This has been a great forum so I thought I'd share my experience rooting another misc tablet from china. A reeder A7IX from Turkey. It has a nice 1920x1200 display, crappy z2520 processor.
*
Possible Problem 1: 'fastboot oem unlock' does not work and I could only connect with fastboot under windows using the provided manufacturer flash tool from reeder. This lets you install a custom recovery.
Problem 2: there is no obvious custom recovery available for this device
Problem 3: most google searches for installing supersu require custom recovery
Problem 4: SRSroot, the first google hit, reports it is already rooted,as do root checking apps but it apps that require root do not work.
*
Solution: since the 'adb root' command is successful, you can manually execute commands with adb to install SuperSU.
1. Go to http://forum.xda-developers.com/showthread.php?t=1538053
Click CWM / TWRP / MobileODIN installable ZIP: http://download.chainfire.eu/supersu
(At this point you could try adb sideloading the zip, maybe it works? I didn't try it)
Extract the zip file to a place where you can access with ADB.
2. In the zip file there is a folder /META-INF/com/google/android/update-binary
Open update-binary in a text editor
At the top it has instructions on how to manually root. I followed the ones for API 7+ and 17+ and 19+ but not 20+ since it is android 4.2
Here is my copy from update-binary for example:
# To install SuperSU properly, aside from cleaning old versions and
# other superuser-type apps from the system, the following files need to
# be installed:
#
# API** source*********************** target***************************** chmod** chcon********************** required
#
# 7-19* common/Superuser.apk********* /system/app/Superuser.apk********** 0644*** ubject_r:system_file:s0** gui
# 20+** common/Superuser.apk********* /system/app/SuperSU/SuperSU.apk**** 0644*** ubject_r:system_file:s0** gui
#
# 17+** common/install-recovery.sh*** /system/etc/install-recovery.sh**** 0755*** *1************************* required
# 17+******************************** /system/bin/install-recovery.sh**** (symlink to /system/etc/...)******* required
# *1: same as /system/bin/toolbox: ubject_r:system_file:s0 if API < 20, ubject_r:toolbox_exec:s0 if API >= 20
#
# 7+*** ARCH/su********************** /system/xbin/su******************** *2***** ubject_r:system_file:s0** required
# 7+********************************* /system/bin/.ext/.su*************** *2***** ubject_r:system_file:s0** gui
# 17+******************************** /system/xbin/daemonsu************** 0755*** ubject_r:system_file:s0** required
# 17+******************************** /system/xbin/sugote**************** 0755*** ubject_r:zygote_exec:s0** required
# *2: 06755 if API < 18, 0755 if API >= 18
#
# 19+** ARCH/supolicy**************** /system/xbin/supolicy************** 0755*** ubject_r:system_file:s0** required
# 19+** ARCH/libsupol.so************* /system/lib(64)/libsupol.so******** 0644*** ubject_r:system_file:s0** required
#
# 17+** /system/bin/sh or mksh *3**** /system/xbin/sugote-mksh*********** 0755*** ubject_r:system_file:s0** required
# *3: which one (or both) are available depends on API
*
What does it all mean? Basically you need to transfer files from the zip file using 'adb push' and then 'adb shell chmod' as per the above list. There is one 'ln -s' as well for install-recovery.sh. I found the chcon is not required and I ignored it. (ARCH is x86).
e.g. for the first line
# 7-19* common/Superuser.apk********* /system/app/Superuser.apk********** 0644*** ubject_r:system_file:s0** gui
you need to use the commands (where (ZIP/) is from where you extracted the ZIP file):
adb root
adb push (ZIP/)common/Superuser.apk /system/app/Superuser.apk
adb shell chmod 0644 /system/app/Superuser.apk
*
The exception is
# 17+******************************** /system/bin/install-recovery.sh**** (symlink to /system/etc/...)******* required
adb shell ln -s /system/etc/install-recovery.sh /system/bin/install-recovery.sh
*
Have fun! and of course at your own risk.
Do you think this same procedure would work with the Reeder A10iX?
Related
Apparently, some firmwares seem to disable "adb" service on the Galaxy S.
So in case you run into this problem (adb unable to see the device) what you will need is to modify /default.prop on the SGS.
Here is what I had originally:
Code:
#
# ADDITIONAL_DEFAULT_PROPERTIES
#
ro.secure=1
ro.debuggable=0
persist.service.adb.enable=0
To enable ADB on SGS
1. Run on the device: setprop persist.service.adb.enable 1 to temporarily switch it on.
2. pull /default.props with adb and modify the "ro.secure=0" and "persist.service.adb.enable=1"
2. mount -o remount,rw rootfs /
3. push modified default.props back to /
It's what I'd need, but the guide it's not quite clear to me:
1. Run on the device, means on terminal emulator?
2. How to pull? And please, specify better what to change...
I assume the rest of commands must be issue on the device via terminal emulator...
Let me know and thanx so much!
details
In more detail:
1. Root your device (see FAQ sticky post)
2. Install shell emulator on the device
3. In shell emulator, enable ADB (not sure if you need to run "su" before that):
setprop persist.service.adb.enable 1
4. Now, you should be able to connect to the device with ADB (temporarily). If not, make sure your udev rules (for Linux: /etc/udev/rules.d/51-android.rules) are smth like:
SUBSYSTEM=="usb|usb_device", ATTRS{idVendor}=="04e8", MODE="0666"
5. To make the change permanent:
adb pull /default.props .
(this will copy default props to local directory)
6. Modify the two properties as follows:
ro.secure=0
persist.service.adb.enable=1
7. Re-mount the root filesystem on the device in read-write mode (requires "su" before that):
mount -o remount,rw rootfs /
8. Now overwrite the /default.props on the device with modified one:
adb push default.props /default.props
1. How can I root my phone?
1.1 General information/Basic adb-commands
Rooting a phone enables you to do things, which normally aren't possible for the average user like:
- Removing apps which were preinstalled by the provider (like Orange, Vodafone, etc.). My Tattoo had Vodafone apps for buying music and other sh*t, which was installed on the system partition (to which a "normal" user has no rights to write to, including deleting).
The Tattoo was successfully rooted by a bunch of guys here, namely -bm-, mainfram3 and Coburn64 (maybe, I don't remember quite correctly ). Also the Tattoo was the first phone having a security mechanism hindering a user to mount the filesystems as read/write, which had to be overridden by remapping the read only memory region to a read/write one. This is done by the module Tattoo-hack.ko, also made by mainfram3. He also created the first boot.img, which enabled su directly from adb and loading Tattoo-hack directly from boot on.
A few words about adb:
ADB is a tool for communicating from the PC with the mobile phone. For this a service is running on the phone enabling the communication via Terminal Emulator. Here are the most useful adb-commands:
Code:
adb push localFileFromPC /path/on/mobilephone
-> pushes a file "localFileFromPC" to a specified location on the phone
adb pull /path/to/file pathFromPC
-> receives a file from the phone and stores it to "pathFromPC"
adb remount
-> This is only possible in custom ROMs, remounts the file system to r/w automatically
adb shell "command"
-> executes "command" and returns to the computer shell
adb shell
-> opens a shell session on the phone (from here on you have to be very careful! Also you can execute now normal linux commands like rm, mv, ls, chmod and so on, but not cp (this can done through busybox)). You will have to use this more often, so get used to it
1.2 Do I have to create a goldcard?
I read this question quite often. For rooting, you don't need it, but for SIM-locked phones you can't flash custom unbranded ROMs (I think).
A guide to create a goldcard follow this link: http://forum.xda-developers.com/show...88&postcount=1 (thanks to MiSSigNNo to this point)
1.3 Tools you need
A complete set of tools can be found here Feel free to mirror it:
http://rapidshare.com/files/403766494/Tattoo.rar.html
Mirror(s):
http://www.bild-ton.net/Tattoo.rar
http://www.megaupload.com/?d=CI9AW83F
This package contains:
- adb binaries for Windows (sorry Linux users )
- su (Please note: use the su-binary attached in this post, not the one in the archive!!!!!)
- m7 exploit
- Amon_RA recovery.img
- mainfram3 boot.img
- flash_image binary
- tattoo-hack.ko
1.4 The automated way
This method was created by maverixx and can be found here. This basically consists of a package doing everything you need by itself. It roots the phone and flashes maverixx recovery.img, which (no offense) I don't like as much as I like Amon_RA's one!). Just click the batchfile and it does the rest (you have to connect your phone via USB to your PC though ).
If you want to use the automated way, but flashing Amon_RA's recovery, just replace the recovery.img from maverixx' package with the recovery.img provided in my archive file (see 1.3 for the link).
In my time here I noticed quite a few users experiencing problems either with a fully functional su or with the recovery image not flashing certain update.zip packages. It seems to be a matter of luck.
1.5 The manual way (recommended by the author)
I personally like what is done when and how, that's why I recommend the manual way. So let's get down to business Let's see if you know all the adb-commands I wrote here:
1. Let's say you have everything unpacked into C:\Tattoo
2. In your terminal (on your PC) type:
- adb shell "mkdir /data/local/bin" (if it returns an error it means that the directory already exists, just proceed)
- adb push m7 /data/local/bin/
- adb push su /data/local/bin/
- adb push flash_image /data/local/bin/
- adb push tattoo-hack.ko /data/local/bin/
- adb push recovery.img /sdcard
- adb push boot.img /sdcard
3. We have every needed file on the phone now. Type now (we are still in your terminal):
- adb shell
$ cd /data/local/bin
$ chmod 766 m7 (I don't retain this step as mandatory, so if this process fails, just proceed)
$ while ./m7 ; do : ; done
lots of text until you see something like "wrote shell code", press enter 2 or 3 times enter to see:
#
4. Then perform this:
- # export LD_LIBRARY_PATH=/system/lib
- # export PATH=/system/bin
- # insmod ./tattoo-hack.ko
- # mount -o rw,remount /dev/block/mtdblock5 /data
- # mount -o rw,remount /dev/block/mtdblock3 /system
- # cat ./su > /system/bin/su
- # chmod 4755 /system/bin/su
- # chmod 755 ./flash_image
Questions?
1.6 Problems and (hopefully good) solutions
Q: How do I execute my command line tool?
A: On your Windows host, go to Start->Run...->type "cmd"
Q: Where is my adb? When I type it in my shell it says that it was not found!
A: The adb binary is found in the archive I supplied above or in the Google SDK. As my archive-file is quite smaller than the Google SDK you should take mine. Let's suppose your adb binary is unpacked in C:\Tattoo, then type:
Code:
Your\Current\Location> cd C:\Tattoo
C:\Tattoo> adb <command>Q: adb says "error: device not found" when I try to launch the shell on the phone!
A: Connect the phone with the usb cable and make sure the sd card is not mounted as drive on your PC!!!
Q: When I want to copy something the phone returns that "cp" is not found! Also when I try to move a file, it says "cross-link device".
A: Well, copying from one partition to another is only possible either via busybox or via
Code:
cat file > /location/filename
Example:
cp /data/su /system/bin
is realized by typing
cat /data/su > /system/bin/suAlso make sure that system is r/w!!!
Q: flash_image returns write errors when flashing recovery/boot image!
A:
For boot: Try to redo the flash procedure
For recovery: Note that you can't flash the same recovery.img as the one already installed, so install another recovery.img first (like maverixx) and then Amon_RA's again. If it still doesn't work reboot, remount the partitions r/w, insmod tattoo-hack.ko and retry flashing.
Q: How can I unroot my device?
A: Just delete su from /system/xbin and restore the old boot.img. Alternatively see here for retrieving a stock ROM to flash it on your phone.
i hope someone try this i don't have time
1. Download terminal emulator,android vnc and arm version of backtrack.
2. Extract the content of img file and transfer it in to memory of android devices.
3. Install BusyBox and start it.
4. Open terminal emulator. use "cd" command to get in backtrack directory where extracted content is saved on memory card of device. In this case command is
cd /sdcard/BT5
5. Type "sh bootbt" and we will be in Backtrack.
commend
su
cd/sdcard/bt5
sh bootbt
startvnc
download from torrent
BackTrack 5 ARM Edition Quick Start
This image has been developed and tested on the you yureka. Your mileage may vary on other devices.
As this image runs in a chroot, you will need to have your device rooted. There are numerous tutorials on the subject online and are not included here.
***Rooting your device will potentially void its warranty and we are not in any way resposible if you brick your device while rooting it.***
### IMPORTANT POINTS ###
1. Since the image runs in a chroot, there is no root password set.
2. There are 2 scripts under /usr/bin/ 'startvnc' and 'stopvnc' that are set to start with the Xoom's default resolution.
3. The current vnc password is set to 'toortoor' and can be changed by running 'vncpasswd'
4. This image is a work in progress and suggestions/tips from the community are always welcome.
### GETTING STARTED ###
1. Once you have downloaded the ARM BT package, save the files in a convenient location. The steps below assume they are in the platform-tools folder of the Android SDK.
2. Go to your platform-tools directory and proceed to make a directory on the device to store BT5:
./adb shell
mkdir /sdcard/BT5
exit
3. Copy over the busybox install files:
./adb push busybox /sdcard/
./adb push installbusybox.sh /sdcard
4. Install busybox on the device:
./adb shell
cd /sdcard/
sh installbusybox.sh
exit
5. Transfer the required BT5 files to the device:
./adb push fsrw /sdcard/BT5/
./adb push mountonly /sdcard/BT5/
./adb push bootbt /sdcard/BT5/
./adb push bt5.img.gz /sdcard/BT5/
./adb push unionfs /sdcard/BT5/
6. Uncompress the image and start BT5:
./adb shell
su
cd /sdcard/BT5
gunzip bt5.img.gz
sh bootbt
If all goes well, you'll be in the BT5 chroot:
# sh bootbt
net.ipv4.ip_forward = 1
[email protected]:/# ls /pentest/
backdoors database exploits passwords scanners stressing voip
cisco enumeration forensics python sniffers tunneling web
[email protected]:/#
Hi,
i just found a way to root the 80 xs you need Linux for it (i think a Virtual machine should do but i didn't test it).
FIRST OF ALL YOU CAN BRICK YOUR DEVICE AND I AM NOT RESPONSIBLE FOR IT
Based on "Rooting the Cube U30GT rk3066 android tablet" i think a copy and past version makes it more easy
http://valentijn.sessink.nl/?p=382
download
superuser and su from
http://forum.xda-developers.com/showthread.php?t=1835502
rkflashtool to readout your system
http://sourceforge.net/projects/rkflashtool
and linux_upgrade_tool to upload your modified system image
http://dl.radxa.com/rock/tools/linux/
put all (even Superuser.apk and su from the archive) in top of one directory (/home/user/archos) connect your device to the pc
open a terminal
get root
# cd archos
# adb reboot bootloader
# ./rkflashtool r 0x0000 0x2000 > /tmp/parm
# head -11 /tmp/parm
search for system, there you have the position of your system just to be sure if its the same for you
Code:
PARMDFIRMWARE_VER:4.0.4
MACHINE_MODEL:ARCHOS 80XSK
MACHINE_ID:007
MANUFACTURER:RK30SDK
MAGIC: 0x5041524B
ATAG: 0x60000800
MACHINE: 3066
CHECK_MASK: 0x80
KERNEL_IMG: 0x60408000
#RECOVER_KEY: 1,1,0,20,0
CMDLINE: console=ttyFIQ0 androidboot.console=ttyFIQ0 init=/init initrd=0x62000000,0x00800000 mtdparts=rk29xxnand:[email protected](misc),[email protected](kernel),[email protected](boot),[email protected](recovery),[email protected](backup),[email protected](cache),[email protected](kpanic),[U][COLOR="Red"][email protected](system)[/COLOR][/U],[email protected](userdata)
# ./rkflashtool r 0x00154000 0x00100000 > system
# cp system new
# mkdir /mnt/img
# mount new /mnt/img
# cp su /mnt/img/bin/
# cp Superuser.apk /mnt/img/app/
# chown root:2000 /mnt/img/bin/su
# chmod 6774 /mnt/img/bin/su
# umount /mnt/img
# ./upgrade_tool di -s new
# ./rkflashtool b
and if all went right open terminal on the tablet and type su and watch superuser to come up
now you can install AdAway from F-Droid and be happy
Greetings
Sebastian
Hi there everyone!
I'm trying to `adb backup` a device with no screen. I installed CWM, a rootkit, and SuperSU/adbd insecure, fully updated. Now I have the following problem:
Code:
# Without adbd insecure, su simply fails, no message on phone from SuperSU:
pc$ adb shell
[email protected]:/ $ su
1|[email protected]:/ $
# With adbd insecure, validated in SuperSU
pc$ adb shell
[email protected]:/ # cd /data
[email protected]:/data # ls
opendir failed, Permission denied
255|[email protected]:/data # su system
DIE: credentials different than expected
1|[email protected]:/data # whoami
whoami: unknown uid 0
1|[email protected]:/data # su
[email protected]:/data # ls
opendir failed, Permission denied
Again, nothing shows up on the screen (I'm checking that using ADB Control, which, incidentally, has to be killed before launching `adb backup`, otherwise adb stops after a few seconds.)
Any help is wholefully welcome!
Configuration:
Hardware: i9195 with dead screen & digitizer, 8gb internal memory.
OS: Android 4.2.2
Mods: CWM installed using heimdall, RootKit from this thread, then SuperSU updated
Additional apps: adbd insecure, adb up to date on computer