Database Info

[ROOT] ~~~ HTC EVO - Auto Root ~~~ v2.5 (4/25/11)(deprecated)

This tool is now deprecated. To root your Evo 4G running Gingerbread you will need to use the Revolutionary tool that can be found at http://www.revolutionary.io.
I'm sorry to do it but due to the ridiculous amount of people who are still asking for help rooting gingerbread, I will no longer be supporting this tool what so ever. Any further emails I receive about it will be deleted.
Click to expand...
Click to collapse
Click to expand...
Click to collapse
I am proud to present the HTC EVO Auto Root script! It took me awhile but I finally got it fully automated, it probably would have been easier using VB to write it but I wanted it to be readable by everybody. I don't have working scripts for Linux or Mac yet but for older phones you should be able to follow the Alternative Method and use the code included at the end of the post with minimal changes. If you are new to rooting the Evo you should check out the Rooting Information and Common Problems thread to familiarize yourself with some of the screens you will see. At times your phone may shows ominous looking icons that look bad but really aren't, at times like that it is important that you don't panic and do anything that could damage your phone.
This will make a backup of your WiMAX partition and the RSA keys that are stored on it; backing up your RSA keys separate is not necessary. It will save it in the AutoRoot folder so be sure not to delete it.
If you run into any problems please include the following information with your post: Any methods you have previously tried to root with, what it did last plus any error messages it may have given (if you can right click, select all and copy it from the terminal), and if you are in the bootloader we need to know what the top two lines say. Running this will create a log file named: autorootlog.txt. Please post this as well.
Any feedback no matter good or bad is appreciated! Let me know how it works for you.
Randy (randyshear on youtube) has made a great video of the process if you would like to get an idea of what to expect before hand. It is important to note that, depending on your phone, the process may be slightly more involved or require more or less time.
HTC EVO 4G ** ROOT AND NAND UNLOCK ** AUTOROOT V 2.2 ** HOW TO **
This has been confirmed working with:
Software versions 1.32, 1.36, 3.29, 3.30 & 3.70
hBoot Version .76, .93, .97, 2.02 & 2.10
Thanks go to
HTC for making the phone to begin with
Sebastian Khramer for his rageagainstthecage exploit
Toastcfh for his tutorial and all of his work on improving the Evo, a lot of this is borrowed from his previous work
Amon_RA for his recoveries and for his quick work creating a recovery compatible with the new NAND blocks
Calkulin for collecting all of the radios and update images
Whosdaman, Football and Sniper911 for sharing the RUUs with us
The Unrevoked Crew for all of their hard work on the Unrevoked Forever s-off tool
amoamare and Zikronix for all of their hard work on rooting phones with the 2.02 hboot
chris1683 for his Sprint Lovers ROM
Netarchy for all of the great kernels
A huge thanks goes out to Dan0412 who took the time to debug this for version 003 2.02 phones
Schnick1 and tauzins for their help with getting ADB to act right
Props go to RyanZA and anyone else who worked on the z4root app. I wouldn't have got 3.70 rooted as fast as I did if I didn't have their app to learn from.
You Will Need:
A windows machine
HTC Sync that can be found on Sprint's website. HTC Sync 2.0.35.exe
At least 1 GB of free space on your SD card
A full or close to full battery (your phone will not charge during part of this and if it dies you will be SOL, aka Bricked)
ADB debugging enabled (Settings > Applications > Development > ADB Debugging)
Your phone connected to your computer as Charge Only and HTC's Evo drivers / HTC Sync installed.
The AutoRoot.zip File that can be found in this post
[*]I highly recommend you have the appropriate RUU, or PC36IMG, downloaded before you start. It is always good to have and if something does not go as planned it can get your phone back up and running with minimal down time.
Click to expand...
Click to collapse
IF YOU HAVE PREVIOUSLY TRIED ROOTING YOU MUST RESTORE FROM A RUU BEFORE RUNNING THIS. IT WILL NOT ROOT IT UNLESS YOU DO THIS.
Instructions:
This will try to back up your apps but it's not always able to, you will also lose all of your settings. Titanium Backup works well to save your apps however you will need to use z4root to temporarily root before you will be able to use it.
Download HTC Sync from Sprint's website here and install it. You may need to use the 'Repair' option for it to replace any old drivers.
Extract AutoRoot.zip into a folder that is easy to find and then open the folder.
Right click on 'AutoRoot.bat' and run it as Administrator.
Once it finds your phone it will start by checking out what kind of setup it uses and then attempt to get root access. If it fails usually it's from too many active apps or the phone being used, if so you will need to restart it before trying again. If you are using 3.70 it will let you know when it is running by blurring the screen.
When it is ready it will reboot your phone into the boot loader. Then, depending on your phones setup, it will either enter RUU mode and automatically flash the debugging firmware or give you instructions on how to flash it from the hBoot.
If you have to flash it manually just push Power to select "BOOTLOADER" and say Yes when it asks to flash the PC36IMG.zip. It will complain part of the way through about Boot Loader and/or radio errors and then skip them, this is normal. Once it finishes say No when asked to reboot and use the Vol Down button to highlight Recovery. Then press Power to select it.
If you are entering the Recovery your phone will show a Red Triangle with an Exclamation mark inside, at this point the script will take back over and attempt to flash Unrevoked Forever.
After it finishes flashing the engineering bootloader, or Unrevoked Forever, it will reboot into the bootloader and see if your NAND is unlocked. If so it will flash the Sprint Lovers ROM along with the Recovery and updated Radios. Afterward it may boot into the ROM and attempt to restore your Apps before finishing, try not to interrupt it until it tells you it has finished.
Once it's fully rooted and you have your phone set back up it's a good idea to make one more NANDroid with everything up to date. Then make one more backup of your WiMAX partition in case something happens to the first one.
Click to expand...
Click to collapse
If you have an older phone and don't want to flash Unrevoked Forever or Sprint Lovers w/ the radio updates you can have it skip them. It will just flash the engineering bootloader to unlock the NAND and then flash the recovery directly from there. You will need to update everything and flash a custom ROM on your own. This will only work if your phone has a version .9x hBoot.
Instructions for Quick method:
This will completely wipe your phone. If you would like to back up your apps you can use Titanium backup to save them. It also has an option to save the system files but this can result in a buggy ROM afterward.
Extract AutoRoot.zip into a folder that is easy to find.
Open a DOS prompt by running the OpenShell file.
Type 'autoroot quick' and press Enter
It will then flash the engineering bootloader and the recovery through fastboot. Once it is finished you can use the bootloader menu to boot into the recovery and make a NANDroid, flash a ROM, radios, etc.
Click to expand...
Click to collapse
Links:
Downloads
AutoRoot v2.5 - Full Root Zip (MD5: 5E1BF365F3B5479329896BD55C33678E)
AutoRoot v2.5 - Tools Only (MD5: 5DBA70A8CDD052A9908E4F43D6BBC669)
The following are the ROMs pulled out of the RUUs, you can flash them by renaming and putting it on your sd card or from your computer with fastboot using the included FlashZip script.
Sprint Evos (USA):
3.29.651.5_PC36IMG.zip (MD5: 2F5046C0FC6FE61114EBC53D5997B485)
3.30.651.2_PC36IMG.zip (MD5: 4A2CAB264244C79B2E2BE9E3CFE2B503)
3.70.651.1_PC36IMG.zip (MD5: 7056D42812AA5DF03FCC8DDDC2B64E85)
KDDI Evos (Japan):
1.05.970.1_PC36IMG.zip (MD5: 78F9E8BFEE705F34790A46C258268F02)
Sources
How to unlock Nand Protection ~ Part-2
RA-evo-v1.8.0 (a modified version is included)
RUU to restore 3.29.651.5
RUU to restore 3.30.651.2
RUU to restore 3.70.651.1 (Thanks to 911Sniper for the original mirror)
Sprint Lovers ROM (a modified version is included)
Click to expand...
Click to collapse
Changes for v2.5
Script now checks for Admin Priveledges and kills HTC Sync Services for Sync 3.05
Fixed issue recognizing build numbers
It will attempt to back up Apps now
Checks branding in order to recognize KDDI Evos
Unrevoked forever will now be retried if it doesn't get run the first try
Changed it so it will leave the phones in Fastboot mode if it fails
Recognizes ADB issues easier now
Changes for v2.4
Updated the ROM and Recovery
The working directory is now saved correctly when the path has a space in it
Fixed an error checking the firmware version that would cause the script to close
Made it more capable of recovering when the phone is in an unknown state
Fixed the SD card not being recognized with Eclair
Some parts will check for the 'daemon' error messages and will call to fix it
Made it so the MTD data is not saved unless it is recognized
The script will continue if it times out while waiting on Unrevoked Forever
The WiMAX partition is backed up through the ROM at the very beginning instead of through the Recovery
Changes for v2.3:
Updated the ROM, Recovery and Radios
The script will now recognize your phone at any point in the process and will continue where it left off
Fixed the FlashRecovery script and made it so you can choose what to flash, just put your PC36IMG of choice in the folder with it and let it do the work
Fixed the version checker so it doesn't get confused with custom ROMs anymore
Quick mode checks your hboot version from the ROM now so it won't even try if you have a new bootloader
It is much more tenacious going into the recovery, hopefully fixing the issue with ADB dropping out there
Fixed a bug where the MTD block sizes were not always being remembered correctly
Added more checks to make sure the phone is where it's supposed to be throughout the process
Made it try harder to get the recovery log so it doesn't get missed as much
Tweaked the timing some so it moves a little bit quicker and you only have to hit a button twice to exit instead of three times
Fixed the infinite loops so they are now 95% shorter
Changes for v2.2:
Updated the recovery to Amon RA's version 2.2.1
MTD information for each phone is saved in case it is restarted and unable to find out.
Fixed a bug where pre 3.xx ROMs were not being recognized correctly.
Phones are explicitly called by their serial number to prevent confusion if an emulator starts or another phone gets plugged in.
Unresponsive ADB daemons are killed to help prevent them for hanging or randomly restarting.
Changed autoroot.log to autorootlog.txt to make it easier to attach
Minor bug fixes.
Changes for v2.1:
Updated the recovery to Amon RA's version 2.2
Minor bug fixes
Changes for v2.0:
Added an app to give ADB root and keep it active in 3.70
Updated Sprint Lovers and Amon RA
Removed the two separate kernels/recoveries for new and old phones
Added a battery life check before flashing
Checks Firmware versions in both the ROM and hBoot
Checks that the Misc partition was flashed properly
Fixed all of the bugs with Quick root, it no longer flashes Sprint Lovers if you run it with S-OFF
It automatically restarts adbd where it would occasionally reset itself and get hung up
It also kills adbd when it finishes so you can move/delete it
Changed the bat that restarted adbd so it kills it instead
Added a bat to flash AmonRA through Fastboot with non-Eng hBoots
Added a bat to open a Cmd prompt already in the autoroot folder
Rewrote a good portion of the script and cleaned it up a lot
Made it more flexible so it doesn't get lost as easily
Plus more I forgot
Click to expand...
Click to collapse
Contents of v2.5 Include:
adb.exe
adb-linux
adb-mac
adbWinapi.dll
adbWinusbapi.dll
AutoRoot.bat
check.bat
fastboot.exe
fastboot-linux
fastboot-mac
FindPhone.bat
FlashZip.bat
OpenShell.bat
StartRecovery.bat
amon_ra_1.8-mod/
res/
....AutoRoot.apk
....autoroot.ini
....dump_image
....Escalate.vbs
....Escalater.bat
....EscSC.lnk
....exploid.com
....FindPhone.bat
....flash_image
....ini.cmd
....mtd-eng.img
....PC36IMG_UD.zip
....PC36IMG_AmonRA-v2.3-hausmod_revA.zip
....PC36IMG-SprintLovers-AmonRA_2.3-hausmod_revA.zip
....radios.zip
....rageagainstthecage-arm5.bin
....recovery-RA-v2.3-hausmod_revA.img
....URFSOff.zip
....URFSOn.zip
....WatchPhone.bat
Notes:
Recovery is recovery-RA-supersonic-v2.3 with Netarchy's 4.3.2 CFS NoHAVS NoSBC NoUV
radios.zip is EVO_Radio_2.15.00.11.19_WiMAX_27167_R01_PRI_NV_1.90_003
URFSOff.zip is the Unrevoked Forever S-OFF tool
URFSOn.zip is the Unrevoked Forever S-ON tool
Click to expand...
Click to collapse
As always, this will void your warranty and may possibly damage your phone. You and you alone are responsible for anything that you do. Everything contained in this thread is for informational purposes only.
Click to expand...
Click to collapse

IMPORTANT: Everything contained in this post is meant for phones with the older bootloader. If you have hBoot version 2.02 or ROM version 3.30 you must use the above method.
Old Universal Root
(Scroll Down for Alternate Method)
You Will Need:
A windows machine and basic knowledge of DOS or a Linux/Mac box with a little bit of determination
At least 1 GB of free space on your SD card
A full or close to full battery
ADB debugging enabled (Settings > Applications > Development > ADB Debugging)
Your phone connected to your computer as Charge Only
The EVORoot.zip File that can be found in this post
Click to expand...
Click to collapse
Instructions:
Extract EVORoot.zip into a folder that is easy to find and go to that folder. Then copy the 'moveme' folder out of that one and on to your sdcard. Once it finishes copying unmount/eject the SD card through windows and change your phone back to Charge Only.
Double click on 'runexploit' and let it run. When it asks if you want to flash the hBoot push 'y' and then {enter}. If there are any errors follow the instructions given to try and resolve them. It will automatically reboot your phone once it is ready for it. If all you see is the prompt flashing press Ctrl+C or close the window to exit and re-run it as Administrator.
When the bootloader comes up push the Power button and you should see it start searching for updates. When it gets to PC36IMG.zip it will ask if you want to update with it, push Volume Up to say yes.
*DO NOT TURN OFF THE PHONE OR LET THE BATTERY DIE WHILE UPDATING*
When it's finished push the power button to select 'fastboot' and use the volume buttons to select the yellow 'reboot' button. Push power one more time to select it and reboot your phone. It should start up rooted and ready to go, however you will still need a custom Recovery so you can make NANDroid back-ups and flash an up to date ROM.
Once the phone starts back up run 'flashrecovery' through explorer. It will automatically flash and then reboot your phone into Amon_RA's recovery. When it reboots you should see green text on a black background, if you see a triangle with an exclamation mark then you still have the stock recovery and need to reboot and try again.
Use the volume buttons to select Backup/Restore then push Power to select it.
Select Nand backup and push power. This will make an exact copy of your phone as it is. If you get an error that says 'run mobile-nandroid...." make sure you have at least 3 or 400MB free on your memory card. You can use USB-MS toggle to mount your SD card if you need to make room or copy a ROM to your phone. The moveme folder can also be deleted from your SD card at this point and you can make copies or move the backup once it is complete. Just make sure you have one good backup before continuing.
The NANDroids are saved under 'nandroid/??????????/backupfolder-date-time/'. The folders need to be moved whole.
Return to previous menu, select Wipe, then have it Wipe data/factory reset, Wipe cache & Wipe dalvik-cache. If you get stuck in a bootloop try these steps again and try wiping the SD:ext partition as well.
Return, then go in Flash zip from sdcard. Once there flash the Radios. It is again very important not to interrupt or reset the phone while the radios are being flashed, although it will probably want to reboot before flashing can be finalized, just follow the instructions.
Once it is finished Return to the previous menu and select Power Off. Then hold down the vol down button while turning the phone back on.
It will boot back up into the bootloader, select No if it asks to update or reboot. From here select Recovery and it should go back to the black background with green text.
Select Flash zip from sdcard and Flash ROM-Supersonic_3.30....zip. If you have a different ROM you want to use you can flash another one instead.
Once it is finished Return to the main menu and have it Reboot system. Your phone should start up normally and ask to be set up, complete the set up like normal.
When you have it set up and are sure everything is working properly I would make one more NANDroid so you have a copy with the updated radios. At this point you can also flash another recovery and do anything else you would normally do. Just be sure to use unrevoked forever if you plan on using a different hBoot.
Click to expand...
Click to collapse
Links:
Downloads
EVORoot.zip
EVORoot.zip - No bootloader, ROM or Radio updates
eng-PC36IMG.zip mirror 1, mirror 2
The following are the ROMs pulled out of the RUUs and renamed, make sure you use the correct version for your phone but if you aren't able to find out start with the 3.29.
3.29.651.5_PC36IMG.zip
3.30.651.2_PC36IMG.zip
If you are having trouble flashing custom ROMs try using this kernel (Thanks to xxbabiboi228xx)
Stock kernel #17
Sources
How to unlock Nand Protection ~ Part-2
All EVO Radio, WiMAX, PRI & NV versions
RA-evo-v1.8.0
RUU to restore 3.29.651.5
RUU to restore 3.30.651.2
Click to expand...
Click to collapse
Contents Include:
adb.exe
adb-linux
adb-mac
adbWinapi.dll
adbWinusbapi.dll
exploid.com
flashboot.bat
flashrecovery.bat
runexploit.bat
moveme/
.....eng-PC36IMG.zip
.....evo_radios_wimax_pri_nv_3.30.zip
.....flash_image
.....mtd-eng.img
.....rageagainstthecage-arm5.bin
.....recovery-RA-evo-v1.8.0.img
.....SuperSonic_3.30.651.2_Rooted_BB_DeOdexed_Bash_ADP_BattPrcnt.zip
Click to expand...
Click to collapse
Alternate method
If you already have the EVORoot.zip file you can download the scripts below without the boot/ROM/radio.
Instructions:
Extract EVORoot.zip into a folder that is easy to find such as C:\EVORoot. Then copy the 'moveme' folder out of that one and on to your sdcard.
Open up a DOS prompt and go to the EVORoot directory. eg. 'cd C:\EVORoot'.
type: runexploit {enter}
It will scroll a few lines saying that the ADB server will be reset and to run it on the desktop, this is normal. If it says Permission Denied check to make sure your phone is set to charge only and your sd card is not mounted as a hard disk.
type: adb shell {enter}
If you see '$' then type: "./data/local/tmp/rageagainstthecage-arm5.bin", without the quotation marks, and push enter. After a few seconds it should kick you out to the \> prompt.
If you see '#' then type: exit {enter}
type: flashboot {enter}
If you don't see any errors let it continue, if you do see an error push Ctrl+X to stop
Your phone will then reboot, when it comes back up the bootloader option should be highlight. Press the power button to select it. It should then search for a second and ask if you want to install the pc36img.zip, push Volume Up for Yes.
*DO NOT TURN OFF THE PHONE OR LET THE BATTERY DIE WHILE UPDATING*
When it's finished go into fastboot and select the yellow 'reboot' through the menu, it should start up rooted and ready to go however you will still need a custom Recovery so you can make NANDroid back-ups and flash an up to date ROM.
Once the phone starts up do step #4 to check for root (# prompt), if it is a '$' try typing 'su {enter}'. If that does not work use runexploit and then check again. Return to the DOS prompt once finished.
type: flashrecovery {enter}
Let it continue as long as there are no errors, otherwise Ctrl+X will stop it. If you run this more than once you can ignore the file not found errors from when it first starts. When the phone reboots you should see green text on a black background, if you see a triangle with an exclamation mark then you still have the stock recovery.
Use the volume buttons to select Backup/Restore then push Power to select it.
Select Nand backup and push power. This will make an exact copy of your phone as it is. If you get an error that says 'run mobile-nandroid...." make sure you have at least 3 or 400MB free on your memory card. You can use USB-MS toggle to mount your SD card if you need to make room or copy a ROM to your phone. The moveme folder can also be deleted from your SD card at this point and you can make copies or move the backup once it is complete. Just make sure you have one good backup before continuing.
The NANDroids are saved under 'nandroid/??????????/backupfolder-date-time/'. The folders need to be moved whole.
Return to previous menu, select Wipe, then have it Wipe data/factory reset, Wipe cache & Wipe dalvik-cache. If you get stuck in a bootloop try these steps again and try wiping the SD:ext partition as well.
Return, then go in Flash zip from sdcard. Select and Flash ROM-Supersonic_3.30....zip. If you have a different ROM you want to use you can flash that one instead.
Flash the Radios, it is again very important not to interrupt or reset the phone while the radios are being flashed. It will probably want to reboot itself afterward, just follow the instructions.
Once it is finished Return to the main menu and have it Reboot system. Your phone should start up normally and ask to be set up, complete the set up like normal.
Once you have it set up and are sure everything is working properly I would make one more NANDroid so you have a copy with the updated radios. At this point you can also flash another recovery and do anything else you would normally do. Just be sure to use unrevoked forever if you plan on using a different hBoot.
Click to expand...
Click to collapse
Links:
Downloads
EVORoot.zip
EVORoot.zip - No bootloader, ROM or Radio updates
eng-PC36IMG.zip mirror 1, mirror 2
Click to expand...
Click to collapse
Contents Include:
adb.exe
adb-linux
adb-mac
adbWinapi.dll
adbWinusbapi.dll
flashboot.bat
flashrecovery.bat
runexploit.bat
moveme/
.....eng-PC36IMG.zip
.....evo_radios_wimax_pri_nv_3.30.zip
.....flash_image
.....mtd-eng.img
.....rageagainstthecage-arm5.bin
.....recovery-RA-evo-v1.8.0.img
.....SuperSonic_3.30.651.2_Rooted_BB_DeOdexed_Bash_ADP_BattPrcnt.zip
Batch Files
runexploit.bat
Code:
adb shell "cat /sdcard/moveme/rageagainstthecage-arm5.bin > /data/local/tmp/rageagainstthecage-arm5.bin"
adb shell "chmod 0755 /data/local/tmp/rageagainstthecage-arm5.bin"
adb shell "./data/local/tmp/rageagainstthecage-arm5.bin"
flashboot.bat
Code:
adb shell "cat /sdcard/moveme/flash_image > /data/flash_image"
adb shell "chmod 755 /data/flash_image"
adb shell "/data/flash_image misc /sdcard/moveme/mtd-eng.img"
adb shell "mv /sdcard/moveme/eng-pc36img.zip /sdcard/pc36img.zip"
adb shell sync
adb reboot bootloader
flashrecovery.bat
Code:
adb shell "mv /sdcard/PC36IMG.zip /sdcard/moveme/eng-PC36IMG.zip"
adb shell "mv /sdcard/moveme/evo_radio_wimax_pri_nv_3.30.zip /sdcard/evo_radio_wimax_pri_nv_3.30.zip"
adb shell "mv /sdcard/moveme/SuperSonic_3.30.651.2_Rooted_BB_DeOdexed_Bash_ADP_BattPrcnt.zip /sdcard/ROM-SuperSonic_3.30.651.2_Rooted_BB_DeOdexed_Bash_ADP_BattPrcnt.zip"
adb shell "cat /sdcard/moveme/flash_image > /data/flash_image"
adb shell "chmod 755 /data/flash_image"
adb shell "/data/flash_image recovery /sdcard/moveme/recovery-RA-evo-v1.8.0.img"
adb shell sync
adb reboot recovery
Click to expand...
Click to collapse
This uses HTC's eng hBoot to unlock NAND protection so it is relatively safe, but, as always, this will void your warranty and may possibly damage your phone. You and you alone are responsible for anything that you do. This is for informational purposes only.
Click to expand...
Click to collapse

Here are linux and mac versions. You just need to get adb from somewhere (I don't think the packaged windows version will work).
If it's in your path, just change all of the "./adb" to "adb", or if you copy the executable to the same directory as these scripts, leave them as is.
Put them in the same directory, as the kit, and they should work.
I haven't tested, but thought I would write them up quickly to help with mutli-os support.
runexploit.sh
Code:
#!/bin/bash
./adb shell "cat /sdcard/moveme/rageagainstthecage-arm5.bin > /data/local/tmp/rageagainstthecage-arm5.bin"
./adb shell "chmod 0755 /data/local/tmp/rageagainstthecage-arm5.bin"
./adb shell "./data/local/tmp/rageagainstthecage-arm5.bin"
flashboot.sh
Code:
#/bin/bash
./adb shell "cat /sdcard/moveme/flash_image > /data/flash_image"
./adb shell "chmod 755 /data/flash_image"
./adb shell "/data/flash_image misc /sdcard/moveme/mtd-eng.img"
./adb shell "mv /sdcard/moveme/eng-pc36img.zip /sdcard/pc36img.zip"
./adb shell sync
./adb reboot bootloader
flashrecovery.sh
Code:
#!/bin/bash
./adb shell "mv /sdcard/PC36IMG.zip /sdcard/moveme/eng-PC36IMG.zip"
./adb shell "mv /sdcard/moveme/evo_radio_wimax_pri_nv_3.30.zip /sdcard/evo_radio_wimax_pri_nv_3.30.zip"
./adb shell "mv /sdcard/moveme/SuperSonic_3.30.651.2_Rooted_BB_DeOdexed_Bash_ADP_BattPrcnt.zip /sdcard/ROM-SuperSonic_3.30.651.2_Rooted_BB_DeOdexed_Bash_ADP_BattPrcnt.zip"
./adb shell "cat /sdcard/moveme/flash_image > /data/flash_image"
./adb shell "chmod 755 /data/flash_image"
./adb shell "/data/flash_image recovery /sdcard/moveme/recovery-RA-evo-v1.8.0.img"
./adb shell sync
./adb reboot recovery

I'm getting a permission denied when I try to runexploit

Can you post an alternate mirror for the rootkit?

jacobzamarripa said:
I'm getting a permission denied when I try to runexploit
Click to expand...
Click to collapse
Do you have debugging enabled?

MJStephens said:
Do you have debugging enabled?
Click to expand...
Click to collapse
usb debugging. yes

jacobzamarripa said:
usb debugging. yes
Click to expand...
Click to collapse
Are you running cmd.exe as admin?

Do you guys have a youtube video of step by step for this? Because i cant even get past the third step

BrashL said:
Are you running cmd.exe as admin?
Click to expand...
Click to collapse
im not quite sure how. im on windows xp

jacobzamarripa said:
im not quite sure how. im on windows xp
Click to expand...
Click to collapse
Im pretty sure he just means that your on an user name on windows that has Master rights.

Bravo, bravo. You really outdid yourself on this hauss. What a fabulous tutorial for noobs. In my spare time, I would be happy to make a Mac version of this tutorial for you. I think the Mac part jut confuses people more. Seriously, great work. I will be referring people to this. Replaces the need to do 20 commands with like 4 homemade batch scripts. Pm me or email at [email protected] and I will build a Mac tutorial (giving you full credit of course)...

Confirm?
This looks and sounds awesome. I would LOVE a mac version of this and like to donate to good work
Can I get a confirmation from someone reporting success using this method?
I'd like to use this on a friends phone today but am a bit hesitant because it's so new.
thanks!

i will confirm that all the scripts work on thier own. i have no idea if hauss's batch scripts work. all the exploits are legit though. i will download and proofread. either way, it should work. i know hauss is experianced at rooting and stuff.

wait, huge file. does someone mind sending me everything except the pc36img.zip and eng-pc36img.zip? email is [email protected]

does anyone know if it will work on parallels on mac.

adb connection will be reset. restart adb server on desktop and re-login
I keep getting error message saying "adb connection will be reset. restart adb server on desktop and re-login"
--------------------------------------------
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3316, 3316}
[*] Searching for adb ...
[+] Found adb as PID 1400
[*] Spawning children. Dont type anything and wait for reset!
[*]
[*] If you like what we are doing you can send us PayPal money to
[*] [email protected] so we can compensate time, effort and HW costs.
[*] If you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 USD!
[*]
[*] adb connection will be reset. restart adb server on desktop and re-login.

rukshmani said:
I keep getting error message saying "adb connection will be reset. restart adb server on desktop and re-login"
--------------------------------------------
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3316, 3316}
[*] Searching for adb ...
[+] Found adb as PID 1400
[*] Spawning children. Dont type anything and wait for reset!
[*]
[*] If you like what we are doing you can send us PayPal money to
[*] [email protected] so we can compensate time, effort and HW costs.
[*] If you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 USD!
[*]
[*] adb connection will be reset. restart adb server on desktop and re-login.
Click to expand...
Click to collapse
Actually i kept getting this same message when i was on the adb server and was attempting to get to the recovery screeen on the phone. Do you by any chance have HBoot 2.2 on your evo?

Hi Noobe , yes unfortunately..am i SOL

rukshmani said:
i keep getting error message saying "adb connection will be reset. Restart adb server on desktop and re-login"
--------------------------------------------
[*] cve-2010-easy android local root exploit (c) 2010 by 743c
[*] checking nproc limit ...
[+] rlimit_nproc={3316, 3316}
[*] searching for adb ...
[+] found adb as pid 1400
[*] spawning children. Dont type anything and wait for reset!
[*]
[*] if you like what we are doing you can send us paypal money to
[*] [email protected] so we can compensate time, effort and hw costs.
[*] if you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 usd!
[*]
[*] adb connection will be reset. Restart adb server on desktop and re-login.
Click to expand...
Click to collapse
this is not an error message! This means it is working! Just move on to the next step. If there is nothing that says the word error, there is probably no error!

[REF] Axioo Picopad QGN (Root, Busybox, CWR, etc)

Axioo PICOPAD QGN
Android OS, v2.2 Frozen Yogurt
Qualcomm MSM7227 (App: ARM11 600MHz)
This wont work on PICOPAD 9
This is a very unpopular device from Indonesia. Although it is very easy to Root using "Superoneclick". As more people got hold of this free set(via Singapore old Starhub Internet plans), more people are also starting to ask about the steps on rooting this device. I thought I should start a guide here where I've followed from different places, piece them together here.
Feel free to comment and share if there are other ways to root, flash and install custom roms or android version. More importantly over clocked kernels. (remember seeing a link at kwbr's thread)
There are similar sets "CSL Spice Mi700 DroidPad", "Viewpad 7", etc
Alternatively you could research more by heading on to Viewpad 7's thread as I found out that device is very much similar and more developers are active there. I've also tried flashing kwbr's rom and it works for me.
Well if you are going to follow this thread to root, then read on...
WARNING! You warranty is now VOID & I will not be responsible if you brick your device.
Click to expand...
Click to collapse
Sections:
1. Rooting your device (wiki)
2. Installing Clockwork recovery (wiki)
3. Setting up ADB (optional)
4. Setting up partition on SDcard to free up device main space (WIP)
1. ROOT & Busybox (comes in a package)
Use these steps to root with "SuperOneClick". (Thanks to SuperOneClick)
Download and install "SuperOneClick"
Alternatively, download older version (some say works better) 1.6.5 1.7.0
Make sure you have .NET Framework v2.0 for Windows XP(win update)
On picopad, Unmount your SD card. From settings -> sd card -> unmount
Enable USB debugging, Setting -> Applications -> Development -> tick USB Debugging
Connect picopad to Pc via usb, ignore pctools if popup.
Goto Windows Explorer, Picopad will appear as "CD-ROM", explore CD-ROM and run SETUP.exe, ignore pctools
Open "SuperOneClick"
Change the option from "psneute" to "rageagainstthecage"
Click Root.
Rooted , Superuser & Busybox installed
Mount back your SDcard if u wish and reboot your device at least twice.
Congrats! Your device is rooted!
If you are satisfy with only root and superuser access, then you can stop here.
If you would like to install(flash) Clockworkmod recovery so you can backup your device(nandroid) and flash rom/kernel/stuff easier, proceed to step 2. (Highly Recommended)
If you want to set up ADB proceed to step 3 (optional, may come in handy and good for other android devices.)
2. ClockworkMod Recovery 5.0.2.6
2a. Preparing to installing CWR
Download CWR 5.0.2.6 and Flash_Image
Unzip, then copy "flash_image" and "cwm5026.img" to the root of your sdcard. (if you don't know how.. take your SDcard out and use a card reader)
Power on the device and install a terminal app so you could type commands in, try Android Terminal or Terminal Emulator
Once installed, open the app and start typing:
Gain superuser access type
su (once in superuser, you will see "#")
Click to expand...
Click to collapse
copy flash_image to system/bin
cp /sdcard/flash_image /system/bin
Click to expand...
Click to collapse
Install the flash_image
chmod 755 /system/bin/flash_image
Click to expand...
Click to collapse
Backup your original Recovery
cat /dev/mtd/mtd3 > /sdcard/orirecovery.img
Click to expand...
Click to collapse
And if you ever want to restore back for warranty issues
flash_image recovery /sdcard/orirecovery.img
Click to expand...
Click to collapse
2b installing ClockworkMod Recovery 5.0.2.6
The previous ver 2XXX is pretty outdated, thanks to mb-14 for sharing 5026.
Now you are ready to flash ClockworkMod Recovery
Assuming the file name that you download from CWR is "cwm5026.img" Type
flash_image recovery /sdcard/cwm5026.img
Click to expand...
Click to collapse
Done!
Now to run Clockwork Recovery:
First, turn off your device.
Now, hold down both volume button and press the power button at the same time, when you see recover on the corner of the screen, you can let go as you will boot up in Clockworkmod Recovery.
How to use 5.0.2.6 CWR?
Use the device vol+ and [/b]vol- to move up and down or the soft keys menu for "down", home for "up"
Select options by pressing the power button or , use the soft keys search for "enter"
back is for "back".
When you load into CWR, you could do many stuff, some simple info on the main options,
Wiping data is resetting your device to factory default, but CWR remains as long as you do not flash a stock recovery or a rom with a different recovery inside.
You could do stuff like formatting and partitioning SDcard to prepare for Apps to be install in SDcard to save space in device. Other than that, you could do a Backup for your entire device which is also known as nandroid backup, but it doesn't backup the bootloader and radio, so take note if you are going to flash custom radio or bootloader.
If you have a backup, you could restore back to that backup, this is good if you accidentally flash something bad or dislike a rom
Fixing permission is good if you always have FC.
You can mount SDcard to your pc from here and manage files with from your PC.
You could use ADB to push / pull files in and out of your device from PC.
you could install other roms, kernel and files using the "install zip" option.
If you want to set up ADB proceed to step 3 (optional, may come in handy and good for other android devices.)
3. Installing ADB on your windows
Download and install Latest JAVA SE Development kit "JDK" and Android SDK.
Follow the steps here on installing ADB, Android Debug Bridge.
3a. SET PATH for ADB: Check if you had set the path to sdk platform tools folder, this is to run adb command from any path. Steps for Windows XP:
Right-click ‘My Computer’ and click ‘Properties’.
In the ‘System Properties’ window, click the ‘Environment Variables’ button on the ‘Advanced’ tab.
Find ‘Path’ in the ‘System variables’ section and double-click it to edit it.
Make sure NOT to delete the existing entry in ‘Variable value’.
Just add the following string to the end of it, including the semi-colons:
;c:\android-sdk-windows\tools;c:\android-sdk-windows\platform-tools;C:\Program Files\Android\android-sdk-windows\platform-tools
Click to expand...
Click to collapse
Start ADB shell to command picopad from your pc:
Make sure Picopad is connected to pc via USB and sdcard is mounted.
From PC, Goto command prompt (Start -> Run type "CMD")
Type "ADB devices" from command prompt ( to see if path is set and picopad is connected, you should see 1 device attached, not more, not less)
C:\Documents and Settings\tish>adb devices
List of devices attached
FM88888888888 device
Click to expand...
Click to collapse
Troubleshooting:
If you can't get the adb command to work, probably you didn't set the path correctly, refer back to SET PATH or go to your adb actual folder to type the command which should be here C:\android-sdk-windows\platform-tools\
3b. Using ADB
At recovery or booted up device, on Pc Type:
adb shell (you will see "$")
Click to expand...
Click to collapse
now access superuser type
su (allow superuser access from Picopad and you will see "#")
Click to expand...
Click to collapse
Here you can copy files using (push/pull), I recommend you google for ADB commands to have a better understanding.
4. More sections to come eg: The space problem on the device, so alternative is partitioning sdcard to install apps as to free up space in device........
You could buy me a beer if you really appreciate my work here.
Updates from Fri the 21th April 2012
Reorganizing error section
Adding missed out steps here and there
Placing direct link for faster downloads
Added 2 older ver. SuperOneclick which works better
Removed CWR 2.5.1.2 details since it's outdated.
Added some details on 5.0.2.6 CWR
Updates from Fri the 13th Jan 2012
Added CWM 5.0.2.6 and soft keys steps.
Added possibility to explore Viewpad 7's dev forum.
Included some wiki info on root and CWR(Clockworkmod Recover)
Added troubleshoot for Set path to android sdk adb folder.
Included ADB set and using step
I first rooted my Picopad using guides from hucqim80, however they are not meant for Picopad and I've gather the info and posted them here.

Original recovery image provided by jax79sg here
This is to recover original recovery and replace clockworkmod recover.
This step is done because you need to send your set for warranty repair probably.
Remember to do a factory reset first before replace with original recover.

tishfire said:
Wonder if anyone had backup their Picopad's original recovery? "orirecovery.img" Accidentally erased mine thinking I had already backup in my pc.
Hope you could put up for me to download thanks .
Click to expand...
Click to collapse
I will upload mine somewhere after i try your steps above.

sure, thanks

axioo picopad.
Hi tishfire , thanks for the guide, i got the same device as yours but when it always stuck at the below lines , can anyone help ? thanks in advance.
[/I]Killing ADB Server...
OK
Starting ADB Server...
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
OK
Waiting for device...
OK
Pushing psneuter...
677 KB/s (585731 bytes in 0.843s)
OK
chmod psneuter...
OK
Running psneuter...[/I]

did u go to cd-rom folder and execute setup.exe before u click superoneclick?

No , I did not run the setup.exe from the cdrom drive cos when i plugin the device it automatically ask me to do the PC syncing. Actually i tried that before but that din work either.
I ran both PC running win7 and winXP, both also stuck at Running psneuter ...

Hi,
I ran into this error which puzzles me greatly.
# flash_image recovery /sdcard/cwrecovery.img
flash_image recovery /sdcard/cwrecovery.img
flash_image: permission denied
Do you know how to resolve this?
Thanks in advance.
Warmest Regards

eagleen said:
Hi tishfire , thanks for the guide, i got the same device as yours but when it always stuck at the below lines , can anyone help ? thanks in advance.
[/I]Killing ADB Server...
OK
Starting ADB Server...
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
OK
Waiting for device...
OK
Pushing psneuter...
677 KB/s (585731 bytes in 0.843s)
OK
chmod psneuter...
OK
Running psneuter...[/I]
Click to expand...
Click to collapse
same with me....anybody can give another tips ?

try to turn on picopad usb first. then try to ru he setup in picopad identified as " cd-rom" try again
Sent via Picopad

is there any custom ROM compatible for this device ?

help
Please help me when i type cp /sdcard/flash_image /system/bin and press enter i got something like this : cp /sdcard/flash_image /system/bin: not found
I'm a wrong.?

can this Stock ROM modified for support with App2sd by Trkton ?

Vuska said:
can this Stock ROM modified for support with App2sd by Trkton ?
Click to expand...
Click to collapse
It supports without any modification in the first place.
Roms, probably the MI700's custom rom will work, get to hucqim80's signature, the link is there.

nhasir said:
Please help me when i type cp /sdcard/flash_image /system/bin and press enter i got something like this : cp /sdcard/flash_image /system/bin: not found
I'm a wrong.?
Click to expand...
Click to collapse
probably ur file is not in that directory for this error message to appear.

eagleen said:
Hi tishfire , thanks for the guide, i got the same device as yours but when it always stuck at the below lines , can anyone help ? thanks in advance.
[/I]Killing ADB Server...
OK
Starting ADB Server...
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
OK
Waiting for device...
OK
Pushing psneuter...
677 KB/s (585731 bytes in 0.843s)
OK
chmod psneuter...
OK
Running psneuter...[/I]
Click to expand...
Click to collapse
Okay, i know your problem... just change the option in superoneclick from psneuter to rageagainstthecage... and then root it...
when the superoneclick start to not responding, just re root it using the same method....
then to enable your superuser, install z4root to your device

I managed to root the picopad and flashed as stated.
When i boot up pressing both power and vol button, i was brought into this FTM mode. And from there i can't do anything...... the screen looks as follows.
Hmm....the cwrecovery didn't get flashed?
SWVer=3.240
MODEL: FM6-0001
HWVer:106
Power on with pressing VOLUME_DOWN keys to leave Auto FTM.
[Resolved]
Try holding both up and down volume buttons instead of just one of them

tishfire said:
Wonder if anyone had backup their Picopad's original recovery? "orirecovery.img" Accidentally erased mine thinking I had already backup in my pc.
Hope you could put up for me to download thanks .
Click to expand...
Click to collapse
This is many months late, here's the stuff if anyone needs it.
http://www.megaupload.com/?d=PKMW1ODU

jax79sg said:
This is many months late, here's the stuff if anyone needs it.
http://www.megaupload.com/?d=PKMW1ODU
Click to expand...
Click to collapse
Im still using my picopad.
Thanks!
Sent from my Nexus S using XDA App

can anyone help me with original backup for the splash and welcome screen axioo pico pad?
my pico pad splash and welcome screen change to viewsonic because i install viewpad 7 ROM in to my pico pad.....
somebody....help me please !!!
thankyou

[ROOT + CWM + OC KERNEL + Ubuntu] ZTE V11A / V71A / v55 HC3.2

The information provided in this thread is no longer up to date, although useful troubleshooting information can be found for those having issues. For those who would prefer to have the most up-to-date versions of CM9, CM10 or ParanoidAndroid supported by an awesome developer, go here
WARNING: IF YOU UPDATE YOUR TABLETS TO THE LATEST v03 UPDATES OF THE OFFICIAL ROM, YOU WILL LOSE THE ABILITY TO ROOT IT USING THE SUPERBOOT METHOD AND IT WILL BECOME A HUGE PAIN TO RE-INSTALL CWM/CUSTOM ROMS. INSTRUCTIONS FOR THIS SITUATION ARE PRESENTED BELOW, BUT PLEASE KEEP THIS IN MIND AND TRY TO READ THE THREAD CAREFULLY BEFORE MAKING SUCH CHANGES.
For those who need it, you can find a nandroid backup of Vodafone Romania's stock ROM for the v71a, here
Hello friends. With great thanks to utkanos, Koush and mobilx we now have a public alpha CWM and root available on both the ZTE V11A and the V71A, also known as the SFR StarTab 7/10, Vodafone SmartTab 7/10, as well as Sprint's (ZTE) V55 with credits due to utkanos for porting CWM, mobilx for being arguably the most motivated searcher of the holy root grail, and PaulOBrien from modaco and his superboot solution. We also thank alterbridge86 and eldarerathis for their advice and support. Additionally, credits go to joe.stone for custom kernel with loop device support, OC, touched voltages and a few other goodies.
Also, for interested developers, I have made the source code of the kernel available in a more easily accessible fashion. The source code (3 parts, contains the source for both models) is available here:
Part 1, Part 2, Part 3.
INSTALLING CWM:
A new optimized version of CWM for 7"and 10" tabs has been put together by joe.stone. I will also keep utkanos' links available below for those who prefer his versions or wish to thank him for his early efforts in making our tablets awesome
joe.stone said:
For those who have troubles with cwm recovery (freeze while backup ) i have created a new version. Flashable from fastboot.
10" CWM Recovery
7" CWM Recovery
Credit goes to joe.stone.
Click to expand...
Click to collapse
joe.stone said:
If you updated your tablet ROM via OTA or updater exe and can no longer install CWM, follow the following instructions:.
In firmware v03b fastboot flash is disabled and from a running system flash_image will fail too.
Download the twrp recovery http://goo.im/devs/joestone/twrp/v71_recovery.img
download the twrp recovery zip flashable version too
http://goo.im/devs/joestone/twrp/V71A_TWRP.zip
download kernel #60
http://www.4shared.com/zip/tzrUo5_N/v7_kernel_60.html?
copy the two zip files to the sdcard
If you want flash kernel#60 then do the following:
adb reboot bootloader
the tablet will reboot and you will get only a blank screen . Be sure that the drivers are installed from windows update for the fastboot interface.
check it with : fastboot devices. If you get waiting for device the drivers are not installed.
fastboot boot v71_recovery.img
The twrp recovery comes up. Now you can install twrp by selecting install menu. Browse to the v71twrp.zip on the sd and install it. Now you have permanent twrp recovery.
now go back to install menu browse to the v7_kernel_60.zip and install it.
reboot and enjoy.
These are kernel #60 links for the other models :
Sprint Optik (V55)
http://www.4shared.com/zip/RTZrSXyV/v55_kernel_60.html?
SmartTab10 (V11A)
http://www.4shared.com/zip/PrW1TWHF/v10_kernel_60.html?
OR
You can flash cwm using adb , you need root rights .The best is when adbd is running in root mode (for eaxample kernel#60).
Download this :flash_image binary
then turn on usb debugging.
to flash cwm you need the following commands:
adb push CWMrecovery.img /data/local/tmp
(where cwmrecovery.img is the name of the cwm image file name.)
adb push flash_image /data/local/tmp
adb shell chmod 755 /data/local/tmp/flash_image
adb shell (you need # not $ for flashing , so if you got $ type su to get #)
cd /data/local/tmp
./flash_image /dev/block/mmcblk0p18 CWMrecovery.img
Dont forget to remove the install-recovery.sh file from /system/etc othervise it will install stock recovery at system start if it has not the stock recovery.
To revert the bootloader you need to flash NON-HLOS.bin"to "/dev/block/mmcblk0p1" and "emmc_appsboot.mbn" to "/dev/block/mmcblk0p7" from a previous version .
Click to expand...
Click to collapse
Utkanos' v11a version is here.
Utkanos' v71a version is here.
Credit goes to utkanos, mobilx and koush. I have also attached these files at the end of the post.
Also attached, is the original 7-inch stock recovery file, for users who may wish to return to stock and have not performed backup.
--> Plug your tablet into usb, launch a command line, and use "adb reboot bootloader"
--> Download the CWM Recovery image from the link that fits your device.
--> Place it into the adb/fastboot folder (I am assuming you have downloaded fastboot already from the link above, during the root procedure).
--> In the command line, navigate to that folder (use "cd <path>").
--> input the command "fastboot flash recovery <filename>".
--> Reboot into recovery mode (should be Power + Volume down).
--> You should now be in CWM Recovery, and can now attempt to perform a nandroid backup.
Also, in order to prevent a possible hang, you should:
--> Reboot the tablet into the Android OS;
--> Mount it through USB;
--> Go into the clockworkmod folder;
--> Create an empty file with no extension called ".hidenandroidprogress"
After a period of testing this will be submitted to the Koush's Rom Manager. Source code is also available herehere, linked from utkanos' post.
What works:
Nandroid backup/restore on internal sdcard
Battery stats wipe
Dalvik wipe
Cache wipe
etc.
What does not work so far:
USB mass storage
credits:
utkanos
Koush
Click to expand...
Click to collapse
Modified Kernel Available, all credits to joe.stone, give him thanks here:
joe.stone said:
Here it is.
There is a new kernel version available. The new version is #60 and flashable from cwm recovery .
Changelog :
-Revert GPU overclock
-Revert change of system audio files (because of bootloops on some devices after installation #55)
-Increased system volume on kernel level
-Changed VMALLOC_RESERVE=0x19000000 to VMALLOC_RESERVE=0x10000000
-Added Apple Magicmouse HID support
-Added Microsoft HID support
-Changed cpu minimum freq 345MHz to 432 MHz to avoid the black screen effect (the screen does not wake up , you have to reset )
V55_kernel_60.zip Hope will work fine on v55.
V7_kernel_60.zip
V10_kernel_60.zip
Click to expand...
Click to collapse
Also, Benny3 has put together a CWM-flashable ROM package for the V55 tablet, including Joe's kernel #60 and a number of useful goodies. You can thank him and download the package from here.
Both device (v71, v11) were migrated into one kernel tree , so they both use the same source. (In case of v71 it is much newer source)
The whole kernel source was updated from the v55 sources .
Now they are in cwm recovery flashable format , because this package updates the kernel modules too in /system/lib/modules and enables to use the agps and NTP server setting was corrected . It points to europe.pool.ntp.org instead of the test one . Now my tab finds position within seconds . With the new kernel for me it seems the touchscreen is much better , but as before I am waiting for the feedbacks. Other fixes include: Touchscreen sensitivity, USB Charging etc.
Installation :
download the zip file
copy it to your tab's internal storage
start the tab in clockworkmod recovery
select install zip from sdcard
select the file for your model
install
reboot
and stock kernel for 10" :
stock kernel[/QUOTE]
Finally, if you want to obtain a dump of boot.img, please consider the following advice, also by mobilx, here:
mobilx said:
It is a mmcblk device not mtdblock
dd if=/dev/block/mmcblk0p8 of=/sdcard/boot_backup.img
dd if=/dev/block/mmcblk0p18 of=/sdcard/recovery_backup.img
Click to expand...
Click to collapse
ROOTING:
mobilx said:
It is recommended that you skip these steps and proceed to flashing clockwork mod for your respective device from the start using fastboot, and from inside CWM install joe's kernel (or custom rom), which you can find below. Joe's kernels and rom already come with significant updates to stock Vodafone systems, and are pre-rooted.
We will use superboot to root. What does superboot do? It puts the SU binary and makes a 'insecure' kernel to be loaded temporarily on to the device through ADB remount. So it's only purpose is to make ROOT. After execution, you will still be on the stock kernel, only with root privileges.
This method is for the advanced users only who want to have root before we have a fully functional CWM running. With the CWM the root method will be easier.
IMPORTANT!
At this point we have no way to repair a broken device to a factory state. We can unroot and that is it. It is advisable do make dump of your rom before making any changes to the system. We are not responsible for any damage that can occur in the root process and after that.
What will you need?
--> Download Fastboot+Superboot.img from here.
--> Install ADB through the SDK, download from here, although the ADB included with the ZTE drivers should also work.
--> Install the ZTE drivers, you can find them here, although they should already be included on your device when first mounting it.
--> don't forget to enable USB debugging in the tablet's application settings.
--> Put the fastboot.exe and the superboot.img files in the working directory you will be running adb from (Default should be at "C:\Program Files\ZTE Handset USB Driver".
--> Open a Command Line (Start Menu > Run > CMD) and navigate to the working directory. (Use "cd C:\Program Files\ZTE Handset USB Driver" or alter the path accordingly).
--> Write the following commands withing the command line:
--> adb reboot bootloader
--> fastboot boot superboot.img
--> The device should now boot with the Superuser.apk installed and SU in the /system/xbin/su, as well as allowing you adb root commands. Now run the following:
--> adb remount
--> adb shell
--> ln -s /system/xbin/su /system/bin/su
--> You can now exit the ADB shell and reboot the tablet.
--> Install busybox from the market and check the SU binary version with the Superuser.apk - try to update. If it succeed you are done.
Credits:
sangemaru
utkanos
PaulOBrien from modaco and his superboot solution
Click to expand...
Click to collapse

Reserved for future posts

I have ZTE V11A aka Vodafone Smart Tab 10 in my possession
I'm very interested in obtaining root for this device, so if I can be of any help, please let me know.
I hope that whis device will gain more popularity in the near future, because of it's excellent hardware and low price.
Is there any progress going on with rooting this device?
P.S. Two more questions,
Has anyone found where to buy 40pin to hdmi cable/connector? (because you don't get one in the box)
Does any of you experience clock drift with your device after some time, mine is drifting forward about 20min per day with no automatic Network Sync.
Thank you.

assdksl said:
I have ZTE V11A aka Vodafone Smart Tab 10 in my possession
I'm very interested in obtaining root for this device, so if I can be of any help, please let me know.
I hope that whis device will gain more popularity in the near future, because of it's excellent hardware and low price.
Is there any progress going on with rooting this device?
Click to expand...
Click to collapse
Currently, me and mobilx are trying to put aside time to either:
obtain a dump of the boot.img that we can inject su and superuser.apk into;
compile the source code into a flashable rom that we can inject su and superuser.apk into;
get clockworkmod working on the device;
Due to time constraints, I haven't made much headroom this week, but I'm taking a couple of days off work and hope to make some progress.
P.S. Two more questions,
Has anyone found where to buy 40pin to hdmi cable/connector? (because you don't get one in the box)
Does any of you experience clock drift with your device after some time, mine is drifting forward about 20min per day with no automatic Network Sync.
Thank you.
Click to expand...
Click to collapse
Haven't looked for it, but so far accessories for this line of devices seem to be lacking. With the popularization by Vodafone and the launch of the new Sprint V55 and similar tablets, these accessories should become more popular.
I haven't had any problems with the time on my device, sounds really weird.

assdksl said:
Does any of you experience clock drift with your device after some time, mine is drifting forward about 20min per day with no automatic Network Sync.
Click to expand...
Click to collapse
Clock drift is happening due to Network-provided time setting. Im not sure what is causing this. It could be related to a Vip network or a failure of a process which obtains time from the network. If you want this not to happen just untick that option in settings.

Thank you both for quick answering my questions.
mobilx said:
Clock drift is happening due to Network-provided time setting. Im not sure what is causing this. It could be related to a Vip network or a failure of a process which obtains time from the network. If you want this not to happen just untick that option in settings.
Click to expand...
Click to collapse
Yes, indeed, but when I untick sync with Network-provided time, clock is ticking faster then it should.
It seems that clock chip on my device is not calibrated well or there is some other bug, it seems that it is HW issues... this is little more explained here:
http://blogs.keynote.com/mobility/2...wrist-watch-android-doesnt-keep-the-time.html
It seems that I was unfortunate and get device with bad clock, also without root I'm unable to use ClockSync app that will solve my problem.
But what is bugging me, is the fact that I also have SGS I9000, and it is synchronizing with Vip network just fine.
Mobilx are you experiencing time drift issue with network-provided time sync, but with manual time settings it is working fine?
sangemaru said:
Currently, me and mobilx are trying to put aside time to either:
obtain a dump of the boot.img that we can inject su and superuser.apk into;
compile the source code into a flashable rom that we can inject su and superuser.apk into;
get clockworkmod working on the device;
Due to time constraints, I haven't made much headroom this week, but I'm taking a couple of days off work and hope to make some progress.
Click to expand...
Click to collapse
I am a software developer, and I have some Android programming knowledge, but I'm not experienced much with Linux and compiling flashable Roms, but I can try In any case, if I can help, just let me know.

assdksl said:
Mobilx are you experiencing time drift issue with network-provided time sync, but with manual time settings it is working fine?
Click to expand...
Click to collapse
Yes it happend to me once. First I unticked the network-provided time sync and after restart I ticked it again. The clock is fine since than.

assdksl said:
I am a software developer, and I have some Android programming knowledge, but I'm not experienced much with Linux and compiling flashable Roms, but I can try In any case, if I can help, just let me know.
Click to expand...
Click to collapse
Well, so far what possible leads we have that I can think of are these:
mobilx suggested this thread http://forum.xda-developers.com/showthread.php?t=443994 for packing/unpacking boot.img
to quote Alterbridge of Team Overcome: "I presume the ZTE tablet uses boot.img format for its kernels, in which case you can extract the initramfs using mkbootimg (there are a number of scripts floating around). from there you can modify whatever you want in the initramfs and then repackage the boot.img and be on your way."
eldarerathis gave me some more instructions: "You basically need to extract the ROM's zip and add su/Superuser in the proper folders (su in /system/bin, Superuser in /system/app). You'll probably also have to look at the updater-script and add something to give su executable permission. It's usually something like 'set_perm(0, 0, 6755, "/system/bin/su");' that you need to add. The updater-script should be in the zip under /META-INF somewhere."
These are some of the useful bits of advice I received that could probably be put to good use when I have some free time. If you feel that anything is helpful, feel free to try it out.

sangemaru said:
Well, so far what possible leads we have that I can think of are these:
mobilx suggested this thread http://forum.xda-developers.com/showthread.php?t=443994 for packing/unpacking boot.img
to quote Alterbridge of Team Overcome: "I presume the ZTE tablet uses boot.img format for its kernels, in which case you can extract the initramfs using mkbootimg (there are a number of scripts floating around). from there you can modify whatever you want in the initramfs and then repackage the boot.img and be on your way."
eldarerathis gave me some more instructions: "You basically need to extract the ROM's zip and add su/Superuser in the proper folders (su in /system/bin, Superuser in /system/app). You'll probably also have to look at the updater-script and add something to give su executable permission. It's usually something like 'set_perm(0, 0, 6755, "/system/bin/su");' that you need to add. The updater-script should be in the zip under /META-INF somewhere."
Click to expand...
Click to collapse
Thank you, I will do some reading for a start.
We are sure that bootloaders are unlocked?
sangemaru said:
Currently, me and mobilx are trying to put aside time to either:
obtain a dump of the boot.img that we can inject su and superuser.apk into;
compile the source code into a flashable rom that we can inject su and superuser.apk into;
get clockworkmod working on the device;
Click to expand...
Click to collapse
Did you consider getting clockworkmod working in more details? Is it simpler then above method?
I have found this article regarding putting clockwork mode to new devices, I just read it briefly...
http://www.koushikdutta.com/2010/10/porting-clockwork-recovery-to-new.html

assdksl said:
Thank you, I will do some reading for a start.
We are sure that bootloaders are unlocked?
Did you consider getting clockworkmod working in more details? Is it simpler then above method?
I have found this article regarding putting clockwork mode to new devices, I just read it briefly...
http://www.koushikdutta.com/2010/10/porting-clockwork-recovery-to-new.html
Click to expand...
Click to collapse
That's fine. We have a dev utkanos who agreed to build the CWM for our device. He is very experienced in this stuff. The only way to build a proper CWM is to get a boot.img dumped or extracted from a leaked ROM.
So what we need to do:
Get root via some exploit (there is none for 3.2 HC yet) , dump boot.img and build CWM, flash CWM with fastboot, or
Find leaked ROM , extract boot.img, build CWM, flash CWM with the fastboot, root device with Update.zip
Yes the fastoboot is working and the bootloader is unlocked.
I have tried these exploits so far:
GingerBreak
psneuter
zergRush
Also I have tried:
Acer iconia 100 method ADB
Acer iconia 500 method
All ideas are welcome.

Ladies and gentleman the ROOT is here Device is successfully rooted with the superboot method.
Thanks to my friend sangemaru who made this possible.
Expect CWM soon. utkanos is working on it.
Need some testing, before this goes to public

That's great news mobilx! Looking forward to a root and ICS sometime in the future

Congrat`s guys,nice work and many thanks from all users.
This is a beginning of a beautiful friendship with SmartTab
We expect nice custom roms and maybe in a short time and ICS rom for this excellent tablet.
If I or we (other members) can help with something,please,let us know,i dont know programming but i can use Paint (just kidding)

Jeeej!!! I'm looking forward to it!

Ok lets roll
While we are waiting for CWM to be build we can root ZTE V11A/V71A aka Vodafone SmartTab 10/7 with the superboot.
What the superboot does? It puts SU binary and makes a 'insecure' kernel to be loaded temporally on to device( ADB remount). So it's only purpose is to make ROOT. After reboot you are on your old kernel but with the root.
This method is for the advanced users only who want to have root before we build a CWM. With the CWM the root method will be easier.
IMPORTANT!
At this point we have no way to repair a broken device to a factory state. We can unroot and that is it. It is advisable do make dump of your rom before making any changes to the system. We are not responsible for any damage that can occur in the root process and after that.
What we need?
ADB installed through SDK
Zte drivers installed --> debugging ticked in options
fastboot + superboot.img --> Put files in the adb working dir
>adb reboot bootloader
>fastboot boot superboot.img
Device should boot with Superuser.apk installed and SU in the /system/xbin/su.
>adb remount
>adb shell
#ln -s /system/xbin/su /system/bin/su
Install busybox from the market and check the SU binary version with the Superuser.apk - try to update. If it succeed you are done.
#exit
$exit
>adb reboot
Device will reboot with the stock kernel but rooted.
Credits:
sangemaru
utkanos
PaulOBrien from modaco and his superboot solution

Thx mobilx! Hvala

All it's OK
It's working also on v71a.......LOL
10x man

urs71 said:
It's working also on v71a.......LOL
10x man
Click to expand...
Click to collapse
I can also confirm this working on 7 inch

urs71 said:
It's working also on v71a.......LOL
10x man
Click to expand...
Click to collapse
jakaka said:
I can also confirm this working on 7 inch
Click to expand...
Click to collapse
That is great guys. sangemaru will be very happy because he owns A71A
So you can confirm that it boots and the touchscreen is working? That means the kernel is the same for those two variants.

V17A
YES, all work perfectly...........setcpu, blackmarkt,root uninstaller, lucky patcher, etc
The only differences between v11a and v71a is the size of the display
we are wating for CWM..........10x again
v71a

Rooting the A700

Hi there. I just want to get things up and running in this forum ;-)
Since the rooting method described by ZeroNull was also working on the A510 and the A510 is quite similar to the A700 there might be a good chance that this also works for the A700.
Don't bother if the device reboots during the hack - the magic should already be done then and root established.
It would be interessting if that works for A700 too.
ZeroNull said:
Original article is published on this site and created by ZeroNull and vdsirotkin (4pda.ru).
How to:
1. The tablet should be already upgraded to stock ICS for A100/A101 (or stock ICS A500/A501/A510 for other tablets).
2. Download this archive on the computer. Unpack it to any place.
3, On a tablet: "Settings" -> "Applications" -> "Development" -> "USB debugging" switch on.
4. Сonnect the tablet to the computer (Before connection it is recommended to update the driver for a tablet from here: A10x, A50x, A510).
5. Open the directory with the unpacked archive. Execute file: for windows - runit-win.bat; for Linux - runit-linux.sh.
The root is received!
6. Now you will have to install the following programs:
SuperUser APK
Titanium Backup
ATTENTION!
Don't install Busybox! It is already installed and established! If you reinstall it, some programs will become unable to access root permissions!
Change:
The error of final check of receiving root is corrected (The messaging that "root" isn't received, though it was not so)
Support of A510 of tablets is improved
This method uses the 'mempodroid' exploit and some workings out by ZeroNull and vdsirotkin (4pda.ru).
List of rooting versions:
New - ICS_rooting_A10x_A5xx.zip
Old - ICS_rooting.zip
PS: I understand English rather badly, but I'll try to help, if it is necessary.
PS2: Command "Mount ro/rw" for directory /system (partition) - works perfectly!
Click to expand...
Click to collapse

I tried it yesterday, this method doesn’t work .
Full root for A100, A500 and A510 ICS. Simple method.
Device connected. Preparation for executing of the main script.
push: tools/su -> /data/local/tmp/su
push: tools/runit.sh -> /data/local/tmp/runit.sh
push: tools/mount.sh -> /data/local/tmp/mount.sh
push: tools/mempodroid -> /data/local/tmp/mempodroid
push: tools/getroot.sh -> /data/local/tmp/getroot.sh
push: tools/delroot.sh -> /data/local/tmp/delroot.sh
push: tools/busybox.sh -> /data/local/tmp/busybox.sh
push: tools/busybox -> /data/local/tmp/busybox
8 files pushed. 0 files skipped.
1760 KB/s (840355 bytes in 0.466s)
2426 KB/s (37273 bytes in 0.015s)
-
Preparation is finished.
-
Executing of the main script.
remote object '/system/bin/su' does not exist
The file "su" isn't created!
-
Not getting root!
-
Error!
-
Press any key.

I tried it with the Acer A510 Iconia Tab AIO Toolbox. No root.

we already answered several times, both methods are not working

mempodroid method doesn't work on A700 (fixed kernel I guess)
I used the n95-offsets bin to get the right offsets (0xd9ec 0xaf47) but no success too.

Why are you bothering with this? Just unlock the bootloader and flash kernel with "ro.secure=0" in init ramfs image. Then install "su" and "SuperUser.apk" via adb.

Skrilax_CZ said:
Why are you bothering with this? Just unlock the bootloader and flash kernel with "ro.secure=0" in init ramfs image. Then install "su" and "SuperUser.apk" via adb.
Click to expand...
Click to collapse
Which kernel and where to get it?
and how to do it steps please ?

Skrilax_CZ said:
Why are you bothering with this? Just unlock the bootloader and flash kernel with "ro.secure=0" in init ramfs image. Then install "su" and "SuperUser.apk" via adb.
Click to expand...
Click to collapse
Could you plz be more detailed, understandable for dummies?
Best or top of the pop would be an automated script.
Thx
Gesendet von meinem A700 mit Tapatalk 2

Skrilax_CZ said:
Why are you bothering with this? Just unlock the bootloader and flash kernel with "ro.secure=0" in init ramfs image. Then install "su" and "SuperUser.apk" via adb.
Click to expand...
Click to collapse
Because some of us wont be able to do kernel compilation. Because some stated that you cannot go back after unlocking. Because some stated that updating stock images might even fail after unlocking... all in all because most people just want a simple method to root without all that risks.
Enough reasons?
Sent from my A510 using XDA

I hope root will come shortly.
Android without root - fail

It seems no one working on rooting it everybody is busy with UEFA Euro 2012

I hope root will come shortly.
Android without root - fail
Click to expand...
Click to collapse
yes, and I'd like some clean roms. The Acer rom has a ****load of bloatware that cannot be deinstalled.

moom999 said:
It seems no one working on rooting it everybody is busy with UEFA Euro 2012
Click to expand...
Click to collapse
I tried several known working methods, but it doesn't work (we have a recent kernel, so it must be patched to fix most of the breaches)

Akyno said:
yes, and I'd like some clean roms. The Acer rom has a ****load of bloatware that cannot be deinstalled.
Click to expand...
Click to collapse
But with ICS you can deactivate them. Helps well while waiting for root

DЯΦ[email protected]П said:
But with ICS you can deactivate them. Helps well while waiting for root
Click to expand...
Click to collapse
how?

damir10 said:
how?
Click to expand...
Click to collapse
Settings -> Apps -> All - Tap on the App and deactivate. Works with most Apps.

bbqtho said:
Settings -> Apps -> All - Tap on the App and deactivate. Works with most Apps.
Click to expand...
Click to collapse
but you cant deactivate all acer crap

Blindie said:
but you cant deactivate all acer crap
Click to expand...
Click to collapse
I can't find lots of acer apps on my A700 and the only one I couldn't deactivate is AcerNidus, the Bug Report Service.
The acer ring can be deactivated in the settings, so there is really not much left that may disturb you.
Compared to my HTC Desire, acer was very sparing.

Lets have a look six lines above apps in the settings menu. Its called "Ring"

gcmobile said:
Lets have a look six lines above apps in the settings menu. Its called "Ring"
Click to expand...
Click to collapse
Yes, the settings for the ACER-Ring are still there, but you can disable it and I think that's what it was about.
I also deactivated every app i was able to deactivate and i can't wait for root so that i can make this ***** as thin as possible.

[Q] root access via mempodroid doesn't work anymore on Acer A511?

Hi,
I am new to this forum that is the reason for asking this question in this section but I have a experience in scripting, rooting, modding and (un-) bricking different hardware.
Ok, I am a new owner of a Acer A511 (it's like A510 but with 3G) and tried to root it like this description in this Thread.
If I start the script runit-win.bat I am getting the following output.
Code:
Full root for A100, A500 and A510 ICS. Simple method.
Device connected. Preparation for executing of the main script.
push: tools/su -> /data/local/tmp/su
push: tools/runit.sh -> /data/local/tmp/runit.sh
push: tools/mount.sh -> /data/local/tmp/mount.sh
push: tools/mempodroid -> /data/local/tmp/mempodroid
push: tools/getroot.sh -> /data/local/tmp/getroot.sh
push: tools/delroot.sh -> /data/local/tmp/delroot.sh
push: tools/busybox.sh -> /data/local/tmp/busybox.sh
push: tools/busybox -> /data/local/tmp/busybox
8 files pushed. 0 files skipped.
1044 KB/s (840355 bytes in 0.786s)
1174 KB/s (37273 bytes in 0.031s)
-
Preparation is finished.
-
Executing of the main script.
remote object '/system/bin/su' does not exist
The file "su" isn't created!
-
Not getting root! :(
-
Error!
-
Press any key.
Ok, I took a look to the scripts and I think the command "/data/local/tmp/mempodroid 0xd9f0 0xaf47 sh /data/local/tmp/getroot.sh" doesn't work. I opened a shell "(Windows Shell) adb shell" and executed the command "/data/local/tmp/mempodroid 0xd9f0 0xaf47 sh" and also the command "/data/local/tmp/mempodroid 0xaf47 sh" for getting a single root shell but it doesn't work. If I try to do a reboot via shell I am getting the message "reboot: Operation not permitted".
Also I have deactivated the pre installed Anti Virus (Mc Affee) on tablet. I have no idea anymore but it seems to me that the exploit mempodroid doesnt't work for me or my FW version.
<edit on>
With my HTC Desire HD I had to unlock the bootloader and to install the Clockwork Mod. I understand the description by ZeroNull for rooting the Acer A5xx that this isn't a prerequisite. Is this correct?
<edit off>
Informations
HW: Acer A511
Acer APN-Version: 1.203-1(t)
Flex-Version: Acer_AV041_A511_1.028.00_EMEA_DE
Do you have some ideas more or can you move this problem to the correct thread so I am nearer to solve the problem!?
Best regards

Hi.
To prevent a crossposting can a moderator/admin move this posting to http://forum.xda-developers.com/forumdisplay.php?f=1211 please?
I am not be able to delete my own posting so Idon't want to post it a second time.
I haven't saw this section and I think is the better to place the question there.
Best regards and thank you in advance.

@Mod, please move to http://forum.xda-developers.com/forumdisplay.php?f=1648

Btw, I've also confirmed it does not work. Also tried finding other offsets (with n95-offsets) and tested with those as well, but still no root.
I'm afraid the exploit has been fixed in the A511, and we'll have to wait till someone builds a fixed kernel...
Your ROM seems newer than the only one I found (Acer_AV041_A511_1.011.00_WW_GEN1). You may want to try and downgrade (although my ROM is even much older than that). I don't want to upgrade yet before I can find a way to make a full backup (cwm recovery doesn't work either).

nikagl said:
Btw, I've also confirmed it does not work. Also tried finding other offsets (with n95-offsets) and tested with those as well, but still no root.
I'm afraid the exploit has been fixed in the A511, and we'll have to wait till someone builds a fixed kernel...
Your ROM seems newer than the only one I found (Acer_AV041_A511_1.011.00_WW_GEN1). You may want to try and downgrade (although my ROM is even much older than that). I don't want to upgrade yet before I can find a way to make a full backup (cwm recovery doesn't work either).
Click to expand...
Click to collapse
Thanks, that somebody recognize the posting.
I will take a look for a downgrade it. If it possible to downgrade it without root access and cwm.
Best regards

Well... for A511 I found a way! First cwm recovery and then root update zip. See the following thread:
http://forum.xda-developers.com/showthread.php?t=1729432