Related
I'm sure you guys here at XDA don't hear it enough so let me just say thanks. I've spent the last hour changing my G1 from RC30 to JF 1.51. it took most of the time figuring out that the terminal program I was using wasn't giving me root, I did some smart using of the "search" function and realized I had to use pterminal.apk. but to say the least I'm up to date with cupcake, and I have root. You might want to update the how-to thread. Now just to get it so I can run apps of my sdcard... search away!
thats good to hear people rooting their phone without having to start like 10 threads on how they did it or what they need to do.
getting it setup is a little harder then I'd hoped, I'm trying to figure out how to set it up so my terminal has root access. I thought I would still have root, however the terminal that comes with JF 1.51 is just giving me the $ sign.
what happens when you press su in the terminal??
its supposed to ask you if you wanna allow it or deny it and it goes on the whitelist program.
Thanks! I missed that step somewhere. I am unfortunately a windows users, so I don't have the know-how with linux, it's an unfortunate blite on my record. I'm trying though! lol
Denkai said:
Thanks! I missed that step somewhere. I am unfortunately a windows users, so I don't have the know-how with linux, it's an unfortunate blite on my record. I'm trying though! lol
Click to expand...
Click to collapse
i myself am a windows user also... most of the steps here are for windows, unless otherwise noted.
but yeah when you enter su in the terminal for the first time it should ask you for permission
crap, I was using the appstosd2 program and now my phone is stuck on the g1 screen... a recovery with wipe didn't help either.
Title: Rooting the Droid Eris: What else needs to be done?
So, I've looked around a lot, done some snooping, and I've hit the point where I think I need some help...
Over the last two days or so, I have been messing around a lot with the Eris.
I've been able to get fastboot as well as adb to recognize the device. Unfortunately, I can't get fastboot to do anything other than recognize it. I've tried rebooting the device through fastboot to no avail. I also believe I have a pretty much complete system dump, which I am willing to post if it is of benefit to getting things moving. The one file I don't have, that I'm not sure is needed or not, is "init.rc". Every time I try to pull it, it says "permission denied".
So, what's next? Any and all help is appreciated.
Thanks , guys,
-Video
1: this is NOT the section for the Eris
2: to dump your boot, get into recovery or system, connect via adb and:
cat /dev/mtd/mtd2 > /sdcard/boot.img (where mtd2 is your boot partition)
Videofolife13 said:
Title: Rooting the Droid Eris: What else needs to be done?
So, I've looked around a lot, done some snooping, and I've hit the point where I think I need some help...
Over the last two days or so, I have been messing around a lot with the Eris.
I've been able to get fastboot as well as adb to recognize the device. Unfortunately, I can't get fastboot to do anything other than recognize it. I've tried rebooting the device through fastboot to no avail. I also believe I have a pretty much complete system dump, which I am willing to post if it is of benefit to getting things moving. The one file I don't have, that I'm not sure is needed or not, is "init.rc". Every time I try to pull it, it says "permission denied".
So, what's next? Any and all help is appreciated.
Thanks , guys,
-Video
Click to expand...
Click to collapse
Seriously, this is not the Eris section, so please go post over there.
Uh. Guys. The Eris is a rebranded Hero.
To the OP, have you tried the instructions for the Sprint Hero?
...I'm about 99% sure there is not Eris section. Sorry about that.
From what I've seen around, none of the CDMA Hero methods work on the Eris. I will definitely try it tomorrow. I'm not sure if this is a justified fear, but just trying random root methods could brick my phone. I'll keep looking around and trying different things, though.
-Video
edit: So, tried pulling /dev folder. My out put says that it's "skipping special file" and then lists all the files in the folder. I can't get it to copy to my sdcard either as I get a "/sdcard/boot.img doesn't exist". Sigh. I'll keep trying. Idea: do I need my sdcard partitioned a certain way to get the file to write to the sdcard?
Videofolife13 said:
edit: So, tried pulling /dev folder. My out put says that it's "skipping special file" and then lists all the files in the folder. I can't get it to copy to my sdcard either as I get a "/sdcard/boot.img doesn't exist". Sigh. I'll keep trying. Idea: do I need my sdcard partitioned a certain way to get the file to write to the sdcard?
Click to expand...
Click to collapse
1) You won't be able to access mtd2 unless you're root, so you need to do that first.
2) When adwinp said to run "cat /dev/mtd/mtd2 > /sdcard/boot.img", that's being run from a shell on the phone itself, *not* from "adb pull". If you tried doing something like "adb pull /dev /sdcard", that's going to fail. You have to open a shell on the phone via adb, then copy the contents of mtd2 to a file on your sd card (i.e., /sdcard/boot.img). But again, you won't be able to do that with an unrooted phone because the mtd device files are not world-readable:
Code:
# ls -l /dev/mtd
crw------- 1 0 0 90, 4 Nov 12 03:33 mtd2
I'm not sure if this is a justified fear, but just trying random root methods could brick my phone.
Click to expand...
Click to collapse
The method of becoming root for the Hero (using "asroot2") will not brick your phone. It's what you do with root once you have it that could brick it.
Thank you so much. Great info. I will try the asroot thing out today.
-Video
CDMA Hero Root Method: Got through the first steps:
"./adb push asroot2 /data/local/
./adb shell chmod 0755 /data/local/asroot2
./adb shell"
Then:
"$ /data/local/asroot2 /system/bin/sh
[1] Killed /data/local/asroot2 /system/bin/sh
$"
So, that seems to be a no go.
Yea, the Sprint Hero method won't work. And the Eris is a rebranded Hero so technically this is the right section.
Okay, so if that method doesn't work, what's the next step?
-Video
edit: Would the method where we open a recovery.img on the phone and then install the superuser.apk work? I'm not sure if there is a general recovery.img that it could boot into or not. Any thoughts?
I'm hoping someone will care about this soon. From all the research, a LOT of times people are walking into VZW looking for Droid and walking out with the snazzy little Eris. It's become the phone of choice at the store.
http://xorl.wordpress.com/2009/08/18/cve-2009-2692-linux-kernel-proto_ops-null-pointer-dereference/ (relevance down near bottom of article.)
Are we able to use this exploit at all?
I dont know why more people are not trying to get this rooted, because as soon as sprint releases a update the hole will most likely be pached for them also. So it would make sence to root this ahead of time. Thats just my 2 cents.
binny1007 said:
I dont know why more people are not trying to get this rooted, because as soon as sprint releases a update the hole will most likely be pached for them also. So it would make sence to root this ahead of time. Thats just my 2 cents.
Click to expand...
Click to collapse
The hole has already been patched. The FW on the Eris is patched as well.
chicojd said:
The hole has already been patched. The FW on the Eris is patched as well.
Click to expand...
Click to collapse
i know the eris is patched as i have one, but the hero FW still has the unpatched exploit. what i was saying was it would make sence for the eris to get a root exploit so that way when sprint updates thier FW it will be easy to root the hero. making everybodys life a little easier
Take it to a Droid Eris board. This is the CDMA Hero board. No one here cares.
binny1007 said:
i know the eris is patched as i have one, but the hero FW still has the unpatched exploit. what i was saying was it would make sence for the eris to get a root exploit so that way when sprint updates thier FW it will be easy to root the hero. making everybodys life a little easier
Click to expand...
Click to collapse
It would make it easier...but the motivation is still harder since we can still always get back there if needed (downgrade to vulnerable firmware with RUU.exe and root, then upload a custom ROM that doesn't update from Sprint )
I'm sure a new root will show up for you guys...Video is on the right track, post those exploits (and perhaps alert Amon_RA of them?) and one of them will be bound to work (constant of life...new exploits will be found )
davidboyd: the eris *is* a CDMA Hero...
No, the Droid Eris *ISN'T* the same as the CDMA Hero. If it were the same, you wouldn't be asking how to root the Eris since the steps to root the Hero are all over this forum.
The Eris is similiar to the Hero, but not the same. Take your Eris noise to an Eris forum.
davidboyd said:
No, the Droid Eris *ISN'T* the same as the CDMA Hero. If it were the same, you wouldn't be asking how to root the Eris since the steps to root the Hero are all over this forum.
The Eris is similiar to the Hero, but not the same. Take your Eris noise to an Eris forum.
Click to expand...
Click to collapse
Dude people need to calm down. Technically the eris is the hero but for VZW. When we wanted our hero rooted we asked everybody. It's not like they are spamming the forum, its just a thread. Like i said before you Eris guys should wait for the moto droid to get rooted, asyou all could probably use the same exploit. Just have patience. It took over a momth for thehwro to get rooted
Not to add to the BS that some are comming in here with... The Eris is not a Hero, it is the HTC Desire rebranded as the "Verizon HTC Droid Eris"...
Anyway, Where is the Eris forum?
davidboyd said:
Take it to a Droid Eris board. This is the CDMA Hero board. No one here cares.
Click to expand...
Click to collapse
Ok buddy this a community to help, if you dont have anything productive to say dont say it, and do your research first. Many times when a phone is released on differant carriers they will rebrand it, such is the case with vzw and sprint, different names do not mean different phones, look at the wiki and you will see. take the touch pro, same phone but it is a little different from carrier to carrier.
davidboyd said:
No, the Droid Eris *ISN'T* the same as the CDMA Hero. If it were the same, you wouldn't be asking how to root the Eris since the steps to root the Hero are all over this forum.
The Eris is similiar to the Hero, but not the same. Take your Eris noise to an Eris forum.
Click to expand...
Click to collapse
http://pdadb.net/index.php?m=pdacomparer&id1=2080&id2=2005 look here pretty much the same phone.... if there was a ERIS forum do you really think that we would be posting here(use some common sense buddy).... I guess in a few weeks when sprint updates there FW and you loose your root you will be in the same boat as us. Like i said if you cant help than dont post.
DroidHead said:
Not to add to the BS that some are comming in here with... The Eris is not a Hero, it is the HTC Desire rebranded as the "Verizon HTC Droid Eris"...
Anyway, Where is the Eris forum?
Click to expand...
Click to collapse
again look here the only differance is a little better CPU.... http://pdadb.net/index.php?m=pdacomparer&id1=2080&id2=2005
wasupwithuman said:
Dude people need to calm down. Technically the eris is the hero but for VZW. When we wanted our hero rooted we asked everybody. It's not like they are spamming the forum, its just a thread. Like i said before you Eris guys should wait for the moto droid to get rooted, asyou all could probably use the same exploit. Just have patience. It took over a momth for thehwro to get rooted
Click to expand...
Click to collapse
I agree that once the moto gets rooted than we should get root to, but from what i have been reading it looks like they are looking into a bootloader exploit, witch would not help us at all, witch is why threads like this will help to bring people in that have the know how on rooting.
So back on topic.....
Hey guys, as always, thanks in advance.
I've been playing with the Galaxy Tab for a week or two, and it is fantastic. I was able to easily root it by downloading z4Root, and running that. Now I have a slightly different request. Is there a way to manually get root on the device without the use of programs like z4Root or SuperOneClick?
My assumption is that these programs are running an elaborate series of commands, and it is usually just simpler for most of us to download an existing root exploit, than to do it manually. What I'm looking for, is a way to automate the entire process of rooting a device from Sprint, removing the preinstalled Bloatware, making a few settings changes, and installing a few applications. I want to do this with no need for any interaction on the Galaxy (other than turning on USB debugging and plugging it in), including running z4Root and clicking the buttons.
I'm writing a batch file to send all the adb commands necessary, as I've done on previous Android devices. Say for instance I want to install this on 50 different devices, I'd prefer to not have to run z4Root on each of them by hand. On a previous Android tablet I was able to do something like this:
Code:
adb shell mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
adb shell cat /system/bin/sh > /system/bin/su
adb shell chmod 4755 /system/bin/su
adb shell reboot
But that doesn't work on the Galaxy obviously. I'm just wondering if there is something similar. Basically, can someone explain to me how the z4Root exploit works? What exactly is going on under the hood? I suspect though, that it may require significantly more complicated logic that could/should be done in a simple batch file.
Here is what I'm looking to have when I'm done:
The Galaxy Tab will be used for an in-house, single purpose app. (Meaning, I don't need custom UI, phone calling hacks, etc).
The app I will be running does not actually need root itself to run even, meaning after I remove the bloatware and change a few settings, I don't even care if I KEEP Root access after things are set up.
I would like to avoid (if possible) adding any more programs/apps/files to the phone than necessary, meaning I'd prefer to not leave a "SuperUser" app in the menu if possible. And I want to find something that won't have a lot of licensing restrictions to my use.
I'm sorry that sounds complicated, and I tend to drone on, giving far more information than is actually needed. In short, lets just start with- "How does z4Root work?" Thanks again as always guys. I appreciate the help.
DavidThompson256 said:
In short, lets just start with- "How does z4Root work?" Thanks again as always guys. I appreciate the help.
Click to expand...
Click to collapse
In essence, it uses the "RageAgainstTheCage" exploit
You may find this tutorial that I wrote for the Toshiba AC100 useful, as I'm pretty certain most of it applies to the Tab.
Regards,
Dave
EDIT- or you can just follow this thread instead which does much the same thing, but is Tab specific!
Ah, yes, I just finished reading that thread, and it had EXACTLY what I needed! I feel kind of dumb because that other thread was posted WHILE I was in the process of typing up my post. I guess I just type slow
Anyway, I'm willing to call this one closed already. I was able to find everything I need in blacklevel's post over here.
Thanks for the help.
Cant figure out for the life of me how to reroot after doing the 340 ota. I came from 2.2 ota.
I tried z4root multiple times, no dice.
Tried the DoRoot Automatic script. Didnt fully work.
Tried the manual method on the phone with term emu.
Tried the manual method...and im getting stuck here...
Factory Reset and did it all AGAIN... So annoyed
Mod note from Sleuth
Wispirer figured this out further down in the thread. It has to do with different versions of the superuser apk file confusing z4root. His post is here
nicely done btw
end mod note
[*] Searching for adb ...
[+] Found adb as PID 6025[*] Spawning children. Dont type anything and wait for reset![*][*] If you like what we are doing you can send us PayPal money to[*] [email protected] so we can compensate time, effort and HW costs.[*] If you are a company and feel like you profit from our work,[*] we also accept donations > 1000 USD![*][*] adb connection will be reset. restart adb server on desktop and re-login.
$
C:\Users\matt\Desktop\android-sdk-windows\platform-tools>adb kill-server
C:\Users\matt\Desktop\android-sdk-windows\platform-tools>adb.exe devices
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
List of devices attached
015A9D7E1303301A device
C:\Users\matt\Desktop\android-sdk-windows\platform-tools>adb shell
$ mount -o rw,remount -t ext3 /dev/block/mmcblk1p21 /system
mount -o rw,remount -t ext3 /dev/block/mmcblk1p21 /system
mount: Operation not permitted
$
z4root sat for 5-10 minutes on "running exploit" when I ran it. Others have also reported this.
I experiened that ONCE too, but i pulled the battery after a few minutes since it went through the full process so many times before.
anyone any ideas?
same problem here...can't get root back yet
Just to make sure, when you guys are rooting you have USB debugging on, yeah?
Also, does 1click root work? Several DX flavors. Check the Wiki. Link in DX android development.
Some questions:
What precisely happens when you try to use z4root? Give me the step by step.
Can you get temporary root with z4?
Sleuth255 said:
Also, does 1click root work? Several DX flavors. Check the Wiki. Link in DX android development.
Some questions:
What precisely happens when you try to use z4root? Give me the step by step.
Can you get temporary root with z4?
Click to expand...
Click to collapse
It goes through the whole process, says its rooting, getting shell, etc, goes white for a second, says rebooting, come back up and no root. And nope, tried both options.
Same here. The main thread about the update says it can take as many as 10 tires. I'm on about #5. we'll see.
That doesnt quite make any sense to me....
Same thing is happening to me, z4root says using exploit, acquiring root shell, goes to white screen then goes back and says rebooting. After it reboots still no root.
Tried 1 click method and it hangs at performing the rage command. Manually tried rooting and after applying the ./rage it kicks me off like its supposed to then says my device isn't found when I do adb devices command.
Yup, Same. I even factory reset twice.
Interesting. I have both copies of the update.zip. I did notice that they were slightly different in size. I used the very first one that was posted. I'm gonna do a quick hex compare to see if they're the same...
edit: uh oh, the two update files are totally different. The original one is slightly larger and HexCMP finds no similarities after the first 1K or so. The one I used had a size of 26,358. The other, more recent one has a size of 26,259.
So whats that mean exactly? Two versions of OTA were pushed out? One rootable and one not?
It sure looks like there's two different sizes and a hex compare shows significant differences. Take a look at your update.zip. What is the precise size? If everybody who can't root has a size of 26,259 then the validity of your thought is supported.
Remember, the original update only went out to a special beta test group and then was quickly pulled. The one I used was that update.
Where do i find the update.zip file? I did the ota update
Review the Droid X 2.3.340 Update thread in this forum. Good history about this update there including the information you seek.
I tried to root with Sil3ntK1ll Root X 2.2 and it looked like it was taking until about 3/4 of the way it said waiting for device. I left it for 5 min and it was then locked up solid. I had to pull the battery and reboot. No ill effects after the reboot but I am not rooted.
So I assume the root authors are already hard at work on fixing this issue?
same story as everyone else, had root, did update, cant get it back
Found this method, hxxp://forum.androidcentral.com/motorola-droid-2/40283-how-root-droid-2-without-computer.html (note: change x's to t's) and lo and behold it worked! Did from top to bottom and now back to being rooted. Hopefully this method works for you guys.
Enjoy. Don't forget to thank @beaups too, he discovered the eMMC backdoor and exploited it!
UPDATE: [8/2/16] I have recompiled the binary to fix issues with older ROMs like 4.4. This should fix all the issues with "This is for samsung device only" errors.
THIS WILL NOT WORK ON GALAXY S3/GALAXY S4/GALAXY S6|e/Galaxy S7|e. It will NOT work on AT&T
More info on doing this: here
DON'T UPDATE YOUR BOOTLOADER TO ANYTHING AFTER THE LATEST BUILD AS OF 4/19/16
Disclosure: I do not own a Note 4. The exploit happened to be applicable to the Note 4, and we compiled it for your devices rather than not release it at all. This seems like a reasonable and friendly thing to do for the community. I can't help you root or teach you how to use ADB. It's important you have the ability to do these things or research them a bit before blindly using this. I am very familiar with Samsung however, and time permitting, will do my best to help anyone having issues.
You should not run this if you don't understand it. For those who are capable but need some help go here
ROOT REQUIRED, we aren't responsible for anything you do with this.
You NEED a MicroSD, and it WILL be formatted during this process.
YOU MUST DISABLE REACTIVATION LOCK OR YOU WILL HAVE ISSUES!!!!!!!!!
You can download the eMMC brick bug check app on the Play Store to verify your CID starts with 15. If it does, you are good. If not, it will not work.
UPDATE: Anyone having issues with the "this is for samsung devices only error, please the fix attached to this post
Download
The code below is NOT a script, you must enter the commands manually.
First you must unzip the file.
Code:
adb push unlock_n4 /data/local/tmp/
adb shell
su
cd /data/local/tmp/
chmod 777 unlock_n4
chown root.root unlock_n4
./unlock_n4
Allow device to reboot. After full reboot, power down and pull battery. May need to run it twice if it doesn't work after the battery pull.
Paypal: [email protected] [COMPLETELY VOLUNTARY AND OPTIONAL]
Wow! Awesome. Would like to pay my bounty now.
Sent from my SM-N910V using Tapatalk
I can confirm this works. I tested on my Note 4 with 5.1.1 with temp root for Ryan. Running TWRP and about to install CM
Anyway now we can look into doing this for the AT&T model ? N910A? Since we have the Verizon model taken care of
Sent from my SAMSUNG-SM-N910A using Tapatalk
please post a video on how to do this because I don't know squat about adb. I have the Verizon note 4 with unlimited data. I know ill have to back up all of my data to my pc but I haven't even used the temp root and don't know how to do that either
nemopsp said:
Anyway now we can look into doing this for the AT&T model ? N910A? Since we have the Verizon model taken care of
Sent from my SAMSUNG-SM-N910A using Tapatalk
Click to expand...
Click to collapse
Won't work unfortunately.
Akashp2011 said:
please post a video on how to do this because I don't know squat about adb. I have the Verizon note 4 with unlimited data. I know ill have to back up all of my data to my pc but I haven't even used the temp root and don't know how to do that either
Click to expand...
Click to collapse
That is out of the scope of this thread.
Akashp2011 said:
please post a video on how to do this because I don't know squat about adb. I have the Verizon note 4 with unlimited data. I know ill have to back up all of my data to my pc but I haven't even used the temp root and don't know how to do that either
Click to expand...
Click to collapse
right to learn adb bro ...
http://forum.xda-developers.com/showthread.php?t=2266638
Wow...waiting my device arrived tomorrow...thank it awesome
ryanbg said:
That is out of the scope of this thread.
Click to expand...
Click to collapse
okay then can you please provide step by step instructions on how to do this? I can manage to temp root my device
Great! Can't wait to get home!
Sent from my SM-N910V using XDA-Developers mobile app
munchy_cool said:
right to learn adb bro ...
http://forum.xda-developers.com/showthread.php?t=2266638
Click to expand...
Click to collapse
preciate ya
sixtythreechevy said:
Wow! Awesome. Would like to pay my bounty now.
Sent from my SM-N910V using Tapatalk
Click to expand...
Click to collapse
Updated OP with address
Akashp2011 said:
okay then can you please provide step by step instructions on how to do this? I can manage to temp root my device
Click to expand...
Click to collapse
once you are comfortable with adb, the instructions in OP are a walk in the park. Read the other thread I linked to and try some adb commands like
adb reboot bootloader
it's easy , just give it a try first.
and this works for retail note 4, right? im just making sure because ive waited so d*mn long for this moment.. lol
Akashp2011 said:
and this works for retail note 4, right? im just making sure because ive waited so d*mn long for this moment.. lol
Click to expand...
Click to collapse
yes, make sure your cid is 15. Download brickbug app from Playstore and check cid, it should start with 15.
ryanbg said:
Won't work unfortunately.
Click to expand...
Click to collapse
Well Congrats for Verizon users!! #HAPPYDAY
Now wish someone could at least permanently root N910A model.
Sent from my SAMSUNG-SM-N910A using Tapatalk
Do I just leave the file in my downloads on my pc or will it just transfer it automatically to my phone
HORIZONx720 said:
Do I just leave the file in my downloads on my pc or will it just transfer it automatically to my phone
Click to expand...
Click to collapse
like it says in OP, your card will be wiped so you have to backup card contents manually.
ryanbg said:
Enjoy. Don't forget to thank @beaups too
ROOT REQUIRED, we aren't responsible for anything you do with this.
You NEED a MicroSD, and it WILL be formatted during this process.
Download
Code:
adb push samsung_unlock_n4-2 /data/local/tmp/
adb shell
su
cd /data/local/tmp/
chmod 777 samsung_unlock_n4-2
chown root.root samsung_unlock_n4-2
./samsung_unlock_n4-2
Allow device to reboot. After full reboot, power down and pull battery. May need to run it twice if it doesn't work after the battery pull.
Paypal: [email protected] [COMPLETELY VOLUNTARY AND OPTIONAL]
Click to expand...
Click to collapse
How does one obtain root for this though?