Today i tried to root my sgs2 applying liquidperfections method (odin & s2-root). I followed all the steps, but after flashing the secured kernel (step 11), it looks i don't have root access. SU is installed but does not react. Rootxplorer fails and Titanium backup also...
What happened? What do i do now?
Download this and flash via cwm problem will be solved
No custom count as well as no triangle
http://www.4shared.com/zip/IA_mpMSo/SU-Busybox-Installer-1.html
Cheers
Sent from my GT-I9100 using Tapatalk 2
rjsmer said:
flash via cwm problem will be solved
Click to expand...
Click to collapse
OP specifically mentioned he flashed an original kernel, therefore no CWM recovery.
@OP, I don't know why you're having that specific problem, but why not just do what most do and flash a CF-root kernel? One step instead of 11.
Re: No proper root?
Thanks for replying, but I'm pretty confused now...
I'm new to all this, and the only thing I want at the moment is rootaccess; then I'll check and learn, step by step about roms etc. - well, that was the idea.
Becaus SU and Root Exlorer were acting strange and Titanium Backup said I nedded root, I installed free app 'root checker' which says that "the device is not properly rooted" (not properly, that kind of says it is rooted, but not how it should... right??)
Another Senior member pm'd me today about it and says he will help me;
rjsmer tells me to install an apk
and oinkylicious, u, that's what I suppose, are telling me not to install that apk, becaus I have a original kernel again...
So, is there any1 that can tell me what to do exactly;
I don't have any preference for 1 specific method, but I'd like a method that is easy and not too risky...
Oinky was correct, assuming you have an I9100/T (check the sticker under the battery), CFRoot is simple & will install CWM by default which will enable you to to flash roms/kernels, backup & restore easily (among other things).
However, what you really should not do is rush it or take shortcuts. Rushing & taking shortcuts leads to borked phones & you having to pay to have said borked phone repaired/replaced.
Read the first page of the CFRoot thread thoroughly, and follow the instructions to the letter. Pay particular attention to the section a 3rd of the way down the page in bold red that says "Help ! Which file do I use". Read this bit thoroughly & understand it. If you do & then come back to this thread & ask "Hlap ! What kernel do I use ?", that means you haven't read/understood it properly & you're probably at risk of bricking your phone.
Edit - You want a method of rooting your phone that isn't risky ? There isn't one. Flashing stuff to your phone always entails (a normally very small) risk you'll brick your phone. That risk increases exponentially with how poorly you understand what it is you're doing to your phone (gets back to the no rushing/no shortcuts, following instructions & understanding what you're doing I mentioned above).
Narcotrix said:
Thanks for replying, but I'm pretty confused now...
I'm new to all this, and the only thing I want at the moment is rootaccess; then I'll check and learn, step by step about roms etc. - well, that was the idea.
Becaus SU and Root Exlorer were acting strange and Titanium Backup said I nedded root, I installed free app 'root checker' which says that "the device is not properly rooted" (not properly, that kind of says it is rooted, but not how it should... right??)
Another Senior member pm'd me today about it and says he will help me;
rjsmer tells me to install an apk
and oinkylicious, u, that's what I suppose, are telling me not to install that apk, becaus I have a original kernel again...
So, is there any1 that can tell me what to do exactly;
I don't have any preference for 1 specific method, but I'd like a method that is easy and not too risky...
Click to expand...
Click to collapse
What I would do is
1. Flash stock firmware
2. Flash insecure kernel (CF-Root)
3. Check for root
Root will be there and just a case of progressing to custom roms etc
No proper Root
OK, thanks for the info
I don't want to rush anything, and I did inform me well. But for what I understand, is that I did everything alright yesterday, except re-flashing the stock/secured kernel (an optional step...)
Basically, if I apply the CF-Root method, I'll have a unsecured kernel?
So, what do I do now ?
Completely reset my phone, and apply CF-root ?
I think reset, because I have SU on my ophone now...
- Do I reset the gs2 or leave it & apply CF-Root?
- What is strange is that no one can tell me why this happened or what the problem is exactly ?
CF-Root
MistahBungle said:
Oinky was correct, assuming you have an I9100/T (check the sticker under the battery), CFRoot is simple & will install CWM by default which will enable you to to flash roms/kernels, backup & restore easily (among other things).
However, what you really should not do is rush it or take shortcuts. Rushing & taking shortcuts leads to borked phones & you having to pay to have said borked phone repaired/replaced.
Read the first page of the CFRoot thread thoroughly, and follow the instructions to the letter. Pay particular attention to the section a 3rd of the way down the page in bold red that says "Help ! Which file do I use". Read this bit thoroughly & understand it. If you do & then come back to this thread & ask "Hlap ! What kernel do I use ?", that means you haven't read/understood it properly & you're probably at risk of bricking your phone.
Edit - You want a method of rooting your phone that isn't risky ? There isn't one. Flashing stuff to your phone always entails (a normally very small) risk you'll brick your phone. That risk increases exponentially with how poorly you understand what it is you're doing to your phone (gets back to the no rushing/no shortcuts, following instructions & understanding what you're doing I mentioned above).
Click to expand...
Click to collapse
Actually, my phone is a GT-I9100, no letter at the end...
And, I do know that flashing is risky, and I agree that it the less I know, the more it becomes risky, but, hey, I'm willing to understand and learn...
Anyway, my other contact send me this to flash ? What do you think ?
CF-Root-SGS2_XX_OXA_LPS-v5.4-CWM5
That does not match my current firmware (XWLP4), does it ?
So, I did read page 1 of Chainfire's thread, and I think I have to go for the CF-Root-SGS2_XW_O2U_LP3-v5.4-CWM5 one...
So, once my phone is flashed with this one, what are the possibilities / opportunities, except installing apps that require root ?
Are there any guides or threads to introduce new people to this ?
I have no idea if the LPS kernel your 'contact' sent you will work or not. At worst your phone won't boot (you'll still be able to get into download mode & flash something else). As to what kernel you should use, all the info you need is in that section 'Help ! Which file do I use ?' which is why I drew attention to it. If you're apprehensive or unsure of what you're doing, don't until you are sure.
What are the possibilities/opportunities once you've rooted your phone ? Basically it gives you control over your phone. You can freeze or uninstall apps that carriers/Samsung have put on the phone for starters. And obviously if you use CFRoot to root your phone, you'll have CWM installed which makes flashing roms/kernels, backing up & restoring really easy (among other things).
As I said in another thread all of 5 minutes ago, I very much recommend you read the Stickies, just about everything you could ever want to know is in those threads. You just have to read & learn.
Edit - Re: your question 'What is strange is that no one can tell me why this happened or what the problem is exactly ?' in your earlier post, the reason for this (root failing) is we don't know. We're not there with you to know exactly what you did/didn't do, and besides, the method you used isn't from this site.
Well, thx a lot for tips and explicarions!
I'm still informing myself...
I'd go 4 cf-root, but still hesitating becoz my device looks "semi"-rooted, but is that possible? Some apps are 'seeing' root, but can't have access to it...
Oh and the method i did use initially comes from this forum, really. Thread by user LiquidPerfection...
Sent from my GT-I9100 using xda app-developers app
Edit:
These are the results of the root checker-tool. Can some1 please explain or tell me what to do mow? Thank u
Superuser Application Status:
Superuser application - version 3.1.3 -is installed!
System File Properties for Root Access:
Alternative Location
Check Command: ls -l /sbin/su:
Result: /sbin/su: No such file or directory
Analysis: File /sbin/su does not exist.
Standard Location
Check Command: ls -l /system/bin/su:
Result: /system/bin/su: No such file or directory
Analysis: File /system/bin/su does not exist.
Standard Location
Check Command: ls -l /system/xbin/su:
Result: -rwsr-xr-x root shell 22228 2011-09-27 23:12 su
Analysis: Setuid attribute present and root user ownership present. Root access is correctly configured for this file! Executing this file can grant root access!
Alternative Location
Check Command: ls -l /system/xbin/sudo:
Result: /system/xbin/sudo: No such file or directory
Analysis: File /system/xbin/sudo does not exist.
Root User ID and Group ID Status:
SU binary not found or not operating properly
System Environment PATH: /sbin /vendor/bin /system/sbin /system/bin /system/xbin
ADB Shell Default User:
ADB shell setting for standard access, stored in default.prop, is configured as: shell (non root) user - ro.secure=1
Results provided on your GT-I9100 device by Root Checker Pro version 1.2.7 from joeykrim in the Android Market - http://goo.gl/NcnHn
Related
Device: Verizon Samsung Fascinate
Model: SCH-I500
Hardware verison I500.04
Firmware verison: 2.2.2
Baseband verison S:i500.04 V.ED05
Kernel verison 2.5.32.9
Build number SCH-I500.ED05
Background:
I am a simple root user who does not whish to flash any ROMs or custom mods. I just want root access to the phone. Until ED05, the SuperOneClick tool has done for the job for me every time. Verizon was kind enough to force ED05 down to me even though I declined it a about 5 days ago. I woke a couple days ago to my apps stating that root was not working. Boy was I pleased! Anyway, I promptly grabbed the lastest verison of SuperOneClick and fired it off and it said I was already rooted and asked I wanted to do it anway so I said sure, make it so Number One. But even after rerunning the root without errors, and rebooting multiple times, the applications don't think I'm rooted and the unroot process hangs when I try that. Since root is not working, I cannot take a backup via my Titanium Backup and I've never been able to use any of the CW stuff to take a backup image prior to flashing thanks to the nerfing of that process. I don't not want to lose any of my app data or SD card data in the process of rerooting and I want to be in a state that allows for very quick and easy "cleanup" of the phone in case I need to return it. I'm very nervous about trying any of the ODIN methods and losing my data or bricking the phone. Can someone please provide some detailed instructions on what the best steps are to meet my requirements?
Requirements:
1) No loss of current app data or SD card data.
2) Very low risk procedure
3) Simple procedure
4) Phone is a state that allows for quick and easy reversion to "clean" state without having to restore data from backups.
5) No custom mods/ROMs - official verizon releases preferred with Titanium Backup used to "freeze" unwanted bloatware.
ashesofthefall said:
Device: Verizon Samsung Fascinate
Model: SCH-I500
Hardware verison I500.04
Firmware verison: 2.2.2
Baseband verison S:i500.04 V.ED05
Kernel verison 2.5.32.9
Build number SCH-I500.ED05
Background:
I am a simple root user who does not whish to flash any ROMs or custom mods. I just want root access to the phone. Until ED05, the SuperOneClick tool has done for the job for me every time. Verizon was kind enough to force ED05 down to me even though I declined it a about 5 days ago. I woke a couple days ago to my apps stating that root was not working. Boy was I pleased! Anyway, I promptly grabbed the lastest verison of SuperOneClick and fired it off and it said I was already rooted and asked I wanted to do it anway so I said sure, make it so Number One. But even after rerunning the root without errors, and rebooting multiple times, the applications don't think I'm rooted and the unroot process hangs when I try that. Since root is not working, I cannot take a backup via my Titanium Backup and I've never been able to use any of the CW stuff to take a backup image prior to flashing thanks to the nerfing of that process. I don't not want to lose any of my app data or SD card data in the process of rerooting and I want to be in a state that allows for very quick and easy "cleanup" of the phone in case I need to return it. I'm very nervous about trying any of the ODIN methods and losing my data or bricking the phone. Can someone please provide some detailed instructions on what the best steps are to meet my requirements?
Requirements:
1) No loss of current app data or SD card data.
2) Very low risk procedure
3) Simple procedure
4) Phone is a state that allows for quick and easy reversion to "clean" state without having to restore data from backups.
5) No custom mods/ROMs - official verizon releases preferred with Titanium Backup used to "freeze" unwanted bloatware.
Click to expand...
Click to collapse
You can try this. http://forum.xda-developers.com/showthread.php?t=1045048 (Ignore that it says MOD, it only installs root )
(Sorry, this uses Odin, but I find it the easiest way, if your not sure then post and I'll try to answer your question, and it only installs root. Apps like SuperOneClick no longer work correctly).
Get Odin, the Samsung Drivers for SCH-I500, and this recovery: http://www.mediafire.com/?6x5utoca59et7o9. Put the su.zip on your SD card.
Install the Samsung Drivers. Power off the phone, remove the battery, plug in your phone into your computer while holding the volume down button and use Odin to install the CWM Recovery (click the PDA button and select the CWM recovery all.tar, then hit start). Once that is done, replace the battery, boot your phone by holding down power, volume down and up at the same time. Your phone will boot into CWM. Install the su.zip in CWM and reboot the phone. The kernel will remove CWM at boot so there will be no sign of it but after that your root should come back.
It worked fine for me.
That did work, thank you. I still don't quite understand what all the different pit, recovery, zip and tar files do and what exactly happens when you use the different files with Odin. Can you point to me to a "Odin and CWR for Dummies" or something that lays all this out in simple terms? I've read through the master rooting and recovery threads a few times but I still don't grasp exactly what the different pieces do and what they overwrite and when. For example, how would I go about quickly removing the root stuff from my phone now without losing all my settings and data?
It worked for me fine the other day also. And yes I was on Ed05
Sent from my SCH-I500 using Tapatalk
I was able to root 2 updates ago with SOC but just got around to re rooting after ED05 installed.
Didn't work...most annoying. lol
Checking with Root Checker and I get the following output.
Root Access is not properly configured or was not granted.
Superuser.apk - com.noshufou.android.su - version 2.3.6.1 - Added clear log to menu in log tab, More languages, Bugfixes is installed!
Standard su binary location: ls -l /system/bin/su:
-rwxr-xr-x root shell 26264 2010-10-16 22:04 su
Standard su binary location: ls -l /system/xbin/su:
-rwsr-sr-x root shell 26264 2011-08-15 18:46 su
Alternate su binary location: ls -l /sbin/su:
/sbin/su: No such file or directory
SU binary not found or not operating properly
Any help?
jiminigrist said:
I was able to root 2 updates ago with SOC but just got around to re rooting after ED05 installed.
Didn't work...most annoying. lol
Checking with Root Checker and I get the following output.
Root Access is not properly configured or was not granted.
Superuser.apk - com.noshufou.android.su - version 2.3.6.1 - Added clear log to menu in log tab, More languages, Bugfixes is installed!
Standard su binary location: ls -l /system/bin/su:
-rwxr-xr-x root shell 26264 2010-10-16 22:04 su
Standard su binary location: ls -l /system/xbin/su:
-rwsr-sr-x root shell 26264 2011-08-15 18:46 su
Alternate su binary location: ls -l /sbin/su:
/sbin/su: No such file or directory
SU binary not found or not operating properly
Any help?
Click to expand...
Click to collapse
The easiest way to root would be to use ODIN and flash CWM (via PDA, always)..
Then go into CWM then install the SuperUser+BusyBox.zip
I have 2.2.2 as well and the latest superoneclick did not work, but the old 1.5.5 version did work.
hey, hmm, i am new at this forum but i been rooting phones for a long time, well to make the story short, i have a samsung fascinate and i updated it to GB well after the update everything was working fine now that i want to install custom rom, or cw, trying to use odin, my computer won't recognize my phone, i installed the driver and everything but when i plug in my phone i and try to put it on download mode it shows a USB error, please can someone help i have search everywhere and can't find a solution,,, thanks thou,
hi. i can't believe i'm the first person to ask this but i've searched as best i can through these forums, and on google, and cannot find a definitive answer. there are lots of pages giving high level descriptions of rooting a phone like "gives admin access", "allows access to the root filesystem", etc. but, when you root a phone, what actually happens ? does it simply make the "su" binary available so that apps can call it to access the root user ? eg. i've got a samsung galaxy s2, if i install an insecure kernel, then add su to /system/xbin, and then reinstall a stock kernel, is that technically a rooted phone ? this is actually what i did on my phone, although i installed superuser and busybox from the market after adding su. i am aware that there are various threads in the sgs2 forums on how to root, i'm just using my phone as an example, i'm just trying to understand generically what is meant when someone says a phone has been rooted. cheers.
Full control over your system
Ability to alter system files. You can replace many parts of the "Android Core" with this including:
Themes
Core apps (maps, calendar, clock etc)
Recovery image
Bootloader
Toolbox (linux binary that lets you execute simple linux commands like "ls") can be replaced with Busybox (slightly better option)
Boot images
Add linux binaries
Run special apps that need more control over the system
SuperUser (lets you approve or deny the use of root access to any program)
Task Manager For Root (Lets you kill apps that you otherwise could not kill)
Tether apps (like the one found at [android-wifi-tether.googlecode.com])
<there are more but I cannot think of any right now>
Backup your system
You can make a folder on your sdcard and backup all of your .apk files to your sdcard (helps if an author decides to "upgrade" you to a version that requires you to pay to use the version you just had)
Relocate your (browser/maps/market) cache to your /sdcard
Relocate your installed applications to your /sdcard
Reboot your phone from the terminal app easily (su <enter> reboot <enter>)
Copied and pasted from google... it is your friend.
thanks for the response however, i'm trying to understand what actually changes on the phone when you root it, rather than simply the benefits of rooting a phone.
Carrot Cruncher said:
thanks for the response however, i'm trying to understand what actually changes on the phone when you root it, rather than simply the benefits of rooting a phone.
Click to expand...
Click to collapse
Unrooted phone is like logging on as user in a computer. By rooting you have "administrative" rights, just like using sudo command in Ubuntu. Some binaries which are important in gaining administrative rights are installed in the phone.
sent from my nokia 3210
If you come from Windows, you're familiar with the Administrator account. A user that can do everything on the system, as opposed to other users than only have limited privileges. In Linux, that account is called "root". That's all there is to it. It's a user that can do everything on the system.
@Panos_dm: Actually, it's *not* like using sudo. Sudo gives elevated privileges to your existing user account, whereas "root" is a whole separate account.
Nope, sudo actually switches users
i'm a linux user and have been a linux admin in the past so understand the difference between su and sudo. sorry to sound pedantic but i'm still not clear on exactly what happens when you root a phone, i.e. what exactly happens during the rooting process ?
It opens your phone to a whole new array of possibilities.
Sent from my HTC Sensation 4G using xda premium
Carrot Cruncher said:
but i'm still not clear on exactly what happens when you root a phone, i.e. what exactly happens during the rooting process ?
Click to expand...
Click to collapse
In a gist? The "su" binary and the Superuser.apk app get installed. Sometimes doing so requires exploiting a vulnerability via a trigger. Rageagainstthecage is a common trigger. I once had a link that explained what exactly rageagainstthecage does, but I don't have it anymore.
If you really want to know all the details, here's the script I used to root my Defy: http://pastebin.com/G3m9v4FQ
Hmm, I see the script contains a link to the explanation of what rageagainstthecage does. Cool.
many thanks for confirming my understanding of the process.
So there are two populair methods of rooting the galaxy s3:
- The Samsung galaxy s3 toolkit
- Chainfire's CF-ROOT
My questions are as follows:
What are the technical differences between the two rooting methods?
Do the methods have any drawbacks? (cf-root for example is incompatible with rommanager)
disclaimer:
I am not interested in what you think is the best method, I want to know the technical differences between the two methods used.
I know that the toolkit itself is not a rooting method, it does however include 4 different methods you can use, I am referring to those.
The toolkit uses cfroot I think. Not sure if it's as up to date as the latest cfroot via Odin. They both work well enough. There is no other method I know of. And I haven't had any drawbacks.
That's all I can say really
Sent from my GT-I9300 using xda premium
Also The toolkit uses Odin too. It has other options and clear instructions. Drivers. Modems etc so this would be the best option for an casual user.
Latest cfroot via Odin is probably your best option if u know what your doing
But it's up to you mate, it doesn't really need analyzing so deeply...
Sent from my GT-I9300 using xda premium
slking1989 said:
But it's up to you mate, it doesn't really need analyzing so deeply...
Click to expand...
Click to collapse
Well it is personal but I like to know or at least have a general idea of what I am doing to my phone. So yes it does
Tnx for the reply
Anyone else who can give me some more insight?
Unfortunately I don't have an answer for you, but I also am interested in the answer to your question..
I think certain methods of rooting use SuperSU (is this the CF one?) and then another method uses Superuser. I think both install busybox (that seems to be the same?)
In my experience, using the Superuser.apk app was faster than SuperSU..
I don't even have the Busybox app installed (but I am sure my phone has busybox, so this also confuses me??)
CF root gets the job done in 20-25 seconds. It installs superSU, busybox and cwm recovery. I would allways recommend rooting with CF Root over the Toolkit.
But that`s my opinion off course
gee2012 said:
CF root gets the job done in 20-25 seconds. It installs superSU, busybox and cwm recovery. I would allways recommend rooting with CF Root over the Toolkit.
But that`s my opinion off course
Click to expand...
Click to collapse
Yes go with the CFroot if u just want to root ur phone.
Sent from my GT-I9300 using Tapatalk 2
'K, I'll bite. I'm not going to give an overall recommendation - at the end of day, they both install an APK and put a new binary in /system/xbin.
Note: I used CF-Root to root my phone. When I talk about how the the toolkit does what it does, I'm basing my words on this image. I've seen the things in that image before, even though I haven't used the toolkit. This also means that my toolkit observations may not be entirely accurate but it's a batch script, anyway; you can just read through it and find out how it works. I'm also primarily a Windows user, but I used to use GNU/Linux quite a bit to write programs for a phone that I once had.
Rooting is, when broken down, the installation of a "su" binary installed to /system/xbin, that is owned by root and carries the setuid flag. This flag is important as the Linux kernel will then run the process whenever it's invoked as the person who owns it, root. This process can then, in turn, start other programs and they inherit the user ID (something like this - I'm taking my time reading TLPI...) so they are then running as root. There's also a "manager" app (Superuser or SuperSU) that will be installed; this app is talked to by the su binary (through the Android Binder AFAIK, though Superuser's source is available so if you really wanted to find out you could read that) to see, for example, if the program that is invoking "su" is allowed to do so. CF-Root installs the SuperSU apk to /system/app, which means that it survives factory resets. The toolkit, from a quick look at the Superuser ZIP in its folder and its batch file, also installs the Superuser apk to /system/app. When sideloading apps or installing from the Google Play Store, they usually get installed to /data/app.
Not all "su" implementations for Android need a manager app, I've seen implementations where su does not place restrictions on who is allowed to run it; uid=0 for everyone without discrimination! (Yes, that also includes you, Super Smilies Pack 3000 with boob smilies) Thankfully, neither the toolkit nor CF-Root do this. I lie a little. Superuser's su binary will automatically reject any request to become root if the Superuser.apk is not installed but SuperSU's su binary will automatically accept all requests to become root if the SuperSU apk is not installed. Personally, I prefer SuperSU's behaviour as there have been too many times with my old phones where I'd have to sign into Google Play after wiping /data just to install the Superuser APK when all I wanted was to run a simple command.
ext* filesystems along with other *NIX filesystems have the concept of file permissions, a concept shared by other *NIX filesystems. In order to actually place this su binary owned by root into a folder owned by root, you need to be root. (Actually, the folder is also owned by the shell group so a user which is a member of that group could do it too, but they wouldn't be able to set the all-important setuid flag as they're not the user root [perhaps a member of group root could do it but I don't know]) Usually, exploits in other programs running/can run as root or in the kernel are searched for so that you can temporarily root in order to install the su binary correctly. The GSIII (with the exception of Verizon's) has an unlocked bootloader, though, so programmers don't need to search for any of these: it's able to flash unofficial, unsigned recoveries and kernels.
CF-Root does this:
* it flashes a new CWM-based recovery in the recovery partition of the phone. If you've seen the stock Android recovery, you'll know that it just can't match the features of CWM. The important thing about CWM is that it runs as root, just like the stock recovery, but it also lets you place any file anywhere on the phone without requiring that the the ZIP file containing the files are not signed with a Samsung private key. Remember what I said about file permissions?
* there's also a param.bin file. I don't know anything about this file, but I suspect it's flashed to get the phone to boot up into recovery mode the next time it's started so that CWM runs before anything else
* it also flashes the cache partition (I'm not sure whether it overwrites or appends as I don't know how [and probably never will] know how ODIN works with two ZIP files: SuperSU, which contains the su binary, the SuperSU apk and a script that is run by CWM to set the required permissions on the su binary among other things, and the CWM app which lets you tell the recovery what actions you want it to perform in Android without having to navigate through the awkward interface of CWM itself. While I don't know how to do this myself, CWM recovery can be told to automatically run commands from an external source. I'm not talking about random websites on the Internet, but (I think) through files that have to be placed somewhere by root. This is what apps like the CWM app and ROM Manager do. This is also what CF-Root does to tell the recovery that the next time it's booted that it should install both the CWM ZIP and SuperSU ZIP. That's it in the case of CF-Root: you now have a phone with the two files required for root access, and a CWM recovery and an app to control it.
The toolkit:
(I only talk about the "insecure boot" options as I imagine the recovery option does something similar to the above and do remember that I haven't used the toolkit to root my phone so some assumptions are made. I also assume you know what ADB is as I won't be explaining it)
* it gets you to flash a kernel image with a patched adbd that runs as root, so adb on your computer, in turn, is able to place files anywhere on the phone's /. File permissions make it so you can't just place adbd in its expected place (/sbin) as any user and /sbin is also mounted on a ramdisk part of the flashable kernel image so it would be replaced on the next reboot, anyway.
* When the phone is running again with the new kernel, it then tells adb (now running as root) to push the Superuser APK and the su binary into their rightful place and sets the correct permisions on the su binary so that it runs as root
* if you've told it to install busybox, busybox is pushed and a bunch of symlinks for all the applets that BusyBox supports are set up
CF-Root installs, naturally, Chainfire's SuperSu whereas the toolkit installs Superuser. I much prefer SuperSU (and I bought a pro license for Superuser long before I did for SuperSu). Superuser's interface is much better than SuperSU's and it's also open-source but I find that SuperSU works much quicker for me (Root Explorer actually popped up a message on my sister's freshly-flashed Xperia Arc S saying that Superuser can be slow if Superuser hasn't granted it root access quick enough - I've never encountered that on my Huawei U8800pro with SuperSU which has pretty much the same specs as the Xperia) and it can also log the commands an app is running as root if you're suspicious of an application.
You'll notice that ADB still runs as a normal user with CF-Root. You can use Chainfire's adbd Insecure app which will replace /sbin/adbd everytime the phone is started with his patched adbd which always runs as root, or you can just flash one of the many kernels available that already include a patched /sbin/adbd.
CF-Root also does not install BusyBox. You can grab one of the installers from the Play Store but what I do personally is kang a CM9 nightly build for the I9300 and take the META-INF folder and the /system/xbin/busybox binary and strip out most of the lines in the update-script leaving only the lines that mount, extract and create the symlinks for busybox and place the result in a new ZIP which is then flashed with CWM.
Your "cf-root for example is incompatible with rommanager" gripe is easily solved - just flash another recovery. CF-Root just packages a CWM Recovery, an app to control CWM and SuperSU. CF-Root itself is not a resident component, but the recovery and SuperSU etc. are, if that makes sense.
qwerty12 said:
A long story with a lot of interesting and valuable information
Click to expand...
Click to collapse
Tnx! This is precisely what I have been looking for! A lot of the information I already found in seperate pieces but this made it click in my head. I used cf-root to root the phone and am currently deciding if I want to work with the included tools and cwm recovery or flash CWM touch
I got a busybox installer from the market and it works like a charm (Well Titanium backup seems to do its job anyway).
I must say I think was over analyzing this a bit since I owned a HTC desire before this phone where rooting has a lot more risks involved and a lot more steps.
The only advantage i can see to using toolkit is it will get updated quicker and it has loads of other options. If you just want to Root and flash a Rom cf root is way to go
Sent from my GT-I9300 using xda app-developers app
creesch said:
Tnx! This is precisely what I have been looking for! A lot of the information I already found in seperate pieces but this made it click in my head. I used cf-root to root the phone and am currently deciding if I want to work with the included tools and cwm recovery or flash CWM touch
Click to expand...
Click to collapse
Glad it helped
I must say I think was over analyzing this a bit since I owned a HTC desire before this phone where rooting has a lot more risks involved and a lot more steps.
Click to expand...
Click to collapse
Yeah, HTC's locked bootloaders and the S-ON/S-OFF rubbish is one of the reasons I decided to skip the One X and go for the Galaxy S3.
creesch said:
I must say I think was over analyzing this a bit since I owned a HTC desire before this phone where rooting has a lot more risks involved and a lot more steps.
Click to expand...
Click to collapse
Its fair to say that unlike many people on this forum you did your research. Searched.. and asked a valid question. Whereas the majority of people just ask questions without being bothered to figure it out themselves. So thanks. Over analyzing? Maybe a little... but its better than flashing any old thing like many other have done and continue to do. Big thanks to qwerty who has filled me in on some useful info also.
Sent from my GT-I9300 using xda premium
You should have thanked him tho maaan
Sent from my GT-I9300 using xda premium
creesch said:
Tnx! This is precisely what I have been looking for! A lot of the information I already found in seperate pieces but this made it click in my head. I used cf-root to root the phone and am currently deciding if I want to work with the included tools and cwm recovery or flash CWM touch
I got a busybox installer from the market and it works like a charm (Well Titanium backup seems to do its job anyway).
I must say I think was over analyzing this a bit since I owned a HTC desire before this phone where rooting has a lot more risks involved and a lot more steps.
Click to expand...
Click to collapse
Stick with 5.x.x.x recovery, touch(6.x.x.x) has some instability issues afaik
Sent from my GT-I9300 using xda premium
slaphead20 said:
Stick with 5.x.x.x recovery, touch(6.x.x.x) has some instability issues afaik
Sent from my GT-I9300 using xda premium
Click to expand...
Click to collapse
Alright well since it was only the touch aspect that made me consider it i'll leave it just like it is
Hey guys
Hey guys i have the internationa galaxy s3 running 4.1.2, i haven't done anything to my phone yet and im about to root it is the boot loader unlcoked and if not how do i unlock it :good:, could someone please help me:crying::crying: and give me clear instructions and links please :fingers-crossed: thanks you so much,
BTw i know this is the wrong thread but i cant find the right one, thanks alot guys
regards nick
Firstly a big thank you macexplorer who again found the relevant links amongst much Japanese.
See the original thread on rooting the F-01D:
http://forum.xda-developers.com/showthread.php?t=1611484
Following are quick instructions on how to upgrade the device to ICS. All your data will remain intact, but the /system partition is completely wiped.
NB: YOU WILL LOSE ROOT IF YOU FOLLOW THESE INSTRUCTIONS. YOU WILL NOT GET ROOT BACK.
To be clear, at the present moment in time, you need to CHOOSE BETWEEN ICS OR ROOT, you can't have both. The official upgrade below completely reflashes the system partition, so tools like OTA RootKeeper will not help you. The new release is more secure than ever and at current we don't know a new way to get root. If anyone finds any new information, please speak up
DISCLAIMER: Following these instructions might brick your device, void your warranty, etc. This is unlikely since you're basically installing an official update, but to be clear, I disclaim any and all responsibility for any (permanent) damage that might be caused by these instructions. DO AT YOUR OWN RISK.
The original instructions are here (or see in Google Translate)
http://spf.fmworld.net/fujitsu/c/update/nttdocomo/f-01d/update1/top/index.html
My instructions are slightly different, aimed at more advanced users, and serves the file direct from my server (I found the original server quite picky in terms of refer and user agent, and also slow. I'm also serving the unzipped version, since compression was 0% anyways).
PRE-REQUISITES
At least 50% battery (ideally more in case things go wrong...).
Settings -> About, make sure Android version is 3.2, and Build number is either V28R43A (as recommended on the official page) or V19R36D (what I had; it worked for me but YMMV).
Settings -> Storage, at least 1.5 GB free in "Built in storage" (try installing first to external SD card and let me know if it works.. it's a lot safer).
ICS UPGRADE FOR F-01D
Download F01D_TO_SP_ICS1.enc and put it in /sdcard (md5sum: 2014d0254568a4ef955b21476012a9b5)
Boot into recovery (power off, hold down both volume keys and power up), select "update firmware" and press the power button agin.
Pay attention... the first time I tried this, it rebooted back in to recovery part way.... if this happens, just repeat step 2 above and make sure the progress bar completes all the way.
After this, it will reboot a few times, don't worry. Boot 1 will do the "optimizing android apps" screen, Boot 2 will be "upgrading calendar, contacts, etc..." and Boot 3 will say "finishing upgrade" and let you use the system.
If anyone has any leads on re-rooting the device, speak up. From my initial observations security is tighter than ever, so this might be a problem... but there are clever people out there
Regarding root
No leads for now. We can create /data/local.prop using the ICS/JB restore technique, but unfortunately the new firmware is completely ignoring either this file or the ro.kernel.qemu property.
If I understood the google translated Japanese correctly, this guy got to the same conclusion, and is now looking for other solutions. I wish him luck because after spending the day on this I have to get back to my real work
http://blog.huhka.com/2012/09/arrows-tab-lte-f-01d-icsshell-root.html
Temporary Root
This link in xda works to get a temporary root:
http://forum.xda-developers.com/showthread.php?t=1886310
i think to get permanent root, need the lsm_disabler.ko for ICS kernel.
Update:
ICS kernel has blocked loading kernel modules; so cannot insmod a custom kernel.
so cannot remount /system, and cannot get permanent root..
shame on the dandroids..
Post upgrade restart errors?
Hi, slightly off-topic but related - has anyone had issues after upgrading with google maps? Whenever I start google maps it will hang and then restart my tablet.
Essentially google maps is now unusable which is very annoying. Please let me know if anyone has experienced this too and if so if they have a solution to the problem.
Many thanks in advance!
I lost boot after upgrade the device to ICS :crying:
anyone help me repaid boot
Thanks:laugh:
longdau12 said:
I lost boot after upgrade the device to ICS :crying:
anyone help me repaid boot
Thanks:laugh:
Click to expand...
Click to collapse
Help me :crying:
macexplorer said:
This link in xda works to get a temporary root:
http://forum.xda-developers.com/showthread.php?t=1886310
i think to get permanent root, need the lsm_disabler.ko for ICS kernel.
Update:
ICS kernel has blocked loading kernel modules; so cannot insmod a custom kernel.
so cannot remount /system, and cannot get permanent root..
Click to expand...
Click to collapse
FINALLY..ROOT on F-01D for V08R31A
I hope someone is still using the F-01D. So here's to you diehards.
After many many failed attempts, i finally managed to get a more permanent root.
Probably others have got this to root, but I havent seen anything come up via searches.
Main stumbling block has been in getting the address of 'ptmx_fops'. Finally got it thro, rootkitXperia_20131207.zip (get_root..this prints but fails in ptrace; ptrace is blocked in f01d)
I have just managed to get a permanent root. The steps maybe little approx. Do verify and let me know. Its non-destructive, so no harm done.
but do at your own risk..and other standard disclaimers apply
Steps:
1. do the temp root as per : http://forum.xda-developers.com/showpost.php?p=33071441&postcount=3
2. get the exploit source from https://github.com/fi01/unlock_security_module
(recursive download)
3. compile the source. this will generate a libs/armeabi/unlock_security_module binary
4. add the following recs to the device_database/device.db
these are kallsyms kern func addresses; most are avail direct from kallsyms, except for ptms_fops.
Code:
sqlite3 device_database/device.db
insert into supported_devices values(187,'F-01D','V08R31A');
insert into device_address values(187,'commit_creds',3221986012);
insert into device_address values(187,'prepare_kernel_cred',3221985196);
insert into device_address values(187,'ptmx_fops',3229222484);
insert into device_address values(187,'remap_pfn_range',3222251308);
insert into device_address values(187,'vmalloc_exec',3222293708);
5. push device.db and unlock_security_module to /data/local/tmp/
6. simply run from /data/local/tmp: ./unlock_security_module as the root obtained temp earlier.
7. after sometime, this will say LSM disabled!!
8. now remount /system as rw. carefully copy su binary to /system/xbin/ (pref use the latest version from SuperSu).
Also copy Superuser.apk to /system/app
>>carefully copy means: chown/chgrp /system/xbin/su to "0"; set perms: chmod 06755 /system/xbin/su.
9. copy busybox from /data/local/tmp to /system/xbin; and install (./busybox --install -s /system/xbin/
10. At this stage, su doesnt seem to work for newer shell connections (must do _su and then su). probably due to the exploit messing up the kernel.
11. reboot. and enjoy your newly permanent rooted status.
12. after reboot, still cannot do system remount as lsm is back to original. rerun the unlock_security_module should disable this.
maybe even move this to /system/xbin/;
But this seems to destabilise the system.
Its not possible to use a lsm disabler ko insmod. the kernel sec mech validates the module with path and hash.
So it has to be: unlock security; do your thing with /system etc., reboot.
(not sure yet if any changes to /system/buid.prop will help)
Do let me know how this works out and point out errors in the steps.
And as luck would have it there is a new ICS release out on 5-Feb.
https://www.nttdocomo.co.jp/support/utilization/product_update/list/f01d/index.html
http://spf.fmworld.net/fujitsu/c/update/nttdocomo/f-01d/update1/top/data/download.html
(F01D_TO_SP_ICS2.zip)
This moves the version to V12R33B.
Do not hazard to update to this, if you want to keep this root. this release probably fixes many of the exploits.
the wifi model seems to have got 4.1..wonder is something will trickle down to f01d.
I have just updated my Prime and I did not have rooted it with ICS. Is possible to root JB without previous rooting?
No. You must back up root using OTA Rootkeeper in order to regain root in JB. There is no known exploit for JB yet.
without restoring root with ota rootkeeper, try http://matthill.eu/mobile/root-trans...lybean-update/ and follow the instructions, follow the links for the files you need
tonesy said:
without restoring root with ota rootkeeper, try http://matthill.eu/mobile/root-trans...lybean-update/ and follow the instructions, follow the links for the files you need
Click to expand...
Click to collapse
lol, must be a joke.... dead link.
I have been actively pursuing this. Without bootloader unlock i dont beleive so.
If you Unlock the Bootloader or already have an Unlocked Bootloader, you can get root.
I haven't seen any exploits posted for the Prime in JB yet, so this may be your only way for now.
hx4700 Killer said:
lol, must be a joke.... dead link.
I have been actively pursuing this. Without bootloader unlock i dont beleive so.
Click to expand...
Click to collapse
He posted a bad link but doesnt work if you have no root access at all. This is just a "regain root if you have partial root" guide:
http://matthill.eu/?s=jelly+bean
Thread moved
Thread moved. This is clearly belonging into Q&A. Please post in correct Sub-Forum.
peace
jotha - forum moderator
Does any one know if one person with development capabilty is trying to find a way to root JB ?
I talked to bin4ry about his root method in hopes of working with him on modifications for the prime but he is telling me his mod is making the change he is exploiting according to what I am seeing but possibly ASUS disabled the emulator mode in this version of the OS. This is what would give you root access via ADB so changes can be made.
I couldnt get out of him what exactly his "restore timing exploit" is but I understand everthing after that
Outside of anything coming up I would say if you must have it now and don't mind voiding your warranty then use the unlocker tool and follow one of many guides on here to do it from an unlocked device.
Perhaps we can turn this thread into, or possibly start a new one about the different things people(devs and/or the technically savy) are finding in the quest for an exploit...
We could start with a list of what is known. Of particular interest would be the differences between the complete stock (me btw), was rooted but lost it, was rooted and kept it, and of course anybody who has managed to root it by messing around but not taken notes along the way.
here's what I have found.
from the PC, creating an adb shell allows me to ls /data/local/tmp/ but from a tablet's terminal emulator (shell?) I cant.
Typing id from both it becomes obvious why
From adb shell I get
Code:
uid=2000(shell) gid=2000(shell) groups=1003(graphics),1004(input),1007(log),1009
(mount),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt)
,3003(inet),3006(net_bw_stats)
from the tablet I get
Code:
uid=10126(u0_a126) gid=10126(u0_a126) groups=1015(sdcard_rw), 1028(sdcard_r),
3003(inet)
I was getting excited last night (burnt the midnight oil) trying what I thought might be a possible exploit with an android supplied command called "run-as". Its limitaions became obvious when I looked at the source code for it. You need an application pakage that is debugable and it cd's to its directory to run the command and a bunch of other things, so I compiled it on C4droid using just the main functions setresuid() and setresgid() but they both failed no matter what value was plugged into them based on UID and GID found here
http://forum.xda-developers.com/showthread.php?t=442557
I have yet to exhaust this avenue. I might be able to create an empty package and sign it as a system app, make it debugable and see what that yeilds but its looking like a convoluted process, espicially considering that run as may not work as intended on prime's JB
PS I want to state that I know precious little about linux and even less about the android layer above it...
Just as an FYI the way bin4rys tool is supposed to work is an exploit in which it makes a symlink to /data/local.prop and injects ro.kernel.qemu=1 in to local.prop then reboots.
This is supposed to put the device in emulator mode and when you connect with adb shell you get a root shell prompt. All the rest is fairly straightforward/standard. Remount file system as RW, install SU and superuser.apk with their permissions set properly in the proper places then break the symlink to local.prop and reboot.
What would help a lot is if someone who is already rooted can make the attempt, set qemu = 1 in the relinked local.prop then adb shell connect to see if you get a root prompt. Trying to confirm that emulator mode is enabled and you get root access as shell to see if this is even worth pursuing.
I would just use the unlocker tool but I am 2 weeks in to ownership of a new unit.
yes I have seen that typing adb root gives the message
Code:
adbd cannot run as root in production builds
it would indeed be interesting to see if changing "qemu" flags it as a non-production build. My sgs is rooted with CM10 nightlies might try toggling the value on that and see what adb says
Run-as
abazz said:
I was getting excited last night (burnt the midnight oil) trying what I thought might be a possible exploit with an android supplied command called "run-as". Its limitaions became obvious when I looked at the source code for it. You need an application pakage that is debugable and it cd's to its directory to run the command and a bunch of other things, so I compiled it on C4droid using just the main functions setresuid() and setresgid() but they both failed no matter what value was plugged into them based on UID and GID found here
http://forum.xda-developers.com/showthread.php?t=442557
Click to expand...
Click to collapse
Yes. I noticed the permissions on that file as well. I'm not an android person, so I don't know how that end works, but the permissions do look correct (setuid root, and runnable as group shell [which we get via adb, but not locally on terminal].
Based on the little bit that I have read, it seems that it may be getting the permissions assigned to the apk and running the command line with those permissions.
If that is correct, then running it via something with c4droid probably won't work, as it's permissions are whatever group it (c4droid?) was assigned at install.
So, how do does one / can one specify that the package is supposed to be root (uid 0). I'd guess (from a standard UNIX security perspective) that you can't just push arbitrary apps to the machine with 'run me as root' permissions. Otherwise, this would be a completely non-issue. But, is there a package which is pre-installed that we can exploit the permissions of to do this? I don't know yet.
Also, if my readings / assumptions were correct above, we probably don't want to do a setreuid(), but rather call bash/busybox as the 'command' issued in the name of the apk (since it would then run as root, or the uid of the package). Either that, or a system command(s) to chown/chmod the su binary that we can upload via adb (but which comes in as shell.shell).
Did you find the source for run-as somewhere? It would be interesting to look at to see if such a thing is possible. Failing that, it would be interesting to see if there were any sorts of buffer overflows that could be run against it. I've never tried such on arm7, but I've done it under UNIX on x86 and Sparc.
Thanks
Schemm
elschemm said:
Yes. I noticed the permissions on that file as well. I'm not an android person, so I don't know how that end works, but the permissions do look correct (setuid root, and runnable as group shell [which we get via adb, but not locally on terminal].
Based on the little bit that I have read, it seems that it may be getting the permissions assigned to the apk and running the command line with those permissions.
If that is correct, then running it via something with c4droid probably won't work, as it's permissions are whatever group it (c4droid?) was assigned at install.
Click to expand...
Click to collapse
Yes you are correct. setresuid() function will not give you permissions greater than the process its running in
So, how do does one / can one specify that the package is supposed to be root (uid 0). I'd guess (from a standard UNIX security perspective) that you can't just push arbitrary apps to the machine with 'run me as root' permissions. Otherwise, this would be a completely non-issue. But, is there a package which is pre-installed that we can exploit the permissions of to do this? I don't know yet.
Click to expand...
Click to collapse
Its worse than that, the package also has to be debuggable
There is some info out there on how to sing a package with the appropriate system permissions so it would be interesting to actually do this and see what, if anything can be done.
I downloaded the asus unlock package and passed it through the apk tool to see what it does, as it obviously would need root access. As root access is all i require the code it shows is irrelevant really, its the fact that it gains root access with its signature and also the uid that is set in the manifest android.sharedUserID="adroid.uid.system". This and, most importantly android.permission.MOUNT_UNMOUNT_FILESYSTEMS. WIthoput these things we cant change anything in the directories we need
Also, if my readings / assumptions were correct above, we probably don't want to do a setreuid(), but rather call bash/busybox as the 'command' issued in the name of the apk (since it would then run as root, or the uid of the package). Either that, or a system command(s) to chown/chmod the su binary that we can upload via adb (but which comes in as shell.shell).
Click to expand...
Click to collapse
Yes thats what we would do from the run-as command. What I was attempting to see was if I could get a root uid by creating a c program that uses the setresuid() function call thereby bypassing the need to have an appropriate package installed. As it didn't work I'm having dounts whether it would work even if the right package was there. run-as did make reference to package.h which I haven't looked at, so unless there are some system parameters that package.c extracts from the apk I dont really see how this will work...
Did you find the source for run-as somewhere? It would be interesting to look at to see if such a thing is possible. Failing that, it would be interesting to see if there were any sorts of buffer overflows that could be run against it. I've never tried such on arm7, but I've done it under UNIX on x86 and Sparc.
Thanks
Schemm
Click to expand...
Click to collapse
Yeah found the source here
I also searched for linux exploits, there are massive lists of them, most of them patched by now but I assume the linux base in JB would be somewhat different to whats getting around on X86 systems
On anather note I have tried bin4ry's "root many" method , using the restore timing exploit but had no luck.
HX... I looked through the scripts and all the misc files in bin4ry's zip package and could not find anything remotely indicating an injection of the qemu value. It make a symbolic link to the build.prop in com.android.settings...../file99, which was succesfull after pressing restore but thats about it. perhaps I should fire up ubuntu and try the linux script instead of the windows .bat file
Interestingly, this guys root method for the Razr M makes use of Run-as if you look at the batch file.
He is essentially doing a "fake package" install then runs an exe that is some sort of exploit. Finally he uses run-as against what I have to assume is the bug report feature of the droid and asks you to trigger a bug report with a button sequence.
So it seems he is getting something that has root privileges (bug report) to do something that grants SU and also implimenting run-as
http://forum.xda-developers.com/showthread.php?p=32889627#post32889627
I fear that remained a few developers interested in finding a way to root transformer prime with jelly bean, because all of them had tablet already rooted with ics and managed in mantaining rooting across upgrade.