One click root with impactor now works. Works on <4.3. No need for unlocked bootloader. Does not wipe data.
http://www.saurik.com/id/17
Copy over the superuser.apk and the such binary onto your phone, then use the MV command to move it to /system/app and /system/xbin respectively.
Beamed from my Grouper
Mach3.2 said:
Copy over the superuser.apk and the such binary onto your phone, then use the MV command to move it to /system/app and /system/xbin respectively.
Beamed from my Grouper
Click to expand...
Click to collapse
What should the permissions on each be?
EDIT: Can you alternatively only push the su binary and download superuser from gplay?
krackers said:
What should the permissions on each be?
EDIT: Can you alternatively only push the su binary and download superuser from gplay?
Click to expand...
Click to collapse
If the binary is wrong, the one from play store may not work.
Permission should be rw-r-r(0644) for the su.apk and rwsr-sr-x(0645) for the su binary.
Beamed from my Maguro.
I tried it myself and while it appears that commands do run, they don't appear to work. I think it might have to do with running as system vs running as root. Why else would saurik use an indirect method of gaining root (using ro.kernel.quemu) as opposed to directly pushing the su binaries.
krackers said:
I tried it myself and while it appears that commands do run, they don't appear to work. I think it might have to do with running as system vs running as root. Why else would saurik use an indirect method of gaining root (using ro.kernel.quemu) as opposed to directly pushing the su binaries.
Click to expand...
Click to collapse
This is correct: sometime in the Android 4.1 release cycle, they removed the ability to use /data/local.prop as an attack vector to go from system->root. The signature bug lets you modify the code of any APK, but the most powerful user an app can ever run as is system, not root.
However, in an update to Impactor today, I've added a system->root escalation. This allows one-click rooting, and even though the system->root I'm using has already been patched in AOSP (the idea was not to waste something to go along with a shell->system that is already long burned) it works on my 4.2.2 Nexus 4 (and so I'd imagine will also work fine on a Galaxy Nexus) as Android sucks at getting patches to real devices ;P.
Using Impactor on my Panasonic Eluga dl01 does somehow not work.
(Android 4.0.4)
I get following error message:
/data/local/tmp/impactor-6[3]: /data/local/tmp/impactor-4: Operation not permitted
I also tried and played around with the command line in Impactor.
"adb devices" won't list my phone
But when I use the adb from the current Android SDK I just installed, it will display my phone with "adb devices".
I also downloaded a ICS 4.04 root zip file with a script and adb files inside. When using that adb version, my phone won't be displayed too. Now when I run adb from the android SDK, it will say something like "server is outdated" then something like "kill and restart with new server" --> "adb devices" lists my phone correctly again.
May be the adb version used in Impactor is outdated and responsible for the error message?
I would really appreciate any help with this topic, because the Panasonic Eluga phone was never rooted until now and no known root method is available. I always kinda hoped that someone would use the masterkey thing to make a universal rooting tool
saurik said:
This is correct: sometime in the Android 4.1 release cycle, they removed the ability to use /data/local.prop as an attack vector to go from system->root. The signature bug lets you modify the code of any APK, but the most powerful user an app can ever run as is system, not root.
However, in an update to Impactor today, I've added a system->root escalation. This allows one-click rooting, and even though the system->root I'm using has already been patched in AOSP (the idea was not to waste something to go along with a shell->system that is already long burned) it works on my 4.2.2 Nexus 4 (and so I'd imagine will also work fine on a Galaxy Nexus) as Android sucks at getting patches to real devices ;P.
Click to expand...
Click to collapse
Do you need to have an unlocked bootloader for the root exploit to work? I am hoping to get root without having to wipe the device by unlocking.
To the poster above me: Try using a different computer and if that doesn't work, switch operating systems.
krackers said:
Do you need to have an unlocked bootloader for the root exploit to work? I am hoping to get root without having to wipe the device by unlocking.
Click to expand...
Click to collapse
That's the whole point in securing Android, not that people have easier ways instead of unlocking a device.
Tested and works great. I now have root. Yay!
Does it show any of the problems that chainfire's superSU 1.41 shows?
Sent from my Galaxy Nexus using xda app-developers app
The root exploit only places the su binary and sets the right permissions. You can use any root manager you want (I used clockworkmod's superuser app).
mercuriussan said:
Using Impactor on my Panasonic Eluga dl01 does somehow not work.
(Android 4.0.4)
Click to expand...
Click to collapse
The feature of installing su will not work on every device: a lot of emphasis is put on "rooting" Android devices, but on many devices even root can't do things like modify the files in /system; I'd use the term "jailbreak" as to being what people really want to do with their device, but Android people seem to have that term ;P. What this means is that you really need a kernel exploit, not just a shell->system->root escalation.
mercuriussan said:
I get following error message:
/data/local/tmp/impactor-6[3]: /data/local/tmp/impactor-4: Operation not permitted
Click to expand...
Click to collapse
This error message actually indicates that Impactor succeeded in obtaining root control over your phone. However, when it tried to then, as root, remount /system writable so it could copy the su binary in place, it wasn't allowed to do so. A future version of Impactor will make it easier to drop to a root shell so you can test things out manually, but this means that while you can run code as root, you won't be able to install su.
However, if you have the time to play with it, get a copy of busybox and use adb to push it to /data/local/tmp (this is also something Impactor should help you do, but does not yet). (You will also need to make it executable, don't forget: "chmod 755 /data/local/tmp/busybox".) Then run the suggested Impactor command involving telnetd. Finally, via a shell, run "/data/local/tmp/busybox telnet 127.0.0.1 8899": you are now root.
You can verify that you are root because you will now have a # as a prompt instead of a $. Then run "mount -o remount,rw '' /system" (<- note, that's two single quotation marks as an argument between remount,rw and /system). This is the command that should fail with the "Operation not permitted" message. You are, however, root, so maybe there's something you want to do on the device at that point ;P.
mercuriussan said:
I also tried and played around with the command line in Impactor.
"adb devices" won't list my phone
But when I use the adb from the current Android SDK I just installed, it will display my phone with "adb devices".
Click to expand...
Click to collapse
The "Open Shell" in Impactor connects you to the device via adb: if you run adb on the device and ask for a list of devices attached to the device--something I didn't even realize was possible until you pointed it out here ;P I tested it, though, and wow: that actually is possible--you will get a blank list. However, suffice it to say that if you were able to type that at all, it can see your device.
Thanks for the suggestion, I'll try my luck in finding some exploit I can use...
So since Google patched this in 4.3, does this mean almost all devices before 4.2.2 can be rooted with this method?
bmg1001 said:
So since Google patched this in 4.3, does this mean almost all devices before 4.2.2 can be rooted with this method?
Click to expand...
Click to collapse
Yup - assuming they haven't been patched against the methods used (most haven't been).
Very interesting read. Thanks saurik & OP.
Eluga DL1
Hi there,
this post is in some ways a duplicate but different people seem to follow this thread because it is directly involving sauriks impactor.
Is there anything available that i can throw at Elugas 4.0.4 kernel to get r/w on the system partition?
I will try everything that is suggested to me.
Related
hello all, i rooted my a100 via the guide, and the root checker says its rooted, but i cannot get into shell. When i enable filesystem browsing, it won't allow me. Not even a prompt from su.
Sent from my LG-P999 using Tapatalk
joeyxl said:
hello all, i rooted my a100 via the guide, and the root checker says its rooted, but i cannot get into shell. When i enable filesystem browsing, it won't allow me. Not even a prompt from su.
Sent from my LG-P999 using Tapatalk
Click to expand...
Click to collapse
Did you install superuser from the market?
Im having a similar problem. I can verify that su has been moved to system/xbin/su but busybox nor Superuser detects root... Ive used all guides I can find to work this.
http://www.acertabletforum.com/foru...ssion/1167-rooting-iconia-a100-made-easy.html
Tried with no results
Did you update su binary?
Educate me, If you mean by trying to use superuser and update it through the settings, it was a no go.
I had a similar problem. It was showing as being in the /system/xbin folder, but I didn't have root. In my case, I was failing to move the su file out of the folder after extraction and put it in the /mnt/sdcard directory so the commands were just creating a blank su file in /system/xbin
Sent from my Acer Iconia Tab A100 using Tapatalk
How did you go about fixing the issue?
After extracting the zip I moved the su file (the one with no extension) from the extracted folders and tried the lines in the terminal again and it worked.
Sent from my Acer Iconia Tab A100 using Tapatalk
Ahh, Yea. Ive tried that already with no luck. It shows the file, roughly 25kb in the folder, but it also shows I have no root. Ive tried restarting, uninstalling superuser and reinstalling, etc...
did you ever get your tab rooted?
mvan4310 said:
Ahh, Yea. Ive tried that already with no luck. It shows the file, roughly 25kb in the folder, but it also shows I have no root. Ive tried restarting, uninstalling superuser and reinstalling, etc...
Click to expand...
Click to collapse
Could you post what build number your running, also after you've run the commands for copying over the su and download superuser from the market, if you open terminal emulator up and type su what does it output?
Have you tried this???
http://forum.xda-developers.com/showpost.php?p=21409649&postcount=177
painter_ said:
Did you install superuser from the market?
Click to expand...
Click to collapse
yes, after i did what the guide told me to do. i have the latest version of Honeycomb given out via OTA update. now in superuser, i didnt update it, as it fails evey time. also, when i type "su" into terminal, nothing happens. im trying to put the build.prop that was modded recently, so i can get an app made for gingerbread onto here, as well as getting a PS3 controller to connect, but both need root. i just dont understand why the root checking app says i have it, when i really dont. guess it just checks for the su file in xbin? i really hope someone can point me in the right direction
First, I really need to know the build number "the latest one the ota can give" isnt sufficiant. It can be found under settings -> about tablet toward the bottom.
Second, saying "nothing happens" isnt true.. something always happens... either it just spit out another line with $ or the next line showed up with a #. How long did it take for the next line to show up after you typed su in the terminal?
The more details you can provide, the better I can help... this isnt directed at the above poster but all users in general.
One thing you might want to try is to uninstall the superuser app, then run this command:
/system/bin/cmdclient ec_micswitch '`rm /system/xbin/su`'
and then go back through the root process (or use my quick root script). The above command will get rid of any bad su file that might be in /system/xbin.
Sent from my MB860 using XDA App
Build Acer_A100_2.007.04_COM_GEN1
Upon typing in su in the terminal, is shows another line with $. Ive tried your ten second root yesterday looking for other options, but it says permission denied, even when trying to run from other directories. Ive even opened the root.sh file and copied the whole file and pasted in the term and every command gives a permission denied but the 3 commands that you see everywhere else. when typing in ls -l /system/xbin/su I get around 26000 bytes. So the file is there.
mvan4310 said:
Build Acer_A100_2.007.04_COM_GEN1
Upon typing in su in the terminal, is shows another line with $. Ive tried your ten second root yesterday looking for other options, but it says permission denied, even when trying to run from other directories. Ive even opened the root.sh file and copied the whole file and pasted in the term and every command gives a permission denied but the 3 commands that you see everywhere else. when typing in ls -l /system/xbin/su I get around 26000 bytes. So the file is there.
Click to expand...
Click to collapse
Can you try the attached su binary. I don't recall where I got it from since is been a while but I've had issue with 2.3.2 su binary before and the attached is what I use to root mine.
[HOW-TO] [GSM & CDMA] Root without Unlocking Bootloader via exploit (for 4.0.1/4.0.2)
Edit: This does not works on anything newer than ICL53F (i.e., 4.0.2). It works fine on ITL41D (4.0.1), ITL41F (4.0.1) and ICL53F (4.0.2)
Once you have got root, you can now use segv11's BootUnlocker app to unlock your bootloader without wiping anything. Easy as pie!
Disclaimer: I take no credit for this exploit or the implementation of it (but I will take credit for the step-by step ). Thanks to kendong2 for pointing it out to me here.
So, it looks like zx2c4 has found a local privilege escalation exploit. See source here, and saurik has managed to package it together for Android. See here. Although this may be old news to some, I hadn't seen it before.
So what does this all mean:
If you are running a 2.6.39 kernel (or above), which all Galaxy Nexus' are, you can now root your device without having to unlock your bootloader (and without losing your data).
Moreover, you should now be able to root your device even if your hardware buttons are not working.
Additionally, this allows those who have not received an OTA update and want to apply it without having an unlocked bootloader or root to do so by copying the OTA update to /cache from /sdcard.
Notes:
1) This assumes that you have USB Debugging enable on your device (Settings > Developer Options > Enable USB Debugging) and the drivers for your device installed on your computer. For the drivers, I would recommend you remove all old drivers and install these. If you don't know how to install them, or are having issues, look here.
2) This needs to be done over ADB, as a terminal emulator on-device does not have the appropriate access. If you do not have ADB, I've attached it in the zip. Unzip all files.
3) Some users indicate that, once finished the procedure, they needed to open the Superuser app.
Step-by-step:
1) Download the attached files to your computer and unzip them in the same directory as your adb.exe file;
2) Open a command prompt in the same directory;
3) Copy the files to your device:
adb push mempodroid /data/local/tmp/mempodroid
adb push su /data/local/tmp/su
adb push Superuser.apk /data/local/tmp/Superuser.apk
4) Open a shell: adb shell
5) Change permission on mempodroid to allow it to run: chmod 777 /data/local/tmp/mempodroid
6) Run the exploit: ./data/local/tmp/mempodroid 0xd7f4 0xad4b sh
Note: Once you do step 6, your prompt should change from $ to #. If not, it did not work.
7) Mount the system partition as rw: mount -o remount,rw -t ext4 /dev/block/mmcblk0p1 /system
8) Copy su to /system: cat /data/local/tmp/su > /system/bin/su
9) Change permissions on su: chmod 06755 /system/bin/su
10) Copy Superuser.apk: cat /data/local/tmp/Superuser.apk > /system/app/Superuser.apk
11) Change permissions on Superuser.apk: chmod 0644 /system/app/Superuser.apk
12) Mount the system partition as r/o: mount -o remount,ro -t ext4 /dev/block/mmcblk0p1 /system
13) Rescind root: exit
14) Exit the ADB shell: exit
15) Done. You now should have root without having to unlock your bootloader.
Reserved
Reserved
This is the same as https://github.com/saurik/mempodroid
saurik ftw.
times_infinity said:
This is the same as https://github.com/saurik/mempodroid
saurik ftw.
Click to expand...
Click to collapse
Not sure what you are getting at? I mentioned saurik in the first post, and the link you posted is in the first post. And I mentioned that this may be old news, but I haven't seen it anywhere before today in the GN forums.
Yikes! This exploit works on any kernel from 2.6.39 and >. This could become a common root method for many devices. Linus Torvalds himself posted the fix commit! Nice work by zx2c4!
Sleuth255 said:
Yikes! This exploit works on any kernel from 2.6.39 and >. This could become a common root method for many devices. Linus Torvalds himself posted the fix commit! Nice work by zx2c4!
Click to expand...
Click to collapse
You need ics to have a vulnerable kernel version, so given the number of devices which currently have ics officially, I doubt it will be common. I'd also expect Google and vendors to correct this in next release.
Also many custom kernels don't have this flaw as they are at or over 3.0.18 or have patched it. This prevents gaining unnoticed root.
Sent from my Galaxy Nexus
Hmmm I thought 2.6.39 was found in GB builds. This exploit is almost a root fix for the Moto DX 4.5.621 fiasco. Unfortunately the kernel for that build is 2.6.32.9.
Sent from my Galaxy Nexus using xda premium
This was huge in the headlines a few weeks back. It's nice to see someone putting it to a good use!
Sent from my Galaxy Nexus using xda premium
Hi, been lurking awhile, registered to clear up somethings.
I did some research while attempting to access the /data/local/ -folder with terminal emulator and I found that it would be impossible to write or to find it while being unrooted. Rooting a phone through using an unrooted access root seems impossible.
Did I miss something or is there any other way to copy mempodroid to the data- folder? I sure would like to keep all my files.
Huxleysäl said:
Hi, been lurking awhile, registered to clear up somethings.
I did some research while attempting to access the /data/local/ -folder with terminal emulator and I found that it would be impossible to write or to find it while being unrooted. Rooting a phone through using an unrooted access root seems impossible.
Did I miss something or is there any other way to copy mempodroid to the data- folder? I sure would like to keep all my files.
Click to expand...
Click to collapse
I think you are mistaken. In a terminal emulator type: cd /data/local/tmp
Edit: Fixed a mistake made by auto correct...
Sent from my Galaxy Nexus using Tapatalk
efrant said:
I think you are mistaken. In a terminal emulator type: cd /data/local/temp
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
Just did. It says "No such file or directory."
Not the best source, but if you google it, people state what I state. Sorry, can't post links
try /data/local/tmp
Huxleysäl said:
Just did. It says "No such file or directory."
Not the best source, but if you google it, people state what I state. Sorry, can't post links
Click to expand...
Click to collapse
Sorry, damn auto correct. It should be: cd /data/local/tmp
Not "temp".
It works fine.
Edit: Sleuth255 beat me to it!
Sent from my Galaxy Nexus using Tapatalk
efrant said:
Sorry, damn auto correct. It should be: cd /data/local/tmp
Not "temp".
It works fine.
Edit: Sleuth255 beat me to it!
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
Sure, OK, it worked. But as I'm trying to replicate his instructions, copying mempodroid to data/local/tmp doesn't compute. I tried extracting the files, puting mempodroid in a new folder in ./sdcard/ (which I named Nex), and it still couldn't find it.
Wait, just had an idea. Brb
Huxleysäl said:
Sure, OK, it worked. But as I'm trying to replicate his instructions, copying mempodroid to data/local/tmp doesn't compute. I tried extracting the files, puting mempodroid in a new folder in ./sdcard/ (which I named Nex), and it still couldn't find it.
Wait, just had an idea. Brb
Click to expand...
Click to collapse
Hmm. Looks like you may be correct. In GB, we had write access to that directory, but it looks like we don't in ICS. I'll have another look tomorrow and try to figure something out.
Sent from my Galaxy Nexus using Tapatalk
OK, this is exactly what I did:
I downloaded the files, extracted them into the ./sdcard folder of my android. I opened the console, wrote exactly as stated. Reaction? Cannot create /data/local/tmp/mempodroid: Permission denied
So, what I'm thinking is this: I tried the cd ./sdcard/mempodroid, found it. So, logically, that should mean that since the permission is dennied, the problem lies not in where I put the mempodroid, but with my authority over my phone. So, here we are again. Could anybody smarter then me clarify?
efrant said:
Hmm. Looks like you may be correct. In GB, we had write access to that directory, but it looks like we don't in ICS. I'll have another look tomorrow and try to figure something out.
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
****, I was hoping I was wrong. I originally thought that the exploit was this. But alas.
Try finding an alternative write route to the /data/local/- folder. That should solve all problems, I guess. Big words, ey? This is for the simpletons like me, who stupidly forgot to bootload.
Might want to expand on the steps.
Like what program to use to copy the file.
How do you change permission.
How do you run the exploit.
How to mount rw.
How to copy su.
convolution said:
Might want to expand on the steps.
Like what program to use to copy the file.
How do you change permission.
How do you run the exploit.
How to mount rw.
How to copy su.
Click to expand...
Click to collapse
I hade my initial problems with that too. But as if this moment it doesn't really matter. Read above posts. Anyhow, to answer your question: you need to download a console emulator
Just search for it in the market. Also the commands go in this console
For example: cat /directory/filename > /newdirectory/samefilename means to copy or move from one place. To change permission you just write that line of code ending with 777 instead of cat and then the filename etc and etc.
I didn't know any of this 'till yesterday, so it is quite understandable.
cheers
Huxleysäl said:
F***, I was hoping I was wrong. I originally thought that the exploit was this. But alas.
Try finding an alternative write route to the /data/local/- folder. That should solve all problems, I guess. Big words, ey? This is for the simpletons like me, who stupidly forgot to bootload.
Click to expand...
Click to collapse
I've updated the first post. Give that a go and let me know how it turns out. (The guide may need some minor tweaking, but I am here to help you through it.)
It seems that ADB has rw access to /data/local/tmp but a terminal emulator on-device does not. So for now, you need to be plugged into your computer.
It may be possible to do this with ADB-over-Wi-Fi, but I haven't gotten there yet.
I rooted my kindle fire using kindle fire utility 0.9.6 (after the rooting superuser wasn't installed on my kindle), downloaded twrp, flashed hashcode jelly bean ROM from this link
http://forum.xda-developers.com/showthread.php?t=1766829
and then flashed Superuser-3.1.3-x86-signed.zip which I downloaded from this link
http://androidsu.com/superuser/
but superuser won't work, when I check the root explorer in ES file explorer it tells me that this feature can't work on ur phone
Please I'm really dying out here
Someone Help Pleeeeeeeeeeeeeeeeeease !!!!!
You need the su binary installed as well. But with that being said, why don't you just install the Superuser.apk?
[Edit:] It's late and I'm not paying attention for some reason. Custom ROMs come pre-rooted and you have Jelly Bean installed. Perhaps there's a problem with ES File Explorer?
soupmagnet said:
You need the su binary installed as well. But with that being said, why don't you just install the Superuser.apk?
Click to expand...
Click to collapse
Thank you for replying so fast
how can I install su binary? and about the superuser.apk isn't that what i flashed into my device i have a superuser icon on my desktop but it just won't add any apps to its list.
Thanks again
At the Superuser website, there are three zip files. One is Superuser, one is the su binary, and the other should be both. Not that it matters at this point.
soupmagnet said:
At the Superuser website, there are three zip files. One is Superuser, one is the su binary, and the other should be both. Not that it matters at this point.
Click to expand...
Click to collapse
what do you mean by not that it matters at this point?
can't I just download the zip and flash it?
soupmagnet said:
You need the su binary installed as well. But with that being said, why don't you just install the Superuser.apk?
[Edit:] It's late and I'm not paying attention for some reason. Custom ROMs come pre-rooted and you have Jelly Bean installed. Perhaps there's a problem with ES File Explorer?
Click to expand...
Click to collapse
Maybe you missed this
soupmagnet said:
Maybe you missed this
Click to expand...
Click to collapse
I tried another app called copy paste it and when I try to use it this message appears:
"Your Phone does not appear to be rooted or has not been given root privileges. to use this application please provide root privileges to this applications"
what should I do?
[Edit] ok now i know my device is certainly not rooted i tried orbot, market enabler and market unlocker they all dispatch the same message your device isn't rooted.
can anyone tell me how to root it?
Scarfacew said:
I tried another app called copy paste it and when I try to use it this message appears:
"Your Phone does not appear to be rooted or has not been given root privileges. to use this application please provide root privileges to this applications"
what should I do?
[Edit] ok now i know my device is certainly not rooted i tried orbot, market enabler and market unlocker they all dispatch the same message your device isn't rooted.
can anyone tell me how to root it?
Click to expand...
Click to collapse
I too used the KFU to supposedly root my KF, but when I tried to install Titanium Backup, it gave me the same error message saying that my phone did not have root privileges... I wonder if there is something not installing correctly when using KFU...
"Root" consists of the su binary, which the system uses to give the user root permissions, and Superuser.apk, which keeps a database of what programs you allow to have those permissions. With "su" only, you will still have root permission, but only at the level of command line interface and your apps will not be allowed root permissions. Superuser.apk by itself is worthless. Custom ROMS come pre-rooted so the need to re-root is usually unnecessary unless something happens to one of the above mentioned programs. The only way to be sure if/which one is missing is in recovery via the command line because custom recovery will provide temporary root access.
Code:
adb shell ls /system/xbin
...look for su
Code:
adb shell ls /system/app
...look for Superuser.apk
Superuser can be installed from within the ROM using the .apk (at least in earlier versions it was possible), or in recovery using the command line or by flashing the signed .zip from the superuser website . The su binary can only be installed while in recovery.
Of course it all can be fixed by re-flashing your custom ROM.
It may also be necessary to rename the check-rooted executable, but only if you're running the stock Amazon software.
I think that pretty much covers it.
soupmagnet said:
"Root" consists of the su binary, which the system uses to give the user root permissions, and Superuser.apk, which keeps a database of what programs you allow to have those permissions. With "su" only, you will still have root permission, but only at the level of command line interface and your apps will not be allowed root permissions. Superuser.apk by itself is worthless. Custom ROMS come pre-rooted so the need to re-root is usually unnecessary unless something happens to one of the above mentioned programs. The only way to be sure if/which one is missing is in recovery via the command line because custom recovery will provide temporary root access.
Code:
adb shell ls /system/xbin
...look for su
Code:
adb shell ls /system/app
...look for Superuser.apk
Superuser can be installed from within the ROM using the .apk (at least in earlier versions it was possible), or in recovery using the command line or by flashing the signed .zip from the superuser website . The su binary can only be installed while in recovery.
Of course it all can be fixed by re-flashing your custom ROM.
It may also be necessary to rename the check-rooted executable, but only if you're running the stock Amazon software.
I think that pretty much covers it.
Click to expand...
Click to collapse
Ok now things are getting worse I tried to turn the wifi on and it didn't work, I tried to reboot and power off the tablet but it just won't work
{Edit} I want to know that by re-flashing the ROM is there a guarantee that those problems won't happen again.
One more thing is that I deleted the ROM from my kindle I can't transfer it from my laptop because the kindle hasn't been recognized after the jelly bean and I can't downloaded because wifi isn't working so what should I do
Thanks in advance
Scarfacew said:
Ok now things are getting worse I tried to turn the wifi on and it didn't work, I tried to reboot and power off the tablet but it just won't work
I want to know that by re-flashing the ROM is there a guarantee that those problems won't happen again.
Thanks in advance
Click to expand...
Click to collapse
There are never any guarantees when it comes to computers and system software, but the LIKELINESS is very high that the problem will be fixed.
soupmagnet said:
There are never any guarantees when it comes to computers and system software, but the LIKELINESS is very high that the problem will be fixed.
Click to expand...
Click to collapse
One more thing is that I deleted the ROM from my kindle I can't transfer it from my laptop because the kindle hasn't been recognized since I flashed the jelly bean and I can't downloaded because wifi isn't working so what should I do
Thanks in advance
Boot into recovery and "mount" your sdcard to USB. The computer should still recognize it.
soupmagnet said:
Boot into recovery and "mount" your sdcard to USB. The computer should still recognize it.
Click to expand...
Click to collapse
I re-flashed the Rom, wifi is working so I dl ES file explorer and checked Root explorer, but when superuser request popped, I clicked allow but it didn't work it gave me the same message, the new thing is that superuser app added es file explorer to its list but I still can't copy apps in the app/system file.
I know I bored you to death and I'm really thankful for ur help but I really need the root.
Scarfacew said:
I re-flashed the Rom, wifi is working so I dl ES file explorer and checked Root explorer, but when superuser request popped, I clicked allow but it didn't work it gave me the same message, the new thing is that superuser app added es file explorer to its list but I still can't copy apps in the app/system file.
I know I bored you to death and I'm really thankful for ur help but I really need the root.
Click to expand...
Click to collapse
Ok, well try a different ROM. If the problem persists then we can try to think of something.
I flashed the Alien droid ROM it's working fine till now but I need to know how to install an arabic keyboard please
Thanks
Ok, I have a dumb question, but from where do you run the DOS commands from? (ie. what directory?)..
c:\KFU?
Right-click on your KFU folder and select properties to find the folder's path. It may be different depending on wherever you've installed it.
soupmagnet said:
Right-click on your KFU folder and select properties to find the folder's path. It may be different depending on wherever you've installed it.
Click to expand...
Click to collapse
Thanks. but not sure i understand.
Here is what I'm attempting to do.. using the root method described here: http://forum.xda-developers.com/showthread.php?t=1638452 under "Getting to fastboot mode" there are a series of command line examples that seem to start with adb.... (ex. adb shell chmod 755 /data/local/tmp/fbmode).
Under Rooting the stock software, the first step command line is "adb shell mount system"
my question is from where do I start (directory) so that when I enter these commands they work?
Or are you saying that I need to fun all these from the KFU directory? (or KFU/tools) or some other directory..
I appreciate the help and feedback..
:h my::
Wherever adb is...Right-click on that folder to find it's path so you can "cd" or change directories to it. Alternatively, you can Shift + Right-click on that folder and select something like "Open command window here".
[HOW-TO] [GSM & CDMA] How to root without unlocking bootloader (for ITL41D to JRO03O)
As of Oct 10, 2012: Google has patched this vulnerability starting with JRO03U. That is to say, this works on versions of ICS and JB from ITL41D to JRO03O inclusive. It will not work for JRO03U or newer. (My previous guide found here only worked on Android versions 4.0.1 and 4.0.2, i.e., ITL41D/F and ICL53F.
Once you have root, you can use segv11's BootUnlocker app to unlock your bootloader without wiping anything. Easy as pie!
Disclaimer: I take no credit for this exploit or the implementation of it. All credit goes to Bin4ry and his team. I just isolated the parts required for the GNex, modified it slightly and eliminated the script.
So, it looks like Bin4ry (with the help of a couple of others) has managed to find a way to exploit a timing difference in the "adb restore" command. See source here. (Although this may be old news to some, I hadn't seen it before a few days ago.) This is more for informational purposes, as having a Nexus device, we are able to backup our data, unlock the bootloader and restore the backup, so this is guide is not really that useful for most, but you still have those users who are scared to unlock their bootloader. It is useful however, for those with a broken power button, as it allows them to unlock their bootloader without the power button.
How this works
The way this works is as follows: the "adb restore" command needs to be able to write to /data to restore a backup. Because of this, we can find a way to write something to /data while this is being done. Now, Android parses a file called /data/local.prop on boot. If the following line exists in local.prop, it will boot your device in emulator mode with root shell access: ro.kernel.qemu=1. So, if we can place a file called local.prop with the aforementioned line in /data, once your device boots, it will boot in emulator mode and the shell user has root access, so we now can mount the system partition as r/w.
So what does this all mean:
You can now root any version of ICS and JB released to-date without having to unlock your bootloader (and without losing your data).
Moreover, you should now be able to root your device even if your hardware buttons are not working.
Additionally, this allows those who have not received an OTA update and want to apply it without having an unlocked bootloader or root to do so by copying the OTA update to /cache from /sdcard.
Notes:
1) Please read the entire post before attempting this.
2) This does not wipe any of your data, but I take no responsibility if something happens and you lose your data. Maybe consider doing a backup as per this thread before attempting this.
3) This assumes that you have USB Debugging enable on your device (Settings > Developer Options > Enable USB Debugging) and the drivers for your device installed on your computer. For the drivers, I would recommend you remove all old drivers and install these. If you don't know how to install them, or are having issues, look here.
4) This obviously needs to be done over ADB, as you cannot run adb in a terminal emulator on-device. If you do not have ADB, I've attached it in the zip (Windows and Linux versions). Unzip all files.
Step-by-step:
1) Download the attached files to your computer and unzip them;
2) Open a command prompt in that same directory;
3) Copy the root files to your device:
adb push su /data/local/tmp/su
adb push Superuser.apk /data/local/tmp/Superuser.apk
4) Restore the fake "backup": adb restore fakebackup.ab Note: do not click restore on your device. Just enter the command into the command prompt on your PC and press the enter key.
5) Run the "exploit": adb shell "while ! ln -s /data/local.prop /data/data/com.android.settings/a/file99; do :; done" Note: when you enter this command, you should see your adb window flooded with errors -- this is what is supposed to happen.
6) Now that the "exploit" is running, click restore on your device.
7) Once it finishes, reboot your device: adb reboot Note: Do not try and use your device when it reboots. Running this exploit will reboot your device into emulator mode, so it will be laggy and the screen will flicker -- this is normal.
8) Once it is rebooted, open a shell: adb shell
Note: Once you do step 8, your should have a root shell, i.e., your prompt should be #, not $. If not, it did not work. Start again from step 4. (It may take a few tries for it to work. Thanks segv11.)
Now we can copy su and Superuser.apk to the correct spots to give us root.
9) Mount the system partition as r/w: mount -o remount,rw -t ext4 /dev/block/mmcblk0p1 /system
10) Copy su to /system: cat /data/local/tmp/su > /system/bin/su
11) Change permissions on su: chmod 06755 /system/bin/su
12) Symlink su to /xbin/su: ln -s /system/bin/su /system/xbin/su
13) Copy Superuser.apk to /system: cat /data/local/tmp/Superuser.apk > /system/app/Superuser.apk
14) Change permissions on Superuser.apk: chmod 0644 /system/app/Superuser.apk
15) Delete the file that the exploit created: rm /data/local.prop
16) Exit the ADB shell: exit (May have to type exit twice to get back to your command prompt.)
17) Type the following (not sure if this is needed for the GNex, but it shouldn't matter): adb shell "sync; sync; sync;"
18) Reboot: adb reboot
19) Done. You now should have root without having to unlock your bootloader. If you want to unlock now, you can without wiping anything. See segv11's app linked at the beginning of this post.
Note: If you still do not have root access after doing these steps, redo them and add this step between 10 and 11:
10b) Change the owner of su: chown 0.0 /system/bin/su (Thanks maxrfon.)
I've done all. It installs supersuser app but the phone is not really rooted and apps that requires it doesn't work
Lorenzo_9 said:
I've done all. It installs supersuser app but the phone is not really rooted and apps that requires it doesn't work
Click to expand...
Click to collapse
Did you try opening the Superuser app?
What happens when you open an app that requires root? Do you get the request for su access?
You can open the app but whith apps that requires root there are no requestes and they don't... Even using root checker you see that you're not rooted
Lorenzo_9 said:
You can open the app but whith apps that requires root there are no requestes and they don't... Even using root checker you see that you're not rooted
Click to expand...
Click to collapse
Re-run the entire procedure again (including pushing the su and Superuser.apk files). When I had done it, I used the latest version of su and Superuser.apk, but when I uploaded the files in the attachment in post #1, I used the files that Bin4ry had in his package, which I assume are older. Regardless, re-download the attachment in the first post and try it again.
efrant said:
Re-run the entire procedure again (including pushing the su and Superuser.apk files). When I had done it, I used the latest version of su and Superuser.apk, but when I uploaded the files in the attachment in post #1, I used the files that Bin4ry had in his package, which I assume are older. Regardless, re-download the attachment in the first post and try it again.
Click to expand...
Click to collapse
Ok I'll do it and then I'll report you what happens. So now have you updated su and superuser.apk?
Lorenzo_9 said:
Ok I'll do it and then I'll report you what happens. So now have you updated su and superuser.apk?
Click to expand...
Click to collapse
Yes, I put the latest versions in the zip in the first post.
I can confirm that this works, and also that step 10b was not needed for me. This is the first time I have not used a toolkit so if I can do it, anyone can.
Running a Verizon Galaxy Nexus, this allowed me to update to the leaked Jelly Bean OTA with a locked bootloader. I first flashed stock 4.0.4 and locked the bootloader. I then used the exploit to gain root access, allowing me to apply IMM76Q and JRO03O OTA updates via stock recovery. (Rebooting between updates.) Thank you for creating a guide that this newb could easily understand and follow.
serty4011 said:
I can confirm that this works, and also that step 10b was not needed for me. This is the first time I have not used a toolkit so if I can do it, anyone can.
Running a Verizon Galaxy Nexus, this allowed me to update to the leaked Jelly Bean OTA with a locked bootloader. I first flashed stock 4.0.4 and locked the bootloader. I then used the exploit to gain root access, allowing me to apply IMM76Q and JRO03O OTA updates via stock recovery. (Rebooting between updates.) Thank you for creating a guide that this newb could easily understand and follow.
Click to expand...
Click to collapse
Thanks for confirming that step was not needed.
Thanks!
Bookmarked for future reference :good:
does it work on nexus 7 ?
dacc said:
does it work on nexus 7 ?
Click to expand...
Click to collapse
Yes, it should.
thans for quick response
Works fine for my GNex, big thanks! How about putting it into a script for non-advanced users here?
wictor1992 said:
Works fine for my GNex, big thanks! How about putting it into a script for non-advanced users here?
Click to expand...
Click to collapse
Glad you got it working!
As for putting it into a script, I could but I'd rather not. As with most of the guides that I have written up, I purposely do not put things into a script so that people would actually go through all the steps and, by doing so, maybe get an understanding of what they are actually doing, and hopefully learn something in the process. If I would have packaged it up into a script, a lot of the less experienced users would not even try to go through the steps -- they would just use the script, and no one learns anything yet again. See here for some discussion on one-click scripts. Granted, blindly following a step-by-step is not much better, but I have tried to put comments and explanations throughout to facilitate learning. It's about the journey...
P.S.: I would appreciate it if no one else posts a script in this thread.
efrant said:
P.S.: I would appreciate it if no one else posts a script in this thread.
Click to expand...
Click to collapse
can i make a script that just puts in big text "STOP USING TOOLKITS AND 1 CLICKS"
Zepius said:
can i make a script that just puts in big text "STOP USING TOOLKITS AND 1 CLICKS"
Click to expand...
Click to collapse
LOL! Yes, sure, that's one script I don't mind being posted. LOL!
Heh, fair enough. I think I'm learning a bit about adb
One question: I can't replace system APKs by installing them, it tells me that there is a signature conflict. How can I fix that? I thought it shouldn't happen after rooting. (I'm trying to install the "international" velvet.apk).
wictor1992 said:
Heh, fair enough. I think I'm learning a bit about adb
One question: I can't replace system APKs by installing them, it tells me that there is a signature conflict. How can I fix that? I thought it shouldn't happen after rooting. (I'm trying to install the "international" velvet.apk).
Click to expand...
Click to collapse
Let's try to keep this thread on-topic please.
But to answer your question, don't install the apk. Using a file explorer that has root access, copy it to /system/app (after making sure that system is r/w) and make sure the permissions are set to match the other apks in that directory.
when running adb after running the command where i tell it to restore fake restore and then while the "exploit" is running ikeep getting , in cmd, link failed, no such file or directory, and it just keep doing that. is this normal or did i do something wrong.
efrant said:
Let's try to keep this thread on-topic please.
But to answer your question, don't install the apk. Using a file explorer that has root access, copy it to /system/app (after making sure that system is r/w) and make sure the permissions are set to match the other apks in that directory.
Click to expand...
Click to collapse
So, by going into the settings menu of the FTV and toggling the ADB Debug flag, this allows for installing via a push from ADB.
The text that is displayed when changing this value also says that by enabling the setting, it allows for package installs from unknown sources.
Is this not quite the case though?
Using ES File Manager, when selecting an apk package located in the downloads folder on the device, the message shown in the attached screenshot appears.
Since there's no way to do so from the front-end, I am assuming that we will need root to change the flag to truly allow installing from any source?
Any possible way to do this without root?
mkhopper said:
So, by going into the settings menu of the FTV and toggling the ADB Debug flag, this allows for installing via a push from ADB.
The text that is displayed when changing this value also says that by enabling the setting, it allows for package installs from unknown sources.
Is this not quite the case though?
Using ES File Manager, when selecting an apk package located in the downloads folder on the device, the message shown in the attached screenshot appears.
Since there's no way to do so from the front-end, I am assuming that we will need root to change the flag to truly allow installing from any source?
Any possible way to do this without root?
Click to expand...
Click to collapse
Yeah, this isn't currently possible for the public. There is a root exploit(s) already developed but they have not been released yet. The developer, jcase, said he will release an exploit on the same day the upcoming Fire TV update is pushed (the exploit will not be compatible with the update so if you want it you'll need to follow the instructions in the other thread for blocking OTA updates).
mkhopper said:
Any possible way to do this without root?
Click to expand...
Click to collapse
Are you having issues with ADB? We can probably help you get those resolved.
Chahk said:
Are you having issues with ADB? We can probably help you get those resolved.
Click to expand...
Click to collapse
Thanks, but no. I use the automatic tool to push packages with no problems. I was just looking for other methods of package installation that could be done directly while on the FTV.
mkhopper said:
Thanks, but no. I use the automatic tool to push packages with no problems. I was just looking for other methods of package installation that could be done directly while on the FTV.
Click to expand...
Click to collapse
Not at this time. Amazon disabled side-loading of APKs from the device itself. Root would be the only way to get around that.
mkhopper said:
Thanks, but no. I use the automatic tool to push packages with no problems. I was just looking for other methods of package installation that could be done directly while on the FTV.
Click to expand...
Click to collapse
http://forum.xda-developers.com/showthread.php?t=2715315
Sent from my MZ617 using XDA Premium 4 mobile app
Kramar111 said:
http://forum.xda-developers.com/showthread.php?t=2715315
Click to expand...
Click to collapse
several days ago it occurred to me to alternatively use sshd for terminal access, because:
-a) I feel a little unsafe leaving adb wifi enabled all the time (ok it's only a small thing to turn it on and off, but still) - and for security reasons there is no way to enable/disable it programmatically e.g. from a script/shell/terminal/app (well theoretically this is not exactly true, but practically it is)
-2) some people (i.e. me) would like to do shell/terminal remotely sometimes, rather than on the AFTV (and other people don't have/want a keyboard)
ssh access makes a great alternative to Term.apk, but the problem is:
- Term.apk and/or (pick your favorite android ssh server) don't have permission to run e.g. "pm install foo.apk" - it will fail. (btw 'pm' is a great command, take a look sometime at all the options. it shares a lot of functions as the adb command itself. 'am' is another fun command...)
- so, the hilarious workaround of enabling adb wifi, "adb connect", and then finally "adb shell" or "adb install" etc., is still required. (b/c the adb user is in the 'shell' group, among others - giving it permission to run /system/bin/pm) - oh well.
for random reference:
Code:
127|[email protected]:/ $ id
uid=2000(shell) gid=2000(shell) groups=1004(input),1007(log),1009(mount),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats)
[email protected]:/ $ exit
[email protected]:/ $ id
uid=10009(app_9) gid=10009(app_9) groups=1015(sdcard_rw),1028,3003(inet),50009(app_40009)
(also note it appears the adb shell user might possibly have 'mount' abilities, but since the /dev/block/sd* nodes permissions' are really locked up, who knows...)