[home]|[b]

Bruteforce-hacking on android 4.4

or,

Fixing android 4.4's /storage not writable problem

Today, i found out that my months-unused nook (with cyanogenmod, android 4.4) couldn't write to it's sdcard.
Rsync gave perimssion errors, which i thought was due to invalid characters on FAT, but even 'asdf' couldn't be created.
ls -ld showed something like:
drwxrwx--- root sdcard_r          1970-01-01 05:30 .

the sdcard_r seemed suspicious, so i tried many variations of chmod, chown to change ownership and permissions.
While the commands "succeded" (no error reported, 0 return code), the permissions were unchanged.

fstab (in this case it was /fstab.encore) didn't set /storage/sdcard?.
In some stackoverflow (or XDA) posts, peope mentioned making /mnt/media_rw as 777.
Setting this value did seem to stick around but it didn't affect /storage/sdcard1.

But /mnt/media_rw/sdcard1 _was_ the external sd card. and it was writable by any other processes.

`mount' revealed that /storage/sdcard1 was a fuse mount of some sorts.
When i tried to unmount that and bind mount /mnt/media_rw/sdcard1, it worked! now i could write to /sdcard without any problems.

However, this setting would revert on reboot, so somehow i was led to /system/etc/init.d/ directory,
whose contents are executed at boot. I also found /init.rc but changing that didn't seem to stick around at all.

Thus, after many, many reboots, the script i found to work was:
$ cat /system/etc/init.d/30media_rw                                                                              
#!/system/bin/sh
mount -o remount,rw /
busybox chmod 777 /mnt/media_rw
log=/mnt/media_rw/sdcard1/bind_log
mount >"$log" 2>&1
sh -c 'sleep 30; busybox mount --bind /mnt/media_rw/sdcard1 /storage/sdcard1 >>"$1" 2>&1' _ "$log" &
mount -o remount,rw /system
start-ssh &
The busybox infront of chmod, mount is because the normal executables were different and didn't even report errors properly.
While i was at it, i also enabled ssh as root. Reading /system/etc/ssh/sshd_config showed that it expected authorized_keys on /data/.ssh/
so i copied one there, and it worked!

Overall, while this did seem to eat ~4 hours of mine, rebooting the device so much that it lost 50% of it's charge, i'm still satisfied with it.
I don't know what the root issue was, why a not-updated system changed it's behaviour, but atleast now it works.

I'm sure on android >5 it'd have been hell, and on android >8, >10, it'd probably be impossible to fix it myself.
On this nook , i can just put a recovery image on a sdcard, and it'll boot off that!
I'm still using that as the primary method to use it.
While i'd like to remove it's builtin os and use CM only, i have had no need for it!
This kind of convenience and hacker friendliness is amazing; i wish every ``product'' was open for exploration!

I love that i could hack it together, and i love that I could fix my own problem even if it took many many hours :D