Better Mobile App

[HOW-TO] Root FRGxx builds without unlocking bootloader

EDIT: Great news! We have an on-device one-click root again!
Simply download VISIONary from (edit: used to be in the Market) Modaco. I tried it on FRG83 stock. It works. No ADB, no external computer required, no fuss. Thanks to the developers!
EDIT again: Sorry, the FRG83D build no longer works with VISIONary - BUT - the overall rageagainstthecage method still works via ADB. I also hear that SuperOneClick works but it requires a Windows machine.
----
Ok it's been established that Universal Androot / exploid / freenexus no longer works on FRG33/FRG83 etc. And it's been established that "rageagainstthecage" does still work. So far I'm not aware of a one-click method to implement the latter exploit.
So I'm starting this thread to centralize everyone's experiences. I don't personally need these instructions but other folks apparently do. I've quoted a rooting guide in post #2. If you think any refinements are necessary or you have a better way of writing it out, please feel free to add to this thread.

Thanks to efrant for pointing the way to this guide. Based on comments below, I'm quoting another revised version.
hmanxx said:
Hi OP,
You may want to edit your post #2, I have inserted the mounting commands in the thread i posted previously. this will help novice users to get thing right out of box without figuring why permission denied.
I have just tried out the additional mounting steps..things are working fine..
Tidy up step by step rooting
1) Getting rageagainstthecage-arm5.bin
http://stealth.openwall.net/xSports/RageAgainstTheCage.tgz
2) Getting Superuser.apk, busybox,su
http://forum.xda-developers.com/showthread.php?t=736271
Or
Find yourself..there are many floating around.
3) Rooting Process (Installing custom Recovery rom section is deleted to simplify illustration
Reference:http://forum.xda-developers.com/showpost.php?p=8120790&postcount=250
Code:
F:\ADB>adb push rageagainstthecage-arm5.bin /data/local/tmp/rageagainstthecage
263 KB/s (5392 bytes in 0.020s)
F:\ADB>adb shell chmod 700 /data/local/tmp/rageagainstthecage
F:\ADB>adb shell
$ cd /data/local/tmp
cd /data/local/tmp
$ ./rageagainstthecage
./rageagainstthecage
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3084, 3084}
[*] Searching for adb ...
[+] Found adb as PID 64
[*] Spawning children. Dont type anything and wait for reset!
[*]
[*] If you like what we are doing you can send us PayPal money to
[*] 7-4-3-C[at]web.de so we can compensate time, effort and HW costs.
[*] If you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 USD!
[*]
[*] adb connection will be reset. restart adb server on desktop and re-login.
$
F:\ADB>adb kill-server
F:\ADB>adb start-server
* daemon not running. starting it now *
* daemon started successfully *
F:\ADB>adb shell
#mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
Follow the following steps to install Superuser.apk, busybox,su
F:\ADB>adb shell
# cd /data/local/tmp
cd /data/local/tmp
# ./busybox cp busybox /system/bin
./busybox cp busybox /system/bin
# chmod 4755 /system/bin/busybox
chmod 4755 /system/bin/busybox
# busybox cp Superuser.apk /system/app
busybox cp Superuser.apk /system/app
# busybox cp su /system/bin
busybox cp su /system/bin
# chmod 4755 /system/bin/su
chmod 4755 /system/bin/su
# exit
exit
F:\ADB>adb shell
# su
su
#mount -o remount,ro -t yaffs2 /dev/block/mtdblock3 /system
# exit
exit
Click to expand...
Click to collapse
And below are the previous contents of this post, prior to editing.
-------------
Many respondents on this thread have indicated that the instructions don't work the first time. If you get to the step where you are supposed to get a root shell (#) but you instead get a non-root shell ($), start from the top and try the exploit once or twice more. Apparently if you are persistent it will work.
I'm also told these instructions are missing adb remount before the steps where you push busybox, su and so forth.
hmanxx said:
Tidy up step by step rooting
1) Getting rageagainstthecage-arm5.bin
http://stealth.openwall.net/xSports/RageAgainstTheCage.tgz
2) Getting Superuser.apk, busybox,su
http://forum.xda-developers.com/showthread.php?t=736271
Or
Find yourself..there are many floating around.
3) Rooting Process (Installing custom Recovery rom section is deleted to simplify illustration
Reference:http://forum.xda-developers.com/showpost.php?p=8120790&postcount=250
Code:
F:\ADB>adb push rageagainstthecage-arm5.bin /data/local/tmp/rageagainstthecage
263 KB/s (5392 bytes in 0.020s)
F:\ADB>adb shell chmod 700 /data/local/tmp/rageagainstthecage
F:\ADB>adb shell
$ cd /data/local/tmp
cd /data/local/tmp
$ ./rageagainstthecage
./rageagainstthecage
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3084, 3084}
[*] Searching for adb ...
[+] Found adb as PID 64
[*] Spawning children. Dont type anything and wait for reset!
[*]
[*] If you like what we are doing you can send us PayPal money to
[*] 7-4-3-C[at]web.de so we can compensate time, effort and HW costs.
[*] If you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 USD!
[*]
[*] adb connection will be reset. restart adb server on desktop and re-login.
$
F:\ADB>adb kill-server
F:\ADB>adb start-server
* daemon not running. starting it now *
* daemon started successfully *
F:\ADB>adb shell
#
Follow the following steps to install Superuser.apk, busybox,su
F:\ADB>adb shell
# cd /data/local/tmp
cd /data/local/tmp
# ./busybox cp busybox /system/bin
./busybox cp busybox /system/bin
# chmod 4755 /system/bin/busybox
chmod 4755 /system/bin/busybox
# busybox cp Superuser.apk /system/app
busybox cp Superuser.apk /system/app
# busybox cp su /system/bin
busybox cp su /system/bin
# chmod 4755 /system/bin/su
chmod 4755 /system/bin/su
# exit
exit
F:\ADB>adb shell
# su
su
# exit
exit
Click to expand...
Click to collapse

I too am interested in this info. Looking forward to any info provided....

There is detailed step-by-step info in many threads as to how to use the rageagainstthecage exploit to root your device, e.g.: http://forum.xda-developers.com/showpost.php?p=8300203&postcount=55
Why start a new thread?

efrant said:
There is detailed step-by-step info in many threads as to how to use the rageagainstthecage exploit to root your device, e.g.: http://forum.xda-developers.com/showpost.php?p=8300203&postcount=55
Why start a new thread?
Click to expand...
Click to collapse
Actually that's perfect, thanks.
I started a new thread because the step-by-step info is buried in other threads and many folks post questions asking about it because they can't find said guides. I figured if I could start a new thread with a proper title, it would be located more easily.

All the info is located in Nexus One Wiki, under "Guides" / "Rooting". Direct link to the post with complete data. So I still don't see any need for the post, that will be buried in forum depths. My signature..
But since you posted it, and it's more detailed - I'll change the link to point to it.
[edit 2] The Wiki is damn slow after the forum crash...
[edit 3] It refuses to accept the submit, complaining about "session data loss". Time to complain to admins..

Heh well if the Wiki is crashy at the moment, all the more reason to have a redundant post here.
If you look back to the linked posts, I was the one who suggested which instructions for ali3nfr3ak to follow after a successful push of rageagainstthecage, and then ali3nfr3ak reported success on FRG33, and then hmanxx seems to have stripped out the irrelevant/unnecessary lines. So it's teamwork =)
One thing I'm not sure of - I see the original "exploid"/"freenexus" instructions included a cleanup by removing /system/bin/rootshell. Should something similar be done after rageagainstthecage to clean up?

@ cmstlst This is a good idea, because when I did this I had like 3 different pages open as all the information was spread everywhere, hopefully this will make it easier for everyone to follow, good one

I used the steps posted here to restore root access to a Nexus One which had been previously rooted with 1-click. It was running stock FRF91. It was a fairly smooth process, especially since the update to FRG83 did not delete my Superuser.apk, su, or busybox files. The permissions had just been turned down, so with the RageAgainstTheCage exploit active, I was able to change the permissions as indicated and was off and running.
The only gotcha I ran into was that I had to mount the /system partition read/write before I could set permissions on the files there. After the exploit was active and I had shelled back into the phone via ADB, I issued the command
mount -o remount,rw -t yaffs2 /dev/block/mtdblock4 /system
for the read/write mount and was then able to turn up the permissions. And, in the interests of completeness, to mount /system read-only again afterward:
mount -o remount,ro -t yaffs2 /dev/block/mtdblock4 /system
Thanks much for consolidating the procedure where it was easy to find.

anyway to re-lock the Bootloader

highvista said:
The only gotcha I ran into was that I had to mount the /system partition read/write before I could set permissions on the files there. After the exploit was active and I had shelled back into the phone via ADB, I issued the command
mount -o remount,rw -t yaffs2 /dev/block/mtdblock4 /system
Click to expand...
Click to collapse
It's mtdblock3, not mtdblock4, though for some reason the mount worked for me even on 6. But in any case, much better and easier done using ADB command:
adb remount
Finally the Wiki is also back to work, the "Rooting FRG83" link is updated to point to this thread.

Here, the rageagainstthecage didn't work.
I followed these steps:
F:\ADB>adb push rageagainstthecage-arm5.bin /data/local/tmp/rageagainstthecage
263 KB/s (5392 bytes in 0.020s)
F:\ADB>adb shell chmod 700 /data/local/tmp/rageagainstthecage
F:\ADB>adb shell
$ cd /data/local/tmp
cd /data/local/tmp
$ ./rageagainstthecage
./rageagainstthecage[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3084, 3084}[*] Searching for adb ...
[+] Found adb as PID 64[*] Spawning children. Dont type anything and wait for reset![*][*] If you like what we are doing you can send us PayPal money to[*] 7-4-3-C[at]web.de so we can compensate time, effort and HW costs.[*] If you are a company and feel like you profit from our work,[*] we also accept donations > 1000 USD![*][*] adb connection will be reset. restart adb server on desktop and re-login.
$
F:\ADB>adb kill-server
F:\ADB>adb start-server
* daemon not running. starting it now *
* daemon started successfully *
F:\ADB>adb shell
#
Click to expand...
Click to collapse
But, I didn't get root shell (#), when I typed "adb shell" I still got ($).
I'm in FRG83, Android 2.2.1.
Any ideas?

cmstlist said:
Thanks to efrant for pointing the way to this guide.
Click to expand...
Click to collapse
Thank you for posting this. It was a big help. I lost my root after 2.2.1 and this worked great. I did have to execute the .bin file 3 times. The first time, I got $, and the second time as well. It was only on the 3rd execute that I got the # prompt. I read that others had the same problem, that it only worked after a few times.
highvista said:
I used the steps posted here to restore root access to a Nexus One which had been previously rooted with 1-click. It was running stock FRF91. It was a fairly smooth process, especially since the update to FRG83 did not delete my Superuser.apk, su, or busybox files. The permissions had just been turned down, so with the RageAgainstTheCage exploit active, I was able to change the permissions as indicated and was off and running.
The only gotcha I ran into was that I had to mount the /system partition read/write before I could set permissions on the files there. After the exploit was active and I had shelled back into the phone via ADB, I issued the command
mount -o remount,rw -t yaffs2 /dev/block/mtdblock4 /system
for the read/write mount and was then able to turn up the permissions. And, in the interests of completeness, to mount /system read-only again afterward:
mount -o remount,ro -t yaffs2 /dev/block/mtdblock4 /system
Thanks much for consolidating the procedure where it was easy to find.
Click to expand...
Click to collapse
Thank you for this. I was in the same situation and I was not able to set the premissions. Then I saw your post. I am not a Linux/Unix guy, so it was step-by-step for me. Curiously, why is it necessary to change the premission for su, busybox, etc.?
Thanks guys.

Atento said:
Here, the rageagainstthecage didn't work.
I followed these steps:
But, I didn't get root shell (#), when I typed "adb shell" I still got ($).
I'm in FRG83, Android 2.2.1.
Any ideas?
Click to expand...
Click to collapse
I had this, too. Like the above poster said, I got # after several tries. However something went wrong midway through the other steps from efrant, and I went back and lost #, only had $.
Also looking for ideas.

Xel'Naga said:
I had this, too. Like the above poster said, I got # after several tries. However something went wrong midway through the other steps from efrant, and I went back and lost #, only had $.
Also looking for ideas.
Click to expand...
Click to collapse
I would try the process over again from the beginning. Once you get the #, follow highvista's information to mount the file system as RW, and do the chmods. After you are done, re-mount as RO.

snovvman said:
I would try the process over again from the beginning. Once you get the #, follow highvista's information to mount the file system as RW, and do the chmods. After you are done, re-mount as RO.
Click to expand...
Click to collapse
Yup, had to reboot the device and try again about four times and then it finally all stuck. Now rooted on 2.2.1.

snovvman said:
Thank you for posting this. It was a big help. I lost my root after 2.2.1 and this worked great. I did have to execute the .bin file 3 times. The first time, I got $, and the second time as well. It was only on the 3rd execute that I got the # prompt. I read that others had the same problem, that it only worked after a few times.
Thank you for this. I was in the same situation and I was not able to set the premissions. Then I saw your post. I am not a Linux/Unix guy, so it was step-by-step for me. Curiously, why is it necessary to change the premission for su, busybox, etc.?
Thanks guys.
Click to expand...
Click to collapse
Thanks for your replies! I'm rooted now.
Thanks for all!!!

Hi OP,
You may want to edit your post #2, I have inserted the mounting commands in the thread i posted previously. this will help novice users to get thing right out of box without figuring why permission denied.
I have just tried out the additional mounting steps..things are working fine..
Tidy up step by step rooting
1) Getting rageagainstthecage-arm5.bin
http://stealth.openwall.net/xSports/...nstTheCage.tgz
2) Getting Superuser.apk, busybox,su
http://forum.xda-developers.com/showthread.php?t=736271
Or
Find yourself..there are many floating around.
3) Rooting Process (Installing custom Recovery rom section is deleted to simplify illustration
Reference:http://forum.xda-developers.com/show...&postcount=250
Code:
F:\ADB>adb push rageagainstthecage-arm5.bin /data/local/tmp/rageagainstthecage
263 KB/s (5392 bytes in 0.020s)
F:\ADB>adb shell chmod 700 /data/local/tmp/rageagainstthecage
F:\ADB>adb shell
$ cd /data/local/tmp
cd /data/local/tmp
$ ./rageagainstthecage
./rageagainstthecage[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3084, 3084}[*] Searching for adb ...
[+] Found adb as PID 64[*] Spawning children. Dont type anything and wait for reset![*][*] If you like what we are doing you can send us PayPal money to[*] 7-4-3-C[at]web.de so we can compensate time, effort and HW costs.[*] If you are a company and feel like you profit from our work,[*] we also accept donations > 1000 USD![*][*] adb connection will be reset. restart adb server on desktop and re-login.
$
F:\ADB>adb kill-server
F:\ADB>adb start-server
* daemon not running. starting it now *
* daemon started successfully *
F:\ADB>adb shell
#mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
Follow the following steps to install Superuser.apk, busybox,su
F:\ADB>adb shell
# cd /data/local/tmp
cd /data/local/tmp
# ./busybox cp busybox /system/bin
./busybox cp busybox /system/bin
# chmod 4755 /system/bin/busybox
chmod 4755 /system/bin/busybox
# busybox cp Superuser.apk /system/app
busybox cp Superuser.apk /system/app
# busybox cp su /system/bin
busybox cp su /system/bin
# chmod 4755 /system/bin/su
chmod 4755 /system/bin/su
# exit
exit
F:\ADB>adb shell
# su
su
#mount -o remount,ro -t yaffs2 /dev/block/mtdblock3 /system
# exit
exit

Thanks, I'll fix it up when I'm at a desktop computer again and less occupied by the Masters thesis I'm defending in just over 2 weeks
Sent from my Nexus One using XDA App

hehe oh noes. I gave the cage file a go 3 times, failed, so I got pissed and unlocked the bootloader, then now I read about the remounting of the file system.. didn't think about that.
well.. now I can't undo the unlocking :/

[DEV] Current Progress and Guides: CRACKED UBOOT!!! Roms and Kernels Comming Soon

This thread is designed for representation of the current progress on the Nook Tablet rooting and exploits, the second post will contain how to guides so you can learn to work on it for you self. REMEMBER I DO THIS FOR FUN, please respect the thread as well as others opinions
OLD UPDATES AT THE END OF THIS POST.
First off if you haven’t read the wiki yet to know what is currently in the device you should look here.
Also you should look at the http://www.nooktabletdev.orgfor information on the Nook Tablet Development process. - Thanks to dj_segfault
Rooting Scripts​Windows: Root, OTA block, De-bloat, Gapps Thanks to Indirect
Mac/Linux: Rooting script Thanks to t-r-i-c-k
Mac/Linux: Root,OTA Block, Gapps
CURRENT PROGRESS
adb connection: COMPLETE
adb root: COMPLETE
busybox:COMPLETE
permanent root: COMPLETE BY INDIRECT
GApps and Market: COMPLETE BY INDIRECT & Anlog
recovery mode: COMPLETE BY nemith
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
THANKS TO NEMITH
bootloader: Locked and Signed Irrelevant
uboot: CRACKED BY BAUWKS
THANKS TO BAUWKS​
Loglud said:
bauwks method uses the flashing_boot.img to his advantage, and since it is not checked by security, effectively he has made an insecure uboot. While this is not an unlocked bootloader, it is a way to get around the security, and enable custom recovery and higher level processes to be run.
I have been looking at this line of code for a long time, and as im sure hkvc and bauwks saw it is a large (but 100% necessary) flaw:
distro/u-boot/board/omap4430sdp/mmc.c: 559 : setenv ("bootcmd", "setenv setbootargs setenv bootargs ${sdbootargs}; run setbootargs; mmcinit 0; fatload mmc 0:1 0x81000000 flashing_boot.img; booti 0x81000000");
Without this line of code, it would be impossible for any one but the factory whom could JTAG flash (but since it is secured, most likely they also have to make a flashing_boot.img).
Click to expand...
Click to collapse
12/9/11:
UBUNTU is here, thanks to ADAMOUTLER
http://www.youtube.com/watch?v=PwUg17pVWBs&hd=1
Keep in mind this is only an overlay verson but it is prof that one day we might be able to push roms and kernels over existing ones, then hijack then (next work) and then use them.​
Please PM me or post if you know anything else, and or want to add anything.

Usefull threads
Usefull threads:
ROOTING:
Full root for Nook Tablet. [11/20/11] [Yes this is a permanent root!] Thanks to indirect
Noot Tablet - Easy root & Market on MAC (1 download, 1 script to run) Thanks to t-r-i-c-k
[Windows/Linux] Unroot and uninstall gApps for the nook tablet [Scripts] Thanks to indirect
MODS to Default Rom:
[Full Mod + Root + OTA block] Snowball-mod: Full Modification Root [1/6/2012] Thanks to cfoesch
[DEV][WIP] Enable init.d scripts and build.prop mods for Nook Tablet! Thanks to [DEV][WIP] Enable init.d scripts and build.prop mods for Nook Tablet! 1 Attachment(s) (Multi-page thread 1 2 3 ... Last Page)
Originally Posted By: diamond_lover
Kernels:​Coming Soon​
ROMS:​Coming Soon​
APPS:
[Tutorial][WIP] Installing alternative Keyboards on the NT. Thanks to robertely
[DEV] - HomeCatcher Redirect n Button to any Launcher Thanks to gojimi
Hidden Settings App Updated 12/30/11 Thanks to brianf21
Replacement SystemUI.apk v2: Permanent back and menu buttons, n as Home button Thanks to revcompgeek
DEVELOPMENT:
[Dev]Files of interest in the system Thanks to indirect
[REF] Nook Tablet Source Code Thanks to diamond_lover
BHT Installer (Basic Hacking Tools) Thanks to AdamOutler
[Stock Firmware]Restore Barnes & Nobel Nook 1.4.0 from SDCard Thanks to AdamOutler​

Guides
Table of Contents
Enableing adb Connection (eab1)
Rooting using zergRush (rug2)
Installing busyboxy (ibb3)
Permanent root (pr4) THANKS TO INDIRECT
Installing GApps (aga5) THANKS TO ANLOG
Full system restore/wipe (fsr6) THANKS TO INDIRECT
Enableing adb Connection (eab1)
Install the andriod SDK that is required for your Operating system.
NOTE: This will requries the SDK, and JDK both of which can be downloaded by clicking the links, downloading and installing it.
Run the andriod SDK Manager and Install "Andriod SDK Platform-tools"
[*]Modify your adb_usb.ini file to read such as the following:
Code:
# ANDROID 3RD PARTY USB VENDOR ID LIST -- DO NOT EDIT.
# USE 'android update adb' TO GENERATE.
# 1 USB VENDOR ID PER LINE.
0x2080
This will be in your /home/{username}/.andriod/ folder for mac and linux
This will be in your C:/Users/{username}/.andriod folder for Windows.
ADB is now enabled for your device, however it is not ON your device. YOU MUST DO THIS EVERY TIME YOU WISH TO ADB INTO YOUR DEVICE.
[*]To do this you will need to download any app, and attempt to install it.
You can use this app if you need.
[*]Click on the Package Installer, and then a prompt will pop up asking if you want change the settings to allow 3rd party apps.
*DO NOT ENABLE IF YOU WISH TO ACCESS ADB*
I am working on a way to have it enabled by default.
[*]In the settings page you should see *2* USB Debuggin modes.
[*]Press them both and accept the prompt.
[*]PLUG IN YOUR DEVICE.
Note* You should see the Android Development icon on the bottom of the screen.
ADB will now be able to see your device. How ever you will need to restart the server before it sees it.
Rooting using zergRush (rug2)
This is for the poeople whom have access to adb. You will also need this file. Unzip the file.
Type in the following command (while in the folder with the zergRush Binary):
Code:
adb push ./zergRush /data/local
[*]Once thats installed run this:
Code:
adb shell chmod 777 /data/local/tmp
[*]And lastly:
Code:
adb shell /data/local/zergRush
[*]You are now rooted (only for this reboot)
Installing busyboxy (ibb3)
You will need root and the following busybox file.
Type in the following command while in the location where busy box was downloaded to:
Code:
adb push ./busybox /data/local
[*]Busybox works by calling binaries from a file outside of /system/bin/. We must make this file by issuing the following command:
Code:
adb shell mkdir /data/busybox
[*]Lets make sure we can install busybox without permission probles:
Code:
adb shell chmod 777 /data/local/busybox
[*]Next install busybox in the folder:
Code:
adb shell /data/local/busybox --install
[*]We now need to take the /system/folder, and mount it as a writeable folder:
Code:
adb shell mount -rw -o remount /dev/block/platform/mmci-omap-hs.1/by-name/system /system
[*]Link it into bin:
Code:
adb shell ln -s /data/local/busybox /system/bin/busybox
You now have busybox installed
Permanent root (pr4)
THANKS TO INDIRECT for Files and Scripts
We will need SU and Superuser.apk
First we need to install the Superuser.apk:
Code:
adb wait-for-device install Superuser.apk
adb remount
[*]Next lets go ahead and push the su application up to the /data/local/ folder
Code:
adb push su /data/local/
[*]Next we will need to change the permissions and cp su from the /data/local/ folder to the /system/bin/
Code:
adb shell chmod 4755 /data/local/su;mount -o remount,rw /dev/block/platform/mmci-omap-hs.1/by-name/system /system;busybox cp /data/local/su /system/bin
Installing GApps (eab1)
THANKS TO ANALOG and INDIRECT for Scripts
First things first we need to download the GAPPS. The most reacent one is this one or get the most recent one here.
[*] Unzip and navigate to the most root folder of that package in your shell.
[*]We need to verify that adb is booting into root. To do this we can issue the command:
Code:
adb shell id
If id doesn't return root then you will need to re-zergRush your device
[*]Now it is time for us to export the apps to the directories.
Code:
adb shell mount -o remount,rw /dev/block/platform/mmci-omap-hs.1/by-name/system /system
adb push system/app/CarHomeGoogle.apk /system/app/
adb shell chmod 644 /system/app/CarHomeGoogle.apk
adb push system/app/FOTAKill.apk /system/app/
adb shell chmod 644 /system/app/FOTAKill.apk
adb push system/app/GenieWidget.apk /system/app/
adb shell chmod 644 /system/app/GenieWidget.apk
adb push system/app/GoogleBackupTransport.apk /system/app/
adb shell chmod 644 /system/app/GoogleBackupTransport.apk
adb push system/app/GoogleCalendarSyncAdapter.apk /system/app/
adb shell chmod 644 /system/app/GoogleCalendarSyncAdapter.apk
adb push system/app/GoogleContactsSyncAdapter.apk /system/app/
adb shell chmod 644 /system/app/GoogleContactsSyncAdapter.apk
adb push system/app/GoogleFeedback.apk /system/app/
adb shell chmod 644 /system/app/GoogleFeedback.apk
adb push system/app/GooglePartnerSetup.apk /system/app/
adb shell chmod 644 /system/app/GooglePartnerSetup.apk
adb push system/app/GoogleQuickSearchBox.apk /system/app/
adb shell chmod 644 /system/app/GoogleQuickSearchBox.apk
adb push system/app/GoogleServicesFramework.apk /system/app/
adb shell chmod 644 /system/app/GoogleServicesFramework.apk
adb push system/app/LatinImeTutorial.apk /system/app/
adb shell chmod 644 /system/app/LatinImeTutorial.apk
adb push system/app/MarketUpdater.apk /system/app/
adb shell chmod 644 /system/app/MarketUpdater.apk
adb push system/app/MediaUploader.apk /system/app/
adb shell chmod 644 /system/app/MediaUploader.apk
adb push system/app/NetworkLocation.apk /system/app/
adb shell chmod 644 /system/app/NetworkLocation.apk
adb push system/app/OneTimeInitializer.apk /system/app/
adb shell chmod 644 /system/app/OneTimeInitializer.apk
adb push system/app/Talk.apk /system/app/
adb shell chmod 644 /system/app/Talk.apk
adb push system/app/Vending.apk /system/app/
adb shell chmod 644 /system/app/CarHomeGoogle.apk
adb push system/etc/permissions/com.google.android.maps.xml /system/etc/permissions/
adb push system/etc/permissions/features.xml /system/etc/permissions/
adb push system/framework/com.google.android.maps.jar /system/framework/
adb push system/lib/libvoicesearch.so /system/lib/
Now you have GApps installed from Anlog's. All Credits go to him and Indirect
Full system restore/wipe (fsr6)
THANKS TO INDIRECT
WARNING THIS WILL WIPE YOUR ENTIRE FILESYSTEM!!!
Go into adb shell or terminal emulator.
Issue command:
Code:
echo -n '0000' > /bootloader/BootCnt
Next reboot your device by conventional methods or issue:
Code:
reboot
Your nook will now restart and tell you it is resetting.
You now have a clean slate!

Got some links for howto's on the adb connection/root.

Yeah - if someone has details on how to adb connect and root, it'd be helpful to include links. I've yet to see specifics for either.

Reserved
Sent from Tapatalk, NOOK Color CM7 Nightly's!

I aplogize im still typing them up

Damn loglud, I ended up beating you to the root lol. Sorry about that! D:

The Droid 2 and Droid X had locked bootloaders with the 'e-fuse' and Koush got around them and installed CWM with this...
http://www.koushikdutta.com/2010/08/droid-x-recovery.html
What do you guys think? I don't have a NT yet to try anything (probably won't get one until sometime around x-mas).

l
Indirect said:
Damn loglud, I ended up beating you to the root lol. Sorry about that! D:
Click to expand...
Click to collapse
Its no problem at all. Hints why i posted these guides. I was hoping someone wouod figure it out. I found it last night too. It sucked cause im now back at my childhood home trying to get my macbook pro to boot fedora and windows. Im gonna repackage the root with Superoneclick. Thanks so much for your effort. Would you mind if i added that to the guides?

Loglud said:
l
Its no problem at all. Hints why i posted these guides. I was hoping someone wouod figure it out. I found it last night too. It sucked cause im now back at my childhood home trying to get my macbook pro to boot fedora and windows. Im gonna repackage the root with Superoneclick. Thanks so much for your effort. Would you mind if i added that to the guides?
Click to expand...
Click to collapse
Superoneclick...love!
Sent from my Nook Tablet using Tapatalk

Loglud said:
l
Its no problem at all. Hints why i posted these guides. I was hoping someone wouod figure it out. I found it last night too. It sucked cause im now back at my childhood home trying to get my macbook pro to boot fedora and windows. Im gonna repackage the root with Superoneclick. Thanks so much for your effort. Would you mind if i added that to the guides?
Click to expand...
Click to collapse
Not at all so long as you give proper credits.

Loglud said:
This thread is designed for representation of the current progress on the Nook Tablet rooting and exploits, the second post will contain how to guides so you can learn to work on it for you self.
First off if you haven’t read the wiki yet to know what is currently in the device you should look here.
CURRENT PROGRESS
adb connection: COMPLETE
adb root: COMPLETE
busybox: COMPLETE
permanent root: IN PROGRESS
bootloader: Locked and Signed
By the bootloader being locked and signed it is very difficult to design anything that will boot besides nook roms. In order to solve this some of the Devs have suggested the following:
kexec: RESEARCHING
2nd init: RESEARCHING
CWM: NOT STARTED
Please PM me or post if you know anything else, and or want to add anything.
Click to expand...
Click to collapse
hopefully it is cracked soon cause i dont want to buy this if i can't have a full custom rom, all of the verizon motorola phones run roms off of 2nd init and it just isnt the same to be honest. you can never run a full custom rom with second init(well you can but you have to build the rom to fit the kernel) and honestly i want my device to be mine
you should tweet cvpcs or someone who makes and maintains 2nd init roms to get more info on it though

Can't get busybox installed
I'm stuck... I get errors for #3 for busybox... errors like...
Code:
$ adb shell /data/local/busybox --install
busybox: /data/busybox/[: No such file or directory
busybox: /data/busybox/[[: No such file or directory
busybox: /data/busybox/addgroup: No such file or directory
.....
busybox: /data/busybox/yes: No such file or directory
busybox: /data/busybox/zcat: No such file or directory
busybox: /data/busybox/zcip: No such file or directory
So I logged into root via adb shell, set busybox permissions to execute and tried that but same messages?!
Also, adb won't let me 'remount' - (I thought i'd try to copy it direct to /system/bin)?
(I'm running from OSX, if that matters)
EDIT: and of course I'm getting...
Code:
$ adb shell ln -s /data/local/busybox /system/bin/busybox
link failed Read-only file system
$ adb remount
remount failed: Operation not permitted

kgingeri said:
I'm stuck... I get errors for #3 for busybox... errors like...
Code:
$ adb shell /data/local/busybox --install
busybox: /data/busybox/[: No such file or directory
busybox: /data/busybox/[[: No such file or directory
busybox: /data/busybox/addgroup: No such file or directory
.....
busybox: /data/busybox/yes: No such file or directory
busybox: /data/busybox/zcat: No such file or directory
busybox: /data/busybox/zcip: No such file or directory
So I logged into root via adb shell, set busybox permissions to execute and tried that but same messages?!
Also, adb won't let me 'remount' - (I thought i'd try to copy it direct to /system/bin)?
(I'm running from OSX, if that matters)
EDIT: and of course I'm getting...
Code:
$ adb shell ln -s /data/local/busybox /system/bin/busybox
link failed Read-only file system
$ adb remount
remount failed: Operation not permitted
Click to expand...
Click to collapse
Sorry it took me so long to get back to you. I have updatd my guide to help you out. First of you will need to make the busybox directory, then change the permissions of the binary file, then run the install. You will then have to mount -rw

Still some glitches installing busybox...
Loglud said:
Sorry it took me so long to get back to you. I have updatd my guide to help you out. First of you will need to make the busybox directory, then change the permissions of the binary file, then run the install. You will then have to mount -rw
Click to expand...
Click to collapse
Thanks Loglud, but I still had trouble using adb. It's like I don't have root from adb? I get permission errors on mkdir and remounting etc?
Weird that the 'adb shell mkdir /data/busybox' gave me permission errors?! It did work fine with the interactive adb shell - weird!?
After the initial 'push' command, I could install via:
Code:
mac-osx$ adb shell
$ su root
# cd /data/local
# chmod 755 busybox
# ls -l
-rwxr-xr-x shell shell 1745016 2011-11-21 00:21 busybox
# mount -rw -o remount /dev/block/platform/mmci-omap-hs.1/by-name/system /system
# mkdir ../busybox
# ./busybox --install
Also, is the line:
Code:
# ln -s /data/local/busybox /system/bin/busybox
not supposed to be
Code:
# ln -s /data/busybox /system/bin/busybox
Things went weird on me in the final step, but I did manage to get all the hard linked busybox files to show up in /system/bin eventually, so I'm a happy camper.
EDIT: PS my mount on data is as follows..
Code:
# mount|grep /data
/dev/block/platform/mmci-omap-hs.1/by-name/userdata /data ext4 rw,nosuid,nodev,noatime,errors=panic,barrier=1,data=ordered 0 0
EDIT2:
Hmmm... seems like maybe my /data folder has weird permissions - if so not sure why?...
Code:
# cd /
# ls -l | grep '\<data\>'
drwxrwx--x system system 2011-11-21 18:25 data
# chmod 777 data

kgingeri said:
Thanks Loglud, but I still had trouble using adb. It's like I don't have root from adb? I get permission errors on mkdir and remounting etc?
Weird that the 'adb shell mkdir /data/busybox' gave me permission errors?! It did work fine with the interactive adb shell - weird!?
After the initial 'push' command, I could install via:
Code:
mac-osx$ adb shell
$ su root
# cd /data/local
# chmod 755 busybox
# ls -l
-rwxr-xr-x shell shell 1745016 2011-11-21 00:21 busybox
# mount -rw -o remount /dev/block/platform/mmci-omap-hs.1/by-name/system /system
# mkdir ../busybox
# ./busybox --install
Also, is the line:
Code:
# ln -s /data/local/busybox /system/bin/busybox
not supposed to be
Code:
# ln -s /data/busybox /system/bin/busybox
Things went weird on me in the final step, but I did manage to get all the hard linked busybox files to show up in /system/bin eventually, so I'm a happy camper.
EDIT: PS my mount on data is as follows..
Code:
# mount|grep /data
/dev/block/platform/mmci-omap-hs.1/by-name/userdata /data ext4 rw,nosuid,nodev,noatime,errors=panic,barrier=1,data=ordered 0 0
EDIT2:
Hmmm... seems like maybe my /data folder has weird permissions - if so not sure why?...
Code:
# cd /
# ls -l | grep '\<data\>'
drwxrwx--x system system 2011-11-21 18:25 data
# chmod 777 data
Click to expand...
Click to collapse
ok so whats happening? i modified the guides and i was hopping that would help you. The command is
Code:
# ln -s /data/local/busybox /system/bin/busybox
and as for your permissions it seems as though your root since your in the # shell but, you have to change the permissions on your /system folder not the /data folder the permsisions on the data file should be fine since i think shell is a member of system, so you can put all your data in there.

Loglud said:
ok so whats happening? i modified the guides and i was hopping that would help you. The command is
Code:
# ln -s /data/local/busybox /system/bin/busybox
and as for your permissions it seems as though your root since your in the # shell but, you have to change the permissions on your /system folder not the /data folder the permsisions on the data file should be fine since i think shell is a member of system, so you can put all your data in there.
Click to expand...
Click to collapse
Yeah, I'm root in the 'adb shell' because I 'su root' but adb commands fail from the Mac shell. I'll reboot my NT and give you the script. My /data permissions get reset when I reboot...
Here you are as it happens
MBAir$ ls busybox
busybox
MBAir$ adb push ./busybox /data/local
2881 KB/s (1745016 bytes in 0.591s)
MBAir$ adb shell mkdir /data/busybox
mkdir failed for /data/busybox, Permission denied​
Of course there is no point continuing until I do the following...
MBAir$ adb shell
$ su root
# chmod 777 /data
# exit
$ exit
MBAir$ adb shell mkdir /data/busybox
MBAir$ adb shell chmod 777 /data/local/busybox
MBAir$ adb shell /data/local/busybox --install
MBAir$ adb shell mount -rw -o remount /dev/block/platform/mmci-omap-hs.1/by-name/system /system
mount: Operation not permitted​
To get around the last error, I had to do another 'adb shell', 'su root' and do 'ln' commands manually.
(I actually ran a shell 'for loop' on the tablet, using all files found in /data/busybox as a list and issued ln commands for each against a copy of busybox in /system/bin)

kgingeri said:
Yeah, I'm root in the 'adb shell' because I 'su root' but adb commands fail from the Mac shell. I'll reboot my NT and give you the script. My /data permissions get reset when I reboot...
Here you are as it happens
MBAir$ ls busybox
busybox
MBAir$ adb push ./busybox /data/local
2881 KB/s (1745016 bytes in 0.591s)
MBAir$ adb shell mkdir /data/busybox
mkdir failed for /data/busybox, Permission denied​
Of course there is no point continuing until I do the following...
MBAir$ adb shell
$ su root
# chmod 777 /data
# exit
$ exit
MBAir$ adb shell mkdir /data/busybox
MBAir$ adb shell chmod 777 /data/local/busybox
MBAir$ adb shell /data/local/busybox --install
MBAir$ adb shell mount -rw -o remount /dev/block/platform/mmci-omap-hs.1/by-name/system /system
mount: Operation not permitted​
To get around the last error, I had to do another 'adb shell', 'su root' and do 'ln' commands manually.
(I actually ran a shell 'for loop' on the tablet, using all files found in /data/busybox as a list and issued ln commands for each against a copy of busybox in /system/bin)
Click to expand...
Click to collapse
re run zergRush exploit. your adb shell is defaulting to the shell username. by rerunning the zergy you will allow for yourself to use the adb shell as root. make sure you dont run it as the root user though. you are also more then welcome to hop in irc and ask questions.

Any one having difficulty rooting or see anything that needs to be updated?

[Q] su only working from adb on 'rooted' Galaxy Tab 2

I used clockworkmod recovery and the cwm-root-gtab2.zip package to root my Tab 2. su appears to be installed ok, and I can get root permissions by running it from an adb shell:
~ $ adb shell
[email protected]:/ $ id
uid=2000(shell) gid=2000(shell) groups=1003(graphics),1004(input),1007(log),1009(mount),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats)
[email protected]:/ $ su
[email protected]:/ # id
uid=0(root) gid=0(root) groups=1003(graphics),1004(input),1007(log),1009(mount),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats)
[email protected]:/ # ls -la /system/bin/su
-rwsr-sr-x root shell 22364 2008-08-01 12:00 su
[email protected]:/ #
So the su binary is present and has setuid bit set on its permissions. But if I run it from a SSH session, or via a terminal emulator on the Tab itself, I get permission error:
[email protected]:/ $ su
Permission denied
1|[email protected]:/ $
Various root checking apps report similar problems. What am I doing wrong? Other threads suggest steps to recreate the su binary with the correct 6755 permissions, but as far as I can see, everything is already as it should be permissions-wise.
Thanks.

Wrong section. This here is only for Tab 1.

same problem
hanspampel said:
Wrong section. This here is only for Tab 1.
Click to expand...
Click to collapse
I cannot find a better match for my situation than this. Any luck? Please link if your post was moved elsewhere.

jphilli85 said:
I cannot find a better match for my situation than this. Any luck? Please link if your post was moved elsewhere.
Click to expand...
Click to collapse
Well, given the description (even though the OP was for the Gtab 2), I'd try the full path to the su binary.
If "ls -l /system/bin/su shows
-rwsr-sr-x root shell 22364 2008-08-01 12:00 su
then I would try
$ /system/bin/su
and see if it works - there may be another "su" on your $PATH.
If that's not it, then check that your user account has execute permissions to /system and /system/bin

Pulling build.prop with ADB

Hi,
Finally I can enter recovery mode after messing up with build.prop on Xperia Tablet S
tablet is visible in ADB as
C:\Users\Amiga\Desktop\adb>adb devices
List of devices attached
0123456789ABCDEF recovery
but rest of the commands doesn't work
C:\Users\Amiga\Desktop\adb>adb shell
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
error: closed
So I don't know how to pull out build.prop from Tablet

Amiga4ever123 said:
Hi,
Finally I can enter recovery mode after messing up with build.prop on Xperia Tablet S
tablet is visible in ADB as
C:\Users\Amiga\Desktop\adb>adb devices
List of devices attached
0123456789ABCDEF recovery
but rest of the commands doesn't work
C:\Users\Amiga\Desktop\adb>adb shell
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
error: closed
So I don't know how to pull out build.prop from Tablet
Click to expand...
Click to collapse
The reason you are getting the "error: closed" message is because the version of System Recovery installed on your tablet inhibits ADB from accessing the tablet's file system. You are not going to be able to pull or push the build.prop file.

Ok I can't use ADb so how can I replace faulty build.prop file or make recovery? Any ZIP file that I can put on SD card?

Amiga4ever123 said:
Ok I can't use ADb so how can I replace faulty build.prop file or make recovery? Any ZIP file that I can put on SD card?
Click to expand...
Click to collapse
You can try copying an OTA update file to an SD card and using System Recovery to install it, but I do not believe doing that will work. I believe you have bricked your tablet to the point where you have to send your tablet to Sony for repair.

Cat McGowan said:
You can try copying an OTA update file to an SD card and using System Recovery to install it, but I do not believe doing that will work. I believe you have bricked your tablet to the point where you have to send your tablet to Sony for repair.
Click to expand...
Click to collapse
So its very easy to brick this amazing sony device

Cat McGowan said:
The reason you are getting the "error: closed" message is because the version of System Recovery installed on your tablet inhibits ADB from accessing the tablet's file system. You are not going to be able to pull or push the build.prop file.
Click to expand...
Click to collapse
Hi cat tried to PM you but can?t do it...
Can you teach me how to copy/restore (pull and or push) the original build.prop in my cell (now bricked) i had the original file (buil.prop) inside it... i am learning about adb commands. thanksss. The main problem I have: An issue with ADB VCOM drivers (in windows) (tried in a couple of PCS, the device manager "see" the vcom preloader only a little moment (when connect the cell with usb cable) and then dissapear... then with command adb devices: no devices found... can you help me?

federimau said:
Hi cat tried to PM you but can?t do it...
Can you teach me how to copy/restore (pull and or push) the original build.prop in my cell (now bricked) i had the original file (buil.prop) inside it... i am learning about adb commands. thanksss. The main problem I have: An issue with ADB VCOM drivers (in windows) (tried in a couple of PCS, the device manager "see" the vcom preloader only a little moment (when connect the cell with usb cable) and then dissapear... then with command adb devices: no devices found... can you help me?
Click to expand...
Click to collapse
The reason ADB is reporting no devices are found may be because (1) your device is bricked, which probably means you are not going to be able to pull/push files from/to your device, (2) you do not have ADB drivers for your device properly installed on your PC, and/or (3) you do not have USB debugging enabled in your tablet's Developer options settings.
It's good you are learning how to use ADB and there are plenty of ADB tutorials to be found via Google, etc.; e.g., HERE.
Here is what you specifically ask for.
Pulling the build.prop file from your tablet to your PC is easy, just use these commands.
Code:
adb wait-for-device
adb pull /system/build.prop
adb kill-server
Pushing the build.prop file from your PC to your tablet is more complicated.
(1) Your tablet must have root access. If it doesn't, attempts at pushing the file to your tablet's /system directory will fail.
(2) Along with having root access, you must have SuperSU or Superuser, and Busybox installed on the tablet.
(3) You have to temporarily set your tablet's /system directory's properties from RO to RW, which must be done quickly because your tablet's OS monitors the /system directory's properties and will reboot the tablet if it detects the directory's properties have been changed from RO.
(4) To issue the ADB commands as quickly as possible, the commands must be put into a DOS batch command script file. For example, create and run a batch file named doit.bat containing the following commands.
Code:
adb wait-for-device
adb push build.prop /build.prop
adb shell "su -c 'stop ric'"
adb shell "su -c 'busybox pkill -f /sbin/ric'"
adb shell "su -c 'mount -ro remount,rw /'"
adb shell "su -c 'chmod 0440 /sbin/ric'"
adb shell "su -c 'stop ric'"
adb shell "su -c 'busybox pkill -f /sbin/ric'"
adb shell "su -c 'mount -ro remount,rw /system'"
adb shell "su -c 'busybox cp -af /build.prop /system/build.prop'"
adb shell "su -c 'chmod 0744 /system/build.prop'"
adb shell "su -c 'rm /build.prop'"
adb shell "exit"
adb kill-server
Good luck.

Cat McGowan said:
The reason ADB is reporting no devices are found may be because (1) your device is bricked, which probably means you are not going to be able to pull/push files from/to your device, (2) you do not have ADB drivers for your device properly installed on your PC, and/or (3) you do not have USB debugging enabled in your tablet's Developer options settings.
It's good you are learning how to use ADB and there are plenty of ADB tutorials to be found via Google, etc.; e.g., HERE.
Here is what you specifically ask for.
Pulling the build.prop file from your tablet to your PC is easy, just use these commands.
Code:
adb wait-for-device
adb pull /system/build.prop
adb kill-server
Pushing the build.prop file from your PC to your tablet is more complicated.
(1) Your tablet must have root access. If it doesn't, attempts at pushing the file to your tablet's /system directory will fail.
(2) Along with having root access, you must have SuperSU or Superuser, and Busybox installed on the tablet.
(3) You have to temporarily set your tablet's /system directory's properties from RO to RW, which must be done quickly because your tablet's OS monitors the /system directory's properties and will reboot the tablet if it detects the directory's properties have been changed from RO.
(4) To issue the ADB commands as quickly as possible, the commands must be put into a DOS batch command script file. For example, create and run a batch file named doit.bat containing the following commands.
Code:
adb wait-for-device
adb push build.prop /build.prop
adb shell "su -c 'stop ric'"
adb shell "su -c 'busybox pkill -f /sbin/ric'"
adb shell "su -c 'mount -ro remount,rw /'"
adb shell "su -c 'chmod 0440 /sbin/ric'"
adb shell "su -c 'stop ric'"
adb shell "su -c 'busybox pkill -f /sbin/ric'"
adb shell "su -c 'mount -ro remount,rw /system'"
adb shell "su -c 'busybox cp -af /build.prop /system/build.prop'"
adb shell "su -c 'chmod 0744 /system/build.prop'"
adb shell "su -c 'rm /build.prop'"
adb shell "exit"
adb kill-server
Good luck.
Click to expand...
Click to collapse
Wowww Cat, you are the one!! Thanks in Advance
The main problem I have: An issue with device recognition in windows PC... driver ADB VCOM MTK 6592 (tried in different PCS windows Xp and 8) (the device manager "see" the vcom preloader but only a little moment (in the first instant when connect the cell (cell off) with usb cable) and then dissapear (disconnect) the vcom preloader... I think If I can reach the way to get this connection running ok I can progress with this... will fight hard...
When I type the command adb devices, result: no devices found...
Tried to upgrade the vcom drivers (when i can catch it in the active state in device manager)... nothing
Tried to "on" the phone... nothing
Tried to flash a new ROM from Recovery (MIUI or Feelingme 078)... ERROR installation aborted
I can see this effect (with usbview): the usb is recognized in the PC (but just for a little moment at the instant when plug it), then disconnect...
I need to recover the original build.prop.bak from coolpad memory, rename it to build.prop and send it to coolpad again...
I think i can flash (from recovery) an original build. prop (packed as update.zip) doing the wipes and apply update from sdcard)... anyone can assist me on this?
This new 9976A item comes to me with 048 version, custom buid version 265 and rooted from factory...
Anyone can please help me?

Cat McGowan said:
The reason ADB is reporting no devices are found may be because (1) your device is bricked, which probably means you are not going to be able to pull/push files from/to your device, (2) you do not have ADB drivers for your device properly installed on your PC, and/or (3) you do not have USB debugging enabled in your tablet's Developer options settings.
It's good you are learning how to use ADB and there are plenty of ADB tutorials to be found via Google, etc.; e.g., HERE.
Here is what you specifically ask for.
Pulling the build.prop file from your tablet to your PC is easy, just use these commands.
Code:
adb wait-for-device
adb pull /system/build.prop
adb kill-server
Pushing the build.prop file from your PC to your tablet is more complicated.
(1) Your tablet must have root access. If it doesn't, attempts at pushing the file to your tablet's /system directory will fail.
(2) Along with having root access, you must have SuperSU or Superuser, and Busybox installed on the tablet.
(3) You have to temporarily set your tablet's /system directory's properties from RO to RW, which must be done quickly because your tablet's OS monitors the /system directory's properties and will reboot the tablet if it detects the directory's properties have been changed from RO.
(4) To issue the ADB commands as quickly as possible, the commands must be put into a DOS batch command script file. For example, create and run a batch file named doit.bat containing the following commands.
Code:
adb wait-for-device
adb push build.prop /build.prop
adb shell "su -c 'stop ric'"
adb shell "su -c 'busybox pkill -f /sbin/ric'"
adb shell "su -c 'mount -ro remount,rw /'"
adb shell "su -c 'chmod 0440 /sbin/ric'"
adb shell "su -c 'stop ric'"
adb shell "su -c 'busybox pkill -f /sbin/ric'"
adb shell "su -c 'mount -ro remount,rw /system'"
adb shell "su -c 'busybox cp -af /build.prop /system/build.prop'"
adb shell "su -c 'chmod 0744 /system/build.prop'"
adb shell "su -c 'rm /build.prop'"
adb shell "exit"
adb kill-server
Good luck.
Click to expand...
Click to collapse
Cat i will need to pull the backup file... then the code i need is... (please monitor it for me)
adb wait-for-device
adb pull /system/build.prop.bak
adb kill-server
and... when you push the correct and original file
adb wait-for-device
adb push build.prop /build.prop
is it ok? or the path is this?
adb push build.prop /system/build.prop
(if there are a build.prop in the device this will overwrite it?

federimau said:
Cat i will need to pull the backup file... then the code i need is... (please monitor it for me)
adb wait-for-device
adb pull /system/build.prop.bak
adb kill-server
and... when you push the correct and original file
adb wait-for-device
adb push build.prop /build.prop
is it ok? or the path is this?
adb push build.prop /system/build.prop
(if there are a build.prop in the device this will overwrite it?
Click to expand...
Click to collapse
adb push build.prop /system/build.prop

Cat McGowan said:
adb push build.prop /system/build.prop
Click to expand...
Click to collapse
Thanks cat, as i say, the main problem in this case is: i have a short window of time when the windows PC see the driver in the device manager... then disconnects... do you have any idea what can i do to establish this connection betweeen the android device and the computer without interruption?
---------- Post added at 05:22 PM ---------- Previous post was at 05:12 PM ----------
Cat McGowan said:
adb push build.prop /system/build.prop
Click to expand...
Click to collapse
cat, i´m doing 2 bat files (edited with notepad, is this correct?)
one file: pull.bat
with code
adb wait-for-device
adb pull /system/build.prop.bak
adb kill-server
another file: push.bat
with code
adb wait-for-device
adb push build.prop /system/build.prop
adb shell "su -c 'stop ric'"
adb shell "su -c 'busybox pkill -f /sbin/ric'"
adb shell "su -c 'mount -ro remount,rw /'"
adb shell "su -c 'chmod 0440 /sbin/ric'"
adb shell "su -c 'stop ric'"
adb shell "su -c 'busybox pkill -f /sbin/ric'"
adb shell "su -c 'mount -ro remount,rw /system'"
adb shell "su -c 'busybox cp -af /build.prop /system/build.prop'"
adb shell "su -c 'chmod 0744 /system/build.prop'"
adb shell "su -c 'rm /build.prop'"
adb shell "exit"
adb kill-server
what do you think?
---------- Post added at 05:51 PM ---------- Previous post was at 05:22 PM ----------
federimau said:
Thanks cat, as i say, the main problem in this case is: i have a short window of time when the windows PC see the driver in the device manager... then disconnects... do you have any idea what can i do to establish this connection betweeen the android device and the computer without interruption?
---------- Post added at 05:22 PM ---------- Previous post was at 05:12 PM ----------
cat, i´m doing 2 bat files (edited with notepad, is this correct?)
one file: pull.bat
with code
adb wait-for-device
adb pull /system/build.prop.bak
adb kill-server
another file: push.bat
with code
adb wait-for-device
adb push build.prop /system/build.prop
adb shell "su -c 'stop ric'"
adb shell "su -c 'busybox pkill -f /sbin/ric'"
adb shell "su -c 'mount -ro remount,rw /'"
adb shell "su -c 'chmod 0440 /sbin/ric'"
adb shell "su -c 'stop ric'"
adb shell "su -c 'busybox pkill -f /sbin/ric'"
adb shell "su -c 'mount -ro remount,rw /system'"
adb shell "su -c 'busybox cp -af /build.prop /system/build.prop'"
adb shell "su -c 'chmod 0744 /system/build.prop'"
adb shell "su -c 'rm /build.prop'"
adb shell "exit"
adb kill-server
what do you think?
Click to expand...
Click to collapse
I think need to remove the first line?
adb wait-for-device

federimau said:
Thanks cat, as i say, the main problem in this case is: i have a short window of time when the windows PC see the driver in the device manager... then disconnects... do you have any idea what can i do to establish this connection betweeen the android device and the computer without interruption?
Click to expand...
Click to collapse
You need to solve that problem before you can do anything else. Find an xda-developers forum that deals with your device and look there for fixes for your device's drivers. I am confident I can help you with Sony tablet drivers, but not your device's drivers. I don't even know the model of your device.
Create and use the following CheckDriver.bat file to help you troubleshoot the drivers. The script simply opens a DOS command window, starts the adb server, then lists the devices the adb server finds. The DOS command window will stay open until you press any key. If the script hangs, press ctrl+c to abort the script and close the DOS command window, then open another DOS command window and issue the "adb kill-server" command to stop the adb server.
Code:
@echo off
echo Starting ADB server and waiting for device.
echo.
adb wait-for-device
adb devices
pause
adb kill-server
federimau said:
cat, i´m doing 2 bat files (edited with notepad, is this correct?)
one file: pull.bat
with code
adb wait-for-device
adb pull /system/build.prop.bak
adb kill-server
another file: push.bat
with code
adb wait-for-device
adb push build.prop /system/build.prop
adb shell "su -c 'stop ric'"
adb shell "su -c 'busybox pkill -f /sbin/ric'"
adb shell "su -c 'mount -ro remount,rw /'"
adb shell "su -c 'chmod 0440 /sbin/ric'"
adb shell "su -c 'stop ric'"
adb shell "su -c 'busybox pkill -f /sbin/ric'"
adb shell "su -c 'mount -ro remount,rw /system'"
adb shell "su -c 'busybox cp -af /build.prop /system/build.prop'"
adb shell "su -c 'chmod 0744 /system/build.prop'"
adb shell "su -c 'rm /build.prop'"
adb shell "exit"
adb kill-server
what do you think?
Click to expand...
Click to collapse
Looks okay. Just keep in mind that the scripts are based on what is required for Sony tablets. Your device may require something a little different.
federimau said:
I think need to remove the first line?
adb wait-for-device
Click to expand...
Click to collapse
No. The "adb wait-for-device" command is what starts the adb server and causes the script to wait until the adb server detects a device before the next command in the script is issued.
Similar to the CheckDevice.bat file, you can insert the "@echo off" command at the beginning of your .bat files and the "pause" command just before the "adb kill-server" to cause the DOS command window stay open so you can see what is going on and the DOS command window will stay open until you press any key. Again, if the script hangs, press ctrl+c to abort the script and close the DOS command window, then open another DOS command window and issue the "adb kill-server" command to stop the adb server.

Cat McGowan said:
You need to solve that problem before you can do anything else. Find an xda-developers forum that deals with your device and look there for fixes for your device's drivers. I am confident I can help you with Sony tablet drivers, but not your device's drivers. I don't even know the model of your device.
Create and use the following CheckDriver.bat file to help you troubleshoot the drivers. The script simply opens a DOS command window, starts the adb server, then lists the devices the adb server finds. The DOS command window will stay open until you press any key. If the script hangs, press ctrl+c to abort the script and close the DOS command window, then open another DOS command window and issue the "adb kill-server" command to stop the adb server.
Code:
@echo off
echo Starting ADB server and waiting for device.
echo.
adb wait-for-device
adb devices
pause
adb kill-server
Looks okay. Just keep in mind that the scripts are based on what is required for Sony tablets. Your device may require something a little different.
No. The "adb wait-for-device" command is what starts the adb server and causes the script to wait until the adb server detects a device before the next command in the script is issued.
Similar to the CheckDevice.bat file, you can insert the "@echo off" command at the beginning of your .bat files and the "pause" command just before the "adb kill-server" to cause the DOS command window stay open so you can see what is going on and the DOS command window will stay open until you press any key. Again, if the script hangs, press ctrl+c to abort the script and close the DOS command window, then open another DOS command window and issue the "adb kill-server" command to stop the adb server.
Click to expand...
Click to collapse
I am working with all of you advices... i owe you a drink (if you agree!!!) Thanks

Cat McGowan said:
You need to solve that problem before you can do anything else. Find an xda-developers forum that deals with your device and look there for fixes for your device's drivers. I am confident I can help you with Sony tablet drivers, but not your device's drivers. I don't even know the model of your device.
Create and use the following CheckDriver.bat file to help you troubleshoot the drivers. The script simply opens a DOS command window, starts the adb server, then lists the devices the adb server finds. The DOS command window will stay open until you press any key. If the script hangs, press ctrl+c to abort the script and close the DOS command window, then open another DOS command window and issue the "adb kill-server" command to stop the adb server.
Code:
@echo off
echo Starting ADB server and waiting for device.
echo.
adb wait-for-device
adb devices
pause
adb kill-server
Looks okay. Just keep in mind that the scripts are based on what is required for Sony tablets. Your device may require something a little different.
No. The "adb wait-for-device" command is what starts the adb server and causes the script to wait until the adb server detects a device before the next command in the script is issued.
Similar to the CheckDevice.bat file, you can insert the "@echo off" command at the beginning of your .bat files and the "pause" command just before the "adb kill-server" to cause the DOS command window stay open so you can see what is going on and the DOS command window will stay open until you press any key. Again, if the script hangs, press ctrl+c to abort the script and close the DOS command window, then open another DOS command window and issue the "adb kill-server" command to stop the adb server.
Click to expand...
Click to collapse
Cat, i can not establish a stable and in-time connection between cell and PC...
type
adb wait-for-device
and never "see" the cell
i have the drivers upgraded
with usbview software i see the PC "see" the cell a short amount of time, then disconnects...
any advice??

federimau said:
Cat, i can not establish a stable and in-time connection between cell and PC...
type
adb wait-for-device
and never "see" the cell
i have the drivers upgraded
with usbview software i see the PC "see" the cell a short amount of time, then disconnects...
any advice??
Click to expand...
Click to collapse
Sounds to me your device simply is not responding to the adb server's attempt to connect. Again, my advice is for you to find an xda-developers forum that deals specifically with your device and look there for fixes for your device.

@Cat McGowan
Thank you for the info,
but it's not working on Recovery mode!
I try to backup and restore the build.prop file on cmd in recovery & in bootloop case.
working:
adb wait-for-device
adb pull /system/build.prop.bak or adb pull /system/build.prop
adb kill-server
not working push to the system: (even the cmd showing the opposite)
adb wait-for-device
adb push build.prop /system/build.prop
adb kill-server
I'm tring to resotre from PC or SD card...
(after changing the permission to system folder (instead only build.prop file) to 00644 the device keep get to Recovery mode! (with root browser app)
only flashing again the rom fix it.)
I got an error too:
- exec '/system/bin/sh' failed: Permission denied (13) -
by the way what Should to be on?
SuperSU or Superuser (ADB shell allow ?)
Developer Mode (Enable ADB ) +USB Debugging on
i'm worng what else?
I want to add some info:
I know the best way to edit this file only by : Notepad++ or EditPlus editor to preserve UNIX encoding
or Turbo Editor ( File Editor ) app.
read here:
http://forum.xda-developers.com/showpost.php?p=54970011&postcount=171
http://forum.xda-developers.com/showpost.php?p=55094822&postcount=203
and great script from user.
http://forum.xda-developers.com/showpost.php?p=55113422&postcount=208
will this work too on recovery or bootloops mode?
backup:
adb shell
su
mount -o remount,rw /system
cp /system/build.prop /system/build.prop.bak
mount -o ro,remount /system/ /system
----
restore:
adb shell
su
mount -o remount,rw /system
cp system/build.prop system/build.prop.bootloop
cp system/build.prop.bak system/build.prop
chmod 00644 system/build.prop
reboot

[Q]Ihelp, I can't root my HDX 8.9, /system/bin/sh: chmod: not found

I have rooted my hdx8.9, and then I reroot it. Now I have some problem, I want to root my hdx again, but Ican't root it again, I have pushed the 4 files, but it didn't continue. It shows
Waiting for device ...
Pushing files ...
push: .\scripts\superuser/superuser.sh -> /data/local/tmp/superuser.sh
push: .\scripts\superuser/Superuser.apk -> /data/local/tmp/Superuser.apk
push: .\scripts\superuser/su -> /data/local/tmp/su
push: .\scripts\superuser/exploit -> /data/local/tmp/exploit
4 files pushed. 0 files skipped.
3401 KB/s (2845659 bytes in 0.817s)
/system/bin/sh: chmod: not found
/system/bin/sh: chmod: not found
Running the exploit ...
/system/bin/sh: /data/local/tmp/exploit: can't execute: Permission denied
Check the output. Does it looks fine?
What can I do, I want to full restore to stock rom to fix some proble as the post 'http://forum.xda-developers.com/showthread.php?t=2582773' says, but it
need your device rooted first.
Thanks.

Show us the script body you're pushing.
If you're using some ready scripts I assume the name of it is superuser.sh

CrashThump said:
Show us the script body you're pushing.
If you're using some ready scripts I assume the name of it is superuser.sh
Click to expand...
Click to collapse
I use the tool from the post “[ROOT] Rooting tutorial - hdx 8.9" 14.3.1.0” http://http://forum.xda-developers.com/showthread.php?t=2545957

@sdcardsd, Did you tried to use expression '/system/bin/toolbox chmod' instead of '/system/bin/chmod' in rootme.sh? For me it seems that you've lost the symlink. This may be caused by some busybox installation and removal.

CrashThump said:
@sdcardsd, Did you tried to use expression '/system/bin/toolbox chmod' instead of '/system/bin/chmod' in rootme.sh? For me it seems that you've lost the symlink. This may be caused by some busybox installation and removal.
Click to expand...
Click to collapse
I don't know whether I use these expression '/system/bin/toolbox chmod' instead of '/system/bin/chmod' in rootme.sh, I only use the tools to root my kindle. But I really installed busybox and then removal it by recovery to the factory reset after I reroot my device. Then I have some problem on my kindle, I think the system files be destoryed, so I want to full restore the original ROM, but I can't root my device again. And if it is caused by losing the symlink, how to fix it ? Thanks.

@sdcardsd, then make a suggested replace

CrashThump said:
@sdcardsd, then make a suggested replace
Click to expand...
Click to collapse
The only way is to replace my device? But it is very inconvenient for me, I'am not in America.

15 8556535
@sdcardsd, just replace '/system/bin/chmod' by '/system/bin/toolbox chmod' in 'rootme.sh' file.

CrashThump said:
@sdcardsd, just replace '/system/bin/chmod' by '/system/bin/toolbox chmod' in 'rootme.sh' file.
Click to expand...
Click to collapse
#!/system/bin/sh
/system/bin/mount -o remount,rw /system
/system/bin/cat /data/local/tmp/su > /system/xbin/su
/system/bin/chown 0.0 /system/xbin/su
/system/bin/chmod 06755 /system/xbin/su
your mean I modify the rootme.sh into
#!/system/bin/sh
/system/bin/mount -o remount,rw /system
/system/bin/cat /data/local/tmp/su > /system/xbin/su
/system/bin/chown 0.0 /system/xbin/su
/system/bin/toolbox chmod 06755 /system/xbin/su

CrashThump said:
@sdcardsd, just replace '/system/bin/chmod' by '/system/bin/toolbox chmod' in 'rootme.sh' file.
Click to expand...
Click to collapse
I have replace the rootme.sh into
/system/bin/sh
/system/bin/mount -o remount,rw /system
/system/bin/cat /data/local/tmp/su > /system/xbin/su
/system/bin/chown 0.0 /system/xbin/su
/system/bin/toolbox chmod 06755 /system/xbin/su
but it didn't work
the display is
======================================================================
======================================================================
Welcome to Kindle Root Utility (Faznx92 version)
Special Thanks to:
jcase
fi01
======================================================================
======================================================================
WARNING THIS WORKS ONLY WITH KINDLE HDX 8.9" version 14.3.1.0
======================================================================
======================================================================
Please connect Device with enabled USB-Debugging to your Computer!
Device connected. Pushing files...
680 KB/s (104564 bytes in 0.150s)
1 KB/s (196 bytes in 0.168s)
2024 KB/s (507888 bytes in 0.245s)
Changing permissions...
/system/bin/sh: chmod: not found
/system/bin/sh: chmod: not found
Executing Exploit (could take some minutes, be patient!)
Hit ENTER to continue
/system/bin/sh: /data/local/tmp/exploit: can't execute: Permission denied
Type "su" to check for root!
/system/bin/sh: /system/etc/mkshrc[8]: id: not found
 @android:/ $
@android:/ $ su
su
/system/bin/sh: su: not found
127 @android:/ $

same for lines 24-25 of runme.bat
Code:
adb shell chmod 755 /data/local/tmp/rootme.sh
adb shell chmod 755 /data/local/tmp/exploit
change to
Code:
adb shell /system/bin/toolbox chmod 755 /data/local/tmp/rootme.sh
adb shell /system/bin/toolbox chmod 755 /data/local/tmp/exploit

CrashThump said:
same for lines 24-25 of runme.bat
Code:
adb shell chmod 755 /data/local/tmp/rootme.sh
adb shell chmod 755 /data/local/tmp/exploit
change to
Code:
adb shell /system/bin/toolbox chmod 755 /data/local/tmp/rootme.sh
adb shell /system/bin/toolbox chmod 755 /data/local/tmp/exploit
Click to expand...
Click to collapse
I replace the runme.bat
the display is changed, but it didn't work.
======================================================================
======================================================================
Welcome to Kindle Root Utility (Faznx92 version)
Special Thanks to:
jcase
fi01
======================================================================
======================================================================
WARNING THIS WORKS ONLY WITH KINDLE HDX 8.9" version 14.3.1.0
======================================================================
======================================================================
Please connect Device with enabled USB-Debugging to your Computer!
Device connected. Pushing files...
1041 KB/s (104564 bytes in 0.098s)
2 KB/s (196 bytes in 0.083s)
2128 KB/s (507888 bytes in 0.233s)
Changing permissions...
Executing Exploit (could take some minutes, be patient!)
Hit ENTER to continue
press any key to continue. . .
Device detected: KFAPWI (JDQ39)
Attempt acdb exploit...
KFAPWI (JDQ39) is not supported.
Attempt fj_hdcp exploit...
Attempt msm_cameraconfig exploit...
Detected kernel physical address at 0x00008000 form iomem
Attempt put_user exploit...
/data/local/tmp/rootme.sh[2]: /system/bin/mount: not found
/data/local/tmp/rootme.sh[3]: can't create /system/xbin/su: Read-only file syste
m
Unable to chown /system/xbin/su: No such file or directory
Unable to chmod /system/xbin/su: No such file or directory
press any key to continue. . .
Type "su" to check for root!
/system/bin/sh: /system/etc/mkshrc[8]: id: not found
 @android:/ $ SU
SU
/system/bin/sh: SU: not found
127 @android:/ $

Hummmm. I'm looking into this but can't this week I'm super busy. I don't have the 8.9" I have the 7" so it is hard for me to test. I'm not sure if moving the rootme.sh was a good idea. I think the exploit code isn't finding it. You may need a rebuild of the exploit file. I say throw your question in here to see if someone can help. Still, just hope for the best.

@sdcardsd,
Code:
#!/system/bin/sh
/system/bin/toolbox mount -o remount,rw /system
/system/bin/toolbox cat /data/local/tmp/su > /system/xbin/su
/system/bin/toolbox chown 0.0 /system/xbin/su
/system/bin/toolbox chmod 6755 /system/xbin/su
/system/bin/toolbox ln -s /system/xbin/su /system/bin/su

CrashThump said:
@sdcardsd,
Code:
#!/system/bin/sh
/system/bin/toolbox mount -o remount,rw /system
/system/bin/toolbox cat /data/local/tmp/su > /system/xbin/su
/system/bin/toolbox chown 0.0 /system/xbin/su
/system/bin/toolbox chmod 6755 /system/xbin/su
/system/bin/toolbox ln -s /system/xbin/su /system/bin/su
Click to expand...
Click to collapse
I replace the rootme.sh into
#!/system/bin/sh
/system/bin/toolbox toolbox mount -o remount,rw /system
/system/bin/toolbox cat /data/local/tmp/su > /system/xbin/su
/system/bin/toolbox chown 0.0 /system/xbin/su
/system/bin/toolbox chmod 06755(or 6755) /system/xbin/su
/system/bin/toolbox ln -s /system/xbin/su /system/bin/su
but it didn't work
======================================================================
======================================================================
Welcome to Kindle Root Utility (Faznx92 version)
Special Thanks to:
jcase
fi01
======================================================================
======================================================================
WARNING THIS WORKS ONLY WITH KINDLE HDX 8.9" version 14.3.1.0
======================================================================
======================================================================
Please connect Device with enabled USB-Debugging to your Computer!
Device connected. Pushing files...
1215 KB/s (104564 bytes in 0.084s)
5 KB/s (284 bytes in 0.050s)
2194 KB/s (507888 bytes in 0.226s)
Changing permissions...
Executing Exploit (could take some minutes, be patient!)
Hit ENTER to continue
press any key to continue. . .
Device detected: KFAPWI (JDQ39)
Attempt acdb exploit...
KFAPWI (JDQ39) is not supported.
Attempt fj_hdcp exploit...
Attempt msm_cameraconfig exploit...
Detected kernel physical address at 0x00008000 form iomem
Attempt put_user exploit...
link failed File exists
press any key to continue. . .
Type "su" to check for root!
/system/bin/sh: /system/etc/mkshrc[8]: id: not found
 @android:/ $ su
su
[email protected]:/ #

Faznx92 said:
Hummmm. I'm looking into this but can't this week I'm super busy. I don't have the 8.9" I have the 7" so it is hard for me to test. I'm not sure if moving the rootme.sh was a good idea. I think the exploit code isn't finding it. You may need a rebuild of the exploit file. I say throw your question in here to see if someone can help. Still, just hope for the best.
Click to expand...
Click to collapse
Thanks, I will wait for the good news.

@sdcardsd, what didn't work? you've got the su working. you've got the root.

CrashThump said:
@sdcardsd, what didn't work? you've got the su working. you've got the root.
Click to expand...
Click to collapse
I can rostore my device, thanks.

sdcardsd said:
But I didn't have the Superuser，and I can‘t edit the system file， such as the build.prop, it don't have the root right. and the root explorer also can't be opened.
Click to expand...
Click to collapse
this root exploit doesn't auto-install superuser (well it didn't for me), you either have to side-load it or get it through a store. Also if root explorer isn't working have you tried es file explorer? Additionally, you'll have to remount the system folder as rw before you can edit any system files. This can be done through adb shell with the command "mount -o rw,remount /system" after you use the su command. Just as a forewarning, be super careful when editing everything, the kindle is super sensitive to build.prop changes. I boot looped early on, so just as a warning.

S_transform said:
this root exploit doesn't auto-install superuser (well it didn't for me), you either have to side-load it or get it through a store. Also if root explorer isn't working have you tried es file explorer? Additionally, you'll have to remount the system folder as rw before you can edit any system files. This can be done through adb shell with the command "mount -o rw,remount /system" after you use the su command. Just as a forewarning, be super careful when editing everything, the kindle is super sensitive to build.prop changes. I boot looped early on, so just as a warning.
Click to expand...
Click to collapse
Thanks, I have full restore my device, and I think all is ok now.