Develop Bugs

NAND unlocking + deleting Sprint Apps

I have followed both parts of Toast's root guide. I have then flashed 1.0.8 of JoeyKrim's rooted stock build ROM - odex version if that really matters, though I doubt it.
I find that using ConnectBot on the device, I can indeed type SU and get the hash prompt. So far so good, but even after killing all apps, I cannot manage to delete the Sprint*.apk files. I get a read-only filesystem error.
I'm assuming this is possible through booting into my custom recovery, but I thought one of the benefits to the NAND unlock was ability to do this "live" within Android.
Am I missing something, or is /system/app just a special case of read-only settings when running normally?

First, please post in the proper section. This is development not q&a. Second, you need to remount. It defaults to read only, but can be changed. Enter the following command sequence:
su
mount -o rw,remount /dev/block/mtdblock4 /system
rm /system/app/Sprint*
Beware, that gets rid of visual voicemail too. I use Google voice personally, but it should be known.

axlebot said:
First, please post in the proper section. This is development not q&a. Second, you need to remount. It defaults to read only, but can be changed. Enter the following command sequence:
su
mount -o re,remount /dev/block/mtdblock4 /system
rm /system/app/Sprint*
Beware, that gets rid of visual voicemail too. I use Google voice personally, but it should be known.
Click to expand...
Click to collapse
Well, I figured this was more specific than Q&A since it was directly related to root and custom ROM, and I've seen those questions asked here in numerous threads...
As to your point, I did try that, but kept getting the same error. Have confirmed ability to write to /system outside of /system/app, which seems odd.

Sorry the evo auto corrected where it shouldn't have. I fixed it. it shoukd have been rw instead of re.

axlebot said:
Sorry the evo auto corrected where it shouldn't have. I fixed it. it shoukd have been rw instead of re.
Click to expand...
Click to collapse
Not a problem - caught the issue when I read your post. But I saw an issue where even that command was not giving me R/W access. Strangely, pulling the battery and rebooting seemed to help. Odd.
Thanks for the assist. I had kept thinking with full unlock you would not have to run that command each time.

[REF] Unroot for Galaxy S using Terminal Emulator

Clarification: I did not think about this myself!
I just found it in a post in Modaco explaining how to Unroot a Droid X and it worked for my Galaxy S as well, so I thought it should be worth posting, as I wanted to unroot my Galaxy S and failed to find a good method.
So First, I'm not responsible for any damage caused to your phone.
Anything you are doing is solely your responsibility.
Second, ALL credit goes to the user itsluy from Modaco who wrote this.
This is the link, by the way:
http://androidforums.com/motorola-droid/39303-factory-reset-updates-apps-root.html#post294672
These are the instructions:
While you still have root go to terminal emulator and run the following:
su
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
cd /system/app
rm Superuser.apk
mount -o ro,remount -t yaffs2 /dev/block/mtdblock3 /system
sync
reboot
*****end of instructions****
I would like to emphasize that you HAVE to type EXACTLY what it says.
Before every new row you obviously need to press enter.
If you're doing it right, you shouldn't be seeing any messages of any kind during the process.
A good way of making sure it works is after you have removed Superuser.apk, type the command ls and then make sure it doesn't appear in the list.
Then, of course, continue as usual.
I repeat, you have to type exactly what it says, if not it will not work.
For example, there's a space between modblock3 and /system .
Another example is that you have to write Superuser.apk with a capital s.
Once again, it is all thanks to itsluy from modaco and I'm not responsible for any of the damages this process may cause.
I would be happy to hear comments (hopefully good ones)
Itay

Sounds good mate, but you do know you can just use One click unroot application instead?
still this may come in handy for others!

itaykoren said:
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
Click to expand...
Click to collapse
Haha, what? You can probably leave off the 'mount' lines... /system on SGS is already rw.

Yes, Mambo04, I know that you can use the one click root/unroot, but this method is very useful for those who already have root access.
In addition, the comments regarding that unroot process are a mixed bag.
For me, it's much more comfortable to do it this way as I don't need to download any files as opposed to the one click root/unroot process (besides Terminal Emulator that most people already have) and also don't need to connect it to a computer (as opposed to the second root/unroot method).
Eventually, I think writing several lines of dictated code is much easier and takes less time to do, so I personally think it's a very good method.
What do you guys think?

RyanZA ,
thanks for your response.
Actually I did try without the 'mount' lines and it didn't work.
At least for me on stock jf3.
Perhaps on other firmwares it's different...

itaykoren said:
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
Itay
Click to expand...
Click to collapse
SGS actually does not use yaffs2.... So Impretty sure this fix isnt "proper"

I guess you're right.
Then again, I no longer have root access, so "if it ain't broken, don't fix it..."

Worked for me also.

I'm glad to hear...
If anyone else uses this, please feel free to comment so that we know of any problems with it, as so far I have not found any, and I think it's the one of the easiest ways to safely unroot

THANKS! you saved me a Butt-Ton of headache. I work for bell, and i kind of rooted/lagfixed a store unit prior to activating it, the customer who got it would have been ecstatic. but the warranty is an issue. Is it possible to do the lagfix and then remove superuser permission so the phone is totally fixed and still warrantyable?

I don't know for sure if it's possible so I don't want to make any statements...
I guess it also depends on what this provider defines as a violation of the warranty.
There's been rumors that Vodafone UK, for example, does not consider rooting a Galaxy S as a violation of the warranty terms. But again, this has not been confirmed, and I guess most providers do consider it as a violation.
Also, hopefully the lag issue will be fixed in future official updates, so if warranty is a big issue, it mind be better to wait, or apply the lagfix and remove it before taking it to be repaired (if the state of the device allows it...)

Hi, thanks for posting this unroot method, just a couple of questions;
1. If I run this, then do a factory reset will the phone remain unrooted? or will it revert back to rooted as I applied root using update.zip.
2. Is it safe to delete the update.zip from my internal sd after applying this?
Thanks.

hi skink666,
1. After you run this successfully, you are unrooted, so if you do a factory reset, you will remain unrooted (you can easily verify this by checking your apps and making sure the "Superuser Permissions" app is not there).
2. The update.zip file that you use in order to root your device can be deleted once you have successfully gained root access. So, you can even delete it before applying this unroot method, not to mention afterwards.
You might want to keep a copy of it on your computer in case you want to root again.

Thanks for the info, will give it a try

Is this method working on froyo xxjpy with voodoo kernel?

I haven't tried, but you're more than welcome...

[GUIDE] Instructions to Root G2 [Temp Root]

NOTE: The below info is all pretty outdated now that the fantastic Paul O'Brien has created a one-click temp root app called VISIONary. I recommend using that - get it from his thread! In case you don't want to do that (what are you, some kind of masochist?), or want to see the old way of getting temp root, keep reading this thread.
Insert the usual disclaimers about "if this breaks your device, it's not my fault... do this at your own risk... voiding warranty... etc."
Note that for now, this is a TEMPORARY root. And things are now well over my head... I just got lucky with figuring out the first few steps. For now, I'm going to leave it to the fantastic folks over in the thinktank thread to figure out how to make this permanent, and will help out wherever I can.
Update 10/6/2010:
Per suggestions later in the thread, I've compiled a zip file of everything needed to set up a temp root. I've also made some tweaks to the root script, included in the archive as "root" - notably, it will now create symlinks to busybox for commands not included with default android (example: cp).
Here are updated instructions to use with the attached zip file. USB Debugging needs to be enabled:
Stage 1: On your PC
1. adb push su /sdcard/su
2. adb push Superuser.apk /sdcard/Superuser.apk
3. adb push rage /data/local/tmp/rage
4. adb push busybox /data/local/tmp/busybox
5. adb push root /data/local/tmp/root
6. adb shell chmod 0755 /data/local/tmp/rage /data/local/tmp/busybox /data/local/tmp/root
7. Disconnect phone from pc
Here's an alternate Stage 1, thanks to Aphotix:
Aphotix said:
If you really want to optimize (or be lazy if you are like me), just use this batch file (for windows obviously) using the pc side of the instructions already provided.
Code:
adb push su /sdcard/su
adb push Superuser.apk /sdcard/Superuser.apk
adb push rage /data/local/tmp/rage
adb push busybox /data/local/tmp/busybox
adb push root /data/local/tmp/root
adb shell cd /data/local/tmp; chmod 0755 rage busybox root;
just place it inside of the G2TempRoot folder and double click. Then its just two commands on the phones terminal and you have root.
Click to expand...
Click to collapse
BATCH FILE DOWNLOAD HERE
Stage 2: On your phone (Assumes you have already installed Android Terminal Emulator from the market)
1. Launch Terminal Emulator
2. /data/local/tmp/rage
3. Wait for the message: "Forked #### childs."
4. Menu > Reset Term - Terminal Emulator will exit.
5. Launch Terminal Emulator, it Force Closes. Launch a second time, and you'll have a root shell
6. /data/local/tmp/root
Stage One only needs to be done once. Stage 2 needs to be repeated every time you reboot your phone.
Follow the Thinktank thread for progress on a permanent root solution.
Special Thanks:
The dude that made rageagainstthecage - http://c-skills.blogspot.com
gariak, for the ideas in the root script
rpmccormick - improvements in the later PC steps
Aphotix - Windows batch file to make the first part easier

You're a beast. Thank you.

So do we get any roms soon after rooting?
Sent from my T-Mobile G2 using XDA App

Well, that's up to the rom developers. Will probably take time.
Note that currently, this is a TEMPORARY root. And things are starting to get a bit over my head... I just got lucky with figuring out the first few steps. For now, I'm going to leave it to the fantastic folks over in the thinktank thread to figure out how to make this permanent. I'm working to figure out what I can, but I fear my own usefulness is fading
(added that info to OP, since it's probably important)

Ill wait til its permanent
Sent from my T-Mobile G2 using XDA App

This is interesting.. you need to try to get a rooted recovery made.. from there once you get this temp root working try to flash the recovery through terminal.. if it takes then you would be able to flash rooted roms... i wonder if clockwork is working on a recovery already??...

Whew, I was starting to think the phone might be unrootable.
Sent from my T-Mobile G2 using XDA App

OgBrog said:
Whew, I was starting to think the phone might be unrootable.
Sent from my T-Mobile G2 using XDA App
Click to expand...
Click to collapse
What the heck are you talking about? This phone hasn't even been released officially and you are already tired of waiting on root? why don't you learn some stuff and crotribute to helping us get root?
Guys, I know the thought of developing on linux is scary but you can always start with simple stuff like boot animations and themes. Don't you notice how most developers have left xda because all people do here is ask and not give. quit crying, complaining, and posting stupid ****! learn to contribute!
sorry I was up all night last night and got no sleep working on trying to ROOT this damn phone and figuring out what the deal is with our missing storage space on the g2. I'm just cranky. and btw, this isn't directed just at this guy but a lot of people here. sorry to single you out. nothing personal.

weird I dont know what I messed up because the commands for the phone are alot of typing so I copied that text and made a script minus the '#' symbol for all lines and when I run it can;t kill process says can't find and won't remount but if I type it into the phone working fine
here is exactly what I put in on the script for terminal on device
/data/local/tmp/busybox killall rageagainstthecage-arm5.bin
mount -o rw,remount -t ext3 /dev/block/mmcblk0p25 /system
/data/local/tmp/busybox cp /sdcard/Superuser.apk /system/app/Superuser.apk
/data/local/tmp/busybox cp /sdcard/su /system/bin/su
/data/local/tmp/busybox cp /sdcard/busybox /system/bin/busybox
chmod 4755 /system/bin/su
chmod 4755 /system/bin/busybox
mount -o ro,remount -t ext3 /dev/block/mmcblk0p25 /system

sino8r said:
What the heck are you talking about? This phone hasn't even been released officially and you are already tired of waiting on root? why don't you learn some stuff and crotribute to helping us get root?
Guys, I know the thought of developing on linux is scary but you can always start with simple stuff like boot animations and themes. Don't you notice how most developers have left xda because all people do here is ask and not give. quit crying, complaining, and posting stupid ****! learn to contribute!
sorry I was up all night last night and got no sleep working on trying to ROOT this damn phone and figuring out what the deal is with our missing storage space on the g2. I'm just cranky. and btw, this isn't directed just at this guy but a lot of people here. sorry to single you out. nothing personal.
Click to expand...
Click to collapse
I think you may have singled out the wrong person. As I understood it, his post was stating that he was worried we weren't going to be able to root the phone at all...intending the post to be a 'sigh of relief' if you will. There was no implication of being impatient.
And I know it's annoying when people demand stuff without contributing, but if were to open a restaurant and everything on the menu was free, guess what? You'd have a crapload of customers, and they'd all be asking for stuff for free. Once development picks up, there will be a lot less posts about people wanting root and such...just be patient. Coming from a guy who pre-ordered the g1, I think I know a little bit about waiting for good things to happen.

M9x3mos said:
weird I dont know what I messed up because the commands for the phone are alot of typing so I copied that text and made a script minus the '#' symbol for all lines and when I run it can;t kill process says can't find and won't remount but if I type it into the phone working fine
here is exactly what I put in on the script for terminal on device
/data/local/tmp/busybox killall rageagainstthecage-arm5.bin
mount -o rw,remount -t ext3 /dev/block/mmcblk0p25 /system
/data/local/tmp/busybox cp /sdcard/Superuser.apk /system/app/Superuser.apk
/data/local/tmp/busybox cp /sdcard/su /system/bin/su
/data/local/tmp/busybox cp /sdcard/busybox /system/bin/busybox
chmod 4755 /system/bin/su
chmod 4755 /system/bin/busybox
mount -o ro,remount -t ext3 /dev/block/mmcblk0p25 /system
Click to expand...
Click to collapse
That IS strange...I don't see anything wrong with what you've posted here...but I can say that I've seen some strange happenings lately. I'm getting rid of a samsung epic for the g2, and if I used the cable that came with it, nothing through adb would work properly, I had to use a better quality one I got off amazon.

InGeNeTiCs said:
That IS strange...I don't see anything wrong with what you've posted here...but I can say that I've seen some strange happenings lately. I'm getting rid of a samsung epic for the g2, and if I used the cable that came with it, nothing through adb would work properly, I had to use a better quality one I got off amazon.
Click to expand...
Click to collapse
I agree or try a different driver (pdanet one). It is showing under adb devices right? that cable that came with was giving me hell while trying to charge it last night. I'm not sure as using it to tether for adb because I used my old one for the pc.

sino8r said:
What the heck are you talking about? This phone hasn't even been released officially and you are already tired of waiting on root? why don't you learn some stuff and crotribute to helping us get root?
Click to expand...
Click to collapse
I didn't mean to sound ungrateful, it's just that every other phone I've ever
owned already had a root method when I got it. After reading that no previous
root methods work I worried it might be locked like the droid X.
I really don't know too much about rooting and I doubt that there's anything that
I could think of or do that someone more knowledgeable hasn't already done.

CM on G2
Cyanogen said he has already written the device config profile. So as soon as there is root ans the BBQ is over there will be CM!
hendusoone said:
Well, that's up to the rom developers. Will probably take time.
Note that currently, this is a TEMPORARY root. And things are starting to get a bit over my head... I just got lucky with figuring out the first few steps. For now, I'm going to leave it to the fantastic folks over in the thinktank thread to figure out how to make this permanent. I'm working to figure out what I can, but I fear my own usefulness is fading
(added that info to OP, since it's probably important)
Click to expand...
Click to collapse

Sweet
Sent from my T-Mobile G2 using Tapatalk

OgBrog said:
I didn't mean to sound ungrateful, it's just that every other phone I've ever
owned already had a root method when I got it. After reading that no previous
root methods work I worried it might be locked like the droid X.
I really don't know too much about rooting and I doubt that there's anything that
I could think of or do that someone more knowledgeable hasn't already done.
Click to expand...
Click to collapse
The reson none of the old methods have worked so far is because this is an entirely new device. With this device we have new hardware and stock software that has not been seen/hacked yet. We are getting there so just hold out a little while, this device will rock when rooted, and after the BBQ this weekend we should have a few more guys looking into this with us.
Back on topic now
Sent from my T-Mobile myTouch 3G Slide using XDA App

AWESOME!
hendusoone said:
Insert the usual disclaimers about "if this breaks your device, it's not my fault... do this at your own risk... voiding warranty... etc."
I used the rageagainstthecage binary from the download in this blog post: http://c-skills.blogspot.com/2010/08/droid2.html
On PC:
adb push rageagainstthecage-arm5.bin /data/local/tmp
adb shell
cd /data/local/tmp
chmod 0755 rageagainstthecage-arm5.bin
exit
On G2:
Open terminal emulator
cd /data/local/tmp
./rageagainstthecage-arm5.bin
Wait a bit for it to say "Forked #### childs." Then hit enter. Should have a $ prompt.
Try running "ps" - should say Cannot fork.
Exit terminal emulator with back button, launch an app (I launched Twidroid, probably doesn't matter which app you pick)
Launch Terminal Emulator again - it will force close, hit Force Close
Launch Terminal Emulator a second time and you have a root shell
Additional info from gariak, from here:
Currently working on further instructions to make this a permanent root... will edit those in once ready. Others are doing a bunch of work on it, too... keep an eye on the root thinktank thread for further developments - the fun starts at this post!
Note that for now, this is a TEMPORARY root. And things are starting to get a bit over my head... I just got lucky with figuring out the first few steps. For now, I'm going to leave it to the fantastic folks over in the thinktank thread to figure out how to make this permanent. I'm working to figure out what I can, but I fear my own usefulness is fading
Click to expand...
Click to collapse
This is awesome! Will certainty be following this rather then all of the ghey fags in general complaining like a bunch of women.
Now we just need a root SPL or something to flash in the root shell right?

You can follow the happenings in the thinktank thread. Best to just follow or test what is suggested if you feel comfortable.
On a side note the other build posted makes for a good un-root so I would keep it named PC10IMG.ZIP on the root of your sdcard, should anything bad happen to your phone you should be able to flash that from bootloader
Sent from my T-Mobile myTouch 3G Slide using XDA App

What's the username and pwd to get the file?

The other build has radio 12.21.something. My g2 came with 12.22.something. So you would have to downgrade your radio. Should work though.
Everything else looked to be the same though.
edit: Nevermind, after reviewing the numbers I read them wrong. Everything does look to be the same. Apologies, with my first drill weekend with the army reserves and still moving into a new house I guess my head wasn't completely in the game.

[Q] adb remount

Rooted with this method completely stock kernel...
Ok I am new to Samsung but not new to rooting and using adb. I have been searching and maybe I missed something but I can not get adb working properly on my phone and pc. adb remount does not work so I can not push any files over. I have tried all the methods with mount -o rw,remount -t yaffs2 ... etc...
I can get su permissions on the phone but it will not allow me to transfer any files over at all. I even tried to r/w permission with Root Explorer while connected to phone through cmd window and nada. I am not running CWM so I would like to push files over if I can. I have done it the root explorer way of copy and paste its just that way seems so sloppy to me.
Any help would be appreciated since I cant seem to find a method on the web that works for me
Thanks guys

How are you typing the push command? Remember there are 2 sdcards on this phone.
For the internal sdcard
Code:
adb push c:\this\place /sdcard
for the external sdcard
Code:
adb push c:\this\place /sdcard/external_sd
You *shouldn't* have to use mnt/sdcard/external_sd but give it a shot just to be sure.
Doesn't this phone have to be on for ADB to work? I thought I read that. Obviously that seems a bit odd since most have to be in recovery. Or am I wrong about the on part?
Lastly, if you can run 'adb shell' then use the 'cp' or 'mv' commands to get the files on there.
EDIT: Ok, I completely just misread your post. You're trying to write to the /system? Try mount -o remount,rw /system
I don't know why everyone uses the yaffs, mmcblk, and all the other craziness. You still mount /system just with more typing. Let me know if it works.

KCRic said:
How are you typing the push command? Remember there are 2 sdcards on this phone.
For the internal sdcard
Code:
adb push c:\this\place /sdcard
for the external sdcard
Code:
adb push c:\this\place /sdcard/external_sd
You *shouldn't* have to use mnt/sdcard/external_sd but give it a shot just to be sure.
Doesn't this phone have to be on for ADB to work? I thought I read that. Obviously that seems a bit odd since most have to be in recovery. Or am I wrong about the on part?
Lastly, if you can run 'adb shell' then use the 'cp' or 'mv' commands to get the files on there.
Click to expand...
Click to collapse
tried cp and mv still gave me problems moving file. I forget the error message I got. Also I know the proper push commands I used to do it with my Evo all the time. Its just that this phone wont let me mount system. What do you mean be on ADB?

playya said:
tried cp and mv still gave me problems moving file. I forget the error message I got. Also I know the proper push commands I used to do it with my Evo all the time. Its just that this phone wont let me mount system. What do you mean be on ADB?
Click to expand...
Click to collapse
I meant the phone needs to be on (with debugging selected) in order to use ADB and write to it. At least that's what I think I remember seeing. Could be wrong since I haven't used ADB with this phone yet.

KCRic said:
I meant the phone needs to be on (with debugging selected) in order to use ADB and write to it. At least that's what I think I remember seeing. Could be wrong since I haven't used ADB with this phone yet.
Click to expand...
Click to collapse
correct all that has been done... all the basics you can think of have been done but it just keeps failing on adb remount
adb shell
$ su
#
no problem now, at first yes but I still cant mount system... driving me nuts since I dont use Clockwork right now I want to push files over... and my software on my pc AndroidCommander says NORoot has been obtained....

I'm probably as new to this phone as you are. Mostly just dealt with HTC. Past this point I have no idea what's going on. I can write to my /system - no problem. Hopefully one of the more seasoned guys will jump in here soon. Sorry I'm not much more of a help.

KCRic said:
I'm probably as new to this phone as you are. Mostly just dealt with HTC. Past this point I have no idea what's going on. I can write to my /system - no problem. Hopefully one of the more seasoned guys will jump in here soon. Sorry I'm not much more of a help.
Click to expand...
Click to collapse
what method did you use to root with... Is it the same as what I used the deoxeded stock method I posted above

Did u try with the Odin method? way easier.
Sent from my Galaxy SII √Epic4G Touch

skykc0401 said:
Did u try with the Odin method? way easier.
Sent from my Galaxy SII √Epic4G Touch
Click to expand...
Click to collapse
Odin method to do what? root? If so that is how I rooted thanks
I downloaded an app on the market that fix it.. thanks guys

[HOW-TO] [GSM & CDMA] Root without Unlocking Bootloader via exploit (for 4.0.1/4.0.2)

[HOW-TO] [GSM & CDMA] Root without Unlocking Bootloader via exploit (for 4.0.1/4.0.2)
Edit: This does not works on anything newer than ICL53F (i.e., 4.0.2). It works fine on ITL41D (4.0.1), ITL41F (4.0.1) and ICL53F (4.0.2)
Once you have got root, you can now use segv11's BootUnlocker app to unlock your bootloader without wiping anything. Easy as pie!
Disclaimer: I take no credit for this exploit or the implementation of it (but I will take credit for the step-by step ). Thanks to kendong2 for pointing it out to me here.
So, it looks like zx2c4 has found a local privilege escalation exploit. See source here, and saurik has managed to package it together for Android. See here. Although this may be old news to some, I hadn't seen it before.
So what does this all mean:
If you are running a 2.6.39 kernel (or above), which all Galaxy Nexus' are, you can now root your device without having to unlock your bootloader (and without losing your data).
Moreover, you should now be able to root your device even if your hardware buttons are not working.
Additionally, this allows those who have not received an OTA update and want to apply it without having an unlocked bootloader or root to do so by copying the OTA update to /cache from /sdcard.
Notes:
1) This assumes that you have USB Debugging enable on your device (Settings > Developer Options > Enable USB Debugging) and the drivers for your device installed on your computer. For the drivers, I would recommend you remove all old drivers and install these. If you don't know how to install them, or are having issues, look here.
2) This needs to be done over ADB, as a terminal emulator on-device does not have the appropriate access. If you do not have ADB, I've attached it in the zip. Unzip all files.
3) Some users indicate that, once finished the procedure, they needed to open the Superuser app.
Step-by-step:
1) Download the attached files to your computer and unzip them in the same directory as your adb.exe file;
2) Open a command prompt in the same directory;
3) Copy the files to your device:
adb push mempodroid /data/local/tmp/mempodroid
adb push su /data/local/tmp/su
adb push Superuser.apk /data/local/tmp/Superuser.apk
4) Open a shell: adb shell
5) Change permission on mempodroid to allow it to run: chmod 777 /data/local/tmp/mempodroid
6) Run the exploit: ./data/local/tmp/mempodroid 0xd7f4 0xad4b sh
Note: Once you do step 6, your prompt should change from $ to #. If not, it did not work.
7) Mount the system partition as rw: mount -o remount,rw -t ext4 /dev/block/mmcblk0p1 /system
8) Copy su to /system: cat /data/local/tmp/su > /system/bin/su
9) Change permissions on su: chmod 06755 /system/bin/su
10) Copy Superuser.apk: cat /data/local/tmp/Superuser.apk > /system/app/Superuser.apk
11) Change permissions on Superuser.apk: chmod 0644 /system/app/Superuser.apk
12) Mount the system partition as r/o: mount -o remount,ro -t ext4 /dev/block/mmcblk0p1 /system
13) Rescind root: exit
14) Exit the ADB shell: exit
15) Done. You now should have root without having to unlock your bootloader.

Reserved

Reserved

This is the same as https://github.com/saurik/mempodroid
saurik ftw.

times_infinity said:
This is the same as https://github.com/saurik/mempodroid
saurik ftw.
Click to expand...
Click to collapse
Not sure what you are getting at? I mentioned saurik in the first post, and the link you posted is in the first post. And I mentioned that this may be old news, but I haven't seen it anywhere before today in the GN forums.

Yikes! This exploit works on any kernel from 2.6.39 and >. This could become a common root method for many devices. Linus Torvalds himself posted the fix commit! Nice work by zx2c4!

Sleuth255 said:
Yikes! This exploit works on any kernel from 2.6.39 and >. This could become a common root method for many devices. Linus Torvalds himself posted the fix commit! Nice work by zx2c4!
Click to expand...
Click to collapse
You need ics to have a vulnerable kernel version, so given the number of devices which currently have ics officially, I doubt it will be common. I'd also expect Google and vendors to correct this in next release.
Also many custom kernels don't have this flaw as they are at or over 3.0.18 or have patched it. This prevents gaining unnoticed root.
Sent from my Galaxy Nexus

Hmmm I thought 2.6.39 was found in GB builds. This exploit is almost a root fix for the Moto DX 4.5.621 fiasco. Unfortunately the kernel for that build is 2.6.32.9.
Sent from my Galaxy Nexus using xda premium

This was huge in the headlines a few weeks back. It's nice to see someone putting it to a good use!
Sent from my Galaxy Nexus using xda premium

Hi, been lurking awhile, registered to clear up somethings.
I did some research while attempting to access the /data/local/ -folder with terminal emulator and I found that it would be impossible to write or to find it while being unrooted. Rooting a phone through using an unrooted access root seems impossible.
Did I miss something or is there any other way to copy mempodroid to the data- folder? I sure would like to keep all my files.

Huxleysäl said:
Hi, been lurking awhile, registered to clear up somethings.
I did some research while attempting to access the /data/local/ -folder with terminal emulator and I found that it would be impossible to write or to find it while being unrooted. Rooting a phone through using an unrooted access root seems impossible.
Did I miss something or is there any other way to copy mempodroid to the data- folder? I sure would like to keep all my files.
Click to expand...
Click to collapse
I think you are mistaken. In a terminal emulator type: cd /data/local/tmp
Edit: Fixed a mistake made by auto correct...
Sent from my Galaxy Nexus using Tapatalk

efrant said:
I think you are mistaken. In a terminal emulator type: cd /data/local/temp
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
Just did. It says "No such file or directory."
Not the best source, but if you google it, people state what I state. Sorry, can't post links

try /data/local/tmp

Huxleysäl said:
Just did. It says "No such file or directory."
Not the best source, but if you google it, people state what I state. Sorry, can't post links
Click to expand...
Click to collapse
Sorry, damn auto correct. It should be: cd /data/local/tmp
Not "temp".
It works fine.
Edit: Sleuth255 beat me to it!
Sent from my Galaxy Nexus using Tapatalk

efrant said:
Sorry, damn auto correct. It should be: cd /data/local/tmp
Not "temp".
It works fine.
Edit: Sleuth255 beat me to it!
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
Sure, OK, it worked. But as I'm trying to replicate his instructions, copying mempodroid to data/local/tmp doesn't compute. I tried extracting the files, puting mempodroid in a new folder in ./sdcard/ (which I named Nex), and it still couldn't find it.
Wait, just had an idea. Brb

Huxleysäl said:
Sure, OK, it worked. But as I'm trying to replicate his instructions, copying mempodroid to data/local/tmp doesn't compute. I tried extracting the files, puting mempodroid in a new folder in ./sdcard/ (which I named Nex), and it still couldn't find it.
Wait, just had an idea. Brb
Click to expand...
Click to collapse
Hmm. Looks like you may be correct. In GB, we had write access to that directory, but it looks like we don't in ICS. I'll have another look tomorrow and try to figure something out.
Sent from my Galaxy Nexus using Tapatalk

OK, this is exactly what I did:
I downloaded the files, extracted them into the ./sdcard folder of my android. I opened the console, wrote exactly as stated. Reaction? Cannot create /data/local/tmp/mempodroid: Permission denied
So, what I'm thinking is this: I tried the cd ./sdcard/mempodroid, found it. So, logically, that should mean that since the permission is dennied, the problem lies not in where I put the mempodroid, but with my authority over my phone. So, here we are again. Could anybody smarter then me clarify?
efrant said:
Hmm. Looks like you may be correct. In GB, we had write access to that directory, but it looks like we don't in ICS. I'll have another look tomorrow and try to figure something out.
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
****, I was hoping I was wrong. I originally thought that the exploit was this. But alas.
Try finding an alternative write route to the /data/local/- folder. That should solve all problems, I guess. Big words, ey? This is for the simpletons like me, who stupidly forgot to bootload.

Might want to expand on the steps.
Like what program to use to copy the file.
How do you change permission.
How do you run the exploit.
How to mount rw.
How to copy su.

convolution said:
Might want to expand on the steps.
Like what program to use to copy the file.
How do you change permission.
How do you run the exploit.
How to mount rw.
How to copy su.
Click to expand...
Click to collapse
I hade my initial problems with that too. But as if this moment it doesn't really matter. Read above posts. Anyhow, to answer your question: you need to download a console emulator
Just search for it in the market. Also the commands go in this console
For example: cat /directory/filename > /newdirectory/samefilename means to copy or move from one place. To change permission you just write that line of code ending with 777 instead of cat and then the filename etc and etc.
I didn't know any of this 'till yesterday, so it is quite understandable.
cheers

Huxleysäl said:
F***, I was hoping I was wrong. I originally thought that the exploit was this. But alas.
Try finding an alternative write route to the /data/local/- folder. That should solve all problems, I guess. Big words, ey? This is for the simpletons like me, who stupidly forgot to bootload.
Click to expand...
Click to collapse
I've updated the first post. Give that a go and let me know how it turns out. (The guide may need some minor tweaking, but I am here to help you through it.)
It seems that ADB has rw access to /data/local/tmp but a terminal emulator on-device does not. So for now, you need to be plugged into your computer.
It may be possible to do this with ADB-over-Wi-Fi, but I haven't gotten there yet.