Related
ATTN: My rom is bare basic, if your looking for a more streamlined rom
check out grdlock bluid based on the same source. Link removed because of assholes.
SNIP SNIP Several others released far more indepth and better roms, use them (like grdlock's).
http://www.androlib.com/android.application.com-hookerbots-rpics-twDt.aspx
I don't take donations. If you like my worth, the above app is from my favorite author, support him and of course XDA.
jcase said:
# id
uid=0(root) gid=0(root)
# busybox whoami
whoami: unknown uid 0
# busybox uname -a
Linux localhost 2.6.29-564a4a15 #1 PREEMPT Thu Feb 25 15:56:06 CST 2010 armv6l GNU/Linux
#
Just wanted to put that out there. If not one else puts out a better rom based on OTA tomorrow, I'll release it.
Its just bare OTA with su/superuser.apk.
Click to expand...
Click to collapse
That's exactly what i'm looking for an OTA with su added.
Thanks! can't wait for the upload.
i see you conquered the problem. MAGIC! well done
Thanks jcase! Will be testing tomorrow. Don't forget to rm /system/etc/security/otacerts.zip
flashing now. letting it run overnight should let me know if the stock Messages app bug is fixed. if not, Handcent it is!
So once again... no root for us that went to the 2.1 leak?
LexusBrian400 said:
So once again... no root for us that went to the 2.1 leak?
Click to expand...
Click to collapse
Nope. In order to flash a new rom without root, the HTC signature needs to be valid. In order to preserve root, the rom was modified by jcase to include su which breaks the signature hash. So, while you will be able to update to the official OTA update (assuming version is higher, which I believe to be the case), you can't install this rom.
Since most people will be updating to the OTA 2.1 away from the leak or away from 1.5, I'd personally recommend installing the OTA 2.1 directly from HTC. We'll likely be targeting it for root exploits next and abandoning version 1.5.
hoban_eris said:
Since most people will be updating to the OTA 2.1 away from the leak or away from 1.5, I'd personally recommend installing the OTA 2.1 directly from HTC. We'll likely be targeting it for root exploits next and abandoning version 1.5.
Click to expand...
Click to collapse
To be clear, install the otaroot rom released by jcase if you already have root. Install the OTA rom direct from HTC if you currently have the leaked 2.1.
hoban_eris said:
Nope. In order to flash a new rom without root, the HTC signature needs to be valid. In order to preserve root, the rom was modified by jcase to include su which breaks the signature hash. So, while you will be able to update to the official OTA update (assuming version is higher, which I believe to be the case), you can't install this rom.
Since most people will be updating to the OTA 2.1 away from the leak or away from 1.5, I'd personally recommend installing the OTA 2.1 directly from HTC. We'll likely be targeting it for root exploits next and abandoning version 1.5.
Click to expand...
Click to collapse
Thanks for the clarification. I really appreciate it. Can't wait for OTA root
The new 2.1 is exactly what I wished the last leaked 2.1 would have been. Its working so much better with no noticeable lag at all.
Thanks again guys!
wipe data
I have root now and am currently running the .3 rom, question
1. is this just an update to what i am running now?
2. Do i need to preform a wipe?
3. if i dont wipe does the phone maintain all my apps and settings i.e email google etc?
Damn, I was just uploading my all-in-one batch script and then I noticed this had been released... I started making a rom of it, then I noticed you already did! hah!
Thanks for being a night owl and already doin the work jcase. I'm gonna incorporate this into the all-in-one script.
mv error: cross-device link
i have updated this rom, works great!
bu i can't mv from /system/app to /sdcard
error message is "cross-device link"
but i had already remount the /system partion as rw, and i notice that rm is working fine - i can remove files in /system/app, but can't move to another directory!
before update to this rom, mv is working correct
any advice?
btw, there is no busybox in this rom
liushk said:
i have updated this rom, works great!
bu i can't mv from /system/app to /sdcard
error message is "cross-device link"
but i had already remount the /system partion as rw, and i notice that rm is working fine - i can remove files in /system/app, but can't move to another directory!
before update to this rom, mv is working correct
any advice?
btw, there is no busybox in this rom
Click to expand...
Click to collapse
same problem here. you can copy files and then remove the source. that's what I've been doing for my moves. As for busybox, I installed it myself, but I'm sure someone (if not me) will release an update.zip to install it sooner rather than later.
hoban_eris said:
same problem here. you can copy files and then remove the source. that's what I've been doing for my moves. As for busybox, I installed it myself, but I'm sure someone (if not me) will release an update.zip to install it sooner rather than later.
Click to expand...
Click to collapse
thanks for reply
I tried install busybox myself, but it dosn't work. this is my steps:
adb push busybox /sdcard/
adb shell
remount /system
mv /sdcard/busybox /system/xbin
failed
adb shell
remount /system
switch to another console
adb push busybox /system/xbin
failed
and, there is no "cp" command, I didn't find another way to copy from /system/app to /sdcard/
Wipe??
I just want to reiterate denonlake's question, does installing rooted OTA 2.1 require a wipe of DATA and CACHE partitions like the original root process? Can we preserve settings through this flash or is it best to go through the whole setup process again?
The mv and cp commands are in busybox. I did not install busybox, so you don't have them. The Toolbox that comes with the OTA is lacking them.
Install busybox yourself, or wait for grdlock or ivan's release.
in case anyone is interested, the Messages app bug and cell standby bugs are fixed in this release too (as well as the already known gmail login bug fix) the phone also seems to power down a lot faster than previous leaks.
havent tested google voice yet, probably cant till later today. someone else feel free..
shickfaced said:
I just want to reiterate denonlake's question, does installing rooted OTA 2.1 require a wipe of DATA and CACHE partitions like the original root process? Can we preserve settings through this flash or is it best to go through the whole setup process again?
Click to expand...
Click to collapse
I first tried installing from zip through recovery.
This did not appear* to work.
Next, wiped device and cache, then installed zip through recovery.
Success!
*My experience is limited. Maybe it did work, but nothing on the phone appeared changed.
Ok so this is just a rooted version of the Official OTA 2.1 right??? Nothing else has been done to it??
rustyman14 said:
Ok so this is just a rooted version of the Official OTA 2.1 right??? Nothing else has been done to it??
Click to expand...
Click to collapse
All this info is in the first post... X_X
jcase said:
This is the 2.1 OTA Rom with su, a modified sh, SuperUser.apk and spare_parts.apk added (root). Thats it, nothing else modified.
Click to expand...
Click to collapse
Hi all!
First off, I'm new to xda Developers so please excuse me if this is in the wrong forum! I thought I'd post information about a tool I wrote here which roots stock 4.0.3 leak on the A500, A501 and assumingly the A200 too. Its literally one click - just enable USB debugging. "ICS Root" also installs, optionally, FaceLock and Trebuchet (although FaceLock doesn't want to work. It lets you set it up though =P)
Since version 5.0.1 this also now works with the new 0.022.00 leak!
The full post is over at TegraOwners: http://forum.tegraowners.com/viewtopic.php?f=30&t=350
The only real system requirements are Windows (with .Net Framework 4) and an Iconia on the stock 4.0.3 leak. I hope somebody finds this useful its been tested by myself and a couple of TegraOwners users and it works well.
In terms of the technique used, it uses the great Jay Freeman's mempodroid exploit to gain root at which point it mounts /system rw and installs su, busybox and Superuser.apk so no real surprises there. Installing Trebuchet adds that apk to /system/app and installing FaceLock installs the apk to /system/app before installing the pittpatt folder to the flexrom (mounted as /system/vendor). I plan to open source it when all the requested features have been implemented and the code has been cleaned up.
Thanks!
~blackthund3r
EDIT 14/05/2012: ICS Root 7 is out enjoy!
Sent from my A500 using Tapatalk
cwm version?
why would it not work with cwm version?
With this tool does system remain writeable after rooting?
What about flashing CWM with acer recovery installer once rooted? I guess it would screw the bootloader...
lowsum said:
What about flashing CWM with acer recovery installer once rooted? I guess it would screw the bootloader...
Click to expand...
Click to collapse
If you are on the cwm with the HC boot loader it should work as Its Magic will be run..
if you are on the new boot loader as in the full non modded leak.. It will give you secure boot error ..
The new boot loader Blocks its magic.
Thanks
Hey this worked easy. I had to re-install USB drivers and make sure I had the latest from Google. Other then that, hit the button, wait about 1.5 minutes, and it rebooted! No problems thus far! Thanks Again!
JeanBubu said:
why would it not work with cwm version?
Click to expand...
Click to collapse
It would but the cwm one, afaik, is prerooted?
Sent from my A500 using Tapatalk
root doesnt work like its supposed to. i know its only half root due to the bootloader, but terminal emulator flat out says i'm not rooted after this despite sixasis working and titanium backup/root checker both saying i have root and busybox. i'm going to post this on TO as well for you incase you dont check here often.
nifterific said:
root doesnt work like its supposed to. i know its only half root due to the bootloader, but terminal emulator flat out says i'm not rooted after this despite sixasis working and titanium backup/root checker both saying i have root and busybox. i'm going to post this on TO as well for you incase you dont check here often.
Click to expand...
Click to collapse
That's storage cos terminal works for me and running su in an adb shell works great too.
Code:
[email protected]:/ $ export PATH=/data/local/bin:$PATH
[email protected]:/ $ su
# exit
[email protected]:/ $ su
#
Sent from my A500 using Tapatalk
SteamBishop said:
Hey this worked easy. I had to re-install USB drivers and make sure I had the latest from Google. Other then that, hit the button, wait about 1.5 minutes, and it rebooted! No problems thus far! Thanks Again!
Click to expand...
Click to collapse
You're welcome and I'm glad it worked!
Sent from my A500 using Tapatalk
After reading the other post, I have found that I cannot write to the system directory from the device itself. The folder attributes indicate that it is set to write, however File Explorer HD will not let me. I have tried to create a folder in the /system and it will not accept the addition. The strange thing is that Root Check says it is rooted, File Explorer HD accepts putting it into Root Explore, but that is it. It is odd. I will try to reapply the Root to see if that makes a difference.
SteamBishop said:
After reading the other post, I have found that I cannot write to the system directory from the device itself. The folder attributes indicate that it is set to write, however File Explorer HD will not let me. I have tried to create a folder in the /system and it will not accept the addition. The strange thing is that Root Check says it is rooted, File Explorer HD accepts putting it into Root Explore, but that is it. It is odd. I will try to reapply the Root to see if that makes a difference.
Click to expand...
Click to collapse
Please, read the op before bringing this up. This method is for half root, its the only way possible right now on stock leak ics. There is a special script you need to use to mpunt system. You can find it in the stock leak thread, run it in terminal or use rom toolbox and set it as a script to run at boot because rebooting loses write privileges.
nifterific said:
Please, read the op before bringing this up. This method is for half root, its the only way possible right now on stock leak ics. There is a special script you need to use to mpunt system. You can find it in the stock leak thread, run it in terminal or use rom toolbox and set it as a script to run at boot because rebooting loses write privileges.
Click to expand...
Click to collapse
Sorry for offending you and whoever else it did. Thank you for pointing that script out in that post. My intent was to offer a second comment to your assessment..
nifterific said:
Please, read the op before bringing this up. This method is for half root, its the only way possible right now on stock leak ics. There is a special script you need to use to mpunt system. You can find it in the stock leak thread, run it in terminal or use rom toolbox and set it as a script to run at boot because rebooting loses write privileges.
Click to expand...
Click to collapse
I have a better script which I'll be releasing as an update to the root app this morning hopefully. It'll be a terminal command to remount rw.
Sent from my A500 using Tapatalk
New update out!!
blackthund3r said:
I have a better script which I'll be releasing as an update to the root app this morning hopefully. It'll be a terminal command to remount rw.
Sent from my A500 using Tapatalk
Click to expand...
Click to collapse
Version 3 came out this morning
It features some bug fixes as well as a completely new remount menu which mounts /system rw properly on the fly. Tested with a busybox installer app
Enjoy!
Thanks for your tool blackthund3r !
I tried it with the new leak from this morning and it doesn't seem to work anymore
Edit :
Just to be a little more specific, the app says the process was OK and state that the tablet is rooted but the tablet doesn't reboot by itseld and su is not installed. I tried to install su manually but it's unable to find a previous su package on the system.
paugustin said:
Thanks for your tool blackthund3r !
I tried it with the new leak from this morning and it doesn't seem to work anymore
Edit :
Just to be a little more specific, the app says the process was OK and state that the tablet is rooted but the tablet doesn't reboot by itseld and su is not installed. I tried to install su manually but it's unable to find a previous su package on the system.
Click to expand...
Click to collapse
ah okay it appears a completely new leak has been released. It is possible that the mempodroid exploit has been patched up. I'm gonna look into it soon. I can't much tonight - I have school work. I'll see what can be done and what the differences between leaks are.
Sent from my A500 using Tapatalk
EDIT: mempodroid hasn't been patched See ICS Root v3.1
Hi blackthund3r
Thanks for the update 3.1 but could you please fix the problem on your hosting website? clicking on this file send to an error warning.
The other files can be downloaded though.
can someone post a mirror to the 3.1 version? current link is not working.
can somebody also confirm, if i root with this tool, i will be able to reinstall my clockworkmod recovery through 'acer recovery installer' and flash any other cwm rom? or do i have to downgrade to honeycomb 3.01, install iconiaroot for honeycomb and then acer recovery installer?
Gersma,
I'll be able to answer to your question as soon as I'll be able to download this tool and test it.
Hey all in UK as ever
Finally my Arc has been updated to the above OS
Came as a complete shock to me as I was going to start looking round for a diff phone but now am on ICS am happier
Slight problem
Previously I had Superuser App and Titanium backup installed and removed the bloatware from my service provider. I tried doing this again once the update was completed but Titanium says it cannot get root access and Superuser is not listing it at all and I cannot add it.
Please help
Have you read the relevant 587 rooting threads, as you've obviously lost root access during the update.
Sent from Myushi
XperienceD said:
Have you read the relevant 587 rooting threads, as you've obviously lost root access during the update.
Sent from Myushi
Click to expand...
Click to collapse
Yeh that looks like what has happened
Just tried rooting again and it failed Titanium will not get root access
Nath316 said:
Yeh that looks like what has happened
Just tried rooting again and it failed Titanium will not get root access
Click to expand...
Click to collapse
You've obviously missed a step then, re read whatever guide to root you've used and try again.
You got arc (lt15i)
Just testpoint, boot a kernel, install root with cwm
Sent from my LT15i using xda premium
XperienceD said:
You've obviously missed a step then, re read whatever guide to root you've used and try again.
Click to expand...
Click to collapse
Well it looks like the Doomlord thing failed
busybox: /system/xbin/zcip: Read-only file system
--- pushing SU binary
failed to copy 'files\su' to '/system/bin/su': Read-only file system
--- correcting ownership
Unable to chmod /system/bin/su: No such file or directory
--- correcting permissions
Unable to chmod /system/bin/su: No such file or directory
--- correcting symlinks
rm failed for /system/xbin/su, Read-only file system
link failed Read-only file system
--- pushing Superuser app
failed to copy 'files\Superuser.apk' to '/system/app/./Superuser.apk': Read-only file system
--- cleaning
rm failed for /data/local.prop, No such file or directory
rm failed for /data/local/tmp, Permission denied
failed on '/data/local/tmp.bak' - No such file or directory
--- rebooting
ALL DONE!!!
Click to expand...
Click to collapse
I followed each step
Hi Nath,
If you tried to root with Doomlords root toolkit try using DooMLoRD_v1_Xperia-2011-ICS-ROOT-emu-busybox-su instead found here, near the bottom of first post...
http://forum.xda-developers.com/showthread.php?t=1601038
I struggled for a while but this worked first time..
good luck and stick with it..
Onmehedson said:
Hi Nath,
If you tried to root with Doomlords root toolkit try using DooMLoRD_v1_Xperia-2011-ICS-ROOT-emu-busybox-su instead found here, near the bottom of first post...
http://forum.xda-developers.com/showthread.php?t=1601038
I struggled for a while but this worked first time..
good luck and stick with it..
Click to expand...
Click to collapse
thanks for pointing out but this failed also with a read only system error.
suspect it is the carrier
I`m just a novice at this game but I dont see how the carrier could affect root as you flash generic .587 firmware to begin with...
Have a look at this great video and follow it point by point but use the alternative root kit than the one shown, although I didnt run programmes from command prompt like he suggests..
http://www.youtube.com/watch?v=Rjv71b9QcZE
Sorry if you have already seen it.
Keep trying , you`ll get there in the end..
Onmehedson said:
I`m just a novice at this game but I dont see how the carrier could affect root as you flash generic .587 firmware to begin with...
Have a look at this great video and follow it point by point but use the alternative root kit than the one shown, although I didnt run programmes from command prompt like he suggests..
http://www.youtube.com/watch?v=Rjv71b9QcZE
Sorry if you have already seen it.
Keep trying , you`ll get there in the end..
Click to expand...
Click to collapse
Interesting post here saying that 587 cannot be rooted
http://forum.xda-developers.com/showthread.php?t=2105325
May explain why i am having issues
Quite right , .587 cannot be rooted directly. You have to downgrade by flashing an earlier version kernel.
So its...Flash .587 firmware - FLASH .562 KERNEL ONLY - root with DooMLoRD_v1_Xperia-2011-ICS-ROOT-emu-busybox-su - flash original .587 kernel..
Watch the video , all is explained within it ...
SuperUser Fixed
Nath316 said:
Hey all in UK as ever
Finally my Arc has been updated to the above OS
Came as a complete shock to me as I was going to start looking round for a diff phone but now am on ICS am happier
Slight problem
Previously I had Superuser App and Titanium backup installed and removed the bloatware from my service provider. I tried doing this again once the update was completed but Titanium says it cannot get root access and Superuser is not listing it at all and I cannot add it.
Please help
Click to expand...
Click to collapse
Hi I got it fixed by flashing SuperSU, update it, then go into settings of SuperSU and Install , then look for Swotch to SuperUser, it un install itself, then go to SuperUser and update...
All done
Hey guys,
I was looking at the newly patched (for 4.4.3) exploit.
It is patched in our .402 firmware but is exploitable in .69.
Update: Exploit is released, see primary thread: http://forum.xda-developers.com/showthread.php?t=2781109
-----------------------------------------------------------------------------------------
With it me and a friend have managed to take out SELinux:
Code:
[email protected]:/data/local/tmp $ getenforce
Permissive
Edit: And now, my device is rooted! Sweet Time to backup TA.
Edit#2
I/sh (12494): I am running as..
I/sh (12494): uid=0(root) gid=0(root) context=u:r:vold:s0
I/sh (12494): Backing up TA..
I/sh (12494): lrwxrwxrwx root root 1970-03-20 09:35 TA -> /dev/block/mmcblk0p1
I/sh (12494): 4096+0 records in
I/sh (12494): 4096+0 records out
I/sh (12494): 2097152 bytes transferred in 0.065 secs (32263876 bytes/sec)
I/sh (12494): Created /data/local/tmp/TA.img -- Checking MD5..
I/sh (12494): 215c7526bb9abea4ae6363c25987bbd0 /dev/block/platform/msm_sdcc.1/by-name/TA
I/SemcPhoneInterfaceManager(12500): QcSemcService is connected.
I/sh (12494): 215c7526bb9abea4ae6363c25987bbd0 /data/local/tmp/TA.img
Click to expand...
Click to collapse
WOW! this is the most exciting news on this forum yet! Do you have a link to a guide for this exploit?
Sent from my MI 2S using Tapatalk
I would really like to make it a simple process. Right now it is *VERY* ugly!
You have to take out selinux and then replace some files (specific to .69) that let you run root commands from a bash file.
Right now it's just a collection of scripts, an apk and a tar.gz. No checks at all to make sure they are being run correctly.
From what I can tell, this method I am using will work for ALL phones using Android 4.4.2 (unpatched) or earlier.
Although it is using Sony files for the exploit for no other reason than I only cared about rooting my device.
Nice. Hope you can get it polished enough to share soon! Maybe ask for donations too. I'm ordering one soon and I would love root without killing my warranty.
Sent from my MI 2S using Tapatalk
SANGER_A2 said:
Nice. Hope you can get it polished enough to share soon! Maybe ask for donations too. I'm ordering one soon and I would love root without killing my warranty.
Click to expand...
Click to collapse
Is this good enough?
https://mega.co.nz/#!zBZVnDTZ!tajRYy0F3_lgYDITHlqj3UTPv3bDiEQBUW-bj6JqMKQ
xsacha said:
Is this good enough?
https://mega.co.nz/#!zBZVnDTZ!tajRYy0F3_lgYDITHlqj3UTPv3bDiEQBUW-bj6JqMKQ
Click to expand...
Click to collapse
Cool. Can't wait to try it out. Will be a while as I'm not ordering the tablet for about a week. I'm fine with linux, but ADB looks like a complete PITA to install on it, plus having to mess around configuring the USB to talk to the tablet. I've used ADB lots on Windows with no issues and will probably run the commands from there instead. I don't quite understand the "&& \" at the end of each adb command. Is that needed if using ADB in windows?
I'm trying to figure out how it all works and I can understand most of what you have done. I assume the exploit.apk gives su. Is this temporary until a reboot or permanent? And does it mean we have to have the app installed permanently or can it be uninstalled afterwards? Then, you copy and make the scripts & binaries executable. But you don't seem to run the scripts? Do the scripts need to be run on the device in a terminal emulator to backup the TA partition and mount the new volume with vold?
Damn, already updated to .402. Is there anyway to go back to .69?
Greato work btw.
star85 said:
Damn, already updated to .402. Is there anyway to go back to .69?
Greato work btw.
Click to expand...
Click to collapse
Yes, just flash .69. I was on .402 as well and found the exploit patched.
SANGER_A2 said:
Cool. Can't wait to try it out. Will be a while as I'm not ordering the tablet for about a week. I'm fine with linux, but ADB looks like a complete PITA to install on it, plus having to mess around configuring the USB to talk to the tablet. I've used ADB lots on Windows with no issues and will probably run the commands from there instead. I don't quite understand the "&& \" at the end of each adb command. Is that needed if using ADB in windows?
I'm trying to figure out how it all works and I can understand most of what you have done. I assume the exploit.apk gives su. Is this temporary until a reboot or permanent? And does it mean we have to have the app installed permanently or can it be uninstalled afterwards? Then, you copy and make the scripts & binaries executable. But you don't seem to run the scripts? Do the scripts need to be run on the device in a terminal emulator to backup the TA partition and mount the new volume with vold?
Click to expand...
Click to collapse
There was absolutely zero configuration on my Linux distro. In Ubuntu, adb comes in the repos. You don't need drivers on Linux because they are detected as usbnet by default. It literally just works out of the box.
The "&& \" is actually for bash. The && only continues if the previous command succeeds. The \ breaks to next line.
On Windows, you'd use a caret (^) instead of a backslash.
The exploit.apk is used to deploy a shared library owned by system because when a system app tries to load its library, it needs to be owned by system and this is the only way I know how to achieve that.
The exploit is all in vdc (a shell command), which allows us to overwrite files anywhere on the system. So in this instance, ServiceMenu is used. Its library is overwritten with one from exploit.apk. The library simply turns off selinux and then runs whatever is in 'log.command' prop which is in this instance, a shell script. In the script it continues on to the root.
Basically: All apps have system libraries but they can't execute system code unless a system app runs it. System user can turn off selinux. Turning off selinux is required to run as root.
Yes, the scripts get run indirectly. You don't run them yourself because you are only a mere shell user. Vold is not used for anything. It's simply the vehicle for running as root.
Sonny, you win the internets. If I had donation money it would go straight to you.
Thanks for the explanation Sacha. Can't wait to try it. So this let's us backup TA. Does it also provide permanent root or do we still need to unlock the bootloader and break the warranty to get that?
I'll have a play putting adb on Linux tonight. All the guides I found were pretty old!
Sent from my MI 2S using Tapatalk
SANGER_A2 said:
Thanks for the explanation Sacha. Can't wait to try it. So this let's us backup TA. Does it also provide permanent root or do we still need to unlock the bootloader and break the warranty to get that?
I'll have a play putting adb on Linux tonight. All the guides I found were pretty old!
Sent from my MI 2S using Tapatalk
Click to expand...
Click to collapse
Definitely not permanent. Resets on reboot.
I couldn't find anywhere to stick the su binary. /system can't be remounted rw by root. All the other partitions don't let me setuid. If anyone knows where to stick, that would be appreciated.
Afaik unlocking bootloader shouldn't void warranty? Isn't that one of the reasons for TA. When we flash it back, warranty is valid again?
SANGER_A2 said:
Thanks for the explanation Sacha. Can't wait to try it. So this let's us backup TA. Does it also provide permanent root or do we still need to unlock the bootloader and break the warranty to get that?
I'll have a play putting adb on Linux tonight. All the guides I found were pretty old!
Click to expand...
Click to collapse
If your distro doesn't have it in the repos just download and install the official Android SDK. There you only install the "platform-tools".
Thank you very much for this, that's really great news!! As soon as I have time and found out how to flash back to .69 I will try it out. Is there a way to donate to you for your work?
Nevertheless if I understood it right, this persists only until a reboot so if I root it and then update back to .402 it will be gone, so there is no way to have root on .402 with locked bootloader?
Or is it possible to root and backup ta, flash .402 restore ta and lock bootloader AND keep root? That would be awesome!
Thanks
Fleckdalm
fleckdalm said:
Thank you very much for this, that's really great news!! As soon as I have time and found out how to flash back to .69 I will try it out. Is there a way to donate to you for your work?
Nevertheless if I understood it right, this persists only until a reboot so if I root it and then update back to .402 it will be gone, so there is no way to have root on .402 with locked bootloader?
Click to expand...
Click to collapse
I guess you can donate if you want I didn't put much time in to this and I didn't discover the Android exploit. Most my projects (like Dingleberry for rooting) have a full UI and everything. I have a donate link on my blog: http://www.qtness.com/blog/
That's correct. if you upgrade to 402, you will not be able to do it. It's a tethered root but being able to backup TA means you can unlock bootloader and lock it again with everything preserved.
xsacha said:
I guess you can donate if you want I didn't put much time in to this and I didn't discover the Android exploit. Most my projects (like Dingleberry for rooting) have a full UI and everything. I have a donate link on my blog: http://www.qtness.com/blog/
That's correct. if you upgrade to 402, you will not be able to do it. It's a tethered root but being able to backup TA means you can unlock bootloader and lock it again with everything preserved.
Click to expand...
Click to collapse
Yeah I will support your good work!
So that means I can flash 69 using flash tool and backup ta using your script, then i can flash 402, unlock bootloader, flash cwm and root? But how should I continue then? How can I relock bootloader and restore ta? And are you sure that root and cwm isn't lost during this process? Is there really no way to find out if bootloader was unlocked after doing this (for warranty reasons)? Has somebody successfully tried out this procedure?
Oh and an other problem, I can't find a 69 ftf anywhere for the Wifi only model sgp511?
BTW I have just donated to you
fleckdalm said:
Yeah I will support your good work!
So that means I can flash 69 using flash tool and backup ta using your script, then i can flash 402, unlock bootloader, flash cwm and root? But how should I continue then? How can I relock bootloader and restore ta? And are you sure that root and cwm isn't lost during this process? Is there really no way to find out if bootloader was unlocked after doing this (for warranty reasons)? Has somebody successfully tried out this procedure?
Oh and an other problem, I can't find a 69 ftf anywhere for the Wifi only model sgp511?
BTW I have just donated to you
Click to expand...
Click to collapse
For the bootloader locking questions, I'm not the best to ask. I am asking about warranty myself on another thread. This is my first sony device so not sure how they operate.
Don't know. I use sgp521.
Technically anything before firmware .402 should work.
Success!
xsacha, GREAT work!
Successfuly unlocked my bootloader and restored DRM keys! Thanks a lot! really appreciate your work:good:
And about the warranty: if you lock the bootloader before bringing the device to the service center the won't be able to find any traces of bootloader unlock! So with your help we don't need to void our warranty.
nos1609 said:
xsacha, GREAT work!
Successfuly unlocked my bootloader and restored DRM keys! Thanks a lot! really appreciate your work:good:
Click to expand...
Click to collapse
So you have done it like this?
flash 69 using flash tool and backup ta using the script, then flash 402, unlock bootloader, flash cwm and root.
But how should I continue then? How can I relock bootloader and restore ta?
fleckdalm said:
But how should I continue then? How can I relock bootloader and restore ta?
Click to expand...
Click to collapse
Just put the backup on your INTERNAL sdcard and then from adb under su type: "dd if=/sdcard/TA.img of=/dev/block/platform/msm_sdcc.1/by-name/TA"
nos1609 said:
Just put the backup on your INTERNAL sdcard and then from adb under su type: "dd if=/sdcard/TA.img of=/dev/block/platform/msm_sdcc.1/by-name/TA"
Click to expand...
Click to collapse
Thanks! I will try it out as soon as I get a 69 ftf for my model...
ROOT w/o UNLOCKING BOOTLOADER:
Few of Qualcomm Devices have been found to have engineering mode software preinstalled on the device, which has root access. Using the same exploit root can be achieved in OP3, OP3T, OP5 and others, without unlocking the bootloader. Here is a full story: OnePlus Accidentally Pre-Installed an App that acts as a Backdoor to Root Access
The exploit was found by the user Elliot Alderson. An application has been promised by the author soon, to gain root access.
I have tested the method in OnePlus 3T and it works perfectly and passes SafetyNet check, furthermore you do not get DM-Verity error either.
Please follow the guide from here: OnePlus 3T Root w/o unlocking bootloader
Note: Do not modify system files though it won't let you, doing so will trigger Dm Verity.
Magisk Modules do not work, i,e you won't be able to use any modules.
Root and hide root works.
You will get system update but updating might kick you out of the root and you won't be able to gain access to root again.
It works on latest Oreo Beta, as you see in the screenshot.
Disclaimer: Follow the guide at your own risk, it is working fine for me, that in no way means it will work the same for you. Neither me nor the people envolved in this takes any responsibility. You and only you are responsible if anything goes wrong.
Note: I am not the developer or the person who found this exploit or root method. All credits go to them.
SCREENSHOTS ATTACHED
Update 1:
An app has been realsed by Oğuzhan Yiğit here is the link, the full credit goes to him for the same. Here is the link to the post:
Oneplus 3T Root Via App, further it installs SuperSU
This step is required every time you reboot:
adb shell
cd /data/magisk/
./magisk --mountimg xbin.img /system/xbin
magisk --post-fs
magisk --post-fs-data
magisk --service
I haven't tried doing the same, but theoretically, it shouldn't work.
[deleted]
casual_kikoo said:
...OnePlus 2...
Click to expand...
Click to collapse
That phone does not have dm-verity. That's why it works.
DOING THIS ON A ONEPLUS 3 OR NEWER WILL NOT WORK AND YOU WILL BRICK UNTIL YOU QUALCOMM UN-BRICK THE PHONE
Edit: I suggest deleting that and posting it in the OnePlus 2 section since someone will likely try it and brick.
SpasilliumNexus said:
That phone does not have dm-verity. That's why it works.
DOING THIS ON A ONEPLUS 3 OR NEWER WILL NOT WORK AND YOU WILL BRICK UNTIL YOU QUALCOMM UN-BRICK THE PHONE
Edit: I suggest deleting that and posting it in the OnePlus 2 section since someone will likely try it and brick.
Click to expand...
Click to collapse
Ok, as I thougth something else enter into account.
Thanks a lot !
As a newbie can u plz provide me the steps how to gain root access.?
Thanks in advance.
anuajayan said:
As a newbie can u plz provide me the steps how to gain root access.?
Thanks in advance.
Click to expand...
Click to collapse
Please do the necessary steps, I will assist you wherever you get stuck, you can also reach me at telegram on @apurvak
coolstoneapurva said:
Please do the necessary steps, I will assist you wherever you get stuck, you can also reach me at telegram on @apurvak
Click to expand...
Click to collapse
I don't know from where or how to start with? Please guide me accordingly..
replace hosts file
OK, so I decided to take advantage and replace my hosts file. I gain adb root, but then
Code:
@~/Downloads/oneplus[20:56:04]~: adb push hosts /system/etc/hosts
adb: error: failed to copy 'hosts' to '/system/etc/hosts': remote couldn't create file: Read-only file system
hosts: 0 files pushed. 73.3 MB/s (327680 bytes in 0.004s)
trying without success
Code:
@~/Downloads/oneplus[21:00:48]~: adb remount
remount failed
and from within
Code:
@~/Downloads/oneplus[21:00:51]~: adb shell
OnePlus3T:/ # id
uid=0(root) gid=0(root) groups=0(root),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats),3009(readproc) context=u:r:su:s0
OnePlus3T:/ # mount -o rw,remount /system
'/dev/block/dm-0' is read-only
What am I doing wrong or need to do to replace my hosts file, please?
mitkko said:
OK, so I decided to take advantage and replace my hosts file. I gain adb root, but then
trying without success
and from within
What am I doing wrong or need to do to replace my hosts file, please?
Click to expand...
Click to collapse
It's a good thing something is stopping you, because you shouldn't be modifying any file on the partitions. Again, dm-verity is enabled. You modifying any file directly will result in getting a corrupt error after a reboot. Use Magisk for systemless modifications.
Please write in first post if OTA will still work on next update. And if possible specify if this woks also on oxygen os open beta with Android Oreo.
That said, anyone know if possible to unlock bootloader state, without trigger the factory reset??
SpasilliumNexus said:
It's a good thing something is stopping you, because you shouldn't be modifying any file on the partitions. Again, dm-verity is enabled. You modifying any file directly will result in getting a corrupt error after a reboot. Use Magisk for systemless modifications.
Click to expand...
Click to collapse
How do I do that? Assume I have already introduced magisk to my phone.
mitkko said:
How do I do that? Assume I have already introduce magisk to my phone.
Click to expand...
Click to collapse
Isn't there a systemless host option for adblock in Magisk's settings? If so, turn it on, install AdAway, turn on systemless hosts in that, apply the adblock.
SpasilliumNexus said:
Isn't there a systemless host option for adblock in Magisk's settings? If so, turn it on, install AdAway, turn on systemless hosts in that, apply the adblock.
Click to expand...
Click to collapse
Never used it before. Is that persistent? I mean after reboot and magisk root gone will it persist? I don't need persistent root, I just want to patch hosts one time only if possible.
mitkko said:
Never used it before. Is that persistent? I mean after reboot and magisk root gone will it persist? I don't need persistent root, I just want to patch hosts one time only if possible.
Click to expand...
Click to collapse
It's not persistent. The last steps for root access in that guide needs to be done after every reboot, which is also needed for AdAway to apply the block. Applying the adblock after root doesn't need a reboot.
You're better off just doing the traditional unlock and root instead.
Hope that makes sense.
Deodexed and Patched EngineeringMode.apk for restore default Privilege
I played a little with Angela`s Root and wanted to restore the previous level of privilege. In the application there is a special button rollback changes, but it is Invisible
Code:
this.mPrivilege = this.findViewById(2131493042);
this.mPrivilege.setOnClickListener(((View$OnClickListener)this));
this.mPrivilege.setVisibility(4); //this.mPrivilege.setVisibility(View.INVISIBLE);
So I did the application deodex and patched the application, changing it to
Code:
this.mPrivilege.setVisibility(0); //this.mPrivilege.setVisibility(View.VISIBLE);
After that I changed the original application to patched
Code:
adb remount
adb push EngineeringMode_SIGNED_ALIGNED.apk /system/app/EngineeringMode/EngineeringMode.apk
And start them
Code:
adb shell am start -n com.android.engineeringmode/.qualcomm.DiagEnabled --es "code" "angela"
Result Screenshort:
After click on the button, the phone restarts and all privileges are restored
mitkko said:
OK, so I decided to take advantage and replace my hosts file. I gain adb root, but then
Code:
@~/Downloads/oneplus[20:56:04]~: adb push hosts /system/etc/hosts
adb: error: failed to copy 'hosts' to '/system/etc/hosts': remote couldn't create file: Read-only file system
hosts: 0 files pushed. 73.3 MB/s (327680 bytes in 0.004s)
trying without success
Code:
@~/Downloads/oneplus[21:00:48]~: adb remount
remount failed
and from within
Code:
@~/Downloads/oneplus[21:00:51]~: adb shell
OnePlus3T:/ # id
uid=0(root) gid=0(root) groups=0(root),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats),3009(readproc) context=u:r:su:s0
OnePlus3T:/ # mount -o rw,remount /system
'/dev/block/dm-0' is read-only
What am I doing wrong or need to do to replace my hosts file, please?
Click to expand...
Click to collapse
You shouldn't make any changes to system partion doing to will render you unable to boot, as dm verity is enabled.
andQlimax said:
Please write in first post if OTA will still work on next update. And if possible specify if this woks also on oxygen os open beta with Android Oreo.
That said, anyone know if possible to unlock bootloader state, without trigger the factory reset??
Click to expand...
Click to collapse
Yes it will work on next update as system files are intact, further it works on Beta Oreo as you can see the screenshot. I will further update the post with the same.
seems not working on Android 8 /OOS 5