I personally was waiting for this, and now it's released. GingerBreak!
For all who wants to root their Nexus One Gingerbread without unlocking the boot-loader: http://c-skills.blogspot.com/2011/04/yummy-yummy-gingerbreak.html
Mind you, you need to know what you are doing.
Cheers
--edit
I just ran it on my unrooted stock Nexus One and my shell indicator turned to a hash (#), so I think it works. I do get a message in my notification bar that the SD card is ejected and now safe to remove. I rebooted my phone and tried to run GingerBreak again, but it failed because it could not copy two files (they were already there). So if you want to run it again you need to remove these two files first:
/data/loca/tmp/boomsh
/data/local/tmp/sh
Might save someone else the trouble of looking this up in the source code
Step-by-step for Rooting Gingerbread with Locked Bootloader
Here is an attempt at a step-by-step guide for the n00bs.
I take NO credit for this method or any files mention -- all credit goes to the devs. I just tried to dumb them down a bit.
Ok, here goes. This assume that you already have the Android SDK properly installed, which is found here: http://developer.android.com/sdk/index.html
Note: According to the GingerBreak source code: Before using, insert empty formatted sdcard.
First, let's list all the required files:
1) GingerBreak
2) busybox
3) su
4) Superuser.apk
Second, let's get all the files:
1) GingerBreak is available here: http://c-skills.blogspot.com/2011/04/yummy-yummy-gingerbreak.html. Make sure you extract the file from within the archive.
2) su and Superuser.apk are available in the su-2.3.6.1-ef-signed.zip found here: http://forum.xda-developers.com/showthread.php?t=682828
3) busybox is available from many source. Here is one: http://multiupload.com/MVT98F5HBY
4) Place/extract all the files in the same directory as the ADB executable (probably /program files/android/android-sdk-windows/platform-tools). All the files should be in that directory, not in any subfolders.
(Note: The commands you type in are after the colon.)
Now, let's get all the files onto your device:
1) Open a command prompt and navigate to your /android-sdk-windows/platform-tools directory
2) Type: adb push GingerBreak /data/local/tmp/GingerBreak
3) Type: adb push Superuser.apk /data/local/tmp/Superuser.apk
4) Type: adb push su /data/local/tmp/su
5) Type: adb push busybox /data/local/tmp/busybox
Now let's get to the rooting:
1) Open an adb shell: adb shell
2) Change directory to where you pushed the exploit: cd /data/local/tmp
3) Change permissions on the exploit: chmod 700 /data/local/tmp/GingerBreak
4) Change the permissions on busybox: chmod 755 /data/local/tmp/busybox
5) Run the exploit: ./GingerBreak
6) Wait for it to run. It will take a while, and output a bunch of lines that you can ignore.
7) When it's finished, you should see a message saying "dance forever my only one" and you will see the # instead of $.
Now, We need to make the root permanent by installing su:
*Note: if you are having problems with the steps below (steps 3 and onwards), see post 48.
1) Mount the system partition as read/write: mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
2) Change directory to where you pushed su, busybox and superuser.apk: cd /data/local/tmp
3) Run busybox to copy itself to the proper directory: ./busybox cp busybox /system/bin
4) Change the permissions on busybox: chmod 4755 /system/bin/busybox
5) Run busybox to copy Superuser.apk to the proper directory: busybox cp Superuser.apk /system/app
6) Run busybox to copy su to the proper directory: busybox cp su /system/bin
7) Change the permission on su: chmod 4755 /system/bin/su
8) Mount the partition as read-only: mount -o remount,ro -t yaffs2 /dev/block/mtdblock3 /system
9) Exit the root shell: exit
10) You should now see $ instead of #
11) Exit the shell: exit
Now you are back to the commnd prompt. Let's verify that you still have root access:
1) Open a shell: adb shell
2) Type: su
3) At this point, it will hang until you give su permission through the Superuser app on your device, so look on your device and give it permission.
4) If the $ changes to a #, congratulations, you have root access.
Hmmm, I think I need some help here. I don't think everything is as it should be. I have been trying a couple of times now and I can't seem to be able to copy su.
I can run gingerbreak fine, gives me a hash (#) so it looks like I have root access.
I can remount /system fine as well, something I can't do when I don't run gingerbreak.
But when I do "cp su /system/bin" I get "cp: can't create '/system/bin/su': Permission denied".
The "bin" directory looks like this: drwxr-xr-x root shell 2011-02-25 09:54 bin
Also, previously I read that when you do "whoami" you should see "unknown uid 0" but I still see "unknown uid 2000" just like when I'm not root.
This gives me the conclusion that I am not really the root user, but have root impersonated. Which allows me to remount since that does not require file access?!? But not write to certain places?!? Am I right?!? Help?!? What's going on?!?
Any help or suggestions are greatly appreciated.
Cheers
bra1nDeaD said:
Hmmm, I think I need some help here. I don't think everything is as it should be. I have been trying a couple of times now and I can't seem to be able to copy su.
I can run gingerbreak fine, gives me a hash (#) so it looks like I have root access.
I can remount /system fine as well, something I can't do when I don't run gingerbreak.
But when I do "cp su /system/bin" I get "cp: can't create '/system/bin/su': Permission denied".
The "bin" directory looks like this: drwxr-xr-x root shell 2011-02-25 09:54 bin
Also, previously I read that when you do "whoami" you should see "unknown uid 0" but I still see "unknown uid 2000" just like when I'm not root.
This gives me the conclusion that I am not really the root user, but have root impersonated. Which allows me to remount since that does not require file access?!? But not write to certain places?!? Am I right?!? Help?!? What's going on?!?
Any help or suggestions are greatly appreciated.
Cheers
Click to expand...
Click to collapse
If you don't have busybox installed, you can't use cp. Try ./busybox cp su /system/bin
efrant said:
If you don't have busybox installed, you can't use cp. Try ./busybox cp su /system/bin
Click to expand...
Click to collapse
I tried that before as well, just did it again to make sure. Got the same message:
Code:
./busybox cp su /system/bin
cp: can't create '/system/bin/su': Permission denied
I was of the opinion that busybox is just a whole lot of tools bundled into one executable. That would make the busybox cp the same as the stand-alone cp, or am I wrong here?
I am going to try to change the permissions on /system/bin to see if I have access to do that and that might allow me to copy it there. I'll let you know how I get on.
Approximately how long did it take for Gingerbreak to execute? also do we ignore the output saying:
Code:
sendmsg() failed?
avgjoemomma said:
Approximately how long did it take for Gingerbreak to execute? also do we ignore the output saying:
Code:
sendmsg() failed?
Click to expand...
Click to collapse
Ah, I had that as well. First few times I ran GingerBreak it ran perfectly. Takes no longer than 20 seconds. After a while it would not run anymore and was hanging. After some fiddling I got that message as well, a lot. A canceled the execution.
I gave up trying to run it again, but now I'm home from work I tried and it worked great again.
At the moment it's very temperamental. It misuses "vold", which is (if I am correct) the "volume deamon". That is responsible for automatically mounting the SD card when it is inserted and maybe some other things. So I tried fiddling with it: running without SD card, and other things.
I think I had some issue with some apps that were installed on the SD card, or were in process of being installed on the SD card. I am not sure what exactly changed that it works now, but just try some different things. Be careful though, I'm not responsible I also noticed that my internet connection was really crap when it did not work properly, and now at home this is on my home wifi. And since the code uses sockets in the exploit this could affect it as well.
Hope this helps
Hmm, tried rebooting, unmounting the SD card, no joy I'll try this at home, could be a problem with my work computer...Windows XP
Ok, well that did the trick:
Code:
# chmod 777 /system/bin
# chmod 777 /system/bin
# cp su /system/bin
# chmod 755 /system/bin
# chmod 4755 /system/bin/su
# chown root /system/bin/su
Now when I run su I get the message on the screen from Superuser.
I have no clue why it is different on my phone, but I'm happy it works now.
I got "permission denied" after attempting ./Gingerbreak. Any help? Everything up to that point worked smoothly...
hi guys,
i take this log
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\USER\Desktop\New folder>adb shell
$ cd /data/local/tmp
cd /data/local/tmp
$ ./GingerBreak
./GingerBreak
./GingerBreak: not found
$ ./Gingerbreak
./Gingerbreak
[**] Gingerbreak/Honeybomb -- android 2.[2,3], 3.0 softbreak
[**] (C) 2010-2011 The Android Exploid Crew. All rights reserved.
[**] Kudos to jenzi, the #brownpants-party, the Open Source folks,
[**] Zynamics for ARM skills and Onkel Budi
[**] donate to [email protected] if you like
[**] Exploit may take a while!
[+] Plain Gingerbread mode!
[+] Found system: 0x6fd17f09 strcmp: 0x6fd37c89
[+] Found PT_DYNAMIC of size 232 (29 entries)
[+] Found GOT: 0x00014344
[+] Using device /devices/platform/goldfish_mmc.0
[*] vold: 5881 GOT start: 0x00014344 GOT end: 0x00014384
[*] vold: 5881 idx: -3072 fault addr: 0x00013290
[+] fault address in range (0x00013290,idx=-3072)
[+] Calculated idx: -2003
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
It's ok?
lol ok, broke out and decided to try to re-run without rebooting and now I get:
Code:
.
.
.
[*] vold: 1294 idx: -105472 fault addr: 0xfffaf290
[*] vold: 1297 idx: -106496 fault addr: 0xfffae290
[*] vold: 1300 idx: -107520 fault addr: 0xfffad290
[*] vold: 1305 idx: -108544 fault addr: 0xfffac290
[*] vold: 1308 idx: -109568 fault addr: 0xfffab290
[*] vold: 1311 idx: -110592 fault addr: 0xfffaa290
[*] vold: 1314 idx: -111616 fault addr: 0xfffa9290
.
.
.
It's going and going, been a few minutes already. Let's see where this takes us
Azaraith said:
I got "permission denied" after attempting ./Gingerbreak. Any help? Everything up to that point worked smoothly...
Click to expand...
Click to collapse
Not sure, it would help if you copy the output and post it here.
avgjoemomma said:
lol ok, broke out and decided to try to re-run without rebooting and now I get:
Code:
.
.
.
[*] vold: 1294 idx: -105472 fault addr: 0xfffaf290
[*] vold: 1297 idx: -106496 fault addr: 0xfffae290
[*] vold: 1300 idx: -107520 fault addr: 0xfffad290
[*] vold: 1305 idx: -108544 fault addr: 0xfffac290
[*] vold: 1308 idx: -109568 fault addr: 0xfffab290
[*] vold: 1311 idx: -110592 fault addr: 0xfffaa290
[*] vold: 1314 idx: -111616 fault addr: 0xfffa9290
.
.
.
It's going and going, been a few minutes already. Let's see where this takes us
Click to expand...
Click to collapse
That looks much better
Lef.teris said:
hi guys,
i take this log
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\USER\Desktop\New folder>adb shell
$ cd /data/local/tmp
cd /data/local/tmp
$ ./GingerBreak
./GingerBreak
./GingerBreak: not found
$ ./Gingerbreak
./Gingerbreak
[**] Gingerbreak/Honeybomb -- android 2.[2,3], 3.0 softbreak
[**] (C) 2010-2011 The Android Exploid Crew. All rights reserved.
[**] Kudos to jenzi, the #brownpants-party, the Open Source folks,
[**] Zynamics for ARM skills and Onkel Budi
[**] donate to [email protected] if you like
[**] Exploit may take a while!
[+] Plain Gingerbread mode!
[+] Found system: 0x6fd17f09 strcmp: 0x6fd37c89
[+] Found PT_DYNAMIC of size 232 (29 entries)
[+] Found GOT: 0x00014344
[+] Using device /devices/platform/goldfish_mmc.0
[*] vold: 5881 GOT start: 0x00014344 GOT end: 0x00014384
[*] vold: 5881 idx: -3072 fault addr: 0x00013290
[+] fault address in range (0x00013290,idx=-3072)
[+] Calculated idx: -2003
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
It's ok?
Click to expand...
Click to collapse
No, that doesn't look good. It's the same as what avgjoemomma had. See previous post.
bra1nDeaD said:
That looks much better
Click to expand...
Click to collapse
Awesome! I guess I just need to sit here until it's done...might be a few hours at this rate
Epic 4g
Could i use this on my Samsung Epic 4g?
Two hours in, giving up
don't know if it helps but if you get permission denied with ./GingerBreak change the "2) Type: adb push GingerBreak /data/local/tmp/Gingerbreak" with "2) Type: adb push GingerBreak /data/local/tmp/GingerBreak"
Prettymisshope said:
Could i use this on my Samsung Epic 4g?
Click to expand...
Click to collapse
No sir. Or ma'am. Do not attempt and risk your phone. Go to epic forum and you'll see a method for the epic.
Sent from my Nexus One using XDA Premium App
Related
trying too root.. and im looking at this
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Valued Customer>cd\
C:\>cd c:\AndroidSDK\tools
C:\androidsdk\Tools>adb push su /sdcard/su
320 KB/s (0 bytes in 26264.000s)
C:\androidsdk\Tools>adb push rage.bin /data/local/tmp/rage.bin
65 KB/s (0 bytes in 5392.000s)
C:\androidsdk\Tools>adb push busybox /sdcard/busybox
395 KB/s (0 bytes in 1867568.004s)
C:\androidsdk\Tools>adb shell
$ cd /data/local/tmp
cd /data/local/tmp
$ chmod 0755 rage.bin
chmod 0755 rage.bin
$ ./rage.bin
./rage.bin
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3712, 3712}
[*] Searching for adb ...
[+] Found adb as PID 19393
[*] Spawning children. Dont type anything and wait for reset!
[*]
[*] If you like what we are doing you can send us PayPal money to
[*] [email protected] so we can compensate time, effort and HW costs.
[*] If you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 USD!
[*]
[*] adb connection will be reset. restart adb server on desktop and re-login.
$ adb shell
adb shell
adb: not found
$
what do i do now????
The $ means you are still in the shell. You have to wait till it goes back to the Command prompt (c
Sent from my SCH-I500 using XDA App
ace5198 said:
trying too root.. and im looking at this
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Valued Customer>cd\
C:\>cd c:\AndroidSDK\tools
C:\androidsdk\Tools>adb push su /sdcard/su
320 KB/s (0 bytes in 26264.000s)
C:\androidsdk\Tools>adb push rage.bin /data/local/tmp/rage.bin
65 KB/s (0 bytes in 5392.000s)
C:\androidsdk\Tools>adb push busybox /sdcard/busybox
395 KB/s (0 bytes in 1867568.004s)
C:\androidsdk\Tools>adb shell
$ cd /data/local/tmp
cd /data/local/tmp
$ chmod 0755 rage.bin
chmod 0755 rage.bin
$ ./rage.bin
./rage.bin
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3712, 3712}
[*] Searching for adb ...
[+] Found adb as PID 19393
[*] Spawning children. Dont type anything and wait for reset!
[*]
[*] If you like what we are doing you can send us PayPal money to
[*] [email protected] so we can compensate time, effort and HW costs.
[*] If you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 USD!
[*]
[*] adb connection will be reset. restart adb server on desktop and re-login.
$ adb shell
adb shell
adb: not found
$
what do i do now????
Click to expand...
Click to collapse
You haven't waited long enough. That last step should kick you out of the shell, and back into the command prompt, where your 'adb shell' command will work.
adb is used on the windows command prompt, not the phone's shell.
To exit the shell, and get back to the windows command prompt, you can always type "exit" and hit enter at the $ or # prompt.
just wait?
ace5198 said:
just wait?
Click to expand...
Click to collapse
Ideally yes. Many people report having to wait up to 2 minutes. I don't know what you've done since then, best to just start over. To be safe, just reboot the phone, then start again.
ok i rebooted and got past that point now im at this line and stuck
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Valued Customer>cd\
C:\>cd c:\AndroidSDK\tools
C:\androidsdk\Tools>adb push su /sdcard/su
320 KB/s (0 bytes in 26264.000s)
C:\androidsdk\Tools>adb push rage.bin /data/local/tmp/rage.bin
87 KB/s (0 bytes in 5392.000s)
C:\androidsdk\Tools>adb push busybox /sdcard/busybox
410 KB/s (0 bytes in 1867568.004s)
C:\androidsdk\Tools>adb shell
$ cd /data/local/tmp
cd /data/local/tmp
$ chmod 0755 rage.bin
chmod 0755 rage.bin
$ ./rage.bin
./rage.bin
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3712, 3712}
[*] Searching for adb ...
[+] Found adb as PID 2200
[*] Spawning children. Dont type anything and wait for reset!
[*]
[*] If you like what we are doing you can send us PayPal money to
[*] [email protected] so we can compensate time, effort and HW costs.
[*] If you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 USD!
[*]
[*] adb connection will be reset. restart adb server on desktop and re-login.
$
C:\androidsdk\Tools>adb shell
error: device not found
C:\androidsdk\Tools>
help please.. im totally lost and cant find anything about this anywhere
hahahahah wooohoooo.. i did it... benchmark 2155 =) thank your so much to everyone that helped me... you are all awesome.. tanks dirrk for the step by step instructions..and a huuuuuggggeee shoutout to poulosjr couldnt have done it without you.. thank you all sooo much
Hello ace5198,
How did u do it? I am facing exactly the same issue...
$ chmod 4755 /data/local/tmp/rageagainstthecage
$ chmod 4755 /data/local/tmp/busybox
$ cd /data/local/tmp
$ ./rageagainstthecage
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3341, 3341}
[*] Searching for adb ...
[+] Found adb as PID 1941
[*] Spawning children. Dont type anything and wait for reset!
[*]
[*] If you like what we are doing you can send us PayPal money to
[*] [email protected] so we can compensate time, effort and HW costs.
[*] If you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 USD!
[*]
[*] adb connection will be reset. restart adb server on desktop and re-login.
$
[email protected]:~/android-sdk-linux_86/platform-tools$ ./adb shell
error: device not found
There is a new root method by dirrk on one of the stickies in android development... I would link you directly, but I can't from my phone. look for the one that says roll up
Has anyone tried out this new gingerbread rooting here: http://forum.xda-developers.com/showthread.php?t=1044765
I tried the apk but got an error am out at the moment so can't try it out properly.
Could this be the saviour for my locked bootloader?
Sent from my LT15i using XDA App
Edit: Working!
i'm trying and i get this log
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\USER\Desktop\New folder>adb shell
$ cd /data/local/tmp
cd /data/local/tmp
$ ./GingerBreak
./GingerBreak
./GingerBreak: not found
$ ./Gingerbreak
./Gingerbreak
[**] Gingerbreak/Honeybomb -- android 2.[2,3], 3.0 softbreak
[**] (C) 2010-2011 The Android Exploid Crew. All rights reserved.
[**] Kudos to jenzi, the #brownpants-party, the Open Source folks,
[**] Zynamics for ARM skills and Onkel Budi
[**] donate to [email protected] if you like
[**] Exploit may take a while!
[+] Plain Gingerbread mode!
[+] Found system: 0x6fd17f09 strcmp: 0x6fd37c89
[+] Found PT_DYNAMIC of size 232 (29 entries)
[+] Found GOT: 0x00014344
[+] Using device /devices/platform/goldfish_mmc.0[*] vold: 5881 GOT start: 0x00014344 GOT end: 0x00014384[*] vold: 5881 idx: -3072 fault addr: 0x00013290
[+] fault address in range (0x00013290,idx=-3072)
[+] Calculated idx: -2003
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
It's ok?
I used the apk...
1. Run adb shell
2. Rm -r /data/local/tmp/
3. Mkdir /data/local/tmp/
4. Unplug phone and run the apk
Sent from my LT15i using XDA App
please help with ginger break issue
d4rkwind said:
I used the apk...
1. Run adb shell
2. Rm -r /data/local/tmp/
3. Mkdir /data/local/tmp/
4. Unplug phone and run the apk
how can i use these commands / help
Click to expand...
Click to collapse
you need to download the Android SDK.. from here... http://developer.android.com/sdk/index.html
you may also need the Java JDK from here...
http://www.oracle.com/technetwork/java/javase/downloads/jdk6-jsp-136632.html
then open a CMD window and run the commands from there.. you will need to run the commands from within the platform-tools folder
download gingerbreak ver 1.10 it works fine
which tool i need to remove systemapps from a rooted device?
i tried File Expert and Adao File Manager... i get access to the system/apps folder but cant remove sysapps.
the app Root Check tells me i have root access.
Spaghetti83 said:
which tool i need to remove systemapps from a rooted device?
i tried File Expert and Adao File Manager... i get access to the system/apps folder but cant remove sysapps.
the app Root Check tells me i have root access.
Click to expand...
Click to collapse
Try Titanium Backup or Uninstaller for Root
d4rkwind said:
Has anyone tried out this new gingerbread rooting here: http://forum.xda-developers.com/showthread.php?t=1044765
I tried the apk but got an error am out at the moment so can't try it out properly.
Could this be the saviour for my locked bootloader?
Sent from my LT15i using XDA App
Edit: Working!
Click to expand...
Click to collapse
Yes, it works just fine
Received my KF about a week ago. Just tried to root it yesterday. That was successful. The instructions I was using said this: "This will “root” your Kindle Fire. You can actually stop here but I recommend you to go to the next steps to install TWRP Recovery, which will allow you to install/backup/restore ROMs and also “unroot” your Kindle Fire when needed easily." So, silly me, without doing further research, went on to the next steps. I almost immediately got stuck, here is the code, ending with the -bash where I was stuck.
Zach:~ Zbhest$
Zach:~ Zbhest$ cd Downloads/KindleFireRootMacLinux
Zach:KindleFireRootMacLinux Zbhest$ mkdir ~/.android
mkdir: /Users/Zbhest/.android: File exists
Zach:KindleFireRootMacLinux Zbhest$ cp adb_usb.ini ~/.android/.
Zach:KindleFireRootMacLinux Zbhest$ cp adb_usb.ini ~/.android/
Zach:KindleFireRootMacLinux Zbhest$ ./adb-mac kill-server
Zach:KindleFireRootMacLinux Zbhest$ ./adb-mac devices* daemon not running. starting it now *
* daemon started successfully *
List of devices attached
08EC002600000001 device
Zach:KindleFireRootMacLinux Zbhest$ sh runmemac.sh
---------------------------------------------------------------
Easy rooting toolkit (v2.0)
created by DooMLoRD
Modified for Kindle Fire for Linux/Mac by Max Lee at RootKindleFire.com
using exploit zergRush (Revolutionary Team)
Credits go to all those involved in making this possible!
---------------------------------------------------------------
[*] This script will:
(1) root ur device using latest zergRush exploit (10 Nov)
(2) install Busybox (1.18.4)
(3) install SU files (binary: 3.0.3 and apk: 3.0.6)
[*] Before u begin:
(1) enable USB DEBUGGING
from (Menu\Settings\Applications\Development)
(2) enable UNKNOWN SOURCES
from (Menu\Settings\Applications)
(3) [OPTIONAL] increase screen timeout to 10 minutes
(4) connect USB cable to PHONE and then connect 2 computer
---------------------------------------------------------------
--- STARTING ----
--- WAITING FOR DEVICE
--- cleaning
rm failed for *, No such file or directory
--- pushing zergRush
1836 KB/s (23056 bytes in 0.012s)
--- correcting permissions
--- executing zergRush
[**] Zerg rush - Android 2.2/2.3 local root
[**] (C) 2011 Revolutionary. All rights reserved.
[**] Parts of code from Gingerbreak, (C) 2010-2011 The Android Exploid Crew.
[+] Found a GingerBread ! 0x00015118
[*] Scooting ...
[*] Sending 149 zerglings ...
[+] Zerglings found a way to enter ! 0x10
[+] Overseer found a path ! 0x000151e0
[*] Sending 149 zerglings ...
[+] Zerglings caused crash (good news): 0x40119cd4 0x0054
[*] Researching Metabolic Boost ...
[+] Speedlings on the go ! 0xafd195bb 0xafd39357
[*] Popping 24 more zerglings
[*] Sending 173 zerglings ...
[+] Rush did it ! It's a GG, man !
[+] Killing ADB and restarting as root... enjoy!
--- WAITING FOR DEVICE TO RECONNECT
if it gets stuck over here for a long time then try:
disconnect usb cable and reconnect it
toggle USB DEBUGGING (first disable it then enable it)
--- DEVICE FOUND
--- pushing busybox
4634 KB/s (1075144 bytes in 0.226s)
--- correcting permissions
--- remounting /system
--- copying busybox to /system/xbin/
2099+1 records in
2099+1 records out
1075144 bytes transferred in 0.038 secs (28293263 bytes/sec)
--- correcting ownership
--- correcting permissions
--- installing busybox
--- pushing SU binary
1508 KB/s (22228 bytes in 0.014s)
--- correcting ownership
--- correcting permissions
--- correcting symlinks
--- pushing Superuser app
5116 KB/s (785801 bytes in 0.149s)
--- cleaning
--- rebooting
--- WAITING FOR DEVICE
5382 KB/s (3104805 bytes in 0.563s)
Error: Could not access the Package Manager. Is the system running?
All Done, Kindle Fire ROOTED!!!
Check out RootKindleFire.com for more cool hacks!
Zach:KindleFireRootMacLinux Zbhest$
Zach:KindleFireRootMacLinux Zbhest$ ./adb-mac root
restarting adbd as root
Zach:KindleFireRootMacLinux Zbhest$ ./adb-mac remountremount succeeded
Zach:KindleFireRootMacLinux Zbhest$ ./adb-mac push su /system/xbin/su
260 KB/s (22228 bytes in 0.083s)
Zach:KindleFireRootMacLinux Zbhest$ ./adb-mac shell chmod -6755 /system/sbin/su
Bad mode
Zach:KindleFireRootMacLinux Zbhest$ .adb./adb-mac shell chown 0.0 /system/xbin/su
-bash: .adb./adb-mac: No such file or directory
Zach:KindleFireRootMacLinux Zbhest$ ./adb-mac shell chown 0.0 /system/xbin/su
Zach:KindleFireRootMacLinux Zbhest$ cd Desktop/kindleFireRootNew
-bash: cd: Desktop/kindleFireRootNew: No such file or directory
Zach:KindleFireRootMacLinux Zbhest$ cd desktop/kindlefirerootnew
-bash: cd: desktop/kindlefirerootnew: No such file or directory
Zach:KindleFireRootMacLinux Zbhest$ ./adb-mac push su /system/xbin/su
877 KB/s (22228 bytes in 0.024s)
Zach:KindleFireRootMacLinux Zbhest$ ./adb-mac root
adbd is already running as root
Zach:KindleFireRootMacLinux Zbhest$ ./adb-mac remountremount succeeded
Zach:KindleFireRootMacLinux Zbhest$ ./adb-mac push su /system/xboin/su
264 KB/s (22228 bytes in 0.081s)
Zach:KindleFireRootMacLinux Zbhest$ ./adb-mac shell cown 0.0 /system/xbin/su
cown: not found
Zach:KindleFireRootMacLinux Zbhest$ ./adb-mac shell chown 0.0 /system/xbin/su
Zach:KindleFireRootMacLinux Zbhest$ ./adb-mac shell chmod 06755 /system/xbin/su
Zach:KindleFireRootMacLinux Zbhest$ ./adb-mac install Superuser.apk
3818 KB/s (785801 bytes in 0.200s)
pkg: /data/local/tmp/Superuser.apk
Success
Zach:KindleFireRootMacLinux Zbhest$ ./adb-mac shell
# su
# idme bootmode 4002
<idme> write 4002 to offset 0x1000
# reboot
Zach:KindleFireRootMacLinux Zbhest$ ./fastboot-mac -i 0x1949 boot twrp-blaze-2.0.0RC0.img
-bash: ./fastboot-mac: No such file or directory
And now my Mac does not recognize my KF. When I unplug my KF it appears bricked (will not turn on), but when it is plugged into a wall outlet I can do the hard reset, it charges, but does not go past the KF boot screen.
Also, ADB does not recognize any devices.
Additionally, I have a windows 7 machine. I was going to attempt to pick up where I left off, but as my KF is listed as an "unknown device," I cannot update drivers (or do not know how to do so manually). I also installed this little number: http://forum.xda-developers.com/showthread.php?t=1430038
And I currently have linux loaded on my W7 machine. When I try to use the "normal_boot" command, which is advised, I get:
"Resetting bootmode to standard boot...
< waiting for device >
"
So, yeah. That is where I am at. I WOULD go on to the other directions in firekit, but would prefer not to completely void the warranty using the "usb boot mode trick".
If windows 7 is the key here, I may need a walk through for driver installation and such. Otherwise, I am not totally disinclined to call customer service and ask for a replacement. Apparently they have been good about replacing rooted kindles?
Same issue right now... already tried reinstalling windows/firekit liveusb but nothing works=\ Is there any news on this problem?
http://support.microsoft.com/kb/315539/en-us
http://forum.xda-developers.com/showpost.php?p=20855280&postcount=54
I did read all those threads about such problem before. Just no matter what i do those drivers won't install. I only get unknown device on 7/xp and cannot change it coz when i manually select those drives windows says that there no device info in it=\ Thanks for help anyways
did you select adb_usb.ini ? it's just the folder with this file in it. selecting just the folder is usually enough. if you want to select the file: the driver file is android_winusb.inf. there is the harware info
if you have xp available then use this machine - it's easier
Yeah i did select that inf file (it was only one selectable in folder anyway) but it still says same stuff. I have xp right now if that gonna change something
yes xp is easier to handle because:
only 32bit -> only 1 driver version
no user access control -> don't need to do every thing as administrator
please check the following:
you have a .android folder under your user directory - in this folder is adb_usb.ini - the file has entries for device 0x1949 and 0x18D1 - if not run install.bat from the driver set i provided
check your device manager and delete every entry with kindle or adb
unplug and replug your kf - select the driver i provided manually
Got those 0x1949 and 0x18D1 in adb_usb file. And i only have unknown device every time i plug kindle in, no adb kindle at all
right click unknown device - update driver - select android_winusb.inf
if this don't work we have to cleanup old drivers -> could help per teamviewer if you like
When i try to update driver and manually use inf you provided it says that there no device info there=\ And i got unknown device since fresh windows install so idk what driver can cause it -.- I could ve try teamviewer but my windows is not english so it gonna be quite useless.
what language ?
Well it's in russian +there no laptop drivers yet coz im using xp only for this god dam kindle
ok your right - with russian i have a problem
will try to describe you the steps:
disconnect and power off (pwr ~30sec) your KF
open a command prompt
type "set devmgr_show_nonpresent_devices=1"
type "start devmgmt.msc"
Click Show hidden devices on the View menu in Device Manager
uninstall every entry with kindle, android phone or adb device
power down computer and power on again (no restart)
tell me if your done - we will resume ...
ok i did everything step by step tho there was none of adb/android phone/kindle so i just deleted my unknown device.
ok - lets resume:
you may want to delete your old driver set previously downloaded - it must be faulty
now download the one from this post and extract it to c:\
now plugin your kf (don't power it on - will do it by itself)
if you' asked
-choose browse my computer for driver software
-Then select have disk
-Then select browse
-direct to where you downloaded the usb driver i attached
-Select okay and okay
just in case you'r not asked:
-Go to device manager
-right click on the exclamation mark kindle
-Choose update driver software
-choose browse my computer for driver software
-choose let me pick from a list of devices on my computer
-Then select have disk
-Then select browse
-direct to where you downloaded the usb driver i attached
-Select okay and okay
if this don't work eighter then i would think you have a faulty cable !
try an other one ...
Nope still same=\ Guess i will look for new cable tomorrow then tho this one was just fine today at transfering stuff (dam you nokia!). Well thanks for trying to help anyway.
you have the nokia cable - i have the same one
tell me the status your kf now
stuck at boot screen ?
some other tricks:
http://forum.xda-developers.com/showpost.php?p=20945694&postcount=506
if you'r stuck in wrong bootmode:
with adb:
adb shell su -c "idme bootmode 4000"
adb reboot
with fastboot:
fastboot -i 0x1949 oem idme bootmode 4000
fastboot -i 0x1949 reboot
or
fastboot -i 0x18d1 oem idme bootmode 4000
fastboot -i 0x18d1 reboot
or
fastboot oem idme bootmode 4000
fastboot reboot
if you issue the fastboot commands and get <waiting for device> over some while power the kf off (pwr ~30sec) and on. at some point it should recognize the command
Yeah it same as before=\ I have same problem as topic starter aka device in fastboot and windows won't recognize it and install correct drivers. Fastboot commands won't work coz i don't have correct drivers and all they do is stuck on waiting for device/
xx time later = IT WORKS!!! for some weird reason it picked kindle up nothing changed in windows yet it works! Thanks again for your help time to flash recovery again.
courious - just tested on mine
when i switch to fastboot it is recognised as "android adb interface"
not the composite thing !
and i have the same drivers on xp
perhaps you want to try this one:
http://forum.xda-developers.com/showthread.php?t=1428428
sorry - no more ideas ...
UPDATE: hurraaa !!! - wish you all the best and good luck !!!
Can anyone help me with rooting U8800pro running the official 2.3.5 ?
I tried all the methods I was using for the U8800 but all of them doesn’t work... Any advice ?
i have the same problem, how to root???
linomaniac said:
i have the same problem, how to root???
Click to expand...
Click to collapse
i'm searching everywhere for 3 days now with nothing usefull
If automatic ways failed try this:
http://forum.xda-developers.com/showthread.php?t=1423422
dancer_69 said:
If automatic ways failed try this:
http://forum.xda-developers.com/showthread.php?t=1423422
Click to expand...
Click to collapse
i think its not that easy to me to do it manual
but thanks anyway for trying to help
Of course automatic ways are easier, but it' s not that difficult, just need a little more time and attention.
The other way is to find a prerooted boot.img and put it to .cust_backup/image folder(replacing the original). I haven't pro model, so my boot.img will not work
dancer_69 said:
Of course automatic ways are easier, but it' s not that difficult, just need a little more time and attention.
The other way is to find a prerooted boot.img and put it to .cust_backup/image folder(replacing the original). I haven't pro model, so my boot.img will not work
Click to expand...
Click to collapse
i tried this way but it didn't work too.. i found a prerooted boot.img.. replaced the original one but it didnt work
To just say didn't work doesn't help. Write where you get an error and which is. Then maybe I can help you(or someone with more knowledge).
dancer_69 said:
To just say didn't work doesn't help. Write where you get an error and which is. Then maybe I can help you(or someone with more knowledge).
Click to expand...
Click to collapse
i got the prerooted boot.img file for the U8800pro... replaced it with the original one.. But the phone is not booting.. It stuck on the huawie logo (the 1st logo before the one with the animation) so i had to put back the original one to make it work
I mean the error on manual rooting.
As fro prerooted boot.img file, are you sure that is compatible with ther rom you have? If is from a custom rom will not work. You need the boot.img of a phone with the same rom as yours, just rooted.
well, maybe it wasn't compatible with my stock rom.. do you have anywhere where i can find some prerooted imgs ?
and about the manual root.. i didnt got any errors coz i didnt know how to wirte those codes :s
Sorry I' don't know because I haven't a pro model and I don't know if there is a rooted boot.img uploaded fro pro mode. Maybe a member with pro read your thread and upload his img file.
-About manual rooting, you need to open DOS command prompt window. It' s in all progarms -> accessories
If you put the DoomLordRoot program in the root directory of your C drive and rename this folder to DoomLordRoot.v3(if have another name), you need to just put the commands one by one as given on the link I posted.
You just need to put first the command:
cd \DoomLordRoot.v3\files
to go to directory in which adb.exe is.
You can check if you are in the right path if you enter the command:
dir
afterwards. If you are in correct folder you'll see the files which are in c:\DoomLordRoot.v3\files directrory listed.
After that just start to follow the directions of the link. Just hit enter after every command you put. If you don' t see errors after every command you're ok. If you get an error on a command, write it here, for farther help. I don' t think that you' ll get an error, because I've done this proccess about 5 times and never get an error. But if you do, just put it here to see if we can help.
Thanks alot bro for the help.
well, i followed what u said but i think i got confused somewhere.. i'll type what i got.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\User>cd\
C:\>cd DoomLordRoot.v3
C:\DoomLordRoot.v3>cd files
C:\DoomLordRoot.v3\files>adb shell
$ chmod 777 /data/local/tmp/zergRush
chmod 777 /data/local/tmp/zergRush
$
$ ./data/local/tmp/zergRush
./data/local/tmp/zergRush
[**] Zerg rush - Android 2.2/2.3 local root
[**] (C) 2011 Revolutionary. All rights reserved.
[**] Parts of code from Gingerbreak, (C) 2010-2011 The Android Exploid Crew.
[+] Found a GingerBread ! 0x00000118
[*] Scooting ...
bugreport dir[/data/local/tmp] exist.
[*] Sending 149 zerglings ...
bugreport dir[/data/local/tmp] exist.
[*] Sending 189 zerglings ...
[-] Hellions with BLUE flames !
$
$ ^C
C:\DoomLordRoot.v3\files>adb shell
$ chmod 755 /data/local/tmp/busybox
chmod 755 /data/local/tmp/busybox
$
$ /data/local/tmp/busybox mount -o remount,rw /system
/data/local/tmp/busybox mount -o remount,rw /system
mount: permission denied (are you root?)
$
$ dd if=/data/local/tmp/busybox of=/system/xbin/busybox
dd if=/data/local/tmp/busybox of=/system/xbin/busybox
/system/xbin/busybox: cannot open for write: Read-only file system
$
VaMpYMaSTeR said:
Thanks alot bro for the help.
well, i followed what u said but i think i got confused somewhere.. i'll type what i got.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\User>cd\
C:\>cd DoomLordRoot.v3
C:\DoomLordRoot.v3>cd files
C:\DoomLordRoot.v3\files>adb shell
$ chmod 777 /data/local/tmp/zergRush
chmod 777 /data/local/tmp/zergRush
$
$ ./data/local/tmp/zergRush
./data/local/tmp/zergRush
[**] Zerg rush - Android 2.2/2.3 local root
[**] (C) 2011 Revolutionary. All rights reserved.
[**] Parts of code from Gingerbreak, (C) 2010-2011 The Android Exploid Crew.
[+] Found a GingerBread ! 0x00000118
[*] Scooting ...
bugreport dir[/data/local/tmp] exist.
[*] Sending 149 zerglings ...
bugreport dir[/data/local/tmp] exist.
[*] Sending 189 zerglings ...
[-] Hellions with BLUE flames !
$
$ ^C
C:\DoomLordRoot.v3\files>adb shell
$ chmod 755 /data/local/tmp/busybox
chmod 755 /data/local/tmp/busybox
$
$ /data/local/tmp/busybox mount -o remount,rw /system
/data/local/tmp/busybox mount -o remount,rw /system
mount: permission denied (are you root?)
$
$ dd if=/data/local/tmp/busybox of=/system/xbin/busybox
dd if=/data/local/tmp/busybox of=/system/xbin/busybox
/system/xbin/busybox: cannot open for write: Read-only file system
$
Click to expand...
Click to collapse
Put su or sudo before command. like this "su /data/local/tmp/busybox mount -o remount,rw /system"
Yes, seems that you didn' t give the su command before(I think I've include command su, on my tutorial but I' m not sure. I'll check it).
If you see the symbol $ this means that you haven't get root rights yet.
Seems that zergrush succeed, so everytime after adb shell command, first you need to give the command:
su
If device is rooted, you'll see that the symbol changes to #
I think that you' re in good way though.
when i put SU in the begining it give me this :
su: permission denied
if you rebooted the phone you must run zergrush again.
Zergrush is the hack that unlocks the root account temporary. If you didn' t success to put su program on the right place, rooting access loosed after rebooted. su makes root permanent, busybox is an advanced shell and superuser is the app which used to give or denied root rights to apps which asking for this.
First be sure that zergrush is copied to data/local/tmp and you give to it the right permissions(all commands are in tutorial)
These messages mean that zergrush running
[+] Found a GingerBread ! 0x00000118[*] Scooting ...
bugreport dir[/data/local/tmp] exist.[*] Sending 149 zerglings ...
bugreport dir[/data/local/tmp] exist.[*] Sending 189 zerglings ...
[-] Hellions with BLUE flames !
Click to expand...
Click to collapse
after that check if root succeed by input su command. If you get the # sign you're good to go to continue(exit shell etc)
i'm so sorry, but what do you mean with "If you didn' t success to put su program on the right place" ???? what where is the right palce ?
Some of the commands on tutorial handle the su program.
Push it to /system/bin(this is the right place), change its ownership, permissions etc.
For these commands to succeed(and also the commands for busybox and superuser), first need to enter to root account, by command su:
adb shell (press enter)
su (press enter)
these give the # sign which means that you are root.
If you don' t do this all commands will fail with errors as:
permission denied or cannot write to...
now i'm getting this:
C:\DoomLordRoot.v3\files>adb shell
* daemon not running. starting it now *
* daemon started successfully *
$ chmod 777 /data/local/tmp/zergRush
chmod 777 /data/local/tmp/zergRush
Unable to chmod /data/local/tmp/zergRush: No such file or directory
$
i think i will give up
my Kindle Fire is upgraded to 6.2.2, I want to root it for the google anroid market and chinese input method.
I pushed zergRush and busybox to KF, but the busybox mount failed. Now, the 6.2.2 can not be root ? or I make some mistake?
adb push zergRush /data/local/tmp
adb push busybox /data/local/tmp
adb shell
cd /data/local/tmp
chmod 777 *
./zergRush
$ ./zergRush
[**] Zerg rush - Android 2.2/2.3 local root
[**] (C) 2011 Revolutionary. All rights reserved.
[**] Parts of code from Gingerbreak, (C) 2010-2011 The Android Exploid Crew.
[+] Found a GingerBread ! 0x00015118
[*] Scooting ...
[*] Sending 149 zerglings ...
[*] Sending 189 zerglings ...
[-] Hellions with BLUE flames !
$ busybox mount -o remount,rw /system
busybox mount -o remount,rw /system
busybox: permission denied
$
zergrush is'nt working any more - since 6.2.1
use:
http://forum.xda-developers.com/showthread.php?t=1410223
or with kfu:
http://forum.xda-developers.com/showthread.php?t=1458841
Thanks you, b63.
It worked.
glad to help ...
please mark the subject of the topic (edit first post) with [Solved]