Related
After my new Desire updated by OTA to 2.2, my HBoot upgraded to 0.93.001
As a result, I am no longer to root it again or flashing any cooked rom.... It is such a nightmare for me. So I decided went to HTC service center and asking for a factory restore to Android 2.1, unfortunately the guy stated that due to my personal's fault - to hack the bootloader, there is no way to downgrade the software anymore. I need to pay extra money for a circuit board replacement. I am so angry with the replied, my phone actaully working fine with OTA 2.2 version (it is official release for Taiwan), all I want to do is requested for downgrade to official 2.1, why I need to replace a circuit board????
Anyway after a few hours, I figure out a solution and now working fine with Hboot 0.8 and then re-flashed to customized cooked FroYo rom
Here is the steps: (be careful, I am not responisable for any demage due to these procedures, also you need to have basic knowledge on using Android adb tools)
0.) Download this good program: http://evo4g.me/downloads/evo-root.zip (Credit goes to djR3Z)
Download this file to "PB99IMG.zip" http://shipped-roms.com/shipped/Bra...8U_4.06.00.02_2_release_126984_signed_txt.zip
1.) Make a NEW Goldcard (best using FAT32 format micro SD 4GB or 2GB)
http://www.klutsh.com/dlfiles/GoldCardTool-0.0.5.rar
2.) Find your CID ==> e.g HTC__622 (someone said all 11111111 also worked, but if you can query, why not to input your own?)
fastboot oem boot <--- run this command, will show your own CID
3.) http://ks33673.kimsufi.com/misc/
and Create your own "mtd0.img"
>adb push flash_image /data/local/
>adb push rageagainstthecage-arm5.bin /data/local/tmp/
>adb push mtd0.img /sdcard/
>adb push PB99IMG.zip /sdcard/
>adb shell
chmod 0755 /data/local/tmp/rageagainstthecage-arm5.bin
chmod 0755 /data/local/flash_image
cd /data/local/tmp
./rageagainstthecage-arm5.bin
If you see:
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3319, 3319}
[*] Searching for adb ...
[+] Found adb as PID 74
[*] Spawning children. Dont type anything and wait for reset!
[*]
[*] If you like what we are doing you can send us PayPal money to
[*] [email protected] so we can compensate time, effort and HW costs.
[*] If you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 USD!
[*]
[*] adb connection will be reset. restart adb server on desktop and re-login.
$
> adb shell
# <---- you will see this good prompt
cd /data/local
./flash_image misc /sdcard/mtd0.img <---- make sure your connected to PC not in Disk drive mode
5.Shutdown your device
6.Hold volume DOWN and press power button
7.Wait until PB99IMG.ZIP was found and verfied. If that fails, check if you named the file the right way and it’s located in the root of your SD.
8.Press volume UP to start the update.
9.Wait until all steps are done. DON’T POWER OFF YOUR DEVICE!
10.After the downgrade progress has finished press volume UP to reboot.
Now you back to 2.1 with HBoot 0.80
(Please remember to delete the file PB99IMG.zip from your SDcard / folder)
If you want root again:
Navigate to http://www.unrevoked.com for rooted as usual
Interesting, a root exploit for froyo has been found? Though any downgrade of hboot is unnecessary. The rooting allows you to fix the misc partition which will let you flash any RUU you want.
My Desire show : Main Version is older! Update Fail!
setupspeed said:
My Desire show : Main Version is older! Update Fail!
Click to expand...
Click to collapse
what is the issue?
tell me what steps being failed...
hkfriends said:
what is the issue?
tell me what steps being failed...
Click to expand...
Click to collapse
read PB99IMG.ZIP finish , then checking PB99IMG.ZIP => fail
setupspeed said:
read PB99IMG.ZIP finish , then checking PB99IMG.ZIP => fail
Click to expand...
Click to collapse
Have u flashed Mtd0.img ok?
hkfriends said:
Have u flashed Mtd0.img ok?
Click to expand...
Click to collapse
Mtd0.img ok , pursuant step => still fail
better add some screenshoot bro
I have got hboot 0.93 with vodafone froyo and an amoled-display (no slcd).
Do the method of
android-tutorials.org/dev/?page_id=78
work (sorry, can't post the hole link because I an new registered, add www)?
Or do I have to use the method from post #1 in this thread?
cordezz said:
I have got hboot 0.93 with vodafone froyo and an amoled-display (no slcd).
Do the method of
android-tutorials.org/dev/?page_id=78
work (sorry, can't post the hole link because I an new registered, add www)?
Or do I have to use the method from post #1 in this thread?
Click to expand...
Click to collapse
Try teppic74's tool, i think it will be more easy and the same as mine too!
http://forum.xda-developers.com/showthread.php?t=768256
C:\adb>adb push flash_image /data/local/
adb server is out of date. killing...
* daemon started successfully *
774 KB/s (26172 bytes in 0.033s)
C:\adb>adb push rageagainstthecage-arm5.bin /data/local/tmp/
478 KB/s (5392 bytes in 0.011s)
C:\adb>adb push mtd0.img /sdcard/
1807 KB/s (655360 bytes in 0.354s)
C:\adb>adb push PB99IMG.zip /sdcard/
1550 KB/s (144169877 bytes in 90.807s)
C:\adb>adb shell
$ chmod 0755 /data/local/tmp/rageagainstthecage-arm5.bin
chmod 0755 /data/local/tmp/rageagainstthecage-arm5.bin
$ chmod 0755 /data/local/flash_image
chmod 0755 /data/local/flash_image
$ cd /data/local/tmp
cd /data/local/tmp
$ ./rageagainstthecage-arm5.bin
./rageagainstthecage-arm5.bin
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3319, 3319}
[*] Searching for adb ...
[+] Found adb as PID 671
[*] Spawning children. Dont type anything and wait for reset!
[*]
[*] If you like what we are doing you can send us PayPal money to
[*] [email protected] so we can compensate time, effort and HW costs.
[*] If you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 USD!
[*]
[*] adb connection will be reset. restart adb server on desktop and re-login.
$
C:\adb>adb shell
adb server is out of date. killing...
* daemon started successfully *
# cd /data/local
cd /data/local
# ./flash_image misc /sdcard/mtd0.img
./flash_image misc /sdcard/mtd0.img
# exit
exit
C:\adb>
-------------------------------------------------------------
my step , correct?
Yes, seems corrected..
have you made gold card?
what is your phone? OEM or branded?
what is the original Hboot version?
setupspeed said:
C:\adb>adb push flash_image /data/local/
adb server is out of date. killing...
* daemon started successfully *
774 KB/s (26172 bytes in 0.033s)
C:\adb>adb push rageagainstthecage-arm5.bin /data/local/tmp/
478 KB/s (5392 bytes in 0.011s)
C:\adb>adb push mtd0.img /sdcard/
1807 KB/s (655360 bytes in 0.354s)
C:\adb>adb push PB99IMG.zip /sdcard/
1550 KB/s (144169877 bytes in 90.807s)
C:\adb>adb shell
$ chmod 0755 /data/local/tmp/rageagainstthecage-arm5.bin
chmod 0755 /data/local/tmp/rageagainstthecage-arm5.bin
$ chmod 0755 /data/local/flash_image
chmod 0755 /data/local/flash_image
$ cd /data/local/tmp
cd /data/local/tmp
$ ./rageagainstthecage-arm5.bin
./rageagainstthecage-arm5.bin
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3319, 3319}
[*] Searching for adb ...
[+] Found adb as PID 671
[*] Spawning children. Dont type anything and wait for reset!
[*]
[*] If you like what we are doing you can send us PayPal money to
[*] [email protected] so we can compensate time, effort and HW costs.
[*] If you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 USD!
[*]
[*] adb connection will be reset. restart adb server on desktop and re-login.
$
C:\adb>adb shell
adb server is out of date. killing...
* daemon started successfully *
# cd /data/local
cd /data/local
# ./flash_image misc /sdcard/mtd0.img
./flash_image misc /sdcard/mtd0.img
# exit
exit
C:\adb>
-------------------------------------------------------------
my step , correct?
Click to expand...
Click to collapse
hkfriends said:
Yes, seems corrected..
have you made gold card?
what is your phone? OEM or branded?
what is the original Hboot version?
Click to expand...
Click to collapse
gold card => yes
My phone => HTC Desire
Hboot version => 0.93.0001
i have this error "error writing misc: Permission denied"
in this step: "./flash_image misc /sdcard/mtd0.img"
Noob question
Using your method wont brick my phone right? My phone details are below:
Unit: HTC Desire
ROM: FroYo OTA (Unbranded)
BOOTLoader: 0.93
Software:2.13.707.1
Kernel:2.6.32.15
Just use my tool instead, it's much easier.
Doesn't Unrevoked3, the tool that is used to root phones, support hboot 0.93 on unbranded / unlocked phones? So this step is un-necessary on unbranded / unlocked phones?
Did it work at all?
Hi,
I too want to downgrade my HTC Desire from 2.2 to 2.1 because after the upgrade to 2.2 with hboot 0.93 my desire has stopped connecting to the H or 3g network.
Did this guide work for anyone at all?
HI
CAN SOME HELP ME TO GET THE ROM IMAGE VERSION 2.13.707.1 I NEED THE EXE. FILE THATS THE ONLY WAY I KNOW TO INSTALL THE ROM!!!!
MY PHONE TRIED TO UPGRADE FROM THE PHONE SOMETHING WENT WRONG AND IT SWITCH ON AND GET STUCK IN WHITE SCREEN WITH htc GREEN LOGO . . . I TRIED TO INSTALL THE ROM FROM MY COMPUTER THE LATEST BUT THE IMAGE ON THAT IS 2.10.405.2 . I REALLY APPRECIATE IF SOMEONE CAN HELP ME
black screen
I got a black screen after downgrade. Also after restart the phone
Desire
Hi!
My phone is LG Optimus One. It's v10e.
I am new at this. This is my first android phone. I want to move the applications to SD Card. Because phone memory is not enough. So, i am trying to root my phone. Aldready 4 days. It's killing me. I aldready tried to root with different ways approximately 100 times. Every time same problems.
1- I tried to root 30-35 times with SuperOneClick 1.7
The problem is; when i hit the "Root" button, it's coming down to "Running psneuter..." and then, nothing! Nothing happens. Nothing changes. There is the details;
SuperOneClick v1.7.0.0
Killing ADB Server...
* server not running *
OK
Starting ADB Server...
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
OK
Waiting for device...
OK
Pushing psneuter...
1529 KB/s (585731 bytes in 0.374s)
OK
chmod psneuter...
OK
Running psneuter...
OK
***IF IT KEEPS LOOPING, TRY DISABLING USB DEBUGGING NOW***
Killing ADB Server...
OK
Starting ADB Server...
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
OK
Waiting for device...
OK
Running psneuter...
Click to expand...
Click to collapse
This is what i have with SuperOneClick 1.7. Is there any way to handle this? Please tell me, how can i figure it out?
2- I tried to root approximately 70 times with "Android SDK, OptimusRoot, then opening CMD window" way.
There was some guides from some forums. The guides are approximately same. I can't post the the links because, posting outside links not permitted for new users. I don't know how to post links.
I did everything in that guide. Every prerequisites fulfilled. Than opened a CMD window. Then, this...
C:\Users\Seyhan>cd c:\android-sdk-windows\platform-tools
c:\android-sdk-windows\platform-tools>adb push rageagainstthecage-arm5.bin /data
/local/tmp/rageagainstthecage
43 KB/s (5392 bytes in 0.120s)
c:\android-sdk-windows\platform-tools>adb push su /data/local/tmp/
641 KB/s (26264 bytes in 0.040s)
c:\android-sdk-windows\platform-tools>adb push busybox /data/local/tmp/
1710 KB/s (1926944 bytes in 1.100s)
c:\android-sdk-windows\platform-tools>adb shell
$ chmod 4755 /data/local/tmp/rageagainstthecage
chmod 4755 /data/local/tmp/rageagainstthecage
$ chmod 4755 /data/local/tmp/busybox
chmod 4755 /data/local/tmp/busybox
$ cd /data/local/tmp
cd /data/local/tmp
$ ./rageagainstthecage
./rageagainstthecage
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3341, 3341}
[*] Searching for adb ...
[+] Found adb as PID 1927
[*] Spawning children. Dont type anything and wait for reset!
[*]
[*] If you like what we are doing you can send us PayPal money to
[*] so we can compensate time, effort and HW costs.
[*] If you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 USD!
[*]
[*] adb connection will be reset. restart adb server on desktop and re-login.
$
c:\android-sdk-windows\platform-tools>adb shell
error: device not found
c:\android-sdk-windows\platform-tools>
Click to expand...
Click to collapse
it's coming to here;
[*] adb connection will be reset. restart adb server on desktop and re-login.
then nothing happens. Usb connection is removing itself, but not connecting after remove. Every time same problem. I can't get the "#". If anyone knows something about this, please help me. This is already a death battle for me. If anybody can help me with root my phone, i can't explain how i will be thankful.
Thanks for your interests.
did u try with z4root?
may be this will help
i think you will have to downgrade from v10e.
try the official forum in xda
I already tried z4root but its not working on v10e. Where can i open a thread for downgrade from v10e?
Greetings,
I have received my shiny new Eluga Power and I am wondering if anybody else has this device and if anybody has rooted there's?
Sent from my P-07D using xda premium
Edit: moved to Q&A, lets see if you can get some help but do search for your device.
First welcome...
Next time post in the Q&A section for questions. To better serve you do a search for your device and look in the Dev section for your model device...also you will find a Q&A section there, Thank you.
Btw ensure you read the forum rules.
Sent from a closet, at Arkham Asylum using Forum Runner.
ianford10 said:
Greetings,
I have received my shiny new Eluga Power and I am wondering if anybody else has this device and if anybody has rooted there's?
Sent from my P-07D using xda premium
Click to expand...
Click to collapse
Where did you get it from?HOw much? How's it first impression?
mixmaster said:
Where did you get it from?HOw much? How's it first impression?
Click to expand...
Click to collapse
Had to import it from a Japanese eBay store with a cost of £560 with delivery. First impressions of the phone are very good, nice big clear screen, batter life is okay considering the screen size, calls are crisp and clear, feels good in the hand to hold. Will have more info as I use it over the next couple of weeks
Sent from my P-07D using xda premium
Rooting P-07D success...
I was able to root my Panasonic Eluga Power (P-07D) you can check the screenshot below. As of the moment I am re-writing the steps for others so they can easily follow the instructions as this was written in Japanese (Thanks to http://sithxi.blog49.fc2.com/blog-entry-51.html and goroh_kun. Hopefully this would help others root there device just like me. The only main problem for me now is SIM unlock the device.
Panasonic Eluga Power rooting instructions...
As promised here are the steps: (This seems to look like a temporary root, as you will loose it once the device rebooted) But still it's a good primary step. For the source code it can be downloaded from here. Panasonic Eluga Power Source Code
goroh_kun
2012/10/18
root privileges acquisition & tomoyo released experimental version in
the p-07d
things to do
Run:
1. >adb restore p-07d.ab
I press OK authentication
After the restore is finished
2. Open another command prompt and type the following:
>adb shell
$cd /data/data/com.android.settings/a/
$ls -l -d
drwxrwxrwx system system a
- check directory called A exists, it is world readable, writable as
show above
3. $ ls -l
⇒ file00 〜 file99 check if files exists
Delete all file from file00 ~ file99
run the command below
4. >adb shell
$cd /data/data/com.android.settings/
$rm -r a/*
change permissions to 777 /persist
This is the tricky part as you need to to do this using two command prompt, one running the adb restore p-07d.ab while the other on the shell command running ln -s /persist a/file99 command.
5. First run: >adb restore p-07d.ab while it is restoring on the other command prompt run in shell $ ln-s / persist a/file99
6. Now lets check the permission to folder /persist by typing on the command prompt that is already in shell.
$ ls -l -d /persist
drwxrwxrwx system system persist <--(you should see this)
Now move on your other command prompt window and run the following commands. (you can download the needed file at this link
Then run the command below to push the files needed for rooting:
>adb push init.cne.rc /data/local/tmp
>adb push p07dgetroot /data/local/tmp
>adb push xsh /data/local/tmp/
>adb push libQ.so /persist
>adb shell rm /persist/init.cne.rc
>adb shell ln -s /data/local/tmp/init.cne.rc /persist/init.cne.rc
>adb reboot
The next step is kinda hard to understand and I qoute: "/persist at Startup directory of the recovery process because it will not be restored and persist the only symbolic links should be a basic /data/local/tmp to keep the change."
After re-move environment variable is changed to check (LD_PRELOAD= /presist/libQ.so and be sure it is).
7. > adb shell
$echo $LD_PRELOAD
/persist/libQ.so <--(you should see this)
8. To Unlock Tomoyo, follow this steps:
> adb shell
$ cat /data/local/tmp/p07dgetroot > /tmp/xsh
$ ls -l /tmp/xsh
-rw-rw-rw- shell shell xsh <--(you should see this)
Make sure that wirelss LAN is ON before doing the command below:
9. WLAN ON / TURN OFF WLAN / TURN ON WLAN (wait to be connected before typing the below command or you will have to do it again)
$ ls -l /tmp/xsh
-rwsr-sr-x root root xsh <--(you should see this)
$ /tmp/xsh
/tmp/xsh
/tmp/.mem fd=3
read ret = 256
write ret = 256
At this stage, Tomoyo is now unlocked
10.
$rm /tmp/xsh
$cat /data/local/tmp/xsh > /tmp/xsh
11. WLAN ON / TURN OFF WLAN / TURN ON WLAN (wait to be connected before typing the below command or you will have to do it again)
$ls -l /tmp/xsh
-rwsr-sr-x root root xsh <--(you should see this)
12. $/tmp/xsh
$(precmd)[email protected]$HOSTNAME:${PWD:-?} $ <--(you should see
this)
Here is a shell with root privileges, so stand up and be able to work a variety. You can also install the su
13. $(precmd)[email protected]$HOSTNAME:${PWD:-?} $
$ mount -o remount,rw /system /system
$ chmod 777 /system/app/
$ chmod 777 /system/bin/
$ chmod 777 /system/xbin/
Open another command prompt:
adb push Superuser.apk /system/app/
adb push su /system/bin/
adb push busybox /system/xbin/
Go back to ($(precmd)[email protected]$HOSTNAME:${PWD:-?} $) window:
chown root.root /system/bin/su
chmod 6755 /system/bin/su
chmod 644 /system/app/Superuser.apk
chown root.shell /system/xbin/busybox
chmod 755 /system/xbin/busybox
chmod 755 /system/app/
chmod 755 /system/bin/
chmod 755 /system/xbin/
Verify root access by installing "Root Checker".
Note: each time you reboot your device you will need to run Tomoyo Unlock script to regain root access (Step 8 - 12) which I re-wrote below:
8. Tomoyo Unlock
> adb shell
$ cat /data/local/tmp/p07dgetroot > /tmp/xsh
$ ls -l /tmp/xsh
-rw-rw-rw- shell shell xsh <--(you should see this)
WLAN ON / OFF / ON
$ ls -l /tmp/xsh
-rwsr-sr-x root root xsh <--(you should see this)
$ /tmp/xsh
/tmp/xsh
/tmp/.mem fd=3
read ret = 256
write ret = 256
At this stage, tomoyo is released
$rm /tmp/xsh
$cat /data/local/tmp/xsh > /tmp/xsh
WLAN ON / OFF / ON
$ls -l /tmp/xsh
-rwsr-sr-x root root xsh <--(you should see this)
$/tmp/xsh
$(precmd)[email protected]$HOSTNAME:${PWD:-?} $ <---(you should end up here to regain root access, if not redo it again)
Proof:
ask questions
hi,
If it unlocked the device of sim by docomo, when i root it, the condition of unlock sim whether will cancel????
---------- Post added at 12:10 AM ---------- Previous post was at 12:06 AM ----------
dear zyper95,
Can you make the picture to show the process of root??
thank a lot
Panasonic P-07D
Hello, Someone tell me how to reset to factory settings "Android system recovery -> wipe data / factory reset -> Yes-delete all user data -> Please input password". What is the password to be entered? Help please.
Panasonic Eluga Power P-07D hard reset plz:crying::crying::crying:
Source: http://www.androidpolice.com/2012/0...root-the-lg-intuition-and-lg-spectrum-on-ics/
If you find this useful please follow me (jcase) on twitter ( https://twitter.com/teamandirc/ ).
Here you go, root for both the new LG Intuition and the LG Spectrum running ICS. The vulnerability is a simple permission bug allowing us to setup a symlink to local.prop (yes yet again). While the bug is the same, the procedure is slightly different, so I will have the instructions separate.
With the LG Intuition, they did seem to attempt to mitigate this attack. Not by setting correct permissions, but by dropping adbD to the shell user if it runs as root, even if ro.kernel.qemu=1 is set. They failed, they give us enough time to run one command before dropping the root privileges, in our case a script to root the phone.
LG Spectrum ICS Root (for the leaked ICS rom):
Expect this to be patched in the release rom. Leaked ICS rom has locked bootlaoders, ie no recovery at this point.
Files needed:
su ( http://dl.dropbox.com/u/8699733/lgroot/su )
adb shell
$ rm /data/vpnch/vpnc_starter_lock
$ ln -s /data/local.prop /data/vpnch/vpnc_starter_lock
$ exit
adb reboot
adb wait-for-device shell
$ echo 'ro.kernel.qemu=1' > /data/local.prop
$ exit
adb reboot
adb wait-for-device remount
adb push su /system/xbin/su
adb shell
# chown 0.0 /system/xbin/su
# chmod 06755 /system/xbin/su
# rm /data/local.prop
# rm /data/vpnch/vpnc_starter_lock
# reboot
Once rebooted, install Superuser from the market and enjoy.
LG Intuition Root
Files needed:
su ( http://dl.dropbox.com/u/8699733/lgroot/su )
lgroot.sh ( http://dl.dropbox.com/u/8699733/lgroot/lgroot.sh )
adb push su /data/local/tmp/su
adb push lgroot.sh /data/local/tmp/lgroot.sh
adb shell
$ chmod 777 /data/local/tmp/lgroot.sh
$ rm /data/vpnch/vpnc_starter_lock
$ ln -s /data/local.prop /data/vpnch/vpnc_starter_lock
$ exit
adb reboot
You may have to unplug/replug your phone to get some computers to pick it up again after this reboot.
adb wait-for-device shell
$ echo 'ro.kernel.qemu=1' > /data/local.prop
$ exit
Here is the important part, you will have to execute the next to commands one after the other. We want the second command to be fired off as soon as adbD comes up, before it drops root privileges. This may take some a few minutes, and after the second command is complete you may have to unplug/replug you phone to get your computer to see it again.
adb reboot
adb wait-for-device /data/local/tmp/lgroot.sh
(Here is where you may have to unplug/replug, but only after the second command has ran).
adb wait-for-device shell
$ su
# rm /data/local.prop
# rm /data/vpnch/vpnc_starter_lock
# reboot
Once rebooted, install Superuser from the market and enjoy.
Thanks!
Dude, it has been killing me not having root since I managed to get the leaked ICS installed. But I tried this, and just wasn't having any luck. I tried to make a .bat file for it, no go. So i tried inputting it line by line and i keep getting hung up at the $ echo 'ro.kernel.qemu=1' part. Just wondering if anyone else is having this problem.
Also, since yesterday whenever I check for a software update, I'm getting an "error occurred during download". I was wondering if I would even be able to get the final ICS OTA when it finally is available.
Thanks again jcase!
LostCauseSPM said:
Dude, it has been killing me not having root since I managed to get the leaked ICS installed. But I tried this, and just wasn't having any luck. I tried to make a .bat file for it, no go. So i tried inputting it line by line and i keep getting hung up at the $ echo 'ro.kernel.qemu=1' part. Just wondering if anyone else is having this problem.
Also, since yesterday whenever I check for a software update, I'm getting an "error occurred during download". I was wondering if I would even be able to get the final ICS OTA when it finally is available.
Thanks again jcase!
Click to expand...
Click to collapse
Which specific ICS version do you have, I had a couple different leaks to work with.
jcase said:
Which specific ICS version do you have, I had a couple different leaks to work with.
Click to expand...
Click to collapse
build #: IMM76D
Still tweeking on it. Just updated all my drivers, too. I'm not a total newb, but I'm no pro, either.
jcase said:
Source: http://www.androidpolice.com/2012/0...root-the-lg-intuition-and-lg-spectrum-on-ics/
LG Intuition Root
Files needed:
su ( http://dl.dropbox.com/u/8699733/lgroot/su )
lgroot.sh ( http://dl.dropbox.com/u/8699733/lgroot/lgroot.sh )
adb push su /data/local/tmp/su
adb push lgroot.sh /data/local/tmp/lgroot.sh
adb shell
$ chmod 777 /data/local/tmp/lgroot.sh
$ rm /data/vpnch/vpnc_starter_lock
$ ln -s /data/local.prop /data/vpnch/vpnc_starter_lock
$ exit
adb reboot
You may have to unplug/replug your phone to get some computers to pick it up again after this reboot.
adb wait-for-device shell
$ echo ‘ro.kernel.qemu=1’ > /data/local.prop
$ exit
Here is the important part, you will have to execute the next to commands one after the other. We want the second command to be fired off as soon as adbD comes up, before it drops root privileges. This may take some a few minutes, and after the second command is complete you may have to unplug/replug you phone to get your computer to see it again.
adb reboot
adb wait-for-device /data/local/tmp/lgroot.sh
(Here is where you may have to unplug/replug, but only after the second command has ran).
adb wait-for-device shell
$ su
# rm /data/local.prop
# rm /data/vpnch/vpnc_starter_lock
# reboot
:crying:
Once rebooted, install Superuser from the market and enjoy.
Click to expand...
Click to collapse
i tried but as soon as i entered adb shell it kick me off and haven't been able to try since
jcase said:
Which specific ICS version do you have, I had a couple different leaks to work with.
Click to expand...
Click to collapse
Ive got the spectrum, btw. Still trying to make a nice, clean, automated .bat, but it keeps failing now at the remount command.
---------- Post added at 07:37 PM ---------- Previous post was at 07:24 PM ----------
And now is saying "rm failed for /data/vpnch..."
When the remount fails, I get a "remount failed: operation not permitted" message.
Hope this is useful to you.
LostCauseSPM said:
Ive got the spectrum, btw. Still trying to make a nice, clean, automated .bat, but it keeps failing now at the remount command.
---------- Post added at 07:37 PM ---------- Previous post was at 07:24 PM ----------
And now is saying "rm failed for /data/vpnch..."
When the remount fails, I get a "remount failed: operation not permitted" message.
Hope this is useful to you.
Click to expand...
Click to collapse
add [email protected] to gltak and hit me up.
lahegry said:
i tried but as soon as i entered adb shell it kick me off and haven't been able to try since
Click to expand...
Click to collapse
unplug/replug, The intuition is very touchy. Might need to do it from another system or with another cable.
jcase said:
unplug/replug, The intuition is very touchy. Might need to do it from another system or with another cable.
Click to expand...
Click to collapse
i don't think i'm fast enough, i just can't type faster than it kicks me off
lahegry said:
i don't think i'm fast enough, i just can't type faster than it kicks me off
Click to expand...
Click to collapse
Place the two commands into a batch file/shell script, or setup teamviewer and msg me on gtalk
so this is just I've come up with tonight, the exploit still fails line by line, so I made a batch file just for that command, and I think I may be misunderstanding that "adb mount - o" command you recomended.
Wow, this chrome is NOT liking this txt box, keeps jumping backwards for some reason. C'mon Google...
I've got the intuition and here is what I'm coming up with using cmd prompt in windows:
C:\android-sdk\platform-tools>adb push su /data/local/tmp/su
2642 KB/s (380532 bytes in 0.140s)
C:\android-sdk\platform-tools>adb push lgroot.sh /data/local/tmp/lgroot.sh
10 KB/s (164 bytes in 0.015s)
C:\android-sdk\platform-tools>adb shell
[email protected]:/ $ chmod 777 /data/local/tmp/lgroot.sh
chmod 777 /data/local/tmp/lgroot.sh
[email protected]:/ $ rm /data/vpnch/vpnc_starter_lock
rm /data/vpnch/vpnc_starter_lock
[email protected]:/ $ ln -s /data/local.prop /data/vpnch/vpnc_starter_lock
ln -s /data/local.prop /data/vpnch/vpnc_starter_lock
[email protected]:/ $ exit
exit
C:\android-sdk\platform-tools>adb reboot
C:\android-sdk\platform-tools>adb wait-for-device shell
[email protected]:/ $ echo `ro.kernel.qemu=1' > /data/local.prop
echo `ro.kernel.qemu=1' > /data/local.prop
> exit
exit
> adb reboot
adb reboot
> adb wait-for-device /data/local/tmp/lgroot.sh
adb wait-for-device /data/local/tmp/lgroot.sh
> adb wait-for-device shell
adb wait-for-device shell
>
I believe I see where the mistake is, but don't know how to fix it.
---------- Post added 30th September 2012 at 12:02 AM ---------- Previous post was 29th September 2012 at 11:57 PM ----------
actually I don't see my mistake and I should be doing all this in PTP mode correct?
Try now, something was altering my post
arnshrty said:
I've got the intuition and here is what I'm coming up with using cmd prompt in windows:
C:\android-sdk\platform-tools>adb push su /data/local/tmp/su
2642 KB/s (380532 bytes in 0.140s)
C:\android-sdk\platform-tools>adb push lgroot.sh /data/local/tmp/lgroot.sh
10 KB/s (164 bytes in 0.015s)
C:\android-sdk\platform-tools>adb shell
[email protected]:/ $ chmod 777 /data/local/tmp/lgroot.sh
chmod 777 /data/local/tmp/lgroot.sh
[email protected]:/ $ rm /data/vpnch/vpnc_starter_lock
rm /data/vpnch/vpnc_starter_lock
[email protected]:/ $ ln -s /data/local.prop /data/vpnch/vpnc_starter_lock
ln -s /data/local.prop /data/vpnch/vpnc_starter_lock
[email protected]:/ $ exit
exit
C:\android-sdk\platform-tools>adb reboot
C:\android-sdk\platform-tools>adb wait-for-device shell
[email protected]:/ $ echo `ro.kernel.qemu=1' > /data/local.prop
echo `ro.kernel.qemu=1' > /data/local.prop
> exit
exit
> adb reboot
adb reboot
> adb wait-for-device /data/local/tmp/lgroot.sh
adb wait-for-device /data/local/tmp/lgroot.sh
> adb wait-for-device shell
adb wait-for-device shell
>
I believe I see where the mistake is, but don't know how to fix it.
---------- Post added 30th September 2012 at 12:02 AM ---------- Previous post was 29th September 2012 at 11:57 PM ----------
actually I don't see my mistake and I should be doing all this in PTP mode correct?
Click to expand...
Click to collapse
Correction needed for Intuition
First of all, thank you!!!
For Intuition, where the 'important part' is, the second command returns an error.
I was able to succeed by running
adb reboot
adb wait-for-device shell
then wait for the # to appear, and quickly paste and execute:
/data/local/tmp/lgroot.sh
took a few tries, but I am rooted! :laugh:
krapman said:
First of all, thank you!!!
For Intuition, where the 'important part' is, the second command returns an error.
I was able to succeed by running
adb reboot
adb wait-for-device shell
then wait for the # to appear, and quickly paste and execute:
/data/local/tmp/lgroot.sh
took a few tries, but I am rooted! :laugh:
Click to expand...
Click to collapse
Just wondering how you guys like this device? I was just debating on switching to verizon and this device stands out as the most interesting to me... so I had to look here to see if anybody rooted it.
Anybody try any different roms? or think there may be a Jelly Bean update for it?
/system/bin/sh su not found
any help with this was having an issue with the echo command but got past that but now it's giving me this error
davieslacker said:
Just wondering how you guys like this device? I was just debating on switching to verizon and this device stands out as the most interesting to me... so I had to look here to see if anybody rooted it.
Anybody try any different roms? or think there may be a Jelly Bean update for it?
Click to expand...
Click to collapse
It's an amazing device I love it and im rooted. used the steps above and it worked. I am sure it will get jelly bean love eventually. No roms yet. But LG added a lot of customization to the device form what developers usually add as mods.
Will there be a single click method for root on the intuition. I can't seem to get this method to work
Exploit still works on the final version of ICS for the LG Spectrum
Just updated my phone. Couldn't wait for the OTA rollout, updated via the Verizon Wireless Update Util on my comp. Root worked no problem. Thanks again Jcase!
What did you update your phone to?
Sent from my VS950 4G using xda app-developers app
Hi
I have a new Android device, it's not any of the ones that have their own forum.
More specifically it runs Android 11 on top of a 4.19.193 Rockchip BSP kernel.
I need to read one or two specific files but these files are only readable by root.
I have ADB shell access.
What I do want to acheive:-
Temporarily have an ability to copy a file that's readable only by root, this could be by some GUI app that copies files, as long as the copy is readable by normal user, running commands as root, copy a partition to an image file, export to a desktop machine and read it there. Any one of these would get me that file.
What I don't want to do:-
I don't want to permanently modify the device, unlock the bootloader, put su into /system or anything like that.
Does anyone know of a rooting app that can give me temporary root access but then doesn't actually change the system?
thanks
To get temporary super-user ( AKA root ) rights on an Android's device shell all you have to do is to find a suitable su binary and copy it onto Android's filesystem.
A: To run Android shell commands with super-user right from within the shell on desktop computer ( AKA Command Prompt ) you have to run within desktop computer shell
Code:
adb devices
adb push <LOCATION-OF-SUITABLE-SU-BINARY-ON-PC-HERE> /data/local/tmp/
what will 1. connect the Android device to your desktop computer and 2. upload the su binary in the Android device temporary directory always available for the user.
B: Then, in desktop computer shell type
Code:
adb shell "cd /data/local/tmp & chmod 776 su"
what makes the su binary executable: its ownership by default is set to shell.
C: Then in desktop computer shell type
Code:
adb shell "ls -l"
what will show you content and permissions on recently uploaded files.
D:
To apply a series of Android shell commands what require super-user rights you now would run
Code:
adb shell
export PATH=/data/local/tmp:$PATH"
su -c "<SHELL-CMD-HERE>"
....
su -c "<SHELL-CMD-HERE">
exit
BTW:
When in an Android shell another process like su gets started then this spawned process runs as a child process means it inherits most of the parent process attributes.
adb push allowed me to send the file
Code:
adb push su /data/local/tmp/
su: 1 file pushed. 1.2 MB/s (11640 bytes in 0.009s)
but the adb shell command is failing
Code:
adb shell "cd /data/local/tmp & chmod 776 su"
chmod: su: No such file or directory
if I then log in over adb I don't seem to have permissions to do anything in data
Code:
adb shell
ls -al
drwxrwx--x 47 system system 4096 2022-09-02 16:31 data
cd data
ls -al
ls: .: Permission denied
additionally, I thought that su would need the suid bit set
Does chmod 766 acheive that?
oh this works
Code:
adb shell
cd /data/local/tmp
ls -al
total 18
drwxrwx--x 2 shell shell 3452 2022-09-02 16:32 .
drwxr-x--x 4 root root 3452 2022-07-27 03:04 ..
-rw-rw-rw- 1 shell shell 11640 2022-09-02 16:29 su
Code:
chmod 776 su
ls -al
total 18
drwxrwx--x 2 shell shell 3452 2022-09-02 16:32 .
drwxr-x--x 4 root root 3452 2022-07-27 03:04 ..
-rwxrwxrw- 1 shell shell 11640 2022-09-02 16:29 su
Code:
adb shell
export PATH=$PATH:/data/local/tmp
su
su: setgid failed: Operation not permitted
The device has separate boot_a, boot_b, dtbo_a, dtbo_b partitions.
If I could be reasonably sure that booting a boot partition from a similar device (I have one) would pick up the dtb from this device then I think I could be reasonably confident of not frying anything, I might try and boot it from fastboot.