Related
All credit goes to the orig guy who made the d2 exploit
If you feel the need to donate money then he deserves it [email protected]
I made an easier to follow tutorial over here with pics. Sorry but I am tired of going back and forth so just go there if you are having problems. If you can follow simple adb commands just follow the directions below
Download and Install Samsung Drivers
64bit:
http://www.wikifilez.com/root files/epic4g/usb_drivers_GalaxyS_x64.zip
32bit:
http://www.wikifilez.com/root files/epic4g/SAMSUNG_USB_Driver_for_Mobile_Phones_x86.exe
1 Click Root Method
http://forum.androidcentral.com/fascinate-roms-hacks/33899-how-root.html
Manual Method
cd C:\android-sdk\tools
adb push C:\fascinate\su /sdcard/su
adb push C:\fascinate\rage.bin /data/local/tmp/rage.bin
adb push C:\fascinate\busybox /sdcard/busybox
adb shell
cd /data/local/tmp
chmod 0755 rage.bin
./rage.bin
wait....
when it brings you back to your original shell in windows then follow these commands
adb shell (you should see # this time instead of $ this is exactly what we want)
mount -t rfs -o remount,rw /dev/block/stl9 /system
cd /system/xbin
cat /sdcard/su > su
cat /sdcard/busybox > busybox
chmod 4755 su
chmod 4755 busybox
exit
adb install C:\fascinate\Superuser.apk
This is permanent.
I just updated the files here with the latest su / superuser.apk / busybox
Also check out my tutorial to fix the memory/lag issues for this phone
http://forum.xda-developers.com/showthread.php?p=8086738#post8086738
Dirrk said:
All credit goes to the orig guy who made the d2 exploit
I feel naked without my droid lol this phone is so light
adb push su /sdcard/su
adb push rage.bin /data/local/tmp/rage.bin
adb push busybox /sdcard/busybox
adb shell
cd /data/local/tmp
chmod 0755 rage.bin
./rage.bin
wait....
when it brings you back to your original shell or windows cmd promt
adb shell
mount -t rfs -o remount,rw /dev/block/stl9 /system
cd /system/xbin
cat /sdcard/su > .
cat /scard/busybox > .
chmod 4755 su
chmod 4755 busybox
exit
adb install Superuser.apk
Please let me know if I posted something wrong.
Click to expand...
Click to collapse
does it stick after reboot?
Its supposed to be a temporary root so i doubt it will.
This works on any android phone up to 2.2. I have confirmed this works on my epic, so th same sould work here.
Sent from my SPH-D700 using XDA App
see below.
confirmed root.
Had to use Superuser.apk 2.3.6.1 and the su binary in the package, but the rest worked.. except for that cat command? Why would you cat binary files instead of copying them? (not complaining, just curious). I just adb pushed them to /system/xbin, and adb shell chmod'd them.
You also have a typo near the end "scard" instead of "sdcard".
You can also use mv or cp. I just happen to use cat because I used it the other day rooting my friends stock 2.2 droid. Which required me to use cat.
And yes this is permanent
Cool, i tried using rm -rf to get rid of a directory I created accidentally, and was getting some syntax errors, so I wasn't sure how compatibile the command line on android was to linux.
Glad it's pretty close. Being very familiar with linux makes this pretty easy to understand. Day 1 with an android device was pretty darn fun. I think I'm glad I went this direction.
I just followed this and used the same files I had from my Droid 2 (just updated the Superuser.apk from this sites thread for it) and works perfectly. Rebooted phone did "adb shell" and "su" and still have root, so it is permanent
side note: steps say "/system/xbin" and assume you meant "/system/bin" like Droid 2 was. That's where I put them and it worked.
cliffr39 said:
I just followed this and used the same files I had from my Droid 2 (just updated the Superuser.apk from this sites thread for it) and works perfectly. Rebooted phone did "adb shell" and "su" and still have root, so it is permanent
side note: steps say "/system/xbin" and assume you meant "/system/bin" like Droid 2 was. That's where I put them and it worked.
Click to expand...
Click to collapse
It works either way, both are executable system folders. Glad you it worked for you, hopefully we can get some roms cooking soon and play catch up to the other galaxy s phones
doesnt work for me, i get an error device not found
ive type adb devices - device not found. usb debugging on, usb conneced on port 5037
xirnibor said:
doesnt work for me, i get an error device not found
ive type adb devices - device not found. usb debugging on, usb conneced on port 5037
Click to expand...
Click to collapse
Your USB mode might be set wrong. Flip it to whatever it's not at, and try again.
i forgot this laptop didnt have the updated usb drivers from android sdk, downloading then will try again. i have tried so far with the sdcard mounted and unmounted, while in usb debugging mode. will post after updates
How long do you actually have to wait after the execting the rage.bin file?
itznfb said:
How long do you actually have to wait after the execting the rage.bin file?
Click to expand...
Click to collapse
I dunno, ~20-30 seconds? Assuming sound is enabled you should hear the same USB device connected/disconnected sounds.
If you want to be 100% sure just wait like 90 seconds. I'm pretty sure it killed my shell though, so if it does that, you're good to go.
ok, adb recognizes the device *see below, however when i type adb push su /sdcard/su i get cannot stat 'su': no such file or directory. ?
C:\downloads\android\android\tools>adb devices
List of devices attached
I500a2d0087a device
namebrandon said:
I dunno, ~20-30 seconds? Assuming sound is enabled you should hear the same USB device connected/disconnected sounds.
If you want to be 100% sure just wait like 90 seconds. I'm pretty sure it killed my shell though, so if it does that, you're good to go.
Click to expand...
Click to collapse
ok... running the rage.bin locked up my device twice but on the third try it worked. another fascinate rooted
xirnibor said:
ok, adb recognizes the device *see below, however when i type adb push su /sdcard/su i get cannot stat 'su': no such file or directory. ?
C:\downloads\android\android\tools>adb devices
List of devices attached
I500a2d0087a device
Click to expand...
Click to collapse
su is a file (for our purposes right here, anyway). Unless you explicity specify its path, it needs to be in the same directory you're running the adb command from.
If you installed the Android SDK per guidelines, adb should be in your PATH environment variable, and you should be able to execute it from any directory. If you didn't do that, then for the sake of simplicity, copy all the files referenced in the original steps to your working directory. From your post above, it appears that is c:\downloads\android\android\tools\
I got stuck at cat /sdcard/su > . Is that supposed to be > .? It won't let me enter that...There's not something else that's supposed to be there?
EDIT: I get the same error faspalma
I'm stuck at that point too. cat /sdcard/su > . returns "cannot create .: is a directory"
This thread is designed for representation of the current progress on the Nook Tablet rooting and exploits, the second post will contain how to guides so you can learn to work on it for you self. REMEMBER I DO THIS FOR FUN, please respect the thread as well as others opinions
OLD UPDATES AT THE END OF THIS POST.
First off if you haven’t read the wiki yet to know what is currently in the device you should look here.
Also you should look at the http://www.nooktabletdev.orgfor information on the Nook Tablet Development process. - Thanks to dj_segfault
Rooting ScriptsWindows: Root, OTA block, De-bloat, Gapps Thanks to Indirect
Mac/Linux: Rooting script Thanks to t-r-i-c-k
Mac/Linux: Root,OTA Block, Gapps
CURRENT PROGRESS
adb connection: COMPLETE
adb root: COMPLETE
busybox:COMPLETE
permanent root: COMPLETE BY INDIRECT
GApps and Market: COMPLETE BY INDIRECT & Anlog
recovery mode: COMPLETE BY nemith
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
THANKS TO NEMITH
bootloader: Locked and Signed Irrelevant
uboot: CRACKED BY BAUWKS
THANKS TO BAUWKS
Loglud said:
bauwks method uses the flashing_boot.img to his advantage, and since it is not checked by security, effectively he has made an insecure uboot. While this is not an unlocked bootloader, it is a way to get around the security, and enable custom recovery and higher level processes to be run.
I have been looking at this line of code for a long time, and as im sure hkvc and bauwks saw it is a large (but 100% necessary) flaw:
distro/u-boot/board/omap4430sdp/mmc.c: 559 : setenv ("bootcmd", "setenv setbootargs setenv bootargs ${sdbootargs}; run setbootargs; mmcinit 0; fatload mmc 0:1 0x81000000 flashing_boot.img; booti 0x81000000");
Without this line of code, it would be impossible for any one but the factory whom could JTAG flash (but since it is secured, most likely they also have to make a flashing_boot.img).
Click to expand...
Click to collapse
12/9/11:
UBUNTU is here, thanks to ADAMOUTLER
http://www.youtube.com/watch?v=PwUg17pVWBs&hd=1
Keep in mind this is only an overlay verson but it is prof that one day we might be able to push roms and kernels over existing ones, then hijack then (next work) and then use them.
Please PM me or post if you know anything else, and or want to add anything.
Usefull threads
Usefull threads:
ROOTING:
Full root for Nook Tablet. [11/20/11] [Yes this is a permanent root!] Thanks to indirect
Noot Tablet - Easy root & Market on MAC (1 download, 1 script to run) Thanks to t-r-i-c-k
[Windows/Linux] Unroot and uninstall gApps for the nook tablet [Scripts] Thanks to indirect
MODS to Default Rom:
[Full Mod + Root + OTA block] Snowball-mod: Full Modification Root [1/6/2012] Thanks to cfoesch
[DEV][WIP] Enable init.d scripts and build.prop mods for Nook Tablet! Thanks to [DEV][WIP] Enable init.d scripts and build.prop mods for Nook Tablet! 1 Attachment(s) (Multi-page thread 1 2 3 ... Last Page)
Originally Posted By: diamond_lover
Kernels:Coming Soon
ROMS:Coming Soon
APPS:
[Tutorial][WIP] Installing alternative Keyboards on the NT. Thanks to robertely
[DEV] - HomeCatcher Redirect n Button to any Launcher Thanks to gojimi
Hidden Settings App Updated 12/30/11 Thanks to brianf21
Replacement SystemUI.apk v2: Permanent back and menu buttons, n as Home button Thanks to revcompgeek
DEVELOPMENT:
[Dev]Files of interest in the system Thanks to indirect
[REF] Nook Tablet Source Code Thanks to diamond_lover
BHT Installer (Basic Hacking Tools) Thanks to AdamOutler
[Stock Firmware]Restore Barnes & Nobel Nook 1.4.0 from SDCard Thanks to AdamOutler
Guides
Table of Contents
Enableing adb Connection (eab1)
Rooting using zergRush (rug2)
Installing busyboxy (ibb3)
Permanent root (pr4) THANKS TO INDIRECT
Installing GApps (aga5) THANKS TO ANLOG
Full system restore/wipe (fsr6) THANKS TO INDIRECT
Enableing adb Connection (eab1)
Install the andriod SDK that is required for your Operating system.
NOTE: This will requries the SDK, and JDK both of which can be downloaded by clicking the links, downloading and installing it.
Run the andriod SDK Manager and Install "Andriod SDK Platform-tools"
[*]Modify your adb_usb.ini file to read such as the following:
Code:
# ANDROID 3RD PARTY USB VENDOR ID LIST -- DO NOT EDIT.
# USE 'android update adb' TO GENERATE.
# 1 USB VENDOR ID PER LINE.
0x2080
This will be in your /home/{username}/.andriod/ folder for mac and linux
This will be in your C:/Users/{username}/.andriod folder for Windows.
ADB is now enabled for your device, however it is not ON your device. YOU MUST DO THIS EVERY TIME YOU WISH TO ADB INTO YOUR DEVICE.
[*]To do this you will need to download any app, and attempt to install it.
You can use this app if you need.
[*]Click on the Package Installer, and then a prompt will pop up asking if you want change the settings to allow 3rd party apps.
*DO NOT ENABLE IF YOU WISH TO ACCESS ADB*
I am working on a way to have it enabled by default.
[*]In the settings page you should see *2* USB Debuggin modes.
[*]Press them both and accept the prompt.
[*]PLUG IN YOUR DEVICE.
Note* You should see the Android Development icon on the bottom of the screen.
ADB will now be able to see your device. How ever you will need to restart the server before it sees it.
Rooting using zergRush (rug2)
This is for the poeople whom have access to adb. You will also need this file. Unzip the file.
Type in the following command (while in the folder with the zergRush Binary):
Code:
adb push ./zergRush /data/local
[*]Once thats installed run this:
Code:
adb shell chmod 777 /data/local/tmp
[*]And lastly:
Code:
adb shell /data/local/zergRush
[*]You are now rooted (only for this reboot)
Installing busyboxy (ibb3)
You will need root and the following busybox file.
Type in the following command while in the location where busy box was downloaded to:
Code:
adb push ./busybox /data/local
[*]Busybox works by calling binaries from a file outside of /system/bin/. We must make this file by issuing the following command:
Code:
adb shell mkdir /data/busybox
[*]Lets make sure we can install busybox without permission probles:
Code:
adb shell chmod 777 /data/local/busybox
[*]Next install busybox in the folder:
Code:
adb shell /data/local/busybox --install
[*]We now need to take the /system/folder, and mount it as a writeable folder:
Code:
adb shell mount -rw -o remount /dev/block/platform/mmci-omap-hs.1/by-name/system /system
[*]Link it into bin:
Code:
adb shell ln -s /data/local/busybox /system/bin/busybox
You now have busybox installed
Permanent root (pr4)
THANKS TO INDIRECT for Files and Scripts
We will need SU and Superuser.apk
First we need to install the Superuser.apk:
Code:
adb wait-for-device install Superuser.apk
adb remount
[*]Next lets go ahead and push the su application up to the /data/local/ folder
Code:
adb push su /data/local/
[*]Next we will need to change the permissions and cp su from the /data/local/ folder to the /system/bin/
Code:
adb shell chmod 4755 /data/local/su;mount -o remount,rw /dev/block/platform/mmci-omap-hs.1/by-name/system /system;busybox cp /data/local/su /system/bin
Installing GApps (eab1)
THANKS TO ANALOG and INDIRECT for Scripts
First things first we need to download the GAPPS. The most reacent one is this one or get the most recent one here.
[*] Unzip and navigate to the most root folder of that package in your shell.
[*]We need to verify that adb is booting into root. To do this we can issue the command:
Code:
adb shell id
If id doesn't return root then you will need to re-zergRush your device
[*]Now it is time for us to export the apps to the directories.
Code:
adb shell mount -o remount,rw /dev/block/platform/mmci-omap-hs.1/by-name/system /system
adb push system/app/CarHomeGoogle.apk /system/app/
adb shell chmod 644 /system/app/CarHomeGoogle.apk
adb push system/app/FOTAKill.apk /system/app/
adb shell chmod 644 /system/app/FOTAKill.apk
adb push system/app/GenieWidget.apk /system/app/
adb shell chmod 644 /system/app/GenieWidget.apk
adb push system/app/GoogleBackupTransport.apk /system/app/
adb shell chmod 644 /system/app/GoogleBackupTransport.apk
adb push system/app/GoogleCalendarSyncAdapter.apk /system/app/
adb shell chmod 644 /system/app/GoogleCalendarSyncAdapter.apk
adb push system/app/GoogleContactsSyncAdapter.apk /system/app/
adb shell chmod 644 /system/app/GoogleContactsSyncAdapter.apk
adb push system/app/GoogleFeedback.apk /system/app/
adb shell chmod 644 /system/app/GoogleFeedback.apk
adb push system/app/GooglePartnerSetup.apk /system/app/
adb shell chmod 644 /system/app/GooglePartnerSetup.apk
adb push system/app/GoogleQuickSearchBox.apk /system/app/
adb shell chmod 644 /system/app/GoogleQuickSearchBox.apk
adb push system/app/GoogleServicesFramework.apk /system/app/
adb shell chmod 644 /system/app/GoogleServicesFramework.apk
adb push system/app/LatinImeTutorial.apk /system/app/
adb shell chmod 644 /system/app/LatinImeTutorial.apk
adb push system/app/MarketUpdater.apk /system/app/
adb shell chmod 644 /system/app/MarketUpdater.apk
adb push system/app/MediaUploader.apk /system/app/
adb shell chmod 644 /system/app/MediaUploader.apk
adb push system/app/NetworkLocation.apk /system/app/
adb shell chmod 644 /system/app/NetworkLocation.apk
adb push system/app/OneTimeInitializer.apk /system/app/
adb shell chmod 644 /system/app/OneTimeInitializer.apk
adb push system/app/Talk.apk /system/app/
adb shell chmod 644 /system/app/Talk.apk
adb push system/app/Vending.apk /system/app/
adb shell chmod 644 /system/app/CarHomeGoogle.apk
adb push system/etc/permissions/com.google.android.maps.xml /system/etc/permissions/
adb push system/etc/permissions/features.xml /system/etc/permissions/
adb push system/framework/com.google.android.maps.jar /system/framework/
adb push system/lib/libvoicesearch.so /system/lib/
Now you have GApps installed from Anlog's. All Credits go to him and Indirect
Full system restore/wipe (fsr6)
THANKS TO INDIRECT
WARNING THIS WILL WIPE YOUR ENTIRE FILESYSTEM!!!
Go into adb shell or terminal emulator.
Issue command:
Code:
echo -n '0000' > /bootloader/BootCnt
Next reboot your device by conventional methods or issue:
Code:
reboot
Your nook will now restart and tell you it is resetting.
You now have a clean slate!
Got some links for howto's on the adb connection/root.
Yeah - if someone has details on how to adb connect and root, it'd be helpful to include links. I've yet to see specifics for either.
Reserved
Sent from Tapatalk, NOOK Color CM7 Nightly's!
I aplogize im still typing them up
Damn loglud, I ended up beating you to the root lol. Sorry about that! D:
The Droid 2 and Droid X had locked bootloaders with the 'e-fuse' and Koush got around them and installed CWM with this...
http://www.koushikdutta.com/2010/08/droid-x-recovery.html
What do you guys think? I don't have a NT yet to try anything (probably won't get one until sometime around x-mas).
l
Indirect said:
Damn loglud, I ended up beating you to the root lol. Sorry about that! D:
Click to expand...
Click to collapse
Its no problem at all. Hints why i posted these guides. I was hoping someone wouod figure it out. I found it last night too. It sucked cause im now back at my childhood home trying to get my macbook pro to boot fedora and windows. Im gonna repackage the root with Superoneclick. Thanks so much for your effort. Would you mind if i added that to the guides?
Loglud said:
l
Its no problem at all. Hints why i posted these guides. I was hoping someone wouod figure it out. I found it last night too. It sucked cause im now back at my childhood home trying to get my macbook pro to boot fedora and windows. Im gonna repackage the root with Superoneclick. Thanks so much for your effort. Would you mind if i added that to the guides?
Click to expand...
Click to collapse
Superoneclick...love!
Sent from my Nook Tablet using Tapatalk
Loglud said:
l
Its no problem at all. Hints why i posted these guides. I was hoping someone wouod figure it out. I found it last night too. It sucked cause im now back at my childhood home trying to get my macbook pro to boot fedora and windows. Im gonna repackage the root with Superoneclick. Thanks so much for your effort. Would you mind if i added that to the guides?
Click to expand...
Click to collapse
Not at all so long as you give proper credits.
Loglud said:
This thread is designed for representation of the current progress on the Nook Tablet rooting and exploits, the second post will contain how to guides so you can learn to work on it for you self.
First off if you haven’t read the wiki yet to know what is currently in the device you should look here.
CURRENT PROGRESS
adb connection: COMPLETE
adb root: COMPLETE
busybox: COMPLETE
permanent root: IN PROGRESS
bootloader: Locked and Signed
By the bootloader being locked and signed it is very difficult to design anything that will boot besides nook roms. In order to solve this some of the Devs have suggested the following:
kexec: RESEARCHING
2nd init: RESEARCHING
CWM: NOT STARTED
Please PM me or post if you know anything else, and or want to add anything.
Click to expand...
Click to collapse
hopefully it is cracked soon cause i dont want to buy this if i can't have a full custom rom, all of the verizon motorola phones run roms off of 2nd init and it just isnt the same to be honest. you can never run a full custom rom with second init(well you can but you have to build the rom to fit the kernel) and honestly i want my device to be mine
you should tweet cvpcs or someone who makes and maintains 2nd init roms to get more info on it though
Can't get busybox installed
I'm stuck... I get errors for #3 for busybox... errors like...
Code:
$ adb shell /data/local/busybox --install
busybox: /data/busybox/[: No such file or directory
busybox: /data/busybox/[[: No such file or directory
busybox: /data/busybox/addgroup: No such file or directory
.....
busybox: /data/busybox/yes: No such file or directory
busybox: /data/busybox/zcat: No such file or directory
busybox: /data/busybox/zcip: No such file or directory
So I logged into root via adb shell, set busybox permissions to execute and tried that but same messages?!
Also, adb won't let me 'remount' - (I thought i'd try to copy it direct to /system/bin)?
(I'm running from OSX, if that matters)
EDIT: and of course I'm getting...
Code:
$ adb shell ln -s /data/local/busybox /system/bin/busybox
link failed Read-only file system
$ adb remount
remount failed: Operation not permitted
kgingeri said:
I'm stuck... I get errors for #3 for busybox... errors like...
Code:
$ adb shell /data/local/busybox --install
busybox: /data/busybox/[: No such file or directory
busybox: /data/busybox/[[: No such file or directory
busybox: /data/busybox/addgroup: No such file or directory
.....
busybox: /data/busybox/yes: No such file or directory
busybox: /data/busybox/zcat: No such file or directory
busybox: /data/busybox/zcip: No such file or directory
So I logged into root via adb shell, set busybox permissions to execute and tried that but same messages?!
Also, adb won't let me 'remount' - (I thought i'd try to copy it direct to /system/bin)?
(I'm running from OSX, if that matters)
EDIT: and of course I'm getting...
Code:
$ adb shell ln -s /data/local/busybox /system/bin/busybox
link failed Read-only file system
$ adb remount
remount failed: Operation not permitted
Click to expand...
Click to collapse
Sorry it took me so long to get back to you. I have updatd my guide to help you out. First of you will need to make the busybox directory, then change the permissions of the binary file, then run the install. You will then have to mount -rw
Still some glitches installing busybox...
Loglud said:
Sorry it took me so long to get back to you. I have updatd my guide to help you out. First of you will need to make the busybox directory, then change the permissions of the binary file, then run the install. You will then have to mount -rw
Click to expand...
Click to collapse
Thanks Loglud, but I still had trouble using adb. It's like I don't have root from adb? I get permission errors on mkdir and remounting etc?
Weird that the 'adb shell mkdir /data/busybox' gave me permission errors?! It did work fine with the interactive adb shell - weird!?
After the initial 'push' command, I could install via:
Code:
mac-osx$ adb shell
$ su root
# cd /data/local
# chmod 755 busybox
# ls -l
-rwxr-xr-x shell shell 1745016 2011-11-21 00:21 busybox
# mount -rw -o remount /dev/block/platform/mmci-omap-hs.1/by-name/system /system
# mkdir ../busybox
# ./busybox --install
Also, is the line:
Code:
# ln -s /data/local/busybox /system/bin/busybox
not supposed to be
Code:
# ln -s /data/busybox /system/bin/busybox
Things went weird on me in the final step, but I did manage to get all the hard linked busybox files to show up in /system/bin eventually, so I'm a happy camper.
EDIT: PS my mount on data is as follows..
Code:
# mount|grep /data
/dev/block/platform/mmci-omap-hs.1/by-name/userdata /data ext4 rw,nosuid,nodev,noatime,errors=panic,barrier=1,data=ordered 0 0
EDIT2:
Hmmm... seems like maybe my /data folder has weird permissions - if so not sure why?...
Code:
# cd /
# ls -l | grep '\<data\>'
drwxrwx--x system system 2011-11-21 18:25 data
# chmod 777 data
kgingeri said:
Thanks Loglud, but I still had trouble using adb. It's like I don't have root from adb? I get permission errors on mkdir and remounting etc?
Weird that the 'adb shell mkdir /data/busybox' gave me permission errors?! It did work fine with the interactive adb shell - weird!?
After the initial 'push' command, I could install via:
Code:
mac-osx$ adb shell
$ su root
# cd /data/local
# chmod 755 busybox
# ls -l
-rwxr-xr-x shell shell 1745016 2011-11-21 00:21 busybox
# mount -rw -o remount /dev/block/platform/mmci-omap-hs.1/by-name/system /system
# mkdir ../busybox
# ./busybox --install
Also, is the line:
Code:
# ln -s /data/local/busybox /system/bin/busybox
not supposed to be
Code:
# ln -s /data/busybox /system/bin/busybox
Things went weird on me in the final step, but I did manage to get all the hard linked busybox files to show up in /system/bin eventually, so I'm a happy camper.
EDIT: PS my mount on data is as follows..
Code:
# mount|grep /data
/dev/block/platform/mmci-omap-hs.1/by-name/userdata /data ext4 rw,nosuid,nodev,noatime,errors=panic,barrier=1,data=ordered 0 0
EDIT2:
Hmmm... seems like maybe my /data folder has weird permissions - if so not sure why?...
Code:
# cd /
# ls -l | grep '\<data\>'
drwxrwx--x system system 2011-11-21 18:25 data
# chmod 777 data
Click to expand...
Click to collapse
ok so whats happening? i modified the guides and i was hopping that would help you. The command is
Code:
# ln -s /data/local/busybox /system/bin/busybox
and as for your permissions it seems as though your root since your in the # shell but, you have to change the permissions on your /system folder not the /data folder the permsisions on the data file should be fine since i think shell is a member of system, so you can put all your data in there.
Loglud said:
ok so whats happening? i modified the guides and i was hopping that would help you. The command is
Code:
# ln -s /data/local/busybox /system/bin/busybox
and as for your permissions it seems as though your root since your in the # shell but, you have to change the permissions on your /system folder not the /data folder the permsisions on the data file should be fine since i think shell is a member of system, so you can put all your data in there.
Click to expand...
Click to collapse
Yeah, I'm root in the 'adb shell' because I 'su root' but adb commands fail from the Mac shell. I'll reboot my NT and give you the script. My /data permissions get reset when I reboot...
Here you are as it happens
MBAir$ ls busybox
busybox
MBAir$ adb push ./busybox /data/local
2881 KB/s (1745016 bytes in 0.591s)
MBAir$ adb shell mkdir /data/busybox
mkdir failed for /data/busybox, Permission denied
Of course there is no point continuing until I do the following...
MBAir$ adb shell
$ su root
# chmod 777 /data
# exit
$ exit
MBAir$ adb shell mkdir /data/busybox
MBAir$ adb shell chmod 777 /data/local/busybox
MBAir$ adb shell /data/local/busybox --install
MBAir$ adb shell mount -rw -o remount /dev/block/platform/mmci-omap-hs.1/by-name/system /system
mount: Operation not permitted
To get around the last error, I had to do another 'adb shell', 'su root' and do 'ln' commands manually.
(I actually ran a shell 'for loop' on the tablet, using all files found in /data/busybox as a list and issued ln commands for each against a copy of busybox in /system/bin)
kgingeri said:
Yeah, I'm root in the 'adb shell' because I 'su root' but adb commands fail from the Mac shell. I'll reboot my NT and give you the script. My /data permissions get reset when I reboot...
Here you are as it happens
MBAir$ ls busybox
busybox
MBAir$ adb push ./busybox /data/local
2881 KB/s (1745016 bytes in 0.591s)
MBAir$ adb shell mkdir /data/busybox
mkdir failed for /data/busybox, Permission denied
Of course there is no point continuing until I do the following...
MBAir$ adb shell
$ su root
# chmod 777 /data
# exit
$ exit
MBAir$ adb shell mkdir /data/busybox
MBAir$ adb shell chmod 777 /data/local/busybox
MBAir$ adb shell /data/local/busybox --install
MBAir$ adb shell mount -rw -o remount /dev/block/platform/mmci-omap-hs.1/by-name/system /system
mount: Operation not permitted
To get around the last error, I had to do another 'adb shell', 'su root' and do 'ln' commands manually.
(I actually ran a shell 'for loop' on the tablet, using all files found in /data/busybox as a list and issued ln commands for each against a copy of busybox in /system/bin)
Click to expand...
Click to collapse
re run zergRush exploit. your adb shell is defaulting to the shell username. by rerunning the zergy you will allow for yourself to use the adb shell as root. make sure you dont run it as the root user though. you are also more then welcome to hop in irc and ask questions.
Any one having difficulty rooting or see anything that needs to be updated?
This will only work if you can access a root prompt (#) in adb shell! THIS WAS DONE AFTER DOING A WIPE FROM THE VOLUME DOWN MENU WHEN BOOTING THE PRIME! I do not know if this will work without the wipe, but it very well may. Maybe someone more knowledgeable can chime in here.
It may be possible to restore from a su-backup if you have a su binary still in /system/bin or xbin. Even if you can't access a root prompt (#) by just typing su, read starting at page 6. Places to look for a su-backup include /system/ /system/usr/we-need-root/ and /system/bin/
I have a batch script in the works that will determine if you can re-root and take the appropriate steps to do so if possible.
I had to do a voldown wipe after my update to JB. My prime would reboot after 5-10 seconds into the homescreen after boot. After wiping, I thought for sure my root was screwed until a new exploit was found.
I accessed my device through adb, and realized that I could invoke a root prompt using the su command at the $ prompt. Using ES file explorer, I could see su in /system/bin/ but no su-backup or superuser.apk in /system/app/.
I tried simply installing superuser from the market, but it did not work. The busybox installer would not work, either.
ATTACHED ARE THE EXACT THREE FILES I USED. I do not know if using different version will affect the process!
Here is what worked for me:
1. adb shell
2. su
(# - you should see this now! This will not work without this specific prompt!)
3. type 'exit' press enter, and then 'exit' again. You will now be back at the regular command prompt.
4. adb push C:\(location of attached files)\superuser.apk /data/local/tmp
5. adb push C:\(location of attached files)\su /data/local/tmp
6. adb push C:\(location of attached files)\busybox /data/local/tmp
7. Access the adb shell again, and type su
8. chmod 644 /data/local/tmp/superuser.apk
9. chmod 755 /data/local/tmp/busybox
10. chmod 6755 /data/local/tmp/su
11. mount -o remount,rw /system
12. dd if=/data/local/tmp/Superuser.apk of=/system/app/Superuser.apk
13. dd if=/data/local/tmp/busybox of=/system/bin/busybox
14. dd if=/data/local/tmp/busybox of=/system/xbin/busybox
14a. Chmod 755 /system/bin/busybox
14b. Chmod 755 /system/xbin/busybox
15. Reserved
16. busybox rm /system/bin/su
17. busybox cp /data/local/tmp/su /system/bin
18. type su once again to assure you still have access to the # prompt
18a. Chmod 644 /system/app/superuser.apk
18b. mount -o remount,ro /system
19. type exit, and exit again, returning to the regular windows command prompt.
20. type 'adb reboot' (without quotes)
NOTE - you will not need to install the superuser.apk app in the normal sense. It will be installed upon the reboot as a system app automatically!
21. Once your prime has rebooted, go download root checker basic or the like from the play store. Open it, and wait for your superuser prompt!
22. Get the busybox installer from the play store as well, and use that to get the newest version of busybox.
23. Get SuperSU from the market. It seems to be the safest method to keep root with JB...
ALSO! Make sure to keep a backup root with voodoo or super su after completing this guide! I have lost root (VERY WELL may have been my own fault... too much poking around) Anyway, better safe than sorry!!!
Thanks to daymz from the debugfs thread in development for the basic instructions of what needed to be done!! And also thanks to all before me who got us root in the first place!
I will answer questions to the best of my ability. I am not a developer and do not try to present myself as so... I can tinker with the best, and after losing root, I set out to see if I could figure it out!
Changes made as per tsmt971
I have fellow this method and it was failed at step 16 in my case because of the permission issue but I managed to make it move and regained the root. The details of the issue as below.
Step 16 failed because step 13, 14 which will copy busybox to /system/bin and /system/xbin with a wrong executive permission.
To correct in my case: after step 13, 14 follow those steps below:
- chmod 755 /system/bin/busybox
- chmod 755 /system/xbin/busybox
- skip step 15
- continue steps 16, 17, 18
- chmod 644 /system/app/Superuser.apk
- continue step 19, 20, 21, 22
Then you will get your root back, it worked in my case. Good luck guys.
To the OP, please verify and update those steps if necessary.
[email protected] said:
I have fellow this method and it was failed at step 16 in my case because of the permission issue but I managed to make it move and regained the root. The details of the issue as below.
Step 16 failed because step 13, 14 which will copy busybox to /system/bin and /system/xbin with a wrong executive permission.
To correct in my case: after step 13, 14 follow those steps below:
- chmod 755 /system/bin/busybox
- chmod 755 /system/xbin/busybox
- skip step 15
- continue steps 16, 17, 18
- chmod 644 /system/app/Superuser.apk
- continue step 19, 20, 21, 22
Then you will get your root back, it worked in my case. Good luck guys.
To the OP, please verify and update those steps if necessary.
Click to expand...
Click to collapse
Thanks! Confirmed...it was late
It helped me. THX!!
thenrz said:
This will only work if you can access a root prompt (#) in adb shell!
Click to expand...
Click to collapse
Can anyone help me get ADB back. It worked fine before the update but now I can't get it to recognise the device at all - just get the blank list and device not found when I am connected. The drivers look fine like before in Device Manager when I plug in (Asus Android Composite ADB Interface). I have switched USB Debugging on and do not have Asus Sync installed. Everything on the ADB side works with my phone OK.
I used Rootkeeper to restore root after upgrade though it now seems that was only partial. I did a factory reset to clear out a few gremlins. Now Rootkeeper has the Root permission granted box unchecked but the rest checked but I guess since it doesn't have root access anymore it won't do anything. I have tried uninstall and reinstall Superuser but it fails at updating the binary.
Any suggestions to get ADB back much appreciated .
thenrz said:
This will only work if you can access a root prompt (#) in adb shell! THIS WAS DONE AFTER DOING A WIPE FROM THE VOLUME DOWN MENU WHEN BOOTING THE PRIME! I do not know if this will work without the wipe, but it very well may. Maybe someone more knowledgeable can chime in here.
I had to do a voldown wipe after my update to JB. My prime would reboot after 5-10 seconds into the homescreen after boot. After wiping, I thought for sure my root was screwed until a new exploit was found.
I accessed my device through adb, and realized that I could invoke a root prompt using the su command at the $ prompt. Using ES file explorer, I could see su in /system/bin/ but no su-backup or superuser.apk in /system/app/.
I tried simply installing superuser from the market, but it did not work. The busybox installer would not work, either.
ATTACHED ARE THE EXACT THREE FILES I USED. I do not know if using different version will affect the process!
Here is what worked for me:
1. adb shell
2. su
(# - you should see this now! This will not work without this specific prompt!)
3. type 'exit' press enter, and then 'exit' again. You will now be back at the regular command prompt.
4. adb push C:\(location of attached files)\superuser.apk /data/local/tmp
5. adb push C:\(location of attached files)\su /data/local/tmp
6. adb push C:\(location of attached files)\busybox /data/local/tmp
7. Access the adb shell again, and type su
8. chmod 644 /data/local/tmp/superuser.apk
9. chmod 755 /data/local/tmp/busybox
10. chmod 6755 /data/local/tmp/su
11. mount -o remount,rw /system
12. dd if=/data/local/tmp/Superuser.apk of=/system/app/Superuser.apk
13. dd if=/data/local/tmp/busybox of=/system/bin/busybox
14. dd if=/data/local/tmp/busybox of=/system/xbin/busybox
14a. Chmod 755 /system/bin/busybox and /system/xbin/busybox
15. Reserved
16. busybox rm /system/bin/su
17. busybox cp /data/local/tmp/su /system/bin
18. type su once again to assure you still have access to the # prompt
18a. Chmod 644 /system/app/superuser.apk
19. type exit, and exit again, returning to the regular windows command prompt.
20. type 'adb reboot' (without quotes)
NOTE - you will not need to install the superuser.apk app in the normal sense. It will be installed upon the reboot as a system app automatically!
21. Once your prime has rebooted, go download root checker basic or the like from the play store. Open it, and wait for your superuser prompt!
22. Get the busybox installer from the play store as well, and use that to get the newest version of busybox.
Thanks to daymz from the debugfs thread in development for the basic instructions of what needed to be done!! And also thanks to all before me who got us root in the first place!
I will answer questions to the best of my ability. I am not a developer and do not try to present myself as so... I can tinker with the best, and after losing root, I set out to see if I could figure it out!
Changes made as per tsmt971
Click to expand...
Click to collapse
I accessed my device through adb, and invoked a root prompt using the su command at the $ prompt. Using ES file explorer, I saw su in /system/bin/ but no su-backup or superuser.apk in /system/app/. Followed the steps. After completing the steps, and rebooting, I have Superuser.apk in system/app, however with root checker, root not found!
Install busybox installer says that my device is rooted, but install failed.
No root for me
Edit: I got it. I am now rooted. Thanks for everyone's assistance!
RootKeeper says that I have:
- Superuser app installed (yes)
- Device rooted (no)
- Root permission granted (no)
- /system supports root protection (yes)
- Protected su copy available (yes)
However, I can't get true SU and the # prompt. When I enter shell and type 'su' I get:
1|[email protected]:/
So, I'm stuck at instruction #11 when I attempt to mount /system as rw.
Any ideas if I'm still eligible to root this baby?
work beautifully for me!! :good::good:
now have root after a wipe.
thanks for sharing mdpgc.
Failed Step
thenrz said:
This will only work if you can access a root prompt (#) in adb shell! THIS WAS DONE AFTER DOING A WIPE FROM THE VOLUME DOWN MENU WHEN BOOTING THE PRIME! I do not know if this will work without the wipe, but it very well may. Maybe someone more knowledgeable can chime in here.
I had to do a voldown wipe after my update to JB. My prime would reboot after 5-10 seconds into the homescreen after boot. After wiping, I thought for sure my root was screwed until a new exploit was found.
I accessed my device through adb, and realized that I could invoke a root prompt using the su command at the $ prompt. Using ES file explorer, I could see su in /system/bin/ but no su-backup or superuser.apk in /system/app/.
I tried simply installing superuser from the market, but it did not work. The busybox installer would not work, either.
ATTACHED ARE THE EXACT THREE FILES I USED. I do not know if using different version will affect the process!
Here is what worked for me:
1. adb shell
2. su
(# - you should see this now! This will not work without this specific prompt!)
3. type 'exit' press enter, and then 'exit' again. You will now be back at the regular command prompt.
4. adb push C:\(location of attached files)\superuser.apk /data/local/tmp
5. adb push C:\(location of attached files)\su /data/local/tmp
6. adb push C:\(location of attached files)\busybox /data/local/tmp
7. Access the adb shell again, and type su
8. chmod 644 /data/local/tmp/superuser.apk
9. chmod 755 /data/local/tmp/busybox
10. chmod 6755 /data/local/tmp/su
11. mount -o remount,rw /system
12. dd if=/data/local/tmp/Superuser.apk of=/system/app/Superuser.apk
13. dd if=/data/local/tmp/busybox of=/system/bin/busybox
14. dd if=/data/local/tmp/busybox of=/system/xbin/busybox
14a. Chmod 755 /system/bin/busybox and /system/xbin/busybox
15. Reserved
16. busybox rm /system/bin/su
17. busybox cp /data/local/tmp/su /system/bin
18. type su once again to assure you still have access to the # prompt
18a. Chmod 644 /system/app/superuser.apk
19. type exit, and exit again, returning to the regular windows command prompt.
20. type 'adb reboot' (without quotes)
NOTE - you will not need to install the superuser.apk app in the normal sense. It will be installed upon the reboot as a system app automatically!
21. Once your prime has rebooted, go download root checker basic or the like from the play store. Open it, and wait for your superuser prompt!
22. Get the busybox installer from the play store as well, and use that to get the newest version of busybox.
Thanks to daymz from the debugfs thread in development for the basic instructions of what needed to be done!! And also thanks to all before me who got us root in the first place!
I will answer questions to the best of my ability. I am not a developer and do not try to present myself as so... I can tinker with the best, and after losing root, I set out to see if I could figure it out!
Changes made as per tsmt971
Click to expand...
Click to collapse
I fail on step 11... (mount: Operation not permitted). Any suggestions?
tontorus said:
I fail on step 11... (mount: Operation not permitted). Any suggestions?
Click to expand...
Click to collapse
If your prompt isnt turning to the # symbol after SU you don't actually have root =/
hx4700 Killer said:
If your prompt isnt turning to the # symbol after SU you don't actually have root =/
Click to expand...
Click to collapse
Try the steps again. I know I had to do it several times before it was successful for me
I used these steps exactly
1. adb shell
2. su
(# - you should see this now! This will not work without this specific prompt!)
3. type 'exit' press enter, and then 'exit' again. You will now be back at the regular command prompt.
4. adb push C:\(location of attached files)\superuser.apk /data/local/tmp
5. adb push C:\(location of attached files)\su /data/local/tmp
6. adb push C:\(location of attached files)\busybox /data/local/tmp
7. Access the adb shell again, and type su
8. chmod 644 /data/local/tmp/superuser.apk
9. chmod 755 /data/local/tmp/busybox
10. chmod 6755 /data/local/tmp/su
11. mount -o remount,rw /system
12. dd if=/data/local/tmp/Superuser.apk of=/system/app/Superuser.apk
13. dd if=/data/local/tmp/busybox of=/system/bin/busybox
14. dd if=/data/local/tmp/busybox of=/system/xbin/busybox
15. chmod 755 /system/bin/busybox
16. chmod 755 /system/xbin/busybox
17. busybox rm /system/bin/su
18. busybox cp /data/local/tmp/su /system/bin
Type su once again to assure you still have access to the # prompt
19. chmod 644 /system/app/Superuser.apk
20. type exit, and exit again, returning to the regular windows command prompt.
21. type 'adb reboot' (without quotes)
NOTE - you will not need to install the superuser.apk app in the normal sense. It will be installed upon the reboot as a system app automatically!
22. Once your prime has rebooted, go download root checker basic or the like from the play store. Open it, and wait for your superuser prompt!
23. Get the busybox installer from the play store as well, and use that to get the newest version of busybox.
Are you suggesting that if I do a system wipe on my stock rom JB and run your commands I will eventually get root?
Hx4700, i got stuck doing a wipe after the update, and this worked for me. The wipe does not seem to remove su from /system/bin/ meaning we have a way back in through adb.
But, what if Voodoo didn't work before and you are unable to get su through adb in the first place? Are you suggesting that a wipe will resolve the blocked root access or did you have different circumstances?
hx4700 Killer said:
Are you suggesting that if I do a system wipe on my stock rom JB and run your commands I will eventually get root?
Click to expand...
Click to collapse
Anakin_SW said:
But, what if Voodoo didn't work before and you are unable to get su through adb in the first place? Are you suggesting that a wipe will resolve the blocked root access or did you have different circumstances?
Click to expand...
Click to collapse
If you cannot access a root prompt, then i do not believe it will work. Using a file explorer like es, does a su file exist in /system/bin? I had to wipe as i was bootlooping, and cant comment on how it pertains to how i was able to get root back!
thenrz said:
If you cannot access a root prompt, then i do not believe it will work. Using a file explorer like es, does a su file exist in /system/bin? I had to wipe as i was bootlooping, and cant comment on how it pertains to how i was able to get root back!
Click to expand...
Click to collapse
Yes, one does. Also su-backup in /system... Any feelings?
Hm, weird you cant get a root prompt through adb. From my experience, if su exists there, adb should be able to invoke a root prompt. Do you have any issue using adb push?
thenrz said:
Hm, weird you cant get a root prompt through adb. From my experience, if su exists there, adb should be able to invoke a root prompt. Do you have any issue using adb push?
Click to expand...
Click to collapse
Nope adb push works fine. But I can't mount /system rw, which is causing me the headache. Really wish I had known the voodoo update switched around things. I feel so foolish haha.
hx4700 Killer said:
If your prompt isnt turning to the # symbol after SU you don't actually have root =/
Click to expand...
Click to collapse
I figured that would be the problem... Should I root my device using the ICS method first or that wouldn't work any more?
tontorus said:
I figured that would be the problem... Should I root my device using the ICS method first or that wouldn't work any more?
Click to expand...
Click to collapse
Nothing is for me and many others.
Hello guys, I think this is my first thread ever and I would like to ask someone in the know to help me (and probably a lot others) to obtain root on my device which is the Sharp Aquos Zeta SH-02E.
After reading lots and lots of forums in Japanese (which I barely started learning) I found a couple of commands and files to obtain root on the device. Reading it looks simple. However my expertise on the area is no more than 0.
I replied on a dead post with that code and after waiting almost two months I decided to create this thread.
The code goes like this
adb push sh02eunlock /data/rootkit
adb push acdbwritevalue /data/rootkit
adb push su /data/rootkit
adb shell chmod 777 /data/rootkit/
adb shell chmod 777 /data/rootkit/sh02eunlock
adb shell chmod 777 /data/rootkit/acdbwritevalue
adb shell chmod 777 /data/rootkit/su
adb shell
su
cd /data/rootkit/
./acdbwritevalue 0xc0e74998 0x80200000
./acdbwritevalue 0xc0e749a8 0x01000000
./sh02eunlock 0
cat /data/rootkit/su >cat /data/rootkit/su > /system/xbin/su
mount -o rw,remount /system /system
cat /data/rootkit/su > /system/xbin/su
chown root.root /system/xbin/su
chmod 06755 /system/xbin/su
cat /data/rootkit/sh02eunlock > /system/xbin/soff
chmod 755 /system/xbin/soff
mount -o ro,remount /system /system
chmod 755 /system/xbin/soff
sync;sync;sync
The file is available at the bottom. That's all I got. I really need to delete all this spy/statistics apps from the phone and without root it's impossible.
Thanks in advance.
I don't know if bumping = ban but I will take the risk.
Wow! It's really painful to have so many functions on this phone and not be able to use them because I'm not using a specific company's sim card. Without root, I am not even able to use the FM functions.
Fot the love of cheesecake (or chocolate cake, whatever is your favorite), help me out with this. I won't bother anymore after this reply. Thanks.
Hey guy
see this forum ttp://desktop2ch.tv/smartphone/1374753134/
number 136 :good:
Got root, then su binary installed need some help backtracking a few things. If someone is up for it?
I guess the first thing first is. The first time I adb shell'd I got promted with root user: ( does this happen right off the bat for anyone else? I did a few things before this with modstrings and busybox. But, didn't try adb till after)
Code:
adb shell
[email protected]:/ #
Once I noticed I had root on shell I simply found the system mount at /dev/ubui0_0 and I mounted it rw.
Code:
[email protected]:/ # mount -o remount, /dev/ubi0_0
moved the su binary over to the sdcard. wrote it to system/xbin link named to /system/bin. gave permisions.
Code:
adb push su /sdcard/
[email protected]:/ # cat /sdcard/su > /system/xbin/su
[email protected]:/ # ln -s /system/xbin/su
[email protected]:/ # chmod 6755 /system/xbin/su
[email protected]:/ # su
[email protected]:/ # :D
Off I went. I need to update the binary, but as of right now Superuser shows root as 'allow', SuperSU deny (think it old binary).
If you guys are not getting root after adb shell on this device, I think I can backtrack the modstrings and other stuff I did.
I really don't know where this device sits on getting rooted. It seems like some windows programs did it before an update that happened at some point, but not anymore? I don't have access to windows so I don't keep up with those methods.
Thanks! Hope someone can help me out.