Related
Figured out how to temp root my friends nextbook and get titanium backup working. Basically i followed this thread
http://forum.xda-developers.com/showthread.php?t=1173690
Download the htc flyer 16/32gb file and use that one. After you run the Run_ME_fre3vo_Root.bat File go to terminal and type su then hit enter.
You will get the notice that terminal has been granted superuser permission and you will be all set. Download titanium backup and install it .But remember everytime you reboot you will have to run the .bat again.
Thanks to Eugene373 for creating this tool. And thanks to #Teamwin
Htc Evo 4g rooted s-off cyanogenmod 7
Htc Flyer 16gb wifi rooted s-off Flyhigh rom
If i helped in anyway feel free to hit the thanks button
Or just use z4root. That's what I did on my Next6 while dumping the stock image.
By chance could I get a copy of the Next7's stock image?
temp root
tried z4root, i had no luck with gingerbread.
temp root
here is the system dump for nextbook7p
http://www.multiupload.com/6BY8BVS5BJ
Ok i followed the steps on there but im kinda confused on hoqw you managed to get it to work. The next book 7p always shows as a mountable disk when connected to my computer. On the link it says u need to change it to charge only. I tried ignoring that because the nexbook 7p cant charge via usb. But when i click run_me_fr3vo_root the terminal opens and it says wait-for-devices and thats all. So would u kind giving a more detailed explanation? Id aporeciate it alot cause ive been wanting to root this thing foreverrrrr (3 months lol)
krisf29 said:
Figured out how to temp root my friends nextbook and get titanium backup working. Basically i followed this thread
http://forum.xda-developers.com/showthread.php?t=1173690
Click to expand...
Click to collapse
This method did not work with my NextBook 7:
Code:
C:\RW_HTC_Flyer(1)>adb wait-for-device
C:\RW_HTC_Flyer(1)>adb push fre3vo /data/local/tmp
3188 KB/s (9796 bytes in 0.003s)
C:\RW_HTC_Flyer(1)>adb shell chmod 777 /data/local/tmp/fre3vo
C:\RW_HTC_Flyer(1)>adb shell /data/local/tmp/fre3vo
fre3vo by #teamwin
Please wait...
This device either does not support the fre3vo exploit, or this
account lacks permission to access the required devices.
An error has occured.
C:\RW_HTC_Flyer(1)>adb wait-for-device
C:\RW_HTC_Flyer(1)>adb shell /data/local/tmp/fre3vo
fre3vo by #teamwin
Please wait...
This device either does not support the fre3vo exploit, or this
account lacks permission to access the required devices.
An error has occured.
C:\RW_HTC_Flyer(1)>adb wait-for-device
C:\RW_HTC_Flyer(1)>adb shell sleep 5
C:\RW_HTC_Flyer(1)>adb remount
remount failed: Operation not permitted
C:\RW_HTC_Flyer(1)>adb shell mount -o rw,remount rootfs /
mount: Operation not permitted
C:\RW_HTC_Flyer(1)>adb shell mount -o remount,suid /dev/block/mmcblk0p29 /data
mount: Operation not permitted
C:\RW_HTC_Flyer(1)>adb shell rm -r /vendor
rm failed for /vendor, Read-only file system
C:\RW_HTC_Flyer(1)>adb shell mkdir /system/vendor
mkdir failed for /system/vendor, Read-only file system
C:\RW_HTC_Flyer(1)>adb shell mkdir /system/vendor/bin
mkdir failed for /system/vendor/bin, No such file or directory
C:\RW_HTC_Flyer(1)>adb shell chmod 777 /system/vendor
Unable to chmod /system/vendor: No such file or directory
C:\RW_HTC_Flyer(1)>adb shell chmod 777 /system/vendor/bin
Unable to chmod /system/vendor/bin: No such file or directory
C:\RW_HTC_Flyer(1)>adb shell chmod 4755 /system/bin/sh
Unable to chmod /system/bin/sh: Read-only file system
C:\RW_HTC_Flyer(1)>adb push sqlite3 /system/vendor/bin
failed to copy 'sqlite3' to '/system/vendor/bin': No such file or directory
C:\RW_HTC_Flyer(1)>adb push libext4_utils.so /system/lib
failed to copy 'libext4_utils.so' to '/system/lib/libext4_utils.so': Read-only f
ile system
C:\RW_HTC_Flyer(1)>adb push libfuse.so /system/lib
failed to copy 'libfuse.so' to '/system/lib/libfuse.so': Read-only file system
C:\RW_HTC_Flyer(1)>adb shell chmod 655 /system/lib/libext4_utils.so
Unable to chmod /system/lib/libext4_utils.so: No such file or directory
C:\RW_HTC_Flyer(1)>adb shell chmod 000 /system/lib/libfuse.so
Unable to chmod /system/lib/libfuse.so: No such file or directory
C:\RW_HTC_Flyer(1)>adb push default.prop /default.prop
failed to copy 'default.prop' to '/default.prop': Read-only file system
C:\RW_HTC_Flyer(1)>adb push init.rc /init.rc
failed to copy 'init.rc' to '/init.rc': Read-only file system
C:\RW_HTC_Flyer(1)>adb push init.flyer.rc /init.flyer.rc
failed to copy 'init.flyer.rc' to '/init.flyer.rc': Read-only file system
C:\RW_HTC_Flyer(1)>adb shell chmod 755 /default.prop
Unable to chmod /default.prop: Read-only file system
C:\RW_HTC_Flyer(1)>adb shell chmod 755 /init.rc
Unable to chmod /init.rc: Read-only file system
C:\RW_HTC_Flyer(1)>adb shell chmod 755 /init.flyer.rc
Unable to chmod /init.flyer.rc: No such file or directory
C:\RW_HTC_Flyer(1)>adb push fixit /system/vendor/bin
failed to copy 'fixit' to '/system/vendor/bin': No such file or directory
C:\RW_HTC_Flyer(1)>adb push su /sbin
failed to copy 'su' to '/sbin/su': Permission denied
C:\RW_HTC_Flyer(1)>adb push su /system/vendor/bin
failed to copy 'su' to '/system/vendor/bin': No such file or directory
C:\RW_HTC_Flyer(1)>adb push busybox /system/vendor/bin
failed to copy 'busybox' to '/system/vendor/bin': No such file or directory
C:\RW_HTC_Flyer(1)>adb shell chmod 4755 /sbin
Unable to chmod /sbin: Read-only file system
C:\RW_HTC_Flyer(1)>adb shell chmod 4755 /sbin/su
Unable to chmod /sbin/su: Permission denied
C:\RW_HTC_Flyer(1)>adb shell chmod 4755 /system/vendor/bin/su
Unable to chmod /system/vendor/bin/su: No such file or directory
C:\RW_HTC_Flyer(1)>adb shell chmod 4755 /system/vendor/bin/fixit
Unable to chmod /system/vendor/bin/fixit: No such file or directory
C:\RW_HTC_Flyer(1)>adb shell chmod 4755 /system/vendor/bin/busybox
Unable to chmod /system/vendor/bin/busybox: No such file or directory
C:\RW_HTC_Flyer(1)>adb shell chmod 755 /system/vendor/bin/sqlite3
Unable to chmod /system/vendor/bin/sqlite3: No such file or directory
C:\RW_HTC_Flyer(1)>adb shell /system/vendor/bin/busybox --install -s /system/ven
dor/bin
/system/vendor/bin/busybox: not found
C:\RW_HTC_Flyer(1)>adb shell rm -r /system/vendor/bin/ls
rm failed for /system/vendor/bin/ls, No such file or directory
C:\RW_HTC_Flyer(1)>adb shell rm -r /system/vendor/bin/reboot
rm failed for /system/vendor/bin/reboot, No such file or directory
C:\RW_HTC_Flyer(1)>adb shell rm -r /system/vendor/bin/chmod
rm failed for /system/vendor/bin/chmod, No such file or directory
C:\RW_HTC_Flyer(1)>adb shell rm -r /system/vendor/bin/chown
rm failed for /system/vendor/bin/chown, No such file or directory
C:\RW_HTC_Flyer(1)>adb install Superuser.apk
5818 KB/s (196640 bytes in 0.033s)
pkg: /data/local/tmp/Superuser.apk
Failure [INSTALL_FAILED_ALREADY_EXISTS]
C:\RW_HTC_Flyer(1)>adb install androidterm.apk
6039 KB/s (92780 bytes in 0.015s)
pkg: /data/local/tmp/androidterm.apk
Failure [INSTALL_FAILED_ALREADY_EXISTS]
C:\RW_HTC_Flyer(1)>adb shell ln -s /system/vendor /vendor
link failed File exists
C:\RW_HTC_Flyer(1)>adb wait-for-device
C:\RW_HTC_Flyer(1)>adb shell sync
C:\RW_HTC_Flyer(1)>pause
Press any key to continue . . .
Same here. I tried all of the methods that I could come across on the web with no luck. You would think that it would be a way to root the original factory rom and just flash the device with the rooted rom. That seems to be the only way.
pls help me to get it rooted
i tried Zroot and gingerbreak without sucess
after i tried superoneclick
without sucess
i have a bextbook next8P
pls help
I tried the perma temp root that eugene373 posted but my sensation 4g doesn't give me root access. It seems to fail at the exploit:
C:\sensation 4g\RW_Sensation>adb wait-for-device
C:\sensation 4g\RW_Sensation>adb push fre3vo /data/local/tmp
C:\sensation 4g\RW_Sensation>adb shell chmod 777 /data/local/tmp/fre3vo
C:\sensation 4g\RW_Sensation>adb shell /data/local/tmp/fre3vo
Locating access point...
The exploit has failed.
C:\sensation 4g\RW_Sensation>adb wait-for-device
C:\sensation 4g\RW_Sensation>adb shell sleep 1
C:\sensation 4g\RW_Sensation>adb remount
remount failed: Operation not permitted
C:\sensation 4g\RW_Sensation>adb shell mount -o rw,remount rootfs /
mount: Operation not permitted
C:\sensation 4g\RW_Sensation>adb shell mount -o remount,suid /dev/block/mmcblk0p23 /data
mount: Operation not permitted
C:\sensation 4g\RW_Sensation>adb shell mkdir /vendor/bin
mkdir failed for /vendor/bin, Read-only file system
C:\sensation 4g\RW_Sensation>adb shell chmod 4755 /system/bin/sh
Unable to chmod /system/bin/sh: Read-only file system
C:\sensation 4g\RW_Sensation>adb push ./sqlite3 /vendor/bin
C:\sensation 4g\RW_Sensation>adb push ./libext4_utils.so /system/lib
C:\sensation 4g\RW_Sensation>adb push ./libfuse.so /system/lib
C:\sensation 4g\RW_Sensation>adb shell chmod 655 /system/lib/libext4_utils.so
Unable to chmod /system/lib/libext4_utils.so: Read-only file system
C:\sensation 4g\RW_Sensation>adb shell chmod 000 /system/lib/libfuse.so
Unable to chmod /system/lib/libfuse.so: Read-only file system
C:\sensation 4g\RW_Sensation>adb push ./default.prop /default.prop
C:\sensation 4g\RW_Sensation>adb push ./init.rc /init.rc
C:\sensation 4g\RW_Sensation>adb push ./init.pyramid.rc /init.pyramid.rc
C:\sensation 4g\RW_Sensation>adb shell chmod 755 /default.prop
Unable to chmod /default.prop: Read-only file system
C:\sensation 4g\RW_Sensation>adb shell chmod 755 /init.rc
Unable to chmod /init.rc: Read-only file system
C:\sensation 4g\RW_Sensation>adb shell chmod 755 /init.pyramid.rc
Unable to chmod /init.pyramid.rc: Read-only file system
C:\sensation 4g\RW_Sensation>adb push ./fixit /vendor/bin
C:\sensation 4g\RW_Sensation>adb push ./su /sbin
C:\sensation 4g\RW_Sensation>adb push ./su /data/bin
C:\sensation 4g\RW_Sensation>adb push ./busybox /vendor/bin
C:\sensation 4g\RW_Sensation>adb shell chmod 4755 /sbin
Unable to chmod /sbin: Read-only file system
C:\sensation 4g\RW_Sensation>adb shell chmod 4755 /sbin/su
Unable to chmod /sbin/su: Permission denied
C:\sensation 4g\RW_Sensation>adb shell chmod 4755 /data/bin/su
Unable to chmod /data/bin/su: No such file or directory
C:\sensation 4g\RW_Sensation>adb shell chmod 4755 /vendor/bin/fixit
Unable to chmod /vendor/bin/fixit: No such file or directory
C:\sensation 4g\RW_Sensation>adb shell chmod 4755 /vendor/bin/busybox
Unable to chmod /vendor/bin/busybox: No such file or directory
C:\sensation 4g\RW_Sensation>adb shell chmod 755 /vendor/bin/sqlite3
Unable to chmod /vendor/bin/sqlite3: No such file or directory
C:\sensation 4g\RW_Sensation>adb shell busybox --install -s /vendor/bin
busybox: permission denied
C:\sensation 4g\RW_Sensation>adb shell rm -r /vendor/bin/ls
rm failed for /vendor/bin/ls, No such file or directory
C:\sensation 4g\RW_Sensation>adb shell rm -r /vendor/bin/reboot
rm failed for /vendor/bin/reboot, No such file or directory
C:\sensation 4g\RW_Sensation>adb shell rm -r /vendor/bin/chmod
rm failed for /vendor/bin/chmod, No such file or directory
C:\sensation 4g\RW_Sensation>adb shell rm -r /vendor/bin/chown
rm failed for /vendor/bin/chown, No such file or directory
C:\sensation 4g\RW_Sensation>adb install ./Superuser.apk
pkg: /data/local/tmp/Superuser.apk
Failure [INSTALL_FAILED_ALREADY_EXISTS]
C:\sensation 4g\RW_Sensation>adb install ./androidterm.apk
pkg: /data/local/tmp/androidterm.apk
Failure [INSTALL_FAILED_ALREADY_EXISTS]
C:\sensation 4g\RW_Sensation>adb wait-for-device
C:\sensation 4g\RW_Sensation>adb shell sync
C:\sensation 4g\RW_Sensation>pause
Press any key to continue . . .
Click to expand...
Click to collapse
I have the T-mobile USA sensation 4g with the updated 2.3.4. It also has all the htc updates as well as the google updates.
I don't want permanent root just temp root so any help would be greatly appreciated.
I think that method was rendered unusable by the 2.3.4 update.
Is there any temp root that can be done on 2.3.4 for T-mobile Sensation 4g? What about a permanent root?
slubberry said:
Is there any temp root that can be done on 2.3.4 for T-mobile Sensation 4g? What about a permanent root?
Click to expand...
Click to collapse
Not that we know of..The good news is that you may still be able to do a perm root that can still be removed if needed. (Youll need to flash your stock ROM again though).
Are you S-OFF?
Matt
No, I am s-on. I don't want to s-off the phone through HTC because it will void the warrantee and I want to be able to revert back to the original if I have a problem with the phone.
slubberry said:
No, I am s-on. I don't want to s-off the phone through HTC because it will void the warrantee and I want to be able to revert back to the original if I have a problem with the phone.
Click to expand...
Click to collapse
Revolutionary...
There is a sticky in dev section. Inside there is a guide how to get S-ON back. So don't worry
Swyped from my HTC Sensation
I'm posting this in order to show how to use Super Tool under Linux (for Windows & Mac users, changes should be minimal) and also to show some weird results when rooting HTC Desire Z (aka Vision or G2) phones, which may lead to enhancements in the tool.
Also, the Super Tool thread is already over 90 pages long, and has to do with several phones; I thought that a separate thread about these HTC phones would be useful; I hope this won't be against the forum rules, but please accept my apologies in advance if I'm wrong about this!
A summary:
To sum everything up in advance, results are sort of weird... you can get root using the ZergRush exploit, then install "su", "SuperUser", and "BusyBox", but after a while they just disappear. This makes me suspect that there is some kind of "behind the lines" software running, which sets things back to normal, but I don't know the solution yet.
Some experiments
I set up an Android development environment. I'm working in its platform-tools directory, where the "adb" command resides. I extracted the Super Tool files in the root of the Android directory, two levels up, so they are found at the ../../htcsupertoolv2 directory.
I set my phone for USB Debugging, and then, working from the Linux shell:
Code:
$ ./adb kill-server
$ ./adb start-server
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
$ ./adb devices
List of devices attached
HT0B9RT01278 device
OK, my device is attached and ready. Let's see if we already had root:
Code:
$ ./adb shell
$ su
su: permission denied
$ exit
The device is in its basic state, and we haven't got root. Let's install the ZergRush code.
Code:
$ ./adb shell "rm /data/local/tmp/*"
$ ./adb push ../../htcsupertoolv2/root/zergRush /data/local/tmp/.
451 KB/s (23056 bytes in 0.049s)
$ ./adb shell "chmod 777 /data/local/tmp/zergRush"
$ ./adb shell "./data/local/tmp/zergRush"
[**] Zerg rush - Android 2.2/2.3 local root
[**] (C) 2011 Revolutionary. All rights reserved.
[**] Parts of code from Gingerbreak, (C) 2010-2011 The Android Exploid Crew.
[+] Found a GingerBread ! 0x00015118
[*] Scooting ...
[*] Sending 149 zerglings ...
[+] Zerglings found a way to enter ! 0x10
[+] Overseer found a path ! 0x000151e0
[*] Sending 149 zerglings ...
[+] Zerglings caused crash (good news): 0x401219d4 0x0054
[*] Researching Metabolic Boost ...
[+] Speedlings on the go ! 0xafd194d3 0xafd395bf
[*] Popping 24 more zerglings
[*] Sending 173 zerglings ...
[+] Rush did it ! It's a GG, man !
[+] Killing ADB and restarting as root... enjoy!
$ ./adb shell
# exit
Nice, it managed to get root, at least for the time being! Now, let's set the system R/W.
Code:
./adb remount
remount succeeded
./adb shell
# mount
rootfs / rootfs ro,relatime 0 0
tmpfs /dev tmpfs rw,relatime,mode=755 0 0
devpts /dev/pts devpts rw,relatime,mode=600 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,relatime 0 0
[COLOR="Red"]/dev/block/mmcblk0p25 /system ext3 rw,relatime,errors=continue,barrier=0,data=ordered 0 0[/COLOR]
/dev/block/mmcblk0p26 /data ext3 rw,relatime,errors=continue,barrier=0,data=ordered 0 0
/dev/block/mmcblk0p27 /cache ext3 rw,nosuid,nodev,relatime,errors=continue,barrier=0,data=ordered 0 0
/dev/block/mmcblk0p28 /devlog ext3 rw,nosuid,nodev,relatime,errors=continue,barrier=0,data=ordered 0 0
[I][...many lines snipped out...][/I]
# exit
So, /system is now r/w. Let's push "su".
Code:
./adb push ../../htcsupertoolv2/root/su /system/bin/su
411 KB/s (22228 bytes in 0.052s)
./adb shell "chown root.shell /system/bin/su"
./adb shell "chmod 06755 /system/bin/su"
./adb shell "rm /system/xbin/su"
rm failed for /system/xbin/su, No such file or directory
./adb shell "ln -s /system/bin/su /system/xbin/su"
./adb push ../../htcsupertoolv2/root/Superuser.apk /system/app/.
2861 KB/s (785801 bytes in 0.268s)
$ ./adb push ../../htcsupertoolv2/root/su /system/bin/su
516 KB/s (22228 bytes in 0.041s)
$ ./adb shell
# cd /system/bin
# ls -l s*
-rwxr-xr-x root shell 5392 2011-08-02 01:09 schedtest
[I][...many lines snipped out...][/I]
lrwxrwxrwx root shell 2010-10-26 09:02 stop -> toolbox
[COLOR="Red"]-rw-rw-rw- root root 22228 2011-11-10 12:53 su[/COLOR]
-rwxr-xr-x root shell 5456 2011-08-02 01:09 surfaceflinger
-rwxr-xr-x root shell 192 2010-09-23 06:51 svc
lrwxrwxrwx root shell 2010-10-26 09:02 sync -> toolbox
-rwxr-xr-x root shell 5480 2011-08-02 01:09 system_server
# chmod 755 su
# chown root.shell su
# ls -l su
-rwxr-xr-x root shell 22228 2011-11-10 12:53 su
As we see, "su" is installed, with the same owner/group/permissions as the other commands. Let's add a symlink in /system/xbin to "su".
Code:
# cd /system/xbin/
# ls -l *
-rwxr-xr-x root shell 5536 2011-08-02 01:11 crasher
-rwxr-xr-x root shell 60276 2008-08-01 09:00 dexdump
-rwxr-xr-x root shell 22256 2011-08-02 01:11 wireless_modem
# ln -s /system/bin/su /system/xbin/su
# cd /system/xbin/
# ls -l *
-rwxr-xr-x root shell 5536 2011-08-02 01:11 crasher
-rwxr-xr-x root shell 60276 2008-08-01 09:00 dexdump
[COLOR="Red"]lrwxrwxrwx root root 2011-12-30 16:48 su -> /system/bin/su[/COLOR]
-rwxr-xr-x root shell 22256 2011-08-02 01:11 wireless_modem
# exit
There's the symlink, all right. Now, let's push "Superuser.apk".
Code:
$ ./adb push ../../htcsupertoolv2/root/Superuser.apk /system/app/.
2689 KB/s (785801 bytes in 0.285s)
$ ./adb shell
# cd /system/app
# ls -l S*
-rw-r--r-- root root 7221765 2011-08-02 01:08 Settings.apk
[I][...many lines snipped out...][/I]
-rw-r--r-- root root 296419 2011-08-02 01:09 Street.apk
-rw-rw-rw- root root 785801 2011-11-10 12:54 Superuser.apk
-rw-r--r-- root root 551020 2008-08-01 09:00 SystemUI.apk
-rw-r--r-- root root 255720 2008-08-01 09:00 SystemUI.odex
# chmod 644 Superuser.apk
# ls -l Super*
[COLOR="Red"]-rw-r--r-- root root 785801 2011-11-10 12:54 Superuser.apk
[/COLOR]# exit
So, there is Superuser.apk, with appropriate user/group/permissions. It's time for a reboot!
Code:
$ ./adb remount
remount succeeded
$ ./adb reboot
A short while afterwards...
Code:
$ ./adb shell
$ su
[B][COLOR="Red"]su: permission denied[/COLOR][/B]
$ cd /system/bin/
$ ls -l s*
-rwxr-xr-x root shell 5392 2011-08-02 01:09 schedtest
[I][...many lines snipped out...][/I]
lrwxrwxrwx root shell 2010-10-26 09:02 stop -> toolbox
-rwxr-xr-x root shell 5456 2011-08-02 01:09 surfaceflinger
-rwxr-xr-x root shell 192 2010-09-23 06:51 svc
lrwxrwxrwx root shell 2010-10-26 09:02 sync -> toolbox
-rwxr-xr-x root shell 5480 2011-08-02 01:09 system_server
$ cd /system/xbin/
$ ls -l *
-rwxr-xr-x root shell 5536 2011-08-02 01:11 crasher
-rwxr-xr-x root shell 60276 2008-08-01 09:00 dexdump
-rwxr-xr-x root shell 22256 2011-08-02 01:11 wireless_modem
So, "su" is gone?! The exploit managed a temp root, but after the reboot, something set things back to standard, removing "su" and "Superuser.apk".
Doing this with scripts
I set up a pair of scripts to automate the previous work (and included BusyBox installation, by the way) but the results are the same.
The first script, htc1.sh, is:
Code:
#!/bin/sh
./adb shell "rm /data/local/tmp/*"
./adb push ../../htcsupertoolv2/root/zergRush /data/local/tmp/.
./adb shell "chmod 777 /data/local/tmp/zergRush"
./adb shell "./data/local/tmp/zergRush"
The second script, htc2.sh, to be run afterwards, when (temp) root has been achieved, is:
Code:
#!/bin/sh
./adb remount
./adb push ../../htcsupertoolv2/root/busybox /data/local/tmp/.
./adb shell "chmod 755 /data/local/tmp/busybox"
./adb shell "dd if=/data/local/tmp/busybox of=/system/xbin/busybox"
./adb shell "cd /system/xbin; chown root.shell busybox; chmod 04755 busybox"
./adb shell "/system/xbin/busybox --install -s /system/xbin"
./adb shell "rm -r /data/local/tmp/busybox"
./adb push ../../htcsupertoolv2/root/su /system/bin/su
./adb shell "cd /system/bin; chown root.shell su; chmod 06755 su"
./adb shell "rm /system/xbin/su; ln -s /system/bin/su /system/xbin/su"
./adb push ../../htcsupertoolv2/root/Superuser.apk /system/app/.
./adb shell "cd /system/app; chmod 644 Superuser.apk"
If you run ./htc1.sh and then ./htc2.sh results will be the same; the added commands will be gone, and you won't be able to "su" no more.
The attached scripts should help Linux users to root other phones (which are known to work) but the Desire Z question still remains; there seems to be something missing, at least for the time being.
G2 Temp Root
Hi, I got a tmo g2 2.3.4
i used the superhtctoolv2 on win7, and htcdrivers linked in the original thread.
i performed the option 1 and 2, and was able to gain temp root, but just like every1 else it goes away with a reboot, or even after prolong period of inactivity, it works as long as i keep messing with Titanium backup or other root apps.
Any way to combine this temp root with older options to gain a perm root?
Cool man! Thanks!
HTC security measure?
Looking around, I found this page about a security method by HTC... to quote:
The HTC software implementation on the G2 stores some components in read-only memory as a security measure to prevent key operating system software from becoming corrupted and rendering the device inoperable. There is a small subset of highly technical users who may want to modify and re-engineer their devices at the code level, known as rooting, but a side effect of HTCs security measure is that these modifications are temporary and cannot be saved to permanent memory. As a result the original code is restored.
Click to expand...
Click to collapse
This sure looks like the problem we are having with the HTC DESIRE Z/G2/VISION...
Cannot get S-OFF
I tried adapting the third script (get S-OFF) for Linux but it didn't work out.
I first tried everything by hand. I ran ht1.sh first (to get root) and then went on to:
Code:
$ ./adb push ../../htcsupertoolv2/root/gfree /data/local
2127 KB/s (134401 bytes in 0.061s)
followed by
Code:
$ ./adb shell
# chmod 777 /data/local/gfree
# ./data/local/gfree -f
--secu_flag off set
--cid set. CID will be changed to: 11111111
--sim_unlock. SIMLOCK will be removed
Section header entry size: 40
Number of section headers: 44
Total section header table size: 1760
Section header file offset: 0x000138b4 (80052)
Section index for section name string table: 41
String table offset: 0x000136fb (79611)
Searching for .modinfo section...
- Section[16]: .modinfo
-- offset: 0x00000a14 (2580)
-- size: 0x000000cc (204)
Kernel release: 2.6.35.10-g7b95729
New .modinfo section size: 204
Attempting to power cycle eMMC... [B][COLOR="Red"]Failed.
Module failed to load: No such file or directory[/COLOR][/B]
So I'm guessing the DESIRE Z/G2/VISION cannot be perm rooted with Super Tool, at least "as is" --- I'll possibly be trying backdating the firmware next.
fkereki said:
I tried adapting the third script (get S-OFF) for Linux but it didn't work out.
I first tried everything by hand. I ran ht1.sh first (to get root) and then went on to:
Code:
$ ./adb push ../../htcsupertoolv2/root/gfree /data/local
2127 KB/s (134401 bytes in 0.061s)
followed by
Code:
$ ./adb shell
# chmod 777 /data/local/gfree
# ./data/local/gfree -f
--secu_flag off set
--cid set. CID will be changed to: 11111111
--sim_unlock. SIMLOCK will be removed
Section header entry size: 40
Number of section headers: 44
Total section header table size: 1760
Section header file offset: 0x000138b4 (80052)
Section index for section name string table: 41
String table offset: 0x000136fb (79611)
Searching for .modinfo section...
- Section[16]: .modinfo
-- offset: 0x00000a14 (2580)
-- size: 0x000000cc (204)
Kernel release: 2.6.35.10-g7b95729
New .modinfo section size: 204
Attempting to power cycle eMMC... [B][COLOR="Red"]Failed.
Module failed to load: No such file or directory[/COLOR][/B]
So I'm guessing the DESIRE Z/G2/VISION cannot be perm rooted with Super Tool, at least "as is" --- I'll possibly be trying backdating the firmware next.
Click to expand...
Click to collapse
well that sucks!
I recently watched a video on YouTube on how to root the HTC Amaze. I followed the directions and unlocked the bootloader successfully but when I ran the ZergRushTempRoot.bat to root it, I got the following:
C:\Zerg rush root>adb wait-for-device
C:\Zerg rush root>adb push zergRush /data/local/
1328 KB/s (21215 bytes in 0.015s)
C:\Zerg rush root>adb shell chmod 777 /data/local/zergRush
C:\Zerg rush root>adb shell rm /data/local/tmp/*sh
C:\Zerg rush root>adb shell /data/local/zergRush
[**] Zerg rush - Android 2.2/2.3 local root
[**] (C) 2011 Revolutionary. All rights reserved.
[**] Parts of code from Gingerbreak, (C) 2010-2011 The Android Exploid Crew.
[+] Found a GingerBread ! 0x00017118
[*] Scooting ...
[*] Sending 149 zerglings ...
[*] Sending 189 zerglings ...
[-] Hellions with BLUE flames !
C:\Zerg rush root>adb wait-for-device
C:\Zerg rush root>adb shell sleep 1
C:\Zerg rush root>adb remount
remount failed: Operation not permitted
C:\Zerg rush root>adb shell mount -o rw,remount rootfs /
mount: Operation not permitted
C:\Zerg rush root>adb shell mount -o remount,suid /dev/block/mmcblk0p29 /system
mount: Operation not permitted
C:\Zerg rush root>adb shell chmod 4755 /system/bin/sh
Unable to chmod /system/bin/sh: Read-only file system
C:\Zerg rush root>adb push ./su /system/bin
failed to copy './su' to '/system/bin/su': Read-only file system
C:\Zerg rush root>adb push ./su /system/bin
failed to copy './su' to '/system/bin/su': Read-only file system
C:\Zerg rush root>adb push ./busybox /system/bin
failed to copy './busybox' to '/system/bin/busybox': Read-only file system
C:\Zerg rush root>adb shell chmod 4755 /system/bin
Unable to chmod /system/bin: Read-only file system
C:\Zerg rush root>adb shell chmod 4755 /system/bin/su
Unable to chmod /system/bin/su: No such file or directory
C:\Zerg rush root>adb shell chmod 4755 /system/bin/su
Unable to chmod /system/bin/su: No such file or directory
C:\Zerg rush root>adb push ./Superuser.apk /system/app
failed to copy './Superuser.apk' to '/system/app/Superuser.apk': Read-only file
system
C:\Zerg rush root>adb install ./androidterm.apk
2904 KB/s (92780 bytes in 0.031s)
pkg: /data/local/tmp/androidterm.apk
Failure [INSTALL_FAILED_ALREADY_EXISTS]
C:\Zerg rush root>adb wait-for-device
C:\Zerg rush root>adb shell sync
C:\Zerg rush root>pause
Press any key to continue . . .
If anyone can help me get this phone rooted, I would appreciate it.
Thanks,
George
[email protected]
root htc amaze 4g
i am in canada. useing mobilicity on this phone. i am also facing same problem. i am also waiting for root. after i readable my indian language. thanks
anybody plz help me.
Hello,
Thank you for this post. I also have the exact same issue.
Similar to kapil1878, I am also on Mobilicity in Canada.
Same issue here! Amaze t-mobile.
rooting
having the same problem about rooting. t-mobile usa
remount fails
So, one thing at a time.
First off remount fails. Why? Lets look at the script. I've numbered the lines for reference:
1 :cd %:h
2 adb wait-for-device
3 adb push zergRush /data/local/
4 adb shell chmod 777 /data/local/zergRush
5 adb shell /data/local/zergRush
6 adb wait-for-device
7 adb shell sleep 1
8 adb remount
9 adb shell mount -r -w -o remount rootfs /
10 adb shell mount -o remount,suid /dev/block/mmcblk0p29 /system
11 adb shell chmod 4755 /system/bin/sh
12 adb push ./su /system/bin
13 adb push ./su /system/bin
14 adb push ./busybox /system/bin
15 adb shell chmod 4755 /system/bin
16 adb shell chmod 4755 /system/bin/su
17 adb shell chmod 4755 /system/bin/su
18 adb push ./Superuser.apk /system/app
19 adb install ./androidterm.apk
20 adb wait-for-device
21 adb shell sync
22 pause
Line 8 is what fails first, probably causing a chain reaction of failures. This is because there's a critical spot on the device we need to write to that we can't write to for some reason.
I executed:
adb devices
The above command provides the serial numbers of all connected Android devices. I needed this for the next command which was:
adb -s [put serial number here] shell
This gave me access to the command line on the device. Then I executed:
mount
The above command tells you what file systems are active and usable, i.e. file systems that are mounted and ready for action. I think "file system" in this case may be synonymous with partition.
Now... looking up the remount command in the reference material shows that it is supposed to (and this is cut from the manual) :
adb remount - remounts the /system partition on the device read-write
However the result from our mount command a minute ago shows this for the /system mount. Note that there's a bunch of crap I've cut out but we are only interested in /system for now, anyway:
rootfs / rootfs ro,relatime 0 0
.
.
.
/dev/block/mmcblk0p29 /system ext4 ro,relatime,barrier=1,data=ordered 0 0
.
.
.
tmpfs /mnt/sdcard/.android_secure tmpfs ro,relatime,size=0k,mode=000 0 0
So... guessing based on my previous Unix experience, ro probably means that this partition is mounted read only. That means we have to find a way to remount it "rw". Problem is that I can't figure out what the command is. We already know remount doesn't work.
Here are some of my attempts:
$ mount -t ext4 -o rw,relatime,barrier=1,data=ordered /dev/block/mmcblk0p29 /system
mount -t ext4 -o rw,relatime,barrier=1,data=ordered /dev/block/mmcblk0p29 /system
mount: Operation not permitted
$ mount -t ext4 -o remount,rw,relatime,barrier=1,data=ordered /dev/block/mmcblk0p29 /system
mount -t ext4 -o remount,rw,relatime,barrier=1,data=ordered /dev/block/mmcblk0p29 /system
mount: Operation not permitted
Now, then. We don't have permissions require to execute remount and for mount we get the above. The only thing I can think of at this point is that I need to elevate the permissions of the user I am logged in as. Anybody know how to do that on Android? How do I know who I am logged in as? Is there more than one user even?
everyone should check out the thread below, Binary100100 does an excellent job in explaining how to root...
http://forum.xda-developers.com/showthread.php?t=1426179?referrerid=922386
Whenever I run Pie, I get this:
Code:
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
C:\Users\Adi\Desktop\Adi's Stuff\Android\ADB>adb push pie.jar /data/local/atvc
4776 KB/s (1538138 bytes in 0.314s)
C:\Users\Adi\Desktop\Adi's Stuff\Android\ADB>adb push root.sh /data/local/atvc
23 KB/s (192 bytes in 0.008s)
C:\Users\Adi\Desktop\Adi's Stuff\Android\ADB>adb shell chmod 755 /data/local/atv
c/root.sh
C:\Users\Adi\Desktop\Adi's Stuff\Android\ADB>adb shell /data/local/atvc/root.sh
rm failed for /data/local/atvc/blop.asec, No such file or directory
mkdir failed for /data/local/atvc/dalvik-cache, File exists
pie by jcase
want to buy me pie? paypal-> [email protected]
C:\Users\Adi\Desktop\Adi's Stuff\Android\ADB>
.
What do I do to fix it?
adisai1 said:
Whenever I run Pie, I get this:
Code:
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
C:\Users\Adi\Desktop\Adi's Stuff\Android\ADB>adb push pie.jar /data/local/atvc
4776 KB/s (1538138 bytes in 0.314s)
C:\Users\Adi\Desktop\Adi's Stuff\Android\ADB>adb push root.sh /data/local/atvc
23 KB/s (192 bytes in 0.008s)
C:\Users\Adi\Desktop\Adi's Stuff\Android\ADB>adb shell chmod 755 /data/local/atv
c/root.sh
C:\Users\Adi\Desktop\Adi's Stuff\Android\ADB>adb shell /data/local/atvc/root.sh
rm failed for /data/local/atvc/blop.asec, No such file or directory
mkdir failed for /data/local/atvc/dalvik-cache, File exists
pie by jcase
want to buy me pie? paypal-> [email protected]
C:\Users\Adi\Desktop\Adi's Stuff\Android\ADB>
.
What do I do to fix it?
Click to expand...
Click to collapse
It has been reported that King/Kingo Root has a working exploit for this phone, though it may be a temp root it can be made persistent.
Try one of their newer versions.