i made those changes hroark13, boots like you said rw but it must be in ram buffer cause I made a test file and after reboot it was gone I will keep looking, there is the line in the boot.img about boot_fixup 1 is system rw, 0 is ro, and I think that has to do with recovery anydieas? at least the boot.img boots
your not gonna get system r/w while booted from the boot partiton, if that is what your trying
here is what i posted on XDA
Quote:
Originally Posted by
radio16
Has "ANYONE " actually thought this through , randomly----- perhaps root ( in the traditional way)cant be done because there is already a way to access the r/w system built in but hidden, but its not done in the old root methodology!? maybe , just maybe its as simple as finding the correct way to access to gain read/write access to the system , I guess .... I dunno im just throwing it out there ... maybe someone should try the simple things first. How much more simple could that be... access is there just use the right password???
Perhaps we are looking at the ZTE ZMAX programming all wrong-- does anyone agree with me on this? anyone??????????????????????
yes they have a way, it is threw recovery, that is how they flash all their updates, they do not need system to be r/w any other time
---------- Post added at 01:50 PM ---------- Previous post was at 01:18 PM ----------
Quote:
Originally Posted by
DroidisLINUX
I have been saying it since root has been achieved that there is probably a way by editing our boot.IMG, there is about 7 fof the dozen or so files inside the boot.img that all check and mount the system as ro and if you look at them one or two say rw while in recovery
If someone was to change all the
mount system ro,barrier=1
Lines in all files to
mount system rw
Instead and repackage the boot.img we could probably see full read write in regular boot.
I have tried but I can't get the boot.img packaged to the correct offset and be 16 megs. I was using xda's android kitchen
But since then I found another Linux tool that is supposed to be for newer androids made in 2014 that can pull a boot.cnf that should be able to get the correct offsets and size of dead space right, but my device is being worked on so I can't test it yet when I get my new device back I'll let you know if I find anything
Sent from my DROID BIONIC using XDA Free mobile app
dude I have already told you, you are talking about mounting system ro or r/w not system write protecting, it is different, it is in the boot loader(aboot or LK "Little Kernel"), not the main boot kernel (zImage) or ramdisk, do you think I would not been able to get passed it, if it was the init rc files ?
This is how ZTE implements this system write protection.
When the phone is turned and when the boot loader is loading (this is before the boot kernel). There is code executed that reads the Extended CSD of the mmc card (ext_csd)
https://android.googlesource.com/ker...m_shared/mmc.c
Line 2567
I am not sure if we can mod the ext_csd or not, I have tried and failed, and there is a lot of info in that csd, but it also has information on any sectors that are to be write protected, this is determined by some params like wp_grp_size and such. Now if the boot loader boots you into regular Android (boot from the "boot" partition" it temporarily write protects those sectors and they can not be changed. If however the boot loader boots you into recovery, the boot loader does not do this.
Now there is code in the kernel zImage that denies permission to mounting or remounting /system as r/w. This is why people get permission denied, when they try to remount /system, same thing it is not called if you booted into recovery
Since we have the source code to the kernel, you can bypass or removed this code if you want and you will not get the permission denied error anymore when you try to re-mount system, and it will look like you have R/W to the /system partition, and you can delete a file and it will disapear, but as soon as you reboot the phone any changes you made will be gone, because you were only modding the buffer, I have it this way in my CM12.1 I think
https://github.com/hroark13/android_...c/card/block.c
if you look at line 271 and3239
they both says #if 0, it use to say #if 1, but I changed it to bypass the code, I am not sure why I did this, I dont know if we can use it anyway or not
Anyway to get back to my point, unpacking the boot.img, and changing some lines in the init rc files is not gonna get you system r/w
what you want is a bootloader unlock or a way to mod the ext_csd
And consider yourself lucky because ZTE implements this write protection on more than one partition on other phones, like the ZTE Whirl 2 is write protected, on /system boot recovery, basically everything but data and cache, so they can not even flash a custom recovery to get r/w access, or flash boot to recovery to get Android booted with /system r/w
If you dont believe me maybe @
jcase can verify it, he should know all this
