Related
Hey Guys
So one of the biggest questions I have seen in the last couple weeks since the Rogers captivate was released is how to root. I figured I would write a nice tutorial for everyone to make it easier!
Method 1: SuperOneClick
This is the easiest way, however most people have not been able to achieve root using this. Try this first if no luck move to method 2. Instructions on how to root using SuperOneClick can be found here
Method 2: Manual Root using ADB and Terminal
This one takes more time and not as easy to do as you have to do everything manually. But haven't heard of any problems with it yet
Step 1: Install <PDANet> Drivers. Just download the file and install. Select Samsung drivers. No need to actually install PDAnet on the Captivate you just need the drivers from the install. Follow the instructions with the installer to properly install the drivers.
Step 2: Download <Andriod SDK>.
- Extract the Android SDK .Zip file to C:\AndroidSDK (this should name the new folder created AndroidSDK in the C directory.
- Go to your start menu and search cmd or click run and type in cmd to open command prompt
- Type the following into command prompt, hitting enter at the end of each line
cd C:\AndroidSKD\Tools
adb devices
- You should see a serial number pop up. This is the serial number of your phone. This means ADB is set up
Step 3: Download <RageagainsttheCage Rooting Files>
- Extract them to the c:\AndroidSDK\tools\ folder. HAS TO BE IN THIS FOLDER FOR THE FOLLOWING COMMANDS TO WORK
Step 4: Unplug phone if it is plugged in. Then, on the phone, go to Settings > Applications > Development and make sure USB Debugging is Checked ON.
Step 5: Plug phone back in to computer. Make sure SD are not mounted
Step 6: Reopen Command prompt if not open. In the command prompt enter the following, pressing enter at the end of each line
cd c:\androidsdk\tools\
adb devices
adb push Superuser.apk /sdcard/
adb push su /sdcard/
adb push rageagainstthecage-arm5.bin /data/local/tmp/
adb shell chmod 0755 /data/local/tmp/rageagainstthecage-arm5.bin
Step 7: On the phone, go to Marketplace and download Terminal Emulator
Step 8: Leaving the phone plugged in, open the Terminal Emulator on the phone. Type the following, pressing enter at the end of each line
cd /data/local/tmp
./rageagainstthecage-arm5.bin
Step 9: WAIT. It will take a full minutes for the rage root to install. When finished you will see "Forked Childs". DO NOT DO ANYTHING TILL YOU SEE THIS. Terminal will allow you to type as it goes back to $ while it is installing BUUT DO NOT DO ANYTHING JUST WAIT(Cannot stress this enough)
Step 10: once "Forked Childs" appears, exit the Terminal App, and then reopen it. Instead of $ you should now see #. If not redo Step 7. Otherwise continue.
Step 11: Type the following hitting enter at the end
cat /proc/mounts
This should bring up a list (Easiest to view in landscape mode. Look for the following
/dev/block/XXXXXXXXXX /system YYYY ro 0 0 (the XXXXXXXXX part should be different depending on which device you have. The YYYY part will either be; ext2, ext3 or yaffs2 or something similar. )
My YYYY was rtf , not sure if it will be the same for everyone (though i assume it is)
Step 12: Now in the terminal window, using the info from above, enter the following, hitting enter at the end of each line (Be sure to enter spaces where needed as below)
mount -o rw,remount -t YYYY /dev/block/XXXXXXXXXX /system
cat /sdcard/Superuser.apk > /system/app/Superuser.apk
cat /sdcard/su > /system/bin/su
chmod 4755 /system/bin/su
mount -o ro,remount -t YYYY /dev/block/XXXXXXXXXX /system
exit
Step 13: Close terminal window if still open. Check your app drawer and, assuming everything was completed properly, you should see Superuser. If not redo Step 12, again watching for spaces and using the correct info from Step 11.
ACKNOWLEDGEMENTS
I, in no way shape or form, came up with the above method or tools. This method was modified from and composed from the method decribed over at Theunlockr.com for ease of use and to root the Captivate specifically. I big thanks go out to those guys!
ORINGAL LINK CAN BE FOUND HERE
WARNING
I am not responsible for any damage doone to the phone or its file system as a result of this tutorial. It is for educational purposes only. You have been warned!
THANK YOU!
No other method was working for me (not SuperOneClick, not these ADB instructions). Sure enough, using Terminal Emulator, I was able to get #. I wasn't able get this through adb, nor was I through SuperOneClick (infinite loop @ "mount" command).
I noticed a few things:
-When I compared filesizes from your provided Rage Root files, to the ones that were included in this thread (which also come with SuperOneClick—and which I was unable to get working), I noticed major differences. This gave me hope!, as I'd tried everything else that I knew how to prior to this point.
-My "XXXXXXXXXX" was actually only 4 characters: "stl6".
-My "YYYY" was only 3 characters ("rfs").
-SuperUser showed up on my applist without even requiring a reboot.
THANKS AGAIN
I shall now attempt to apply a lagfix; I will report back with results.
--Bah: no luck. RyanZA's OCLF V2.2+ returns error:
Could not mount /dev/block/mmcblk0p2 onto /dbdata/rfsdata: mount: No such file or directory
--OCLF V1+ returns error:
Could not create /data/linux.ex2 - dd: can't open '/data/linux.ex2': Permission denied
Uh-oh.
PhrProfess said:
THANK YOU!
No other method was working for me (not SuperOneClick, not ). Sure enough, using Terminal Emulator, I was able to get #. I wasn't able get this through adb, nor was I through SuperOneClick (infinite loop @ "mount" command).
I noticed a few things:
-When I compared filesizes from your provided Rage Root files, to the ones that were included in this thread[/url] (which also come with SuperOneClick—and which I was unable to get working), I noticed major differences. This gave me hope!, as I'd tried everything else that I knew how to prior to this point.
-My "XXXXXXXXXX" was actually only 4 characters: "stl6".
-My "YYYY" was only 3 characters ("rfs").
-SuperUser showed up on my applist without even requiring a reboot.
THANKS AGAIN
I shall now attempt to apply a lagfix; I will report back with results.
--Bah: no luck. RyanZA's OCLF V2.2+ returns error:
Could not mount /dev/block/mmcblk0p2 onto /dbdata/rfsdata: mount: No such file or directory
--OCLF V1+ returns error:
Could not create /data/linux.ex2 - dd: can't open '/data/linux.ex2': Permission denied
Uh-oh.
Click to expand...
Click to collapse
Yup same problem here. I was able to root it manually a few days ago, but have as of yet been unable to lag fix it.
Strange. After I rooted I had no problem using RyanZa's Lagfix. Your still using the stock rom after rooted correct?
deacfire said:
Strange. After I rooted I had no problem using RyanZa's Lagfix. Your still using the stock rom after rooted correct?
Click to expand...
Click to collapse
Correct. I've tested out quite a few apps from the market, though.
When I mount my device, I notice that there are some files on my internal SDCard:
-su
-Superuser.apk
-nv_data.bin
-busybox (why is this there, I uninstalled that)
-update.zip
...and some folders:
-layar
-twc-cache
-Android -» data -» com.cooliris.media
-Android -» data -» com.google.android.apps.maps
-svox
...These all have subdirectories.
Not knowing what a default internal SD directory ought to look like, I wonder: Could any of these be causing a conflict? I read that some said not to have any apps installed on the SDCard while trying to mess around (with ROMs, I think), so I tried removing what I could, and then rebooting (and some folders respawned), and reapplying the fix—no dice. I've since replaced all of the folders and the files.
Stock rom here as well.
Hrmm not quite sure why lag fix isn't working for you guys. Just a quick question, in RyanZa One Click, is "Un-Root Device" green?
I still have no problems applying RyanZa Lag Fix to my Captivate as I had to redo it last night after i switched back to the Rogers stock rom after testing Cog 2.2. My guess, and it is just a guess, is that the root never applied properly. Have you tried rerooting the device?
deacfire said:
Hrmm not quite sure why lag fix isn't working for you guys. Just a quick question, in RyanZa One Click, is "Un-Root Device" green?
I still have no problems applying RyanZa Lag Fix to my Captivate as I had to redo it last night after i switched back to the Rogers stock rom after testing Cog 2.2. My guess, and it is just a guess, is that the root never applied properly. Have you tried rerooting the device?
Click to expand...
Click to collapse
Thought I might give you some info as well since i've been messing with mine for about a week now. I was able to root the device, oneclick did not work originally for this and I used ADB method similar to what you had here. After this I went for the lag fix, everything was green like it was supposed to be, installed the ext2 tools no problem and then get the same error about unable to mount when applying lag fix.
At this point I used OCLF to unroot the device and it did, I then used the oneclick to re-root which it did this time, in terminal I can su properly and again all the tools are green in OCLF. Tried to lagfix and failed again so I started making some changes manually based on the error messages that were out put. Created the folder it was trying to mount to for instance and then set the permission to this to 777 that would allow world write access, this allowed it to create the new partition in ext2 but when mounting the loopback device it fails saying it doesn't exist (which it doesn't I looked) so while I did get a bit further the lag fix still fails. I would gladly apply the lag fix manually through the terminal if I knew everything that was being done to re-format the partitions for ext3 but I can't seem to find that info anywhere.
Next best thing I would guess is to install a stock rom from rogers from someone else and see if there are any differences, I'm guessing based on the devices in the /dev folder that there are more then one image on the devices some set up more similar to AT&T that the lag fix will work on.
mrprefect said:
Thought I might give you some info as well since i've been messing with mine for about a week now. I was able to root the device, oneclick did not work originally for this and I used ADB method similar to what you had here. After this I went for the lag fix, everything was green like it was supposed to be, installed the ext2 tools no problem and then get the same error about unable to mount when applying lag fix.
At this point I used OCLF to unroot the device and it did, I then used the oneclick to re-root which it did this time, in terminal I can su properly and again all the tools are green in OCLF. Tried to lagfix and failed again so I started making some changes manually based on the error messages that were out put. Created the folder it was trying to mount to for instance and then set the permission to this to 777 that would allow world write access, this allowed it to create the new partition in ext2 but when mounting the loopback device it fails saying it doesn't exist (which it doesn't I looked) so while I did get a bit further the lag fix still fails. I would gladly apply the lag fix manually through the terminal if I knew everything that was being done to re-format the partitions for ext3 but I can't seem to find that info anywhere.
Next best thing I would guess is to install a stock rom from rogers from someone else and see if there are any differences, I'm guessing based on the devices in the /dev folder that there are more then one image on the devices some set up more similar to AT&T that the lag fix will work on.
Click to expand...
Click to collapse
Try the stock rom in the main Rogers Captivate forum. It is one i used to go from Cog 2.2 back to stock and it applied the root and lag fix without a hitch. Give it a try and let us know!
deacfire said:
Try the stock rom in the main Rogers Captivate forum. It is one i used to go from Cog 2.2 back to stock and it applied the root and lag fix without a hitch. Give it a try and let us know!
Click to expand...
Click to collapse
Happen to have a link right to the forum? so many threads to search through...
I'm new to the whole android thing though I've been working with linux for years but its a bit of a learning curve coming from a blackberry.
also what are you using to flash your device?
I'm having the same problem. Let me know if you somehow fix it.
Sent from my SAMSUNG-SGH-I896 using XDA App
I was finally able to get my last night.
Turns out my first root attempt was a failure. I had to unroot via an update.zip method as i did not have the permissions to remove the files from terminal.
Once unrooted i then did the update.zip method for the I897, and modified the script to look for I896 instead. It worked flawlessley. I am now getting the pop-up asking for root permissions. I had never seen it work previously.
I was then able to install OCLF without any problems. (and it popped up asking for root)
I am now rooted and lag fixed. Previous quadrant score was at 860's and i pulled a 2285 last night after the OCLF.
Can you please tell us how to modify script and how to flash back to stock..I need to return my phone and superuse app wont go away after unrooting and factory reset
inningsdefeat500 said:
Can you please tell us how to modify script and how to flash back to stock..I need to return my phone and superuser app wont go away after unrooting and factory reset
Click to expand...
Click to collapse
Well i cannot help you flash back to stock as i don't quite know how to do that yet myself. But i can help you unroot, re-root, and lag fix.
I have found the files again and uploaded them to rapid share with the necessary modifications.
Download THIS FILE and once downloaded, rename it to update.zip Be careful not to name it update.zip.zip by accident.
Place the file into the root of your sdcard.
Shutdown the phone with the power button, or pull the battery out and put it back in.
Enter recovery mode:
While holding the volume up and volume down buttons press and hold the power button until you see the white text that says SGH-I896, then release the power button only.
When in recovery mode use the volume down key to highlight reinstall packages, then press the power button. It should say completed and reboot the phone.
Once the phone has rebooted, do the exact same thing again, only use THIS FILE instead. Dont forget to rename the file again!
Then install the OCLF from market. Install the EXT2 tools first. Then run the lag fix installer.
I assume you already know how to enter recovery mode, but this way someone else searching for a fix will have all the info at their disposal here.
EDIT!!!
Some mirrors for the files
For the UN-Root files go HERE
For the ROOT files go HERE
Hi all i am very lost here....i have tried for hours the last few days on how to root this i896 with the super one click method with no luck....anyways i was speaking to my brother earlier and he has done it with his bell vibrant no problem....anyways what i want to know is what is the purpose of rootindg the phone? I thought it was for downloading 3rd party apps or whats the purpose for superuser? The reason why i am asking is that i can download 3rd party apps already...i allow them on my application settings and download a app downloader and works fine? Im lost someone please help.
Sent from my SAMSUNG-SGH-I896 using XDA App
dandroid123 said:
Hi all i am very lost here....i have tried for hours the last few days on how to root this i896 with the super one click method with no luck....anyways i was speaking to my brother earlier and he has done it with his bell vibrant no problem....anyways what i want to know is what is the purpose of rootindg the phone? I thought it was for downloading 3rd party apps or whats the purpose for superuser? The reason why i am asking is that i can download 3rd party apps already...i allow them on my application settings and download a app downloader and works fine? Im lost someone please help.
Sent from my SAMSUNG-SGH-I896 using XDA App
Click to expand...
Click to collapse
Take a look here. It answered alot of my questions.
http://www.androidcentral.com/rooting-it-me-some-qa
Also, if you only follow the second half of my post above you should be able to root it as well.
Thanks deacfire! The one click wouldn't work for me but the second method did.
I am having a really annoying problem though. The superuser.apk that you included just gave me a black screen. So I updated it to this one: http://forum.xda-developers.com/showthread.php?t=682828&highlight=no+apps+in+list
Which is newer. But now it just says "no apps in list". Tried installing it from the zip, tried from the market no different.
I do have apps that require superuser: ROM Manager, Root Explorer, Adfree. They all work, also have titanium backup but its is telling me it needs root access.
How can I fix this, it is a major issue.
EDIT:Thanks impulser91!! That work and was SUPER easy! Should probably get posted in the original post.
when i copy update.zip into the /sdcard and then try hitting reinstall packages, it results in an error and aborts. any suggestions?
Nevermind....it worked MUAHAHAHAHAHAH LET THE FUN BEGIN!
Sweet, 2 users. Not bad for under 10 posts
I'm glad its working for others. I had one heck of a time finding the right combination of files and process's for the I896. I am an IT professional and it took me a few days of fumbling around all the I896 and I897 posts.
Anyways, glad to hear it worked, and i hope other people find it useful as well. I will keep the originals, so if the links go down someone just PM me and i will load them somewhere else.
impulser91 said:
Well i cannot help you flash back to stock as i don't quite know how to do that yet myself. But i can help you unroot, re-root, and lag fix.
I have found the files again and uploaded them to rapid share with the necessary modifications.
Download and once downloaded, rename it to update.zip Be careful not to name it update.zip.zip by accident.
Place the file into the root of your sdcard.
Shutdown the phone with the power button, or pull the battery out and put it back in.
Enter recovery mode:
While holding the volume up and volume down buttons press and hold the power button until you see the white text that says SGH-I896, then release the power button only.
When in recovery mode use the volume down key to highlight reinstall packages, then press the power button. It should say completed and reboot the phone.
Once the phone has rebooted, do the exact same thing again, only use THIS FILE instead. Dont forget to rename the file again!
Then install the OCLF from market. Install the EXT2 tools first. Then run the lag fix installer.
I assume you already know how to enter recovery mode, but this way someone else searching for a fix will have all the info at their disposal here.
Click to expand...
Click to collapse
I could just about kiss you.... but I won't
Thanks for the update files they worked like a charm. I had a similar issue where the device didn't seem to be properly rooted, though it didn't give me any issues with most things when applying the lagfix it would die.
applied both your unroot and then root and it worked flawlessly the first time, lagfix then ran with no issues and my quadrant scores are 2250 now.
Not sure what you did exactly, I've tried rooting from update.zip from oneclick and neither worked I ended up rooting with the ADB and though it seemed to work it apparently did not.
Thanks again
Ultimately... All I'm trying to do is put my custom ringtone on the internal memory so that it still plays correctly when the sd card is connected to my computer. (Though I certainly wouldn't mind removing the obnoxious "boot_att.ogg" file as well.) But I keep getting thwarted. First by the discovery that there's no /home directory (which kind of weirds me out, but that's a whole 'nother story).
Anyway, my phone is rooted with z4root, and I'm trying to do this by two different methods. [Correction: It would be better to say that I've tried this using two different programs] I've tried using "adb shell," and I've tried using "Android Terminal Emulator". I can successfully use su in both of them (but if I can't rewrite anything, then I don't see what the difference is). Then I go to the directory on my sd card where the cell ring is and I type
cp cell\ ring.mp3 /system/media/audio/ringtones/
And it replies
cp: /system/media/audio/ringtones/cell ring.mp3: Read-only file system
So, I found these instructions that say to use "mount -o rw,remount -t yaffs2 /dev/block/mtdblock3" (though I think it needs to be "mtdblock7" for mine) or "mount -o rw,remount -t rootfs /" But when I do either of those, it returns
Usage: mount [-r] [-w] [-o options] [-t type] device directory
Which I take to mean that the "mount" command isn't being used correctly (and my experience with the mount command on desktop bash is limited, so I don't have any clue how to correct it).
It's worth noting that I have the exact same results in both adb shell and Android Terminal Emulator.
So, I found another thread (I think one on XDA) that said that I need to be in recovery mode to write to /system, which kind of makes sense. But I have no clue how to do that. And Google is not helping. The only instructions I could find said to turn the phone off and hold down the camera and volume up button. Which did nothing. And it's a good thing nobody was watching because I'm sure I looked like an idiot.
So... I guess I'll have to ask, how do I get into recovery mode? But at this point, I keep coming across so many absurd things keeping me from this that I wouldn't be surprised if next I get an error.
Therefore, my question is this: Is there a way to get into recovery mode, or, alternatively, is there a way to keep my ringtone working even while my sd card is connected to my computer?
Do you have busybox installed?
Have you tried Root Explorer? It has a button to toggle read-write and read only in a folder.
I do have busybox installed. I have no idea what it does, but I installed it in an attempt to enable sideloading (which I have yet to successfully do; apparently the file isn't in the same place on the Flipside as the Captivate and I was going by a Captivate guide).
I have not yet tried Root Explorer. I know this sounds stupid since it's just four dollars, but I tend to shy away from mobile programs that cost money. (Don't know why, I've been that way since my black and white palm pilot.) But, that's just something that's weird about me, lol. I'll get Root Explorer tomorrow and come back.
Busybox is a set of command line utilities. More Info. The link in my previous post is to an installer for Busybox. Busybox provides a set of commands that can be used and many of the tutorials on modifying an android phone use them. Some don't clearly state Busybox is required.
If you are using this thread as a guide to enabling installation from unknown sources be sure to read the whole thread. In particular this post.
Mission accomplished: Root explorer worked perfectly. I saw it in the marketplace before, but I didn't know it can change read/write privileges. (I didn't get it because I thought it was going to have the same effect as Android Terminal Emulator, just without the GUI. Obviously, I am pleasantly corrected.)
And I have a correction: I did not have BusyBox installed; I had the installer installed. But it is installed now.
Thanks also for the links; sideloading is on my to-do list, after removing AT&T bloatware.
And I have one quick question: Do you (or anybody reading) happen to know if it'll be ok if I remove that boot_att.ogg file in /system/media/audio? I don't know if AT&T designed it so that the phone will crash without it, so I thought I'd ask before removing it.
adanedhel728 said:
. . . .
And I have one quick question: Do you (or anybody reading) happen to know if it'll be ok if I remove that boot_att.ogg file in /system/media/audio? I don't know if AT&T designed it so that the phone will crash without it, so I thought I'd ask before removing it.
Click to expand...
Click to collapse
I have not tried any mods of the boot sound. I would suggest that you replace the file with one that is the same name but just silence if removing it does not work.
Mounting file system as Read/Write
I too can affirm that the "Root explorer" app works perfectly for toggling the Read Only File System to Read Write.
I have a Samsung Captivate from AT&T that I upgraded to Froyo (2.2) using the official release from Samsung via the Kies Mini interface. First, I can say that was very worth it. Love 2.2 much better than stock 2.1
I rooted the phone with SuperOnceClick1.7 (had to have a Windoze OS to run that though) that I got from XDA developers and it worked like a charm. I then removed all the bloatware that AT&T likes to inflict upon its users by using "Titanium Backup." Finally, I added "Terminal Emulator" and verified that the su command was working and then "cd" to the "/etc" folder where the "PowerOn.wav" file is for the annoyingly loud startup sound is to delete it. When I issued the "rm" command to delete the file, got the dreaded "can't delete dueo the Read-only file system" or something very similar. Tried using the Android SDK via adb and that gave exact same results.
What to do?...Found this thread that gave great advice that "Root explorer" does work to toggle the R/O to R/W so the file could be deleted.
Thank you marvin02 for the great lead!!!
I have removed the "boot_att.ogg" file without any problems and went as far as swapping out the "bootanimation.zip" also without any problems. Now using CyanogenMod 5 boot animation but... haven't had any luck replacing the .ogg file for a custom startup sound. Tried encoding audio to the same specs as the original but keep getting this strange noise at boot time instead. Just thought I'd throw that in.
Quick question...
I just downloaded the free explorer from Speed which makes Root Explorer.
don't see any button to change read only to read/write. Is that a feature only in the paid Root Explorer?
Thanks from a Noob.
Edit: Just so if there are any other noobs asking... Yes, need to get the paid version to be able to write in system folders.
The free version is not able.
I've been running cm7 nightlies and now stable 7.0 for some time now. I have the new radio, ladios' kernel, and the sdcard read fix flashed.
I installed super manager and successfully deleted some of the stock cm7 media off my phone last week. Today, I came across the new GPS.conf files and wanted to try them.
Super manager couldn't switch the system to r/w despite saying "ok"
When I try to delete or write in the system with EStrongs file explorer, ghost commander, or android mate, they all give strange errors. The deleted files disappear but reappear after reboot. If I try to paste a file in system/etc I only get an error.
Superuser is successfully allowing permissions. I have the latest busybox. I have r/w enabled in each file manager.
I even tried an adb push test which first said "system is r/o only". The next try was "successful" but didn't do anything.
I'm still new with adb so I probably did something wrong. I typed in that r/w command, mount now shows: /dev/block/mtdblock3 on /system type yaffs2 (rw,relatime)
I can't figure out what changed and what I need to do to get r/w permissions. My only theory is that i had uninstalled and reinstalled super manager earlier and that somehow messed with my permissions.
You cannot permanently modify the system partition while the phone is booted into Android. The only way is to use adb while the phone is in recovery mode. Any changes you make while the phone is booted will be lost after a reboot.
Go check on those media files you thought you deleted. I bet you'll find they are still there.
Yes that worked. Thank you.
I thought I had read somewhere that you had to be booted to adb push.
I also thought that root managers advertising r/w capability would make permanent changes.
Next question:
Can I add and remove files from the cm7 zip before flashing it? Do I have to rezip it in any special or can windows 7 manage it fine?
EDIT: Ok I guess i need to sign it... lets see...
jamus28 said:
Yes that worked. Thank you.
I thought I had read somewhere that you had to be booted to adb push.
I also thought that root managers advertising r/w capability would make permanent changes.
Next question:
Can I add and remove files from the cm7 zip before flashing it? Do I have to rezip it in any special or can windows 7 manage it fine?
EDIT: Ok I guess i need to sign it... lets see...
Click to expand...
Click to collapse
You don't need to sign them on the aria
Sent from my Liberty using XDA App
jamus28 said:
Yes that worked. Thank you.
I thought I had read somewhere that you had to be booted to adb push.
I also thought that root managers advertising r/w capability would make permanent changes.
Click to expand...
Click to collapse
Those programs will work on some phones but not the Aria.
Next question:
Can I add and remove files from the cm7 zip before flashing it? Do I have to rezip it in any special or can windows 7 manage it fine?
EDIT: Ok I guess i need to sign it... lets see...
Click to expand...
Click to collapse
It really is as simple as adding or removing a few files from the zip file if you want to modify it.
THIS METHOD IS NO LONGER WORKS as of update version 2.0.5 and higher.
Please visit this thread instead for the current rooting method.
Posting in this thread will get you nowhere, let it RIP.
ANNOUNCEMENT:
If you have a new Nook HD/HD+ and want to root and get the GAPPS running, you should follow the guide at the All-in-One thread instead. That said, I won't copy all the information here to there, so you should continue to read on.
Let me start by saying that I didn't come up with the working root method. The original root instruction came from verygreen in this thread. And I am not a developer, I merely have a few linux background and even less so in the Android. I worked on this on my spare time by myself.
I merely take what was working, but unusable to make it usable. I found something that he is missed. This may actually be working on Nook HD (non-plus) also, but since I don't own one I can't say that it will.
Disclaimer:
If something gone wrong, it's all your fault. I take ZERO responsibility for what happen to your device, your life, your wife/husband, your kids, your unborn child and etc. You get the idea.
Background:
When I found out the root doesn't actually work past a reboot, I start looking what actually cause the Nook to be pissed and factory reset itself. Well, it seem that the /system and anything in there is basically coming from a /dev/block/mmcblk0p8 And if something got change, Nook get pissed and do a FULL FACTORY RESET(I'll explain in a moment). Well, at least I start investigated under that idea.
What I found:
What I found, or at least what I think I found is that, probably just adding file, or increase in the size(maybe there is a threshold for this), will cause it to do a full factory reset. What I also found is that there is a $PATH for /system/sbin but not pointing to anywhere. So I come up with the idea of making another ext4 file system in a file and loop mount it to /system/sbin I guess that work(very well). What I also found is that, there are two kind of factory resets. The one that you perform yourself, which is actually not a full factory reset and the one that Nook get pissed and do the full one.
A factory reset that you perform yourself, whether from the GUI or button combination will basically clean the partition /data while a full blown one will basically restore other partition such as /system
What is included:
basically a zip file, inside that zip file are 6 files.
boot_complete_hook.sh.bak this is basically a modified version of verygreen's
busybox & su are basically from his thread
superuser.apk well I found this one floating around and seem like a good idea to stick it in there (not even sure if it gonna work w/ Nook)
makeroot.bat this is basically what do most of the work. It's base on verygreen original rooting instruction.
sbin_mount This is basically an ext4 file system which have su and another version of busybox all setup nice and tidy for you all. This version of busybox is 1.20.2r2 which I grabbed from here.
Prerequisite:
ADB, it's your responsibility to have adb up and running, meaning not just have it install, but it can see your nook also.
leapinlar wrote a post to help you getting ADB to work here.
Now to get root:
all you have to do is unzip it and run makeroot.bat (obviously you run this in windows command prompt). Yub that's all. The batch file will do the rest, including reboot the nook and wait for it to reboot and stuff. Won't make a coffee for you though.
The manual and hard way:
well, I will only explain this in a summarize way. Basically this start with verygreen rooting method. It basically take advantage of the exploit and run /data/boot_complete_hook.sh which you adb push yourself(with correct permission) with root privilege. What you can run in there is basically up to your creativity. So obviously in this case, you mount the sbin_mount as an ext4 filesystem in the /system/sbin You can make this file yourself if you want to, in linux using dd and mkfs command. Basically using dd to create a file volume to the size you want and mkfs to format it to ext4. Mount it and start uploading stuff you want in there. You will have to correct all the file permission as well. Since all of this will be mounted to /system/sbin you should be aware what you gonna put in there. I guess I could make this thing 100MB, but for this specific purpose 10MB is enough. I my case, just the su and busybox and the symbolic links for the busybox. I'm doing this for the long term. I'm too lazy to point to busybox everytime I wanna do something.
What to do afterward:
Now that you have root, you can Enable Unknown Source to allow you to install app from within the device and install GAPPS. Follow the two guides below if you interested.
Enable Unknown Source: Again, I make an easy little tool for you here.
GAPPS: here.
Did I missed something:
Well, as I said I'm no coder so if I didn't do a clean job, you can refine it. If I didn't document or give proper credit, then I guess I missed that. Sorry about that, again I'm no coder and never done this. And finally:
If this thing work for you, feel free to hit that "THANKS" button. I spent many hours trying to come up with this solution.
FAQ:
Q: My so and so application when attempting to have root access get freeze up, or superuser doesn't work?
A: Well, I'm not sure if this is dued to how the Nook side-loading work or not, but it seem for some reason superuser won't start by itself. So you have to start it manually the first time.
Q: I type in "adb root" and I can't get in as root, it doesn't work?
A: yes it does, it's just not working with adb root. You can get in via "adb shell" once you get in, type in "su" and you can see that you now should have root access.
Thank you so much! This works perfectly. Survives reboot.
here's the Linux version.
Thanks someone0 for getting this started.
Haven't fully tested the linux version, but it loads and starts up, so should work.
extract, and open up terminal and navigate to the dir you extracted to, and type
./makeroot.sh and then enter.
This sounds like a good idea initially.
It is true that the B&N does not just check for /system/xbin/su directly like they did in the past.
This time they check for something else and I just had no time to look into it more deeply to find out what is it they are actually checking for. I plan to figure this out on Friday when I am back home.
Also wanted to tell you that having Linux background is a great thing when tinkering with Android (at a low level, anyway). I don't have much Android background to speak of as well.
This works really well, and thanks to Someone (and mad props too) for getting persistent root working on this.
I may be being very naive, but my suspicion on the reboot is around the manifest file that's present at root.
It seems to be generated by the boot process and it might provide a quick and dirty list of what's permitted on the device to check. With persistent root, lots of investigation becomes a lot less painful. I expect that by end of day we'll have install unsigned running.
Early in my experimenting with the HD+, I noted:
- some versions of the Google Services Framework can be installed via adb
- when I launched the native calendar app after installing gsf, it wanted to sync to a google account, and was able to add the google account
- one version of the Play store installed and launched as far as throwing the 'you must accept the terms of service' before crashing
What BN most likely does is calculating the hash value (or digest, if you prefer) of certain system files that they think shouldn't be tampered with, then during reboot, the values of these files must match, or they will do a factory reset.
The key point is to find out where they do these checks and fool the check.
This sound simple but it depends on how they implement it. If they use binary decisions (like if the hash_value == calculated), then it is easy to get around. If not (e.g. using white box algorithm to hide keys), then it get more complicated.
excellent and very elegant solution. Kudos!
I'm heading out to work, and if you think your theory is right, try poking around with it. Now that your have root, you can try to dd those bootloading partitions out to user area and upload them out to PC and inspect them.
looking at the vold.fstab
Code:
xloader -> /dev/block/mmcblk0p1
bootloader -> /dev/block/mmcblk0p2
recovery -> /dev/block/mmcblk0p3
boot -> /dev/block/mmcblk0p4
rom -> /dev/block/mmcblk0p5
bootdata -> /dev/block/mmcblk0p6
factory -> /dev/block/mmcblk0p7
system -> /dev/block/mmcblk0p8
cache -> /dev/block/mmcblk0p9
userdata -> /dev/block/mmcblk0p10
Be extra careful when touching those partition if you not sure, don't touch them. But making a block copy of them and taking them out should be relatively easy and safe. Obviously you gonna need a Linux box to do this. I setup a VM on one of my PC last night because I need to get a ext4 partition and put all the goodies in there.
krylon360 said:
here's the Linux version.
Thanks someone0 for getting this started.
Haven't fully tested the linux version, but it loads and starts up, so should work.
extract, and open up terminal and navigate to the dir you extracted to, and type
./makeroot.sh and then enter.
Click to expand...
Click to collapse
Just wonder why do use a zip file for the linux version? Wouldn't this kinda messup the permission when compress/uncompress? meaning, makeroot.sh may not have the proper permission when unzip. Please double check.
someone0 said:
Just wonder why do use a zip file for the linux version? Wouldn't this kinda messup the permission when compress/uncompress? meaning, makeroot.sh may not have the proper permission when unzip. Please double check.
Click to expand...
Click to collapse
works just fine.
I chmod a+x'd the script before putting it into the zip.
heh, yeah, it works. Forgot I had my touchpad pluged in and it rebooted it....
whoops.
thanks for posting the location of the /recovery partition. I want to put a copy of htat on ice to prevent BN from undoing any of my work in a future update - I may want some of the fixes they have, but I want to be able to roll them back if needed.
Someone0 are you around can you pm me, Your root works, I installed nook color tools ver .02 in system/app folder and was able to see it in my sideloaded launcher, was able to uncheck/check install non market apps which sets the setting for US to be able to install .apk files from the nook itself, ONLY ISSUE is since I put that file in the system/app folder and the nook didnt like it I got stuck in a bootloop and get to start this process all over again! (nook resetted to ground zero)
maybe we temporary can leave it there get us the permission to install non market apps then remove the file and we will be ok or maybe stuck in another bootloop.
---------- Post added at 09:20 PM ---------- Previous post was at 08:52 PM ----------
GOT IT WORKING NOW:
1. Once rooted, get a file manager with root support and enable read/write permission to /system
2. temporary copy nook tools ver .02 .apk to the system/app folder
3. have a sideloaded launcher and check the app drawer youll see nook tools, run it, first screen uncheck and check the install non market apps box couple of times make sure its checked afterwards
4. have a test .apk to run the BN installer on and see you can now install .apks from the NOOK HD and HD+
5. remove the nook tools.apk file from the system/app folder and quit your file explorer which should reset everything for the system folder back to the way it orginally is!
6. reboot, if you reboot successfully with no boot loop 8 times, your GOLDEN FOR NOW! once again load up a file manager go select an .apk file and see you can now install it! Next step is trying to get amazon market working! then google somehow, but for google you need files in system/app folder permanently!
7. YOU CAN NOW SUCCESSFULLY DOWNLOAD .APK FILES through web, email, any other app and install through the NOOK HD or HD+ BN installer for .apk files. Watch what you install, if it gets put into /system or /system/app folder DREADED BOOT LOOP which resets everything! AMAZON MARKET WORKS!!!! and apps from there install fine to the BUILT IN MEMORY.
** Hopefully amazon market dont install stuff to the system/app folder and if it does hopefully you do not get the dreaded boot loops where you got to start this whole process over again so be forwarned!!! you will loose all data on NOOK HD and HD+ if u get stuck in the bootloops! BACKUP STUFF before messing with root and this kind of thing! DEVELOPMENT!
Aside from moving the actual apk to /system/app/ temporary (since you only do it once), putting a symbolic link there may work also without creating a reset loop. But can't you just side load the apk and run it in other folder?
someone0 said:
Aside from moving the actual apk to /system/app/ temporary (since you only do it once), putting a symbolic link there may work also without creating a reset loop. But can't you just side load the apk and run it in other folder?
Click to expand...
Click to collapse
when you sidelaod it OR install or have it installed to another folder or ran from another folder it cant modify the setting to allow non market apps to install!!
has to be in the /system/app folder THEN RAN from app drawer then you can set the setting uncheck and check box quit program and for now YOU HAVE to remove the .apk from the system/app folder and then you can reboot and the setting sticks! I GOT AMAZON MARKET INSTALLED right now installing apps! NOW WE GOT A KINDLE ladys and gentleman!
Amazon apk installs in internal memory. Apps downloaded from Amazon get installed in internal memory. You can then move them to SD card or leave them in internal memory. System apps are provided in the ROMs by the developers or vendors. ALWAYS back up before making system changes.. Now rooted - use Titanium Backup. System/app should be static throughout ROM lifecycle unless modified by user.
skyhawk21 said:
7. YOU CAN NOW SUCCESSFULLY DOWNLOAD .APK FILES through web, email, any other app and install through the NOOK HD or HD+ BN installer for .apk files. Watch what you install, if it gets put into /system or /system/app folder DREADED BOOT LOOP which resets everything! AMAZON MARKET WORKS!!!! and apps from there install fine to the BUILT IN MEMORY.
** Hopefully amazon market dont install stuff to the system/app folder and if it does hopefully you do not get the dreaded boot loops where you got to start this whole process over again so be forwarned!!! you will loose all data on NOOK HD and HD+ if u get stuck in the bootloops! BACKUP STUFF before messing with root and this kind of thing! DEVELOPMENT!
Click to expand...
Click to collapse
This is why I put the /system back to ro, at least that is what I think I did.
Amazon Store working on ROOTED Nook HD
Proof of Concept:
http://youtu.be/wCyd730L74Y
skyhawk21 said:
Proof of Concept:
http://youtu.be/wCyd730L74Y
Click to expand...
Click to collapse
LOL, your internet is slow. Could have cut the video time by 1/2 if not 2/3 if you switch to faster ISP.
skyhawk21 said:
Someone0 are you around can you pm me, Your root works, I installed nook color tools ver .02 in system/app folder
Click to expand...
Click to collapse
What exactly did you install? I cannot find "nook color tools" in Google Play or on APKTOP. Thanks for your hard work!
NEVERMIND! I found the thread that has the link for the app: http://forum.xda-developers.com/showthread.php?t=868366 Thanks again.
does this root method work on Nook HD+2.0.2?
if not how I can downgrade to 2.0.0?
I have here, two packages.
The twrp one is meant for those who have already flashed twrp, the other is for first time root via EDL.
Both flash System RW, updated TWRP and magisk.
TWRP package will not wipe Data, You will loose no data
NOTE - You may have to mount the system RW.
NOTE - The above will be fixed via a future custom rom.
Without further ado, here are the instructions.
Initial Root Instructions
Prep: You must have a Pin screen lock set on your device to prevent data loss.
On your phone go to
Settings>Security>Screen Lock>PIN
and set a pin.
USB Debugging and OEM Unlocking have to be enabled to make this work.
On Your phone go to
Setting>About phone
Then tap on build number 10 time to unlock Developer Settings
Now go to
Settings>Developer Options
Then toggle usb debugging and oem unlocking.
1. Download this package B20 Via QFIL
2. Unzip the file to your desktop.
3. Right click on RunasAdmin_TestSignON.bat and run as administrator.
4. Let your machine reboot.
5. Run Run This.bat
6. Install everything it tells you to install.
NOTE Select WWAN-DHCP when asked
7. RTFM and flash (All the files your need for qfil are in the B20 Folder!!!!)
8. Profit
Then
9.Press and hold Vol+ and Power
10.Once the ZTE screen shows, let go of power while continuing to hold vol+
This will get you into twrp
11.Plug you phone into your computer and from your adb directory, run these commands.
12.adb shell
13.setenforce 0
14.exit
Now on your phone, in twrp
15.Swipe to allow midification
16.Tap Backup
17.check data
18.tap select storage
19.Select microsdcard
20.tap ok
21.Swipe to backup
22.Tap home
23.Tap wipe
24.Tap Format Data
25.Enter yes and tap the blue checkmark
26.Tap home
27.Tap Power off
28.Turn your phone on.
For those who have TWRP already on their device, follow these instructions.
1. Download this package. B20 via TWRP
2. Extract it to your desktop
3. Run "Flash full B25.bat"
4. Profit
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Update 5/253/19
Updated boot.img z982_boot_magisk.img
Update Magisk root "Already obsolete"
Fixes ADB not authorized issues
Update twrp recovery.img z982_recovery_twrp.img
Fixes selinux enforcing related issues related to /data folder
Fixes backup related issues
Fixes zip install related issues
Do you think this will work with my hard bricked phone?
so if our system is still ro, all we have to do is mount rw every time? I was hoping that we would only need to mount it like one time, because im basically doing the same thing I was doing before.
https://drive.google.com/file/d/1YsOFbKcca2GTc6K77vD6-hh4qtk5O3mv/view?usp=sharing
test this. you might need to rename the zip file to bootanimtion.zip.
Chickenaa said:
https://drive.google.com/file/d/1YsOFbKcca2GTc6K77vD6-hh4qtk5O3mv/view?usp=sharing
test this. you might need to rename the zip file to bootanimtion.zip.
Click to expand...
Click to collapse
will do. are all the files already in place.
bootanimation worked, but sound still didnt
evtoofly said:
will do. are all the files already in place.
bootanimation worked, but sound still didnt
Click to expand...
Click to collapse
Upload the build.prop
Chickenaa said:
Do you think this will work with my hard bricked phone?
Click to expand...
Click to collapse
As long as you get the driver working, it should no problem.
xxMoon said:
As long as you get the driver working, it should no problem.
Click to expand...
Click to collapse
Im thinking about reinstalling windows. Do you think i should give it a try?
Chickenaa said:
Im thinking about reinstalling windows. Do you think i should give it a try?
Click to expand...
Click to collapse
I would.
Before you reinstall.. if ur able try on another PC.
xxMoon said:
1. Download this package. B20 via TWRP
2. Extract it to your desktop
3. Run "Flash full B25.bat"
4. Profit
Click to expand...
Click to collapse
Appreciate the update, same problem as before though RO /system and a mount -o rw,remount /system command results in the phone freezing and then restarting.
JasonSec said:
Appreciate the update, same problem as before though RO /system and a mount -o rw,remount /system command results in the phone freezing and then restarting.
Click to expand...
Click to collapse
thought I was the only one, I just stopped trying, if I need to go mount rw, i just use root explorer . Even that freezes sometimes though smh. Some people just got it better than we do
B25
Hello sir,
My phone is running B25. Will this cause issues? Do I need to downgrade?
AjtheLAF said:
Hello sir,
My phone is running B25. Will this cause issues? Do I need to downgrade?
Click to expand...
Click to collapse
No issues for me.
Emerl said:
No issues for me.
Click to expand...
Click to collapse
Did your system become rw?
evtoofly said:
Did your system become rw?
Click to expand...
Click to collapse
I use ES File Explorer. Open the app, wait for su to grant it access, then change the system to RW. I've noticed that the phone will freeze if I tried to switch to RW before the File Explorer was granted su access.
Emerl said:
I use ES File Explorer. Open the app, wait for su to grant it access, then change the system to RW. I've noticed that the phone will freeze if I tried to switch to RW before the File Explorer was granted su access.
Click to expand...
Click to collapse
I noticed that too. I also tried to see if root explorer would mount rw after I used es to mount rw, and it turns out that u still have to mount system separately in both file managers. Bummer because I was looking for a way to always have my system mounted as rw between both file managers.
evtoofly said:
I noticed that too. I also tried to see if root explorer would mount rw after I used es to mount rw, and it turns out that u still have to mount system separately in both file managers. Bummer because I was looking for a way to always have my system mounted as rw between both file managers.
Click to expand...
Click to collapse
I'm guessing once a custom rom is available, the whole system RW situation will be situated. Is there an advantage of root explorer over es explorer?
Emerl said:
I'm guessing once a custom rom is available, the whole system RW situation will be situated. Is there an advantage of root explorer over es explorer?
Click to expand...
Click to collapse
I personally use root explor to chmod files, I dont think es can do it, however es has its own perks as well, so I just keep both just in case
Emerl said:
I'm guessing once a custom rom is available, the whole system RW situation will be situated. Is there an advantage of root explorer over es explorer?
Click to expand...
Click to collapse
Lol, actually you can put init.d scripts in /sbin/.magisk/img/.core/service.d/ and they will do it on boot.
Try my attachment.
I