Database Users

Noob Notes on Rooting/Romming/Customizing KF 1st-gen 6.3.2

Hi. A week ago I had no clue about any of this so I'm definitely a noob. I wanted to say thanks to everyone on this site who have contributed to the software, who've made guides, and who have answered questions. Special thanks to kinfauns for his Beginner's Guide and his Howto Root, etc. I had already started taking notes and piecing together definitions of the various parts of this process when I found his guide and fell over in worship. Also big thanks to Jcase for his 6.3 root guide, which gave me confidence in the procedure for rooting my 6.3.2 KF. I must also extend my gratitude to Thepooch for maintaining his Index of links for the KF. Unfortunately, I found this later rather than sooner, but it was an immense help anyway. Pokey9000, ChainsDD, TWRP, the CryanogenMod team, and Hashcode deserve thanks and recognition for their development and maintenance of software. (Links to each of these pages in next post.)
My story is that from the first day I bought the KF I had planned on ditching Amazon's crappy OS, but I just didn't have time or get around to it for years. I finally got googling the other day. I saw some simple directions, but not knowing what certain things did I wasn't willing to go running programs or commands on my computer and KF without having a better understanding and trust in the authors' instructions, so I kept reading. As I always do with complicated procedures that I'll probably forget by the time I do it a second time, I began taking some fairly detailed notes, especially on procedures. When I felt knowledgeable enough, I gave it a go and had only a minor hiccup. In the spirit of helping, I'm posting those notes here for others to use.
Experts, if you care to please feel free to correct anything you see that is wrong, or make suggestions. I'll probably incorporate some corrections, but I doubt I'll maintain this for too long. In other words, read the comments, people.
Noobs, please be aware that this is in no way a fully proper and tested procedure, nor is it in any way definitive. It is merely the things I learned starting from zero and getting to the point where I was comfortable enough to move forward. So keep this in mind. It does, however, also include many of the links and sources for my information, which should also help people make their own determination on things when it's clear I'm speculating. It also extends beyond the setup process into discussing apps a bit, which should be helpful for the complete noob like me.

###############################################
##### Android / Kindle Fire Rooting and Romming #####
###############################################
Read this (skip the windows driver section, but check out the section after that for fastboot and adb commands):
----- http://forum.xda-developers.com/showthread.php?t=1552547
And then this:
----- http://forum.xda-developers.com/showthread.php?t=1638452
And then note this for v6.3:
----- http://forum.xda-developers.com/showthread.php?t=1568340
And here is the repository for links to ROMs (including stocks), bootloaders, recoveries, et al.
----- http://forum.xda-developers.com/showthread.php?t=1859851
FYI: The Kindle Fire uses the ARM architecture in an TI OMAP 4430 chip.
----- http://www.zdnet.com/blog/hardware/inside-the-kindle-fire-processor/16317
----- The OMAP 4430 is a dual-core ARM A9 part clocked at 1GHz built using 45nm CMOS process. It features Symmetric Multiprocessing (SMP) and an integrated POWERVR SGX540 graphics accelerator (supporting OpenGL ES v2.0, OpenGL ES v1.1, OpenVG v1.1 and EGL v1.3) for 3D games and UI. It also features IVA 3 hardware accelerators to allow full HD 1080p video encode/decode. The chip also features on-board USB 2.0 support.
----- FYI: The 1st-generation Kindle Fire (which I have) is 'codenamed' Otter. The 2nd-gen is Otter2.
----- ----- http://wiki.cyanogenmod.org/w/Otter_Info
###################
#### Key Terms #####
###################
ADB (Android Debug Bridge) - Communicate with and control an Android-powered device over a USB link from a computer; part of the Android SDK; has a client, server, and daemon.
----- http://www.androidauthority.com/about-android-debug-bridge-adb-21510/
Code:
./adb help
Fastboot - A diagnostic and engineering protocol that you can boot your Android device into so you can modify the file system images from a computer over a USB connection, that is, you can flash roms to it. Is part of the ASDK (Requires more than the SDK - does it?), and specific USB drivers for windows. For fastboot to work, the device has to be in fastboot mode in order for the computer to send commands to it.
----- http://www.elinux.org/Android_Fastboot
Code:
./fastboot help
----- Usually commands are in the format: fastboot <operation> <kf_source/destination> <file>
----- So to change the splash screen image, something like:
----- ----- http://forum.xda-developers.com/showpost.php?p=21262416&postcount=126
Code:
fastboot flash splash1 splash1.img
Recovery Mods - Essentially a rudimentary OS / advanced bootloader. Many are ROM managers that allow you to switch between various OS's you have stored on your device in ROM format, or to add/delete them. You basically wipe the system then install a new one each time you switch ROMs. Recovery mods also serve backup functions, and allow tethering (so you can use your phone as an internet connection for your laptop). The term 'recovery' comes from Android's /dev/mtd/mtd1 recovery partition, as compared to the /dev/mtd/mtd2 boot partition; the latter is the primary boot holding the kernel and initrd with rootfs for default boot, while the former is the backup boot holding another kernel and initrd with rootfs in case the primary borks; note that mtd3 is the system partition holding the bulk of the Android system files, mtd4 is the cache which is only used for OTA (Over The Air Amazon/Sprint/Verizon updates) so largely unused, and mtd5 is userdata for user-installed apps and data.
----- http://www.elinux.org/Android_Fastboot
----- TWRP (Team Win Recovery Project) is one popular recovery, built on ASOP (Android Open Source Recovery) recovery.
----- ----- http://www.teamw.in/project/twrp
----- ----- http://teamw.in/project/twrp2/79 <- the kindle fire page
----- CWM (ClockworkMod) is another recovery, but there is some sort of bug with certain chips in 1st-gen Kindles that will brick sometimes with CWM, so don't use it.
----- ----- http://www.clockworkmod.com/
----- COTR (Cannibal Open Touch Recovery) is a newer recov. Open as in open source, touch as in touch screen.
----- ----- http://www.redmondpie.com/cannibal-...ures-of-all-custom-recoveries-under-one-hood/
Bootloader - Just like a linux bootloader. This is the first thing you install (after you get root access). The Kindle requires a special one because there needs to be a way to access recovery with just one button (as opposed to a cell phone).
----- FFFe (FireFireFire Extended) - Seems to be the most popular for Kindle Fire. The extended, I believe, is a variations where dual boot is enabled (see Recovery Mods info to get an idea of how that works.) To use it, when the logo pops up after you turn on the Fire press the power button. It also does some other stuff, like make fastboot easier (I think the usb detection triggering fastboot is the 1st stage, and the rest of FFF is second). I believe that FFF is based on kf_u-boot (which is now outdated?).
----- ----- http://forum.xda-developers.com/showthread.php?t=1369405
----- ----- http://forum.xda-developers.com/showthread.php?t=1615093 dual boot with FFFe
----- kf_u-boot - Pokey9000's (from http://forum.xda-developers.com) KF-specific fork of the firmware Das U-Boot (typically abbreviated as just "U-Boot") for Embedded PowerPC, ARM and MIPS systems.
----- ----- http://www.denx.de/wiki/U-Boot/
Bootmode - "As the Kindle Fire powers up or reboots, the bootloader begins to do its job and checks for the bootmode of the device. The bootmode tells the bootloader how it should proceed in the boot up process. Most users will just be concerned about three of these bootmodes: normal (4000), fastboot (4002), and recovery (5001). In a great majority of the cases, the Kindle Fire will be in the normal bootmode setting, telling the bootloader to continue right on to booting the operating system. However, there are circumstances when the device needs to be started up directly in fastboot or recovery mode. This is possible by changing the bootmode setting and rebooting the device. Bootmode is a persistent setting, meaning the Kindle Fire will remember this new setting until it is changed again. No amount of restarts or ROM flashes will change the bootmode until it is explicitly changed again."
----- http://forum.xda-developers.com/showthread.php?t=1552547
SU and Superuser.apk - Superuser is an app that manages what apps on your rooted device have access to the su binary. Apps that are granted su have elevated permissions and can modify just about any part of the system. Superuser.apk runs as any other app and gives you, the user, a place to see what apps you have allowed or denied, as well as view a log of which apps have used su when. The su binary is what other apps call when they need superuser rights. The binary checks the database maintained by Superuser.apk to determine if you have already granted rights to the requesting app, and if not tells Superuser.apk to display a prompt asking you for permission. Superuser comes pre-installed on any rooted ROM. In fact, without it, you don’t have a rooted device at all. You cannot uninstall it, it lives on the system partition with other apps that came pre-installed on your device. It can be updated from the Market if the developer of your particular ROM has used a version that is signed with the proper keys, which are publicly available on my github (see link).
----- http://androidsu.com/superuser/ (You want the ARM architecture for the KF.)
##########################################
##### Set up ADB and Fastboot (via ASDK) #####
##########################################
http://androidtweak.in/general/installing-and-setting-up-android-sdk-adb-and-fastboot-on-gnulinux/
1. Download and unpack the Android SDK from Google to /opt. Get the full ADT bundle.
----- http://developer.android.com/sdk/index.html#ExistingIDE
2. Inside its directory, inside sdk/tools, run ./android.
3. In the SDK Manager that opens check that under Tools the Android SDK Platform-Tools are installed. If not, install them.
4. Exit the SDK Manager.
5. Verify that there is now a sdk/platform-tools directory, and that adb and fastboot are in it.
6. If you want, you can add blah/sdk/platform-tools to your $PATH.
Code:
PATH=$PATH:blah/sdk/platform-tools
####################################################
##### Get ADB to recognize the device (Kindle Fire) #####
####################################################
1. Plug in your device. The screen that comes on is called Mass Storage Mode, which allows you to mount /mnt/usb (with fstab setup correctly: /dev/sdh /mnt/usb auto defaults,noauto,user,uid=1000,gid=100 0 0 # kindle fire). Pressing 'Disconnect' on the Kindle will turn off this mode. The following I did with it on, but I don't think it matters.
2. Run 'adb devices'. If you see the first results, ignore the rest of this section.
----- https://rechtzeit.wordpress.com/2011/02/24/adb-devices-shows-no-permissions/
Code:
adb devices
List of devices attached
0123456789012345 device
----- If you see the following, then udev is unable to determine the permissions for this USB device.
Code:
adb devices
List of devices attached
???????????? no permissions
3. Verify the device is connected and get some basic info. (If you're unsure which device is yours, do a lsusb before plugging it in as well.)
Code:
lsusb
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 004: ID 1949:0006 Lab126
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
...
----- So the Kindle is device 004 on bus 002, the vendor ID# is 1949, and 0006 is the device #.
4. Get more info. Note that the first result will probably be the last usb device plugged in, but verify by looking at the idVendor and idProduct as well as the manufacturer and product attribute lines.
Code:
udevadm info --attribute-walk --name=/dev/bus/usb/002/004
looking at device '/devices/pci0000:00/0000:00:13.2/usb2/2-5':
KERNEL=="2-5"
SUBSYSTEM=="usb"
DRIVER=="usb"
ATTR{configuration}==""
ATTR{bNumInterfaces}==" 2"
ATTR{bConfigurationValue}=="1"
ATTR{bmAttributes}=="c0"
ATTR{bMaxPower}=="500mA"
ATTR{urbnum}=="1473"
ATTR{idVendor}=="1949"
ATTR{idProduct}=="0006"
ATTR{bcdDevice}=="0216"
ATTR{bDeviceClass}=="00"
ATTR{bDeviceSubClass}=="00"
ATTR{bDeviceProtocol}=="00"
ATTR{bNumConfigurations}=="1"
ATTR{bMaxPacketSize0}=="64"
ATTR{speed}=="480"
ATTR{busnum}=="2"
ATTR{devnum}=="4"
ATTR{devpath}=="5"
ATTR{version}==" 2.00"
ATTR{maxchild}=="0"
ATTR{quirks}=="0x0"
ATTR{authorized}=="1"
ATTR{manufacturer}=="Amazon"
ATTR{product}=="Kindle"
ATTR{serial}=="123456789012345"
5. If you haven't up to this point, switch to root.
6. Create a udev rules file for the device.
Code:
cd /etc/udev/rules.d/
vi 99-android.rules
----- Note that udev is being replaced by hal (at least in Slackware), and so a rules/policy file will probably need to be made in /etc/hal/fdi/policy instead of this in the future.
7. Enter the following into it and save. You should be able to leave out owner:group to let anyone use, and there are probably several other variations that will work (e.g., I believe instead of SYSFS you can have ATTR or ATTRS).
Code:
SUBSYSTEM=="usb", SYSFS{idVendor}=="1949", OWNER="me" GROUP="users", MODE="666"
8. Try it again as root, and then as your user. You should now see the serial number from the udevadm command.
Code:
adb devices
List of devices attached
123456789012345 device
9. You will also need to add a second, identical line changing the idVendor attribute to "18d1". This may not become a problem for you, but when the KF boots into fastboot mode it ceases to be recognized as a standard Kindle and instead looks like this:
Code:
lsusb
...
Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 006 Device 002: ID 18d1:0100 Google Inc.
Bus 007 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
######################
##### Temp Root It #####
######################
In order to gain root access to the device, you must use one of several methods. Which one you use will depend on the device and its current system (firmware?) version. To find your version go to Settings -> More -> Device -> System Version. As of this writing (2013-09-20), my 1st-gen Fire is version 6.3.2. The generic Android root util called SuperOneClick is known to work on at least the 6.2 Kindle software versions. You can also install an app on your Kindle called ES File Explorer (Apps -> Store -> search for 'ES', select the app, click Free, click Get App, click Install, etc., Open App) that has a root util that comes installed in it (which should show up right there, check out youtube vids for details). You can also do it by hand using fbmode (known to work with 6.2 through 6.3.1). Note that most of the one click type utils just batch run fbmode commands or similar by hand methods.
1. Go to Settings -> More -> Device
----- 1a. -> Allow Installation of Applications, change it to on.
----- 1b. Be sure you see Battery Fully Charged. If something goes wrong, you don't want it running out of juice before you can fix it.
2. Connect your device to the computer, and disconnect (aka turn off Mass Storage Mode).
3. Verify that adb is working. The prompt in the first result means it is. If it's not you'll see the device not found error. (Be sure to exit the adb shell when done.)
Code:
adb shell
$
$ exit
adb shell
error: device not found
4. (Be sure to exit the adb shell first.) Check to see if you already have root access. If you get the first result, then you have root access and can skip the rest of this section.
Code:
adb root
adbd is already running as root
adb root
adbd cannot run as root in production builds
5. Get into fastboot mode somehow, fbmode is the easiest. This is a workaround to get you into fastboot mode when you don't have root privileges. Note that once you have root privileges, you can change the bootmode with "adb shell idme bootmode 4002; adb reboot" instead. (Also, I'm not sure if fbmode gives permanent root privileges.) First download fbmode and unzip it into the platform-tools dir.
----- http://forum.xda-developers.com/showthread.php?t=1414832
----- MD5sum: 091dc2ca822eab525d85aad629add7d3 fbmode.zip
----- I extracted it to sdk/platform-tools/fbmode(by_pokey9000).
----- 5a. Place the fbmode file onto your KF in /data/local/tmp. (You can also use /data/local. The /data partition is write accessible to unprivileged users so that's why we use it.)
Code:
adb push fbmode(by_pokey9000)/fbmode /data/local/tmp
3225 KB/s (510876 bytes in 0.154s)
----- 5b. Change the file to executable by running a command in a remote shell on the KF, and verify.
Code:
adb shell chmod 755 /data/local/tmp/fbmode
adb shell ls -l /data/local/tmp/fbmode
-rwxr-xr-x shell shell 510876 2011-12-29 01:32 fbmode
----- 5c. Now run the binary via a remote shell, and verify.
Code:
adb shell /data/local/tmp/fbmode
----- 5d. Reboot the device (will reboot into fastboot).
Code:
adb reboot
6. Immediately continue with installing a bootloader.
############################
##### Install a Bootloader #####
############################
There are lots of these available. Currently (2013-09-20) FireFireFire Extended v1.4a seems to be the most popular. Note that the older version of FFFe (prior to 1.4) caused the yellow triangle boot hang problem you may read about. As mentioned in the Key Terms above, you will need a bootloader specifically designed for the Kindle Fire so you will be able to access the recovery partition/software using the only (power) button.
1. Download FFFe, and unzip it into the platform-tools dir.
----- http://forum.xda-developers.com/showthread.php?t=1632375
----- ----- https://code.google.com/p/kindle-alt-roms-cm10-cm9-dev/downloads/detail?name=fffe-1.4.1-awidawad.zip
----- ----- SHA1: b99620e382ea5d01cb6fa9e465ab719f63621780
----- or: http://goo.im/devs/Hashcode/otter/bootloader/ <- this one is hashcode's and I think I trust it more.
----- ----- MD5sum: 419c53b922c963082454b14b7de75a90 fff-u-boot_v1.4a.zip
----- I extracted this into sdk/platform-tools/fff-u-boot_v1.4a(by_hashcode)
2. Flash the fff binary to the bootloader partition. The binary will be in the cache directory. I'm not sure you even need the META-INF files or the padfile. I expect it would have been fine to go from sdk/platform-tools/fff-u-boot_v1.4a(by_hashcode)/cache/fff-u-boot_v1.4a.bin, however, I'm not sure how important the other files are so I unzipped it all to the sdk/platform-tools dir and used it from there. The -i 0x1949 switch is required for non-root privileged devices.
Code:
fastboot -i 0x1949 flash bootloader fff-u-boot_v1.4a.bin
sending 'bootloader' (243 KB)...
OKAY [ 0.065s]
writing 'bootloader'...
OKAY [ 0.177s]
finished. total time: 0.242s
3. Continue immediately with flashing the recovery.
##########################
##### Install a Recovery #####
##########################
1. Download TWRP. As of this writing (2013-09-20) TWRP is at 2.6.3, and we want the Otter. (Note the codename for KF 1st-gen is Otter. So I assume Otter is what we want, but I've seen people mention or reference Blaze a lot. I'm not sure what that is, but since the references were usually a year or so old and since I know Otter will be correct, I'm going with Otter.)
----- http://teamw.in/project/twrp2/79
----- MD5sum: 8b5e6f15ab88ce52022991925dcd4ac0 openrecovery-twrp-2.6.3.0-otter.img
----- I extracted this directly into sdk/platform-tools/.
2. Flash the openrecovery image to the KF's recovery partition. The -i 0x1949 switch is required for non-root privileged devices.
Code:
fastboot -i 0x1949 flash recovery openrecovery-twrp-2.6.3.0-otter.img
sending 'recovery' (6564 KB)...
OKAY [ 1.648s]
writing 'recovery'...
OKAY [ 1.416s]
finished. total time: 3.064s
3. You now need to reboot the KF. Do not do 3a, but read because in Jcase's 2.6.3 instructions, he tells you:
----- http://forum.xda-developers.com/showthread.php?t=1568340
----- 3a. Your device will now boot into twrp recovery, and flash the firefirefire bootlaoder. When done it will prompt you to reboot. Upon reboot you will get stuck on the "yellow triangle" screen of firefire fire.
Code:
fastboot oem idme bootmode 5002
fastboot reboot
----- I have no idea what he's talking about. Those commands did not work for me. When I figured out how to restart in a manner that made more sense (see 3b.), I selected to boot into the TWRP recovery, and as far as I could tell, TWRP did not flash its own version of FFF, nor did it reboot. It simply started TWRP. I poked around in there. It did at one point tell me that it was not yet rooted and asked me if I wanted to have it do it, but I declined to follow the rest of Jcase's instructions. Point of the story: ignore 3a, and do 3b instead.
----- 3b. Reboot the KF.
Code:
fastboot -i 0x1949 reboot
rebooting...
finished. total time: 0.000s
4. This will now boot into the FFF bootloader, which will offer you a choice prior to booting into the primary OS of booting into recovery. You will want to do that for the next commands to work. You need to immediately continue to permanently root it.
############################
##### Permanently Root It #####
############################
1. Get Superuser/Su and unzip it. As of this writing (2013-09-20) the latest is Superuser 3.2 RC3. The KF uses the ARM chip architecture so we want the ARM version (see above in the Key Terms section). Note that you need to make its own directory to unzip it into because all but two of its files are the same that as those that came with FFF, and in case they are different (use diff) you don't want to replace them; if they are different, you'll have to make the call which versions you want to use. The two files you do want no matter what will be in the system/ directory.
----- http://androidsu.com/superuser/ (You want the ARM architecture for the KF.)
----- MD5sum: 6462ac14cd38ed7c539ce3e29a6b92a8 Superuser-3.2-RC3-arm-signed
----- I extracted it into sdk/platform-tools/Superuser-3.2-RC3-arm-signed(by_ChainsDD)
----- 1a. Once in recovery, mount the /system partition in read/write mode. ("adb shell remount system" might also do this, and it will change a mounted /system between r/w and ro.)
Code:
adb shell mount system
----- 1b. Copy su to the right place in /system.
Code:
adb push Superuser-3.2-RC3-arm-signed(by_ChainsDD)/system/bin/su /system/xbin/su
3447 KB/s (85096 bytes in 0.024s)
----- 1c. Change the ownership to root only (so nobody can mess with it).
Code:
adb shell chown 0.0 /system/xbin/su
----- 1d. Change the permissions to executable (so anyone can try to get su), and verify.
Code:
adb shell chmod 06755 /system/xbin/su
adb shell ls -l /system/xbin/su
-rwsr-sr-x 1 root root 85096 Feb 29 2008 /system/xbin/su
2. Disable the root checker by renaming the executable. (I suppose you could just chmod a-x it, but this is how the pros do it, so I'll stick with their method.) I'm not entirely certain what check_rooted does, but I assume it is used by Amazon and will cause headaches.
Code:
adb shell ls -l /system/bin/check_*
-rwxr-xr-x 1 root shell 54680 Aug 1 2008 /system/bin/check_prereq
-rwxr-xr-x 1 root shell 5556 Aug 1 2008 /system/bin/check_rooted
adb shell mv /system/bin/check_rooted /system/bin/check_rooted.bak
adb shell ls -l /system/bin/check_*
-rwxr-xr-x 1 root shell 54680 Aug 1 2008 /system/bin/check_prereq
-rwxr-xr-x 1 root shell 5556 Aug 1 2008 /system/bin/check_rooted.bak
3. Return to normal bootmode (4000), and reboot. (Actually I'm not sure we ever changed it since we didn't use Jcase's "oem idme bootmode 5002" command, and I'm pretty sure fbmode only changes it for 1 reboot. But doing this will not hurt anyway.)
Code:
adb shell idme bootmode 4000
<idme> write 4000 to offset 0x1000
adb reboot
4. After reboot, when you're back in Amazon's default OS, install the Superuser app. It will appear in your carousel. Play with it.
Code:
adb install system/app/Superuser.apk
7539 KB/s (1500495 bytes in 0.194s)
pkg: /data/local/tmp/Superuser.apk
Success
######################################
##### Make A Full (up to 8GB) Backup #####
######################################
This will back up all partitions and the hidden NVRAM data. If you ever have to restore from scratch, you can get fastboot to write a new partition table and then fastboot in these backups. Need >8GB local free, and adb installed and able to get a shell.
----- http://forum.xda-developers.com/showthread.php?t=1369405
1. Make a new directory to store the dump files and cd into it.
Code:
sudo mkdir /mnt/1.2tb.pri_my300/KindleFire
sudo mkdir /mnt/1.2tb.pri_my300/KindleFire/preROMing.backup
2. Make sure that your KF is running adb as root (as above in #? of the Root It section).
Code:
adb root
adbd is already running as root
3. Then pull the blk copies from the device. This will place them on the root fs, and then I move them to the backup directory. (I'm sure you can direct them to the end destination with pull, but I didn't figure that out before I ran this.)
Code:
for F in `seq 1 12`; do adb pull /dev/block/mmcblk0p$F; done
adb shell idme ? > nvram.txt
sudo mv mmcblk* nvram.txt /mnt/1.2tb.pri_my300/KindleFire/preROMing.backup
#######################
##### Install a ROM #####
#######################
http://forum.xda-developers.com/showthread.php?t=1638452
1. Download the one you want from the link. Hashcode, who is active on xda-developers, maintains the CryanogenMod, and he seems to be trusted to do quality work so I'll use the latest CM ROM. As of this writing (2013-09-20) the CryanogenMod-10.2 is current. Note the codename for KF 1st-gen is Otter (not Otter2, not sure what blaze is for).
----- http://forum.xda-developers.com/showthread.php?t=2410112
----- http://goo.im/devs/loosethisskin/otter/cm-10.2
----- MD5sum: 7a5c807f410ecaeb37220bda8c7b4eee cm-10.2-20130913-0258-otter-sgt7.zip
2. Copy the ROM.zip file to the /sdcard directory on the KF, and checksum it.
Code:
adb push cm-10.2-20130913-0258-otter-sgt7.zip /sdcard
6569 KB/s (186800117 bytes in 27.769s)
adb shell md5sum /sdcard/cm-10.2-20130913-0258-otter-sgt7.zip
7a5c807f410ecaeb37220bda8c7b4eee /sdcard/cm-10.2-20130913-0258-otter-sgt7.zip
md5sum cm-10.2-20130913-0258-otter-sgt7.zip
7a5c807f410ecaeb37220bda8c7b4eee cm-10.2-20130913-0258-otter-sgt7.zip
2. Definitely check and follow the instructions on the specific ROM's info page. In this case, I believe it is the standard methodology. Since it tells us to also install Gapps, we need to download that as well. (See Install Gapps section below for more info.)
----- 2a. Download it. In my case, Hashcode has given instructions to get it the following link. You are to match up your CryanogenMod version with the appropriate Gapps version, which is made easy with the table at the top.
----- ----- http://goo.im/gapps
----- ----- MD5sum: 1f51b5cc6370c1f45dc951109b6ce6ed gapps-jb-20130813-signed.zip
----- 2b. Copy it to the KF, and checksum it.
Code:
adb push gapps-jb-20130813-signed.zip /sdcard
adb shell md5sum /sdcard/gapps-jb-20130813-signed.zip
1f51b5cc6370c1f45dc951109b6ce6ed /sdcard/gapps-jb-20130813-signed.zip
3. Wipe cache, dalvik, data and system (full wipe). Wipes typically remove the existing files in the data and cache partitions that could interfere with the operation of the new system software. A "Factory Reset" will delete any installed apps, software/network settings, etc. It will not touch the /sdcard directory that contains music, eBooks, and files of that nature. In our case, we need to do the four listed by Hashcode.
----- 3a. From the main menu of TWRP, Wipe -> Advanced Wipe -> Select Partitions to Wipe
----- 3b. Check the dalvik, data, cache, and system boxes.
----- 3c. Swipe to Wipe.
4. Install from your ROM.zip, and tell it to install Gapps while you're at it.
----- 4a. From the main menu of TWRP, "Install"
----- 4b. Navigate to the /sdcard directory on the left (should be the default the first time you use TWRP) and select the cm-10.2-20130913-0258-otter-sgt7.zip file from the list on the right.
----- 4c. Check the box "Zip file signature verification?" if you've placed .md5 files with the zips. Even though you already have, it's nice to make sure TWRP agrees with you.
----- 4d. Press "Add More Zips"
----- 4e. Select the gapps-jb-20130813-signed.zip file from the right.
----- 4f. Swipe to flash install them.
5. When it's finished and you are prompted, press "Reboot.
6. When you reboot, CM will take some time to get going the first time, just let it. Then walk through the setup process. All your setings, like the Wi-Fi password, will be gone and need to be recreated.
7. Cleanup by deleting the zips within the File Manager app.
###################################
##### Install Google Apps (Gapps) #####
###################################
You may not actually need this. It may come installed with the ROM, but you'll definitely want Gapps either way because this includes Google Marketplace where you can get all the Android apps.
1. Download it. In my case, Hashcode has given instructions to get it the following link. You are to match up your CryanogenMod version with the appropriate Gapps version, which is made easy with the table at the top.
----- http://goo.im/gapps
----- MD5sum: 1f51b5cc6370c1f45dc951109b6ce6ed gapps-jb-20130813-signed.zip
###################################
YOU'RE DONE MOTHER****ER!
Play around.
Try some other stuff:

###################
##### ~/.android #####
###################
It's useful to have a single place on your main box to keep everything you want/need. So:
1. Make a ~/.android dir and cd into it.
2. Make some dirs.
----- .Bootloader
----- .Recovery
----- .ROM
----- .ROM/CM-10.2
3. link to platform tools
Code:
ln -s ../../../opt/adt-bundle-linux-x86_64-20130917/sdk/platform-tools/ .platform-tools
4. Move the fbmode and superuser dirs from there to here.
----- .fbmode(by_pokey9000)
----- .superuser-3.2-RC3-arm-signed(by_ChainsDD)
5. Move fff-u-boot_v1.4a(by_hashcode) into .Bootloader, move openrecovery-twrp-2.6.3.0-otter.img into .Recovery, move cm-10.2-20130913-0258-otter-sgt7.zip and gapps-jb-20130813-signed.zip in .ROMS/CM-10.2 (you move gapps with it because it is fairly specific to the ROMs)
6. CD to the real /opt/.../platform-tools. Symlink to those six dirs and files.
#####################
##### App Backup #####
#####################
Besides complete backups, you can also simply save the apps you have installed to you 'puter. This is useful before you go uninstalling **** that you only think you don't need. Of course, there are apps that will do most of the following for you, namely Titanium Backup, which you should probably use since they'll sync things instead of just overwriting.
1. Navigate to your ~/.android/ director.
2. mkdir an apps folder, an apps/system, and an apps/data.
3. Copy all the apk files to your pc. Note that the data/app files are all unimportant apps that you've downloaded. The system ones are what you really need to be concerned about removing.
Code:
adb pull /system/app ./app/system
pull: building file list...
pull: /system/app/FaceLock.apk -> ./FaceLock.apk
pull: /system/app/VoiceSearchStub.apk -> ./VoiceSearchStub.apk
pull: /system/app/TalkBack.apk -> ./TalkBack.apk
...
adb pull /data/app ./app/data
pull: building file list...
pull: /system/app/FaceLock.apk -> ./FaceLock.apk
pull: /system/app/VoiceSearchStub.apk -> ./VoiceSearchStub.apk
pull: /system/app/TalkBack.apk -> ./TalkBack.apk
...
----- You can also look at the package list via the package manager, and include their associated files (-f) if you want.
Code:
adb shell pm list packages
...
adb shell pm list packages -f
...
----- Or grab the list files directly and look at them.
Code:
adb pull /data/system/packages.xml .
adb pull /data/system/packages.list .
----- You can install or uninstall via adb (assuming you have root access and system is mounted rw)
Code:
adb root
adb remount (or adb mount -o rw,remount /system)
adb install <package name>
adb uninstall <package name>
----- Or more viciously:
Code:
adb shell rm -f /system/app/<apk-name>.apk
----- Or via the package manager:
Code:
adb shell pm uninstall <package-name>
###############################
##### Remove Unneeded Apps #####
###############################
Check out this page to give you a list of apps included with your specific CM OS version. Then remove ones you don't want. You will want to use ES File Explorer to shutdown, clear data/cache, then uninstall these. For some you'll need to use ES in root mode, which can be found in ES's settings.
[couldn't post the url]
[couldn't post the url]
Android Keyboard (AOSP) - If you replace this with a different keyboard, you can remove this safely. I like Hacker's Keyboard, but honestly I don't feel quite safe eliminating this one altogether.
Apollo - Music app/widget. You will probably want to replace with something else that handles more codecs.
Bluetooth Share - The KF doesn't have bluetooth.
Bubbles - This and other wallpapers can obviously be removed.
Calculator - Might want to replace this with a better one.
Calendar, Calendar Storage - You can remove this, but Google uses it to sync with your Google account. More importantly, it appears that _LOTS_ of calendar apps use Google's Calendar/Sync as a proxy. So even if you find a different calendar app, it might need Google's stuff here to work correctly. Leave it alone.
Cell Broadcast (Receiver) - This app operates on a different frequency than primary cell/data/text service. This means that when an emergency happens and too many people are calling each other at the same time, the cell carriers, and really the govt, can broadcast emergency info that will get to everyone. You can also use it to listen to a specific channel if you know someone is broadcasting on it. Obviously, since the KF doesn't have cell service, this is completely useless and can be removed.
Clock and cLock - You can remove both, but the system Clock might need to be kept for certain apps to function. cLock doesn't need to be there. I did take out both, and FancyWidget's clock kept working so it obviously didn't depend on this app and took date/time from the system itself. That said, Clock does provide an alarm, and so might possibly be the primary alarm service.
Downloads & Download Manager - You might be able to replace these, but why bother.
DSP Manager - Digital Sound Processing. This is basically an equalizer, but does let you make different settings for speakers, headphones, etc. There are probably better, but why bother. More, do you really need this at all? Wait and find out.
Email - An email client. Can be replaced by something else. You don't need this as long as you're solely using gmail or other web-based email.
Exchange Services - This is a client for MS Exchange. It provides the server-client sync.
Face Unlock - Provides capability to unlock screen with face recognition. With no camera, the KF has no need for this whatsoever.
File Manager - If you've replaced it with ES File Explorer, you can remove this. However, I think it's not a bad idea to keep this around as a backup. Of course, with the ability to use ADB to install, it's really not necessary.
Focal - This is CM's replacement for android's standard camera app. The KF has no camera, remove this.
Gallery - Is a simple 3d photo browser. There are probably better ones, but since your KF doesn't have a camera this will only be useful for pics you grab from the net. You probably will not need anything better.
Google Ears - This is a widget that will ID songs for you by listening. This is a problem since the KF doesn't have a built in mic. It might work via a headset device's mic. You can try it and see. I'm not sure if this might also ID a song playing through the KF, like if you're listening to internet radio.
Google Feedback - This is the app that reports back to Google when apps bork. I always turn error reporting off, but removing this would ensure nothing hinky takes place without your knowledge. On the other hand, other Google apps might wig out if it's not there. CM says it's safe to remove.
Google One Time Init - This runs the first time you start the device. That CM link says that it conflicts with another Google app. Remove it after the first run.
Google Partner Setup - Not sure what it does, but according to the second link it's no problem to remove. I removed it from the startup list so far.
Live Wallpaper Picker - Yeah, you need this.
Market Feedback Agent - It's a Google app that allows other apps to call it and ask you to provide market feedback, you can safely kill or remove it.
Media Uploader - This is an app for use with Swingular.com that lets you take pics of yourself and share them to people you're cybering with. It has things like auto-faceblurring. You can use this without a cam, but with the KF it seems unlikely. Remove.
Mobile Data - Used for data xfer on cell carrier network. Pretty sure it won't hurt to remove.
Mobile Network Config - Used for configuring cell network. Pretty sure it won't hurt to remove.
Movie Studio - This is a fairly low-rated video editor. It was probably included by CM for size and/or simplicity. You don't really need a vid editor on your KF since with no camera you can't take vids. I honestly can't imagine needing to replace this, so remove.
News & Weather - A simple news reader app. Probably should find a replacement.
Notepad3 - This is a simple text editor app. It is very small, so you could probably leave it even if you replace it with something else.
One Time Init - See Google One Time Init above. I think these are two parts of the same thing, but this one might be to trigger the CM Account app and prompt for registration.
Picasa Uploader - Uploads pics to your Picasa account. Since no camera on KF, remove this.
Pico TTS - Is a service for Text to Sound. It might only be used by TalkBack below, in which case you can eliminate it. But, it also might be used by other TTS apps, in which case you'll probably want it around.
Provider Telephony - Provides APIs for monitoring the basic phone information, such as the network type and connection state, plus utilities for manipulating phone number strings. Probably can safely remove this.
Search Applications Provider - This has to do with Google Search. Apparently there's a bug in it that makes this slow down search. I don't think it's a good idea to remove this, but you should disable it in the App Manager. This could, however, cause problems so keep it in mind.
Setup Wizard - Runs the first time you start phone. Remove it.
SMS Push - This has to do with text messaging and also WAP Push. You can probably remove it, but might want to wait.
----- [couldn't post url]
Sound Recorder - A simple recorder. Probably don't need more.
TalkBack - This is a Google app that will read and speak aloud text from your phone's menus and some Google apps. So for Gmail it'll read the subject line of each email you touch. It's for blind people and probably not all that great for them, either, since it's pretty limited. There are other apps that do TTS (Text to Sound), and I'd recommend looking into those. I'd say remove this, but who knows how *****y Google will get about it. See Pico TTS above.
Terminal Emulator - Is one of the most popular terms. I think Terminal IDE is better, so you should at least add that, if not replace this altogether.
Trebuchet - This is a launcher service which does a lot more than just launch apps. Good launchers provide _lots_ of additional ui customizations, and Trebuchet is one of the better ones. Keep it unless something changes in the near future. Halo (notification manager) is somehow related to this, although I think it is a seperate app; Halo is also considered excellent.
User Dictionary - A user dictionary addon for android devices that do not have a standard user dictionary component. It is used by the keyboard and god knows what else. Do not remove it. There are similar apps. It might be possible to replace this with one of the others, but why bother.
Voice Dialer - This is a voice activated dialer for phones by Google. Obviously the KF doesn't need it.
Voice+ - Another phone related Google app; it catches all outgoing calls and uses Google Voice service to connect you with the dialed number by calling you back on your selected callback number first, then calling the number you dialed. I think it basically covers your cell phone's number with an online one. Obviously the FK doesn't need this, either.
###################
##### Add Apps #####
###################
Important:
DroidWall - Simple firewall app, lets you whitelist apps to give access to the internet.
Titanium Backup - System backup/restore app, lets you transfer apps/data/settings from one OS/mod to the next.
ES File Explorer - File manager.
ES Task Manager - Lets you kill apps.
TrustGo Security - FW/AV. Lets you scan your system/apps, scan incoming, etc. Currently one of the better free Firewall/AntiVirus for Android. It will probably be replaced by the next time you need to dl one, so google.
Greenify - Resource manager of sorts, it lets you choose which apps to have free reign of resources, and which to stick into hibernate mode when you're done using them. This means you don't have to constantly use ES Task Manager to kill apps when you're finished with them.
Adfree - Downloads/Updates a hosts file to block ads from the internet and apps.
System Tuner - Has endless tweaks, diagnostics, and functions.
Terminal IDE - A terminal emulator with all sorts of nice features and commands. Just poking around in this for a couple minutes and I'm in love. It installs a bunch of C binaries of commands you're used to, giving a much more familiar robustness. Note that this will create a $HOME directory for you that exists within the app's own /data/ directory tree. If you want to create a single home for all apps, you will need to make some changes.
ROM Manager - This would be useful if it would use TWRP, but since it's developed by the same guys as ClockworkMod Recovery, it insists you install that. Since at this time it seems CWM has problems with Kindle Fire?, you probably won't be able to use much of this for a while. What you really need is to find an entire system image creator for backups. ROM Manager does have a function for fixing permissions, which presumably makes sure nothing has messed up the permissions on important sys files.
Apps:
Amazon App Store - This is the second largest after Google's, but you'll have to get the app store app to use it. And there will be apps only available there.
Keyboard - You can remove the keyboard that comes with your OS if you replace it with a different one.
Hacker's Keyboard - This is a full keyboard complete with arrow keys. It also has a function key to get Home, End, the F row, etc. You can set it so that it will use the Android Keyboard in portrait mode, but switch to the HK in landscape.
Swype - Lets you drag finger across screen to each letter rather than tapping.
SwiftKey - Predictive text is the specialty here, gets to know you and can predict your next word.
Widgets:
FancyWidgets - Not perfect, but gives you a nice clock/weather widget.
WeatherBug - Gives you detailed weather info.
Browser:
Android Browser: Seems fast.
Dolphin - I think this is the winner. Pretty fast, and also has a lot of good features.
FF - Seems slow, and also has your familiar add-ons, but there would be the nice advantage of bookmarks sync. Of course, with a hosts file based ad block (AdFree) you won't need adblock and that should help.
Opera - Seems fast but limited in features.
There are many others.
Browserlike Apps:
Gmail - Google's gmail reader app.
Tapatalk - A BBS forum reader/interface app.
Facebook - Some say a good, others say a ****ty FB reader app.
DuckDuckGo - Is a search app that I believe you can set up to punt you off to a browser if you're going to do much more.
Ebook Reader:
----- TTS (Text to Sound) - I'm not sure if you'll need one of these or if one will come in your ebook reader, but I think you'll eventually want to check it out. It'd be nice to be able to have a book or wikip page read to you while doing other ****. Also see Pico TTS.
There are a lot.
Video Player, Video Editor:
tbd
Music Player:
tbd
News Reader:
tbd
Pic Viewer, Pic Editor:
tbd
RSS Reader:
tbd
Maps:
Google Maps - Supposedly there's a way to get offline maps, but I couldn't figure it out.
Maps With Me - Offline. I dig it.
OsmAnd - Offline. Didn't like.
RMaps - Offline. Didn't like.
MapsOn - Offline. I dig it.
Misc:
Google Sky Map - A very fun app to have to see the location of stars, planets, galaxies, and constellations.
Bubble Level (not sure of name) - An app that will act like a carpenter's level.
Screenshot UX - Lots of root and non-root screenshot apps. I liked this the best.
Games / Learning - Be very careful of these. Definitely want to AV scan these before using. Watch their permission requests for strange things they shouldn't need.
Chess Free
Sudoku Plus
Duolingo - Learn a language.
Solitaire
Tetris
##################################
##### Stop Auto Startup of Apps #####
##################################
It will scare you how many apps and services startup by default. Use SystemTuner -> Startups. And uncheck all these (note that some need to have other things installed before you do this, like the Android Keyboard, so be smart).
Android Keyboard AOSP
Calendar, Calendar Storage
Clock - This might cause probs, but shouldn't.
CyanogenMod Account
DSP Manager - You may want to check that this starts on its own when you start your media apps. If not, if you want this you'll have to start it by hand, or turn this startup back on.
Firefox
Gallery
Gmail
Google Contacts Sync
Google Partner Setup
Google Play services
Google Play Store
Google Search
News & Weather
ROM Manager
System Tuner
Titanium Backup
WeatherBug

Fixed. No links in 3rd post, sorry.

Sent from the 404

DirtyCow based Universal Debloater [Root not required]

This tool uses Dirty COW (CVE-2016-5195) vulnerability in the Linux kernel to escalate privilege and disable/enable system packages.
It should work on all Android versions which exposed to this vulnerability.
To use this Universal Debloater is very easy.
Start Universal Debloater by double click on { Debloater.bat } file and follow the informations on the screen - it's easy. All menu letters are case Insensitive and you can type how you want [B or b, etc.], and the numbers... are just numbers
Usage:
- DISABLE PACKAGES
This option makes disable script from the selected list of packages and run it for disable packages on device.
Note: Packages list should consist of the names of packages, each on a separate line and must be placed in "/package lists" directory.
You can get packages list by selecting the appropriate option in the menu.
Note: Do not forget to uncomment package names which you want to disnable, by deleting "#" symbol before name in the beginning of the line (do not touch the second).
- ENABLE PACKAGES
This option makes enable script from the selected list of packages and run it for enable packages on device.
Note: Packages list should consist of the names of packages, each on a separate line and must be placed in "/package lists/disabled/" directory.
You can get disabled packages list by selecting the appropriate option in the menu.
Note: Do not forget to uncomment package names which you want to enable, by deleting "#" symbol before name in the beginning of the line (do not touch the second).
- READ PACKAGES
This option makes packages list by reading from device and comparing with database.
If you select to "get all packages list", you will get list of all system packages from your device. You can find it in "/package lists" directory.
If you select to "get disabled packages list", you will get list of only disabled system packages from your device. You can find it in "/package lists/disabled/" directory.
In the list you can see description of known packages and location of apk files associated with unknown packages to make a decision about enabling/disabling this package. Before using this list to enable/disable packages do not forget to uncomment package names which you want to enable/disable, by deleting "#" symbol before name in the beginning of the line (do not touch the second).
Download:
Universal_Debloater_by_D1kiy_v1.0b
Credits:
* man'[email protected] for advice;
* [email protected] for some help with script;
* [email protected] for his Image Kitchen from which I took design;
* [email protected] for his Debloat Script which gave me idea;
* Tony Monroe for cowsay program;
* Dennis Bareis for the CTEXT DOS coloring tool;
* Phil Oester for his discovery CVE-2016-5195;
Click to expand...
Click to collapse
Please respect my work and if you use it don't forget to hit the THANKS button in my thread. And if you take it and share it on other sites, or integrate it in other tools, give proper credits for my work.
XDA:DevDB Information
Universal Debloater, Tool/Utility for all devices (see above for details)
Contributors
D1kiy
Version Information
Status: Beta
Current Beta Version: 1.0b
Beta Release Date: 2017-01-21
Created 2017-01-21
Last Updated 2017-01-21

Reserved

This only disables the packages right? Can it uninstall them? If not, it's cool, just wondering, because there is quite a few of them on my phone that need to be eliminated. Great work either way!

hydroman202 said:
This only disables the packages right? Can it uninstall them? If not, it's cool, just wondering, because there is quite a few of them on my phone that need to be eliminated. Great work either way!
Click to expand...
Click to collapse
Yes, this tool only disables packages. Unfortunately you can not uninstall them without normal root.

D1kiy said:
Yes, this tool only disables packages. Unfortunately you can not uninstall them without normal root.
Click to expand...
Click to collapse
How do i enter root shell?
---------- Post added at 06:08 PM ---------- Previous post was at 05:58 PM ----------
I figured it out, but all I get is setresgid/setresid failed.

hydroman202 said:
How do i enter root shell?
---------- Post added at 06:08 PM ---------- Previous post was at 05:58 PM ----------
I figured it out, but all I get is setresgid/setresid failed.
Click to expand...
Click to collapse
On which android version? And after what you get this error?

D1kiy said:
On which android version? And after what you get this error?
Click to expand...
Click to collapse
It is marshmallow 6.0.1. It happens when attempting to elevate to root. I will upload a screen shot here in a minute.

Here is a screenshot:

Also, if it helps, I have only the setsid in the system bin directory.

hydroman202 said:
It is marshmallow 6.0.1. It happens when attempting to elevate to root. I will upload a screen shot here in a minute.
Click to expand...
Click to collapse
/system/bin/run-as does not have the setuid bit set on your device.
I will look for possibility to fix this.

D1kiy said:
/system/bin/run-as does not have the setuid bit set on your device.
I will look for possibility to fix this.
Click to expand...
Click to collapse
Thank you

Hello. I have tried this on Note 4 N910C
and I get error: Package 'con' is unknown
I have attached screens with the log and my android version as well.
Thank you for the tool anyway!

Run as error
it says Run as: Package exec is unknown

How do I re-enable some of the debloated apks

Mainly the amazon prime video app and the music one since I bought a prime membership. I can't install from the play store (Error code 910). I can't enable from adb (c:\adb>adb shell pm enable com.amazon.avod
Error: java.lang.SecurityException: Permission Denial: attempt to change component state from pid=7334, uid=2000, package uid=32052). I can't install from adb (c:\adb>adb shell pm install com.amazon.avod
pkg: com.amazon.avod
Failure [INSTALL_FAILED_INVALID_URI]). This is an unrooted hd 8 2016 6th generation and I believe I initially debloated it using one of the available automated tools. The app is listed as not installed for this user in the "Manage All Applications" screen. I feel like I'm missing something in regards to specific user information in my enable command as I don't think I could have unintentionally uninstalled it without root. Any help would be greatly appreciated.

Didn't mean to post this in general. My bad
Sent from my ONEPLUS A6013 using Tapatalk

Reset to factory.
You are uninstall the system package using 'pm uninstall -k --user 0 <package_name>'.
You can't re-install/re-enable it.
Recommend method:
pm hide/unhide <package_name>
https://forum.xda-developers.com/hd8-hd10/general/a-t3820744

bluesnaketree said:
Mainly the amazon prime video app and the music one since I bought a prime membership. I can't install from the play store (Error code 910). I can't enable from adb (c:\adb>adb shell pm enable com.amazon.avod
Error: java.lang.SecurityException: Permission Denial: attempt to change component state from pid=7334, uid=2000, package uid=32052). I can't install from adb (c:\adb>adb shell pm install com.amazon.avod
pkg: com.amazon.avod
Failure [INSTALL_FAILED_INVALID_URI]). This is an unrooted hd 8 2016 6th generation and I believe I initially debloated it using one of the available automated tools. The app is listed as not installed for this user in the "Manage All Applications" screen. I feel like I'm missing something in regards to specific user information in my enable command as I don't think I could have unintentionally uninstalled it without root. Any help would be greatly appreciated.
Click to expand...
Click to collapse
If your apps are hidden, by applying the method in the thread that erono gives you the link, you can unhid them. If the link to the Facebook app is not valid, tell me, I have a backup of it.
If your apps are disabled/uninstalled you have to reinstall them. Your command is not correct, you have omitted the apk extension at the end of the app name and this is better to copy the app to the device (eg, to /sdcard/) and then install it from the device via adb ( adb shell pm install /sdcard/com.amazon.avod.apk ) or via your file explorer app. Do you have a backup of the apks? If not I can pull them from my device (same as yours) and give you a link.

0mr1 said:
If your apps are hidden, by applying the method in the thread that erono gives you the link, you can unhid them. If the link to the Facebook app is not valid, tell me, I have a backup of it.
If your apps are disabled/uninstalled you have to reinstall them. Your command is not correct, you have omitted the apk extension at the end of the app name and this is better to copy the app to the device (eg, to /sdcard/) and then install it from the device via adb ( adb shell pm install /sdcard/com.amazon.avod.apk ) or via your file explorer app. Do you have a backup of the apks? If not I can pull them from my device (same as yours) and give you a link.
Click to expand...
Click to collapse
Sorry 0mr1, I know this thread has gone a bit stale... but I deleted and uninstalled my com.amazon.avod and need to reinstall it to get Prime Video working again. Can you extract that apk you were offering to bluesnaketree?

klister said:
Sorry 0mr1, I know this thread has gone a bit stale... but I deleted and uninstalled my com.amazon.avod and need to reinstall it to get Prime Video working again. Can you extract that apk you were offering to bluesnaketree?
Click to expand...
Click to collapse
No problem man, here it is.

No root required - Completely block the OTA updates with modded DeviceSoftwareOTA.apk

Hi guys I'm blocking the Amazon's system updates or over-the-air updates with modded DeviceSoftwareOTA.apk under the post
Features of modded DeviceSoftwareOTA.apk
-> Removed OTA links
-> Removed unwanted component declaration like permissions, services and receivers
-> Modified any classes like AmazonDownloadManager
-> Removed and corrupted OTA controller to prevent forcing the updates
Let's Get Started
1. Go to Settings -> Device Options -> About Fire tablet -> Serial number and tap the several times until you see the Developer Options appear.
2. After the Developer Options appears under the About Fire tablet menu, Go to Developer Options -> USB Debugging and enable it.
3. Open Command Prompt on your PC and approve the USB device
4. Verify the attached devices
Code:
adb devices
5. Install the modded DeviceSoftwareOTA.apk as an existing
Code:
adb install -r path/to/DeviceSoftwareOTA.apk
Legend: -r = re-install an existing app, -d = downgrade the version code of DeviceSoftwareOTA.apk to causing an error, fails and never forcing the OTA updates
or can also add -d to downgrade the version code
Code:
adb install -r -d path\to\DeviceSoftwareOTA.apk
6. Go to Settings -> Device Options -> System updates and tap CHECK NOW to checking for getting an error and fails
The OTA updates has been blocked.

AmznUser444 Dev said:
Hi guys I'm blocking the Amazon's system updates or over-the-air updates with modded DeviceSoftwareOTA.apk under the post
Features of modded DeviceSoftwareOTA.apk
-> Removed OTA links
-> Removed unwanted component declaration like permissions, services and receivers
-> Modified any classes like AmazonDownloadManager
-> Removed and corrupted OTA controller to prevent forcing the updates
Let's Get Started
1. Go to Settings -> Device Options -> About Fire tablet -> Serial number and tap the several times until you see the Developer Options appear.
2. After the Developer Options appears under the About Fire tablet menu, Go to Developer Options -> USB Debugging and enable it.
3. Open Command Prompt on your PC and approve the USB device
4. Verify the attached devices
Code:
adb devices
5. Install the modded DeviceSoftwareOTA.apk as an existing
Code:
adb install -r path/to/DeviceSoftwareOTA.apk
Legend: -r = re-install an existing app, -d = downgrade the version code of DeviceSoftwareOTA.apk to causing an error, fails and never forcing the OTA updates
or can also add -d to downgrade the version code
Code:
adb install -r -d path\to\DeviceSoftwareOTA.apk
6. Go to Settings -> Device Options -> System updates and tap CHECK NOW to checking for getting an error and fails
The OTA updates has been blocked.
Click to expand...
Click to collapse
I cannot install this apk because the signatures do not match. :crying:

Datastream33 said:
Hi guys I'm blocking the Amazon's system updates or over-the-air updates with modded DeviceSoftwareOTA.apk under the post
Features of modded DeviceSoftwareOTA.apk
-> Removed OTA links
-> Removed unwanted component declaration like permissions, services and receivers
-> Modified any classes like AmazonDownloadManager
-> Removed and corrupted OTA controller to prevent forcing the updates
Let's Get Started
1. Go to Settings -> Device Options -> About Fire tablet -> Serial number and tap the several times until you see the Developer Options appear.
2. After the Developer Options appears under the About Fire tablet menu, Go to Developer Options -> USB Debugging and enable it.
3. Open Command Prompt on your PC and approve the USB device
4. Verify the attached devices
5. Install the modded DeviceSoftwareOTA.apk as an existing
Legend: -r = re-install an existing app, -d = downgrade the version code of DeviceSoftwareOTA.apk to causing an error, fails and never forcing the OTA updates
or can also add -d to downgrade the version code
I cannot install this apk because the signatures do not match. :crying:
Click to expand...
Click to collapse
Can you install via ADB

AmznUser444 Dev said:
Can you install via ADB
Click to expand...
Click to collapse
Unfortunately, I cannot. It just returns the invalid signature error.

Newbie question as I'm just about to receive my Fire 10; what customizations will an OTA break?

After you got a failed to install the modded DeviceSoftwareOTA.apk because the signature verification?
Re-install the modded DeviceSoftwareOTA.apk as a root and reboot your device

I got Failure [INSTALL_FAILED_UPDATE_INCOMPATIBLE] message on a Fire Stick 2, 5.2.7.0, any ideas about how to solve it?

Lochy19 said:
I got Failure [INSTALL_FAILED_UPDATE_INCOMPATIBLE] message on a Fire Stick 2, 5.2.7.0, any ideas about how to solve it?
Click to expand...
Click to collapse
Can you only install it to root?

Lochy19 said:
I got Failure [INSTALL_FAILED_UPDATE_INCOMPATIBLE] message on a Fire Stick 2, 5.2.7.0, any ideas about how to solve it?
Click to expand...
Click to collapse
Tried it too but it will not work. You need to be rooted Best thing that you can do is install No Root Firewall.

[XZ1c/XZ1/XZp] temp root exploit via CVE-2019-2215 including magisk setup [Locked BL]

temp root exploit for sony xperia XZ1c/XZ1/XZp with oreo firmware
by j4nn
https://j4nn.github.io/​
Let me present you a temp root exploit for sony xperia XZ1 Compact / XZ1 / XZ Premium phones running android oreo firmware.
The exploit uses CVE-2019-2215, which can get you a temporal root shell very quickly and reliably (it's nearly instant).
SUPPORTED TARGETS
XZ1 Compact
G8441_47.1.A.8.49 (tested myself)
G8441_47.1.A.16.20 (tested myself)
XZ1
G8341_47.1.A.16.20
G8342_47.1.A.16.20
XZ Premium
G8141_47.1.A.16.20
G8142_47.1.A.16.20
with bindershell-v2 following targets added:
Xperia XZ1
G8343_47.1.A.12.150 (Freedom Canada)
G8343_47.1.A.12.205 (Freedom Canada)
SO-01K_47.1.F.1.105 (Docomo Japan)
SOV36_47.1.C.9.106 (AU Japan)
Xperia XZ1 Compact
SO-02K_47.1.F.1.105 (Docomo Japan)
XZ Premium
SO-04J_47.1.F.1.105 (Docomo Japan)
with bindershell-v2x following target added:
Xperia XZ1
701SO_47.1.D.11.32 (Softbank Japan)
This is an alternative method to my renoroot exploit release before, to get a temp root shell for TA (drm keys) backup .
I've also implemented a script to start up magisk from the temp root shell, so this can be used nicely with still locked phones to enable magisk root without unlocking bootloader with the latest oreo fw. You still cannot modify anything in /system or /vendor partitions due to dm-verity, but you could use it for other useful stuff, like iptables based firewall for example.
Listed firmware versions may be found for example here:
https://www.xperiasite.pl/forum/221-firmware/
https://boycracked.com/?s=xperia+xz1
USAGE HOWTO
to get a simple temp root shell
just download bindershell.zip, unzip, 'adb push bindershell /data/local/tmp' and get temp root:
Code:
G8441:/ $ cd /data/local/tmp
G8441:/data/local/tmp $ chmod 755 ./bindershell
G8441:/data/local/tmp $ ./bindershell
bindershell - temp root shell for xperia XZ1c/XZ1/XZp using CVE-2019-2215
https://github.com/j4nn/renoshell/tree/CVE-2019-2215
MAIN: starting exploit for devices with waitqueue at 0x98
PARENT: Reading leaked data
PARENT: leaking successful
MAIN: thread_info should be in stack
MAIN: parsing kernel stack to find thread_info
PARENT: Reading leaked data
PARENT: Reading extra leaked data
PARENT: leaking successful
MAIN: task_struct_ptr = ffffffecc9691b00
MAIN: thread_info_ptr = ffffffecc4c34000
MAIN: Clobbering addr_limit
MAIN: should have stable kernel R/W now
kaslr slide 0x1d35200000
selinux set to permissive
current task credentials patched
got root, start shell...
G8441:/data/local/tmp #
for temp root with magisk setup
do as in previous option and download also the magisk-setup-from-exploit.zip and Magisk-v19.3-Manager-v7.1.2.zip, unzip both and use following commands in addition (skip starting the bindershell in previous section):
Code:
adb install MagiskManager-v7.1.2.apk
adb push Magisk-v19.3 /data/local/tmp
adb shell 'cd /data/local/tmp/Magisk-v19.3 ; chmod 755 * ; /system/bin/sh ./update-binary -x ; ./magiskinit -x magisk magisk'
adb push magisk-setup.sh /data/local/tmp
adb shell chmod 755 /data/local/tmp/magisk-setup.sh
(also present in the included magisk-push.sh script, which you can simply execute in linux or possibly rename to a .bat file and execute it in windows too /not tested though/)
The above would copy the needed stuff to your phone.
Then after each boot you can use following command to startup magisk via the exploit:
Code:
adb shell 'cd /data/local/tmp ; ./bindershell -c ./magisk-setup.sh'
see post#41 for a possibility to start this exploit again after reboot without use of adb, thanks to @Tifs
SOURCES
Source code for the exploit (bindershell) is available here:
https://github.com/j4nn/renoshell/tree/CVE-2019-2215
Magisk startup script is obviously already in source form inside the magisk-setup-from-exploit.zip archive attached.
Magisk binaries packed in the Magisk-v19.3-Manager-v7.1.2.zip are not modified upstream released Magisk-v19.3.zip and MagiskManager-v7.1.2.apk, extracted only needed components and combined into single archive.
It might be possible to use other versions (v19.3+), but that has not been tested and is not supported in any way.
CREDITS
thanks to @arpruss for the su98 exploit variant (where binder_thread wait queue is at 0x98 offset instead of 0xa0, needed completely different approach than the original exploit) - the core of the exploit up to kernel space r/w primitives has been used
DOWNLOAD

Hi @j4nn, it's done for my XZ1 DUAL. Many thanks. But when I unplug the phone from computer, then temp root will be reset, it is normal?
Ps: Do I need to worry/care about dm-verity?

I can permanently uninstall bloatware, install adaway and other applications that need root..
I think it's said. But I need to ask.
Thank you
Sent from my [device_name] using XDA-Developers Legacy app

[email protected] said:
I can permanently uninstall bloatware, install adaway and other applications that need root..
I think it's said. But I need to ask.
Thank you
Click to expand...
Click to collapse
Yes, you can install and use e.g. adaway, AFWall+ etc.
But - as already mentioned in the op - it's not possible to modify /system and /vendor, due to dm-verity, which is still present with a locked bl. Therefore you can't get rid of bloatware, which is placed in /system or /vendor

Actually you can remove bloatware permanently, but without gaining any storage space.
It is possible to do that via oem partition - there you can make modifications, dm-verity does not check oem partition.
It is possible to define which applications would be "removed", then even factory reset would not enable them again.
This way of bloatware removal is quite tricky, as you may need to test factory reset to see if the phone boots or not.
Such debloating can be done via early_config.xml in oem partition - there you can permanently blacklist apps with entries like this:
Code:
<string-array name="config_packagesBlacklist">
<item>com.amazon.mShop.android.shopping</item>
</string-array>
<string-array name="config_packagesFullBlacklist">
<item>com.amazon.mShop.android.shopping</item>
</string-array>

temp root for new targets available with bindershell-v2 - following targets added:
Xperia XZ1
G8343_47.1.A.12.150 (Freedom Canada)
G8343_47.1.A.12.205 (Freedom Canada)
SO-01K_47.1.F.1.105 (Docomo Japan)
SOV36_47.1.C.9.106 (AU Japan)
Xperia XZ1 Compact
SO-02K_47.1.F.1.105 (Docomo Japan)
XZ Premium
SO-04J_47.1.F.1.105 (Docomo Japan)
(offsets extracted from kernels from fully downloaded firmwares)

j4nn said:
temp root exploit for sony xperia XZ1c/XZ1/XZp with oreo firmware
by j4nn
Click to expand...
Click to collapse
Nice work j4nn :good:

@j4nn
Thank you very much for the possibilities you give us due to your great work.
Once TA backup has been carried out, Magisk installed and changes made using root example install adaway, some Magisk module, etc.
These changes are maintained if we update firmware to Pie?
Can we continue using root with Magisk in Pie?
Thanks in advance
Sent from my [device_name] using XDA-Developers Legacy app

@[email protected], it's only a temp root. Once you power off / reboot, it is not rooted anymore, you would need to start the exploit again - just the last command starting magisk. Using magisk modules might work or not, it depends - magisk is used in a way here that it has not been designed in (normally it should be started from kernel's ramdisk before the original init).
You need to unlock and restore ta backup in order to get possibilities like custom kernels or full roms, pie or whatever...
The only permanent customizations may be done in oem partition. You could tune the blacklisted apps there in an oem version from pie firmware to prepare it for pie upgrade and then manually flash the rest of the pie fw skipping oem to keep the modded/debloated seetup in oem while running pie with still locked BL, obviously without root.
Or stick with the exploitable fw version (latest oreo) to be able to startup magisk after each boot, if you cannot unlock your BL.

Klaus N. said:
Yes, you can install and use e.g. adaway, AFWall+ etc.
But - as already mentioned in the op - it's not possible to modify /system and /vendor, due to dm-verity, which is still present with a locked bl. Therefore you can't get rid of bloatware, which is placed in /system or /vendor
Click to expand...
Click to collapse
Hi @j4nn, can we modify /etc or /cache? Of course we cannot with /system /vendor, but I have no idea about another place.

@anaconda875, I believe /etc is a symlink to /system/etc. You could redirect it somewhere else and make changes there. But it would be only temporal, because content of / is coming from kernel's initramfs, that is not possible to modify persistently with just a temp root. You can modify /cache, but I am afraid there is not that interesting stuff to change there.
In my opinion, the most interesting stuff you can modify is the content in /oem, where you can permanently block apps (debloat) or change stuff related to wifi/lte calling.

Many thanks @j4nn

not works sov36 LB .
Solved
Realle work thanks j4nn

@Aviv_Gopax, please do not full quote the very big opening post for no reason at all.
Instead you could provide some details from your test - what fw version do you have and a log from your test.

j4nn said:
@Aviv_Gopax, please do not full quote the very big opening post for no reason at all.
Instead you could provide some details from your test - what fw version do you have and a log from your test.
Click to expand...
Click to collapse
Sorry hehe , Im Using Fw Oreo Build 106

@Aviv_Gopax, I did recheck the SOV36 target offsets and I do not see a reason why it would not work.
Please post the log from the run of ./bindershell as shown in the OP in usage howto section - is not any error there?

downgraded to supported fw (G8342_47.1.A.16.20), and also followed all procedures on both old and new temp root posts, but only showed:
my bad, eventually learned how to backup TA with new method, thank you j4nn!
but I'm gonna unlock and restore some other day.

@j4nn how did you find the offsets? from the stock kernel source code? I'm btw also interested in extracting the keys from the trustzone exploit before upgrading my device

@tombbb, thank you for your donation, really appreciated.

@tb_, cannot get to my PC for some more days to provide the details, but in the case of this cve the most important thing is the offset of the wait queue inside the binder_thread struct - the original poc assumes 0xa0 offset, while for yoshino 0x98 offset is used. That fundamentally changes the core of the exploit. I tried to adapt it similarly for XZ2,there 0xa0 is used,so original poc needs to be adapted. It would never work though, because of hw based mitigation - see my post here:
https://forum.xda-developers.com/showpost.php?p=81689337&postcount=1528