• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

[CLOSED]HaHaHack Dis: No Magisk REQUIRED!!!!

Status
Not open for further replies.
Search This thread

optimumpro

Senior Member
Jan 18, 2013
6,694
14,158
Oi... EVERY rooted fone has an unlocked bootloader, your point being?

Oh... I'm taking away profit from some... never noticed until you came along..

And you trust magisk...

That would not tell you of THIS exploit:
"Oi... EVERY rooted fone has an unlocked bootloader, your point being?"

LOL. My roms (and not mine only) work on locked bootloaders with Magisk prebuilt.

Magisk: I know exactly what Magisk is doing. Also with AVB-2 fully enforced and Magisk applied during build and before the final signing, it can do nothing to any protected partition after rom installation. Any change would alter the hushes and result in a red screen warning: 'your device is corrupt and cannot boot'.

{Mod: Quotation edited}
 
Last edited by a moderator:

Pachacouti

Senior Member
Jul 8, 2020
232
44
52
The Capital above the Lower one...
"Oi... EVERY rooted fone has an unlocked bootloader, your point being?"

LOL. My roms (and not mine only) work on locked bootloaders with Magisk prebuilt.

Magisk: I know exactly what Magisk is doing. Also with AVB-2 fully enforced and Magisk applied during build and before the final signing, it can do nothing to any protected partition after rom installation. Any change would alter the hushes and result in a red screen warning: 'your device is corrupt and cannot boot'.
{Mod edited}


D:\0\AdbStation>adb root
restarting adbd as root

D:\0\AdbStation>adb remount
/system/bin/remount exited with status 2
remount failed

D:\0\AdbStation>adb shell
Armor_X5_Q:/ # su
Armor_X5_Q:/ # ^C
130|Armor_X5_Q:/ #
130|Armor_X5_Q:/ # exit
130|Armor_X5_Q:/ #
130|Armor_X5_Q:/ #
130|Armor_X5_Q:/ # ^C
130|Armor_X5_Q:/ #
130|Armor_X5_Q:/ #
130|Armor_X5_Q:/ # exit

D:\0\AdbStation>adb reboot bootloader

D:\0\AdbStation>fastboot flash boot boot.img
Sending 'boot' (32768 KB) OKAY [ 0.769s]
Writing 'boot' OKAY [ 0.575s]
Finished. Total time: 1.482s

D:\0\AdbStation>fastboot reboot
Rebooting OKAY [ 0.001s]
Finished. Total time: 0.006s

D:\0\AdbStation>adb root
adb: unable to connect for root: no devices/emulators found

D:\0\AdbStation>adb shell
Armor_X5_Q:/ $ su

Armor_X5_Q:/system/app $ ls

Armor_X5_Q:/system/app $ mount -o remount,rw /
mount: '/dev/block/dm-1' not user mountable in fstab
1|Armor_X5_Q:/system/app $ mount -o rw,remount rootfs /
mount: '/' not in /proc/mounts
1|Armor_X5_Q:/system/app $ cd /
Armor_X5_Q:/ $ mount -o rw,remount rootfs /
mount: '/' not in /proc/mounts
1|Armor_X5_Q:/ $ exit

D:\0\AdbStation>adb shell stop
stop: must be root

D:\0\AdbStation>adb sync
adb.exe: product directory not specified; set $ANDROID_PRODUCT_OUT

D:\0\AdbStation>adb shell start
start: must be root

D:\0\AdbStation>adb shell
Armor_X5_Q:/ $ sudo
/system/bin/sh: sudo: inaccessible or not found
127|Armor_X5_Q:/ $ su
1|Armor_X5_Q:/ $ sudo
/system/bin/sh: sudo: inaccessible or not found
127|Armor_X5_Q:/ $ su
1|Armor_X5_Q:/ $ su
1|Armor_X5_Q:/ $ su
1|Armor_X5_Q:/ $ so su is working
/system/bin/sh: so: inaccessible or not found
127|Armor_X5_Q:/ $ my fone tells lies lol...
/system/bin/sh: my: inaccessible or not found
127|Armor_X5_Q:/ $ mkdir test
mkdir: 'test': Read-only file system
1|Armor_X5_Q:/ $ sudo su
/system/bin/sh: sudo: inaccessible or not found
127|Armor_X5_Q:/ $ su sudo
1|Armor_X5_Q:/ $

I like the last 6 lines,,,

Yeah, all stock.... su working root apps shows working, fone says I dont have root, but hey, su works... using stock boot... {Mod edit}

{Mod edit: Disrespectful language removed - Regards Oswald Boelcke}
 
Last edited by a moderator:

optimumpro

Senior Member
Jan 18, 2013
6,694
14,158
D:\0\AdbStation>adb root
restarting adbd as root

D:\0\AdbStation>adb remount
/system/bin/remount exited with status 2
remount failed

D:\0\AdbStation>adb shell
Armor_X5_Q:/ # su
Armor_X5_Q:/ # ^C
130|Armor_X5_Q:/ #
130|Armor_X5_Q:/ # exit
130|Armor_X5_Q:/ #
130|Armor_X5_Q:/ #
130|Armor_X5_Q:/ # ^C
130|Armor_X5_Q:/ #
130|Armor_X5_Q:/ #
130|Armor_X5_Q:/ # exit

D:\0\AdbStation>adb reboot bootloader

D:\0\AdbStation>fastboot flash boot boot.img
Sending 'boot' (32768 KB) OKAY [ 0.769s]
Writing 'boot' OKAY [ 0.575s]
Finished. Total time: 1.482s

D:\0\AdbStation>fastboot reboot
Rebooting OKAY [ 0.001s]
Finished. Total time: 0.006s

D:\0\AdbStation>adb root
adb: unable to connect for root: no devices/emulators found

D:\0\AdbStation>adb shell
Armor_X5_Q:/ $ su

Armor_X5_Q:/system/app $ ls

Armor_X5_Q:/system/app $ mount -o remount,rw /
mount: '/dev/block/dm-1' not user mountable in fstab
1|Armor_X5_Q:/system/app $ mount -o rw,remount rootfs /
mount: '/' not in /proc/mounts
1|Armor_X5_Q:/system/app $ cd /
Armor_X5_Q:/ $ mount -o rw,remount rootfs /
mount: '/' not in /proc/mounts
1|Armor_X5_Q:/ $ exit

D:\0\AdbStation>adb shell stop
stop: must be root

D:\0\AdbStation>adb sync
adb.exe: product directory not specified; set $ANDROID_PRODUCT_OUT

D:\0\AdbStation>adb shell start
start: must be root

D:\0\AdbStation>adb shell
Armor_X5_Q:/ $ sudo
/system/bin/sh: sudo: inaccessible or not found
127|Armor_X5_Q:/ $ su
1|Armor_X5_Q:/ $ sudo
/system/bin/sh: sudo: inaccessible or not found
127|Armor_X5_Q:/ $ su
1|Armor_X5_Q:/ $ su
1|Armor_X5_Q:/ $ su
1|Armor_X5_Q:/ $ so su is working
/system/bin/sh: so: inaccessible or not found
127|Armor_X5_Q:/ $ my fone tells lies lol...
/system/bin/sh: my: inaccessible or not found
127|Armor_X5_Q:/ $ mkdir test
mkdir: 'test': Read-only file system
1|Armor_X5_Q:/ $ sudo su
/system/bin/sh: sudo: inaccessible or not found
127|Armor_X5_Q:/ $ su sudo
1|Armor_X5_Q:/ $

I like the last 6 lines,,,

Yeah, all stock.... su working root apps shows working, fone says I dont have root, but hey, su works...
Another lol. Here is the final stage of my rom building:

Code:
 DTC     arch/arm64/boot/dts/vendor/qcom/kona-v2.1.dtb
  DTC     arch/arm64/boot/dts/vendor/qcom/instantnoodle-overlay-dvt.dtbo
  DTC     arch/arm64/boot/dts/vendor/qcom/instantnoodle-overlay-evt1.dtbo
  DTC     arch/arm64/boot/dts/vendor/qcom/instantnoodle-overlay-t0.dtbo
  DTC     arch/arm64/boot/dts/vendor/qcom/instantnoodlep-overlay-dvt.dtbo
  DTC     arch/arm64/boot/dts/vendor/qcom/instantnoodlep-overlay-evb.dtbo
  DTC     arch/arm64/boot/dts/vendor/qcom/instantnoodlep-overlay-evt1.dtbo
  DTC     arch/arm64/boot/dts/vendor/qcom/instantnoodlep-overlay-t0.dtbo
  DTC     arch/arm64/boot/dts/vendor/qcom/instantnoodlev-overlay-dvt.dtbo
  DTC     arch/arm64/boot/dts/vendor/qcom/instantnoodlev-overlay-evt1.dtbo
  DTC     arch/arm64/boot/dts/vendor/qcom/instantnoodlev-overlay-t0.dtbo
  DTC     arch/arm64/boot/dts/vendor/qcom/kebab-overlay.dtbo
  DTC     arch/arm64/boot/dts/vendor/qcom/lemonades-overlay.dtbo
make[1]: Leaving directory '/out/target/product/instan
tnoodle/obj/KERNEL_OBJ'
make: Leaving directory '/kernel/oneplus/sm8250'
[ 70% 342/487] Target boot image: out/target/product/instantnoodle/boot.img
++++  PRE-ROOTing BOOT image!!!  ++++
- 64bit detected: true, arm64
- Unpacking boot image

Parsing boot image: [/out/target/product/instantnoodle
/boot.img]
HEADER_VER      [2]
KERNEL_SZ       [33503248]
RAMDISK_SZ      [835315]
SECOND_SZ       [0]
RECOV_DTBO_SZ   [0]
DTB_SZ          [486017]
OS_VERSION      [11.0.0]
OS_PATCH_LEVEL  [2021-09]
PAGESIZE        [4096]
NAME            []
CMDLINE         [androidboot.hardware=qcom androidboot.console=ttyMSM0 android
boot.memcg=1 lpm_levels.sleep_disabled=1 msm_rtb.filter=0x237 service_locator.
enable=1 androidboot.usbcontroller=a600000.dwc3 swiotlb=2048 loop.max_part=7 c
group.memory=nokmem,nosocket reboot=panic_warm buildvariant=userdebug]
CHECKSUM        [036a6b3e1871ef0d25b9dc40b66ac3b08000000000000000000000
000]
KERNEL_FMT      [raw]
RAMDISK_FMT     [gzip]
- Checking ramdisk status

Loading cpio: [ramdisk.cpio]
- Stock boot image detected

- Patching ramdisk
- - Repacking boot image


{Mod edit}

Best regards.

{Mod: Quotation edited and disrespectful language removed - Regards Oswald Boelcke}
 
Last edited by a moderator:

Pachacouti

Senior Member
Jul 8, 2020
232
44
52
The Capital above the Lower one...
{Mod edit}

{Mod edit}
my wee root find here will last longer, cause it's made by gooogle... no any one here... and it kill's magisk... {Mod edit} I only moved on after john wu made it official magisk is dead.

Magisk mtk, not made by magisk...

mtk-su was NOT made by john wu.

I put su in my fone, unrooted it, and su stayed in this ro system that is supposed to revert, but I used legit vbmeta, so no revert... you {Mod edit} really need a few laymen like me instead of blowing us over for advancing your cause, cause magisk sucks.

{Mod edit}

{Mod: Disrespectful parts removed - Regards Oswald Boelcke}
 
Last edited by a moderator:

heinhuiz

Senior Member
Nov 26, 2011
855
363
Did you know....

A few years back, when alcohol 120% came out, I downloaded a dvd that turned out to be corrupt. The image supplied by Alcohol 120% always came with an mdf file, and the disk image itself. Mdf is actually the md5 hash of the dvd.

When attempting to burn disk, I accidently chose the mdf, (md5 hash) instead of the actual disk image, and it turned out that the mdf hash reproduced the disk image byte for byte.

In otherwords, the 4.7gig dvd image was never necessary. That's 4.7gig reproducable from an md5 hash of say 100kb in size.

Now imagine this in fones. Dont store the file, store it's hash.

The CIA hate me now...
That is not possible. I reckon the disk burning program was clever enough to correct your mistake.
 

heinhuiz

Senior Member
Nov 26, 2011
855
363
Magisk is no more...

I present a new fool proof method of flashing su to Android 10_Q and above!!

I ranted and ranted about variant=user/user-debug/eng builds that I got no-where... people thinkin am dissin john wu, nah, I respect what I've learnt from his app forcing me to connect online, I want su without connecting, in order to secure my own fone.

Introducing proof!!

Simple. Instead of flashing boot.img

Flash boot-debug.img from stock.

This address's the lack of adb root.

Logs:


D:\0\AdbStation>fastboot --disable-verity --disable-verification flash vbmeta vb
lankmeta.img
Rewriting vbmeta struct at offset: 0
Sending 'vbmeta' (4 KB) OKAY [ 0.000s]
Writing 'vbmeta' OKAY [ 0.000s]
Finished. Total time: 0.016s

D:\0\AdbStation>fastboot --disable-verity --disable-verification flash boot boot
-debug.img
Sending 'boot' (32768 KB) OKAY [ 0.764s]
Writing 'boot' OKAY [ 0.515s]
Finished. Total time: 1.404s

D:\0\AdbStation>fastboot --disable-verity --disable-verification flash recovery
MyTwrp.img
Sending 'recovery' (26086 KB) OKAY [ 0.718s]
Writing 'recovery' OKAY [ 0.406s]
Finished. Total time: 1.139s

D:\0\AdbStation>fastboot reboot-recovery
Rebooting into recovery OKAY [ 0.000s]
Finished. Total time: 0.000s

D:\0\AdbStation>adb root
adbd is already running as root

D:\0\AdbStation>adb root
restarting adbd as root

D:\0\AdbStation>adb shell
Armor_X5_Q:/ # mount -o remount,rw /system_root
mount: '/system_root' not in /proc/mounts
1|Armor_X5_Q:/ # mount -o remount,rw /system
mount: '/system' not in /proc/mounts
1|Armor_X5_Q:/ # mount -o remount,rw /
'/dev/block/dm-1' is read-only
Armor_X5_Q:/ # su
/system/bin/sh: su: inaccessible or not found
127|Armor_X5_Q:/ # ls
acct d init.environ.rc metadata sbin
apex data init.rc mnt sdcard
bin debug_ramdisk init.usb.configfs.rc odm storage
bugreports default.prop init.usb.rc oem sys
cache dev init.zygote32.rc proc system
charger etc init.zygote64_32.rc product ueventd.rc
config init lost+found product_services vendor
Armor_X5_Q:/ # cd apex
Armor_X5_Q:/apex # ls
com.android.apex.cts.shim [email protected]
[email protected] com.android.resolv
com.android.conscrypt [email protected]
[email protected] com.android.runtime
com.android.media [email protected]
com.android.media.swcodec com.android.tzdata
[email protected] [email protected]
Armor_X5_Q:/apex # exit

D:\0\AdbStation>adb reboot bootloader

D:\0\AdbStation>fastboot --disable-verity --disable-verification flash recovery
recovery.img
Sending 'recovery' (20646 KB) OKAY [ 0.577s]
Writing 'recovery' OKAY [ 0.312s]
Finished. Total time: 0.889s

D:\0\AdbStation>fastboot reboot
Rebooting OKAY [ 0.000s]
Finished. Total time: 0.000s

D:\0\AdbStation>adb root
restarting adbd as root

D:\0\AdbStation>adb shell
Armor_X5_Q:/ # exit

------------------------

Pay attention, the first part above, I flashed a twrp...

Below, I flash stock images... without closing adb window.
--------------------------------------------------------------

D:\0\AdbStation>adb reboot bootloader

D:\0\AdbStation>fastboot --disable-verity --disable-verification flash boot boot
-debug.img
Sending 'boot' (32768 KB) OKAY [ 0.764s]
Writing 'boot' OKAY [ 0.499s]
Finished. Total time: 1.373s

D:\0\AdbStation>fastboot --disable-verity --disable-verification flash recovery
recovery.img
Sending 'recovery' (20646 KB) OKAY [ 0.484s]
Writing 'recovery' OKAY [ 0.328s]
Finished. Total time: 0.811s

D:\0\AdbStation>fastboot reboot
Rebooting OKAY [ 0.000s]
Finished. Total time: 0.000s

D:\0\AdbStation>adb root
restarting adbd as root

D:\0\AdbStation>adb shell
Armor_X5_Q:/ # su
/system/bin/sh: su: inaccessible or not found
127|Armor_X5_Q:/ # exit

D:\0\AdbStation>adb shell
Armor_X5_Q:/ # cd /system
Armor_X5_Q:/system # cd bin
Armor_X5_Q:/system/bin # ls

Edit'd not relevant.. too long the things we can do list pissed one off...

Armor_X5_Q:/system/bin #

No MORE MAGISK!!!

It'a a feature of Android 10 and over lol... says so in the android docs....

who needs su when you have root?

SYSTEM_AS_ROOT

Voila...

it's in the understanding.

YouRoot
I still fail to see in which line you flash a stock image...
 

Pachacouti

Senior Member
Jul 8, 2020
232
44
52
The Capital above the Lower one...
For those in doubt, test {Mod edit}

They never needed root in a system as root phone, and never sussed it... you dont use su anymore.. type root commands without su... it's really that simple, only those who lost a sight cant see it, so believe they NEED magisk.

All buy grand design... hhah...

The monkey king is the dna reset switch. Hack Dat!!


D:\0\AdbStation>adb root
restarting adbd as root

D:\0\AdbStation>adb remount
/system/bin/remount exited with status 2
remount failed

D:\0\AdbStation>adb shell
Armor_X5_Q:/ # su
Armor_X5_Q:/ # ^C
130|Armor_X5_Q:/ #
130|Armor_X5_Q:/ # exit
130|Armor_X5_Q:/ #
130|Armor_X5_Q:/ #
130|Armor_X5_Q:/ # ^C
130|Armor_X5_Q:/ #
130|Armor_X5_Q:/ #
130|Armor_X5_Q:/ # exit

D:\0\AdbStation>adb reboot bootloader

D:\0\AdbStation>fastboot flash boot boot.img
Sending 'boot' (32768 KB) OKAY [ 0.769s]
Writing 'boot' OKAY [ 0.575s]
Finished. Total time: 1.482s

D:\0\AdbStation>fastboot reboot
Rebooting OKAY [ 0.001s]
Finished. Total time: 0.006s

D:\0\AdbStation>adb root
adb: unable to connect for root: no devices/emulators found

D:\0\AdbStation>adb shell
Armor_X5_Q:/ $ su
1|Armor_X5_Q:/ $ mount -o rw,remount /
mount: '/dev/block/dm-1' not user mountable in fstab
1|Armor_X5_Q:/ $ mount -o rw,remount /system
mount: '/system' not in /proc/mounts
1|Armor_X5_Q:/ $ mount -o rw,remount /system_root
mount: '/system_root' not in /proc/mounts
1|Armor_X5_Q:/ $ mount -o rw,remount /system_root/
mount: '/system_root/' not in /proc/mounts
1|Armor_X5_Q:/ $ mount -o rw,remount /
mount: '/dev/block/dm-1' not user mountable in fstab
ho "it works! @ $x">$x/test.txt; cat $x/test.txt; rm $x/test.txt; done <
mount: '/dev/block/dm-1' not user mountable in fstab
/system/bin/sh: can't create //test.txt: Read-only file system
cat: //test.txt: No such file or directory
rm: //test.txt: No such file or directory
mount: '/dev/block/dm-0' not user mountable in fstab
/system/bin/sh: can't create /product/test.txt: Read-only file system
cat: /product/test.txt: No such file or directory
rm: /product/test.txt: No such file or directory
mount: '/dev/block/dm-2' not user mountable in fstab
/system/bin/sh: can't create /vendor/test.txt: Read-only file system
cat: /vendor/test.txt: No such file or directory
rm: /vendor/test.txt: No such file or directory
1|Armor_X5_Q:/ $ mount -o rw, remount /system
mount: bad /etc/fstab: No such file or directory
1|Armor_X5_Q:/ $ cd /system/app/
Armor_X5_Q:/system/app $ ls
ATMWifiMeta LongShotScreen
AdupsFota MDMConfig
AdupsPrivacyPolicy MDMLSample
AutoDialer MtkBluetooth
BasicDreams MyGene
BatteryWarning Nfc_st
BluetoothMidiService NonFrameworkLbs
BookmarkProvider OsuLogin
BuiltInPrintService PacProcessor
CarrierDefaultApp PartnerBookmarksProvider
CertInstaller PriDeskClock
ChildrenSpace PriImei
CompanionDeviceManager PriNotePad
CtsShimPrebuilt PriScreenRecorder
DebugLoggerUI PriSoundRecorder
EasterEgg PrintSpooler
EasyLauncher SecureElement
FMRadio SetupWizardNewOverlay
Gba SimAppDialog
GnssDebugReport TFaceServiceApp
GoogleExtShared Traceur
GooglePrintRecommendationService VZWRemoteSimlockService
HTMLViewer WallpaperBackup
KeyChain YGPS
LiveWallpapersPicker YTMusic
LocationEM2
Armor_X5_Q:/system/app $ mount -o remount,rw /
mount: '/dev/block/dm-1' not user mountable in fstab
1|Armor_X5_Q:/system/app $ mount -o rw,remount rootfs /
mount: '/' not in /proc/mounts
1|Armor_X5_Q:/system/app $ cd /
Armor_X5_Q:/ $ mount -o rw,remount rootfs /
mount: '/' not in /proc/mounts
1|Armor_X5_Q:/ $ exit

D:\0\AdbStation>adb shell stop
stop: must be root

D:\0\AdbStation>adb sync
adb.exe: product directory not specified; set $ANDROID_PRODUCT_OUT

D:\0\AdbStation>adb shell start
start: must be root

D:\0\AdbStation>adb shell
Armor_X5_Q:/ $ sudo
/system/bin/sh: sudo: inaccessible or not found
127|Armor_X5_Q:/ $ su
1|Armor_X5_Q:/ $ sudo
/system/bin/sh: sudo: inaccessible or not found
127|Armor_X5_Q:/ $ su
1|Armor_X5_Q:/ $ su
1|Armor_X5_Q:/ $ su
1|Armor_X5_Q:/ $ so su is working
/system/bin/sh: so: inaccessible or not found
127|Armor_X5_Q:/ $ my fone tells lies lol...
/system/bin/sh: my: inaccessible or not found
127|Armor_X5_Q:/ $ mkdir test
mkdir: 'test': Read-only file system
1|Armor_X5_Q:/ $ sudo su
/system/bin/sh: sudo: inaccessible or not found
127|Armor_X5_Q:/ $ su sudo
1|Armor_X5_Q:/ $ ls -l dirname
ls: dirname: No such file or directory
1|Armor_X5_Q:/ $ ls -l
ls: ./init.zygote64_32.rc: Permission denied
ls: ./init.rc: Permission denied
ls: ./init.usb.rc: Permission denied
ls: ./ueventd.rc: Permission denied
ls: ./init.zygote32.rc: Permission denied
ls: ./init: Permission denied
ls: ./init.environ.rc: Permission denied
ls: ./init.usb.configfs.rc: Permission denied
ls: ./metadata: Permission denied
total 60
dr-xr-xr-x 78 root root 0 2021-09-27 16:45 acct
drwxr-xr-x 16 root root 320 2021-09-27 16:45 apex
lrw-r--r-- 1 root root 11 2009-01-01 00:00 bin -> /system/bin
lrw-r--r-- 1 root root 50 2009-01-01 00:00 bugreports -> /data/user_de/
0/com.android.shell/files/bugreports
drwxrwx--- 6 system cache 4096 2021-09-27 16:45 cache
lrw-r--r-- 1 root root 19 2009-01-01 00:00 charger -> /system/bin/charg
er
drwxr-xr-x 4 root root 0 1970-01-01 01:00 config
lrw-r--r-- 1 root root 17 2009-01-01 00:00 d -> /sys/kernel/debug
drwxrwx--x 55 system system 4096 2021-09-27 16:45 data
drwxr-xr-x 2 root root 4096 2009-01-01 00:00 debug_ramdisk
lrw------- 1 root root 23 2009-01-01 00:00 default.prop -> system/etc/p
rop.default
drwxr-xr-x 21 root root 4860 2021-09-27 16:45 dev
lrw-r--r-- 1 root root 11 2009-01-01 00:00 etc -> /system/etc
drwx------ 2 root root 16384 2009-01-01 00:00 lost+found
drwxr-xr-x 13 root system 280 2021-09-27 16:45 mnt
drwxr-xr-x 2 root root 4096 2009-01-01 00:00 odm
drwxr-xr-x 2 root root 4096 2009-01-01 00:00 oem
dr-xr-xr-x 551 root root 0 1970-01-01 01:00 proc
drwxr-xr-x 12 root root 4096 2009-01-01 00:00 product
lrw-r--r-- 1 root root 24 2009-01-01 00:00 product_services -> /system/
product_services
drwxr-x--- 2 root shell 4096 2009-01-01 00:00 sbin
lrw-r--r-- 1 root root 21 2009-01-01 00:00 sdcard -> /storage/self/prim
ary
drwxr-xr-x 5 root root 120 2021-09-27 16:45 storage
dr-xr-xr-x 14 root root 0 2021-09-27 16:45 sys
drwxr-xr-x 16 root root 4096 2009-01-01 00:00 system
drwxr-xr-x 14 root shell 4096 2009-01-01 00:00 vendor
1|Armor_X5_Q:/ $ which su
/system/xbin/su
Armor_X5_Q:/ $
Armor_X5_Q:/ $
Armor_X5_Q:/ $
Armor_X5_Q:/ $ TralaLALALA
/system/bin/sh: TralaLALALA: inaccessible or not found
127|Armor_X5_Q:/ $
127|Armor_X5_Q:/ $
127|Armor_X5_Q:/ $ which su
/system/xbin/su
Armor_X5_Q:/ $


do that again:

127|Armor_X5_Q:/ $ which su

/system/xbin/su <-No root!! working!!"!"!

Well, I guess I did it. I got the root I needed for my fone, and shared it with all. {Mod edit} a lil study of my adb will show 1 thing:

I name my files simply...

MyBoot.img = My magisk'd.
vblankmeta.bin = My blank vbmeta
MyTwrp.bin = lopestoms twrp he ported for me, respect...

stock images are simple. boot is boot, recovery is recovery, super is super, boot-debug.img is stock version of debug bootloader flashed over stock boot.img and your vbmeta needs to me REAL. I dont keep logs, I post my adb thats it... I test until I get what I want, then THEY patch it... be warned... it's patched quicker than you think...

After flashing the super_fixed backup, which clearly matched legit vbmeta that made it, I had rw access in twrp, still working on the actual system mounting, and even though su is installed to xbin,and bin, no crash, prob cause it's the arm64 version. but then I aint run it correctly with other apps yet, so on with that 2nite... I cant use the actual busybox apps or supersu yet to properly grant permissions, but then, I can do that in adb shell... su lol...

Or load up the boot-debug to grant the permissions...

{Mod: Edited disrespect out - Regards Oswald Boelcke}
 
Last edited by a moderator:

munjeni

Senior Member
Jun 2, 2011
9,443
22,037
Someone need root on phone e.g. for terminal emulator, not all use adb at all, think about that! You need to take more care to android world instead of magisk, magisk is innoxious, for example google chrome with default option "allow sites to access microphone and camera" and option "allow chrome run in background"! Worried?
 
Last edited:

Pachacouti

Senior Member
Jul 8, 2020
232
44
52
The Capital above the Lower one...
Someone need root on phone e.g. for terminal emulator, not all use adb at all, think about that! You need to take more care to android world instead of magisk, magisk is innoxious, for example google chrome with default option "allow sites to access microphone and camera" and option "allow chrome run in background"! Worried?
I'm not worried, I just wanna block everything due to their involvement with the paedo ring they say they are not... so why spy?

Block their access to our kids.. start now.
 

Pachacouti

Senior Member
Jul 8, 2020
232
44
52
The Capital above the Lower one...
All I've done here is meddle with the tools google provided and {Mod edit} devs stuck in the old app trap think they can dis just anyone? Are you supposed to be better?

You've been working on your old apps for so long you are still trying to defeat safety net.. in fact that's all you'll do... work on old os's... the best are too busy on rich mans fones to bother with custom roms, we're too f'n rich to know not to custom rom the fone.. it's how we got rich...

No contacts or sim in test fone... EVER...

A guy with not much android experience tore y'all apart.. now show your users the truth...

Google since android 10, system_as_root, is rooted, you just cant do user/eng at same time.

{Mod edit}

People asking if it works... {Mod edit}

They know it works.. but they use magisk... {Mod edit}

{Mod edit}

{Mod: Removed disrespectful parts - Regards Oswald Boelcke}
 
Last edited by a moderator:

mllllnmmn

New member
Sep 26, 2021
2
1
Did you know....

A few years back, when alcohol 120% came out, I downloaded a dvd that turned out to be corrupt. The image supplied by Alcohol 120% always came with an mdf file, and the disk image itself. Mdf is actually the md5 hash of the dvd.

When attempting to burn disk, I accidently chose the mdf, (md5 hash) instead of the actual disk image, and it turned out that the mdf hash reproduced the disk image byte for byte.

In otherwords, the 4.7gig dvd image was never necessary. That's 4.7gig reproducable from an md5 hash of say 100kb in size.

Now imagine this in fones. Dont store the file, store it's hash.

The CIA hate me now...
I gotta try this sounds too good to be tru . However when android is bricked or for some reason your not connected online an md5 hash is not what ill be saving to an sdcard. That I plan to rely on fixing what i screwed up thru trial n error. Ive crashed more pcs and crashed more networks then i care to speak of ! Not to mention the several hundred android devices that are now overflowing my grandmas garage lol .Just saying cause im always right Myself

hi i'm not a developer, i don't know anything about code basically what i understood is that you found a new way to root without triggering safetynet is that it?

If so can you explain to me in the easiest way how to root without using magisk ...
well root is one thing but I can alter one app and another appwill not function cause it sees my mod to a totally different appnso i think his Claim is System root via his way is not consided hacked and Exp google pay will still work ? I think

The Real question is Will this method be detected by live Emulation such as online Gaming ? Pachouti?
 

Pachacouti

Senior Member
Jul 8, 2020
232
44
52
The Capital above the Lower one...
This thread is NOT a claim by me regarding anything. It is a thread about what I found.

{Mod edit} FOUND! In STOCK firmware. A genuine engineering bootloader.

Supplied by ulefone.

All ulefone 'a' only come with boot-debug.img. I checked all last night. It's OFFICIAL.

Google seperated variant=user from variant=eng. user-debug are not to be made available to the public. FACT. So many people using android 10, 11, 12, and even john wu says nothing. {Mod edit}

Why? They're trying to hold onto what they have left. NOTHING.

A legit fone pass's safety net. When the boot-debug is flashed to the boot, I cannot pass safety net, because my bootloader in UNLOCKED. I dont fake safety net, it works or it can f' off.. safety net is not what I found. it's not why I'm here. YOUR the hacker that's better than me, so YOU make it work. I only proved that GOOGLE provides a new version of debug, in that you MUST flash boot-debug to get engineering access.

That's why the only comment's I received HERE are negative, {Mod edit}. Those that know it works click like, knowing there's nothing more to say once they see they have root... most folks never come back when the purpose of this site has served them.. til there next fone...

But then I cant say if other manufacturer's are offering a boot-debug... I only have 2 fones.

Google have stated they will not provide anymore 'eng' variant bootloaders, which came into effect in android 10 Q. This nip's magisk in the {Mod edit}, cause once these variant=eng bootloaders disappear (it's already started) you wont be getting root.

Understand: They seperatated eng from user build. Simple. And in another year, even boot-debug will be made obsolete...

Android 10_q is WHEN they started.

{Mod edit} I cant believe your {Mod edit} blinded you from the fact google has CHANGED how root works. In that they provided a boot-debug, and since android 10, it took an android noob like me to show all you where you are going wrong. {Mod edit}

Root that works OFFLINE.

Provided by google.

Cant argue with this. {Mod edit}

{Mod: Disrespectful parts removed - Regards Oswald Boelcke}
 
Last edited by a moderator:

lebigmac

Senior Member
Jan 31, 2017
872
505
Pachacouti your boot-debug.img not work for Xiaomi devices. How to make it work on other devices? Please provide universal solution so that everybody can enjoy your new discovery. Not everyone has ulefone...
Thanks!
 
Last edited:
  • Like
Reactions: MastNi

Pachacouti

Senior Member
Jul 8, 2020
232
44
52
The Capital above the Lower one...
Well, I cant get anyone to help me find what I need so I cant help, due to the boot-debug.img being for my fone. It works on other ulefones that are 32mb in size, which I presume to be what is called 'a-only' - so in a nutshell, are you a/b or a-only partition?

I know of at least 8 different bootloader setups since android 10.

Which are you?

I'm a-only. So it's an a-only boot-debug.img, 32mb in size.

I presume if your a/b partition your boot.img size is 64mb in size.

I GUESS I'd flash the 32mb boot-debug.img to EITHER a or b partition, which-ever is free to load into... yeah, I do read...

Noticed a few comments from nay-sayers stating I dont have a super.

Wish they'd look at my fone online before they prove what twats they are... but I need a laf...

Android 10 and above = super. PERIOD.

If not yet, within a year.

What I did not say yet, is that I dscovered this after loading this boot-debug.img to the recovery, not boot. I only decided to use it as my default boot after learning it's rooted, and believe me, when you can do su commands when terminal shows $ instead of # -you know it's about to get, well, crazy... everything's telling lies lol...

$su --context u:r:system_app:s0 -c "pm uninstall --user 0 com.google.android.apps.wellbeing" < /dev/null
$success...

In an unrooted fone.

Pay atention. within one year, rooted MYSELF.
 
Last edited:
  • Like
Reactions: MastNi

Didgeridoohan

Senior Moderator / Dev Committee / Dev Relations
Staff member
May 31, 2012
12,101
13,972
Gothenburg
Google Nexus 4
Nexus 6
Pachacouti your boot-debug.img not work for Xiaomi devices. How to make it work on other devices? Please provide universal solution so that everybody can enjoy your new discovery. Not everyone has ulefone...
Thanks!
Just build a boot image for your device with the userdebug buildtype set. Plenty of info on how to do that all over the interweb...

Many custom ROMs come with it by default even.
 

Pachacouti

Senior Member
Jul 8, 2020
232
44
52
The Capital above the Lower one...
Just build a boot image for your device with the userdebug buildtype set. Plenty of info on how to do that all over the interweb...

Many custom ROMs come with it by default even.
All I did was have a lucky find ;)

But google are blocking eng builds, and tying engineers to their own self build(s) holding them accountable for any release, I read the docs regarding it, they are defo removing eng/user-debug, because then they CAN find those using safetynet hacks, which wont work depending on build ;)

I got a mate I enjoi talking to regarding what we're GONNA do...

He doe's it..
 
  • Like
Reactions: MastNi
Status
Not open for further replies.

Top Liked Posts

  • There are no posts matching your filters.
  • 8
    Magisk is no more...

    I present a new fool proof method of flashing su to Android 10_Q and above!!

    I ranted and ranted about variant=user/user-debug/eng builds that I got no-where... people thinkin am dissin john wu, nah, I respect what I've learnt from his app forcing me to connect online, I want su without connecting, in order to secure my own fone.

    Introducing proof!!

    Simple. Instead of flashing boot.img

    Flash boot-debug.img from stock.

    This address's the lack of adb root.

    Logs:


    D:\0\AdbStation>fastboot --disable-verity --disable-verification flash vbmeta vb
    lankmeta.img
    Rewriting vbmeta struct at offset: 0
    Sending 'vbmeta' (4 KB) OKAY [ 0.000s]
    Writing 'vbmeta' OKAY [ 0.000s]
    Finished. Total time: 0.016s

    D:\0\AdbStation>fastboot --disable-verity --disable-verification flash boot boot
    -debug.img
    Sending 'boot' (32768 KB) OKAY [ 0.764s]
    Writing 'boot' OKAY [ 0.515s]
    Finished. Total time: 1.404s

    D:\0\AdbStation>fastboot --disable-verity --disable-verification flash recovery
    MyTwrp.img
    Sending 'recovery' (26086 KB) OKAY [ 0.718s]
    Writing 'recovery' OKAY [ 0.406s]
    Finished. Total time: 1.139s

    D:\0\AdbStation>fastboot reboot-recovery
    Rebooting into recovery OKAY [ 0.000s]
    Finished. Total time: 0.000s

    D:\0\AdbStation>adb root
    adbd is already running as root

    D:\0\AdbStation>adb root
    restarting adbd as root

    D:\0\AdbStation>adb shell
    Armor_X5_Q:/ # mount -o remount,rw /system_root
    mount: '/system_root' not in /proc/mounts
    1|Armor_X5_Q:/ # mount -o remount,rw /system
    mount: '/system' not in /proc/mounts
    1|Armor_X5_Q:/ # mount -o remount,rw /
    '/dev/block/dm-1' is read-only
    Armor_X5_Q:/ # su
    /system/bin/sh: su: inaccessible or not found
    127|Armor_X5_Q:/ # ls
    acct d init.environ.rc metadata sbin
    apex data init.rc mnt sdcard
    bin debug_ramdisk init.usb.configfs.rc odm storage
    bugreports default.prop init.usb.rc oem sys
    cache dev init.zygote32.rc proc system
    charger etc init.zygote64_32.rc product ueventd.rc
    config init lost+found product_services vendor
    Armor_X5_Q:/ # cd apex
    Armor_X5_Q:/apex # ls
    com.android.apex.cts.shim [email protected]
    [email protected] com.android.resolv
    com.android.conscrypt [email protected]
    [email protected] com.android.runtime
    com.android.media [email protected]
    com.android.media.swcodec com.android.tzdata
    [email protected] [email protected]
    Armor_X5_Q:/apex # exit

    D:\0\AdbStation>adb reboot bootloader

    D:\0\AdbStation>fastboot --disable-verity --disable-verification flash recovery
    recovery.img
    Sending 'recovery' (20646 KB) OKAY [ 0.577s]
    Writing 'recovery' OKAY [ 0.312s]
    Finished. Total time: 0.889s

    D:\0\AdbStation>fastboot reboot
    Rebooting OKAY [ 0.000s]
    Finished. Total time: 0.000s

    D:\0\AdbStation>adb root
    restarting adbd as root

    D:\0\AdbStation>adb shell
    Armor_X5_Q:/ # exit

    ------------------------

    Pay attention, the first part above, I flashed a twrp...

    Below, I flash stock images... without closing adb window.
    --------------------------------------------------------------

    D:\0\AdbStation>adb reboot bootloader

    D:\0\AdbStation>fastboot --disable-verity --disable-verification flash boot boot
    -debug.img
    Sending 'boot' (32768 KB) OKAY [ 0.764s]
    Writing 'boot' OKAY [ 0.499s]
    Finished. Total time: 1.373s

    D:\0\AdbStation>fastboot --disable-verity --disable-verification flash recovery
    recovery.img
    Sending 'recovery' (20646 KB) OKAY [ 0.484s]
    Writing 'recovery' OKAY [ 0.328s]
    Finished. Total time: 0.811s

    D:\0\AdbStation>fastboot reboot
    Rebooting OKAY [ 0.000s]
    Finished. Total time: 0.000s

    D:\0\AdbStation>adb root
    restarting adbd as root

    D:\0\AdbStation>adb shell
    Armor_X5_Q:/ # su
    /system/bin/sh: su: inaccessible or not found
    127|Armor_X5_Q:/ # exit

    D:\0\AdbStation>adb shell
    Armor_X5_Q:/ # cd /system
    Armor_X5_Q:/system # cd bin
    Armor_X5_Q:/system/bin # ls

    Edit'd not relevant.. too long the things we can do list pissed one off...

    Armor_X5_Q:/system/bin #

    No MORE MAGISK!!!

    It'a a feature of Android 10 and over lol... says so in the android docs....

    who needs su when you have root?

    SYSTEM_AS_ROOT

    Voila...

    it's in the understanding.

    YouRoot
    4
    Pachacouti your boot-debug.img not work for Xiaomi devices. How to make it work on other devices? Please provide universal solution so that everybody can enjoy your new discovery. Not everyone has ulefone...
    Thanks!
    Just build a boot image for your device with the userdebug buildtype set. Plenty of info on how to do that all over the interweb...

    Many custom ROMs come with it by default even.
    3
    Moderator Announcement: Thread provisionally closed!
    3
    I read the docs regarding it
    Got a link? Would love to read it myself.
    3
    Thats something very wrong in that phone model software, security hole. Are you getting su work while on stock boot.img or you getting it work only while having boot debug img installed? Where you have put su binary? You do not have bootloop while keeping su installed (to the system?) after relocking bootloader?
    It's joke. A good sign of a hoaxer is when he immediately jumps to effing everybody who questions his nonsense. That's a red flag that is all over this thread. {Mod edit}

    Apart from that, {Mod edit}, there is no difference between ADB root and root. In reality, debug_boot.img does not provide full root access, it only provides root access for adb commands, and even that requires system_debug image, which you will never get on stock: to have a stock system_debug, one must recompile from sources with that flag. Show me an OEM who provides sources for anything other than kernel.

    His other claim about passing Safetynet on stock with bootimage-debug is abracadabra. No phone with unlocked bootloader will pass Safetynet without modifications in framework and kernel: the frameworks usually contain the names of services and applications and kernel has the 'fooling' flags. Yeah, he can modify kernel, if he has sources, but would never be able to modify frameworks.

    {Mod edit - Regards Oswald Boelcke}