ro.debuggable = 1
persist.service.adb.enable = 1
我有提取的我的手机模型的恢复图像： 因此，可以在默认文件中修改以下值，使用FastBoot重新包装图像并闪烁它以获取特权shell，然后将重新安装系统后复制SU二进制文件作为读/写？< / p>
To get a privileged shell you need to modify the following lines to the given values in the default.prop file ro.secure=0
I have the extracted the recovery image of my phone model : So is it possible to modify the following values in the default.prop file, repack the image and flash it using fastboot(bootloader is unlocked) to get a privileged shell, and then copy the su binary after remounting system as read/write?
Do I need to change any other values in any of the files? And will it work, theoretically at least?
This approach will work (provided there are no proprietary funny locks in place anywhere), but the recovery partition is no party to it from the very beginning. The default.prop is overwritten on bootup, copied from the boot partition, which is not a directly accessible file system. You need an image of the boot partition, which you will then unpack, make the change, and repack.
Assuming you know how to go about doing all that (since you say you tried it with the recovery), I must warn ahead that often times it is necessary to include the base address when making the image with mkbootimg. There is no way to know when it is required, so it is safe to always include a base address. You can follow a tutorial here:
The script includes the od command with which you can get the base address, in case you want to make your own script. For more on the manual steps (for reproducing on GNU/Linux):
I do not recommend use of the unpack/repack scripts, as they have hardcoded lines not portable across cases. Use split_bootimg.pl, then gunzip and cpio extract it, after which you will again use cpio and gzip it, followed by the mkbootimg command. The only exception is for MTK65xx devices, where you will need the relevant unpack/repack tools (because they have very different offsets; you will also skip the mkbootimg as the repack script does it for you):
And here is an on-going example of a Chinese rebranded phone going through the same thing to finally get root:
I'm sorry I have to strip off proper links, but I am apparently considered potential spam. Also, I've not been rather thorough because I'm not really sure you'd want more verbosity.
The above approach did not seem to work.
Either because the stock recovery put up wasn't meant for the device or the method isn't this easy and may involve making other changes. The phone wouldn't go into recovery mode, which is the only mode in which you would get a privileged shell to perform the necessary operations to obtain permanent root.
Another method would be to modify the build.prop in the boot image itself, repack and then flash it and adb to get a privileged shell in normal operating mode.
Better to follow someone else's procedure when you're not too sure about your own.