Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

S-off with Firewater

OP ebautista

1st February 2014, 09:12 AM   |  #1  
OP Senior Member
Flag Malabon
Thanks Meter: 61
 
439 posts
Join Date:Joined: Mar 2008
More
Another S-Off script that was sent to me by coremark. Successfully s-off my device and supercid.
http://firewater-soff.com/

Thanks to @coremark.
The Following 2 Users Say Thank You to ebautista For This Useful Post: [ View ]
4th February 2014, 05:26 PM   |  #2  
Member
Thanks Meter: 13
 
48 posts
Join Date:Joined: Jul 2010
After gaining S-off on a fully stock device using Firewater + temproot, what is the easiest method for permanent rooting?
Since due to S-off full access is granted to all partitions, is it possible to install the su binary and superuser / superSu apk to the /system partition without flashing a custom recovery? For example by using "adb push" or a root file manager?
Where can I get a su binary? Should I extract it from superSu / superuser recovery ZIP package?

Could anyone walk me through the steps?
4th February 2014, 05:59 PM   |  #3  
koniiiik's Avatar
Senior Member
Flag Bratislava
Thanks Meter: 129
 
256 posts
Join Date:Joined: Jun 2008
Donate to Me
More
Quote:
Originally Posted by edorner

After gaining S-off on a fully stock device using Firewater + temproot, what is the easiest method for permanent rooting?
Since due to S-off full access is granted to all partitions, is it possible to install the su binary and superuser / superSu apk to the /system partition without flashing a custom recovery? For example by using "adb push" or a root file manager?
Where can I get a su binary? Should I extract it from superSu / superuser recovery ZIP package?

Could anyone walk me through the steps?

I'm afraid you'll need a custom recovery for this. The /system write protection is implemented in kernel (the kernel doesn't sync changes to the actual block device and keeps them in RAM) and S-OFF is completely orthogonal to this. To work around it, you'd need a custom kernel (which is not feasible at the moment since HTC haven't released the full source tree yet, unfortunately) or the wp-mod hack (which I would be afraid of using, to be honest).

Also, why avoid custom recovery when you're already S-OFF and you can flash the stock recovey anytime?
The Following User Says Thank You to koniiiik For This Useful Post: [ View ]
4th February 2014, 06:44 PM   |  #4  
Member
Thanks Meter: 13
 
48 posts
Join Date:Joined: Jul 2010
Quote:
Originally Posted by koniiiik

The /system write protection is implemented in kernel (the kernel doesn't sync changes to the actual block device and keeps them in RAM) and S-OFF is completely orthogonal to this.

You are right, that makes sense.
But then how is this possible (if it is at all)? -> http://forum.xda-developers.com/show....php?t=2339056
(Pls check out the 2nd post from member "Indirect".)
AFAIK the One has the exact same kind of /system write protection as the 901s. Doesn't it?


Just out of curiosity, why would you be afraid to use wp-mod? Unknown / unpublished source? Bad feedback from users?
Last edited by edorner; 4th February 2014 at 07:01 PM.
4th February 2014, 11:39 PM   |  #5  
koniiiik's Avatar
Senior Member
Flag Bratislava
Thanks Meter: 129
 
256 posts
Join Date:Joined: Jun 2008
Donate to Me
More
Quote:
Originally Posted by edorner

You are right, that makes sense.
But then how is this possible (if it is at all)? -> http://forum.xda-developers.com/show....php?t=2339056
(Pls check out the 2nd post from member "Indirect".)
AFAIK the One has the exact same kind of /system write protection as the 901s. Doesn't it?

To be honest, no idea. All I do know is that on my phone the write protection works the way it does and I don't really see a feasible way around it. Also, I haven't tried these exact steps. It's possible that adb remount does some extra work or something. Moreover, I'm not sure about the adb shell chmod ... command – that would require root, wouldn't it? But since I haven't tried it, I can only guess.

If you don't mind trying it, I'd be interested in the results.

Quote:
Originally Posted by edorner

Just out of curiosity, why would you be afraid to use wp-mod? Unknown / unpublished source? Bad feedback from users?

The way I understand wp_mod works is that it monkey-patches the running kernel's filesystem driver to skip the check for the /system partition. In other words, it rewrites the code of the running kernel in-memory. This by itself is reason enough to be extremely careful around such code as it has potential for a major disaster. Missing the right memory location by any nonzero number of bytes can result in the kernel doing practically anything (most likely a crash).

Now, to make matters worse, these seem to be only a few binary versions of the kernel module and people seem to just take a binary compiled for one kernel, modify the version information within the file to make it match other kernels and load it on a completely different kernel. This, to me, is borderline insane, considering that the kernel binaries depend on the version of the kernel, used compiler and even compiler flags used when building.

Again, though, I haven't actually looked at the module's source code; can't say I'm suffering from a surplus of free time and I'm also not *that* interested in it. Most likely it's written in a robust enough way to have a high chance of success. (This seems to be backed up by anecdotal evidence – the thing appears to work for people, which is a small wonder for me.) All of the above is actually just my interpretation of stuff I read in some threads here on XDA-developers and I haven't even tried to confirm it myself.

Still, for me, using the recovery for any such changes is a sufficient and acceptable workaround, since I don't need to modify /system that often.
The Following User Says Thank You to koniiiik For This Useful Post: [ View ]
5th February 2014, 10:49 AM   |  #6  
Member
Thanks Meter: 13
 
48 posts
Join Date:Joined: Jul 2010
Wow! Thanks for the exhaustive expanation about WP-mod!

Quote:

If you don't mind trying it, I'd be interested in the results.

Well I am also a bit skeptical about this solution. So I am not sure I will be brave enough to try it
But if I do decide to give it a try, I will post the results here, I promise.
5th February 2014, 10:56 AM   |  #7  
koniiiik's Avatar
Senior Member
Flag Bratislava
Thanks Meter: 129
 
256 posts
Join Date:Joined: Jun 2008
Donate to Me
More
Quote:
Originally Posted by edorner

Well I am also a bit skeptical about this solution. So I am not sure I will be brave enough to try it
But if I do decide to give it a try, I will post the results here, I promise.

As far as @Indirect's post goes, that should be risk-free – either it does work, or it doesn't do anything. I don't see how it could harm your phone. Worst case, you end up with a /system/xbin/su binary that doesn't work due to wrong privileges (or owner information), in which case you should be able to just remove it and start over.
5th February 2014, 11:21 AM   |  #8  
Member
Thanks Meter: 13
 
48 posts
Join Date:Joined: Jul 2010
Quote:
Originally Posted by koniiiik

As far as @Indirect's post goes, that should be risk-free – either it does work, or it doesn't do anything. I don't see how it could harm your phone. Worst case, you end up with a /system/xbin/su binary that doesn't work due to wrong privileges (or owner information), in which case you should be able to just remove it and start over.

Ah, I see. In that case I will definitely try it!
Truth is I am still an Android noob, I used ADB maybe on two occasions so far, and did not have the time yet to properly check out the documentation for these particular commands.

One more question:
If I understand correctly, Firewater (when used together with the temproot) will also unlock your bootloader. Do you think the apps in /data/preloadwill be deleted in this case too? (I.e. does it do a factory wipe like the unlock process via HTCDev?)
If so, how do I restore the apps? Do I simply copy the APK's back to /data/preload with a root file manager, and that's it?
IIRC Helium backup is not really perfect for the purpose, because it is unable to restore those apps to /data/preload, and puts them to the standard app path. Is this what you remember, too?
5th February 2014, 04:55 PM   |  #9  
koniiiik's Avatar
Senior Member
Flag Bratislava
Thanks Meter: 129
 
256 posts
Join Date:Joined: Jun 2008
Donate to Me
More
Quote:
Originally Posted by edorner

One more question:
If I understand correctly, Firewater (when used together with the temproot) will also unlock your bootloader. Do you think the apps in /data/preloadwill be deleted in this case too? (I.e. does it do a factory wipe like the unlock process via HTCDev?)
If so, how do I restore the apps? Do I simply copy the APK's back to /data/preload with a root file manager, and that's it?
IIRC Helium backup is not really perfect for the purpose, because it is unable to restore those apps to /data/preload, and puts them to the standard app path. Is this what you remember, too?

No idea, I haven't used firewater, but my guess would be that it won't wipe anything…

As for backing up /data/preload, you can for example use temproot to get access to the directory, copy it somewhere on your sdcard and adb pull it. In case it gets wiped, you can just push it back again and voilà. It's going to require some shell-fu, however.

Alternately, you can just download my ZIP of the latest stock ROM and extract it, it contains the latest /data/preload.

And yes, just copying the APK files into /data/preload should suffice *– Dalvik and its package manager is intelligent enough to detect something has changed in there and perform any installation steps necessary. If it doesn't work right away, a reboot should fix things.
The Following User Says Thank You to koniiiik For This Useful Post: [ View ]
6th February 2014, 03:17 AM   |  #10  
OP Senior Member
Flag Malabon
Thanks Meter: 61
 
439 posts
Join Date:Joined: Mar 2008
More
Edorner. It won't wipe. I tried it already.

Sent from my GT-I9305 using XDA Premium 4 mobile app

The Following User Says Thank You to ebautista For This Useful Post: [ View ]
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes