[英]How disable dm-verity on Android Devices without using ADB?
[英]how to enable and disable dm verity on android devices?
此問題與device-mapper-verity(dm-verity)內核功能有關,該功能提供了塊設備的透明完整性檢查。 dm-verity有助於防止持久的rootkit,這些rootkit可以保留root權限並破壞設備。
以下命令可以正常工作以禁用或啟用userdebug構建的verity。
adb disable-verity
adb enable-verity
但是這些命令不適用於用戶構建。 用戶構建有什么替代方案嗎?
總之,我還不能給你一個解決方案。
但是這里有一些有用的提示:這是我得到的錯誤:
C:\Users\Test>adb remount
dm_verity is enabled on the system and vendor partitions.
Use "adb disable-verity" to disable verity.
If you do not, remount may succeed, however, you will still not be able to write to these volumes.
remount of system failed: Permission denied
remount failed
( ^某些確切的文字對於在谷歌搜索的人來說也很重要^ )
使用IDA Hex- ray逆向工程/反編譯' \\ sbin \\ adbd '時,我注意到輸出此錯誤的相關adbd源代碼在net中:
void remount_service(int fd, void *cookie)
{
char buffer[200];
char prop_buf[PROPERTY_VALUE_MAX];
bool system_verified = false, vendor_verified = false;
property_get("partition.system.verified", prop_buf, "0");
if (!strcmp(prop_buf, "1")) {
system_verified = true;
}
property_get("partition.vendor.verified", prop_buf, "0");
if (!strcmp(prop_buf, "1")) {
vendor_verified = true;
}
if (system_verified || vendor_verified) {
// Allow remount but warn of likely bad effects
bool both = system_verified && vendor_verified;
snprintf(buffer, sizeof(buffer),
"dm_verity is enabled on the %s%s%s partition%s.\n",
system_verified ? "system" : "",
both ? " and " : "",
vendor_verified ? "vendor" : "",
both ? "s" : "");
write_string(fd, buffer);
snprintf(buffer, sizeof(buffer),
"Use \"adb disable-verity\" to disable verity.\n"
"If you do not, remount may succeed, however, you will still "
"not be able to write to these volumes.\n");
write_string(fd, buffer);
}
if (remount("/system", &system_ro)) {
snprintf(buffer, sizeof(buffer), "remount of system failed: %s\n",strerror(errno));
write_string(fd, buffer);
}
if (hasVendorPartition()) {
if (remount("/vendor", &vendor_ro)) {
snprintf(buffer, sizeof(buffer), "remount of vendor failed: %s\n",strerror(errno));
write_string(fd, buffer);
}
}
if (!system_ro && (!vendor_ro || !hasVendorPartition()))
write_string(fd, "remount succeeded\n");
else {
write_string(fd, "remount failed\n");
}
adb_close(fd);
}
http://www.contrib.andrew.cmu.edu/~rjkohler/android-tools-5.0.1+git20141213/core/adb/remount_service.c順便說一下,我曾經解散的adb deamon來自Android 5.1.1。
所以這里的關鍵點是partition.vendor.verified和partition.system.verified 。 如果它們設置為“1”,您將收到錯誤。
接下來將是尋找原因以及如何設置......以及如何防止這種情況。
然而adb remount所做的一切都是重新安裝/系統 (也許是/供應商 )。 您也可以自己動手:
adb shell su mount -o remount /system
那條小線通常會幫助我完成同樣的事情。 蘇 - 那就行了。 (但是,如果你的設備是'rooted', su命令就會出現。)
adb disable-verity僅適用於adb版本1.0.33及更高版本。 所以升級您的adb版本
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.