[Bglug] Moto G4 hacking ... SUCCESS!

Andrew Howlett andrew at howlett.net
Wed Apr 21 22:37:50 EDT 2021

Thank you to Chris for binaries of all the tools and Logan for the termux tip. Here's the point form version for my future reference (ie in case I drop this phone and have to do everything again) and anyone who wants to hack an old Moto series.

Moto G4

This is the process I used to install Lineage:

1. Use the Motorola page to unlock the bootloader
2. Install twrp
3. Use twrp to install lineage:
      a. wipe, format data
      b. wipe, advanced, cache and system, wipe
      c. Advanced, ADB Sideload ... use adb sideload to sideload the following packages:
         (i) lineage-14.1-20180503-nightly-athene-signed.zip
         (ii) addonsu-14.1-arm-signed.zip
         (iii) Magisk-v20.4.zip
4. reboot and wait for a few minutes for the system to restart. The first reboot is slow.

This is the process to get a root shell

5. Settings -> About then tap on build 7 times to enable developer menu
6. Settings -> Developer Options -> enable USB Debugging
7. Settings -> Developer Options -> enable root access via adb
8. On PC use adb shell, then in adb shell execute su command.
    The phone will show a dialog box to grant su. Tell it to grant superuser forever

This is the process to enable usb tethering at boot
Note that all termux files and folders must be created using termux,
I think that there are hidden SELinux permissions set
at file creation. After being created in termux they may be edited
by adb shell or ssh

9. install fdroid from the fdroid website
10. using fdroid install termux and termux.boot
11. run termux boot once to activate it
12. using termux, create the .termux/boot folder: mkdir -p .termux/boot
13. using termux create a script at .termux/boot/20usbtether.sh:

   sleep 5
   echo "$(date)  ---  enabling usb tethering" >> $bootlog
   su -c "/system/bin/service call connectivity 33 i32 1 >> $bootlog"

14. set execute permission on the script:  chmod 700 usbtether.sh

This is how to enable ssh server at boot

15. create an sshd config file at /data/data/com.termux/files/usr/etc/ssh/config
     (this file must be created in termux but then can be edited using adb shell)
16. upload my public ssh key to /data/.ssh/authorized_keys
17. edit the sshd_config file with the location of the authorized_keys file and set PasswordAuthentication no
18. use termux to create a file .termux/boot/30sshd.sh

   sleep 10
   echo "$(date)  ---  starting sshd" >> $bootlog
   su -c "/system/bin/sshd -f /data/data/com.termux/files/usr/etc/ssh/sshd_config"

19. set it executable: chmod 700 sshd.sh

More information about the Group mailing list