Prerequisites:
Dirty Santa
ADB
HOW TO: (UPDATE COMING SOON...)
Follow DirtySanta all the way through step 3.5
Step 1: On Windows, double-click "RUNMEFIRST.bat, DO NOT CLOSE THE LOG WINDOW THAT OPENS, then double-click "Step1.bat"
On Linux,
./RUNMEFIRST.sh
Step 2: Open a Separate Terminal, then run
./Step1.sh
Step 3: Wait for shell prompt then.
run-as con
chmod 0777 /storage/emulated/0/*
This will not give you full root access!
Please comment if you're willing to help me out in getting root.
Just so everyone knows I am not taking credit for writing any of the code, none of it was me, I just was fiddling try to create root and found this worked to get root over ADB.
when does this wear off?
tommy7115 said:
when does this wear off?
Click to expand...
Click to collapse
I have not done enough to know for sure, but all the changes you made are going to reset most likely be on a reboot.
abine45 said:
Prerequisites:
Dirty Santa
ADB
HOW TO:
Follow DirtySanta all the way through step 3.5
That should give you a temporary root. I am on android 6.0, not sure if this will work on five but I don't see why it wouldn't. from there i'm going to try to make root.
Just so everyone knows I am not taking credit for writing any of the code, none of it was me, I just was fiddling try to create root and found this worked to get root over ADB.
Click to expand...
Click to collapse
Would you please write a guide for doing root step by step?THX
alexanderzhang said:
Would you please write a guide for doing root step by step?THX
Click to expand...
Click to collapse
I will either tonight or tomorrow. I'm in the process to actually getting a full root, I think i'm on to something and may be able to get this to work. This is just a temporary thing for people to try.
abine45 said:
I will either tonight or tomorrow. I'm in the process to actually getting a full root, I think i'm on to something and may be able to get this to work. This is just a temporary thing for people to try.
Click to expand...
Click to collapse
OK, My mother language isn't Eng, so I can't understand the meaning of "Follow DirtySanta all the way through step 3.5".
Is your meaning that flollow the guide from step 1 to step 3.5?
Im not getting root access, root check is not recognizing it and neither is an app like freedom
Testing it right now. @alvislee[email protected]
---------- Post added at 11:00 PM ---------- Previous post was at 10:28 PM ----------
I got a tmp root shell. Now working on installing su and changing selinux status with chainfires tools.
alvinator94 said:
Testing it right now. @alvislee[email protected]
---------- Post added at 11:00 PM ---------- Previous post was at 10:28 PM ----------
I got a tmp root shell. Now working on installing su and changing selinux status with chainfires tools.
Click to expand...
Click to collapse
How did you achieve the root shell, I can't get it working.
tommy7115 said:
How did you achieve the root shell, I can't get it working.
Click to expand...
Click to collapse
Download v20.zip
extract it
run "RUNMEFIRST.bat"
give it a second and then run STEP1.bat
wait and itll show up as a normal shell "$"
then type in "run-as con" without the quotes
then you will see "#"
alvinator94 said:
Download v20.zip
extract it
run "RUNMEFIRST.bat"
give it a second and then run STEP1.bat
wait and itll show up as a normal shell "$"
then type in "run-as con" without the quotes
then you will see "#"
Click to expand...
Click to collapse
Yeah but then the next line does nothing, by that I mean chmod 0777 /storage/emulated/0/*
Plus even if that works how do I get root?
tommy7115 said:
Yeah but then the next line does nothing, by that I mean chmod 0777 /storage/emulated/0/*
Plus even if that works how do I get root?
Click to expand...
Click to collapse
Do you see the # symbol after you type run-as con
if so then i believe you have a temporary root shell.
by the way, the line after that is just giving elevated permissions to your entire internal storage, this part of the code does not apply to us as we do not need to give more permissions to anything on our internal storage as we will not be using them unlike the other several steps on that dirty santa post.
the problem is, even though we have a sort of root shell selinux is stopping us from being able to modify any of the other files.
alvinator94 said:
Do you see the # symbol after you type run-as con
if so then i believe you have a temporary root shell.
by the way, the line after that is just giving elevated permissions to your entire internal storage, this part of the code does not apply to us as we do not need to give more permissions to anything on our internal storage as we will not be using them unlike the other several steps on that dirty santa post.
the problem is, even though we have a sort of root shell selinux is stopping us from being able to modify any of the other files.
Click to expand...
Click to collapse
Thanks for clarifying that:good:
alvinator94 said:
Do you see the # symbol after you type run-as con
if so then i believe you have a temporary root shell.
by the way, the line after that is just giving elevated permissions to your entire internal storage, this part of the code does not apply to us as we do not need to give more permissions to anything on our internal storage as we will not be using them unlike the other several steps on that dirty santa post.
the problem is, even though we have a sort of root shell selinux is stopping us from being able to modify any of the other files.
Click to expand...
Click to collapse
What are you thinking to get full root from here?
Flash a modified boot img somehow that still let's the phone boot but gives us root even with the SElinux still set to enforcing. Go reading on the dirty cow thread and get caught up
Is this an option if I wanted to change my font or do something that required root? Would it survive past a reboot?
JRM_3 said:
Is this an option if I wanted to change my font or do something that required root? Would it survive past a reboot?
Click to expand...
Click to collapse
This is still exactly what you see when reading through the post. Please follow the main ROOT thread from Albine45 (patiently wait for Albine's frequent updates on progress) and when full root is achieved, you'll know and a guide will show up to walk you through. For now, you can change system fonts in your settings menu on Android. There are a few free built in fonts and others you can purchase. Just look through your settings menu.
snapz54 said:
This is still exactly what you see when reading through the post. Please follow the main ROOT thread from Albine45 (patiently wait for Albine's frequent updates on progress) and when full root is achieved, you'll know and a guide will show up to walk you through. For now, you can change system fonts in your settings menu on Android. There are a few free built in fonts and others you can purchase. Just look through your settings menu.
Click to expand...
Click to collapse
Thank you so much. I'll definitely be watching for full root?
After I run "run-as con" package 'con' is unknown
Any solutions?
I only need to delete or rename /system/bin/logd it's giving me some troubles, battery drain and over heating.
Enviado desde mi VS990 mediante Tapatalk
windows 7 supported???
Related
Hello everyone!
You may or may not know me, however I have secretly been working behind the scenes with ChiefzReloaded to learn how Android works. Together we have been trying to develop new ways to root the Slide, primarily because we both landed in a sticky situation that left us both without root and without a way to revert to root.
After many long hours of trying to restore my phone, I have now ported the exploid exploit to the MyTouch Slide! This means that you can gain root on any version of the Slide, INCLUDING the latest OTA! However, this isn't necessarily "easy" as in the One-Click Root program, but there are reasons for this. While Android is running we cannot write to /system and even if we force Linux to let us, the NAND protection will prevent Linux from completing the write!
To get started, please see the bottom of this post for the link and download it. You will want to download it to your computer and not your phone's SD card. Also, you will need the tools from the Android SDK. I would suggest extracting the file from my zip at the bottom of this page into the Android SDK's tools directory.
Extract the zip
Make sure your phone is in USB debugging mode AND you are in "Charge Only" mode.
Connect your phone to your computer.
Make sure you're in the same directory as where exploid is extracted before continuing to the next step.
Issue the following command: adb push exploid /sqlite_stmt_journals. Note: It MUST be in that directory - NO exceptions.
Run: adb shell
Run: cd /sqlite_stmt_journals
Run: chmod 0755 exploid
Run: ./exploid
Toggle your phone's Wifi (on or off, however you wish to do that).
Now (again) run: ./exploid (if prompted for a password enter: secretlol)
The next line should now begin with a pound (#) - if not, then something isn't setup right. Make sure to follow the directions verbatim. If you suspect you did follow them correctly, please reply to this post letting me know.
You should now be root! At this point you can do many things, but if you're looking to flash a custom ROM, continue to these instructions:
[NEW 10/18/2010:]
Steps 1-12 are intended to get you the ability to flash mtd0.img (which previously required using the SimpleRoot method) by gaining root inside of Android. By following the instructions in the rest of this section, it will allow you to flash a ROM or S-OFF your device:
The files you need are at: http://forum.xda-developers.com/showthread.php?t=703076- download both files linked in there (ESPRIMG.zip and SlideEng-package.zip)
Extract the contents of SlideEng-package.zip to a place of your choosing on your computer.
Place the entire (unextracted) ESPRIMG.zip on your SDcard.
Now push the files 'flash_image' and 'mtd0.img' that you just extracted from SlideEng-package.zip to /data/local using 'adb push'. (Noob? Instead of using 'adb push', install Droid Explorer and, using that utility, copy the 'flash_image' and 'mtd0.img' files to /data/local on your Slide)
Now I'm going to assume your phone is at root prompt (#) using steps 1-12. So now do (without typing the '#' symbols in front of both lines - they're just there to remind you that you need to be at a '#' prompt):
Code:
# cd /data/local
# chmod 04755 flash_image
# ./flash_image misc mtd0.img
Before you reboot make sure that the ESPRIMG.zip is on your SDcard!
Now turn off the phone.
Then press Volume-Down + Power.
The phone will power on and after about 5 minutes of verifying ESPRIMG.zip it will ask you if you want to flash it.
Press Volume-Up for 'YES' and wait until it finishes (ABSOLUTELY DO NOT POWER DOWN WHILE IT'S STILL FLASHING!!!).
Now when you go into recovery it should allow you to 'Apply update.zip from sdcard' (booting into Clockwork). If you don't have the Clockwork update.zip, here it is: http://www.4shared.com/file/OTRU7T3y/update_2.html (rename to update.zip after downloading since it's currently update_2.zip, then place it on your sdcard).
[/NEW 10/18/2010]
[NEW 12/30/2010]
Optional: Now that you're rooted you might want to disable all flash memory protections so you can permanently flash Clockworkmod (recovery - no more using an update.zip!) as well as other random things. Check here for details: http://forum.xda-developers.com/showthread.php?t=798168
[/NEW 12/30/2010]
CREDIT GOES TO:
[*] ChiefzReloaded! (For helping me learn the intricacies of Android and patiently answering all of my questions)
[*] 743C (For developing the original exploit)
Source code: (Yes, it's hackish. I was just trying to figure out why the system kept rebooting and haven't cleaned up the code since) download
DOWNLOAD:
http://www.4shared.com/file/CZsxSq-f/exploid.html
DONATE:
(Anything helps!)
(Some people may wonder why this is special compared to the One Click Root application. What's important is that One Click Root doesn't work on Slides running production/retail software, likely the same problem I had to fix to get exploid to work in my version.)
Thats whats up!!
If you be trollin then YOU BES TRAWLLIN
But if not then good job nb!
Sent from my T-Mobile myTouch 3G Slide using XDA App
Can you provide the source? No offense, but I tend not to run homebrew C programs that I didn't compile myself.
Thanks for all the work!
falken98 said:
Can you provide the source? No offense, but I tend not to run homebrew C programs that I didn't compile myself.
Thanks for all the work!
Click to expand...
Click to collapse
Sure, I was getting around to that - and I understand your concern. I'll post it in a second.
falken98 said:
Can you provide the source? No offense, but I tend not to run homebrew C programs that I didn't compile myself.
Thanks for all the work!
Click to expand...
Click to collapse
You think nb is distributing a virus disguised as a root method?
Waaaaaat
Sent from my T-Mobile myTouch 3G Slide using XDA App
r0man said:
You think nb is distributing a virus disguised as a root method?
Waaaaaat
Click to expand...
Click to collapse
It is a bit funny, but I do understand his concern. I've posted the source code into the original post. Compiling it should result in the same hash as the binary I posted.
Good to see this I suggested this in another thread glad to see it in use thanks a bunch
nbetcher said:
It is a bit funny, but I do understand his concern. I've posted the source code into the original post. Compiling it should result in the same hash as the binary I posted.
Click to expand...
Click to collapse
Ill take a look at it when I get home.
ilostchild said:
Good to see this I suggested this in another thread glad to see it in use thanks a bunch
Click to expand...
Click to collapse
I actually had to do a lot of work on it. It doesn't quite work the same as the original exploid simply because the original exploid crashes the entire system and reboots. This causes the rootshell to never be committed to NAND and thus you get no where. I had to keep playing with things until I found a different method that works. It took several hours of me being upset with it, but watched the latest Burn Notice, came back to it, and BAM I had a stroke of genius.
where is rootshell? i can't exicute rootshell nor can i "cp" any files from sdcard however i do have a # instead of a $
Armyjon88 said:
where is rootshell? i can't exicute rootshell nor can i "cp" any files from sdcard however i do have a # instead of a $
Click to expand...
Click to collapse
Ignore that portion of the instructions provided by the program. As I stated, this is not intended for non-developers at this point. The # is your indication that you're running as root.
I am headed to work, but I don't usually have much going on there - I will be setting up a much cleaner system/environment for non-developers to work with and perma-root their phones with over the next few hours. Stay tuned!
Sweet
Sent from my T-Mobile myTouch 3G Slide using XDA App
having # and running as root as stated before u can actually follow with eng and then custom recovery and ur choice's rom..pls correct me if im wrong..thanx
statuzz said:
having # and running as root as stated before u can actually follow with eng and then custom recovery and ur choice's rom..pls correct me if im wrong..thanx
Click to expand...
Click to collapse
i'm also wondering the same thing, because i got the exploid working, and i have the # in the shell, but when i go to follow the instructions to flash the eng-release, i can't cd to any different dirs, nor can i push any files to the phone. i have the ESPRIMG.zip copied to my sdcard, so could i just reboot into recovery and flash the nbh from there? any help is appreciated.
nbetcher said:
Ignore that portion of the instructions provided by the program. As I stated, this is not intended for non-developers at this point. The # is your indication that you're running as root.
I am headed to work, but I don't usually have much going on there - I will be setting up a much cleaner system/environment for non-developers to work with and perma-root their phones with over the next few hours. Stay tuned!
Click to expand...
Click to collapse
Let me know if you want to work together on some kind of one-click root app for the Slide. If the commands work through the terminal on the phone itself rather than via adb, I could probably make this into an app already, but since you're working on a more non-developer-friendly version, I'll just wait until that's out
televate said:
i'm also wondering the same thing, because i got the exploid working, and i have the # in the shell, but when i go to follow the instructions to flash the eng-release, i can't cd to any different dirs, nor can i push any files to the phone. i have the ESPRIMG.zip copied to my sdcard, so could i just reboot into recovery and flash the nbh from there? any help is appreciated.
Click to expand...
Click to collapse
I'm delaying the release of my non-developer program for another couple hours.
As far as what you said above, all you need to do after gaining the # prompt is (in a separate window):
adb push flash_image /data/local
adb push mtd0.img /data/local
(switch back to your # adb shell, then type
cd /data/local
chmod 04755 flash_image
./flash_image misc mtd0.img
Then reboot and apply the ESPRIMG.zip. All of these files are found on the same post that I referenced in my OP. These instructions are all in that same page.
televate said:
i'm also wondering the same thing, because i got the exploid working, and i have the # in the shell, but when i go to follow the instructions to flash the eng-release, i can't cd to any different dirs, nor can i push any files to the phone. i have the ESPRIMG.zip copied to my sdcard, so could i just reboot into recovery and flash the nbh from there? any help is appreciated.
Click to expand...
Click to collapse
Im also stuck since im not sure if you can update to eng from the ota..But first i want to personally thank the OP & CR for providing this.
This would be great for a One Click method
this would be nice to work into a one click root!
And This did work for me!
Does this root method gets /system moumted when android running?In short do we finaly get metamorph and root explorer working?
https://sites.google.com/site/mophocorner/
Site to help with everything Motorola Photon 4G.
Hoping to help with newbies that want to flash, root, unlock, etc. before they get stuck and have to wait for replies to fix there phone, Hopefully this guide will just work and they wont HAVE to post for help. That is the point of this at least! Let me know if there is anything I can add or change and I will gladly give it some thought!
Thanks!
I have updated the page, just so everyone knows!! Check it out!!! Let me know if I am missing anything.
Sent from my Xoom using XDA
The photon torpedo method is needed to root the 2.3.5 version just released.
Sent from my MB855 using Tapatalk 2
THANKS!
Thank you for that. Added the Torpedo root method! =]
Thanks for putting all that info into one spot! Definitely helps out that much more as it is somewhat easier to refer to rather than bouncing from one post to another here in the forums! I would imagine it'll help out many people (including me!).
I'm still fairly new to some things and some times the added explanation of certain topics and/or issues is what's needed to get the job done!
Also, as far as the *photon-torpedo* root method goes... I used that method without an issue on Android 2.3.4. After updating to Android 2.3.5 the other day, I used that same method again without issue and it worked perfectly! Unfortunately (at least from what I've read), being that I updated to 2.3.5, I won't be able to unlock the bootloader as if right now. Not really something I'm too concerned about, being that I hadn't prior to the update anyway.
Sent from my MB855 using Tapatalk 2
I hate to be that guy but this is certainly relevant to the discussion at hand. I used the Photon Torpedo method originally when it first came out. Since then I have kept it stock and performed the OTA updates as they come. After each update I just run the last two commands:
/data/tmp/photon-torpedo.sh
/data/tmp/install-su.sh
Always worked in the past. I just got updated to the new "2.3.5" and I can't seem to get root back. The photon-torpedo script has multiple errors "libpcprofile.so cannot be loaded as audit interface" and "permission denied". Consequently the install-su script doesn't succeed. Can't mount /system as RW and everything is permission denied.
Worst part is that the SU binary still exists in /system/bin/su but I can't use it. I get permission denied on everything I try.
Am I borked? Is there something I have forgotten?
Jleeblanch, are you using the new update from Motorola from the soak test?
Grep,
To answer your question, yes. The new update unroots your device so you will have to re-root using the photon-torpedo method again.
I was rooted prior to the update with that method and after the update I was un-rooted! Trying to re-root using Terminal Emulator on device wouldn't work. Got "permissions denied" when running the tar command. But, using adb on the computer worked without a problem!
So basically, just redo the torpedo root method from step 1 and you'll successfully get root back guaranteed!!
Hope that helps!
Also, I had the SU binary in place as you did along with other root specific apps. Those apps are pretty much worthless until you gain root again.
It has been confirmed in the "soak" that 2.3.5 update will completely un-root your device...
Sent from my MB855 using Tapatalk 2
nice. should come in handy for others. even me cuz im kind of a noob.... waiting for way around locked bootloader after 2.3.5 ota
Sent from my Motorola Electrify using XDA
Grep_The_Truth said:
I hate to be that guy but this is certainly relevant to the discussion at hand. I used the Photon Torpedo method originally when it first came out. Since then I have kept it stock and performed the OTA updates as they come. After each update I just run the last two commands:
/data/tmp/photon-torpedo.sh
/data/tmp/install-su.sh
Always worked in the past. I just got updated to the new "2.3.5" and I can't seem to get root back. The photon-torpedo script has multiple errors "libpcprofile.so cannot be loaded as audit interface" and "permission denied". Consequently the install-su script doesn't succeed. Can't mount /system as RW and everything is permission denied.
Worst part is that the SU binary still exists in /system/bin/su but I can't use it. I get permission denied on everything I try.
Am I borked? Is there something I have forgotten?
Jleeblanch, are you using the new update from Motorola from the soak test?
Click to expand...
Click to collapse
Sent from my MB855 using Tapatalk 2
Root
You could always use root-keeper from the market if your lazy like me.
the link to the download torpedo is not working
spursrob said:
the link to the download torpedo is not working
Click to expand...
Click to collapse
The Imperium has your back. I will be upping a new guide and Root-Unlock-Relock pack soon but hosting is changing servers so for now torpedo is attached to this post.
Lokifish Marz said:
The Imperium has your back. I will be upping a new guide and Root-Unlock-Relock pack soon but hosting is changing servers so for now torpedo is attached to this post.
Click to expand...
Click to collapse
Clearly, I am retarded....I have studied this post 15 times but I can't find any way to see an attachment. Where is it?
cool old lady said:
Clearly, I am retarded....I have studied this post 15 times but I can't find any way to see an attachment. Where is it?
Click to expand...
Click to collapse
try it now, post 6. Are you on 2.3.4 or 2.3.5? If you're on 2.3.4 then just use the root/unlock/relock pack (the link is at the top of post 6.
OK - I see it now and I've downloaded it - thank you very much. I am on 2.3.5 from the soak test.
Are these still the correct/only instructions? If so I may still be in trouble...my "favorite method....into /data/tmp"? I don't know any method, much less have a favorite.
Instructions:
Use your favorite method to get photon-torpedo.tar into /data/tmp
Install Superuser from the Market
Install Android Terminal Emulator from the Market
Run Android Terminal Emulator
Run cd /data/tmp
Run /bin/tar xf /data/tmp/photon-torpedo.tar
Run /data/tmp/photon-torpedo.sh
Run /data/tmp/install-su.sh
I'm actually on my way to bed. I will write a more detailed walkthrough tomorrow and post it in the Photon Compendium. Eventually I plan to script the entire process but am working on unified webtop stuff right now.
Grep_The_Truth said:
I hate to be that guy but this is certainly relevant to the discussion at hand. I used the Photon Torpedo method originally when it first came out. Since then I have kept it stock and performed the OTA updates as they come. After each update I just run the last two commands:
/data/tmp/photon-torpedo.sh
/data/tmp/install-su.sh
Always worked in the past. I just got updated to the new "2.3.5" and I can't seem to get root back. The photon-torpedo script has multiple errors "libpcprofile.so cannot be loaded as audit interface" and "permission denied". Consequently the install-su script doesn't succeed. Can't mount /system as RW and everything is permission denied.
Worst part is that the SU binary still exists in /system/bin/su but I can't use it. I get permission denied on everything I try.
Am I borked? Is there something I have forgotten?
Jleeblanch, are you using the new update from Motorola from the soak test?
Click to expand...
Click to collapse
Me to, had to used one click Root (20 times)
Navigate to the Android Market and install the “Superuser” application from ChainsDD
Download and extract 22MB Root-Unlock-Relock.zip from the Imperium website
Go to the "rsd drivers" folder located in the Root-Unlock-Relock folder and install the drivers for your system (32bit or 64bit windows)
Download photon-torpedo.tar
Place photon-torpedo.tar in the "AIO Root" folder located in the Root-Unlock-Relock folder
On your phone, in menu/settings/applications/development make sure usb debugging is checked
Connect your phone to your computer and select "charging" mode from the connections options in notifcations
From the "AIO Root" folder, double click the "Command Prompt" shortcut
Type the following commands:
adb push photon-torpedo.tar /data/tmp
adb shell
cd /data/tmp
/bin/tar xf /data/tmp/photon-torpedo.tar
/data/tmp/photon-torpedo.sh
/data/tmp/install-su.sh
Ignore the errors when running torpedo and let the process complete.
Once I get some free time I'll write a single script covering everything from rooting to SBFing back to stock. My goal is to get any given process down to ten keystrokes or less.
Hmph. Well....I think it worked. Root Checker says "congrats" - but wasn't it supposed to wipe all my stuff from the phone or something?
no root doesn't wipe data. (neither does unlock if done right)
Sent from my mopho
So I bricked my Kinde Fire HDX by changing the build.prop and not fixing permissions. I have adb access but no root (I don't know why :S). Would a factory reset work? If not, how can I get to fix the build.prop or replace it with the old one? thank very much, I've been a couple hours looking for solution but I couldn't find any.
No, a factory reset would only break it further. It would remove your adb access and not fix anything. What makes you think you lost root? Have you tried "adb shell" then "su"?
Sent from my Amazon Tate using Tapatalk
r3pwn said:
No, a factory reset would only break it further. It would remove your adb access and not fix anything. What makes you think you lost root? Have you tried "adb shell" then "su"?
Sent from my Amazon Tate using Tapatalk
Click to expand...
Click to collapse
I used the HDX ToolKit v0.92 to check the root access, and it said "Please grant root on your device"
I've also tried "adb shell", and then "su", but it just returns "su" again. I am new with adb commands so I don't really know what it should show.
Thank you very much for your help
May I ask what version you were on before you bricked?
Sent from my Amazon Tate using Tapatalk
14.3.2.3.2, last update I think.
?
peter_b93 said:
14.3.2.3.2, last update I think.
Click to expand...
Click to collapse
Fixed?
jimyv said:
Fixed?
Click to expand...
Click to collapse
Nope, I couldn't find any way to get root acces again. But nevermind, my new kindle fire will be here in two days. I am surprised how well amazon costumer service works. Even though I bought my kindle in the US and now I am in Spain (not going back), they called me from the US for free, and they are paying all the shipping costs and sending it by priority shipping.
I am still interested if anyone knows how to fix it, just for fun
well
peter_b93 said:
Nope, I couldn't find any way to get root acces again. But nevermind, my new kindle fire will be here in two days. I am surprised how well amazon costumer service works. Even though I bought my kindle in the US and now I am in Spain (not going back), they called me from the US for free, and they are paying all the shipping costs and sending it by priority shipping.
I am still interested if anyone knows how to fix it, just for fun
Click to expand...
Click to collapse
It sounds like to me that you still root access you just were not mounted RW in other words it would not boot up completely so you could hit allow to the adb Shell. So you will have to mount system rw manually Try last 3 pages of this thread http://forum.xda-developers.com/showthread.php?t=2588608. He can fix you most likely if you can comprehend and follow directions.. or if ur understanding adb is fair you'll be able to probably extract your repair from the thread as is.
jimyv said:
It sounds like to me that you still root access you just were not mounted RW in other words it would not boot up completely so you could hit allow to the adb Shell. So you will have to mount system rw manually Try last 3 pages of this thread http://forum.xda-developers.com/showthread.php?t=2588608. He can fix you most likely if you can comprehend and follow directions.. or if ur understanding adb is fair you'll be able to probably extract your repair from the thread as is.
Click to expand...
Click to collapse
I've tried what it is said in the other thread. However, the problem there is that the guy cannot get his device to be recognized.
I've tried this:
adb root
adb shell
su
mount -o rw,remount /system *****- if this fails, try: mount -o remount /system
chmod 644 /system/build.prop
chown root.root /system/build.prop
reboot
But adb root gives me this error:
adbd cannot run as root in production builds
On the other hand if I skip the "adb root" step I cannot go further than "su" since I don't get the "[email protected]:/ #" line.
well
peter_b93 said:
I've tried what it is said in the other thread. However, the problem there is that the guy cannot get his device to be recognized.
I've tried this:
adb root
adb shell
su
mount -o rw,remount /system *****- if this fails, try: mount -o remount /system
chmod 644 /system/build.prop
chown root.root /system/build.prop
reboot
But adb root gives me this error:
adbd cannot run as root in production builds
On the other hand if I skip the "adb root" step I cannot go further than "su" since I don't get the "[email protected]:/ #" line.
Click to expand...
Click to collapse
Well since you do have ADB connectivity why can't you hook a bruting utility and push root ? Romaster_3.4.3.7593_Setup use as describe back in the roll back thread and the rooting thread 4 the new yes I kno wat is in chinese but this is the 1 that you must use sent you cannot install the apk install software plugin your tablet look at the upper right corner you will see an gear icon tap that then second row down second icon over "root"
jimyv said:
Well since you do have ADB connectivity why can't you hook a bruting utility and push root ? Romaster_3.4.3.7593_Setup use as describe back in the roll back thread and the rooting thread 4 the new yes I kno wat is in chinese but this is the 1 that you must use sent you cannot install the apk install software plugin your tablet look at the upper right corner you will see an gear icon tap that then second row down second icon over "root"
Click to expand...
Click to collapse
FIXED!!!!!
The chinese software worked! Thank you very much! As I first rooted with towelroot I wasn't aware that it was possible to root without booting into android! I think I won't edit the build.prop again lol.
peter_b93 said:
FIXED!!!!!
The chinese software worked! Thank you very much! As I first rooted with towelroot I wasn't aware that it was possible to root without booting into android! I think I won't edit the build.prop again lol.
Click to expand...
Click to collapse
Ok now use this http://forum.xda-developers.com/showthread.php?t=2532818 and uninstall romanager from pc...and reboot... And BTW modifying your build prop is alot easier useing build prop editing app. It takes care of permissions anyway as long as you entrys are correct..
jimyv said:
Ok now use this http://forum.xda-developers.com/showthread.php?t=2532818 and uninstall romanager from pc...and reboot... And BTW modifying your build prop is alot easier useing build prop editing app. It takes care of permissions anyway as long as you entrys are correct..
Click to expand...
Click to collapse
Good call on RomMaster. I have no idea what it is doing since I haven't had any time to look at it, but I'd figured it was an app like TR. At any rate, nicely done. :good:
sweet
GSLEON3 said:
Good call on RomMaster. I have no idea what it is doing since I haven't had any time to look at it, but I'd figured it was an app like TR. At any rate, nicely done. :good:
Click to expand...
Click to collapse
I'm not sure either that's why when I used it I was on a blacklisted unit and I kept the PC and the tablet and airplane mode at all times. Until I was certain I got all the files off of both before I let them go to Wi-Fi Chinese files that is.. But one thing I was very curious about is if you open that tool up the Chinese tool that is an you go to the same page you would hit the anchor to root to your device just below that it says fastboot I'm wondering if they have a fastboot working for also too bad nobody here know Chinese..
Yep, you read that right and I'm not trolling. THE ZMAX IS ROOTED!!
Discaimer and N00Bproof warning:
We have root, yes, but that doesn't mean get hasty. At the moment, there are partition images (system, boot and recovery) in my and other users' possession (free of access to all), but we don't have a working recovery at the moment and this process involves deleting the stock recovery (it will make sense later). So, if you screw up and get root-happy, there's no way to recover until we get a recovery and a custom rom, and even then you might be screwed because we don't have access to the bootloader to use fastboot. Things may change, but root-use with caution.
Also, once you root, DO NOT TAKE ETAs from T-Mo and ZTE!!!!!!! Now that we have root, we can capture the OTA and make it root-friendly. To make a long story short, the updater-script (thing that tells your recovery where and how to flash stuff) has a list of stuff it has to... well... flash. If you, for example, delete the stock ZTE Music app, and the ETA replaces the app with a new version, it's going to stop (because the script requires a REPLACEMENT and not a PLACEMENT, computers don't have the best common sense), then it will interrupt and you will likely be bricked. This shouldn't be a problem because you don't have a recovery to begin with, but I'm not taking chances here.
NOW! Let's Root. This is a long process, so don't expect to do anything for a good 10-20 minutes.
FIRST: KINGROOT
This is one of those things where your mileage may very, there have been many different ways to get KingRoot (not King"O"Root, two different apps) to work, but this one was the one that worked for me. I'll also place alternate KingRoot methods in the second post if you wanna try those. Just for the sake of knowledge, this was run on a T-Mobile ZTE ZMAX, Android 4.4.2, build 22. I don't know if it makes a difference that I factor reset my phone before doing another round of root attempts (not this one specifically, maybe a couple hours worth of attempts).
Credits to @fire3element for this method.
1) Download KingRoot APK from here (the first one with the image of the phone if you are on the desktop site).
2) Install KingRoot and run it. It will restart the phone, and it will fail (or, if you have some Android God luck, it may succeed), this is supposed to happen.
3) Clear KingRoots cache and data (in that order) and power off the phone (not reboot). Then, power it back on again.
4) Now this is where things get... well complicated for this part. You are going to need to load your RAM with a bunch of processor heavy stuff. The person that made this method used CounterSpy and Final Fantasy Type-0 in the PPSSPP v1.0.1-411 emulator, but for those of you that don't have access to that, get creative and load up. Here is what I had running (all at the same time, mind you).
Note: Force Stop Task Manager in the app settings first or it will purge to free memory automatically and this won't work.
1. Next Launcher Lite
2. Apex Launcher
3. Nova Launcher
4. Cheetah Launcher
5. CM Launcher
6. Mi Launcher
7. 25 tabs on Google Chrome (No joke)
8. Both Temple Runs
9. Fruit Ninja
10. Google Play Store
11. Google Now
12. Google Play
13. Amazon
14. Google Play Music
Mine was definitely a bit extreme but I knew all of this stuff would guarantee a good memory hogging.
5) Run all of your apps at the same time. The TL;DR for this is that apparently it's some exploit that the app uses as a buffer overflow. Now, go to settings and Force Stop KingRoot. Then Run it again. If it works, you should go from 0 to 100 real quick (no pun intended). It shouldn't progess slowly or reboot the phone to do this, but your journey does not stop here.
Click to expand...
Click to collapse
If you did it correctly, the screen from a successful root will have a green checkmark. Run RootChecker to verify root status.
SECOND: PERMA-ROOT
Now you need to permanently root the phone. This method was all @jcase, and simplified by another user. I encourage you to read JCase's original G+ post to learn something, as this guy is the master of exploits, and we are on XDA to learn.
Credits to @xtremeasure for the simplification of JCase's process.
1) Plug phone into computer...
2) Open cmd type "adb shell" (without quotes, moving forward, type all commands without quotes). This will open a terminal for the phone.
3) While in ADB Shell, type "su" to gain root shell privileges
4) Type "getprop ro.build.fingerprint"
Output for that command should be...
zte/P892T57/draconis:4.4.2/KVT49L/20140804.141306.18686:user/release-keys (the part with P892T57 may be different depending on what model ZMAX You have). If you haven't updated that number will be different, this ok, just replace the number in the next command with whatever your output is.
5) type "setprop persist.sys.k P892T57"
6) type "getprop persist.sys.k" and your output should be your build number
7) type "cd /dev/block/platform/msm_sdcc.1/by-name/" to change directories so that we can back up your recovery image (remember I said something about that?) and set the boot to our recovery partition.
8) type "dd if=recovery of=/sdcard/recovery.img" to backup the recovery image.
9) type "dd if=boot of=recovery" to set recovery as boot. Another TL;DR is that this disables the write protection set by the stock recovery, allowing you to write to the system. It will mount the /system partition upon boot.
DELETE KINGUSER NOW
10) type "reboot recovery" and restart your phone. YOU MUST RESTART WITH THIS COMMAND!!!!! It will boot straight into Android, this is good, that means you haven't screwed up anything.
11) Reopene the adb shell (using "adb shell") in your command prompt or terminal (for OSX and Linux) and type "Id". If your output is "uid=0(root) gid=0(root) context=u:r:shell:s0" then It worked...
12) Remount system as writable "mount -o rw,remount /system"
13) Manual install for supersu you can get that here: http://download.chainfire.eu/supersu
14) Type "exit" into the terminal/command and it should drop you back to your normal cmd...unzip the su zip anywhere you want in your cmd switch to that directory...
14B) I advise taking the "su" binary and "install-recovery.sh" file from the superSU folder you downloaded and putting them in the same place (on the desktop or wherever your adb.exe is if you didn't set $PATH on your computer). su can be found in the "arm" folder and install-recovery.sh can be found in the "common" folder. It is important to note that where ever your files are, you will have to type that path (if it isn't in the same directory as your adb). So, as an example, I put mine on the desktop, so I have to type "adb push ~/Desktop/su /data/local/tmp/su". If you do not know how to do that, then stop what you are doing and research it, as that's just too much to explain.
15) "adb push su /data/local/tmp/su"
16) "adb push install-recovery.sh /data/local/tmp"
17) Reenter adb shell with "adb shell"
18) Make sure system is mounted writable with "mount -o remount,rw /system"
19) Move the so files into place with these commands
"cat /data/local/tmp/su > /system/xbin/su"
"cat /data/local/tmp/su > /system/xbin/daemonsu"
"cat /data/local/tmp/install-recovery.sh > /system/etc/install-recovery.sh"
20) Give them all permissions
"chmod 755 /system/xbin/su"
"chmod 755 /system/xbin/daemonsu"
"chmod 755 /system/etc/install-recovery.sh"
21) Reboot your phone to complete install with "reboot"
22) After rebooting go into the play store and install the supersu app. It's going to tell you the su binary is out of date to fix that we need to open the adb shell on our pc again with "adb shell"
23) Reboot into recovery (you're really rebooting the system with r/w privileges) using "reboot recovery"
24) Once rebooted open the app and update your binaries one finished reboot add your done 100% perm rooted
Click to expand...
Click to collapse
Now, you are rooted! If you did everything right, you should be good. Now people are going to ask, "Is there a script for this?" The short answer is No, don't hold your breath for something immediate. There was a user that said he would be happy to make one for the second half, but the writing, testing and verification of success alone on that will take some time, as the wrong line of code can make you end up with a good old fashioned paperweight. I can verify Xposed works fine, Viper4Android works fine, and if you try to delete system apps, they will just reinstall themselves (I recommend using "System App Remover (ROOT)" on the play store, as it will actually tell you which apps are and aren't safe to install. If you have any questions, after searching of course, feel free to ask. If I can't answer, some freaking body can lol.
CREDITS:
@tech_yeet for showing us the KingRoot
@jcase for his amazing work
@xtremeasure for his method
@fire3element for his method
@the zMAX Community for staying dedicated when the going got tough, it's been a long road. Here's to custom roms and a TWRP recovery!
Please share this with others, as there is a big community of people begging for this info, let's share the love . If I forgot to credit you, let me know and I'll fix that!
ADDITIONAL INFORMATION
If you by some chance flash the TWRP Recovery Image (found in post 2), and would like to revert back to root ability (being able to write to system). Please follow the steps below:
1. cd /dev/block/platform/msm_sdcc.1/by-name
2. su
3. dd if=/sdcard/recovery.img of=recovery
4. reboot recovery
Please make sure you have the recovery in your sdcard root folder.
Alternate Root Methods and ZTE Custom ROMs/Kernels/etc
If the above first part doesn't work for you, you can find alternative root methods
Alternate Method 1 HERE
Alternate Method 2 HERE
As I see more added, I'll add them here.
CUSTOM STUFF
TWRP Image for ZTE ZMAX
Q&A/Other [UDPATED MAY 13, 2015 @ 5:45PM]
If A question is asked and you feel like it needs to be here, please tag or DM me with the Q AND THE A so that I can do so.
OTHER:
Original Discussion Thread for the ZTE ZMAX
Please see fire3element's post on what each screen in the KingRoot app means
WHAT THE SCREENS MEAN IN THE APP
That's a whole lot to swallow but I'm glad to see y'all can finally get rooted. Definitely not a method for noobs or the faint of heart but its a HUUUGE step in the right direction. Thanks to everyone responsible for this.
Hroark13 has TWRP - http://androidforums.com/threads/zte-zmax-twrp.918537/
mingolianbeef said:
Yep, you read that right and I'm not trolling. THE ZMAX IS ROOTED!!
Discaimer and N00Bproof warning:
We have root, yes, but that doesn't mean get hasty. At the moment, there are partition images (system, boot and recovery) in my and other users' possession (free of access to all), but we don't have a working recovery at the moment and this process involves deleting the stock recovery (it will make sense later). So, if you screw up and get root-happy, there's no way to recover until we get a recovery and a custom rom, and even then you might be screwed because we don't have access to the bootloader to use fastboot. Things may change, but root-use with caution.
Also, once you root, DO NOT TAKE ETAs from T-Mo and ZTE!!!!!!! Now that we have root, we can capture the OTA and make it root-friendly. To make a long story short, the updater-script (thing that tells your recovery where and how to flash stuff) has a list of stuff it has to... well... flash. If you, for example, delete the stock ZTE Music app, and the ETA replaces the app with a new version, it's going to stop (because the script requires a REPLACEMENT and not a PLACEMENT, computers don't have the best common sense), then it will interrupt and you will likely be bricked. This shouldn't be a problem because you don't have a recovery to begin with, but I'm not taking chances here.
NOW! Let's Root. This is a long process, so don't expect to do anything for a good 10-20 minutes.
FIRST: KINGROOT
This is one of those things where your mileage may very, there have been many different ways to get KingRoot (not King"O"Root, two different apps) to work, but this one was the one that worked for me. I'll also place alternate KingRoot methods in the second post if you wanna try those. Just for the sake of knowledge, this was run on a T-Mobile ZTE ZMAX, Android 4.4.2, build 22. I don't know if it makes a difference that I factor reset my phone before doing another round of root attempts (not this one specifically, maybe a couple hours worth of attempts).
Credits to @fire3element for this method.
If you did it correctly, the screen from a successful root will have a blue envelope with a checkmark. Run RootChecker to verify root status.
SECOND: PERMA-ROOT
Now you need to permanently root the phone. This method was all @jcase, and simplified by another user. I encourage you to read JCase's original G+ post to learn something, as this guy is the master of exploits, and we are on XDA to learn.
Credits to @xtremeasure for the simplification of JCase's process.
Now, you are rooted! If you did everything right, you should be good. Now people are going to ask, "Is there a script for this?" The short answer is No, don't hold your breath for something immediate. There was a user that said he would be happy to make one for the second half, but the writing, testing and verification of success alone on that will take some time, as the wrong line of code can make you end up with a good old fashioned paperweight. I can verify Xposed works fine, Viper4Android works fine, and if you try to delete system apps, they will just reinstall themselves (I recommend using "System App Remover (ROOT)" on the play store, as it will actually tell you which apps are and aren't safe to install. If you have any questions, after searching of course, feel free to ask. If I can't answer, some freaking body can lol.
CREDITS:
@tech_yeet for showing us the KingRoot
@jcase for his amazing work
@xtremeasure for his method
@fire3element for his method
@the zMAX Community for staying dedicated when the going got tough, it's been a long road. Here's to custom roms and a TWRP recovery!
Please share this with others, as there is a big community of people begging for this info, let's share the love . If I forgot to credit you, let me know and I'll fix that!
Click to expand...
Click to collapse
I have followed EVERYTHING step by step over and over again, and yet i still cant get this to work.
Basically, everything is fine up until reboot recovery.
it goes into android, but i dont start off as root, i start off as if i wasnt rooted, and i always have to do "su" to gain privledges.
afterwards, mount -o remount,rw /system/ does work but i cant write to it still for some reason.
has anyone else gotten this!? have any of you got a clue how to fix?
Here is some more info for those of you wondering what the KingRoot app is doing.
Screenshots will follow.
Text ABOVE the screenshot is for the image directly under it.
Let's begin -------------->
FIRST SCREEN WHEN YOU OPEN KINGROOT
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
SECOND SCREEN
- CLICK BUTTON TO BEGIN ROOT -
ROOTING IN PROGRESS...
ROOT FAILURE
[Blue Button]: SUBMIT (submits the error report to KingRoot devs)
ROOT FAILURE
ROOT FAILURE
NO DATA CONNECTION (WiFi or cellular singnal required)
[Blue Button]: ANDROID SETTINGS MENU
SUCCESSFUL ROOT
IF YOU SEE THIS MESSAGE POP UP DURING ROOTING, JUST LEAVE IT ALONE. LET THE ROOT FINISH
SUCCESSFUL ROOT
[trash can]: [...]: [...]:
SUCCESSFUL ROOT
[Blue Button]: PURIFICATION (I believe this is similar to fixing permissions)
- CLICK IT AND LET IT RUN -
^ from clicking blue button above ^
PURIFICATION PROCESS
xIP- said:
I have followed EVERYTHING step by step over and over again, and yet i still cant get this to work.
Basically, everything is fine up until reboot recovery.
it goes into android, but i dont start off as root, i start off as if i wasnt rooted, and i always have to do "su" to gain privledges.
afterwards, mount -o remount,rw /system/ does work but i cant write to it still for some reason.
has anyone else gotten this!? have any of you got a clue how to fix?
Click to expand...
Click to collapse
Should just be mount -o remount,rw /system
No extra slash
Sent from my Z970 using XDA Free mobile app
---------- Post added at 04:40 PM ---------- Previous post was at 04:36 PM ----------
I would the recovery image restore commands added.. If people feel the need to recover and try again they should run these
cd /dev/block/platform/msm_sdcc.1/by-name
su
dd if=/sdcard/recovery.img of=recovery
reboot recovery
*edited to remove a potentially harmful commands per jcase's advice*
Sent from my Z970 using XDA Free mobile app
xtremeasure said:
Should just be mount -o remount,rw /system
No extra slash
Sent from my Z970 using XDA Free mobile app
---------- Post added at 04:40 PM ---------- Previous post was at 04:36 PM ----------
I would the recovery image restore commands added.. If people feel the need to recover and try again they should run these
cd /dev/block/platform/msm_sdcc.1/by-name
su
dd if=boot of=boot
dd if=/sdcard/recovery.img of=recovery
reboot recovery
Sent from my Z970 using XDA Free mobile app
Click to expand...
Click to collapse
even with just one slash I still have a problem
Sent from my Z970 using XDA Free mobile app
Ok, so I am about to flash back the stock recovery from my backup and see if I can go through all these steps again to figure out what is going wrong.
I have a theory as to where and why KingUser is locking down SU in xbin. After I restore stock recovery, I will then Factory Reset and attempt to log my progress.
Stay tuned and I will try to report back later today. Hopefully with more insight on this problem.
@xIP-
Are you talking about pushing "su" , "daemonsu" , and "install-recovery.sh" files to /system ?
Keeps saying permission denied?
If that is the case, you can not. KingUser has a lock on system and is already in place as SU in /system/xbin
You will most likely need to factory reset and try again.
---------- Post added at 12:57 PM ---------- Previous post was at 12:37 PM ----------
UPDATE UPDATE!!!
Do not run the dd if=boot of=boot command
Could brick your device. As per Jcase warning. Wait for more info
fire3element said:
Ok, so I am about to flash back the stock recovery from my backup and see if I can go through all these steps again to figure out what is going wrong.
I have a theory as to where and why KingUser is locking down SU in xbin. After I restore stock recovery, I will then Factory Reset and attempt to log my progress.
Stay tuned and I will try to report back later today. Hopefully with more insight on this problem.
@xIP-
Are you talking about pushing "su" , "daemonsu" , and "install-recovery.sh" files to /system ?
Keeps saying permission denied?
If that is the case, you can not. KingUser has a lock on system and is already in place as SU in /system/xbin
You will most likely need to factory reset and try again.
---------- Post added at 12:57 PM ---------- Previous post was at 12:37 PM ----------
UPDATE UPDATE!!!
Do not run the dd if=boot of=boot command
Could brick your device. As per Jcase warning. Wait for more info
Click to expand...
Click to collapse
Remember remove kinguser after you run the dd commands but before you reboot recovery...
Sent from my Z970 using XDA Free mobile app
xtremeasure said:
Remember remove kinguser after you run the dd commands but before you reboot recovery...
Click to expand...
Click to collapse
Just so this is clear... full Root uninstall through the KingUser app, or just uninstall it through android app settings menu.
^ In case someone else has the same question ^
fire3element said:
Just so this is clear... full Root uninstall through the KingUser app, or just uninstall it through android app settings menu.
^ In case someone else has the same question ^
Click to expand...
Click to collapse
I would do a full root uninstall....
The backdoor keeps root for adb so installing the new su shouldn't be an issue
Sent from my Z970 using XDA Free mobile app
Got it. Will report back after this headache is done. *slams head on desk*
I just read the boot flash advice, I am not going to do it because I know that's a stupid idea, but if it does in fact let us flash boot.IMG, omg overclocking, custom kernels, full read write, awesome recovery, dual boot custom Roms with custom kernels here we come.
Unlocked boot.IMG
Can you Ya hoooouoo
And subscribed.
Sent from my Z970
[email protected]:/ # id
uid=0(root) gid=0(root) context=u:r:init:s0
fire3element said:
Ok, so I am about to flash back the stock recovery from my backup and see if I can go through all these steps again to figure out what is going wrong.
I have a theory as to where and why KingUser is locking down SU in xbin. After I restore stock recovery, I will then Factory Reset and attempt to log my progress.
Stay tuned and I will try to report back later today. Hopefully with more insight on this problem.
@xIP-
Are you talking about pushing "su" , "daemonsu" , and "install-recovery.sh" files to /system ?
Keeps saying permission denied?
If that is the case, you can not. KingUser has a lock on system and is already in place as SU in /system/xbin
You will most likely need to factory reset and try again.
---------- Post added at 12:57 PM ---------- Previous post was at 12:37 PM ----------
UPDATE UPDATE!!!
Do not run the dd if=boot of=boot command
Could brick your device. As per Jcase warning. Wait for more info
Click to expand...
Click to collapse
Is there anyway to do it without a factory reset? Could I just remove kinguser? or it must be factory reset? and will I have to reroot with factory reset?
Sent from my Z970 using XDA Free mobile app
Sorry guys, kinda been running around all day, have a lot of catching up to do I see. I'll fix the thread with updated information that people have so generously contributed!
DroidisLINUX said:
I just read the boot flash advice, I am not going to do it because I know that's a stupid idea, but if it does in fact let us flash boot.IMG, omg overclocking, custom kernels, full read write, awesome recovery, dual boot custom Roms with custom kernels here we come.
Unlocked boot.IMG
Can you Ya hoooouoo
And subscribed.
Sent from my Z970
[email protected]:/ # id
uid=0(root) gid=0(root) context=u:r:init:s0
Click to expand...
Click to collapse
I know right!!! First hurdle... done... second hurdle, bootloader with no fastboot lmao...
a bit unclear on this
are we actually rebooting into recovery or its supposed to go straight back into the phone
i was never able to get into recovery
10) type "reboot recovery" and restart your phone. YOU MUST RESTART WITH THIS COMMAND!!!!! It will boot straight into Android, this is good, that means you haven't screwed up anything.
"cat /data/local/tmp/su > /system/xbin/su"
"cat /data/local/tmp/install-recovery.sh > /system/etc/install-recovery.sh"
getting permission denied when running this.
"chmod 755 /system/xbin/su"
"chmod 755 /system/etc/install-recovery.sh"
as well as operation denied or something along those lines. any help would be nice. also and running id on adb. its showing.
uid=0(root) gid=0(root) context=u:r:init:s0
rather than
uid=0(root) gid=0(root) context=u:r:shell:s0
xIP- said:
I have followed EVERYTHING step by step over and over again, and yet i still cant get this to work.
Basically, everything is fine up until reboot recovery.
it goes into android, but i dont start off as root, i start off as if i wasnt rooted, and i always have to do "su" to gain privledges.
afterwards, mount -o remount,rw /system/ does work but i cant write to it still for some reason.
has anyone else gotten this!? have any of you got a clue how to fix?
Click to expand...
Click to collapse
You have to exit adb shell to push files to /data/local/tmp, which does not require root. That was a major exploit in earlier android versions, as people would push scripts to /data/local/tmp without root, run the exploit in the directory, and it would root. That was patched of course, but that directory can be accessed without root. Once you use "reboot recovery" to reboot, then just plug your phone back up and type "adb shell" to which the phone should respond with a "#" instead of a "$". If you have the $, you are not root and need to go back. If you do, just be patient with it and make sure you are not just copying and pasting (I know this can be the root of the issue at times with command, just type it out). It should work, the second half is the easy part lol.
How should I go about factory resetting my rooted, HD 7" that's running a different launcher? So that it can go back to as clean as possible and be updatable and used normally without bricking/dying. I heard it's dangerous to just use the native factory reset as it can end up with bricks.
Its running on some older firmware that was rootable not long after it became possible and is running Vire Launcher instead of the typical amazon launcher. I'd like to go back to Stock somehow.
Sorry for the double post but seriously no-one knows how to go back to fully default?
Shadowshinra said:
Sorry for the double post but seriously no-one knows how to go back to fully default?
Click to expand...
Click to collapse
For stock with no root:
Run these commands to unblock OTA:
Code:
adb shell pm unblock com.amazon.dcp and
adb shell pm unblock com.amazon.otaverifier
Also, look for /system/priv-app/deviceSoftwareOTA.apk and make sure the extension is (plain) "apk"
Put OS 5.1.2 onto /sdcard (not inside a folder) and press Update now in Device settings.
For latest stock with root, follow this root guide: http://forum.xda-developers.com/fire-hd/general/how-to-upgrade-to-lollipop-root-gapps-t3163950 without installing Gapps/xposed/makespace. If you're running OS 4.5.3 now you can use 5.2.0_stock_recovery_uboot.zip at step 10.
DoLooper said:
For stock with no root:
Run these commands to unblock OTA:
Code:
adb shell pm unblock com.amazon.dcp and
adb shell pm unblock com.amazon.otaverifier
Also, look for /system/priv-app/deviceSoftwareOTA.apk and make sure the extension is (plain) "apk"
Put OS 5.1.2 onto /sdcard (not inside a folder) and press Update now in Device settings.
For latest stock with root, follow this root guide: http://forum.xda-developers.com/fire-hd/general/how-to-upgrade-to-lollipop-root-gapps-t3163950 without installing Gapps/xposed/makespace. If you're running OS 4.5.3 now you can use 5.2.0_stock_recovery_uboot.zip at step 10.
Click to expand...
Click to collapse
Seems simple enough, the adb commands seemingly worked but I can't seem to rename the APK_ back into APK using ES file explorer, it just says renaming progress and the bar doesn't fill up.. so I haven't done the last step yet.
Shadowshinra said:
Seems simple enough, the adb commands seemingly worked but I can't seem to rename the APK_ back into APK using ES file explorer, it just says renaming progress and the bar doesn't fill up.. so I haven't done the last step yet.
Click to expand...
Click to collapse
Try rebooting and see if it got renamed. Are you sure you're rooted and have root explorer on in es file explorer? Maybe you used JMZ's Fire Tool to block OTA? See if you have it and try that for unblocking. Or, if rooted this command might work:
Code:
adb -d shell "su -c 'mount -o remount,rw /system; cd /system/priv-app/; mv DeviceSoftwareOTA.apk_ DeviceSoftwareOTA.apk'"
If you can't get it renamed, try doing the update. Don't think it'll work, but worth a shot. If it doesn't work, you'll need to boot twrp and install 5.1.1 or 5.1.2 from there: http://forum.xda-developers.com/showpost.php?p=62011272&postcount=2
DoLooper said:
Try rebooting and see if it got renamed. Are you sure you're rooted and have root explorer on in es file explorer? Maybe you used JMZ's Fire Tool to block OTA? See if you have it and try that for unblocking. Or, if rooted this command might work:
Code:
adb -d shell "su -c 'mount -o remount,rw /system; cd /system/priv-app/; mv DeviceSoftwareOTA.apk_ DeviceSoftwareOTA.apk'"
If you can't get it renamed, try doing the update. Don't think it'll work, but worth a shot. If it doesn't work, you'll need to boot twrp and install 5.1.1 or 5.1.2 from there: http://forum.xda-developers.com/showpost.php?p=62011272&postcount=2
Click to expand...
Click to collapse
Definitely rooted, heck you yourself helped me do it a long time ago, even Root checker says i'm still rooted, I do have JMZ tool, the OTA section is gray though, reboot didn't help, will try the adb command
Edit, upon entering the command CMD appeared to hang/stall/do nothing. Not letting any other commands to be typed afterwards.
Shadowshinra said:
Edit, upon entering the command CMD appeared to hang/stall/do nothing. Not letting any other commands to be typed afterwards.
Click to expand...
Click to collapse
CTRL-C to get out. EDIT @Shadowshinra: Do you get # prompt with "adb shell" "su"?
DoLooper said:
CTRL-C to get out. EDIT @Shadowshinra: Do you get # prompt with "adb shell" "su"?
Click to expand...
Click to collapse
You mean the popup on the kindle? Now you mention it, It hasn't been popping up since I've been attempting this, so somehow I/it semi-unrooted itself despite the rootchecker saying it's fine? Or were the changed we did responsible?
Edit: Oh wait I know what you mean now, the # sign isn't there either, it's a $ so yeah It's unrooted itself somehow or I did something unknowingly, which is odd seeing as the Vire Launcher, root checker and all my apps are still working..
Edit2: Ran supersu, turned it off and on, appears to have fixed it? I was able to rename it aftar that.. it can't have been that simple lol..
Shadowshinra said:
Edit: Oh wait I know what you mean now, the # sign isn't there either, it's a $ so yeah It's unrooted itself somehow or I did something unknowingly, which is odd seeing as the Vire Launcher, root checker and all my apps are still working..
Edit2: Ran supersu, turned it off and on, appears to have fixed it? I was able to rename it aftar that.. it can't have been that simple lol..
Click to expand...
Click to collapse
Yes, there's a twilight-zone state in which root apps partially work but you can't get full superuser access until you update binaries by running superSU app. No idea how you lost su. Anyway, I trust you can update to unrooted stock 5.1.2 now.
DoLooper said:
Yes, there's a twilight-zone state in which root apps partially work but you can't get full superuser access until you update binaries by running superSU app. No idea how you lost su. Anyway, I trust you can update to unrooted stock 5.1.2 now.
Click to expand...
Click to collapse
When I tried to use that update it just says Validating update file, and seemingly loading forever, i'll edit if it ever completes, but if I turn on wifi it will try to download an update from there can that not be used instead or does that cause the bricks I've heard about?
Shadowshinra said:
When I tried to use that update it just says Validating update file, and seemingly loading forever, i'll edit if it ever completes, but if I turn on wifi it will try to download an update from there can that not be used instead or does that cause the bricks I've heard about?
Click to expand...
Click to collapse
The OTA update should be fine. I actually thought the manual method would be faster, but . . .
DoLooper said:
The OTA update should be fine. I actually thought the manual method would be faster, but . . .
Click to expand...
Click to collapse
Ah I see, however another issue has arisen, upon hitting update and it attempting to do so after a reboot, the team win recovery menu shows up instead, If I click reboot from there I'm just taken back to the dashboard on the original rooted firmware, I guess the TWRP is interfering in some manner? Also do I have to reenable the Fire Launcher and uninstall Virelauncher before all of this or will the updating process just do all of that.
Shadowshinra said:
Ah I see, however another issue has arisen, upon hitting update and it attempting to do so after a reboot, the team win recovery menu shows up instead, If I click reboot from there I'm just taken back to the dashboard on the original rooted firmware, I guess the TWRP is interfering in some manner? Also do I have to reenable the Fire Launcher and uninstall Virelauncher before all of this or will the updating process just do all of that.
Click to expand...
Click to collapse
@bibikalka, I totally forgot @Shadowshinra would have TWRP, coming from rooted OS4. Any problem with him following your steps here to restore stock? http://forum.xda-developers.com/fire-hd/general/how-to-restore-stock-fireos-t3164267 Thanks!