This is it guys... HUGE props to bigrushdog (his kernel made this possible!), MADindustries and modplan!
Download the Motorola WiFi Xoom Root Zip file and unzip it. (MediaFire) - Contains Tiamat 1.3.1
You need the Moto Drivers - Read this thread to START you - http://forum.xda-developers.com/showthread.php?t=981578
You'll need fastboot - get it here http://developer.htc.com/adp.html
Make sure you have the latest SDK - adb and fastboot should be in /platform-tools - http://developer.android.com/sdk/index.html
Place the files in the SDK Tools folder.
If rebooting works... - This will wipe your phone by the way!!
adb reboot bootloader
fastboot oem unlock
adb reboot bootloader
If stuck at "Dual Core Technology"
Hold VolUp and power to restart Xoom
Hold VolDown will booting unit for fastboot mode
fastboot flash boot boot.img
fastboot reboot
adb shell
mkdir /data/media/sdcard2
exit
(physically put in microSD card if you are planning to use)
adb reboot
adb remount
adb push bcm4329.ko /system/lib/modules/bcm4329.ko
adb push cifs.ko /system/lib/modules/cifs.ko
adb push tun.ko /system/lib/modules/tun.ko
adb push scsi_wait_scan.ko /system/lib/modules/scsi_wait_scan.ko
adb push su /system/bin
adb shell ln -s /system/bin/su /system/xbin/su
adb shell chmod 4755 /system/bin/su
adb push Superuser.apk /system/app
adb push vold.fstab /system/etc/vold.fstab
adb reboot
adb shell
WE HAZ ROOT!!
Check out this video for basic Windows walkthrough from Buddhahb - http://www.youtube.com/watch?v=ZsVpY0PDwtQ
Check out this video for basic Mac walkthrough from sleeplessninjas - http://www.youtube.com/watch?v=zC6J-hV6SM4
Update: 3/27/2011 12:04pm CST Added cifs.ko, tun.ko, and scsi_wait_scan.ko
Update: 3/27/2011 12:22pm CST Added vold.fstab file for USB mounting & MegaUpload
Update: 4/13/2011 10:07am CST Updated to Tiamat's 1.3.1 kernel for SD card support & Gallery support.
awesome work guys!
Woooooooooooooooooooooooooot
fantastic work!!
\o/
can you try the cifs.ko module as well? i have a 3g version and am curious
Thanks Xaositek and HUGE props to MADindustries and modplan for coming up with a quick solution.
Is there a rip of the stock "boot.img" in case it doesn't work so that people who soft brick their xoom can return it back to stock? If so can that be posted in the OP's post? I know I am not the only paranoid one that would like to have the stock boot.img before attempting any rooting.
Also just for curiousity, can someone explain the differences between the wifi and wifi+3g boot.img versions and what they had to do to workaround this. Thanks.
We end up replacing the stock boot - We'll probably need to wait for Motorola to toss us a bone there
I just downloaded the "xoomwifiroot.zip" file and realized the files in the "xoomwifiroot.zip" are just tiamat's 1.1.6 files (boot.img and kernel modules) that can be found in tiamat's thread.
I was expecting the files to be something different that was close to the original root method by Koush where there is a "rootboot.img".
Maybe a better question for my understanding is this. Sorry if I am a noob.
Is Koush's file rootboot.img for the original xoom root only good for rooting the system while tiamat's boot.img file not only roots the system but also has code to overclock the xoom?
ericdabbs said:
I just downloaded the "xoomwifiroot.zip" file and realized the files in the "xoomwifiroot.zip" are just tiamat's 1.1.6 files (boot.img and kernel modules) that can be found in tiamat's thread.
Click to expand...
Click to collapse
It also has the su and Superuser.apk but essentially yes...
ericdabbs said:
Is Koush's file rootboot.img for the original xoom root only good for rooting the system while tiamat's boot.img file not only roots the system but also has code to overclock the xoom?
Click to expand...
Click to collapse
Koush's rootboot got us into this mess, Tiamat's boot.img got us out of it. It also allows the critical adb remount to allow the next steps.
Xaositek said:
It also has the su and Superuser.apk but essentially yes...
Koush's rootboot got us into this mess, Tiamat's boot.img got us out of it. It also allows the critical adb remount to allow the next steps.
Click to expand...
Click to collapse
Gotcha. Thanks for all your help.
ericdabbs said:
Gotcha. Thanks for all your help.
Click to expand...
Click to collapse
Grab the latest file from MegaUpload and add the additional modules
glad I could help get this working and glad that it fixed my bricked xoom! One thing that I would suggest is someone pull the stock ko files and save them, after moto releases the stock boot.img files I am sure that there will be some people that want to go back to the stock kernel which will then be as easy as flashing the stock boot.Img and then pushing the stock ko files back on.
Guess I'll run out and grab one now at Best Buy then. Thanks!
modplan said:
glad I could help get this working and glad that it fixed my bricked xoom! One thing that I would suggest is someone pull the stock ko files and save them, after moto releases the stock boot.img files I am sure that there will be some people that want to go back to the stock kernel which will then be as easy as flashing the stock boot.Img and then pushing the stock ko files back on.
Click to expand...
Click to collapse
Is there a way to extract the stock boot.img and wifi ko files before flashing it with tiamat's files? If so, what are the instructions so that people who haven't rooted it yet can give it a try. That way we can give back to the community.
ericdabbs said:
Is there a way to extract the stock boot.img and wifi ko files before flashing it with tiamat's files? If so, what are the instructions so that people who haven't rooted it yet can give it a try. That way we can give back to the community.
Click to expand...
Click to collapse
Pulling the boot image looks like it is rather difficult but pulling the ko files should be as simple as using the adb pull command instead of adb push. For example
Adb pull /system/lib/modules/something.ko c:/something.ko (put the right paths obviously the second path is just where you want to save it on your computer)
As an FYI. coolbho's ocboot.img does not work on the wi-fi version of the xoom yet. To prevent your headaches I have already flashed and it stays at boot screen. Tiamat's seems the only kernel that is working for wi-fi only
modplan said:
Pulling the boot image looks like it is rather difficult but pulling the ko files should be as simple as using the adb pull command instead of adb push. For example
Adb pull /system/lib/modules/something.ko c:/something.ko (put the right paths obviously the second path is just where you want to save it on your computer)
Click to expand...
Click to collapse
Got it. When I get my wifi xoom, I'll give this a shot.
d3coy3d said:
As an FYI. coolbho's ocboot.img does not work on the wi-fi version of the xoom yet. To prevent your headaches I have already flashed and it stays at boot screen. Tiamat's seems the only kernel that is working for wi-fi only
Click to expand...
Click to collapse
Tiamat's kernel allows for the 1.5ghz OC
When i command to push the first file, I get all the info on android debug.
chaz03 said:
When i command to push the first file, I get all the info on android debug.
Click to expand...
Click to collapse
Revisit the instructions now - you can just copy and paste them all now
Related
How would it be able to do this? I've seen terminal codes floating around, but none of them look like they'd be replacing the proper files for a cupcake build (old RC33 builds I believe, long lost now!)
I'm running TheDude's 1.3 RC2. I've seen plenty of ADB commands, however I've never been able to get ADB to work on my computer, and I don't feel like putting more pointless hours into it
So how would the terminal commands work, and what would the pre-requisites for the files have to be? Thanks!
http://forum.xda-developers.com/showthread.php?t=467693 Im pretty sure all you need is fastboot not adb for splash1 the animated splash just requires you to resign an update.zip http://forum.xda-developers.com/showthread.php?t=467693
crotalusfreak said:
http://forum.xda-developers.com/showthread.php?t=467693 Im pretty sure all you need is fastboot not adb for splash1 the animated splash just requires you to resign an update.zip http://forum.xda-developers.com/showthread.php?t=467693
Click to expand...
Click to collapse
I'm pretty sure it uses ADB, hence why I'm asking...Fastboot IS ADB
yea fastboot is the only other way that I know of!!
this is where i downloaded the tools for creating your own boot image!
http://www.modmygphone.com/forums/downloads.php?do=file&id=1471&act=down
this is the link that teaches on how to make one and im pretty sure there is one here in the forums!
http://modmygphone.com/forums/showthread.php?t=10461
if you need help PM me ill take you step by step!
or email [email protected]
lukekirstein said:
I'm pretty sure it uses ADB, hence why I'm asking...Fastboot IS ADB
Click to expand...
Click to collapse
it wont use ADB, fastboot is like an alternate route...
Drizzy Drake Rogers said:
yea fastboot is the only other way that I know of!!
this is where i downloaded the tools for creating your own boot image!
http://www.modmygphone.com/forums/downloads.php?do=file&id=1471&act=down
this is the link that teaches on how to make one and im pretty sure there is one here in the forums!
http://modmygphone.com/forums/showthread.php?t=10461
if you need help PM me ill take you step by step!
or email [email protected]
Click to expand...
Click to collapse
Step number two of those directions: "2. Get ADB setup and working. Read here. "
Let's clarify. I cannot get ADB to work, at all, on my computer. Fastboot doesn't work because I can't get ADB to work. Moreso, I just realized that I can't even find my data cord.
Either way, the point of my post is to find a way to change the boot animation at start up, without having to use anything but the phone and maybe some photo editing software.
So how can we do this?
You do not have to have the whole sdk(adb etc..) for fastboot to work you do have to have a driver running for android found in the sdk or here http://dl.google.com/android/android_usb_windows.zip .
The boot animation is found in /system/framework/framework-res.apk/assets/images,android-logo-mask.png and android-logo-shine.png are the images you wanna edit.Dont believe you can get it back on your phone without the sdk set up with adb working though as you will either have to resign an update or push the edited files back somehow.
Edit:without a data cord I think this is an impossibility I dont think you can go through the process needed on your phone,dont hold me to that though good luck man.
crotalusfreak said:
You do not have to have the whole sdk(adb etc..) for fastboot to work you do have to have a driver running for android found in the sdk or here http://dl.google.com/android/android_usb_windows.zip .
The boot animation is found in /system/framework/framework-res.apk/assets/images,android-logo-mask.png and android-logo-shine.png are the images you wanna edit.Dont believe you can get it back on your phone without the sdk set up with adb working though as you will either have to resign an update or push the edited files back somehow.
Edit:without a data cord I think this is an impossibility I dont think you can go through the process needed on your phone,dont hold me to that though good luck man.
Click to expand...
Click to collapse
Alright, I just confirmed the location on the phone. So if I upload a file onto my SD card, and overwrite it through Terminal, what do you think that'll do? I'm not big into the Themes section, I'm into the Development section, so I'm not sure what overwriting will do to my phone.
Actually you might be able to get away with that.Try backing up framework res in terminal type:
$su
#mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
#cp -r /system/framework/framework-res.apk /sdcard
Now the .apk you want is on your sdcard root pull that onto a computer unzip it with 7zip.In the framework-res folder there are some more folders go to assets then images edit those two images to your liking.Then go back to your framework-res.apk that you backed up add .zip to the end,right click it and choose open or explore navigate back to the images folder and paste your edited boot images in there.Now remove .zip so it is framework-res.apk again put that back on your sd cards root.Go to terminal and type
$su
#mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
#cp -f /sdcard/framework-res.apk /system/framework
#reboot
If all goes well that should work.
crotalusfreak said:
Then go back to your framework-res.apk that you backed up add .zip to the end,right click it and choose open or explore navigate back to the images folder and paste your edited boot images in there.Now remove .zip so it is framework-res.apk again put that back on your sd cards root.
Click to expand...
Click to collapse
Lost you at naming it as a .zip. I can't explore or open the file, as Windows Vista doesn't know how to handle it. Any ideas?
lukekirstein said:
Lost you at naming it as a .zip. I can't explore or open the file, as Windows Vista doesn't know how to handle it. Any ideas?
Click to expand...
Click to collapse
right click-> open with -> WinRAR
Or go to Folder Options and uncheck "Hide extensions for known filetypes" (you should do that for all folders.... its a bad idea not to because a virus may look like *.doc instead of *.doc.exe anyways its also more convenient)
does anyone know how to change the boot image for a rogers g1 none of these things work for me i bricked my last phone a week ago cause someone said it would work
jokefox said:
does anyone know how to change the boot image for a rogers g1 none of these things work for me i bricked my last phone a week ago cause someone said it would work
Click to expand...
Click to collapse
Well if you're bricking phones, I wouldn't recommend trying it again
I'm new o all this stuff, so go easy with me! :silly:
If I understand correctly the root process, this should be true (correct me if I'm wrong):
Unsecure boot.img is only used to booting as root
Booting as root user allow to use some adb command
Command adb is used to modify system.img, injecting su command and superuser/supersu apk
If this is correct, can i modify a stock JB system.img and put su/superuser/supersu apk? Will this work? Then if this is right:
How can I unpack and edit system.img?
Where I can get the original su command?
Where I should download superuser/supersu apk?
I'd like to learn this stuff and do not use any external tool, apart from fastboot and adb commands. I'm quite familiar with *nix.
Thanks for helping :highfive:
uh..am i misinterpreting something here? why not just boot a custom recovery with fastboot and flash a su/supersu.apk or superuser.apk cwm zip?
sent from my i9250
bk201doesntexist said:
you will be better off building from src, if you're familiar with nix.
if not, no need to inject anything, just boot a custom recovery with fastboot and flash a su/supersu.apk or superuser.apk cwm zip.
sent from my i9250
Click to expand...
Click to collapse
Not so familiar to build system from the sorce, unfortunatly. I don't use a custom recovery... so there is no way of building my own system.img?
Gremo said:
[snip]
can i modify a stock JB system.img and put su/superuser/supersu apk?
Click to expand...
Click to collapse
Yes you could.
Gremo said:
How can I unpack and edit system.img?
Click to expand...
Click to collapse
As far as I know, you cannot unpack system.img using only fastboot and adb (which you indicated you ONLY wanted to use). I know you can use this to convert it to ext4 format and then you can mount it.
Gremo said:
Where I can get the original su command?
Where I should download superuser/supersu apk?
Click to expand...
Click to collapse
Superuser is here, or, if you prefer SuperSU, it is here.
EDIT: But this is a lot of work for nothing. You could just boot an insecure kernel (which you can get from the dev section, or you could build one yourself) and then copy the su and Superuser.apk files to your device, no?
Hello everyone!
Here's another release thread for y'all!
What is this?
This is a flashable TWRP recovery for the Optimus G Pro.
Special thanks to @djrbliss
You can safely flash this to your phone's recovery and enjoy modding bliss!
How do I use this, and where do I get it?
Good question!
There are two ways to use the files provided here.
To Flash to Recovery:
I've created an easy installer for all you Windows folks!
Download this: http://downloads.codefi.re/thecubed/lgoptimusg_pro/gkatt/recovery/e98010g/easy-twrp-e98010g.zip
Extract it to somewhere on your computer.
Enable USB debugging on your phone, if you need the drivers I've included them in the "files/drivers" folder in the zip
Run the 'install.bat' script.
Check for any errors, if it was successful, you can 'adb reboot recovery' or use an app on your phone to get you into TWRP now!
Profit! (and realize that this was pretty easy!)
(thanks to hkfriends for pointing out the errors in my script!)
OR..
Download this file to somewhere on your computer https://github.com/djrbliss/loki/raw/master/bin/loki_flash
Download this file http://downloads.codefi.re/thecubed/lgoptimusg_pro/gkatt/recovery/e98010g/gkatt-twrp-e98010g.lok
Run the following:
Code:
adb push loki_flash /data/local/tmp
adb push gkatt-twrp-e98010g.lok /data/local/tmp
abd shell
su
cd /data/local/tmp
chmod 755 loki_flash
./loki_flash recovery gkatt-twrp-e98010g.lok
To boot
Download this file: http://downloads.codefi.re/thecubed/lgoptimusg_pro/gkatt/recovery/e98010g/gkatt-twrp-e98010g.img
Use fastboot boot to boot it
DO NOT FLASH THE .IMG FILE TO YOUR PHONE. It is only meant for fastboot booting.
Where can I find the source you used to build this?
All on my github!
http://github.com/thecubed/
Or, follow my guide here:
http://forum.xda-developers.com/showthread.php?p=43514195
What can I do with this?
Right now, the possibilities are unlimited. Once a security-lax boot.img is released, we can flash that through recovery and let the modding commence.
Please remember though, modding /system with the stock boot.img will result in a security error!
What works, and what doesnt?
I have not tested external SD cards, since I don't have one with me at work.
I have also not tested backups or restores in TWRP yet.
Can you show me a video?
Why yes I can!
As usual, please pardon the crappy camera work.
I <3 you so much, how do I show my love?
You are so kind
I most definitely do not expect donations of any kind, however they are appreciated a lot.
I purchased this phone off-contract just to get it unlocked, if you are a kind soul and would like to send me a token of your appreciation I would love you forever.
XDA has a neat "Donate to me" button that should be on the left side of this page under my name. Donations go to purchasing new hardware to work on and other neat stuff, so they're always appreciated.
Special Thanks!
In no particular order, special thanks to all of you guys!
djrbliss
hkfriends
synergy
Shelnutt2
DeamonFish
If I forgot anyone, let me know and I'll add you here!
Alright guys! Let me know if you find any bugs!
This is killer, I love twrp. So this will just over flash the cwm currently added earlier of course correct? Awesome work m8:thumbup:
EDIT: Not sure why but the Loki flash file downloads as a. Txt file for me
Sent from my LG-E980 using Tapatalk 2
maybe i am doing something wrong, but when i get into twrp the touch does not work
Very nice work there
testing back up and restore now
rbf351 said:
maybe i am doing something wrong, but when i get into twrp the touch does not work
Click to expand...
Click to collapse
Touch doesn't work? You have the ATT version, right?
That'd be very strange if it didn't work because of something in my kernel... it's pretty much just stock...
sorry for the "newbie" question...but the file to download are getting to the phone right?
thecubed said:
Touch doesn't work? You have the ATT version, right?
That'd be very strange if it didn't work because of something in my kernel... it's pretty much just stock...
Click to expand...
Click to collapse
yup, AT&T version, but it happens when i type in adb reboot recovery
Everything works so far tried backing up restore flashing and external sd... very nice work I will keep playing to see if i find any bugs
rbf351 said:
yup, AT&T version, but it happens when i type in adb reboot recovery
Click to expand...
Click to collapse
That's weird... I've been testing with that exact command and it's not doing it.
Can you possibly pull the kernel logs and pastebin them?
Do this while you're booted in recovery:
Code:
adb shell
dmesg > /sdcard/twrp_kmsg.txt
[press ctrl-c after a few seconds]
adb pull /sdcard/twrp_kmsg.txt
Thanks!
thecubed said:
That's weird... I've been testing with that exact command and it's not doing it.
Can you possibly pull the kernel logs and pastebin them?
Do this while you're booted in recovery:
Code:
adb shell
dmesg > /sdcard/twrp_kmsg.txt
[press ctrl-c after a few seconds]
adb pull /sdcard/twrp_kmsg.txt
Thanks!
Click to expand...
Click to collapse
won't all me to do it, i get the following error
C:\Program Files (x86)\Minimal ADB and Fastboot>adb shell
error: device not found
rbf351 said:
won't all me to do it, i get the following error
C:\Program Files (x86)\Minimal ADB and Fastboot>adb shell
error: device not found
Click to expand...
Click to collapse
Can you check to ensure that you have the ADB driver installed for your system? It is possible that your desktop hasn't installed the ADB interface while the phone is in recovery mode.
Start -> devmgmt.msc [enter]
Look to see if you have any unknown devices or "Android Phone" entries with no driver installed. That should do the trick.
thecubed said:
Can you check to ensure that you have the ADB driver installed for your system? It is possible that your desktop hasn't installed the ADB interface while the phone is in recovery mode.
Start -> devmgmt.msc [enter]
Look to see if you have any unknown devices or "Android Phone" entries with no driver installed. That should do the trick.
Click to expand...
Click to collapse
i have the following
ADB Interface
Android Sooner Single ADB Interface
edit, that wasn't while i was in recovery mode
in recovery mode i have
other devices
LG-E980 with an exclamation
I was able to flash and get into recovery without any issues. Excellent work! Thecubed and djrbliss, you guys are awesome!
here is the pastebin
http://pastebin.com/XPYi0v44
rbf351 said:
here is the pastebin
http://pastebin.com/XPYi0v44
Click to expand...
Click to collapse
Here's an interesting question... if you flash CWM instead, and press the softkeys at the bottom of the phone (the normal back and menu buttons) does anything happen? It looks like your touchscreen is being brought up successfully (despite the "[ 8.270257 / 03-05 11:00:29.766] Reflash Completed. Please reboot." line)
If softkeys work in CWM, then it means that something in TWRP isn't registering your touchscreen right. I'll look into that, should be fairly straightforward.
If softkeys don't work in CWM... that means something more strange. That means my kernel (or the boot commands I'm using) aren't compatible with your phone... which is indeed possible, since there are many revisions of each phone. (I hope this isn't the case!)
thecubed said:
Here's an interesting question... if you flash CWM instead, and press the softkeys at the bottom of the phone (the normal back and menu buttons) does anything happen? It looks like your touchscreen is being brought up successfully (despite the "[ 8.270257 / 03-05 11:00:29.766] Reflash Completed. Please reboot." line)
If softkeys work in CWM, then it means that something in TWRP isn't registering your touchscreen right. I'll look into that, should be fairly straightforward.
If softkeys don't work in CWM... that means something more strange. That means my kernel (or the boot commands I'm using) aren't compatible with your phone... which is indeed possible, since there are many revisions of each phone. (I hope this isn't the case!)
Click to expand...
Click to collapse
CWM works perfectly, i can navigate through all the menus using the softkeys
TWRP working perfectly here for me also! thank you for this! :good:
verry nice work........would be nice to have a kind od "how to" when thing get all set.....:good:
Uhmm there is a how to..
Sent from my LG-E980 using xda premium
Gotroot said:
Uhmm there is a how to..
Sent from my LG-E980 using xda premium
Click to expand...
Click to collapse
yeah ...but i have all the file....does i have to put the phone in download mode??
Note: Found out there is one small problem with this mode - "adb logcat" is not working. As a workaround run "adb shell su -c logcat"
The Problem:
I am a heavy ADB user (QtADB) and was having problems getting it to mount /system rw and pushing/editing files in real time. Had no problems doing all this by mounting /system in recovery but rebooting the phone just to make some system files changes is kind of inconvenient. So I did some research and found this:
HEXcube said:
The real reason behind adb root or insecure adb is the adb daemon in the device running at root permissions. In pre-Android 4.1 versions, this is usually decided by some initialisation script(like init.rc) at boot time. The script checks for value in default.prop,local.propand other environment variables.
If it finds build.prop,default.prop or local.prop property file with ro.secure=0 adbd is allowed to run as root. You'll get adb root and hence will be able to do commands like adb remount,adb root and adb shell's prompt'll be # by default. The user may be displayed as [email protected] or [email protected] adb GUIs like Android Commander and QtADB will get to work in Root mode.
But,if it's ro.secure=1, adb daemon is made to work in secure mode, and adb won't change to root mode on issuing adb root command. However, if su binary is present in $PATH, u can still call su command from adb shell. But, it's not enough for Android Commander to get Root Access. It is possible to attain adb root through any one of the following methods:
1.For CyanoGenMod based ROMs there is an option in Settings->Developer Settings->Root access to control root access. Choose ADB only or Apps and ADB in options to get adb root.
2.Else use adbd Insecure app by chainfire if you have a rooted device. This is useful, especially for Android 4.1+ devices.
3.Or, you may manually edit default.prop to set it's value to 0, but original default.prop will be restored from boot partition everytime you reboot(this is the reason why adb Insecure cannot permanently do adb root, though there is an option to repeat the rooting procedure everytime the device boots). This method is called temporary adb root. On pre-Android 4.0 ROMs default.prop file was located in / directory. I read that from Android 4.x this file is in ramdisk and so more difficult to edit. But Android 4.0 has local.prop which is easier to modify than default.prop( See method 5)
4.For permanent adb root, you'll have to extract boot.img, change default.prop, repack and then flash it back to device.
5. In Android 4.0 there's local.prop file in /data partition. Setting ro.secure=0 in this file will do adb root permanently. Else you can set another property ro.kernel.qemu=1 in the same file. But, this value makes the system think that it is running in an android emulator. Many exploits and root methods set this property temporarily to gain root. But, it may cause side effects if used permanently. Setting ro.secure=0 is recommended. Do this command in terminal app or adb shell:
echo ro.secure=0 >/data/local.prop
or you can manually copy a local.prop file with ro.secure=0 as it's content to /data.
6.Note that method 3,4 and 5 won't work in Android 4.0 Jelly Bean onwards. According to Dan Rosenburg(drjbliss in XDA),the researcher who discovered adb root emulator exploit and many other exploits, Jelly Bean doesn't parse any property files to set the ownership of adb daemon. The stock adbd will have to be replaced with an insecure one to gain adb root. But still,as adbd is located in /sbin whose contents are reloaded everytime on reboot from boot.img, it won't be permanent.
7. For permanent adb root, you may flash an insecure boot.img(one that contains and insecure adbd)
8. If you're really desperate and can't get adb root to work with any of the above methods use an exploit. Most of the adb based rooting methods utilise some exploit to make the adb daemon run as root. By studying the exploit and implementing it you could gain adb root atleast temporarily.I'm not recommending this method but as a last resort you could try them.
Acknowledgements: Thanks to Dan Rosenberg for explaining the reasons behind adb root, especially the one in Jelly Bean.
Click to expand...
Click to collapse
Original thread: Can't get ADB Root Access in certain ROMs?
So I desided to modify my favorite kernel img and give it a try. I used Imoseyon's leanKernel but it should work with any kernel.
How To:
1. Get Android Image Kitchen and extract it to your PC;
2. Open your_favorite_kernel.zip with 7zip and extract boot.img file to Android Image Kitchen folder;
3. Drag and Drop boot.img over unpackimg.bat. Kernel is unpacked and you will see 2 new folders - ramdisk and split_img;
4. Go to ramdisk folder and open default.prop file with text editor. This probably is not necessary but just in case change ro.secure and ro.adb.secure to 0 (zero):
Code:
ro.secure=0
ro.adb.secure=0
5. Get Chainfire's adbd Insecure v1.30, open it with 7zip, in assets folder you will see 3 .png files. Extract adbd.17.png to ramdisk\sbin folder;
6. Delete original kernel adbd file and rename adbd.17.png to adbd;
7. Go back to Android Image Kitchen folder and run repackimg.bat by just click on it. This will repack the modified kernel to image-new.img file ready for flashing;
8. Rename image-new.img to boot.img and replace the original one in your_favorite_kernel.zip by Drag and Drop in 7zip window;
9. Close 7zip, copy modified your_favorite_kernel.zip to /sdcard and flash it in recovery.
10. Enjoy ADB full root access for /system;
Warnings:
I can't guarantee 100% success with this mod. I did this only with leanKernel and it works great, Haven't tried any other kernels so I am note sure how all this will end up. IT CAN SOFT BRICK YOUR PHONE!!! Keep a copy of the original kernel on your /sdcard!!!
Doing this while trying to find the correct tools for proper repack of the modified kernel sometime I was ending up with the phone not booting to Android, goes straight to download mode. Don't panic... Just remove battery, place it back, hold Volume Up + Home + Power buttons booting to recovery. Flash the original kernel and you are back all good.
The usual stuff:
I AM NOT RESPONSIBLE FOR ANYTHING ... bla-bla-bla...
All the credits goes for the developers created the great tools used for this mod.
If you think it's useful fill free to say THEM and me thanks.
@nijel8
Thanks for sharing this. I will test this out on my device. If successful I would like to share this over in the One SV forums.
I never even considered this idea smh lol.
Edit: confirmed working
Thanks so much for sharing this. I too use adb a lot and need an insecure kernel.
Success. Nexus 5 and I changed Franco kernel to insecure.
Franco kernels used to be insecure but none thus far have been on the N5. Any reason behind this?
Fuzzy13 said:
Thanks so much for sharing this. I too use adb a lot and need an insecure kernel.
Success. Nexus 5 and I changed Franco kernel to insecure.
Franco kernels used to be insecure but none thus far have been on the N5. Any reason behind this?
Click to expand...
Click to collapse
My guess is devs play it safe so average Joe don't mess with /system... ha-ha
btw is "adb logcat" working for you?
Only problem with the adbd from chainfires ADB Insecure is that it breaks adb wireless,any solution ?
nijel8 said:
Note: Found out there is one small problem with this mode - "adb logcat" is not working. As a workaround run "adb shell su -c logcat"
The Problem:
I am a heavy ADB user (QtADB) and was having problems getting it to mount /system rw and pushing/editing files in real time. Had no problems doing all this by mounting /system in recovery but rebooting the phone just to make some system files changes is kind of inconvenient. So I did some research and found this:
Original thread: Can't get ADB Root Access in certain ROMs?
So I desided to modify my favorite kernel img and give it a try. I used Imoseyon's leanKernel but it should work with any kernel.
How To:
1. Get Android Image Kitchen and extract it to your PC;
2. Open your_favorite_kernel.zip with 7zip and extract boot.img file to Android Image Kitchen folder;
3. Drag and Drop boot.img over unpackimg.bat. Kernel is unpacked and you will see 2 new folders - ramdisk and split_img;
4. Go to ramdisk folder and open default.prop file with text editor. This probably is not necessary but just in case change ro.secure and ro.adb.secure to 0 (zero):
Code:
ro.secure=0
ro.adb.secure=0
5. Get Chainfire's adbd Insecure v1.30, open it with 7zip, in assets folder you will see 3 .png files. Extract adbd.17.png to ramdisk\sbin folder;
6. Delete original kernel adbd file and rename adbd.17.png to adbd;
7. Go back to Android Image Kitchen folder and run repackimg.bat by just click on it. This will repack the modified kernel to image-new.img file ready for flashing;
8. Rename image-new.img to boot.img and replace the original one in your_favorite_kernel.zip by Drag and Drop in 7zip window;
9. Close 7zip, copy modified your_favorite_kernel.zip to /sdcard and flash it in recovery.
10. Enjoy ADB full root access for /system;
Warnings:
I can't guarantee 100% success with this mod. I did this only with leanKernel and it works great, Haven't tried any other kernels so I am note sure how all this will end up. IT CAN SOFT BRICK YOUR PHONE!!! Keep a copy of the original kernel on your /sdcard!!!
Doing this while trying to find the correct tools for proper repack of the modified kernel sometime I was ending up with the phone not booting to Android, goes straight to download mode. Don't panic... Just remove battery, place it back, hold Volume Up + Home + Power buttons booting to recovery. Flash the original kernel and you are back all good.
The usual stuff:
I AM NOT RESPONSIBLE FOR ANYTHING ... bla-bla-bla...
All the credits goes for the developers created the great tools used for this mod.
If you think it's useful fill free to say THEM and me thanks.
Click to expand...
Click to collapse
Some time ago I 've tried to do this for a Nexus6, running Marshmallow.
Android has tighten up security, so I got bootloops.
Anyone has managed to do this?
Thank you!
nijel8 said:
Note: Found out there is one small problem with this mode - "adb logcat" is not working. As a workaround run "adb shell su -c logcat"
The Problem:
I am a heavy ADB user (QtADB) and was having problems getting it to mount /system rw and pushing/editing files in real time. Had no problems doing all this by mounting /system in recovery but rebooting the phone just to make some system files changes is kind of inconvenient. So I did some research and found this:
Original thread: Can't get ADB Root Access in certain ROMs?
So I desided to modify my favorite kernel img and give it a try. I used Imoseyon's leanKernel but it should work with any kernel.
How To:
1. Get Android Image Kitchen and extract it to your PC;
2. Open your_favorite_kernel.zip with 7zip and extract boot.img file to Android Image Kitchen folder;
3. Drag and Drop boot.img over unpackimg.bat. Kernel is unpacked and you will see 2 new folders - ramdisk and split_img;
4. Go to ramdisk folder and open default.prop file with text editor. This probably is not necessary but just in case change ro.secure and ro.adb.secure to 0 (zero):
Code:
ro.secure=0
ro.adb.secure=0
5. Get Chainfire's adbd Insecure v1.30, open it with 7zip, in assets folder you will see 3 .png files. Extract adbd.17.png to ramdisk\sbin folder;
6. Delete original kernel adbd file and rename adbd.17.png to adbd;
7. Go back to Android Image Kitchen folder and run repackimg.bat by just click on it. This will repack the modified kernel to image-new.img file ready for flashing;
8. Rename image-new.img to boot.img and replace the original one in your_favorite_kernel.zip by Drag and Drop in 7zip window;
9. Close 7zip, copy modified your_favorite_kernel.zip to /sdcard and flash it in recovery.
10. Enjoy ADB full root access for /system;
Warnings:
I can't guarantee 100% success with this mod. I did this only with leanKernel and it works great, Haven't tried any other kernels so I am note sure how all this will end up. IT CAN SOFT BRICK YOUR PHONE!!! Keep a copy of the original kernel on your /sdcard!!!
Doing this while trying to find the correct tools for proper repack of the modified kernel sometime I was ending up with the phone not booting to Android, goes straight to download mode. Don't panic... Just remove battery, place it back, hold Volume Up + Home + Power buttons booting to recovery. Flash the original kernel and you are back all good.
The usual stuff:
I AM NOT RESPONSIBLE FOR ANYTHING ... bla-bla-bla...
All the credits goes for the developers created the great tools used for this mod.
If you think it's useful fill free to say THEM and me thanks.
Click to expand...
Click to collapse
Can this work with Note 3 N900 (exynos kernel) sir? Or just only for snapdragon chipsrt kernel? Thanks sir!
does this work on locked bootloader devices?
a custom kernel exists for my devices (G928A) with AdB Insecure , but its got a few qwirks that need worked out ( that require fully rooting the device )
all im looking for is insecure Adb, ( which I have tried to change ro.secure=0 and adb.secure=0 both with Echo commands in shell) for temporary adb root on the device
how did ManIT make his custom kernel undetectable/passable by the bootloader but with modifications?
if this will work ... then I will just edit an image pulled from the devices current boot.img and do the same adb insecure edit to the ramdisk.. to update the root flash kernel... shes a bit dated.... and there isn't one for marshmallow specific one yet.
I was also reading about a filler file due to block sizing when repacking the image ... so I created a copy file and edited the contents till it zipped back to within 1kb of data... will this be detected and flagged at boot?
help please
Great tutorial.
I did it by following the steps in your post.
Thank you for clear and precise explanation.
Anybody have a pre-patched / adb root enabled adbd at hand (10.0.36 or higher - current is 10.0.41 I think)?
Like a dummy I tried to rename framework-res while using my nexus so I could replace it with an edited one (deb rooted, stock 4.4.4 rom, franco -17 kernel)
Now Im trying to ADB in to rename the original file so it will boot again.
I'm connected to the nexus in ADB but when I try to pull or rename the file I always get some sort of error.
I was able to adb push a framwork file I downloaded on my computer but it still wouldnt boot. Im assuming it was bad.
Any help is much appreciated!
thanks!
Rhatfield25 said:
Like a dummy I tried to rename framework-res while using my nexus so I could replace it with an edited one (deb rooted, stock 4.4.4 rom, franco -17 kernel)
Now Im trying to ADB in to rename the original file so it will boot again.
I'm connected to the nexus in ADB but when I try to pull or rename the file I always get some sort of error.
I was able to adb push a framwork file I downloaded on my computer but it still wouldnt boot. Im assuming it was bad.
Any help is much appreciated!
thanks!
Click to expand...
Click to collapse
The reason it would not boot with the one you pushed to the device is probably because you have to set permissions correctly after the push. Framework res should probably be set to rw-r--r--
Run this after the push, or if the file is still on the phone, run it now.
Code:
adb shell
su
chmod 644 /system/framework/framework-res.apk
SwoRNLeaDejZ said:
The reason it would not boot with the one you pushed to the device is probably because you have to set permissions correctly after the push. Framework res should probably be set to rw-r--r--
Run this after the push, or if the file is still on the phone, run it now.
Code:
adb shell
su
chmod 644 /system/framework/framework-res.apk
Click to expand...
Click to collapse
I will give it a shot the second I get home! Thank you so much for the help. So by default files pushed to the system do not have full read and write permissions?
Thanks again!
Rhatfield25 said:
I will give it a shot the second I get home! Thank you so much for the help. So by default files pushed to the system do not have full read and write permissions?
Thanks again!
Click to expand...
Click to collapse
Yes, most of the time, pushed files will copy with bad permissions. Every time I've ever edited a system APK, I've had to subsequently set permissions before it would act correctly. Might not be 100% your issue, but it's definitely worth a shot.
SwoRNLeaDejZ said:
Yes, most of the time, pushed files will copy with bad permissions. Every time I've ever edited a system APK, I've had to subsequently set permissions before it would act correctly. Might not be 100% your issue, but it's definitely worth a shot.
Click to expand...
Click to collapse
Well now Ive run into a new problem. When I SU to get root access it tells me that /sbin/sh isnt found.
I rooted the n7 with cf autoroot.
this would be a whole lot easier if twrp would mount the tablet so I could just upload and flash a zip to update it.
Well I was able to sideload the boot animation herehttp://forum.xda-developers.com/showthread.php?t=2591471 just to confirm that sideload was working. I rebooted and it worked but still will not get past the boot animation.
The framework file simply needs to be put in /system right? so the command would look like
abd sideload framework-res.apk /system
Is that right?
Rhatfield25 said:
Well now Ive run into a new problem. When I SU to get root access it tells me that /sbin/sh isnt found.
I rooted the n7 with cf autoroot.
this would be a whole lot easier if twrp would mount the tablet so I could just upload and flash a zip to update it.
Click to expand...
Click to collapse
What about trying to use the terminal emulator in twrp?
Rhatfield25 said:
Well I was able to sideload the boot animation herehttp://forum.xda-developers.com/showthread.php?t=2591471 just to confirm that sideload was working. I rebooted and it worked but still will not get past the boot animation.
The framework file simply needs to be put in /system right? so the command would look like
abd sideload framework-res.apk /system
Is that right?
Click to expand...
Click to collapse
You need to fix the framework file before you can boot. Try running the permission command without su first.