Murena / Teracube 2e rooting


Hi, all. I got my Murena Teracube 2e today. Having some issues…

  1. I got it to connect to ADB in preparation for rooting (so I can install AFWall+ and Battery Charge Limiter)… it says:
    202111T2E001456 unauthorized

What does the ‘unauthorized’ mean? I don’t see that when I connect my old Blu Life One X3.

  1. I enabled Developer Options. There’s no ‘OEM unlocking’… I presume the bootloader is already unlocked?

  2. If I reboot the phone into fastboot mode, it just hangs. Is there a key combination I’m missing?

  3. How do I install TWRP / Magisk on this phone? Do we have a procedure for that yet for this phone? I went to the Teracube site, they have a procedure for this phone, but I’m not sure it’s the same for this phone with /e/ OS.

  4. When I rebooted the phone, it kept popping up a dialog box stating that Phone was sending a lot of SMS messages. I revoked that permission for the Phone app. Is this normal behavior?

  5. Right when I reboot, the screen shows text that says:
    “Orange state
    Your device has been unlocked and can’t be trusted.
    Your device will boot in 5 seconds.”
    Is this normal?

  6. When I shut the phone down, the same text as above comes up on the screen with the battery icon (but it stays there, it doesn’t boot), but it shows the battery as being empty, and it doesn’t update to show the battery is actually fully charged. Is this normal behavior that’s just yet to be fixed?

Any help you can provide will be greatly appreciated.

1 Like

None of this sounds normal, but I cannot tell where the issue started !

You see unauthorised when your PC has successfully sent an adb request to the device; but you have not acknowledged this on the device. A popup is expected, you can say ok; or better, always accept from this PC. (It can help if you extend the time allowed for display to switch off and lock when unused, as the phone may have gone out while you were doing your thing on the PC !)

As this is a Murena phone you could email for support.

1 Like

Ok, I got the phone authorized. It was because I’d previously used ADB to connect to a different phone (my old Blu Life One X3) that it wasn’t connecting to the Murena Teracube 2e.

  1. Unplug the phone from USB.

  2. In Developer Options, disable Developer Options (just keep in mind that when you do so, you’ll have to go back through and reset all the options you’d set before).

  3. Re-enable Developer Options.

  4. Enable ‘USB debugging’ and ‘Rooted debugging’ and ‘Disable adb authorization timeout’.

  5. Under Developer Options > Default USB configuration, set USB connection type to ‘USB Tethering’.

  6. Reboot the phone.

  7. On your computer, rename C:\Users\Owner\.android\adbkey to C:\Users\Owner\.android\adbkey.OLD

  8. Plug the phone into the computer via USB.

  9. In an Administrator-level command prompt, type ‘adb kill-server’ then ‘adb start-server’

  10. You should get the authorization prompt on your phone. I also ticked the “Always allow from this computer” option.

  11. In an Administrator-level command prompt, type ‘adb devices -l’ to ensure the phone is authorized.

So that problem resolved, how does one root the Murena Teracube 2e?

I’m working on learning the system via:
adb shell dumpsys > C:\Users\Owner\Desktop\DUMP.txt
adb shell pm list packages -f > C:\Users\Owner\Desktop\PACKAGES.txt

I’m hoping that we can use root ADB to change the settings.

For instance, we can use:
adb root
adb shell dumpsys battery unplug
… to stop the battery charging. And we can use:
adb shell dumpsys battery reset
… to start it charging again.

Right now I’m researching how to enable automatically limiting charge to a user-set maximum.

1 Like

I’m liking this phone more and more… they used all the same programs as I’d chosen for my old Blu Life One X3 (I’d stripped Google out of the phone… no Google-spying, no ads) except for the launcher… they use Bliss Launcher, I used OpenLauncher. I like OpenLauncher because you can hide all the icons so the screen is completely black (I’ve set the background to black)… you double-tap the screen to bring up the icons. I’m going to see if I can change the launcher on the new phone and set it up the same as I have my old phone.

{UPDATE} Boo-yah! It works. Awesome… this is going to be an easy transition, and even an upgrade in some respects… the new phone can check email, the old phone was too locked down to do so.

I think I’m onto something here… the Murena Teracube 2e has the ability to run adb as root, which allows us to grant permissions to apps such that they should be able to run effectively as root, without actually rooting the phone.

So for instance, for Battery Charge Limit:

adb root

adb -d shell pm grant com.slash.batterychargelimit android.permission.DUMP

adb -d shell pm grant com.slash.batterychargelimit android.permission.WRITE_SECURE_SETTINGS

adb -d shell pm grant com.slash.batterychargelimit android.permission.RESET_BATTERY_STATS

I’ve got a query in at:
… to have the app author confirm what permissions the app needs.

But if this works, then we don’t need to root the phone at all… any app we want to run we can run, as long as we grant the app the necessary permissions.


As I did with my old phone, I did with this one.

adb shell
settings put global airplane_mode_radios cell,nfc
settings put global airplane_mode_toggleable_radios wifi,bluetooth

Then reboot the phone.

The first ‘settings’ command tells the phone to only turn cell (cellular) and nfc (near field communication) radios off when Airplane Mode is enabled.

The second ‘settings’ command tells the phone that in order to enable cell and nfc, Airplane Mode must be disabled, whereas wifi and bluetooth can be enabled independent of Airplane Mode.

Now, when you turn on Airplane Mode, your Bluetooth and Wifi stay on.

1 Like

Ok, so it’s going to come down to a long slog through a lot of phone internals.

What I’m doing now:
adb ls /sys/class/power_supply
000041ed 00000000 623e4481 .
000041ed 00000000 623e4481 …
0000a1ff 00000000 623e4487 mtk-gauge
0000a1ff 00000000 623e4487 battery
0000a1ff 00000000 623e4487 ac
0000a1ff 00000000 623e4487 mtk-slave-charger
0000a1ff 00000000 623e4487 mtk-master-charger
0000a1ff 00000000 623e4487 usb
0000a1ff 00000000 623e4487 mtk_charger_type

Then I append each one of those (so, for instance: adb ls /sys/class/power_supply/mtk-gauge), and each one of the results from those, etc., until I find something useful.

1 Like

Android checks with (Google) to determine connectivity. So even in a completely de-Google’d phone, Google weasels its way in. If you block that URL (in your HOSTS file or with a firewall), then your WiFi icon will show it’s not connected to the internet, even when it is.

If you want your regular WiFi icon back, plug your phone into USB, then on your computer, in an Administrator-privilege command prompt, type:
adb shell settings put global captive_portal_mode 0
then reboot your phone. Keep in mind that this prevents Captive Portal detection, so you won’t get a prompt to log-in to such networks (such as at diners, coffee shops, etc.). I consider this to be a benefit, as these networks are notorious for not being secure.

If you need Captive Portal detection re-enabled, re-enable it using ADB (if you’ve disabled the CaptivePortalLogin app via ADB as shown above), then issue the commands:
adb shell settings put global captive_portal_mode 1


The fact that the Murena Teracube 2e allows root ADB is fantastic.

adb root
adb pull /system/build.prop c:\test

That saves build.prop to c:\test

In that file on your computer, add:
#Increase the number of volume control steps
#Disable error reporting
#Disable LogCat logging
#Disable boot animation
#Disable Google Location Features
#Disable sending of usage data

Reboot the phone into Recovery Mode and mount the file system.

Save the file you’ve edited on your computer, then:
adb push c:\test\build.prop /system/build.prop

Then reboot the phone from Recovery Mode via ‘Reboot system now’.

{ UPDATE: Mheh, the changes don’t stick. I’ll look into it. }

{UPDATE 2: I’ve attempted:
adb root
adb shell
CHMOD 777 /system/build.prop
adb pull /system/build.prop c:\test

Then editing and saving build.prop on the computer, then:
adb push c:\test\build.prop /system/build.prop
adb shell
CHMOD 644 /system/build.prop

… but it won’t let me change permissions on that file to 777.

1 Like
  1. my phone came out of the box with this message on screen and it doesn’t go away after reboot. I think this is because Lineage installation requires unlocking bootloader, that causes this message. See screenshot at teracube forum, where they discussing rooting of batch 1 (sorry I can’t post links here for some reason 0_o). You probably have batch 2, so If you find how to root batch 2 device without proprietary software, please share)))

Let’s get rid of aGPS.

This is another way they spy on you, via Assisted GPS… using WiFi, NFC, GPS and cell-tower triangulation to pinpoint your location 24/7.

Assisted GPS (aGPS) uses SUPL (Secure User Plane Location) to assist the GPS device to get a shorter TTFF (Time To First Fix) on the GPS satellites… and in so doing, those proffering the aGPS services get to track your every move and monetize it. That’s not a tradeoff I find particularly beneficial for anyone but the aGPS providers, given that modern GPS units can get a satellite fix plenty fast.

adb root
adb pull /data/vendor/agps_supl/agps_profiles_conf2.xml c:\test

This is CDMA Multicell Processing… since you’re disabling all aGPS, there’s no need to use MCP for aGPS.

MediaTek no longer uses the server at IP address… it hosts a bunch of websites, none of them MediaTek.

This should disable aGPS functionality, but as you’ll see below, it can be re-enabled either via the phone’s chip automatically deciding to use an aGPS protocol, or via a NILR (Network-Induced Location Request). So we’ll turn all that off, too.

This is the LTE Positioning Protocol, Enhanced… the comments in the same file on my old phone say it’s still under development and not ready for use.

This tells the aGPS functionality to use nonvolatile RAM to store information, and that information can be sensitive.

Disables logging to logcat.

This allows the phone to communicate with the cell towers via SIB blocks. SIB 8 is CDMA2000 data transfer, and SIB16 is aGPS-related information.

This is the Chinese BeiDou satellite system… the more satellites your phone’s GPS can get a fix on, the quicker it’ll get a First Fix.

This is the European Galileo satellite system, developed so Europe didn’t have to depend upon the US for GPS.

The setting:
Already is set to true, so leave it be. That’s the Russian GPS satellites.

This is the non-911 ability for a Network-Induced Location Request… in other words, someone can request that your phone give its location… in other-than-emergency situations… in other words, at any time.

This is the 2G, 3G, 4G and LTE communication between the phone and the cellular towers for aGPS purposes, allowing your cellular provider to pinpoint your location exactly.

This is the Network-Induced Location Request functionality. This turns it off in all circumstances except when the phone is in a roaming state.

This turns off NILR (Network-Induced Location Requests) even when the phone is in a roaming state.

This is Mobile Station Assistance and Enhanced Cellular ID, which allows the phone to communicate with the cellular towers for aGPS functionality. This is one method by which Google and the cellular providers can single you out from any other phone user.

This is the LTE Positioning Protocol, yet another method by which cellular providers can pinpoint your location via aGPS.

This prevents the phone from automatically enabling aGPS.

This disables the International Mobile Subscriber Identity being transmitted for the purposes of aGPS. This is yet another method by which you can be singled out from all other phone owners. Further, if someone’s running an IMSI-Catcher, they can use your IMSI to spoof your identity, impersonate you, receive your phone calls and your text messages.

This prevents the aGPS functionality from saving any logs with sensitive data.

This is LTE Positioning Protocol, Enhanced. The comments in the same file on my old phone say it’s still in development and not ready for use.

Save the file you’ve edited on your computer, then:
adb push c:\test\agps_profiles_conf2.xml /data/vendor/agps_supl/agps_profiles_conf2.xml

You’ll want to do the same for:
… there are two aGPS SUPL files, for some reason (and the second one is still using Google!).

1 Like

Please can you explain who is “spying” on me when I use aGPS? Who are the “aGPS providers” that are collecting this information?

1 Like

Well, we know Google wants to… they’ve perfused their own proprietary code throughout the Android codebase (in fact, the second SUPL file in this phone still has Google as a SUPL provider).

Aside from that, the phone company tracks your location (even inside stores… more below) and sells it.

If you go into a store and look up at the ceiling, you’ll see something that looks sort of like a smoke detector, except there are no holes for air to get to any sensor… that’s an aGPS or NFC tracker… they can literally track your progress through the store.

You are tracked 24/7 with the standard aGPS settings… and should the government or the cancel culture mob decide to use that against you, you’re screwed (especially the government… they have the authorization to remotely turn your aGPS on and track you, unless you set your phone up to reject such NILR requests). Best to turn it all off. You don’t need aGPS, modern GPS units are exceedingly accurate and they get a fast TTFF.

NFC trackers are generally at about head height… NFC is very short-range. aGPS trackers are generally on the ceiling.

Fun story… my wife, kids and I went into a museum in CA once… they had the ceiling speckled with their aGPS / NFC trackers.

The security guard, sitting at a desk off to the side of the main opening, had a computer that allowed him to track the location and phone number of everyone. He could plainly see that I was carrying a phone on my belt. When my wife and I split up (she took the kids to see the dinosaur exhibit), he got a confused look on his face. He kept looking at me as I looked at the entryway exhibits, then looking back to his computer, then looking at me as I moved around, then back to his computer. He couldn’t fathom that someone could opt out of being continually tracked. LOL

His look turned to one of consternation when my wife called me to tell me to come to the dinosaur exhibit… he knew my phone was on, but I was somehow blocking his tracking me. LOL

Sorry, but I’m still a bit confused

I thought this was exactly the stuff that /e/ have removed in “de-googling” their OS. If there is still stuff like this present, then maybe you should raise it as a gitlab issue.

When you say “the phone company”, I assume you mean the network provider (EE UK in my case), not the phone manufatcturer (Sony) or ROM creator (/e/). My network provider knows my location whether or not I use aGPS: the phone needs to register to a base station in order for telephony and data to function.

So two questions about this:

  1. Does using aGPS give my network provider any more information - about me, my location, or my phone - than they already have?
  2. Do you have any evidence that EE UK (or any other network operator) a: sells that information, or b: discloses it to anyone else (apart from in response to legal requests from e.g police)?

Sorry again, but who exactly is tracking me 24/7? (Apart from my network operator who, as mentioned above, knows where I am so long as my phone is switched on and connected to the mobile network.)


Or I can do it myself. The devs read these forums, they’re aware of the issue, it’s not new by any means. I just figured out how to configure it properly, and configured it on my old Blu phone and now on the Murena Teracube 2e.

Not sure about Sony, but I know for sure Blu was doing it. They had three apps that they kept in a hidden directory, deleting them was nigh-on impossible (just as Google does, the programs were impossible to kill, so deleting them was impossible unless they were stopped), and those three apps, while purporting to serve other purposes, specifically enabled aGPS. When I disabled aGPS, those programs crashed. I then removed them.

Funnily enough, Blu attempted, via Google, to push an ‘updated’ ROM to my phone, despite ‘Automatic updates’ being disabled, by rebooting the phone… at midnight, every single night. They surreptitiously downloaded the ‘updated’ ROM (which was the same ROM, just with the permissions and apps for Google and Blu put back in place), then rebooted the phone without my permission or knowledge. I caught it because the bootloader had been replaced, and the ‘updated’ ROM wouldn’t install. When I asked Blu if there was an updated ROM for my Blu phone, they said no… then I presented the evidence of them pushing that ‘updated’ ROM… their response was along the lines of “Oh! That update! Ha! Yeah, we forgot about that one. Nothing to see here, move along. We reserve the right to push updates to our phones.”, whereupon I reminded them that it wasn’t ‘their’ phone, it was mine, and they were in violation of CA law. They went silent after that.

Roughly… they can triangulate between cell towers, but it’s not exact due to reflection of the signal, and it takes effort to do so, it’s not something they’re going to shell out for to do 24/7 (specifically because it’s not accurate enough for the effort)… aGPS pinpoints your position down to a very small radius, and does so 24/7. That’s what it’s designed to do.

If you’re comfortable with having your location tracked 24/7 and monetized by Google and your telephony provider, then by all means continue on as you have been. If not, take 10 minutes to free yourself a bit from the constant surveillance.
I dunno… sounds pretty hinky.

1 Like

so I’m trying to modify /etc/hosts file with no luck so far. Error says that it is read-only partition, and with
cat /proc/mounts
I see that /data partition that you successfully modify with adb pull/push has read/write access and / doesn’t (that is generally nice to be like that). Now, I’ve tried running
mount -o remount,rw /
that does what it should, but then I’m getting error on file modifications, saying “No space left on device”…
Any hints on that?

Oh, boy. You did the same as I did, and that bricked my phone… it’s stuck in a boot loop. I’m currently trying to fix it, but it won’t even let me get to the screen where you use the up / down volume keys to choose which mode you boot into, so I can’t get to fastboot or Recovery Mode.

It’d be so much easier if the devs trusted users to administer their own phones without all the locks and barriers, or at least give them the data to get past those locks and barriers safely. My Blu Life One X3 never had this problem. I should have installed TWRP on this phone as a first step… the existing Recovery Mode interface is not great.

Is your phone still working ok?