Related
Forgot to add this to the title: [BOOTLOADER LOCKED]
Hello Fellow XDA'ers,
Using a slightly formatted zergRush (modified by Ch4lky, part of the revolutionary team) i was able to get ADB root!!
Now how do i get from adb to the phone rooted?
Thank you, in advanced!
Note: zergRush (from Ch4lky) is attached.
paxChristos said:
Forgot to add this to the title: [BOOTLOADER LOCKED]
Hello Fellow XDA'ers,
Using a slightly formatted zergRush (modified by Ch4lky, part of the revolutionary team) i was able to get ADB root!!
Now how do i get from adb to the phone rooted?
Thank you, in advanced!
Note: zergRush (from Ch4lky) is attached.
Click to expand...
Click to collapse
I'll test this out later. Some other rooting tools might work with the adb root like SuperOneClick or UniversalAndroot
CrimsonSentinel13 said:
I'll test this out later. Some other rooting tools might work with the adb root like SuperOneClick or UniversalAndroot
Click to expand...
Click to collapse
Tried SuperOneClick, gingerbreak and universalandroot
UniversalAndroot:
Developer of that one stopped updating with froyo, I got nowhere (1.6.2 beta 5) if you have a better version, go for it
Gingerbreak: I ran outta patience with this one and just killed it after 5ish minuts of running it
SuperOneClick: Claims to get root (installed busybox, and superuser) when I reboot I loose root.
Tried chmodding su, but that didn't work out
paxChristos said:
SuperOneClick: Claims to get root (installed busybox, and superuser) when I reboot I loose root.
Tried chmodding su, but that didn't work out
Click to expand...
Click to collapse
I know that SOC has 3 ways to root. Doesn't shell root stick after a reboot with a script that's installed?
Edit: Nevermind... I realized that zergRush does that.
Just tried SOC again, this time using root checker, it says i'm rooted, but rootchecker says otherwise...
So far we're at ADB rooted, so we can remount as whatever we want, but past that, what can we do?
How does all of this work? i wouldn't mind having ADB root, at least its something better then no-root
---------- Post added at 04:51 PM ---------- Previous post was at 04:33 PM ----------
Wouldn't you just push the "su" commands to the correct folder to gain root?
Tried that, no dice
My guess is that it's not changing the /system folder to rw (read write) on boot instead of the default ro (read only)
Sent from my R800x using XDA App
If you change how the OS mounts at boot through fstab or the equivalent in Android, it might work.
Well couldn't you just have it like a tethered root? like every time you restart your phone just set the /system folder to rw? I really don't know because i'm still learning ADB.
Db0y505 said:
Well couldn't you just have it like a tethered root? like every time you restart your phone just set the /system folder to rw? I really don't know because i'm still learning ADB.
Click to expand...
Click to collapse
It's a horrible, horrible loop, to change the /system to rw, you need to have root. To get root you need a way to change /system to rw...
Right now we have a temporary root that only works in adb, but goes away once the phone is rebooted...
I have perma-root now.
remounted /system [adb remount]
pushed su to /system/bin & /system/xbin
chmod 4755 /system/bin/su
chmod 4755 /system/xbin/su
installed SuperUser through adb
installed BusyBox (if it doesn't show up) via a Market app
Ran SuperUser
installed Insecure ADB via APK & then ran it on phone, system reboots
Reboot has root & rooted insecure adb
All apps that need root have no issue. I'm looking into getting sudo added to the mix, too.
CrimsonSentinel13 said:
I have perma-root now.
remounted /system [adb remount]
pushed su to /system/bin & /system/xbin
chmod 4755 /system/bin/su
chmod 4755 /system/xbin/su
installed SuperUser through adb
installed BusyBox (if it doesn't show up) via a Market app
Ran SuperUser
installed Insecure ADB via APK & then ran it on phone, system reboots
Reboot has root & rooted insecure adb
All apps that need root have no issue. I'm looking into getting sudo added to the mix, too.
Click to expand...
Click to collapse
you good sir, are my hero!
Do you want to post how you got this in The developers forum?
You are a hero indeed, but could you just make the instructions slightly more "noob" oriented?
You sir are awesome!
---------- Post added at 06:25 PM ---------- Previous post was at 06:04 PM ----------
Ok i just did this and i have root! Thank you so much!
Cl8rs said:
You are a hero indeed, but could you just make the instructions slightly more "noob" oriented?
Click to expand...
Click to collapse
I'll be within on it once I get home, right now I'm in class until 9
Sent from my R800x using XDA App
paxChristos said:
I'll be within on it once I get home, right now I'm in class until 9
Sent from my R800x using XDA App
Click to expand...
Click to collapse
You're the best bro!
CrimsonSentinel13 said:
I have perma-root now.
remounted /system [adb remount]
pushed su to /system/bin & /system/xbin
chmod 4755 /system/bin/su
chmod 4755 /system/xbin/su
installed SuperUser through adb
installed BusyBox (if it doesn't show up) via a Market app
Ran SuperUser
installed Insecure ADB via APK & then ran it on phone, system reboots
Reboot has root & rooted insecure adb
All apps that need root have no issue. I'm looking into getting sudo added to the mix, too.
Click to expand...
Click to collapse
If you can already use adb remount, you dont need to install insecure adb because you already have it
I'll post my steps in an hour or so w/o the insecure adb step, too, in the dev section. If paxChristos gets around to it before me, I would appreciate the recognition.
Here's the thread: http://forum.xda-developers.com/showthread.php?t=1312859
CrimsonSentinel13 said:
I'll post my steps in an hour or so w/o the insecure adb step, too, in the dev section. If paxChristos gets around to it before me, I would appreciate the recognition.
Here's the thread: http://forum.xda-developers.com/showthread.php?t=1312859
Click to expand...
Click to collapse
No worries man, it's all you.
I need to do some "housekeeping" to get my phone to work with it,
Congrats on finding the hole, and thank you
This is AWESOME! now all we need is a work around like the DX to get some Clockwork mod recovery, or a way to crack the BL.
Never the less, i wanna say thanks to all the devs that did this, you guys rock
I have a request with a small donation as a reward. I'm not rich, but I can reward with some beer money.
I have managed to somehow delete my build.prop file while rooted and then managed to un-root my device. Naturally, I rebooted.
My request is for anyone with a bit of extra time to modify zergRush so that it does not look to a build.prop file to verify the android version.
If there are any other ideas on how to root a bricked Fire without a build.prop file, be my guest.
My hope is that once I am able to re-root my device, I will be able to mount /system/ as writeable and then be able to push in a build.prop file. However, obviously, until that happens I cannot put in a build.prop file.
If you have any questions I pretty much let it all out on the "How to unblock your kindle" thread.
If no one is able to do this I would understand. This is obviously beyond my technical expertise but I do appreciate any efforts or even suggestions. Even if there's no attempts made here, it is still shocking how much help is given on this forum.
EDIT: I was able to get my hands on a valid system.img and then flashed the system.img to my system partition. Doing so corrected my build.prop and my device became bootable. Thanks for all the help.
Did it update to 6.2 while in the midst of your needing around?
what does your device do?
Does it show under adb devices?
ajq said:
Did it update to 6.2 while in the midst of your needing around?
Click to expand...
Click to collapse
I updated to 6.2 on Tuesday. I have followed the directions on the "UNBRICK your kindle" thread. I have done that successfully. However, because my build.prop is missing, I can no longer re-root using zergRush. I believe that fastboot as directed in that thread restores the kindle to factory settings. I'm not quite sure if factory settings is 6.2 or if it goes all the way back to 6.0.
death2all110 said:
what does your device do?
Does it show under adb devices?
Click to expand...
Click to collapse
This is the post I created in the "How to unbrick your kindle" thread. It should answer most questions. I can use adb shell on the device but I cannot mount anything and SU responds "permission denied".
----from the other thread----
I am in a similar situation and am trying to work through it. I thought I rooted my device but when I restarted it, it didn't fully load. I've successfully done all of the steps listed in the OP but am still suck in a black screen (it's lit...but it's black) loop.
I believe I have deleted my build.pop file but have a backup listend as build.prop.bak. However, the device is trying to load and is failing. I need to rename my build.prop.bak as the primary build.prop. I have tried to access SU through ADB but am getting "permission denied" almost as if my device wasn't rooted.
I have tried to mount system as RW but I am also getting permission denied.
Any advice. Here is my /system/
:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Admin>cd \KindleFireRoot\files
C:\KindleFireRoot\files>adb shell
adb server is out of date. killing...
* daemon started successfully *
$ cd /system/
cd /system/
$ ls -l
ls -l
drwxr-xr-x root root 1970-01-01 00:00 lost+found
drwxr-xr-x root root 2011-12-01 19:03 app
drwxr-xr-x root shell 2011-12-01 19:03 bin
drwxr-xr-x root root 2011-11-30 01:16 etc
drwxr-xr-x root root 2011-11-30 01:16 fonts
drwxr-xr-x root root 2011-11-30 01:16 framework
drwxr-xr-x root root 2011-11-30 01:16 lib
drwxr-xr-x root root 2011-11-30 01:16 media
drwxr-xr-x root root 2011-11-30 01:16 tts
drwxr-xr-x root root 2011-11-30 01:16 usr
drwxr-xr-x root shell 2011-11-30 01:16 vendor
drwxr-xr-x root shell 2011-12-01 19:03 xbin
-rw-r--r-- root root 2143 2008-08-01 12:00 build.prop.bak
$
EDIT: I have tried to re-root through the method provided as well as superoneclick root, but both have failed because no android system is being recognized. This may have to do with the lack of a proper build.prop on my device.
EDIT2: I figure the above might not be enough information so I will now post what I have done so far to get it bricked, and what I have already tried.
1. I tried the rooting method on rootkindlefire.com and it seemed successful. I then was able to set /system/ as RW via root explorer. I copied a modified build.prop file that is available in the android development forums. However, unfortunately, I believe I may have edited the name of this file or done something wrong in handling it accidentally. Regardless, I pasted this file in the /system/ folder and renamed my original build.prop file to build.prop.bak. I then restarted my kindle fire. Now, it shows the kindle fire screen for a second and then goes black entirely. It is still on (the screen is lit), but the screen is black. It then remains like this until I do a hard reset and then it repeats this process.
2. I have tried to access SU but have been unable to do so. I have been unable to mount system as RW using the instruction a page back. In both situations I get the "permission denied" response from the command line.
3. Everytime I try to root using the method provided in the OP, I get a message saying that it can't find android 2.2 or 2.3
4. I am unable to root again using super click for the same reason.
5. I have otherwise been able to follow all of the steps in the OP successfully, but to no avail. My screen goes black after it shows the kindle fire screen for a couple seconds.
6. Any suggestions would be very very helpful. From my amateur amount of knowledge, it seems to me that I don't have a build.prop in my /system/ but am unable to rename or access my build.prop.bak so that I can set it as the regular bootable build.prop. This is because, even though I thought I had it rooted, I am unable to set the /system/ directory as writable.
7. ANY SUGGESTIONS OR HELP WOULD BE GREAT!
Just as a disclaimer: I acknowledge I'm a moron for not verifying everything when I pushed in a build.prop file into my /system/ folder and restarted. No need to call me names
For those who know a bit more than me...
Would pushing the 6.2 update (or any of the downloadable firmware) to the kindleupdates folder in the sdcard and then rebooting fix my problem? I remember reading that the updates re-writes the build.prop which would fix my situation.
Of course, do you need root permissions to be able to write to the sdcard? I only ask this because I can not get the sdcard to actually show up on my desktop. I would need to push it via terminal or adb shell.
Anyone know if this would work?
I am beginning to realize that I may actually still have root, but since I can't boot up the phone, I can't fill out the superuser access dialog that usually comes up when a program tries to access superuser. I had root before I caused the build.prop problems, but figured that I had somehow lost it when I tried to access SU from ADB. Anyone know of a way to bypass this access dialog?
I checked the root status with OneClickRoot after OTA reported my KF was still rooted (just to be sure) and then re-installed Superuser and pushed the necessary Android APKs back to /system/app and it was working again.
damianarnold said:
I checked the root status with OneClickRoot after OTA reported my KF was still rooted (just to be sure) and then re-installed Superuser and pushed the necessary Android APKs back to /system/app and it was working again.
Click to expand...
Click to collapse
How did you re-install Superuser if you're not able to fully boot up the KF? To be clear, when I try to root with superoneclick it says i'm rooted (and if i try and continue it fails...) but whenever I type in adb shell and then su I get "permission denied."
ejrubin said:
How did you re-install Superuser if you're not able to fully boot up the KF? To be clear, when I try to root with superoneclick it says i'm rooted (and if i try and continue it fails...) but whenever I type in adb shell and then su I get "permission denied."
Click to expand...
Click to collapse
My Fire was fully booted up. Did you remove and reinstall Superuser?
damianarnold said:
My Fire was fully booted up. Did you remove and reinstall Superuser?
Click to expand...
Click to collapse
Don't think our KF were in the same state. I don't have a build.prop to boot my KF into so I can't manage superuser at all (I do, however, have a totally useless build.prop.bak that is sitting there in the directory. ) I have the superuser.apk in there so it seems as though I'm rooted but I still can't get into SU via adb.
Can't get Write access to /System or /SDCard
ejrubin said:
Don't think our KF were in the same state. I don't have a build.prop to boot my KF into so I can't manage superuser at all (I do, however, have a totally useless build.prop.bak that is sitting there in the directory. ) I have the superuser.apk in there so it seems as though I'm rooted but I still can't get into SU via adb.
Click to expand...
Click to collapse
Still having the exact same problem! Was able to get the build.prob.bak pulled from /system but can't rename it and push it back to hopefully get this working again.
I am starting to think I may have to send this KF back soon if I don't get it working again.
Any help anyone can provide would be great.
I'm thinking since we are able to get into fastboot, do any developers know if it is possible to push in a new system.img via fastboot? This would solve our build.prop problems no? Any developers know if this is possible?
I would like to compile zergRush myself, but I don't know how to compile Android binary.
It seems require linux to do so.
Can you adb push to the sdcard?
Sent from my DROID Pro using XDA App
JackpotClavin said:
Can you adb push to the sdcard?
Sent from my DROID Pro using XDA App
Click to expand...
Click to collapse
No , I think the sdcard is not yet mount. Tried cd sdcard and it's not possible.
Is it possible to mount it without root? Cause when we try to mount system folder it's permission denied.
And I'm afraid the system won't run the official update even the patch is inside the sdcard folder.
I think ejrubin's idea on how to fix our bricked kindle fire is completely right , we just need either one of the following :
1. A zergRush binary won't check the build.prop to let us run root and mount the system folder
2. Since we can get into fastboot, I think we need a correct update.zip or system.img to fix it. Any idea to build it from kindle's official update?
Well try "mount sdcard" in the shell. If you can push the update, you can idme bootmode into 0x5001 and it'll take the update in recovery mode
If that doesn't work I'll give a custom zerg a shot
Edit: I got it. If you wanna flash my clockwork build in fastboot and set the fastboot to boot into recovery, you can access your /system through recovery, I do it all the time
It'll be a fastboot flash recovery <the name of the recovery.img I'll post later when I get home>
From there you will have to:
Adb shell
Mount system
Mv /system/build.bak /system/build.prop
Sent from my DROID Pro using XDA App
JackpotClavin said:
Well try "mount sdcard" in the shell. If you can push the update, you can idme bootmode into 0x5001 and it'll take the update in recovery mode
If that doesn't work I'll give a custom zerg a shot
Edit: I got it. If you wanna flash my clockwork build in fastboot and set the fastboot to boot into recovery, you can access your /system through recovery, I do it all the time
It'll be a fastboot flash recovery <the name of the recovery.img I'll post later when I get home>
From there you will have to:
Adb shell
Mount system
Mv /system/build.bak /system/build.prop
Sent from my DROID Pro using XDA App
Click to expand...
Click to collapse
If i just type "mount sdcard" it cannot recognize the command.
if try to mount it with -t and mount it to other folder, it just say permission denied.
Of course I wanna flash your clockwork build!!
Would you mind to guide us with all the step when you're ready? Because I'm quite new to root android machine.
Really thanks for your help!!!!!!!!!!!!!!!!
Yeah **** sorry guys can this wait till tomorrow? Sorry I said tonight, I got side tracked tonight
Sent from my DROID Pro using XDA App
I rooted my kindle fire using kindle fire utility 0.9.6 (after the rooting superuser wasn't installed on my kindle), downloaded twrp, flashed hashcode jelly bean ROM from this link
http://forum.xda-developers.com/showthread.php?t=1766829
and then flashed Superuser-3.1.3-x86-signed.zip which I downloaded from this link
http://androidsu.com/superuser/
but superuser won't work, when I check the root explorer in ES file explorer it tells me that this feature can't work on ur phone
Please I'm really dying out here
Someone Help Pleeeeeeeeeeeeeeeeeease !!!!!
You need the su binary installed as well. But with that being said, why don't you just install the Superuser.apk?
[Edit:] It's late and I'm not paying attention for some reason. Custom ROMs come pre-rooted and you have Jelly Bean installed. Perhaps there's a problem with ES File Explorer?
soupmagnet said:
You need the su binary installed as well. But with that being said, why don't you just install the Superuser.apk?
Click to expand...
Click to collapse
Thank you for replying so fast
how can I install su binary? and about the superuser.apk isn't that what i flashed into my device i have a superuser icon on my desktop but it just won't add any apps to its list.
Thanks again
At the Superuser website, there are three zip files. One is Superuser, one is the su binary, and the other should be both. Not that it matters at this point.
soupmagnet said:
At the Superuser website, there are three zip files. One is Superuser, one is the su binary, and the other should be both. Not that it matters at this point.
Click to expand...
Click to collapse
what do you mean by not that it matters at this point?
can't I just download the zip and flash it?
soupmagnet said:
You need the su binary installed as well. But with that being said, why don't you just install the Superuser.apk?
[Edit:] It's late and I'm not paying attention for some reason. Custom ROMs come pre-rooted and you have Jelly Bean installed. Perhaps there's a problem with ES File Explorer?
Click to expand...
Click to collapse
Maybe you missed this
soupmagnet said:
Maybe you missed this
Click to expand...
Click to collapse
I tried another app called copy paste it and when I try to use it this message appears:
"Your Phone does not appear to be rooted or has not been given root privileges. to use this application please provide root privileges to this applications"
what should I do?
[Edit] ok now i know my device is certainly not rooted i tried orbot, market enabler and market unlocker they all dispatch the same message your device isn't rooted.
can anyone tell me how to root it?
Scarfacew said:
I tried another app called copy paste it and when I try to use it this message appears:
"Your Phone does not appear to be rooted or has not been given root privileges. to use this application please provide root privileges to this applications"
what should I do?
[Edit] ok now i know my device is certainly not rooted i tried orbot, market enabler and market unlocker they all dispatch the same message your device isn't rooted.
can anyone tell me how to root it?
Click to expand...
Click to collapse
I too used the KFU to supposedly root my KF, but when I tried to install Titanium Backup, it gave me the same error message saying that my phone did not have root privileges... I wonder if there is something not installing correctly when using KFU...
"Root" consists of the su binary, which the system uses to give the user root permissions, and Superuser.apk, which keeps a database of what programs you allow to have those permissions. With "su" only, you will still have root permission, but only at the level of command line interface and your apps will not be allowed root permissions. Superuser.apk by itself is worthless. Custom ROMS come pre-rooted so the need to re-root is usually unnecessary unless something happens to one of the above mentioned programs. The only way to be sure if/which one is missing is in recovery via the command line because custom recovery will provide temporary root access.
Code:
adb shell ls /system/xbin
...look for su
Code:
adb shell ls /system/app
...look for Superuser.apk
Superuser can be installed from within the ROM using the .apk (at least in earlier versions it was possible), or in recovery using the command line or by flashing the signed .zip from the superuser website . The su binary can only be installed while in recovery.
Of course it all can be fixed by re-flashing your custom ROM.
It may also be necessary to rename the check-rooted executable, but only if you're running the stock Amazon software.
I think that pretty much covers it.
soupmagnet said:
"Root" consists of the su binary, which the system uses to give the user root permissions, and Superuser.apk, which keeps a database of what programs you allow to have those permissions. With "su" only, you will still have root permission, but only at the level of command line interface and your apps will not be allowed root permissions. Superuser.apk by itself is worthless. Custom ROMS come pre-rooted so the need to re-root is usually unnecessary unless something happens to one of the above mentioned programs. The only way to be sure if/which one is missing is in recovery via the command line because custom recovery will provide temporary root access.
Code:
adb shell ls /system/xbin
...look for su
Code:
adb shell ls /system/app
...look for Superuser.apk
Superuser can be installed from within the ROM using the .apk (at least in earlier versions it was possible), or in recovery using the command line or by flashing the signed .zip from the superuser website . The su binary can only be installed while in recovery.
Of course it all can be fixed by re-flashing your custom ROM.
It may also be necessary to rename the check-rooted executable, but only if you're running the stock Amazon software.
I think that pretty much covers it.
Click to expand...
Click to collapse
Ok now things are getting worse I tried to turn the wifi on and it didn't work, I tried to reboot and power off the tablet but it just won't work
{Edit} I want to know that by re-flashing the ROM is there a guarantee that those problems won't happen again.
One more thing is that I deleted the ROM from my kindle I can't transfer it from my laptop because the kindle hasn't been recognized after the jelly bean and I can't downloaded because wifi isn't working so what should I do
Thanks in advance
Scarfacew said:
Ok now things are getting worse I tried to turn the wifi on and it didn't work, I tried to reboot and power off the tablet but it just won't work
I want to know that by re-flashing the ROM is there a guarantee that those problems won't happen again.
Thanks in advance
Click to expand...
Click to collapse
There are never any guarantees when it comes to computers and system software, but the LIKELINESS is very high that the problem will be fixed.
soupmagnet said:
There are never any guarantees when it comes to computers and system software, but the LIKELINESS is very high that the problem will be fixed.
Click to expand...
Click to collapse
One more thing is that I deleted the ROM from my kindle I can't transfer it from my laptop because the kindle hasn't been recognized since I flashed the jelly bean and I can't downloaded because wifi isn't working so what should I do
Thanks in advance
Boot into recovery and "mount" your sdcard to USB. The computer should still recognize it.
soupmagnet said:
Boot into recovery and "mount" your sdcard to USB. The computer should still recognize it.
Click to expand...
Click to collapse
I re-flashed the Rom, wifi is working so I dl ES file explorer and checked Root explorer, but when superuser request popped, I clicked allow but it didn't work it gave me the same message, the new thing is that superuser app added es file explorer to its list but I still can't copy apps in the app/system file.
I know I bored you to death and I'm really thankful for ur help but I really need the root.
Scarfacew said:
I re-flashed the Rom, wifi is working so I dl ES file explorer and checked Root explorer, but when superuser request popped, I clicked allow but it didn't work it gave me the same message, the new thing is that superuser app added es file explorer to its list but I still can't copy apps in the app/system file.
I know I bored you to death and I'm really thankful for ur help but I really need the root.
Click to expand...
Click to collapse
Ok, well try a different ROM. If the problem persists then we can try to think of something.
I flashed the Alien droid ROM it's working fine till now but I need to know how to install an arabic keyboard please
Thanks
Ok, I have a dumb question, but from where do you run the DOS commands from? (ie. what directory?)..
c:\KFU?
Right-click on your KFU folder and select properties to find the folder's path. It may be different depending on wherever you've installed it.
soupmagnet said:
Right-click on your KFU folder and select properties to find the folder's path. It may be different depending on wherever you've installed it.
Click to expand...
Click to collapse
Thanks. but not sure i understand.
Here is what I'm attempting to do.. using the root method described here: http://forum.xda-developers.com/showthread.php?t=1638452 under "Getting to fastboot mode" there are a series of command line examples that seem to start with adb.... (ex. adb shell chmod 755 /data/local/tmp/fbmode).
Under Rooting the stock software, the first step command line is "adb shell mount system"
my question is from where do I start (directory) so that when I enter these commands they work?
Or are you saying that I need to fun all these from the KFU directory? (or KFU/tools) or some other directory..
I appreciate the help and feedback..
:h my::
Wherever adb is...Right-click on that folder to find it's path so you can "cd" or change directories to it. Alternatively, you can Shift + Right-click on that folder and select something like "Open command window here".
[HOW-TO] [GSM & CDMA] How to root without unlocking bootloader (for ITL41D to JRO03O)
As of Oct 10, 2012: Google has patched this vulnerability starting with JRO03U. That is to say, this works on versions of ICS and JB from ITL41D to JRO03O inclusive. It will not work for JRO03U or newer. (My previous guide found here only worked on Android versions 4.0.1 and 4.0.2, i.e., ITL41D/F and ICL53F.
Once you have root, you can use segv11's BootUnlocker app to unlock your bootloader without wiping anything. Easy as pie!
Disclaimer: I take no credit for this exploit or the implementation of it. All credit goes to Bin4ry and his team. I just isolated the parts required for the GNex, modified it slightly and eliminated the script.
So, it looks like Bin4ry (with the help of a couple of others) has managed to find a way to exploit a timing difference in the "adb restore" command. See source here. (Although this may be old news to some, I hadn't seen it before a few days ago.) This is more for informational purposes, as having a Nexus device, we are able to backup our data, unlock the bootloader and restore the backup, so this is guide is not really that useful for most, but you still have those users who are scared to unlock their bootloader. It is useful however, for those with a broken power button, as it allows them to unlock their bootloader without the power button.
How this works
The way this works is as follows: the "adb restore" command needs to be able to write to /data to restore a backup. Because of this, we can find a way to write something to /data while this is being done. Now, Android parses a file called /data/local.prop on boot. If the following line exists in local.prop, it will boot your device in emulator mode with root shell access: ro.kernel.qemu=1. So, if we can place a file called local.prop with the aforementioned line in /data, once your device boots, it will boot in emulator mode and the shell user has root access, so we now can mount the system partition as r/w.
So what does this all mean:
You can now root any version of ICS and JB released to-date without having to unlock your bootloader (and without losing your data).
Moreover, you should now be able to root your device even if your hardware buttons are not working.
Additionally, this allows those who have not received an OTA update and want to apply it without having an unlocked bootloader or root to do so by copying the OTA update to /cache from /sdcard.
Notes:
1) Please read the entire post before attempting this.
2) This does not wipe any of your data, but I take no responsibility if something happens and you lose your data. Maybe consider doing a backup as per this thread before attempting this.
3) This assumes that you have USB Debugging enable on your device (Settings > Developer Options > Enable USB Debugging) and the drivers for your device installed on your computer. For the drivers, I would recommend you remove all old drivers and install these. If you don't know how to install them, or are having issues, look here.
4) This obviously needs to be done over ADB, as you cannot run adb in a terminal emulator on-device. If you do not have ADB, I've attached it in the zip (Windows and Linux versions). Unzip all files.
Step-by-step:
1) Download the attached files to your computer and unzip them;
2) Open a command prompt in that same directory;
3) Copy the root files to your device:
adb push su /data/local/tmp/su
adb push Superuser.apk /data/local/tmp/Superuser.apk
4) Restore the fake "backup": adb restore fakebackup.ab Note: do not click restore on your device. Just enter the command into the command prompt on your PC and press the enter key.
5) Run the "exploit": adb shell "while ! ln -s /data/local.prop /data/data/com.android.settings/a/file99; do :; done" Note: when you enter this command, you should see your adb window flooded with errors -- this is what is supposed to happen.
6) Now that the "exploit" is running, click restore on your device.
7) Once it finishes, reboot your device: adb reboot Note: Do not try and use your device when it reboots. Running this exploit will reboot your device into emulator mode, so it will be laggy and the screen will flicker -- this is normal.
8) Once it is rebooted, open a shell: adb shell
Note: Once you do step 8, your should have a root shell, i.e., your prompt should be #, not $. If not, it did not work. Start again from step 4. (It may take a few tries for it to work. Thanks segv11.)
Now we can copy su and Superuser.apk to the correct spots to give us root.
9) Mount the system partition as r/w: mount -o remount,rw -t ext4 /dev/block/mmcblk0p1 /system
10) Copy su to /system: cat /data/local/tmp/su > /system/bin/su
11) Change permissions on su: chmod 06755 /system/bin/su
12) Symlink su to /xbin/su: ln -s /system/bin/su /system/xbin/su
13) Copy Superuser.apk to /system: cat /data/local/tmp/Superuser.apk > /system/app/Superuser.apk
14) Change permissions on Superuser.apk: chmod 0644 /system/app/Superuser.apk
15) Delete the file that the exploit created: rm /data/local.prop
16) Exit the ADB shell: exit (May have to type exit twice to get back to your command prompt.)
17) Type the following (not sure if this is needed for the GNex, but it shouldn't matter): adb shell "sync; sync; sync;"
18) Reboot: adb reboot
19) Done. You now should have root without having to unlock your bootloader. If you want to unlock now, you can without wiping anything. See segv11's app linked at the beginning of this post.
Note: If you still do not have root access after doing these steps, redo them and add this step between 10 and 11:
10b) Change the owner of su: chown 0.0 /system/bin/su (Thanks maxrfon.)
I've done all. It installs supersuser app but the phone is not really rooted and apps that requires it doesn't work
Lorenzo_9 said:
I've done all. It installs supersuser app but the phone is not really rooted and apps that requires it doesn't work
Click to expand...
Click to collapse
Did you try opening the Superuser app?
What happens when you open an app that requires root? Do you get the request for su access?
You can open the app but whith apps that requires root there are no requestes and they don't... Even using root checker you see that you're not rooted
Lorenzo_9 said:
You can open the app but whith apps that requires root there are no requestes and they don't... Even using root checker you see that you're not rooted
Click to expand...
Click to collapse
Re-run the entire procedure again (including pushing the su and Superuser.apk files). When I had done it, I used the latest version of su and Superuser.apk, but when I uploaded the files in the attachment in post #1, I used the files that Bin4ry had in his package, which I assume are older. Regardless, re-download the attachment in the first post and try it again.
efrant said:
Re-run the entire procedure again (including pushing the su and Superuser.apk files). When I had done it, I used the latest version of su and Superuser.apk, but when I uploaded the files in the attachment in post #1, I used the files that Bin4ry had in his package, which I assume are older. Regardless, re-download the attachment in the first post and try it again.
Click to expand...
Click to collapse
Ok I'll do it and then I'll report you what happens. So now have you updated su and superuser.apk?
Lorenzo_9 said:
Ok I'll do it and then I'll report you what happens. So now have you updated su and superuser.apk?
Click to expand...
Click to collapse
Yes, I put the latest versions in the zip in the first post.
I can confirm that this works, and also that step 10b was not needed for me. This is the first time I have not used a toolkit so if I can do it, anyone can.
Running a Verizon Galaxy Nexus, this allowed me to update to the leaked Jelly Bean OTA with a locked bootloader. I first flashed stock 4.0.4 and locked the bootloader. I then used the exploit to gain root access, allowing me to apply IMM76Q and JRO03O OTA updates via stock recovery. (Rebooting between updates.) Thank you for creating a guide that this newb could easily understand and follow.
serty4011 said:
I can confirm that this works, and also that step 10b was not needed for me. This is the first time I have not used a toolkit so if I can do it, anyone can.
Running a Verizon Galaxy Nexus, this allowed me to update to the leaked Jelly Bean OTA with a locked bootloader. I first flashed stock 4.0.4 and locked the bootloader. I then used the exploit to gain root access, allowing me to apply IMM76Q and JRO03O OTA updates via stock recovery. (Rebooting between updates.) Thank you for creating a guide that this newb could easily understand and follow.
Click to expand...
Click to collapse
Thanks for confirming that step was not needed.
Thanks!
Bookmarked for future reference :good:
does it work on nexus 7 ?
dacc said:
does it work on nexus 7 ?
Click to expand...
Click to collapse
Yes, it should.
thans for quick response
Works fine for my GNex, big thanks! How about putting it into a script for non-advanced users here?
wictor1992 said:
Works fine for my GNex, big thanks! How about putting it into a script for non-advanced users here?
Click to expand...
Click to collapse
Glad you got it working!
As for putting it into a script, I could but I'd rather not. As with most of the guides that I have written up, I purposely do not put things into a script so that people would actually go through all the steps and, by doing so, maybe get an understanding of what they are actually doing, and hopefully learn something in the process. If I would have packaged it up into a script, a lot of the less experienced users would not even try to go through the steps -- they would just use the script, and no one learns anything yet again. See here for some discussion on one-click scripts. Granted, blindly following a step-by-step is not much better, but I have tried to put comments and explanations throughout to facilitate learning. It's about the journey...
P.S.: I would appreciate it if no one else posts a script in this thread.
efrant said:
P.S.: I would appreciate it if no one else posts a script in this thread.
Click to expand...
Click to collapse
can i make a script that just puts in big text "STOP USING TOOLKITS AND 1 CLICKS"
Zepius said:
can i make a script that just puts in big text "STOP USING TOOLKITS AND 1 CLICKS"
Click to expand...
Click to collapse
LOL! Yes, sure, that's one script I don't mind being posted. LOL!
Heh, fair enough. I think I'm learning a bit about adb
One question: I can't replace system APKs by installing them, it tells me that there is a signature conflict. How can I fix that? I thought it shouldn't happen after rooting. (I'm trying to install the "international" velvet.apk).
wictor1992 said:
Heh, fair enough. I think I'm learning a bit about adb
One question: I can't replace system APKs by installing them, it tells me that there is a signature conflict. How can I fix that? I thought it shouldn't happen after rooting. (I'm trying to install the "international" velvet.apk).
Click to expand...
Click to collapse
Let's try to keep this thread on-topic please.
But to answer your question, don't install the apk. Using a file explorer that has root access, copy it to /system/app (after making sure that system is r/w) and make sure the permissions are set to match the other apks in that directory.
when running adb after running the command where i tell it to restore fake restore and then while the "exploit" is running ikeep getting , in cmd, link failed, no such file or directory, and it just keep doing that. is this normal or did i do something wrong.
efrant said:
Let's try to keep this thread on-topic please.
But to answer your question, don't install the apk. Using a file explorer that has root access, copy it to /system/app (after making sure that system is r/w) and make sure the permissions are set to match the other apks in that directory.
Click to expand...
Click to collapse
Update: New guide is in post # 122
http://forum.xda-developers.com/showthread.php?p=40433602#post40433602
The guide is in post # 98
http://forum.xda-developers.com/showthread.php?p=39362805#post39362805
Hello,
I have a Blu Dash 3.5 and would like to install clockworkmod recovery and enable root access, but so far have not found anything. Could you help me?
thank you
I tried using SuperOneClick, Gingerbreak, zroot but all without success.
Anyone have any other option?
_ _
I managed to set up the android SDK on ubuntu but I get permission denied message when trying to copy the files to the /system
I suppose I have to remount the partition in RW to be able to put the files but no idea how to do this.
_ _
fenrixarena said:
Well you can't without it being rooted, right now I just don't care about it anymore it's just a phone, & $30 isn't worth just freeing up some space. No guarantee that will make it run smoother without crashes either, that could just be a result of interface, so a bit of speed don't seem worth it to me, I have my own ringtones with ringdroid so I'm happy.
Everything having to do with extracting the boot.img requires it to be rooted otherwise I know enough about enough crapola already I could make that all spiffy and zabam if I wanted. I would just literally edit all the img files and provide a simple update.zip given I could get signing to work!
unfortunately I get nothing from fastboot at all, not sure it would help though. oem unlock stuff is all I recall about that besides it being a great wau to flash images to the phone
let me know if you make any progress, I'll put in my effort if you do anything at all that intices me to find a path to progress
Click to expand...
Click to collapse
fenrixarena, hope you get to find any progress on rooting this phone. I also agree with you that it is no worth the time or effort with this kind of phone but I think that the challenge is interesting . In my case I have no idea on how you may root it but I am sure it is possible i guess it all in find another compatible boot.img that can be rooted, right?
Regards,
- -
_ _
What is the address of the site that charges $ 30? We can verify that other users would like to do and split the cost ...
I managed to make root ...
I found the CWM recovery and stock recovery for Qsmart.
I was very curious if it would work in BLU and ended up installing the CWM with fastboot. It did not work, the screen just stays with the BLU and not access the recovery.
Then I installed stock recovery and did not work ...
But I realized that Windows recognized the device connected and I recognized two units with unsupported format.
then returned to the prompt and saw that the ADB was working. I used the command 'adb shell' and to my surprise was how the cursor #
So without wasting time already put su and busybox in /system/ bin and superuser.apk in /system/app, I changed the permissions and restarted the phone. And the root was working perfectly. :victory:
Only one problem, I do not have the recovery installed.
I wonder how I can help you to make root without losing recovery
>>
I use Windowns 7 Pro x64 bits.
I installed the drivers in the SuperOneClick version 2.3.3.
With the drivers installed could use fastboot and adb command.
Turning on the phone + vol - access mode fastboot / bootloader
It would be good to get root without losing the recovery. Because we need him to compile a clockworkmod recovery.
I used the romdump and got the following files:
https://docs.google.com/file/d/0B5rQL4bfhfPRZXhhZkg1Mkx5SHc/edit?usp=sharing
I used the mkfs.yaffs2 to convert the file system.tar for system.img
https://docs.google.com/file/d/0B5rQL4bfhfPRMGdaNnQ4b1RwclU/edit?usp=sharing
This system.img would function on another device?
okay, I am having one problem, what did you type for the permissions?
I've got superuser.apk pushed and the su in the /system/bin but when i try to chmod 777 it returns to -r- after I reboot!
Here's howto manually back up now that I have recovery adb root:
cat /proc/mtd
Then just cat (mtd#) > /sdcard/(image.img)
You can restore via fastboot flash
fenrixarena said:
okay, I am having one problem, what did you type for the permissions?
I've got superuser.apk pushed and the su in the /system/bin but when i try to chmod 777 it returns to -r- after I reboot!
Here's howto manually back up now that I have recovery adb root:
cat /proc/mtd
Then just cat (mtd#) > /sdcard/(image.img)
You can restore via fastboot flash
Click to expand...
Click to collapse
you get root access in adb shell?
send su to /system/bin with permission 6755.
busybox to /system/bin with permission 755.
and superuser.apk to /system/app with 644.
reboot your phone
then download terminal emulator on your phone and enter the command su
if the cursor change to # worked
erickreisbr said:
you get root access in adb shell?
send su to /system/bin with permission 6755.
busybox to /system/bin with permission 755.
and superuser.apk to /system/app with 644.
reboot your phone
then download terminal emulator on your phone and enter the command su
if the cursor change to # worked
Click to expand...
Click to collapse
These are actually good news... Right on!!! Cheers if you manage to root Blu Dash 3.5 :victory:
Can someone guide me on how I can Root my phone? What adb tools do i need?
Regards
az0ik said:
These are actually good news... Right on!!! Cheers if you manage to root Blu Dash 3.5 :victory:
Can someone guide me on how I can Root my phone? What adb tools do i need?
Regards
Click to expand...
Click to collapse
I can upload the cwm.img & adb I used + fastboot. Not all adb.exe will recognize the phone. Also drivers from qsmart for adb bridge.
1 boot holding vol down + power (about 15 sec.)
Fastboot flash recovery cwm.img
Then turn phone off.
Boot holding vol UP + Power (about 15 sec)
Adb push su /system/bin
Adb push busybox /system/bin
Adb push superuser.apk /system/app
adb shell
~# chmod 6755 /system/bin/su
~# chmod 755 /system/bin/busybox
~# chmod 644 /system/app/superuser.apk
reboot your phone
terminal emulator - su
permission granted
IT WORKED!
---------- Post added at 02:21 AM ---------- Previous post was at 02:00 AM ----------
sorry, tomorrow I will upload a zip with the img i used and so forth all in one zip so you can root with that, unless it's here by someone else by then I gotta work!
fenrixarena said:
I can upload the cwm.img & adb I used + fastboot. Not all adb.exe will recognize the phone. Also drivers from qsmart for adb bridge.
1 boot holding vol down + power (about 15 sec.)
Fastboot flash recovery cwm.img
Then turn phone off.
Boot holding vol UP + Power (about 15 sec)
Adb push su /system/bin
Adb push busybox /system/bin
Adb push superuser.apk /system/app
adb shell
~# chmod 6755 /system/bin/su
~# chmod 755 /system/bin/busybox
~# chmod 644 /system/app/superuser.apk
reboot your phone
terminal emulator - su
permission granted
IT WORKED!
---------- Post added at 02:21 AM ---------- Previous post was at 02:00 AM ----------
sorry, tomorrow I will upload a zip with the img i used and so forth all in one zip so you can root with that, unless it's here by someone else by then I gotta work!
Click to expand...
Click to collapse
Thank you so much Fenrixarena!! You are awesome :good::good::good:. I still can believe it, i thought it was a lost hope... I really appreciate for uploading the files I am patient enough to wait another day
Follow the ADB and the recovery I've used.
The drivers installed by SuperOneClick, but have these here:
32 bits - http://www.mediafire.com/?21na032gnzbfza2
64 bits - http://www.mediafire.com/?1hrwo325cb1ej2w
Fx
fenrixarena said:
interesting, I got a cwm4s12.img that's larger(4.51) and because of having a 64bit laptop without 32bit support I had to use a smaller ADB (158kb) to be able to recognize the phone and only on regular usb debugging does superoneclick install drivers which was useless since I needed the drivers to work in recovery.
If those files don't work for you I will upload mine
I got my files from foreign thread, and since I download so many versions and custom versions of programs like adb I'm not sure where it came from !!
oh, and he rooted the phone first, I only did it on a more bothersome platform.
Click to expand...
Click to collapse
the root worked on your phone?
Now we need a recovery. I'm trying to learn how to compile cwm, but it is very complicated.