Thanks goes to #TeamWin for Temp Root
This is For Windows only, if you wish to make it work for linux or mac help your self...
Remember, This is still a Temp Root & any Changes made will be Rest back to stock on a Reboot
It's stable & works 100%
I Personally have not lost Root with this new Method
Q. I thought RW was Fixed?
A. Caused by Deleting an apk / file that was already deleted. Journaling shows it still there!
Keep Track of what you delete, as trying to delete something off system that you alread di hangs the /system into RO state.
Before Using!!HTC Sync Must be Turned OFF
Put the Phone into Charge Mode only ( Not Disk Drive )
USB Debugging Must be Turned on
What's Fixed:
Revamped due to new Method:
~ Superuser Apps now Function
~ If you Lose Root, all you have to do is Open terminal & type SU then type fixit! > No More Rebooting & running the exploit again for R/W on system to get Root back in place
~ Fixed R/O Bug!!
~ R/W is now Forced
~ /system is fully editable now! until reboot that is.
~ Busybox is installed to /vendor/bin
~ hex Edited libext4
~ hex edited libfuse.so
~~ This is the Last Update due to it working & Stable ~~
Download for RW HTC Sensation 4G:
````````````````````````````````````````````````````````````````````````````````````````````
Download for RW HTC Evo 3D:
````````````````````````````````````````````````````````````````````````````````````````````
Download for RW HTC Flyer 16GB/32GB:
````````````````````````````````````````````````````````````````````````````````````````````
Download for RW HTC Evo View:
Q. Is this permanent?
A. no, it's a temp root method..
Q. Will I lose SU Access at some point while running the OS?
A. You might, but open terminal & type fixit to get root back!.
Q. What about apps that need a reboot to use superuser?
A. Use Fast Reboot form the market for app that need a reboot..
Q. Can I push & remove items to system & will it work?
A. Yes, but all changes are reset on a reboot.
Once Downloaded, Unzip & double click on the Run_ME_fre3vo_Root.bat File & Enjoy long lasting Root!
OLD NEWS:
Everyone knows that currently with any temp root, you still lose links to the SU Binary & Busybox links, it's just a matter of time before it happens!!
So after digging around somewhat I found an over sight that HTC might use later for system updates via /vendor/bin, who knows at this point though... Anyways, after amount of time the SU Binary along with busybox links if be in system/bin or /system/xbin gets deleted / removed..
Now, what I did was enable the $Path to /vendor/bin which is in the Sensation export PATH..
Any Calls made from this point either be SU or Busybox don't get deleted nor touched from any App requesting the SU Binary!! I've tested this with alot of apps & the Root sticks in place..
Other than Reboot, it might as well be a Perma-Temp-Root!!
Thanks. Hope you got this tablet Mr!
Sent from my HTC Sensation 4G using XDA Premium App
Thanks Eugene for the script!
A few notes though:
1) You are using the older version of re3vo it seems which does not work on he flyer.
2) I replaced the fre3vo version with the current and ran this. it ended successfully however superuser was FCing on me so i had to run the script again and now it works.
I'll check to see how long the root lasts with this
Thanks again!
Could this also be done for the View? I assume you would need the build.prop, init.rc and other view specific files? if so let me know I can get you whatever you need. Actually on second thought I will just attach the files I believe you will need, let me know if you need anything else...
clubtech said:
Thanks Eugene for the script!
A few notes though:
1) You are using the older version of re3vo it seems which does not work on he flyer.
2) I replaced the fre3vo version with the current and ran this. it ended successfully however superuser was FCing on me so i had to run the script again and now it works.
I'll check to see how long the root lasts with this
Thanks again!
Click to expand...
Click to collapse
Sent from my HTC Sensation 4G using XDA App
Can you upload the correct free3vo you are using so I correct my download package.
~Eugene
mark920 said:
Could this also be done for the View? I assume you would need the build.prop, init.rc and other view specific files? if so let me know I can get you whatever you need. Actually on second thought I will just attach the files I believe you will need, let me know if you need anything else...
Click to expand...
Click to collapse
I'll look at this in the morning when I get time.
Sent from my HTC Sensation 4G using XDA App
Sent from my HTC Sensation 4G using XDA App
I used the last temp root u had and it worked perfectly but it seemed to have broke my hdmi capability with my mhl adapter so it stopped working. I had to factory reset my flyer to get it to work again and it did. So I'm reluctant root again for the time being. If anyone has rooted there flyer with this method and has a mhl adapter can u see if it still works. Thanks.
Sent from my HTC Flyer using XDA Premium App
eugene373 said:
Sent from my HTC Sensation 4G using XDA App
Can you upload the correct free3vo you are using so I correct my download package.
Click to expand...
Click to collapse
Attached is the recent version.
vj092887 said:
I used the last temp root u had and it worked perfectly but it seemed to have broke my hdmi capability with my mhl adapter so it stopped working. I had to factory reset my flyer to get it to work again and it did. So I'm reluctant root again for the time being. If anyone has rooted there flyer with this method and has a mhl adapter can u see if it still works. Thanks.
Sent from my HTC Flyer using XDA Premium App
Click to expand...
Click to collapse
My HDMI works just fine after using this. no problem at all.
Also i have not lost root for 3+ hours now
is it normal:
Code:
C:\Users\Mathieu\Downloads\RW_Flyer>adb wait-for-device
C:\Users\Mathieu\Downloads\RW_Flyer>adb push fre3vo /data/local/tmp
613 KB/s (9796 bytes in 0.015s)
C:\Users\Mathieu\Downloads\RW_Flyer>adb shell chmod 777 /data/local/tmp/fre3vo
C:\Users\Mathieu\Downloads\RW_Flyer>adb shell /data/local/tmp/fre3vo
fre3vo by #teamwin
Please wait...
C:\Users\Mathieu\Downloads\RW_Flyer>adb wait-for-device
C:\Users\Mathieu\Downloads\RW_Flyer>adb shell sleep 1
C:\Users\Mathieu\Downloads\RW_Flyer>adb remount
remount succeeded
C:\Users\Mathieu\Downloads\RW_Flyer>adb shell mount -o rw,remount rootfs /
C:\Users\Mathieu\Downloads\RW_Flyer>adb shell mount -o remount,suid /dev/block/m
mcblk0p29 /data
C:\Users\Mathieu\Downloads\RW_Flyer>adb shell mkdir /vendor/bin
mkdir failed for /vendor/bin, No such file or directory
C:\Users\Mathieu\Downloads\RW_Flyer>adb shell chmod 4755 /system/bin/sh
C:\Users\Mathieu\Downloads\RW_Flyer>adb push ./sqlite3 /vendor/bin
failed to copy './sqlite3' to '/vendor/bin': No such file or directory
C:\Users\Mathieu\Downloads\RW_Flyer>adb push ./libext4_utils.so /system/lib
1668 KB/s (39292 bytes in 0.023s)
C:\Users\Mathieu\Downloads\RW_Flyer>adb push ./libfuse.so /system/lib
2422 KB/s (101728 bytes in 0.041s)
C:\Users\Mathieu\Downloads\RW_Flyer>adb shell chmod 655 /system/lib/libext4_util
s.so
C:\Users\Mathieu\Downloads\RW_Flyer>adb shell chmod 000 /system/lib/libfuse.so
C:\Users\Mathieu\Downloads\RW_Flyer>adb push ./default.prop /default.prop
12 KB/s (125 bytes in 0.010s)
C:\Users\Mathieu\Downloads\RW_Flyer>adb push ./init.rc /init.rc
914 KB/s (20608 bytes in 0.022s)
C:\Users\Mathieu\Downloads\RW_Flyer>adb push ./init.flyer.rc /init.flyer.rc
363 KB/s (5218 bytes in 0.014s)
C:\Users\Mathieu\Downloads\RW_Flyer>adb shell chmod 755 /default.prop
C:\Users\Mathieu\Downloads\RW_Flyer>adb shell chmod 755 /init.rc
C:\Users\Mathieu\Downloads\RW_Flyer>adb shell chmod 755 /init.flyer.rc
C:\Users\Mathieu\Downloads\RW_Flyer>adb push ./fixit /vendor/bin
failed to copy './fixit' to '/vendor/bin': No such file or directory
C:\Users\Mathieu\Downloads\RW_Flyer>adb push ./su /sbin
1028 KB/s (26324 bytes in 0.025s)
C:\Users\Mathieu\Downloads\RW_Flyer>adb push ./su /data/bin
2336 KB/s (26324 bytes in 0.011s)
C:\Users\Mathieu\Downloads\RW_Flyer>adb push ./busybox /vendor/bin
failed to copy './busybox' to '/vendor/bin': No such file or directory
C:\Users\Mathieu\Downloads\RW_Flyer>adb shell chmod 4755 /sbin
C:\Users\Mathieu\Downloads\RW_Flyer>adb shell chmod 4755 /sbin/su
C:\Users\Mathieu\Downloads\RW_Flyer>adb shell chmod 4755 /data/bin/su
Unable to chmod /data/bin/su: Not a directory
C:\Users\Mathieu\Downloads\RW_Flyer>adb shell chmod 4755 /vendor/bin/fixit
Unable to chmod /vendor/bin/fixit: No such file or directory
C:\Users\Mathieu\Downloads\RW_Flyer>adb shell chmod 4755 /vendor/bin/busybox
Unable to chmod /vendor/bin/busybox: No such file or directory
C:\Users\Mathieu\Downloads\RW_Flyer>adb shell chmod 755 /vendor/bin/sqlite3
Unable to chmod /vendor/bin/sqlite3: No such file or directory
C:\Users\Mathieu\Downloads\RW_Flyer>adb shell busybox --install -s /vendor/bin
busybox: not found
C:\Users\Mathieu\Downloads\RW_Flyer>adb shell rm -r /vendor/bin/ls
rm failed for /vendor/bin/ls, No such file or directory
C:\Users\Mathieu\Downloads\RW_Flyer>adb shell rm -r /vendor/bin/reboot
rm failed for /vendor/bin/reboot, No such file or directory
C:\Users\Mathieu\Downloads\RW_Flyer>adb shell rm -r /vendor/bin/chmod
rm failed for /vendor/bin/chmod, No such file or directory
C:\Users\Mathieu\Downloads\RW_Flyer>adb shell rm -r /vendor/bin/chown
rm failed for /vendor/bin/chown, No such file or directory
C:\Users\Mathieu\Downloads\RW_Flyer>adb install ./Superuser.apk
2743 KB/s (196640 bytes in 0.070s)
pkg: /data/local/tmp/Superuser.apk
Failure [INSTALL_FAILED_ALREADY_EXISTS]
C:\Users\Mathieu\Downloads\RW_Flyer>adb install ./androidterm.apk
3939 KB/s (92780 bytes in 0.023s)
pkg: /data/local/tmp/androidterm.apk
Failure [INSTALL_FAILED_ALREADY_EXISTS]
C:\Users\Mathieu\Downloads\RW_Flyer>adb wait-for-device
C:\Users\Mathieu\Downloads\RW_Flyer>adb shell sync
C:\Users\Mathieu\Downloads\RW_Flyer>pause
Appuyez sur une touche pour continuer...
doesnt work for me.
Any idea what I am doing wrong?
C:\Temp\RW_Flyer>adb wait-for-device
adb server is out of date. killing...
* daemon started successfully *
C:\Temp\RW_Flyer>adb push fre3vo /data/local/tmp
adb server is out of date. killing...
* daemon started successfully *
C:\Temp\RW_Flyer>adb shell chmod 777 /data/local/tmp/fre3vo
adb server is out of date. killing...
* daemon started successfully *
C:\Temp\RW_Flyer>adb shell /data/local/tmp/fre3vo
adb server is out of date. killing...
* daemon started successfully *
Locating access point...
This device does not support this exploit.
This device does not support this exploit.
The exploit has failed.
C:\Temp\RW_Flyer>adb wait-for-device
C:\Temp\RW_Flyer>adb shell sleep 1
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
C:\Temp\RW_Flyer>adb remount
adb server is out of date. killing...
* daemon started successfully *
remount failed: Operation not permitted
C:\Temp\RW_Flyer>adb shell mount -o rw,remount rootfs /
adb server is out of date. killing...
* daemon started successfully *
mount: Operation not permitted
C:\Temp\RW_Flyer>adb shell mount -o remount,suid /dev/block/mmcblk0p29 /data
mount: Operation not permitted
C:\Temp\RW_Flyer>adb shell mkdir /vendor/bin
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
mkdir failed for /vendor/bin, No such file or directory
C:\Temp\RW_Flyer>adb shell chmod 4755 /system/bin/sh
adb server is out of date. killing...
* daemon started successfully *
Unable to chmod /system/bin/sh: Read-only file system
C:\Temp\RW_Flyer>adb push ./sqlite3 /vendor/bin
adb server is out of date. killing...
* daemon started successfully *
C:\Temp\RW_Flyer>adb push ./libext4_utils.so /system/lib
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
C:\Temp\RW_Flyer>adb push ./libfuse.so /system/lib
adb server is out of date. killing...
* daemon started successfully *
C:\Temp\RW_Flyer>adb shell chmod 655 /system/lib/libext4_utils.so
adb server is out of date. killing...
* daemon started successfully *
Unable to chmod /system/lib/libext4_utils.so: Read-only file system
C:\Temp\RW_Flyer>adb shell chmod 000 /system/lib/libfuse.so
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
Unable to chmod /system/lib/libfuse.so: Read-only file system
C:\Temp\RW_Flyer>adb push ./default.prop /default.prop
adb server is out of date. killing...
* daemon started successfully *
C:\Temp\RW_Flyer>adb push ./init.rc /init.rc
adb server is out of date. killing...
* daemon started successfully *
C:\Temp\RW_Flyer>adb push ./init.flyer.rc /init.flyer.rc
C:\Temp\RW_Flyer>adb shell chmod 755 /default.prop
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
Unable to chmod /default.prop: Read-only file system
C:\Temp\RW_Flyer>adb shell chmod 755 /init.rc
adb server is out of date. killing...
* daemon started successfully *
Unable to chmod /init.rc: Read-only file system
C:\Temp\RW_Flyer>adb shell chmod 755 /init.flyer.rc
adb server is out of date. killing...
* daemon started successfully *
Unable to chmod /init.flyer.rc: Read-only file system
C:\Temp\RW_Flyer>adb push ./fixit /vendor/bin
C:\Temp\RW_Flyer>adb push ./su /sbin
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
C:\Temp\RW_Flyer>adb push ./su /data/bin
adb server is out of date. killing...
* daemon started successfully *
C:\Temp\RW_Flyer>adb push ./busybox /vendor/bin
adb server is out of date. killing...
* daemon started successfully *
C:\Temp\RW_Flyer>adb shell chmod 4755 /sbin
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
Unable to chmod /sbin: Read-only file system
C:\Temp\RW_Flyer>adb shell chmod 4755 /sbin/su
adb server is out of date. killing...
* daemon started successfully *
Unable to chmod /sbin/su: Permission denied
C:\Temp\RW_Flyer>adb shell chmod 4755 /data/bin/su
adb server is out of date. killing...
* daemon started successfully *
Unable to chmod /data/bin/su: No such file or directory
C:\Temp\RW_Flyer>adb shell chmod 4755 /vendor/bin/fixit
Unable to chmod /vendor/bin/fixit: No such file or directory
C:\Temp\RW_Flyer>adb shell chmod 4755 /vendor/bin/busybox
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
Unable to chmod /vendor/bin/busybox: No such file or directory
C:\Temp\RW_Flyer>adb shell chmod 755 /vendor/bin/sqlite3
adb server is out of date. killing...
* daemon started successfully *
Unable to chmod /vendor/bin/sqlite3: No such file or directory
C:\Temp\RW_Flyer>adb shell busybox --install -s /vendor/bin
adb server is out of date. killing...
* daemon started successfully *
busybox: permission denied
C:\Temp\RW_Flyer>adb shell rm -r /vendor/bin/ls
rm failed for /vendor/bin/ls, No such file or directory
C:\Temp\RW_Flyer>adb shell rm -r /vendor/bin/reboot
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
rm failed for /vendor/bin/reboot, No such file or directory
C:\Temp\RW_Flyer>adb shell rm -r /vendor/bin/chmod
adb server is out of date. killing...
* daemon started successfully *
rm failed for /vendor/bin/chmod, No such file or directory
C:\Temp\RW_Flyer>adb shell rm -r /vendor/bin/chown
adb server is out of date. killing...
* daemon started successfully *
rm failed for /vendor/bin/chown, No such file or directory
C:\Temp\RW_Flyer>adb install ./Superuser.apk
C:\Temp\RW_Flyer>adb install ./androidterm.apk
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
adb server is out of date. killing...
* daemon started successfully *
adb server is out of date. killing...
* daemon started successfully *
adb server is out of date. killing...
* daemon started successfully *
adb server is out of date. killing...
* daemon started successfully *
Click to expand...
Click to collapse
clubtech said:
My HDMI works just fine after using this. no problem at all.
Also i have not lost root for 3+ hours now
Click to expand...
Click to collapse
Ok cool. Thanks for checking this out for me
Sent from my HTC Flyer
Has anybody tested this with a View?
WOW, thanks to all involved, I had just recently aquired my Flyer and thought I would have to sit for the next two months for a root to become available, less than a week later (for me) and we have ROOT albeit temporary, fantastic work !!!!
Will def try this soon after i reach home. Perm-temp- root at the moment is better than nothing ;-i
Nop, doesn't work on mine too. Same errors as nvidia32.
I think it's the same for everyone, am I wrong?
Code:
vendor/bin, No such file or directory
Nvidia32 said:
I think it's the same for everyone, am I wrong?
Code:
vendor/bin, No such file or directory
Click to expand...
Click to collapse
Same here. However, my Flyer still got ROOT after running the Run_ME_Fr3vo_ROOT.bat (with latest fre3vo).
When I enter the terminal, I type su and get the superuser right. But when I type fixit, it returns "not found".
Excellent! Very close to perma-root and we'll be set. Great work!
Hi, I don't know, maybe I'm doing something wrong, but when I'm typing "su" in terminal emulator, there is "permission denied"...
Fixing Post now with Correct Fre3vo root file.. This could be everyone issue that was posted in #2
***EDIT***
HTC Flyer Perma-Temp Root is now Fixed with the Correct Fre3vo. in OP ( 7/18/2011 @ 11:05AM )
Also can somebody do in adb shell
#
echo $PATH ( enter )
And Post the Results of this, Also no I don't have this Device but was requested to add support from a DM by clubtech
Thanks,
~Eugene
Related
EDIT: Great news! We have an on-device one-click root again!
Simply download VISIONary from (edit: used to be in the Market) Modaco. I tried it on FRG83 stock. It works. No ADB, no external computer required, no fuss. Thanks to the developers!
EDIT again: Sorry, the FRG83D build no longer works with VISIONary - BUT - the overall rageagainstthecage method still works via ADB. I also hear that SuperOneClick works but it requires a Windows machine.
----
Ok it's been established that Universal Androot / exploid / freenexus no longer works on FRG33/FRG83 etc. And it's been established that "rageagainstthecage" does still work. So far I'm not aware of a one-click method to implement the latter exploit.
So I'm starting this thread to centralize everyone's experiences. I don't personally need these instructions but other folks apparently do. I've quoted a rooting guide in post #2. If you think any refinements are necessary or you have a better way of writing it out, please feel free to add to this thread.
Thanks to efrant for pointing the way to this guide. Based on comments below, I'm quoting another revised version.
hmanxx said:
Hi OP,
You may want to edit your post #2, I have inserted the mounting commands in the thread i posted previously. this will help novice users to get thing right out of box without figuring why permission denied.
I have just tried out the additional mounting steps..things are working fine..
Tidy up step by step rooting
1) Getting rageagainstthecage-arm5.bin
http://stealth.openwall.net/xSports/RageAgainstTheCage.tgz
2) Getting Superuser.apk, busybox,su
http://forum.xda-developers.com/showthread.php?t=736271
Or
Find yourself..there are many floating around.
3) Rooting Process (Installing custom Recovery rom section is deleted to simplify illustration
Reference:http://forum.xda-developers.com/showpost.php?p=8120790&postcount=250
Code:
F:\ADB>adb push rageagainstthecage-arm5.bin /data/local/tmp/rageagainstthecage
263 KB/s (5392 bytes in 0.020s)
F:\ADB>adb shell chmod 700 /data/local/tmp/rageagainstthecage
F:\ADB>adb shell
$ cd /data/local/tmp
cd /data/local/tmp
$ ./rageagainstthecage
./rageagainstthecage
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3084, 3084}
[*] Searching for adb ...
[+] Found adb as PID 64
[*] Spawning children. Dont type anything and wait for reset!
[*]
[*] If you like what we are doing you can send us PayPal money to
[*] 7-4-3-C[at]web.de so we can compensate time, effort and HW costs.
[*] If you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 USD!
[*]
[*] adb connection will be reset. restart adb server on desktop and re-login.
$
F:\ADB>adb kill-server
F:\ADB>adb start-server
* daemon not running. starting it now *
* daemon started successfully *
F:\ADB>adb shell
#mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
Follow the following steps to install Superuser.apk, busybox,su
F:\ADB>adb shell
# cd /data/local/tmp
cd /data/local/tmp
# ./busybox cp busybox /system/bin
./busybox cp busybox /system/bin
# chmod 4755 /system/bin/busybox
chmod 4755 /system/bin/busybox
# busybox cp Superuser.apk /system/app
busybox cp Superuser.apk /system/app
# busybox cp su /system/bin
busybox cp su /system/bin
# chmod 4755 /system/bin/su
chmod 4755 /system/bin/su
# exit
exit
F:\ADB>adb shell
# su
su
#mount -o remount,ro -t yaffs2 /dev/block/mtdblock3 /system
# exit
exit
Click to expand...
Click to collapse
And below are the previous contents of this post, prior to editing.
-------------
Many respondents on this thread have indicated that the instructions don't work the first time. If you get to the step where you are supposed to get a root shell (#) but you instead get a non-root shell ($), start from the top and try the exploit once or twice more. Apparently if you are persistent it will work.
I'm also told these instructions are missing adb remount before the steps where you push busybox, su and so forth.
hmanxx said:
Tidy up step by step rooting
1) Getting rageagainstthecage-arm5.bin
http://stealth.openwall.net/xSports/RageAgainstTheCage.tgz
2) Getting Superuser.apk, busybox,su
http://forum.xda-developers.com/showthread.php?t=736271
Or
Find yourself..there are many floating around.
3) Rooting Process (Installing custom Recovery rom section is deleted to simplify illustration
Reference:http://forum.xda-developers.com/showpost.php?p=8120790&postcount=250
Code:
F:\ADB>adb push rageagainstthecage-arm5.bin /data/local/tmp/rageagainstthecage
263 KB/s (5392 bytes in 0.020s)
F:\ADB>adb shell chmod 700 /data/local/tmp/rageagainstthecage
F:\ADB>adb shell
$ cd /data/local/tmp
cd /data/local/tmp
$ ./rageagainstthecage
./rageagainstthecage
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3084, 3084}
[*] Searching for adb ...
[+] Found adb as PID 64
[*] Spawning children. Dont type anything and wait for reset!
[*]
[*] If you like what we are doing you can send us PayPal money to
[*] 7-4-3-C[at]web.de so we can compensate time, effort and HW costs.
[*] If you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 USD!
[*]
[*] adb connection will be reset. restart adb server on desktop and re-login.
$
F:\ADB>adb kill-server
F:\ADB>adb start-server
* daemon not running. starting it now *
* daemon started successfully *
F:\ADB>adb shell
#
Follow the following steps to install Superuser.apk, busybox,su
F:\ADB>adb shell
# cd /data/local/tmp
cd /data/local/tmp
# ./busybox cp busybox /system/bin
./busybox cp busybox /system/bin
# chmod 4755 /system/bin/busybox
chmod 4755 /system/bin/busybox
# busybox cp Superuser.apk /system/app
busybox cp Superuser.apk /system/app
# busybox cp su /system/bin
busybox cp su /system/bin
# chmod 4755 /system/bin/su
chmod 4755 /system/bin/su
# exit
exit
F:\ADB>adb shell
# su
su
# exit
exit
Click to expand...
Click to collapse
I too am interested in this info. Looking forward to any info provided....
There is detailed step-by-step info in many threads as to how to use the rageagainstthecage exploit to root your device, e.g.: http://forum.xda-developers.com/showpost.php?p=8300203&postcount=55
Why start a new thread?
efrant said:
There is detailed step-by-step info in many threads as to how to use the rageagainstthecage exploit to root your device, e.g.: http://forum.xda-developers.com/showpost.php?p=8300203&postcount=55
Why start a new thread?
Click to expand...
Click to collapse
Actually that's perfect, thanks.
I started a new thread because the step-by-step info is buried in other threads and many folks post questions asking about it because they can't find said guides. I figured if I could start a new thread with a proper title, it would be located more easily.
All the info is located in Nexus One Wiki, under "Guides" / "Rooting". Direct link to the post with complete data. So I still don't see any need for the post, that will be buried in forum depths. My signature..
But since you posted it, and it's more detailed - I'll change the link to point to it.
[edit 2] The Wiki is damn slow after the forum crash...
[edit 3] It refuses to accept the submit, complaining about "session data loss". Time to complain to admins..
Heh well if the Wiki is crashy at the moment, all the more reason to have a redundant post here.
If you look back to the linked posts, I was the one who suggested which instructions for ali3nfr3ak to follow after a successful push of rageagainstthecage, and then ali3nfr3ak reported success on FRG33, and then hmanxx seems to have stripped out the irrelevant/unnecessary lines. So it's teamwork =)
One thing I'm not sure of - I see the original "exploid"/"freenexus" instructions included a cleanup by removing /system/bin/rootshell. Should something similar be done after rageagainstthecage to clean up?
@ cmstlst This is a good idea, because when I did this I had like 3 different pages open as all the information was spread everywhere, hopefully this will make it easier for everyone to follow, good one
I used the steps posted here to restore root access to a Nexus One which had been previously rooted with 1-click. It was running stock FRF91. It was a fairly smooth process, especially since the update to FRG83 did not delete my Superuser.apk, su, or busybox files. The permissions had just been turned down, so with the RageAgainstTheCage exploit active, I was able to change the permissions as indicated and was off and running.
The only gotcha I ran into was that I had to mount the /system partition read/write before I could set permissions on the files there. After the exploit was active and I had shelled back into the phone via ADB, I issued the command
mount -o remount,rw -t yaffs2 /dev/block/mtdblock4 /system
for the read/write mount and was then able to turn up the permissions. And, in the interests of completeness, to mount /system read-only again afterward:
mount -o remount,ro -t yaffs2 /dev/block/mtdblock4 /system
Thanks much for consolidating the procedure where it was easy to find.
anyway to re-lock the Bootloader
highvista said:
The only gotcha I ran into was that I had to mount the /system partition read/write before I could set permissions on the files there. After the exploit was active and I had shelled back into the phone via ADB, I issued the command
mount -o remount,rw -t yaffs2 /dev/block/mtdblock4 /system
Click to expand...
Click to collapse
It's mtdblock3, not mtdblock4, though for some reason the mount worked for me even on 6. But in any case, much better and easier done using ADB command:
adb remount
Finally the Wiki is also back to work, the "Rooting FRG83" link is updated to point to this thread.
Here, the rageagainstthecage didn't work.
I followed these steps:
F:\ADB>adb push rageagainstthecage-arm5.bin /data/local/tmp/rageagainstthecage
263 KB/s (5392 bytes in 0.020s)
F:\ADB>adb shell chmod 700 /data/local/tmp/rageagainstthecage
F:\ADB>adb shell
$ cd /data/local/tmp
cd /data/local/tmp
$ ./rageagainstthecage
./rageagainstthecage[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3084, 3084}[*] Searching for adb ...
[+] Found adb as PID 64[*] Spawning children. Dont type anything and wait for reset![*][*] If you like what we are doing you can send us PayPal money to[*] 7-4-3-C[at]web.de so we can compensate time, effort and HW costs.[*] If you are a company and feel like you profit from our work,[*] we also accept donations > 1000 USD![*][*] adb connection will be reset. restart adb server on desktop and re-login.
$
F:\ADB>adb kill-server
F:\ADB>adb start-server
* daemon not running. starting it now *
* daemon started successfully *
F:\ADB>adb shell
#
Click to expand...
Click to collapse
But, I didn't get root shell (#), when I typed "adb shell" I still got ($).
I'm in FRG83, Android 2.2.1.
Any ideas?
cmstlist said:
Thanks to efrant for pointing the way to this guide.
Click to expand...
Click to collapse
Thank you for posting this. It was a big help. I lost my root after 2.2.1 and this worked great. I did have to execute the .bin file 3 times. The first time, I got $, and the second time as well. It was only on the 3rd execute that I got the # prompt. I read that others had the same problem, that it only worked after a few times.
highvista said:
I used the steps posted here to restore root access to a Nexus One which had been previously rooted with 1-click. It was running stock FRF91. It was a fairly smooth process, especially since the update to FRG83 did not delete my Superuser.apk, su, or busybox files. The permissions had just been turned down, so with the RageAgainstTheCage exploit active, I was able to change the permissions as indicated and was off and running.
The only gotcha I ran into was that I had to mount the /system partition read/write before I could set permissions on the files there. After the exploit was active and I had shelled back into the phone via ADB, I issued the command
mount -o remount,rw -t yaffs2 /dev/block/mtdblock4 /system
for the read/write mount and was then able to turn up the permissions. And, in the interests of completeness, to mount /system read-only again afterward:
mount -o remount,ro -t yaffs2 /dev/block/mtdblock4 /system
Thanks much for consolidating the procedure where it was easy to find.
Click to expand...
Click to collapse
Thank you for this. I was in the same situation and I was not able to set the premissions. Then I saw your post. I am not a Linux/Unix guy, so it was step-by-step for me. Curiously, why is it necessary to change the premission for su, busybox, etc.?
Thanks guys.
Atento said:
Here, the rageagainstthecage didn't work.
I followed these steps:
But, I didn't get root shell (#), when I typed "adb shell" I still got ($).
I'm in FRG83, Android 2.2.1.
Any ideas?
Click to expand...
Click to collapse
I had this, too. Like the above poster said, I got # after several tries. However something went wrong midway through the other steps from efrant, and I went back and lost #, only had $.
Also looking for ideas.
Xel'Naga said:
I had this, too. Like the above poster said, I got # after several tries. However something went wrong midway through the other steps from efrant, and I went back and lost #, only had $.
Also looking for ideas.
Click to expand...
Click to collapse
I would try the process over again from the beginning. Once you get the #, follow highvista's information to mount the file system as RW, and do the chmods. After you are done, re-mount as RO.
snovvman said:
I would try the process over again from the beginning. Once you get the #, follow highvista's information to mount the file system as RW, and do the chmods. After you are done, re-mount as RO.
Click to expand...
Click to collapse
Yup, had to reboot the device and try again about four times and then it finally all stuck. Now rooted on 2.2.1.
snovvman said:
Thank you for posting this. It was a big help. I lost my root after 2.2.1 and this worked great. I did have to execute the .bin file 3 times. The first time, I got $, and the second time as well. It was only on the 3rd execute that I got the # prompt. I read that others had the same problem, that it only worked after a few times.
Thank you for this. I was in the same situation and I was not able to set the premissions. Then I saw your post. I am not a Linux/Unix guy, so it was step-by-step for me. Curiously, why is it necessary to change the premission for su, busybox, etc.?
Thanks guys.
Click to expand...
Click to collapse
Thanks for your replies! I'm rooted now.
Thanks for all!!!
Hi OP,
You may want to edit your post #2, I have inserted the mounting commands in the thread i posted previously. this will help novice users to get thing right out of box without figuring why permission denied.
I have just tried out the additional mounting steps..things are working fine..
Tidy up step by step rooting
1) Getting rageagainstthecage-arm5.bin
http://stealth.openwall.net/xSports/...nstTheCage.tgz
2) Getting Superuser.apk, busybox,su
http://forum.xda-developers.com/showthread.php?t=736271
Or
Find yourself..there are many floating around.
3) Rooting Process (Installing custom Recovery rom section is deleted to simplify illustration
Reference:http://forum.xda-developers.com/show...&postcount=250
Code:
F:\ADB>adb push rageagainstthecage-arm5.bin /data/local/tmp/rageagainstthecage
263 KB/s (5392 bytes in 0.020s)
F:\ADB>adb shell chmod 700 /data/local/tmp/rageagainstthecage
F:\ADB>adb shell
$ cd /data/local/tmp
cd /data/local/tmp
$ ./rageagainstthecage
./rageagainstthecage[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3084, 3084}[*] Searching for adb ...
[+] Found adb as PID 64[*] Spawning children. Dont type anything and wait for reset![*][*] If you like what we are doing you can send us PayPal money to[*] 7-4-3-C[at]web.de so we can compensate time, effort and HW costs.[*] If you are a company and feel like you profit from our work,[*] we also accept donations > 1000 USD![*][*] adb connection will be reset. restart adb server on desktop and re-login.
$
F:\ADB>adb kill-server
F:\ADB>adb start-server
* daemon not running. starting it now *
* daemon started successfully *
F:\ADB>adb shell
#mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
Follow the following steps to install Superuser.apk, busybox,su
F:\ADB>adb shell
# cd /data/local/tmp
cd /data/local/tmp
# ./busybox cp busybox /system/bin
./busybox cp busybox /system/bin
# chmod 4755 /system/bin/busybox
chmod 4755 /system/bin/busybox
# busybox cp Superuser.apk /system/app
busybox cp Superuser.apk /system/app
# busybox cp su /system/bin
busybox cp su /system/bin
# chmod 4755 /system/bin/su
chmod 4755 /system/bin/su
# exit
exit
F:\ADB>adb shell
# su
su
#mount -o remount,ro -t yaffs2 /dev/block/mtdblock3 /system
# exit
exit
Thanks, I'll fix it up when I'm at a desktop computer again and less occupied by the Masters thesis I'm defending in just over 2 weeks
Sent from my Nexus One using XDA App
hehe oh noes. I gave the cage file a go 3 times, failed, so I got pissed and unlocked the bootloader, then now I read about the remounting of the file system.. didn't think about that.
well.. now I can't undo the unlocking :/
As the froyo upgrades are rolling out now, you'll find that universal androot doesn't work.
If you are using windows, then its very easy to root the new builds using superoneclick.
http://forum.xda-developers.com/showthread.php?t=803682
you can do it with linux but its quicker to do it manually.
I'll post instructions later for that.. see post #3
I'll also update with some tweaks that help with battery life and speed
Thanks for this Mate
here's how to root the froyo streak builds manually.. so useful to linux / mac users and anyone who doesn't want to use the superoneclick
Code:
GET ECLAIR/FROYO version of Superuser.apk and su
from http://forum.xda-developers.com/showthread.php?t=682828 extract the two files to the directory you're working from..
GET rageagainstthecage from
http://stealth.openwall.net/xSports/RageAgainstTheCage.tgz
extract the rageagainstthecage-arm5.bin to the same directory you're working from
open a terminal/command line
adb push rageagainstthecage-arm5.bin /data/local/tmp/rageagainstthecage
adb push Superuser.apk /data/local/tmp/Superuser.apk
adb push su /data/local/tmp/su
adb push busybox /data/local/tmp/busybox
adb shell chmod 700 /data/local/tmp/rageagainstthecage
adb shell chmod 700 /data/local/tmp/busybox
adb shell
cd /data/local/tmp
./rageagainstthecage
******this will kill adb server but manually kill it anyway and restart it ******
adb kill-server
adb start-server
* daemon not running. starting it now *
* daemon started successfully *
adb shell
mount -o remount,rw -t yaffs2 /dev/block/mtdblock6 /system
**********Follow the following steps to install Superuser.apk, busybox,su ****************
cd /data/local/tmp
./busybox cp busybox /system/bin/
chmod 4755 /system/bin/busybox
busybox cp Superuser.apk /system/app/
busybox cp su /system/bin/
chmod 4755 /system/bin/su
exit
exit
then reboot streak
************to remount filesystem as readonly,*************
adb shell
# su
su
#mount -o remount,ro -t yaffs2 /dev/block/mtdblock6 /system
# exit
exit
This is supposed to be a helpful thread to help people who want a simple easy way of rooting the froyo releases.
Not a discussion on why you cant find something
Orionbg I have no idea whether that one works as the two ways I've suggested do work..
Lets keep it simple, think about those who really struggle rather than confusing them with more info than needed ;-)
Lufc can you lock it and add it to the stickies so as not to let it spiral away.
I'd rather keep it clear and easy for people to follow...
hello at all
i have a little problem. i buyed a used x10i with older firmware but rooted. first of all i only have debian linux 6 64bit and an virtual windows xp. could update to newest firmware 2.1.1.a.0.6 with seus on virtualbox (i did the "repair"). then the root was gone. so i tryed out every version of superoneclick on virtual windows but not working, it freezes everytime. also tried z4mod and flashtool, not working
so i tried manual with adb (i have installed android sdk). i used the binaries from superoneclick 1.9.5. i think the best is when i post my cmd-session:
(i have to replace the shell-prompt from debian with [debian]$, because the forum says me this is an external link...)
Code:
[debian]$ adb push psneuter /data/local/tmp
1635 KB/s (585731 bytes in 0.349s)
[debian]$ adb push su-v1 /sdcard/
430 KB/s (26256 bytes in 0.059s)
[debian]$ adb push su-v2 /sdcard/
579 KB/s (26264 bytes in 0.044s)
[debian]$ adb push su-v3 /sdcard/
437 KB/s (26324 bytes in 0.058s)
[debian]$ adb push Superuser.apk /sdcard/
2063 KB/s (196521 bytes in 0.092s)
[debian]$ adb shell
$ busybox chmod +x /data/local/tmp/psneuter
$ /data/local/tmp/psneuter
property service neutered.
killing adbd. (should restart in a second or two)
[debian]$ adb shell
# mount -o remount,rw -t yaffs2 /dev/block/mmcblk0p12 /system
# mv /system/bin/su /system/bin/su.bak
# mv /system/xbin/su /system/xbin/su.bak
# busybox cp /sdcard/su-v* /system/xbin
# cd /system/xbin
# busybox chmod +x su-v*
# su-v1
reloc_library[1245]: 3712 cannot locate '_ZNK7android6Parcel15setDataPositionEj'...CANNOT LINK EXECUTABLE
# exit
[debian]$ adb shell
# su-v2
# exit
# su-v3
# exit
# rm /system/xbin/su-v1
# rm /system/xbin/su-v2
# mv /system/xbin/su-v3 /system/xbin/su
# busybox cp /sdcard/Superuser.apk /system/app
# busybox chmod 06755 /system/xbin/su
# busybox chown 0.2000 /system/xbin/su
# busybox ln -s /system/xbin/su /system/bin/su
# su
# exit
# reboot
[debian]$ adb shell
$ su
Permission denied
$
you can see i get a rootshell and mount system, copy su and everything, but when i reboot everything is gone. if i don't reboot and check with "root-checker" it says me that i don't have root access.
what i'm doing wrong? i'm a noob in "hacking" phones but have some knowledge with linux&shells
thanks a lot for some help
could solve it: was using superoneclick on a windows-pc from my friend.works great.. but still iterested in a linux-only solution because i want to develop a shell-script for rooting for linux users
This thread is designed for representation of the current progress on the Nook Tablet rooting and exploits, the second post will contain how to guides so you can learn to work on it for you self. REMEMBER I DO THIS FOR FUN, please respect the thread as well as others opinions
OLD UPDATES AT THE END OF THIS POST.
First off if you haven’t read the wiki yet to know what is currently in the device you should look here.
Also you should look at the http://www.nooktabletdev.orgfor information on the Nook Tablet Development process. - Thanks to dj_segfault
Rooting ScriptsWindows: Root, OTA block, De-bloat, Gapps Thanks to Indirect
Mac/Linux: Rooting script Thanks to t-r-i-c-k
Mac/Linux: Root,OTA Block, Gapps
CURRENT PROGRESS
adb connection: COMPLETE
adb root: COMPLETE
busybox:COMPLETE
permanent root: COMPLETE BY INDIRECT
GApps and Market: COMPLETE BY INDIRECT & Anlog
recovery mode: COMPLETE BY nemith
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
THANKS TO NEMITH
bootloader: Locked and Signed Irrelevant
uboot: CRACKED BY BAUWKS
THANKS TO BAUWKS
Loglud said:
bauwks method uses the flashing_boot.img to his advantage, and since it is not checked by security, effectively he has made an insecure uboot. While this is not an unlocked bootloader, it is a way to get around the security, and enable custom recovery and higher level processes to be run.
I have been looking at this line of code for a long time, and as im sure hkvc and bauwks saw it is a large (but 100% necessary) flaw:
distro/u-boot/board/omap4430sdp/mmc.c: 559 : setenv ("bootcmd", "setenv setbootargs setenv bootargs ${sdbootargs}; run setbootargs; mmcinit 0; fatload mmc 0:1 0x81000000 flashing_boot.img; booti 0x81000000");
Without this line of code, it would be impossible for any one but the factory whom could JTAG flash (but since it is secured, most likely they also have to make a flashing_boot.img).
Click to expand...
Click to collapse
12/9/11:
UBUNTU is here, thanks to ADAMOUTLER
http://www.youtube.com/watch?v=PwUg17pVWBs&hd=1
Keep in mind this is only an overlay verson but it is prof that one day we might be able to push roms and kernels over existing ones, then hijack then (next work) and then use them.
Please PM me or post if you know anything else, and or want to add anything.
Usefull threads
Usefull threads:
ROOTING:
Full root for Nook Tablet. [11/20/11] [Yes this is a permanent root!] Thanks to indirect
Noot Tablet - Easy root & Market on MAC (1 download, 1 script to run) Thanks to t-r-i-c-k
[Windows/Linux] Unroot and uninstall gApps for the nook tablet [Scripts] Thanks to indirect
MODS to Default Rom:
[Full Mod + Root + OTA block] Snowball-mod: Full Modification Root [1/6/2012] Thanks to cfoesch
[DEV][WIP] Enable init.d scripts and build.prop mods for Nook Tablet! Thanks to [DEV][WIP] Enable init.d scripts and build.prop mods for Nook Tablet! 1 Attachment(s) (Multi-page thread 1 2 3 ... Last Page)
Originally Posted By: diamond_lover
Kernels:Coming Soon
ROMS:Coming Soon
APPS:
[Tutorial][WIP] Installing alternative Keyboards on the NT. Thanks to robertely
[DEV] - HomeCatcher Redirect n Button to any Launcher Thanks to gojimi
Hidden Settings App Updated 12/30/11 Thanks to brianf21
Replacement SystemUI.apk v2: Permanent back and menu buttons, n as Home button Thanks to revcompgeek
DEVELOPMENT:
[Dev]Files of interest in the system Thanks to indirect
[REF] Nook Tablet Source Code Thanks to diamond_lover
BHT Installer (Basic Hacking Tools) Thanks to AdamOutler
[Stock Firmware]Restore Barnes & Nobel Nook 1.4.0 from SDCard Thanks to AdamOutler
Guides
Table of Contents
Enableing adb Connection (eab1)
Rooting using zergRush (rug2)
Installing busyboxy (ibb3)
Permanent root (pr4) THANKS TO INDIRECT
Installing GApps (aga5) THANKS TO ANLOG
Full system restore/wipe (fsr6) THANKS TO INDIRECT
Enableing adb Connection (eab1)
Install the andriod SDK that is required for your Operating system.
NOTE: This will requries the SDK, and JDK both of which can be downloaded by clicking the links, downloading and installing it.
Run the andriod SDK Manager and Install "Andriod SDK Platform-tools"
[*]Modify your adb_usb.ini file to read such as the following:
Code:
# ANDROID 3RD PARTY USB VENDOR ID LIST -- DO NOT EDIT.
# USE 'android update adb' TO GENERATE.
# 1 USB VENDOR ID PER LINE.
0x2080
This will be in your /home/{username}/.andriod/ folder for mac and linux
This will be in your C:/Users/{username}/.andriod folder for Windows.
ADB is now enabled for your device, however it is not ON your device. YOU MUST DO THIS EVERY TIME YOU WISH TO ADB INTO YOUR DEVICE.
[*]To do this you will need to download any app, and attempt to install it.
You can use this app if you need.
[*]Click on the Package Installer, and then a prompt will pop up asking if you want change the settings to allow 3rd party apps.
*DO NOT ENABLE IF YOU WISH TO ACCESS ADB*
I am working on a way to have it enabled by default.
[*]In the settings page you should see *2* USB Debuggin modes.
[*]Press them both and accept the prompt.
[*]PLUG IN YOUR DEVICE.
Note* You should see the Android Development icon on the bottom of the screen.
ADB will now be able to see your device. How ever you will need to restart the server before it sees it.
Rooting using zergRush (rug2)
This is for the poeople whom have access to adb. You will also need this file. Unzip the file.
Type in the following command (while in the folder with the zergRush Binary):
Code:
adb push ./zergRush /data/local
[*]Once thats installed run this:
Code:
adb shell chmod 777 /data/local/tmp
[*]And lastly:
Code:
adb shell /data/local/zergRush
[*]You are now rooted (only for this reboot)
Installing busyboxy (ibb3)
You will need root and the following busybox file.
Type in the following command while in the location where busy box was downloaded to:
Code:
adb push ./busybox /data/local
[*]Busybox works by calling binaries from a file outside of /system/bin/. We must make this file by issuing the following command:
Code:
adb shell mkdir /data/busybox
[*]Lets make sure we can install busybox without permission probles:
Code:
adb shell chmod 777 /data/local/busybox
[*]Next install busybox in the folder:
Code:
adb shell /data/local/busybox --install
[*]We now need to take the /system/folder, and mount it as a writeable folder:
Code:
adb shell mount -rw -o remount /dev/block/platform/mmci-omap-hs.1/by-name/system /system
[*]Link it into bin:
Code:
adb shell ln -s /data/local/busybox /system/bin/busybox
You now have busybox installed
Permanent root (pr4)
THANKS TO INDIRECT for Files and Scripts
We will need SU and Superuser.apk
First we need to install the Superuser.apk:
Code:
adb wait-for-device install Superuser.apk
adb remount
[*]Next lets go ahead and push the su application up to the /data/local/ folder
Code:
adb push su /data/local/
[*]Next we will need to change the permissions and cp su from the /data/local/ folder to the /system/bin/
Code:
adb shell chmod 4755 /data/local/su;mount -o remount,rw /dev/block/platform/mmci-omap-hs.1/by-name/system /system;busybox cp /data/local/su /system/bin
Installing GApps (eab1)
THANKS TO ANALOG and INDIRECT for Scripts
First things first we need to download the GAPPS. The most reacent one is this one or get the most recent one here.
[*] Unzip and navigate to the most root folder of that package in your shell.
[*]We need to verify that adb is booting into root. To do this we can issue the command:
Code:
adb shell id
If id doesn't return root then you will need to re-zergRush your device
[*]Now it is time for us to export the apps to the directories.
Code:
adb shell mount -o remount,rw /dev/block/platform/mmci-omap-hs.1/by-name/system /system
adb push system/app/CarHomeGoogle.apk /system/app/
adb shell chmod 644 /system/app/CarHomeGoogle.apk
adb push system/app/FOTAKill.apk /system/app/
adb shell chmod 644 /system/app/FOTAKill.apk
adb push system/app/GenieWidget.apk /system/app/
adb shell chmod 644 /system/app/GenieWidget.apk
adb push system/app/GoogleBackupTransport.apk /system/app/
adb shell chmod 644 /system/app/GoogleBackupTransport.apk
adb push system/app/GoogleCalendarSyncAdapter.apk /system/app/
adb shell chmod 644 /system/app/GoogleCalendarSyncAdapter.apk
adb push system/app/GoogleContactsSyncAdapter.apk /system/app/
adb shell chmod 644 /system/app/GoogleContactsSyncAdapter.apk
adb push system/app/GoogleFeedback.apk /system/app/
adb shell chmod 644 /system/app/GoogleFeedback.apk
adb push system/app/GooglePartnerSetup.apk /system/app/
adb shell chmod 644 /system/app/GooglePartnerSetup.apk
adb push system/app/GoogleQuickSearchBox.apk /system/app/
adb shell chmod 644 /system/app/GoogleQuickSearchBox.apk
adb push system/app/GoogleServicesFramework.apk /system/app/
adb shell chmod 644 /system/app/GoogleServicesFramework.apk
adb push system/app/LatinImeTutorial.apk /system/app/
adb shell chmod 644 /system/app/LatinImeTutorial.apk
adb push system/app/MarketUpdater.apk /system/app/
adb shell chmod 644 /system/app/MarketUpdater.apk
adb push system/app/MediaUploader.apk /system/app/
adb shell chmod 644 /system/app/MediaUploader.apk
adb push system/app/NetworkLocation.apk /system/app/
adb shell chmod 644 /system/app/NetworkLocation.apk
adb push system/app/OneTimeInitializer.apk /system/app/
adb shell chmod 644 /system/app/OneTimeInitializer.apk
adb push system/app/Talk.apk /system/app/
adb shell chmod 644 /system/app/Talk.apk
adb push system/app/Vending.apk /system/app/
adb shell chmod 644 /system/app/CarHomeGoogle.apk
adb push system/etc/permissions/com.google.android.maps.xml /system/etc/permissions/
adb push system/etc/permissions/features.xml /system/etc/permissions/
adb push system/framework/com.google.android.maps.jar /system/framework/
adb push system/lib/libvoicesearch.so /system/lib/
Now you have GApps installed from Anlog's. All Credits go to him and Indirect
Full system restore/wipe (fsr6)
THANKS TO INDIRECT
WARNING THIS WILL WIPE YOUR ENTIRE FILESYSTEM!!!
Go into adb shell or terminal emulator.
Issue command:
Code:
echo -n '0000' > /bootloader/BootCnt
Next reboot your device by conventional methods or issue:
Code:
reboot
Your nook will now restart and tell you it is resetting.
You now have a clean slate!
Got some links for howto's on the adb connection/root.
Yeah - if someone has details on how to adb connect and root, it'd be helpful to include links. I've yet to see specifics for either.
Reserved
Sent from Tapatalk, NOOK Color CM7 Nightly's!
I aplogize im still typing them up
Damn loglud, I ended up beating you to the root lol. Sorry about that! D:
The Droid 2 and Droid X had locked bootloaders with the 'e-fuse' and Koush got around them and installed CWM with this...
http://www.koushikdutta.com/2010/08/droid-x-recovery.html
What do you guys think? I don't have a NT yet to try anything (probably won't get one until sometime around x-mas).
l
Indirect said:
Damn loglud, I ended up beating you to the root lol. Sorry about that! D:
Click to expand...
Click to collapse
Its no problem at all. Hints why i posted these guides. I was hoping someone wouod figure it out. I found it last night too. It sucked cause im now back at my childhood home trying to get my macbook pro to boot fedora and windows. Im gonna repackage the root with Superoneclick. Thanks so much for your effort. Would you mind if i added that to the guides?
Loglud said:
l
Its no problem at all. Hints why i posted these guides. I was hoping someone wouod figure it out. I found it last night too. It sucked cause im now back at my childhood home trying to get my macbook pro to boot fedora and windows. Im gonna repackage the root with Superoneclick. Thanks so much for your effort. Would you mind if i added that to the guides?
Click to expand...
Click to collapse
Superoneclick...love!
Sent from my Nook Tablet using Tapatalk
Loglud said:
l
Its no problem at all. Hints why i posted these guides. I was hoping someone wouod figure it out. I found it last night too. It sucked cause im now back at my childhood home trying to get my macbook pro to boot fedora and windows. Im gonna repackage the root with Superoneclick. Thanks so much for your effort. Would you mind if i added that to the guides?
Click to expand...
Click to collapse
Not at all so long as you give proper credits.
Loglud said:
This thread is designed for representation of the current progress on the Nook Tablet rooting and exploits, the second post will contain how to guides so you can learn to work on it for you self.
First off if you haven’t read the wiki yet to know what is currently in the device you should look here.
CURRENT PROGRESS
adb connection: COMPLETE
adb root: COMPLETE
busybox: COMPLETE
permanent root: IN PROGRESS
bootloader: Locked and Signed
By the bootloader being locked and signed it is very difficult to design anything that will boot besides nook roms. In order to solve this some of the Devs have suggested the following:
kexec: RESEARCHING
2nd init: RESEARCHING
CWM: NOT STARTED
Please PM me or post if you know anything else, and or want to add anything.
Click to expand...
Click to collapse
hopefully it is cracked soon cause i dont want to buy this if i can't have a full custom rom, all of the verizon motorola phones run roms off of 2nd init and it just isnt the same to be honest. you can never run a full custom rom with second init(well you can but you have to build the rom to fit the kernel) and honestly i want my device to be mine
you should tweet cvpcs or someone who makes and maintains 2nd init roms to get more info on it though
Can't get busybox installed
I'm stuck... I get errors for #3 for busybox... errors like...
Code:
$ adb shell /data/local/busybox --install
busybox: /data/busybox/[: No such file or directory
busybox: /data/busybox/[[: No such file or directory
busybox: /data/busybox/addgroup: No such file or directory
.....
busybox: /data/busybox/yes: No such file or directory
busybox: /data/busybox/zcat: No such file or directory
busybox: /data/busybox/zcip: No such file or directory
So I logged into root via adb shell, set busybox permissions to execute and tried that but same messages?!
Also, adb won't let me 'remount' - (I thought i'd try to copy it direct to /system/bin)?
(I'm running from OSX, if that matters)
EDIT: and of course I'm getting...
Code:
$ adb shell ln -s /data/local/busybox /system/bin/busybox
link failed Read-only file system
$ adb remount
remount failed: Operation not permitted
kgingeri said:
I'm stuck... I get errors for #3 for busybox... errors like...
Code:
$ adb shell /data/local/busybox --install
busybox: /data/busybox/[: No such file or directory
busybox: /data/busybox/[[: No such file or directory
busybox: /data/busybox/addgroup: No such file or directory
.....
busybox: /data/busybox/yes: No such file or directory
busybox: /data/busybox/zcat: No such file or directory
busybox: /data/busybox/zcip: No such file or directory
So I logged into root via adb shell, set busybox permissions to execute and tried that but same messages?!
Also, adb won't let me 'remount' - (I thought i'd try to copy it direct to /system/bin)?
(I'm running from OSX, if that matters)
EDIT: and of course I'm getting...
Code:
$ adb shell ln -s /data/local/busybox /system/bin/busybox
link failed Read-only file system
$ adb remount
remount failed: Operation not permitted
Click to expand...
Click to collapse
Sorry it took me so long to get back to you. I have updatd my guide to help you out. First of you will need to make the busybox directory, then change the permissions of the binary file, then run the install. You will then have to mount -rw
Still some glitches installing busybox...
Loglud said:
Sorry it took me so long to get back to you. I have updatd my guide to help you out. First of you will need to make the busybox directory, then change the permissions of the binary file, then run the install. You will then have to mount -rw
Click to expand...
Click to collapse
Thanks Loglud, but I still had trouble using adb. It's like I don't have root from adb? I get permission errors on mkdir and remounting etc?
Weird that the 'adb shell mkdir /data/busybox' gave me permission errors?! It did work fine with the interactive adb shell - weird!?
After the initial 'push' command, I could install via:
Code:
mac-osx$ adb shell
$ su root
# cd /data/local
# chmod 755 busybox
# ls -l
-rwxr-xr-x shell shell 1745016 2011-11-21 00:21 busybox
# mount -rw -o remount /dev/block/platform/mmci-omap-hs.1/by-name/system /system
# mkdir ../busybox
# ./busybox --install
Also, is the line:
Code:
# ln -s /data/local/busybox /system/bin/busybox
not supposed to be
Code:
# ln -s /data/busybox /system/bin/busybox
Things went weird on me in the final step, but I did manage to get all the hard linked busybox files to show up in /system/bin eventually, so I'm a happy camper.
EDIT: PS my mount on data is as follows..
Code:
# mount|grep /data
/dev/block/platform/mmci-omap-hs.1/by-name/userdata /data ext4 rw,nosuid,nodev,noatime,errors=panic,barrier=1,data=ordered 0 0
EDIT2:
Hmmm... seems like maybe my /data folder has weird permissions - if so not sure why?...
Code:
# cd /
# ls -l | grep '\<data\>'
drwxrwx--x system system 2011-11-21 18:25 data
# chmod 777 data
kgingeri said:
Thanks Loglud, but I still had trouble using adb. It's like I don't have root from adb? I get permission errors on mkdir and remounting etc?
Weird that the 'adb shell mkdir /data/busybox' gave me permission errors?! It did work fine with the interactive adb shell - weird!?
After the initial 'push' command, I could install via:
Code:
mac-osx$ adb shell
$ su root
# cd /data/local
# chmod 755 busybox
# ls -l
-rwxr-xr-x shell shell 1745016 2011-11-21 00:21 busybox
# mount -rw -o remount /dev/block/platform/mmci-omap-hs.1/by-name/system /system
# mkdir ../busybox
# ./busybox --install
Also, is the line:
Code:
# ln -s /data/local/busybox /system/bin/busybox
not supposed to be
Code:
# ln -s /data/busybox /system/bin/busybox
Things went weird on me in the final step, but I did manage to get all the hard linked busybox files to show up in /system/bin eventually, so I'm a happy camper.
EDIT: PS my mount on data is as follows..
Code:
# mount|grep /data
/dev/block/platform/mmci-omap-hs.1/by-name/userdata /data ext4 rw,nosuid,nodev,noatime,errors=panic,barrier=1,data=ordered 0 0
EDIT2:
Hmmm... seems like maybe my /data folder has weird permissions - if so not sure why?...
Code:
# cd /
# ls -l | grep '\<data\>'
drwxrwx--x system system 2011-11-21 18:25 data
# chmod 777 data
Click to expand...
Click to collapse
ok so whats happening? i modified the guides and i was hopping that would help you. The command is
Code:
# ln -s /data/local/busybox /system/bin/busybox
and as for your permissions it seems as though your root since your in the # shell but, you have to change the permissions on your /system folder not the /data folder the permsisions on the data file should be fine since i think shell is a member of system, so you can put all your data in there.
Loglud said:
ok so whats happening? i modified the guides and i was hopping that would help you. The command is
Code:
# ln -s /data/local/busybox /system/bin/busybox
and as for your permissions it seems as though your root since your in the # shell but, you have to change the permissions on your /system folder not the /data folder the permsisions on the data file should be fine since i think shell is a member of system, so you can put all your data in there.
Click to expand...
Click to collapse
Yeah, I'm root in the 'adb shell' because I 'su root' but adb commands fail from the Mac shell. I'll reboot my NT and give you the script. My /data permissions get reset when I reboot...
Here you are as it happens
MBAir$ ls busybox
busybox
MBAir$ adb push ./busybox /data/local
2881 KB/s (1745016 bytes in 0.591s)
MBAir$ adb shell mkdir /data/busybox
mkdir failed for /data/busybox, Permission denied
Of course there is no point continuing until I do the following...
MBAir$ adb shell
$ su root
# chmod 777 /data
# exit
$ exit
MBAir$ adb shell mkdir /data/busybox
MBAir$ adb shell chmod 777 /data/local/busybox
MBAir$ adb shell /data/local/busybox --install
MBAir$ adb shell mount -rw -o remount /dev/block/platform/mmci-omap-hs.1/by-name/system /system
mount: Operation not permitted
To get around the last error, I had to do another 'adb shell', 'su root' and do 'ln' commands manually.
(I actually ran a shell 'for loop' on the tablet, using all files found in /data/busybox as a list and issued ln commands for each against a copy of busybox in /system/bin)
kgingeri said:
Yeah, I'm root in the 'adb shell' because I 'su root' but adb commands fail from the Mac shell. I'll reboot my NT and give you the script. My /data permissions get reset when I reboot...
Here you are as it happens
MBAir$ ls busybox
busybox
MBAir$ adb push ./busybox /data/local
2881 KB/s (1745016 bytes in 0.591s)
MBAir$ adb shell mkdir /data/busybox
mkdir failed for /data/busybox, Permission denied
Of course there is no point continuing until I do the following...
MBAir$ adb shell
$ su root
# chmod 777 /data
# exit
$ exit
MBAir$ adb shell mkdir /data/busybox
MBAir$ adb shell chmod 777 /data/local/busybox
MBAir$ adb shell /data/local/busybox --install
MBAir$ adb shell mount -rw -o remount /dev/block/platform/mmci-omap-hs.1/by-name/system /system
mount: Operation not permitted
To get around the last error, I had to do another 'adb shell', 'su root' and do 'ln' commands manually.
(I actually ran a shell 'for loop' on the tablet, using all files found in /data/busybox as a list and issued ln commands for each against a copy of busybox in /system/bin)
Click to expand...
Click to collapse
re run zergRush exploit. your adb shell is defaulting to the shell username. by rerunning the zergy you will allow for yourself to use the adb shell as root. make sure you dont run it as the root user though. you are also more then welcome to hop in irc and ask questions.
Any one having difficulty rooting or see anything that needs to be updated?
I have rooted my hdx8.9, and then I reroot it. Now I have some problem, I want to root my hdx again, but Ican't root it again, I have pushed the 4 files, but it didn't continue. It shows
Waiting for device ...
Pushing files ...
push: .\scripts\superuser/superuser.sh -> /data/local/tmp/superuser.sh
push: .\scripts\superuser/Superuser.apk -> /data/local/tmp/Superuser.apk
push: .\scripts\superuser/su -> /data/local/tmp/su
push: .\scripts\superuser/exploit -> /data/local/tmp/exploit
4 files pushed. 0 files skipped.
3401 KB/s (2845659 bytes in 0.817s)
/system/bin/sh: chmod: not found
/system/bin/sh: chmod: not found
Running the exploit ...
/system/bin/sh: /data/local/tmp/exploit: can't execute: Permission denied
Check the output. Does it looks fine?
What can I do, I want to full restore to stock rom to fix some proble as the post 'http://forum.xda-developers.com/showthread.php?t=2582773' says, but it
need your device rooted first.
Thanks.
Show us the script body you're pushing.
If you're using some ready scripts I assume the name of it is superuser.sh
CrashThump said:
Show us the script body you're pushing.
If you're using some ready scripts I assume the name of it is superuser.sh
Click to expand...
Click to collapse
I use the tool from the post “[ROOT] Rooting tutorial - hdx 8.9" 14.3.1.0” http://http://forum.xda-developers.com/showthread.php?t=2545957
@sdcardsd, Did you tried to use expression '/system/bin/toolbox chmod' instead of '/system/bin/chmod' in rootme.sh? For me it seems that you've lost the symlink. This may be caused by some busybox installation and removal.
CrashThump said:
@sdcardsd, Did you tried to use expression '/system/bin/toolbox chmod' instead of '/system/bin/chmod' in rootme.sh? For me it seems that you've lost the symlink. This may be caused by some busybox installation and removal.
Click to expand...
Click to collapse
I don't know whether I use these expression '/system/bin/toolbox chmod' instead of '/system/bin/chmod' in rootme.sh, I only use the tools to root my kindle. But I really installed busybox and then removal it by recovery to the factory reset after I reroot my device. Then I have some problem on my kindle, I think the system files be destoryed, so I want to full restore the original ROM, but I can't root my device again. And if it is caused by losing the symlink, how to fix it ? Thanks.
@sdcardsd, then make a suggested replace
CrashThump said:
@sdcardsd, then make a suggested replace
Click to expand...
Click to collapse
The only way is to replace my device? But it is very inconvenient for me, I'am not in America.
15 8556535
@sdcardsd, just replace '/system/bin/chmod' by '/system/bin/toolbox chmod' in 'rootme.sh' file.
CrashThump said:
@sdcardsd, just replace '/system/bin/chmod' by '/system/bin/toolbox chmod' in 'rootme.sh' file.
Click to expand...
Click to collapse
#!/system/bin/sh
/system/bin/mount -o remount,rw /system
/system/bin/cat /data/local/tmp/su > /system/xbin/su
/system/bin/chown 0.0 /system/xbin/su
/system/bin/chmod 06755 /system/xbin/su
your mean I modify the rootme.sh into
#!/system/bin/sh
/system/bin/mount -o remount,rw /system
/system/bin/cat /data/local/tmp/su > /system/xbin/su
/system/bin/chown 0.0 /system/xbin/su
/system/bin/toolbox chmod 06755 /system/xbin/su
CrashThump said:
@sdcardsd, just replace '/system/bin/chmod' by '/system/bin/toolbox chmod' in 'rootme.sh' file.
Click to expand...
Click to collapse
I have replace the rootme.sh into
/system/bin/sh
/system/bin/mount -o remount,rw /system
/system/bin/cat /data/local/tmp/su > /system/xbin/su
/system/bin/chown 0.0 /system/xbin/su
/system/bin/toolbox chmod 06755 /system/xbin/su
but it didn't work
the display is
======================================================================
======================================================================
Welcome to Kindle Root Utility (Faznx92 version)
Special Thanks to:
jcase
fi01
======================================================================
======================================================================
WARNING THIS WORKS ONLY WITH KINDLE HDX 8.9" version 14.3.1.0
======================================================================
======================================================================
Please connect Device with enabled USB-Debugging to your Computer!
Device connected. Pushing files...
680 KB/s (104564 bytes in 0.150s)
1 KB/s (196 bytes in 0.168s)
2024 KB/s (507888 bytes in 0.245s)
Changing permissions...
/system/bin/sh: chmod: not found
/system/bin/sh: chmod: not found
Executing Exploit (could take some minutes, be patient!)
Hit ENTER to continue
/system/bin/sh: /data/local/tmp/exploit: can't execute: Permission denied
Type "su" to check for root!
/system/bin/sh: /system/etc/mkshrc[8]: id: not found
@android:/ $
@android:/ $ su
su
/system/bin/sh: su: not found
127 @android:/ $
same for lines 24-25 of runme.bat
Code:
adb shell chmod 755 /data/local/tmp/rootme.sh
adb shell chmod 755 /data/local/tmp/exploit
change to
Code:
adb shell /system/bin/toolbox chmod 755 /data/local/tmp/rootme.sh
adb shell /system/bin/toolbox chmod 755 /data/local/tmp/exploit
CrashThump said:
same for lines 24-25 of runme.bat
Code:
adb shell chmod 755 /data/local/tmp/rootme.sh
adb shell chmod 755 /data/local/tmp/exploit
change to
Code:
adb shell /system/bin/toolbox chmod 755 /data/local/tmp/rootme.sh
adb shell /system/bin/toolbox chmod 755 /data/local/tmp/exploit
Click to expand...
Click to collapse
I replace the runme.bat
the display is changed, but it didn't work.
======================================================================
======================================================================
Welcome to Kindle Root Utility (Faznx92 version)
Special Thanks to:
jcase
fi01
======================================================================
======================================================================
WARNING THIS WORKS ONLY WITH KINDLE HDX 8.9" version 14.3.1.0
======================================================================
======================================================================
Please connect Device with enabled USB-Debugging to your Computer!
Device connected. Pushing files...
1041 KB/s (104564 bytes in 0.098s)
2 KB/s (196 bytes in 0.083s)
2128 KB/s (507888 bytes in 0.233s)
Changing permissions...
Executing Exploit (could take some minutes, be patient!)
Hit ENTER to continue
press any key to continue. . .
Device detected: KFAPWI (JDQ39)
Attempt acdb exploit...
KFAPWI (JDQ39) is not supported.
Attempt fj_hdcp exploit...
Attempt msm_cameraconfig exploit...
Detected kernel physical address at 0x00008000 form iomem
Attempt put_user exploit...
/data/local/tmp/rootme.sh[2]: /system/bin/mount: not found
/data/local/tmp/rootme.sh[3]: can't create /system/xbin/su: Read-only file syste
m
Unable to chown /system/xbin/su: No such file or directory
Unable to chmod /system/xbin/su: No such file or directory
press any key to continue. . .
Type "su" to check for root!
/system/bin/sh: /system/etc/mkshrc[8]: id: not found
@android:/ $ SU
SU
/system/bin/sh: SU: not found
127 @android:/ $
Hummmm. I'm looking into this but can't this week I'm super busy. I don't have the 8.9" I have the 7" so it is hard for me to test. I'm not sure if moving the rootme.sh was a good idea. I think the exploit code isn't finding it. You may need a rebuild of the exploit file. I say throw your question in here to see if someone can help. Still, just hope for the best.
@sdcardsd,
Code:
#!/system/bin/sh
/system/bin/toolbox mount -o remount,rw /system
/system/bin/toolbox cat /data/local/tmp/su > /system/xbin/su
/system/bin/toolbox chown 0.0 /system/xbin/su
/system/bin/toolbox chmod 6755 /system/xbin/su
/system/bin/toolbox ln -s /system/xbin/su /system/bin/su
CrashThump said:
@sdcardsd,
Code:
#!/system/bin/sh
/system/bin/toolbox mount -o remount,rw /system
/system/bin/toolbox cat /data/local/tmp/su > /system/xbin/su
/system/bin/toolbox chown 0.0 /system/xbin/su
/system/bin/toolbox chmod 6755 /system/xbin/su
/system/bin/toolbox ln -s /system/xbin/su /system/bin/su
Click to expand...
Click to collapse
I replace the rootme.sh into
#!/system/bin/sh
/system/bin/toolbox toolbox mount -o remount,rw /system
/system/bin/toolbox cat /data/local/tmp/su > /system/xbin/su
/system/bin/toolbox chown 0.0 /system/xbin/su
/system/bin/toolbox chmod 06755(or 6755) /system/xbin/su
/system/bin/toolbox ln -s /system/xbin/su /system/bin/su
but it didn't work
======================================================================
======================================================================
Welcome to Kindle Root Utility (Faznx92 version)
Special Thanks to:
jcase
fi01
======================================================================
======================================================================
WARNING THIS WORKS ONLY WITH KINDLE HDX 8.9" version 14.3.1.0
======================================================================
======================================================================
Please connect Device with enabled USB-Debugging to your Computer!
Device connected. Pushing files...
1215 KB/s (104564 bytes in 0.084s)
5 KB/s (284 bytes in 0.050s)
2194 KB/s (507888 bytes in 0.226s)
Changing permissions...
Executing Exploit (could take some minutes, be patient!)
Hit ENTER to continue
press any key to continue. . .
Device detected: KFAPWI (JDQ39)
Attempt acdb exploit...
KFAPWI (JDQ39) is not supported.
Attempt fj_hdcp exploit...
Attempt msm_cameraconfig exploit...
Detected kernel physical address at 0x00008000 form iomem
Attempt put_user exploit...
link failed File exists
press any key to continue. . .
Type "su" to check for root!
/system/bin/sh: /system/etc/mkshrc[8]: id: not found
@android:/ $ su
su
[email protected]:/ #
Faznx92 said:
Hummmm. I'm looking into this but can't this week I'm super busy. I don't have the 8.9" I have the 7" so it is hard for me to test. I'm not sure if moving the rootme.sh was a good idea. I think the exploit code isn't finding it. You may need a rebuild of the exploit file. I say throw your question in here to see if someone can help. Still, just hope for the best.
Click to expand...
Click to collapse
Thanks, I will wait for the good news.
@sdcardsd, what didn't work? you've got the su working. you've got the root.
CrashThump said:
@sdcardsd, what didn't work? you've got the su working. you've got the root.
Click to expand...
Click to collapse
I can rostore my device, thanks.
sdcardsd said:
But I didn't have the Superuser,and I can‘t edit the system file, such as the build.prop, it don't have the root right. and the root explorer also can't be opened.
Click to expand...
Click to collapse
this root exploit doesn't auto-install superuser (well it didn't for me), you either have to side-load it or get it through a store. Also if root explorer isn't working have you tried es file explorer? Additionally, you'll have to remount the system folder as rw before you can edit any system files. This can be done through adb shell with the command "mount -o rw,remount /system" after you use the su command. Just as a forewarning, be super careful when editing everything, the kindle is super sensitive to build.prop changes. I boot looped early on, so just as a warning.
S_transform said:
this root exploit doesn't auto-install superuser (well it didn't for me), you either have to side-load it or get it through a store. Also if root explorer isn't working have you tried es file explorer? Additionally, you'll have to remount the system folder as rw before you can edit any system files. This can be done through adb shell with the command "mount -o rw,remount /system" after you use the su command. Just as a forewarning, be super careful when editing everything, the kindle is super sensitive to build.prop changes. I boot looped early on, so just as a warning.
Click to expand...
Click to collapse
Thanks, I have full restore my device, and I think all is ok now.