Thanks to nice Kernel exploid found by zx2c4 http://blog.zx2c4.com/749 and sauriks mempodroid https://github.com/saurik/mempodroid its now very easy to root the nexus-s 4.0.3 firmware without unlooking the BL.
You can just follow this howto http://forum.xda-developers.com/showthread.php?t=1461736 but with this offsets kindly provided by saurik: 0xd7cc 0xad27
If you need a clockworkmod just download rom manager from the market and klick install clock work mod.
have fun
Thanks derpeter, I am looking for the related topic for several days!!!
Will try it later, thanks!!!
thank u dear <3
Worked great! Thanks!
Tested and works. Now running stock OTA rooted ICS.
Checked out the link. Though it stated that it is in the transformer prime thread, the adb commands are still the exact same for nexus s?
Yes the same process works you just have to replace the offsets as it says in the first post.
So the process for the Nexus S would be as follows...
Downloads:
mempodroid
su binary
adb push mempodroid /data/local
adb push su /data/local
adb shell
chmod 777 /data/local/mempodroid
/data/local/mempodroid 0xd7cc 0xad27 sh
** You should now be in a remote shell session with root (indicated by #)
mount -o remount,rw -t ext4 /dev/block/mmcblk0p1 /system
** IF you have previously rooted your Android, run the following two commands. They may throw an error that the file a file was not found.
rm /system/bin/su
rm /system/xbin/su
cat /data/local/su > /system/xbin/su
chown 0.0 /system/xbin/su
chmod 06755 /system/xbin/su
rm /data/local/mempodroid
rm /data/local/su
exit
exit
adb reboot
Click to expand...
Click to collapse
Doesn't work for me. And it's annoying. These are the comands. I had done something bad?
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Sergiu>cd C:/
C:\>adb push mempodroid /data/local
adb server is out of date. killing...
* daemon started successfully *
627 KB/s (37273 bytes in 0.058s)
C:\>adb push su /data/local
2426 KB/s (22364 bytes in 0.009s)
C:\>adb shell
[email protected]:/ $ chmod 777 /data/local/mempodroid /data/local/mempodroid 0xd7cc
0xad27 sh
id /data/local/mempodroid 0xd7cc 0xad27 sh <
Unable to chmod 0xd7cc: No such file or directory
10|[email protected]:/ $ chmod 777 /data/local/mempodroid/data/local/mempodroid 0xd7
cc 0xad27 sh
oid/data/local/mempodroid 0xd7cc 0xad27 sh <
Unable to chmod /data/local/mempodroid/data/local/mempodroid: Not a directory
10|[email protected]:/ $ chmod 777 /data/local/mempodroid
/data/local/mempodroid 0xd7cc 0xad27 sh
chmod 777 /data/local/mempodroid
/data/local/mempodroid 0xd7cc 0xad27 sh
[email protected]:/ $ /data/local/mempodroid 0xd7cc 0xad27 sh
[email protected]:/ # mount -o remount,rw -t ext4 /dev/block/mmcblk0p1 /system
mount -o remount,rw -t ext4 /dev/block/mmcblk0p1 /system
[email protected]:/ # cat /data/local/su > /system/xbin/su
cat /data/local/su > /system/xbin/su
[email protected]:/ # chown 0.0 /system/xbin/su
chown 0.0 /system/xbin/su
[email protected]:/ # chmod 06755 /system/xbin/su
chmod 06755 /system/xbin/su
[email protected]:/ # rm /data/local/mempodroid
rm /data/local/mempodroid
[email protected]:/ # rm /data/local/su
rm /data/local/su
[email protected]:/ # exit
exit
[email protected]:/ $ exit
exit
C:\>adb reboot
C:\>
Please help me, I find this metod so f...ing good. I have an i9023, never rooted.
sergiu_s said:
Please help me, I find this metod so f...ing good. I have an i9023, never rooted.
Click to expand...
Click to collapse
I also had trouble following the guide, but then discovered this script, which made the whole process completely automatic.
I'm running stock ICS on i9023.
The script doesn't work for me. I tried it even in Linux. I have stock ics 4.0.3
Sent from my Nexus S using xda premium
Mate u just gain a root. # u log in as root
Sent from my Nexus S using Tapatalk
I saw that, (#), but I don't have root privileges in any application. That's my problem.
Sent from my Nexus S using xda premium
I am not an expert in Android but I think to gain access to app as root would have to go via su app did u try superuser app? I would try it myself but my phone is already rooted via clock mod
Sent from my Nexus S using Tapatalk
I was right mate I just read how to . U haven't got superuser installed obviously. Download from the market and should work.
Sent from my Nexus S using Tapatalk
It worked great guys, thanks to the dev's
I installed superuser and it's works. Thanks guys.
Sent from my Nexus S using xda premium
FYI, this no longer works in 4.0.4. Found out the hard way when I forgot to re-enable the save root option in SuperSU after a nandroid.
The guide works perfectly. I have upgraded my I9020T to 4.0.4 from a AWS 4.0.3 WITHOUT wiping data! Thanks so much!
lethalp1mp said:
FYI, this no longer works in 4.0.4. Found out the hard way when I forgot to re-enable the save root option in SuperSU after a nandroid.
Click to expand...
Click to collapse
ya i did the same thing (didnt run voodoo ota before the 4.0.4 OTA)....looks like google patched this exploit...hope another one comes up so i can root 4.0.4 (without wiping)
nolook said:
ya i did the same thing (didnt run voodoo ota before the 4.0.4 OTA)....looks like google patched this exploit...hope another one comes up so i can root 4.0.4 (without wiping)
Click to expand...
Click to collapse
Yeah i'm also waiting for that!
Sent from my GT-P7300 using XDA
Related
I have upgraded from 309 to 318.......wanting to root it using z4root and universal androot but both apps dont work for this 318 version.....
does anyone have any clues to what i can do? please advise, thanks
Please Do Not Post the Same Question in 2 Forums i will Lock this one as i have answered the other one
Quoted from fards' thread: http://forum.xda-developers.com/showthread.php?t=844966&highlight=rageagainstthecage
Been rooting this way since day 1 -- if you aren't the type in command prompt, you can also just copy and paste the command lines exactly~
GET ECLAIR/FROYO version of Superuser.apk and su
from http://forum.xda-developers.com/showthread.php?t=682828 extract the two files to the directory you're working from..
GET rageagainstthecage from
http://stealth.openwall.net/xSports/RageAgainstTheCage.tgz
extract the rageagainstthecage-arm5.bin to the same directory you're working from
open a terminal/command line
adb push rageagainstthecage-arm5.bin /data/local/tmp/rageagainstthecage
adb push Superuser.apk /data/local/tmp/Superuser.apk
adb push su /data/local/tmp/su
adb push busybox /data/local/tmp/busybox
adb shell chmod 700 /data/local/tmp/rageagainstthecage
adb shell chmod 700 /data/local/tmp/busybox
adb shell
cd /data/local/tmp
./rageagainstthecage
******this will kill adb server but manually kill it anyway and restart it ******
adb kill-server
adb start-server
* daemon not running. starting it now *
* daemon started successfully *
adb shell
mount -o remount,rw -t yaffs2 /dev/block/mtdblock6 /system
**********Follow the following steps to install Superuser.apk, busybox,su ****************
cd /data/local/tmp
./busybox cp busybox /system/bin/
chmod 4755 /system/bin/busybox
busybox cp Superuser.apk /system/app/
busybox cp su /system/bin/
chmod 4755 /system/bin/su
exit
exit
then reboot streak
************to remount filesystem as readonly,*************
adb shell
# su
su
#mount -o remount,ro -t yaffs2 /dev/block/mtdblock6 /system
# exit
exit
Click to expand...
Click to collapse
Hi,
a pin of my USB connector is broken so I cannot get a USB data connection to a PC (but charging still works ...).
How can I root the official 318 build of froyo ? More specifically, in the new build, there doesn't seem to be any mounted filesystem on which one can copy RATC to run it.
Any hint welcome.
Have you already tried superoneclick, androot, or z4root? If so, then maybe try the below.
I don't know if this will work but you can try fard's instructions to root manually and use "Terminal Emulator" from Market instead of ADB SHELL, but i don't know what will happen when you run rageinthecage~ You will need to change the instruction a bit for your case.
http://forum.xda-developers.com/showthread.php?t=844966&highlight=rageagainstthecage
Instructions:
1. Copy all the needed files (from fards thread) into the SDCARD.
2. run Terminal Emulator
3. cd /sdcard/
4. busybox cp rageagainstthecage-arm5.bin /data/local/tmp/rageagainstthecage
5. busybox cp Superuser.apk /data/local/tmp/Superuser.apk
6. busybox cp su /data/local/tmp/su
7. busybox cp busybox /data/local/tmp/busybox
8. chmod 700 /data/local/tmp/rageagainstthecage
9. chmod 700 /data/local/tmp/busybox
10. cd /data/local/tmp
11. ./rageagainstthecage
12. Reset Terminal
13. Start Terminal Emulator again
14. mount -o remount,rw -t yaffs2 /dev/block/mtdblock6 /system
15. follow the rest of the instructions below "mount -o remount,rw -t yaffs2 /dev/block/mtdblock6 /system "
In case you can't find it in the thread, here is the original post by fards:
GET ECLAIR/FROYO version of Superuser.apk and su
from http://forum.xda-developers.com/showthread.php?t=682828 extract the two files to the directory you're working from..
GET rageagainstthecage from
http://stealth.openwall.net/xSports/RageAgainstTheCage.tgz
extract the rageagainstthecage-arm5.bin to the same directory you're working from
open a terminal/command line
adb push rageagainstthecage-arm5.bin /data/local/tmp/rageagainstthecage
adb push Superuser.apk /data/local/tmp/Superuser.apk
adb push su /data/local/tmp/su
adb push busybox /data/local/tmp/busybox
adb shell chmod 700 /data/local/tmp/rageagainstthecage
adb shell chmod 700 /data/local/tmp/busybox
adb shell
cd /data/local/tmp
./rageagainstthecage
******this will kill adb server but manually kill it anyway and restart it ******
adb kill-server
adb start-server
* daemon not running. starting it now *
* daemon started successfully *
adb shell
mount -o remount,rw -t yaffs2 /dev/block/mtdblock6 /system
**********Follow the following steps to install Superuser.apk, busybox,su ****************
cd /data/local/tmp
./busybox cp busybox /system/bin/
chmod 4755 /system/bin/busybox
busybox cp Superuser.apk /system/app/
busybox cp su /system/bin/
chmod 4755 /system/bin/su
exit
exit
then reboot streak
************to remount filesystem as readonly,*************
adb shell
# su
su
#mount -o remount,ro -t yaffs2 /dev/block/mtdblock6 /system
# exit
exit
Click to expand...
Click to collapse
Well...
yes, I have tried all that.
The main problem with the last option (i.e. CLI) is that the directory /data/local/tmp/ is not user writable (actually /data permissions are 751). So I was in search of a another directory (in an executable partition) where I can copy rageagainstthecage-arm5.bin.
Finally found it : "find" was my friend. /firstboot/sqlite/jackpal.androidterm/ is owned by my user (ID 10123)! It's the only one I found in all the filesystems!
Note that "find" is available through /system/bin/busybox_1P8P1. Btw /firstboot/sqlite/jackpal.androidterm/ seems to be linked to the terminal process.
Ran rageagainstthecage-arm5.bin various times to no avail ! It didn't give me root!
Code below works as far as getting root via adb
But after reboot I get following error:
Code:
? su
link_image[1717]: 2977 missing essential tablesCANNOT LINK EXECUTABLE
Do you know what's missing here?
Code:
./adblinux push psneuter /data/local/tmp
./adblinux push su-v3 /data/local/tmp
./adblinux push busybox /data/local/tmp
./adblinux shell chmod +x /data/local/tmp/psneuter
./adblinux shell chmod +x /data/local/tmp/su-v3
./adblinux shell
$ /data/local/tmp/psneuter
# exit
./adblinux shell
# cat /proc/mounts
# mount -o rw,remount -t yaffs2 /dev/stl5 /system
# busybox cp -vaf /data/local/tmp/su-v3 /system/xbin/su
# ls -l /system/xbin/su
# busybox chown 0.2000 /system/xbin/su
# busybox chmod 06755 /system/xbin/su
# ls -l /system/xbin/su
# rm /system/bin/su
# busybox ln -s /system/xbin/su /system/bin/su
# ls -l /system/bin/su
# busybox cp -f /data/local/tmp/busybox /system/xbin
# busybox chown 0.2000 /system/xbin/busybox
# busybox chmod 0755 /system/xbin/busybox
# ls -l /system/xbin/busybox
# exit
./adblinux install -r Superuser.apk
./adblinux reboot
Hi,
I am new here, but advanced linux user
I have already done this succesfully on my X10i - thanks 1st working howto on linux OS
Theres propably mistake with these steps:
./adblinux shell chmod +x /data/local/tmp/psneuter
./adblinux shell chmod +x /data/local/tmp/su-v3
In my case these commands left errors. They have to simply mark these binaries as executable. But chmod +x * doesnt work (dont ask why ) - so I marked them as executables (su,psneuter,busybox) in desktop linux os before transfer and it worked.
The next mistake is in the line:
busybox cp -vaf /data/local/tmp/su-v3 /system/xbin/su
Because busybox is not yet in the system path - so you have to type:
# /data/local/tmp/busybox cp -vaf /data/local/tmp/su-v3 /system/xbin/su
Until
# /data/local/busybox cp -f /data/local/tmp/busybox /system/xbin
You can use busybox directly.
chmod +x doesn't work on android, you have to use chmod 777 or 666 or the like to get it to work properly.
Semperverus said:
chmod +x doesn't work on android, you have to use chmod 777 or 666 or the like to get it to work properly.
Click to expand...
Click to collapse
Or do it on linux GUI and mark as executable before transfer to Android device
So I'm on the Latest official 2.2.1 from Motorola/ATT, but I'm having some issues.
My home button doesn't work at all and I can't get it to work despite my efforts. So I think I just need to do a factory reset and delete everything, I think my rooting and mods to my 2.1 soft ware may have messed everything up. Before I try this, will it delete all my text messages and stuff? or should I back them up with that SMS backup program?
Also, i'm having a hard time rooting it with SuperOneClick, it fails to work completely so does anybody know exactly what commands I need to just root via my terminal?
nevermind I figured it out. Here are the commands if anybody is interested:
./adbmac push psneuter /data/local/tmp
./adbmac push su-v2 /data/local/tmp
./adbmac push busybox /data/local/tmp
./adbmac shell
$ busybox chmod +x /data/local/tmp/psneuter
$ /data/local/tmp/psneuter
# exit
$ exit
./adbmac remount
./adbmac shell
# busybox mv /data/local/tmp/su-v2 /system/xbin/su
# busybox chmod 6755 /system/xbin/su
# busybox chown 0.2000 /system/xbin/su
# busybox ln -s /system/xbin/su /system/bin/su
# busybox cp /data/local/tmp/busybox /system/xbin
# busybox chmod 0755 /system/xbin/busybox
# busybox chown 0.2000 /system/xbin/busybox
# exit
$ exit
./adbmac install Superuser.apk
./adbmac reboot
I copied pasted from somewhere else on this site
Have you tried flashing the 2.2 SBF using RSD Lite? I tried that for a different problem and it worked.
Sent from my MB520 using XDA Premium App
Ok I just reflashed it using the stock recovery then I wiped all the data(factory reset). I backed my stuff up first though. I was wrong in my previous post about how to root using terminal. To correctly root you need to follow this guide to the T. http://www.addictivetips.com/mobile/how-to-root-nexus-one-running-android-2-2-1-from-ubuntu-linux/
I just flashed RC2 and it is loading now...
Maybe I'm the only one but this is the method I prefer to use to root my phone. I'm not always sure which OS I'll be working with when I have to do this and this one works on all of them as long as you have the Android SDK.
Put the files into your platform-tools folder to make them easy to find.
Not sure if I need this but I'm not responsible for bricks or any other complication, etc, etc.
adb push psneuter /data/local/tmp
adb push bin/su /data/local/tmp
adb shell chmod 6755 /data/local/tmp/psneuter
$ ./data/local/tmp/psneuter
adb shell
# mount -o rw, remount /dev/block/mmcblk0p12 /system
# rm /data/local/tmp/su /system/bin/su
#chmod 6755 /system/bin/su
exit
really? psneuter only works for 1.26 froyo
I used this method on 1.83 when I first got the phone. Might need to look back into this. Someone asked about this method so I posted it.
Sent from my MB860 using XDA Premium App