OBSOLETE! There are now better ways to root using a proper kernel and TWRP. Please follow this guide instead
http://forum.xda-developers.com/z3-tablet-compact/general/adb-fastboot-drivers-tutorial-t2980529
I am working on root for the stock rom on SGP611 with unlocked bootloader.
So far I have managed to get R/W access to /system and make permanent changes. I have installed an su binary but it is not working properly which I believe is because of selinux restrictions. I can become root in ADB and mount /system writable but apps requiring root fails.
I have not tried to build a custom recovery so installing normal flashable zips is not possible.
This is what I did so far:
Get the firmware files using PC Companion
Extract the kernel using Flashtool and split it into kernel, ramdisk and dtb
Extract the ramdisk
Replace adbd with an insecure version
Change fstab.qcom som /system is mounted rw
Reassemble the boot.img using mkbootimg
Code:
mkbootimg --cmdline "androidboot.hardware=qcom user_debug=31 msm_rtb.filter=0xb7 ehci-hcd.park=3 dwc3.maximum_speed=high dwc3_msm.prop_chg_detect=Y" \
--base 0x00000000 --kernel kernel_S1-SW-LIVE-9C84-PID1-0006-MMC.elf.Image --ramdisk ramdisk-insecure.img.gz \
--ramdisk_offset 0x02000000 -o boot.img --dt kernel_S1-SW-LIVE-9C84-PID1-0006-MMC.elf.3 --tags_offset 0x01E00000
Unlock bootloader (I selected Z3 on the Sony unlock web page). YOUR DATA WILL BE WIPED SO MAKE A BACKUP FIRST! DRM keys will be removed which may affect funtionality and can affect the second hand value of your tablet. You have been warned!
Boot the insecure image with fastboot
Code:
fastboot-toolkit.exe boot \temp\insecure-kernel\z3tc-sgp611-insecure.img
Tablet boots but screen is not working.
Connect with ADB with root and /system rw. Now it is possible to push files to /system
Attached is my modified kernel image. I have not tried to flash it but only booted it from fastboot.
I am now asking for help installing a proper su (su daemon?) and tips for building a custom recovery.
Please feel free to move this thread to a development forum but I am not allowed to post there.
I can only hope that you can break through and get this thing rooted. Remember that there are developer's that can give you a hand. I wish I knew how. By the way will this work with SGP621 4G LTE they are the same except for cell capability. I just want to thank you for trying
Instructions for rooting Z3TC with unlocked bootloader
Root for unlocked bootloader
Sony Z3 Tablet Compact Wifi SGP611 firmware 23.0.1.A.0.167
Step by step installation:
Make sure that you have ADB installed and it is working before you proceed. Your PC should be authorized (connect once and press ok on the tablet.)
Reboot to fastboot and unlock bootloader. Follow the instructions here
http://developer.sonymobile.com/unlockbootloader/unlock-yourboot-loader/
and select Xperia Z3 if Tablet Compact is not available.
WARNING! YOUR DATA WILL BE WIPED WHEN UNLOCKING THE BOOTLOADER. MAKE SURE THAT YOU HAVE A BACKUP. DRM keys will be removed which may affect functionality and can affect the second hand value of your tablet. You have been warned!
Boot the included kernel image. This will not flash a new kernel, only load it to RAM and boot it
Code:
fastboot boot z3tc-sgp611-insecure.img
Wait for the tablet to boot. NOTHING WILL BE SHOWN ON SCREEN, THE DISPLAY IS
DARK.
Run the following commands to push files to the tablet:
Code:
adb push UPDATE-SuperSU-v2.16.zip /tmp
adb push busybox /tmp
adb push install-supersu.sh /tmp
Start an ADB shell. You should get a root prompt #
Code:
adb shell
In ADB shell, run the script to install supersu. A number of error messages
about missing files will be shown but it is normal.
Code:
# cd /tmp
# /system/bin/sh install-supersu.sh
Reboot tablet and enjoy root!
Code:
# reboot
When booting z3tc-sgp611-insecure.img only mass storage usb device is on USB port, no debug! How to solve?
SGP621, 23.0.1.A.0.167
Code:
C:\adt\adt-bundle-windows-x86_64-20140702\sdk\platform-tools>fastboot boot z3tc-sgp611-insecure.img
< waiting for device >
downloading 'boot.img'...
OKAY [ 0.333s]
booting...
OKAY [ 0.048s]
finished. total time: 0.385s
C:\adt\adt-bundle-windows-x86_64-20140702\sdk\platform-tools>adb devices
List of devices attached
C:\adt\adt-bundle-windows-x86_64-20140702\sdk\platform-tools>adb push UPDATE-SuperSU-v2.16.zip /tmp
error: device not found
error: device not found
C:\adt\adt-bundle-windows-x86_64-20140702\sdk\platform-tools>adb devices
List of devices attached
C:\adt\adt-bundle-windows-x86_64-20140702\sdk\platform-tools>adb devices
List of devices attached
C:\adt\adt-bundle-windows-x86_64-20140702\sdk\platform-tools>adb kill-server
C:\adt\adt-bundle-windows-x86_64-20140702\sdk\platform-tools>adb devices
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
List of devices attached
alex9x said:
When booting z3tc-sgp611-insecure.img only mass storage usb device is on USB port, no debug! How to solve?
Click to expand...
Click to collapse
I have SGP611 16GB Wifi version and I do not know if SGP621 uses the exact same kernel.
It sound like a missing driver issue. Is ADB enabled in developer settings? Is ADB working ok when you boot normally?
Check Device Manager in Windows and see if there are any missing drivers (question marks). I had to replace the android_winusb.inf file for the ADB driver to get it to recognize the Z3TC (or maybe that was for Fastboot...).
ejdan said:
I have SGP611 16GB Wifi version and I do not know if SGP621 uses the exact same kernel.
It sound like a missing driver issue. Is ADB enabled in developer settings? Is ADB working ok when you boot normally?
Check Device Manager in Windows and see if there are any missing drivers (question marks). I had to replace the android_winusb.inf file for the ADB driver to get it to recognize the Z3TC (or maybe that was for Fastboot...).
Click to expand...
Click to collapse
All drivers installed, but only SD card appear in device manager. Seems like ADB disabled in booted firmware.
When normal boot - Sony sa0111 ADB Interface Driver (USB\VID_0FCE&PID_51C0&REV_0232&MI_01 ) appear and all OK. But before connection it ask to allow my pc connection and display RSA keys. One time press allow, and then no any questions, adb devices show my serial in list.
When powering UP - Android ADB Interface (USB\VID_0FCE&PID_0DDE&REV_0100) appearing, then booting z3tc-sgp611-insecure.img -
USB Mass Storage Device (USB\VID_0FCE&PID_E1C0&REV_0232) appears in a 7-10 seconds, and no more devices.
right on guys you're getting there. thank you
alex9x said:
When powering UP - Android ADB Interface (USB\VID_0FCE&PID_0DDE&REV_0100) appearing, then booting z3tc-sgp611-insecure.img -
USB Mass Storage Device (USB\VID_0FCE&PID_E1C0&REV_0232) appears in a 7-10 seconds, and no more devices.
Click to expand...
Click to collapse
Do you have any lockscreen security enabled? Maybe ADB is disabled when the device is locked. Try disabling PIN/pattern lock before booting the insecure kernel.
ejdan said:
Do you have any lockscreen security enabled? Maybe ADB is disabled when the device is locked. Try disabling PIN/pattern lock before booting the insecure kernel.
Click to expand...
Click to collapse
no any locks... I know this...
usb sd device is the same like when charging.... seems like when insecure kernel boots - it just enter charger mode... when booting insecure image, need any pressing key?
alex9x said:
When powering UP - Android ADB Interface (USB\VID_0FCE&PID_0DDE&REV_0100) appearing, then booting z3tc-sgp611-insecure.img -
USB Mass Storage Device (USB\VID_0FCE&PID_E1C0&REV_0232) appears in a 7-10 seconds, and no more devices.
Click to expand...
Click to collapse
Also I have my tablet set to MTP mode. Maybe it makes a difference.
Settings -> Xperia connections -> USB connection -> USB connection mode (translated from Swedish so it may not be the exact wording in English.)
ejdan said:
Also I have my tablet set to MTP mode. Maybe it makes a difference.
Settings -> Xperia connections -> USB connection -> USB connection mode (translated from Swedish so it may not be the exact wording in English.)
Click to expand...
Click to collapse
Yes, mode is MTP. When booting insecure - mass storage device NOT connect SD or internal flash, just disk without any access.
Maybe you make other steps or settings? that may affect...
alex9x said:
Yes, mode is MTP. When booting insecure - mass storage device NOT connect SD or internal flash, just disk without any access.
Maybe you make other steps or settings? that may affect...
Click to expand...
Click to collapse
Ok, then I do not know. The kernel I used is for SGP611 so maybe you need a different kernel.
ejdan said:
I have SGP611 16GB Wifi version and I do not know if SGP621 uses the exact same kernel.
Click to expand...
Click to collapse
i don't understand this.
i have the 32GB wifi only version and it says model number SGP621. What exactly is the SGP611 ?
Just a thought. Make sure you have the updated version of adb.exe installed. Previous versions will not work with KK. You will get no devices when doing "adb devices". If your tab is running, and adb debugging is enabled, and you can't get it to display devices (and no security notice on the tab), update your adb.exe
Also, when you push SU and the apk, you may want to do a chmod . Here's an example I used on the A700 tabs from my bat file, note your directories may need to be changed, but you get the general idea;
Code:
adb remount
adb push su /system/xbin/
adb push Superuser.apk /system/app/
adb push busybox /system/xbin/
adb shell chmod 6755 /system/xbin/su
adb shell chmod 0755 /system/xbin/busybox
adb shell chmod 0644 /system/app/Superuser.apk
cls
echo Installing busybox
adb shell /system/xbin/busybox --install -s /system/xbin
Just some info.
a user said:
i don't understand this.
i have the 32GB wifi only version and it says model number SGP621. What exactly is the SGP611 ?
Click to expand...
Click to collapse
SGP611 is 16GB wifi only version. I think the kernel, ramdisk and system should be the same for 16GB and 32GB versions but LTE version may be different.
According to Sony kernel docs the SGP611 and SGP612 uses the same config and SGP621/SGP641 is a different config.
Xperia Z3 Tablet Compact SGP621/SGP641 => shinano_scorpion_defconfig
Xperia Z3 Tablet Compact SGP611/SGP612 => shinano_scorpion_windy_defconfig
Click to expand...
Click to collapse
In Sweden 3 versions are available from the Sony online store:
16 GB Wi-Fi® SGP611NB
32 GB Wi-Fi® SGP612NB
LTE/4G 16 GB SGP621NB
Moscow Desire said:
Just a thought. Make sure you have the updated version of adb.exe installed. Previous versions will not work with KK. You will get no devices when doing "adb devices". If your tab is running, and adb debugging is enabled, and you can't get it to display devices (and no security notice on the tab), update your adb.exe
Also, when you push SU and the apk, you may want to do a chmod . Here's an example I used on the A700 tabs from my bat file, note your directories may need to be changed, but you get the general idea;
Code:
adb remount
adb push su /system/xbin/
adb push Superuser.apk /system/app/
adb push busybox /system/xbin/
adb shell chmod 6755 /system/xbin/su
adb shell chmod 0755 /system/xbin/busybox
adb shell chmod 0644 /system/app/Superuser.apk
cls
echo Installing busybox
adb shell /system/xbin/busybox --install -s /system/xbin
Just some info.
Click to expand...
Click to collapse
chmod is not enough for KitKat because of SELinux. Take a look at the update script from superuser 2.16 and the chcon command to change file SELinux security context.
ejdan said:
chmod is not enough for KitKat because of SELinux. Take a look at the update script from superuser 2.16 and the chcon command to change file SELinux security context.
Click to expand...
Click to collapse
Thanks for the info. KK is new for me since coming off the Iconia tabs.
Your very much welcomed Ejdan, I will try your rooting method when i get home tonight and i will report back if i have success because i have been trying to root this tablet now for nearly two weeks, I tried all the rooting methods, apks and recoveries as they all failed but now we have hope
ejdan said:
SGP611 is 16GB wifi only version. I think the kernel, ramdisk and system should be the same for 16GB and 32GB versions but LTE version may be different.
According to Sony kernel docs the SGP611 and SGP612 uses the same config and SGP621/SGP641 is a different config.
In Sweden 3 versions are available from the Sony online store:
16 GB Wi-Fi® SGP611NB
32 GB Wi-Fi® SGP612NB
LTE/4G 16 GB SGP621NB
Click to expand...
Click to collapse
I reassamble boot.img from downloaded firmware (from sony site, with flashtool) with correct kernel and dt_image from original firmware - the same result! the same usb storage unknown device.
611 have "SoMC Scorpion WINDY"
621 have "SoMC Scorpion ROW"
flashtool log while manipulations...
Code:
24/032/2014 23:32:52 - INFO - Device disconnected
24/033/2014 23:33:08 - INFO - Device connected in fastboot mode
24/033/2014 23:33:32 - INFO - Device disconnected
24/033/2014 23:33:41 - INFO - Device connected with USB debugging off
24/033/2014 23:33:41 - INFO - For 2011 devices line, be sure you are not in MTP mode
24/034/2014 23:34:06 - INFO - List of connected devices (Device Id) :
24/034/2014 23:34:06 - INFO - - USB\VID_0FCE&PID_E1C0\[my_serial] Driver installed : true
24/034/2014 23:34:06 - INFO - List of ADB devices :
24/034/2014 23:34:06 - INFO - - none
24/034/2014 23:34:06 - INFO - List of fastboot devices :
24/034/2014 23:34:06 - INFO - - none
What may be problem? Maybe another settings in tablet?
Moscow Desire said:
Just a thought. Make sure you have the updated version of adb.exe installed. Previous versions will not work with KK. You will get no devices when doing "adb devices". If your tab is running, and adb debugging is enabled, and you can't get it to display devices (and no security notice on the tab), update your adb.exe
Click to expand...
Click to collapse
adb.exe downloaded from site yesterday, this is not adb error - no adb device in device manager, seems that adbd not started on tablet or just asking for permission in a black screen... but when booting normal - adb device OK and no any permission/RSAkey questions.
Normal boot:
Code:
25/035/2014 00:35:28 - INFO - List of connected devices (Device Id) :
25/035/2014 00:35:28 - INFO - - USB\VID_0FCE&PID_51C0&MI_00\7&13ECB37&0&0000 Driver installed : true
25/035/2014 00:35:28 - INFO - - USB\VID_0FCE&PID_51C0&MI_01\7&13ECB37&0&0001 Driver installed : true
25/035/2014 00:35:28 - INFO - - USB\VID_0FCE&PID_51C0\C[serial]N Driver installed : true
25/035/2014 00:35:28 - INFO - List of ADB devices :
25/035/2014 00:35:28 - INFO - - C[serial]N
25/035/2014 00:35:28 - INFO - List of fastboot devices :
25/035/2014 00:35:28 - INFO - - none
Related
Hey Guys,
I Clockwork3'd my Aria, but I wanted to update my sources (thread 730398) so I can get non market apps. When I follow the instructions in that post I get an error:
Code:
./adb remount
remount failed: operation not permitted
'adb devices' does show my Aria's SN, I'm su'd and I'm running in debug mode. I also chowned everything in the android sdk tools and its subdirectories.
Here's the question -
In searching, I found (thread 614645) that suggested ro.secure wasn't set properly, and sure enough if I do:
Code:
./adb shell
$ getprop ro.secure
1
$
Shouldn't applying clockwork have set that properly? Would the instructions at (thread 8041739 post 9 ) be the right steps to resolve this on an Aria?
Thanks!
PS - sorry I can't post direct links.
if you have all the drivers installed, it should work...
which OS are you using?? (Mac, Win7, etc)
dont rund SDK command in Clockwork, with phone on connect data cable and select "charge only" when asked.
the ./ command is used for Linux i think, i never got that command to work either. just go to the folder where SDK/Tools is located in CMD prompt or Terminal(depending on the OS) and run the following command:
adb remount
hope this helps a bit
I had a lot of issues with driver installs on Windows 7, so I'm doing this on a netbook with Ubuntu netbook remix. Also tried the reflash CD, similar issue.
Right, so with Ubuntu, and the cable my phone came with (have tried a few others just in case)
1. phone on and operational
2. plug in to laptop
3. phone gives happy USB connected and Charge Only notifications
4. fire up terminal window, and su
5. type ./adb remount
and I get the error above. If I do kill-server to refresh it, I get the demon starting successfully on port 5037.
Yeah, I was hoping I'd just missed something stupid. Should I need to modify the boot.img file outside of what Clockwork did?
My symptoms match those described in thread 685146 post #3, however, I've only applied Clockwork (which seems to work) not done anything else funky.
I have my windows 7 machine at the same point now -
adb remount gives 'remount failed: operation not permitted'
and
getprop ro.secure at the adb shell returns 1.
I think this means there's something wrong on the phone, if both machines act the same.
One other data point, I noticed the new Superuser Permissions app that installing clockwork gave me is asking to give superuser permissions to /system/bin/sh when I try to run the adb shell, but it doesn't trigger that when I do the adb remount.
Not sure what this means, any ideas most welcome - TIA!
steps here fixed it, thanks - http://forum.xda-developers.com/showthread.php?t=730398
These are instructions for rooting Android devices that utilize the RK3066 chipset (Cortex A9 Dual Core, MALI Quad-Core GFX).
I have tested and verified that these instructions work for the UG007 Android-on-a-stick...they *should* work with any other devices that utilize the same USB chipset. I can almost guarantee this will work on the Imito MX1/2 as you can swap ROMS from this device.
(Basically, if you have the right ADB drivers, you should be good to go)
As per every other thread you read on this site - I TAKE NO RESPONSIBILITY FOR ANY DAMAGES YOU MAY CAUSE TO YOUR DEVICE.
This is a fairly risk-free mod, but you know...$hit happens.
Okay. Let's start.
THIS TUTORIAL ASSUMES YOU HAVE ADB AND KNOW HOW TO USE IT, and that you're in a Windows environment. There are numerous places on the web where you can find this info...and I ain't yo mamma.
1. Download all the files attached to this thread.
2. Attach your RK3066 device to your computer via it's microUSB port. You'll need to have it hooked to a display too.
3. Once booted, go to system settings. Under settings > developer options, enable USB Debugging. Under settings > USB, click "connect to computer" (This may vary depending on your ROM configuration. The point here is to have debugging enabled and your computer to recognize the stick in device manager as something other than USB storage)
4. Extract the right drivers for your system (x86/x64)
5. Go to device manager on your computer. Look for the new "unknown device". Right-click, pick "update driver software"., "browse my computer".
6. Browse to wherever you extracted the drivers in step 4. Click Next. Confirm that you want to install.
7. Open a command window in the directory where you have ADB. Type "adb devices". Still nothing, right?
8. Navigate to C:\users\MYUSERNAME\.android, where "MYUSERNAME" is your User Name. (Duh?)
9. Create a file called adb_usb.ini
10. Open it in a text editor. Add the following string and save (This tells ADB to look for our Vendor ID:
0x2207
11. You should now be able to type "adb devices" at CMD and see your device.
12. Now for the fun. Extract the stuff from "pushme" to the same directory as ADB.
13. Enter the following commands (note: The "$" and "#" symbols do not get keyed in):
Code:
adb push psneuter /data/local/tmp
adb shell
$ cd /data/local/tmp
$ chmod 777 psneuter
$ ./psneuter
14. Psneuter should run and close shell when done. Enter MOAR commands:
Code:
adb kill-server
adb devices
adb shell
15. Take a good look. Is there now a "#" sign? Good. You now have root access. You may continue. If not, then proceed to go yell at me in the comments. If yes, then proceed to enter the last batch of commands to make your newfound privileges permanent:
Code:
mount -o remount,rw -t rfs /dev/block/st19 /system
exit
adb push busybox /system/bin
adb push su /system/bin
adb install Superuser.apk
adb shell
# chmod 4755 /system/bin/busybox
# chmod 4755 /system/bin/su
# mount -o remount,ro -t rfs /dev/block/st19 /system
# exit
adb reboot
After a reboot, download a root app from Play Store to see if it worked! I find Root Checker is boffo for this sort of thing:
https://play.google.com/store/apps/...tcheck&feature=nav_result#?t=W251bGwsMSwyLDNd
THANKS/CREDITS:
Aaron Orquia @ Pocketables.com for the original "universal" root method.
AMJtech's tutorial where I found working ADB drivers and the adb_usb.ini bit to get it recognized.
The guy(s) who make Super1ClickRoot for putting all the necessary files in one easy-to-find spot.
Thanks for this tutorial.
A couple of notes:
Wow !! That's a lot of extra steps for you Windows users. Mac and Linux users start at step 11 (but if you are a Mac or Linux user, you already knew that. )
Linux: If the device still does not show up in Step 11, post, and I can help (Hint: It may not be /just/ the udev stuff.)
Is step 13 necessary? adb remount works on mine. (not sure if I had to adb root first or not) but I can have a root shell via adb without psnueter.
If adb remount succeeds, skip step 14, and continue with the 3rd line of step 15.
Linuxslate said:
Thanks for this tutorial.
A couple of notes:
Wow !! That's a lot of extra steps for you Windows users. Mac and Linux users start at step 11 (but if you are a Mac or Linux user, you already knew that. )
Linux: If the device still does not show up in Step 11, post, and I can help (Hint: It may not be /just/ the udev stuff.)
Is step 13 necessary? adb remount works on mine. (not sure if I had to adb root first or not) but I can have a root shell via adb without psnueter.
If adb remount succeeds, skip step 14, and continue with the 3rd line of step 15.
Click to expand...
Click to collapse
Thanks for the input! Yes, yes, I know windoze makes more work. It's also pretty widespread for folks.
For step 13 - I think it depends on the device. It would be nice for others to weigh in and let me know if it's needed. If not, I can totally remove it.
Also, in the other ROM thread, I made, it's even easier to root - you just grab one of the pre-rooted ROMS and drop it in SD card...the system does the rest. Mind you, this is for the UG007.
Links UG007
If you Bluetooth connection is not working properly, try to install this custom ROM: http://blog.geekbuying.com/index.php/category/android-tv-stick-tv-box/ug007/
How to install CWM-based Recovery: http://androtab.info/clockworkmod/rockchip/
Both worked for me. I was able to connect my BT Keyboard/Mouse Pad combo
./psneuter
Failed to set prot mask (Inappropriate ioctl for device) ??
nice tutorial.. while finding the best way to work my ug007 i stumbled upon this thread via armtvtech.com
currently i only knew this tutorial to root the device, but looking at yours ill give it a try first.
digitalhigh said:
Also, in the other ROM thread, I made, it's even easier to root - you just grab one of the pre-rooted ROMS and drop it in SD card...the system does the rest. Mind you, this is for the UG007.
Click to expand...
Click to collapse
you cant install custom roms without flashmode, cant do flashmode without opening device.. or did i get it wrong!? talking about the ug007
actually you can install a custom rom once you are rooted without opening the device, here
Linuxslate said:
(Hint: It may not be /just/ the udev stuff.)
Click to expand...
Click to collapse
ehm.. im still preparing to root, i guess you hint at the android sdk?
if not ill holla back at you and complain why you didnt write it out in first place
but very good to know that i skip alot by "almost" only installing ubuntu to a vm
I may be missing something, but I couldn't get this to work on my UG007
psneuter didn't work for me, gave me an error about 'invalid ioctl' or something. But the strangest thing is that "adb shell" already shows the # in the prompt.
To confirm my suspitions, I also typed "adb root", which returned "adb is already running as root".
So I proceeded with the rest of the instructions. No errors appeared, installed Superuser and I can see su and busybox in system/bin
But when I download root checker it says it wasn't properly rooted. installing terminal and type "su" says permission denied - and that's it.
Am I missing something? I'm new to this rooting thing, so please don't be angry with my noobish questions
I managed to do it - but *not* by following this tutorial.
I used this: armtvtech.com/armtvtechforum/viewtopic.php?t=28 (Cant post links yet, sorry!)
Only ran the "TPSarky-VonDroid-Root" bat, and presto! I had root on UG007.
I even fixed the changing MAC address problem with wlan.ko from armtvtech.com/armtvtechforum/viewtopic.php?f=69&t=632&start=10 (link on page 2). I just copied it to /data/local/tmp, set permissions as rwr--r-- and then used root explorer to copy it to /system/lib/modules - now I have wifi signal every time I boot the device, and don't need to mess with my router config every time
I also manage to get xbox360 wired controller working. xpad.ko on /data/local/tmp and then insmod /data/local/tmp/xpad.ko - just connect the joystick after that, and it will be recognized. Only problem is, after a reboot I have to insmod again.
I tried doing the same thing I did with wlan.ko, but nothing happens - system won't load it on boot. Am I missing something here?
The psneuter is broken
I'm on Linux, running a RK3066, and psneuter gives "Failed to set prot mask (Inappropriate ioctl for device)". Running Ice Cream Sandwich 4.1.1, kernel 3.0.8+, build RK30_anpei10w1am-r4.0.57.20121207, A10-2 cpu.
SLotman said:
I may be missing something, but I couldn't get this to work on my UG007
psneuter didn't work for me, gave me an error about 'invalid ioctl' or something. But the strangest thing is that "adb shell" already shows the # in the prompt.
To confirm my suspitions, I also typed "adb root", which returned "adb is already running as root".
So I proceeded with the rest of the instructions. No errors appeared, installed Superuser and I can see su and busybox in system/bin
But when I download root checker it says it wasn't properly rooted. installing terminal and type "su" says permission denied - and that's it.
Am I missing something? I'm new to this rooting thing, so please don't be angry with my noobish questions
Click to expand...
Click to collapse
Try renaming old "su".
Check permissions on the su and busybox you installed.
MK808, MK809 [model T002], and the MK802 III anyone?
Hi,
Thanks OP for this information.
I have a Samsung S3 [my first android device] which I rooted with no problem, but am a total noob when it comes to these android sticks.
One can say they are very similar, so I wont be completely in the dark. OK, now that we got that out of the way...
Can anyone please confirm whether they have used this with the MK808, MK809 [model T002], and the MK802 III,
I have ordered these from 1 from amazon and 2 from ebay and am expecting delivery shortly, therefore I just want to make sure before I go bricking them one by one...
I notice that they all have RK3066 Cortex A9 chips but are manufactured by different companies. The ones I see on eBay, although they all bear the same code MK8xx, they all look very different! I presume the MK8xx code is a universal model?? just like 80486 was to the PC? given the case does this method work universally?
I intend to set them up with XBMC media centres and to use with a Xbox controller. Any advice on the best way for achieving this would be nice too.
Thanks
:good:
Linuxslate said:
Thanks for this tutorial.
Linux: If the device still does not show up in Step 11, post, and I can help (Hint: It may not be /just/ the udev stuff.)
Click to expand...
Click to collapse
Linuxslate, I have an MK808 that shows up in lsusb as 2207:300a when I put it in "flash mode" but it never shows up via "adb devices".
I got mine the other day and it turned out to be rooted already?
I decided to install SuperSu and that's how I found out it was rooted.
Immediately, installed Busybox, System Tuner Pro and Titanium Backup.
Rob
Rob sent this from his SPH-D710 via Tapatalk
So would this possibly work on this - http://www.zoostorm.com/Products/357-zoostorm-sl8-3305-1030-tablet-pc.aspx
States it's a Rockchip RK3066 Cortex A9 Dual Core 1.5GHz, running 4.1.1 Jelly Bean, quite interested in getting one & root would be a bonus.
psneuter broken
Hello,
the psneuter attached to the first post doesn't do anything to my ug007. I have the same error others have posted here and haven't gotten a reply about.
To unlock, I used the script that's mentioned in a post above, TPSarky-VonDroid-Root. If you google that, you'll find a download link amongst the results.
Thank u very much...:thumbup:
................................................................................................
Linuxslate said:
Try renaming old "su".
Check permissions on the su and busybox you installed.
Click to expand...
Click to collapse
Can you elaborate a little bit what you mean by renaming "su"?
I'm having the same issue..
Both su and busybox are having the same permission -rwsr-xr-x.
Sent from my Transformer Prime TF201 using XDA Premium HD app
I configured one of these at work. Upon using the terminal app and typing in su I got the # sign. They seem to come from the factory rooted already.
Sent from my Nexus 4 using xda app-developers app
ageerer84 said:
I configured one of these at work. Upon using the terminal app and typing in su I got the # sign. They seem to come from the factory rooted already.
Click to expand...
Click to collapse
Not exactly: this particular su can be used only from adb console, or at least that how it was on my tablet. So you need to replace it with a Superuser apk's su to get all features of rooted android. You can get one e.g. from FDroid
--
blog
Not sure what u mean by on your tablet. Android devices don't typically come rooted but I was surprised to have root access via terminal emulator on this stick PC. I just took it out of the box and definitely didn't have to go through the adb interface on a computer to flash superuser or what have you. Is this just me or is this a typical experience with this particular device?
Sent from my Nexus 4 using xda app-developers app
HOW TO ROOT YOUR LENOVO IDEATAB A1000
<DISCLAIMER>
By attempting these steps, your warranty will be void. Even worse than that, it might cause crashes, freezes, random explosions, 2nd degree burns, or even turn your beloved tab into $100+ paperweight. What works on mine might not work on yours, so don't attempt if you don't know what you're doing. Do at your own risk. Corrections are welcome. I must admit that I'm not an expert, so any info I posted might be wrong, and I can't offer you much help. I'm not responsible for anything arising from the use of this how-to. I can only wish you good luck.
<WHY ROOT?>
- Without root or OTA upgrades (at time of writing, Indonesian customers still can't get it), you'll be stuck with ~500MB internal memory. That's annoying.
- You're stuck with the default IO scheduler (cfq) and governor (hybrid, haven't heard that one..)
- You have an incredibly large amount of bloatware you can't get rid of, in that already cramped up internal storage
- Did I mention freedom?
<REQUIREMENTS>
This method is originally used to root Acer Iconia B1-A71. Somehow I noticed that the two actually has the same chipset, MTK8317 (if it really was relevant ). So I tried the method, and through sheer n00b's luck, it worked like a charm!
Lenovo IdeaPad A1000-G --> 4GB storage, 2G/EDGE. This method haven't been tested on A1000-T/F, different storage cap (16GB, etc.) or other variants, but it should work with slight modification. Screenshots of my specs are attached below. Remember, proceed at your own risk!
A Linux System. Never tried on Windows or Mac. I personally used Linux Mint 15. The source post uses Ubuntu.
working ADB (android-tools-adb). You can get this from synaptics, apt-get, etc. If your system can detect adb devices, you should be fine.
Superuser Binary
Busybox Binary (You can get these two from the links on original post. XDA says noobs can't post links :'( )
ORIGINAL THREAD
<CREDITS>
XDA Senior Member entonjackson, for writing such a noob-friendly how-to for rooting Acer Iconia B1-A71 and for allowing me to use it for this how-to.
XDA Member alba81, for discovering the method as acknowledged on the original post by entonjackson
All awesome gurus on XDA which I can't mention one by one.
<THE STEPS>
1. Extract the android sdk to your home folder, e.g. a user named Bob will use like /home/bob
2. Open a terminal
3. Now plug your A1000 into your machine and turn on Debugging Mode (Go into Settings -> Developer Tools, turn on Developer tools, then turn on USB Debugging Mode)
4. Now back at the keyboard of your Linux machine in your terminal type:
Code:
sudo adb devices
The output should be something like:
Code:
123456789ABCDEF device
If it's not, google for it. Somehow your Linux hasn't detected the A1000, although the android sdk for Linux brings all needed drivers with it.
If your device was found, congratulations. The adb connection between your linux machine and your tablet is intact.
5. Now extract the downloaded busybox archive to your home folder, in it there should be a busybox binary. So Bob does:
Code:
sudo ./adb push /home/bob/busybox /data/local/tmp
Code:
sudo ./adb shell
Code:
chmod 755 /data/local/tmp/busybox
6. You should copy the busybox binary into a directory where you can access it as a plain non-root user on the tablet. We need this binary. so we can apply unix tools like telnet, dd, cat, etc. But for now we need it to establish a telnet session between our tablet and our linux machine.
(This point is written on original post. Seems important, but as soon as I finished step 5, I can use those tools)
7. Dial *#*#3646633#*#* to enter Engineer Mode
8. Go to Connectivity -> CDS Information -> Network Utility
9. type the following command:
Code:
/data/local/tmp/busybox telnetd -l /system/bin/sh -p 1234
Advice from original poster: copy and paste it from the browser on your tablet, because dependent on which keyboard app installed, this can be freakin tricky. In the next step you will learn, why it's so important why this command should be correct.
10. Tap on Run. You won't get any feedback, so you will never know if the entered command runs properly or not. That's why you should make sure the command is ok.
Now we have started our telnet server on the tablet.
11. Back in the terminal type:
Code:
/data/local/tmp/busybox telnet 127.0.0.1 1234
If you now get an error like couldn't find busybox or something, then either adb push failed or you forgot to chmod, in step 5
12. Now enter:
Code:
cat /proc/dumchar_info
You should get a bunch of lines, try to find a line containing the partition named android
{..... partition list .....}
android 0x0000000028A00000 0x00000000020E8000 2 /dev/block/mmcblk0p3
{..... partition list .....}
13. We will create a dump of our android system. This is the point where different variants *MIGHT* have different parameters. This step is important, as wrong parameter will result in unmountable image.
Stop. Take a deep breath. If you're not familiar with dd, find a good doc of it. There's a plethora of them.
Get yourself a programmer's calculator (Linux Mint 15 has one built in).
Here's what you'll do :
Convert the hex number on the 3rd column into decimal. In my case (0x20E8000) will yield 34504704. Divide by 4096. The result (8424) goes to the skip parameter.
Convert the hex number on the 2nd column. In my case (0x28A00000) will yield 681574400. Divide by 4096. The result (166400) goes to the count parameter.
So the full dd command will look like :
Code:
dd if=/dev/block/mmcblk0 bs=4096 skip=8424 count=166400 | gzip > /cache/system.img.gz
Do a full sanity check before hitting enter! It will take about 5 minutes.
14. After it's finished we must make the image readable for adb, so we do:
Code:
chmod 777 /cache
and
Code:
chmod 777 /cache/system.img.gz
15. Leave the telnet, and then adb shell session by:
Code:
exit
Code:
exit
16. Now we pull our image by
Code:
sudo adb pull /cache/system.img.gz
wait 1-2 minutes.
It should be then located inside /home/bob. It did for me. If not, do a search . It should be a .gz, extract it right there (or /home/bob if it isn't there)
17. Now we need to modify our system image by adding the tiny but helpful su binary. Extract the SU binary to /home/bob.
18. We create a folder where we will mount our system image to. To create it do:
Code:
sudo mkdir /media/a1000
19. Now we mount it:
Code:
sudo mount -o loop /home/bob/system.img /media/a1000
if it fails, then you entered wrong parameters on step 13
20. Now we copy our SU binary to our mounted system image:
Code:
sudo cp /home/bob/su /media/a1000/bin
21. the su binary needs to have the proper rights to make it usable, so we 'suid' it with:
Code:
sudo chmod 06755 /media/a1000/bin/su
22. Let's unmount our baby by:
Code:
sudo umount /media/a1000
and because bob doesn't like a messed up system, he does:
Code:
sudo rm -rf /media/a1000
because he hopefully won't need it anymore.
23. We have to gzip it again to bring it back to where it belongs to. this we do by:
Code:
cd /home/bob
Code:
gzip /home/bob/system.img
24. So here we are now, we made it to the final Boss fight! The next steps are dangerous and should be performed with caution. We copy back our modified system image, which can brick your device, if you do a mistake! Enter adb shell again :
Code:
sudo adb shell
25. Remove the old boring image:
Code:
rm /cache/system.img.gz
26. Leave adb shell
Code:
exit
27. copy our cool new system image containing the su binary:
Code:
sudo adb push /home/bob/system.img.gz /cache
28. Enter adb shell again
Code:
sudo adb shell
29. Usually the telnet server on the tablet is still running, at least in my case it's been like that. That's why we can directly connect to the telnet server with:
Code:
/data/local/tmp/busybox telnet 127.0.0.1 1234
If this doesn't work, then obviously your telnet server isn't running anymore. So on your tablet if the telnet command is still entered (see step 9), tap on Run again and repeat step 29.
30. Now this is the most dangerous step in this how to (no it wasn't the mkdir one). You can copy following command to make sure everything is fine and paste it into your telnet session on your linux terminal.
<WARNING! SANITY CHECK! MAKE SURE *ALL* THE DD PARAMETERS MATCH THE FIRST DD (STEP 13) OR YOUR A1000 WILL TURN INTO A VERY EXPENSIVE PAPERWEIGHT!>
Code:
[B]/data/local/tmp/busybox zcat /cache/system.img.gz | dd of=/dev/block/mmcblk0 bs=4096 seek=8424 count=166400[/B]
After 1-2 minutes you're done, if your tablet or pc or yourself didn't catch fire, everything's fine.
31. Leave telnet / adb shell by doing
Code:
exit
Code:
exit
32. Reboot your A1000 via ADB, then exit
Code:
sudo adb reboot
Code:
exit
33. Unplug your tablet from PC
34. Install Superuser (No, not SuperSU, cause it won't work!). I personally use Superuser by ChainsDD, from Play Store
35. Be lucky. Your tablet and thus you are now free!
Don't forget to hit thanks, if this helps
hi, after step 13 (i double checked the command), i get this error
Code:
/system/bin/sh: can't create /cache/system.img.gz: Permission denied
/dev/block/mmcblk0: cannot open for read: Permission denied
I have the WiFi 4G version
Im too stuck in step 13.....nothing wrong with the script, can u give me a solution?
Im using A1000G also
@ts
Your guide work perfectl, in windows enviroment but mount step still need linux,
I've question are you using DirectoryBinding? Mine always close when playing Real Racing, its very annoying
You have suggeztion or alternative for DirectoryBinding?
Root with Windows ?
Hi,
I am a new member because i bought this tblet but i can't root. I don't have a linux environment, so there is a solution with W8 Pro 64 ?
Thanks a lot for you help,
ulisez said:
hi, after step 13 (i double checked the command), i get this error
Code:
/system/bin/sh: can't create /cache/system.img.gz: Permission denied
/dev/block/mmcblk0: cannot open for read: Permission denied
I have the WiFi 4G version
Click to expand...
Click to collapse
have you chmod-ed the busybox (or is the chmod successful without error)? Try chmod-ing the /cache before attempting step 13. It seems that you still don't have access to the NAND device (mmcblk0). Have you updated firmware via OTA?
artonelico said:
Im too stuck in step 13.....nothing wrong with the script, can u give me a solution?
Im using A1000G also
Click to expand...
Click to collapse
Do you encounter the same error message like ulisez had? Could you post the screenshot of the partition list (the lines after you execute dumchar_info)?
rmage said:
@ts
Your guide work perfectl, in windows enviroment but mount step still need linux,
I've question are you using DirectoryBinding? Mine always close when playing Real Racing, its very annoying
You have suggeztion or alternative for DirectoryBinding?
Click to expand...
Click to collapse
I personally use Link2SD by Bulent Akpinar to link apps to 2nd partition on my SDcard.
Letsar said:
Hi,
I am a new member because i bought this tblet but i can't root. I don't have a linux environment, so there is a solution with W8 Pro 64 ?
Thanks a lot for you help,
Click to expand...
Click to collapse
The original developer who posted the method (entonjackson) plans to integrate the method in the next release his toolkit, the Acer Iconia Toolkit. I think you should check his thread : http://forum.xda-developers.com/showthread.php?t=2240029
sammymaddog said:
have you chmod-ed the busybox (or is the chmod successful without error)? Try chmod-ing the /cache before attempting step 13. It seems that you still don't have access to the NAND device (mmcblk0). Have you updated firmware via OTA?
Do you encounter the same error message like ulisez had? Could you post the screenshot of the partition list (the lines after you execute dumchar_info)?
I personally use Link2SD by Bulent Akpinar to link apps to 2nd partition on my SDcard.
The original developer who posted the method (entonjackson) plans to integrate the method in the next release his toolkit, the Acer Iconia Toolkit. I think you should check his thread : http://forum.xda-developers.com/showthread.php?t=2240029
Click to expand...
Click to collapse
Link2SD doesn't link app data, do you have any option?
yes i had same message with ulyses, by the way im from indonesia too can i contact you through chat client?
oh yeah im using windows 7 and using cmd as a terminal in linux
thx before bro
sammymaddog said:
The original developer who posted the method (entonjackson) plans to integrate the method in the next release his toolkit, the Acer Iconia Toolkit. I think you should check his thread : http://forum.xda-developers.com/showthread.php?t=2240029
Click to expand...
Click to collapse
Ok, i see his toolkit. It's very good. I'll wait
rmage said:
Link2SD doesn't link app data, do you have any option?
Click to expand...
Click to collapse
I'm not sure whether the stock kernel of our devices supports init.d, thus supports CronMod/Data2SD. Lenovo locked our bootloader, and currently there's no way around it. So I personally think, Link2SD method are the best option for now.
Let's give it several months until our dev gurus bring their miracles upon this device
The attached image shows mt6577 Hardware, can u provide the Soc details please
Hi, Can any one upload Lenovo ideatab A1000 system.img
in step 20, it appears you are writing to a /bin directory on the android system. However such a directory is not visible either through shell or the system telnet account.
Do I need to understand something else about android to make sense of this.
regards
vidya
one month gone past but the op seems to be in caves or has bricked the device
STOCK ROM
CAN ANY BODY PROVIDE ME A STOCK ROM OF THIS DEVISE
I HV ROOTED SUCCESSFULLY BY A VERY EASY METHOD
BUT SCREWED UP WHILE UPDATING IT SO PLZ PLZ HELP ME OUT
THE DEVICE BOOTS BUT ALL THE APP CRASHES :crying::crying:
VR.gtmini said:
The attached image shows mt6577 Hardware, can u provide the Soc details please
Click to expand...
Click to collapse
VR.gtmini said:
one month gone past but the op seems to be in caves or has bricked the device
Click to expand...
Click to collapse
sorry to make you wait. I'm a last grader university student, and final project stuffs have got me pinned down. Hope you understand
Actually the SoC is MT8317. For some god-knows reason Mediatek have made this SoC with signatures similar to MT6577. But somehow CPU tweaker correctly detects the SoC (MT8317). Maybe it's the CPU-Z bug?
unknown_world said:
Hi, Can any one upload Lenovo ideatab A1000 system.img
Click to expand...
Click to collapse
zod0070 said:
CAN ANY BODY PROVIDE ME A STOCK ROM OF THIS DEVISE
I HV ROOTED SUCCESSFULLY BY A VERY EASY METHOD
BUT SCREWED UP WHILE UPDATING IT SO PLZ PLZ HELP ME OUT
THE DEVICE BOOTS BUT ALL THE APP CRASHES :crying::crying:
Click to expand...
Click to collapse
I'm uploading the modified .img. Let's pray my old HSPA modem won't catch fire by the morning.
vidyadhara said:
in step 20, it appears you are writing to a /bin directory on the android system. However such a directory is not visible either through shell or the system telnet account.
Do I need to understand something else about android to make sense of this.
regards
vidya
Click to expand...
Click to collapse
I think you got it wrong. The write process does not take place on the device. It's on the loop-mounted .img in /mnt/a1000 on your computer (step 18-19). Cheers!
Here's the ALREADY BUSYBOX-ED .img for Ideapad A1000-G 4GB EDGE version. Hope it helps :
www dropbox com/s/rmpnz7c285t5sqz/system.7z
sammymaddog said:
Here's the ALREADY BUSYBOX-ED .img for Ideapad A1000-G 4GB EDGE version. Hope it helps :
www.dropbox.com/s/rmpnz7c285t5sqz/system.7z
Click to expand...
Click to collapse
Thanks for coming back, could u post the MD5 of the system.7z & system.zip.
Also could u provide simple way/steps to directly flash this .img without extracting existing stock system image
My tab A1000-G
do you have stockROM for lenovo A1000G
I need this :crying:
raffly said:
do you have stockROM for lenovo A1000G
I need this :crying:
Click to expand...
Click to collapse
Don't worry, the above link is a stock Lenovo A1000 G ROM, but with pre-root files having no superuser app. Just extract the .7z file
System.7z MD5: 658CA71AC8A230B244F267513857F9A5
Hi,
I have been able to 'master' HTC Desire, Xperia T, Xperia Z3C and even LG Optimus Black.
Except from HTC Desire (if you ever want to learn about ADB and Fastboot, use HTC Desire, the best) it is always a bit tricky to get into Fastboot mode.
I have found the easyest way to access Fastboot mode in this howto: https://goo.gl/hzyB2H
Simply stated:
- Enable USB debugging in Developer Options
- Install Minimal ADB and Fastboot from here: https://goo.gl/d5BSc7 or use the solid option using FWUL (see below)
- Open command window in Minimal ADB and Fastboot directory (Window Flag + right-click on the folder)
- Plugin your device (which is on)
- Type: adb devices and your device answers with its serial number.
- First answer is serial number and 'unauthorized'
- On your device you will see a popup like shown below
- Type: adb devices and your device answers with its serial number and device
- You're there
If you just need adb you can stop here, if you want to go on to fastboot, continue.
- Type: adb reboot-bootloader
- Type: fastboot devices
And you're there.
No more hassling around with Vol-Down and plugging in.
- Type: fastboot reboot to end the session nicely
Uninstall (system) apps using adb
Uninstall Sony Xperia 'What's New'
adb uninstall --user 0 com.sonymobile.entrance
Let's uninstall Facebook
- type: adb shell pm list packages | grep 'acebo' (I don't know if it spells with F or f) (see REMARK)
- You will receive an answer like:
com.facebook.katana
com.facebook.system
com.facebook.appmanager
- type: adb uninstall --user 0 com.facebook.katana etc.
- do the same for the other lines
- Done for the moment
- Check on your device. Goto settings->apps->Facebook and you will see 'uninstalled' behind it
- Reboot your device ( do it the adb way and issue the command <adb shell reboot>
- After the reboot you won't find Facebook anymore in the apps list
REMARK sometimes it is hard to find the name of the app you want to uninstall.
F.i. the app Playstation bears the name com.scee.psxandroid.
You can retrieve the name using the Play Store app Application Inspector
I had quite a lot of trouble with adb and Windows 10, the solution lies in using Linux.
Recently XDA senior member steadfasterX released “Forget Windows Use Linux” (FWUL) – a bootable GNU/Linux ISO geared specifically towards Windows users who need to communicate more reliably with Android. https://goo.gl/PxvS9p
If you want to play with adb then this is your chance.
Create a live CD or a bootable USB stick with FWUL and everything works like a charm. Forget Windows!
Remember:
Don't blame me if anything goes wrong.
Following these instructions is at your own risk.
And if.... then normally Xperia Companion is your friend.
Enjoy!
Picture shows an example
- how to find the location of an apk
- how to pull the apk to your computer
- how to uninstall the apk
- and the failure that shows that the apk is gone
You can use adb to record your phone screen
- adb shell screenrecord /sdcard/screenrecord.mp4
Stop with Ctrl-C
You can use adb to make a screenshot
- adb shell screencap -p /sdcard/screendump.png (-p stands for: create png file)
- adb pull /sdcard/screendump
alternative
- adb shell screencap -p > screendump.png (which sends the file to your computer)
ADB can be used to backup yout device (apk's and data)
- adb backup -f c:/backups/phonebackup.ab -all
- on the device you have to give permission
Of course you can restore the backup
- adb restore <filename>, but for restoring you need to have root access.
There are a lot of options, all explained elsewhere on XDA: https://goo.gl/KtVd1n
W10 is a bit tricky when it comes to running adb on your Xperia device.
To install the necessary drivers, follow this instruction:
To install the official Sony Xperia drivers you need to download them from here.
- Unpack the Zip file
- goto the directory
- right click on sarndis.if and click on install
To install the Flashtool drivers for Windows 8/8.1/10, please follow the steps below.
A) Press the Windows key + R together and in the ‘Run’ box type: shutdown.exe /r /o /f /t 00
– Now make the following selections to boot into the Start Up Setting Screen: Troubleshoot > Advanced options > Start Up Settings > Restart
– Then, when the machine restarts, select number 7 i.e. “Disable driver signature enforcement”. Your machine will start with Driver signing enforcement disabled until the next reboot.
B) Now you can install the Flashtool drivers.
– Windows will warn that the driver is not signed and will require you to confirm the installation.
– Once the installation is complete, reboot the machine.
This text is copied from Xperia blog
PS
Just adding another uninstall.
Using PiHole to block ads, people have noticed that on Android adds are not blocked.
More specific: Ads in Chrome on Android are not blocked.
Reason: Chrome denies your DNS settings
Solution:
adb uninstall --user 0 com.android.partnerbrowsercustomizations.chromeHomepage
From now on ads in Chrome on Android will be blocked as well.
Hi,
I am a real noob here, I have adb and fastboot. I would like to unlock my Z3 tablet compact bootloader. I have the code, it shows when I use the command adb devices but when I try fastboot devices I get not response. I'm not really sure what the issue is, can you help?
Did you try using Flashtool to unlock it? Never done it myself, but it seems pretty simple, and no command line required.
https://xperiafirmware.com/unlock-bootloader-sony-xperia/
sony xperia z3 no os installed android 6 bootloader cant be unlocked
hey guys my z3 has been soft bricked coz i flashed a system img that i extracted from its firmware i have tried to flash it using flashtool but it gives me this device connected with usb debbuging off 2011 make sure mtp is disabled
Use Flashtool to flash a stock .ftf file.
As title says... Just found out about H91810p will make the phone unrootable which is something im planning later on. Sadly the update is scheduled for next restart.
Anything i can do to prevent that?
TempezT said:
As title says... Just found out about H91810p will make the phone unrootable which is something im planning later on. Sadly the update is scheduled for next restart.
Anything i can do to prevent that?
Click to expand...
Click to collapse
if you're rooted, go to /cache and rename update.zip to something else. then create a zero length file using the name update.zip. lastly set the permissions on that file to read only
Here since your on TMO, I compiled this for a buddy of mine through various sources (links provided) on the whole procedure start to finish. Might as well paste it for ya. Props to all original authors, etc...
I just did this on mine, same model, on firmware 10j. If your not on that or i step one will be to flash to the appropriate version. I didnt include that in my notes as myself and my buddy were both on 10j. But theres plenty of threads for that. if your on that, continue on:
Also if you are already flashed and rooted, jump to step #8 for the info regarding OTAs...
====================================================
Specifically for T-Mobile LG V20 H918
Firmware(s) 10I & 10J
====================================================
BOOTLOADER
SOURCES:
*** https://forum.xda-developers.com/v20/how-to/guide-unlock-bootloader-t3488878
*** https://forum.xda-developers.com/v20/development/h918-recowvery-unlock-v20-root-shell-t3490594/page2
*** https://forum.xda-developers.com/showpost.php?p=69897433&postcount=1060
*** https://forum.xda-developers.com/pi...e-pixel-xl-t3466185/post69239012#post69239012
====================================================
Warning: This will delete all your data. You'll also see a large warning every time you turn on the device (attached), this disappears in less than a second.
*Turn on developer mode:
Settings -> About device -> Software info -> Build number. (tap 7 times until it's enabled)
*Turn on OEM unlock and USB debugging:
Settings -> Developer options -> OEM unlock & USB Debugging. (turn it on)
Don't ever turn OEM unlock or Developer options off when using a custom ROM or recovery. This could lose to loss of all your data.
*Install LG drivers
WIN:
http://tool.lime.gdms.lge.com/dn/downloader.dev?fileKey=UW00120120425
MAC:
http://tool.lime.gdms.lge.com/dn/downloader.dev?fileKey=UW00320110909
You will also need adb and fastboot. You can download them in a portable small form factor here:
http://forum.xda-developers.com/android/software/host-tools-t3402497
You may need to get an additional .dll for adb to work, if so you can pull it from the pixel add compilation here:
https://xenserver.underpants-gnomes.biz/~romracer/fastboot_adb_pixel.zip
*In Terminal navigate to ADB root:
Type
Code:
adb devices
and authorize your computer on the phone
Type
Code:
adb reboot bootloader
Type
Code:
fastboot devices
and make sure your phone shows up
Type
Code:
fastboot oem unlock
Type
Code:
fastboot getvar all
Should say (bootloader) unlocked:yes
Type
Code:
fastboot reboot
====================================================
TWRP & ROOT:
SOURCES:
http://www.droidviews.com/install-twrp-root-t-mobile-lg-v20/
https://forum.xda-developers.com/v20/how-to/instruction-to-root-h918-10i-t3536472
https://forum.xda-developers.com/v20/development/h918-recowvery-unlock-v20-root-shell-t3490594
https://build.nethunter.com/android-tools/dirtycow/arm64/
https://github.com/jcadduono/android_external_dirtycow#running
https://build.nethunter.com/test-builds/twrp/lge/twrp-3.0.2-1-h918.img
https://download.chainfire.eu/supersu
====================================================
*Prerequisites:
Your LG driver must be up to date. You can have problems with USB 3.1 if so grab latest drivers.
ADB installed, put all 4 recowvery files into the folder:
https://build.nethunter.com/android-tools/dirtycow/arm64/
Download the TWRP “twrp-3.0.2-1-h918” image:
https://build.nethunter.com/test-builds/twrp/lge/twrp-3.0.2-1-h918.img
Rename TWRP file to twrp.img and put it into internal storage (sdcard)
Download SuperSU:
https://download.chainfire.eu/supersu
Copy SuperSU onto external memory card (or keep in root of adb, and you could push it back, after formating).
You must be on a 100% stock ROM. Rooted or not.
USB Debugging & OEM unlock allowed in Developer Settings
Bootloader unlocked
Make sure all security/locks are off. No pins, fingerprint, etc…
Steps:
1. Plug your phone to your host computer. Make sure it's in MTP mode.
2. Open your command prompt:
Code:
cd\
cd (right click your mouse and paste the ADB platform-tools address, if using portable pack, where you put the adb folder)
Code:
adb devices
This will show your connected phone
3. Enter the following prompt: (you can simply highlight, copy, right click on command prompt and choose paste):
Code:
adb push dirtycow /data/local/tmp
adb push recowvery-applypatch /data/local/tmp
adb push recowvery-app_process64 /data/local/tmp
adb push recowvery-run-as /data/local/tmp
adb shell
cd /data/local/tmp
chmod 0777 *
./dirtycow /system/bin/applypatch recowvery-applypatch
* On ADB shell mode, you should see $ on the front. Wait for few…
Code:
./dirtycow /system/bin/app_process64 recowvery-app_process64
* Your phone screen may look weird. Wait for another few minutes. Once finished exit.
Code:
exit
4. Type:
Code:
adb logcat -s recowvery
You should see a lot of lines comes across your screen.
Once you see the ASCII box with the message about giving jcadduomo a hug you can press CTRL+C to exit logcat.
Reboot to the stock recovery:
Code:
adb shell reboot recovery
Restart a session:
Code:
adb shell
You will see a $ sign. Now to check…
Code:
getenforce
It should show Permissive. Thanks Dirty COW!!!
5. Temp Root. Lets patch the boot image:
Code:
cd /data/local/tmp
./dirtycow /system/bin/run-as recowvery-run-as
run-as exec ./recowvery-applypatch boot
Lets run as root
Code:
run-as su
You should have a #, indicating you have root. Ahh my little nix…
6. Flash TWRP
Code:
dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery
exit
reboot recovery
The phone should have flashed TWRP and rebooted into recovery.
7. TWRP:
In TWRP swipe to allow modifications. Or TWRP will be replaced next boot!
To disable any encryption perform the factory reset, and the Format Data options.
Install SuperSU from the external SD location.
If you didn’t do a full wipe and reset, you probably want to wipe cache and dalvik.
Reboot to system.
8. Stop them OTA updates!!!
====================================================
https://forum.xda-developers.com/showpost.php?p=72463487&postcount=4237
https://forum.xda-developers.com/showpost.php?p=70795926&postcount=5
====================================================
Open up your dialer interface and type in 277634#*#
This will bring up a hidden menu and then select Wi-Fi test and then select OTA then select disable.
After that you will have to kill the hidden menu and you shouldn't be seeing the annoying OTA icon in your status bar anymore.
In file manager (root browser):
Rename otacerts.zip in /system/etc/security to otacerts.bak.
The full update is found in the cache partition called update.zip.
Move (or delete) the update.zip file from /cache directory (I put it on the sd card).
** dimm0k's method there seems to achieve a similar result, cant hurt to add the step of creating a zero length file after deleting/moving update.zip. I hadnt seen it, thus never did that but I havent had any OTA activity in a few days on mine.
Also in titanium backup (buy it already if you haven’t lol), freeze:
FOTA Update 7.0
Update Center 5.30.12
(I also disabled the com.lge.updatecenter.xxx overlay and themes, cuz whatever... lol)
Reboot and swipe away the notification if its still there. Should have stopped by this point.
======================
There ya go, good luck!
Damn I dont have a computer in hand. Guess i have to wait until im back home in October. Cross fingers this thing don't restart cause that freaking patch is already scheduled.
MDMAchine said:
Here since your on TMO, I compiled this for a buddy of mine through various sources (links provided) on the whole procedure start to finish. Might as well paste it for ya. Props to all original authors, etc...
I just did this on mine, same model, on firmware 10j. If your not on that or i step one will be to flash to the appropriate version. I didnt include that in my notes as myself and my buddy were both on 10j. But theres plenty of threads for that. if your on that, continue on:
Also if you are already flashed and rooted, jump to step #8 for the info regarding OTAs...
====================================================
Specifically for T-Mobile LG V20 H918
Firmware(s) 10I & 10J
====================================================
BOOTLOADER
SOURCES:
*** https://forum.xda-developers.com/v20/how-to/guide-unlock-bootloader-t3488878
*** https://forum.xda-developers.com/v20/development/h918-recowvery-unlock-v20-root-shell-t3490594/page2
*** https://forum.xda-developers.com/showpost.php?p=69897433&postcount=1060
*** https://forum.xda-developers.com/pi...e-pixel-xl-t3466185/post69239012#post69239012
====================================================
Warning: This will delete all your data. You'll also see a large warning every time you turn on the device (attached), this disappears in less than a second.
*Turn on developer mode:
Settings -> About device -> Software info -> Build number. (tap 7 times until it's enabled)
*Turn on OEM unlock and USB debugging:
Settings -> Developer options -> OEM unlock & USB Debugging. (turn it on)
Don't ever turn OEM unlock or Developer options off when using a custom ROM or recovery. This could lose to loss of all your data.
*Install LG drivers
WIN:
http://tool.lime.gdms.lge.com/dn/downloader.dev?fileKey=UW00120120425
MAC:
http://tool.lime.gdms.lge.com/dn/downloader.dev?fileKey=UW00320110909
You will also need adb and fastboot. You can download them in a portable small form factor here:
http://forum.xda-developers.com/android/software/host-tools-t3402497
You may need to get an additional .dll for adb to work, if so you can pull it from the pixel add compilation here:
https://xenserver.underpants-gnomes.biz/~romracer/fastboot_adb_pixel.zip
*In Terminal navigate to ADB root:
Type
Code:
adb devices
and authorize your computer on the phone
Type
Code:
adb reboot bootloader
Type
Code:
fastboot devices
and make sure your phone shows up
Type
Code:
fastboot oem unlock
Type
Code:
fastboot getvar all
Should say (bootloader) unlocked:yes
Type
Code:
fastboot reboot
====================================================
TWRP & ROOT:
SOURCES:
http://www.droidviews.com/install-twrp-root-t-mobile-lg-v20/
https://forum.xda-developers.com/v20/how-to/instruction-to-root-h918-10i-t3536472
https://forum.xda-developers.com/v20/development/h918-recowvery-unlock-v20-root-shell-t3490594
https://build.nethunter.com/android-tools/dirtycow/arm64/
https://github.com/jcadduono/android_external_dirtycow#running
https://build.nethunter.com/test-builds/twrp/lge/twrp-3.0.2-1-h918.img
https://download.chainfire.eu/supersu
====================================================
*Prerequisites:
Your LG driver must be up to date. You can have problems with USB 3.1 if so grab latest drivers.
ADB installed, put all 4 recowvery files into the folder:
https://build.nethunter.com/android-tools/dirtycow/arm64/
Download the TWRP “twrp-3.0.2-1-h918” image:
https://build.nethunter.com/test-builds/twrp/lge/twrp-3.0.2-1-h918.img
Rename TWRP file to twrp.img and put it into internal storage (sdcard)
Download SuperSU:
https://download.chainfire.eu/supersu
Copy SuperSU onto external memory card (or keep in root of adb, and you could push it back, after formating).
You must be on a 100% stock ROM. Rooted or not.
USB Debugging & OEM unlock allowed in Developer Settings
Bootloader unlocked
Make sure all security/locks are off. No pins, fingerprint, etc…
Steps:
1. Plug your phone to your host computer. Make sure it's in MTP mode.
2. Open your command prompt:
Code:
cd\
cd (right click your mouse and paste the ADB platform-tools address, if using portable pack, where you put the adb folder)
Code:
adb devices
This will show your connected phone
3. Enter the following prompt: (you can simply highlight, copy, right click on command prompt and choose paste):
Code:
adb push dirtycow /data/local/tmp
adb push recowvery-applypatch /data/local/tmp
adb push recowvery-app_process64 /data/local/tmp
adb push recowvery-run-as /data/local/tmp
adb shell
cd /data/local/tmp
chmod 0777 *
./dirtycow /system/bin/applypatch recowvery-applypatch
* On ADB shell mode, you should see $ on the front. Wait for few…
Code:
./dirtycow /system/bin/app_process64 recowvery-app_process64
* Your phone screen may look weird. Wait for another few minutes. Once finished exit.
Code:
exit
4. Type:
Code:
adb logcat -s recowvery
You should see a lot of lines comes across your screen.
Once you see the ASCII box with the message about giving jcadduomo a hug you can press CTRL+C to exit logcat.
Reboot to the stock recovery:
Code:
adb shell reboot recovery
Restart a session:
Code:
adb shell
You will see a $ sign. Now to check…
Code:
getenforce
It should show Permissive. Thanks Dirty COW!!!
5. Temp Root. Lets patch the boot image:
Code:
cd /data/local/tmp
./dirtycow /system/bin/run-as recowvery-run-as
run-as exec ./recowvery-applypatch boot
Lets run as root
Code:
run-as su
You should have a #, indicating you have root. Ahh my little nix…
6. Flash TWRP
Code:
dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery
exit
reboot recovery
The phone should have flashed TWRP and rebooted into recovery.
7. TWRP:
In TWRP swipe to allow modifications. Or TWRP will be replaced next boot!
To disable any encryption perform the factory reset, and the Format Data options.
Install SuperSU from the external SD location.
If you didn’t do a full wipe and reset, you probably want to wipe cache and dalvik.
Reboot to system.
8. Stop them OTA updates!!!
====================================================
https://forum.xda-developers.com/showpost.php?p=72463487&postcount=4237
https://forum.xda-developers.com/showpost.php?p=70795926&postcount=5
====================================================
Open up your dialer interface and type in 277634#*#
This will bring up a hidden menu and then select Wi-Fi test and then select OTA then select disable.
After that you will have to kill the hidden menu and you shouldn't be seeing the annoying OTA icon in your status bar anymore.
In file manager (root browser):
Rename otacerts.zip in /system/etc/security to otacerts.bak.
The full update is found in the cache partition called update.zip.
Move (or delete) the update.zip file from /cache directory (I put it on the sd card).
** dimm0k's method there seems to achieve a similar result, cant hurt to add the step of creating a zero length file after deleting/moving update.zip. I hadnt seen it, thus never did that but I havent had any OTA activity in a few days on mine.
Also in titanium backup (buy it already if you haven’t lol), freeze:
FOTA Update 7.0
Update Center 5.30.12
(I also disabled the com.lge.updatecenter.xxx overlay and themes, cuz whatever... lol)
Reboot and swipe away the notification if its still there. Should have stopped by this point.
======================
There ya go, good luck!
Click to expand...
Click to collapse
Okay someone in my base lend his laptop but its low end(sony viao core2 duo) dunno how well this work for flashing purposes, also I wanted to point before doing the process that my phone was unlocked permanently by tmobile unlock app and wanted to know if this can affect the unlocking or any other function of my v20.
Following those instructions to root will not gid rid of your carrier unlock.
You might be able to go to Settings>>Storage and delete Cached data.
Zacharee1 said:
You might be able to go to Settings>>Storage and delete Cached data.
Click to expand...
Click to collapse
Thank you! Now my other concern is that Im paying Jump! and root would void the warranty so I dont know if I should go ahead and do it regardless cause that silly update is already scheduled.
TempezT said:
Thank you! Now my other concern is that Im paying Jump! and root would void the warranty so I dont know if I should go ahead and do it regardless cause that silly update is already scheduled.
Click to expand...
Click to collapse
You can always restore to stock with the H918. Backup and root.
Zacharee1 said:
You can always restore to stock with the H918. Backup and root.
Click to expand...
Click to collapse
Thanks!
The issue Im having now is that I cant find how to root H91810k which is the current version my phone has besides the schedule update. Any info on that?
You have to find the KDZ for 10d and flash it with LGUP. Then you can use EasyRecowvery to root.
Flashing KDZs will wipe your data, so use LG Bridge to make a backup.
MDMAchine said:
Here since your on TMO, I compiled this for a buddy of mine through various sources (links provided) on the whole procedure start to finish. Might as well paste it for ya. Props to all original authors, etc...
I just did this on mine, same model, on firmware 10j. If your not on that or i step one will be to flash to the appropriate version. I didnt include that in my notes as myself and my buddy were both on 10j. But theres plenty of threads for that. if your on that, continue on.......
Click to expand...
Click to collapse
This is awesome! Thank you!!! You may want to make this its own post it's so helpful. Thanks again!!!!!!!!!
wewantutopia said:
This is awesome! Thank you!!! You may want to make this its own post it's so helpful. Thanks again!!!!!!!!!
Click to expand...
Click to collapse
No problem! Glad it helped, I will probably update the post a bit, and then I'll re-post it to its own thread in a few days. As I noticed this section is a bit disorganized...
MDMAchine said:
8. Stop them OTA updates!!!
====================================================
https://forum.xda-developers.com/showpost.php?p=72463487&postcount=4237
https://forum.xda-developers.com/showpost.php?p=70795926&postcount=5
====================================================
Open up your dialer interface and type in 277634#*#
This will bring up a hidden menu and then select Wi-Fi test and then select OTA then select disable.
After that you will have to kill the hidden menu and you shouldn't be seeing the annoying OTA icon in your status bar anymore.
In file manager (root browser):
Rename otacerts.zip in /system/etc/security to otacerts.bak.
The full update is found in the cache partition called update.zip.
Move (or delete) the update.zip file from /cache directory (I put it on the sd card).
** dimm0k's method there seems to achieve a similar result, cant hurt to add the step of creating a zero length file after deleting/moving update.zip. I hadnt seen it, thus never did that but I havent had any OTA activity in a few days on mine.
Click to expand...
Click to collapse
just wanted to add that SOMETIMES the update.zip is not in /cache. had this happen to me when I had the LGV10 and it just happened to me now. I had recently wiped my device to start from scratch and after initially setting up my device I got the update icon and indeed /cache/update.zip existed. a few reboots later for various reasons the update icon/notification disappeared, as did /cache/update.zip. I thought I was in the clear until last night when I got the update icon/notification again, but this time it was not in /cache. it somehow changed to /data/data/com.google.android.gms/app_download. so if you can't find it in /cache, look there!