Related
hy
how root the lg optimus pro ?
need a guide thanks
1 º Download this suite of applications that I use (I added the zip original drivers from LG, which, with no specific model for this, worked like a charm):
www.megaupload.com/?d=U3L199Z3
2 Reset the phone manufactures (who have data to backup, use the File maneger Astro, for example), to obtain a clean file system Settings \ Privacy \ Reset factory data;
3 Extract the zip to a folder on your desktop and install the USB drivers, which are in the zip, the folder "USB driver";
4 Connect the phone to pc cable and expect drivers to be installed;
5 º Go to the pc start \ programs \ accessories \ command line;
6 After you open the command line type:
cd \
cd Users
cd (user name in question)
cd Desktop
cd (name of which are powered uncompressed zip files)
cd ADB
and the result is something like: C: \ Users \ (user name) \ Desktop \ Root Maximo LG Pro \ ADB
then enter the following commands:
adb devices (pressenter)
adb shell (press enter, and then the letter of the command line will pass to $)
echo 1> / data / local / lge_adb.conf (press enter)
7 After these commands inserted, turn off and then turn on the phone (very important this step), always with the phone connected by USB;
8 After restarting the phone, go to the folder where the files are downloaded and run the SuperOneClick.exe;
9 Select the method GingerBreak and click "ROOT"
10 When the process finishes (VERY IMPORTANT) make sure you turn off and turn it on again and update the application through the superuser Market.
That's it. Phone with root access.
Credits go to: Bruno Pinto @ AndroidPT
Hi,
I've tried as you say, and i jammed on the driver installation. Why? On the pack you've posted, there's only a shortcut to the driver file: LGUnitedMobileDriver_S4981MAN32AP22_ML_WHQL_Ver_3.2 - Atalho
and when clicking it its giving me a link to something that doesn't exist:
C:\Users\"username"\Desktop\LGUnitedMobileDriver_S4981MAN32AP22_ML_WHQL_Ver_3.2.exe
Even so, i'd already had installed the LG software suite and so i've got the driver so i moved to the next steps.
when going to perform the adb shell command (error: device not found), i tried with mass storage mode on and off and msg is always the same.
can you please help me?
thanks for any answer
That guide is so complicated for n00b like me who has never before used Android. The stock rom is awfull anyway, any hope for costum roms on this one?
Hi!!
After running the adb command line and restart the mobile, i've started the super one click, it started rooting and in the end in step 7 he says "Remounting /system with read-write access .... FAILED", what went wrong?
I have the latest drivers for this smart and the latest super one click v.2.1.1
My LG has the 2.3.4 version of android and it's from TMN
Regards
is it possible to unlock it? (for free preferably)
hugoafsilva said:
Hi,
I've tried as you say, and i jammed on the driver installation. Why? On the pack you've posted, there's only a shortcut to the driver file: LGUnitedMobileDriver_S4981MAN32AP22_ML_WHQL_Ver_3.2 - Atalho
and when clicking it its giving me a link to something that doesn't exist:
C:\Users\"username"\Desktop\LGUnitedMobileDriver_S4981MAN32AP22_ML_WHQL_Ver_3.2.exe
Even so, i'd already had installed the LG software suite and so i've got the driver so i moved to the next steps.
when going to perform the adb shell command (error: device not found), i tried with mass storage mode on and off and msg is always the same.
can you please help me?
thanks for any answer
Click to expand...
Click to collapse
the drivers are here: http://www.mediafire.com/?85wvjkp5ytb816y
This is NOT complicated method and it works great. I have also tried this on Optimus Net and works fine
Help..! Help..!
I have an LG-C660 Android Gingerbread 2.3.4
1 - Does anyone has an Android version fot this device..?
2 - After Root the device, it boots but dont´s shows the Desktop. It´s stucks on Carrier Screen
3 - Please Help me..!
I tried as instructions but the adb driver can't be successfully installed. I've tried installing drivers many times but it doesn't work.
Done! I removed the SD card and it worked finally!
i have a lg C660 from TMN with v2.3.4 i've tried and tried and cant make it work. anyone got it to work?
Edit :: with superoneclick v2.1.1 i get this
SuperOneClick v2.1.1.0
Checking drivers...
Killing ADB Server...
* server not running *
OK 0,10s
Starting ADB Server...
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
OK 4,14s
Waiting for device...
OK 0,08s
2.3.4
Getting manufacturer...
LGE
OK 0,02s
Getting model...
LG-C660
OK 0,03s
Getting version...
V10c-Aug-25-2011.2ED2FC6537
OK 0,03s
Checking if rooted...
False
OK 0,06s
Installing BusyBox (temporary)... - Step #1
2039 KB/s (1062992 bytes in 0.509s)
OK 0,59s
Installing BusyBox (temporary)... - Step #2
OK 0,03s
Rooting device... - Step #1
OK 0,02s
Rooting device... - Step #2
OK 0,03s
Rooting device... - Step #3
782 KB/s (16830 bytes in 0.021s)
OK 0,10s
Rooting device... - Step #4
OK 0,04s
Rooting device... - Step #5
OK 0,02s
Rooting device... - Step #6
[**] Gingerbreak/Honeybomb -- android 2.[2,3], 3.0 softbreak
[**] (C) 2010-2011 The Android Exploid Crew. All rights reserved.
[**] Kudos to jenzi, the #brownpants-party, the Open Source folks,
[**] Zynamics for ARM skills and Onkel Budi
[**] donate to [email protected] if you like
[**] Exploit may take a while!
[+] Plain Gingerbread mode!
[+] Found PT_DYNAMIC of size 232 (29 entries)
[+] Found GOT: 0x00014354
[+] Using device /devices/platform/msm_sdcc.1/mmc_host
[*] vold: 0000 GOT start: 0x00014354 GOT end: 0x00014394
OK 80,24s
Rooting device... - Step #7
OK 8,08s
Remounting /system with read-write access...
mount: Operation not permitted
FAILED ::
When you get the #6 step you have to disable and enable debug usb on the device..in this way it should work
Sent from my LG-C660 using Tapatalk
Sir i have tried the above procedure. But after "loading gingerbreak" nothing happens. i have waited for half hour.Please tell me what went wrong?
some body know how to get in recovery mode ´cuz i can root my c660 i have gingerbread 2.3.4
i have rooted my gf's phone and made a custom ROM for her i made it for her only !
Step 5 and Step 7 problem
EDIT:
Finally Done. I used SuperOneClick v2.2 and removed the SD card (only in settings) and on step five just disable and enable usb debugging. I feel like alchymist.
And now i am looking how i can custom default rom.
simmer14 said:
i have rooted my gf's phone and made a custom ROM for her i made it for her only !
Click to expand...
Click to collapse
sir kindly make one for us too.. we are sick of Stock ROM...
unabl to root every =time it gets strucked on step 7... somebody help me
Installed at last after 3 days hardwork :/ :/
I was really happy havin my ROOTED S.ony Tablet S, but unfortunately am not able to root again after a update.
Details:
S.ONY TABLET S 16GB (3G)
Country: India
Android Version: 3.2.1 (Release2)
Baseband Version: R3B01
Kernel Version: 2.6.36.3
Hop I have provided needed info.
Thanks for all the updates from "XDA"
Under "Kernel Version" mine says
2.6.36.3
[email protected] #1
What does it say on yours ?
If you have [email protected] #1 or above you are unable to root at this time.
kryddan said:
Under "Kernel Version" mine says
2.6.36.3
[email protected] #1
What does it say on yours ?
If you have [email protected] #1 or above you are unable to root at this time.
Click to expand...
Click to collapse
Thanks for replying bro:
Mine says :: [email protected] #1
And so i am unable to root right ???
So how can I root again ???
coolfire000 said:
Thanks for replying bro:
Mine says :: [email protected] #1
And so i am unable to root right ???
So how can I root again ???
Click to expand...
Click to collapse
That is correct. As of now you are not able to root your tablet, since you have build10. I guess all you can do now is wait and see if someone root the later builds or what for ICS and hope for root.
Not sure if you could try and flash an older rom with recovery, and therein get root?
kryddan said:
That is correct. As of now you are not able to root your tablet, since you have build10. I guess all you can do now is wait and see if someone root the later builds or what for ICS and hope for root.
Not sure if you could try and flash an older rom with recovery, and therein get root?
Click to expand...
Click to collapse
Ok thanks for the replies bro, will wait the things as am a newbie to all this things.
Hope to get ICS and rooted both.
Please . . . . .
Any idea about ICS ?
kryddan said:
Under "Kernel Version" mine says
2.6.36.3
[email protected] #1
What does it say on yours ?
If you have [email protected] #1 or above you are unable to root at this time.
Click to expand...
Click to collapse
I Have [email protected] #1 and I rooted my device following the instructions of the developers.
This will work on all build?
I have build 10. Thank you so much.
Can you provide me some link
rfreeman said:
I Have [email protected] #1 and I rooted my device following the instructions of the developers.
Click to expand...
Click to collapse
Hi can you please prove some link as am a bit newbie I hope you'll help
When I tried using Root 1.1, I got the following output
[*]
[*] Sony Tablet S root script v1.1 (Windows version)
[*] by Dan Rosenberg (@djrbliss).
[*]
[*] Before continuing, ensure USB debugging is enabled, that ADB
[*] is working properly, and that your tablet is connected via USB.
[*] You've got to have proper MPT driver to root your tab!
[*] (MPT driver - wpdmtp.inf included).
[*]
[*] WARNING: This exploit may result in wiping your /data partition,
[*] causing you to lose any applications and data on your tablet.
[*] There should be no risk of permanent damage to your device, but
[*] by running this script you accept all responsibility.
[*] +small mods/optimizations by Konrad Plaszczykowski (@condi)+
[*]
[*] FULLY AUTOMATIC - ROOT SHOULD TAKE ABOUT ~ 3min 10s.
[*] Press enter to root your tablet...
[*]
[*] Waiting for device...
* daemon not running. starting it now *
* daemon started successfully *
[*] MTP driver has been disabled.
[*] Device found.
[*] Pushing log flooder to device...
failed to copy 'flood' to '/log/flood': Permission denied
Unable to chmod /log/flood: No such file or directory
[*] Preparing to append to packages.list...
link failed File exists
[*] Rebooting device...
[*] Waiting for tablet to reboot...... (~20s)
* daemon not running. starting it now *
* daemon started successfully *
error: protocol fault (no status)
[*] Attempting to move system package library directory...
* daemon not running. starting it now *
* daemon started successfully *
error: device not found
error: device not found
error: device not found
[*] Rebooting device...
error: device not found
[*] Waiting for tablet to reboot...... (~40s)
[*] Attempting to insert fake local.prop entry...
link failed File exists
/log/flood: not found
[*] Rebooting device...
[*] Waiting for tablet to reboot...... (~40s)
[*] Attemping persistence...
remount failed: Operation not permitted
failed to copy 'su' to '/system/bin/su': Read-only file system
Unable to chmod /system/bin/su: No such file or directory
failed to copy 'busybox' to '/system/xbin/busybox': Read-only file system
Unable to chmod /system/xbin/busybox: No such file or directory
/system/xbin/busybox: not found
failed to copy 'Superuser.apk' to '/system/app/Superuser.apk': Read-only file sy
stem
[*] Cleaning up...
failed on '/data/data/com.google.android.location/lib.bak' - No such file or dir
ectory
[*] Rebooting...... (~35s)
[*] MTP driver has been enabled back.
[*] Exploit complete!
[*] Press any key to exit.
Click to expand...
Click to collapse
coolfire000 said:
Hi can you please prove some link as am a bit newbie I hope you'll help
Click to expand...
Click to collapse
Use S.onlyTablet.S v1.1 it has builtin check if your device is rootable.
condi said:
Use S.onlyTablet.S v1.1 it has builtin check if your device is rootable.
Click to expand...
Click to collapse
Thanks for reply bro, but getting the following error:
[*] Sony Tablet S root script v1.1 (Windows version)
[*] by Dan Rosenberg (@djrbliss).
[*]
[*] Before continuing, ensure USB debugging is enabled, that ADB
[*] is working properly, and that your tablet is connected via USB.
[*] You've got to have proper MPT driver to root your tab!
[*] (MPT driver - wpdmtp.inf included).
[*]
[*] WARNING: This exploit may result in wiping your /data partition,
[*] causing you to lose any applications and data on your tablet.
[*] There should be no risk of permanent damage to your device, but
[*] by running this script you accept all responsibility.
[*]
[*] +small mods/optimizations by Konrad Plaszczykowski (@condi)+
[*]
[*] FULLY AUTOMATIC - ROOT SHOULD TAKE ABOUT ~ 3min 10s.
[*] Press enter to root your tablet...
[*]
[*] Waiting for device...
* daemon not running. starting it now *
* daemon started successfully *
[*] It looks that your device is [for now] not rootable...
[*] In your kernel version exploit vulnerability has been locked down...
[*] You need to wait for DEVs to find another way...
[*] Press any key to exit.
Click to expand...
Click to collapse
Solution to all
Check if u hav enabled usb debugging ... n unknown sources ..in the setting... u cn use tis file ... whch ucn find in the Android development area too..... nt responsible for any damage to ure device ...
coolfire000 said:
Thanks for reply bro, but getting the following error:
[*] It looks that your device is [for now] not rootable...[*] In your kernel version exploit vulnerability has been locked down...[*] You need to wait for DEVs to find another way...
[*] Press any key to exit.
Click to expand...
Click to collapse
Click to expand...
Click to collapse
Yep, exactly as it says. No solution for now. You need to wait
T0Tal_N00b said:
Check if u hav enabled usb debugging ... n unknown sources ..in the setting... u cn use tis file ... whch ucn find in the Android development area too..... nt responsible for any damage to ure device ...
Click to expand...
Click to collapse
No need to reupload tool, its available in official S.onyTablet.S thread.
br!
condi
Can build 9 be rooted?
Sent from my E16i using xda premium
mine says
Android Version: 3.2.1 (Release2)
2.6.36.3
[email protected] #1
it just hangs after daemon successful luanch... im using xp on vmware btw.
D00QLE said:
mine says
Android Version: 3.2.1 (Release2)
2.6.36.3
[email protected] #1
it just hangs after daemon successful luanch... im using xp on vmware btw.
Click to expand...
Click to collapse
does the XP on vmware detects ur tablet s?(like: adb devices (does this show u ur tablet? )) i was using Oracle VirtualMachine and i had to passthrough my USB devices to my guest OS. Perhaps u might want to check that(usb passthrough on vmware) out.
Maybe USB 1.1 only ?
I had to disable Oracle VirtualBox USB 2.0 support extension to get the tablet recognized by ADB in a Windows XP VM running under a Linux (Debian Squeeze) host...
Keep checking the build #
I purchased my Tablet S (refurbished) last week. It came with Build10. The first thing I did after turning it on was check to Build#.
However, after restarting a few times it reverted to Build5. I am not sure why that happened, but I was able to root using the All In One. I think someone else here had this happen also.
I *may* have run a Sony update on the previous restart. (It was late and I can't remember)
I guess you got it with FW 3.2 and Kernel build#10
Then you did a update to 3.2.1R2 with kernel build#5.
Could you remember?
zerod78 said:
does the XP on vmware detects ur tablet s?(like: adb devices (does this show u ur tablet? )) i was using Oracle VirtualMachine and i had to passthrough my USB devices to my guest OS. Perhaps u might want to check that(usb passthrough on vmware) out.
Click to expand...
Click to collapse
problem solved, it was the
echo 0x54c >> %HOMEPATH%\.android\adb_usb.ini
Click to expand...
Click to collapse
i though i had to add echo but no
I got an update, 13.3.2.2. I'm confused, how do you stop updates for sure?
Also, I forgot to say that I found this website, which claims to be a rooting website, I checked the supported devices on it and the HDX appeared. I can't try it now, but if anyone else can, please do. Do not laugh if I'm wrong, though. Thanks for the support!
http://www.srsroot.com/supported
Here you can find the KFHTWI. Yay!
ferrouskid said:
http://www.srsroot.com/supported
Here you can find the KFHTWI. Yay!
Click to expand...
Click to collapse
I have the KF HDX 8.9 running 14.3.2.1_user_321093620. SRS found no vulnerabilities to exploit.
My RESULTS:
---= SRS One-Click-Root v4.7 =---
17:26:51 - Starting ADB Server..
17:26:56 - Manufacturer: Amazon
17:26:56 - Model: KFAPWI
17:26:56 - Android Version: 4.2.2
17:26:56 - Build ID: JDQ39
17:26:56 - Board ID: apollo
17:26:56 - Chipset Platform: msm8974
17:26:56 - Getting OffSets.. : 0x8003 0x8005 (False)
17:26:56 - Query Server for Best Method.. Not Found (SmartRoot not possible yet)
----= Start Rooting Process.. Please Wait =----
17:26:58 [+] Testing exploit: root1 (Please wait some minutes)....
17:26:58 [+] Executing root1 exploit Failed, Proceed next...
17:26:58 [+] Testing exploit: root2a (Please wait it can take some minutes)....
17:27:00 [+] Executing root2a exploit Failed, Proceed next...
17:27:00 [+] Installing exploit: root3c (Please wait...)
17:27:03 [+] Select 'FRODO' or 'ARAGORN' or 'LEGOLAS' on your device, then click OK
17:27:24 [+] Removing Exploit.. Please Wait..
17:27:32 [+] Analysing Results...
17:27:32 [+] Root Failed: Resume Exploit 4.
17:27:32 [+] Testing exploit: root4 (please wait..)
17:27:35 [+] Device Reboot #1 (Wait till it's started)
17:28:59 [+] Device Reboot #2 (Wait till it's started)
17:30:04 [+] Executing root4 exploit Failed. (Root Error: 0)
17:30:04 [+] Testing exploit: root4b (please wait..)
17:30:11 [+] Device Reboot #1 (Wait till it's started)
17:31:23 [+] Device Reboot #2 (Wait till it's started)
17:33:34 [+] Testing exploit: root5 (please wait..)
17:33:35 [+] Unlock your device screen, it should bring up restore mode.
17:33:49 [+] Press RESTORE button on device NOW! then wait...
17:34:21 [+] Device Reboot #1 (Wait till it's started)
17:36:40 [+] Executing root5 exploit Failed. (Root Error: 0)
17:36:40 Auto Root Failed on this device.
It might be kind of extreme, but what if we filled the Kindle with MP3s or something to keep the free space below 800mb? The update BIN shouldn't be able to download because of insufficient space.
Cevyn said:
It might be kind of extreme, but what if we filled the Kindle with MP3s or something to keep the free space below 800mb? The update BIN shouldn't be able to download because of insufficient space.
Click to expand...
Click to collapse
Worth a try, but it looks like they left a lot of space for the OS to work with...
"16GB (10.9GB available to user) or 32GB (25.1GB available to user), or 64 GB (53.7GB available to user) of internal storage"
Cevyn said:
It might be kind of extreme, but what if we filled the Kindle with MP3s or something to keep the free space below 800mb? The update BIN shouldn't be able to download because of insufficient space.
Click to expand...
Click to collapse
Technically this should work, but I'm pretty sure there is a way to delete update files. I found a nifty application called "Android Commander" which a allows you to access the system files on the HDX from the pc. Unfortunately you can not modify anything without root, but I'm hoping someone can figure out a hack for that, if it is possible than maybe the boot loader could be unlocked. And you are probably thinking what I'm thinking, AOSP ROM here I come!
matt101 said:
I have the KF HDX 8.9 running 14.3.2.1_user_321093620. SRS found no vulnerabilities to exploit.
My RESULTS:
---= SRS One-Click-Root v4.7 =---
17:26:51 - Starting ADB Server..
17:26:56 - Manufacturer: Amazon
17:26:56 - Model: KFAPWI
17:26:56 - Android Version: 4.2.2
17:26:56 - Build ID: JDQ39
17:26:56 - Board ID: apollo
17:26:56 - Chipset Platform: msm8974
17:26:56 - Getting OffSets.. : 0x8003 0x8005 (False)
17:26:56 - Query Server for Best Method.. Not Found (SmartRoot not possible yet)
----= Start Rooting Process.. Please Wait =----
17:26:58 [+] Testing exploit: root1 (Please wait some minutes)....
17:26:58 [+] Executing root1 exploit Failed, Proceed next...
17:26:58 [+] Testing exploit: root2a (Please wait it can take some minutes)....
17:27:00 [+] Executing root2a exploit Failed, Proceed next...
17:27:00 [+] Installing exploit: root3c (Please wait...)
17:27:03 [+] Select 'FRODO' or 'ARAGORN' or 'LEGOLAS' on your device, then click OK
17:27:24 [+] Removing Exploit.. Please Wait..
17:27:32 [+] Analysing Results...
17:27:32 [+] Root Failed: Resume Exploit 4.
17:27:32 [+] Testing exploit: root4 (please wait..)
17:27:35 [+] Device Reboot #1 (Wait till it's started)
17:28:59 [+] Device Reboot #2 (Wait till it's started)
17:30:04 [+] Executing root4 exploit Failed. (Root Error: 0)
17:30:04 [+] Testing exploit: root4b (please wait..)
17:30:11 [+] Device Reboot #1 (Wait till it's started)
17:31:23 [+] Device Reboot #2 (Wait till it's started)
17:33:34 [+] Testing exploit: root5 (please wait..)
17:33:35 [+] Unlock your device screen, it should bring up restore mode.
17:33:49 [+] Press RESTORE button on device NOW! then wait...
17:34:21 [+] Device Reboot #1 (Wait till it's started)
17:36:40 [+] Executing root5 exploit Failed. (Root Error: 0)
17:36:40 Auto Root Failed on this device.
Click to expand...
Click to collapse
Thanks for the effort. Now as soon as I have the ability I will try the root on the 7". But thanks a lot for the effort. By the way check out Android Commander, I have been smacking a lot of fuss about it on XDA, because I see a lot of potential in it, I'll try my best to find a hack that will enable one to write things on to the HDX system files, which it is designed to see. I gave it a try before, seemed to work just fine. Now if the update file could be deleted and the 13.3.1 image could be forced on to the HDX we could root! However one can already copy files from the HDX, so my plan is to install the HDX mojito os on sub using unetbootin and boot up the computer from it, or my netbook which closely resembles it, and then try and find a way to modify things without actually bricking the HDX, so if you can, please give it a shot. But if I'm wrong, please do correct me! Thanks again.
Cevyn said:
It might be kind of extreme, but what if we filled the Kindle with MP3s or something to keep the free space below 800mb? The update BIN shouldn't be able to download because of insufficient space.
Click to expand...
Click to collapse
On the topic of BIN files, I got my brother to edit the build prop on the old update 13.3.1, the rootable one. I asked him to change the build number in it, might sound stupid but I have a hunch that is what is checked during manual update (in case you didn't know you just drag and drop the update into internal storage, and then do it the usual way and it should appear there). Now all that has to be done is the .zip converted into a .bin, and ill give it a try as soon as it's done. Let's hope it works!
ferrouskid said:
On the topic of BIN files, I got my brother to edit the build prop on the old update 13.3.1, the rootable one. I asked him to change the build number in it, might sound stupid but I have a hunch that is what is checked during manual update (in case you didn't know you just drag and drop the update into internal storage, and then do it the usual way and it should appear there). Now all that has to be done is the .zip converted into a .bin, and ill give it a try as soon as it's done. Let's hope it works!
Click to expand...
Click to collapse
I believe the BIN files are just renamed ZIP files. 7-Zip opens them just fine.
ferrouskid said:
On the topic of BIN files, I got my brother to edit the build prop on the old update 13.3.1, the rootable one. I asked him to change the build number in it, ...
Click to expand...
Click to collapse
What build number did you have your brother change it to?
How are you getting around signing the BIN file? This would be the major stumbling block to any mods to it...
Cevyn said:
I believe the BIN files are just renamed ZIP files. 7-Zip opens them just fine.
Click to expand...
Click to collapse
Yeah, thanks. I tried it and the kindle recognised is as an update ) but it said the file wasn't valid, so I should convert it to a .bin. Maybe then it'll work? After this I'll shut my WiFi off so it doesn't connect to the internet to verify the update. Ill be back at dad with results from PC.
Let's hope it works! A little bit to go!!!
tl3 said:
What build number did you have your brother change it to?
How are you getting around signing the BIN file? This would be the major stumbling block to any mods to it...
Click to expand...
Click to collapse
I got him to change it to 13.3.3.3 and let the user bit stay the same. Now I tried it in bin format, and here are the results so far (check image).
So far it doesn't recognise it as 13.3.3.3, maybe because it's a zip? I realise that bins and zips in effect are the same thing, but maybe converting will,help?
Will be back at xda after this.
Here is the url to dropbox
https://www.dropbox.com/s/v5eo7zu155773b0/Screenshot_2014-04-11-21-33-23_kindlephoto-9182708.png
Oh yeah, I need a little help with the signing. I have found a certificate installer app on the kindle, but I'm not sure it will do the job. Maybe if I installed it in an android environment and managed to certify it from my netbook using x-86 android website downloads...
But it might not work. Please correct me, I'm quite new to this all. And also isn't there like signtool.exe for windows? Ill look into that, and I'd be grateful if you could help.
Thanks!
ferrouskid said:
I got him to change it to 13.3.3.3 and let the user bit stay the same. Now I tried it in bin format, and here are the results so far (check image).
So far it doesn't recognise it as 13.3.3.3, maybe because it's a zip? I realise that bins and zips in effect are the same thing, but maybe converting will,help?
Will be back at xda after this.
Here is the url to dropped
https://www.dropbox.com/s/v5eo7zu155773b0/Screenshot_2014-04-11-21-33-23_kindlephoto-9182708.png
Click to expand...
Click to collapse
I believe that the Kindle only recognized that there is an update file with a higher version number, but if it is not signed properly, the modified BIN file will not pass authentication and the update process will terminate. This is the stumbling block I was referring to and asking you about... it's not something trivial that can be easily defeated or bypassed.
tl3 said:
I believe that the Kindle only recognized that there is an update file with a higher version number, but if it is not signed properly, the modified BIN file will not pass authentication and the update process will terminate. This is the stumbling block I was referring to and asking you about... it's not something trivial that can be easily defeated or bypassed.
Click to expand...
Click to collapse
Ill keep on at it, and see where it goes. I have read up some things about signing bin files, I think Android Commander has the option to do so and so does Signtool, but I don't know what to sign it with yet. Yeah, you were right, it did terminate the update unfortunately, but Ill see what I can do.
Here is a snapshot
https://www.dropbox.com/s/pp6txvavncuwvti/Screenshot_2014-04-12-09-11-33.png
tl3 said:
I believe that the Kindle only recognized that there is an update file with a higher version number, but if it is not signed properly, the modified BIN file will not pass authentication and the update process will terminate. This is the stumbling block I was referring to and asking you about... it's not something trivial that can be easily defeated or bypassed.
Click to expand...
Click to collapse
Yes, this truly is a stumbling block. I need someone's help to find a certificate that Amazon use for their updates, there are numerous certificate apps installed on the kindle, but I'm not 100% sure they serve this specific purpose. There are signing tools available for free on the internet, such as signtool and stuff like that. That's all good, but I have no idea in which way Amazon sign their updates. I have the original 13.3.1 .bin officially signed by Amazon, I will have a link to my dropbox. I wonder weather there is a way to find in which way it was signed and do the same for this "update"?
Ill be looking into that.
https://dl.dropboxusercontent.com/u/67795059/update-kindle-13.3.1.0_user_310079820.bin
Keeping root across updates may be possible with simple re-signing
Amazon uses SignApk to sign their updates.
(To confirm, just unzip the .bin file and look at the first few lines of CERT.SF (or MANIFEST.MF) in the META-INF directory.)
*IF* you have root today (unfortunately, I got updated before I had a chance to try this),
you should be able to take an official Amazon update, unpack it, strip the existing signature,
add whatever you like (supersu and your own otacerts comes to mind), and re-sign
the update with your own key following the procedure described in this blog post:
FIX THE URL ::: www .. londatiga .. net // it // how-to-sign-apk-zip-files
(including instructions on how to generate your own signing key and certificate).
What you need root access for is to swap the current /system/etc/security/otacerts.zip on your device to your own zipped certificate.
Once that piece is changed, you should be able to use Amazon's manual update procedure to apply your modified update.
FIX THE URL ::: www .. amazon .. com // gp // help // customer // display.html?nodeId=201390600
You may need to change the updater-script to set the right owner and permissions for /system/xbin/su.
And, don't forget to change /system/etc/security/otacerts.zip to your own stuff in the actual update as well!
Again, this _MAY_ (or may not) work. I'd appreciate feedback if you tried this (or: are willing to try, but need help).
Hi, I have a stock Tablet Z on 10.7.A.0.222
I have successfully unlocked the bootloader via instructions on xperia firmware. However I have been unable to root it or install twrp.
I am a complete noob at this but the tablet is running incredibly laggy as stock so want to refresh it. I was using this guide:
https://www.cyanogenmods.org/forums/topic/xperia-tablet-z-cm14-cyanogenmod-14-nougat-7-0-rom/
In that guide I got to 1b which led me to this guide for installing recovery:
https://www.cyanogenmods.org/forums/topic/install-twrp-recovery-android-using-fastboot/
When i try to do step 6 the tablet shuts off and does not go into bootloader mode where I can flash twrp.
Can someone provide direction on what I need to do differently? I have done various searches on this site and I believe there is not a recovery installed in this firmware version or something and that is preventing me from being able to do this step but I am not sure how I get around that.
cward0625 said:
Can someone provide direction on what I need to do differently? I have done various searches on this site and I believe there is not a recovery installed in this firmware version or something and that is preventing me from being able to do this step but I am not sure how I get around that.
Click to expand...
Click to collapse
Hello!
Look at this thread.
Rootk1t said:
Hello!
Look at this thread.
Click to expand...
Click to collapse
Thanks for the response, I had referred to this guide too but was unable to get this step to work for me->
- Root. Follow Bin4ry root : http://forum.xda-developers.com/show....php?t=1886460
Download : http://forum.xda-developers.com/show....php?t=1886460
Below is what I get in the command prompt when doing the steps. When I tried option 4 for new xperia root it did not work...it just hangs here:
======================================================================
= This script will root your Android phone with adb restore function =
= Script by Bin4ry =
= (15.06.2014) v36 =
======================================================================
Device type:
0) New Z2 Root Method by cubeandcube (thanks man!)
1) 2014 root (thx jcase for nice pwn binary and xsacha for the exploit)
2) Xperia Root by cubeundcube
3) New Standard-Root (thx Ariel Berkman)
4) New Xperia Root by Goroh_kun (Xperia Z, Xperia V [JellyBean] ...)
5) Old
6) Old-Special (for example: Sony Tablet S, Medion Lifetab)
G) Google Glass Mode (thx Saurik for the ab file)
x) Unroot
Make a choice: 4
Please connect Xperia device with enabled USB-Debugging now to your Computer
Going to copy over some files ...
33 KB/s (442 bytes in 0.012s)
33 KB/s (170 bytes in 0.004s)
13 KB/s (57 bytes in 0.003s)
Starting restore operation, please look on your device and confirm restore!
after that press anykey here in the console
Now unlock your device and confirm the restore operation.
Press any key to continue . . .
After restore is confirmed please look on your device and choose "Service Tests -> Display" in Service menu and WAIT THERE!"
Starting: Intent { act=android.intent.action.MAIN cmp=com.sonyericsson.android.servicemenu/.ServiceMainMenu }
/data/local/tmp/onload.sh ...
Then if I try option 1 instead I get this (although I do not think this is the correct option anyways:
Device type:
0) New Z2 Root Method by cubeandcube (thanks man!)
1) 2014 root (thx jcase for nice pwn binary and xsacha for the exploit)
2) Xperia Root by cubeundcube
3) New Standard-Root (thx Ariel Berkman)
4) New Xperia Root by Goroh_kun (Xperia Z, Xperia V [JellyBean] ...)
5) Old
6) Old-Special (for example: Sony Tablet S, Medion Lifetab)
G) Google Glass Mode (thx Saurik for the ab file)
x) Unroot
Make a choice: 1
Exploit type:
0) xsacha Z2 Tablet Root
1) jcase Z1S Root (make sure to download the pwn binary first from XDA thread!)
Make a choice: 1
Please connect your device with enabled USB-Debugging ...
Copy needed files ...
4106 KB/s (574722 bytes in 0.136s)
6023 KB/s (104576 bytes in 0.016s)
5317 KB/s (2139595 bytes in 0.392s)
72 KB/s (148 bytes in 0.001s)
1024 KB/s (2092 bytes in 0.001s)
4525 KB/s (1109128 bytes in 0.239s)
Beaups and jcase were here
donations may go here, pleaes say what it was for -> [email protected]
Rebooting device, please wait ...
mount: Permission denied
dd: /system/xbin/su: Read-only file system
chown: /system/xbin/su: No such file or directory
Unable to open /system/xbin/su: No such file or directory
ln: /system/bin/su: Read-only file system
dd: /system/app/Superuser.apk: Read-only file system
chown: /system/app/Superuser.apk: No such file or directory
Unable to open /system/app/Superuser.apk: No such file or directory
dd: /system/xbin/busybox: Read-only file system
chown: /system/xbin/busybox: No such file or directory
Unable to open /system/xbin/busybox: No such file or directory
/data/local/tmp/install_tool.sh[39]: /system/xbin/busybox: not found
mount: Permission denied
"If this helped you please consider donating to the original author jcase: http://forum.xda-developers.com/showpost.php?p=53407127&postcount=1004"
You can close all open command-prompts now!
After reboot all is done! Have fun!
Bin4ry
Press any key to continue . . .
Any ideas on what I am doing wrong or what I need to do differently?
I have rooted my phones before and installed different ROMs but something seems to be off here.
cward0625 said:
Thanks for the response, I had referred to this guide too but was unable to get this step to work for me->
Any ideas on what I am doing wrong or what I need to do differently?
I have rooted my phones before and installed different ROMs but something seems to be off here.
Click to expand...
Click to collapse
forget about root. To install TWRP to FOTA or custom ROM, you don't need it.
Proceed with step 7.
Rootk1t said:
forget about root. To install TWRP to FOTA or custom ROM, you don't need it.
Proceed with step 7.
Click to expand...
Click to collapse
thanks a lot, I did that, got lineage installed, worked fine, then when I followed the directions to install gapps and rebooted it just keeps loading twrp and not to lineage. I tried wiping and starting over and getting the same thing. Is there something I need to do differently? I used gapps arm 7.1 neon 20181118
thanks again
cward0625 said:
thanks a lot, I did that, got lineage installed, worked fine, then when I followed the directions to install gapps and rebooted it just keeps loading twrp and not to lineage. I tried wiping and starting over and getting the same thing. Is there something I need to do differently? I used gapps arm 7.1 neon 20181118
thanks again
Click to expand...
Click to collapse
wiping and installing 14.1 did not work, but when i did 15.1 it did. I think I should be set now.
Thanks
Hello,
I have a device called RATEL CELL R1020 with OS android 8.0 oreo.
I tried some applications for rooting this smartphone like kingroot, kingoroot, etc but failed. This device can't unlock bootloader, so I see rooting with exploit in youtube like thomasking. Please anyone here help me to rooting my smartphone?
4.4.78perf+ kernel
this attachment is screenshot of the system
Thankyou
j4nn said:
@arifincaesar, do you have your phone's firmware in a downloadable form? Can you obtain linux kernel source code for your phone?
I could imagine adapting this (exploit source code here) for your phone, but the kernel binary that is running on the phone is a must pre-requisite. Obviously it would be only a temp root.
Click to expand...
Click to collapse
arifincaesar said:
there is no way to get firmware of this phone sir..
and there's no way to unlock bootloader..
i think the only way to backup firmware this device is exploit and getting root access without ubl..
there is just said 4.4.78-perf+
Click to expand...
Click to collapse
In my opinion, there is no exploit that would not need offsets within kernel image in advance.
Because of that you need a copy of kernel binary that is running on the phone.
Obviously it is not possible to back up kernel partition from the phone, so you would need the original fw (the same version that is running on the phone) and a way to extract the kernel from the fw package.
Without that you are out of luck, sorry...
Since there is linux kernel running on the phone (android uses linux kernel) you have legal options to request corresponding kernel source code, because linux kernel is distributed under gpl license.
But even if you obtained the kernel source, you would still need the binary, because most likely the new build from source would not be binary identical. The source code would just make it easy to decide which exploit could work, so it would make sense to adapt it for the kernel binary.
j4nn said:
In my opinion, there is no exploit that would not need offsets within kernel image in advance.
Because of that you need a copy of kernel binary that is running on the phone.
Obviously it is not possible to back up kernel partition from the phone, so you would need the original fw (the same version that is running on the phone) and a way to extract the kernel from the fw package.
Without that you are out of luck, sorry...
Since there is linux kernel running on the phone (android uses linux kernel) you have legal options to request corresponding kernel source code, because linux kernel is distributed under gpl license.
But even if you obtained the kernel source, you would still need the binary, because most likely the new build from source would not be binary identical. The source code would just make it easy to decide which exploit could work, so it would make sense to adapt it for the kernel binary.
Click to expand...
Click to collapse
is that bug when i had activated oem unlock in dev options but cannot unlock with fastboot mode?
j4nn said:
In my opinion, there is no exploit that would not need offsets within kernel image in advance.
Because of that you need a copy of kernel binary that is running on the phone.
Obviously it is not possible to back up kernel partition from the phone, so you would need the original fw (the same version that is running on the phone) and a way to extract the kernel from the fw package.
Without that you are out of luck, sorry...
Since there is linux kernel running on the phone (android uses linux kernel) you have legal options to request corresponding kernel source code, because linux kernel is distributed under gpl license.
But even if you obtained the kernel source, you would still need the binary, because most likely the new build from source would not be binary identical. The source code would just make it easy to decide which exploit could work, so it would make sense to adapt it for the kernel binary.
Click to expand...
Click to collapse
can you help me please?
arifincaesar said:
can you help me please?
Click to expand...
Click to collapse
Interesting. Getting kernel space R/W primitives is a nice first step.
But without kernel binary, that still may be difficult - with kernel 4.4.78 version, KASLR would be there for sure.
j4nn said:
Interesting. Getting kernel space R/W primitives is a nice first step.
But without kernel binary, that still may be difficult - with kernel 4.4.78 version, KASLR would be there for sure.
Click to expand...
Click to collapse
hehe i keep watching your work for exploit sir
if there something new exploit i'll try to my phone
thx before
@arifincaesar, try this please:
Code:
cd /data/local/tmp
echo -e '#!/system/bin/sh\ncase "$1" in\n*model) echo G8441 ;;*) echo 47.1.A.8.49 ;;esac' > getprop
chmod 755 getprop
PATH=`pwd`:$PATH ./bindershell
That should try the offsets defined for xz1c. It's a blind try, but let's see.
Please post the log in a text form (copy it via clipboard from the terminal), using the CODE tags in the message (can be used with the # icon in advanced post).
Code:
cd /data/local/tmp
echo -e '#!/system/bin/sh\ncase "$1" in\n*model) echo G8441 ;;*) echo 47.1.A.8.49 ;;esac' > getprop
chmod 755 getprop
PATH=`pwd`:$PATH ./bindershell
i can't believe, it work bro i swear :v
is that my phone rooted?
nope i think my phone is not rooted yet..
i check from root checker it say "sorry root access is not properly installed on this device."
@j4nn heres the output
bindershell - temp root shell for xperia XZ1c/XZ1/XZp using CVE-2019-2215
https://github.com/j4nn/renoshell/tree/CVE-2019-2215
MAIN: starting exploit for devices with waitqueue at 0x98
PARENT: Reading leaked data
PARENT: leaking successful
MAIN: thread_info should be in stack
MAIN: parsing kernel stack to find thread_info
PARENT: Reading leaked data
PARENT: Reading extra leaked data
PARENT: leaking successful
MAIN: task_struct_ptr = ffffffcfe0d68000
MAIN: thread_info_ptr = ffffffd04aa3c000
MAIN: Clobbering addr_limit
MAIN: should have stable kernel R/W now
kernel slide invalid (0x4ffabc7b50)
kaslr slide 0x0
selinux set to permissive
current task credentials patched
got root, start shell...
Cell:/data/local/tmp # id
uid=0(root) gid=0(root) groups=0(root),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats),3009(readproc) context=u:r:shell:s0
Cell:/data/local/tmp # cd
Cell:/ # ls
ls: ./cache: Permission denied
ls: ./init: Permission denied
ls: ./init.environ.rc: Permission denied
ls: ./init.rc: Permission denied
ls: ./init.recovery.qcom.rc: Permission denied
ls: ./init.usb.configfs.rc: Permission denied
ls: ./init.usb.rc: Permission denied
ls: ./init.zygote32.rc: Permission denied
ls: ./init.zygote64_32.rc: Permission denied
ls: ./postinstall: Permission denied
ls: ./ueventd.rc: Permission denied
ls: ./verity_key: Permission denied
acct bt_firmware bugreports charger config d data default.prop dev dsp etc firmware lost+found mnt oem persist proc res root sbin sdcard storage sys system vendor
1|Cell:/ #
@arifincaesar, well, as expected, detecting KASLR slide failed, therefore selinux could not be disabled and security context has not been patched either.
Without a kernel binary, it is difficult to implement a full temp root exploit.
I guess it could be doable, unfortunately I do not have the time for it.
j4nn said:
@arifincaesar, well, as expected, detecting KASLR slide failed, therefore selinux could not be disabled and security context has not been patched either.
Without a kernel binary, it is difficult to implement a full temp root exploit.
I guess it could be doable, unfortunately I do not have the time for it.
Click to expand...
Click to collapse
hehe thanks for information sir..
@arifincaesar, see PM please...
j4nn said:
@arifincaesar, see PM please...
Click to expand...
Click to collapse
ok sir, thank you very much for helping me.. T_T
pm sent
cve-2019-2215 based temp root exploit for ratel cell r1020
Here is a temp root exploit tailored specifically for RATEL CELL r1020 phone as described in the OP (Android 8.0 with security patch level of January 5, 2018). The exploit uses CVE-2019-2215, which can get you a temporal root shell very quickly and reliably (it's nearly instant).
Unfortunately RATEL CELL r1020 firmware is not publicly available, so it had not been possible to get a kernel image for analysis.
Luckily the first stage of the exploit designed for sony xperia xz1/xz1/xz1c worked, providing kernel space R/W primitives.
Eventually kernel memory dump has been retrieved (after KASLR bypass done in a generic way), so implementation of the final stage to bypass selinux and patch credentials to get root could be done.
Please find the result of my work attached here, it obviously is not tested as I do not have that phone, but I assume it would work as using similarly calculated stuff worked with my xz1c phone.
Please see the xperia phones exploit here for usage howto, including possibility to setup magisk from the exploit (modified script without sony specific stuff is already included). Just download the Magisk-v19.3-Manager-v7.1.2.zip from the linked post and use together with stuff from ratel-cell-temp-root.zip attached here.
EDIT: Updated ratel cell temp root with v2, supposed to work also with ratel cell having May 1, 2018 security patch level.
Please post the log (in [ CODE ] tags) and/or screenshots from your testing, possibly including even magisk setup, if bindershell exploit worked.
If you like my work, you can donate to me via paypal (including card payment) or bitcoin - for details just follow the "Donate to Me" button please. Thank you.
Thread closed per OP request.
MOD ACTION:
Thread reopened per OP's request
j4nn said:
Here is a temp root exploit tailored specifically for RATEL CELL r1020 phone as described in the OP (Android 8.0 with security patch level of January 5, 2018). The exploit uses CVE-2019-2215, which can get you a temporal root shell very quickly and reliably (it's nearly instant).
Unfortunately RATEL CELL r1020 firmware is not publicly available, so it had not been possible to get a kernel image for analysis.
Luckily the first stage of the exploit designed for sony xperia xz1/xz1/xz1c worked, providing kernel space R/W primitives.
Eventually kernel memory dump has been retrieved (after KASLR bypass done in a generic way), so implementation of the final stage to bypass selinux and patch credentials to get root could be done.
Please find the result of my work attached here, it obviously is not tested as I do not have that phone, but I assume it would work as using similarly calculated stuff worked with my xz1c phone.
Please see the xperia phones exploit here for usage howto, including possibility to setup magisk from the exploit (modified script without sony specific stuff is already included). Just download the Magisk-v19.3-Manager-v7.1.2.zip from the linked post and use together with stuff from ratel-cell-temp-root.zip attached here.
Please post the log (in [ CODE ] tags) and/or screenshots from your testing, possibly including even magisk setup, if bindershell exploit worked.
Click to expand...
Click to collapse
yes, it work sir thank you so much here is the log
but i think there other problem i will posting it later here
Code:
Cell:/data/local/tmp $ ./bindershellnew
bindershell - temp root shell using CVE-2019-2215, tailored for RATEL CELL R1020
https://github.com/j4nn/renoshell/tree/CVE-2019-2215
MAIN: starting exploit for devices with waitqueue at 0x98
PARENT: Reading leaked data
PARENT: leaking successful
MAIN: thread_info should be in stack
MAIN: parsing kernel stack to find thread_info
PARENT: Reading leaked data
PARENT: Reading extra leaked data
PARENT: leaking successful
MAIN: task_struct_ptr = ffffffd4316e9b00
MAIN: thread_info_ptr = ffffffd471268000
MAIN: Clobbering addr_limit
MAIN: should have stable kernel R/W now
attempting kaslr bypass: leaked ptr 0xffffff8a82608658
kernel base=0xffffff8a81480000 slide=0xa79400000
selinux set to permissive
current task credentials patched
got root, start shell...
Cell:/data/local/tmp # getenforce
Permissive
Cell:/data/local/tmp # id
uid=0(root) gid=0(root) groups=0(root),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats),3009(readproc) context=u:r:toolbox:s0
Cell:/data/local/tmp # uname -a
Linux localhost 4.4.78-perf+ #1 SMP PREEMPT Tue Mar 6 11:00:11 CST 2018 aarch64
Cell:/data/local/tmp #
Hi there sir @j4nn .
I'm yusuv, ratel cell user. I've been following this thread.
And lately seems the exploit works as intended.
The things is, ratel cell not only have the January patch on all the devices. I've tried the exploit and its stuck on the build number prop and it won't go any further.
Afaik, ratel have 2 ROM builds, one patch is January which is you build the exploit for, the other one is May 1, 2018 patch. With also different build number.
On behalf Ratel Cell user with the may patch. I'm here to ask you, is there any way for us with the May patch being able to root our device?
Thanks in advance.
Dear sir @j4nn.
can you help us on how to install custom recovery in Ratel Cell, if you are willing to help, we will be very grateful.