Próbuję zrootować telefon Lenovo S60 z androidem 5.0.2.
Info o romie:
DBG [sDK 21] [arm] [] [arm64-v8a] [arm64] [system/bin/sh]
Do tej pory każdy telefon jeśli byłem w stanie wgrać żywcem partycję system bez problemu się rootował. Nie da rady wgrać innego recovery bo bootloader jest zablokowany i trzeba pracować na plikach. Dochodzi również SELinux.
Próbuję zrootować przy pomocy SuperSU:
http://forum.xda-developers.com/showthread.php?t=1538053
https://download.chainfire.eu/696/SuperSU/UPDATE-SuperSU-v2.46.zip
Napisałem sobie skrypt:
SPATH=system - punkt montowania obrazu system.img
supersu - podfolder z zawartością UPDATE-SuperSU-v2.46.zip
http://pastebin.com/ef9477cb
#!/bin/sh
SPATH=system
API=$
(
cat
$SPATH
/build.prop
|
grep
"ro.build.version.sdk="
|
dd
bs=
1
skip=
21
count=
2
)
ABI=$
(
cat
$SPATH
/build.prop
|
grep
-m
1
"ro.product.cpu.abi="
|
dd
bs=
1
skip=
19
count=
3
)
ABILONG=$
(
cat
$SPATH
/build.prop
|
grep
-m
1
"ro.product.cpu.abi="
|
dd
bs=
1
skip=
19
)
ABI2=$
(
cat
$SPATH
/build.prop
|
grep
-m
1
"ro.product.cpu.abi2="
|
dd
bs=
1
skip=
20
count=
3
)
SUMOD=06755
SUGOTE=
false
SUPOLICY=
false
INSTALL_RECOVERY_CONTEXT=u:object_r:system_file:s0
MKSH=
$SPATH
/bin
/mksh
PIE=
ARCH=arm
APKFOLDER=
false
APKNAME=
$SPATH
/app
/Superuser.apk
APPPROCESS=
false
APPPROCESS64=
false
if
[
"$ABI" =
"x86"
];
then
ARCH=x86;
fi;
if
[
"$ABI2" =
"x86"
];
then
ARCH=x86;
fi;
if
[
"$API"
-eq
"$API"
];
then
if
[
"$API"
-ge
"17"
];
then
SUGOTE=
true
PIE=.pie
if
[
"$ABILONG" =
"armeabi-v7a"
];
then
ARCH=armv7;
fi;
if
[
"$ABI" =
"mip"
];
then
ARCH=mips;
fi;
if
[
"$ABILONG" =
"mips"
];
then
ARCH=mips;
fi;
fi
if
[
"$API"
-ge
"18"
];
then
SUMOD=0755
fi
if
[
"$API"
-ge
"20"
];
then
if
[
"$ABILONG" =
"arm64-v8a"
];
then
ARCH=arm64;
SYSTEMLIB=
$SPATH
/lib64;
APPPROCESS64=
true;
fi;
if
[
"$ABILONG" =
"mips64"
];
then
ARCH=mips64;
SYSTEMLIB=
$SPATH
/lib64;
APPPROCESS64=
true;
fi;
if
[
"$ABILONG" =
"x86_64"
];
then
ARCH=x64;
SYSTEMLIB=
$SPATH
/lib64;
APPPROCESS64=
true;
fi;
APKFOLDER=
true
APKNAME=
$SPATH
/app
/SuperSU
/SuperSU.apk
fi
if
[
"$API"
-ge
"19"
];
then
SUPOLICY=
true
if
[
"$( > /dev/null; echo $?)"
-eq
"0"
];
then
INSTALL_RECOVERY_CONTEXT=u:object_r:toolbox_exec:s0
fi
fi
if
[
"$API"
-ge
"21"
];
then
APPPROCESS=
true
fi
fi
if
[
!
-f
$MKSH
];
then
MKSH=
$SPATH
/bin
/
sh
fi
echo DBG
[
$API
]
[
$ABI
]
[
$ABI2
]
[
$ABILONG
]
[
$ARCH
]
[
$MKSH
]
BIN=supersu
/
$ARCH
COM=supersu
/common
echo
"- Removing old files"
if
[
-f
"$SPATH/bin/install-recovery.sh"
];
then
if
[
!
-f
"$SPATH/bin/install-recovery_original.sh"
];
then
mv
$SPATH
/bin
/install-recovery.sh
$SPATH
/bin
/install-recovery_original.sh
fi
fi
if
[
-f
"$SPATH/etc/install-recovery.sh"
];
then
if
[
!
-f
"$SPATH/etc/install-recovery_original.sh"
];
then
mv
$SPATH
/etc
/install-recovery.sh
$SPATH
/etc
/install-recovery_original.sh
fi
fi
rm
-f
$SPATH
/bin
/
su
rm
-f
$SPATH
/xbin
/
su
rm
-f
$SPATH
/sbin
/
su
rm
-f
$SPATH
/xbin
/daemonsu
rm
-f
$SPATH
/xbin
/sugote
rm
-f
$SPATH
/xbin
/sugote-mksh
rm
-f
$SPATH
/xbin
/supolicy
rm
-f
$SPATH
/lib
/libsupol.so
rm
-f
$SPATH
/lib64
/libsupol.so
rm
-f
$SPATH
/bin
/.ext
/.su
rm
-f
$SPATH
/bin
/install-recovery.sh
rm
-f
$SPATH
/etc
/install-recovery.sh
rm
-f
$SPATH
/etc
/init.d
/99SuperSUDaemon
rm
-f
$SPATH
/etc
/.installed_su_daemon
rm
-f
$SPATH
/app
/Superuser.apk
rm
-f
$SPATH
/app
/Superuser.odex
rm
-rf
$SPATH
/app
/Superuser
rm
-f
$SPATH
/app
/SuperUser.apk
rm
-f
$SPATH
/app
/SuperUser.odex
rm
-rf
$SPATH
/app
/SuperUser
rm
-f
$SPATH
/app
/superuser.apk
rm
-f
$SPATH
/app
/superuser.odex
rm
-rf
$SPATH
/app
/superuser
rm
-f
$SPATH
/app
/Supersu.apk
rm
-f
$SPATH
/app
/Supersu.odex
rm
-rf
$SPATH
/app
/Supersu
rm
-f
$SPATH
/app
/SuperSU.apk
rm
-f
$SPATH
/app
/SuperSU.odex
rm
-rf
$SPATH
/app
/SuperSU
rm
-f
$SPATH
/app
/supersu.apk
rm
-f
$SPATH
/app
/supersu.odex
rm
-rf
$SPATH
/app
/supersu
rm
-f
$SPATH
/app
/VenomSuperUser.apk
rm
-f
$SPATH
/app
/VenomSuperUser.odex
rm
-rf
$SPATH
/app
/VenomSuperUser
echo
"- Placing files"
mkdir
$SPATH
/bin
/.ext
chown
--reference=
$SPATH
/bin
/
$SPATH
/bin
/.ext
chmod
--reference=
$SPATH
/bin
/
$SPATH
/bin
/.ext
chcon
--reference=
$SPATH
/bin
/
$SPATH
/bin
/.ext
cp
-rf
$BIN
/
su
$SPATH
/bin
/.ext
/.su
chown
--reference=
$SPATH
/bin
/adb
$SPATH
/bin
/.ext
/.su
chmod
--reference=
$SPATH
/bin
/adb
$SPATH
/bin
/.ext
/.su
chcon
--reference=
$SPATH
/bin
/adb
$SPATH
/bin
/.ext
/.su
cp
-rf
$BIN
/
su
$SPATH
/xbin
/
su
chown
--reference=
$SPATH
/xbin
/btconfig
$SPATH
/xbin
/
su
chmod
--reference=
$SPATH
/xbin
/btconfig
$SPATH
/xbin
/
su
chcon
--reference=
$SPATH
/xbin
/btconfig
$SPATH
/xbin
/
su
cp
-rf
$BIN
/
su
$SPATH
/xbin
/daemonsu
chown
--reference=
$SPATH
/xbin
/btconfig
$SPATH
/xbin
/daemonsu
chmod
--reference=
$SPATH
/xbin
/btconfig
$SPATH
/xbin
/daemonsu
chcon
--reference=
$SPATH
/xbin
/btconfig
$SPATH
/xbin
/daemonsu
if
(
$SUGOTE
);
then
echo SUGOTE...
cp
-rf
$BIN
/
su
$SPATH
/xbin
/sugote
chown
--reference=
$SPATH
/bin
/app_process64
$SPATH
/xbin
/sugote
chmod
--reference=
$SPATH
/bin
/app_process64
$SPATH
/xbin
/sugote
chcon
--reference=
$SPATH
/bin
/app_process64
$SPATH
/xbin
/sugote
cp
-rf
$MKSH
$SPATH
/xbin
/sugote-mksh
chown
--reference=
$MKSH
$SPATH
/xbin
/sugote-mksh
chmod
--reference=
$MKSH
$SPATH
/xbin
/sugote-mksh
chcon
--reference=
$MKSH
$SPATH
/xbin
/sugote-mksh
fi
if
(
$SUPOLICY
);
then
echo SUPOLICY...
cp
-rf
$BIN
/supolicy
$SPATH
/xbin
/supolicy
chown
--reference=
$SPATH
/xbin
/btconfig
$SPATH
/xbin
/supolicy
chmod
--reference=
$SPATH
/xbin
/btconfig
$SPATH
/xbin
/supolicy
chcon
--reference=
$SPATH
/xbin
/btconfig
$SPATH
/xbin
/supolicy
cp
-rf
$BIN
/libsupol.so
$SYSTEMLIB
/libsupol.so
chown
--reference=
$SYSTEMLIB
/libext4_utils.so
$SYSTEMLIB
/libsupol.so
chmod
--reference=
$SYSTEMLIB
/libext4_utils.so
$SYSTEMLIB
/libsupol.so
chcon
--reference=
$SYSTEMLIB
/libext4_utils.so
$SYSTEMLIB
/libsupol.so
fi
if
(
$APKFOLDER
);
then
echo APKFOLDER...
mkdir
$SPATH
/app
/SuperSU
chown
--reference=
$SPATH
/app
/Calculator
/
$SPATH
/app
/SuperSU
chmod
--reference=
$SPATH
/app
/Calculator
/
$SPATH
/app
/SuperSU
chcon
--reference=
$SPATH
/app
/Calculator
/
$SPATH
/app
/SuperSU
fi
cp
-rf
$COM
/Superuser.apk
$APKNAME
chown
--reference=
$SPATH
/app
/Calculator
/Calculator.apk
$APKNAME
chmod
--reference=
$SPATH
/app
/Calculator
/Calculator.apk
$APKNAME
chcon
--reference=
$SPATH
/app
/Calculator
/Calculator.apk
$APKNAME
cp
-rf
$COM
/install-recovery.sh
$SPATH
/etc
/install-recovery.sh
chown
--reference=
$SPATH
/bin
/install-recovery_original.sh
$SPATH
/etc
/install-recovery.sh
chmod
--reference=
$SPATH
/bin
/install-recovery_original.sh
$SPATH
/etc
/install-recovery.sh
chcon
--reference=
$SPATH
/bin
/install-recovery_original.sh
$SPATH
/etc
/install-recovery.sh
rm
-rf
$SPATH
/bin
/install-recovery.sh
ln
-s
/system
/etc
/install-recovery.sh
$SPATH
/bin
/install-recovery.sh
chown
-h
--reference=
$SPATH
/bin
/install-recovery_original.sh
$SPATH
/bin
/install-recovery.sh
#chmod --reference=$SPATH/bin/install-recovery_original.sh $SPATH/bin/install-recovery.sh
chcon
-h
--reference=
$SPATH
/bin
/install-recovery_original.sh
$SPATH
/bin
/install-recovery.sh
if
(
$APPPROCESS
);
then
echo Should APProcess
fi
mkdir
$SPATH
/etc
/init.d
chown
--reference=
$SPATH
/etc
/
$SPATH
/etc
/init.d
chmod
--reference=
$SPATH
/etc
/
$SPATH
/etc
/init.d
chcon
--reference=
$SPATH
/etc
/
$SPATH
/etc
/init.d
cp
-rf
$COM
/99SuperSUDaemon
$SPATH
/etc
/init.d
/99SuperSUDaemon
chown
--reference=
$SPATH
/etc
/apns-conf.xml
$SPATH
/etc
/init.d
/99SuperSUDaemon
chmod 0744
$SPATH
/etc
/init.d
/99SuperSUDaemon
chcon
--reference=
$SPATH
/etc
/apns-conf.xml
$SPATH
/etc
/init.d
/99SuperSUDaemon
echo
1
>
$SPATH
/etc
/.installed_su_daemon
chown
--reference=
$SPATH
/etc
/apns-conf.xml
$SPATH
/etc
/.installed_su_daemon
chmod
--reference=
$SPATH
/etc
/apns-conf.xml
$SPATH
/etc
/.installed_su_daemon
chcon
--reference=
$SPATH
/etc
/apns-conf.xml
$SPATH
/etc
/.installed_su_daemon
sleep
2
Wszystko się wykrzacza jeśli w jakikolwiek sposób zmodyfikuję app_process64.
opis co robi oryginalny skrypt:
linkuje /system/bin/app_process -> /system/xbin/daemonsu
zmienia nazwę app_process64 na app_process64_original
linkuje /system/bin/app_process64 -> /system/xbin/daemonsu (tutaj w tym momencie po restarcie telefon się zawiesza, nie startuje animacja z dźwiękiem bootowania ale mojawia się po USB urządzenie MTP)
Wszystko wygląda na to, że to wina: daemonsu który źle interpretuje to co miało iść na app_process:
http://elinux.org/Android_Zygote_Startup
http://anatomyofandroid.com/2013/10/15/zygote/
Czy da sie jakoś logowac co sie dzieje (jak i gdzie włączyć i gdzie zapisują się logi)?
Czy jest jakiś inny root dla 5.0.2?
Niestety oficjalna strona:
Furthermore, daemonsu --auto-daemon needs to be launched somehow on boot. This is generally done via install-recovery.sh, 99SuperSUDaemon, or hijacking app_process([32|64]).
https://su.chainfire.eu/
Skrypt do podmiany app_process:
if ($APPPROCESS); then
echo Should APProcess
if [ ! -f "$SPATH/bin/app_process_original" ]; then
mv $SPATH/bin/app_process $SPATH/bin/app_process_original
fi
rm -rf $SPATH/bin/app_process
if ($APPPROCESS64); then
echo APPProcess64
ln -s /system/xbin/daemonsu $SPATH/bin/app_process
chown -h --reference=$SPATH/bin/app_process_original$SPATH/bin/app_process
#chmod --reference=$SPATH/bin/app_process64 $SPATH/bin/app_process
chcon -h --reference=$SPATH/bin/app_process_original $SPATH/bin/app_process
if [ ! -f "$SPATH/bin/app_process_init" ]; then
cp -rf $SPATH/bin/app_process64 $SPATH/bin/app_process_init
chown --reference=$SPATH/bin/app_process32 $SPATH/bin/app_process_init
chmod --reference=$SPATH/bin/app_process32 $SPATH/bin/app_process_init
chcon --reference=$SPATH/bin/app_process32 $SPATH/bin/app_process_init
rm -rf $SPATH/bin/app_process64
cp -rf $SPATH/bin/app_process32 $SPATH/bin/app_process32_original
chown --reference=$SPATH/bin/app_process_init $SPATH/bin/app_process32_original
chmod --reference=$SPATH/bin/app_process_init $SPATH/bin/app_process32_original
chcon --reference=$SPATH/bin/app_process_init $SPATH/bin/app_process32_original
rm -rf $SPATH/bin/app_process64
rm -rf $SPATH/bin/app_process32
ln -s /system/xbin/daemonsu $SPATH/bin/app_process64
ln -s /system/xbin/daemonsu $SPATH/bin/app_process32
chown -h --reference=$SPATH/bin/app_process_original $SPATH/bin/app_process64
chcon -h --reference=$SPATH/bin/app_process_original $SPATH/bin/app_process64
chown -h --reference=$SPATH/bin/app_process_original $SPATH/bin/app_process32
chcon -h --reference=$SPATH/bin/app_process_original $SPATH/bin/app_process32
fi
fi
fi