Clarification: I did not think about this myself!
I just found it in a post in Modaco explaining how to Unroot a Droid X and it worked for my Galaxy S as well, so I thought it should be worth posting, as I wanted to unroot my Galaxy S and failed to find a good method.
So First, I'm not responsible for any damage caused to your phone.
Anything you are doing is solely your responsibility.
Second, ALL credit goes to the user itsluy from Modaco who wrote this.
This is the link, by the way:
http://androidforums.com/motorola-droid/39303-factory-reset-updates-apps-root.html#post294672
These are the instructions:
While you still have root go to terminal emulator and run the following:
su
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
cd /system/app
rm Superuser.apk
mount -o ro,remount -t yaffs2 /dev/block/mtdblock3 /system
sync
reboot
*****end of instructions****
I would like to emphasize that you HAVE to type EXACTLY what it says.
Before every new row you obviously need to press enter.
If you're doing it right, you shouldn't be seeing any messages of any kind during the process.
A good way of making sure it works is after you have removed Superuser.apk, type the command ls and then make sure it doesn't appear in the list.
Then, of course, continue as usual.
I repeat, you have to type exactly what it says, if not it will not work.
For example, there's a space between modblock3 and /system .
Another example is that you have to write Superuser.apk with a capital s.
Once again, it is all thanks to itsluy from modaco and I'm not responsible for any of the damages this process may cause.
I would be happy to hear comments (hopefully good ones)
Itay
Sounds good mate, but you do know you can just use One click unroot application instead?
still this may come in handy for others!
itaykoren said:
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
Click to expand...
Click to collapse
Haha, what? You can probably leave off the 'mount' lines... /system on SGS is already rw.
Yes, Mambo04, I know that you can use the one click root/unroot, but this method is very useful for those who already have root access.
In addition, the comments regarding that unroot process are a mixed bag.
For me, it's much more comfortable to do it this way as I don't need to download any files as opposed to the one click root/unroot process (besides Terminal Emulator that most people already have) and also don't need to connect it to a computer (as opposed to the second root/unroot method).
Eventually, I think writing several lines of dictated code is much easier and takes less time to do, so I personally think it's a very good method.
What do you guys think?
RyanZA ,
thanks for your response.
Actually I did try without the 'mount' lines and it didn't work.
At least for me on stock jf3.
Perhaps on other firmwares it's different...
itaykoren said:
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
Itay
Click to expand...
Click to collapse
SGS actually does not use yaffs2.... So Impretty sure this fix isnt "proper"
I guess you're right.
Then again, I no longer have root access, so "if it ain't broken, don't fix it..."
Worked for me also.
I'm glad to hear...
If anyone else uses this, please feel free to comment so that we know of any problems with it, as so far I have not found any, and I think it's the one of the easiest ways to safely unroot
THANKS! you saved me a Butt-Ton of headache. I work for bell, and i kind of rooted/lagfixed a store unit prior to activating it, the customer who got it would have been ecstatic. but the warranty is an issue. Is it possible to do the lagfix and then remove superuser permission so the phone is totally fixed and still warrantyable?
I don't know for sure if it's possible so I don't want to make any statements...
I guess it also depends on what this provider defines as a violation of the warranty.
There's been rumors that Vodafone UK, for example, does not consider rooting a Galaxy S as a violation of the warranty terms. But again, this has not been confirmed, and I guess most providers do consider it as a violation.
Also, hopefully the lag issue will be fixed in future official updates, so if warranty is a big issue, it mind be better to wait, or apply the lagfix and remove it before taking it to be repaired (if the state of the device allows it...)
Hi, thanks for posting this unroot method, just a couple of questions;
1. If I run this, then do a factory reset will the phone remain unrooted? or will it revert back to rooted as I applied root using update.zip.
2. Is it safe to delete the update.zip from my internal sd after applying this?
Thanks.
hi skink666,
1. After you run this successfully, you are unrooted, so if you do a factory reset, you will remain unrooted (you can easily verify this by checking your apps and making sure the "Superuser Permissions" app is not there).
2. The update.zip file that you use in order to root your device can be deleted once you have successfully gained root access. So, you can even delete it before applying this unroot method, not to mention afterwards.
You might want to keep a copy of it on your computer in case you want to root again.
Thanks for the info, will give it a try
Is this method working on froyo xxjpy with voodoo kernel?
I haven't tried, but you're more than welcome...
Related
I have followed both parts of Toast's root guide. I have then flashed 1.0.8 of JoeyKrim's rooted stock build ROM - odex version if that really matters, though I doubt it.
I find that using ConnectBot on the device, I can indeed type SU and get the hash prompt. So far so good, but even after killing all apps, I cannot manage to delete the Sprint*.apk files. I get a read-only filesystem error.
I'm assuming this is possible through booting into my custom recovery, but I thought one of the benefits to the NAND unlock was ability to do this "live" within Android.
Am I missing something, or is /system/app just a special case of read-only settings when running normally?
First, please post in the proper section. This is development not q&a. Second, you need to remount. It defaults to read only, but can be changed. Enter the following command sequence:
su
mount -o rw,remount /dev/block/mtdblock4 /system
rm /system/app/Sprint*
Beware, that gets rid of visual voicemail too. I use Google voice personally, but it should be known.
axlebot said:
First, please post in the proper section. This is development not q&a. Second, you need to remount. It defaults to read only, but can be changed. Enter the following command sequence:
su
mount -o re,remount /dev/block/mtdblock4 /system
rm /system/app/Sprint*
Beware, that gets rid of visual voicemail too. I use Google voice personally, but it should be known.
Click to expand...
Click to collapse
Well, I figured this was more specific than Q&A since it was directly related to root and custom ROM, and I've seen those questions asked here in numerous threads...
As to your point, I did try that, but kept getting the same error. Have confirmed ability to write to /system outside of /system/app, which seems odd.
Sorry the evo auto corrected where it shouldn't have. I fixed it. it shoukd have been rw instead of re.
axlebot said:
Sorry the evo auto corrected where it shouldn't have. I fixed it. it shoukd have been rw instead of re.
Click to expand...
Click to collapse
Not a problem - caught the issue when I read your post. But I saw an issue where even that command was not giving me R/W access. Strangely, pulling the battery and rebooting seemed to help. Odd.
Thanks for the assist. I had kept thinking with full unlock you would not have to run that command each time.
I do not want it i'm perfectly fine with my phone the way it is I get great battery life my wifi tether works great and i have read up on all these forms there is no way of getting the update without losing something.Either root or wimax or something so i don't want the update yet everyday it keeps popping up how can i stop this? And is there anybody out there that is not running any rom that has got the update successfully and not lose anything preferable with unrevoked 2?
auau465121 said:
I do not want it i'm perfectly fine with my phone the way it is I get great battery life my wifi tether works great and i have read up on all these forms there is no way of getting the update without losing something.Either root or wimax or something so i don't want the update yet everyday it keeps popping up how can i stop this? And is there anybody out there that is not running any rom that has got the update successfully and not lose anything preferable with unrevoked 2?
Click to expand...
Click to collapse
This has been posted before but here's a quick rundown.
1. First, you need a root method that allows you to modify the /system directory. I prefer Toast's but I think Unrevoked2 allows this as well.
2. Download the android sdk. Open a command prompt, cd into the directory you extracted it in and type in the following:
Code:
adb shell
mount -o remount,rw -t yaffs2 /dev/block/mtdblock4 /system
cd /system/etc/security
mv otacerts.zip otacerts.zip.old
Reboot and tada. You'll never see a popup again.
It would Be nice to find an answer for your question too.. (never mind "chuckhriczko" answered just before me posting )
But incase you care I also got the message on my phone and my wife's phone while running ROM OMJ 1.4r.. but only got it once no repeats I installed ROM Fresh 0.5.3 on both phones yesterday and I have not been asked to do the update on either phone and I have rebooted the phones multiple times..
Take care..
P.S.
chuckhriczko
Thank you for the info..
This has been posted before but here's a quick rundown.
1. First, you need a root method that allows you to modify the /system directory. I prefer Toast's but I think Unrevoked2 allows this as well.
2. Download the android sdk. Open a command prompt, cd into the directory you extracted it in and type in the following:
Code:
adb shell
mount -o remount,rw -t yaffs2 /dev/block/mtdblock4 /system
cd /system/etc/security
mv otacerts.zip otacerts.zip.old
Reboot and tada. You'll never see a popup again.
Click to expand...
Click to collapse
Thanks trying now
It would Be nice to find an answer for your question too.. (never mind "chuckhriczko" answered just before me posting )
Click to expand...
Click to collapse
yeah but thanks
Maybe I'm missing something, but why can't you just go into:
System Updates -> HTC Software Update
and uncheck "Scheduled Check"
NOTE: The below info is all pretty outdated now that the fantastic Paul O'Brien has created a one-click temp root app called VISIONary. I recommend using that - get it from his thread! In case you don't want to do that (what are you, some kind of masochist?), or want to see the old way of getting temp root, keep reading this thread.
Insert the usual disclaimers about "if this breaks your device, it's not my fault... do this at your own risk... voiding warranty... etc."
Note that for now, this is a TEMPORARY root. And things are now well over my head... I just got lucky with figuring out the first few steps. For now, I'm going to leave it to the fantastic folks over in the thinktank thread to figure out how to make this permanent, and will help out wherever I can.
Update 10/6/2010:
Per suggestions later in the thread, I've compiled a zip file of everything needed to set up a temp root. I've also made some tweaks to the root script, included in the archive as "root" - notably, it will now create symlinks to busybox for commands not included with default android (example: cp).
Here are updated instructions to use with the attached zip file. USB Debugging needs to be enabled:
Stage 1: On your PC
1. adb push su /sdcard/su
2. adb push Superuser.apk /sdcard/Superuser.apk
3. adb push rage /data/local/tmp/rage
4. adb push busybox /data/local/tmp/busybox
5. adb push root /data/local/tmp/root
6. adb shell chmod 0755 /data/local/tmp/rage /data/local/tmp/busybox /data/local/tmp/root
7. Disconnect phone from pc
Here's an alternate Stage 1, thanks to Aphotix:
Aphotix said:
If you really want to optimize (or be lazy if you are like me), just use this batch file (for windows obviously) using the pc side of the instructions already provided.
Code:
adb push su /sdcard/su
adb push Superuser.apk /sdcard/Superuser.apk
adb push rage /data/local/tmp/rage
adb push busybox /data/local/tmp/busybox
adb push root /data/local/tmp/root
adb shell cd /data/local/tmp; chmod 0755 rage busybox root;
just place it inside of the G2TempRoot folder and double click. Then its just two commands on the phones terminal and you have root.
Click to expand...
Click to collapse
BATCH FILE DOWNLOAD HERE
Stage 2: On your phone (Assumes you have already installed Android Terminal Emulator from the market)
1. Launch Terminal Emulator
2. /data/local/tmp/rage
3. Wait for the message: "Forked #### childs."
4. Menu > Reset Term - Terminal Emulator will exit.
5. Launch Terminal Emulator, it Force Closes. Launch a second time, and you'll have a root shell
6. /data/local/tmp/root
Stage One only needs to be done once. Stage 2 needs to be repeated every time you reboot your phone.
Follow the Thinktank thread for progress on a permanent root solution.
Special Thanks:
The dude that made rageagainstthecage - http://c-skills.blogspot.com
gariak, for the ideas in the root script
rpmccormick - improvements in the later PC steps
Aphotix - Windows batch file to make the first part easier
You're a beast. Thank you.
So do we get any roms soon after rooting?
Sent from my T-Mobile G2 using XDA App
Well, that's up to the rom developers. Will probably take time.
Note that currently, this is a TEMPORARY root. And things are starting to get a bit over my head... I just got lucky with figuring out the first few steps. For now, I'm going to leave it to the fantastic folks over in the thinktank thread to figure out how to make this permanent. I'm working to figure out what I can, but I fear my own usefulness is fading
(added that info to OP, since it's probably important)
Ill wait til its permanent
Sent from my T-Mobile G2 using XDA App
This is interesting.. you need to try to get a rooted recovery made.. from there once you get this temp root working try to flash the recovery through terminal.. if it takes then you would be able to flash rooted roms... i wonder if clockwork is working on a recovery already??...
Whew, I was starting to think the phone might be unrootable.
Sent from my T-Mobile G2 using XDA App
OgBrog said:
Whew, I was starting to think the phone might be unrootable.
Sent from my T-Mobile G2 using XDA App
Click to expand...
Click to collapse
What the heck are you talking about? This phone hasn't even been released officially and you are already tired of waiting on root? why don't you learn some stuff and crotribute to helping us get root?
Guys, I know the thought of developing on linux is scary but you can always start with simple stuff like boot animations and themes. Don't you notice how most developers have left xda because all people do here is ask and not give. quit crying, complaining, and posting stupid ****! learn to contribute!
sorry I was up all night last night and got no sleep working on trying to ROOT this damn phone and figuring out what the deal is with our missing storage space on the g2. I'm just cranky. and btw, this isn't directed just at this guy but a lot of people here. sorry to single you out. nothing personal.
weird I dont know what I messed up because the commands for the phone are alot of typing so I copied that text and made a script minus the '#' symbol for all lines and when I run it can;t kill process says can't find and won't remount but if I type it into the phone working fine
here is exactly what I put in on the script for terminal on device
/data/local/tmp/busybox killall rageagainstthecage-arm5.bin
mount -o rw,remount -t ext3 /dev/block/mmcblk0p25 /system
/data/local/tmp/busybox cp /sdcard/Superuser.apk /system/app/Superuser.apk
/data/local/tmp/busybox cp /sdcard/su /system/bin/su
/data/local/tmp/busybox cp /sdcard/busybox /system/bin/busybox
chmod 4755 /system/bin/su
chmod 4755 /system/bin/busybox
mount -o ro,remount -t ext3 /dev/block/mmcblk0p25 /system
sino8r said:
What the heck are you talking about? This phone hasn't even been released officially and you are already tired of waiting on root? why don't you learn some stuff and crotribute to helping us get root?
Guys, I know the thought of developing on linux is scary but you can always start with simple stuff like boot animations and themes. Don't you notice how most developers have left xda because all people do here is ask and not give. quit crying, complaining, and posting stupid ****! learn to contribute!
sorry I was up all night last night and got no sleep working on trying to ROOT this damn phone and figuring out what the deal is with our missing storage space on the g2. I'm just cranky. and btw, this isn't directed just at this guy but a lot of people here. sorry to single you out. nothing personal.
Click to expand...
Click to collapse
I think you may have singled out the wrong person. As I understood it, his post was stating that he was worried we weren't going to be able to root the phone at all...intending the post to be a 'sigh of relief' if you will. There was no implication of being impatient.
And I know it's annoying when people demand stuff without contributing, but if were to open a restaurant and everything on the menu was free, guess what? You'd have a crapload of customers, and they'd all be asking for stuff for free. Once development picks up, there will be a lot less posts about people wanting root and such...just be patient. Coming from a guy who pre-ordered the g1, I think I know a little bit about waiting for good things to happen.
M9x3mos said:
weird I dont know what I messed up because the commands for the phone are alot of typing so I copied that text and made a script minus the '#' symbol for all lines and when I run it can;t kill process says can't find and won't remount but if I type it into the phone working fine
here is exactly what I put in on the script for terminal on device
/data/local/tmp/busybox killall rageagainstthecage-arm5.bin
mount -o rw,remount -t ext3 /dev/block/mmcblk0p25 /system
/data/local/tmp/busybox cp /sdcard/Superuser.apk /system/app/Superuser.apk
/data/local/tmp/busybox cp /sdcard/su /system/bin/su
/data/local/tmp/busybox cp /sdcard/busybox /system/bin/busybox
chmod 4755 /system/bin/su
chmod 4755 /system/bin/busybox
mount -o ro,remount -t ext3 /dev/block/mmcblk0p25 /system
Click to expand...
Click to collapse
That IS strange...I don't see anything wrong with what you've posted here...but I can say that I've seen some strange happenings lately. I'm getting rid of a samsung epic for the g2, and if I used the cable that came with it, nothing through adb would work properly, I had to use a better quality one I got off amazon.
InGeNeTiCs said:
That IS strange...I don't see anything wrong with what you've posted here...but I can say that I've seen some strange happenings lately. I'm getting rid of a samsung epic for the g2, and if I used the cable that came with it, nothing through adb would work properly, I had to use a better quality one I got off amazon.
Click to expand...
Click to collapse
I agree or try a different driver (pdanet one). It is showing under adb devices right? that cable that came with was giving me hell while trying to charge it last night. I'm not sure as using it to tether for adb because I used my old one for the pc.
sino8r said:
What the heck are you talking about? This phone hasn't even been released officially and you are already tired of waiting on root? why don't you learn some stuff and crotribute to helping us get root?
Click to expand...
Click to collapse
I didn't mean to sound ungrateful, it's just that every other phone I've ever
owned already had a root method when I got it. After reading that no previous
root methods work I worried it might be locked like the droid X.
I really don't know too much about rooting and I doubt that there's anything that
I could think of or do that someone more knowledgeable hasn't already done.
CM on G2
Cyanogen said he has already written the device config profile. So as soon as there is root ans the BBQ is over there will be CM!
hendusoone said:
Well, that's up to the rom developers. Will probably take time.
Note that currently, this is a TEMPORARY root. And things are starting to get a bit over my head... I just got lucky with figuring out the first few steps. For now, I'm going to leave it to the fantastic folks over in the thinktank thread to figure out how to make this permanent. I'm working to figure out what I can, but I fear my own usefulness is fading
(added that info to OP, since it's probably important)
Click to expand...
Click to collapse
Sweet
Sent from my T-Mobile G2 using Tapatalk
OgBrog said:
I didn't mean to sound ungrateful, it's just that every other phone I've ever
owned already had a root method when I got it. After reading that no previous
root methods work I worried it might be locked like the droid X.
I really don't know too much about rooting and I doubt that there's anything that
I could think of or do that someone more knowledgeable hasn't already done.
Click to expand...
Click to collapse
The reson none of the old methods have worked so far is because this is an entirely new device. With this device we have new hardware and stock software that has not been seen/hacked yet. We are getting there so just hold out a little while, this device will rock when rooted, and after the BBQ this weekend we should have a few more guys looking into this with us.
Back on topic now
Sent from my T-Mobile myTouch 3G Slide using XDA App
AWESOME!
hendusoone said:
Insert the usual disclaimers about "if this breaks your device, it's not my fault... do this at your own risk... voiding warranty... etc."
I used the rageagainstthecage binary from the download in this blog post: http://c-skills.blogspot.com/2010/08/droid2.html
On PC:
adb push rageagainstthecage-arm5.bin /data/local/tmp
adb shell
cd /data/local/tmp
chmod 0755 rageagainstthecage-arm5.bin
exit
On G2:
Open terminal emulator
cd /data/local/tmp
./rageagainstthecage-arm5.bin
Wait a bit for it to say "Forked #### childs." Then hit enter. Should have a $ prompt.
Try running "ps" - should say Cannot fork.
Exit terminal emulator with back button, launch an app (I launched Twidroid, probably doesn't matter which app you pick)
Launch Terminal Emulator again - it will force close, hit Force Close
Launch Terminal Emulator a second time and you have a root shell
Additional info from gariak, from here:
Currently working on further instructions to make this a permanent root... will edit those in once ready. Others are doing a bunch of work on it, too... keep an eye on the root thinktank thread for further developments - the fun starts at this post!
Note that for now, this is a TEMPORARY root. And things are starting to get a bit over my head... I just got lucky with figuring out the first few steps. For now, I'm going to leave it to the fantastic folks over in the thinktank thread to figure out how to make this permanent. I'm working to figure out what I can, but I fear my own usefulness is fading
Click to expand...
Click to collapse
This is awesome! Will certainty be following this rather then all of the ghey fags in general complaining like a bunch of women.
Now we just need a root SPL or something to flash in the root shell right?
You can follow the happenings in the thinktank thread. Best to just follow or test what is suggested if you feel comfortable.
On a side note the other build posted makes for a good un-root so I would keep it named PC10IMG.ZIP on the root of your sdcard, should anything bad happen to your phone you should be able to flash that from bootloader
Sent from my T-Mobile myTouch 3G Slide using XDA App
What's the username and pwd to get the file?
The other build has radio 12.21.something. My g2 came with 12.22.something. So you would have to downgrade your radio. Should work though.
Everything else looked to be the same though.
edit: Nevermind, after reviewing the numbers I read them wrong. Everything does look to be the same. Apologies, with my first drill weekend with the army reserves and still moving into a new house I guess my head wasn't completely in the game.
[HOW-TO] [GSM & CDMA] Root without Unlocking Bootloader via exploit (for 4.0.1/4.0.2)
Edit: This does not works on anything newer than ICL53F (i.e., 4.0.2). It works fine on ITL41D (4.0.1), ITL41F (4.0.1) and ICL53F (4.0.2)
Once you have got root, you can now use segv11's BootUnlocker app to unlock your bootloader without wiping anything. Easy as pie!
Disclaimer: I take no credit for this exploit or the implementation of it (but I will take credit for the step-by step ). Thanks to kendong2 for pointing it out to me here.
So, it looks like zx2c4 has found a local privilege escalation exploit. See source here, and saurik has managed to package it together for Android. See here. Although this may be old news to some, I hadn't seen it before.
So what does this all mean:
If you are running a 2.6.39 kernel (or above), which all Galaxy Nexus' are, you can now root your device without having to unlock your bootloader (and without losing your data).
Moreover, you should now be able to root your device even if your hardware buttons are not working.
Additionally, this allows those who have not received an OTA update and want to apply it without having an unlocked bootloader or root to do so by copying the OTA update to /cache from /sdcard.
Notes:
1) This assumes that you have USB Debugging enable on your device (Settings > Developer Options > Enable USB Debugging) and the drivers for your device installed on your computer. For the drivers, I would recommend you remove all old drivers and install these. If you don't know how to install them, or are having issues, look here.
2) This needs to be done over ADB, as a terminal emulator on-device does not have the appropriate access. If you do not have ADB, I've attached it in the zip. Unzip all files.
3) Some users indicate that, once finished the procedure, they needed to open the Superuser app.
Step-by-step:
1) Download the attached files to your computer and unzip them in the same directory as your adb.exe file;
2) Open a command prompt in the same directory;
3) Copy the files to your device:
adb push mempodroid /data/local/tmp/mempodroid
adb push su /data/local/tmp/su
adb push Superuser.apk /data/local/tmp/Superuser.apk
4) Open a shell: adb shell
5) Change permission on mempodroid to allow it to run: chmod 777 /data/local/tmp/mempodroid
6) Run the exploit: ./data/local/tmp/mempodroid 0xd7f4 0xad4b sh
Note: Once you do step 6, your prompt should change from $ to #. If not, it did not work.
7) Mount the system partition as rw: mount -o remount,rw -t ext4 /dev/block/mmcblk0p1 /system
8) Copy su to /system: cat /data/local/tmp/su > /system/bin/su
9) Change permissions on su: chmod 06755 /system/bin/su
10) Copy Superuser.apk: cat /data/local/tmp/Superuser.apk > /system/app/Superuser.apk
11) Change permissions on Superuser.apk: chmod 0644 /system/app/Superuser.apk
12) Mount the system partition as r/o: mount -o remount,ro -t ext4 /dev/block/mmcblk0p1 /system
13) Rescind root: exit
14) Exit the ADB shell: exit
15) Done. You now should have root without having to unlock your bootloader.
Reserved
Reserved
This is the same as https://github.com/saurik/mempodroid
saurik ftw.
times_infinity said:
This is the same as https://github.com/saurik/mempodroid
saurik ftw.
Click to expand...
Click to collapse
Not sure what you are getting at? I mentioned saurik in the first post, and the link you posted is in the first post. And I mentioned that this may be old news, but I haven't seen it anywhere before today in the GN forums.
Yikes! This exploit works on any kernel from 2.6.39 and >. This could become a common root method for many devices. Linus Torvalds himself posted the fix commit! Nice work by zx2c4!
Sleuth255 said:
Yikes! This exploit works on any kernel from 2.6.39 and >. This could become a common root method for many devices. Linus Torvalds himself posted the fix commit! Nice work by zx2c4!
Click to expand...
Click to collapse
You need ics to have a vulnerable kernel version, so given the number of devices which currently have ics officially, I doubt it will be common. I'd also expect Google and vendors to correct this in next release.
Also many custom kernels don't have this flaw as they are at or over 3.0.18 or have patched it. This prevents gaining unnoticed root.
Sent from my Galaxy Nexus
Hmmm I thought 2.6.39 was found in GB builds. This exploit is almost a root fix for the Moto DX 4.5.621 fiasco. Unfortunately the kernel for that build is 2.6.32.9.
Sent from my Galaxy Nexus using xda premium
This was huge in the headlines a few weeks back. It's nice to see someone putting it to a good use!
Sent from my Galaxy Nexus using xda premium
Hi, been lurking awhile, registered to clear up somethings.
I did some research while attempting to access the /data/local/ -folder with terminal emulator and I found that it would be impossible to write or to find it while being unrooted. Rooting a phone through using an unrooted access root seems impossible.
Did I miss something or is there any other way to copy mempodroid to the data- folder? I sure would like to keep all my files.
Huxleysäl said:
Hi, been lurking awhile, registered to clear up somethings.
I did some research while attempting to access the /data/local/ -folder with terminal emulator and I found that it would be impossible to write or to find it while being unrooted. Rooting a phone through using an unrooted access root seems impossible.
Did I miss something or is there any other way to copy mempodroid to the data- folder? I sure would like to keep all my files.
Click to expand...
Click to collapse
I think you are mistaken. In a terminal emulator type: cd /data/local/tmp
Edit: Fixed a mistake made by auto correct...
Sent from my Galaxy Nexus using Tapatalk
efrant said:
I think you are mistaken. In a terminal emulator type: cd /data/local/temp
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
Just did. It says "No such file or directory."
Not the best source, but if you google it, people state what I state. Sorry, can't post links
try /data/local/tmp
Huxleysäl said:
Just did. It says "No such file or directory."
Not the best source, but if you google it, people state what I state. Sorry, can't post links
Click to expand...
Click to collapse
Sorry, damn auto correct. It should be: cd /data/local/tmp
Not "temp".
It works fine.
Edit: Sleuth255 beat me to it!
Sent from my Galaxy Nexus using Tapatalk
efrant said:
Sorry, damn auto correct. It should be: cd /data/local/tmp
Not "temp".
It works fine.
Edit: Sleuth255 beat me to it!
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
Sure, OK, it worked. But as I'm trying to replicate his instructions, copying mempodroid to data/local/tmp doesn't compute. I tried extracting the files, puting mempodroid in a new folder in ./sdcard/ (which I named Nex), and it still couldn't find it.
Wait, just had an idea. Brb
Huxleysäl said:
Sure, OK, it worked. But as I'm trying to replicate his instructions, copying mempodroid to data/local/tmp doesn't compute. I tried extracting the files, puting mempodroid in a new folder in ./sdcard/ (which I named Nex), and it still couldn't find it.
Wait, just had an idea. Brb
Click to expand...
Click to collapse
Hmm. Looks like you may be correct. In GB, we had write access to that directory, but it looks like we don't in ICS. I'll have another look tomorrow and try to figure something out.
Sent from my Galaxy Nexus using Tapatalk
OK, this is exactly what I did:
I downloaded the files, extracted them into the ./sdcard folder of my android. I opened the console, wrote exactly as stated. Reaction? Cannot create /data/local/tmp/mempodroid: Permission denied
So, what I'm thinking is this: I tried the cd ./sdcard/mempodroid, found it. So, logically, that should mean that since the permission is dennied, the problem lies not in where I put the mempodroid, but with my authority over my phone. So, here we are again. Could anybody smarter then me clarify?
efrant said:
Hmm. Looks like you may be correct. In GB, we had write access to that directory, but it looks like we don't in ICS. I'll have another look tomorrow and try to figure something out.
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
****, I was hoping I was wrong. I originally thought that the exploit was this. But alas.
Try finding an alternative write route to the /data/local/- folder. That should solve all problems, I guess. Big words, ey? This is for the simpletons like me, who stupidly forgot to bootload.
Might want to expand on the steps.
Like what program to use to copy the file.
How do you change permission.
How do you run the exploit.
How to mount rw.
How to copy su.
convolution said:
Might want to expand on the steps.
Like what program to use to copy the file.
How do you change permission.
How do you run the exploit.
How to mount rw.
How to copy su.
Click to expand...
Click to collapse
I hade my initial problems with that too. But as if this moment it doesn't really matter. Read above posts. Anyhow, to answer your question: you need to download a console emulator
Just search for it in the market. Also the commands go in this console
For example: cat /directory/filename > /newdirectory/samefilename means to copy or move from one place. To change permission you just write that line of code ending with 777 instead of cat and then the filename etc and etc.
I didn't know any of this 'till yesterday, so it is quite understandable.
cheers
Huxleysäl said:
F***, I was hoping I was wrong. I originally thought that the exploit was this. But alas.
Try finding an alternative write route to the /data/local/- folder. That should solve all problems, I guess. Big words, ey? This is for the simpletons like me, who stupidly forgot to bootload.
Click to expand...
Click to collapse
I've updated the first post. Give that a go and let me know how it turns out. (The guide may need some minor tweaking, but I am here to help you through it.)
It seems that ADB has rw access to /data/local/tmp but a terminal emulator on-device does not. So for now, you need to be plugged into your computer.
It may be possible to do this with ADB-over-Wi-Fi, but I haven't gotten there yet.
Hi All,
This is just a quick 2 part question as I see many threads for the GNEX on rooting, but none very concrete on removing root. I've tried searching, but I must have missed it.
So, my questions are:
1. Once rooted via whatever method (I used fastboot method myself, thanks efrant for teaching the fastboot stuff), how do I unroot this thing to bring it back to stock configuration?
2. To make the unit truly stock again, can I just use fastboot and flash a factory google image? I know doing this will eliminate all my data, but will it remove all traces of any rooting done? (Insecure Kernal, SU, Busybox and whatever else)?
Please let me know.
Thanks guys... wasn't planning on rooting, but I miss the ability to do it. lol
1. See two.
2. Yes.
Flashing the stock image will bring your phone back to an out-of-the-box state.
Sent from my Galaxy Nexus using Tapatalk 2
infazzdar said:
1. See two.
2. Yes.
Flashing the stock image will bring your phone back to an out-of-the-box state.
Sent from my Galaxy Nexus using Tapatalk 2
Click to expand...
Click to collapse
Thanks man,
Makes me feel better about my decision to root this phone.
Appreciate the reply.
If you installed Superuser to system when you rooted then you'll need to remove that also but here are the basic adb commands for the job (make sure you have data and system mounted via CWM so you have access):
Code:
adb shell
rm /system/bin/su
mount -o remount,ro -t ext4 /dev/block/mmcblk0p1 /system
exit
BusyBox is another matter since CWM installs it to sbin every time you boot with it. Perhaps someone has a better idea (?), but from messing around a bit the other night the best method I've come up with is to use BusyBox to remove BusyBox, as follows:
Code:
adb shell
cd /sbin
cp busybox /data/local/tmp/busybox
chmod 06755 /data/local/tmp/busybox
rm busybox
/data/local/tmp/busybox rm `/data/local/tmp/busybox find -follow -maxdepth 1 -type l`
/data/local/tmp/busybox rm /data/local/tmp/*
exit
that second to last line gets rid of all the stray symlinks busybox left behind, not sure if CWM leaves any of those recovery/symlinks in sbin also or if those should be removed as well; perhaps someone else can fill us in on that point!
osm0sis said:
If you installed Superuser to system when you rooted then you'll need to remove that also but here are the basic adb commands for the job (make sure you have data and system mounted via CWM so you have access):
Code:
adb shell
rm /system/bin/su
mount -o remount,ro -t ext4 /dev/block/mmcblk0p1 /system
exit
BusyBox is another matter since CWM installs it to sbin every time you boot with it. Perhaps someone has a better idea (?), but from messing around a bit the other night the best method I've come up with is to use BusyBox to remove BusyBox, as follows:
Code:
adb shell
cd /sbin
cp busybox /data/local/tmp/busybox
chmod 06755 /data/local/tmp/busybox
rm busybox
/data/local/tmp/busybox rm `/data/local/tmp/busybox find -follow -maxdepth 1 -type l`
/data/local/tmp/busybox rm /data/local/tmp/*
exit
that second to last line gets rid of all the stray symlinks busybox left behind, not sure if CWM leaves any of those recovery/symlinks in sbin also or if those should be removed as well; perhaps someone else can fill us in on that point!
Click to expand...
Click to collapse
So flashing a Google factory image won't remove root? Or it will, but won't remove all evidence if someone went searching around trying to deny warranty.
When I rooted, I used the method of flashing recovery, then installed the su.zip via recovery. When I unrooted I simply flashed a factory image.
when you say installed superuser to system I'm guessing you mean something more advanced than the typical root process, correct?
Sent from my Galaxy Nexus using XDA
thos25 said:
So flashing a Google factory image won't remove root? Or it will, but won't remove all evidence if someone went searching around trying to deny warranty.
When I rooted, I used the method of flashing recovery, then installed the su.zip via recovery. When I unrooted I simply flashed a factory image.
when you say installed superuser to system I'm guessing you mean something more advanced than the typical root process, correct?
Sent from my Galaxy Nexus using XDA
Click to expand...
Click to collapse
Flashing the factory system image DOES remove root (and busybox and anything else you changed on the ROM).There is no need to do anything that osm0sis said to do.
And there is no "more advanced" process of rooting. Root is two files placed on you system: /system/bin/su and /system/app/Superuser.apk. Nothing more. (Whether you place them there yourself, or have CWM do it for you, is irrelevant.) Remove those those and root is gone.
Sent from my Galaxy Nexus using Tapatalk 2
if you grab wugfresh's toolkit itll do all of that with one-click convenience. thats what I do to un-root my Nexus.
Zbraptorsdr said:
if you grab wugfresh's toolkit itll do all of that with one-click convenience. thats what I do to un-root my Nexus.
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?p=21936493
Sent from my Galaxy Nexus using Tapatalk 2
efrant said:
Flashing the factory system image DOES remove root (and busybox and anything else you changed on the ROM).There is no need to do anything that osm0sis said to do.
Click to expand...
Click to collapse
Right, I was referring to "unroot"ing without reflashing the system.img, since my intent with that method was to keep all settings, etc. as-is, just remove all traces of root.
osm0sis said:
Right, I was referring to "unroot"ing without reflashing the system.img, since my intent with that method was to keep all settings, etc. as-is, just remove all traces of root.
Click to expand...
Click to collapse
Yup, you would need to remove it manually if you were running a custom ROM, but with a stock ROM, flashing the system partition only WOULD leave all your data/settings as is.
osm0sis said:
BusyBox is another matter since CWM installs it to sbin every time you boot with it.
Click to expand...
Click to collapse
IS this true? Can someone confirm? And is it true for all phones?
Zbraptorsdr said:
if you grab wugfresh's toolkit itll do all of that with one-click convenience. thats what I do to un-root my Nexus.
Click to expand...
Click to collapse
The easiest way to do it, just click and its does it on its own.
The-Droidster said:
IS this true? Can someone confirm? And is it true for all phones?
Click to expand...
Click to collapse
Just wanted to clear this up now that I'm a bit more wise on the subject. The sbin stuff doesn't matter since it's all part of the ramdisk, and gets generated on each boot (to recovery or OS) and otherwise doesn't exist. No need to delete anything but su. :good:
osm0sis said:
Just wanted to clear this up now that I'm a bit more wise on the subject. The sbin stuff doesn't matter since it's all part of the ramdisk, and gets generated on each boot (to recovery or OS) and otherwise doesn't exist. No need to delete anything but su. :good:
Click to expand...
Click to collapse
he means, of course, "su" as in /system/bin/su AND /system/app/Superuser.apk. partially correct, i think, ramdisk is only used for early OS boot. Ramdisk + kernel = boot.img.
Recovery is on a different partition, for starters, and AFAIK, deploys needed files to a temporary location on the phone's ram or in the file system, which would be the recovery partition. Busybox gets placed in there as well.
Sent from my i9250
stock kernel has a ramdisk but not all kernels are packaged with one. recovery also has a ramdisk, just as it also has a kernel. Decompile/split/unzip one some time and you'll see /sys/ and /proc/ and /sbin/ all get generated from the ramdisk. And yes, if you for some reason put Superuser.apk or SuperSU.apk in /system/app/ (a completely unnecessary step), then naturally they need to go too.