本帖最後由 jacky_chua 於 2020-6-11 01:01 編輯
呢個有裝LG UP, 隨時可以刷返 stock ROM
2. Backup your phone data. LG Bridge/LG Backup is pretty reliable, but I strongly advise backing up everything onto a desktop/laptop computer. If you backup to SD card, the SD card must not be encrypted! (failures will destroy the key and the data)
係備用機, 唔介意total lost, 冇任何野係入面, 所以 skip
3. Go to Settings -> General -> About phone -> Software info -> Android security patch level; if your phone is on an update after December 31, use LGUP to "refurbish" to an earlier firmware release (this will do a factory reset).
Firmware version V10e, security patch level December 1, 2016
已開啟 developer mode, Enable OEM unlock 同 USB debugging, ADB/Fastboot 已經裝左
5. Ensure you have all relevant files prepared:
Installed backup plan.
Installed Terminal Emulator on device.
Downloaded DirtySanta's files and copied them to ADB directory.
Downloaded files, Put kernel and SU implementation (Magisk.zip and
SuperSU.zip work) into SD card; and TWRP into ADB directory.
Note: It may be necessary to temporarily disable anti-virus/anti-malware programs when unpacking the original DirtySanta. At least one has detected `dirtycow`/CVE-2016-5195 as malware (it can in fact act in that role).
裝左 Terminal 係部機度, DirtySanta download左都放左落ADB folder, Magisk.zip download左最新 同 TWRP 剛剛換左最新來試下, 睇下得唔得先, Kernel 0.2.4 download左 放左落 microSD卡
6. Using dirtysanta's steps: Run "RUNMEFIRST.bat" <-- Do not close.
呢個時候就接上USB, 開左 RUNMEFIRST.bat, V20 就問 enable Android debugging, 答左 YES
7. Run "step1.bat" <-- Wait until you can type something again.
有以下 message: 途中有 warning, 但冇話係 fatal error, 所以照過
C:\adb>adb push dirtysanta /storage/emulated/0
dirtysanta: 1 file pushed. 0.6 MB/s (18760 bytes in 0.030s)
C:\adb>adb push aboot.img /storage/emulated/0
aboot.img: 1 file pushed. 8.0 MB/s (2097152 bytes in 0.252s)
C:\adb>adb push dirtycow /data/local/tmp
dirtycow: 1 file pushed. 0.9 MB/s (9984 bytes in 0.011s)
C:\adb>adb push my-run-as /data/local/tmp
my-run-as: 1 file pushed. 1.4 MB/s (13796 bytes in 0.009s)
C:\adb>adb shell chmod 0777 /data/local/tmp/*
C:\adb>adb shell /data/local/tmp/dirtycow /system/bin/run-as /data/local/tmp/my-run-as
warning: new file size (13796) and file old size (14360) differ
size 14360
mmap 0x750000a000
exploit (patch)
currently 0x750000a000=10102464c457f
madvise = 0x750000a000 14360
madvise = 0 1048576
/proc/self/mem -2122317824 1048576
exploited 0x750000a000=10101464c457f
C:\adb>adb shell /data/local/tmp/dirtycow /system/bin/applypatch /data/local/tmp/dirtycow
warning: new file size (9984) and file old size (165144) differ
size 165144
mmap 0x730e4f3000
exploit (patch)
currently 0x730e4f3000=10102464c457f
madvise = 0x730e4f3000 165144
madvise = 0 1048576
/proc/self/mem 1367343104 1048576
exploited 0x730e4f3000=10102464c457f
C:\adb>adb shell
elsa:/ $
8. Type "run-as con" <-- If you get unknown package error, means your latest security patch patched it out; go back to step 3. LGUP should be able to downgrade you to an earlier firmware update.
冇任何 error message
9. Type "chmod 0777 /storage/emulated/0/*"
冇任何 error message
10. Open Terminal Emulator, Type "id"
11. Look for something containing "untrusted_app". If not found, Start all over again. If found, continue.
有一句 "context=u:r:untrusted_app:s0:c512,c768", 所以冇問題
12. Type "applypatch /system/bin/atd /storage/emulated/0/dirtysanta" into Terminal Emulator
13. Wait for RUNMEFIRST.bat console to prompt you to run step2.bat.
C:\adb>adb logcat -s dirtysanta
* daemon not running; starting now at tcp:5037
* daemon started successfully
- waiting for device -
--------- beginning of system
--------- beginning of main
--------- beginning of crash
01-01 07:16:34.676 10076 10076 I dirtysanta: Starting Backup
01-01 07:16:36.226 10076 10076 I dirtysanta: Backup Complete.
01-01 07:16:41.227 10076 10076 I dirtysanta: Starting flash of Aboot!
01-01 07:16:41.402 10076 10076 I dirtysanta: Finished. Please run Step 2 now.
run 完就入左 fastboot mode, 冇問題發生
15. Save copies (put them somewhere safe where you'll remember them) of the files "abootbackup.img" and "bootbackup.img", which "step2.bat" saves in its directory, the latter is crucial in returning to stock.
saved
16. At a command prompt run the following commands, but make sure to wait at least 30 seconds between each. Do not skimp on that delay as otherwise the likelihood is this will fail (this is the most unreliable step in this process); waiting longer than 30 seconds is fine.
搞左一輪就搞掂左了, 係唔係一入 TWRP 就即刻 flash kernel?
我flash左 custom ROM, 但唔知點解一開機佢會去到 fastboot mode, 入唔到 custom ROM
Edit: 我只係 Wipe 左 d partition 咁就搞掂了 |
簡體版
訂閱頻道
訂閱電子報
發表於 2020-6-8 00:16
| 
