Hey,
As the title suggested, and the phone is a Galaxy S Fascinate.
I rooted using a technique which did what this does, with some info from here as well.
Arg, it won't let me post URL's, retarded...wow, can't even edit it because that counts as my '5 minute cooldown' between posts...anyway, after 5 minutes, remove the spaces at the beginning to get them to work..
Link 1: http : // rootzwiki.com/index.php/Smartphones/Samsung-Group/Fascinate.html
Link 2: http : // droidforums.net/forum/rescue-squad-guides/80208-multiple-phones-root-them-unroot-them.html
I'd like to unroot my phone manually, but I don't have enough knowledge of how the root actually works to do so. From what I hear, the word on the street is to just reflash with Odin using the OEM platform/application image. I'm not to keen on reflashing.
So I'm trying to figure out a bit more about how the root works, so I can unroot it via command line. (No, I don't want to be pointed in the direction of one-click root/unrooters, been there, done that, got the t-shirt, was pretty damn pissed about it)
So there's 4 elements that go phone side
- su binary
- busybox binary
- Superuser.apk package
- rage image
So first, there's su, the binary most likely already exists on the phone, which means if I'd like to unroot, I'd need the OEM version of the su binary, is this correct?
Same can possibly go for busybox, assuming if it was there. If busybox didn't come on the phone, then there's no need and you can just remove it.
Now from what I understand about the Superuser package, is it isn't quite an application...but it is, or something. It can probably be removed via uninstall, but I'd need somebody to verify that who knows what Superuser actually is.
Now this is where things get really hazy, the actual exploit, the rage binary. Depending on what this does, it may or may not be a complete pain to get it back to the OEM state. Does anybody have any info or know about the actual binary itself, how it works, etc.? I'm assuming if it just replaces a certain piece of a binary, that piece can be put back in there, but with the root the binary is RAN, not dropped in, so it obviously does something more...and I can't seem to figure out what nor how nor why, etc.
Synopsis:
I'm trying to unroot manually and am not sure about a bunch of specifics regarding the root.
I'd definitely appreciate any info on this...and PLEASE don't just say "search" - because while the root aspect has been covered many times, the specifics haven't..
TIA!!
PS:
Reason I want to unroot is b/c my camera is hosed and I need to take it back to the VZW store for replacing..
Bump?
This might be a dumb Q, but is the rage bin src open?
Related
Okay, I had ordered another phone from ebay. The guy had just received it and it was new and unused. It has RC28 on it.
fingerprint= kila-user 1.0 TC4-RC28 114235 ota-rel-keys,release-keys
When I launch /system/bin/telnetd from terminal console I am not getting root. I do not see a process running when I run ps afterwards. Also, I tried typing reboot from the contact, and it is not recycling the phone.
Any chance they have updated the init.rc to close the console bug on an older RC for phones just shipping out from tmobile this past week?
I plan to update to the stock RC29 which I manually updated to on my other phone. I'd really like root before I update to the new RC30 modded, so I can back up my files before overwriting them. [Though, last time I upgraded Google did OTAs right away.]
** Anybody want me to explore the phone for any differences to the standard RC28 to see if the cause for the exploit not working?
-oldsk00lz
Just go ahead and install the official RC29 and you should be able to get root access
Are you sure it's not working? IIRC if you don't connect to telnetd fairly fast, it stops running for some reason. I know that I've had to run it a couple times before I could connect.
As for the root console bug, I've also heard that it closes after some time of the phone being on. Did you try it after a fresh reboot?
Updating to RC28 or RC29, the ones that we mirrored, should activate the console bug again, if they are fixing it.
Yeh, it was not working (telnetd/console exploit) on the RC28 I had. I tried hitting enter to clear any previous commands, tried rebooting, tried back to back calls with telnet right afterwards, telneting locally and from several boxes. Was weird.... Much different than another G1 I had. That's why I was surprised.
Only thing I could think of (besides a tweaked RC28) was that my router could have been acting up.
Anyhow, I moved forward with updating to RC29, getting root, updating to modded RC30, and all is good. Just wanted to throw this out there in case any other recent buyers encountered a similar issue.
SIDENOTE: JesusFreak lived up to his name. I was slightly "freaked" out after the recent upgrade. I went to the System settings and looked to be the standard RC30 fingerprint!!! versus the modded xda one. Thought I may have installed the stock update. :O But, everything else is as expected, root, root, and more root. I must have missed a message if he reverted back to the standard fingerprint.
-oldsk00lz
oldsk00lz said:
SIDENOTE: JesusFreak lived up to his name. I was slightly "freaked" out after the recent upgrade. I went to the System settings and looked to be the standard RC30 fingerprint!!! versus the modded xda one. Thought I may have installed the stock update. :O But, everything else is as expected, root, root, and more root. I must have missed a message if he reverted back to the standard fingerprint.
-oldsk00lz
Click to expand...
Click to collapse
Indeed, I thought the same thing, but it is much, much, much better this way. If JesusFreke left the fingerprint to be the same as the old one, Google would be able to target OTA updates specifically for rooted G1s. This way, if they release an update signed with the test keys, they'd have to have millions of non rooted G1s freak out because they couldn't update.
Gary13579 said:
Indeed, I thought the same thing, but it is much, much, much better this way. If JesusFreke left the fingerprint to be the same as the old one, Google would be able to target OTA updates specifically for rooted G1s. This way, if they release an update signed with the test keys, they'd have to have millions of non rooted G1s freak out because they couldn't update.
Click to expand...
Click to collapse
Not quite...
First, I don't think Google cares for those of us having root with RC30 moded recovery and keys. They really only care about patching the "average consumers" phone. They have to do it globaly (I mean in the distribution sense) not to get in trouble, or a BIG bug wich is what was patched.
Second, they only have to do the following if they want to put "us" back to stock (if we don't check the update of course AND don't pay attention and apply the update [BIG IF]):
Script the rewrite of recovery.img from their package (before rebooting in the background) to our phones and apply the update.... ... ... that's it.
This will get a bit of the "unaware" people who have root with RC30. But for the more savey of us, no.
quedijo said:
Script the rewrite of recovery.img from their package (before rebooting in the background) to our phones and apply the update.... ... ... that's it.
This will get a bit of the "unaware" people who have root with RC30. But for the more savey of us, no.
Click to expand...
Click to collapse
And what good would secretly rewriting recovery.img do? Once JF replaces the recovery.img with the modified one, it doesn't matter how many times they write it to flash, it's still modified.
They don't need to use the update package to take away your root. With modified RC30, any dalvik program that knows and wants to can write directly into /system. If they wanted to get draconian about it, they could push code down from Market to reflash whatever they want in /system.
You said "With modified RC30, any dalvik program that knows and wants to can write directly into /system".
Aren't these apps sandboxed? If they do have access to /system, I assume they would only have access if they ran su, assuming you didn't rename it, and was able to remount system as read/write.
Or am I missing something like a different exploit? root on 'my' phone is great for me, but not good for others.
-oldsk00lz
oldsk00lz said:
You said "With modified RC30, any dalvik program that knows and wants to can write directly into /system".
Aren't these apps sandboxed? If they do have access to /system, I assume they would only have access if they ran su, assuming you didn't rename it, and was able to remount system as read/write.
Or am I missing something like a different exploit? root on 'my' phone is great for me, but not good for others.
-oldsk00lz
Click to expand...
Click to collapse
Yeah, by invoking su. Deleting or renaming it is probably the safest bet for now. I doubt any Android devs are actively looking for phones to brick but better safe than sorry.
a new workaround for our very insecure rooted RC30
I just read a post here about a better fix for the issue.
This very smart cat, added a password routine to SU and judging by my read of the post it seems to be well implemented, you do have to type some commands and you could pooch your g1 but it seems better than runnin just about as wide open as goog had us...
Without a decent browser getting the link is a pita, if somebody can't find it ill link it when I'm at the desktop
Bhang
*EDIT*
I found the link its just a pain in the arse while typing a message, to all the helpful folks who will want to tell me how to do it, I know how I just think it could be easier
http://forum.xda-developers.com/showthread.php?t=448775
I just got one of the new Galaxy Indulge 4G phones and tried rooting it.
BusyBox installer is telling me that the phone is rooted however it is nand locked.
and ideas on how to unlock nand on this phone?
How did you root it?
Thaxx said:
How did you root it?
Click to expand...
Click to collapse
SuperOneClickRoot.
Yeah i tried adb, super one click, and zroot. None of them worked, and for some reason everytime i try to start up root explorer, it crashes trying to get super user. I've tried all means of forcing super user to get onto the phone. No matter what it wont work. Mike thinks its Nand locked. Another thing i noticed is when I used super one click, i had two options at the top right hand corner that looked like names of my device. I can get my serial number with adb, and it shows it. Another darn problem is no drivers are out for this phone yet. Also have no idea of the LTE chip is interfering with this either. So come one come all dev and droid guru's help us out!
So basically I think this means we a need a custom recovery, flash image and stuff. Bah, that'll probably take like a month
K, also tried visionary rooting, which did some wierd ****. I rebooted and it seemed like i had root, but super user still didn't work. It fooled a couple programs into thinking i had root, but it would not let me "touch" the files on the phone. Even though it claimed I had r/w permission.
Silvist said:
Yeah i tried adb, super one click, and zroot. None of them worked, and for some reason everytime i try to start up root explorer, it crashes trying to get super user. I've tried all means of forcing super user to get onto the phone. No matter what it wont work. Mike thinks its Nand locked. Another thing i noticed is when I used super one click, i had two options at the top right hand corner that looked like names of my device. I can get my serial number with adb, and it shows it. Another darn problem is no drivers are out for this phone yet. Also have no idea of the LTE chip is interfering with this either. So come one come all dev and droid guru's help us out!
Click to expand...
Click to collapse
The Samsung Epic 4G drivers worked for me, also tried the rooting process used on the Epic whoever busybox says im rooted but that nand is locked, i downloaded Terminal emulator and it says im not rooted, also installing superuser not possible, I was able to install root explorer but not any good if doesnt let me delete the bloatware only read.
Yeah, busybox says the phone is rooted but nand locked.
superuser app was added to system/apps. however im not able to mount system/apps with R/W from root explorer. The rooting process seems to gain access to r/w the files but the apps cant.
seems 4G still have far distance from us...
Supposedly there's a work around for Nand locked, but the first one didn't work for me.
With the absolutely beautiful ADB exploit I use, titled rageagainstthecage (ratc), absolute ALL devices can be rooted. This is because it exploit is ADB which all devices use. There is an issue though. Some devices have a NAND lock which does not allow you to write to the /system mount. Because of this, you can’t copy su, sqlite or busybox to /system/bin. This creates some issues but there is a work around. For things that don’t need access to /system (like enabling non-market apps) I can use the ratc exploit to make those changes. If your device cannot use su in /system/bin then you can simple select a checkbox (as of v1.5) that says to use ratc.
Click to expand...
Click to collapse
This didn't work still for me. So the only other option was unrevoked, but when I went to the site, it listed only HTC. Kinda confused how using HTC roms is a work around for a samsung phone lol. Still need some master guru's help on this stuff.
I too have been trying and am unable to get nand unlocked, I would really love some other ideas. Anyone out there able to help?
I'm waiting 'till the $50 MIR on the 1st, then I'll jump in with both feet.
Some guy suggested to shell root > perm root > restart device. That doesn't work either. I also noticed something called "media scanner" that scans as the phone boots up, i wonder if that's preventing any modified files.
If anyone knows how NAND unlocking has worked for other phones (and im not just talking about what apps to run or what room to use) please contact me so that we can try a few things out and hopefully get a full root for everyone.
Supposedly Mr. Parker rooted:
http://forum.xda-developers.com/showthread.php?t=803682&page=260
I'm asking him through both post and through private message if he could elaborate. Apparently he had trouble with getting Win 7 x64 to work, but it worked with Win Xp. I'm still not sure what drivers he used, and he said he had it not in debug mode. I tried in non debug, and my phone wouldn't even register. So hopefully he'll expand on how he did it. If not, back to the drawing boards, at least till we get a real pro in here.
Got my hopes up that even though we dont have full root yet, I would be able to get rid of the bloatware.
The SuperOneClick is able to get read/write access and send commands to the phone so I opened Root Explorer on the phone and then rand the superoneclick. As soon as the program mounted the phone with Read/Write I started clicking on the Mount R/W button in root explorer until it showed the app as having read/write access to the system/app directory. I tried deleting the Iron Man app and it said it was deleted successfully.
but then I checked and the app was still there loading root explorer agian then showed that the file was still there and had not been deleted.
Wow you managed to get root explorer to work? Mine just tries to obtain root, and crashes everytime i start it up now. I've tried to unroot, and uninstall and reinstall it. I used Linda manager to view the files on the phone, but like you if i deleted they would return on boot. That's why I think metro or samsung has some kind of media scanner that scans at start up, and it somehow reinstalls files, or prevents root. Can't confirm this yet because super user fails ;/
I've been trying also to get root. Programs often will think i have root access. as far as adb is concerned i do have root access till i dont something that requires it. I've been able to install root manager and look through some files. Im under the impression metro or samsung did install something odd, though im not sure the media scanner is it. Also the phone does not require root in order to install other-market software.
What do you mean programs "think" you have root? You mean you have super user? And what "programs" are you referring to? You can install root manager without a root yes, but in order to put it into "r/w" mode and delete the files from the phone itself, such as bloatware, you need root and Super user access. Most people here I hope are aware that you don't need to root to install "MOST" apps. There "is" apps that require root, and you cannot run them without root access.
Such as:
Titanium backup
Set CPU
Why do I want to root is like everyone keeps saying, to delete all the metro apps, and have "full" manufacturer control over the phone. That's the whole point of rooting. So far no one has rooted this phone PERIOD, or at least shown proof they were even able to. So any info you find regarding rooting please post it here.
Alright, so I tried what Mr. Parker did, and no go. Whether I ran super one click on Win 7 x64 (which was all in admin) or win xp, it would not install super user. In fact I noticed a couple of the files copied from super one click were already on the phone, and weren't able to be overridden. Which may relate to nand lock.
Hi,
I hope this isnt a stupid question. I tried searching first but can't seem to find this exact question. From my understanding, by Rooting a device, I provide myself with Root access to modify system files and scripts.
My question is, in theory, just like in any other linux, if I was to get root access (SU) and modify system files (for example the wpa_supplicant fix) and then unroot, shouldnt it keep my rooted changes when I am out of the superuser?
So, what I am asking is, "Is it possible to Root my xoom, make a few quick fixes like the WPA_supplicant and the SD card driver, and then unroot, keeping the changes persistent, but not the rooting? Or, am I misunderstanding a fundamental principal?
I'm not 100% sure why you would want to unroot. If there are other changes that need to be made in the future to the device, you would need to run root scripts again and it adds steps to the process - Adding greater complexity, greater complexity = greater risk.
In theory your changes should stay, because you only need to root permissions when actually writing to that part of the filesystem and as long as it is not something that needs to be reapplied on boot - it should be able to so what it needs to do.
the reason is because, in theory, it wouldnt look "rooted" so if I need service, it should pass the test...
also, I thought that it would allow the updates to still come in...
would these things not be affected?
ethanpil said:
the reason is because, in theory, it wouldnt look "rooted" so if I need service, it should pass the test...
also, I thought that it would allow the updates to still come in...
would these things not be affected?
Click to expand...
Click to collapse
Updates definetly won't. Happen if the file structure has bee modified. Regardless of root. Also, before you send it in for service, any tech you talk to will have you factory reset it fist. So it wouldt matter.
Sent from my SPH-D700 using XDA Premium App
Hello! So this should be an interesting first post. First, a little background:
I'm relatively new to this, and I've been trying to root my NEC Terrain for a little while now. I've followed the instructions on numerous pages in order to understand how to do things. And now I have been able to rip any partition from the phone. I've looked through everything I could in both the boot and recovery partitions but I haven't found anything I can use (I also explored /system but there doesn't seem to be anything in there either). Also, I tried to do everything on this page: http://forum.xda-developers.com/showthread.php?t=2337642 but I can't get SuperSU or TiBu to work. (As an aside, if anybody can point me in the right direction for the most recent su binary, that would be awesome). SuperSU wants to update the binary but fails. I would assume it's because it tries to install it directly into /system/bin, which isn't writable. If I could make it install it into /data/sbin, it might work, but that's off topic right now.
I would like to explore more of the partitions to understand what they are and what they do (I can't seem to find much information about them anywhere). I'm hoping to find something in the code to give a hint as to how to get into the bootloader. So, I have things like "aboot", "firmware", "MM", and "GROW", among others. Is there any way to decode or decompile those images so I can see what coding goes into them? Am I going about this the wrong way?
Thanks in advance to anyone that can help!
Maybe this will help you
In this post by E:V:A you can find some information about partitions and links to more!
I think latest SuperSU should be with latest SU binary (I can be wrong about this), so you could download "CWM / TWRP / MobileODIN installable ZIP" from this post and take one from "x86" folder.
Good luck.
Thanks for the links! Some of these may be very helpful. However, the su binary I got from that link was much older than the other most recent I had. It's a version 2.0 and they're up to at least 3.2 (I'll check the link again to see if I missed something). Also, for these phones, if anybody is wondering, they are ARM, not x86.
There seems to be only one direction I can go with this: Find an exploit that can run at boot that will interrupt it at the right time and allow editing of the /system partition. I can get a root shell with that script and a bind mount, but it's not enough to get anything else to work (ro.secure is still active, so there's no way to change it after the system is booted). Root is granted to root, and that's all. Any app requesting root does not get it.
The guys on that other thread said they got SuperSU and TiBu to work, but they provided very limited information and I can't seem to make them work. I wonder though, if that would matter as long as ro.secure is still enabled.
Hi folks!
Need some advice, before i invent the wheel again for myself.Learning by trying, but where to go or what to check from here...?
Busy with rooting an tablet, yes tried many apps, only kingroot works..What do i see, my system is only write protected and stays that way.
Made boot.img, ro secure=0(was=1),ro debugging=1(was=0),adb service=mtp/adb(was nothing).
Offcourse still no root, adb is now always root, and i can get su also.
So i thought what could be next..I checked for selinux, but cant find anything in the rom, inside when extracted, my last idea....Would be that.
Yesterday i tried Tsparky root script what installs busybox and supersu, same thing happens...No writing allowed, and offcourse no supersu found....While it was installed true the google play way...But adb was running in root..Uhm...????
So tonight i will try my last effort, in placing supersu in the system.img....I only sometimes think to straight, must i remove the other su..?And sometimes they change su in supersu...Got me confused alittle bit, i already read the supersu config file and i will try to place them and give them permissions...
But i have the feeling after reading other forums and peeps with the same issue that maybe....It will still not update the binary..
If my last effort doesn't work, what or where can i go further in rooting the tablet...Because its so difficult i learn a lot...But now...I really dont know what could be next! Read something about maybe there are ''flags'' in the system..How 2 check, can i remove them...
I hope its clear where i am at, and where i wane go, but what bump is still there in the system, some advice please.
Thanks
Erik