Database Users

[Q] SU files installed but not giving permission via ADB

I've been trying to fix my kindle fire for a while now. My ultimate problem is that my build.prop is not in my /system/ but I have been trying to push a replacement build.prop to that directory to no avail. It looks like I have superuser installed. Superuser.apk is in system/app/ and there are a few SU directories around my file system.
My problem is that even though I have SU in my file system, I am not getting the correct permissions when accessing the KF through adb. Whenever I type in su it says permission denied. Similarly, whenever I try to change the permissions for /system/ I am denied as well. Whenever I type in su, it says "segementation fault".
It seems to me that there are three possibilities:
1. I somehow have the superuser files in place but the SU program itself is not installed.
2. SU is installed but because I can't fully boot up my KF, I can't give ADB Root access through SU because I can't pull up the "allow access" dialog box.
3. Something stupd like I"m trying the wrong commands.

Maybe your kindle auto updated and broke root? But if you've already updated and re-rooted I'm not sure what the issue would be.
Sent from my Nexus S 4G using XDA App

hmmm...I think a main thing I need to know for sure before I continue is if my phone is even rooted for sure. I have the superuser.apk in system/app. I don't have anything in data/local. I have a SU directory in a couple places. Is there any way for ADB to recognize if a phone is rooted (perhaps if the file system is set up a current way?) without having access to root priveledges itself?

Same here, BurritoRoot, I've tried this on both Linux/Mac, but either way, I can never get su to work so my Kindle can be r/w.

Maybe try
adb shell
$su
If $ changes to # you have root.
When installing su check the file permissions on the directory as well.
Sent from my Kindle Fire using Tapatalk

just a try:
adb shell
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
what's the answer ?
if the response is not a failure you should have r/w

b63 said:
just a try:
adb shell
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
what's the answer ?
if the response is not a failure you should have r/w
Click to expand...
Click to collapse
That worked, thank you!
---------- Post added at 02:37 AM ---------- Previous post was at 02:29 AM ----------
But then I lose them after a reboot.
---------- Post added at 02:44 AM ---------- Previous post was at 02:37 AM ----------
$su doesn't give me a # anymore either.

Jessical said:
That worked, thank you!
---------- Post added at 02:37 AM ---------- Previous post was at 02:29 AM ----------
But then I lose them after a reboot.
---------- Post added at 02:44 AM ---------- Previous post was at 02:37 AM ----------
$su doesn't give me a # anymore either.
Click to expand...
Click to collapse
that command only remounts the system partition r/w - not permanent !
but after issuing the comand:
you can copy files, change permission or whatever
you can also run kfu to permantly root with superuser

Fixxxxxxxxxx!
http://forum.xda-developers.com/showthread.php?p=21034648#post21034648
That thread I started has the fix for your issue

taseedorf said:
http://forum.xda-developers.com/showthread.php?p=21034648#post21034648
That thread I started has the fix for your issue
Click to expand...
Click to collapse
It just stalls at:
fastboot -i 0x1949 boot twrp-blaze-2.0.0RC0.img
downloading 'boot.img'...
Then nothing.

Did you download the image file? You can just renamed the command and use the twrp from fire utility recovery directory

taseedorf said:
Did you download the image file? You can just renamed the command and use the twrp from fire utility recovery directory
Click to expand...
Click to collapse
How would I do that? I downloaded twrp-blaze-2.0.0RC0.img
I have used the terminal in the past, even compiled stuff like Chrome OS, but I don't know anything except the stuff that people put in the instructions...
Where is the boot.img itself coming from?

removed accidently some systemapps

hey guys I removed some systemapps and now I cant install the new row update. can some one please upload a titanium backup
thanks

titanium backup won't work for system apps. you will need a system dump. which apps do you need? i have a dump but i won't upload the whole dump cause its about 1 gb.

ok. thanks for the quick reply. im not sure but it sholud only be the music app. it would be great if you could upload it.

just unpack it and copy both files into the /system/app folder with i.e. rootexplorer etc.

here i uploaded nearly the whole dump:
System Dump

i am the same don't know how to do now.
---------- Post added at 06:11 PM ---------- Previous post was at 06:08 PM ----------
@bananenlarry
I delete some app after root,then I unroot for some reason.
I can't not get root again,and also can not update OTA2 because missing APP.
waht can I do now?

@feskey
how did you unroot? did you delete superuser.apk from /system/app? then download Superuser from market again. because the su file from /system/xbin/ should still be there.

@bananenlarry
Unroot by following command.Su was clean up.
Instructions
1. Follow instructions to set up ADB.
2-Run "adb shell" from a command prompt.
3-In the ADB shell, type the following commands:
su
(this will cause a prompt to come up on the phone asking you to grant root permissions, accept this)
Then, back in ADB shell:
mount -o rw,remount /dev/block/system /system
rm /system/app/Superuser.apk
rm /system/xbin/su
rm /system/bin/su

omg you really unrooted your device thought you just deleted the superuser.apk. i don't know exactly how the root exploit works but as i know it uses a lenovo app to do so. if you also deleted that app, root isn't possible in your case. you will have to wait until there will be another method for rooting.

[HOW TO] Flashing ClockworkMod via ADB

So was helping someone flash ClockworkMod via ADB in another thread, just thought if I made a topic for it, everyone can see it so if people have any issues they can always use this method instead.
Anyway, here are the instructions:
The 'flash_image' is within the attached zip file! Use the file within the zip file, NOT the zip file itself
The 'recovery.img' is your chosen recovery file, get this off ClockworkMods website or if you have a copy use that. Then when flashing the recovery image where ever it says 'recovery.img' replace that with the name of the recovery file.
Put the recovery image and the flash_image on the root of your C drive.
So,
(make sure you're in the command prompt and have changed directory to where the adb file is)
adb push c:\flash_image /sdcard/
adb push c:\recovery.img /sdcard/
adb shell
su
mount -o remount, rw /system
cp /sdcard/flash_image /system/bin
cd /system/bin
chmod 777 flash_image
flash_image recovery /sdcard/recovery.img
It has now been flashed successfully
Hope this is of use to some people

Thanks! Very helpful.

varsaljr said:
Thanks! Very helpful.
Click to expand...
Click to collapse
As repeated in many places, press the thanks button instead of posting thanks

Hello, when i enter abd shell, then su.
I get acces denied..
what to do? :O

MrKiller2010 said:
Hello, when i enter abd shell, then su.
I get acces denied..
what to do? :O
Click to expand...
Click to collapse
u rooted and have superuser on your phone??

No i dont some one told me to do this cause my screen freezes when im trying to root it. Chek the How to root your blade.
Sent from my ZTE-BLADE using xda premium

You must be rooted for this, root using z4root or something
Sent from my ZTE-BLADE using Tapatalk 2

MrKiller2010 said:
No i dont some one told me to do this cause my screen freezes when im trying to root it. Chek the How to root your blade.
Sent from my ZTE-BLADE using xda premium
Click to expand...
Click to collapse
Dude i didn't know u weren't rooted yet. U don't need to use adb to root. Just Google z4root modaco and click on the first link. Install z4root and permanent root it. Don't forget to install rom manager and flash cwm from within it

Oh, well z4root doesn't work for me cause i got 2.3.5 i heard that the only way to root my blade is this: http://forum.xda-developers.com/showthread.php?t=1319257
and that doesn't work, it freezes when i enter the command "adb reboot bootloader" it reboots and stay on the ZTE logo and freezes. :S

MrKiller2010 said:
Oh, well z4root doesn't work for me cause i got 2.3.5 i heard that the only way to root my blade is this: http://forum.xda-developers.com/showthread.php?t=1319257
and that doesn't work, it freezes when i enter the command "adb reboot bootloader" it reboots and stay on the ZTE logo and freezes. :S
Click to expand...
Click to collapse
That's what it is supposed to do. That's it in fastboot mode. You need to go on to the next step at that point.

Well when i enter next command nothing happends.
Sent from my ZTE-BLADE using xda premium

matt4321 said:
You must be rooted for this, root using z4root or something
Sent from my ZTE-BLADE using Tapatalk 2
Click to expand...
Click to collapse
So what's the point in doing it?
Just install rom manager & use that instead.
---------- Post added at 04:17 PM ---------- Previous post was at 04:16 PM ----------
MrKiller2010 said:
Well when i enter next command nothing happends.
Sent from my ZTE-BLADE using xda premium
Click to expand...
Click to collapse
You need to install drivers for fastboot if you use Windows. Sometimes you might need to unplug the usb, then plug it back in again & try fastboot again.
It should at least give an error.

wbaw said:
So what's the point in doing it?
Just install rom manager & use that instead.
Click to expand...
Click to collapse
What's the point in using fastboot to flash clockworkmod, it's just another way of doing it, some may prefer other ways (yeah via rom manager is a lot easier i know) but spread the knowledge, may be of use to some people.

matt4321 said:
What's the point in using fastboot to flash clockworkmod, it's just another way of doing it, some may prefer other ways (yeah via rom manager is a lot easier i know) but spread the knowledge, may be of use to some people.
Click to expand...
Click to collapse
You don't need your phone to be rooted to use fastboot, it's a method for new stock roms that have all the common root exploits fixed.
So, what's the point in this method when using Rom Manager is much easier? If you've already rooted your phone then this has to be one of the hardest possible ways to install clockworkmod.

wbaw said:
You don't need your phone to be rooted to use fastboot, it's a method for new stock roms that have all the common root exploits fixed.
So, what's the point in this method when using Rom Manager is much easier? If you've already rooted your phone then this has to be one of the hardest possible ways to install clockworkmod.
Click to expand...
Click to collapse
I was never able to get fastboot working for my blade, always had driver issues, yet adb was fine. So I was able to use this method to flash and try the clockworkmod recovery touch that was released for us (turned out to be useless haha) but that couldn't be done via rom manager (well yeah, but you had to pay and i'm a poor student) so that's an example of when it could be useful.
point aside this is just another way, I just want people to learn as i am here to learn too.

Permission Denied
I need to flash CWM recovery using this adb method since I dont have data on the phone(Videocon Zeus V7500.. a clone of Commtiva Z51).
I have all the files in the right places but when I put the first command I get the following error :
I:\>adb push c:\flash_image /sdcard/
failed to copy 'c:\flash_image' to '/sdcard//flash_image': Permission denied ,
What permissions do I have to grant?

Try adb push c:/flash_image /sdcard/flash_image
Sent from my RACERII using xda app-developers app

Nevermind I figured it out, the problem was that I had mounted sd card to PC and I guess that was causing the problems.
I got it to work and have flashed CWM recovery now
Code:
I:\>adb push c:\flash_image /sdcard/
751 KB/s (26172 bytes in 0.034s)
I:\>adb push c:\recovery-clockwork-2.5.1.3-z71.img /sdcard
2444 KB/s (3831808 bytes in 1.531s)
I:\>adb shell
$ su
su
# su
su
# mount -o remount, rw /system
mount -o remount, rw /system
# cp /sdcard/flash_image /system/bin
cp /sdcard/flash_image /system/bin
# cd /system/bin
cd /system/bin
# chmod 777 flash_image
chmod 777 flash_image
# flash_image recovery /sdcard/recovery-clockwork-2.5.1.3-z71.img
flash_image recovery /sdcard/recovery-clockwork-2.5.1.3-z71.img
Thanks you very much for this thread

how to??
matt4321 said:
So was helping someone flash ClockworkMod via ADB in another thread, just thought if I made a topic for it, everyone can see it so if people have any issues they can always use this method instead.
Anyway, here are the instructions:
The 'flash_image' is within the attached zip file! Use the file within the zip file, NOT the zip file itself
The 'recovery.img' is your chosen recovery file, get this off ClockworkMods website or if you have a copy use that. Then when flashing the recovery image where ever it says 'recovery.img' replace that with the name of the recovery file.
Put the recovery image and the flash_image on the root of your C drive.
So,
(make sure you're in the command prompt and have changed directory to where the adb file is)
adb push c:\flash_image /sdcard/
adb push c:\recovery.img /sdcard/
adb shell
su
mount -o remount, rw /system
cp /sdcard/flash_image /system/bin
cd /system/bin
chmod 777 flash_image
flash_image recovery /sdcard/recovery.img
It has now been flashed successfully
Hope this is of use to some people
Click to expand...
Click to collapse
friend plss suggest me that how to use this flash_image and where should i put it
in mobile system or in pc drive c
plsss tell me clearly because when i use it in cmd it says su not found whts the mean of this plss tell me clearly one by one step
i am not able to understnd
pls pls pls help me
---------- Post added at 04:09 PM ---------- Previous post was at 03:55 PM ----------
mandloihitesh said:
friend plss suggest me that how to use this flash_image and where should i put it
in mobile system or in pc drive c
plsss tell me clearly because when i use it in cmd it says su not found whts the mean of this plss tell me clearly one by one step
i am not able to understnd
pls pls pls help me
Click to expand...
Click to collapse
heyy plss i m confused in command
i dont know what commnds should i usee
plss help me
plss
---------- Post added at 04:13 PM ---------- Previous post was at 04:09 PM ----------
saaransh9 said:
u rooted and have superuser on your phone??
Click to expand...
Click to collapse
ya i rooted my phone and superuser is also installed on my phone then wht to do
????
clockworkmod is not working in recovery manager also
said unrecognized

thanks for this. Got me out of a jam

[HOWTO] Alternate Unbricking Method

This unbricking method requires that you have adb working and have root access.
First, download the latest system update for your device.
For the 7" HDX, they are posted at
http://www.amazon.com/gp/help/customer/display.html?nodeId=201357190.
For the 8.9" HDX, they are posted at
http://www.amazon.com/gp/help/customer/display.html/ref=hp_left_v4_sib?ie=UTF8&nodeId=201357220.
Now, please note that I DO NOT have a Kindle Fire HDX, so if this doesn't work, let me know and I will remove it immediately.
Try these commands:
Code:
adb shell
su
mount -o rw,remount /cache
mkdir /cache/recovery
echo install /cache/kindleupdate.bin > /cache/recovery/openrecoveryscript
chmod 0777 /cache/recovery/openrecoveryscript
exit
exit
adb push your-downloaded-update.bin /cache/kindleupdate.bin
adb reboot recovery
The only thing that you have to do is replace "your-downloaded-update.bin" with the path to your downloaded update. (To make it easier and avoid typos, I always just drag and drop the file into the terminal/command prompt window.)
Please also note that IT IS OKAY if the command "mkdir /cache/recovery" fails, as long as the error message says file already exists or something along those lines.
If this helped you repair your beloved HDX, feel free to hit that "Thanks" button.
Sent from my Nexus 7 using Tapatalk

r3pwn said:
This unbricking method requires that you have adb working and have root access.
First, download the latest system update for your device.
For the 7" HDX, they are posted at
http://www.amazon.com/gp/help/customer/display.html?nodeId=201357190.
For the 8.9" HDX, they are posted at
http://www.amazon.com/gp/help/customer/display.html/ref=hp_left_v4_sib?ie=UTF8&nodeId=201357220.
Now, please note that I DO NOT have a Kindle Fire HDX, so if this doesn't work, let me know and I will remove it immediately.
Try these commands:
Code:
adb shell
su
mount -o rw,remount /cache
mkdir /cache/recovery
echo install /cache/kindleupdate.bin > /cache/recovery/openrecoveryscript
exit
exit
adb push your-downloaded-update.bin /cache/kindleupdate.bin
adb reboot recovery
The only thing that you have to do is replace "your-downloaded-update.bin" with the path to your downloaded update. (To make it easier and avoid typos, I always just drag and drop the file into the terminal/command prompt window.)
Please also note that IT IS OKAY if the command "mkdir /cache/recovery" fails, as long as the error message says file already exists or something along those lines.
If this helped you repair your beloved HDX, feel free to hit that "Thanks" button.
Sent from my Nexus 7 using Tapatalk
Click to expand...
Click to collapse
Nice. Never thought of the simple echo install. Sometimes I think having the device can be a hindrance. You tend to focus on problems, even at the expense of finding solutions. This should be the way EVERYONE with adb access recovers. Really nothing in here that could cause further issue! I like that.

GSLEON3 said:
Nice. Never thought of the simple echo install. Sometimes I think having the device can be a hindrance. You tend to focus on problems, even at the expense of finding solutions. This should be the way EVERYONE with adb access recovers. Really nothing in here that could cause further issue! I like that.
Click to expand...
Click to collapse
Thanks. I thought about adding a wipe system command, but if the download was corrupted, they'd be screwed. So I left it out.
Sent from my Nexus 7 using Tapatalk

I went ahead and added another command to the OP that may/may not help. It couldn't possibly cause any harm, though. Has anyone actually tried and confirmed this to be working?
Sent from my iPod touch using Tapatalk

When I try this, I send adb reboot recovery, the device restarts but says it failed to boot, and gives the options: "reset to factory defaults" or reboot. Is this different than factory reset or is it the same as factory reset. I know we aren't supposed to do a factory reset right?
---------- Post added at 05:17 PM ---------- Previous post was at 04:57 PM ----------
I just realized that it failed to copy the update .bin file. After a long time it said failed to copy file: Permission denied

dcoig1 said:
When I try this, I send adb reboot recovery, the device restarts but says it failed to boot, and gives the options: "reset to factory defaults" or reboot. Is this different than factory reset or is it the same as factory reset. I know we aren't supposed to do a factory reset right?
---------- Post added at 05:17 PM ---------- Previous post was at 04:57 PM ----------
I just realized that it failed to copy the update .bin file. After a long time it said failed to copy file: Permission denied
Click to expand...
Click to collapse
Are you sure you have root?

r3pwn said:
Are you sure you have root?
Click to expand...
Click to collapse
I am sure that the device was rooted before the bootloop condition. I can enter 'adb shell' and then 'su' with no problem from a command prompt. However, I do not think that we are superuser when we use the command 'adb push' from the commandline unless we use 'adb root' first and it won't let me do that. When i enter 'adb root' from the command prompt I get the response: "adbd cannot run as root in production builds"

dcoig1 said:
I am sure that the device was rooted before the bootloop condition. I can enter 'adb shell' and then 'su' with no problem from a command prompt. However, I do not think that we are superuser when we use the command 'adb push' from the commandline unless we use 'adb root' first and it won't let me do that. When i enter 'adb root' from the command prompt I get the response: "adbd cannot run as root in production builds"
Click to expand...
Click to collapse
Hmmmm. Try pushing it to /sdcard and change the path in your echo command to reflect that.

I am guessing that somehow the /cache/kindleupdate.bin is in a secure area that we cannot push to. Is there any area that we can push to? It seems we may have to push somewhere else and then move into the secured area using adb shell with su permission like here:
http://forum.xda-developers.com/showthread.php?t=1687590&page=5
but we don't have an sdcard with our devices.
---------- Post added at 10:35 PM ---------- Previous post was at 10:31 PM ----------
we actually do have an sdcard directory though... i will try to push there
---------- Post added at 10:54 PM ---------- Previous post was at 10:35 PM ----------
so i pushed the update file to the /sdcard/ directory then moved the file to the /cache/ directory, then renamed to kindleupdate.bin . Still does not help the system recovery issue. When I enter 'adb reboot recovery' it brings up a screen which says:
"Kindle Fire System Recovery
Your Kindle doesn't seem to be able to boot.
Reseting your device to Factory defaults may
help you to fix this issue.
Volume up/down to move highlight;
power button to select.
------------------------------------
Reboot your Kindle
Reset to Factory Defaults
-------------------------------------
---------- Post added at 11:48 PM ---------- Previous post was at 10:54 PM ----------
If it makes any difference I am not bricked at the grey kindle logo but the white and orange. It just keeps refreshing the animation over and over... nothing seems to ever happen. What should I normally see when I boot to recovery? An extra option to update or something?

No. What I meant was try pushing it to /sdcard then changing the echo command to reflect that.

so then:
adb shell
su
mount -o rw,remount /cache
mkdir /cache/recovery
echo install /sdcard/kindleupdate.bin > /cache/recovery/openrecoveryscript
exit
exit
adb push your-downloaded-update.bin /sdcard/kindleupdate.bin
adb reboot recovery

dcoig1 said:
so then:
adb shell
su
mount -o rw,remount /cache
mkdir /cache/recovery
echo install /sdcard/kindleupdate.bin > /cache/recovery/openrecoveryscript
exit
exit
adb push your-downloaded-update.bin /sdcard/kindleupdate.bin
adb reboot recovery
Click to expand...
Click to collapse
Yes. Try that.
EDIT: Wait. It'll probably say permission denied or some other lame error, so add
mount -o rw,remount /data
After the cache remount then change everything that references "/sdcard/" to "/data/media/0/".

That didn't work either. I keep getting the same result. I don't get errors using the sdcard directory though either, but I also tried with data/media/0. No errors, just doesn't work for me.

so do i.
adb push "bin" to sdcard can work,but after reboot recovery,
only show on screen like this：
Kindle Fire System Recovery
Your Kindle doesn't seem to be able to boot.
Reseting your device to Factory defaults may
help you to fix this issue.
Volume up/down to move highlight;
power button to select.
------------------------------------
Reboot your Kindle
Reset to Factory Defaults
-------------------------------------

Do not reset to factory defaults

I wanted to mention fastboot works. Read more...

I tried a different approach.
adb shell
su
adb remount
mkdir "/data/media/0/Updates
exit
exit
adb push C:\update-kindle-13.3.2.4_user_324002120.bin "/data/media/0/Updates/update-kindle-13.3.2.4_user_324002120.bin

Faznx92 said:
I wanted to mention fastboot works. Read more...
Click to expand...
Click to collapse
Not really. Not nearly as useful as the KFHD's. No useful commands work.
ChittyChittyGangBang said:
I tried a different approach.
adb shell
su
adb remount
mkdir "/data/media/0/Updates
exit
exit
adb push C:\update-kindle-13.3.2.4_user_324002120.bin "/data/media/0/Updates/update-kindle-13.3.2.4_user_324002120.bin
Click to expand...
Click to collapse
And did this help you unbrick your device?

Unbrick my Kindle
Sorry to interrupt, but my kindle fire HDX 7" is also bricked, I can not get past the gray "Kindle Fire" screen, I can get into fastboot. My device is not detected in ADB. Is there any hope for my kindle or is it dead?

r3pwn said:
Not really. Not nearly as useful as the KFHD's. No useful commands work.
And did this help you unbrick your device?
Click to expand...
Click to collapse
Nope. Ended up wasting half a weekend on it.
I just sent it back and bought a Samsung Galaxy Tab. Now I have GPS and IR in addition to a device that works like a Droid device should.

Please Help! Rooted then lost, and now anti-rollback is stopping me from going back!

Ok, so I got TWRP on the phone then I used Flash Fire to try and get Android 7 while maintaining custom recovery (and even was supposed to inject SuperSU. It went and did it's thing and on boot I saw SuperSU on phone so I thought hey I am good sweet. HA, Well open it and it said can't find binary, ut oh. I go to manually boot recovery and it wipes user data instead so I lost TWRP.
Well Ok, I thought. Let me LG UP the modified TOT and select refurb to just get me back to Marshmellow with TWRP and try again. YEAH RIGHT. Looks like the Android 7 update blows another qfuse and now LG UP just states anti rollback version is smaller than installed.
I WANT ROOT I PAID FOR THIS THING IN FULL WHY IS IT SOO HARD FOR MANUFACTURERS TO ALLOW ME ACCESS TO MY OWN HARDWARE. When I buy a computer with an OS they don't give me a user only level account and tell me it is for my own good. They allow me to do whatever I WANT because you know why I BOUGHT THE HARDWARE IN FULL AND the supreme court has said no subsidy locks allowed as when a user buys a device it is theirs not yours. I feel this is another version of a subsidy lock at the rate we are going and I can't wait until someone with the time and money sues an OEM and wins us the right to not jump through all these damn hoops to be allowed to do what we wish with the hardware we buy IN FULL NOW.
Ok, rant over, Anyone out there know of a way to root android 7 on the H830? I dunno if a dev could maybe mod up a 20a image so that we can LGUP it to the H830s that have Android 7 and need root.

@RealPariah here ya go follow this Thanks to @godfather123189 for finding these instructions:
i can confirm dirtycow worked for me to reflash twrp. you have to make sure to have the newest version of twrp.img. i was also able to root 20a with the newest supersu.zip.
i will try going back to 10j nandroid i had made before i upgraded to 20a
download all the files from here:
https://build.nethunter.com/android-tools/dirtycow/arm64/
and follow these instructions:
**pushing files**
adb push dirtycow /data/local/tmp
adb push recowvery-applypatch /data/local/tmp
adb push recowvery-app_process64 /data/local/tmp
adb push recowvery-run-as /data/local/tmp
adb push twrp.img /sdcard/twrp.img
**end pushing files**
1) adb shell
2) cd /data/local/tmp
3) chmod 0777 *
4) ./dirtycow /system/bin/applypatch recowvery-applypatch
"<wait for completion>"
5) ./dirtycow /system/bin/app_process64 recowvery-app_process64
"<wait for completion, your phone will look like it's crashing>"
6) exit
7) adb logcat -s recowvery
"<wait for it to tell you it was successful>"
8) CTRL+C
9) adb shell reboot recovery
"<wait for phone to boot up again, your recovery will be reflashed to stock>"
10) adb shell
11) getenforce
"<it should say Permissive, adjust source and build for your device!>"
12) cd /data/local/tmp
13) ./dirtycow /system/bin/run-as recowvery-run-as
14) run-as exec ./recowvery-applypatch boot
"<wait for it to flash your boot image this time>"
15) run-as su
16) dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery

Well you arent alone. And I agree , I fully own my device and I think I should be able to do what ever the living F*&% I want with it .
Its only a question of time though,these guys are the best there are at cracking through companies 'efforts at locking us out of our own shiznat....in the meantime setup the stuff you can without ROOT (no Titanium Backup....*sniff) LOL.
Before long we'll wake up and see TWRP attached to the ROM like before and all will be well. Cheers

OK after 2 days of attempting this without even wrapping my head around the idea of how to access /data/local/temp without being rooted to begin with I hereby surrender :crying:
Thanks for posting this for dayum sure, I only wish I was a more proficient SDK user as to be able to utilize it.
I mean Im fully versed in the very basics of Fastboot/ADB as a long time Nexus user.Push,pull flashing recoveries and the other relatively easy stuff.But I cant get this worth a crap .....
Thanks guys

Jonathanpeyton said:
OK after 2 days of attempting this without even wrapping my head around the idea of how to access /data/local/temp without being rooted to begin with I hereby surrender :crying:
Thanks for posting this for dayum sure, I only wish I was a more proficient SDK user as to be able to utilize it.
I mean Im fully versed in the very basics of Fastboot/ADB as a long time Nexus user.Push,pull flashing recoveries and the other relatively easy stuff.But I cant get this worth a crap .....
Thanks guys
Click to expand...
Click to collapse
I struggled with it at first I would be glad to assist I'm not at home but when I get home and can access my desktop I would be glad to try to explain it better.
---------- Post added at 06:45 AM ---------- Previous post was at 06:12 AM ----------
Jonathanpeyton said:
OK after 2 days of attempting this without even wrapping my head around the idea of how to access /data/local/temp without being rooted to begin with I hereby surrender :crying:
Thanks for posting this for dayum sure, I only wish I was a more proficient SDK user as to be able to utilize it.
I mean Im fully versed in the very basics of Fastboot/ADB as a long time Nexus user.Push,pull flashing recoveries and the other relatively easy stuff.But I cant get this worth a crap .....
Thanks guys
Click to expand...
Click to collapse
OK here goes my best attempt at explaining it, you need to have your phone turned on with Android debugging turned on as well plug your phone into the pc and then accept the request from adb to access the device. Then start running the adb commands starting with the ones under ***pushing files*** then start following the steps 1-16. Let me know if you have any more questions or something you don't understand. Hopefully this was helpful. P.S. I also had all of the downloaded files inside my adb folder and opened the command window from that folder.

shaneg79 said:
@RealPariah here ya go follow this Thanks to @godfather123189 for finding these instructions:
i can confirm dirtycow worked for me to reflash twrp. you have to make sure to have the newest version of twrp.img. i was also able to root 20a with the newest supersu.zip.
i will try going back to 10j nandroid i had made before i upgraded to 20a
download all the files from here:
https://build.nethunter.com/android-tools/dirtycow/arm64/
and follow these instructions:
**pushing files**
adb push dirtycow /data/local/tmp
adb push recowvery-applypatch /data/local/tmp
adb push recowvery-app_process64 /data/local/tmp
adb push recowvery-run-as /data/local/tmp
adb push twrp.img /sdcard/twrp.img
**end pushing files**
1) adb shell
2) cd /data/local/tmp
3) chmod 0777 *
4) ./dirtycow /system/bin/applypatch recowvery-applypatch
"<wait for completion>"
5) ./dirtycow /system/bin/app_process64 recowvery-app_process64
"<wait for completion, your phone will look like it's crashing>"
6) exit
7) adb logcat -s recowvery
"<wait for it to tell you it was successful>"
8) CTRL+C
9) adb shell reboot recovery
"<wait for phone to boot up again, your recovery will be reflashed to stock>"
10) adb shell
11) getenforce
"<it should say Permissive, adjust source and build for your device!>"
12) cd /data/local/tmp
13) ./dirtycow /system/bin/run-as recowvery-run-as
14) run-as exec ./recowvery-applypatch boot
"<wait for it to flash your boot image this time>"
15) run-as su
16) dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery
Click to expand...
Click to collapse
This worked great! Thank you! After TWRP was flashed via steps above I just followed the video I linked below from the 8:20 mark and formatted data and then flashed dmverify encrypt and super su (both downloads in vid) and now I'm back to rooted on 7.0 nougat with TWRP and supersu!
Go dirtycow!

Thank you shaneG79 and Genardas this made all the difference!
so An Instruction List ,a Thoughtfully Worded Explanation and You Tube Video are worth a 1000 words

shaneg79 said:
I struggled with it at first I would be glad to assist I'm not at home but when I get home and can access my desktop I would be glad to try to explain it better.
---------- Post added at 06:45 AM ---------- Previous post was at 06:12 AM ----------
OK here goes my best attempt at explaining it, you need to have your phone turned on with Android debugging turned on as well plug your phone into the pc and then accept the request from adb to access the device. Then start running the adb commands starting with the ones under ***pushing files*** then start following the steps 1-16. Let me know if you have any more questions or something you don't understand. Hopefully this was helpful. P.S. I also had all of the downloaded files inside my adb folder and opened the command window from that folder.
Click to expand...
Click to collapse
Any Idea why Im still getting a "permission denied" affter my chmod 0777* here?
1) adb shell
2) cd /data/local/tmp
3) chmod 0777 *
4) ./dirtycow /system/bin/applypatch recowvery-applypatch
"<wait for completion>"
that seems to throw it all out of wack..

Jonathanpeyton said:
Any Idea why Im still getting a "permission denied" affter my chmod 0777* here?
1) adb shell
2) cd /data/local/tmp
3) chmod 0777 *
4) ./dirtycow /system/bin/applypatch recowvery-applypatch
"<wait for completion>"
that seems to throw it all out of wack..
Click to expand...
Click to collapse
I think there may be a space between the last 7 and the * I can't be sure though because I copy and pasted it into the adb window

shaneg79 said:
I think there may be a space between the last 7 and the * I can't be sure though because I copy and pasted it into the adb window
Click to expand...
Click to collapse
I think you may be right,and as I am copy pasting now Ive been been able to get past it.
I still was able to get root last night with it but was denied access to data in the end so I had to go back.Thank you!

when you finally get to "adb shell reboot recovery" did yours boot to the Firmware Update page? or to something else....mine repeatedly goes to Firmware update then of course isnt seen by adb anymore and no recovery is ever flashed I dont think..

Jonathanpeyton said:
when you finally get to "adb shell reboot recovery" did yours boot to the Firmware Update page? or to something else....mine repeatedly goes to Firmware update then of course isnt seen by adb anymore and no recovery is ever flashed I dont think..
Click to expand...
Click to collapse
No mine rebooted and I finished the rest of the steps I would try going through the steps again and copy and paste everything into adb window. I think in order for twrp to be flashed you have to finish all 16 steps.

shaneg79 said:
No mine rebooted and I finished the rest of the steps I would try going through the steps again and copy and paste everything into adb window. I think in order for twrp to be flashed you have to finish all 16 steps.
Click to expand...
Click to collapse
Roger will do thank you!

nah its no good.No matter what it will only go to that Firmware page.All the commands are correct.It must be something in my setup itself.
I had wondererd am I supposed to leave the cable in for the entirety of the 16 steps (which I have done)?

Jonathanpeyton said:
nah its no good.No matter what it will only go to that Firmware page.All the commands are correct.It must be something in my setup itself.
I had wondererd am I supposed to leave the cable in for the entirety of the 16 steps (which I have done)?
Click to expand...
Click to collapse
Yes I did, you might try using lg up and reflashing 20a and then trying again.

OK I went full on fresh as possible all installs.
Uninstalled reinstalled all drivers/ utils (Uppercut,LGUP ect.)
Copied all instructions to a separate file to ease copying
all before taking your advice (which I thought sounded like the right direction to go) and reflashing 20a.KMZ in LGUP.
Still the result is the same,step 9 (reboot to recovery) leads only to the Firmware Update screen ~~~~~> https://drive.google.com/open?id=0B03a0JRwWhkwX1RQdmlSRmh5c0U AND https://drive.google.com/open?id=0B03a0JRwWhkwT0lMNEViNGIxWkE
Also I want to mention, when I try to directly copy the chmod as is (0777 *) I get a permission denied so Ive been changing it to 0777* (no space between the asterisk [regex] and the last 7) which seems to work as I am able to continue entering code....
man and I thought Samsung devices were a pain to root lol.
Thanks so much for all the help so far Im usually not this much trouble....

Jonathanpeyton said:
OK I went full on fresh as possible all installs.
Uninstalled reinstalled all drivers/ utils (Uppercut,LGUP ect.)
Copied all instructions to a separate file to ease copying
all before taking your advice (which I thought sounded like the right direction to go) and reflashing 20a.KMZ in LGUP.
Still the result is the same,step 9 (reboot to recovery) leads only to the Firmware Update screen ~~~~~> https://drive.google.com/open?id=0B03a0JRwWhkwX1RQdmlSRmh5c0U AND https://drive.google.com/open?id=0B03a0JRwWhkwT0lMNEViNGIxWkE
Also I want to mention, when I try to directly copy the chmod as is (0777 *) I get a permission denied so Ive been changing it to 0777* (no space between the asterisk [regex] and the last 7) which seems to work as I am able to continue entering code....
man and I thought Samsung devices were a pain to root lol.
Thanks so much for all the help so far Im usually not this much trouble....
Click to expand...
Click to collapse
You're not being any trouble I just wish I knew why yours isn't working correctly

ok update..... I used the devices internal settings to do a factory reset then reinstalled 20a.THAT made it to where I am now able to grant the proper permissions to /data/local/tmp.However,I still wind up at the Firmware Update page after >adb shell reboot recovery instead of the recovery screen or just a reboot....but I guess its small progress.

shaneg79 said:
@RealPariah here ya go follow this Thanks to @godfather123189 for finding these instructions:
i can confirm dirtycow worked for me to reflash twrp. you have to make sure to have the newest version of twrp.img. i was also able to root 20a with the newest supersu.zip.
i will try going back to 10j nandroid i had made before i upgraded to 20a
download all the files from here:
https://build.nethunter.com/android-tools/dirtycow/arm64/
and follow these instructions:
**pushing files**
adb push dirtycow /data/local/tmp
adb push recowvery-applypatch /data/local/tmp
adb push recowvery-app_process64 /data/local/tmp
adb push recowvery-run-as /data/local/tmp
adb push twrp.img /sdcard/twrp.img
**end pushing files**
1) adb shell
2) cd /data/local/tmp
3) chmod 0777 *
4) ./dirtycow /system/bin/applypatch recowvery-applypatch
"<wait for completion>"
5) ./dirtycow /system/bin/app_process64 recowvery-app_process64
"<wait for completion, your phone will look like it's crashing>"
6) exit
7) adb logcat -s recowvery
"<wait for it to tell you it was successful>"
8) CTRL+C
9) adb shell reboot recovery
"<wait for phone to boot up again, your recovery will be reflashed to stock>"
10) adb shell
11) getenforce
"<it should say Permissive, adjust source and build for your device!>"
12) cd /data/local/tmp
13) ./dirtycow /system/bin/run-as recowvery-run-as
14) run-as exec ./recowvery-applypatch boot
"<wait for it to flash your boot image this time>"
15) run-as su
16) dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery
Click to expand...
Click to collapse
Thank you so much... And whom ever is behind this I anyway... One word... Genius... Simply Genius.. Well that was 2 words

Accidental double post see next post, my bad...
Accidental double post