There's a way to ONLY root this model, never rooted before, without unlocking bootloader ?
Not at this time.
Sent from my ASUS Transformer Pad TF300T using xda app-developers app
My adventures in trying to root locked Tf300 JB 4.1.1
I'm posting this information in the hope that it might be helpful in future attempts at rooting locked TF300 running Jelly Bean. My approach is to modify this: http://forum.xda-developers.com/showpost.php?p=31545627&postcount=1 and this: http://forum.xda-developers.com/showthread.php?t=1894717.
Briefly, this is my understanding of this exploit(Please correct me if I am wrong):
By spamming this: ln -s /data/local.prop /data/data/com.android.settings/a/file99 while an adb restore is in progress, when file99 gets written, it overwrites /data/local.prop with the contents of file99, which contains the magic ro.kernel.qemu=1 and on reboot, adb shell has root.
Now the problem with the TF300 is that the backup fails to write the contents of fakebackup.ab to /data/data/com.android.settings/a/. Using this: http://forum.xda-developers.com/showthread.php?t=1730309 I am able to decompress fakebackup.ab and look into the resulting tar file.
Running the "expliot" on my TF300 results in only one file of zero length being written to /data/data/com.android.settings/a/: file44. By running tar -tvf fakebackup.tar on the decompressed backup, the first physical file in fakebackup.tar is file44.
What I believe is happening is that the TF300 backup locks up while trying to write the first file in fakebackup.ab. The result is this: /data/data/com.android.settings is erased in preparation for the restore, file44 is written but fails, the backup locks up and you are left with full write pernissions to /data/data/com.android.settings/a/. I have confirmed full write permissions to /data/data/com.android.settings/a/ so this might be helpful in future exploits.
I have tried to modify fakebackup.ab to write any file to /data/data/com.android.settings/a/ or some other location in /data/data/com.android.settings to get /data/local.prop overwritten with no success so far. I have managed to overwrite /data/local.prop with file44 but all that gets me is a zero length /data/local.prop.
Edit: Another side affect of having write permissions to /data/data/com.android.settings/a is this: ln -s / /data/data/com.android.settings/a/somefilename and then doing an adb backup com.android.settings gets you a huge .ab file with interesting files in it.
__________________________________________________________________________________________________
Edit2: I have write access now to /data on locked TF300 Jelly Bean 4.1.1 and this: echo "ro.kernel.qemu=1" > /data/local.prop works. Problem is......upon reboot, no root shell. To get write access to /data and any other system directory or file on /data, do this:
In a terminal window: adb shell "while ! ln -s /data /data/data/com.android.settings/a/data50; do :; done"
in another terminal window: adb restore fakebackup.ab
Go to your TF300 and restore the backup. You should see the command in terminal window 1 complete, You now have write permissions to /data. To get write permissions to other files or directories in /data, just change the ln -s /data part of the spam command to point to that file or directory.
bads3ctor said:
I'm posting this information in the hope that it might be helpful in future attempts at rooting locked TF300 running Jelly Bean. My approach is to modify this: http://forum.xda-developers.com/showpost.php?p=31545627&postcount=1 and this: http://forum.xda-developers.com/showthread.php?t=1894717.
Briefly, this is my understanding of this exploit(Please correct me if I am wrong):
By spamming this: ln -s /data/local.prop /data/data/com.android.settings/a/file99 while an adb restore is in progress, when file99 gets written, it overwrites /data/local.prop with the contents of file99, which contains the magic ro.kernel.qemu=1 and on reboot, adb shell has root.
Now the problem with the TF300 is that the backup fails to write the contents of fakebackup.ab to /data/data/com.android.settings/a/. Using this: http://forum.xda-developers.com/showthread.php?t=1730309 I am able to decompress fakebackup.ab and look into the resulting tar file.
Running the "expliot" on my TF300 results in only one file of zero length being written to /data/data/com.android.settings/a/: file44. By running tar -tvf fakebackup.tar on the decompressed backup, the first physical file in fakebackup.tar is file44.
What I believe is happening is that the TF300 backup locks up while trying to write the first file in fakebackup.ab. The result is this: /data/data/com.android.settings is erased in preparation for the restore, file44 is written but fails, the backup locks up and you are left with full write pernissions to /data/data/com.android.settings/a/. I have confirmed full write permissions to /data/data/com.android.settings/a/ so this might be helpful in future exploits.
I have tried to modify fakebackup.ab to write any file to /data/data/com.android.settings/a/ or some other location in /data/data/com.android.settings to get /data/local.prop overwritten with no success so far. I have managed to overwrite /data/local.prop with file44 but all that gets me is a zero length /data/local.prop.
Edit: Another side affect of having write permissions to /data/data/com.android.settings/a is this: ln -s / /data/data/com.android.settings/a/somefilename and then doing an adb backup com.android.settings gets you a huge .ab file with interesting files in it.
__________________________________________________________________________________________________
Edit2: I have write access now to /data on locked TF300 Jelly Bean 4.1.1 and this: echo "ro.kernel.qemu=1" > /data/local.prop works. Problem is......upon reboot, no root shell. To get write access to /data and any other system directory or file on /data, do this:
In a terminal window: adb shell "while ! ln -s /data /data/data/com.android.settings/a/data50; do :; done"
in another terminal window: adb restore fakebackup.ab
Go to your TF300 and restore the backup. You should see the command in terminal window 1 complete, You now have write permissions to /data. To get write permissions to other files or directories in /data, just change the ln -s /data part of the spam command to point to that file or directory.
Click to expand...
Click to collapse
Damn, nice job. Write a full guide on rooting with this please?
Sent from my ASUS Transformer Pad TF300T using Tapatalk 2
ebildude123 said:
Damn, nice job. Write a full guide on rooting with this please?
Click to expand...
Click to collapse
That's the problem...It doesn't root the tablet. Anyone know why adding ro.kernel.qemu=1 to /data/local.prop doesn't give adb root access on this tablet?
bads3ctor said:
That's the problem...It doesn't root the tablet. Anyone know why adding ro.kernel.qemu=1 to /data/local.prop doesn't give adb root access on this tablet?
Click to expand...
Click to collapse
Try replacing /data with /system/bin?
Then pushing su over?
Idk lol :C
Sent from my ASUS Transformer Pad TF300T using Tapatalk 2
ebildude123 said:
Try replacing /data with /system/bin?
Then pushing su over?
Idk lol :C
Click to expand...
Click to collapse
System partition is mounted read only so that won't work. I know why now....adbd is running as "shell" instead of "root":
shell 166 1 4460 0 ffffffff 00000000 S /sbin/adbd
Looks like Asus does not allow Android on the TF300 to run in emulator mode. Thats my guess as to why echo "ro.kernel.qemu=1" > /data/local.prop does not work.
The most important for me is to get acces to write in /system/usr. Than we could make there folder we-need-root with voodoo backup in it and restore it via app to get root.
Sent using tf300t - stock JellyBean (docked/nonrooted)
bads3ctor said:
System partition is mounted read only so that won't work. I know why now....adbd is running as "shell" instead of "root":
shell 166 1 4460 0 ffffffff 00000000 S /sbin/adbd
Looks like Asus does not allow Android on the TF300 to run in emulator mode. Thats my guess as to why echo "ro.kernel.qemu=1" > /data/local.prop does not work.
Click to expand...
Click to collapse
I'm a complete rookie when it comes to this but is it possible to use the downloaded stock rom, modify it and change those permissions?
txdroid_user said:
I'm a complete rookie when it comes to this but is it possible to use the downloaded stock rom, modify it and change those permissions?
Click to expand...
Click to collapse
AFAIK updates are signed, you tamper them and they don't get installed.
bads3ctor said:
System partition is mounted read only so that won't work. I know why now....adbd is running as "shell" instead of "root":
shell 166 1 4460 0 ffffffff 00000000 S /sbin/adbd
Looks like Asus does not allow Android on the TF300 to run in emulator mode. Thats my guess as to why echo "ro.kernel.qemu=1" > /data/local.prop does not work.
Click to expand...
Click to collapse
Is /data/local.prop being created successfully?
Also, tried this? http://forum.xda-developers.com/showthread.php?t=1892002
ebildude123 said:
Is /data/local.prop being created successfully?
Also, tried this? http://forum.xda-developers.com/showthread.php?t=1892002
Click to expand...
Click to collapse
I have tried the qemu hack which is supposed to get Android to boot into emulator mode. /data/local.prop is being created properly but upon reboot, my TF300 is not in emulator mode and no root adb prompt.
I have also done the debugfs hack to get rights to /dev/block/mmcblk0p1 by modifying this:
http://forum.xda-developers.com/showthread.php?t=1704209
No love there either. Both must have been patched by Asus. Some devs have been saying that a locked TF300 can't be rooted but my understanding is that the bootloader and kernel are signed preventing a hack on those to areas but /system should be able to be remounted rw and su copied to /system/xbin as long as we can find a way to root this pos.
Edit: Here is my post on the debugfs thread: http://forum.xda-developers.com/showpost.php?p=35395926&postcount=505
Bump, any progress?
ebildude123 said:
Bump, any progress?
Click to expand...
Click to collapse
Well...confidentially....just between you and me.....:silly:....I returned my $279 + tax($298) TF300T to BB(Black Friday deal) and bought a red TF300T from clearance.bestbuy.com for $250 + tax($267) ... hoping that it comes with ICS instead of JB and I will be golden! I receive it in 2 days. If that happens....then I will root it, protect root the normal way, upgrade to JB....restore root and i'm done. Lazy a$$ way of rooting this tablet.
If it has JB on it.........then its back to the salt mines of trying more exploits or creating some of my own.
Edit: Too bad its not a newer Samsung device with an Exynos 4 in it...WOW...what a thread that is: http://forum.xda-developers.com/showthread.php?t=2048511. I have never read anything like it. Some SERIOUS devs posting there!
Edit2: Sorry everyone...I received my new red TF300 and it has ICS on it! I can still try some exploits after I upgrade to Jelly Bean if anyone wants me to. I know that debugfs fails and so does the local.prop hack on locked Jelly Bean. I have searched for other /data hacks and have found no more....post a link here for any other hacks that leverage write access to /data to get root and I will try them.
Do we have any other talented developers working on this?
I was able to downgrade to root my tablet only to realize I was no longer receiving OTA updates once that was complete. I read that some users had success by waiting for more then a week for updates to start coming again but I would hardly call that success. Plus, I had downgraded to a firmware that my tablet hadn't even shipped with so I figured thats why i was having trouble receiving the update. I decided to apply a minor upgrade manually (knowing it would break root) so I could see if I got updates on the new firmware and once confirmed, I would downgrade again and root and wait patiently. (I was bored)
Problem is, I upgraded to a jelly bean (4.1) build not knowing that was the point of no return.
Current status:
-no way to downgrade
-still not receiving updates from asus
-no root
I am this close to returning this stupid device and getting a nexus 10. If anyone can provide me any assistance with this, it would be greatly appreciated.
P.S. Unlocking the bootloader is not an option for me
Odp: Root TF300TG with JB 4.1.1 and bootloader locked
U cant root when u are on bootloader version 10+ (4.1 or 4.2) on locked bootloader. And i f u have not get update maybe there is no update for ur version of tf300? However u can wait to the moment when on asus tf300t download site will be .blob file to download. Than it will be able to do "force update" by puuting it on /sdcard
Sent using tf300t - stock 4.2.1
ch3mn3y said:
U cant root when u are on bootloader version 10+ (4.1 or 4.2) on locked bootloader. And i f u have not get update maybe there is no update for ur version of tf300? However u can wait to the moment when on asus tf300t download site will be .blob file to download. Than it will be able to do "force update" by puuting it on /sdcard
Sent using tf300t - stock 4.2.1
Click to expand...
Click to collapse
It just became available.
http://support.asus.com/download.as...rmer+Pad+TF300T&os=&hashedid=8BmzkQ4yoz5WzBrW
Sent from my ASUS Transformer Pad TF300T using xda app-developers app
Odp: Root TF300TG with JB 4.1.1 and bootloader locked
Firstly i thought that u are sayin about root on locked 4.2, but than i found out that its link to asus download page
Sent using tf300t - stock 4.2.1
Related
After having some major speed issues using Touchdown on my new Vibrant, I was directed to this thread discussing issues with the way Samsung stores app data on the phone. Apparently the app data is stored on the internal SD vs. NAND and that is considerably slower. Here are the two methods to fix:
*Both Methods require ROOT*
*Method 1 limits the space of app data, which can possibly cause issues*
*Method 2 requires writing a new Kernel, which comes with it's own possible issues*
*READ THE THREADS!*
Method 1: http://android.modaco.com/content/s...298/got-the-stalling-problem-rooted-try-this/
Method 2: http://android.modaco.com/content/s...ed-real-fix-for-the-stalling-lagging-problem/
Hopefully this will be helpful moving forward with the development of this phone!
Note: I have used method 1 which moved the app data from the SD space to the NAND space which significantly increased the speed of my phone, but PLEASE read the links and associated discussion. You are limited to 130MB app space on NAND, which can be limiting depending on which apps you use. Method 2 purports to fix this limitation...
How to check how much app memory you are currently using:
Code:
adb shell
su
cd /data/data
busybox du -h|busybox grep M
How to apply Method 1:
Code:
adb shell
su
busybox cp -rp /data/data /dbdata
mv /data/data /data/data.bak
ln -s /dbdata/data /data/data
reboot
How to undo Method 1 (no loss):
Code:
adb shell
su
busybox cp -rp /dbdata/data /data/data.tmp
rm -r /data/data
mv /data/data.tmp /data/data
reboot
How to undo Method 1 (restore to point of application):
Code:
adb shell
su
rm /data/data
mv /data/data.bak /data/data
reboot
Awesome, thanks for doing the parsing and putting out a procedure. Works great. No more lag.
Thanks, just tried it out on mine.
BE WARNED you will run into issues if your application data goes over 130MB. There is a better way to do this which includes a custom kernel with ext3/4 support and symlinking to the ext partition instead of the small NAND space.
Find it herehttp://android.modaco.com/content/samsung-galaxy-s-s-modaco-com/313365/updated-real-fix-for-the-stalling-lagging-problem/
I havent felt the need to perform either of these ATM. Please warn people of the consequences especially if your just telling them "Hey this will make your phone faster!" I do notice its explained in the article you linked from but not everyone will read that and then when they start having issues they will have no idea what to do. For those that completed this method you might want to revert it and go a better route. 130MB isnt enough room.
Agreed...I figured people would read the link, but you never know. Will update accordingly. THX!
I am trying test out method 1 but I keep getting stuck. I type in cp -rp /data/data /dbdata into adb but it comes back with cp: not found. Any ideas what I am doing wrong here?
Add busybox before the cp command; i.e.: busybox cp etc...
Krycek said:
Add busybox before the cp command; i.e.: busybox cp etc...
Click to expand...
Click to collapse
Thanks, figured it was something simple like that. Still new to this Android stuff after years of custom WinMo roms and hybrid Blackberry roms.
i'm a little sketchy about applying method 2...will installing a modified kernal have an effect when samsung rolls out the update for 2.2?
I concur, but that is also probably the "right" way to do it. The nice part about method 1 is it is easily reversible. I will update post 1 in a minute with how to check what your current usage is to see if you are close to the 130MB limit.
Thanks, just checked my usage and was only using 21MB thus far. I figure the 130MB limit should suit me fine until Samsung issues a fix. It looks like the European devices already have a new firmware that speeds it up quite a bit so probably won't be too much longer here in the US either.
Im not going to do either. Im going to wait for an official fix.
I'm about to get a vibrant; if you can get parted installed wouldn't it be fairly simple to just unmount and partition the internal SD card into fat32 and ext3/4, and then maybe just update fstab? (parted lets you resize existing partitions to make room for new ones, but I'm not sure if the Samsung firmware uses fstab or something else, coming from a MyTouch here).
anomalous3 said:
I'm about to get a vibrant; if you can get parted installed wouldn't it be fairly simple to just unmount and partition the internal SD card into fat32 and ext3/4, and then maybe just update fstab? (parted lets you resize existing partitions to make room for new ones, but I'm not sure if the Samsung firmware uses fstab or something else, coming from a MyTouch here).
Click to expand...
Click to collapse
i doubt it...it's the reason you need to install the modded kernal so that it recognizes the ext3 or ext4 partition. without it the partition is useless. i personally wouldnt use method 2 as there is no way to revert as of now.
Man i dont understand wtf is going on. Im usually good with adb and whatnot but I cant seem to get su permissions. I type "adb shell" and it goes thru. But when I type "su" it comes back 'permission denied'. Of course, I applied the update.zip to get my phone rooted. Superuser works and I have my rooted apps working.
Anyone have any ideas?!
I'm not infront of my PC atm, but try this.
adb mount
adb shell
su
If mount doesn't work try remount.
Let me know if this works for you, once i'm home I can double check.
Already tried that. I have a Nexus One and adb remount works on that but for this phone it says 'remount failed: No such file or directory'
Digitalthug said:
Man i dont understand wtf is going on. Im usually good with adb and whatnot but I cant seem to get su permissions. I type "adb shell" and it goes thru. But when I type "su" it comes back 'permission denied'. Of course, I applied the update.zip to get my phone rooted. Superuser works and I have my rooted apps working.
Anyone have any ideas?!
Click to expand...
Click to collapse
You might have already tried this, but make sure the phone is unlocked (at home screen) when you run the su command from your workstation... superuser will then prompt and you can allow it to run.
I've noticed that if the screen is locked it won't prompt and just give the permission denied message.
Sent from my Vibrant (with lag fix and loving it)
just did method 1 and the difference is incredible. as far as method 2 goes, will custom roms have this ability from the get go or do we need the official samsung update?
I just want to confirm that this fix works for the US version of the Galaxy S (Samsung Vibrant) right?
Originally i ported PRIMEv1.4 by Roach2010, an honeycomb 3.1 rom from Asus to Iconia A500..Its now a more Acer specific rom based on acer drivers and software but with 3.1 features. We are still waiting for the kernel source, so limits of a stock kernel apply, which is one, using the new feature PS3 controller joypad's. Until source is out, these functions are missing.
You can also follow updates on Twitter now: Dexter Picard (DexterPicard) on Twitter or
me a Red bull, and you're sure i stay up working on this mod or you can visit my new homepage at Dexter's mods
Kernel source of "angel" is found here
BRIEF HOWTO
Download AcerRecoveryInstaller from Market or from apps section of A500 here. or use the old solution from this post .
Boot into ClockWorkRecovery (POWER ON + VOL-) and do a full backup.
put PRIMEE v1.4 zip on your sdcard and install using ClockWorkRecovery
NEW USERS - do a factory reset (WIPE) in ClockWorkMod when installing for the first time.
What does this rom offer
99% of all the new 3.1 features including;
Google Video (i think it was 3.1 only)
Google Books (i think it was 3.1 only)
Google VideoEditor
Asus Book Reader
Enhanced exchange support
Faster Browser
resizable widgets (new launcher 3.1)
multilanguage
enhanced task manager
added filesystem tweaks (kernel 2.6.36.3 features)
added 3G Huawei dongle support
added international keyboard layout support
SIP supported & SMS supported
enhanced network driver
root'd + superuser.apk included
DLNA support
Latest updates (P8-patch3)
[*] 2.6.36.4 kernel with CIFS/NFS/3G support. Optional OC upto 1700Mhz.
[*] Now with PS3 controller support
[*] A Splashtop HD fix here in this attachment
[*] Asus book reader app fix.
added SMS functionality with 3G, and enable SIP phone over wifi function, use SMS app from Market(handcent sms) with mobile part.
rearranged boot image parameters a little.
Media scanner both see internal & external directories now perfectly.
disabled adb at bootup, so Internal storage shows on windows ( through Portable devices - A500)
GoogleVideos app added (tested and working from USA)
Changed boot.img, so "am,install" etc works from adb again.
Added AcerSync (Request)
Replaced Asus Camera with Acer Camera (Request)
changes to mounted ext4 filesystems (small optimization)
Wifi fix added for EU users to build.prop "ro.wifi.country=EU"
Full fix for storage locations: Now its simple /mnt/sdcard , /mnt/external_sd , /mnt/usb_storage
bootanimation update .. Thanks to boggio95
Dock station + remote controller fix
LetsGolf included in full image , i just had to
Settings -> Battery stats is now included
[Bugs confirmed]
rotation lock key does not work (it serves no function in Asus firmware)
Don't mess with! (NOW YOU ARE WARNED!)
Disabling Phone+TelephonyProvider can cause unstable OS, settings crash, tablet freeze etc..
Removing apps from system folder can cause bootloop's
[PRIMEE_p8-3.zip] (patch goes on top of above existing full p8 image)
MD5: 4a48c21b4dc6cbfd6d074105318c88c4
[PRIMEE_acerA500-p8.zip]
MD5: 4efd9fcfdbe918c8ac696467a05a0ae7
See post #2 for installation and all other guides
You do all this and you take the risk. But remember if you got the CWM working, you should be safe and you can run itsmagic from CWM if you are in doubt. I take no responsibilites if you damage or brick your device. But if you do think its bricked, and you get checksum errors both at boot and recovery, sc2k might be able to help if you saved your UID number.
The GUIDES!!
INSTALL RECOVERY.IMG with ITSMAGIC (proceed at your own risk) Recommended is to follow original guide
Alternatively, a new easy installer solution for adding the new recovery.img see AcerRecoveryInstaller from Market.
0. Please read the guide below to get your UID ( see How to get the USB serial number for more info)
1. Extract the recovery.zip and copy the contents, recovery.img, to your a500. normally /data/local is a sure location to write it to.
2. so copy using adb like this
adb push recovery.img /data/local
adb push itsmagic /data/local
3. open adb shell
4. execute commands
su -
chmod 755 /data/local/itsmagic
/data/local/itsmagic
5. if the itsmagic works, you see the "done" information etc... BUT if its not working, don't do the commands below...try and figure out why its not working.
6. IMPORTANT - if all is ok, continue with the commands to remove any chance of corrupting recovery.
mount -orw,remount /system
rm /system/etc/install-recovery.sh
(this command can fail ie. not found (its ok if it does))
mount -oro,remount /system
6a. Next these commands below will install the new recovery.
cat /dev/block/mmcblk0p1 >/data/local/oldrecovery.img
chmod 777 /data/local/oldrecovery.img
cat /data/local/recovery.img >/dev/block/mmcblk0p1
/data/local/itsmagic
sync
Copy the /data/local/oldrecovery.img to your pc.
Execute this command on your pc.
adb pull /data/local/oldrecovery.img oldrecovery.img
1. with adb you can restore the "oldrecovery.img" like this
adb push oldrecovery.img /data/local
adb push itsmagic /data/local
2. open adb shell
3. execute commands
su -
chmod 755 /data/local/itsmagic
/data/local/itsmagic
5. confirm itsmagic works.
6 if all is ok, continue with the commands
cat /data/local/oldrecovery.img >/dev/block/mmcblk0p1
/data/local/itsmagic
sync
INSTALL CUSTOMROM GUIDE (proceed at your own risk)
make sure you validate the MD5SUM of the rom zipfile if possible for you, to ensure file is ok, or manually extract content on pc/mac/windows to verify zipfile is ok.
copy the PRIMEEv14_acerA500.zip to your sdcard, if md5sum / zip file is ok.
run the recovery (POWER off tablet.. then press and hold POWER button and hold VOL- until text in upper left corner appear and stop pressing VOL-)
use ClockWorkMod as normal (assumed is you tried cwm before) and wipe data/cache areas.
install zip file sdcard, and select the PRIMEEv14_acerA500.zip, and chose YES to install.
wait for installation to finish, and then choose reboot now
the zip file contains itsmagic and will execute at finish, so a reboot should run fine and boot your new custom rom.
How to get the USB serial number:
1. Connect Iconia to your PC
2.a Linux
call lsusb -v
read the value of iSerial for Iconia
2.b Windows
- Open Device manager
- Goto Properties of Android USB Devices->Acer Composite ADB Interface
- Goto "Details" Tab
- Select "Parent" from the property selection.
- Read the value. It looks like this:
USB\VID_0502&PID_3325\370014740c00594
- The number after the last "/" is the UID.
2.c Windows (alternative method)
Download this tool (download link is nearly at the end of the page):
- Open the tool
- Sort after VendorID
- Check all devices with VendorID = 0502 and ProductID = 3325 . There is also a "Serial Number" column.
Backup all of your partitions on your iconia A500
Connect Iconia to your PC or open a terminal on your tablet. make sure you got a sdcard inserted to with at least 1GB free space
if you are on stock rom, location of sdcard is /mnt/external_sd , if you are already on 3.1 its /data/Removable/MicroSD, put that into first step below, where i wrote you should.
so execute the commands below, and you got a full backup of your device..Remember to execute the "itsmagic" command, if you restore this backup.
BACKUP COMMANDS
export SDCARD=[YOUR SDCARD LOCATION] (ie. SDCARD=/mnt/external_sd)
cat /dev/block/mmcblk0p1 >$SDCARD/mybackup_mmcblk0p1
cat /dev/block/mmcblk0p2 >$SDCARD/mybackup_mmcblk0p2
cat /dev/block/mmcblk0p3 >$SDCARD/mybackup_mmcblk0p3
cat /dev/block/mmcblk0p5 >$SDCARD/mybackup_mmcblk0p5
cat /dev/block/mmcblk0p6 >$SDCARD/mybackup_mmcblk0p6
cat /dev/block/mmcblk0p7 >$SDCARD/mybackup_mmcblk0p7
RESTORING FILES
If you want to restore the files, open the CWM recovery you installed and log in with adb.
make sure all partitions are unmounted. execute the commands in the adb here.
make a copy of the "itsmagic" application to your sdcard location as well.
RESTORE COMMANDS
mount /sdcard
export SDCARD=/sdcard
cat $SDCARD/mmcblk0p1 >/dev/block/mmcblk0p1
cat $SDCARD/mmcblk0p2 >/dev/block/mmcblk0p2
cat $SDCARD/mmcblk0p3 >/dev/block/mmcblk0p3
cat $SDCARD/mmcblk0p5 >/dev/block/mmcblk0p5
cat $SDCARD/mmcblk0p6 >/dev/block/mmcblk0p6
cat $SDCARD/mmcblk0p7 >/dev/block/mmcblk0p7
mount /system
copy $SDCARD/itsmagic /system/bin/
chmod 755 /system/bin/itsmagic
/system/bin/itsmagic
Wow! very prompt progress to custom rom. Thanks dexter!
Is that the recovery you included the CWM?
Can I understand that the recovery.img should be flashed using itsmagic method. After that, we get a custom recovery (CWM) to restore your update.zip.
And your update.zip will not contain anything that would alter the kernel such that you will not run itsmagic again in your update.zip. Am I correct? Thanks.
ardatdat said:
And your update.zip will not contain anything that would alter the kernel such that you will not run itsmagic again in your update.zip. Am I correct? Thanks.
Click to expand...
Click to collapse
my update.zip WILL install a custom boot.img , as HC3.1 uses a different boot, so its unavoidable..
but i have included itsmagic in the zip, and when the "system" is unpacked, it leaves it unmounted until itsmagic has run, so the libraries are available to execute the application which is done at the end in the updater-script.
I have tested it and it works and installs the new boot with this recovery.img (this image got busybox in /sbin which is important)
sorry, little tech, but required to explain how i did it.
So exciting cant wait to try this out tomorrow
Oh YEAH! Was still hoping for this coz customROMs came to other devices with locked bootloader too!
Now its here!
Will definetly try this when i have time this afternoon
OMG so greaaaaat, thanks pal!!!
edit: downloading
dexter, can you make a guide for newbie to install this rom ? or may be any one?
Working great so far. Quite stable.
interqd said:
dexter, can you make a guide for newbie to install this rom ? or may be any one?
Click to expand...
Click to collapse
Soon, i will do even better.. ill dig up an old application used on FlipOut to install a recovery.. this app will then install the recovery.img and run the "itsmagic" application. but that for later.
but here is my way of seeing it simple, if you can use adb and a shell in a rooted a500.
See post #1 for the GUIDE(s)
Dexter_nlb said:
Soon, i will do even better.. ill dig up an old application used on FlipOut to install a recovery.. this app will then install the recovery.img and run the "itsmagic" application. but that for later.
but here is my way of seeing it simple, if you can use adb and a shell in a rooted a500.
See post #1 for the GUIDE(s)
Click to expand...
Click to collapse
I got a itsmagic: not found
when I try to execute :S i dont understand why, is there a permission to be set or something?
on itsmagic post just say "call itsmagic" but bunno what this mean its a command? just #itsmagic?
thanks in advance
EDIT:
I think this need to be posted on OP
2. so copy using adb like this
adb push recovery.img /data/local
adb push itsmagic /data/local
3. open adb shell
4. execute commands
cd /data/local
su -
chmod 755 itsmagic
./itsmagic
Click to expand...
Click to collapse
Alejandrissimo said:
I got a itsmagic: not found
Click to expand...
Click to collapse
thanks.. i updated post #1.
Boot perfectly!!!! thanks a TON for your work!!!!
btw, this recovery its 100% functional? for custom.zip files and stuff?
Can root explorer and terminal emulator be used to execute the above commands from the device or is adb the only option?
Sent from my A500 using XDA Premium App
bochocinco23 said:
Can root explorer and terminal emulator be used to execute the above commands from the device or is adb the only option?
Sent from my A500 using XDA Premium App
Click to expand...
Click to collapse
I think yes, you can use terminal emulator
Any impressions so far?
huxflux2003 said:
Any impressions so far?
Click to expand...
Click to collapse
marvelous just want to figureout how play videos everything else its a lot of smooth (youtube HD works)
It plays YouTube videos fine...
Alejandrissimo said:
marvelous just want to figureout how play videos everything else its a lot of smooth
Click to expand...
Click to collapse
what about install moboplayer?
even 3rd party cant play videos?
and, does usb host is functioning?
keyboard, mouse, gamepad, hdd, td, etc
3.1 should have them to run by default right ?
Language support
Hi, does your ROM supports all languages like Android 3.1, or did you remove e.g. Czech language?
Anyway, sounds great, I will try it today.
It costed me more than a day but finally it is done and my TF300T is unlocked and rooted. The biggest problem was finding and placing the steps in the right order. It turned out that the Asus tool for unlocking the bootloader on .29 does not work. So, these are the steps (and most easy), to unlock and root a TF300T on WW .29
1 Downgrade to .17 with the DE blob found here and the instructions. Follow step 2.
2 Download the Asus unlock tool from the Asus website (support.asus.com)
3 Download also the .29 file
4 Install the unlock apk and unlock your device
5 After rebooting you will see the message that your device is unlocked. Now the fastboot protocol is available. You need it to perform step 7
6 After unlocking install .29 the same way as you downgraded your device
7 Install CWM by following the instructions found here
8 On the bottom of the same treat there is explained how to root the device (just run a simple apk)
9 It could be the you have to install busybox from the market, but I'm not sure.
The main advantage of this method is that you have CWM installed also.
Suc6!
THIS was posted on May 23rd, and hidden in the CWM Recovery + Root thread with NO thanks given to it:
http://forum.xda-developers.com/showthread.php?p=26478502#post26478502
And THIS was my comment to it just a few minutes ago:
http://forum.xda-developers.com/showpost.php?p=26929082&postcount=176
The unlocked worked on my US .29
Sent from my VS910 4G using xda premium
If it's really true that the ASUS unlock does not work with .29 then ASUS is a bonehead.
"Use this to unlock .. and oh jeah, you have no warranty"
[unlocking]
"Uhh, what do you mean it does not work? Well good luck then at XDA since you messed up the warranty. No it's not our fault, you want to unlock..."
Tnx for pointing this out. Also tnx for providing a step to step overview.
Unlocked my .29 with no problem
keynith said:
The unlocked worked on my US .29
Sent from my VS910 4G using xda premium
Click to expand...
Click to collapse
Same here. I had the modded build.prop so.....
I set the original build.prop back in place and then did a factory reset. Once I did that, the unlock tool worked fine.
Ok so quick question...
My bootloader is unlocked and im on .17
I have the update .zip for .29, but every time I try to flash in recovery (teamwin) nothing happens. Just says "installing update" for well over 15 min. Any suggestions? Btw: tried flashing both zips... the 2nd inside the first and still nothing :/
Sent from my ASUS Transformer Pad TF300T using xda premium
Redownload the update and try again. Could be bad update. Or get CWM and flash a ROM
Sent from my Transformer Prime TF300T using XDA Premium HD app
keynith said:
Redownload the update and try again. Could be bad update. Or get CWM and flash a ROM
Sent from my Transformer Prime TF300T using XDA Premium HD app
Click to expand...
Click to collapse
Didn't work :/
Plus I don't think I can get CWM flashed over teamwin. I think I read, that will brick it and have been too busy lately to check info on that. You see how long it took me to reply to this. Ugh! Sucks being busy all day. I'll keep looking around when I can. Thanks though. For sure
Sent from my ASUS Transformer Pad TF300T using xda premium
Rooting *without* downgrading (from .29)
Hello,
Since this is my first post on this forum I couldn't post it in the dev thread, so I post it here.
I just managed to root my TF300T without downgrading the firmware.
First, I decline all responsibility if you brick your device. Use the method and the binaries with extreme caution, although all should be ok if you follow step by step the following instructions.
Before starting, you should download the two binaries (debugfs and su) that are linked at the end of this post. And please read the instructions till the end before going into.
Here it is:
Rooting the Asus Transformer TF300T
===================================
: first, use known method to get write access to the /system partition
adb push debugfs /data/local/
adb push su /data/local/
adb shell
$ cd /data/local/
$ mv tmp tmp.back
$ ln -s /dev/block/mmcblk0p1 tmp
$ exit
adb reboot
adb shell
: some cleanup first
$ cd /data/local
$ rm /data/local/tmp
$ mv /data/local/tmp.back /data/local/tmp
: and now, let's do the dirty work
$ chmod 755 /data/local/debugfs
$ /data/local/debugfs -w /dev/block/mmcblk0p1
cd xbin
write /data/local/su su
set_inode_field su mode 0104755
set_inode_field su uid 0
set_inode_field su gid 0
quit
: done, let's reboot and get root !
adb reboot
adb shell
$ /system/xbin/su
# id
id=0(root) gid=0(root) ....
# exit
: cleanup remaining files
$ rm /data/local/su
$ rm /data/local/debugfs
Now here is the link to my dropbox containing the binaries and the source file for su. debugfs is part of e2fsprogs, and I didn't touch anything (I just struggled 24h to get it compiled for android, that's why I give it away ^^).
(link removed) (Well I have a link, but this forum won't let me post it...)
Regards,
milo
[edit] added the chmod 755 on debugfs
miloj said:
Hello,
Since this is my first post on this forum I couldn't post it in the dev thread, so I post it here.
I just managed to root my TF300T without downgrading the firmware.
First, I decline all responsibility if you brick your device. Use the method and the binaries with extreme caution, although all should be ok if you follow step by step the following instructions.
Before starting, you should download the two binaries (debugfs and su) that are linked at the end of this post. And please read the instructions till the end before going into.
Here it is:
Rooting the Asus Transformer TF300T
===================================
: first, use known method to get write access to the /system partition
adb push debugfs /data/local/
adb push su /data/local/
adb shell
$ cd /data/local/
$ mv tmp tmp.back
$ ln -s /dev/block/mmcblk0p1 tmp
$ exit
adb reboot
adb shell
: some cleanup first
$ cd /data/local
$ rm /data/local/tmp
$ mv /data/local/tmp.back /data/local/tmp
: and now, let's do the dirty work
$ /data/local/debugfs -w /dev/block/mmcblk0p1
cd xbin
write /data/local/su su
set_inode_field su mode 0104755
set_inode_field su uid 0
set_inode_field su gid 0
quit
: done, let's reboot and get root !
adb reboot
adb shell
$ /system/xbin/su
# id
id=0(root) gid=0(root) ....
# exit
: cleanup remaining files
$ rm /data/local/su
$ rm /data/local/debugfs
Now here is the link to my dropbox containing the binaries and the source file for su. debugfs is part of e2fsprogs, and I didn't touch anything (I just struggled 24h to get it compiled for android, that's why I give it away ^^).
(link removed) (Well I have a link, but this forum won't let me post it...)
Regards,
milo
Click to expand...
Click to collapse
Milo,
I want to give it a try, so can you pm me the dropbox link?
Thanks
Marco
Sent from my GT-I9000 using Tapatalk 2
First, thanks for your work. Why not just "edit" the URL if you can't post one yet. PEx w w w xyz. com. That would work Cheers
...via Tapatalk
Because I'm usually not a cheater ahah!
Here it is:
http : // db. tt/FBUNeVmo
Sent from my Desire HD using XDA
Hi!
$ /data/local/debugfs -w /dev/block/mmcblk0p1 -> cannot execute - Permission denied
cd xbin -> cd /system/xbin?
write /data/local/su su -> write: not found
What to do?
Sorry, I may have missed a chmod 755 debugfs.
A line preceded with $ is meant to be executed inside debugfs shell.
Tell me how it goes, I'll update the doc.
milo
Sent from my Desire HD using XDA
miloj said:
A line preceded with $ is meant to be executed inside debugfs shell.
Click to expand...
Click to collapse
Actually it is the other way round, sorry.
Everything following a $ is executed from the Android shell, and all non-prefixed line is executed in debugfs.
milo
Sent from my Desire HD using XDA
Here is Miloj's link for the necessary files: http://db.tt/FBUNeVmo
Miloj: Excellent work! Will you edit the OP with the correct code sequence, let's save us some bricks.
Sent from my ASUS Transformer Pad TF300T using XDA Premium HD app
/data/local/debugfs -w /dev/block/mmcblk0p1 -> Segmentation fault
cdma77 said:
/data/local/debugfs -w /dev/block/mmcblk0p1 -> Segmentation fault
Click to expand...
Click to collapse
OK it happened to me as well, and while trying to debug it, it then started to work without any change from me but some printf()...
I'll try to see if I can catch the exception and repost the binary.
Sent from my ASUS Transformer Pad TF300T using XDA
Frenchies are good, in'it ?
Miloj, anytime you want to help noobs like me to get root easier than what you explain, I'm interested. Maybe something compiled for linux challenged people...
Anyway, congrats to you !
miloj said:
OK it happened to me as well, and while trying to debug it, it then started to work without any change from me but some printf()...
I'll try to see if I can catch the exception and repost the binary.
Sent from my ASUS Transformer Pad TF300T using XDA
Click to expand...
Click to collapse
HOW TO ROOT YOUR LENOVO IDEATAB A1000
<DISCLAIMER>
By attempting these steps, your warranty will be void. Even worse than that, it might cause crashes, freezes, random explosions, 2nd degree burns, or even turn your beloved tab into $100+ paperweight. What works on mine might not work on yours, so don't attempt if you don't know what you're doing. Do at your own risk. Corrections are welcome. I must admit that I'm not an expert, so any info I posted might be wrong, and I can't offer you much help. I'm not responsible for anything arising from the use of this how-to. I can only wish you good luck.
<WHY ROOT?>
- Without root or OTA upgrades (at time of writing, Indonesian customers still can't get it), you'll be stuck with ~500MB internal memory. That's annoying.
- You're stuck with the default IO scheduler (cfq) and governor (hybrid, haven't heard that one..)
- You have an incredibly large amount of bloatware you can't get rid of, in that already cramped up internal storage
- Did I mention freedom?
<REQUIREMENTS>
This method is originally used to root Acer Iconia B1-A71. Somehow I noticed that the two actually has the same chipset, MTK8317 (if it really was relevant ). So I tried the method, and through sheer n00b's luck, it worked like a charm!
Lenovo IdeaPad A1000-G --> 4GB storage, 2G/EDGE. This method haven't been tested on A1000-T/F, different storage cap (16GB, etc.) or other variants, but it should work with slight modification. Screenshots of my specs are attached below. Remember, proceed at your own risk!
A Linux System. Never tried on Windows or Mac. I personally used Linux Mint 15. The source post uses Ubuntu.
working ADB (android-tools-adb). You can get this from synaptics, apt-get, etc. If your system can detect adb devices, you should be fine.
Superuser Binary
Busybox Binary (You can get these two from the links on original post. XDA says noobs can't post links :'( )
ORIGINAL THREAD
<CREDITS>
XDA Senior Member entonjackson, for writing such a noob-friendly how-to for rooting Acer Iconia B1-A71 and for allowing me to use it for this how-to.
XDA Member alba81, for discovering the method as acknowledged on the original post by entonjackson
All awesome gurus on XDA which I can't mention one by one.
<THE STEPS>
1. Extract the android sdk to your home folder, e.g. a user named Bob will use like /home/bob
2. Open a terminal
3. Now plug your A1000 into your machine and turn on Debugging Mode (Go into Settings -> Developer Tools, turn on Developer tools, then turn on USB Debugging Mode)
4. Now back at the keyboard of your Linux machine in your terminal type:
Code:
sudo adb devices
The output should be something like:
Code:
123456789ABCDEF device
If it's not, google for it. Somehow your Linux hasn't detected the A1000, although the android sdk for Linux brings all needed drivers with it.
If your device was found, congratulations. The adb connection between your linux machine and your tablet is intact.
5. Now extract the downloaded busybox archive to your home folder, in it there should be a busybox binary. So Bob does:
Code:
sudo ./adb push /home/bob/busybox /data/local/tmp
Code:
sudo ./adb shell
Code:
chmod 755 /data/local/tmp/busybox
6. You should copy the busybox binary into a directory where you can access it as a plain non-root user on the tablet. We need this binary. so we can apply unix tools like telnet, dd, cat, etc. But for now we need it to establish a telnet session between our tablet and our linux machine.
(This point is written on original post. Seems important, but as soon as I finished step 5, I can use those tools)
7. Dial *#*#3646633#*#* to enter Engineer Mode
8. Go to Connectivity -> CDS Information -> Network Utility
9. type the following command:
Code:
/data/local/tmp/busybox telnetd -l /system/bin/sh -p 1234
Advice from original poster: copy and paste it from the browser on your tablet, because dependent on which keyboard app installed, this can be freakin tricky. In the next step you will learn, why it's so important why this command should be correct.
10. Tap on Run. You won't get any feedback, so you will never know if the entered command runs properly or not. That's why you should make sure the command is ok.
Now we have started our telnet server on the tablet.
11. Back in the terminal type:
Code:
/data/local/tmp/busybox telnet 127.0.0.1 1234
If you now get an error like couldn't find busybox or something, then either adb push failed or you forgot to chmod, in step 5
12. Now enter:
Code:
cat /proc/dumchar_info
You should get a bunch of lines, try to find a line containing the partition named android
{..... partition list .....}
android 0x0000000028A00000 0x00000000020E8000 2 /dev/block/mmcblk0p3
{..... partition list .....}
13. We will create a dump of our android system. This is the point where different variants *MIGHT* have different parameters. This step is important, as wrong parameter will result in unmountable image.
Stop. Take a deep breath. If you're not familiar with dd, find a good doc of it. There's a plethora of them.
Get yourself a programmer's calculator (Linux Mint 15 has one built in).
Here's what you'll do :
Convert the hex number on the 3rd column into decimal. In my case (0x20E8000) will yield 34504704. Divide by 4096. The result (8424) goes to the skip parameter.
Convert the hex number on the 2nd column. In my case (0x28A00000) will yield 681574400. Divide by 4096. The result (166400) goes to the count parameter.
So the full dd command will look like :
Code:
dd if=/dev/block/mmcblk0 bs=4096 skip=8424 count=166400 | gzip > /cache/system.img.gz
Do a full sanity check before hitting enter! It will take about 5 minutes.
14. After it's finished we must make the image readable for adb, so we do:
Code:
chmod 777 /cache
and
Code:
chmod 777 /cache/system.img.gz
15. Leave the telnet, and then adb shell session by:
Code:
exit
Code:
exit
16. Now we pull our image by
Code:
sudo adb pull /cache/system.img.gz
wait 1-2 minutes.
It should be then located inside /home/bob. It did for me. If not, do a search . It should be a .gz, extract it right there (or /home/bob if it isn't there)
17. Now we need to modify our system image by adding the tiny but helpful su binary. Extract the SU binary to /home/bob.
18. We create a folder where we will mount our system image to. To create it do:
Code:
sudo mkdir /media/a1000
19. Now we mount it:
Code:
sudo mount -o loop /home/bob/system.img /media/a1000
if it fails, then you entered wrong parameters on step 13
20. Now we copy our SU binary to our mounted system image:
Code:
sudo cp /home/bob/su /media/a1000/bin
21. the su binary needs to have the proper rights to make it usable, so we 'suid' it with:
Code:
sudo chmod 06755 /media/a1000/bin/su
22. Let's unmount our baby by:
Code:
sudo umount /media/a1000
and because bob doesn't like a messed up system, he does:
Code:
sudo rm -rf /media/a1000
because he hopefully won't need it anymore.
23. We have to gzip it again to bring it back to where it belongs to. this we do by:
Code:
cd /home/bob
Code:
gzip /home/bob/system.img
24. So here we are now, we made it to the final Boss fight! The next steps are dangerous and should be performed with caution. We copy back our modified system image, which can brick your device, if you do a mistake! Enter adb shell again :
Code:
sudo adb shell
25. Remove the old boring image:
Code:
rm /cache/system.img.gz
26. Leave adb shell
Code:
exit
27. copy our cool new system image containing the su binary:
Code:
sudo adb push /home/bob/system.img.gz /cache
28. Enter adb shell again
Code:
sudo adb shell
29. Usually the telnet server on the tablet is still running, at least in my case it's been like that. That's why we can directly connect to the telnet server with:
Code:
/data/local/tmp/busybox telnet 127.0.0.1 1234
If this doesn't work, then obviously your telnet server isn't running anymore. So on your tablet if the telnet command is still entered (see step 9), tap on Run again and repeat step 29.
30. Now this is the most dangerous step in this how to (no it wasn't the mkdir one). You can copy following command to make sure everything is fine and paste it into your telnet session on your linux terminal.
<WARNING! SANITY CHECK! MAKE SURE *ALL* THE DD PARAMETERS MATCH THE FIRST DD (STEP 13) OR YOUR A1000 WILL TURN INTO A VERY EXPENSIVE PAPERWEIGHT!>
Code:
[B]/data/local/tmp/busybox zcat /cache/system.img.gz | dd of=/dev/block/mmcblk0 bs=4096 seek=8424 count=166400[/B]
After 1-2 minutes you're done, if your tablet or pc or yourself didn't catch fire, everything's fine.
31. Leave telnet / adb shell by doing
Code:
exit
Code:
exit
32. Reboot your A1000 via ADB, then exit
Code:
sudo adb reboot
Code:
exit
33. Unplug your tablet from PC
34. Install Superuser (No, not SuperSU, cause it won't work!). I personally use Superuser by ChainsDD, from Play Store
35. Be lucky. Your tablet and thus you are now free!
Don't forget to hit thanks, if this helps
hi, after step 13 (i double checked the command), i get this error
Code:
/system/bin/sh: can't create /cache/system.img.gz: Permission denied
/dev/block/mmcblk0: cannot open for read: Permission denied
I have the WiFi 4G version
Im too stuck in step 13.....nothing wrong with the script, can u give me a solution?
Im using A1000G also
@ts
Your guide work perfectl, in windows enviroment but mount step still need linux,
I've question are you using DirectoryBinding? Mine always close when playing Real Racing, its very annoying
You have suggeztion or alternative for DirectoryBinding?
Root with Windows ?
Hi,
I am a new member because i bought this tblet but i can't root. I don't have a linux environment, so there is a solution with W8 Pro 64 ?
Thanks a lot for you help,
ulisez said:
hi, after step 13 (i double checked the command), i get this error
Code:
/system/bin/sh: can't create /cache/system.img.gz: Permission denied
/dev/block/mmcblk0: cannot open for read: Permission denied
I have the WiFi 4G version
Click to expand...
Click to collapse
have you chmod-ed the busybox (or is the chmod successful without error)? Try chmod-ing the /cache before attempting step 13. It seems that you still don't have access to the NAND device (mmcblk0). Have you updated firmware via OTA?
artonelico said:
Im too stuck in step 13.....nothing wrong with the script, can u give me a solution?
Im using A1000G also
Click to expand...
Click to collapse
Do you encounter the same error message like ulisez had? Could you post the screenshot of the partition list (the lines after you execute dumchar_info)?
rmage said:
@ts
Your guide work perfectl, in windows enviroment but mount step still need linux,
I've question are you using DirectoryBinding? Mine always close when playing Real Racing, its very annoying
You have suggeztion or alternative for DirectoryBinding?
Click to expand...
Click to collapse
I personally use Link2SD by Bulent Akpinar to link apps to 2nd partition on my SDcard.
Letsar said:
Hi,
I am a new member because i bought this tblet but i can't root. I don't have a linux environment, so there is a solution with W8 Pro 64 ?
Thanks a lot for you help,
Click to expand...
Click to collapse
The original developer who posted the method (entonjackson) plans to integrate the method in the next release his toolkit, the Acer Iconia Toolkit. I think you should check his thread : http://forum.xda-developers.com/showthread.php?t=2240029
sammymaddog said:
have you chmod-ed the busybox (or is the chmod successful without error)? Try chmod-ing the /cache before attempting step 13. It seems that you still don't have access to the NAND device (mmcblk0). Have you updated firmware via OTA?
Do you encounter the same error message like ulisez had? Could you post the screenshot of the partition list (the lines after you execute dumchar_info)?
I personally use Link2SD by Bulent Akpinar to link apps to 2nd partition on my SDcard.
The original developer who posted the method (entonjackson) plans to integrate the method in the next release his toolkit, the Acer Iconia Toolkit. I think you should check his thread : http://forum.xda-developers.com/showthread.php?t=2240029
Click to expand...
Click to collapse
Link2SD doesn't link app data, do you have any option?
yes i had same message with ulyses, by the way im from indonesia too can i contact you through chat client?
oh yeah im using windows 7 and using cmd as a terminal in linux
thx before bro
sammymaddog said:
The original developer who posted the method (entonjackson) plans to integrate the method in the next release his toolkit, the Acer Iconia Toolkit. I think you should check his thread : http://forum.xda-developers.com/showthread.php?t=2240029
Click to expand...
Click to collapse
Ok, i see his toolkit. It's very good. I'll wait
rmage said:
Link2SD doesn't link app data, do you have any option?
Click to expand...
Click to collapse
I'm not sure whether the stock kernel of our devices supports init.d, thus supports CronMod/Data2SD. Lenovo locked our bootloader, and currently there's no way around it. So I personally think, Link2SD method are the best option for now.
Let's give it several months until our dev gurus bring their miracles upon this device
The attached image shows mt6577 Hardware, can u provide the Soc details please
Hi, Can any one upload Lenovo ideatab A1000 system.img
in step 20, it appears you are writing to a /bin directory on the android system. However such a directory is not visible either through shell or the system telnet account.
Do I need to understand something else about android to make sense of this.
regards
vidya
one month gone past but the op seems to be in caves or has bricked the device
STOCK ROM
CAN ANY BODY PROVIDE ME A STOCK ROM OF THIS DEVISE
I HV ROOTED SUCCESSFULLY BY A VERY EASY METHOD
BUT SCREWED UP WHILE UPDATING IT SO PLZ PLZ HELP ME OUT
THE DEVICE BOOTS BUT ALL THE APP CRASHES :crying::crying:
VR.gtmini said:
The attached image shows mt6577 Hardware, can u provide the Soc details please
Click to expand...
Click to collapse
VR.gtmini said:
one month gone past but the op seems to be in caves or has bricked the device
Click to expand...
Click to collapse
sorry to make you wait. I'm a last grader university student, and final project stuffs have got me pinned down. Hope you understand
Actually the SoC is MT8317. For some god-knows reason Mediatek have made this SoC with signatures similar to MT6577. But somehow CPU tweaker correctly detects the SoC (MT8317). Maybe it's the CPU-Z bug?
unknown_world said:
Hi, Can any one upload Lenovo ideatab A1000 system.img
Click to expand...
Click to collapse
zod0070 said:
CAN ANY BODY PROVIDE ME A STOCK ROM OF THIS DEVISE
I HV ROOTED SUCCESSFULLY BY A VERY EASY METHOD
BUT SCREWED UP WHILE UPDATING IT SO PLZ PLZ HELP ME OUT
THE DEVICE BOOTS BUT ALL THE APP CRASHES :crying::crying:
Click to expand...
Click to collapse
I'm uploading the modified .img. Let's pray my old HSPA modem won't catch fire by the morning.
vidyadhara said:
in step 20, it appears you are writing to a /bin directory on the android system. However such a directory is not visible either through shell or the system telnet account.
Do I need to understand something else about android to make sense of this.
regards
vidya
Click to expand...
Click to collapse
I think you got it wrong. The write process does not take place on the device. It's on the loop-mounted .img in /mnt/a1000 on your computer (step 18-19). Cheers!
Here's the ALREADY BUSYBOX-ED .img for Ideapad A1000-G 4GB EDGE version. Hope it helps :
www dropbox com/s/rmpnz7c285t5sqz/system.7z
sammymaddog said:
Here's the ALREADY BUSYBOX-ED .img for Ideapad A1000-G 4GB EDGE version. Hope it helps :
www.dropbox.com/s/rmpnz7c285t5sqz/system.7z
Click to expand...
Click to collapse
Thanks for coming back, could u post the MD5 of the system.7z & system.zip.
Also could u provide simple way/steps to directly flash this .img without extracting existing stock system image
My tab A1000-G
do you have stockROM for lenovo A1000G
I need this :crying:
raffly said:
do you have stockROM for lenovo A1000G
I need this :crying:
Click to expand...
Click to collapse
Don't worry, the above link is a stock Lenovo A1000 G ROM, but with pre-root files having no superuser app. Just extract the .7z file
System.7z MD5: 658CA71AC8A230B244F267513857F9A5
EDIT:
Go here to root your Tegra Note 7: https://github.com/linux-shield/shield-root/blob/master/README.md (thanks to CampGareth for finding the link).
I have tested this, it works with no bloatware, only installs SuperSu.
---------
Hey guys, I got my new Tegra Note 7 last night and I've been trying to get it rooted, but I keep running into trouble.
First of all, I DO NOT want to use some shady Chinese software that installs a bunch of bloat on both my tablet and PC just to get SuperSu going, I've tried that method and had to reset the tablet to get rid of all the crap it installs (and it didn't even seem to root anyway).
Now I'm trying the manual method from here: http://pan.baidu.com/wap/link?uk=3073396937&shareid=3129426036&third=0
Which, again, is Chinese but at least I can see what it's doing since I'm issuing ADB commands, and supposedly it has worked for others on this forum.
Now, I get to step 3 on the included PDF which says to boot an insecure bootloader image with "fastboot boot tegranote_insecure_boot.img", I do this and the tablet screen flashes a few times and reboots to android.
I get to the next step which says to open an adb shell, and do "/sbin/rootsh +p" to get a temp root shell, and this is where I get stuck. Instead of getting a root shell I get the message "/system/bin/sh: /sbin/rootsh: not found". Does anyone have suggestions?
By the way we really need a Tegra Note 7 subforum here at XDA, if the mods could add it that would be great.
dark42 said:
Hey guys, I got my new Tegra Note 7 last night and I've been trying to get it rooted, but I keep running into trouble.
First of all, I DO NOT want to use some shady Chinese software that installs a bunch of bloat on both my tablet and PC just to get SuperSu going, I've tried that method and had to reset the tablet to get rid of all the crap it installs (and it didn't even seem to root anyway).
Now I'm trying the manual method from here: http://pan.baidu.com/wap/link?uk=3073396937&shareid=3129426036&third=0
Which, again, is Chinese but at least I can see what it's doing since I'm issuing ADB commands, and supposedly it has worked for others on this forum.
Now, I get to step 3 on the included PDF which says to boot an insecure bootloader image with "fastboot boot tegranote_insecure_boot.img", I do this and the tablet screen flashes a few times and reboots to android.
I get to the next step which says to open an adb shell, and do "/sbin/rootsh +p" to get a temp root shell, and this is where I get stuck. Instead of getting a root shell I get the message "/system/bin/sh: /sbin/rootsh: not found". Does anyone have suggestions?
By the way we really need a Tegra Note 7 subforum here at XDA, if the mods could add it that would be great.
Click to expand...
Click to collapse
I would recommend the following procedure:
1. Download the root_tool_v2.zip attached to this post
2. Unzip the contents the root_tool_v2.zip to a directory
3. Run the following commands from your ADB and Fastboot directory:
Code:
adb reboot bootloader
fastboot boot tegranote_insecure_v2.img
4. Once your device finishes booting the insecure boot.img (Your device's screen will blink several times and then boot into Android) run the following commands:
Code:
adb shell
mount -o remount,rw /dev/block/mmcblk0p5 /system
exit
adb push su /system/xbin/su
adb push Superuser.apk /system/app/Superuser.apk
adb shell
chmod 6755 /system/xbin/su
chmod 644 /system/app/Superuser.apk
mount -o remount,ro /dev/block/mmcblk0p5 /system
exit
adb reboot
5. You should now have Superuser installed and have root access.
What I did was I modified the boot.img provided to be insecure and use an insecure adbd binary to allow a root shell when booted from which can then be used to setup Superuser and su binary access. Let me know how this goes for you and if you have any questions .
Wow, thanks for the help! Unfortunately your attachment seems to be corrupt, I can't decompress the archive. I'm using 7-zip btw. The forum says your attachment is 7.19MB but when downloaded it's only 160KB.
If you can re-upload it I will give it a go.
a reup of the file would be much appreciated! :good:
PS
i have a batch file to expedite the process.
dark42 said:
Wow, thanks for the help! Unfortunately your attachment seems to be corrupt, I can't decompress the archive. I'm using 7-zip btw. The forum says your attachment is 7.19MB but when downloaded it's only 160KB.
If you can re-upload it I will give it a go.
Click to expand...
Click to collapse
dergezero said:
a reup of the file would be much appreciated! :good:
PS
i have a batch file to expedite the process.
Click to expand...
Click to collapse
Re-uploaded the file for you guys let me know how it goes for you .
Awesome your new package downloaded fine.
However I'm still not getting root, I got to step 4 and when I open an adb shell I don't have permissions to do the next command.
The exact error message:
[email protected]:/ mount -o remount,rw /dev/block/mmcblk0p5 /system
mount -o remount,rw /dev/block/mmcblk0p5 /system
mount: Operation not permitted
So I guess the insecure boot image didn't work right. I should mention that I am using the latest Tegra Note firmware, I don't know if that makes a difference though. Any ideas?
Thanks for your help so far.
do you guys have a copy of the drivers for the tablet? mine only seems to work for storage.
update: got drivers working.
dergezero said:
do you guys have a copy of the drivers for the tablet? mine only seems to work for storage.
update: got drivers working.
Click to expand...
Click to collapse
I used Universal Naked Driver 0.73, I just manually installed the driver for the Nvidia Shield, thinking it would work, and it does!
Does shimp208's root image work for you, dergezero?
dark42 said:
I used Universal Naked Driver 0.73, I just manually installed the driver for the Nvidia Shield, thinking it would work, and it does!
Does shimp208's root image work for you, dergezero?
Click to expand...
Click to collapse
no, it just reboots. neither is working. im going to see if any one can give us a dump of their img that already works to be rooted. i tried that Chinese method and its really annoying and i dont get root on any computer i try it on.
Hey guys I am in the process of creating a new boot image that uses a different method for gaining root access and will upload that once I finish it.
shimp208 said:
Hey guys I am in the process of creating a new boot image that uses a different method for gaining root access and will upload that once I finish it.
Click to expand...
Click to collapse
:good: Awesome man, good luck! Eager to try it when you post it! :fingers-crossed:
dark42 said:
:good: Awesome man, good luck! Eager to try it when you post it! :fingers-crossed:
Click to expand...
Click to collapse
I agree, with the amount of malware that is in the chinese root tools, it makes me nervous to use the one the OP posted.
Brew
I wonder if someone would be able to port Clockworkmod Recovery to the TN7 eventually. The bootloader on this device is factory unlocked so it should be simple enough. Unfortunately I'm not a good enough programmer to get this done.
If we had Clockworkmod then rooting would be as easy as flashing the SuperSU .zip from the SD.
I have updated my original post with the rooting instructions to include a new insecure boot method follow the same instructions as before just use the new boot.img I uploaded to that post. Credit to teknoraver for the insecure adbd binary.
shimp208 said:
I have updated my original post with the rooting instructions to include a new insecure boot method follow the same instructions as before just use the new boot.img I uploaded to that post. Credit to teknoraver for the insecure adbd binary.
Click to expand...
Click to collapse
I tried your V2 image, still getting permission errors when doing "mount -o remount,rw /dev/block/mmcblk0p5 /system", what am I doing wrong?
dark42 said:
I tried your V2 image, still getting permission errors when doing "mount -o remount,rw /dev/block/mmcblk0p5 /system", what am I doing wrong?
Click to expand...
Click to collapse
When you boot the image and then type ADB shell do you get a root shell ([email protected]:/ #) or just a regular shell ([email protected]:/ $)?
Amazing
Nice to see you working on a different method of root... I am sorry to those who feel that the method I posted is getting negative reviews just wanted to throw something out there for people... however, I do feel much better with Shrimp208 working on a better root method I really wish we could get a forum going..
I used the Chinese root tool and all seems fine on my Tegra note
Sent from my TegraNote-P1640 using Tapatalk
shimp208 said:
When you boot the image and then type ADB shell do you get a root shell ([email protected]:/ #) or just a regular shell ([email protected]:/ $)?
Click to expand...
Click to collapse
Just a regular shell with $. Doesn't look like I get temp root permissions after running the tegranote_insecure_v2.img.
If it matters, I'm on the latest Stock ROM (4.2.2/JDQ39.13155_268.1942) and I'm using Universal Naked Driver 0.73 for the Shield, which works with this device. Maybe I need to use a different driver?
Toyeboy said:
I used the Chinese root tool and all seems fine on my Tegra note
Sent from my TegraNote-P1640 using Tapatalk
Click to expand...
Click to collapse
yeah it works but you dont really know what was installed on ur phone or on your pc. 3 apps are installed on your phone and a few reg changes on ur pc can be detrimental. and its all bloatware