I found this in the TF300 thread and thought it might be useful.
http://forum.xda-developers.com/showthread.php?t=1704209
PLEASE NOTE: THIS IS NOT MY WORK AND ALL CREDITS TO THE DEVELOPER.
I am just bringing this to the attention of users of the prime like myself.
Also i have NOT used this method, i used the downgrade method, so i cant comment if it works but comments in the thread seem to show it works.
yeah, there are a few 201 owners that tried and said it works. we may have a more simpler automated tool coming shortly. keep an eye out for it. this is great news for prime owners. i personally don't like all that hassel of downgrading and upgrading and blah blah..lol
Damn and I just unlocked mine to have root. Oh well wooky made a great stock replacement
When i read about the downgrade-methode i thought "wouldnt it be nice to just copy su binary into the writable filesystem" but i didnt know about debugfs...
i just tried it on my t201 - now i am a happy owner of a rooted transformer *woohu!*
onlyolli said:
When i read about the downgrade-methode i thought "wouldnt it be nice to just copy su binary into the writable filesystem" but i didnt know about debugfs...
Click to expand...
Click to collapse
I didn't know about debugfs either, that's why it took me 24h to get the root.
I started to develop my own tool to mess up with partition contents, but didn't find any good reference for ext4.
Then I thought, let's try to just patch an existing tool like fsck.ext4, and I found debugfs in the source tree of e2fsprogs
onlyolli said:
i just tried it on my t201 - now i am a happy owner of a rooted transformer *woohu!*
Click to expand...
Click to collapse
Gald to see people happy
Sent from my ASUS Transformer Pad TF300T using XDA
Rooting went like a breeze Thank you very much for this method. I've got one question about your code though. I'm by no means a linux cmd guru but when I look at these lines of code:
Code:
$ cd /data/local
$ rm /data/local/tmp
$ mv /data/local/tmp.back /data/local/tmp
$ chmod 755 /data/local/debugfs
$ /data/local/debugfs -w /dev/block/mmcblk0p1
It seems to me that the first line is not necessary, as you specify full paths in your code. Wouldn't it be easier to remove that line, or even better: just shorten the paths like this:
Code:
$ cd /data/local
$ rm tmp
$ mv tmp.back tmp
$ chmod 755 debugfs
$ ./debugfs -w /dev/block/mmcblk0p1
Would mean a lower risk of typo's Or is there some issue with adb and or debugfs why you choose to put the commands like this?
Again, just curious
I have created an automated tool using this root method and am looking for confirmation that it works on a Transformer Prime.
http://forum.xda-developers.com/showthread.php?t=1706588
Ovigo said:
Would mean a lower risk of typo's Or is there some issue with adb and or debugfs why you choose to put the commands like this?
Again, just curious
Click to expand...
Click to collapse
Frankly I don't know... I finished to write the "script" after being up for more than 36 hours, that could explain the inconsistencies ^^
Sent from my ASUS Transformer Pad TF300T using XDA
sparkym3 said:
I have created an automated tool using this root method and am looking for confirmation that it works on a Transformer Prime.
http://forum.xda-developers.com/showthread.php?t=1706588
Click to expand...
Click to collapse
I just sucessfully rooted .28 with no previous rooting done. Used the v1.5 posted on the first page of the thread above. I did have to install superuser.apk from the market and busybox. But it is now fully rooted.
I actually tried supersu.apk first, but it failed. But after playing a few minutes, its all working.
I installed the update before I seen this thread on rooting .21 without a downgrade.
automated tool works fine on my .21
installed OTA keeper now and updating to .28 just in case
beady_uk said:
I found this in the TF300 thread and thought it might be useful.
http://forum.xda-developers.com/showthread.php?t=1704209
PLEASE NOTE: THIS IS NOT MY WORK AND ALL CREDITS TO THE DEVELOPER.
Click to expand...
Click to collapse
Thanks dude your post comes really handy.
And confirrmed, it works.
instructions
hi there im a regular noob lol, i want to root my asus tf201 v9.4.2.28 running ics 4.0.3 right i read the instructions of the automated root method the debugfs one by sparkym3, ive downloaded both the drivers folder and the debugfs folder, but im not sure where to go from there, could you please give me step by step instructions on what to do please i searched all over the forum to see if somone already asked my question but had no luck. thank you
baller625 said:
hi there im a regular noob lol, i want to root my asus tf201 v9.4.2.28 running ics 4.0.3 right i read the instructions of the automated root method the debugfs one by sparkym3, ive downloaded both the drivers folder and the debugfs folder, but im not sure where to go from there, could you please give me step by step instructions on what to do please i searched all over the forum to see if somone already asked my question but had no luck. thank you
Click to expand...
Click to collapse
"This tool will root your device based on the debugfs root method developed by miloj.
Just download and unzip everything into a directory; then run RootDebugfs.bat from that directory (if you do not currently have the device drivers for your transformer, they are attached to this post, please install them, please use them to install your device before attempting the process).
Neither ADB nor the SDK need to be installed as all needed files are included in the attachments below (though it won't hurt anything if they are)."
okay I'm thinking of rooting - but need some advice - I have the latest updates from ASUS (4.0.3) and have never rooted. What are the main benefits of rooting - I'm thinking I'll probably be using Sixaxis (for joystick access in games), the touchscreen fixer app so I can use a stylus better, and titanium backup - any other good apps/tools that need root that I should be looking at?
I was thinking of waiting till ASUS release the ota 4.1 upgrade before rooting - what do you think - better to root now while I know I still can? Still no definite date from ASUS for Jellybean
Finally, I was going to use sparkym3's automated method (http://forum.xda-developers.com/show....php?t=1706588) - is this the best/easiest way to go?
Related
Okay I posted this also in the Themes forum for Nexus but I wanted to see if anyone could assist. Someone in the theme forum asked about the bootanimation.zip that shows us the cool animation during boot, while reading this it reminded me of the behold 2. See below
What are the permissions for bootanimation.zip if they were left open to non root then this may-b a way to get root with unlocking the bootloader. This would be the same approach that was used to root the behold 2 where the "try3" file was renamed to play_logo . play_logo then was used to root and after root was opened it would make play_logo_real play which was the boot animation. I may be wrong but couldnt this be a possibility. Thanks, any help is appreciated. Im wondering if Zinx could chime in...
How are you going to write to the bootanimation.zip without root? Further, do you intend to replace the recovery or update custom roms? I am just trying to figure out the purpose of root and flashing other customized images.
seraph1024 said:
How are you going to write to the bootanimation.zip without root? Further, do you intend to replace the recovery or update custom roms? I am just trying to figure out the purpose of root and flashing other customized images.
Click to expand...
Click to collapse
You can always write if I am not mistaken using the low-level write dd if/of command. We would use the bootanimation.zip to run the root command. An example is in the Samsung Behold 2 it was done as follows:
Example
echo "#!/system/bin/sh
/data/local/try3 /system/bin/sh
mount -o rw,remount /dev/st9 /system
cat /system/bin/sh > /system/bin/su
chmod 04755 /system/bin/su
/system/bin/playlogo_real" > /system/bin/playlogo
Click to expand...
Click to collapse
This is how it was done. I am wondering if the same can be done on the nexus using bootanimation.zip as it executed at startup. We would basically modify the bootanimation.zip to the above and add a line for it to execute the boot image. By gaining root this way we would still be able to put on a custom recovery and roms without unlocking the bootloader in theroy. The try3 file was created by Zinx and used by Maxisma to bring root to the behold 2. I am pretty sure this may work on the Nexus 1. I hope this helps.
Ok. I don't have a locked phone that I can play with at the moment. I'll make up a package for you tomorrow. Can you test it for me?
seraph1024 said:
Ok. I don't have a locked phone that I can play with at the moment. I'll make up a package for you tomorrow. Can you test it for me?
Click to expand...
Click to collapse
Okay XDA is back up. Yes I can test. Oh man if this works there will be absolutely no need to unlock the boot loader... Thanks
seraph1024 said:
Ok. I don't have a locked phone that I can play with at the moment. I'll make up a package for you tomorrow. Can you test it for me?
Click to expand...
Click to collapse
Hey Seraph1024 take a look at this. Its too big for XDA so I put it up on pastebin. http://pastebin.com/f62780d32 Its what is contained in the try3 file. Zinx used it in flashrec
No joy.
Code:
$ getprop | grep product.model
[ro.product.model]: [Nexus One]
$ pwd
/data/local
$ ls -al try3
-rwxrwxrwx 1 0 0 74512 Jan 25 13:26 try3
$ id
uid=2000(shell) gid=2000(shell)
$ ./try3 /system/bin/sh
[1] Killed ./try3 /system/bin/sh
$ id
uid=2000(shell) gid=2000(shell)
Exploit does not work.
I was that close to rooting today until i saw this now its made me double think again lol I've been waitin for a custom rom by cyanogen until i rooted, and since its pretty much almost here i was going to root. bah guess i'll wait until CM gets released!
flak0 said:
You can always write if I am not mistaken using the low-level write dd if/of command.
Click to expand...
Click to collapse
You can't on this phone. There are two ARM cores - one running the low-level stuff (bootloader, radio) and the other running Linux.
Without the engineering bootloader (or some exploit) we don't have access to the baseband ARM core, and therefore don't have access to its MMU, which is programmed to deny read/write access to protected areas of the flash - such as the bootloader and splash screens. Even with root, Linux can't access that stuff.
It's going to be really hard to find a kernel exploit for the N1 to get root. Most exploits involve mapping memory to the zero page and then triggering a null pointer de-reference bug in the kernel. But the N1's kernel won't allow such mappings.... I believe the minimum address for mmap on the N1 is around 64k. (It's in the kernel config.)
This is a tough nut to crack.
The behold root was done that way because there's no way to flash the partitons on it.
You still need root in the first place to write to that file. The droid guys have been looking a while for a new root exploit but didnt find one. The problem is that all known exploits have been closed in 2.1.
We need to wait for someone to find a new one that works. Then this would be a real posibility, and there' no need to hijack playlogo.
for what its worth, if you need a lab rat i do not have my phone rooted yet and i am willing to test some things if anyone needs...
i dont plan on rooting it until the ball really gets rolling with everything and until I am 100% satisified with the phones performance
kam187 said:
You still need root in the first place to write to that file.
Click to expand...
Click to collapse
That's what I though. And like it was posted earlier, I don't think there is a exploit since this phone is done differently. I am busy for the next couple of days but if anyone want to "try", I'll make up something but I really doubt any of the old stuff will work on this phone.
Hello everyone!
You may or may not know me, however I have secretly been working behind the scenes with ChiefzReloaded to learn how Android works. Together we have been trying to develop new ways to root the Slide, primarily because we both landed in a sticky situation that left us both without root and without a way to revert to root.
After many long hours of trying to restore my phone, I have now ported the exploid exploit to the MyTouch Slide! This means that you can gain root on any version of the Slide, INCLUDING the latest OTA! However, this isn't necessarily "easy" as in the One-Click Root program, but there are reasons for this. While Android is running we cannot write to /system and even if we force Linux to let us, the NAND protection will prevent Linux from completing the write!
To get started, please see the bottom of this post for the link and download it. You will want to download it to your computer and not your phone's SD card. Also, you will need the tools from the Android SDK. I would suggest extracting the file from my zip at the bottom of this page into the Android SDK's tools directory.
Extract the zip
Make sure your phone is in USB debugging mode AND you are in "Charge Only" mode.
Connect your phone to your computer.
Make sure you're in the same directory as where exploid is extracted before continuing to the next step.
Issue the following command: adb push exploid /sqlite_stmt_journals. Note: It MUST be in that directory - NO exceptions.
Run: adb shell
Run: cd /sqlite_stmt_journals
Run: chmod 0755 exploid
Run: ./exploid
Toggle your phone's Wifi (on or off, however you wish to do that).
Now (again) run: ./exploid (if prompted for a password enter: secretlol)
The next line should now begin with a pound (#) - if not, then something isn't setup right. Make sure to follow the directions verbatim. If you suspect you did follow them correctly, please reply to this post letting me know.
You should now be root! At this point you can do many things, but if you're looking to flash a custom ROM, continue to these instructions:
[NEW 10/18/2010:]
Steps 1-12 are intended to get you the ability to flash mtd0.img (which previously required using the SimpleRoot method) by gaining root inside of Android. By following the instructions in the rest of this section, it will allow you to flash a ROM or S-OFF your device:
The files you need are at: http://forum.xda-developers.com/showthread.php?t=703076- download both files linked in there (ESPRIMG.zip and SlideEng-package.zip)
Extract the contents of SlideEng-package.zip to a place of your choosing on your computer.
Place the entire (unextracted) ESPRIMG.zip on your SDcard.
Now push the files 'flash_image' and 'mtd0.img' that you just extracted from SlideEng-package.zip to /data/local using 'adb push'. (Noob? Instead of using 'adb push', install Droid Explorer and, using that utility, copy the 'flash_image' and 'mtd0.img' files to /data/local on your Slide)
Now I'm going to assume your phone is at root prompt (#) using steps 1-12. So now do (without typing the '#' symbols in front of both lines - they're just there to remind you that you need to be at a '#' prompt):
Code:
# cd /data/local
# chmod 04755 flash_image
# ./flash_image misc mtd0.img
Before you reboot make sure that the ESPRIMG.zip is on your SDcard!
Now turn off the phone.
Then press Volume-Down + Power.
The phone will power on and after about 5 minutes of verifying ESPRIMG.zip it will ask you if you want to flash it.
Press Volume-Up for 'YES' and wait until it finishes (ABSOLUTELY DO NOT POWER DOWN WHILE IT'S STILL FLASHING!!!).
Now when you go into recovery it should allow you to 'Apply update.zip from sdcard' (booting into Clockwork). If you don't have the Clockwork update.zip, here it is: http://www.4shared.com/file/OTRU7T3y/update_2.html (rename to update.zip after downloading since it's currently update_2.zip, then place it on your sdcard).
[/NEW 10/18/2010]
[NEW 12/30/2010]
Optional: Now that you're rooted you might want to disable all flash memory protections so you can permanently flash Clockworkmod (recovery - no more using an update.zip!) as well as other random things. Check here for details: http://forum.xda-developers.com/showthread.php?t=798168
[/NEW 12/30/2010]
CREDIT GOES TO:
[*] ChiefzReloaded! (For helping me learn the intricacies of Android and patiently answering all of my questions)
[*] 743C (For developing the original exploit)
Source code: (Yes, it's hackish. I was just trying to figure out why the system kept rebooting and haven't cleaned up the code since) download
DOWNLOAD:
http://www.4shared.com/file/CZsxSq-f/exploid.html
DONATE:
(Anything helps!)
(Some people may wonder why this is special compared to the One Click Root application. What's important is that One Click Root doesn't work on Slides running production/retail software, likely the same problem I had to fix to get exploid to work in my version.)
Thats whats up!!
If you be trollin then YOU BES TRAWLLIN
But if not then good job nb!
Sent from my T-Mobile myTouch 3G Slide using XDA App
Can you provide the source? No offense, but I tend not to run homebrew C programs that I didn't compile myself.
Thanks for all the work!
falken98 said:
Can you provide the source? No offense, but I tend not to run homebrew C programs that I didn't compile myself.
Thanks for all the work!
Click to expand...
Click to collapse
Sure, I was getting around to that - and I understand your concern. I'll post it in a second.
falken98 said:
Can you provide the source? No offense, but I tend not to run homebrew C programs that I didn't compile myself.
Thanks for all the work!
Click to expand...
Click to collapse
You think nb is distributing a virus disguised as a root method?
Waaaaaat
Sent from my T-Mobile myTouch 3G Slide using XDA App
r0man said:
You think nb is distributing a virus disguised as a root method?
Waaaaaat
Click to expand...
Click to collapse
It is a bit funny, but I do understand his concern. I've posted the source code into the original post. Compiling it should result in the same hash as the binary I posted.
Good to see this I suggested this in another thread glad to see it in use thanks a bunch
nbetcher said:
It is a bit funny, but I do understand his concern. I've posted the source code into the original post. Compiling it should result in the same hash as the binary I posted.
Click to expand...
Click to collapse
Ill take a look at it when I get home.
ilostchild said:
Good to see this I suggested this in another thread glad to see it in use thanks a bunch
Click to expand...
Click to collapse
I actually had to do a lot of work on it. It doesn't quite work the same as the original exploid simply because the original exploid crashes the entire system and reboots. This causes the rootshell to never be committed to NAND and thus you get no where. I had to keep playing with things until I found a different method that works. It took several hours of me being upset with it, but watched the latest Burn Notice, came back to it, and BAM I had a stroke of genius.
where is rootshell? i can't exicute rootshell nor can i "cp" any files from sdcard however i do have a # instead of a $
Armyjon88 said:
where is rootshell? i can't exicute rootshell nor can i "cp" any files from sdcard however i do have a # instead of a $
Click to expand...
Click to collapse
Ignore that portion of the instructions provided by the program. As I stated, this is not intended for non-developers at this point. The # is your indication that you're running as root.
I am headed to work, but I don't usually have much going on there - I will be setting up a much cleaner system/environment for non-developers to work with and perma-root their phones with over the next few hours. Stay tuned!
Sweet
Sent from my T-Mobile myTouch 3G Slide using XDA App
having # and running as root as stated before u can actually follow with eng and then custom recovery and ur choice's rom..pls correct me if im wrong..thanx
statuzz said:
having # and running as root as stated before u can actually follow with eng and then custom recovery and ur choice's rom..pls correct me if im wrong..thanx
Click to expand...
Click to collapse
i'm also wondering the same thing, because i got the exploid working, and i have the # in the shell, but when i go to follow the instructions to flash the eng-release, i can't cd to any different dirs, nor can i push any files to the phone. i have the ESPRIMG.zip copied to my sdcard, so could i just reboot into recovery and flash the nbh from there? any help is appreciated.
nbetcher said:
Ignore that portion of the instructions provided by the program. As I stated, this is not intended for non-developers at this point. The # is your indication that you're running as root.
I am headed to work, but I don't usually have much going on there - I will be setting up a much cleaner system/environment for non-developers to work with and perma-root their phones with over the next few hours. Stay tuned!
Click to expand...
Click to collapse
Let me know if you want to work together on some kind of one-click root app for the Slide. If the commands work through the terminal on the phone itself rather than via adb, I could probably make this into an app already, but since you're working on a more non-developer-friendly version, I'll just wait until that's out
televate said:
i'm also wondering the same thing, because i got the exploid working, and i have the # in the shell, but when i go to follow the instructions to flash the eng-release, i can't cd to any different dirs, nor can i push any files to the phone. i have the ESPRIMG.zip copied to my sdcard, so could i just reboot into recovery and flash the nbh from there? any help is appreciated.
Click to expand...
Click to collapse
I'm delaying the release of my non-developer program for another couple hours.
As far as what you said above, all you need to do after gaining the # prompt is (in a separate window):
adb push flash_image /data/local
adb push mtd0.img /data/local
(switch back to your # adb shell, then type
cd /data/local
chmod 04755 flash_image
./flash_image misc mtd0.img
Then reboot and apply the ESPRIMG.zip. All of these files are found on the same post that I referenced in my OP. These instructions are all in that same page.
televate said:
i'm also wondering the same thing, because i got the exploid working, and i have the # in the shell, but when i go to follow the instructions to flash the eng-release, i can't cd to any different dirs, nor can i push any files to the phone. i have the ESPRIMG.zip copied to my sdcard, so could i just reboot into recovery and flash the nbh from there? any help is appreciated.
Click to expand...
Click to collapse
Im also stuck since im not sure if you can update to eng from the ota..But first i want to personally thank the OP & CR for providing this.
This would be great for a One Click method
this would be nice to work into a one click root!
And This did work for me!
Does this root method gets /system moumted when android running?In short do we finaly get metamorph and root explorer working?
I finally did it...
http://forum.xda-developers.com/showthread.php?p=25157446#post25157446
Now let's wait for ICS and hope that Sony's one will be built on a "good" kernel.
looks very promising, great work Nesquick
maybe in a week (or little more..) we could test it in practice!
keep up the good work
br
condi
Not exactly sure what this does, but it seems important so good job
This should be very interesting. Thanks for continuing to stay with it.
Sent from my Sony Tablet S using xda premium
Nesquick95 said:
I finally did it...
http://forum.xda-developers.com/showthread.php?p=25157446#post25157446
Now let's wait for ICS and hope that Sony's one will be built on a "good" kernel.
Click to expand...
Click to collapse
But it seems we are unable to chmod without root. So this would require one of our rooted ICS friends to give us the offsets?
chmod not needed in recovery, but it doesn't get root:
/sdcard/n95-offsets
n95-offsets by Nesquick95
Gets requiered offsets for mempodroid exploit
./mempodroid 0xd9ec 0xaf47 sh
1|@android:/system/bin $ /sdcard/mempodroid 0xd9ec 0xaf47 sh
/sdcard/mempodroid 0xd9ec 0xaf47 sh
1|@android:/system/bin $
Click to expand...
Click to collapse
Too bad...
Well... That's the copy of a successful session, taken from my Galaxy Nexus (see image attached).
Too bad if the exploit doesn't root our ICS release.
Can you please post your run-as (/system/bin/run-as) binary ? I'll try to get the offsets another way.
Nesquick95 said:
Well... That's the copy of a successful session, taken from my Galaxy Nexus (see image attached).
Too bad if the exploit doesn't root our ICS release.
Can you please post your run-as (/system/bin/run-as) binary ? I'll try to get the offsets another way.
Click to expand...
Click to collapse
I've managed to run your bin, got offsets, but still no root...:
Code:
n95-offsets by Nesquick95
Gets requiered offsets for mempodroid exploit
./mempodroid 0xd9ec 0xaf47 sh
and then:
Code:
[email protected]:/ $ /data/local/tmp/mempodroid 0xd9ec 0xaf47 sh
/data/local/tmp/mempodroid 0xd9ec 0xaf47 sh
1|[email protected]:/ $
Really too bad
Sony's ICS is built on kernel 2.6.39, normally rootable by this exploit... Maybe they have patched it...
Need a copy of /system/bin/run-as binary to try finding offsets another way, as a last chance. My tablet hasn't got the update (unrootable kernel 10 - French region)
Binary attached.
Since we're unable to chmod under normal boot (operation not permitted), the only way is to run under recovery. Is it possible that mempodroid doesn't work under recovery?
The worst thing that could happend
I don't know if running in recovery can make mempodroid fail... It probably doesn't. But as you can see, Condi has run n95-offsets in "regular" /data/local/tmp without success.
I have verified the offsets in the run-as binary posted with IDA disassembler, the offsets returned by n95-offsets are the good ones.
I think Sony's 2.6.39 kernel is patched, the exploit won't work...
(Maybe) we will find an other one (some day)...
A last ray of hope ?
There is something weird in the run-as posted by OCedHrt... His ELF header show an entry point at 0x8000 when the other run-as' that I've seen have their entry point at 0x80C0...
It sounds a little simple but may someone test :
./mempodroid 0xd92c 0xae87 sh
Thx !
Nesquick95 said:
There is something weird in the run-as posted by OCedHrt... His ELF header show an entry point at 0x8000 when the other run-as' that I've seen have their entry point at 0x80C0...
It sounds a little simple but may someone test :
./mempodroid 0xd92c 0xae87 sh
Thx !
Click to expand...
Click to collapse
Tried it, sadly did not work. I also got the latest version of mempodroid off the git, but still didnt work.
EDIT: FOUND a little thing, our offsets (from n95-offsets) are exactly the same as the transformer prime, maybe we can use the exploit they used to root ours?
Nesquick95 said:
I don't know if running in recovery can make mempodroid fail... It probably doesn't. But as you can see, Condi has run n95-offsets in "regular" /data/local/tmp without success.
I have verified the offsets in the run-as binary posted with IDA disassembler, the offsets returned by n95-offsets are the good ones.
I think Sony's 2.6.39 kernel is patched, the exploit won't work...
(Maybe) we will find an other one (some day)...
Click to expand...
Click to collapse
I wonder how he got chmod to work. Well I assume he already had root. Chmod returns operation not permitted for me so I had to try it in recovery.
Sent from my Nexus S using XDA
Maeur1 said:
Tried it, sadly did not work. I also got the latest version of mempodroid off the git, but still didnt work.
EDIT: FOUND a little thing, our offsets (from n95-offsets) are exactly the same as the transformer prime, maybe we can use the exploit they used to root ours?
Click to expand...
Click to collapse
Transformer Prime is probably running the same kernel than our tablet but I guess it has been released earlier than Sony's ICS, when mempodroid was still young and proud (I mean not patched)!
It's hard to figure out, but we must keep on searching, try things like you suggest... I haven't decided yet if I will sell my Sony S or if I will loose some more time on it.
https://sites.google.com/site/mophocorner/
Site to help with everything Motorola Photon 4G.
Hoping to help with newbies that want to flash, root, unlock, etc. before they get stuck and have to wait for replies to fix there phone, Hopefully this guide will just work and they wont HAVE to post for help. That is the point of this at least! Let me know if there is anything I can add or change and I will gladly give it some thought!
Thanks!
I have updated the page, just so everyone knows!! Check it out!!! Let me know if I am missing anything.
Sent from my Xoom using XDA
The photon torpedo method is needed to root the 2.3.5 version just released.
Sent from my MB855 using Tapatalk 2
THANKS!
Thank you for that. Added the Torpedo root method! =]
Thanks for putting all that info into one spot! Definitely helps out that much more as it is somewhat easier to refer to rather than bouncing from one post to another here in the forums! I would imagine it'll help out many people (including me!).
I'm still fairly new to some things and some times the added explanation of certain topics and/or issues is what's needed to get the job done!
Also, as far as the *photon-torpedo* root method goes... I used that method without an issue on Android 2.3.4. After updating to Android 2.3.5 the other day, I used that same method again without issue and it worked perfectly! Unfortunately (at least from what I've read), being that I updated to 2.3.5, I won't be able to unlock the bootloader as if right now. Not really something I'm too concerned about, being that I hadn't prior to the update anyway.
Sent from my MB855 using Tapatalk 2
I hate to be that guy but this is certainly relevant to the discussion at hand. I used the Photon Torpedo method originally when it first came out. Since then I have kept it stock and performed the OTA updates as they come. After each update I just run the last two commands:
/data/tmp/photon-torpedo.sh
/data/tmp/install-su.sh
Always worked in the past. I just got updated to the new "2.3.5" and I can't seem to get root back. The photon-torpedo script has multiple errors "libpcprofile.so cannot be loaded as audit interface" and "permission denied". Consequently the install-su script doesn't succeed. Can't mount /system as RW and everything is permission denied.
Worst part is that the SU binary still exists in /system/bin/su but I can't use it. I get permission denied on everything I try.
Am I borked? Is there something I have forgotten?
Jleeblanch, are you using the new update from Motorola from the soak test?
Grep,
To answer your question, yes. The new update unroots your device so you will have to re-root using the photon-torpedo method again.
I was rooted prior to the update with that method and after the update I was un-rooted! Trying to re-root using Terminal Emulator on device wouldn't work. Got "permissions denied" when running the tar command. But, using adb on the computer worked without a problem!
So basically, just redo the torpedo root method from step 1 and you'll successfully get root back guaranteed!!
Hope that helps!
Also, I had the SU binary in place as you did along with other root specific apps. Those apps are pretty much worthless until you gain root again.
It has been confirmed in the "soak" that 2.3.5 update will completely un-root your device...
Sent from my MB855 using Tapatalk 2
nice. should come in handy for others. even me cuz im kind of a noob.... waiting for way around locked bootloader after 2.3.5 ota
Sent from my Motorola Electrify using XDA
Grep_The_Truth said:
I hate to be that guy but this is certainly relevant to the discussion at hand. I used the Photon Torpedo method originally when it first came out. Since then I have kept it stock and performed the OTA updates as they come. After each update I just run the last two commands:
/data/tmp/photon-torpedo.sh
/data/tmp/install-su.sh
Always worked in the past. I just got updated to the new "2.3.5" and I can't seem to get root back. The photon-torpedo script has multiple errors "libpcprofile.so cannot be loaded as audit interface" and "permission denied". Consequently the install-su script doesn't succeed. Can't mount /system as RW and everything is permission denied.
Worst part is that the SU binary still exists in /system/bin/su but I can't use it. I get permission denied on everything I try.
Am I borked? Is there something I have forgotten?
Jleeblanch, are you using the new update from Motorola from the soak test?
Click to expand...
Click to collapse
Sent from my MB855 using Tapatalk 2
Root
You could always use root-keeper from the market if your lazy like me.
the link to the download torpedo is not working
spursrob said:
the link to the download torpedo is not working
Click to expand...
Click to collapse
The Imperium has your back. I will be upping a new guide and Root-Unlock-Relock pack soon but hosting is changing servers so for now torpedo is attached to this post.
Lokifish Marz said:
The Imperium has your back. I will be upping a new guide and Root-Unlock-Relock pack soon but hosting is changing servers so for now torpedo is attached to this post.
Click to expand...
Click to collapse
Clearly, I am retarded....I have studied this post 15 times but I can't find any way to see an attachment. Where is it?
cool old lady said:
Clearly, I am retarded....I have studied this post 15 times but I can't find any way to see an attachment. Where is it?
Click to expand...
Click to collapse
try it now, post 6. Are you on 2.3.4 or 2.3.5? If you're on 2.3.4 then just use the root/unlock/relock pack (the link is at the top of post 6.
OK - I see it now and I've downloaded it - thank you very much. I am on 2.3.5 from the soak test.
Are these still the correct/only instructions? If so I may still be in trouble...my "favorite method....into /data/tmp"? I don't know any method, much less have a favorite.
Instructions:
Use your favorite method to get photon-torpedo.tar into /data/tmp
Install Superuser from the Market
Install Android Terminal Emulator from the Market
Run Android Terminal Emulator
Run cd /data/tmp
Run /bin/tar xf /data/tmp/photon-torpedo.tar
Run /data/tmp/photon-torpedo.sh
Run /data/tmp/install-su.sh
I'm actually on my way to bed. I will write a more detailed walkthrough tomorrow and post it in the Photon Compendium. Eventually I plan to script the entire process but am working on unified webtop stuff right now.
Grep_The_Truth said:
I hate to be that guy but this is certainly relevant to the discussion at hand. I used the Photon Torpedo method originally when it first came out. Since then I have kept it stock and performed the OTA updates as they come. After each update I just run the last two commands:
/data/tmp/photon-torpedo.sh
/data/tmp/install-su.sh
Always worked in the past. I just got updated to the new "2.3.5" and I can't seem to get root back. The photon-torpedo script has multiple errors "libpcprofile.so cannot be loaded as audit interface" and "permission denied". Consequently the install-su script doesn't succeed. Can't mount /system as RW and everything is permission denied.
Worst part is that the SU binary still exists in /system/bin/su but I can't use it. I get permission denied on everything I try.
Am I borked? Is there something I have forgotten?
Jleeblanch, are you using the new update from Motorola from the soak test?
Click to expand...
Click to collapse
Me to, had to used one click Root (20 times)
Navigate to the Android Market and install the “Superuser” application from ChainsDD
Download and extract 22MB Root-Unlock-Relock.zip from the Imperium website
Go to the "rsd drivers" folder located in the Root-Unlock-Relock folder and install the drivers for your system (32bit or 64bit windows)
Download photon-torpedo.tar
Place photon-torpedo.tar in the "AIO Root" folder located in the Root-Unlock-Relock folder
On your phone, in menu/settings/applications/development make sure usb debugging is checked
Connect your phone to your computer and select "charging" mode from the connections options in notifcations
From the "AIO Root" folder, double click the "Command Prompt" shortcut
Type the following commands:
adb push photon-torpedo.tar /data/tmp
adb shell
cd /data/tmp
/bin/tar xf /data/tmp/photon-torpedo.tar
/data/tmp/photon-torpedo.sh
/data/tmp/install-su.sh
Ignore the errors when running torpedo and let the process complete.
Once I get some free time I'll write a single script covering everything from rooting to SBFing back to stock. My goal is to get any given process down to ten keystrokes or less.
Hmph. Well....I think it worked. Root Checker says "congrats" - but wasn't it supposed to wipe all my stuff from the phone or something?
no root doesn't wipe data. (neither does unlock if done right)
Sent from my mopho
So I bricked my Kinde Fire HDX by changing the build.prop and not fixing permissions. I have adb access but no root (I don't know why :S). Would a factory reset work? If not, how can I get to fix the build.prop or replace it with the old one? thank very much, I've been a couple hours looking for solution but I couldn't find any.
No, a factory reset would only break it further. It would remove your adb access and not fix anything. What makes you think you lost root? Have you tried "adb shell" then "su"?
Sent from my Amazon Tate using Tapatalk
r3pwn said:
No, a factory reset would only break it further. It would remove your adb access and not fix anything. What makes you think you lost root? Have you tried "adb shell" then "su"?
Sent from my Amazon Tate using Tapatalk
Click to expand...
Click to collapse
I used the HDX ToolKit v0.92 to check the root access, and it said "Please grant root on your device"
I've also tried "adb shell", and then "su", but it just returns "su" again. I am new with adb commands so I don't really know what it should show.
Thank you very much for your help
May I ask what version you were on before you bricked?
Sent from my Amazon Tate using Tapatalk
14.3.2.3.2, last update I think.
?
peter_b93 said:
14.3.2.3.2, last update I think.
Click to expand...
Click to collapse
Fixed?
jimyv said:
Fixed?
Click to expand...
Click to collapse
Nope, I couldn't find any way to get root acces again. But nevermind, my new kindle fire will be here in two days. I am surprised how well amazon costumer service works. Even though I bought my kindle in the US and now I am in Spain (not going back), they called me from the US for free, and they are paying all the shipping costs and sending it by priority shipping.
I am still interested if anyone knows how to fix it, just for fun
well
peter_b93 said:
Nope, I couldn't find any way to get root acces again. But nevermind, my new kindle fire will be here in two days. I am surprised how well amazon costumer service works. Even though I bought my kindle in the US and now I am in Spain (not going back), they called me from the US for free, and they are paying all the shipping costs and sending it by priority shipping.
I am still interested if anyone knows how to fix it, just for fun
Click to expand...
Click to collapse
It sounds like to me that you still root access you just were not mounted RW in other words it would not boot up completely so you could hit allow to the adb Shell. So you will have to mount system rw manually Try last 3 pages of this thread http://forum.xda-developers.com/showthread.php?t=2588608. He can fix you most likely if you can comprehend and follow directions.. or if ur understanding adb is fair you'll be able to probably extract your repair from the thread as is.
jimyv said:
It sounds like to me that you still root access you just were not mounted RW in other words it would not boot up completely so you could hit allow to the adb Shell. So you will have to mount system rw manually Try last 3 pages of this thread http://forum.xda-developers.com/showthread.php?t=2588608. He can fix you most likely if you can comprehend and follow directions.. or if ur understanding adb is fair you'll be able to probably extract your repair from the thread as is.
Click to expand...
Click to collapse
I've tried what it is said in the other thread. However, the problem there is that the guy cannot get his device to be recognized.
I've tried this:
adb root
adb shell
su
mount -o rw,remount /system *****- if this fails, try: mount -o remount /system
chmod 644 /system/build.prop
chown root.root /system/build.prop
reboot
But adb root gives me this error:
adbd cannot run as root in production builds
On the other hand if I skip the "adb root" step I cannot go further than "su" since I don't get the "[email protected]:/ #" line.
well
peter_b93 said:
I've tried what it is said in the other thread. However, the problem there is that the guy cannot get his device to be recognized.
I've tried this:
adb root
adb shell
su
mount -o rw,remount /system *****- if this fails, try: mount -o remount /system
chmod 644 /system/build.prop
chown root.root /system/build.prop
reboot
But adb root gives me this error:
adbd cannot run as root in production builds
On the other hand if I skip the "adb root" step I cannot go further than "su" since I don't get the "[email protected]:/ #" line.
Click to expand...
Click to collapse
Well since you do have ADB connectivity why can't you hook a bruting utility and push root ? Romaster_3.4.3.7593_Setup use as describe back in the roll back thread and the rooting thread 4 the new yes I kno wat is in chinese but this is the 1 that you must use sent you cannot install the apk install software plugin your tablet look at the upper right corner you will see an gear icon tap that then second row down second icon over "root"
jimyv said:
Well since you do have ADB connectivity why can't you hook a bruting utility and push root ? Romaster_3.4.3.7593_Setup use as describe back in the roll back thread and the rooting thread 4 the new yes I kno wat is in chinese but this is the 1 that you must use sent you cannot install the apk install software plugin your tablet look at the upper right corner you will see an gear icon tap that then second row down second icon over "root"
Click to expand...
Click to collapse
FIXED!!!!!
The chinese software worked! Thank you very much! As I first rooted with towelroot I wasn't aware that it was possible to root without booting into android! I think I won't edit the build.prop again lol.
peter_b93 said:
FIXED!!!!!
The chinese software worked! Thank you very much! As I first rooted with towelroot I wasn't aware that it was possible to root without booting into android! I think I won't edit the build.prop again lol.
Click to expand...
Click to collapse
Ok now use this http://forum.xda-developers.com/showthread.php?t=2532818 and uninstall romanager from pc...and reboot... And BTW modifying your build prop is alot easier useing build prop editing app. It takes care of permissions anyway as long as you entrys are correct..
jimyv said:
Ok now use this http://forum.xda-developers.com/showthread.php?t=2532818 and uninstall romanager from pc...and reboot... And BTW modifying your build prop is alot easier useing build prop editing app. It takes care of permissions anyway as long as you entrys are correct..
Click to expand...
Click to collapse
Good call on RomMaster. I have no idea what it is doing since I haven't had any time to look at it, but I'd figured it was an app like TR. At any rate, nicely done. :good:
sweet
GSLEON3 said:
Good call on RomMaster. I have no idea what it is doing since I haven't had any time to look at it, but I'd figured it was an app like TR. At any rate, nicely done. :good:
Click to expand...
Click to collapse
I'm not sure either that's why when I used it I was on a blacklisted unit and I kept the PC and the tablet and airplane mode at all times. Until I was certain I got all the files off of both before I let them go to Wi-Fi Chinese files that is.. But one thing I was very curious about is if you open that tool up the Chinese tool that is an you go to the same page you would hit the anchor to root to your device just below that it says fastboot I'm wondering if they have a fastboot working for also too bad nobody here know Chinese..