[Q] Unrooting - Samsung Galaxy Nexus

Hi All,
This is just a quick 2 part question as I see many threads for the GNEX on rooting, but none very concrete on removing root. I've tried searching, but I must have missed it.
So, my questions are:
1. Once rooted via whatever method (I used fastboot method myself, thanks efrant for teaching the fastboot stuff), how do I unroot this thing to bring it back to stock configuration?
2. To make the unit truly stock again, can I just use fastboot and flash a factory google image? I know doing this will eliminate all my data, but will it remove all traces of any rooting done? (Insecure Kernal, SU, Busybox and whatever else)?
Please let me know.
Thanks guys... wasn't planning on rooting, but I miss the ability to do it. lol

1. See two.
2. Yes.
Flashing the stock image will bring your phone back to an out-of-the-box state.
Sent from my Galaxy Nexus using Tapatalk 2

infazzdar said:
1. See two.
2. Yes.
Flashing the stock image will bring your phone back to an out-of-the-box state.
Sent from my Galaxy Nexus using Tapatalk 2
Click to expand...
Click to collapse
Thanks man,
Makes me feel better about my decision to root this phone.
Appreciate the reply.

If you installed Superuser to system when you rooted then you'll need to remove that also but here are the basic adb commands for the job (make sure you have data and system mounted via CWM so you have access):
Code:
adb shell
rm /system/bin/su
mount -o remount,ro -t ext4 /dev/block/mmcblk0p1 /system
exit
BusyBox is another matter since CWM installs it to sbin every time you boot with it. Perhaps someone has a better idea (?), but from messing around a bit the other night the best method I've come up with is to use BusyBox to remove BusyBox, as follows:
Code:
adb shell
cd /sbin
cp busybox /data/local/tmp/busybox
chmod 06755 /data/local/tmp/busybox
rm busybox
/data/local/tmp/busybox rm `/data/local/tmp/busybox find -follow -maxdepth 1 -type l`
/data/local/tmp/busybox rm /data/local/tmp/*
exit
that second to last line gets rid of all the stray symlinks busybox left behind, not sure if CWM leaves any of those recovery/symlinks in sbin also or if those should be removed as well; perhaps someone else can fill us in on that point!

osm0sis said:
If you installed Superuser to system when you rooted then you'll need to remove that also but here are the basic adb commands for the job (make sure you have data and system mounted via CWM so you have access):
Code:
adb shell
rm /system/bin/su
mount -o remount,ro -t ext4 /dev/block/mmcblk0p1 /system
exit
BusyBox is another matter since CWM installs it to sbin every time you boot with it. Perhaps someone has a better idea (?), but from messing around a bit the other night the best method I've come up with is to use BusyBox to remove BusyBox, as follows:
Code:
adb shell
cd /sbin
cp busybox /data/local/tmp/busybox
chmod 06755 /data/local/tmp/busybox
rm busybox
/data/local/tmp/busybox rm `/data/local/tmp/busybox find -follow -maxdepth 1 -type l`
/data/local/tmp/busybox rm /data/local/tmp/*
exit
that second to last line gets rid of all the stray symlinks busybox left behind, not sure if CWM leaves any of those recovery/symlinks in sbin also or if those should be removed as well; perhaps someone else can fill us in on that point!
Click to expand...
Click to collapse
So flashing a Google factory image won't remove root? Or it will, but won't remove all evidence if someone went searching around trying to deny warranty.
When I rooted, I used the method of flashing recovery, then installed the su.zip via recovery. When I unrooted I simply flashed a factory image.
when you say installed superuser to system I'm guessing you mean something more advanced than the typical root process, correct?
Sent from my Galaxy Nexus using XDA

thos25 said:
So flashing a Google factory image won't remove root? Or it will, but won't remove all evidence if someone went searching around trying to deny warranty.
When I rooted, I used the method of flashing recovery, then installed the su.zip via recovery. When I unrooted I simply flashed a factory image.
when you say installed superuser to system I'm guessing you mean something more advanced than the typical root process, correct?
Sent from my Galaxy Nexus using XDA
Click to expand...
Click to collapse
Flashing the factory system image DOES remove root (and busybox and anything else you changed on the ROM).There is no need to do anything that osm0sis said to do.
And there is no "more advanced" process of rooting. Root is two files placed on you system: /system/bin/su and /system/app/Superuser.apk. Nothing more. (Whether you place them there yourself, or have CWM do it for you, is irrelevant.) Remove those those and root is gone.
Sent from my Galaxy Nexus using Tapatalk 2

if you grab wugfresh's toolkit itll do all of that with one-click convenience. thats what I do to un-root my Nexus.

Zbraptorsdr said:
if you grab wugfresh's toolkit itll do all of that with one-click convenience. thats what I do to un-root my Nexus.
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?p=21936493
Sent from my Galaxy Nexus using Tapatalk 2

efrant said:
Flashing the factory system image DOES remove root (and busybox and anything else you changed on the ROM).There is no need to do anything that osm0sis said to do.
Click to expand...
Click to collapse
Right, I was referring to "unroot"ing without reflashing the system.img, since my intent with that method was to keep all settings, etc. as-is, just remove all traces of root.

osm0sis said:
Right, I was referring to "unroot"ing without reflashing the system.img, since my intent with that method was to keep all settings, etc. as-is, just remove all traces of root.
Click to expand...
Click to collapse
Yup, you would need to remove it manually if you were running a custom ROM, but with a stock ROM, flashing the system partition only WOULD leave all your data/settings as is.

osm0sis said:
BusyBox is another matter since CWM installs it to sbin every time you boot with it.
Click to expand...
Click to collapse
IS this true? Can someone confirm? And is it true for all phones?

Zbraptorsdr said:
if you grab wugfresh's toolkit itll do all of that with one-click convenience. thats what I do to un-root my Nexus.
Click to expand...
Click to collapse
The easiest way to do it, just click and its does it on its own.

The-Droidster said:
IS this true? Can someone confirm? And is it true for all phones?
Click to expand...
Click to collapse
Just wanted to clear this up now that I'm a bit more wise on the subject. The sbin stuff doesn't matter since it's all part of the ramdisk, and gets generated on each boot (to recovery or OS) and otherwise doesn't exist. No need to delete anything but su. :good:

osm0sis said:
Just wanted to clear this up now that I'm a bit more wise on the subject. The sbin stuff doesn't matter since it's all part of the ramdisk, and gets generated on each boot (to recovery or OS) and otherwise doesn't exist. No need to delete anything but su. :good:
Click to expand...
Click to collapse
he means, of course, "su" as in /system/bin/su AND /system/app/Superuser.apk. partially correct, i think, ramdisk is only used for early OS boot. Ramdisk + kernel = boot.img.
Recovery is on a different partition, for starters, and AFAIK, deploys needed files to a temporary location on the phone's ram or in the file system, which would be the recovery partition. Busybox gets placed in there as well.
Sent from my i9250

stock kernel has a ramdisk but not all kernels are packaged with one. recovery also has a ramdisk, just as it also has a kernel. Decompile/split/unzip one some time and you'll see /sys/ and /proc/ and /sbin/ all get generated from the ramdisk. And yes, if you for some reason put Superuser.apk or SuperSU.apk in /system/app/ (a completely unnecessary step), then naturally they need to go too.

Related

Help needed. Rooting Desire Z

Ok, after using my phone for a while i decided to root it. Since I have the stock Gingerbread rom i followed the guide to downgrade to the stock froyo rom. http://forum.xda-developers.com/showthread.php?t=1178912
I reached the part Temp-Rooting to Backup However, when i run titanium backup it says Error: Sorry, I could not acquire root privileges. This application will *not* work.
What am I supposed to do? I followed the guide to the letter and everything up till that point was exactly as the guide said.
My phone's details are
Android version 2.3.3
Baseband version 12.56.60.25U_26.10.04.03_M
Kernel version 2.6.35.10-g7b95729
Software number 2.42.415.17
Here is what i did in adb
http://pastebin.com/jkxE55Yh
For some reason, new users are not allowed to post links in their replies. Nipqer, i redid all my steps and did what you told me.
here is the link of all what i did:
http://pastebin.com/Fze9uB33
First, thank you so much for linking a pastebin of what you've done, makes it so much easier to try help.
However I'd really like to see if there was any output after running 'adb shell /data/local/
tmp/fixsu.sh' so if you can get that ouput and post it, would be much appreciated.
You might have to run it from inside shell:
adb shell
cd /data/local/tmp
./fixsu.sh
-Nipqer
Thanks Nipqer and sorry for the late reply.
I did what you told me and this is what i got
C:\Program Files (x86)\Android\android-sdk\platform-tools>adb shell
adb server is out of date. killing...
* daemon started successfully *
# cd /data/local/tmp
cd /data/local/tmp
# ./fixsu.sh
./fixsu.sh
#
though i don't know if it helps with anything.
I just got confused because in the guide it says to install Titanium backup and backup my data. I have already done a manual backup myself but i figured doing a backup using Titanium backup will not hurt. I have used other programs like Root Checker Basic and it tells me that i don't have proper root access.
Can I just ignore this issue and go ahead with the downgrade? Or will there be some problems?
Thanks again in advance!
Hmm, it should give you root permissions after running fixsu.sh.
The lack of output shows it should've worked.
That part of the guide is entirely optional anyway, so If you already have what you want backed up, go ahead and downgrade.
-Nipqer
Nipqer said:
Hmm, it should give you root permissions after running fixsu.sh.
The lack of output shows it should've worked.
Click to expand...
Click to collapse
Well. fixsu.sh returned no error for me, too. But Titanium backup did not get root and trying to call "su", I got I/O error. And looking to dmesg, I seen corrupted file system.
After a bit of research I got the reason: rw remount succeeds, Linux thinks, that data are written to flash, but no data are written for real. Once data leave cache, they are lost and system "returns" to intact state.
I wrote a different fixsu.sh, which does not have this problem, but I am still failing to get root privileges, even with the latest Superuser+su. I got only a pop-up about refused root access. (But "su number_of_any_existing_uid" and then "su" in adb shell says says about permitted access.)
Here is my preliminary fixsu.sh:
Code:
#!/system/bin/sh
chmod 755 /data/local/tmp/busybox
chmod 4755 /data/local/tmp/su
/data/local/tmp/busybox cp -a /system/xbin /data/local/tmp/
mount -o bind /data/local/tmp/xbin /system/xbin
/data/local/tmp/busybox --install -s /system/xbin/
/system/bin/rm /system/xbin/su 2>/dev/null
/data/local/tmp/busybox cp -a /data/local/tmp/su /system/xbin/
/data/local/tmp/busybox cp -a /system/bin /data/local/tmp/
mount -o bind /data/local/tmp/bin /system/bin
/data/local/tmp/busybox cp -a /data/local/tmp/su /system/bin/
# /etc/* changes are needed only for some busybox utils, not for Superuser's su
/data/local/tmp/busybox cp -a /system/etc /data/local/tmp/
mount -o bind /data/local/tmp/etc /system/etc
/data/local/tmp/busybox echo "root::0:0:root:/data/local:/system/bin/sh" > /system/etc/passwd
chmod 0666 /system/etc/passwd
/data/local/tmp/busybox echo "root::0:0:root:/data/local:/system/bin/sh" > /system/etc/passwd
/data/local/tmp/busybox echo "root::0:" > /system/etc/group
chmod 0666 /system/etc/group
# Optional:
ln /data/local/tmp/busybox /data/local/tmp/xbin/busybox
And here is the code to recover "writable" state after reboot:
Code:
#!/system/bin/sh
mount -o bind /data/local/tmp/xbin /system/xbin
mount -o bind /data/local/tmp/bin /system/bin
mount -o bind /data/local/tmp/etc /system/etc
Unfortunately I can't tell you why it won't work. Might just be your partitions are too corrupted or something.
Have you tried a full power cycle (turn phone off, pull battery), it's helped other phones work in the past.
Otherwise I'd say just use adb to pull your entire /data dir, so you have everything saved and can mess round with trying to put it back in later.
-Nipqer
Nipqer said:
Unfortunately I can't tell you why it won't work. Might just be your partitions are too corrupted or something.
Have you tried a full power cycle (turn phone off, pull battery), it's helped other phones work in the past.
Click to expand...
Click to collapse
I tried to reboot without battery removal. Partition was "corrupted" before reboot and intact after reboot. I tried to write again. I again got corruption. And ffter reboot it was again byte-equal to the original system.img. It means, that not write actually happens. Linux kernel just assumes that data are written, but they are lost after leaving kernel cache.
Hopefully, Android mount command supports -o bind, so one can bind mount directories from /data and /system is seemingly writable then.
Nipqer said:
Otherwise I'd say just use adb to pull your entire /data dir, so you have everything saved and can mess round with trying to put it back in later.
Click to expand...
Click to collapse
I saved all mmcblk0p* before starting my experiments. It should be the most complete way to backup, but it does not easily allow partial restore.
utx said:
I saved all mmcblk0p* before starting my experiments. It should be the most complete way to backup, but it does not easily allow partial restore.
Click to expand...
Click to collapse
If you saved the data from the partitions, restoring would just be placing the apk in /data/app/ and then placing the data files back into /data/data/ - if you do it this way, you must run fix_permissions whether you saved it with or without preserving the permissions (owner, read/write/execute, et cetera). The app, when you put it on the different rom, will have a different UID (more than likely) than it did before and the data files permissions would be incorrectly set. Running fix_permissions should resolve that issue.
*EDIT*
I may of misunderstood what you meant by saving mmcblk0p*. How did you do this? At first I was thinking you just meant you did a tar backup of each partition, but after re-reading sounds more like you something like
Code:
# dd if=/dev/block/mmcblk0p# of=/sdcard/mmcblk0p#.img
Is that what you did? If so, are you trying to restore it by the same method?
Code:
# dd if=/sdcard/mmcblk0p#.img of=/dev/block/mmcblk0p#
If so, I'm not sure that would work properly… You might have to extract the data from it then copy it over to the partition...
I've had that problem after geting temp root. Titanium would say no root premissions. So I redid the steps after reboot...but I found the problem was that if you open titanium back up be for u root it will throw yu that msg so if yu have did that that's why so go back after you root in to applications and force close titanium and then reopen app then it shuld give you root premssions at least it worked for me but I still wasn't able to down grade and another thing are u using the gfree method kus that didn't work for me to get root... I had to use the freevo method to get temp root as gfree kept giving me errors after doing the adb coommands
sent from my Tmobile G2 Rush Vision
And if that dosnt work yu can use sdcard maid to back up your system apps n such or delete them ....
sent from my Tmobile G2 Rush Vision
Setherio said:
If you saved the data from the partitions, restoring would just be placing the apk in /data/app/ and then placing the data files back into /data/data/ - if you do it this way, you must run fix_permissions whether you saved it with or without preserving the permissions (owner, read/write/execute, et cetera). The app, when you put it on the different rom, will have a different UID (more than likely) than it did before and the data files permissions would be incorrectly set. Running fix_permissions should resolve that issue.
Click to expand...
Click to collapse
I am aware of this problem. But if one returns exactly equal /system as it was there before, the /data will need no change.
Setherio said:
I may of misunderstood what you meant by saving mmcblk0p*. How did you do this? At first I was thinking you just meant you did a tar backup of each partition, but after re-reading sounds more like you something like
Code:
# dd if=/dev/block/mmcblk0p# of=/sdcard/mmcblk0p#.img
Is that what you did? If so, are you trying to restore it by the same method?
Code:
# dd if=/sdcard/mmcblk0p#.img of=/dev/block/mmcblk0p#
If so, I'm not sure that would work properly… You might have to extract the data from it then copy it over to the partition...
Click to expand...
Click to collapse
It was just an abbreviation:
Code:
cd /dev/block
for PARTITION in mmcblk0p* ; do
dd if=/dev/block/$PARTITION of=/sdcard/$PARTITION.img
done
I guess, that the most straightforward way to restore that /data would be: First run
Code:
fsck mmcblk0p26.img
(on Linux machine) on that /data image (when you don't have root and custom recovery yet, you cannot backup /data in read-only mode, so the image is corrupted a bit for sure; if the fsck puts something to /lost+found, you can delete it after finishing of the rooting process). Then rename mmcblk0p26.img to userdata.img and add it to the PC10IMG.zip that restores stock system. Otherwise you will again fight with "partition in use" problem when trying to restore.
I did not test this method, as I did not understand the partition layout that deeply before I root. But there is no reason why it would not work.
Hello everybody,
for quite a while i am reading several guide for rooting my desire z (android 2.3.3, not branded, USB debugging activated, Fast boot deactivated). In Germany most of the guides refer to Setherio's guide. So working with the source is as usual the best.
Unfortunately - even after 3 tries, with factory resets, rebooting, removing the battery, etc. - I cannot gain a temporary root. neither titanium backup nor MyBackUp Root gain access for making a backup. So I ended up here. I am not sure, if Sayedamir had the same problem. Nevertheless, I appreciate every help.
This is what I have done so far:
http://pastebin.com/NKD6D7Av
Furthermore, referring to Nipquer's 1st post, I executed fixsu as described with following results:
http://pastebin.com/0EQS0UnF
I am not sure, if I should proceed with the downgrading without having a backup and I guess, when the backup isn't working (lack of temporary root), the downgrading would not work anyway?!
Hi Vince683,
Yes I had exactly the same problem. I too followed Setherio's guide and after 2 attempts I still couldnt get temp root. I ended up not being able to back up any of my apps.
However i suggest you back up your messages and contact as that was the only stuff I could back up. there are alot of apps in the market that do that and i guess they dont need root.
If backing up your app data is that not important you can proceed with the downgrade. It worked in my case. I guess the only nuisance would be that you have to manually install and configure all yours apps again.
Tell us how it goes.
Perfect, it worked. Thank you for encouraging me
And Cyanogenmod 7.2 works fine.
Vince683 said:
Perfect, it worked. Thank you for encouraging me
And Cyanogenmod 7.2 works fine.
Click to expand...
Click to collapse
You're welcome

How to root phone with no usb cable.

Since my phone's usb is effed, I can't root it via usb. Now, I can install dropbox and put stuff in my phone like the the SU file and ROMS. Can I root using my phone only?
Edit: unrelated. Sorry
convolution said:
Since my phone's usb is effed, I can't root it via usb. Now, I can install dropbox and put stuff in my phone like the the SU file and ROMS. Can I root using my phone only?
Click to expand...
Click to collapse
Nope. How do you know your USB is broken? Sounds more like user error?
Sent from my Galaxy Nexus using xda premium
To my knowledge you need fastboot to unlock and root. That requires USB.
There might be some local privilege escalation vulnerabilities in ICS itself, but those tends to get patched and nobody really bothers to look for them on open devices like the Galaxy Nexus.
you can use mempodroid on 4.0.2 to get a root shell. not sure what you can or can't do from there with a locked bootloader tho.
kendong2 said:
you can use mempodroid on 4.0.2 to get a root shell. not sure what you can or can't do from there with a locked bootloader tho.
Click to expand...
Click to collapse
If you can get a rootshell, you can manually root the phone, just like many people do with the hacked/modified boot.img booted by fastboot. Basically take your temproot and make it a permroot.
1. push modified su-binary and Superuser.apk to phone's /sdcard/.
2. From the (temp) root-shell do approximately the following:
Code:
# mount -o remount,rw /system
# cat /sdcard/su >/system/xbin/su
# cat /sdcard/Superuser.apk /system/app/Superuser.apk
# chmod 06755 /system/xbin/su
# mount -o remount,ro /system
3. Done.
kendong2 said:
you can use mempodroid on 4.0.2 to get a root shell. not sure what you can or can't do from there with a locked bootloader tho.
Click to expand...
Click to collapse
Thanks for this. I was unaware that someone found local privilege escalation exploit for ICS.
I haven't tried it myself, but it would certainly helps those with locked bootloaders (and/or broken hardware buttons or USB ports).
I started a new thread here.
EDIT: It seems that you need to be connected over ADB to get this to work. However, it may work with ADB over Wi-Fi, but I haven't gotten there yet.
Oh thx!
Now, can I flash roms and have CWM without an unlocked bootloader as well?

How to unroot a rom? How is root detected?

I have an app that checks for root permissions and refuses to run. I am running a Blazer pre-rooted ROM. I have tried the following:
adb shell
mount -o remount,rw /system
busybox cp /system/xbin/su /sdcard
busybox mv /system/xbin/su /system/xbin/su2
When I do this several apps that require root such as titanium backup fail for obvious reasons. The phone is still rooted however. I know this because adb shell is still defaulting me to a root prompt, even after reboot. My questions are:1) If I mv the su binary to something random how does the phone achieve root upon reboot?2) Would it be possible to su to a different uid (the normal non-root user) and then launch my app or change the entire android environment to it?3) What is the Superuser app called in this ROM? There is no /system/app/Superuser.apk. I would like to try to uninstall it.
Thanks,
Ownage
try this
azuki88 said:
I really have trouble with it, need help.
Click to expand...
Click to collapse
http://k0nane.info/rom/ecm/TeamEpic-Root-from-Recovery-v5.zip flash in recovery.
billard412 said:
http://k0nane.info/rom/ecm/TeamEpic-Root-from-Recovery-v5.zip flash in recovery.
Click to expand...
Click to collapse
+1...good suggestion...
Sent from my SPH-L710 using xda premium

[HOW-TO] [GSM & CDMA] How to root without unlocking bootloader (for ITL41D to JRO03O)

[HOW-TO] [GSM & CDMA] How to root without unlocking bootloader (for ITL41D to JRO03O)
As of Oct 10, 2012: Google has patched this vulnerability starting with JRO03U. That is to say, this works on versions of ICS and JB from ITL41D to JRO03O inclusive. It will not work for JRO03U or newer. (My previous guide found here only worked on Android versions 4.0.1 and 4.0.2, i.e., ITL41D/F and ICL53F.
Once you have root, you can use segv11's BootUnlocker app to unlock your bootloader without wiping anything. Easy as pie!
Disclaimer: I take no credit for this exploit or the implementation of it. All credit goes to Bin4ry and his team. I just isolated the parts required for the GNex, modified it slightly and eliminated the script.
So, it looks like Bin4ry (with the help of a couple of others) has managed to find a way to exploit a timing difference in the "adb restore" command. See source here. (Although this may be old news to some, I hadn't seen it before a few days ago.) This is more for informational purposes, as having a Nexus device, we are able to backup our data, unlock the bootloader and restore the backup, so this is guide is not really that useful for most, but you still have those users who are scared to unlock their bootloader. It is useful however, for those with a broken power button, as it allows them to unlock their bootloader without the power button.
How this works
The way this works is as follows: the "adb restore" command needs to be able to write to /data to restore a backup. Because of this, we can find a way to write something to /data while this is being done. Now, Android parses a file called /data/local.prop on boot. If the following line exists in local.prop, it will boot your device in emulator mode with root shell access: ro.kernel.qemu=1. So, if we can place a file called local.prop with the aforementioned line in /data, once your device boots, it will boot in emulator mode and the shell user has root access, so we now can mount the system partition as r/w.
So what does this all mean:
You can now root any version of ICS and JB released to-date without having to unlock your bootloader (and without losing your data).
Moreover, you should now be able to root your device even if your hardware buttons are not working.
Additionally, this allows those who have not received an OTA update and want to apply it without having an unlocked bootloader or root to do so by copying the OTA update to /cache from /sdcard.
Notes:
1) Please read the entire post before attempting this.
2) This does not wipe any of your data, but I take no responsibility if something happens and you lose your data. Maybe consider doing a backup as per this thread before attempting this.
3) This assumes that you have USB Debugging enable on your device (Settings > Developer Options > Enable USB Debugging) and the drivers for your device installed on your computer. For the drivers, I would recommend you remove all old drivers and install these. If you don't know how to install them, or are having issues, look here.
4) This obviously needs to be done over ADB, as you cannot run adb in a terminal emulator on-device. If you do not have ADB, I've attached it in the zip (Windows and Linux versions). Unzip all files.
Step-by-step:
1) Download the attached files to your computer and unzip them;
2) Open a command prompt in that same directory;
3) Copy the root files to your device:
adb push su /data/local/tmp/su
adb push Superuser.apk /data/local/tmp/Superuser.apk
4) Restore the fake "backup": adb restore fakebackup.ab Note: do not click restore on your device. Just enter the command into the command prompt on your PC and press the enter key.
5) Run the "exploit": adb shell "while ! ln -s /data/local.prop /data/data/com.android.settings/a/file99; do :; done" Note: when you enter this command, you should see your adb window flooded with errors -- this is what is supposed to happen.
6) Now that the "exploit" is running, click restore on your device.
7) Once it finishes, reboot your device: adb reboot Note: Do not try and use your device when it reboots. Running this exploit will reboot your device into emulator mode, so it will be laggy and the screen will flicker -- this is normal.
8) Once it is rebooted, open a shell: adb shell
Note: Once you do step 8, your should have a root shell, i.e., your prompt should be #, not $. If not, it did not work. Start again from step 4. (It may take a few tries for it to work. Thanks segv11.)
Now we can copy su and Superuser.apk to the correct spots to give us root.
9) Mount the system partition as r/w: mount -o remount,rw -t ext4 /dev/block/mmcblk0p1 /system
10) Copy su to /system: cat /data/local/tmp/su > /system/bin/su
11) Change permissions on su: chmod 06755 /system/bin/su
12) Symlink su to /xbin/su: ln -s /system/bin/su /system/xbin/su
13) Copy Superuser.apk to /system: cat /data/local/tmp/Superuser.apk > /system/app/Superuser.apk
14) Change permissions on Superuser.apk: chmod 0644 /system/app/Superuser.apk
15) Delete the file that the exploit created: rm /data/local.prop
16) Exit the ADB shell: exit (May have to type exit twice to get back to your command prompt.)
17) Type the following (not sure if this is needed for the GNex, but it shouldn't matter): adb shell "sync; sync; sync;"
18) Reboot: adb reboot
19) Done. You now should have root without having to unlock your bootloader. If you want to unlock now, you can without wiping anything. See segv11's app linked at the beginning of this post.
Note: If you still do not have root access after doing these steps, redo them and add this step between 10 and 11:
10b) Change the owner of su: chown 0.0 /system/bin/su (Thanks maxrfon.)
I've done all. It installs supersuser app but the phone is not really rooted and apps that requires it doesn't work
Lorenzo_9 said:
I've done all. It installs supersuser app but the phone is not really rooted and apps that requires it doesn't work
Click to expand...
Click to collapse
Did you try opening the Superuser app?
What happens when you open an app that requires root? Do you get the request for su access?
You can open the app but whith apps that requires root there are no requestes and they don't... Even using root checker you see that you're not rooted
Lorenzo_9 said:
You can open the app but whith apps that requires root there are no requestes and they don't... Even using root checker you see that you're not rooted
Click to expand...
Click to collapse
Re-run the entire procedure again (including pushing the su and Superuser.apk files). When I had done it, I used the latest version of su and Superuser.apk, but when I uploaded the files in the attachment in post #1, I used the files that Bin4ry had in his package, which I assume are older. Regardless, re-download the attachment in the first post and try it again.
efrant said:
Re-run the entire procedure again (including pushing the su and Superuser.apk files). When I had done it, I used the latest version of su and Superuser.apk, but when I uploaded the files in the attachment in post #1, I used the files that Bin4ry had in his package, which I assume are older. Regardless, re-download the attachment in the first post and try it again.
Click to expand...
Click to collapse
Ok I'll do it and then I'll report you what happens. So now have you updated su and superuser.apk?
Lorenzo_9 said:
Ok I'll do it and then I'll report you what happens. So now have you updated su and superuser.apk?
Click to expand...
Click to collapse
Yes, I put the latest versions in the zip in the first post.
I can confirm that this works, and also that step 10b was not needed for me. This is the first time I have not used a toolkit so if I can do it, anyone can.
Running a Verizon Galaxy Nexus, this allowed me to update to the leaked Jelly Bean OTA with a locked bootloader. I first flashed stock 4.0.4 and locked the bootloader. I then used the exploit to gain root access, allowing me to apply IMM76Q and JRO03O OTA updates via stock recovery. (Rebooting between updates.) Thank you for creating a guide that this newb could easily understand and follow.
serty4011 said:
I can confirm that this works, and also that step 10b was not needed for me. This is the first time I have not used a toolkit so if I can do it, anyone can.
Running a Verizon Galaxy Nexus, this allowed me to update to the leaked Jelly Bean OTA with a locked bootloader. I first flashed stock 4.0.4 and locked the bootloader. I then used the exploit to gain root access, allowing me to apply IMM76Q and JRO03O OTA updates via stock recovery. (Rebooting between updates.) Thank you for creating a guide that this newb could easily understand and follow.
Click to expand...
Click to collapse
Thanks for confirming that step was not needed.
Thanks!
Bookmarked for future reference :good:
does it work on nexus 7 ?
dacc said:
does it work on nexus 7 ?
Click to expand...
Click to collapse
Yes, it should.
thans for quick response
Works fine for my GNex, big thanks! How about putting it into a script for non-advanced users here?
wictor1992 said:
Works fine for my GNex, big thanks! How about putting it into a script for non-advanced users here?
Click to expand...
Click to collapse
Glad you got it working!
As for putting it into a script, I could but I'd rather not. As with most of the guides that I have written up, I purposely do not put things into a script so that people would actually go through all the steps and, by doing so, maybe get an understanding of what they are actually doing, and hopefully learn something in the process. If I would have packaged it up into a script, a lot of the less experienced users would not even try to go through the steps -- they would just use the script, and no one learns anything yet again. See here for some discussion on one-click scripts. Granted, blindly following a step-by-step is not much better, but I have tried to put comments and explanations throughout to facilitate learning. It's about the journey...
P.S.: I would appreciate it if no one else posts a script in this thread.
efrant said:
P.S.: I would appreciate it if no one else posts a script in this thread.
Click to expand...
Click to collapse
can i make a script that just puts in big text "STOP USING TOOLKITS AND 1 CLICKS"
Zepius said:
can i make a script that just puts in big text "STOP USING TOOLKITS AND 1 CLICKS"
Click to expand...
Click to collapse
LOL! Yes, sure, that's one script I don't mind being posted. LOL!
Heh, fair enough. I think I'm learning a bit about adb
One question: I can't replace system APKs by installing them, it tells me that there is a signature conflict. How can I fix that? I thought it shouldn't happen after rooting. (I'm trying to install the "international" velvet.apk).
wictor1992 said:
Heh, fair enough. I think I'm learning a bit about adb
One question: I can't replace system APKs by installing them, it tells me that there is a signature conflict. How can I fix that? I thought it shouldn't happen after rooting. (I'm trying to install the "international" velvet.apk).
Click to expand...
Click to collapse
Let's try to keep this thread on-topic please.
But to answer your question, don't install the apk. Using a file explorer that has root access, copy it to /system/app (after making sure that system is r/w) and make sure the permissions are set to match the other apks in that directory.
when running adb after running the command where i tell it to restore fake restore and then while the "exploit" is running ikeep getting , in cmd, link failed, no such file or directory, and it just keep doing that. is this normal or did i do something wrong.
efrant said:
Let's try to keep this thread on-topic please.
But to answer your question, don't install the apk. Using a file explorer that has root access, copy it to /system/app (after making sure that system is r/w) and make sure the permissions are set to match the other apks in that directory.
Click to expand...
Click to collapse

[Q] Rooting does not work 100% fine

Hello.
I have rooted my phone using
http://htc-one.wonderhowto.com/how-to/unlock-bootloader-root-your-htc-one-m8-0154444/
(in short, it's using SuperSU 2.00)
After some efforts, Root Checker says i am fine. I can get id 0 from adb, and via ssh.
But ... Busybox fails to install.
And if I remount /system RW, and mess in there a bit (like mkdir /system/tmp ), the mess is removed after reboot. Changes are not permanent.
Must I change my su app for superuser mentionned in the FAQ of the section (via recovery) ? Are there things to do before this migration ?
Other possible issues ?
I am used to fully unlocked HTC Sensation, where I changes to /system are easily permanent. But it was done using an exploit, few before HTC allowed rooting officially. Rooted M8 does not seem as much friendly ...
I *really* need busybox to work, and make permanent changes to /system. I am stuck.
Thanks.
doublehp said:
Hello.
I have rooted my phone using
http://htc-one.wonderhowto.com/how-to/unlock-bootloader-root-your-htc-one-m8-0154444/
(in short, it's using SuperSU 2.00)
After some efforts, Root Checker says i am fine. I can get id 0 from adb, and via ssh.
But ... Busybox fails to install.
And if I remount /system RW, and mess in there a bit (like mkdir /system/tmp ), the mess is removed after reboot. Changes are not permanent.
Must I change my su app for superuser mentionned in the FAQ of the section (via recovery) ? Are there things to do before this migration ?
Other possible issues ?
I am used to fully unlocked HTC Sensation, where I changes to /system are easily permanent. But it was done using an exploit, few before HTC allowed rooting officially. Rooted M8 does not seem as much friendly ...
I *really* need busybox to work, and make permanent changes to /system. I am stuck.
Thanks.
Click to expand...
Click to collapse
The /system partition is write protected on stock, meaning you can't add, modify, or delete files there. To disable this, you need to flash a kernel or rom with this disabled. Pretty much all sense based roms/kernels will state this in the features. I believe S-Off also disables it if you want to go the extra mile.
PS: Write protection is disabled in recovery. That is why superuser/root could be installed there.
PPS: Here is the kernel I run (protection disabled): http://forum.xda-developers.com/showthread.php?t=2705613
akitten007 said:
The /system partition is write protected on stock, meaning you can't add, modify, or delete files there. To disable this, you need to flash a kernel or rom with this disabled. Pretty much all sense based roms/kernels will state this in the features. I believe S-Off also disables it if you want to go the extra mile.
PS: Write protection is disabled in recovery. That is why superuser/root could be installed there.
PPS: Here is the kernel I run (protection disabled): http://forum.xda-developers.com/showthread.php?t=2705613
Click to expand...
Click to collapse
So, is there a way to install busybox via recovery ?
I did 3 things in recovery: all in /system/xbin
- chmod +s su
- touch t
- mkdir tmp
after reboot to normal mode, SUID bit was removed, but t and tmp are still here.
So, how do I install busybox ?
New issue: /data has the nodev flag; is it possible to remove it ?
I did not found /dev/shm ; was it moved somewhere else ? Any other place for similar use ? (world write temp folder in RAM).
akitten007 said:
PPS: Here is the kernel I run (protection disabled): http://forum.xda-developers.com/showthread.php?t=2705613
Click to expand...
Click to collapse
If your kernel allows me to install busybox, can i backup my original kernel to restaure it afterwards ?
Can I install busybox manually via recovery+adb ? I don't have any dev suite, but a good linux station; so, I can unzip, list, copy, and so on ... if there is not too much work to do.
doublehp said:
If your kernel allows me to install busybox, can i backup my original kernel to restaure it afterwards ?
Can I install busybox manually via recovery+adb ? I don't have any dev suite, but a good linux station; so, I can unzip, list, copy, and so on ... if there is not too much work to do.
Click to expand...
Click to collapse
Now you're starting to go over my head. If you want to keep your current kernel, I would try using this method here to manually add the module that disables the protection http://forum.xda-developers.com/showthread.php?t=2702575. I usually just install busybox using rom toolbox or any other busybox app. You could search for a busybox zip, but just disabling the write protection is a better option in my opinion. And I have actually 0.00 idea what flags mean on folders (sorry).
I rooted using TWRP recovery and super su. That guide you posted gives unnecessary instructions. TWRP automatically installs the SU binary and Super su the first time you boot into it. I was able to update Super su via google play, no need for the update zip. Just follow the instructions after rebooting to system from TWRP recovery.
I'm s-off, unlocked, my kernel, firmware and os are stock, only thing that isn't is recovery. I have write access to system and external sd card. All I did was make it writable with root explorer and have installed busy box no problem using this app https://play.google.com/store/apps/details?id=stericson.busybox.
I was given a better fix.
http://forum.xda-developers.com/showthread.php?t=2701816
In short:
adb push /mnt/big/tmp/wp_mod_m8.ko /mnt/sdcard/Download/
insmod /mnt/sdcard/Download/wp_mod_m8.ko
mount -o remount,rw /system
cd /system
touch z
mkdir zz
reboot
[email protected]_m8:/storage/emulated/legacy # cd /system/
[email protected]_m8:/system # ls
app
bin
build.prop
customize
etc
fonts
framework
lib
lost+found
media
priv-app
tts
usr
vendor
xbin
z
zz
[email protected]_m8:/system #
The miror is on maintainance for now. So, the guy on IRC gave me his local backup. I will push it here for 30 days:
http://dl.free.fr/gSha53ljz
(server will delete it after 30d nobody downloads it)
Busybox still fails to install; don't know why.

Categories

Resources