从Android的亚行外壳手动挂载SD卡 [英] Mount an SD card manually from adb shell in android
问题描述
我有Android 4.1的手机(联想820)。一些变化旨在划分内部SD RAM(这改变后,手机将不再安装的外部的SD卡。我在Linux的好十岁上下,但我从来没有见过今天之前Android的壳
我很想知道的步骤:
- 获得可用的设备列表中重新presenting SD卡
- 手动安装SD卡 - 因为它说的mount命令将无法正常工作
无法读取/ etc / fstab文件- 你怎么装的东西? / LI> - 获取SD卡在引导时挂载
我/etc/system/vold.fstab有:
dev_mount SD卡/存储/ sdcard0 EMMC @胖/devices/platform/goldfish_mmc.0 /devices/platform/mtk-msdc.0/mmc_host
dev_mount sdcard2 /存储/ sdcard1汽车/devices/platform/goldfish_mmc.1 /devices/platform/mtk-msdc.1/mmc_host
摩现在是:
上/类型的rootfs根文件系统(RO,relatime)
在/ dev型的tmpfs tmpfs的(RW采用这个选项,relatime,模式= 755)
在/ dev devpts / PTS型devpts(RW,relatime,模式= 600)
上的/ proc型PROC PROC(RW,relatime)
在/ SYS型的sysfs sysfs的(RW,relatime)
没有对/ ACCT类型的cgroup(RW,relatime,cpuacct)
在/ mnt /安全型的tmpfs tmpfs的(RW,relatime,模式= 700)
在tmpfs上的/ mnt / ASEC类型的tmpfs(RW,relatime,模式= 755,GID = 1000)
在tmpfs上的/ mnt / OBB类型的tmpfs(RW,relatime,模式= 755,GID = 1000)
没有在/ dev /新增的cpuctl类型的cgroup(RW,relatime,CPU)
/ EMMC @上/系统类型EXT4机器人(RO,relatime,nobarrier,noauto_da_alloc,提交= 1)
/ EMMC @ usrdata上/数据类型EXT4(RW采用这个选项,为nodev,noatime的,nodiratime,放弃nobarrier,noauto_da_alloc)
/ EMMC @上/缓存类型EXT4(RW采用这个选项,为nodev,noatime的,nodiratime,放弃nobarrier,noauto_da_alloc)高速缓存
/ EMMC @ protect_f上/ protect_f类型EXT4(RW采用这个选项,为nodev,noatime的,nodelalloc,noauto_da_alloc,提交= 1,数据=订购)
/ EMMC @ protect_s上/ protect_s类型EXT4(RW采用这个选项,为nodev,noatime的,nodelalloc,noauto_da_alloc,提交= 1,数据=订购)
我不能相信没有人回应你2个月?哇...怎么懈怠!
好吧反正我spose我应该填写你在一些信息,以及问一些问题。
1)。你有root访问权,还是你从释放图像/固件拉系统的vold?如Linux超级用户权限?
2)。如果你有root权限/超级用户权限你是怎么得到的呢?我的意思是你用什么方法来获得root访问权限?通过一些脚本/二进制程序是它和已知的漏洞?抑或是一个根植内核的闪蒸?
我想问的原因是,root访问权限并不像大多数人都带领相信只是root访问权限;有不同的root访问权限级别。例如,您可能有充分的root访问权限的设备上的用户,但是当你要远程操控你的系统从您最喜爱的Linux发行版的命令行说,那么你可能会发现,root访问权限来的时间是不是所有的它的破获的是。如果您使用的漏洞,而不是一个内核,然后有机会,你只需要系统级的root访问权限,以及亚洲开发银行(Android的调试桥)到你的电脑将面临着像拒绝访问的各种消息,无法获得超级用户特权或或一些类似的亚行不能以root身份建立生产运行。
出现这种情况的原因是因为不同于通过一些专门开发的内核根漏洞不会使内核不安全。
我建议你做一点阅读不安全的内核是什么,它是否适合你希望达到的目标。我说的原因是因为在具有不安全内核某些设备是不理想的,因为它可以引发一些不必要的系统标志(一些永久的和不可逆转的,根据一些制造商),用于对开发者不履行保证或作为提取手段到设备的钱premium维修服务(不考虑,如果你开发者希望通过做一些发现突破......造成设备或不?这sux的损坏)。我觉得你的设备应该没问题......?但我不是100%肯定这样做一些研究。
如果你发现你不能运行不安全的内核它不是世界的末日,它只是需要更多一点的工作得到你想要的东西,我将在某一时刻的例子详细说明。
你或许应该考虑接下来的事情是你希望做什么,当你得到你想要的/设备上?你有没有想过那么远?如果是的话,你可能会意识到,标准Android控制台/壳是相当的工具去做所有那些你已经能够与你的Linux计算机上,一眨眼的功夫做伟大的事情令人沮丧和虐待装备;这意味着你将需要一些支持工具,如busybox的,以及可能还有一些其他人也一样,例如,如果你在你可能会想sqlite3的一些数据库的工作,你可能需要实际的bash二进制扩展您的外壳有点。你也想看看不只是获取这些二进制文件,但有可能,他们应该在系统上设了四通八达的交通网络,否则你会得到相当累了在控制台输入巨大的长路径的到达你的设备的某些领域喜欢你的SD卡。你将熟悉的符号链接已经使用的Linux,以及Android是没有什么区别只是,很多的Android系统使用的容器像应用环境。当这个处理可以有一些障碍需要克服作为系统安全检查到位,以尝试不需要第三方停止入侵。那是什么让大多数开发者的安全他们深知自己(和你)的个人数据是受保护的,但是当这是你,你想进去,你需要有正确的工具的安装设备的这些领域。大部分Android能工巧匠使用修改后的恢复映像(或者自定义 - 不是太不同的定制内核概念),使他们能够同时通过大多与嵌入式教学脚本,二进制文件和一个简单的zip文件的方式离线修改系统清单(研究符号和无符号拉链为Android定制recoverys - 我不会去到有关细节,但它是非常重要的)。你可以基本上打包所有的工具集成到一个单一的拉链,闪的组件安装到您需要的系统的地区和符号链接到其他各种位置相同的文件。
让我们来看一些例子现在我们 - 说你有root权限,因为你用你的设备上的一个漏洞,但已获得内核仍然注意:确保内核= ro.debugable = 0 系统default.prop文件中(在启动时产生的,最固件包内没有发现或定位)。如果你想允许亚行有root访问权,你将需要更改的文件,特别是我在上面提到的行。此外,还可能有其他要求的,所以你应该看看你的设备需要例如Galaxy Tab的我此刻的修复是老年人所以使用大容量存储,而不是媒体传输协议,所以我要告诉亚洲开发银行在与设备从事保持连接开放和固体(不会超时并断开连接);这种情况通过default.prop文件来完成为好。
困难来自当你想改变这个文件;大多数人编译内核和内存虚拟磁盘,并直接编辑和重新编译,然后重新刷到设备,主要是因为亚行显然并不具备在目前的root访问权限。您可以从系统中提取文件像这样:
ADB拉default.prop default.prop
(那如果你已经ADB您的PC环境的发行路径上)
这会带来直你,只是问题是,当你想将它放回改变它可以是相当困难了。各种解决方案是的,我听到了很多使用类似的终端模拟器它推到SD卡/emmc/storage/sdcard0/default.prop或/tmp/default.prop,然后要求您为超级用户的设备上,脚本管理器或根资源管理器把文件放回原处,并给它正确的权限。
键入与安全内核的设备上亚行重新装入将让你对整个系统重新挂载为读写,你可以为你做吧。如果不安全的,虽然你可能会做这样的事情。
ADB根
重新装入
或你可能最终发现,你的整个控制台有没有超级用户权限什么那么,所以你会被要求亚行外壳到设备的外壳(它也拥有超级用户权限),然后执行您想要的命令试试。
亚行外壳
苏
安装-o RW /系统
重新安装/系统
我最近发现,可以通过在亚行控制台单行单返回键像这样获得相同的访问级别:
亚行外壳苏-c安装邻RW,重新安装/系统
这通过在单个字符串亚行的shell的参数 - >超级用户权限 - >传递命令 - >挂载为读写 - >重新装入命令 - >系统分区
您可以,如果你喜欢使用上面的命令来获得从控制台超级用户权限和回声串入default.prop文件,而不需要反编译的内核。
在我来说,我只是重复相同的命令几次,相同的内容只有调整特定的变量合我的胃口,像这样覆盖了default.prop:
注意第一行仅使用1>因此这有效地擦拭或覆写default.prop文件,因此,各行的其余部分需要也随之而来。我用2> >>一样,因为这追加到以下行的文件。
亚行外壳苏-c回声ro.secure = 1> default.prop
亚行外壳苏-c回声ro.allow.mock.location = 0>> default.prop
亚行外壳苏-c回声ro.debuggable = 1>> default.prop
亚行外壳苏-c回声persist.sys.usb.config = mass_storage,亚洲开发银行和GT;> default.prop
亚行外壳苏-c回声persist.service.adb.enable = 0>> default.prop
这是相当快的,有效的4或5号线code,但这当你重写与测试多行大文件是不实际的。你可能想看看事情如grep在一个bash脚本循环功能来过滤较大的文本/脚本/ config文件的具体线路,但在这个例子中,可能为你的系统vold的文件,这应该是足够了。
我觉得这应该是足够的(原谅双关语)ARM你足够的信息来进行危险的:)
关于这一点,请确保你有你的设备的备份,你去与系统搞乱了。他们是非常相似的Linux,但他们也很不同呢!注意这个警告,请确保您备份您的EFS PARTITION直线距离! EFS包含设备的IMEI号码,这是你真的不想损坏或丢失的东西。我已经看到了第一手会发生什么;你甚至不需要意外调用EFS分区打破它....你只需要做出一个错误调用不正确的分区明确的路径,它可以抹杀你的IMEI!
I have an android 4.1 phone (Lenovo 820). After some changes aimed at partitioning the internal SD ram (which changed , the phone will no longer mount the external SD card. I am good-ish at Linux, but I have never seen the Android shell before today.
I would love to know the steps to:
- Get the list of available devices representing SD cards
- Manually mount the SD card -- the mount command won't work as it says
can't read /etc/fstab-- how do you mount things? - Get the SDcard to mount at boot time
My /etc/system/vold.fstab has:
dev_mount sdcard /storage/sdcard0 emmc@fat /devices/platform/goldfish_mmc.0 /devices/platform/mtk-msdc.0/mmc_host
dev_mount sdcard2 /storage/sdcard1 auto /devices/platform/goldfish_mmc.1 /devices/platform/mtk-msdc.1/mmc_host
Mount is now:
rootfs on / type rootfs (ro,relatime)
tmpfs on /dev type tmpfs (rw,nosuid,relatime,mode=755)
devpts on /dev/pts type devpts (rw,relatime,mode=600)
proc on /proc type proc (rw,relatime)
sysfs on /sys type sysfs (rw,relatime)
none on /acct type cgroup (rw,relatime,cpuacct)
tmpfs on /mnt/secure type tmpfs (rw,relatime,mode=700)
tmpfs on /mnt/asec type tmpfs (rw,relatime,mode=755,gid=1000)
tmpfs on /mnt/obb type tmpfs (rw,relatime,mode=755,gid=1000)
none on /dev/cpuctl type cgroup (rw,relatime,cpu)
/emmc@android on /system type ext4 (ro,relatime,nobarrier,noauto_da_alloc,commit=1)
/emmc@usrdata on /data type ext4 (rw,nosuid,nodev,noatime,nodiratime,discard,nobarrier,noauto_da_alloc)
/emmc@cache on /cache type ext4 (rw,nosuid,nodev,noatime,nodiratime,discard,nobarrier,noauto_da_alloc)
/emmc@protect_f on /protect_f type ext4 (rw,nosuid,nodev,noatime,nodelalloc,noauto_da_alloc,commit=1,data=ordered)
/emmc@protect_s on /protect_s type ext4 (rw,nosuid,nodev,noatime,nodelalloc,noauto_da_alloc,commit=1,data=ordered)
I can't believe no one has responded to you in 2 months? Wow...how slack!
Well anyway I spose I should fill you in on some info as well as ask some questions. 1). Have you got root access or did you pull the system vold from a release image/firmware? Like Linux SuperUser rights? 2). If you have root access/super user rights how did you obtain it? I mean what method did you use to gain root access? Was it via some scripts/binaries and a known exploit? Or was it flashed by the means of a rooted kernel? The reason I ask is that root access isn't just root access as most people are lead to believe; there are varying levels of root access. For instance you may have full root access as a user on the device, but come time when you want to manipulate your system remotely say from command line of your favorite Linux distro then you may find that root access isn't all it's cracked up to be. If you used an exploit and not a kernel then chances are that you only have system level root access, and ADB (android debug bridge) to your PC will be faced with various messages like "access denied", "unable to obtain superuser privileges" or "adb cannot run as root in production builds" or something similar to this. The reason this happens is because unlike some specialised developer kernels root via an exploit doesn't make the kernel insecure. I would recommend you do a bit of reading on what an insecure kernel is and if it is suitable for what you are hoping to achieve. The reason I say that is because on some devices having an insecure kernel is not ideal as it can trigger some unwanted system flags (some permanent and irreversible according to some manufacturers) and are used against developers to not honor warranty or as a means of extracting money for premium repair services to devices (regardless of if you the developer hoping to make some break through discoveries...caused the damage to the device or not? which sux). I think your device should be ok...? But I'm not 100% sure so do some research.
If you find that you cannot run an insecure kernel it is not the end of the world, it just requires a little bit more work to get what you want, which I will elaborate with examples in a moment.
Next thing you should probably consider is what you are hoping to do when you get where you want in/on the device? Have you thought that far? If so you may realise that the standard Android console/shell is rather dismal and ill equiped for tools to do all the great things you have been able to do with a blink of an eye on your Linux computer; that means you are going to need some support tools like "busybox" as well as possibly some others as well, like for instance if you are working on some databases you'd probably want sqlite3, you probably need the actual bash binary to extend your shell a bit. You would also want to look at not only just obtaining these binaries but possibly where they should be located on your system for ease of access otherwise you are going to get rather tired of typing huge long paths in the console to reach certain areas of your device like your sdcard. You will be familiar with symlinks having used Linux, well Android is no different only that a lot of the system of Android uses container like environment for applications. When dealing with this there can be some hurdles to overcome as the system has security checks in place to try stop intrusion by unwanted 3rd parties. That is what keeps most developers safe knowing that their (and your) personal data is protected, however when this is you and you want to go in to these areas of the device you need to have your tools setup correctly. Most Android tinkerers use a modified recovery image (or a custom one - not too dissimilar to the custom kernel concept) that allows them to modify the system while it is offline through the means of mostly a simple zip file with embedded instructional script, binary and a manifest (research signed and unsigned zips for Android custom recoverys - I won't go in to detail about that but it is important). You could essentially package up all of your tools into a single zip and "flash" install the components into the areas of the system you require and symlink the same files to various other locations as well.
Lets look at some examples now shall we - say you have root access cause you used an exploit on your device but have secured kernel still note: secured kernel = ro.debugable=0 within your system default.prop file (generated at boot time and not found or located within most firmware packages). If you want to allow adb to have root access you are going to need to change that file and in particular the line I mentioned above. There may also be other requirements so you should look into what your device needs e.g. The Galaxy Tab I am repairing at the moment is older so uses mass storage instead of media transfer protocol, so I need to tell adb to keep the connection open and solid (not time out and disconnect) when engaged with the device; this happens to be done through the default.prop file as well.
The difficulty comes when you want to change this file; most people decompile the kernel and the ramdisk and edit it directly and recompile and then reflash it to the device mainly because adb obviously doesn't have root access at the moment. You can pull the file from the system like so:
adb pull default.prop default.prop
(Thats if you have adb on your PC distro environment path)
This will bring the straight you, only the problem is when you want to put it back after changing it can be rather difficult. Various solutions are about, I hear a lot of pushing it to SDcard /emmc/storage/sdcard0/default.prop or /tmp/default.prop and then requiring you as "SuperUser" on the device using something like terminal emulator, script manager or root explorer to put the file back in place and give it the correct permissions.
typing adb remount on a device with secure kernel will allow you to remount the whole system as read-write and you can do as you please. If insecure though you may end up doing something like
adb root
remount
or you might end up finding that your whole console has no superuser rights what so ever, so you would be required to adb shell into the device shell (where it or you has superuser rights) and then executing the commands you want to try.
adb shell
su
mount -o rw /system
remount /system
I have discovered recently that you can obtain the same level of access through a single line at the adb console and single return key like so:
adb shell su -c mount -o rw,remount /system
This passes the arguments in single string adb shell -> superuser access -> pass command -> mount as read-write -> remount command -> to the system partition.
You could if you like use the above command to gain superuser rights from the console and echo strings into the default.prop file without the need of decompiling the kernel.
In my case I just repeated the same commands a few times and overwrote the default.prop with the same content only adjusting specific variables to my liking like so: note the first line only uses 1 > so this effectively wipes or overwrites the default.prop file, hence the rest of the lines need to also follow. I use 2 > like >> because this appends to the following line of the file.
adb shell su -c echo ro.secure=1>default.prop
adb shell su -c echo ro.allow.mock.location=0>>default.prop
adb shell su -c echo ro.debuggable=1>>default.prop
adb shell su -c echo persist.sys.usb.config=mass_storage,adb>>default.prop
adb shell su -c echo persist.service.adb.enable=0>>default.prop
This is rather fast and effective for 4 or 5 lines of code, but this is not practical when you are rewriting a large file with many lines of test. You may want to look at things like grep with looping functions in a bash script to filter specific lines of the large text/script/config file, however for this example and probably for your system vold file this should be sufficient.
I think this should be enough to (excuse the pun) ARM you with enough info to be dangerous :) On that note, please make sure you have got a backup of your device, before you go messing with the system. They are very similar to linux but they are also very different too! Heed this warning, MAKE SURE YOU BACK UP YOUR EFS PARTITION STRAIGHT AWAY!! Efs contains the device IMEI number and this is something you really don't want corrupted or lost. I have seen first hand what can happen; you don't even need to call the EFS partition by accident to break it....you only need make an error calling an explicit path to the incorrect partition and it can obliterate your IMEI!
这篇关于从Android的亚行外壳手动挂载SD卡的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
