View Single Post
Old 11-28-2018, 05:14 AM   #24
elementarythree can spell AND pronounce 'liseuse.'elementarythree can spell AND pronounce 'liseuse.'elementarythree can spell AND pronounce 'liseuse.'elementarythree can spell AND pronounce 'liseuse.'elementarythree can spell AND pronounce 'liseuse.'elementarythree can spell AND pronounce 'liseuse.'elementarythree can spell AND pronounce 'liseuse.'elementarythree can spell AND pronounce 'liseuse.'elementarythree can spell AND pronounce 'liseuse.'elementarythree can spell AND pronounce 'liseuse.'elementarythree can spell AND pronounce 'liseuse.'
Posts: 26
Karma: 39999
Join Date: Aug 2018
Device: none
Didn't forget about the device, just had little time because of work. I have two new snippets:

I figured out a way to get "clean" root (meaning not using some weird chinese tools that do god-knows-what) on the Max 2. This is possible as of build number 2018-09-05_08-12_1.9.1_575ba83 (included for search engines and refrence) I'll explain the steps I took. This is not a tutorial for novices, nor do I want to supply a one-click tool. It does need some immediate knowledge of Linux.

My first observation was that the kernel running on the Boox Max 2 is quite old. Old enough to be vulnerable to the Dirty COW exploit. ( ) Dirt COW is a vulnerability in lots of older kernels which basically allows you to write to files/regions you shouldn't be allowed to write to with your permissions.

Searching for somebody who already did the legwork, I found this git: which replaces the run-as executable on the Max 2 with one that gives you root. The source code is very simple and clean, no funny stuff hidden in it. Just get all the dependencies together and run "make root", with the Max 2 connected in debugging mode and adb running as daemon.

Now you can log into the device via "adb shell /system/bin/run-as" which logs you in as root. Now you're still not done here as SELinux disallows access to most stuff -even to root- and having root isn't really interesting yet as you can't change any files.

Now embarrassingly, I spent about two hours experimenting how to get past SELinux with dirtycow, by replacing different system files getting from permissions to other permissions. With tons of android devices this is very hard and you often don't get very far. In the case of Max 2, it's a lot easier. Apparently the people at Onyx dislike SELinux as much as I do and left the CONFIG_SECURITY_SELINUX_DEVELOP kernel flag on. As root, you can simply type "setenforce 0" to disable SELinux. Now you have full root with access to everything until next reboot. Don't forget to enable SELinux again after making your changes. I leave it as an exercise to the reader what to do with it.

(yes, this also means the device is ludicrously unsafe, Onyx= release your kernel sources plz)

My second snippet is a bit smaller and less exciting and not even all that technical, it just makes termux nicer to use.

I already mentioned earlier that you can replace the font in termux with an arbitrary font by replacing font.ttf in the ~/.termux directory when you start termux. Now typing on the Boox Max is sometimes kinda annoying because of the inherent lag eink has. A2 mode is a lot faster but as we all know, it looks kinda ugly with most fonts. By installing an old bitmap-based font for example like:

or any font from

(the "thin" IBM PS/2 fonts work especially well)

and setting them to the correct size (you'll notice when you did) you can run the Max2 in faster A2 mode without having to deal with "damaged" fonts, as there is no anti-aliasing and hence no grey levels, the fonts will look perfect. They don't look as fancy as more modern fonts, but are pixel-prefect and also draw ASCII-boxes etc. accurately. As a retro affectionado I also enjoy looking at them. It's a very nice way to live the terminal life in linux. If you need lots of unicode, you could probably also use Unifont. The bold overstriking Termux does works also very well with these fonts.

Also, while you're at it with adb running on your main PC the Max 2 is connected to, type
"adb shell settings put global policy_control immersive.full=com.termux" to remove the android task bar with clock on top of termux and give you more screen real-estate. You can also set "TERM=vt100" to make ncurses and other programs aware that you don't have any colors, which makes them usually draw properly. You can also hunt down and add "xterm-mono" to your terminal definitions, which keeps your F-keys and mouse working in programs that have support for them.


Last edited by elementarythree; 11-28-2018 at 05:19 AM.
elementarythree is offline   Reply With Quote