FORUMS
Remove All Ads from XDA

Amazing Temp Root for MediaTek ARMv8

835 posts
Thanks Meter: 1,030
 
By diplomatic, Senior Member on 17th April 2019, 12:51 PM
Post Reply Email Thread
23rd April 2019, 02:39 AM |#21  
mrmazak's Avatar
Senior Member
Thanks Meter: 1,115
 
More
Quote:
Originally Posted by ahhl

i will try. but i am just novice. i read thru the conversation between you and bigrammy, only to 30% goes thru my head

if i manage run mtk-su, then flash twrp, if the flashing did not work, it will just reboot back using stock boot.? i do not have to worry something i need to do just like bigrammy did for 30min, just to get the phone running? as the reboot just wipe twrp? is this true?

i have been on the Redmi telegram support forum since December. Unlocking bootloader is needed for getting twrp onto device. AVD is active and DM-Verity is enforced.
Once bootloader is unlocked, verity still needs to be disabled or else stock recovery gets forced back onto phone.

Also that phone has similar soc as my main device Mediatek MT6761 Helio A22 on the 6A mine has Mediatek MT6762 Helio P22

mtk-su did not work for me on testing.

15 days to wait is not really that bad. Some people have claimed 60-90 plus days wait to get unlock code.
The Following User Says Thank You to mrmazak For This Useful Post: [ View ] Gift mrmazak Ad-Free
 
 
23rd April 2019, 07:43 AM |#22  
ahhl's Avatar
Senior Member
Thanks Meter: 105
 
More


Quote:
Originally Posted by mrmazak

i have been on the Redmi telegram support forum since December. Unlocking bootloader is needed for getting twrp onto device. AVD is active and DM-Verity is enforced.
Once bootloader is unlocked, verity still needs to be disabled or else stock recovery gets forced back onto phone.

Also that phone has similar soc as my main device Mediatek MT6761 Helio A22 on the 6A mine has Mediatek MT6762 Helio P22

mtk-su did not work for me on testing.

15 days to wait is not really that bad. Some people have claimed 60-90 plus days wait to get unlock code.



---------- Post added at 02:43 PM ---------- Previous post was at 02:13 PM ----------

Quote:
Originally Posted by diplomatic

INSTRUCTIONS FOR TERMINAL APP
Mtk-su has been confirmed to work with Android 8.x. But due to security-related reasons, the first time it won't be able to run successfully in an adb shell. But it may work if called from a terminal emulator such as Termux or Terminal Emulator for Android. The gist of the process is to copy the executable to the terminal app's internal directory and run it from there. These are the instructions for Termux, but a similar procedure applies to all terminal shell apps.

  1. Download the current mtk_su zip to your device and unzip it. Take note of where you extracted it. Pick the variant that fits your device. (See above.)
  2. Open Termux and copy the mtk-su binary to its home directory, which in this case is the shell's initial working directory.
    General idea: cp path/to/mtk-su ./
    For example,
    Code:
    cp /sdcard/mtk-su_r8/arm64/mtk-su ./
    For this to work, you have to enable the Storage permission for your term app. Do not try to circumvent the cp command with clever copying methods involving file managers or external tools. Mtk-su will not get the right permissions that way.
  3. Run the program
    Code:
    ./mtk-su

Now if this succeeds, from that point on you will be able to run mtk-su in an adb shell according to ADB instructions (until next reboot). If this doesn't work, I will either have to adjust something to fix it, or in worst case, declare it not possible.

If mtk-su fails, post the output of ./mtk-su -v here along with a link to firmware and kernel sources, if possible.

Note that for most terminal shell apps, the internal app directory is stored in the variable $HOME. So in general you would do
cp path/to/mtk-su $HOME/
cd $HOME
./mtk-su -v

at step 2 , i got permission denied.
Redmi 6A firmware : https://c.mi.com/thread-1916774-1-0.html
kernal : https://github.com/MiCode/Xiaomi_Ker...e/cactus-o-oss
23rd April 2019, 08:12 AM |#23  
HemanthJabalpuri's Avatar
Senior Member
Flag Repalle
Thanks Meter: 216
 
More
@diplomatic
If someone can tweak system with your exploit then
Below update-binary for flashing SuperSU-2.82-sr5 directly in android terminal...
https://github.com/HemanthJabalpuri/.../update-binary

3rd arg to the above script would be supersu zip path
23rd April 2019, 01:53 PM |#24  
OP Senior Member
Thanks Meter: 1,030
 
Donate to Me
More
Quote:
Originally Posted by ahhl

if i manage run mtk-su, then flash twrp, if the flashing did not work, it will just reboot back using stock boot.? i do not have to worry something i need to do just like bigrammy did for 30min, just to get the phone running? as the reboot just wipe twrp? is this true?

If you flash TWRP with dd, simply rebooting to Android will restore the stock recovery. That is, assuming you don't install root or mods while you're in there. But you should still back up the stock recovery.

Quote:
Originally Posted by mrmazak

Also that phone has similar soc as my main device Mediatek MT6761 Helio A22 on the 6A mine has Mediatek MT6762 Helio P22

mtk-su did not work for me on testing.

Well, do tell. What was the problem? Odds are it can adapted for that phone/chip.

Quote:
Originally Posted by ahhl

at step 2 , i got permission denied.
Redmi 6A firmware : https://c.mi.com/thread-1916774-1-0.html
kernal : https://github.com/MiCode/Xiaomi_Ker...e/cactus-o-oss

If the cp command got permission denied, it's either the app doesn't have Storage permissions, or something else that you're gonna have to figure out. The terminal shell should be able to copy files from a shared storage or a tmp directory.
23rd April 2019, 02:06 PM |#25  
OP Senior Member
Thanks Meter: 1,030
 
Donate to Me
More
Quote:
Originally Posted by HemanthJabalpuri

@diplomatic
If someone can tweak system with your exploit then
Below update-binary for flashing SuperSU-2.82-sr5 directly in android terminal...
https://github.com/HemanthJabalpuri/.../update-binary

3rd arg to the above script would be supersu zip path

OK, cool... this would be only useful for devices without dm-verity, though. The Amazon Fire HD series with Fire OS 5 might benefit...
23rd April 2019, 03:53 PM |#26  
mrmazak's Avatar
Senior Member
Thanks Meter: 1,115
 
More
Quote:
Originally Posted by diplomatic

...........

Well, do tell. What was the problem? Odds are it can adapted for that phone/chip.........

Ok, I will get it loaded again , and make you some logs.

This is what it gives me.

Cannot get kernel table.
Attached Thumbnails
Click image for larger version

Name:	Screenshot_20190423-121255.png
Views:	66
Size:	145.4 KB
ID:	4747822  
The Following User Says Thank You to mrmazak For This Useful Post: [ View ] Gift mrmazak Ad-Free
23rd April 2019, 05:00 PM |#27  
Senior Member
Thanks Meter: 25
 
More
im a bit confused
i followed all the steps and after running ./mtk-su, it just stayed blank for some time and then the phone rebooted normally
it's a huawei tag-L21, with a mt6753, and i followed the adb method

as an update, every first time i connect to the phone and run ./mtk-su i get the folowing error:
read failed: Bad address
Can't find kallsyms addresses
Unable to get kernel symbol table
New UID/GID: 2000/2000
if i close the shell and repeat the whole procedure again, i get what i described at the beggining of the message:
phone gets frozen and after 20 seconds reboots to system with no problem
The Following User Says Thank You to ghylander For This Useful Post: [ View ] Gift ghylander Ad-Free
23rd April 2019, 06:23 PM |#28  
OP Senior Member
Thanks Meter: 1,030
 
Donate to Me
More
Quote:
Originally Posted by mrmazak

Ok, I will get it loaded again , and make you some logs.

This is what it gives me.

Cannot get kernel table.

I see. There is probably something new about the format of the addresses in the symbol table, that it can't detect it. Is this kernel 4.9? Do you happen to have a boot image (or recovery) for that phone, or at least a link to the firmware?

Quote:
Originally Posted by ghylander

im a bit confused
i followed all the steps and after running ./mtk-su, it just stayed blank for some time and then the phone rebooted normally
it's a huawei tag-L21, with a mt6753, and i followed the adb method

as an update, every first time i connect to the phone and run ./mtk-su i get the folowing error:
read failed: Bad address
Can't find kallsyms addresses
Unable to get kernel symbol table
New UID/GID: 2000/2000
if i close the shell and repeat the whole procedure again, i get what i described at the beggining of the message:
phone gets frozen and after 20 seconds reboots to system with no problem

OK, so it's clearly not compatible with that phone yet. The cause will have to be investigated. If you don't mind running it again, can you tell me the output of './mtk-su -v' ? Specifically, the line with param1: 0xYYY param2: 0xYYY type: N'? But other than that you shouldn't run it anymore.

EDIT: I think I have a fix for this. But in the meantime, if you were trying to run the arm64 binary, you should be able to run the arm version successfully.
The Following User Says Thank You to diplomatic For This Useful Post: [ View ] Gift diplomatic Ad-Free
23rd April 2019, 07:34 PM |#29  
mrmazak's Avatar
Senior Member
Thanks Meter: 1,115
 
More
Quote:
Originally Posted by diplomatic

I see. There is probably something new about the format of the addresses in the symbol table, that it can't detect it. Is this kernel 4.9? Do you happen to have a boot image (or recovery) for that phone, or at least a link to the firmware?

Yes it is kernel 4.9.77

kernel source is available. I have it onto github **this is the source as released from BLU, but it is not bootable, they failed to include correct DTB file

https://github.com/mrmazakblu/BLU-VIVO-XL4-kernel

Full firmware is available from

https://android.googleapis.com/packa...0ba043a6f1.zip

Few TWRP and Pulled firmware files are here

https://androidfilehost.com/?w=files&flid=287088
The Following User Says Thank You to mrmazak For This Useful Post: [ View ] Gift mrmazak Ad-Free
23rd April 2019, 08:26 PM |#30  
bigrammy's Avatar
Senior Member
Flag huddersfield
Thanks Meter: 2,305
 
More
@ghylander
Is your device still on 5.1 as listed HERE ?

@diplomatic
I am not sure if your mtk-su is affected by this or not but just in case older mediatek boot.img's have a header of 512bytes on the kernel and 512bytes on the ramdisk so your binary may not find what it expects to find if it reads from 0x0 down sort of thing.
More info on that here should you need it. https://forum.xda-developers.com/sho....php?t=2753788
23rd April 2019, 08:47 PM |#31  
Senior Member
Thanks Meter: 25
 
More
Quote:
Originally Posted by bigrammy

@ghylander
Is your device still on 5.1 as listed HERE ?

@diplomatic
I am not sure if your mtk-su is affected by this or not but just in case older mediatek boot.img's have a header of 512bytes on the kernel and 512bytes on the ramdisk so your binary may not find what it expects to find if it reads from 0x0 down sort of thing.
More info on that here should you need it. https://forum.xda-developers.com/sho....php?t=2753788

yes it unfortunately is
is there any way to make the exploit compatible?
Post Reply Subscribe to Thread

Tags
mediatek, mt67xx, root

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes