• darthLevel 6 - Platinum Elite Member

    • Post #357

    neutronscott Your img booted fine but when trying to run su it still says Permission denied. And in /data/local/tmp there are no .sh files all thats showing is: mtk-su myscript.out. Am I supposed to be doing something to make your script run?

      • darthLevel 6 - Platinum Elite Member

        • Post #359
        • Edited

        lgexalter1 I tried pushing a basic script and got the following errors: resetprop: __system_properties_init error
        resetprop: __system_properties_init error         which is the same error it throws when I try using resetprop in adb. (Thanx for asking around for a magisk exploit 😉 )

          • darthLevel 6 - Platinum Elite Member

            • Post #361
            • Edited

            lgexalter1 Interesting... adb shell getprop ro.build.type returns userdebug andadb shell getprop ro.vendor.tct.endurance returns a blank line, in fact it seems there is no prop ro.vendor.tct.endurance.

              I made it as a way to test things as root until more is discovered. For example:

              Gflip6_TF:/data/local/tmp $ echo 'cat /vendor/build.prop' > 3.sh; sleep 5; cat 3.out | head

ro.boot.dynamic_partitions=true
ro.product.first_api_level=30
ro.vendor.build.security_patch=2021-09-05
ro.vendor.product.cpu.abilist=armeabi-v7a,armeabi
ro.vendor.product.cpu.abilist32=armeabi-v7a,armeabi
ro.vendor.product.cpu.abilist64=
ro.product.board=gflip6
ro.board.platform=mt6739
ro.hwui.use_vulkan=
Gflip6_TF:/data/local/tmp $

              • TechgenLevel 6 - Platinum Elite Member

              • Post #366

              lgexalter1 Definitely!

              darth
              I'm excited (and waiting) to hear the details of the breakthrough

                  • darthLevel 6 - Platinum Elite Member

                    • Post #367

                    Right now it can be done with using the boot.img neutronscott provided and than running the following commands from adb shell:
                    /data/local/tmp $ echo 'resetprop ro.build.product gflip6gc' > /data/local/tmp/1.sh
                    /data/local/tmp $ echo 'pkill system_server' > /data/local/tmp/2.sh

                    [Login to see the link] is working on simplifying his boot.img to not need these commands.

                      Now that we are able to modify the properties to allow installs, next step is to get a MDM based filter working on it!

                        Apps4Flip-Admin What is a "MDM filter"? I am trying different things to make the new boot.img allow install without user intervention but I already tried to install a launcher from here and it was still not allowed. That is my next task, but [Login to see the link] reminded me of the key shortcuts can be set to any installed app so at least that gets things running.

                          I decided to go with setting the ro.vendor.tct.endurance variable in a custom.rc.

                          on init
  setprop neutron.build 2022-09-01T00:10
on post-fs-data
  exec u:r:magisk:s0 root root -- ${MAGISKTMP}/magisk resetprop -n ro.vendor.tct.endurance true

                          Same URL but I kept the old img that ran the shell script every 5 sec as neutron-debug

                          This is built with Magisk-v25.2.apk

                          9612c358d5130c399787d1840b3fd5f0 [Login to see the link] [neutron.build=2022-09-01T03:50]
                          eb50480572980ab6894b08789bbc47f0 [Login to see the link]

                          Instructions are something like --

                          1. Open [Login to see the link] and select "Reboot Fastboot Mode"
                          2. Plug in powered off flip phone
                          3. fastboot flashing unlock
                          4. fastboot flash boot neutron.img
                          5. fastboot reboot
                          6. Dial *#*#DEBUG#*#* to enable adb (optional)
                          7. adb install magisk.apk (optional - can do online download later)
                          8. Menu > Settings > Phone Settings > Key shortcuts
                          9. Change left or right key to Magisk and select Save (If not an option, reboot once more)
                          10. Launch Magisk
                          11. Run adb shell and su!
                            EDIT: You need to reboot once for the magisk.db to be created and to keep your Grant saved

                          To remove write protection on emmc partitions in normal boot run /vendor/bin/write_protect 0

                            neutronscott Great work! An MDM filter is something that allows a user to block access to specific apps. A lot of users in this community use it to prevent there flip phone from having internet access, hence the reference here.

                            We would love to post these instructions on our main site with a link to your image. Are you ok with us doing that? What name would you want us to list as credit for this?

                                I realized the Magisk popup was because the patched.img was built with 25201 so I recreated it with the release version v25.2 (25200). Now I'll leave it alone for awhile.