-battery optimisation-change the selinux app to not optimised.turn off googleplay protect.
STEP 4:now all you need is a modded stock recovery. download it from here. link: https://drive.google.com/file/d/1S-1Np5CFx9z98Ntp8vUTWFU1ksqIeBSN/view
STEP 5:now go to fastboot and flash the stock modded recovery. CODE: fastboot flash recovery RECOVERYNAME.zip now you have adb enabled stock recovery.
STEP 6:now boot to stock recovery while connected to pc and type adb devices in cmd. it should go to adb. if yes proceed to next step.
STEP 7:now install viper4fx from magisk. phone will reboot. go into viper4a app and install drivers. it will go to fastboot ofcourse.
STEP 8: boot to recovery from fastboot. then just type in the following commands/
1. adb shell
2. cd data
3. cd adb
4. cd modules
5. cd ViPER4AndroidFX
6. rm post-fs-data.sh
7. exit
STEP 8: phone will now boot. again go to viper4a app and install drivers and repeat step 8 again.
VOILA now you have viper fully working on our beloved op7t.
NOTE: disable bluetooth absolute volume for bluetooth to work in v4a.
Dont try installing viper in 10.3.1. you will be stuck in fastboot. so instead download 10.3.0 fastboot image and flash it. then follow the above steps and update the phone by the following.
- Update the Rom WITHOUT REBOOT;
- Open Magisk Manager;
- In Magisk Manager, click on Install/Install/Direct Install;
- Again in Magisk Manager, click on Install/Install/Inactive Slot;
- Reboot. Root, viper and all the magisk modules will be retained. Give a thumbsup
Anyone tried this?
VIZT said:
Anyone tried this?
Click to expand...
Click to collapse
perfectly working in mine.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
why do i need always to set os to permissive?
Snake.s9 said:
why do i need always to set os to permissive?
Click to expand...
Click to collapse
Permissive sets SELinux to behave in a different way than Enforcing(default), which is required for V4A to work.
As far as technical details, I have no idea.
Permissive is dangerous.
Batfink33 said:
Permissive is dangerous.
Click to expand...
Click to collapse
Why ? Explain more please
Snake.s9 said:
Why ? Explain more please
Click to expand...
Click to collapse
Leaves the kernel open to any malicious apps that want to take control of your phone.
Snake.s9 said:
why do i need always to set os to permissive?
Click to expand...
Click to collapse
permissive mode allows some features to run on some instances which are not allowed in enforcing mode. like for example debugging.
Apparently its not meant for me to have viper. Modded recovery won't even work.
i tired it says no such file or directory on rm command
had to load app and install driver first
shorty1993 said:
Apparently its not meant for me to have viper. Modded recovery won't even work.
Click to expand...
Click to collapse
not working in the sense? not able to flash or adb isnt responding?
chwads2k8 said:
i tired it says no such file or directory on rm command
had to load app and install driver first
Click to expand...
Click to collapse
yes. postfs file will be generated only after installing the app. it is necessary to remove it for the phone to boot and for viper to work aswell.
I got to step five say
C:\adb>adb shell
error: device not found
AboNaya said:
I got to step five say
C:\adb>adb shell
error: device not found
Click to expand...
Click to collapse
Why would you type adb shell in fastboot?
Read the instructions again
Sent from my OnePlus7TPro using XDA Labs
Lossyx said:
Why would you type adb shell in fastboot?
Read the instructions again
Sent from my OnePlus7TPro using XDA Labs
Click to expand...
Click to collapse
C:\Users\MY>adb shell
OnePlus7T:/ $ cd data
cd data
OnePlus7T:/data $ cd adb
cd adb
/system/bin/sh: cd: /data/adb: Permission denied
Thank you very much for responding to me. I have taken the steps back to step 8 and the phone, of course, does not start the problem now, it is as follows What is the solution to overcoming this problem, please, I am a fan of this program and after moving to OnePlus SevenT I could not run it for more than ten to twenty attempts
AboNaya said:
C:\Users\MY>adb shell
OnePlus7T:/ $ cd data
cd data
OnePlus7T:/data $ cd adb
cd adb
/system/bin/sh: cd: /data/adb: Permission denied
Thank you very much for responding to me. I have taken the steps back to step 8 and the phone, of course, does not start the problem now, it is as follows What is the solution to overcoming this problem, please, I am a fan of this program and after moving to OnePlus SevenT I could not run it for more than ten to twenty attempts
Click to expand...
Click to collapse
Ah.
After typing adb shell and your prompt shows:
OnePlus7T:/ $
type: su <press enter>
Prompt should now look like this:
OnePlus7T:/ #
Now you have root access and can cd into /data/adb/.
not working
adb shell
# cd data
cd data
# cd adb
cd adb
/system/bin/sh: cd: /data/adb: No such file or directory
what to do now?
grandpajiver said:
Ah.
After typing adb shell and your prompt shows:
OnePlus7T:/ $
type: su <press enter>
Prompt should now look like this:
OnePlus7T:/ #
Now you have root access and can cd into /data/adb/.
Click to expand...
Click to collapse
C:\adb>adb shell
# su
su
/system/bin/sh: su: inaccessible or not found
#
AboNaya said:
C:\adb>adb shell
# su
su
/system/bin/sh: su: inaccessible or not found
#
Click to expand...
Click to collapse
Don't type su, just adb shell and proceed
Sent from my OnePlus7TPro using XDA Labs
hi,
i show you, how i rooted my Philips 65OLED873/12 with last firmware TPM171E_107.1.140.0. This method is absed on using Magisk manager (https://magisk.me/apk/).
1) 1.st what you need is:
- boot.img (if your device use ramdrive...it is my case of OLED873/12)
- or recovery.img (other devices which don´t use ramdrive...more info https://topjohnwu.github.io/Magisk/install.html)
- so, for this step you need original firmware from this site: https://toengel.net/philipsblog/firmware-download/, specifically for my OLED873 TPM171E_107.1.140.0 (this is last update from 8.12.2021) and rename this file "update.zip" ( this ZIP contain a "autorun.upg" file -> this is still ZIP package, inside are many files factory.img.zip, boot.img.zip, recovery.img.zip...etc., but these files are encrypted, not usable in this state for magisk patching).
Now the fun begins with decryption of these files...
I used a part of project Sebastian "Yath" Schmidt from https://github.com/yath/tpm171e, concrete part of "unpack firmware" https://github.com/yath/tpm171e/blob/master/unpack-firmware.
for this process i used - virtualized KALI linux in VM Ware (is possible use other linux distros). In Kali linux you need install a few tools:
- abootimg -> sudo apt install abootimg
- squashfs-tools -> sudo apt-get update && sudo apt-get install squashfs-tools ......or optional git clone https://github.com/plougher/squashfs-tools.git -> go to higher folder with cd /squshfs-tools/squashfs-tools/ and here build it with command "make"
- extfstools -> git clone https://github.com/nlitsme/extfstools.git -> get in the /extfstools and build it with command "make"
- maybe is better add extfstools and squasfs-tools add to PATH
2) extract "recovery-resource.dat" file from your TV (OLED873) device. This file is located here: /system/etc/recovery-resource.dat (for accessing this file is root permissions not required).
- copy this file from TV to computer with adb command: adb pull /system/etc/recovery-resource.dat
- extract this file (it is an ZIP archive with dat extension), or extract from this file only "keyfile.txt" (if you communicating with adb under Windows -> copy this keyfile.txt to Kali linux)
- now use this command to getting the correct and usable passfile.txt for decrypting original philips firmware file autorun.upg: dd if=keyfile.txt of=passfile.txt bs=127 count=1
3) use scipt file form https://raw.githubusercontent.com/yath/tpm171e/master/unpack-firmware, save this in to the file e.g. "decrypt.sh" in same location like passfile.txt and update.zip
- change file permissions with chmod +x decrypt.sh
#!/bin/bash
set -euo pipefail
# tools. change paths if necessary.
abootimg=abootimg # https://github.com/ggrandou/abootimg
unsquashfs=unsquashfs # https://android.googlesource.com/platform/external/squashfs-tools
ext2rd=ext2rd # https://github.com/qmfrederik/extfstools
cpio=cpio
openssl=openssl
# https://toengel.net/philipsblog/firmware-download/
if [[ "$#" -lt 1 ]]; then
echo "Usage: $0 <update.zip>" >&2
exit 1
fi
passfile="$(dirname "$(readlink -f "$0")")/passfile.txt"
if [[ ! -e "$passfile" ]]; then
echo "passfile.txt not found (looked at $passfile)" >&2
echo "try: make -C $(dirname "$passfile") $(basename "$passfile")" >&2
exit 1
fi
zipfile="$1"
outdir="${zipfile%.zip}"
if [[ "$outdir" == "$zipfile" ]]; then
outdir="${zipfile}.out"
fi
echo "Unpacking $zipfile to $outdir"
# Unpack *.upg file from .zip into temporary directory. Extract the upg file
# to outdir.
tmpdir="$(mktemp -d)"
trap "rm -rf '$tmpdir'" EXIT
unzip -d "$tmpdir" "$zipfile"
upgfiles=("$tmpdir"/*.upg)
if [[ "${#upgfiles[@]}" -ne 1 ]]; then
echo "update.zip '$zipfile' contains ${#upgfiles[@]}, want exactly one" >&2
echo "update.zip contents:" >&2
ls -l -R "$tmpdir" >&2
exit 1
fi
# The .upg file is an Android recovery update.zip.
upgfile="${upgfiles[0]}"
unzip -d "$outdir" "$upgfile"
rm -f "$upgfile"
# Decrypt .zip files
rc=0
for enczip in "$outdir"/*.zip; do
deczip="${enczip}.dec"
if ! "$openssl" enc -d -aes-256-cbc -md md5 -p -pass file:"$passfile" -out "$deczip" -in "$enczip"; then
echo "Failed to decrypt $enczip" >&2
rc=1
continue
fi
if ! file -bi "$deczip" | grep -q '^application/zip'; then
echo "WARNING: $deczip might not be a .zip file, not renaming" >&2
rc=1
continue
fi
mv -vf "$deczip" "$enczip"
done
# Unpack all .zip files
for zip in "$outdir"/*.zip; do
if ! unzip -d "$outdir" "$zip"; then
echo "Unpacking $zip failed, not removing" >&2
rc=1
continue
fi
img="${zip%.zip}" # system.img.zip -> system.img, for system.img.{sh,lst}.
rm -vf "$zip" "$img".sh "$img".lst
done
# Concatenate system image
if ! cat "$outdir"/system?.img > "$outdir"/system.img; then
echo "Concatenating system images failed" >&2
rc=1
else
rm -vf "$outdir"/system?.img
fi
# Extract boot images
if ! which "$abootimg" 2>/dev/null; then
echo "$abootimg is not installed, not unpacking boot images" >&2
rc=1
else
for img in "$outdir"/{boot,factory,recovery}.img; do
abs="$(readlink -f "$img")" # for the subshell which has a different $PWD
imgdir="${img%.img}"
mkdir -p "$imgdir"
if ! (cd "$imgdir" && "$abootimg" -x "$abs"); then
echo "Extracting $img to $imgdir failed" >&2
rc=1
continue
fi
rm -vf "$img"
# Extract initrd
initrd="${imgdir}/initrd.img"
initrddir="${initrd%.img}"
mkdir -p "$initrddir"
if ! gzip -cd "$initrd" | "$cpio" -D "$initrddir" -id; then
echo "Extracting $initrd to $initrddir failed" >&2
rc=1
continue
fi
rm -vf "$initrd"
done
fi
# Extract rootfs and 3rd_file
if ! which "$unsquashfs" 2>/dev/null; then
echo "$unsquashfs is not installed, not unpacking rootfs" >&2
rc=1
else
if ! mv "$outdir"/3rd_file "$outdir"/3rd_file.bin; then
echo "Renaming 3rd_file failed" >&2
rc=1
fi
for img in "$outdir"/{3rd_file,rootfs}.bin; do
imgdir="${img%.bin}"
if ! "$unsquashfs" -d "$imgdir" -li "$img"; then
echo "Extracting $img to $imgdir failed" >&2
rc=1
continue
fi
rm -vf "$img"
done
fi
# Extract system.img
if ! which "$ext2rd" 2>/dev/null; then
echo "$ext2rd is not installed, not unpacking system image" >&2
rc=1
else
img="$outdir"/system.img
imgdir="${img%.img}"
mkdir -p "$imgdir"
if ! "$ext2rd" "$img" ./:"$imgdir"; then
echo "Extracting $img to $imgdir failed" >&2
rc=1
else
rm -vf "$img"
fi
fi
# The End
if (( rc )); then
echo "Warnings encountered; please check output!" >&2
fi
echo "Unpacked $zipfile to $outdir, have fun!"
exit "$rc"
Click to expand...
Click to collapse
4) now run script: sudo ./decrypt.sh update.zip
- after the script has finished running, you'll see a message (3rd. from bottom) : ext2rd is not installed, not unpacking system image -> it is ok
- now you have new folder named "UPDATE" with decypted files.
- if you'll hav a problems (no boot.img, recovery.img, etc in UPDATE folder), edit script file "decrypt.sh", go on line 106 and write the first character on the line # comment the line, it disabling rm command in script)
5) for my TV OLED873/12 i used decrypted "boot.img" -> install last Magisk Manager v 25.2 in TV:
adb install magisk.apk -> hasn't created an icon on my TV -> run app manually with command from: adb shell monkey -d com.topjohnwu.magisk 1
6) copy copy decrypted "boot.img" file it to the TV: adb push C:\Users\XXX\Downloads\boot.img /storage/sdcard0/Downloads
7) in Magisk app run on first line "install" (on the line with Zgysk no, Ramdisk yes)
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
- next step (next windows) i checked both check-boxes and click next button:
- now you select "boot.img" file from /Download folder in your TV and wait for patching of this file.
- now you have in new patched file named as "boot-patched_XXXX.img" (or something like that) in folder.
- now copy this patched file back to PC with commadn: adb pull /storage/sdcard0/Downloads/boot-patched_XXXX.img C:\Users\XXX\Downloads
8) now send adb command for rebooting to bootloader: adb reboot bootloader
- wait for the TV reboot into bootloader mode -> check it with fastboot command: fastboot devices
- now use fastboot command for flashing patched boot.img file: fastboot flash boot boot-patched_XXXX.img (or rename it in PC on shorter "boot.img")
- after this send last fastboot command: fastboot reboot
- after this wait for rebooting to system and enjoy rooted your Philips OLED873
- check it with adb commands:
adb shell
su (after this allow super user permissions in pop-up window on TV screen with remote controller)
...i mean, this decrypting method will probably work on all other (and newer) models of android tv Philips, which use the same salted encryption his own original firmware updates. I checked firmware TPM211EA_101.001.003.232 from Philips TV 2022 (OLED937, OLED907, OLED807, OLED837, OLED857, OLED887, OLED707, PML9507 (MiniLED), PUS8807, PUS8837, PUS8857, PUS8887, PUS8897, PUS8507, PUS8517) and at first sight the same encryption....
Thank you very much sir!
I'll try to order a donor pcb from ebay asap and try this method on the test pcb first. I'm a bit affraid to brick my device.
stay calm, it is ok (i had too fear )...on the first try, I got restart loop, but a few seconds befer restarting was activated adb (i was fast with command adb reboot bootloader...and that was still working...from bootloader i tryed flash new one boot.img and for the second time it has already worked).