I've seen that there's no topic teaching how to ROOT the phone in the forum yet, so I'm making one myself, I hope this will help users who come here looking for info.
This method was originally found by jboogie3 here http://modmymobile.com/forums/637-motorola-defy-general/557910-motorola-defy-root-droid2method.html
EDIT: If you have version 2.51 ROOT with another way, check out this topic: http://forum.xda-developers.com/showthread.php?t=889133
Let's get started:
1. Put the phone in Debug Mode: Go to Settings > Applications > Development and check USB debugging box.
2. Extract the files from the zip below, connect the phone via USB, and copy them to the phone via ADB like this:
Code:
adb push Superuser.apk /sdcard/Superuser.apk
adb push su /sdcard/su
adb push busybox /sdcard/busybox
adb push exploit.bin /data/local/tmp/exploit.bin
3. Now we enter the phone's internal shell, also using ADB:
Code:
adb shell
4. Then we take advantage of the "fake" root exploit:
Code:
cd /data/local/tmp
chmod 0755 exploit.bin
./exploit.bin
5. Now after that last command you should be back to your normal console, not the phone one, so we need to connect to it again, and doing so we should now see that we have root permissions since the "#" symbol is displayed instead of "$".
Code:
adb shell
6. Now we mount the /system partition as writable and copy the necessary files there, and set them with the right permissions:
Code:
mount -o rw,remount -t ext3 /dev/block/mmcblk1p21 /system
cp /sdcard/Superuser.apk /system/app/Superuser.apk
cp /sdcard/su /system/bin/su
cp /sdcard/busybox /system/bin/busybox
chmod 4755 /system/bin/su
chmod 4755 /system/bin/busybox
mount -o ro,remount -t ext3 /dev/block/mmcblk1p21 /system
exit
7. Restart the phone and check if you have ROOT in a terminal by typing the "su" command, or by installing any other app that requires ROOT, and seeing it the SuperUser app pops up.
Or, download z4root by ryan in the market. Click permanent root, done.
Sent from my MB525 using XDA App
Many people reported z4root to work, but somehow it didn't work for me :\, phone reboot 2 times, but root wasn't being recognized system wide. But yeah, there's no problem testing that first, if it works for you it's way simpler
Worked well for me. Almost too easy.
Thank you for the great write up though.
pedrodh said:
Many people reported z4root to work, but somehow it didn't work for me :\, phone reboot 2 times, but root wasn't being recognized system wide. But yeah, there's no problem testing that first, if it works for you it's way simpler
Click to expand...
Click to collapse
Sent from my MB525 using XDA App
Well, at least this will help people know what's going on in the background for achieving ROOT hehe
Thanks for posting and distur for the z4root tip, worked for me.
Sent from my MB525 using XDA App
Yep. z4root worked for me as well. Perfect.
Nice writeup! very detailed
thx !!!
thanks much
z4root worked for me as well. no issues and running for more than a week now rooted. haven't tried the unroot function yet...
I made it also with z4root...no problem so far
root
are we talking super 1 click, rooted mine 1st day i got it same method as droid no probs so far, all the crap from vodafone gone now, waiting for a nice rom
I heard that the DORoot works as well. There are also links on how to root on the Droid 2. I'd think it would be similar.
http://forum.xda-developers.com/showthread.php?t=782556
hi first time android newbie here-
i downloaded and install z4root - how do i confirmed the device was rooted?
After rooting, in your application drawer (middle button that brings up all your apps) you'll see the superuser app. It looks like an android skull and crossbones.
I have a Motorola Defy on T-Mobile UK, If I use z4root will this enable me to root my phone.
Exactly what does rooting achieve, Will it allow me to try another rom?
Yes, z4root will let you achieve root on this phone.
ROOT has nothing or very little to do with custom ROMs, ROOT it's the Unix super user, the administrator per say. With it certain apps that modify system properties will work (search Android Market for "root"), and also it enables you to do all sorts of crazy stuff on the phone, like literaly modify any file. So if for example there's an app that bundles with the phone, and that you normaly couldn't unistall it, with ROOT you can just delete the app, and that's it . That's and many more things, although root it's most usufull for developers or hackers than the normal user. It's not like jailbreaking an Iphone, Android it's already open enough for the regular user.
If I root the Motorola Defy and I delete some files because I not familiar with this, will I make my Motorola Defy dead.
croxley said:
If I root the Motorola Defy and I delete some files because I not familiar with this, will I make my Motorola Defy dead.
Click to expand...
Click to collapse
Rooting doesn't delete files If you've rooted your phone, you won't be able to just go to the system folder and delete something. You need tools like "root exporer" for this. This is a payware. When you rooted your phone, this root explorer can ask you for more rights. These are needed to delete needed files. Also you can do it for free with the androidSDK. Have a look here: http://forum.xda-developers.com/showpost.php?p=9456771&postcount=1
but be: don't do thinks where you don't know to get it undone. You CAN brick your phone and then you'll have to spend much time to get it back working.
Related
Update: One click root has been using this "simple" method since version 2.2.7. If you're rooting your phone for the first time, please try that first. Consider this thread to be purely informational for those who want step-by-step details of how the process works.
I've been suspicious of the joeykrim root method since it was first posted at SDX. I finally got my Epic yesterday and confirmed that is, indeed unnecessary. I don't fault joeykrim though, he ported the working root method from the Moment to the Epic without actually having access to an Epic himself.
Anyways, the joeykrim root method is unnecessarilly complex becuase it works around an RFS permissions bug which loses the setuid bit on the Moment. It appears the Galaxy S phones have this bug fixed, which is why the root methods on the I9000, Vibrant, Captivate, Fascinate, etc., are much simpler.
So, for the simple root:
First, make sure joeykrim root is not installed.
Upgrade to DI18 (not strictly necessary, but you'll want to do it).
Setup a working adb from the Android SDK and whatever drivers are necessary for your platform.
Download rageagainstthecage-arm5.bin from the C skills blog (link removed due to my newbieness) or from any of the one-click root packages.
Download su-2.3.6.1-ef-signed.zip and extract "system/bin/su" and "system/app/Superuser.apk" to a temporary directory you'll be working from.
Enable USB debugging on your phone and connect it to your computer.
Now, open a command prompt/shell on your computer and cd to the appropriate temporary directory. Run:
Code:
adb push rageagainstthecage-arm5.bin /data/local/tmp
adb shell chmod 755 /data/local/tmp/rageagainstthecage-arm5.bin
adb shell /data/local/tmp/rageagainstthecage-arm5.bin
and confirm you have a working root shell. Then continue with:
Code:
adb push su /system/xbin
adb shell chmod 4755 /system/xbin/su
adb install Superuser.apk
That's it! You should have a working root via su & the Superuser package. At least, I did.
Note that the preceeding steps installs Superuser.apk to /data, which is what I prefer to do. This means if you do a "Factory data reset" su will be temporarilly broken until you reinstall the Superuser.apk package. Since installing the package itself doesn't require root, this is easily done after a /data reset.
Also note that I did not perform a /system remount-rw anywhere. At least on my Epic, /system appears to always be mounted read-write so it's an unnecessary step. It's actually the "joeykrim-root.sh" script that remounts /system read-only during the boot process, which is why folks who don't use root kernels have run into this problem before. I'm not sure why joeykrim's script does that, I guess he probably assumed /system is mounted read-only by default. There's arguments that /system should be read-only, but I didn't touch it in case some Samsung stuff depends on it being read-write.
Finally, if you're already rooted via joeykrim or are running a root kernel, there's nothing really to be gained by doing this. I'm just throwing this out there as I perfer to make the minimum invasive changes possible to obtain root.
Wow, that was really informative. To check for Super user you:
Type: adb shell
then type: SU
You should get a # sign if you have root. Correct?
In the original Noobln post method would the Epic keep root even after a wipe therefore not needing to re-apply the superuser apk again? That might be a reason why folks would want to go the more invasive route (considering rooters seems to change ROMS fairly often which requires wipes sometimes). Either way, keeping a copy of the apk file on your SD card is no big deal.
mkasick said:
Also note that I did not perform a /system remount-rw anywhere. At least on my Epic, /system appears to always be mounted read-write so it's an unnecessary step. It's actually the "joeykrim-root.sh" script that remounts /system read-only during the boot process, which is why folks who don't use root kernels have run into this problem before. I'm not sure why joeykrim's script does that, I guess he probably assumed /system is mounted read-only by default. There's arguments that /system should be read-only, but I didn't touch it in case some Samsung stuff depends on it being read-write.
Click to expand...
Click to collapse
This explains a lot of problems! thanks
EDIT- another noob question- why do you prefer to have superuser installed to /system/data- why not put it in /system/app? Also if I want to install busybox where is the best location to put it?
ZenInsight said:
Wow, that was really informative. To check for Super user you:
Type: adb shell
then type: SU
You should get a # sign if you have root. Correct?
Click to expand...
Click to collapse
Once you run rageagainstthecage-arm5.bin, you should get a root-shell automatically every time you run "adb shell" after until you reboot the phone. Yes, you can tell it's a root shell since it uses the "#" prompt. This is the important part to check, since if the exploit doesn't work, you'll have to run it again. But I haven't seen it not work.
After su is installed and you reboot, your steps are correct: run "adb shell", run "su", then you'll be prompted on the phone scren to authorize access and once you allow it you'll end up with a "#" prompt.
ZenInsight said:
In the original Noobln post method would the Epic keep root even after a wipe therefore not needing to re-apply the superuser apk again?
Click to expand...
Click to collapse
noobnl installs Superuser.apk to /system, you can do that here too. Just replace the "adb install Superuser.apk" step with "adb push Superuser.apk /system/app". It's independent of the joeykrim scripts.
With my captivate we have many update.zip root methods to choose from. Any chance this will be coming to the epic? Have a friend with an epic and command lines would be too much and one click didn't work.
Sent from my SAMSUNG-SGH-I897 using XDA App
jimmyz said:
why do you prefer to have superuser installed to /system/data- why not put it in /system/app?
Click to expand...
Click to collapse
I prefer to keep consistent with the idea that user-installed applications go in /data, and stock-installed-and-unmodified applications remain in /system/app. This way, upgrading Superuser.apk doesn't require a root-shell/root-explorer, you can remove it or upgrade it the way you do with any user installed application--adb install, side-loading via an sdcard, or downloading it from the market.
Plus, in general I prefer to keep my /system as untouched as possible. For example, I don't remove stock apps either. The "su" binary has to be installed in /system to persist after a /data wipe, and busybox is best installed to /system so it's in PATH (haven't looked into modifying the default PATH yet). Otherwise I try to keep /system alone.
jimmyz said:
Also if I want to install busybox where is the best location to put it?
Click to expand...
Click to collapse
Android's default PATH provides four places for busybox to be installed: /sbin, /system/bin, /system/sbin, and /system/xbin. /sbin is part of the initramfs, in other words it's controlled by the kernel you're running. You can install busybox to any of the three /system/*bin directories, but I prefer /system/xbin.
In the traditional Unix conventions, "/usr/bin" is for user-runnable stock-installed programs, and "/usr/sbin" is for root-requiring (superuser-runnable) stock-installed programs. "xbin" isn't part of the standard convention, but I'd guess it's intended for "extra binaries" that are not part of the stock installation (much like /usr/local/bin), thus it seems like an appropriate location for a user-added "su" and "busybox" programs.
The second reason is that "xbin" is relatively empty, so if you want to create the applet symlinks (i.e., so that you can call "cp" instead of "buybox cp") it won't overwrite the stock toolbox symlinks. Also, since "xbin" is last on the default PATH, any programs provided by both toolbox and busybox will default to the toolbox version--which would be important for stock system scripts that might run into compatibility issues if they were to use the busybox versions instead.
To install busybox, grab a copy of the binary from somewhere (one click packages, a copy of stericson.busybox.apk, etc.). Then, once rooted run:
Code:
adb push busybox /data/local/tmp
adb shell
su # Authorize on phone screen
cat /data/local/tmp/busybox > /system/xbin/busybox
chown root.shell /system/xbin/busybox
chmod 755 /system/xbin/busybox
rm /data/local/tmp/busybox
/system/xbin/busybox --install -s /system/xbin
jhnstn00 said:
With my captivate we have many update.zip root methods to choose from. Any chance this will be coming to the epic?
Click to expand...
Click to collapse
I don't believe so. The I9000/Vibrant/Captivate have recoveries that don't check the signature of update.zip (as I understand, or maybe they do but only require test keys) which makes rooting-via-recovery possible. Unfortuntaely the Epic and Fascinate do perform signature checks, so we can't enable root via stock-recovery.
That said, the Fascinate one-click methods should also work on the Epic. Although depending on why your friend couldn't get the Epic one-click to work, the Fascinate one may not work either.
mkasick said:
I prefer to keep consistent with the idea that user-installed applications go in /data, and stock-installed-and-unmodified applications remain in /system/app. This way, upgrading Superuser.apk doesn't require a root-shell/root-explorer, you can remove it or upgrade it the way you do with any user installed application--adb install, side-loading via an sdcard, or downloading it from the market.
Plus, in general I prefer to keep my /system as untouched as possible. For example, I don't remove stock apps either. The "su" binary has to be installed in /system to persist after a /data wipe, and busybox is best installed to /system so it's in PATH (haven't looked into modifying the default PATH yet). Otherwise I try to keep /system alone.
Android's default PATH provides four places for busybox to be installed: /sbin, /system/bin, /system/sbin, and /system/xbin. /sbin is part of the initramfs, in other words it's controlled by the kernel you're running. You can install busybox to any of the three /system/*bin directories, but I prefer /system/xbin.
In the traditional Unix conventions, "/usr/bin" is for user-runnable stock-installed programs, and "/usr/sbin" is for root-requiring (superuser-runnable) stock-installed programs. "xbin" isn't part of the standard convention, but I'd guess it's intended for "extra binaries" that are not part of the stock installation (much like /usr/local/bin), thus it seems like an appropriate location for a user-added "su" and "busybox" programs.
The second reason is that "xbin" is relatively empty, so if you want to create the applet symlinks (i.e., so that you can call "cp" instead of "buybox cp") it won't overwrite the stock toolbox symlinks. Also, since "xbin" is last on the default PATH, any programs provided by both toolbox and busybox will default to the toolbox version--which would be important for stock system scripts that might run into compatibility issues if they were to use the busybox versions instead.
To install busybox, grab a copy of the binary from somewhere (one click packages, a copy of stericson.busybox.apk, etc.). Then, once rooted run:
Code:
adb push busybox /data/local/tmp
adb shell
su # Authorize on phone screen
cat /data/local/tmp/busybox > /system/xbin/busybox
chown root.shell /system/xbin/busybox
chmod 755 /system/xbin/busybox
rm /data/local/tmp/busybox
/system/xbin/busybox --install -s /system/xbin
Click to expand...
Click to collapse
You sir are a true gentleman! Thank you for the informative answers- its great to have you over here! I have one more question- why can't I usually push directly to /system ?
jimmyz said:
why can't I usually push directly to /system ?
Click to expand...
Click to collapse
Pushing directly to /system requires running the adb service on the phone as the root user, so that it has permissions to write to that directory. Usually adb runs on the phone unprivileged, so you can only push to world-writable directories.
Running rageagainstthecage-arm5.bin actually changes this. The exploit forces the adb service to run as the root user, which is why "adb shell" gives you a root shell and "adb push" to /system does work, until the phone is restarted.
Interesting enough, the adb service also runs as root by default in the Android emulator. So there's probably a configuration setting, somewhere, to make it do that. In general it's safer to run adb unprivileged though, and "su" to move files to /system once uploaded elsewhere on the phoe.
mkasick said:
Pushing directly to /system requires running the adb service on the phone as the root user, so that it has permissions to write to that directory. Usually adb runs on the phone unprivileged, so you can only push to world-writable directories.
Running rageagainstthecage-arm5.bin actually changes this. The exploit forces the adb service to run as the root user, which is why "adb shell" gives you a root shell and "adb push" to /system does work, until the phone is restarted.
Interesting enough, the adb service also runs as root by default in the Android emulator. So there's probably a configuration setting, somewhere, to make it do that. In general it's safer to run adb unprivileged though, and "su" to move files to /system once uploaded elsewhere on the phoe.
Click to expand...
Click to collapse
I am learning a lot!!! Could you take a look at koush's kernel here, with it I noticed that when using adb I got the # prompt right away and was able to push to /system- maybe he was able to figure out the config settings? Once again thanks!!!
one more ? (feel free to ignore this one) what actually happens when you do
Code:
adb shell /data/local/tmp/rageagainstthecage-arm5.bin
and how does that give you permanent root?
mkasick said:
Pushing directly to /system requires running the adb service on the phone as the root user, so that it has permissions to write to that directory. Usually adb runs on the phone unprivileged, so you can only push to world-writable directories.
Running rageagainstthecage-arm5.bin actually changes this. The exploit forces the adb service to run as the root user, which is why "adb shell" gives you a root shell and "adb push" to /system does work, until the phone is restarted.
Interesting enough, the adb service also runs as root by default in the Android emulator. So there's probably a configuration setting, somewhere, to make it do that. In general it's safer to run adb unprivileged though, and "su" to move files to /system once uploaded elsewhere on the phoe.
Click to expand...
Click to collapse
It is indeed a config option in default.prop. However, this is in the initramfs and you can't change it on the fly, so you need to rebuild the kernel to change it. With some work you can modify the stock kernel to do it, but I personally haven't tried it.
Sent from my Epic 4G using XDA App
Thank you, this worked perfectly for me, running stock DI18 ROM that I flashed tonight!!! I confirmed by installing the wireless tethering pre-9 apk, and successfully ran the wireless tethering without any errors.
Quick question: do we need to do this after root or is it not needed?
NEEDED?? ===> SuperUser App to help with Security Concerns for the Epic - h**p://forum.sdx-developers.com/epic-development/superuser-app-to-help-with-security-concerns/
Also, Titanium Backup failed to work - it gave an error of denied root access, and said busybox was not installed. What needs to be done to make it work? Do I need to install clockwork mod (not exactly sure what it does though) or a custom ROM?
AndroidSPCS said:
Quick question: do we need to do this after root or is it not needed?
Click to expand...
Click to collapse
Not sure exactly what you're asking. This is an alternative to the joeykrim-based one-click roots and rooted kernels. If you already have one of those this isn't really necessary.
AndroidSPCS said:
NEEDED?? ===> SuperUser App
Click to expand...
Click to collapse
Yes, the su binary used here requires the Supruser appto be installed to authorize su requests. Otherwise they'll always be denied. Other su binaries might not require it, but then all apps have root access which isn't really a good thing.
AndroidSPCS said:
Also, Titanium Backup failed to work - it gave an error of denied root access, and said busybox was not installed. What needs to be done to make it work?
Click to expand...
Click to collapse
Did you authorize Titanium Backup when the Superuser prompt came up (requies the Superuser app to be instald too)?
Titanium Backup has an option to download and install it's preferred version of busybox. Follow the prompts to do that.
mkasick said:
Not sure exactly what you're asking. This is an alternative to the joeykrim-based one-click roots and rooted kernels. If you already have one of those this isn't really necessary.
Click to expand...
Click to collapse
Thanks, actually this was referring to the thread where the instructions for going to adb shell or terminal and typing in the following commands:
adb shell
su
mount -t rfs -o remount,rw /dev/block/stl9 /system
cp /system/bin/su /system/bin/jk-su
exit
Yes, the su binary used here requires the Supruser appto be installed to authorize su requests. Otherwise they'll always be denied. Other su binaries might not require it, but then all apps have root access which isn't really a good thing.
Click to expand...
Click to collapse
Yes same as above, the question is not whether we need SU app (I know we do), but whether we needed to type the additional commands:
adb shell
su
mount -t rfs -o remount,rw /dev/block/stl9 /system
cp /system/bin/su /system/bin/jk-su
exit
What do these commands do? It seems to me my Superuser app is working fine with wifi tether - popping up with allow / disable permission boxes, etc. Do these commands add something else to Superuser?
Did you authorize Titanium Backup when the Superuser prompt came up (requies the Superuser app to be instald too)?
Titanium Backup has an option to download and install it's preferred version of busybox. Follow the prompts to do that.
Click to expand...
Click to collapse
There was no Superuser prompt during the install of the app, nor anytime when it said it had a failure with root access. However there is an option to install BusyBox, which I have not done yet, because I am not sure what busybox is, or what it does. I'd like to find out why I need it and what it does, so I can feel comfortable with installing it.
Thanks again.
echo "root::0:0:root:/data/local:/system/bin/sh" > /etc/passwd
echo "root::0:" > /etc/group
you need to do that in a shell to make sure su works properly.
I'm updating the one click root right now to be less silly.
http://forum.xda-developers.com/showpost.php?p=8543226&postcount=455
I just cleaned up the one click root to not do many of the silly things joeykrim's root does. It also means your system will be mounted as rw after a reboot and it won't overwrite your su with jk-su every boot (no more modified playlogo).
Cleaned up all the old stuff from the root so it should work fine even if you were using one of the older one clicks. I made sure su works, incl titanium backup.
I'm still installing superuser.apk to /system/app because I think it belongs there.
Thanks for doing the footwork, mkasick!
Firon said:
http://forum.xda-developers.com/showpost.php?p=8543226&postcount=455
I just cleaned up the one click root to not do many of the silly things joeykrim's root does. It also means your system will be mounted as rw after a reboot and it won't overwrite your su with jk-su every boot (no more modified playlogo).
Cleaned up all the old stuff from the root so it should work fine even if you were using one of the older one clicks. I made sure su works, incl titanium backup.
I'm still installing superuser.apk to /system/app because I think it belongs there.
Thanks for doing the footwork, mkasick!
Click to expand...
Click to collapse
Firon- why are these lines still needed?
Code:
adb push playlogo /system/bin/playlogo
what is playlogo? Does this just put the stock one back in case you used the joeykrim method in the past?
Code:
adb push remount /system/xbin/remount
Are the remount scripts still needed?
Code:
adb shell ln -s /system/xbin/su /system/bin/su
why is this link needed? why cant su just be in xbin
thanks in advance!
Code:
jimmyz said:
Firon- why are these lines still needed?
Code:
adb push playlogo /system/bin/playlogo
what is playlogo? Does this just put the stock one back in case you used the joeykrim method in the past?
Click to expand...
Click to collapse
This is just pushing the stock playlogo, since joeykrim's method overwrites it with some custom script.
Code:
adb push remount /system/xbin/remount
Are the remount scripts still needed?
Click to expand...
Click to collapse
The script allows you to easily remount system as ro or rw at will. Why not?
Code:
adb shell ln -s /system/xbin/su /system/bin/su
why is this link needed? why cant su just be in xbin
Click to expand...
Click to collapse
I don't know if any apps depend on it being in a particular location. It is in xbin, but I'm also linking it to /system/bin to be safe.
AndroidSPCS said:
What do these commands do? It seems to me my Superuser app is working fine with wifi tether - popping up with allow / disable permission boxes, etc. Do these commands add something else to Superuser?
Click to expand...
Click to collapse
These commands were necessary to get Superuser working with the old joeykrim root method. They're not necessary with this method (or the newly released one-click). In other words, if wifi-tethering is already working for you, nothing further is needed to be done.
AndroidSPCS said:
There was no Superuser prompt during the install of the app, nor anytime when it said it had a failure with root access.
Click to expand...
Click to collapse
I don't actually use TitaniumBackup. I'm not sure why its superuser-requirements would be different from other apps, but I guess it is. The new one-click appears to address this.
AndroidSPCS said:
However there is an option to install BusyBox, which I have not done yet, because I am not sure what busybox is, or what it does. I'd like to find out why I need it and what it does, so I can feel comfortable with installing it.
Click to expand...
Click to collapse
Busybox is a suite of "familar" Unix command-line utilites (things like cp (copy), mv (move), ls (list), etc.). It targets embedded platforms by being very featureful, yet relatively small. It's installed and used on a wide variety of embedded devices including wireless routers, print servers, phones, even televisions.
Oddly enough, Android does not include busybox by default. Instead it comes with it's own utility-programs-package called "toolbox" that isn't nearly as featureful, and quickly becomes a pain to use. Some programs, like TitaniumBackup depend on busybox programs/features, and thus require it's installation. It's safe.
The only problem with busybox is that there's not one single version of it. There's multiple builds of it from the same source code with different sets of features turned on and off. In the past, some folks had a version of busybox installed that didn't contain all the features necessary to support TitaniumBackup, so they added the option to install their own version. It's installed in a separate location, so it won't overwrite any version you do have installed, and it's safe to do. But if you've already installed another version of busybox that does work, then it may be unnecessary.
I did the Jokeyrim method a few days ago. I installed a new kernal and now a new ROM. All seems ok, but ow when I do the "whoami" command in adb shell I get whoami not found. I don't think I'm really rooted anymore. Any attempt to reinstall the Jokeyrim root script results in failure (mostly "device not found" errors). When in adb shell, most commands I type now are either "not found" or "permission denied", so I'm not confident that I'm really rooted now.
Since I have / had Jokeyrim installed, how can I "uninstall" it so that I can use this method of rooting instead? BTW, the newest Clockworkmod is installed and working.
Do I need to flash to stock first? Sorry, but I'm a VERY STOOPID NOOB.
Disclaimer: This is not one-click. However, it IS relatively short and straightforward, and does not require you to downgrade.
Credits: The 743C exploit, and ChainsDD for Superuser.
You need:
Android SDK installed and working.
The zip attached to this post.
If you're still on Cupcake (Android 1.5) you'll need su and Superuser from http://bit.ly/su2361cd
So, let's get down to business.
Unzip the attached file into your /android-sdk/tools/ directory, it'll make your life (and ours) easier.
Open up your command line, change to the SDK tools directory, and enter these commands:
Code:
adb push rageagainstthecage-arm5.bin /data/local/tmp
adb shell chmod 755 /data/local/tmp/rageagainstthecage-arm5.bin
Now execute the exploit:
Code:
adb shell
/data/local/tmp/rageagainstthecage-arm5.bin
Wait for the exploit to finish.
Code:
exit
If it doesn't exit cleanly, chances are it worked, just close your terminal or command prompt and open a new one.
Test that it worked:
Code:
adb kill-server
adb start-server
adb shell
If you see a $, it DID NOT work, execute the exploit again. (Step 3)
If you see a #, it WORKED, continue:
Code:
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
exit
adb push su /system/xbin
adb shell chmod 4755 /system/xbin/su
adb install Superuser.apk
You may need to ctrl-c once it says Success!
Next time you 'su' in adb shell, make sure to click Allow in Superuser!
You may instead install Superuser from the Market if you wish.
Clean up the exploit:
Code:
adb shell rm /data/local/tmp/rageagainstthecage-arm5.bin
If you ever do a "Factory Reset", Superuser will go away, but you DO NOT lose root. Just reinstall Superuser.
What next? The choice is yours! Remove stock apps, get some good 'ol WiFi tethering, or flash something different!
*NOTE*
The above steps DO NOT put a recovery on your phone, though it is VERY EASY.
Once you're rooted, install ROM Manager by Koushik Dutta from the Market. Open it up, click "Flash ClockworkMod Recovery".
Select your model (Hero CDMA), and hit Allow when the Superuser Prompt shows up.
*NOTE*
The above steps DO NOT install Busybox on your phone.
Simply install Busybox from Stephen (Stericson), available on the market.
Start the app and click Allow when prompted by Superuser.
How To Uninstall
Code:
adb shell
su
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
rm /system/xbin/su
rm /etc/passwd
rm /etc/group
Uninstall Superuser.apk then reboot, and you're set!
tehdarkknight said:
Disclaimer: This is not one-click. However, it IS relatively short and straightforward.
Credits: The 743C exploit, and ChainsDD for Superuser.
You need:
Android SDK installed and working.
The zip attached to this post.
So, let's get down to business.
Unzip the attached file into your /android-sdk/tools/ directory, it'll make your life (and ours) easier.
Open up your command line, change to the SDK tools directory, and enter these commands:
Code:
adb push rageagainstthecage-arm5.bin /data/local/tmp
adb shell chmod 755 /data/local/tmp/rageagainstthecage-arm5.bin
Now execute the exploit:
Code:
adb shell
/data/local/tmp/rageagainstthecage-arm5.bin
Wait for the exploit to finish.
Code:
exit
If it doesn't exit cleanly, chances are it worked, just close your terminal or command prompt and open a new one.
Test that it worked:
Code:
adb kill-server
adb start-server
adb shell
If you see a $, it DID NOT work, execute the exploit again. (Step 3)
If you see a #, it WORKED, continue:
Code:
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
exit
adb push su /system/xbin
adb shell chmod 4755 /system/xbin/su
adb install Superuser.apk
You may need to ctrl-c once it says Success!
Next time you 'su' in adb shell, make sure to click Allow in Superuser!
That's it!
I won't give directions on installing a recovery or flashing another rom, there are plenty of threads detailing how to do so.
Click to expand...
Click to collapse
Pretty straightforward. This will probably help a lot of newer hero owners, because amazingly, people are still buying them every day!
If I get a chance to test it out, I will.
Nice job. Should be stickied so people don't run around searching through all the old rooting threads which aren't as compatible with the newer RUU versions.
Worked nicely on a refurb Hero that Sprint sent due to the dust problem.
Thanks!
Works great for me
Why am I having trouble doing this? I was able to do it on one Hero though not after many retries, but not on another.
tehdarkknight said:
Disclaimer: This is not one-click. However, it IS relatively short and straightforward, and does not require you to downgrade.
Credits: The 743C exploit, and ChainsDD for Superuser.
Click to expand...
Click to collapse
Great! I can't live without WiFi tethering my iPad which is why I haven't done the 2.31.651.7 HTC OTA update at all.
So, I take it that this exploit will root the Official RUU_Hero_C_Sprint_2.31.651.7_signed_release.exe file then too? I ask because I really don't like to do 'update patches'. I prefer to flash and start fresh so I'm planning on flashing the RUU and then doing this root exploit. Yes, No???
DaWeav said:
Great! I can't live without WiFi tethering my iPad which is why I haven't done the 2.31.651.7 HTC OTA update at all.
So, I take it that this exploit will root the Official RUU_Hero_C_Sprint_2.31.651.7_signed_release.exe file then too? I ask because I really don't like to do 'update patches'. I prefer to flash and start fresh so I'm planning on flashing the RUU and then doing this root exploit. Yes, No???
Click to expand...
Click to collapse
I tested it with the very same RUU, it works.
tehdarkknight said:
I tested it with the very same RUU, it works.
Click to expand...
Click to collapse
SUPER!
Because when I saw this post, I tried to download the latest OTA patch, but my phone just responds 'Your phone is up to date. There are no updates available for your phone'. Strange, because I'm on 2.27.651.6 and the OTAcerts.ZIP is in tact.
Oh well, FEAR NOT, because after I get back from the store this morning, then get the TV tuned to the split screen with football on one and the baseball playoffs on the other, and get Leo Laporte's TechGuy radio show screaming...it'll be the perfect time to flash my phone to factory fresh.
Thanks.
Works perfectly on latest and "greatest" stock ROM... excellent
DaWeav said:
SUPER!
Because when I saw this post, I tried to download the latest OTA patch, but my phone just responds 'Your phone is up to date. There are no updates available for your phone'. Strange, because I'm on 2.27.651.6 and the OTAcerts.ZIP is in tact.
Click to expand...
Click to collapse
Same thing happened to me, that's why I tested this method with the RUU
What are the advantages to ruu'ing to. 7 and rooting again? I rooted my .5 hero and have had no problems....is there something significant that makes the extra work worth it?
Sent from my HERO200 using XDA App
tehdarkknight said:
Same thing happened to me, that's why I tested this method with the RUU
Click to expand...
Click to collapse
Well, I just did the RUU, then did this root, then loaded WiFi Tether, and I'm back in business with my iPad tethering.
Vandelay007 said:
What are the advantages to ruu'ing to. 7 and rooting again? I rooted my .5 hero and have had no problems....is there something significant that makes the extra work worth it?
Click to expand...
Click to collapse
One reason is that when I tried to download the latest OTA update today, I could not. And another reason is before I RUU'd, I had less than 50MB of available memory, but now I have 96MB available with all of my programs loaded again. So for me, it just seems more and more that Android (or HTC Sense) is like Windows boxes since it seems I have to reload the Android OS every now and then to clean things out.
Vandelay007 said:
What are the advantages to ruu'ing to. 7 and rooting again? I rooted my .5 hero and have had no problems....is there something significant that makes the extra work worth it?
Sent from my HERO200 using XDA App
Click to expand...
Click to collapse
Well, if you're using Sprint's official stock .5 rom, with no tweaks applied, you gain the advantage of having an up-to-date rom with the latest bugfixes from Sprint, plus I would say my root method is less invasive and more transparent than other root methods. My personal opinion is that it feels like a root method that can't be abused easily.
SuperOneClick
But I don't need storage space with firerats custom mtd partition....I have over 200mb free with over 50 apps and zero of them on m SD card
Sent from my HERO200 using XDA App
this isnt working.... I can't get passed step 3... my phones just restarts, and then i can't get any further than that.
devonkosa said:
this isnt working.... I can't get passed step 3... my phones just restarts, and then i can't get any further than that.
Click to expand...
Click to collapse
Give us some info. What's your ROM version?
aosp said:
SuperOneClick
Click to expand...
Click to collapse
Is SuperOneClick the same method of rooting?
chiill said:
Is SuperOneClick the same method of rooting?
Click to expand...
Click to collapse
Yes it is....
Ok guyz, I'm going to help yall out !!!!
Look at this and this works I just did it.... any questions pm me then I will post up on here....
http://forum.xda-developers.com/showthread.php?t=803682
This is for rooting your hero and other android devices, even at .7 on the Hero.... I just did this and I laughed at out quick and easy this was... Just make sure you are charge only, and you unzip the downloaded file,.. then open up the SuperOneClickv1.3-ShortFuse.zip on your computer somewhere and open up the SuperOneClick program, and bam you are done....
http://forum.xda-developers.com/atta...5&d=1286657043
Hi, it is possible to root ZiiO tablet with Android 2.2 ?
I try with z4root 1.3.0 but is not working
Is there any other solutions ?
my friend's sister is working as a designer and user experience officer at creative. as far as her knowledge will carry her, the answer to root is NO
in any case, why did you wish to root it? even after you root it, it wun be able to perform up to anywhere normal tablets can
Thanks for the replay, i what root access to try to install Android Market ... do you think is possible?
coljuay said:
in any case, why did you wish to root it? even after you root it, it wun be able to perform up to anywhere normal tablets can
Click to expand...
Click to collapse
Solution
Just finished rooting this damn thing and it wasn't the easiest thing to figure out.
I used a 2 stage process.
Stage 1 (run superoneclick using the psneuter option until it fails)
If you're familiar with this skip to stage 2
get the adb driver from here
configure it to see the ziio using these instructions
get SuperOneClick from here
run it with psneuter root option selected until it stops and says FAILED
Explenation:
The ADB driver is needed for interacting with the tablet in a command line.
SuperOneClick comes with all you need to crack this baby. It loads the psneuter app which gives you temporary shell root and loads busybox on which is an app everybody and their grandmother uses.
Stage 2 (finishing what superoneclick can't)
Go to superoneclick's folder then in the Root folder you find there
Copy the su-v3 file to the adb folder (situated in Program Files/Android/android-sdk/platform-tools
Rename it to simply su
Start cmd and navigate to the adb folder
Use the following commands:
Code:
adb push su /sbin
adb install Superuser.apk
adb shell
chmod 4755 /sbin/su
rm /data/busybox/su
cp /data/local/tmp/busybox /data/busybox/busybox
chmod 4755 /data/busybox/busybox
exit
adb pull /system/ziilabs/init.rc
Open the new file in the adb folder named init.rc
Edit it and change the line
Code:
mount ext4 /dev/block/mmcblk_data1 /data nosuid nodev noatime nodiratime
with
Code:
mount ext4 /dev/block/mmcblk_data1 /data nodev noatime nodiratime
Save the file
Push it back to the ziio using
Code:
adb push init.rc /system/ziilabs/init.rc
Reboot the tablet and you should have root
Explanations:
SuperOneClick fails because it expects normal android file locations, which the ziio doesn't uses (probably to make it harder to root). All the files that are normally held in sbin apear to be in /data/busybox (weird). You have to delete the original su app, load the new su app in the /sbin directory where the superuser apk expects it to be, move the busybox application to the folder where the ziio has it's internal apps and allow it's use.
Thanks to CLShortFuse for superoneclick, to toolzz whose information gathering started me on this trail and thanks to mrrooty whose post here helped me figure out which su version I was suposed to use.
rooting too...
i try the guide and my ziio has now permanent root and android market working fine...
Im going to give it a try as soon as i can find out how to update the drivers in windows. Cant find the device in device manager on XP.
Any tips?
EDIT: OMG thanks so much it worked!! PS you need to shell root first or you cant adb push su /sdin
Thanks! It worked great on my Ziio 10 as well.
Thanks to linkerro!
I also have rooted my Ziio 7". But some additions by using Windows 7 for the guide i have:
1. Every programm (Editor, CMD, etc.) you need to start it as Administrator!
2. I added the file "adb_usb.ini" manually in %USERPROFILE%\.android
3. The Superuser.apk i have copied it manually to /sbin by using ADB
Dont forget to press the THANKS button ;-)
Thanks!
Thx for this Guide.
My ZiiO 10" was rooted and i had google apps alredy installed, but without a change file (/ system / ziilabs / init.rc) Now i edited it with totalcomander on my ziio.
Is this a 100% root pernament?
Work all the root only programs?
Anyone tested Chainfire 3d @ ziio ?
Thanks a lof for guide, i have only one problem with my ziio, i haven't notrification sound i app (gmail, facebook, talk, vCommunicator), it's some fix for this problem ?
help
I am stuck... I cannot get my ziio 7 to appear under adb..
On putting 'adb devices' under cmd it just shows 'List of devices'.. but the list is empty.
With a lot of persistence i finally managed to root and get the market running.
Initially my Ziio 7 did not show under abd devices as the file adb_usb.ini was non existing.. then i followed another thread "Tegra forum about adb-usb driver"...... which helped me create the above mentioned file.. and then got my ziio 7 to appear on the adb devices list.
and following this guide i got the root....but to get the markets and rest stuff installed i have followed the below mentioned guide.
"19300-ziio-shell-root-fully-working-android-market-ad-hoc-fix.html"
avathor said:
Thx for this Guide.
My ZiiO 10" was rooted and i had google apps alredy installed, but without a change file (/ system / ziilabs / init.rc) Now i edited it with totalcomander on my ziio.
Is this a 100% root pernament?
Work all the root only programs?
Anyone tested Chainfire 3d @ ziio ?
Click to expand...
Click to collapse
Yes it is full root, all root requiring apps working 100%
I just want android market, don't need root. Is it possible? how to?
i have full root now... thanks...
ROM Manager
In ROM Manager, which ROM should I choose? Without which, don't believe I can install Google market.
laverdone said:
i try the guide and my ziio has now permanent root and android market working fine...
Click to expand...
Click to collapse
@laverdone What method did you use to install the google apps?
thasan said:
@laverdone What method did you use to install the google apps?
Click to expand...
Click to collapse
guide to installing google apps:
After you have rooted or shell rooted your ziio
1. download rar with the apps from here (http:// www. megaupload .com/ ?d=QSM6ATPB)
2. unrar them into a directory (and rename them to something like googleApps so it's easier to work with)
3. delete app/SetupWizard.apk (you allready have this)
4. use adb to push the files to /data/googleApps (or any directory as long as it's not on the sdcard)
5. run chmod -R 755 /data/googleApps in the adb shell
6. copy the files to /system (cp -rf /data/googleApps/* /system)
7. clean up (rm -r /data/googleApps)
One more thing. The market doesn't see gmail and the other apps as installed so you have to get them again from the market if you want updates.
Has anyone begun working on rooting and customizing roms yet? I know the device isn't out for a week or so but I would figure I would ask. My vibrant I so much better rooted and I wanted the same experience on this sidekick.
Sent from my SGH-T839 using XDA App
Wreximus said:
Has anyone begun working on rooting and customizing roms yet? I know the device isn't out for a week or so but I would figure I would ask. My vibrant I so much better rooted and I wanted the same experience on this sidekick.
Sent from my SGH-T839 using XDA App
Click to expand...
Click to collapse
i wish i knew how to do this, but if i can't figure it out, i'm sure others will soon.
Just got mine last night. The usual Samsung trick with rageagainstthecage-arm5.bin works great.
abliss said:
Just got mine last night. The usual Samsung trick with rageagainstthecage-arm5.bin works great.
Click to expand...
Click to collapse
Oh really? Cool. So far all I've used is one-click root for the Samsung Epic.... is this similar? I'll check it out, thanks!
Has anyone tried using SuperOneClick yet?? I will probably try in a bit and post back with my results..
Ok... well I didn't try SuperOneClick, but I did root it via the rageagainstthecage exploit...
Want to help me do the exploit on my SK4G to root it man ?
Give me instructions ?!
I got it working on mine too. The basic steps were
1) enable debug USB mode on your phone
2) install Samsung drivers for the phone - right now Samsung's site seems to not have a choice for the Sidekick 4G's model (SGH-T839), but I grabbed the drivers for the Vibrant (at www .samsung.com/us/support/downloads/SGH-T959ZKDTMB) and they worked.
3) get adb shell working on your PC (Google it)
4) download the rageagainstthecage-arm5.bin and Superuser packages from the links in this page: wiki.cyanogenmod.com/index.php?title=HTC_Hero_%28CDMA%29:_Full_Update_Guide (be sure to unzip the files into the directory where your adb.exe program is unless you've put it in your path)
5) reboot your phone and plug it in
6) adb push rageagainstthecage-arm5.bin /data/local/tmp
7) adb shell
8) cd /data/local/tmp
9) chmod 755 rageagainstthecage-arm5.bin
10) ./rageagainstthecage-arm5.bin
11) wait until you get booted back out to your DOS command prompt
12) adb kill-server
13) adb start-server
14) adb shell
15) you should now be at a # prompt. The first few times I tried, I wasn't - I was at $. Doing this from a fresh boot seemed to be the trick. Reboot your phone and try again if you're getting a $.
16) mount -o remount,rw /dev/block/stl9 /system
17) exit
18) adb push su /system/xbin
19) adb shell chmod 4755 /system/xbin/su
20) adb push Superuser.apk /system/app
21) adb shell mount -o remount,ro /dev/block/stl9 /system
22) exit
23) reboot the phone then run an app that requests root, such as Root Explorer, to verify
(p.s. sorry for having to mangle the URL's above, XDA won't let me include links since I haven't posted 8 times yet)
josby said:
16) mount -o remount,rw /dev/block/st19 /system
18) adb push su /system/xbin
19) adb shell chmod 4755 /system/xbin/su
20) adb push Superuser.apk /system/app
21) adb shell mount -o remount,ro /dev/block/st19 /system
Click to expand...
Click to collapse
Just to note, on step 16 and 21... it is /dev/block/stl9 rather than st19
Also, after step 20, I had to run the following commands for the superuser application to grant root privledges to applications..
adb shell echo "root::0:0:root:/data/local:/system/bin/sh" > /etc/passwd
adb shell echo "root::0:" > /etc/group
Awesome to see it being rooted so fast.
I'm really interesting in getting this phone but I'm not in the US. Does anyone know if the phone will work outside US?
brenix said:
Just to note, on step 16 and 21... it is /dev/block/stl9 rather than st19
Click to expand...
Click to collapse
Dang, good catch, thanks. That's what I get for not copying and pasting from my terminal window...stupid, since I was just chastising two people at work for making the same mistake yesterday. I've edited the original post to prevent problems for people who might start before reading the entire thread.
Interesting about having to create a passwd and group file...I've only run a few root apps so far, but they've worked without me doing this. I wonder if it's app-specific.
Now to start removing some of the damn bloatware this thing comes with!
19) adb shell chmod 4755 /system/xbin/su
i get stuck on there it says unable to chmod no such file or directory . there's SU in my android-sdk/tools
i'm so glad this thing got rooted. i used to be a scene kid with a kick. i dont have this phone, i doubt i'm going to get this phone considering the sensation is droppin soon.... but for nostalgia purposes, i'm glad it got rooted. now you can really hack it!!!
not like the old ones!!
Good looking out...I rooted mine earlier today. What version of Clockworkmod Recovery are you all using?
fawkReviewz said:
19) adb shell chmod 4755 /system/xbin/su
i get stuck on there it says unable to chmod no such file or directory . there's SU in my android-sdk/tools
Click to expand...
Click to collapse
Double-check your step 18...that's the step that copies the su file from your computer onto the phone. I forget the exact output format, but it shows you a Kb/second number of how fast the file transfer went when it finishes successfully.
droctii said:
Good looking out...I rooted mine earlier today. What version of Clockworkmod Recovery are you all using?
Click to expand...
Click to collapse
I'm not brave enough to try putting the ClockworkMod for one of the Samsung devices on the list onto mine, for fear of bricking it. Don't know enough about that works as far as hardware differences go.
I have removed the APK's listed below from /system/app with no apparent ill-effects. Not that YOU should remove them necessarily - just that they're things I don't have a need for:
AccountAndSync.apk
AmazonMp3.apk
AppPack.apk
DriveSmart.apk
DriveSmartHelper.apk
install_flash_player.apk
LiveWallpapers.apk
LiveWallpapersPicker.apk
Memo.apk
MiniDiary.apk
MobileBackup.apk
MyFiles.apk
PhoneSetupWizard.apk
Twitter-2.0.1-121.apk
vvm-signed.apk
Though there must be something I don't fully understand, because even after a reboot, Amazon MP3 and AppPack are still on my phone, and they still work.
FYI, don't remove Settings.apk - I got stuck in a loop where the launcher kept crashing then reloading itself (thank goodness I was able to put it back in place with adb).
Can anyone tell me if Setcpu works for them?
Ace42 said:
Can anyone tell me if Setcpu works for them?
Click to expand...
Click to collapse
Appears to work fine.. no crashes although the Max Hz is 1000. U can still raise the Min Hz.
Sent from my Nexus S using XDA App
Can someone post a full:
ls of / and /dev/block and /efs
Thanks
Will this phone get a proper sub-forum on xda?
i tried a few ways to root my atrix 2 but i cant. I tried super one click, lazy one click (or however its called) and i cant root it i have a mac someone help! is there another way to root the atrix 2?
I heard there was an app that can do it too. Its in this forum somewhere.
I used the manual method on my Mac with no issues, did it twice actually.
What error messages are you getting?
I'll be home in about 15 mins and I can help further
Sent from my MB865 using Tapatalk
If all else fails, you could always reflash the fkz's, than try to root again, but the problem here is that you have a mac. Perhaps borrow a friends pc, or install Windows through bootcamp. (I wouldn't recommend a Virtual Machine though).
OK so if you used a root tool in the first place then I assume that-
-You have adb set up
-You have the necessary files to push (zerg, su, superuser.apk)
If you have no idea of what I'm talking about then just look around the folders of the root tools and you'll find them.
OK, here's what you have to do:
1. Open up a terminal.
2. CD (change directory) to where you have the necessary files located, ex. "cd ~/Desktop/" if they're on the desktop
3. Enter the following commands (one line at a time):
Code:
adb shell
cd /data/local
rm ./temp/*
exit
This removes temporary files created by the root exploit.
4. Now enter these commands (again, one at a time)
Code:
adb push zerg /data/local
adb push su /data/local
adb push Superuser.apk /data/local
adb shell
cd /data/local
chmod 777 zerg
./zerg
adb shell
mount -o rw,remount /dev/null /system
cat /data/local/su > /system/bin/su
cat /data/local/Superuser.apk > /system/app/Superuser.apk
chmod 4755 /system/bin/su
chmod 4755 /system/app/Superuser.apk
reboot
I hope you understand this... good luck getting complete root.
thread moved to general forum
If you find a specific android app that can do this for you and you can post it in the OP, I will gladly move it down to its original location. Until there, it doesnt belong in the app and themes forums.
What's your android version ?
Deliberate said:
I heard there was an app that can do it too. Its in this forum somewhere.
Click to expand...
Click to collapse
Unfortunately that app seems to have only been in the market and was recently removed... I tried looking for it today. Please correct me if I'm wrong!
jpumford said:
Unfortunately that app seems to have only been in the market and was recently removed... I tried looking for it today. Please correct me if I'm wrong!
Click to expand...
Click to collapse
You're correct, the app was written by an author who made it just to make money... he never even tested it. He took it down because it didn't work.
Most important question of all here: What OS are you running on your Mac?
If you're running 2.3.6 you can't root yet. You need to downgrade to 2.3.5