Firstly a big thank you macexplorer who again found the relevant links amongst much Japanese.
See the original thread on rooting the F-01D:
http://forum.xda-developers.com/showthread.php?t=1611484
Following are quick instructions on how to upgrade the device to ICS. All your data will remain intact, but the /system partition is completely wiped.
NB: YOU WILL LOSE ROOT IF YOU FOLLOW THESE INSTRUCTIONS. YOU WILL NOT GET ROOT BACK.
To be clear, at the present moment in time, you need to CHOOSE BETWEEN ICS OR ROOT, you can't have both. The official upgrade below completely reflashes the system partition, so tools like OTA RootKeeper will not help you. The new release is more secure than ever and at current we don't know a new way to get root. If anyone finds any new information, please speak up
DISCLAIMER: Following these instructions might brick your device, void your warranty, etc. This is unlikely since you're basically installing an official update, but to be clear, I disclaim any and all responsibility for any (permanent) damage that might be caused by these instructions. DO AT YOUR OWN RISK.
The original instructions are here (or see in Google Translate)
http://spf.fmworld.net/fujitsu/c/update/nttdocomo/f-01d/update1/top/index.html
My instructions are slightly different, aimed at more advanced users, and serves the file direct from my server (I found the original server quite picky in terms of refer and user agent, and also slow. I'm also serving the unzipped version, since compression was 0% anyways).
PRE-REQUISITES
At least 50% battery (ideally more in case things go wrong...).
Settings -> About, make sure Android version is 3.2, and Build number is either V28R43A (as recommended on the official page) or V19R36D (what I had; it worked for me but YMMV).
Settings -> Storage, at least 1.5 GB free in "Built in storage" (try installing first to external SD card and let me know if it works.. it's a lot safer).
ICS UPGRADE FOR F-01D
Download F01D_TO_SP_ICS1.enc and put it in /sdcard (md5sum: 2014d0254568a4ef955b21476012a9b5)
Boot into recovery (power off, hold down both volume keys and power up), select "update firmware" and press the power button agin.
Pay attention... the first time I tried this, it rebooted back in to recovery part way.... if this happens, just repeat step 2 above and make sure the progress bar completes all the way.
After this, it will reboot a few times, don't worry. Boot 1 will do the "optimizing android apps" screen, Boot 2 will be "upgrading calendar, contacts, etc..." and Boot 3 will say "finishing upgrade" and let you use the system.
If anyone has any leads on re-rooting the device, speak up. From my initial observations security is tighter than ever, so this might be a problem... but there are clever people out there
Regarding root
No leads for now. We can create /data/local.prop using the ICS/JB restore technique, but unfortunately the new firmware is completely ignoring either this file or the ro.kernel.qemu property.
If I understood the google translated Japanese correctly, this guy got to the same conclusion, and is now looking for other solutions. I wish him luck because after spending the day on this I have to get back to my real work
http://blog.huhka.com/2012/09/arrows-tab-lte-f-01d-icsshell-root.html
Temporary Root
This link in xda works to get a temporary root:
http://forum.xda-developers.com/showthread.php?t=1886310
i think to get permanent root, need the lsm_disabler.ko for ICS kernel.
Update:
ICS kernel has blocked loading kernel modules; so cannot insmod a custom kernel.
so cannot remount /system, and cannot get permanent root..
shame on the dandroids..
Post upgrade restart errors?
Hi, slightly off-topic but related - has anyone had issues after upgrading with google maps? Whenever I start google maps it will hang and then restart my tablet.
Essentially google maps is now unusable which is very annoying. Please let me know if anyone has experienced this too and if so if they have a solution to the problem.
Many thanks in advance!
I lost boot after upgrade the device to ICS :crying:
anyone help me repaid boot
Thanks:laugh:
longdau12 said:
I lost boot after upgrade the device to ICS :crying:
anyone help me repaid boot
Thanks:laugh:
Click to expand...
Click to collapse
Help me :crying:
macexplorer said:
This link in xda works to get a temporary root:
http://forum.xda-developers.com/showthread.php?t=1886310
i think to get permanent root, need the lsm_disabler.ko for ICS kernel.
Update:
ICS kernel has blocked loading kernel modules; so cannot insmod a custom kernel.
so cannot remount /system, and cannot get permanent root..
Click to expand...
Click to collapse
FINALLY..ROOT on F-01D for V08R31A
I hope someone is still using the F-01D. So here's to you diehards.
After many many failed attempts, i finally managed to get a more permanent root.
Probably others have got this to root, but I havent seen anything come up via searches.
Main stumbling block has been in getting the address of 'ptmx_fops'. Finally got it thro, rootkitXperia_20131207.zip (get_root..this prints but fails in ptrace; ptrace is blocked in f01d)
I have just managed to get a permanent root. The steps maybe little approx. Do verify and let me know. Its non-destructive, so no harm done.
but do at your own risk..and other standard disclaimers apply
Steps:
1. do the temp root as per : http://forum.xda-developers.com/showpost.php?p=33071441&postcount=3
2. get the exploit source from https://github.com/fi01/unlock_security_module
(recursive download)
3. compile the source. this will generate a libs/armeabi/unlock_security_module binary
4. add the following recs to the device_database/device.db
these are kallsyms kern func addresses; most are avail direct from kallsyms, except for ptms_fops.
Code:
sqlite3 device_database/device.db
insert into supported_devices values(187,'F-01D','V08R31A');
insert into device_address values(187,'commit_creds',3221986012);
insert into device_address values(187,'prepare_kernel_cred',3221985196);
insert into device_address values(187,'ptmx_fops',3229222484);
insert into device_address values(187,'remap_pfn_range',3222251308);
insert into device_address values(187,'vmalloc_exec',3222293708);
5. push device.db and unlock_security_module to /data/local/tmp/
6. simply run from /data/local/tmp: ./unlock_security_module as the root obtained temp earlier.
7. after sometime, this will say LSM disabled!!
8. now remount /system as rw. carefully copy su binary to /system/xbin/ (pref use the latest version from SuperSu).
Also copy Superuser.apk to /system/app
>>carefully copy means: chown/chgrp /system/xbin/su to "0"; set perms: chmod 06755 /system/xbin/su.
9. copy busybox from /data/local/tmp to /system/xbin; and install (./busybox --install -s /system/xbin/
10. At this stage, su doesnt seem to work for newer shell connections (must do _su and then su). probably due to the exploit messing up the kernel.
11. reboot. and enjoy your newly permanent rooted status.
12. after reboot, still cannot do system remount as lsm is back to original. rerun the unlock_security_module should disable this.
maybe even move this to /system/xbin/;
But this seems to destabilise the system.
Its not possible to use a lsm disabler ko insmod. the kernel sec mech validates the module with path and hash.
So it has to be: unlock security; do your thing with /system etc., reboot.
(not sure yet if any changes to /system/buid.prop will help)
Do let me know how this works out and point out errors in the steps.
And as luck would have it there is a new ICS release out on 5-Feb.
https://www.nttdocomo.co.jp/support/utilization/product_update/list/f01d/index.html
http://spf.fmworld.net/fujitsu/c/update/nttdocomo/f-01d/update1/top/data/download.html
(F01D_TO_SP_ICS2.zip)
This moves the version to V12R33B.
Do not hazard to update to this, if you want to keep this root. this release probably fixes many of the exploits.
the wifi model seems to have got 4.1..wonder is something will trickle down to f01d.
Related
Hello everyone!
You may or may not know me, however I have secretly been working behind the scenes with ChiefzReloaded to learn how Android works. Together we have been trying to develop new ways to root the Slide, primarily because we both landed in a sticky situation that left us both without root and without a way to revert to root.
After many long hours of trying to restore my phone, I have now ported the exploid exploit to the MyTouch Slide! This means that you can gain root on any version of the Slide, INCLUDING the latest OTA! However, this isn't necessarily "easy" as in the One-Click Root program, but there are reasons for this. While Android is running we cannot write to /system and even if we force Linux to let us, the NAND protection will prevent Linux from completing the write!
To get started, please see the bottom of this post for the link and download it. You will want to download it to your computer and not your phone's SD card. Also, you will need the tools from the Android SDK. I would suggest extracting the file from my zip at the bottom of this page into the Android SDK's tools directory.
Extract the zip
Make sure your phone is in USB debugging mode AND you are in "Charge Only" mode.
Connect your phone to your computer.
Make sure you're in the same directory as where exploid is extracted before continuing to the next step.
Issue the following command: adb push exploid /sqlite_stmt_journals. Note: It MUST be in that directory - NO exceptions.
Run: adb shell
Run: cd /sqlite_stmt_journals
Run: chmod 0755 exploid
Run: ./exploid
Toggle your phone's Wifi (on or off, however you wish to do that).
Now (again) run: ./exploid (if prompted for a password enter: secretlol)
The next line should now begin with a pound (#) - if not, then something isn't setup right. Make sure to follow the directions verbatim. If you suspect you did follow them correctly, please reply to this post letting me know.
You should now be root! At this point you can do many things, but if you're looking to flash a custom ROM, continue to these instructions:
[NEW 10/18/2010:]
Steps 1-12 are intended to get you the ability to flash mtd0.img (which previously required using the SimpleRoot method) by gaining root inside of Android. By following the instructions in the rest of this section, it will allow you to flash a ROM or S-OFF your device:
The files you need are at: http://forum.xda-developers.com/showthread.php?t=703076- download both files linked in there (ESPRIMG.zip and SlideEng-package.zip)
Extract the contents of SlideEng-package.zip to a place of your choosing on your computer.
Place the entire (unextracted) ESPRIMG.zip on your SDcard.
Now push the files 'flash_image' and 'mtd0.img' that you just extracted from SlideEng-package.zip to /data/local using 'adb push'. (Noob? Instead of using 'adb push', install Droid Explorer and, using that utility, copy the 'flash_image' and 'mtd0.img' files to /data/local on your Slide)
Now I'm going to assume your phone is at root prompt (#) using steps 1-12. So now do (without typing the '#' symbols in front of both lines - they're just there to remind you that you need to be at a '#' prompt):
Code:
# cd /data/local
# chmod 04755 flash_image
# ./flash_image misc mtd0.img
Before you reboot make sure that the ESPRIMG.zip is on your SDcard!
Now turn off the phone.
Then press Volume-Down + Power.
The phone will power on and after about 5 minutes of verifying ESPRIMG.zip it will ask you if you want to flash it.
Press Volume-Up for 'YES' and wait until it finishes (ABSOLUTELY DO NOT POWER DOWN WHILE IT'S STILL FLASHING!!!).
Now when you go into recovery it should allow you to 'Apply update.zip from sdcard' (booting into Clockwork). If you don't have the Clockwork update.zip, here it is: http://www.4shared.com/file/OTRU7T3y/update_2.html (rename to update.zip after downloading since it's currently update_2.zip, then place it on your sdcard).
[/NEW 10/18/2010]
[NEW 12/30/2010]
Optional: Now that you're rooted you might want to disable all flash memory protections so you can permanently flash Clockworkmod (recovery - no more using an update.zip!) as well as other random things. Check here for details: http://forum.xda-developers.com/showthread.php?t=798168
[/NEW 12/30/2010]
CREDIT GOES TO:
[*] ChiefzReloaded! (For helping me learn the intricacies of Android and patiently answering all of my questions)
[*] 743C (For developing the original exploit)
Source code: (Yes, it's hackish. I was just trying to figure out why the system kept rebooting and haven't cleaned up the code since) download
DOWNLOAD:
http://www.4shared.com/file/CZsxSq-f/exploid.html
DONATE:
(Anything helps!)
(Some people may wonder why this is special compared to the One Click Root application. What's important is that One Click Root doesn't work on Slides running production/retail software, likely the same problem I had to fix to get exploid to work in my version.)
Thats whats up!!
If you be trollin then YOU BES TRAWLLIN
But if not then good job nb!
Sent from my T-Mobile myTouch 3G Slide using XDA App
Can you provide the source? No offense, but I tend not to run homebrew C programs that I didn't compile myself.
Thanks for all the work!
falken98 said:
Can you provide the source? No offense, but I tend not to run homebrew C programs that I didn't compile myself.
Thanks for all the work!
Click to expand...
Click to collapse
Sure, I was getting around to that - and I understand your concern. I'll post it in a second.
falken98 said:
Can you provide the source? No offense, but I tend not to run homebrew C programs that I didn't compile myself.
Thanks for all the work!
Click to expand...
Click to collapse
You think nb is distributing a virus disguised as a root method?
Waaaaaat
Sent from my T-Mobile myTouch 3G Slide using XDA App
r0man said:
You think nb is distributing a virus disguised as a root method?
Waaaaaat
Click to expand...
Click to collapse
It is a bit funny, but I do understand his concern. I've posted the source code into the original post. Compiling it should result in the same hash as the binary I posted.
Good to see this I suggested this in another thread glad to see it in use thanks a bunch
nbetcher said:
It is a bit funny, but I do understand his concern. I've posted the source code into the original post. Compiling it should result in the same hash as the binary I posted.
Click to expand...
Click to collapse
Ill take a look at it when I get home.
ilostchild said:
Good to see this I suggested this in another thread glad to see it in use thanks a bunch
Click to expand...
Click to collapse
I actually had to do a lot of work on it. It doesn't quite work the same as the original exploid simply because the original exploid crashes the entire system and reboots. This causes the rootshell to never be committed to NAND and thus you get no where. I had to keep playing with things until I found a different method that works. It took several hours of me being upset with it, but watched the latest Burn Notice, came back to it, and BAM I had a stroke of genius.
where is rootshell? i can't exicute rootshell nor can i "cp" any files from sdcard however i do have a # instead of a $
Armyjon88 said:
where is rootshell? i can't exicute rootshell nor can i "cp" any files from sdcard however i do have a # instead of a $
Click to expand...
Click to collapse
Ignore that portion of the instructions provided by the program. As I stated, this is not intended for non-developers at this point. The # is your indication that you're running as root.
I am headed to work, but I don't usually have much going on there - I will be setting up a much cleaner system/environment for non-developers to work with and perma-root their phones with over the next few hours. Stay tuned!
Sweet
Sent from my T-Mobile myTouch 3G Slide using XDA App
having # and running as root as stated before u can actually follow with eng and then custom recovery and ur choice's rom..pls correct me if im wrong..thanx
statuzz said:
having # and running as root as stated before u can actually follow with eng and then custom recovery and ur choice's rom..pls correct me if im wrong..thanx
Click to expand...
Click to collapse
i'm also wondering the same thing, because i got the exploid working, and i have the # in the shell, but when i go to follow the instructions to flash the eng-release, i can't cd to any different dirs, nor can i push any files to the phone. i have the ESPRIMG.zip copied to my sdcard, so could i just reboot into recovery and flash the nbh from there? any help is appreciated.
nbetcher said:
Ignore that portion of the instructions provided by the program. As I stated, this is not intended for non-developers at this point. The # is your indication that you're running as root.
I am headed to work, but I don't usually have much going on there - I will be setting up a much cleaner system/environment for non-developers to work with and perma-root their phones with over the next few hours. Stay tuned!
Click to expand...
Click to collapse
Let me know if you want to work together on some kind of one-click root app for the Slide. If the commands work through the terminal on the phone itself rather than via adb, I could probably make this into an app already, but since you're working on a more non-developer-friendly version, I'll just wait until that's out
televate said:
i'm also wondering the same thing, because i got the exploid working, and i have the # in the shell, but when i go to follow the instructions to flash the eng-release, i can't cd to any different dirs, nor can i push any files to the phone. i have the ESPRIMG.zip copied to my sdcard, so could i just reboot into recovery and flash the nbh from there? any help is appreciated.
Click to expand...
Click to collapse
I'm delaying the release of my non-developer program for another couple hours.
As far as what you said above, all you need to do after gaining the # prompt is (in a separate window):
adb push flash_image /data/local
adb push mtd0.img /data/local
(switch back to your # adb shell, then type
cd /data/local
chmod 04755 flash_image
./flash_image misc mtd0.img
Then reboot and apply the ESPRIMG.zip. All of these files are found on the same post that I referenced in my OP. These instructions are all in that same page.
televate said:
i'm also wondering the same thing, because i got the exploid working, and i have the # in the shell, but when i go to follow the instructions to flash the eng-release, i can't cd to any different dirs, nor can i push any files to the phone. i have the ESPRIMG.zip copied to my sdcard, so could i just reboot into recovery and flash the nbh from there? any help is appreciated.
Click to expand...
Click to collapse
Im also stuck since im not sure if you can update to eng from the ota..But first i want to personally thank the OP & CR for providing this.
This would be great for a One Click method
this would be nice to work into a one click root!
And This did work for me!
Does this root method gets /system moumted when android running?In short do we finaly get metamorph and root explorer working?
Device: Verizon Samsung Fascinate
Model: SCH-I500
Hardware verison I500.04
Firmware verison: 2.2.2
Baseband verison S:i500.04 V.ED05
Kernel verison 2.5.32.9
Build number SCH-I500.ED05
Background:
I am a simple root user who does not whish to flash any ROMs or custom mods. I just want root access to the phone. Until ED05, the SuperOneClick tool has done for the job for me every time. Verizon was kind enough to force ED05 down to me even though I declined it a about 5 days ago. I woke a couple days ago to my apps stating that root was not working. Boy was I pleased! Anyway, I promptly grabbed the lastest verison of SuperOneClick and fired it off and it said I was already rooted and asked I wanted to do it anway so I said sure, make it so Number One. But even after rerunning the root without errors, and rebooting multiple times, the applications don't think I'm rooted and the unroot process hangs when I try that. Since root is not working, I cannot take a backup via my Titanium Backup and I've never been able to use any of the CW stuff to take a backup image prior to flashing thanks to the nerfing of that process. I don't not want to lose any of my app data or SD card data in the process of rerooting and I want to be in a state that allows for very quick and easy "cleanup" of the phone in case I need to return it. I'm very nervous about trying any of the ODIN methods and losing my data or bricking the phone. Can someone please provide some detailed instructions on what the best steps are to meet my requirements?
Requirements:
1) No loss of current app data or SD card data.
2) Very low risk procedure
3) Simple procedure
4) Phone is a state that allows for quick and easy reversion to "clean" state without having to restore data from backups.
5) No custom mods/ROMs - official verizon releases preferred with Titanium Backup used to "freeze" unwanted bloatware.
ashesofthefall said:
Device: Verizon Samsung Fascinate
Model: SCH-I500
Hardware verison I500.04
Firmware verison: 2.2.2
Baseband verison S:i500.04 V.ED05
Kernel verison 2.5.32.9
Build number SCH-I500.ED05
Background:
I am a simple root user who does not whish to flash any ROMs or custom mods. I just want root access to the phone. Until ED05, the SuperOneClick tool has done for the job for me every time. Verizon was kind enough to force ED05 down to me even though I declined it a about 5 days ago. I woke a couple days ago to my apps stating that root was not working. Boy was I pleased! Anyway, I promptly grabbed the lastest verison of SuperOneClick and fired it off and it said I was already rooted and asked I wanted to do it anway so I said sure, make it so Number One. But even after rerunning the root without errors, and rebooting multiple times, the applications don't think I'm rooted and the unroot process hangs when I try that. Since root is not working, I cannot take a backup via my Titanium Backup and I've never been able to use any of the CW stuff to take a backup image prior to flashing thanks to the nerfing of that process. I don't not want to lose any of my app data or SD card data in the process of rerooting and I want to be in a state that allows for very quick and easy "cleanup" of the phone in case I need to return it. I'm very nervous about trying any of the ODIN methods and losing my data or bricking the phone. Can someone please provide some detailed instructions on what the best steps are to meet my requirements?
Requirements:
1) No loss of current app data or SD card data.
2) Very low risk procedure
3) Simple procedure
4) Phone is a state that allows for quick and easy reversion to "clean" state without having to restore data from backups.
5) No custom mods/ROMs - official verizon releases preferred with Titanium Backup used to "freeze" unwanted bloatware.
Click to expand...
Click to collapse
You can try this. http://forum.xda-developers.com/showthread.php?t=1045048 (Ignore that it says MOD, it only installs root )
(Sorry, this uses Odin, but I find it the easiest way, if your not sure then post and I'll try to answer your question, and it only installs root. Apps like SuperOneClick no longer work correctly).
Get Odin, the Samsung Drivers for SCH-I500, and this recovery: http://www.mediafire.com/?6x5utoca59et7o9. Put the su.zip on your SD card.
Install the Samsung Drivers. Power off the phone, remove the battery, plug in your phone into your computer while holding the volume down button and use Odin to install the CWM Recovery (click the PDA button and select the CWM recovery all.tar, then hit start). Once that is done, replace the battery, boot your phone by holding down power, volume down and up at the same time. Your phone will boot into CWM. Install the su.zip in CWM and reboot the phone. The kernel will remove CWM at boot so there will be no sign of it but after that your root should come back.
It worked fine for me.
That did work, thank you. I still don't quite understand what all the different pit, recovery, zip and tar files do and what exactly happens when you use the different files with Odin. Can you point to me to a "Odin and CWR for Dummies" or something that lays all this out in simple terms? I've read through the master rooting and recovery threads a few times but I still don't grasp exactly what the different pieces do and what they overwrite and when. For example, how would I go about quickly removing the root stuff from my phone now without losing all my settings and data?
It worked for me fine the other day also. And yes I was on Ed05
Sent from my SCH-I500 using Tapatalk
I was able to root 2 updates ago with SOC but just got around to re rooting after ED05 installed.
Didn't work...most annoying. lol
Checking with Root Checker and I get the following output.
Root Access is not properly configured or was not granted.
Superuser.apk - com.noshufou.android.su - version 2.3.6.1 - Added clear log to menu in log tab, More languages, Bugfixes is installed!
Standard su binary location: ls -l /system/bin/su:
-rwxr-xr-x root shell 26264 2010-10-16 22:04 su
Standard su binary location: ls -l /system/xbin/su:
-rwsr-sr-x root shell 26264 2011-08-15 18:46 su
Alternate su binary location: ls -l /sbin/su:
/sbin/su: No such file or directory
SU binary not found or not operating properly
Any help?
jiminigrist said:
I was able to root 2 updates ago with SOC but just got around to re rooting after ED05 installed.
Didn't work...most annoying. lol
Checking with Root Checker and I get the following output.
Root Access is not properly configured or was not granted.
Superuser.apk - com.noshufou.android.su - version 2.3.6.1 - Added clear log to menu in log tab, More languages, Bugfixes is installed!
Standard su binary location: ls -l /system/bin/su:
-rwxr-xr-x root shell 26264 2010-10-16 22:04 su
Standard su binary location: ls -l /system/xbin/su:
-rwsr-sr-x root shell 26264 2011-08-15 18:46 su
Alternate su binary location: ls -l /sbin/su:
/sbin/su: No such file or directory
SU binary not found or not operating properly
Any help?
Click to expand...
Click to collapse
The easiest way to root would be to use ODIN and flash CWM (via PDA, always)..
Then go into CWM then install the SuperUser+BusyBox.zip
I have 2.2.2 as well and the latest superoneclick did not work, but the old 1.5.5 version did work.
hey, hmm, i am new at this forum but i been rooting phones for a long time, well to make the story short, i have a samsung fascinate and i updated it to GB well after the update everything was working fine now that i want to install custom rom, or cw, trying to use odin, my computer won't recognize my phone, i installed the driver and everything but when i plug in my phone i and try to put it on download mode it shows a USB error, please can someone help i have search everywhere and can't find a solution,,, thanks thou,
Today i tried to root my sgs2 applying liquidperfections method (odin & s2-root). I followed all the steps, but after flashing the secured kernel (step 11), it looks i don't have root access. SU is installed but does not react. Rootxplorer fails and Titanium backup also...
What happened? What do i do now?
Download this and flash via cwm problem will be solved
No custom count as well as no triangle
http://www.4shared.com/zip/IA_mpMSo/SU-Busybox-Installer-1.html
Cheers
Sent from my GT-I9100 using Tapatalk 2
rjsmer said:
flash via cwm problem will be solved
Click to expand...
Click to collapse
OP specifically mentioned he flashed an original kernel, therefore no CWM recovery.
@OP, I don't know why you're having that specific problem, but why not just do what most do and flash a CF-root kernel? One step instead of 11.
Re: No proper root?
Thanks for replying, but I'm pretty confused now...
I'm new to all this, and the only thing I want at the moment is rootaccess; then I'll check and learn, step by step about roms etc. - well, that was the idea.
Becaus SU and Root Exlorer were acting strange and Titanium Backup said I nedded root, I installed free app 'root checker' which says that "the device is not properly rooted" (not properly, that kind of says it is rooted, but not how it should... right??)
Another Senior member pm'd me today about it and says he will help me;
rjsmer tells me to install an apk
and oinkylicious, u, that's what I suppose, are telling me not to install that apk, becaus I have a original kernel again...
So, is there any1 that can tell me what to do exactly;
I don't have any preference for 1 specific method, but I'd like a method that is easy and not too risky...
Oinky was correct, assuming you have an I9100/T (check the sticker under the battery), CFRoot is simple & will install CWM by default which will enable you to to flash roms/kernels, backup & restore easily (among other things).
However, what you really should not do is rush it or take shortcuts. Rushing & taking shortcuts leads to borked phones & you having to pay to have said borked phone repaired/replaced.
Read the first page of the CFRoot thread thoroughly, and follow the instructions to the letter. Pay particular attention to the section a 3rd of the way down the page in bold red that says "Help ! Which file do I use". Read this bit thoroughly & understand it. If you do & then come back to this thread & ask "Hlap ! What kernel do I use ?", that means you haven't read/understood it properly & you're probably at risk of bricking your phone.
Edit - You want a method of rooting your phone that isn't risky ? There isn't one. Flashing stuff to your phone always entails (a normally very small) risk you'll brick your phone. That risk increases exponentially with how poorly you understand what it is you're doing to your phone (gets back to the no rushing/no shortcuts, following instructions & understanding what you're doing I mentioned above).
Narcotrix said:
Thanks for replying, but I'm pretty confused now...
I'm new to all this, and the only thing I want at the moment is rootaccess; then I'll check and learn, step by step about roms etc. - well, that was the idea.
Becaus SU and Root Exlorer were acting strange and Titanium Backup said I nedded root, I installed free app 'root checker' which says that "the device is not properly rooted" (not properly, that kind of says it is rooted, but not how it should... right??)
Another Senior member pm'd me today about it and says he will help me;
rjsmer tells me to install an apk
and oinkylicious, u, that's what I suppose, are telling me not to install that apk, becaus I have a original kernel again...
So, is there any1 that can tell me what to do exactly;
I don't have any preference for 1 specific method, but I'd like a method that is easy and not too risky...
Click to expand...
Click to collapse
What I would do is
1. Flash stock firmware
2. Flash insecure kernel (CF-Root)
3. Check for root
Root will be there and just a case of progressing to custom roms etc
No proper Root
OK, thanks for the info
I don't want to rush anything, and I did inform me well. But for what I understand, is that I did everything alright yesterday, except re-flashing the stock/secured kernel (an optional step...)
Basically, if I apply the CF-Root method, I'll have a unsecured kernel?
So, what do I do now ?
Completely reset my phone, and apply CF-root ?
I think reset, because I have SU on my ophone now...
- Do I reset the gs2 or leave it & apply CF-Root?
- What is strange is that no one can tell me why this happened or what the problem is exactly ?
CF-Root
MistahBungle said:
Oinky was correct, assuming you have an I9100/T (check the sticker under the battery), CFRoot is simple & will install CWM by default which will enable you to to flash roms/kernels, backup & restore easily (among other things).
However, what you really should not do is rush it or take shortcuts. Rushing & taking shortcuts leads to borked phones & you having to pay to have said borked phone repaired/replaced.
Read the first page of the CFRoot thread thoroughly, and follow the instructions to the letter. Pay particular attention to the section a 3rd of the way down the page in bold red that says "Help ! Which file do I use". Read this bit thoroughly & understand it. If you do & then come back to this thread & ask "Hlap ! What kernel do I use ?", that means you haven't read/understood it properly & you're probably at risk of bricking your phone.
Edit - You want a method of rooting your phone that isn't risky ? There isn't one. Flashing stuff to your phone always entails (a normally very small) risk you'll brick your phone. That risk increases exponentially with how poorly you understand what it is you're doing to your phone (gets back to the no rushing/no shortcuts, following instructions & understanding what you're doing I mentioned above).
Click to expand...
Click to collapse
Actually, my phone is a GT-I9100, no letter at the end...
And, I do know that flashing is risky, and I agree that it the less I know, the more it becomes risky, but, hey, I'm willing to understand and learn...
Anyway, my other contact send me this to flash ? What do you think ?
CF-Root-SGS2_XX_OXA_LPS-v5.4-CWM5
That does not match my current firmware (XWLP4), does it ?
So, I did read page 1 of Chainfire's thread, and I think I have to go for the CF-Root-SGS2_XW_O2U_LP3-v5.4-CWM5 one...
So, once my phone is flashed with this one, what are the possibilities / opportunities, except installing apps that require root ?
Are there any guides or threads to introduce new people to this ?
I have no idea if the LPS kernel your 'contact' sent you will work or not. At worst your phone won't boot (you'll still be able to get into download mode & flash something else). As to what kernel you should use, all the info you need is in that section 'Help ! Which file do I use ?' which is why I drew attention to it. If you're apprehensive or unsure of what you're doing, don't until you are sure.
What are the possibilities/opportunities once you've rooted your phone ? Basically it gives you control over your phone. You can freeze or uninstall apps that carriers/Samsung have put on the phone for starters. And obviously if you use CFRoot to root your phone, you'll have CWM installed which makes flashing roms/kernels, backing up & restoring really easy (among other things).
As I said in another thread all of 5 minutes ago, I very much recommend you read the Stickies, just about everything you could ever want to know is in those threads. You just have to read & learn.
Edit - Re: your question 'What is strange is that no one can tell me why this happened or what the problem is exactly ?' in your earlier post, the reason for this (root failing) is we don't know. We're not there with you to know exactly what you did/didn't do, and besides, the method you used isn't from this site.
Well, thx a lot for tips and explicarions!
I'm still informing myself...
I'd go 4 cf-root, but still hesitating becoz my device looks "semi"-rooted, but is that possible? Some apps are 'seeing' root, but can't have access to it...
Oh and the method i did use initially comes from this forum, really. Thread by user LiquidPerfection...
Sent from my GT-I9100 using xda app-developers app
Edit:
These are the results of the root checker-tool. Can some1 please explain or tell me what to do mow? Thank u
Superuser Application Status:
Superuser application - version 3.1.3 -is installed!
System File Properties for Root Access:
Alternative Location
Check Command: ls -l /sbin/su:
Result: /sbin/su: No such file or directory
Analysis: File /sbin/su does not exist.
Standard Location
Check Command: ls -l /system/bin/su:
Result: /system/bin/su: No such file or directory
Analysis: File /system/bin/su does not exist.
Standard Location
Check Command: ls -l /system/xbin/su:
Result: -rwsr-xr-x root shell 22228 2011-09-27 23:12 su
Analysis: Setuid attribute present and root user ownership present. Root access is correctly configured for this file! Executing this file can grant root access!
Alternative Location
Check Command: ls -l /system/xbin/sudo:
Result: /system/xbin/sudo: No such file or directory
Analysis: File /system/xbin/sudo does not exist.
Root User ID and Group ID Status:
SU binary not found or not operating properly
System Environment PATH: /sbin /vendor/bin /system/sbin /system/bin /system/xbin
ADB Shell Default User:
ADB shell setting for standard access, stored in default.prop, is configured as: shell (non root) user - ro.secure=1
Results provided on your GT-I9100 device by Root Checker Pro version 1.2.7 from joeykrim in the Android Market - http://goo.gl/NcnHn
I have just updated my Prime and I did not have rooted it with ICS. Is possible to root JB without previous rooting?
No. You must back up root using OTA Rootkeeper in order to regain root in JB. There is no known exploit for JB yet.
without restoring root with ota rootkeeper, try http://matthill.eu/mobile/root-trans...lybean-update/ and follow the instructions, follow the links for the files you need
tonesy said:
without restoring root with ota rootkeeper, try http://matthill.eu/mobile/root-trans...lybean-update/ and follow the instructions, follow the links for the files you need
Click to expand...
Click to collapse
lol, must be a joke.... dead link.
I have been actively pursuing this. Without bootloader unlock i dont beleive so.
If you Unlock the Bootloader or already have an Unlocked Bootloader, you can get root.
I haven't seen any exploits posted for the Prime in JB yet, so this may be your only way for now.
hx4700 Killer said:
lol, must be a joke.... dead link.
I have been actively pursuing this. Without bootloader unlock i dont beleive so.
Click to expand...
Click to collapse
He posted a bad link but doesnt work if you have no root access at all. This is just a "regain root if you have partial root" guide:
http://matthill.eu/?s=jelly+bean
Thread moved
Thread moved. This is clearly belonging into Q&A. Please post in correct Sub-Forum.
peace
jotha - forum moderator
Does any one know if one person with development capabilty is trying to find a way to root JB ?
I talked to bin4ry about his root method in hopes of working with him on modifications for the prime but he is telling me his mod is making the change he is exploiting according to what I am seeing but possibly ASUS disabled the emulator mode in this version of the OS. This is what would give you root access via ADB so changes can be made.
I couldnt get out of him what exactly his "restore timing exploit" is but I understand everthing after that
Outside of anything coming up I would say if you must have it now and don't mind voiding your warranty then use the unlocker tool and follow one of many guides on here to do it from an unlocked device.
Perhaps we can turn this thread into, or possibly start a new one about the different things people(devs and/or the technically savy) are finding in the quest for an exploit...
We could start with a list of what is known. Of particular interest would be the differences between the complete stock (me btw), was rooted but lost it, was rooted and kept it, and of course anybody who has managed to root it by messing around but not taken notes along the way.
here's what I have found.
from the PC, creating an adb shell allows me to ls /data/local/tmp/ but from a tablet's terminal emulator (shell?) I cant.
Typing id from both it becomes obvious why
From adb shell I get
Code:
uid=2000(shell) gid=2000(shell) groups=1003(graphics),1004(input),1007(log),1009
(mount),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt)
,3003(inet),3006(net_bw_stats)
from the tablet I get
Code:
uid=10126(u0_a126) gid=10126(u0_a126) groups=1015(sdcard_rw), 1028(sdcard_r),
3003(inet)
I was getting excited last night (burnt the midnight oil) trying what I thought might be a possible exploit with an android supplied command called "run-as". Its limitaions became obvious when I looked at the source code for it. You need an application pakage that is debugable and it cd's to its directory to run the command and a bunch of other things, so I compiled it on C4droid using just the main functions setresuid() and setresgid() but they both failed no matter what value was plugged into them based on UID and GID found here
http://forum.xda-developers.com/showthread.php?t=442557
I have yet to exhaust this avenue. I might be able to create an empty package and sign it as a system app, make it debugable and see what that yeilds but its looking like a convoluted process, espicially considering that run as may not work as intended on prime's JB
PS I want to state that I know precious little about linux and even less about the android layer above it...
Just as an FYI the way bin4rys tool is supposed to work is an exploit in which it makes a symlink to /data/local.prop and injects ro.kernel.qemu=1 in to local.prop then reboots.
This is supposed to put the device in emulator mode and when you connect with adb shell you get a root shell prompt. All the rest is fairly straightforward/standard. Remount file system as RW, install SU and superuser.apk with their permissions set properly in the proper places then break the symlink to local.prop and reboot.
What would help a lot is if someone who is already rooted can make the attempt, set qemu = 1 in the relinked local.prop then adb shell connect to see if you get a root prompt. Trying to confirm that emulator mode is enabled and you get root access as shell to see if this is even worth pursuing.
I would just use the unlocker tool but I am 2 weeks in to ownership of a new unit.
yes I have seen that typing adb root gives the message
Code:
adbd cannot run as root in production builds
it would indeed be interesting to see if changing "qemu" flags it as a non-production build. My sgs is rooted with CM10 nightlies might try toggling the value on that and see what adb says
Run-as
abazz said:
I was getting excited last night (burnt the midnight oil) trying what I thought might be a possible exploit with an android supplied command called "run-as". Its limitaions became obvious when I looked at the source code for it. You need an application pakage that is debugable and it cd's to its directory to run the command and a bunch of other things, so I compiled it on C4droid using just the main functions setresuid() and setresgid() but they both failed no matter what value was plugged into them based on UID and GID found here
http://forum.xda-developers.com/showthread.php?t=442557
Click to expand...
Click to collapse
Yes. I noticed the permissions on that file as well. I'm not an android person, so I don't know how that end works, but the permissions do look correct (setuid root, and runnable as group shell [which we get via adb, but not locally on terminal].
Based on the little bit that I have read, it seems that it may be getting the permissions assigned to the apk and running the command line with those permissions.
If that is correct, then running it via something with c4droid probably won't work, as it's permissions are whatever group it (c4droid?) was assigned at install.
So, how do does one / can one specify that the package is supposed to be root (uid 0). I'd guess (from a standard UNIX security perspective) that you can't just push arbitrary apps to the machine with 'run me as root' permissions. Otherwise, this would be a completely non-issue. But, is there a package which is pre-installed that we can exploit the permissions of to do this? I don't know yet.
Also, if my readings / assumptions were correct above, we probably don't want to do a setreuid(), but rather call bash/busybox as the 'command' issued in the name of the apk (since it would then run as root, or the uid of the package). Either that, or a system command(s) to chown/chmod the su binary that we can upload via adb (but which comes in as shell.shell).
Did you find the source for run-as somewhere? It would be interesting to look at to see if such a thing is possible. Failing that, it would be interesting to see if there were any sorts of buffer overflows that could be run against it. I've never tried such on arm7, but I've done it under UNIX on x86 and Sparc.
Thanks
Schemm
elschemm said:
Yes. I noticed the permissions on that file as well. I'm not an android person, so I don't know how that end works, but the permissions do look correct (setuid root, and runnable as group shell [which we get via adb, but not locally on terminal].
Based on the little bit that I have read, it seems that it may be getting the permissions assigned to the apk and running the command line with those permissions.
If that is correct, then running it via something with c4droid probably won't work, as it's permissions are whatever group it (c4droid?) was assigned at install.
Click to expand...
Click to collapse
Yes you are correct. setresuid() function will not give you permissions greater than the process its running in
So, how do does one / can one specify that the package is supposed to be root (uid 0). I'd guess (from a standard UNIX security perspective) that you can't just push arbitrary apps to the machine with 'run me as root' permissions. Otherwise, this would be a completely non-issue. But, is there a package which is pre-installed that we can exploit the permissions of to do this? I don't know yet.
Click to expand...
Click to collapse
Its worse than that, the package also has to be debuggable
There is some info out there on how to sing a package with the appropriate system permissions so it would be interesting to actually do this and see what, if anything can be done.
I downloaded the asus unlock package and passed it through the apk tool to see what it does, as it obviously would need root access. As root access is all i require the code it shows is irrelevant really, its the fact that it gains root access with its signature and also the uid that is set in the manifest android.sharedUserID="adroid.uid.system". This and, most importantly android.permission.MOUNT_UNMOUNT_FILESYSTEMS. WIthoput these things we cant change anything in the directories we need
Also, if my readings / assumptions were correct above, we probably don't want to do a setreuid(), but rather call bash/busybox as the 'command' issued in the name of the apk (since it would then run as root, or the uid of the package). Either that, or a system command(s) to chown/chmod the su binary that we can upload via adb (but which comes in as shell.shell).
Click to expand...
Click to collapse
Yes thats what we would do from the run-as command. What I was attempting to see was if I could get a root uid by creating a c program that uses the setresuid() function call thereby bypassing the need to have an appropriate package installed. As it didn't work I'm having dounts whether it would work even if the right package was there. run-as did make reference to package.h which I haven't looked at, so unless there are some system parameters that package.c extracts from the apk I dont really see how this will work...
Did you find the source for run-as somewhere? It would be interesting to look at to see if such a thing is possible. Failing that, it would be interesting to see if there were any sorts of buffer overflows that could be run against it. I've never tried such on arm7, but I've done it under UNIX on x86 and Sparc.
Thanks
Schemm
Click to expand...
Click to collapse
Yeah found the source here
I also searched for linux exploits, there are massive lists of them, most of them patched by now but I assume the linux base in JB would be somewhat different to whats getting around on X86 systems
On anather note I have tried bin4ry's "root many" method , using the restore timing exploit but had no luck.
HX... I looked through the scripts and all the misc files in bin4ry's zip package and could not find anything remotely indicating an injection of the qemu value. It make a symbolic link to the build.prop in com.android.settings...../file99, which was succesfull after pressing restore but thats about it. perhaps I should fire up ubuntu and try the linux script instead of the windows .bat file
Interestingly, this guys root method for the Razr M makes use of Run-as if you look at the batch file.
He is essentially doing a "fake package" install then runs an exe that is some sort of exploit. Finally he uses run-as against what I have to assume is the bug report feature of the droid and asks you to trigger a bug report with a button sequence.
So it seems he is getting something that has root privileges (bug report) to do something that grants SU and also implimenting run-as
http://forum.xda-developers.com/showthread.php?p=32889627#post32889627
I fear that remained a few developers interested in finding a way to root transformer prime with jelly bean, because all of them had tablet already rooted with ics and managed in mantaining rooting across upgrade.
my method here will give you a permanent rooted shell and will give you read-only system root which is useful for using root apps to backup data or freeze system apps--works just like real root without being able to delete system contents--freezing apps however works like a charm and should reduce the need for rw root anyway
FOLLOW DIRECTIONS EXACTLY--I WILL NOT RESPOND TO STUPID QUESTIONS--PROBABLY WON'T RESPOND TO ANY QUESTIONS BECAUSE MY DIRECTIONS ARE PERFECT, WORK PERFECTLY WHEN FOLLOWED, AND ARE EASY TO READ. FOLLOW ALL STEPS EXACTLY. IF IT DIDN'T WORK, IT IS BECAUSE OF YOUR ERROR
This works best from a factory reset device, but will work from a already used device but all other root apps and superuser apps must have their data deleted and be uninstalled first
1) make sure device is at least 50% charged--doesn't matter most of the time; better safe than sorry
install latest superuser apk
http://www.mediafire.com/file/dx854fsys5pvxjh/SuperSU.apk
install dirty cow root apk (croowt) [comes from this post https://forum.xda-developers.com/android/software-hacking/root-tool-dirtycow-apk-adb-t3525120
http://www.mediafire.com/file/1hbey829hc7676a/CRooWt.apk
make sure usb debugging is activated in developer settings and make sure you have accepted the debugging access prompt on the phone for the computer you will use
make sure you have an external sdcard installed--the smaller the better for this first time
2) open dirty cow root apk
choose "get root"
choose "method 1"
hit "ok"
choose "ok"
app will direct you to unmount and remount sdcard, choose "ok" and it will take you to storage settings
unmount sdcard
remount sdcard
when finished proceed to step 3
3) open superuser
do not update su binary
go to settings and make the default action "grant"
remove any and all apps from superuser log including the croowt app
3) THIS MUST BE DONE FROM A REAL TERMINAL ON A PC--TERMINAL EMULATORS WILL NOT WORK FOR THIS STEP
from a working pc with adb setup, preferrably linux, input commands exactly as listed
adb shell
su
setprop persist.sys.k P816A06
reboot
5) once rebooted, open dirty cow root apk again
choose get root
choose "method 2"
hit "ok"
choose "ok"
if app asks you to open with a browser, choose one, and choose "always"
screen will go black, systemui will crash and then reboot
6) once systemui is back up and running
you now have read-only root
you can now freeze system apps or backup your data using apps that require root
Your shell will be permanently rooted when accessed from a computer using adb--this will last forever unless you undo the setprop
Your system however will only be temp, read-only rooted until the phone is rebooted.
If you wish to have your temp, read-only root reactivated, all you have to do is repeat step 5 and that is it.
You can do this over and over again.
GIVE STAYBOOGY SOME PROPS FOR MAKING YOUR LIFE WITH THIS PHONE BETTER
Does this only work to back up or freeze applications?
poseidon207 said:
Does this only work to back up or freeze applications?
Click to expand...
Click to collapse
ACTUALLY READ the first sentence of OP
I don't see how freezing system apps would negate the need for a real root method? Is this "Read-Only" root method working with lucky patcher or Kernel Auditor?
Can this be used to bypass the subscription check for tethering? I assume not since system isn't writeable.
Does this method work in the ZTE Maven 3 (Z835)?
I'm doing it wrong, probably
First of all, thank you so much for doing this. I've been following that other thread since it was new, and you've put far more effort into this than the phone or most of us deserve.
I've gotten stuck trying to run Dirty Cow. I have USB Debugging enabled, adb installed on my Linux computer which recognizes my Maven (i.e. I've allowed access on the phone), etc. It eventually goes from "Checking vulnerability" to "Your device is not vulnerable" and I'm unable to proceed to the "Get root" step. What am I doing wrong? Might be some recent system update? Probably less effort to just buy a Galaxy.
Please be gentle. I know I'm a noob.
z812 root
I previously rooted my maven with kingroot and the dirtycow exploit.sh file and today I was overwhelming the device by running multible windows and apps and the phone rebooted and root was still intact....haven't rebooted it again yet but I shall.