Related
After seeing lots of users struggle to root their phone with the existing guides (or worse, brick their phones), often times because of an inability to install/use ADB correctly (so they hobble together steps from multiple guides), I decided to write up a guide for rooting without the need for ADB. This guide uses the Visionary program to achieve temporary root and then gfree to achieve permanent root. Visionary is used only for the temporary root and nothing else (since many on these forums are wary of the app for permanent rooting). All of the gfree steps were scripted together to make things more convenient (and allow less room for user error in typing things in). This has been tested to work with multiple G2s and theoretically should work with the Desire Z as well (if you have the 1.72 OTA though, you will need to downgrade first in order to root as per the instructions in the wiki). All credit goes to the original developers of these programs and those others who aided in achieving root originally (I didn't add anything new content-wise, just bundled it up nicely).
WARNING: A few Desire Z users have reported being stuck on the HTC logo after following this guide. Without having a Desire Z myself, it is difficult to figure out why (since this simple automates known working methods). For the time being, I recommend Desire Z users obtain permanent root using one of the other guides out there.
Instructions
1. Install Terminal Emulator and a file manager (such as Astro File Manager) from the Market.
2. Extract the contents of the zip file to the SD card (this will create a directory called root_files on the card). When done, make sure you unmount your SD card from your computer if you had mounted it as a storage device to transfer the files.
3. Enable Unknown Sources (under Settings->Applications) and USB Debugging (under Settings->Applications->Development).
4. Using your file manager, navigate to the root_files directory on your SD card and select "com.modaco.visionaryplus.r14.apk" to install the Visionary app.
5. Start the Visionary app.
6. Click on "Temproot now." Leave all other settings unchecked.
7. Start the Terminal app.
8. Type the following commands (the $ and # symbols represent the command prompt and should not be typed):
Code:
$ su
# cp /sdcard/root_files/perm_root /data/local/perm_root
# chmod 777 /data/local/*
# /data/local/perm_root
You will see multiple messages scroll by as the programs run. Once you are returned to the prompt in terminal, you will have permanent root (S-OFF), as well as subsidy unlock and SuperCID. At this point, you can also choose to flash the engineering hboot as explained in the wiki. Flashing this hboot allows you to use the flashboot program to flash images from your computer to your phone (which can be very helpful when stuck in a bootloop for example). Note, this is often times the step that bricks people's phones when following other guides. To help mitigate the danger involved, I created a script that first checks the md5 of the hboot file to ensure it didn't get corrupted and then actually performs the flash (many times the bricking occurs because of a typo in this command). If you wish to flash the engineering hboot, type the following command in terminal if you have a G2:
Code:
# /data/local/tmp/flash_hboot
Or this command if you have a Desire Z
Code:
# /data/local/tmp/flash_hboot_z
If you get a verification failed message, you should re-download the files, re-extract them to your SD card, and run the flash_hboot script again.
If you don't want the engineering hboot, just reboot your phone. You can verify you have permanent root by holding volume down while powering on (you'll see S-OFF in the first line of the bootloader). You are now free to install a new recovery and start flashing custom ROMs. If you don't want to flash a new ROM, it's safe to uninstall the Visionary app at this point.
And if you are curious, you can open the perm_root and flash_hboot files in a text editor to see what they are actually doing...
thnak you bro man this was way better !!!
does this apply to someone who just bought the G2.currently on stock 2.2?
GHOST99K said:
does this apply to someone who just bought the G2.currently on stock 2.2?
Click to expand...
Click to collapse
YES!!!! Especially you! This is much easier than the previous ways!
NICE!
I wish I had seen this last night before I spent 4 hour trying to get ADB to see my wife's new phone. Oh well got it working the hard way
Copy flash_hboot
Do you need to copy the flash_hboot like the perm_root file?
Crey23 said:
YES!!!! Especially you! This is much easier than the previous ways!
NICE!
Click to expand...
Click to collapse
cool i guess 2 of my friends will be pleased to hear this cuz i'll be helping them to root their phones.
worked like a charm! sweet man, saved me a lot of time by making this thread and guide, definitely should be added to wiki or sticky thread.
I just bought a T-mobile G2 as well, and I love the phone as is, but I just want to root it, so I can over-clock the cpu just a little bit (maybe about 1Ghz is fine). Can I use this method and keep the phone as is? Or does this method delete everything and I need to use custom rom? I'm coming from original MyTouch 3G (without 3.5 jack) rooted with CM, but I am still a newb.
misterykid89 said:
I just bought a T-mobile G2 as well, and I love the phone as is, but I just want to root it, so I can over-clock the cpu just a little bit (maybe about 1Ghz is fine). Can I use this method and keep the phone as is? Or does this method delete everything and I need to use custom rom? I'm coming from original MyTouch 3G (without 3.5 jack) rooted with CM, but I am still a newb.
Click to expand...
Click to collapse
Once you root the phone, everything will stay as is. Here's a link to overclock to at least 1 GHz on stock ROM: http://theunlockr.com/2010/10/20/t-mobile-g2-overclocked-to-1-42ghz-how-to-overclock-your-t-mobile-g2/
However, it's required you first set up ADB.
I can't just download setCPU and over-clock? I thought as long as the phone is rooted, I can do that...
misterykid89 said:
I can't just download setCPU and over-clock? I thought as long as the phone is rooted, I can do that...
Click to expand...
Click to collapse
You can still download SetCPU, but just having the app itself won't let you overclock the phone. You can try flashing a different ROM and you'll be overclocked once you run that ROM.
Wait, but the recommended and safest way is still with Rage and GFree, right? VISIONary was found to do something with the phones file system that messes up some phones I thought, right? I thought that is why scotty2 made Rage, or am I wrong?
KoolKidsKlub said:
Wait, but the recommended and safest way is still with Rage and GFree, right? VISIONary was found to do something with the phones file system that messes up some phones I thought, right? I thought that is why scotty2 made Rage, or am I wrong?
Click to expand...
Click to collapse
Rage/G-Free is still the safest but they both require ADB, which can be quite a hassle to install for many. True that Visionary has been found to mess one's phone up, but this method only implements the temp root procedure from Visionary (which doesn't require ADB) and the perm root procedures from Rage/G-Free for a more simple way to root one's G2.
so its more like the best of both methods then... i gave up cus i couldnt figure out the ADB but this way looks way easier so ima give this a try thanks for this
Worked perfectly first try. Thanks!
What exactly is kernel? I've seen some people saying they are running over-clock on their G2 with a modded kernel on stock ROM.
misterykid89 said:
What exactly is kernel? I've seen some people saying they are running over-clock on their G2 with a modded kernel on stock ROM.
Click to expand...
Click to collapse
Search google for "Kernel Operating System"
What I meant was is it okay to just change the kernel and run stock ROM that came with my T-mobile G2? Would it not change anything except for the clock speed?
misterykid89 said:
What I meant was is it okay to just change the kernel and run stock ROM that came with my T-mobile G2? Would it not change anything except for the clock speed?
Click to expand...
Click to collapse
Different kernels can be compatible only with certain ROM's. Check on on the kernel before you flash to stock ROM
Hello everyone!
I've been coming to this site for a few weeks now. What a ton of helpful information! I finally decided to create an account though, because I had a question I couldn't seem to get answered.
I'm fairly new to android, this a100 tablet is my first device I've "owned" but have worked with and have a little experience with other android devices. I'm pretty good with Linux, being an IT admin. I'm sure my issue is minute, I'm just stumped as to what is causing the problem.
I've upgraded my a100 to the latest ICS build. I've installed the drivers from acer (unfortunately after windows detected the device drivers first) and I am trying the quickroot method I found in the development forum. I can run the windows .bat file, and everything goes through CMD so quickly that I am not able to read whats happening, but it reboots my device and says root achieved. I've got super user installed, it won't find any updates for the SU in the settings menu, says failed every time it looks for them. I open terminal emulators, still getting $ instead of #. Tried a terminal command I read about for root, where I put the root and SU files at mnt/sdcard and use the command to install, no luck.
Am I truly rooted? I cant tell anymore. I just want to unlock the bootloader, install cwm, and flash an a500 custom rom to it.
Any help at all is greatly appreciated. I'm sure I'm overlooking something, but Im not sure. I can add a legacy device, add Acer's ADB driver, but the fastboot one gets a code 10 and cannot start.
Thanks!
pbrady5 said:
Hello everyone!
I've been coming to this site for a few weeks now. What a ton of helpful information! I finally decided to create an account though, because I had a question I couldn't seem to get answered.
I'm fairly new to android, this a100 tablet is my first device I've "owned" but have worked with and have a little experience with other android devices. I'm pretty good with Linux, being an IT admin. I'm sure my issue is minute, I'm just stumped as to what is causing the problem.
I've upgraded my a100 to the latest ICS build. I've installed the drivers from acer (unfortunately after windows detected the device drivers first) and I am trying the quickroot method I found in the development forum. I can run the windows .bat file, and everything goes through CMD so quickly that I am not able to read whats happening, but it reboots my device and says root achieved. I've got super user installed, it won't find any updates for the SU in the settings menu, says failed every time it looks for them. I open terminal emulators, still getting $ instead of #. Tried a terminal command I read about for root, where I put the root and SU files at mnt/sdcard and use the command to install, no luck.
Am I truly rooted? I cant tell anymore. I just want to unlock the bootloader, install cwm, and flash an a500 custom rom to it.
Any help at all is greatly appreciated. I'm sure I'm overlooking something, but Im not sure. I can add a legacy device, add Acer's ADB driver, but the fastboot one gets a code 10 and cannot start.
Thanks!
Click to expand...
Click to collapse
You do have Superuser and it's su binary, so yes, you should be rooted. Try this app if you want to be sure: https://play.google.com/store/apps/details?id=com.joeykrim.rootcheck&hl=en.
Besides the root checker that theonew pointed you too I have always found downloading and installing Titanium Backup from the market as a surefire way of determining if root was successful.
Upon first run it will ask for SU permissions and should present you with a dialog box asking if that is ok with you. I always answer yes and make sure that the "remember this selection" box is checked.
That will be the first sign that you are rooted. Then, The program should provide you with a summary where you will see a bunch of green check marks. Most notably Busy Box should have a green checkmark and it will probably state Installed from program or something to that effect.
Wahla, you have confirmed you are rooted.
BTW, I recommend this program for it's ability to backup your apps which makes flashing new rom's easier as the apps can then be restored after performing a data wipe which is usually a requirement of flashing new Roms. Just be sure you understand that sometimes restoring app's AND their associated DATA can mess with a new ROM. In that case you can simply install the APP only. which still saves you the time and bandwidth of re-downlaoding it from the market.
Good luck and welcome to the playground.
Hello everyone,
First I will apologize if this information has already been posted / asked, however my searches on google and the forums did not exactly answer my question.
I would like to know how to make a full backup of the phone. What I mean is to have an img file for each partition.
For those who might quickly shout "Nandroid...", been there done that. That is actually what prompted me to start looking into this, when I read (after reflashing the phone) that CWM does not backup things like the radio (again, np, I have grabbed the original imgs from the excellent threads, but it made me want to be able to do it myself in the future).
I have seen the posts regarding backing up the EFS partition with ADB and that the method can be applied to copy of the of the partitions, however it requires root access on the phone.
It seems odd to me however that with a tool like fastboot, that we can not back up the entire phone when in this state. The only thing I can think of as to why not, is that the fastboot mode only allows access to certain partitions w/ full permissions (read/write), or it only mounts certain partitions thus making the other ones unaccessible.
I would prefer to backup the phone without rooting it if possible. I am not opposed to the idea of rooting, however I have not really read up on it. As a linux user, I have np with the idea of it and honestly would have loved it if Android had a similar user structure right out of the box. My concern is (and possibly unfounded) that gaining root access could leave security holes in the OS to be exploited.
I also would prefer a "manual" method, not a fan of the idea of a toolkit.
Sorry if this is in the wrong section, however most of the search results yielded threads from this one.
Well, you could always just individually dump any partition with the dd command.
For example, to dump the entire contents of the radio partition to an .img file:
Code:
dd if="/dev/block/platform/omap/omap_hsmmc.0/by-name/radio" of="/sdcard/radio.img"
To restore that radio.img:
Code:
dd if="/sdcard/radio.img" of="/dev/block/platform/omap/omap_hsmmc.0/by-name/radio"
Simply run that through ADB Shell or a Terminal emulator from the Play Store. Of course, you will have to be rooted and have BusyBox installed. It's really not that difficult. Now you can unlock the bootloader without wiping /data, it's a simple matter of rooting and running the commands. If you wish, you can then unroot and relock the bootloader.
Mandatory Disclaimer: I've been awake for about thirty hours now, so you might want to get someone else to check over those commands before you give them a shot. Read up a bit on rooting in general, it will help you in the long run. Also, be careful. Just remember that if you accidentally flash a radio.img on the boot partition, or whatever, you're gonna have a bad time. I'm not responsible if you brick your phone, or if it explodes, or even if it boots into Apple's iOS.
Questions go in Q&A
Please read forum rules
Thread moved
Are you aware of a way to do it without rooting?
My boot loader is already unlocked and I have left it that way.
I have seen in fast boot documentation a "backup" command for fast boot. I am curious if it can be used to flash the radio, why can't it back it up.
Sent from my Galaxy Nexus using Tapatalk 2
Sorry, without root, this is the best you're going to get, and I'm pretty sure it's not what you're asking for:
http://forum.xda-developers.com/showthread.php?t=1420351
Hi there !
I just registered to this huge forum full of ressources and so many stuffs to dig in.. I own a Z1 Compact I bought last week and got into mods etc.. This is my first Android device and therefore got into it for the first time.. and what a world.. so many things over here..
As a developper, I'm getting interested in this environment so I first tried to gain access to this unix-based system called Android in order to see how this works..
Here my first steps: I needed to be root on this device..okay.. through tutos I read, I needed to unlock bootloader then I needed to install a new boot called ClockWorkMod (I believe this is a boot, according fastboot argument I supplied..) to allow me running the SuperUser script to be root. Afterwards, I backed up my TA partition..
Okay, these steps were done pretty out of the box, without Android knowledge so far.. Now, I'm about to install busybox for tools I'm used to use on every linux platforms.. but I really lack Android knowledge about Android partitioning system (I came across TA partition, /boot, /data what else ??), content, permissions management.. in few words, Android philosophophy So guys, do you know good web ressources around my questionings so that I can start properly and the right way
I'd really like to contribute in a humbly manner, I've already developped upon ARM platforms with realtime OS and many stuffs around linux kernel, so if you guys had any suggestions for low-level dev and Android in-depth ressources etc.. I'd be grateful
Thanks a lot.
PaowZ said:
Hi there !
I just registered to this huge forum full of ressources and so many stuffs to dig in.. I own a Z1 Compact I bought last week and got into mods etc.. This is my first Android device and therefore got into it for the first time.. and what a world.. so many things over here..
As a developper, I'm getting interested in this environment so I first tried to gain access to this unix-based system called Android in order to see how this works..
Here my first steps: I needed to be root on this device..okay.. through tutos I read, I needed to unlock bootloader then I needed to install a new boot called ClockWorkMod (I believe this is a boot, according fastboot argument I supplied..) to allow me running the SuperUser script to be root. Afterwards, I backed up my TA partition..
Okay, these steps were done pretty out of the box, without Android knowledge so far.. Now, I'm about to install busybox for tools I'm used to use on every linux platforms.. but I really lack Android knowledge about Android partitioning system (I came across TA partition, /boot, /data what else ??), content, permissions management.. in few words, Android philosophophy So guys, do you know good web ressources around my questionings so that I can start properly and the right way
I'd really like to contribute in a humbly manner, I've already developped upon ARM platforms with realtime OS and many stuffs around linux kernel, so if you guys had any suggestions for low-level dev and Android in-depth ressources etc.. I'd be grateful
Thanks a lot.
Click to expand...
Click to collapse
Welcome in the exciting world of Android! I am by no means a programmer, but I have been here for a while and will just explain a few things I think are helpful. If it's stuff you already know, feel free to ignore it.
Important things first: I hope you have made a Backup of your TA-Partition before unlocking the bootloader. Unlocking the bootloader modifies the TA- partition. It is not possible to undo it if you d not have a backup. Flashing someone else's TA will brick your device!
If I am not mistaken, the TA is mainly used to verify that the phone is in original condition e.g. not modified.
Unlocking the Bootloader (BL) removes Sony's DRM-Keys from the partition, because unlocking enables you to get root access and copy all the protected stuff anyways. The result is that you loose access to some of sony's services and the use of XReality engine.
Unlocking the BL breaks the Sony Update Service, but if you unlocked with Flashtool, you will be able to relock easily. Do only relock while on a stock kernel, else the phone won't boot because it detects modified firmware.
AFAIK root is a function of the kernel, as is ClockWorkMod Recovery (CWM). they come included in, for example, DooMKernel.
Superuser and SuperSU are apps that allow you to manage root acces, giving it to the apps that need it, and stopping bad apps from getting it.
Recovery and fastboot *for me* something like a secondary boot partition. I don't know if that's technically correct, but even if the system is unbootable, you can boot into CWM and work from there.
TWRP (TeamWin Recovery Project) is another custom recovery that allows you to do interesting things.
Do not mess with the BL and TA more than necessary. A broken TA, aswell as a messed-up BL, can prevent you from booting. As long as the BL is functional and you can get into Flashmode or fastboot mode, the phone can be saved.
If/when you have root, use Terminal Emulator from Google play to find partitions.
for more tecnical aspects, go over to the "Original Android Development" forum for the Z1C. Be aware that you need a minimum uf 10 posts to be able to post there. They are a little picky about the quality of your posts.
LINKS
http://forum.xda-developers.com/wiki/Android
https://developer.android.com/index.html
https://source.android.com/
http://en.wikipedia.org/wiki/Android_(operating_system)
http://www.google.com :angel:
Hi Coirpre !!
Thanks a lot for the tips
Important things first: I hope you have made a Backup of your TA-Partition before unlocking the bootloader. Unlocking the bootloader modifies the TA- partition. It is not possible to undo it if you d not have a backup. Flashing someone else's TA will brick your device!
Click to expand...
Click to collapse
Unlocking the Bootloader (BL) removes Sony's DRM-Keys from the partition, because unlocking enables you to get root access and copy all the protected stuff anyways. The result is that you loose access to some of sony's services and the use of XReality engine.
Click to expand...
Click to collapse
Well, this step is pretty confusing, since *they* indeed advise you to proceed to TA backup before any BL unlocking but before running the script that saves your TA, you need to be root.. and thus, to load CWM and guess what ? Need to unlock BL to install CWM.. Unless I missed something, it looks a bit weird..
Anyway, I unlocked through the use of FlashTool utility and apparently it hadn't compromised XReality nor TrackID either.. (I read somewhere TrackID app won't start if your DRM are broken.. true ??)
Do not mess with the BL and TA more than necessary. A broken TA, aswell as a messed-up BL, can prevent you from booting. As long as the BL is functional and you can get into Flashmode or fastboot mode, the phone can be saved.
Click to expand...
Click to collapse
This is one of my first questioning.. Usually, if you consider a mainstream PC, you have a piece of code we formerly called a BIOS before EFI system, this BIOS launchs a bootloader (GRUB/LILO whatever.. for linux or NTLDR for Win) and even if you wipe this bootloader, you can always rewrite a fresh one and the BIOS will then start it and the OS to start as well.. You just need to boot upon another medium to restore/install a bootloader, the BIOS is not altered.
But in this device, it appears one can hard-break the unit, solely by messing with BL/TA partitions.. like if there wasn't any BIOS equivalent.. When you say As long as the BL is functional [..] you can get into Flashmode/Fastboot mode I wonder how that piece of code responsible of this feature is not hard-coded in a ROM.. Powering up this device while gently pushing a hardware button is usually processed by a hard-coded system - the BIOS. Just like when you hold pressed the Power button of your running PC, this is the BIOS which interprets this command as a "Shut down right now !!" this is not the role of a bootloader.. I have to know more about Sony system
Thanks for the links, btw
There is a way to root and install CWM without unlocking the bootloader.
BTW Root is allowing us to modify /system and unlocking to change kernel.
/system partition is same as C:/WINDOWS on PC.
Only, on android this is prohibited. And you gain access by rooting it.
So, if you want to root you insert a few apps and scripts to /system. Since it's prohibited developers find exploits to insert those files to /system by various tricks.
That's how you are rooted without unlocking the bootloader. And that's how you can backup your TA before unlocking the bootloader.
And, yeah, CWM can be inserted to /system as well as in kernel. But it's better to be in kernel since it won't be easily wiped out when you screw up something.
Basically, what you did is unlock the bootloader (lost DRM?) > insert CWM to kernel > Use CWM to root.
But don't worry, one couldn't care less about DRM. You don't need that for anything. And I heard Sony fixed removing DRM issues by unlocking the bootloader on latest firmwares but I'm not sure.
And about BIOS, yeah...I was wondering about that as well. But for sure if you mess up with boot.img that you flashed phone won't be able to recover / must go to the service. That's a good question why. Anyone could tell me more about that?
PaowZ said:
Well, this step is pretty confusing, since *they* indeed advise you to proceed to TA backup before any BL unlocking but before running the script that saves your TA, you need to be root.. and thus, to load CWM and guess what ? Need to unlock BL to install CWM.. Unless I missed something, it looks a bit weird..
[...]
I have to know more about Sony system
Click to expand...
Click to collapse
As option58 said, you can root using exploits. Unlocking is the official way provided by sony. However, there are always some hacks which can get you root without unlocking. That way you can back up TA without unlocking. On this device it is quite a hassle and involves flashing japanese and english firmwares...
Some of it is Sony, mainly the TA stuff they integrated for security and modification-checking. The boot process however is probably more or less the same on all android devices.
Option58 said:
And about BIOS, yeah...I was wondering about that as well. But for sure if you mess up with boot.img that you flashed phone won't be able to recover / must go to the service. That's a good question why. Anyone could tell me more about that?
Click to expand...
Click to collapse
I agree that there must be something hardcoded that runs after the power button is pressed, but it probably is not enough. Notice that the device must be acessible (R/W) to restore a messed up BL, which is probably only the case after boot is completed. So:
Buttonpress --> BIOS --> BL (Whichever mode) --> partitions acessible. So If you can not get past the BL, you can not access the memory and thus not fix the BL.
But I am just speculating, so either we get some knowledgeable people in here, or someone has to read it up/google it.
[EDIT:] Oh, and by the way, PaowZ, can you change the topic to something more descriptive, "technical questions about boot process and partition handling" or something? maybe that will attract knowledgeable people...
Buttonpress --> BIOS --> BL (Whichever mode) --> partitions acessible. So If you can not get past the BL, you can not access the memory and thus not fix the BL.
Click to expand...
Click to collapse
I'm almost sure there must be a way to access to raw flash r/o through addressing.. at least from some pin-outs on the motherboard of the Z1C..
I don't know S1 flashing protocol, maybe there is a way to force writes at a specific address, provided we could know start addresses of each partition..
This is actually what I do when I have to deal with ARM devices through a rs232 port.. I can flash wherever I want and too bad if I make a typo in the address. The device just won't load up anything, but it won't hard-brick anything..
PaowZ said:
I'm almost sure there must be a way to access to raw flash r/o through addressing.. at least from some pin-outs on the motherboard of the Z1C..
I don't know S1 flashing protocol, maybe there is a way to force writes at a specific address, provided we could know start addresses of each partition..
This is actually what I do when I have to deal with ARM devices through a rs232 port.. I can flash wherever I want and too bad if I make a typo in the address. The device just won't load up anything, but it won't hard-brick anything..
Click to expand...
Click to collapse
well, this thread might interest you...
and I found this by chance, you were interested in the partitions:
Android-supported hardware shares some common features due to the nature of the operating system. The Android OS is organized into the following images:
Bootloader - Initiates loading of the boot image during startup
Boot image - Kernel and RAMdisk
System image - Android operating system platform and apps
Data image - User data saved across power cycles
Recovery image - Files used for rebuilding or updating the system
Radio image - Files of the radio stack
Click to expand...
Click to collapse
However: this topic is far beyond my knowledge, at the moment I have just started learning Java to start tinkering with Android on app-level. You will have to find out by yourself. However, I am VERY interested in what you find, because these thingsa are always good to know. There are a lot people from the forums which could help you. Just go read a bit in the "Original Android Development" subforum to find the good people
In the Google's YouTube channel there are quite many deep dive videos for multiple aspects of the Android system.
Use the search Luke ?
As far as I read this thread it is too late to make TA backup.
In other systems I have worked with there are sometimes ways to boot from a file other than the NVRAM that you ordinarily operate from. For some reason people
like to call this the ROM, even though it is writable.
I have an old tablet that has a recovery mode that is only a Chinese menu. I have seen a translation so I know what the items are but none of them
are helpful for re-flashing or booting from a file.
I have been able to connect the tablet using adb and run the shell, and I can get it into fastboot mode but the instructions for "unlocking" the boot loader do
not work so I am stuck with a fastboot prompt on the tablet with no way to proceed. I was able to upload a short file but not the TWRP (I did find one for this
phone). The failure was permission.
My questions:
I have rooted this phone using kingroot and promptly decided that was unsafe and did a full reset to manufacturer. But I am still trying to root. I suppose that the
rooting programs must have to run an exploit, perhaps a buffer overflow thing, but at any rate some series of commands to Android that cause elevation to
be accomplished. Where do I find the exploit documented in order to just do it manually?
Can I extract the su binary from the TWRP and jam it in there? Probably not but I thought I'd ask. Is the su binary in there just an ordinary program unless it
has a file bit set that elevates it?
What exactly is meant by the phrase "unlock the bootloader"? Can I unlock the bootloader manually in the adb shell?
Can I kingroot again and find an su binary, rename it, uninstall kingroot, rename it again? I don't suppose that re-named binary would survive a reflash?
How can I flash this tablet? The tools don't quite work. Even if I can back it up I can't reflash. Best would be the ability to boot a file separate from the ROM. I
read somewhere that sometimes after the flash the phone boots the old ROM once. How can that be true, and if it is true what does that say about the way
those images are actually stored and used?