FORUMS
Remove All Ads from XDA

[DEVS-ONLY] SuperSU developer discussion

11,416 posts
Thanks Meter: 88,011
 
By Chainfire, Moderator Emeritus / Senior Recognized Developer - Where is my shirt? on 5th September 2014, 03:57 PM
Post Reply Email Thread
4th January 2017, 05:01 PM |#81  
Member
Thanks Meter: 28
 
More
Quote:
Originally Posted by Chainfire

set_prop is a macro, you need to figure out exactly which allow rules these create. You can't copy/paste stuff from .te files into supolicy.

service_contexts is a file you need to modify. You may actually need to modify that in boot image ramdisk for it to work, I don't know.

You are one smart guy, thanks I found the macro and have changed them to allow rules. As for service_contexts, I can confirm you can modify it by extracting ramdisk.
 
 
11th February 2017, 05:20 AM |#82  
Matt07211's Avatar
Senior Member
Thanks Meter: 293
 
More
@Chainfire
Update support of SuperSU for non-standard boot.img [Necessary source code included]

Back in November last year, I implemented SuperSU by hand in my devices boot.img (Samsung xCover3 (Thread for reference: https://forum.xda-developers.com/and...er3-t3465132), cause at the time no tools where unable to unpack our boot.img properly (Thus we wrote/modified our own). Now I'm almost ready to build some ROMs and would prefer not to repeat the process again, so that's why I'm here

Now to the code and commands (So you can hopefully implement this in your tool)

Required:
- pxa1088-mkbootimg: https://github.com/AKuHAK/pxa1088-mkbootimg
- minigzip
- mkbootfs

Unpacking Boot.img
Code:
 ./pxa1088-unpackbootimg -i boot.img -o boot -p 2048
Example output:
Code:
boot.img-base
boot.img-cmdline
boot.img-dt
boot.img-pagesize
boot.img-ramdisk.gz
boot.img-ramdisk_offset
boot.img-second
boot.img-second_offset
boot.img-signature
boot.img-tags_offset
boot.img-uImage
boot.img-unknown
Files of importance are
*-dt
*-ramdisk.gz (note it should be ramdisk.cpio.gz, but tool outputs it that way ...)
*-signature
*-uImage
*-unknown (Not the file but the value stored in the file)


Unpack ramdisk
Code:
mkdir ramdisk
cd ramdisk
gunzip -c ../ramdisk.cpio.gz | cpio -i
Repack Ramdisk
Code:
./mkbootfs ramdisk-directory-name | ./minigzip  > ramdisk-new.cpio.gz
Cavet: mkbootfs and minigzip are unable to include hidden files into the boot.img, your tool used them that way to keep a copy of the stock files unmodified, it may require you to modify the code to be able to include hidden files.


Repack boot.img

Code:
./pxa1088-mkbootimg --kernel boot.img-uImage --ramdisk ramdisk-custom-supersu.cpio.gz  --dt boot.img-dt --signature boot.img-signature --unknown 0x3000000 -o ../boot-supersu.img
usage: mkbootimg

--kernel <filename>
[ --ramdisk <filename> ]
[ --second <2ndbootloader-filename> ]
[ --cmdline <kernel-commandline> ]
[ --board <boardname> ]
[ --base <address> ]
[ --pagesize <pagesize> ]
[ --dt <filename> ]
[ --ramdisk_offset <address> ]
[ --second_offset <address> ]
[ --tags_offset <address> ]
[ --id ]
[ --signature <filename> ]
-o|--output <filename>

Hopefully this gives you enough info and the source code provided should make it easy to implement into your tool if you chose to do so.
Hopefully you decide to do this.
The Following User Says Thank You to Matt07211 For This Useful Post: [ View ] Gift Matt07211 Ad-Free
11th February 2017, 10:39 AM |#83  
Chainfire's Avatar
OP Moderator Emeritus / Senior Recognized Developer - Where is my shirt?
Thanks Meter: 88,011
 
Donate to Me
More
Unless you can pinpoint exactly what the difference is what a standard boot image, nothing is going to happen with that.
The Following User Says Thank You to Chainfire For This Useful Post: [ View ]
11th February 2017, 02:39 PM |#84  
Matt07211's Avatar
Senior Member
Thanks Meter: 293
 
More
Quote:
Originally Posted by Chainfire

Unless you can pinpoint exactly what the difference is what a standard boot image, nothing is going to happen with that.

Android boot image:

Standard Android header:
  1. Magic (8B)
  2. kernel size (4B)
  3. kernel addr (4B)
  4. ramdisk size (4B)
  5. ramdisk addr (4B)
  6. 2ndary size (4B)
  7. 2ndary addr (4B)
  8. Tags addr (4B)
  9. Page size (4B)
  10. unused #1 (4B) (zero in standard Android)
  11. unused #2(4B) (zero in standard Android)
  12. product name (16B)
  13. kernel cmdline (512B)
  14. id (8B)

Samsung xCover3 header:
  1. Magic (8B, ANDROID!)
  2. kernel size (4B)
  3. kernel addr (4B, 0x10008000)
  4. ramdisk size (4B)
  5. ramdisk addr (4B, 0x11000000)
  6. 2ndary size (4B, 0x0)
  7. 2ndary addr (4B, 0x10f00000)
  8. device tree size (4B)
  9. unknown(4B, 0x02000000)
  10. tags addr(4B, 0x10000100)
  11. page size (4B, 2048)
  12. product name (24B, empty)
  13. kernel cmdline (512B, empty)
  14. id (8B, empty)

Samsung xCover3 layout:

A. header (as above - 1 page)
B. kernel (n pages)
C. ramdisk (m pages)
D. second stage (o pages)
E. device tree table (started with PXA-DT magic, p pages)
F. signature (272 bytes)

Taken from source code for completeness sake.
Code:
/*

** +-----------------+ 

** | boot header | 1 page

** +-----------------+

** | kernel | n pages 

** +-----------------+

** | ramdisk | m pages 

** +-----------------+

** | second stage | o pages

** +-----------------+

** | device tree | p pages

** +-----------------+

** | signature | 272 bytes

** +-----------------+

**

** n = (kernel_size + page_size - 1) / page_size

** m = (ramdisk_size + page_size - 1) / page_size

** o = (second_size + page_size - 1) / page_size

** p = (dt_size + page_size - 1) / page_size

**

** 0. all entities are page_size aligned in flash

** 1. kernel and ramdisk are required (size != 0)

** 2. second is optional (second_size == 0 -> no second)

** 3. load each element (kernel, ramdisk, second) at

** the specified physical address (kernel_addr, etc)

** 4. prepare tags at tag_addr. kernel_args[] is

** appended to the kernel commandline in the tags.

** 5. r0 = 0, r1 = MACHINE_TYPE, r2 = tags_addr

** 6. if second_size != 0: jump to second_addr

** else: jump to kernel_addr

*/
base = 0x10000000
kernel_offset = 0x00008000
ramdisk_offset = 0x01000000
second_offset = 0x00f00000
tags_offset = 0x00000100
unknown = 0x03000000

That's the difference I believe. @Chainfire
If there is any other info needed please do tell me so I can provide it.

Edit: Signature is the random string found at the end of the boot.img, with it gone the "Kernel is not Seandroid enforcing" will show. It seems like a random string of data the bootloader validates against.
The Following User Says Thank You to Matt07211 For This Useful Post: [ View ] Gift Matt07211 Ad-Free
11th February 2017, 05:31 PM |#85  
Chainfire's Avatar
OP Moderator Emeritus / Senior Recognized Developer - Where is my shirt?
Thanks Meter: 88,011
 
Donate to Me
More
How many devices are affected by this?
11th February 2017, 10:16 PM |#86  
Matt07211's Avatar
Senior Member
Thanks Meter: 293
 
More
Quote:
Originally Posted by Chainfire

How many devices are affected by this?

I believe any device with a Marvell based SoC.

I personally know of 2 devices:
- my Samsung xCover3 (listed above)
- Samsung Galaxy Tab 4 7.0: signature size is slightly smaller coming in at 256 bytes and it's unknown offest is 0x02000000. Everything else is the same as the xcover3 device.

Some devices found in a Google search include:
- Samsung SM-J100f
- Chromecast 2
- Samsung Galaxy Tab 3
- Samsung Galaxy BEAM 2 SM-G3858 projector Smartphone
- HP Slate 6 Voice Tab 2
- HP Slate 7 VoiceTab

This is just from a quick google search, there of course may be plenty more, I just get inundated by the official realse webapges of these SoC's.
Marvell has mainline Linux kernel support as well.
13th March 2017, 08:27 AM |#87  
Matt07211's Avatar
Senior Member
Thanks Meter: 293
 
More
@Chainfire So my request is a no-go?
31st March 2017, 04:01 AM |#88  
Senior Member
Thanks Meter: 1,060
 
More
Hey, Chainfire (and others)!

When I try to root my BQ Aquaris U, it appears to patch the kernel image in the "boot" partition, which makes me somehow lose ADB access to the device.

Before rooting ...

Code:
$ ./adb start-server
* daemon not running. starting it now at tcp:5037 *
* daemon started successfully *
$ ./adb shell
[email protected]:/ $ exit
$ ./adb kill-server
$
After rooting ...

Code:
$ ./adb start-server
* daemon not running. starting it now at tcp:5037 *
* daemon started successfully *
$ ./adb shell
error: no devices/emulators found
$ ./adb kill-server
$
The device is running on the most recent firmware: Android 6.0.1, Kernel 3.18.24, Build 1.5.0_20170217-1219

My Android SDK is up to date as well.

I tried both SuperSU (v2.79-201612041815) and SuperSU (v2.79-SR3-20170114223742) and both lead to the same outcome.

When I connect the phone to my PC, it shows that a debugger is connected. However, ADB does not seem to see the phone as a viable target. Both developer options and USB debugging are enabled on the device and the device shows up on my PC under the USB ID "2a47:901b" in "lsusb".

What I tried so far:
  • Change USB mode (charging only, MTP, etc.) on the device.
  • Reset debug permissions on the device.
  • Add the device's USB ID to "~/.android/adb_usb.ini" on the computer.
  • Create "udev" rules on the computer.
  • Run ADB as root on the computer.

None of these seem to have any effect on the issue.

As a developer, I really need both ADB and root access to my targets, which is why I went with a different rooting utility, which does give me a root via "su" and debug access via ADB. However, it does not give me "./adb root". Instead, I need to "./adb shell" and then use "su", which also means that "./adb push ..." and "./adb pull ..." requests are carried out without root permissions, so it's not really convenient.

Have you heard of SuperSU breaking ADB before? In case it's rare and only happens on few devices, might I contribute in tracking the issue down?

Greetings.
3rd April 2017, 01:13 PM |#89  
Junior Member
Thanks Meter: 0
 
More
reeder P10s root help !
Hello. How can I root my Reeder P10S phone? I could not find a solution anywhere. Can you help me ?
3rd April 2017, 07:22 PM |#90  
Maxr1998's Avatar
XDA Feed Mod/RD/RC
Flag Augsburg, Germany
Thanks Meter: 3,230
 
Donate to Me
More
Quote:
Originally Posted by mucucu

Hello. How can I root my Reeder P10S phone? I could not find a solution anywhere. Can you help me ?

Please ask in the relevant device subforum if available or in the main SuperSU discussion, this topic is only for developers
20th April 2017, 03:01 PM |#91  
Junior Member
Thanks Meter: 1
 
More
Hey, I was giving a workshop on Xposed some time ago for which I needed some cheapo phones, found some 90 euro phone called Wiko Freddy. Interwebz told me it was rootable, so I bought a couple of them. Turns out, they weren't. No TWRP for my device either. After a lot of researching I managed to install Xposed without root access on the device by patching the recovery image. I added my own generated key to the image so I could sign my own OTA. That worked out for me, I just had to make minor modifications to the flash-script of Xposed. I also want to root the phone, just for the sake of it. I know for one thing that mounting /system as rw is very unusual on this phone. Is there any procedure for porting superSU to a phone?
The Following User Says Thank You to voider1 For This Useful Post: [ View ] Gift voider1 Ad-Free
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes