Rooting Hell Since 4.2.1 - Samsung Galaxy Nexus

So I usually use the toolkit to root, in fact I have been for many versions now.
However with the installation of 4.2.1 I haven't been able to root at all. I use the toolkit in the same way but it simply doesn't root the phone.
So today I tried the manual way. I downloaded and installed SDK tools from google navigated to the adb folder and went through the commands. Everything seemed to go okay apart from when I typed adb shell chmod 06755 /system/bin/su. The command window did nothing.
I carried on and typed adb shell chmod 06755 /system/app/Superuser.apk, when it said "bad command" or something similar.
Rebooted the phone, no root... still.
However the Superuser app is there. So:
1) How do I delete the superuser app, bearing in mind it has system permissions. I'd like to simply start again.
2) I don't have CW recovery installed and would prefer not to bother with it if I can.
3) Just to confirm, when I root the phone, does that allow me to delete files in the /system/app folder?
4) Following this guide on rooting manually. Is that all alright?
5) In a couple of sentences, can someone explain rooting to me? From what I understood, rooting simply opens up the phone to allow access to everywhere, where you can copy and delete files, or apks.
6) If 5 is true, when following the rooting guide (4), which command am I actually telling the system to run as root? Is it simply the "root" command?
7) If 6 is true, how come when I re-boot, the phone won't let me delete things from the system/app folder?
Thanks for any help.

1) stop using a toolkit, and no you didnt root the manual way.
2) download this: http://forum.xda-developers.com/showthread.php?t=1538053 - its supersu, superuser is unreliable on 4.2+
3) fastboot flash a recovery
4) flash the supersu.zip
5) done.

Sorry, I should have explained the Su app is SuperSU.
Just gave it another go using a manual toolkit but still no root access. I also now have an su.apk, superuser.apk (SuperSU) and a su file. Need to delete them all.
What do you mean by "fastboot flash a recovery"? You mean flash a new recovery centre like CW?
Don't these superuser apps just manage app permissions? They don't actually enable the root access do they?
Thanks

anotherxdauser said:
Sorry, I should have explained the Su app is SuperSU.
Just gave it another go using a manual toolkit but still no root access. I also now have an su.apk, superuser.apk (SuperSU) and a su file. Need to delete them all.
What do you mean by "fastboot flash a recovery"? You mean flash a new recovery centre like CW?
Thanks
Click to expand...
Click to collapse
follow this: http://forum.xda-developers.com/showthread.php?t=1529058

Quick Q...
If I flash a 4.2.1 system.img to the phone, it will replace what exactly?
I'm thinking this might be a way to get rid of the root apps which are protected and allow me to update to 4.2.2, THEN look at manually rooting.

anotherxdauser said:
Quick Q...
If I flash a 4.2.1 system.img to the phone, it will replace what exactly?
I'm thinking this might be a way to get rid of the root apps which are protected and allow me to update to 4.2.2, THEN look at manually rooting.
Click to expand...
Click to collapse
it replaces anything in /system... basically the OS.

Related

Getting Started [Update 12/23 - OTA Update Install fix for root]

[Update 12/23] For those of you unable to install the new system update, I've found a solution -- scroll down to the update! I AM NOT RESPONSIBLE FOR ANY DAMAGES THAT MAY OCCUR!
So I figured I'd at least get things started - Credit goes to whomever first tried z4root on their Droid Pro - and to mahst687 for the deodexing.
Lets Begin!
Resources:
Motorola ADB Driver
Android SDK
xUltimate V2.2.2
(Can't post links apparently, sorry -- googles your friend!)
#1 Root:
As seen on numerous android sites already, root is obtainable via z4root in the market. It may not work the first, second, or even third time -- just keep trying, it works I promise.
#2 Bootstrap and Clockwork Recovery
Download and install 'Rom Manager' from the Market. Once installed flash the Droid2 Clockwork Recovery. After flashing, obtain the Droid2 Bootstrapper and install it. Confirm Clockwork Recovery works by booting to recovery via Bootstrap.
#2 Deodex:
Download Android SDK for ADB, as well as the Motorola ADB Drivers posted above. Second, download xUltimate - also posted above. Once everything is downloaded and installed we're ready to begin.
1. Run Main in the xUltimate package - if the ADB drivers installed successfully you should be greeted with a menu containing several options - great!
2. Next run option 1.
3. Run option 2.
3. Run option 3 - sit back and relax for a bit
4. Once option 3 is done doing its thing, navigate to the xUltimate folder, more specifically the "origi_frame", and delete guava.odex
5. Run option 4 - it'll be a short wait
6. Exit the xUltimate
7. Enable USB Mass Storage on the phone and transfer both "done_app", and "done_frame" to the ROOT of the SD card.
8. Once both folders have transferred disable USB Storage, but keep the phone plugged in via USB.
9. Open up a command prompt and browse to the android SDK Tools folder (or where ever your ADB executable is located).
10. Enter the following commands:
Code:
adb shell
su
stop
mount -o rw,remount -t ext3 /dev/block/mmcblk1p21 /system
cp /sdcard/done_app/* /system/app/
cp /sdcard/done_frame/* /system/framework/
rm /system/app/*.odex
rm /system/framework/*.odex
mount -o ro,remount -t ext3 /dev/block/mmcblk1p21 /system
reboot
11. If all went well your phone should reboot - which may take a few minutes. Enjoy!
[Update]12/23/2010
For those of you unable to get the new Droid Pro OTA working I have found a solution! You will need:
1)Root
2)Clockwork Recovery
3)System.img from update
4)Current Nandroid backup of your phone
5)ADB drivers and ASDK
So lets begin.
1)Boot into Clockwork recovery and create a backup of your phone.
2)Once complete, mount the phone as USB storage and pull the system.img file from the nandroid backup folder, as well as the nandroid.md5 (KEEP THESE FILES SAFE!!!!!)
3)Obtain the system.img file from here (Compliments of whoopsiedaisy).
4)Replace the system.img file in the Nandroid backup folder on your PHONE.
5)ADB into your phone (preferably still in recovery) and do the following:
Code:
adb shell
# cd /sdcard/clockworkmod/backup/2010-xx-xx.xx.xx.xx
# rm nandroid.md5
# md5sum *img > nandroid.md5
6)If all goes will it should create a new MD5 checksum file utilizing the new system.img
7)Go to the 'backup and restore' menu in Clockwork, and select 'Advanced Restore'
8)Select the correct nandroid backup folder where the new system.img file is located, and then select 'Restore System'
9)Assuming all goes well, go to Settings, About and check your new system version!
Nice, can't wait to try this on my wifes phone after work.
Sent from my ADR6300 using XDA App
Is the second step necessary if you just want root access so you can install Wireless tether, etc?
jayhammy said:
Is the second step necessary if you just want root access so you can install Wireless tether, etc?
Click to expand...
Click to collapse
Not at all. Simply run z4 if all you require is root access (and a host of apps like Wireless Tether, DroCap, Titanium Backup ...)
Can you please post the quickoffice apk from the Dpro so I can put on an DX? Same would go for the software that allows me to Invite attendees to meetings using GAL. It be copasetic if you can.
Thanks a ton! Freaking worked flawlessly on my Droid X.
Nate
Cool. Cant wait to try this on my wife's phone.
I downloaded everything you said and i started my deodex but when i select option 3 in main it tells me "error no odex file" have i done something wrong please advise
Is it really that simple?
I feel like I must be missing something. I just download an app from the market and reboot and I'm rooted?
Also, what is the deodex for? I want to root my phone to install the apps I want and I want wifi tether. Do I need it?
Also, I really want to understand what is going on under the hood, but I don't know where to start. Is there a 'for dummies' tutorial somewhere that I can go to to start understanding what all of this stuff is, so I can make informed decisions for myself about what I want instead of begging for help on internet forums? Thanks in advance for any suggestions.
Is there a way to unroot? I am not rooted but just curious.
rllong1 said:
Is there a way to unroot? I am not rooted but just curious.
Click to expand...
Click to collapse
Yes, Z4Root app allows you to root, re-root, and UNroot.
I see no uproot button on the screen. Only a root button
Sent from my DROID PRO using XDA App
I had version 1.1 of z4. I now have the. 3 version and it has the unroot button
Sent from my DROID PRO using XDA App
rllong1 said:
I see no uproot button on the screen. Only a root button
Sent from my DROID PRO using XDA App
Click to expand...
Click to collapse
You'll only see the unroot button once you've rooted. Otherwise, it will first show only the "root" option.
jayhammy said:
You'll only see the unroot button once you've rooted. Otherwise, it will first show only the "root" option.
Click to expand...
Click to collapse
I was rooted. I had titanium installed and superuser. Z4 ran fine but I had an old version of it. I dont know if that matters but thats all I did. I downloaded the 1.3 version and I now have the unroot button. On the old version there was no option for temp root either. Just root. On the version I have now there is a temp root and perm root button.
Would just like to let people know that your method for "updating" via nandroid backup would not work for me. Followed all the instructions to the letter and during the advanced restore I continually received md5sum mismatch errors.
So I took the chance and updated through the OTA update, it installed fine but lost root. Ran z4root (twice) and gained root access again .
Looking forward to some real custom daily driver roms for this guy.
darkninja157 said:
Would just like to let people know that your method for "updating" via nandroid backup would not work for me. Followed all the instructions to the letter and during the advanced restore I continually received md5sum mismatch errors.
So I took the chance and updated through the OTA update, it installed fine but lost root. Ran z4root (twice) and gained root access again .
Looking forward to some real custom daily driver roms for this guy.
Click to expand...
Click to collapse
Is there a way to uninstall the CWM recovery?
darkninja157 said:
Would just like to let people know that your method for "updating" via nandroid backup would not work for me. Followed all the instructions to the letter and during the advanced restore I continually received md5sum mismatch errors.
So I took the chance and updated through the OTA update, it installed fine but lost root. Ran z4root (twice) and gained root access again .
Looking forward to some real custom daily driver roms for this guy.
Click to expand...
Click to collapse
Kinda new to the whole rooting thing, just got a new Pro and rooted successfully with z4root, got rid of bloatware and installed titanium backup, wifi tether, etc. Am I correct in reading your post that I can unroot, OTA update, and re-root again? If so, will I have to uninstall bloatware again, or reinstall root apps? Or any other repeats? Any danger in doing this?
mynameismolotov said:
Kinda new to the whole rooting thing, just got a new Pro and rooted successfully with z4root, got rid of bloatware and installed titanium backup, wifi tether, etc. Am I correct in reading your post that I can unroot, OTA update, and re-root again? If so, will I have to uninstall bloatware again, or reinstall root apps? Or any other repeats? Any danger in doing this?
Click to expand...
Click to collapse
No need to un-root. This update is for the system portion only and does not touch the userdata. I simply went ahead on the rooted phone, let the OTA update download and install. In doing so lost root, but had no trouble gaining root access again via z4root. Did not have to re-remove any of the bloatware, at least if I remember correctly. Root apps will not need to be reinstalled but you may need to re-give them permission for root access. No danger that I have noticed or can think of.
For anyone doing the update the android method....
For it to work
You must do the adb "new" md5 creation portion with your phone in clockwork recovery for it to work and to not receive the mismatch error...
To do this, reboot recovery... then plug in usb from your computer... during the phone boot into recovery you should hear the alert from your computer that something from usb was plugged in. Finally, use the mount option in recovery to mount sd card to be able to transfer the .img file over to the correct directory then unmount sd card and do the adb commands in terminal window...
I had the same mismatch errors using my windows 7 machine and creating the md5 with android booted
Hope this helps

Gfree_Verify Not Working, Not Sure if Root Worked

I followed all the steps from the Wiki: (http://forum.xda-developers.com/wiki/index.php?title=HTC_Vision#Rooting_the_Vision_.28G2.2FDZ.29_and_DHD).
Now the problem is when I go to verify the root. On the Wiki, where it says run "su' in computer ADB shell, I get access denied. When I run "./gfree_verify" in computer ADB shell, I get
Error: Could not open modem device; /dev/****
Error: Verify could not initialize device
But in my apps on the G2 I see an icon for superuser permissions. So did the root take or not?
Thanks for any help, new to Android.
Go in to terminal on your phone and type SU
After pressing enter if it says permissions denied, you have no root, if a Su message pops up click allow... that means you have root
Edit: I think you have no root
MacaronyMax said:
Go in to terminal on your phone and type SU
After pressing enter if it says permissions denied, you have no root, if a Su message pops up click allow... that means you have root
Edit: I think you have no root
Click to expand...
Click to collapse
After typing Su in the terminal on the phone, I get a message pop that says either allow or deny. I click allow and it gives me root permission.
Then it`s OK!
After reboot/or try again,open terminal emulator on your phone and type "su".
If you get a superuser prompt, you have root!
After "su" you should see a line with "#".
Ganii said:
Then it`s OK!
After reboot/or try again,open terminal emulator on your phone and type "su".
If you get a superuser prompt, you have root!
After "su" you should see a line with "#".
Click to expand...
Click to collapse
After a reboot (two actually) after I enter su into terminal I dont get the popup anymore asking allow or deny. I get "#." I actually went through the whole rooting Wiki steps again, to root the phone (just cause I wasn't sure if I was rooted). Same results, the gfree-verfiy doesnt work and neither does the "older" method. But I get "#" after entering su in terminal on G2.
I also installed Rom Manager, I clicked Flash ClockworkMod Recovery and then chose Backup Current ROM. It asked for superuser permissions and I allowed it. It rebooted the phone and went to a ClockworkMod Recovery screen where I selected reboot device. Does this mean I backed up my current Tmobile ROM?
Another question, is it okay to delete the files I had to push to /data/local to root? How would I delete them?
I want to really thank you guys for all the help.
boost3d23 said:
After a reboot (two actually) after I enter su into terminal I dont get the popup anymore asking allow or deny. I get "#." I actually went through the whole rooting Wiki steps again, to root the phone (just cause I wasn't sure if I was rooted). Same results, the gfree-verfiy doesnt work and neither does the "older" method. But I get "#" after entering su in terminal on G2.
I also installed Rom Manager, I clicked Flash ClockworkMod Recovery and then chose Backup Current ROM. It asked for superuser permissions and I allowed it. It rebooted the phone and went to a ClockworkMod Recovery screen where I selected reboot device. Does this mean I backed up my current Tmobile ROM?
Another question, is it okay to delete the files I had to push to /data/local to root? How would I delete them?
I want to really thank you guys for all the help.
Click to expand...
Click to collapse
# sign means your rooted or have su access.
Go under manage and restore backups in rom manager, you should have a copy of the rom you just backed up. Unless you renamed the back up its probably a date.
Its ok to delete the files you pushed to data/local use a file manager like root explorer.
Sent from my HTC Vision using XDA App
After a reboot (two actually) after I enter su into terminal I dont get the popup anymore asking allow or deny. I get "#." I actually went through the whole rooting Wiki steps again. Same results, the gfree-verfiy doesnt work and neither does the "older" method. But I get "#" after entering su in terminal on G2.
Click to expand...
Click to collapse
You get "#" then it`s right,the app don`t ask you again about allow or deny!
About gfree-verify,I don`t know.Maybe something wrong with Script
or you have done something wrong with the commands!
I also installed Rom Manager, I clicked Flash ClockworkMod Recovery and then chose Backup Current ROM. It asked for superuser permissions and I allowed it. It rebooted the phone and went to a ClockworkMod Recovery screen where I selected reboot device. Does this mean I backed up my current Tmobile ROM?
Click to expand...
Click to collapse
If you choose "Backup ROM" you phone boot into Recovery,then you have
to choose "backup/restore option to backup you current ROM.
Otherwise you don`t have a backup
Again thanks guys.
Now i downloaded Astro and ES file Managers but I cant find the files. Do I need specifically need root manager? Im guessing the ones I downloaded cant access root files.
boost3d23 said:
Again thanks guys.
Now i downloaded Astro and ES file Managers but I cant find the files. Do I need specifically need root manager? Im guessing the ones I downloaded cant access root files.
Click to expand...
Click to collapse
I use Root Explorer or SUFBS (Super User File Manager and Terminal).
boost3d23 said:
Now i downloaded Astro and ES file Managers but I cant find the files. Do I need specifically need root manager? Im guessing the ones I downloaded cant access root files.
Click to expand...
Click to collapse
You should really have posted up in the existing thread about gfree on this, or otherwise in the Q&A forum
But anyway, yes, those file managers don't handle root. Well, ES does have an option to do so, but it doesn't work on the Vision. So you'll need a root-capable file manager, as joemm said.
On the backup, that sounds a bit odd, but you'll know that it's doing a backup because it'll take a while. You'll get a different screen where it shows you it's backup up the main phone partitions, and even which file is being backed up. When it's done, make sure you copy this backup somewhere else, like your PC (i.e. so you don't just have a single copy, in case something happens to it - e.g. corrupt SD card).
Thanks to everyone who provided insight. I had the same problem and was worried about bricking my phone, but this worked and I'm happily rooted!

Superuser just won' work!

I rooted my kindle fire using kindle fire utility 0.9.6 (after the rooting superuser wasn't installed on my kindle), downloaded twrp, flashed hashcode jelly bean ROM from this link
http://forum.xda-developers.com/showthread.php?t=1766829
and then flashed Superuser-3.1.3-x86-signed.zip which I downloaded from this link
http://androidsu.com/superuser/
but superuser won't work, when I check the root explorer in ES file explorer it tells me that this feature can't work on ur phone
Please I'm really dying out here
Someone Help Pleeeeeeeeeeeeeeeeeease !!!!!
You need the su binary installed as well. But with that being said, why don't you just install the Superuser.apk?
[Edit:] It's late and I'm not paying attention for some reason. Custom ROMs come pre-rooted and you have Jelly Bean installed. Perhaps there's a problem with ES File Explorer?
soupmagnet said:
You need the su binary installed as well. But with that being said, why don't you just install the Superuser.apk?
Click to expand...
Click to collapse
Thank you for replying so fast
how can I install su binary? and about the superuser.apk isn't that what i flashed into my device i have a superuser icon on my desktop but it just won't add any apps to its list.
Thanks again
At the Superuser website, there are three zip files. One is Superuser, one is the su binary, and the other should be both. Not that it matters at this point.
soupmagnet said:
At the Superuser website, there are three zip files. One is Superuser, one is the su binary, and the other should be both. Not that it matters at this point.
Click to expand...
Click to collapse
what do you mean by not that it matters at this point?
can't I just download the zip and flash it?
soupmagnet said:
You need the su binary installed as well. But with that being said, why don't you just install the Superuser.apk?
[Edit:] It's late and I'm not paying attention for some reason. Custom ROMs come pre-rooted and you have Jelly Bean installed. Perhaps there's a problem with ES File Explorer?
Click to expand...
Click to collapse
Maybe you missed this
soupmagnet said:
Maybe you missed this
Click to expand...
Click to collapse
I tried another app called copy paste it and when I try to use it this message appears:
"Your Phone does not appear to be rooted or has not been given root privileges. to use this application please provide root privileges to this applications"
what should I do?
[Edit] ok now i know my device is certainly not rooted i tried orbot, market enabler and market unlocker they all dispatch the same message your device isn't rooted.
can anyone tell me how to root it?
Scarfacew said:
I tried another app called copy paste it and when I try to use it this message appears:
"Your Phone does not appear to be rooted or has not been given root privileges. to use this application please provide root privileges to this applications"
what should I do?
[Edit] ok now i know my device is certainly not rooted i tried orbot, market enabler and market unlocker they all dispatch the same message your device isn't rooted.
can anyone tell me how to root it?
Click to expand...
Click to collapse
I too used the KFU to supposedly root my KF, but when I tried to install Titanium Backup, it gave me the same error message saying that my phone did not have root privileges... I wonder if there is something not installing correctly when using KFU...
"Root" consists of the su binary, which the system uses to give the user root permissions, and Superuser.apk, which keeps a database of what programs you allow to have those permissions. With "su" only, you will still have root permission, but only at the level of command line interface and your apps will not be allowed root permissions. Superuser.apk by itself is worthless. Custom ROMS come pre-rooted so the need to re-root is usually unnecessary unless something happens to one of the above mentioned programs. The only way to be sure if/which one is missing is in recovery via the command line because custom recovery will provide temporary root access.
Code:
adb shell ls /system/xbin
...look for su
Code:
adb shell ls /system/app
...look for Superuser.apk
Superuser can be installed from within the ROM using the .apk (at least in earlier versions it was possible), or in recovery using the command line or by flashing the signed .zip from the superuser website . The su binary can only be installed while in recovery.
Of course it all can be fixed by re-flashing your custom ROM.
It may also be necessary to rename the check-rooted executable, but only if you're running the stock Amazon software.
I think that pretty much covers it.
soupmagnet said:
"Root" consists of the su binary, which the system uses to give the user root permissions, and Superuser.apk, which keeps a database of what programs you allow to have those permissions. With "su" only, you will still have root permission, but only at the level of command line interface and your apps will not be allowed root permissions. Superuser.apk by itself is worthless. Custom ROMS come pre-rooted so the need to re-root is usually unnecessary unless something happens to one of the above mentioned programs. The only way to be sure if/which one is missing is in recovery via the command line because custom recovery will provide temporary root access.
Code:
adb shell ls /system/xbin
...look for su
Code:
adb shell ls /system/app
...look for Superuser.apk
Superuser can be installed from within the ROM using the .apk (at least in earlier versions it was possible), or in recovery using the command line or by flashing the signed .zip from the superuser website . The su binary can only be installed while in recovery.
Of course it all can be fixed by re-flashing your custom ROM.
It may also be necessary to rename the check-rooted executable, but only if you're running the stock Amazon software.
I think that pretty much covers it.
Click to expand...
Click to collapse
Ok now things are getting worse I tried to turn the wifi on and it didn't work, I tried to reboot and power off the tablet but it just won't work
{Edit} I want to know that by re-flashing the ROM is there a guarantee that those problems won't happen again.
One more thing is that I deleted the ROM from my kindle I can't transfer it from my laptop because the kindle hasn't been recognized after the jelly bean and I can't downloaded because wifi isn't working so what should I do
Thanks in advance
Scarfacew said:
Ok now things are getting worse I tried to turn the wifi on and it didn't work, I tried to reboot and power off the tablet but it just won't work
I want to know that by re-flashing the ROM is there a guarantee that those problems won't happen again.
Thanks in advance
Click to expand...
Click to collapse
There are never any guarantees when it comes to computers and system software, but the LIKELINESS is very high that the problem will be fixed.
soupmagnet said:
There are never any guarantees when it comes to computers and system software, but the LIKELINESS is very high that the problem will be fixed.
Click to expand...
Click to collapse
One more thing is that I deleted the ROM from my kindle I can't transfer it from my laptop because the kindle hasn't been recognized since I flashed the jelly bean and I can't downloaded because wifi isn't working so what should I do
Thanks in advance
Boot into recovery and "mount" your sdcard to USB. The computer should still recognize it.
soupmagnet said:
Boot into recovery and "mount" your sdcard to USB. The computer should still recognize it.
Click to expand...
Click to collapse
I re-flashed the Rom, wifi is working so I dl ES file explorer and checked Root explorer, but when superuser request popped, I clicked allow but it didn't work it gave me the same message, the new thing is that superuser app added es file explorer to its list but I still can't copy apps in the app/system file.
I know I bored you to death and I'm really thankful for ur help but I really need the root.
Scarfacew said:
I re-flashed the Rom, wifi is working so I dl ES file explorer and checked Root explorer, but when superuser request popped, I clicked allow but it didn't work it gave me the same message, the new thing is that superuser app added es file explorer to its list but I still can't copy apps in the app/system file.
I know I bored you to death and I'm really thankful for ur help but I really need the root.
Click to expand...
Click to collapse
Ok, well try a different ROM. If the problem persists then we can try to think of something.
I flashed the Alien droid ROM it's working fine till now but I need to know how to install an arabic keyboard please
Thanks
Ok, I have a dumb question, but from where do you run the DOS commands from? (ie. what directory?)..
c:\KFU?
Right-click on your KFU folder and select properties to find the folder's path. It may be different depending on wherever you've installed it.
soupmagnet said:
Right-click on your KFU folder and select properties to find the folder's path. It may be different depending on wherever you've installed it.
Click to expand...
Click to collapse
Thanks. but not sure i understand.
Here is what I'm attempting to do.. using the root method described here: http://forum.xda-developers.com/showthread.php?t=1638452 under "Getting to fastboot mode" there are a series of command line examples that seem to start with adb.... (ex. adb shell chmod 755 /data/local/tmp/fbmode).
Under Rooting the stock software, the first step command line is "adb shell mount system"
my question is from where do I start (directory) so that when I enter these commands they work?
Or are you saying that I need to fun all these from the KFU directory? (or KFU/tools) or some other directory..
I appreciate the help and feedback..
:h my::
Wherever adb is...Right-click on that folder to find it's path so you can "cd" or change directories to it. Alternatively, you can Shift + Right-click on that folder and select something like "Open command window here".

[HOW-TO] [GSM & CDMA] How to root without unlocking bootloader (for ITL41D to JRO03O)

[HOW-TO] [GSM & CDMA] How to root without unlocking bootloader (for ITL41D to JRO03O)
As of Oct 10, 2012: Google has patched this vulnerability starting with JRO03U. That is to say, this works on versions of ICS and JB from ITL41D to JRO03O inclusive. It will not work for JRO03U or newer. (My previous guide found here only worked on Android versions 4.0.1 and 4.0.2, i.e., ITL41D/F and ICL53F.
Once you have root, you can use segv11's BootUnlocker app to unlock your bootloader without wiping anything. Easy as pie!
Disclaimer: I take no credit for this exploit or the implementation of it. All credit goes to Bin4ry and his team. I just isolated the parts required for the GNex, modified it slightly and eliminated the script.
So, it looks like Bin4ry (with the help of a couple of others) has managed to find a way to exploit a timing difference in the "adb restore" command. See source here. (Although this may be old news to some, I hadn't seen it before a few days ago.) This is more for informational purposes, as having a Nexus device, we are able to backup our data, unlock the bootloader and restore the backup, so this is guide is not really that useful for most, but you still have those users who are scared to unlock their bootloader. It is useful however, for those with a broken power button, as it allows them to unlock their bootloader without the power button.
How this works
The way this works is as follows: the "adb restore" command needs to be able to write to /data to restore a backup. Because of this, we can find a way to write something to /data while this is being done. Now, Android parses a file called /data/local.prop on boot. If the following line exists in local.prop, it will boot your device in emulator mode with root shell access: ro.kernel.qemu=1. So, if we can place a file called local.prop with the aforementioned line in /data, once your device boots, it will boot in emulator mode and the shell user has root access, so we now can mount the system partition as r/w.
So what does this all mean:
You can now root any version of ICS and JB released to-date without having to unlock your bootloader (and without losing your data).
Moreover, you should now be able to root your device even if your hardware buttons are not working.
Additionally, this allows those who have not received an OTA update and want to apply it without having an unlocked bootloader or root to do so by copying the OTA update to /cache from /sdcard.
Notes:
1) Please read the entire post before attempting this.
2) This does not wipe any of your data, but I take no responsibility if something happens and you lose your data. Maybe consider doing a backup as per this thread before attempting this.
3) This assumes that you have USB Debugging enable on your device (Settings > Developer Options > Enable USB Debugging) and the drivers for your device installed on your computer. For the drivers, I would recommend you remove all old drivers and install these. If you don't know how to install them, or are having issues, look here.
4) This obviously needs to be done over ADB, as you cannot run adb in a terminal emulator on-device. If you do not have ADB, I've attached it in the zip (Windows and Linux versions). Unzip all files.
Step-by-step:
1) Download the attached files to your computer and unzip them;
2) Open a command prompt in that same directory;
3) Copy the root files to your device:
adb push su /data/local/tmp/su
adb push Superuser.apk /data/local/tmp/Superuser.apk
4) Restore the fake "backup": adb restore fakebackup.ab Note: do not click restore on your device. Just enter the command into the command prompt on your PC and press the enter key.
5) Run the "exploit": adb shell "while ! ln -s /data/local.prop /data/data/com.android.settings/a/file99; do :; done" Note: when you enter this command, you should see your adb window flooded with errors -- this is what is supposed to happen.
6) Now that the "exploit" is running, click restore on your device.
7) Once it finishes, reboot your device: adb reboot Note: Do not try and use your device when it reboots. Running this exploit will reboot your device into emulator mode, so it will be laggy and the screen will flicker -- this is normal.
8) Once it is rebooted, open a shell: adb shell
Note: Once you do step 8, your should have a root shell, i.e., your prompt should be #, not $. If not, it did not work. Start again from step 4. (It may take a few tries for it to work. Thanks segv11.)
Now we can copy su and Superuser.apk to the correct spots to give us root.
9) Mount the system partition as r/w: mount -o remount,rw -t ext4 /dev/block/mmcblk0p1 /system
10) Copy su to /system: cat /data/local/tmp/su > /system/bin/su
11) Change permissions on su: chmod 06755 /system/bin/su
12) Symlink su to /xbin/su: ln -s /system/bin/su /system/xbin/su
13) Copy Superuser.apk to /system: cat /data/local/tmp/Superuser.apk > /system/app/Superuser.apk
14) Change permissions on Superuser.apk: chmod 0644 /system/app/Superuser.apk
15) Delete the file that the exploit created: rm /data/local.prop
16) Exit the ADB shell: exit (May have to type exit twice to get back to your command prompt.)
17) Type the following (not sure if this is needed for the GNex, but it shouldn't matter): adb shell "sync; sync; sync;"
18) Reboot: adb reboot
19) Done. You now should have root without having to unlock your bootloader. If you want to unlock now, you can without wiping anything. See segv11's app linked at the beginning of this post.
Note: If you still do not have root access after doing these steps, redo them and add this step between 10 and 11:
10b) Change the owner of su: chown 0.0 /system/bin/su (Thanks maxrfon.)
I've done all. It installs supersuser app but the phone is not really rooted and apps that requires it doesn't work
Lorenzo_9 said:
I've done all. It installs supersuser app but the phone is not really rooted and apps that requires it doesn't work
Click to expand...
Click to collapse
Did you try opening the Superuser app?
What happens when you open an app that requires root? Do you get the request for su access?
You can open the app but whith apps that requires root there are no requestes and they don't... Even using root checker you see that you're not rooted
Lorenzo_9 said:
You can open the app but whith apps that requires root there are no requestes and they don't... Even using root checker you see that you're not rooted
Click to expand...
Click to collapse
Re-run the entire procedure again (including pushing the su and Superuser.apk files). When I had done it, I used the latest version of su and Superuser.apk, but when I uploaded the files in the attachment in post #1, I used the files that Bin4ry had in his package, which I assume are older. Regardless, re-download the attachment in the first post and try it again.
efrant said:
Re-run the entire procedure again (including pushing the su and Superuser.apk files). When I had done it, I used the latest version of su and Superuser.apk, but when I uploaded the files in the attachment in post #1, I used the files that Bin4ry had in his package, which I assume are older. Regardless, re-download the attachment in the first post and try it again.
Click to expand...
Click to collapse
Ok I'll do it and then I'll report you what happens. So now have you updated su and superuser.apk?
Lorenzo_9 said:
Ok I'll do it and then I'll report you what happens. So now have you updated su and superuser.apk?
Click to expand...
Click to collapse
Yes, I put the latest versions in the zip in the first post.
I can confirm that this works, and also that step 10b was not needed for me. This is the first time I have not used a toolkit so if I can do it, anyone can.
Running a Verizon Galaxy Nexus, this allowed me to update to the leaked Jelly Bean OTA with a locked bootloader. I first flashed stock 4.0.4 and locked the bootloader. I then used the exploit to gain root access, allowing me to apply IMM76Q and JRO03O OTA updates via stock recovery. (Rebooting between updates.) Thank you for creating a guide that this newb could easily understand and follow.
serty4011 said:
I can confirm that this works, and also that step 10b was not needed for me. This is the first time I have not used a toolkit so if I can do it, anyone can.
Running a Verizon Galaxy Nexus, this allowed me to update to the leaked Jelly Bean OTA with a locked bootloader. I first flashed stock 4.0.4 and locked the bootloader. I then used the exploit to gain root access, allowing me to apply IMM76Q and JRO03O OTA updates via stock recovery. (Rebooting between updates.) Thank you for creating a guide that this newb could easily understand and follow.
Click to expand...
Click to collapse
Thanks for confirming that step was not needed.
Thanks!
Bookmarked for future reference :good:
does it work on nexus 7 ?
dacc said:
does it work on nexus 7 ?
Click to expand...
Click to collapse
Yes, it should.
thans for quick response
Works fine for my GNex, big thanks! How about putting it into a script for non-advanced users here?
wictor1992 said:
Works fine for my GNex, big thanks! How about putting it into a script for non-advanced users here?
Click to expand...
Click to collapse
Glad you got it working!
As for putting it into a script, I could but I'd rather not. As with most of the guides that I have written up, I purposely do not put things into a script so that people would actually go through all the steps and, by doing so, maybe get an understanding of what they are actually doing, and hopefully learn something in the process. If I would have packaged it up into a script, a lot of the less experienced users would not even try to go through the steps -- they would just use the script, and no one learns anything yet again. See here for some discussion on one-click scripts. Granted, blindly following a step-by-step is not much better, but I have tried to put comments and explanations throughout to facilitate learning. It's about the journey...
P.S.: I would appreciate it if no one else posts a script in this thread.
efrant said:
P.S.: I would appreciate it if no one else posts a script in this thread.
Click to expand...
Click to collapse
can i make a script that just puts in big text "STOP USING TOOLKITS AND 1 CLICKS"
Zepius said:
can i make a script that just puts in big text "STOP USING TOOLKITS AND 1 CLICKS"
Click to expand...
Click to collapse
LOL! Yes, sure, that's one script I don't mind being posted. LOL!
Heh, fair enough. I think I'm learning a bit about adb
One question: I can't replace system APKs by installing them, it tells me that there is a signature conflict. How can I fix that? I thought it shouldn't happen after rooting. (I'm trying to install the "international" velvet.apk).
wictor1992 said:
Heh, fair enough. I think I'm learning a bit about adb
One question: I can't replace system APKs by installing them, it tells me that there is a signature conflict. How can I fix that? I thought it shouldn't happen after rooting. (I'm trying to install the "international" velvet.apk).
Click to expand...
Click to collapse
Let's try to keep this thread on-topic please.
But to answer your question, don't install the apk. Using a file explorer that has root access, copy it to /system/app (after making sure that system is r/w) and make sure the permissions are set to match the other apks in that directory.
when running adb after running the command where i tell it to restore fake restore and then while the "exploit" is running ikeep getting , in cmd, link failed, no such file or directory, and it just keep doing that. is this normal or did i do something wrong.
efrant said:
Let's try to keep this thread on-topic please.
But to answer your question, don't install the apk. Using a file explorer that has root access, copy it to /system/app (after making sure that system is r/w) and make sure the permissions are set to match the other apks in that directory.
Click to expand...
Click to collapse

[Q] Root Questions

Was setting up my device for a replacement ended up keeping it, Before I attempt anything, I want to make sure I'm not still rooted.
I currently wiped all storage options (including internal) Will I have to root my device again? Or is there another way to get twrp on the device? Maybe thru adb????
To check if you are rooted you could use app like: https://play.google.com/store/apps/details?id=com.joeykrim.rootcheck&hl=en
or you could open up adb, enter adb shell (by writing adb shell) and asking for SU access
by writing: su
into the shell.
If you wiped internal, cache, data, you should still have root as you did not touch your system partition.
To install TWRP you can get it here: http://forum.xda-developers.com/lg-g3/orig-development/recovery-twrp-touch-recovery-2-8-2-0-t2966129
extract the downloaded zip, and flash with flashify or manually by entering the commands provided in the thread.
NatusVincere said:
or you could open up adb, enter adb shell (by writing adb shell) and asking for SU access
by writing: su
into the shell.
Click to expand...
Click to collapse
I get the message '/system/bin/sh: su: not found'
tarroyo said:
I get the message '/system/bin/sh: su: not found'
Click to expand...
Click to collapse
Which means that you have no root access. You could confirm it with the app I recommended in post above or one of many apps available on google play for that.
To root your device again you could use: http://forum.xda-developers.com/lg-g3/general/guide-root-lg-firmwares-kitkat-lollipop-t3056951
You also have other root methods available, I personally used Purple Drake method.
NatusVincere said:
To check if you are rooted you could use app like: https://play.google.com/store/apps/details?id=com.joeykrim.rootcheck&hl=en
or you could open up adb, enter adb shell (by writing adb shell) and asking for SU access
by writing: su
into the shell.
If you wiped internal, cache, data, you should still have root as you did not touch your system partition.
To install TWRP you can get it here: http://forum.xda-developers.com/lg-g3/orig-development/recovery-twrp-touch-recovery-2-8-2-0-t2966129
extract the downloaded zip, and flash with flashify or manually by entering the commands provided in the thread.
Click to expand...
Click to collapse
NatusVincere said:
Which means that you have no root access. You could confirm it with the app I recommended in post above or one of many apps available on google play for that.
To root your device again you could use: http://forum.xda-developers.com/lg-g3/general/guide-root-lg-firmwares-kitkat-lollipop-t3056951
You also have other root methods available, I personally used Purple Drake method.
Click to expand...
Click to collapse
Thanks for your help. I rooted successfully using this method way easier then purpledrake http://forum.xda-developers.com/lg-...lg-devices-t3129197/post61208412#post61208412

Categories

Resources