Related
This thread is copied and modified from the G2 thread by trigeek for the Desire Z:
http://forum.xda-developers.com/showthread.php?t=834228
Apart from the changed hboot and wpthis-Z kernel module for the Desire Z instead of the G2, I have also updated the su-binary and SuperUser.apk to the latest version by ChainsDD
In no way I can be held responsible for any bricks to your phone. You are using this guide at your own risk!! I did test this guide on my own, and also on a friend's Desire Z.
As there was no manual rooting guide for the Desire Z, I posted it myself in order to help others that do not like visionary and like to do it 'the clean way'.
[GUIDE] Temp to permanent root on Desire Z, using rage instead of visionary
=================================================
There's already a guide here for obtaining permanent root using VISIONary, but some folks in #G2ROOT are having issues with the way that VISIONary modifies parititons. Using rage directly is a bit cleaner, since you know exactly what it's going to touch at each step of the way. I did NOT come up with any of this on my own, I'm building completely off of work that others have done. Speaking of which-
None of this would be possible without the tireless work that scotty2 put in. He stayed with the project for well over a month, through lots of smashed hopes and dead ends, until the solution was finally found. Were it not for his work, as well as the help of a few other key folks- we wouldn't be here. He deserves our thanks and some donations! We're talking hundreds of hours of work here, a couple bucks is not too much for that. His paypal is:
[email protected]
Send him some love! I'm not asking for anything myself, because I spent a half hour putting this together, and that doesn't deserve any donations!
DESIRE Z ROOT INSTRUCTIONS
=================================================
These are modified instructions based on the ones posted at http://bit.ly/g2root that use Visionary. A number of people have run into issues with the way that Visionary juggles around temporary partitions, and using the original root exploit is a much easier, and cleaner method for achieving permanent root. This tutorial will walk you through the rooting process by first achieving temporary root, and moving on to permanent root.
REQUIREMENTS
=================================================
•Visionary disabled at boot or uninstalled completely
•Android Terminal Emulator app
•ADB
•desirez-combined-root.zip (Attached to this post)
In the commands to run below, $ or # represent the prompt and should NOT be entered as part of the commands.
VERY IMPORTANT!
Visionary has caused filesystem corruption for some users during the rooting process. Before attempting the instructions below, make sure that you have "auto run on boot" turned OFF, and reboot your system. Since you will not need visionary anyway after this, you might as well just uninstall visionary and reboot NOW before doing anything.
TEMP ROOT
=================================================
ON YOUR PC:
Unzip the z-temp-root files to a folder. From a cmd window or terminal, navigate to that folder and execute these commands:
Code:
$ adb push su /sdcard/su
$ adb push Superuser.apk /sdcard/Superuser.apk
$ adb push rage /data/local/tmp/rage
$ adb push busybox /data/local/tmp/busybox
$ adb push root /data/local/tmp/root
$ adb shell chmod 0755 /data/local/tmp/*
ON YOUR PHONE:
1.Launch Terminal Emulator
2.
Code:
/data/local/tmp/rage
3.Wait for the message: "Forked #### childs."
4.Menu > Reset Term - Terminal Emulator will exit.
5.Launch Terminal Emulator, it Force Closes. Launch a second time, and you'll have a root shell
6.**NOTE**: in the original directions from the XDA thread, you are instructed to run the /data/local/tmp/root script here. DON'T do this just yet. Leave the terminal window open.
PERM ROOT
=================================================
ON YOUR PC:
unzip z-perm-root and navigate to that folder. There will be four files. You will need to push two of these to your phone: hboot_7230_0.84.2000_100908.nb0 and wpthis-Z.ko. The other two files are optional for checksum verification.
Code:
$ adb push hboot_7230_0.84.2000_100908.nb0 /data/local
$ adb push wpthis-Z.ko /data/local
Optional but might came in handy:
Code:
$ adb push md5checksum /sdcard/md5checksum
ON YOUR PHONE:
You should still have terminal emulator up, at a root prompt. Now run:
Optional but recommended:
Code:
# /data/local/tmp/busybox md5sum /data/local/*
You should see:
hboot_7230_0.84.2000_100908.nb0 2ce1bdd5e4c1119ccfcecb938710d742
wpthis-Z.ko c73c5e77c91d306c418983c002b60b93
In case your hboot or wpthis-Z.ko file do not have the same md5hash as shown above, DO NOT CONTINUE. This means your file is corrupt or you are using a different file, for example the one for the G2 instead of Desire Z.
Now, let's turn off security for permanent flashing:
Code:
# insmod /data/local/wpthis-Z.ko
init_module 'wpthis-Z.ko' failed (Function not implemented)
That means it worked. This next step is CRUCIAL. You must make sure that you are writing to the proper partition here or you could brick your phone. To be absolutely clear- the partition is mmcblk(zero)p(one)(eight)
# dd if=/data/local/hboot_7230_0.84.2000_100908.nb0 of=/dev/block/mmcblk0p18
Click to expand...
Click to collapse
You should see some messages indicating that it was written.
Code:
# /data/local/tmp/root
This will lock in root, and give you 'su' access in the future. Next, run:
Code:
# sync
Now wait at least a minute, just to be safe. After waiting, reboot your phone using the power button. After it finishes starting up, launch the terminal emulator, and type 'su'. You should get the prompt asking you to grant permissions. If you got the prompt, congratulations! You have permanent root!
Nice guide, thanks
Thank you Mr Q. works like a charm!
first of all.. thanks for this great guide. Everything went perfect until I came to the step to lock in root. After the command "/data/local/tmp/root" I get this error:
mkdir failed for /system/xbin, File exists
when I just ignore it and type sync after that I have no root acces after a reboot.
Does anybody have a solution for it? I have already done a hardreset with the same results.
thanks in advance...
So this only roots your phone? Or does it s-off as well? From what I understand this s-offs as well because you're pushing the hboot as well.
EDIT: Nevermind. I read the thread again and it does indeed s-off as well.
MarDor said:
first of all.. thanks for this great guide. Everything went perfect until I came to the step to lock in root. After the command "/data/local/tmp/root" I get this error:
mkdir failed for /system/xbin, File exists
when I just ignore it and type sync after that I have no root acces after a reboot.
Does anybody have a solution for it? I have already done a hardreset with the same results.
thanks in advance...
Click to expand...
Click to collapse
Everything was fine up until this point. So i restarted the phone and phone is stuck on the "quietly brilliant" screen
ssyed said:
Everything was fine up until this point. So i restarted the phone and phone is stuck on the "quietly brilliant" screen
Click to expand...
Click to collapse
having the same issue here
So I'm looking into these S-OFF and rooting threads and here is two bricks too. Does anyone have an answer for these two or should I skip this? Did the hboot do this or was it due to some problem in inserted kernel module? (I.E. the reboot of the emmc controller resulted in a ****ed up file system?)
yelti said:
having the same issue here
Click to expand...
Click to collapse
AnyDone said:
So I'm looking into these S-OFF and rooting threads and here is two bricks too. Does anyone have an answer for these two or should I skip this? Did the hboot do this or was it due to some problem in inserted kernel module? (I.E. the reboot of the emmc controller resulted in a ****ed up file system?)
Click to expand...
Click to collapse
Ok, so I have figured out how to get out of this "quietly brilliant" loop.
First of all, this isn't a brick and all that is needed to fix this is a quick factory reset from the bootloader.
ssyed said:
First of all, this isn't a brick and all that is needed to fix this is a quick factory reset from the bootloader.
Click to expand...
Click to collapse
Ok, so does any one have an explanation why this happened?
1. It wasn't wrong or screwed hboot, otherwise we would be facing a real brick?
Was it the root method? Was it the wpthis-Z.ko?
It might have been the kernel module, but I can't be sure about that with so little knowledge I have. (sure not the module itself but the kick to the emmc?) Just that it seems to be more likely option than a rooting attempt on a cached r-o file system?
I'm not complaining about the guide, it is specific and easy to follow but I would really love to have these semi bricks etc inspected more closely. It is not really helping to encourage ppl to root and try safe-off when we have unexplained bricks and semi-bricks around
MarDor said:
first of all.. thanks for this great guide. Everything went perfect until I came to the step to lock in root. After the command "/data/local/tmp/root" I get this error:
mkdir failed for /system/xbin, File exists
Click to expand...
Click to collapse
ssyed said:
Everything was fine up until this point. So i restarted the phone and phone is stuck on the "quietly brilliant" screen
Click to expand...
Click to collapse
yelti said:
having the same issue here
Click to expand...
Click to collapse
Did you guys run Visionary before trying this "rage" method of rooting ?
steviewevie said:
Did you guys run Visionary before trying this "rage" method of rooting ?
Click to expand...
Click to collapse
I don't know about others, but I didn't on mine. I was rooting it for the first time. Also, I don't know if this has anything to do with it, but I have the Bell version from Canada.
The root script threw an error for me too, so just to be safe I opened the script and typed in the commands manually. If you have problems with the script, just run these commands from the root terminal on your phone:
Code:
/data/local/tmp/busybox killall rage
mount -o rw,remount -t ext3 /dev/block/mmcblk0p25 /system
mkdir /system/xbin
/data/local/tmp/busybox cp /data/local/tmp/busybox /system/xbin/busybox
chmod 4755 /system/xbin/busybox
/system/xbin/busybox --install -s /system/bin
cp /sdcard/Superuser.apk /system/app/Superuser.apk
cp /sdcard/su /system/bin/su
chmod 4755 /system/bin/su
mount -o ro,remount -t ext3 /dev/block/mmcblk0p25 /system
sync
"mkdir /system/xbin" just creates a directory, if it already exists you can ignore this command and proceed.
Hope this helps someone.. Thanks to the OP for the scripts.
Have a quick look, /system/xbin already seems to exist on my phone too.
So is there an error in the script ? e.g. needs to ignore if the directory already exists ? Or am I (we ?) missing something ?
goldenarmZ said:
"mkdir /system/xbin" just creates a directory, if it already exists you can ignore this command and proceed.
Click to expand...
Click to collapse
Good info, thanks. Perhaps just comment out that line of the script, to save running it all by hand (and therefore be prone to more error ?) ?
steviewevie said:
Good info, thanks. Perhaps just comment out that line of the script, to save running it all by hand (and therefore be prone to more error ?) ?
Click to expand...
Click to collapse
I did that first.. it threw more errors with the mount commands because I'd already run the script once, so some of the commands were repated. If it's your first run through, commenting it out would be fine.
I only did it line by line so I could see any more errors for myself and decide if they were important. As it turns out the script is very simple and only involves moving files around and changing their permissions.. anything that goes wrong should be immediately apparent even if you have no experience with shell commands.
goldenarmZ said:
I only did it line by line so I could see any more errors for myself and decide if they were important. As it turns out the script is very simple and only involves moving files around and changing their permissions.. anything that goes wrong should be immediately apparent even if you have no experience with shell commands.
Click to expand...
Click to collapse
Thanks, I was starting to worry about the bad experiences outlined above, given that this method appeared to be a more reliable one than VISIONary, and a route I was going to go down. But I'm pretty comfortable with shell scripts, so your input makes me feel a whole lot better !
goldenarmZ said:
The root script threw an error for me too, so just to be safe I opened the script and typed in the commands manually. If you have problems with the script, just run these commands from the root terminal on your phone:
-code-
"mkdir /system/xbin" just creates a directory, if it already exists you can ignore this command and proceed.
Hope this helps someone.. Thanks to the OP for the scripts.
Click to expand...
Click to collapse
thanks for this... I will give it a try
Yay, I just perma-rooted my phone using this method, many thanks to those who came up with the method in the first place, plus this handy guide too.
I got the message about /system/xbin already existing, but you can just ignore that message, it runs the rest of the script anyway.
ssyed said:
Ok, so I have figured out how to get out of this "quietly brilliant" loop.
First of all, this isn't a brick and all that is needed to fix this is a quick factory reset from the bootloader.
Click to expand...
Click to collapse
So after doing the guide you simply reeboot your phone into bootloader and select factory reset?
And then will the device be perm root and s-off???
So I'm trying to get into su to run gfree_verify to make sure my permaroot S-off/SIM card unlock/SuperCID was successful, but I'm getting a permission denied error.
What happens is, I type adb shell, then I type su, there's a really long delay, then it tells me Permission Denied. However, when I run the Terminal Emulator from my phone and type in the su command, I get root access just fine.
I used the "official" method that is on the HTC Vision Wiki that is located here. The only thing, however, is that my Android SDK install wasn't installed using any type of installer. I just extracted a zip file and shoved it in a random folder. I did make sure to run the Command Prompt as Administrator before issuing the adb shell command, but I'm still unable to get superuser access through the PC. Trying to use the adb root command gives me an "adbd cannot run as root in production builds" error.
Did I do something incorrectly?
adb kill-server
adb start-server
See if that works. If not, try rebooting your computer.
Sent from a Western Union telegram.
Does the Superuser app seem to be installed correctly on your phone ?
Do you have the output from gfree ? I wonder if it didn't work correctly with your kernel, it doesn't work with all kernels. What ROM/kernel do you have ?
Which procedure did you use, the one in the Wiki, or one involving dd'ing the eng hboot ?
steviewevie said:
Does the Superuser app seem to be installed correctly on your phone ?
Do you have the output from gfree ? I wonder if it didn't work correctly with your kernel, it doesn't work with all kernels. What ROM/kernel do you have ?
Which procedure did you use, the one in the Wiki, or one involving dd'ing the eng hboot ?
Click to expand...
Click to collapse
I rebooted the daemeon, computer, and also the phone. No dice.
The Superuser app is correctly installed. When I ran Adfree and attempted to go into SU in Terminal, I got the usual Allow Superuser access dialog. Both worked without any problems; like I said, I can get root access from the on-the-phone terminal, it's when I attempted to get root access from the adb shell command on my computer where I have problems.
No special ROMs, completely stock post-November OTA update. The only thing I flashed after permarooting was the Clockwork Recovery mod, but adb shell SU wasn't working before this. I initially used some outdated instructions (involving the use of the dd command, and the wpathis.ko or something). I read some more and learned these were out of dated, so I unrooted. I then used the instructions that are on the wiki using gfree to permroot.
gfree_verify works without any problems if I run it from the Terminal Emulator on my phone. Returns the proper values to indicate I'm SIM Unlocked, SuperCID, and S-off. I'm glad it works, but I still don't like the fact I can't use the adb shell. Typing characters on the G2 is a pain in the ass.
I still want to know why I can't enter superuser from the PC adb shell. Am I doing something incorrectly?
Thanks a lot for your help!
Try clearing data for the SuperUser app?
go in your recovery screen from boot, select your mount options, and mount everything lol. Not sure if it'll fix it but everytime I have adb permission issues that seems to fix it and I don't think it could hurt.
dietotherhythm said:
go in your recovery screen from boot, select your mount options, and mount everything lol. Not sure if it'll fix it but everytime I have adb permission issues that seems to fix it and I don't think it could hurt.
Click to expand...
Click to collapse
This worked perfectly! When I entered su from the command prompt, the SuperUser app popped up on the phone's side and I hit allow. It then let me through.
What exactly was broken though? Why did mounting everything from the Clockwork Recovery menu fix this?
Hey guys,
I took the advice of tons of people here to try the gfree method instead of the hboot or something, or the visionary permaroot.
the thing is, i did it my way and was too lazy to install ADB cuz it always failed and I don;t know how to use it.
I got a desire z- asian version
with a 1.2 version (NOT 1.7 that can't use gfree)
anyway
here's what i did
1) Installed Visionary to Temproot
2) got superuser for terminal emulator (ON PHONE)
3) chmod 777 the GFREE File on SDCARD
4) Tried to run it with the ./gfree -f command
5) IT SHOWS PERMISSION DENIED....WHYYY!???
WTF?
Anyway, if theres no o
ther way than ADBing this, I'll just go ahead and use the .ko file from the other rooting method..
THANKS GUYS
kwhkkwhk said:
Hey guys,
I took the advice of tons of people here to try the gfree method instead of the hboot or something, or the visionary permaroot.
the thing is, i did it my way and was too lazy to install ADB cuz it always failed and I don;t know how to use it.
I got a desire z- asian version
with a 1.2 version (NOT 1.7 that can't use gfree)
anyway
here's what i did
1) Installed Visionary to Temproot
2) got superuser for terminal emulator (ON PHONE)
3) chmod 777 the GFREE File on SDCARD
4) Tried to run it with the ./gfree -f command
5) IT SHOWS PERMISSION DENIED....WHYYY!???
WTF?
Anyway, if theres no o
ther way than ADBing this, I'll just go ahead and use the .ko file from the other rooting method..
THANKS GUYS
Click to expand...
Click to collapse
Ive seen this before, which files did you put on the sdcard, If you put the entire gfree02.zip file on your sdcard this is worng. You need to unzip the gfree02.zip file and place only the gfree file from the unzipped gfree02.zip file on the root of your sd card.
then re-run using this Code:
Code:
$ su
# cd /sdcard
# chmod 777 gfree
# ./gfree
# sync
i did everything as said, moved only the gfree file onto the sdcard.
everything works until ./gfree
it says: "./gfree: permission denid"
i don't really know whats wrong. the kernels right - its a stock 2.2 asian desire z on 1.2 version or something.
thanks SO MUCH For the reply though. I REALLY APPRECIATE IT
The guide says not to use Visionary for temp root before using gfree, in fact it says to either turn it off (if set to auto-soft-root on boot) or uninstall it altogether.
the gfree method has you use the rage method to obtain temp root.
raitchison said:
The guide says not to use Visionary for temp root before using gfree, in fact it says to either turn it off (if set to auto-soft-root on boot) or uninstall it altogether.
the gfree method has you use the rage method to obtain temp root.
Click to expand...
Click to collapse
Thats if your gonna temp root with Rage, requires ADB to push the files, which he is trying to avoid using ADB, gfree has been done the way he is trying before.
I don't believe you can run the gfree program from the sdcard mount point. You should try moving it to the phone itself (try putting it in /data/local directory as instructed in the wiki). That should take care of your permission denied issue.
Also, you may want to copy over all of the other files as listed in the wiki (except for rage since that's not needed for you). The wiki says you need to run the root command after running gfree (it'll set up things like busybox and su for you). You could also do all it manually yourself if you really wanted to...
But how do I move it off the sdcard? I tried using es file explorer but it says gfree can't be moved. And I cant mount the internal memory. Thanks for the advice though
If you are temp rooted you should be able to remount your file system as read/write, you will need to do this to copy files to the /system path and set permissions.
raitchison said:
If you are temp rooted you should be able to remount your file system as read/write, you will need to do this to copy files to the /system path and set permissions.
Click to expand...
Click to collapse
How would I do that?
remounting the file system? i can't find that option in settings...
and by copying the files, is that done through a file manager on the phone?
or on a computer?
thanks so much guys for the help
It shouldn't make a difference if gfree is on /sdcard or not.
To the OP - do you have a # (root) prompt when you are trying to run gfree ? You need that or it won't work. Have you followed exactly the commands that joemm posted, and you didn't get error messages from any of them ?
Yes I do have that sign. Everythin works (chmod, su) until the last code which is to run it.
kwhkkwhk said:
Yes I do have that sign. Everythin works (chmod, su) until the last code which is to run it.
Click to expand...
Click to collapse
Do "ls -l gfree" and copy and paste up here the output please. Something is still wrong.
It shows
Rwxr-x system sdcard_rw 134401 2010-12-11 08:57 gfree
steviewevie said:
It shouldn't make a difference if gfree is on /sdcard or not.
Click to expand...
Click to collapse
By default on my phone (running CM6), the sdcard mount point is mounted with the noexec option (so no direct execution of any binaries). I assumed it was this way on all roms for security reasons, but I'm not familiar with Visionary. Are you saying that Visionary remounts the sdcard as exec for you? Or that it's already that way by default for the stock rom? If so, then yes, you can leave gfree on your sdcard. You can check by running mount in the terminal. You should see an entry for /sdcard with all of its options after it. If you see noexec in there, you will either need to move the files to the phone or remount your sdcard with the exec option instead.
If you want to copy files over to your phone while rooted, you could use Root Explorer (probably easiest way). I believe there are other free programs that allow r/w access, but I haven't tried anyway. Otherwise, you should be able to copy over the files in Terminal. I think the data partition is mounted as r/w but you can verify with the mount command mentioned above (on the line containing /data, look for either rw or ro). If there is a rw, then just use the copy command to copy the files where you need to:
Code:
su
cp /sdcard/gfree /data/local
If the data partition is mounted as ro, you'll need to remount as rw first:
Code:
su
mount -o remount,rw -t ext3 /dev/block/mmcblk0p26 /data
Pretty sure that won't be needed though.
ianmcquinn said:
By default on my phone (running CM6), the sdcard mount point is mounted with the noexec option (so no direct execution of any binaries).
Click to expand...
Click to collapse
ooh, ok, thanks, I never knew that. My apologies, that looks like why it's not running then.
If you want to copy files over to your phone while rooted, you could use Root Explorer (probably easiest way). I believe there are other free programs that allow r/w access, but I haven't tried anyway. Otherwise, you should be able to copy over the files in Terminal. I think the data partition is mounted as r/w but you can verify with the mount command mentioned above
Click to expand...
Click to collapse
Yeah, /data is mounted as rw by default, so should be fine to copy as you said.
Alright. This WORKS for running gfree
but for the step that makes the root "stick" according to the guide here...
http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision#Rooting_the_G2
where i says :
"You now have read-write access to your /system, hboot, and recovery partitions. But you still need to "lock in" root, and give you 'su' access in the future. So just do:
# /data/local/tmp/root
# sync
"
I can't find /data/local/tmp/root
so it fails to run..
any suggestions on this?
gfree runs fine. it says done when I did ./gfree -f
thanks guys for all the help!
kwhkkwhk said:
# /data/local/tmp/root
# sync
"
I can't find /data/local/tmp/root
so it fails to run..
any suggestions on this?
Click to expand...
Click to collapse
root is the binary that actually does the rooting, it's included in the gfree_temp-root zip. Did you copy that to /data/local/tmp or did you copy it somewhere else?
the only thing i did, if you were able to see my previous problem,
was just copying the gfree file over to the /data/local and running it
by ./gfree -f
other than that, i copied nothing else, since the guide using adb and the commands used moved nothing other than the gfree file i moved to /data/local
I didn't use the gfree_temp-root.zip folder, i used the gfree_02.zip (permaroot) folder.
and i temp rooted using visionary to get the needed gfree file onboard.
then do i need other filed then?
thank you so much for the quick reply.
kwhkkwhk said:
then do i need other filed then?
Click to expand...
Click to collapse
Yeah, root is actually just a script that installs things like busybox and su for you (see my earlier post).
You should copy those files to the proper locations listed in the wiki (pretty much every file but rage). It'll make life easier (otherwise, you'll have to do all of that stuff manually).
Congrats, you almost have a fully rooted phone.
THank you so much!
and thank you to all of you guys who helped me!
I managed to root my phone finally! Without adb!
YAY
Hi there,
i'm actually trying to do the wimax backup found here:
http://forum.xda-developers.com/showthread.php?t=887900
I went through all of this trouble trying to install busybox until I found out that Titanium backup already installed 1.16 on my phone. However I can't seem to find where it was installed to and the,
busybox sed -n '/BEGIN CERTIFICATE/,$p' /dev/mtd/mtd0 > /sdcard/rsa_OEM.key
command isn't working. Any thoughts? Sorry if this is the wrong spot to post. I'm still getting the hang of this forum.
I have the same problem. I think I'm getting this error in the terminal emulator because I don't have the system Busybox installed, just Titanium's app busybox, which is apparently different?. When I try to run Busybox installer, it errors saying I'm possibly not nand unlocked... I used UR3 and UR forever, and can confirm that I am S-Off. Doesn't S-Off = nand-unlock?
I haven't played too much with busybox to know much of its capabilities, but if you want to know the directory it is located in, run this from Terminal Emulator, or adb.
find -iname "*busybox*"
that will get you any and all file listings with busybox in it.
says denied, so I typed su, and get the #
then I type the find command, and tells me that 'find' is not found.
topdawgn8 said:
I haven't played too much with busybox to know much of its capabilities, but if you want to know the directory it is located in, run this from Terminal Emulator, or adb.
find -iname "*busybox*"
that will get you any and all file listings with busybox in it.
Click to expand...
Click to collapse
greyopaque said:
says denied, so I typed su, and get the #
then I type the find command, and tells me that 'find' is not found.
Click to expand...
Click to collapse
you should be able to run find without a hitch. I have had issues running a find while executing a remove, but find had always worked...
try remounting the system:
Code:
su
remount rw
find -iname "*busybox*"
Edit: I just ran find with only SU. What rom and kernel are you running? The only two things I can think of are:
1: The dev removed it from the rom
2: User error-- ensure the commands are lower case, there is a space where appropriate (denoted by ">")
Code:
find>-iname>"*busybox*"
The busy box that tb installs doesn't have all the commands. I had to install from the market to get all the commands.
Sent from my PC36100 using XDA App
its in system/bin most of the time but can be in different spots
Usually you can find busybox in /system/xbin
OMG... I feel stupid... I had install location set for SDCard. That's why busybox installer was failing. I changed it back to auto, and installed busybox, and now everything is working!
Don't waste your time with the rsa keys backup. You'll never be able to restore them.
Use the recovery (amon's 2.2.x) to make a backup of the entire wimax partition. Should the need arise, recovery will be easy. To date, i've yet to see instructions how to restore just the keys.
That's exactly what I did. Thanx!
gpz1100 said:
Don't waste your time with the rsa keys backup. You'll never be able to restore them.
Use the recovery (amon's 2.2.x) to make a backup of the entire wimax partition. Should the need arise, recovery will be easy. To date, i've yet to see instructions how to restore just the keys.
Click to expand...
Click to collapse
[HOW-TO] [GSM & CDMA] How to root without unlocking bootloader (for ITL41D to JRO03O)
As of Oct 10, 2012: Google has patched this vulnerability starting with JRO03U. That is to say, this works on versions of ICS and JB from ITL41D to JRO03O inclusive. It will not work for JRO03U or newer. (My previous guide found here only worked on Android versions 4.0.1 and 4.0.2, i.e., ITL41D/F and ICL53F.
Once you have root, you can use segv11's BootUnlocker app to unlock your bootloader without wiping anything. Easy as pie!
Disclaimer: I take no credit for this exploit or the implementation of it. All credit goes to Bin4ry and his team. I just isolated the parts required for the GNex, modified it slightly and eliminated the script.
So, it looks like Bin4ry (with the help of a couple of others) has managed to find a way to exploit a timing difference in the "adb restore" command. See source here. (Although this may be old news to some, I hadn't seen it before a few days ago.) This is more for informational purposes, as having a Nexus device, we are able to backup our data, unlock the bootloader and restore the backup, so this is guide is not really that useful for most, but you still have those users who are scared to unlock their bootloader. It is useful however, for those with a broken power button, as it allows them to unlock their bootloader without the power button.
How this works
The way this works is as follows: the "adb restore" command needs to be able to write to /data to restore a backup. Because of this, we can find a way to write something to /data while this is being done. Now, Android parses a file called /data/local.prop on boot. If the following line exists in local.prop, it will boot your device in emulator mode with root shell access: ro.kernel.qemu=1. So, if we can place a file called local.prop with the aforementioned line in /data, once your device boots, it will boot in emulator mode and the shell user has root access, so we now can mount the system partition as r/w.
So what does this all mean:
You can now root any version of ICS and JB released to-date without having to unlock your bootloader (and without losing your data).
Moreover, you should now be able to root your device even if your hardware buttons are not working.
Additionally, this allows those who have not received an OTA update and want to apply it without having an unlocked bootloader or root to do so by copying the OTA update to /cache from /sdcard.
Notes:
1) Please read the entire post before attempting this.
2) This does not wipe any of your data, but I take no responsibility if something happens and you lose your data. Maybe consider doing a backup as per this thread before attempting this.
3) This assumes that you have USB Debugging enable on your device (Settings > Developer Options > Enable USB Debugging) and the drivers for your device installed on your computer. For the drivers, I would recommend you remove all old drivers and install these. If you don't know how to install them, or are having issues, look here.
4) This obviously needs to be done over ADB, as you cannot run adb in a terminal emulator on-device. If you do not have ADB, I've attached it in the zip (Windows and Linux versions). Unzip all files.
Step-by-step:
1) Download the attached files to your computer and unzip them;
2) Open a command prompt in that same directory;
3) Copy the root files to your device:
adb push su /data/local/tmp/su
adb push Superuser.apk /data/local/tmp/Superuser.apk
4) Restore the fake "backup": adb restore fakebackup.ab Note: do not click restore on your device. Just enter the command into the command prompt on your PC and press the enter key.
5) Run the "exploit": adb shell "while ! ln -s /data/local.prop /data/data/com.android.settings/a/file99; do :; done" Note: when you enter this command, you should see your adb window flooded with errors -- this is what is supposed to happen.
6) Now that the "exploit" is running, click restore on your device.
7) Once it finishes, reboot your device: adb reboot Note: Do not try and use your device when it reboots. Running this exploit will reboot your device into emulator mode, so it will be laggy and the screen will flicker -- this is normal.
8) Once it is rebooted, open a shell: adb shell
Note: Once you do step 8, your should have a root shell, i.e., your prompt should be #, not $. If not, it did not work. Start again from step 4. (It may take a few tries for it to work. Thanks segv11.)
Now we can copy su and Superuser.apk to the correct spots to give us root.
9) Mount the system partition as r/w: mount -o remount,rw -t ext4 /dev/block/mmcblk0p1 /system
10) Copy su to /system: cat /data/local/tmp/su > /system/bin/su
11) Change permissions on su: chmod 06755 /system/bin/su
12) Symlink su to /xbin/su: ln -s /system/bin/su /system/xbin/su
13) Copy Superuser.apk to /system: cat /data/local/tmp/Superuser.apk > /system/app/Superuser.apk
14) Change permissions on Superuser.apk: chmod 0644 /system/app/Superuser.apk
15) Delete the file that the exploit created: rm /data/local.prop
16) Exit the ADB shell: exit (May have to type exit twice to get back to your command prompt.)
17) Type the following (not sure if this is needed for the GNex, but it shouldn't matter): adb shell "sync; sync; sync;"
18) Reboot: adb reboot
19) Done. You now should have root without having to unlock your bootloader. If you want to unlock now, you can without wiping anything. See segv11's app linked at the beginning of this post.
Note: If you still do not have root access after doing these steps, redo them and add this step between 10 and 11:
10b) Change the owner of su: chown 0.0 /system/bin/su (Thanks maxrfon.)
I've done all. It installs supersuser app but the phone is not really rooted and apps that requires it doesn't work
Lorenzo_9 said:
I've done all. It installs supersuser app but the phone is not really rooted and apps that requires it doesn't work
Click to expand...
Click to collapse
Did you try opening the Superuser app?
What happens when you open an app that requires root? Do you get the request for su access?
You can open the app but whith apps that requires root there are no requestes and they don't... Even using root checker you see that you're not rooted
Lorenzo_9 said:
You can open the app but whith apps that requires root there are no requestes and they don't... Even using root checker you see that you're not rooted
Click to expand...
Click to collapse
Re-run the entire procedure again (including pushing the su and Superuser.apk files). When I had done it, I used the latest version of su and Superuser.apk, but when I uploaded the files in the attachment in post #1, I used the files that Bin4ry had in his package, which I assume are older. Regardless, re-download the attachment in the first post and try it again.
efrant said:
Re-run the entire procedure again (including pushing the su and Superuser.apk files). When I had done it, I used the latest version of su and Superuser.apk, but when I uploaded the files in the attachment in post #1, I used the files that Bin4ry had in his package, which I assume are older. Regardless, re-download the attachment in the first post and try it again.
Click to expand...
Click to collapse
Ok I'll do it and then I'll report you what happens. So now have you updated su and superuser.apk?
Lorenzo_9 said:
Ok I'll do it and then I'll report you what happens. So now have you updated su and superuser.apk?
Click to expand...
Click to collapse
Yes, I put the latest versions in the zip in the first post.
I can confirm that this works, and also that step 10b was not needed for me. This is the first time I have not used a toolkit so if I can do it, anyone can.
Running a Verizon Galaxy Nexus, this allowed me to update to the leaked Jelly Bean OTA with a locked bootloader. I first flashed stock 4.0.4 and locked the bootloader. I then used the exploit to gain root access, allowing me to apply IMM76Q and JRO03O OTA updates via stock recovery. (Rebooting between updates.) Thank you for creating a guide that this newb could easily understand and follow.
serty4011 said:
I can confirm that this works, and also that step 10b was not needed for me. This is the first time I have not used a toolkit so if I can do it, anyone can.
Running a Verizon Galaxy Nexus, this allowed me to update to the leaked Jelly Bean OTA with a locked bootloader. I first flashed stock 4.0.4 and locked the bootloader. I then used the exploit to gain root access, allowing me to apply IMM76Q and JRO03O OTA updates via stock recovery. (Rebooting between updates.) Thank you for creating a guide that this newb could easily understand and follow.
Click to expand...
Click to collapse
Thanks for confirming that step was not needed.
Thanks!
Bookmarked for future reference :good:
does it work on nexus 7 ?
dacc said:
does it work on nexus 7 ?
Click to expand...
Click to collapse
Yes, it should.
thans for quick response
Works fine for my GNex, big thanks! How about putting it into a script for non-advanced users here?
wictor1992 said:
Works fine for my GNex, big thanks! How about putting it into a script for non-advanced users here?
Click to expand...
Click to collapse
Glad you got it working!
As for putting it into a script, I could but I'd rather not. As with most of the guides that I have written up, I purposely do not put things into a script so that people would actually go through all the steps and, by doing so, maybe get an understanding of what they are actually doing, and hopefully learn something in the process. If I would have packaged it up into a script, a lot of the less experienced users would not even try to go through the steps -- they would just use the script, and no one learns anything yet again. See here for some discussion on one-click scripts. Granted, blindly following a step-by-step is not much better, but I have tried to put comments and explanations throughout to facilitate learning. It's about the journey...
P.S.: I would appreciate it if no one else posts a script in this thread.
efrant said:
P.S.: I would appreciate it if no one else posts a script in this thread.
Click to expand...
Click to collapse
can i make a script that just puts in big text "STOP USING TOOLKITS AND 1 CLICKS"
Zepius said:
can i make a script that just puts in big text "STOP USING TOOLKITS AND 1 CLICKS"
Click to expand...
Click to collapse
LOL! Yes, sure, that's one script I don't mind being posted. LOL!
Heh, fair enough. I think I'm learning a bit about adb
One question: I can't replace system APKs by installing them, it tells me that there is a signature conflict. How can I fix that? I thought it shouldn't happen after rooting. (I'm trying to install the "international" velvet.apk).
wictor1992 said:
Heh, fair enough. I think I'm learning a bit about adb
One question: I can't replace system APKs by installing them, it tells me that there is a signature conflict. How can I fix that? I thought it shouldn't happen after rooting. (I'm trying to install the "international" velvet.apk).
Click to expand...
Click to collapse
Let's try to keep this thread on-topic please.
But to answer your question, don't install the apk. Using a file explorer that has root access, copy it to /system/app (after making sure that system is r/w) and make sure the permissions are set to match the other apks in that directory.
when running adb after running the command where i tell it to restore fake restore and then while the "exploit" is running ikeep getting , in cmd, link failed, no such file or directory, and it just keep doing that. is this normal or did i do something wrong.
efrant said:
Let's try to keep this thread on-topic please.
But to answer your question, don't install the apk. Using a file explorer that has root access, copy it to /system/app (after making sure that system is r/w) and make sure the permissions are set to match the other apks in that directory.
Click to expand...
Click to collapse