It looks like this exploit caught the attention of the Magisk developer:
freshul:/ $ whoami
shell
freshul:/ $ gsi_tool enable
Could not find GSI install to re-enable
must be root to install a GSI
shell
u0_a111
S/system/bin/sh: can't find tty fd: No such device or address
/system/bin/sh: warning: won't have full job control
:/ $ whoami
system
:/ $ gsi_tool enable
Could not find GSI install to re-enable
70|:/ $
[email protected]:~/imj$ ./imjtool super.img extract
Sparse image v1.0 detected, 1310720 blocks of 4096 bytes
1310720 blocks of 4096 bytes compressed into 39 chunks (71% compressed)
0 - Extracted image is in extracted/image.img
[email protected]:~/imj$ ./imjtool image.img extract
liblp dynamic partition (super.img) - Blocksize 0x1000, 2 slots
LP MD Header @0x3000, version 10.0, with 4 logical partitions on block device of 2560 GB, at partition super, first sector: 0x800
Partitions @0x3080 in 2 groups:
Group 0: default
Group 1: group_basic
Name: system (read-only, Linux Ext2/3/4/? Filesystem Image, @0x100000 spanning 1 extents and 1 GB) - extracted
Name: vendor (read-only, Linux Ext2/3/4/? Filesystem Image, @0x55800000 spanning 1 extents and 88 MB) - extracted
Name: product (read-only, Linux Ext2/3/4/? Filesystem Image, @0x5b100000 spanning 1 extents and 77 MB) - extracted
Name: odm (read-only, Linux Ext2/3/4/? Filesystem Image, @0x5ff00000 spanning 1 extents and 4 MB) - extracted
[email protected]:~/imj$ cd extracted
[email protected]:~/imj/extracted$ gzip -c system_raw.img > system_raw.gz
COMBINATION_FAC_FBR0_R875FSQU1AVI4_FACFAC_CL25207558_QB57036605_REV00_user_mid_noship_MULTI_CERT.tar
adb push system_raw.gz /storage/emulated/0/Download/
D:\Android\adb>adb shell
freshul:/ $ cd /sdcard
freshul:/sdcard $ ls -a1l
total 40
drwx------ 2 u0_a113 u0_a113 3452 2023-01-27 06:09 Alarms
drwxrws--x 5 media_rw media_rw 3452 2023-01-27 06:08 Android
drwx------ 2 u0_a113 u0_a113 3452 2023-01-27 06:09 Audiobooks
drwx------ 3 u0_a113 u0_a113 3452 2023-01-27 13:21 DCIM
drwx------ 2 u0_a113 u0_a113 3452 2023-01-27 06:09 Documents
drwx------ 2 u0_a113 u0_a113 3452 2023-01-27 06:09 Download
drwx------ 3 u0_a113 u0_a113 3452 2023-01-27 06:09 Movies
drwxrwxr-x 4 media_rw media_rw 3452 2023-01-27 06:09 Music
drwx------ 2 u0_a113 u0_a113 3452 2023-01-27 06:09 Notifications
drwx------ 3 u0_a113 u0_a113 3452 2023-01-27 06:09 Pictures
drwx------ 2 u0_a113 u0_a113 3452 2023-01-27 06:09 Podcasts
drwx------ 2 u0_a113 u0_a113 3452 2023-01-27 06:09 Ringtones
-rw------- 1 u0_a113 u0_a113 3 2023-01-27 08:46 mps_code.dat
freshul:/sdcard $ rm -mps_code.dat
rm: Unknown option 'mps_code.dat' (see "rm --help")
1|freshul:/sdcard $ rm mps_code.dat
freshul:/sdcard $ cd Download
freshul:/sdcard/Download $ ls -a1l
total 0
freshul:/sdcard/Download $ df -h
Filesystem Size Used Avail Use% Mounted on
tmpfs 646M 1.2M 645M 1% /dev
tmpfs 646M 0 646M 0% /mnt
/dev/block/dm-4 3.4G 3.4G 1.0M 100% /
/dev/block/dm-5 84M 81M 1.3M 99% /vendor
/dev/block/dm-6 169M 169M 0 100% /product
/dev/block/dm-7 3.9M 984K 2.9M 25% /odm
/dev/block/dm-8 581M 179M 390M 32% /prism
/dev/block/dm-9 39M 500K 37M 2% /optics
tmpfs 646M 0 646M 0% /apex
/dev/block/mmcblk0p34 16M 24K 15M 1% /omr
/dev/block/mmcblk0p33 193M 4.5M 184M 3% /cache
/dev/block/mmcblk0p2 3.8M 1.3M 2.3M 37% /efs
/dev/block/dm-10 8.3G 763M 7.5G 10% /data
/dev/fuse 8.3G 763M 7.5G 10% /storage/emulated
freshul:/sdcard/Download $ exit
D:\Android\adb>adb push system_raw.gz /storage/emulated/0/Download/
system_raw.gz: 1 file pushed, 0 skipped. 1.8 MB/s (716177691 bytes in 375.507s)
D:\Android\adb>
D:\Android\adb>adb shell am start-activity \
-n com.android.dynsystem/com.android.dynsystem.VerificationActivity \
-a android.os.image.action.START_INSTALL \
-d file:///storage/emulated/0/Download/system_raw.gz \
--el KEY_SYSTEM_SIZE $(du -b system_raw.img|cut -f1) \
--el KEY_USERDATA_SIZE 2000000000
Exception occurred while executing 'start-activity':
java.lang.IllegalArgumentException: No intent supplied
at android.content.Intent.parseCommandArgs(Intent.java:7849)
at com.android.server.am.ActivityManagerShellCommand.makeIntent(ActivityManagerShellCommand.java:337)
at com.android.server.am.ActivityManagerShellCommand.runStartActivity(ActivityManagerShellCommand.java:434)
at com.android.server.am.ActivityManagerShellCommand.onCommand(ActivityManagerShellCommand.java:185)
at android.os.BasicShellCommandHandler.exec(BasicShellCommandHandler.java:98)
at android.os.ShellCommand.exec(ShellCommand.java:44)
at com.android.server.am.ActivityManagerService.onShellCommand(ActivityManagerService.java:10983)
at android.os.Binder.shellCommand(Binder.java:929)
at android.os.Binder.onTransact(Binder.java:813)
at android.app.IActivityManager$Stub.onTransact(IActivityManager.java:5104)
at com.android.server.am.ActivityManagerService.onTransact(ActivityManagerService.java:2993)
at android.os.Binder.execTransactInternal(Binder.java:1159)
at android.os.Binder.execTransact(Binder.java:1123)
S/system/bin/sh: can't find tty fd: No such device or address
/system/bin/sh: warning: won't have full job control
:/ $ am start-activity \
-n com.android.dynsystem/com.android.dynsystem.VerificationActivity \
-a android.os.image.action.START_INSTALL \
-d file:///storage/emulated/0/Download/system_raw.gz \
--el KEY_SYSTEM_SIZE $(du -b system_raw.img|cut -f1) \
--el KEY_USERDATA_SIZE 2000000000> > > > >
du: Unknown option 'b' (see "du --help")
Exception occurred while executing 'start-activity':
java.lang.NumberFormatException: For input string: "--el"
at java.lang.Long.parseLong(Long.java:594)
at java.lang.Long.valueOf(Long.java:808)
at android.content.Intent.parseCommandArgs(Intent.java:7564)
at com.android.server.am.ActivityManagerShellCommand.makeIntent(ActivityManagerShellCommand.java:337)
at com.android.server.am.ActivityManagerShellCommand.runStartActivity(ActivityManagerShellCommand.java:434)
at com.android.server.am.ActivityManagerShellCommand.onCommand(ActivityManagerShellCommand.java:185)
at android.os.BasicShellCommandHandler.exec(BasicShellCommandHandler.java:98)
at android.os.ShellCommand.exec(ShellCommand.java:44)
at com.android.server.am.ActivityManagerService.onShellCommand(ActivityManagerService.java:10983)
at android.os.Binder.shellCommand(Binder.java:929)
at android.os.Binder.onTransact(Binder.java:813)
at android.app.IActivityManager$Stub.onTransact(IActivityManager.java:5104)
at com.android.server.am.ActivityManagerService.onTransact(ActivityManagerService.java:2993)
at android.os.Binder.execTransactInternal(Binder.java:1159)
at android.os.Binder.execTransact(Binder.java:1123)
255|:/ $
du: Unknown option 'b' (see "du --help")
D:\Android\adb>adb shell
freshul:/ $ du --help
usage: du [-d N] [-askxHLlmc] [FILE...]
Show disk usage, space consumed by files and directories.
Size in:
-k 1024 byte blocks (default)
-K 512 byte blocks (posix)
-m Megabytes
-h Human readable (e.g., 1K 243M 2G)
What to show:
-a All files, not just directories
-H Follow symlinks on cmdline
-L Follow all symlinks
-s Only total size of each argument
-x Don't leave this filesystem
-c Cumulative total
-d N Only depth < N
-l Disable hardlink filter
255|:/ $
am start-activity \
-n com.android.dynsystem/com.android.dynsystem.VerificationActivity \
-a android.os.image.action.START_INSTALL \
-d file:///storage/emulated/0/Download/system_raw.gz \
--el KEY_SYSTEM_SIZE $(du system_raw.img|cut -f1) \
--el KEY_USERDATA_SIZE 2000000000255|:/ $ > > > > >
du: system_raw.img: No such file or directory
Exception occurred while executing 'start-activity':
java.lang.NumberFormatException: For input string: "--el"
at java.lang.Long.parseLong(Long.java:594)
at java.lang.Long.valueOf(Long.java:808)
at android.content.Intent.parseCommandArgs(Intent.java:7564)
at com.android.server.am.ActivityManagerShellCommand.makeIntent(ActivityManagerShellCommand.java:337)
at com.android.server.am.ActivityManagerShellCommand.runStartActivity(ActivityManagerShellCommand.java:434)
at com.android.server.am.ActivityManagerShellCommand.onCommand(ActivityManagerShellCommand.java:185)
at android.os.BasicShellCommandHandler.exec(BasicShellCommandHandler.java:98)
at android.os.ShellCommand.exec(ShellCommand.java:44)
at com.android.server.am.ActivityManagerService.onShellCommand(ActivityManagerService.java:10983)
at android.os.Binder.shellCommand(Binder.java:929)
at android.os.Binder.onTransact(Binder.java:813)
at android.app.IActivityManager$Stub.onTransact(IActivityManager.java:5104)
at com.android.server.am.ActivityManagerService.onTransact(ActivityManagerService.java:2993)
at android.os.Binder.execTransactInternal(Binder.java:1159)
at android.os.Binder.execTransact(Binder.java:1123)
13|freshul:/ $ su
freshul:/ # adb shell am start-activity \
> -n com.android.dynsystem/com.android.dynsystem.VerificationActivity \
> -a android.os.image.action.START_INSTALL \
\> -d file:///storage/emulated/0/Download/system_raw.gz \
> --el KEY_SYSTEM_SIZE $(du -b system_raw.img|cut -f1) \
> --el KEY_USERDATA_SIZE 2000000000
du: Unknown option 'b' (see "du --help")
/system/bin/sh: adb: inaccessible or not found
127|freshul:/ # am start-activity \
n> -n com.android.dynsystem/com.android.dynsystem.VerificationActivity \
> -a android.os.image.action.START_INSTALL \
o> -d file:///storage/emulated/0/Download/system_raw.gz \
.img|cut -f1) > --el KEY_SYSTEM_SIZE $(du system_raw.img|cut -f1) \
> --el KEY_USERDATA_SIZE 2000000000
du: system_raw.img: No such file or directory
Exception occurred while executing 'start-activity':
java.lang.NumberFormatException: For input string: "--el"
at java.lang.Long.parseLong(Long.java:594)
at java.lang.Long.valueOf(Long.java:808)
at android.content.Intent.parseCommandArgs(Intent.java:7564)
at com.android.server.am.ActivityManagerShellCommand.makeIntent(ActivityManagerShellCommand.java:337)
at com.android.server.am.ActivityManagerShellCommand.runStartActivity(ActivityManagerShellCommand.java:434)
at com.android.server.am.ActivityManagerShellCommand.onCommand(ActivityManagerShellCommand.java:185)
at android.os.BasicShellCommandHandler.exec(BasicShellCommandHandler.java:98)
at android.os.ShellCommand.exec(ShellCommand.java:44)
at com.android.server.am.ActivityManagerService.onShellCommand(ActivityManagerService.java:10983)
at android.os.Binder.shellCommand(Binder.java:929)
at android.os.Binder.onTransact(Binder.java:813)
at android.app.IActivityManager$Stub.onTransact(IActivityManager.java:5104)
at com.android.server.am.ActivityManagerService.onTransact(ActivityManagerService.java:2993)
at android.os.Binder.execTransactInternal(Binder.java:1159)
at android.os.Binder.execTransact(Binder.java:1123)
D:\Android\adb>adb shell
freshul:/ $ su
freshul:/ # am start -n com.android.dynsystem/.VerificationActivity
D:\Android\adb>
D:\Android\adb>adb shell
freshul:/ $ su
freshul:/ # am start -n com.android.settings/.development.DSULoader
Starting: Intent { cmp=com.android.settings/.development.DSULoader }
Error type 3
Error: Activity class {com.android.settings/com.android.settings.development.DSULoader} does not exist.
freshul:/ # am start-activity \
> -n com.android.dynsystem/com.android.dynsystem.VerificationActivity \
> -a android.os.image.action.START_INSTALL \
> -d file:///sdcard/Download/system_raw.gz \
> --el KEY_SYSTEM_SIZE 1433051136 \
> --el KEY_USERDATA_SIZE 2000000000
Starting: Intent { act=android.os.image.action.START_INSTALL dat=file:///sdcard/Download/system_raw.gz cmp=com.android.dynsystem/.VerificationActivity (has extras) }
freshul:/ #
try using dsu loader by VegaBobo on githubCode:[email protected]:~/imj$ ./imjtool super.img extract Sparse image v1.0 detected, 1310720 blocks of 4096 bytes 1310720 blocks of 4096 bytes compressed into 39 chunks (71% compressed) 0 - Extracted image is in extracted/image.img [email protected]:~/imj$ ./imjtool image.img extract liblp dynamic partition (super.img) - Blocksize 0x1000, 2 slots LP MD Header @0x3000, version 10.0, with 4 logical partitions on block device of 2560 GB, at partition super, first sector: 0x800 Partitions @0x3080 in 2 groups: Group 0: default Group 1: group_basic Name: system (read-only, Linux Ext2/3/4/? Filesystem Image, @0x100000 spanning 1 extents and 1 GB) - extracted Name: vendor (read-only, Linux Ext2/3/4/? Filesystem Image, @0x55800000 spanning 1 extents and 88 MB) - extracted Name: product (read-only, Linux Ext2/3/4/? Filesystem Image, @0x5b100000 spanning 1 extents and 77 MB) - extracted Name: odm (read-only, Linux Ext2/3/4/? Filesystem Image, @0x5ff00000 spanning 1 extents and 4 MB) - extracted [email protected]:~/imj$ cd extracted [email protected]:~/imj/extracted$ gzip -c system_raw.img > system_raw.gz
Tiny progress GSI attempt related...
So I have the system.img pulled from super.img of:
Code:COMBINATION_FAC_FBR0_R875FSQU1AVI4_FACFAC_CL25207558_QB57036605_REV00_user_mid_noship_MULTI_CERT.tar
gzipped as mentioned in this Link:
![]()
Dynamic System Updates (DSU) | Platform | Android Developers
Dynamic System Updates (DSU) lets developers install a GSI side by side with the device's system image on a DSU-supported device that runs Android 10 or higher.developer.android.com
Now I will push the *.gz file to my SM-R875F...
Code:adb push system_raw.gz /storage/emulated/0/Download/
700 MB over WiFi...
Hmm. adb push ... /sdcard should be the same...
Edit 1.
Result of attempt 1 with system shell... in "normal way"...
Code:D:\Android\adb>adb shell freshul:/ $ cd /sdcard freshul:/sdcard $ ls -a1l total 40 drwx------ 2 u0_a113 u0_a113 3452 2023-01-27 06:09 Alarms drwxrws--x 5 media_rw media_rw 3452 2023-01-27 06:08 Android drwx------ 2 u0_a113 u0_a113 3452 2023-01-27 06:09 Audiobooks drwx------ 3 u0_a113 u0_a113 3452 2023-01-27 13:21 DCIM drwx------ 2 u0_a113 u0_a113 3452 2023-01-27 06:09 Documents drwx------ 2 u0_a113 u0_a113 3452 2023-01-27 06:09 Download drwx------ 3 u0_a113 u0_a113 3452 2023-01-27 06:09 Movies drwxrwxr-x 4 media_rw media_rw 3452 2023-01-27 06:09 Music drwx------ 2 u0_a113 u0_a113 3452 2023-01-27 06:09 Notifications drwx------ 3 u0_a113 u0_a113 3452 2023-01-27 06:09 Pictures drwx------ 2 u0_a113 u0_a113 3452 2023-01-27 06:09 Podcasts drwx------ 2 u0_a113 u0_a113 3452 2023-01-27 06:09 Ringtones -rw------- 1 u0_a113 u0_a113 3 2023-01-27 08:46 mps_code.dat freshul:/sdcard $ rm -mps_code.dat rm: Unknown option 'mps_code.dat' (see "rm --help") 1|freshul:/sdcard $ rm mps_code.dat freshul:/sdcard $ cd Download freshul:/sdcard/Download $ ls -a1l total 0 freshul:/sdcard/Download $ df -h Filesystem Size Used Avail Use% Mounted on tmpfs 646M 1.2M 645M 1% /dev tmpfs 646M 0 646M 0% /mnt /dev/block/dm-4 3.4G 3.4G 1.0M 100% / /dev/block/dm-5 84M 81M 1.3M 99% /vendor /dev/block/dm-6 169M 169M 0 100% /product /dev/block/dm-7 3.9M 984K 2.9M 25% /odm /dev/block/dm-8 581M 179M 390M 32% /prism /dev/block/dm-9 39M 500K 37M 2% /optics tmpfs 646M 0 646M 0% /apex /dev/block/mmcblk0p34 16M 24K 15M 1% /omr /dev/block/mmcblk0p33 193M 4.5M 184M 3% /cache /dev/block/mmcblk0p2 3.8M 1.3M 2.3M 37% /efs /dev/block/dm-10 8.3G 763M 7.5G 10% /data /dev/fuse 8.3G 763M 7.5G 10% /storage/emulated freshul:/sdcard/Download $ exit D:\Android\adb>adb push system_raw.gz /storage/emulated/0/Download/ system_raw.gz: 1 file pushed, 0 skipped. 1.8 MB/s (716177691 bytes in 375.507s) D:\Android\adb> D:\Android\adb>adb shell am start-activity \ -n com.android.dynsystem/com.android.dynsystem.VerificationActivity \ -a android.os.image.action.START_INSTALL \ -d file:///storage/emulated/0/Download/system_raw.gz \ --el KEY_SYSTEM_SIZE $(du -b system_raw.img|cut -f1) \ --el KEY_USERDATA_SIZE 2000000000 Exception occurred while executing 'start-activity': java.lang.IllegalArgumentException: No intent supplied at android.content.Intent.parseCommandArgs(Intent.java:7849) at com.android.server.am.ActivityManagerShellCommand.makeIntent(ActivityManagerShellCommand.java:337) at com.android.server.am.ActivityManagerShellCommand.runStartActivity(ActivityManagerShellCommand.java:434) at com.android.server.am.ActivityManagerShellCommand.onCommand(ActivityManagerShellCommand.java:185) at android.os.BasicShellCommandHandler.exec(BasicShellCommandHandler.java:98) at android.os.ShellCommand.exec(ShellCommand.java:44) at com.android.server.am.ActivityManagerService.onShellCommand(ActivityManagerService.java:10983) at android.os.Binder.shellCommand(Binder.java:929) at android.os.Binder.onTransact(Binder.java:813) at android.app.IActivityManager$Stub.onTransact(IActivityManager.java:5104) at com.android.server.am.ActivityManagerService.onTransact(ActivityManagerService.java:2993) at android.os.Binder.execTransactInternal(Binder.java:1159) at android.os.Binder.execTransact(Binder.java:1123)
No idea if reduced user size is good idea... but I have only 7 GB...
Now will check same Command on system shell...
Edit 2.
System Shell Exploit spit little bit more...
Code:S/system/bin/sh: can't find tty fd: No such device or address /system/bin/sh: warning: won't have full job control :/ $ am start-activity \ -n com.android.dynsystem/com.android.dynsystem.VerificationActivity \ -a android.os.image.action.START_INSTALL \ -d file:///storage/emulated/0/Download/system_raw.gz \ --el KEY_SYSTEM_SIZE $(du -b system_raw.img|cut -f1) \ --el KEY_USERDATA_SIZE 2000000000> > > > > du: Unknown option 'b' (see "du --help") Exception occurred while executing 'start-activity': java.lang.NumberFormatException: For input string: "--el" at java.lang.Long.parseLong(Long.java:594) at java.lang.Long.valueOf(Long.java:808) at android.content.Intent.parseCommandArgs(Intent.java:7564) at com.android.server.am.ActivityManagerShellCommand.makeIntent(ActivityManagerShellCommand.java:337) at com.android.server.am.ActivityManagerShellCommand.runStartActivity(ActivityManagerShellCommand.java:434) at com.android.server.am.ActivityManagerShellCommand.onCommand(ActivityManagerShellCommand.java:185) at android.os.BasicShellCommandHandler.exec(BasicShellCommandHandler.java:98) at android.os.ShellCommand.exec(ShellCommand.java:44) at com.android.server.am.ActivityManagerService.onShellCommand(ActivityManagerService.java:10983) at android.os.Binder.shellCommand(Binder.java:929) at android.os.Binder.onTransact(Binder.java:813) at android.app.IActivityManager$Stub.onTransact(IActivityManager.java:5104) at com.android.server.am.ActivityManagerService.onTransact(ActivityManagerService.java:2993) at android.os.Binder.execTransactInternal(Binder.java:1159) at android.os.Binder.execTransact(Binder.java:1123) 255|:/ $
?
Code:du: Unknown option 'b' (see "du --help")
Edit 3.
But du exists... on my SM-R875F...
Code:D:\Android\adb>adb shell freshul:/ $ du --help usage: du [-d N] [-askxHLlmc] [FILE...] Show disk usage, space consumed by files and directories. Size in: -k 1024 byte blocks (default) -K 512 byte blocks (posix) -m Megabytes -h Human readable (e.g., 1K 243M 2G) What to show: -a All files, not just directories -H Follow symlinks on cmdline -L Follow all symlinks -s Only total size of each argument -x Don't leave this filesystem -c Cumulative total -d N Only depth < N -l Disable hardlink filter
Edit 4.
Seems i have really no -b parameter in du...
Edit 5.
Puh...
Code:255|:/ $ am start-activity \ -n com.android.dynsystem/com.android.dynsystem.VerificationActivity \ -a android.os.image.action.START_INSTALL \ -d file:///storage/emulated/0/Download/system_raw.gz \ --el KEY_SYSTEM_SIZE $(du system_raw.img|cut -f1) \ --el KEY_USERDATA_SIZE 2000000000255|:/ $ > > > > > du: system_raw.img: No such file or directory Exception occurred while executing 'start-activity': java.lang.NumberFormatException: For input string: "--el" at java.lang.Long.parseLong(Long.java:594) at java.lang.Long.valueOf(Long.java:808) at android.content.Intent.parseCommandArgs(Intent.java:7564) at com.android.server.am.ActivityManagerShellCommand.makeIntent(ActivityManagerShellCommand.java:337) at com.android.server.am.ActivityManagerShellCommand.runStartActivity(ActivityManagerShellCommand.java:434) at com.android.server.am.ActivityManagerShellCommand.onCommand(ActivityManagerShellCommand.java:185) at android.os.BasicShellCommandHandler.exec(BasicShellCommandHandler.java:98) at android.os.ShellCommand.exec(ShellCommand.java:44) at com.android.server.am.ActivityManagerService.onShellCommand(ActivityManagerService.java:10983) at android.os.Binder.shellCommand(Binder.java:929) at android.os.Binder.onTransact(Binder.java:813) at android.app.IActivityManager$Stub.onTransact(IActivityManager.java:5104) at com.android.server.am.ActivityManagerService.onTransact(ActivityManagerService.java:2993) at android.os.Binder.execTransactInternal(Binder.java:1159) at android.os.Binder.execTransact(Binder.java:1123)
Edit 6.
Okidoki. I think I should go to Root and try first here... to prevent my exploding head...
Edit 7.
No on Root...
Code:13|freshul:/ $ su freshul:/ # adb shell am start-activity \ > -n com.android.dynsystem/com.android.dynsystem.VerificationActivity \ > -a android.os.image.action.START_INSTALL \ \> -d file:///storage/emulated/0/Download/system_raw.gz \ > --el KEY_SYSTEM_SIZE $(du -b system_raw.img|cut -f1) \ > --el KEY_USERDATA_SIZE 2000000000 du: Unknown option 'b' (see "du --help") /system/bin/sh: adb: inaccessible or not found 127|freshul:/ # am start-activity \ n> -n com.android.dynsystem/com.android.dynsystem.VerificationActivity \ > -a android.os.image.action.START_INSTALL \ o> -d file:///storage/emulated/0/Download/system_raw.gz \ .img|cut -f1) > --el KEY_SYSTEM_SIZE $(du system_raw.img|cut -f1) \ > --el KEY_USERDATA_SIZE 2000000000 du: system_raw.img: No such file or directory Exception occurred while executing 'start-activity': java.lang.NumberFormatException: For input string: "--el" at java.lang.Long.parseLong(Long.java:594) at java.lang.Long.valueOf(Long.java:808) at android.content.Intent.parseCommandArgs(Intent.java:7564) at com.android.server.am.ActivityManagerShellCommand.makeIntent(ActivityManagerShellCommand.java:337) at com.android.server.am.ActivityManagerShellCommand.runStartActivity(ActivityManagerShellCommand.java:434) at com.android.server.am.ActivityManagerShellCommand.onCommand(ActivityManagerShellCommand.java:185) at android.os.BasicShellCommandHandler.exec(BasicShellCommandHandler.java:98) at android.os.ShellCommand.exec(ShellCommand.java:44) at com.android.server.am.ActivityManagerService.onShellCommand(ActivityManagerService.java:10983) at android.os.Binder.shellCommand(Binder.java:929) at android.os.Binder.onTransact(Binder.java:813) at android.app.IActivityManager$Stub.onTransact(IActivityManager.java:5104) at com.android.server.am.ActivityManagerService.onTransact(ActivityManagerService.java:2993) at android.os.Binder.execTransactInternal(Binder.java:1159) at android.os.Binder.execTransact(Binder.java:1123)
Edit 8.
short tried this way...
Code:D:\Android\adb>adb shell freshul:/ $ su freshul:/ # am start -n com.android.dynsystem/.VerificationActivity D:\Android\adb> D:\Android\adb>adb shell freshul:/ $ su freshul:/ # am start -n com.android.settings/.development.DSULoader Starting: Intent { cmp=com.android.settings/.development.DSULoader } Error type 3 Error: Activity class {com.android.settings/com.android.settings.development.DSULoader} does not exist.
Edit 9.
Found something but still no success...
Code:freshul:/ # am start-activity \ > -n com.android.dynsystem/com.android.dynsystem.VerificationActivity \ > -a android.os.image.action.START_INSTALL \ > -d file:///sdcard/Download/system_raw.gz \ > --el KEY_SYSTEM_SIZE 1433051136 \ > --el KEY_USERDATA_SIZE 2000000000 Starting: Intent { act=android.os.image.action.START_INSTALL dat=file:///sdcard/Download/system_raw.gz cmp=com.android.dynsystem/.VerificationActivity (has extras) } freshul:/ #
the du -b thingie... found here:
Google Issue Tracker
issuetracker.google.com
if u dont have a file manager u can download com.sec.android.app.myfiles@subevilx
Thank you very much for DSU Sideloader Link.
At the moment I have tiny problems...
A
On my SM-R875F no valid Filemanager installed... to select folder...
I have to search 1...
B
On my SM-A202F Filemanager yes... but other problems... like unsupported blabla...
So need time to find valid Filemanager APK for GW4 to proceed...
Best Regards
Edit 1.
Attached from my SM-A202F... it is Android 11... but...
I hope because not seen such warnings... my GW4 have enough space with 8 GB User parttion...
Will check if I can find "myfiles" on APK Mirror...
Fingers crossed. Something comes out of it or if John Wu might take it an implement it for use in Magisk.It looks like this exploit caught the attention of the Magisk developer:
View attachment 5821261
Eh, I don't think he would. That's partly why Magisk moved away from MagiskHide, because he's not interested in defeating Android security measures, but rather using Zygisk to work around them. At least that's my impression. He stated as much in his State of Magisk announcement a couple years ago, that Magisk would no longer intercept and modify system security signals.Fingers crossed. Something comes out of it or if John Wu might take it an implement it for use in Magisk.
Still exploring this option at the moment. As development continues on....more doors that the team has not explored are becoming open. Maybe one day...this can lead to something great.Eh, I don't think he would. That's partly why Magisk moved away from MagiskHide, because he's not interested in defeating Android security measures, but rather using Zygisk to work around them. At least that's my impression. He stated as much in his State of Magisk announcement a couple years ago, that Magisk would no longer intercept and modify system security signals.
I would definitely like to see this exploit used to unlock bootloaders on otherwise locked devices, but given what @wr3cckl3ss1 and @K0mraid3 found earlier, this might not be possible
Right on, that's part of why I'm following this thread.Still exploring this option at the moment. As development continues on....more doors that the team has not explored are becoming open. Maybe one day...this can lead to something great.
At the moment. I'm trying to get it ported over to the P7P... specifically the VZW. Since it's the mecca of NO BL unlock and no root. In a couple of weeks, I hope to nail down some time to accomplish this, as all the time right now is with Samsung and getting support out where it's needed. As Samsung said themselves, they replicated System Shell on a Pixel 6 Pro. So I imagine the P7P isn't too far behind.Right on, that's part of why I'm following this thread.
This is only Samsung, yes? Has anyone tried this exploit on any other OEM builds or AOSP?
Well, you don't necessarily have to have a Pixel device to try this. Just use the AOSP 13 GSI Releases on any GSI-capable device; these are identical to the corresponding Pixel buildsAt the moment. I'm trying to get it ported over to the P7P... specifically the VZW. Since it's the mecca of NO BL unlock and no root. In a couple of weeks, I hope to nail down some time to accomplish this, as all the time right now is with Samsung and getting support out where it's needed. As Samsung said themselves, they replicated System Shell on a Pixel 6 Pro. So I imagine the P7P isn't too far behind.
From the look of things in this thread, I think the end goal is to be able to install custom rom without BL unlocked, at least a new way to install custom roms, if that's the case then i will glad be available for testing, I have got s10+ SD variant.Well, you don't necessarily have to have a Pixel device to try this. Just use the AOSP 13 GSI Releases on any GSI-capable device; these are identical to the corresponding Pixel builds
That is unfortunately not possible. Android Verified Boot prevents custom images from starting when bootloader is locked, and the only way around this would be to sign the images using the manufacturer's secret key.From the look of things in this thread, I think the end goal is to be able to install custom rom without BL unlocked, at least a new way to install custom roms, if that's the case then i will glad be available for testing, I have got s10+ SD variant.
That's why we've been removing posts.
- ... and Please! keep all your personal bickering via PMs, do not pollute the forum with your personal indifferences.
If you have a problem with a specific member please contact the Moderators for help, that's what we're here for, but we are not babysitters, we are here to gather, organize and provide useful information for our over priced phones
It's not that the questions shouldn't be asked, it's that they shouldn't be asked here. I'm going to start a PM thread involving a few of you so that we can get this straightened out.I've been quietly watching this for a while and I agree. I also find it unsettling that admins have removed the post discussing this issue.
While this might not be considered development under our criteria, Rule 13 still applies as well:12.1. Give credits where due - Credits and acknowledgements for using and releasing work which is based on someone else's work are an absolute must. Works reported to have no credits will be taken down until proper acknowledgements are added by the member in question;
12.3. Re-releasing other's works as your own is forbidden. The code that you release into the wild must have something beyond minor aesthetic changes that makes it better than the last. As this can be subjective, kang reports will be reviewed on a case by case basis. If you feel that your code has been kanged, please contact the Developer Relations Team (DRT) if you cannot solve the issue amicably via PM. Please understand that you will be asked to provide evidence to substantiate your claim;