How to root Samsung Galaxy 2 GT-I9100 on Linux
Installation Directory
The entire installation is done in a user folder, here in the directory: ~/sg2/
Install heimdall and the heimdall-frontend on the Linux PC
http:/ /www.glassechidna.com.au/products/heimdall/
There are debian packages for 32-bit or 64-bit
packages must be installed, heimdall and heimdall-frontend
Obtain the unsecure kernel for your phone
for find the kernel version installed on the phone
Making (Applications / Settings / About phone)
For example, kernel version :
2.6.35.7-I9100XWKJ2
Download here, if you have this kernel version! :
http://forum.xda-developers.com/showthread.php?t=1075278
Kernel_I9100XWKJ2.exe
Gives Final: 2.6.35.7-I9100XWKJ2-CL676699 [email protected]#2
Extract Kernel_I9100XWKJ2.exe in ~/sg2 /
We will use zImage.
Install the unsecure kernel
Put the phone in download mode
is off the phone.
Then you turn the phone to download mode by pressing
Down + Flight + Home Button It
Up and Flight
Checking the recognition of SG2
Connect USB on the computer and verify that they are given
heimdall detect
Device detected
Flashes in the unsecure kernel
As root, unless you have user right
# heimdall flash kernel zImage
(Once installed, reboot the phone, checking)
Android SDK, su and busybox
Put his phone as a USB Debug
Settings -> Applications -> Development -> USB Debugging
Install the Android SDK, the Linux version of Google site:
http://developer.android.com/sdk/index.html
http://dl.google.com/android/android-sdk_r16-linux.tgz
Extract the archive to ~/sg2/
Then use the graph to be able to download android adb party that will serve us.
~/sg2/android-sdk-linux/tools/android
Download android sdk platform tools
adb command is here:
~/sg2/android-sdk-linux/platform-tools/adb
Important Reminder
Make sure you Enable USB Debugging and Flash a Insecure Kernel Before Installing busybox and su
Installing busybox and su in the phone
S2Root Package (windows)
File: S2Root_1.5.1_Release.zip
We will use two files in this package
Download S2Root package and unzip it.
You'll find it here:
http://forum.xda-developers.com/attachment.php?attachmentid=750990&d=1318718398
S2Root_1.5.1_Release.zip
Extract and copy the Tools directory to ~/sg2/
We will use two files:
Tools/busybox
Tools/su
Installing su and busybox
Installing busybox, su and using the linux command adb previously installed:
cd ~/sg2/android-sdk-linux/platform-tools/
./adb push ../../Tools/busybox /system/xbin/
./adb push ../../Tools/su /system/xbin/
./adb shell chown root.shell /system/xbin/busybox
./adb shell chown root.shell /system/xbin/su
./adb shell chmod 755 /system/xbin/busybox
./adb shell chmod 4755 /system/xbin/su
./adb shell /system/xbin/busybox install -s /system/xbin
./adb shell mount -o ro,remount /dev/block/mmcblk0p9 /system
Humor
>> Mais en mettant le kernel cf ou speedmod et apres le stock, on ne perd pas le root ?
> Non, le root reste fonctionnel, reflasher le stock enlève le triangle jaune.
Copyright: The texts are available Creative Commons attribution share alike,other conditions may apply.
Related
1. How can I root my phone?
1.1 General information/Basic adb-commands
Rooting a phone enables you to do things, which normally aren't possible for the average user like:
- Removing apps which were preinstalled by the provider (like Orange, Vodafone, etc.). My Tattoo had Vodafone apps for buying music and other sh*t, which was installed on the system partition (to which a "normal" user has no rights to write to, including deleting).
The Tattoo was successfully rooted by a bunch of guys here, namely -bm-, mainfram3 and Coburn64 (maybe, I don't remember quite correctly ). Also the Tattoo was the first phone having a security mechanism hindering a user to mount the filesystems as read/write, which had to be overridden by remapping the read only memory region to a read/write one. This is done by the module Tattoo-hack.ko, also made by mainfram3. He also created the first boot.img, which enabled su directly from adb and loading Tattoo-hack directly from boot on.
A few words about adb:
ADB is a tool for communicating from the PC with the mobile phone. For this a service is running on the phone enabling the communication via Terminal Emulator. Here are the most useful adb-commands:
Code:
adb push localFileFromPC /path/on/mobilephone
-> pushes a file "localFileFromPC" to a specified location on the phone
adb pull /path/to/file pathFromPC
-> receives a file from the phone and stores it to "pathFromPC"
adb remount
-> This is only possible in custom ROMs, remounts the file system to r/w automatically
adb shell "command"
-> executes "command" and returns to the computer shell
adb shell
-> opens a shell session on the phone (from here on you have to be very careful! Also you can execute now normal linux commands like rm, mv, ls, chmod and so on, but not cp (this can done through busybox)). You will have to use this more often, so get used to it
1.2 Do I have to create a goldcard?
I read this question quite often. For rooting, you don't need it, but for SIM-locked phones you can't flash custom unbranded ROMs (I think).
A guide to create a goldcard follow this link: http://forum.xda-developers.com/show...88&postcount=1 (thanks to MiSSigNNo to this point)
1.3 Tools you need
A complete set of tools can be found here Feel free to mirror it:
http://rapidshare.com/files/403766494/Tattoo.rar.html
Mirror(s):
http://www.bild-ton.net/Tattoo.rar
http://www.megaupload.com/?d=CI9AW83F
This package contains:
- adb binaries for Windows (sorry Linux users )
- su (Please note: use the su-binary attached in this post, not the one in the archive!!!!!)
- m7 exploit
- Amon_RA recovery.img
- mainfram3 boot.img
- flash_image binary
- tattoo-hack.ko
1.4 The automated way
This method was created by maverixx and can be found here. This basically consists of a package doing everything you need by itself. It roots the phone and flashes maverixx recovery.img, which (no offense) I don't like as much as I like Amon_RA's one!). Just click the batchfile and it does the rest (you have to connect your phone via USB to your PC though ).
If you want to use the automated way, but flashing Amon_RA's recovery, just replace the recovery.img from maverixx' package with the recovery.img provided in my archive file (see 1.3 for the link).
In my time here I noticed quite a few users experiencing problems either with a fully functional su or with the recovery image not flashing certain update.zip packages. It seems to be a matter of luck.
1.5 The manual way (recommended by the author)
I personally like what is done when and how, that's why I recommend the manual way. So let's get down to business Let's see if you know all the adb-commands I wrote here:
1. Let's say you have everything unpacked into C:\Tattoo
2. In your terminal (on your PC) type:
- adb shell "mkdir /data/local/bin" (if it returns an error it means that the directory already exists, just proceed)
- adb push m7 /data/local/bin/
- adb push su /data/local/bin/
- adb push flash_image /data/local/bin/
- adb push tattoo-hack.ko /data/local/bin/
- adb push recovery.img /sdcard
- adb push boot.img /sdcard
3. We have every needed file on the phone now. Type now (we are still in your terminal):
- adb shell
$ cd /data/local/bin
$ chmod 766 m7 (I don't retain this step as mandatory, so if this process fails, just proceed)
$ while ./m7 ; do : ; done
lots of text until you see something like "wrote shell code", press enter 2 or 3 times enter to see:
#
4. Then perform this:
- # export LD_LIBRARY_PATH=/system/lib
- # export PATH=/system/bin
- # insmod ./tattoo-hack.ko
- # mount -o rw,remount /dev/block/mtdblock5 /data
- # mount -o rw,remount /dev/block/mtdblock3 /system
- # cat ./su > /system/bin/su
- # chmod 4755 /system/bin/su
- # chmod 755 ./flash_image
Questions?
1.6 Problems and (hopefully good) solutions
Q: How do I execute my command line tool?
A: On your Windows host, go to Start->Run...->type "cmd"
Q: Where is my adb? When I type it in my shell it says that it was not found!
A: The adb binary is found in the archive I supplied above or in the Google SDK. As my archive-file is quite smaller than the Google SDK you should take mine. Let's suppose your adb binary is unpacked in C:\Tattoo, then type:
Code:
Your\Current\Location> cd C:\Tattoo
C:\Tattoo> adb <command>Q: adb says "error: device not found" when I try to launch the shell on the phone!
A: Connect the phone with the usb cable and make sure the sd card is not mounted as drive on your PC!!!
Q: When I want to copy something the phone returns that "cp" is not found! Also when I try to move a file, it says "cross-link device".
A: Well, copying from one partition to another is only possible either via busybox or via
Code:
cat file > /location/filename
Example:
cp /data/su /system/bin
is realized by typing
cat /data/su > /system/bin/suAlso make sure that system is r/w!!!
Q: flash_image returns write errors when flashing recovery/boot image!
A:
For boot: Try to redo the flash procedure
For recovery: Note that you can't flash the same recovery.img as the one already installed, so install another recovery.img first (like maverixx) and then Amon_RA's again. If it still doesn't work reboot, remount the partitions r/w, insmod tattoo-hack.ko and retry flashing.
Q: How can I unroot my device?
A: Just delete su from /system/xbin and restore the old boot.img. Alternatively see here for retrieving a stock ROM to flash it on your phone.
i hope someone try this i don't have time
So I am trying to manually root my S3 without flashing a rom. I am able to get through most of the steps in these instructions up to the point where it requires you to put phone into download mode. I get phone into download mode, but when I connect to the PC, it doesn't see the phone.
This step worked:
To confirm your device is properly detected, in the command prompt, run
Code:
adb devices
Now copy busybox, su, superuser.apk to /data/local/tmp/ using adb.
Code:
adb push busybox /data/local/tmp adb push su /data/local/tmp adb push Superuser.apk /data/local/tmp
These steps worked:
Now run adb shell
Code:
adb shell
Note that you see a "$" sign in the command prompt. That means you are not rooted.
Next run the following commands in the shell to change permissions and get some limited privileges for the Superuser files:
Code:
chmod 6755 /data/local/tmp/su chmod 755 /data/local/tmp/busybox chmod 644 /data/local/tmp/Superuser.apk
Note that the names of the files are case sensitive.
Files are there and are verified when I ls /data/local/tmp. All three files are there.
This is where I have a stumbling block:
Once in download mode, connect the Android device using the microusb cable to the computer.
Now using the open Nautilus window, navigate to /UserData/local/tmp/ folder and verify that you have the files you sent to the device viz. su, busybox and Superuser.apk
So if I am able to push files to the phone, why won't it recognize it when in download mode?
Using Fedora Linux and have the full Android SDK installed.
Firstly, Merry Christmas!
Note: This worked on version 10.2.4
I received a Kindle Fire 2 today and since then I've been trying to get it rooted, now that I have I though I'd share it here for other people who might be in the same situation.
This is really just a remixing of the tool made by Bin4ry (http://forum.xda-developers.com/show....php?t=1886460) but I couldn't get the script to run on my Mac...
Step 0 - Preparing
You must enable ADB and Unknown App sources from Settings.
Settings > More > Security > Enable ADB
Settings > More > Device > Allow Installation of Applications
Step 1 is to get that tool from here. and extract it somewhere you'll remember.
Step 2 (you can skip this if you already have the android SDK platform-tools in your PATH)
If you don't have the android SDK or adb installed just add the 'stuff' folder from the tool to your path.
In terminal run
Code:
export PATH=$PATH:/path/to/extracted/tool/stuff/
Step 3 - Push the required files
It's probably easiest if you change into the stuff folder first...
Code:
cd /Users/x/Downloads/Root_with_Restore_by_Bin4ry_v18.7z\ Folder/stuff
Then run the following...
Code:
adb push busybox /data/local/tmp/.
adb push su /data/local/tmp/.
adb push Superuser.apk /data/local/tmp/.
adb push ric /data/local/tmp/ric
Then you need to run an adb shell to set some permissions
Code:
adb shell
(you should get a prompt like [email protected]:/)
Run
Code:
chmod 755 /data/local/tmp/busybox
exit
Step 4 - Rooting
This requires another terminal window. Check that you can run adb from there as well (running adb should print the usage information)
In the first window run:
Code:
adb shell "while ! ln -s /data/local.prop /data/data/com.android.settings/a/file99; do :; done" > /dev/null
In the other run
Code:
adb restore fakebackup.ab
You should get a prompt on your Kindle, hit the restore my data button. As you do so the command in the first window should stop (or a few seconds later - if it doesn't stop it and re-run both commands again.)
You can now close the second window!
Run
Code:
adb reboot
, your Kindle should reboot though the screen will be blinking repeatedly (flashing between the lockscreen and the boot animation) don't worry about that as it will be fixed in a sec.
Step 5 - Cleaning Up
Run
Code:
adb shell
If all was successful you should see the prompt change to [email protected]:/
If it did, continue otherwise go back to step 4.
Run these
Code:
/data/local/tmp/busybox mount -o remount,rw /system
/data/local/tmp/busybox mv /data/local/tmp/su /system/xbin/su
/data/local/tmp/busybox mv /data/local/tmp/ric /system/bin/ric
chmod 755 /system/bin/ric
/data/local/tmp/busybox mv /data/local/tmp/su /system/xbin/su
/data/local/tmp/busybox mv /data/local/tmp/Superuser.apk /system/app/Superuser.apk
/data/local/tmp/busybox cp /data/local/tmp/busybox /system/xbin/busybox
chown 0.0 /system/xbin/su && chmod 06755 /system/xbin/su
chmod 655 /system/app/Superuser.apk
chmod 755 /system/xbin/busybox
rm /data/local.prop
reboot
Your Kindle will restart and SuperSU will be available under Apps, your now free to do as you please, though you could follow with Step 3 on this thread to get Google Apps etc working.
Update: a short guide to installing the Play store can be found here.
This worked almost perfect for me but I couldn't get it to run adb commands from the stuff folder so I dumped its contents (minus the adb stuff) into the platform-tools in the android SDK and from then on everything went great. Thanks so much.
didthis work for 10.2.4 users out there
does this work for 10.2.4
worked!
Great work, congratulations and thanks! I'd like to make some comments tho regarding some typos and suggestions.
1.- I'd suggest to install the android SDK as, in fact, adb commands didn't work from the stuff folder. Add a line to .bash_profile with the export PATH command to make permanent access to the adb shell.
2.- Push files from the Root_with_Restore_by_Bin4ry_v18 folder, not the .7z file.
3.- The command is, e.g., adb push busybox /data/local/tmp/ instead of adb push busybox /data/local/tmp/.
4.- In Step 5 the command /data/local/tmp/busybox mv /data/local/tmp/su /system/xbin/su is twice so you'll get an error the second time you execute it.
Also congratulations for instructions on how to install PlayStore - here pay attention to the names playstore.apk and servicesframework.apk which in fact are plstore3.10.10.apk and GoogleServicesFramework.apk respectively -
Once again thanks for your work.
gorganzolia said:
does this work for 10.2.4
Click to expand...
Click to collapse
Yes this worked for 10.2.4
10.2.6
Does this work with 10.2.6?
it worked
Tried it this morning on 10.2.6 and it worked woohoo now how do you stop it from automatically updating
Found out how to stop those automatic updates here http://forum.xda-developers.com/showthread.php?t=2086450
Okay folks, I am a rooting newb where it comes to this wonderous device known as the Optimus G, and I need some questions answered.
First lemme fill you all in on some details where the computer I might be using to root my Optimus G is concerned. I run Zorin OS 6.1 64bit Core edition (yes, Linux) and that obviously that begs my first question, of any of the rooting methods mentioned in the development part of this forum, are there any that will work with Linux? And if so which ones or is there some kind of special magic I'll need to cast or some kind of coding wizardry level I'll have to obtain in order to be able to root my Optimus G?
Second, to fill you in on the phone, yes I have updated to ZV9 so if that borks me if you could please let me know?
Third, and Fourth actually are my concerns over being able to fix whatever possible brick type damage might be done. 3)How stable are the root/unlock methods, meaning there would be no way to reverse them? Of course I mean outside of accepting an OTA update which I already know better than to do on a custom ROM (had a Samsung Epic 4g before this so yeah I know how that goes.)
and 4)Is there an LGNPST (sp?) version for Linux or will I have to figure out a wa to maybe run it on WINE or something along those lines?
I'd ask about ROMS but I know everybody has an opinion of their own and I don't so much mind the stock one, though I might get the debloated version and see what else I can do with that.
Thanks in advance everybody for any help you all can give.
1) You can root through linux, although I don't know about which distros. I did it on ubuntu, using one of the links in the link in my sig.
2) AFAIK, you have to be on zv7/8 to root or unlock. You will have to use LGNPST to go back to one of those, and as far as I've ever heard that is a windows program only.
3) Both the root and unlock methods are reversible through whatever program you use to do it.
4) ???
You forgot profit!!!!
Sent from my LG-LS970 using xda premium
As long as you can attain a root shell and install ADB aka Android SDK, and as long as after that you can run ADB shell and then receive a prompt from your device you should be able to push the necessary files and then run the exploit and install the superuser binary there should be no issues. I actually took the windows root method, and used the commands in my Debian box and it worked very well. The only thing that I would be concerned with is weather not you can get a root shell in your specific version once that is attained, run ADB start-server as root then finish.
Basically I took this root method, and modded the script to fit linux.
(as noted from my post on the last page of that thread)
Preparation
ADB can be found either from the android sdk(tools only) or from the 'stuff' folder, in the archive below (i ran the one from the sdk)
Download this zip file, and extract the 'stuff' folder to a newly created 'root' folder on your Desktop
Open a terminal and cd to ~/Desktop/root
My adb location is coded into my $PATH variable so when I issue adb, it runs ~/android-sdk-linux/platform-tools/adb but you can either set up an alias (to the one included which would be alias adb=~/Desktop/root/stuff/adb if you follow the below extraction procedures or the one from the sdk which could be anywhere)
Before running the root I ran:
Code:
su -
adb start-server
exit
Then to test whether or not I had the correct version of adb, I ran:
Code:
adb shell
You should see your prompt change to that of the phone. if it displays any type of error message, please check your version of adb. to exit this prompt and continue with the root, simply type exit and press enter.
ROOT:
Paste the following into your terminal (which should now be in the ~/Desktop/root directory)
Code:
adb "wait-for-device"
adb push stuff/busybox /data/local/tmp/.
adb push stuff/su /data/local/tmp/.
adb push stuff/Superuser.apk /data/local/tmp/.
adb shell chmod 755 /data/local/tmp/busybox
adb restore stuff/fakebackup.ab
echo 'Select "Restore my data" on your phone!'
adb shell "while ! ln -s /data/local.prop /data/data/com.android.settings/a/file99; do :; done" > /dev/null
echo "Your phone will now reboot twice, DO NOT DISCONNECT USB!"
adb reboot
adb "wait-for-device"
adb shell "/data/local/tmp/busybox mount -o remount,rw /system && /data/local/tmp/busybox mv /data/local/tmp/su /system/xbin/su && /data/local/tmp/busybox mv /data/local/tmp/Superuser.apk /system/app/Superuser.apk && /data/local/tmp/busybox cp /data/local/tmp/busybox /system/xbin/busybox && chown 0.0 /system/xbin/su && chmod 06755 /system/xbin/su && chmod 655 /system/app/Superuser.apk && chmod 755 /system/xbin/busybox && rm /data/local.prop && reboot"
echo "Rooting Complete!"
echo "SuperSU should now be available in your applications drawer!"
Assimilated using the interface that interacts with the advanced internet.
1. Download terminal emulator,android vnc and arm version of backtrack.
2. Extract the content of img file and transfer it in to memory of android devices.
3. Install BusyBox and start it.
4. Open terminal emulator. use "cd" command to get in backtrack directory where extracted content is saved on memory card of device. In this case command is
cd /sdcard/BT5
5. Type "sh bootbt" and we will be in Backtrack.
commend
su
cd/sdcard/bt5
sh bootbt
startvnc
download from torrent
BackTrack 5 ARM Edition Quick Start
This image has been developed and tested on the you yureka. Your mileage may vary on other devices.
As this image runs in a chroot, you will need to have your device rooted. There are numerous tutorials on the subject online and are not included here.
***Rooting your device will potentially void its warranty and we are not in any way resposible if you brick your device while rooting it.***
### IMPORTANT POINTS ###
1. Since the image runs in a chroot, there is no root password set.
2. There are 2 scripts under /usr/bin/ 'startvnc' and 'stopvnc' that are set to start with the Xoom's default resolution.
3. The current vnc password is set to 'toortoor' and can be changed by running 'vncpasswd'
4. This image is a work in progress and suggestions/tips from the community are always welcome.
### GETTING STARTED ###
1. Once you have downloaded the ARM BT package, save the files in a convenient location. The steps below assume they are in the platform-tools folder of the Android SDK.
2. Go to your platform-tools directory and proceed to make a directory on the device to store BT5:
./adb shell
mkdir /sdcard/BT5
exit
3. Copy over the busybox install files:
./adb push busybox /sdcard/
./adb push installbusybox.sh /sdcard
4. Install busybox on the device:
./adb shell
cd /sdcard/
sh installbusybox.sh
exit
5. Transfer the required BT5 files to the device:
./adb push fsrw /sdcard/BT5/
./adb push mountonly /sdcard/BT5/
./adb push bootbt /sdcard/BT5/
./adb push bt5.img.gz /sdcard/BT5/
./adb push unionfs /sdcard/BT5/
6. Uncompress the image and start BT5:
./adb shell
su
cd /sdcard/BT5
gunzip bt5.img.gz
sh bootbt
If all goes well, you'll be in the BT5 chroot:
# sh bootbt
net.ipv4.ip_forward = 1
[email protected]:/# ls /pentest/
backdoors database exploits passwords scanners stressing voip
cisco enumeration forensics python sniffers tunneling web
[email protected]:/#