Related
Okay, so I tried doing the One-Click Exploit and nothing happened (yes, I had the USB Debugging checked, allow for external developers, and USB Charge Only). So then I tried the manual root. My phone rebooted, but it wasn't rooted. Now when I try to do the Manual Root it says (after the ./zerg) :
[-] Cannot copy boomsh.: Permission denied
[1] + Stopped <signal> ./zerg
And when I tried doing the One-Click again, it rebooted my A2 a couple times and still didn't get it rooted. Help???
Ok first remove the tmp directory in the same place you copied zerg to.
Here are the commands:
From windows:
Launch a command line - go to start run and type cmd or command
Then from the prompt cd to the directory you installed the SDK in and do the following commands:
adb shell
cd /data/local (This will need to be the directory you copied the zerg file to the first time.)
rm ./tmp/*
rm ./tmp/*.*
rm ./tmp
Then follow this post from the root thead:
http://forum.xda-developers.com/showpost.php?p=19916762&postcount=194
Right now there is not a one click for the latest root methods.
The other thing I would do is read through the how to root thread, because there are people that have been able to root by using both the one click and the manual method at the same time to get it to root.
Link to the root thread:
http://forum.xda-developers.com/showthread.php?t=1327741&page=20
Alright, thank you...but I'm a bit rusty with my MS-DOS and I didn't get very far to begin with. So what do you mean by "cd to the directory" and how would I do that? Unfortunately I'm not very sure which directory I installed the SDK in. I think it's data/local/. Here's some of the lines:
c:\Users\User\Deskstop\Exploit\adb shell
shell(character I don't recognize)edison:/$ cd /data/local
cd /data/local
shell(" "):/data/local$ chmod 777 zerg
Sorry for being a little on the illiterate side...I'm like the shadetree mechanic of computers.
According to the xda news,superoneclick has added the zerg rush exploit to it's program.might could try it.
Sent from my MB865
Sent from my MB865
JDtech1701 said:
I'm like the shadetree mechanic of computers.
Click to expand...
Click to collapse
Hey shadetree mechanics keep cars running
Sent from my MB865 using xda premium
JDtech1701 said:
Alright, thank you...but I'm a bit rusty with my MS-DOS and I didn't get very far to begin with. So what do you mean by "cd to the directory" and how would I do that? Unfortunately I'm not very sure which directory I installed the SDK in. I think it's data/local/. Here's some of the lines:
c:\Users\User\Deskstop\Exploit\adb shell
shell(character I don't recognize)edison:/$ cd /data/local
cd /data/local
shell(" "):/data/local$ chmod 777 zerg
Sorry for being a little on the illiterate side...I'm like the shadetree mechanic of computers.
Click to expand...
Click to collapse
You will just highlight each line of commands ONE AT A TIME, then past it to your DOS terminal window then hit return, but just one line at a time.
Ok after you connect to your phone with ADB shell you should see:
see a $ for your prompt.
then copy these lines and paste them one at a time and hit return in your DOS terminal window:
su
cd /data/local
rm ./tmp/*
rm ./tmp/*.*
rm ./tmp
Then follow this:
http://forum.xda-developers.com/showpost.php?p=19916762&postcount=194
http://forum.xda-developers.com/showthread.php?t=1327741
Alright, I put in:
c:\Users\User\Deskstop\Exploit\adb push zerg /data/local
c:\Users\User\Deskstop\Exploit\adb push su /data/local
c:\Users\User\Deskstop\Exploit\adb push superuser.apk data/local
c:\Users\User\Deskstop\Exploit\adb shell
And then I put in all the commands you gave and..."rm failed"
lilhaiti said:
Hey shadetree mechanics keep cars running
Sent from my MB865 using xda premium
Click to expand...
Click to collapse
I know, I was a shadetree auto mechanic myself for a couple years (now I'm a heavy equipment diesel technician...intern). I'm just trying to say that I'm not literate enough to be a developer or anything, but at the same time I know more than your average user.
JDtech1701 said:
Alright, I put in:
c:\Users\User\Deskstop\Exploit\adb push zerg /data/local
c:\Users\User\Deskstop\Exploit\adb push su /data/local
c:\Users\User\Deskstop\Exploit\adb push superuser.apk data/local
c:\Users\User\Deskstop\Exploit\adb shell
And then I put in all the commands you gave and..."rm failed"
Click to expand...
Click to collapse
can you paste the output for me, so I can point you to the next step, or give me the exact error that rm showed? If I can get than I can help you move forward.
It looks like you were having an issue with a previous attemp at root, and there are some temp files we will need to find and remove first before you can try to root again.
Sure!
C:\Users\User\Desktop\Exploit>adb shell
shell(character I don't recognize)edison:/$ su
su
su: not found
shell(" ")edison:/$ cd /data/local
cd /data/local
shell(" ")edison:/data/local$ rm ./tmp/*
rm ./tmp/*
shell(" ")edison:/data/local$ rm ./tmp/*.*
rm ./tmp/*.*
rm failed for ./tmp/*.* No such file or directory
shell(" ")edison:/data/local$ rm ./tmp
rm ./tmp
rm failed for ./tmp, Is a director
shell(" ")edison:/data/local$
JDtech1701 said:
Sure!
C:\Users\User\Desktop\Exploit>adb shell
shell(character I don't recognize)edison:/$ su
su
su: not found
shell(" ")edison:/$ cd /data/local
cd /data/local
shell(" ")edison:/data/local$ rm ./tmp/*
rm ./tmp/*
shell(" ")edison:/data/local$ rm ./tmp/*.*
rm ./tmp/*.*
rm failed for ./tmp/*.* No such file or directory
shell(" ")edison:/data/local$ rm ./tmp
rm ./tmp
rm failed for ./tmp, Is a director
shell(" ")edison:/data/local$
Click to expand...
Click to collapse
Ok, good lets try this to remove the tmp directory.
adb shell
cd /data/local
rm -r ./tmp/
If that does not work install the root explorer app from the adroid market
https://market.android.com/details?id=com.speedsoftware.rootexplorer&hl=en
and locate the /data/local directory and then delete the tmp directory there. This will be the easiest way to remove that stubborn old tmp directory and those files that are holding you up from getting root. Once you have that done try the oneclick again, from here:
http://forum.xda-developers.com/showthread.php?t=1327741
In my experience, deleting the sh and boomsh files is sufficient to enable zergrush to run again. I didn't have to delete the tmp directory itself.
This would've been done in the step you already ran
Code:
shell(" ")edison:/data/local$ rm ./tmp/*
jimbridgman said:
and locate the /data/local directory and then delete the tmp directory there. This will be the easiest way to remove that stubborn old tmp directory and those files that are holding you up from getting root. Once you have that done try the oneclick again, from here:
http://forum.xda-developers.com/showthread.php?t=1327741
Click to expand...
Click to collapse
OK download the moto drivers. 32x or 64x.
Then get the zip file from the root link I'm this forum it should be a batch file your run. It opens a cmd window and follow the steps.
Profit.
It was super easy phone reboots and your rooted on the stock firmware. Pm me of you need the files for some reason I have them.saved in my mass android folder.
Best of luck.
Sent from my Rooted MB865 using XDA App
jimbridgman said:
Ok, good lets try this to remove the tmp directory.
adb shell
cd /data/local
rm -r ./tmp/
If that does not work install the root explorer app from the adroid market
https://market.android.com/details?id=com.speedsoftware.rootexplorer&hl=en
and locate the /data/local directory and then delete the tmp directory there. This will be the easiest way to remove that stubborn old tmp directory and those files that are holding you up from getting root. Once you have that done try the oneclick again, from here:
http://forum.xda-developers.com/showthread.php?t=1327741
Click to expand...
Click to collapse
Uh...are you sure I should remove the tmp directory? It looks like it's got some important stuff in there. Wait...is "tmp" short for temporary?
JDtech1701 said:
Uh...are you sure I should remove the tmp directory? It looks like it's got some important stuff in there. Wait...is "tmp" short for temporary?
Click to expand...
Click to collapse
Yes, but this is not the OS temporary directory, just the one that is, I am guessing in /data/local, or where you copied those files to... I am guessing since you don't have root yet that, that is not /, because then ./tmp would be /tmp (the OS temporary directory, we don't want to remove that one)..... but I am guessing that is not the case since you don't have root.
Yeah I am pretty sure it is safe... I work with UNIX and Linux for a living, and Android happens to be a form of Linux.
Like others have posted, you might be able to try the root process again, since the files that zerg was complaining about are now gone, from the rm ./tmp/* command you ran before... I was just trying to be very thorough.
Okay, I got that Root Explorer and went into tmp and did select all and delete. Now there's .. Parent folder, .X11-unix, appicon, and commdrv left. I tried doing the adb push zerg all the way down to ./zerg as listed in the How To you linked...and it gave me the exact same result. And when I opened Root Explorer, I went straight to tmp. I tried going to the data folder but it said my phone needed to be rooted first. Okay, figuring this app out...yeah, I went to /tmp. I'm not going to be able to access /data/local without rooting it first.
both the 1-click and the manual process fails for me too. I have tried deleting all the files and directory as well and it still doesn't work. When I run either ./zerg or ./zergRush it both fails with the message "Hellion with Blue Flame". Any help would be appreciated.
bbygfy said:
both the 1-click and the manual process fails for me too. I have tried deleting all the files and directory as well and it still doesn't work. When I run either ./zerg or ./zergRush it both fails with the message "Hellion with Blue Flame". Any help would be appreciated.
Click to expand...
Click to collapse
Which system version are you running.... You can find this out by going into settings --> About phone; then give me the text under System version. It should be something like 55.11.16.MB865.ATT.en.US.
Jim
55.11.16.MB865.ATT.en.US
Thanks!
I hope somebody can help me with this little anomaly.
Been trying to downgrade htc panache with gingerbread 2.3.3.
I was able to successfully execute the commands listed on the guide (http://forum.xda-developers.com/showthread.php?t=1178912) however, when i try to downgrade the misc_version, I get the "PERMISSION DENIED"
Here is how it goes:
> adb push misc_version /data/local/tmp/misc_version
> adb push flashgc /data/local/tmp/flashgc
> adb shell chmod 777 /data/local/tmp/*
> adb shell
> cd /data/local/tmp
# ./misc_version -s 1.00.000.0
./misc_version -s 1.00.000.0
./misc_version -s 1.00.000.0: PERMISSION DENIED
According to the guide I should have seen something like this (--set_version set. VERSION will be changed to: 1.00.000.0
Patching and backing up partition 17...)
Please help
I've been following (or trying to) the same guide. I ran into the same error. From another member here, "aDeQ666", I found the following:
To be entered in adb
cd /data/local/tmp/misc_version
chmod 777 misc_version
./misc_version -s 1.00.000.0
sync
Fixed my problem, but the next step, "./flashgc" , give the permission denied error. Still looking for answers ....
Type in
Code:
su
to gain superuser permissions before attempting those commands
They're most likely working in temp-root shell, where there is no su, and they don't need to call it explicitly.
The first case is solved, AFAIK.
The second case has some problems:
1) The first command is wrong. It should be:
cd /data/local/tmp/
2) A command is missing before running ./flashgc:
chmod 777 flashgc
3) You don't need to run ./flashgc in any case. You don't need a goldcard for downgrade, unless you have a Panache - and if you have and follow Panache guide, you'll see that a goldcard is already prepared in another form.
Nicgraner said:
Type in
Code:
su
to gain superuser permissions before attempting those commands
Click to expand...
Click to collapse
ive tried that, and it says su not found
How about actually reading the thread before posting?
Jack_R1 said:
They're most likely working in temp-root shell, where there is no su, and they don't need to call it explicitly.
Click to expand...
Click to collapse
hy guys
I want to downgrade my htc desire z, and i am follwing all the steps only the thing is that on ./flashgc it gives me this: permission denied.
and finally and the most important, when i begin to downgrade it gives me this message: CID Incorrect update fail.
please help me
amiraria said:
hy guys
I want to downgrade my htc desire z, and i am follwing all the steps only the thing is that on ./flashgc it gives me this: permission denied.
and finally and the most important, when i begin to downgrade it gives me this message: CID Incorrect update fail.
please help me
Click to expand...
Click to collapse
Can you post the original post you are following? You might need to create your own goldcard.
CID Incorrect update failed
iSkanky said:
Can you post the original post you are following? You might need to create your own goldcard.
Click to expand...
Click to collapse
after doing all the settings as instruction shows i started writing the cammonds like below:
> adb shell cat /dev/msm_rotator
/dev/msm_rotator: invalid length
> adb push fre3vo /data/local/tmp
> adb shell
$ chmod 777 /data/local/tmp/fre3vo
$ /data/local/tmp/fre3vo -debug -start FAA90000 -end FFFFFFFF
Buffer offset: 00000000
Buffer size: 8192
Scanning region fb7b0000...
Scanning region fb8a0000...
Scanning region fb990000...
Scanning region fba90000...
Potential exploit area found at address fbb4d600:a00.
Exploiting device...
> adb shell
# exit
> adb push misc_version /data/local/tmp/misc_version
> adb push flashgc /data/local/tmp/flashgc
> adb shell chmod 777 /data/local/tmp/*
> adb shell
# cd /data/local/tmp
# ./misc_version -s 1.00.000.0
--set_version set. VERSION will be changed to: 1.00.000.0
Patching and backing up partition 17...
./flashgc (In this part when i am writing this code i will get this massage: ./flashgc permission denied, then i countinued typing the rest of the codes).
# sync
# dd if=/dev/block/mmcblk0p17 bs=1 skip=160 count=10
1.00.000.010+0 records in
10+0 records out
10 bytes transferred in 0.001 secs (10000 bytes/sec) (here also instead of getting 10000 bytes/sec i get 5000 bytes/sec)
(here i downloaded PC10IMG.zip and copied to my sdcart)
(then for Fastboot Downgrade i wrote these codes)
> adb reboot bootloader
> fastboot devices
(My device is recognized by typing the above command)
> fastboot oem rebootRUU
(but after finishing all the procedure it will give me this error: CID Incorrect update failed)
flashgc is not working and it gives the error: CID incorrect
amiraria said:
after doing all the settings as instruction shows i started writing the cammonds like below:
> adb shell cat /dev/msm_rotator
/dev/msm_rotator: invalid length
> adb push fre3vo /data/local/tmp
> adb shell
$ chmod 777 /data/local/tmp/fre3vo
$ /data/local/tmp/fre3vo -debug -start FAA90000 -end FFFFFFFF
Buffer offset: 00000000
Buffer size: 8192
Scanning region fb7b0000...
Scanning region fb8a0000...
Scanning region fb990000...
Scanning region fba90000...
Potential exploit area found at address fbb4d600:a00.
Exploiting device...
> adb shell
# exit
> adb push misc_version /data/local/tmp/misc_version
> adb push flashgc /data/local/tmp/flashgc
> adb shell chmod 777 /data/local/tmp/*
> adb shell
# cd /data/local/tmp
# ./misc_version -s 1.00.000.0
--set_version set. VERSION will be changed to: 1.00.000.0
Patching and backing up partition 17...
./flashgc (In this part when i am writing this code i will get this massage: ./flashgc permission denied, then i countinued typing the rest of the codes).
# sync
# dd if=/dev/block/mmcblk0p17 bs=1 skip=160 count=10
1.00.000.010+0 records in
10+0 records out
10 bytes transferred in 0.001 secs (10000 bytes/sec) (here also instead of getting 10000 bytes/sec i get 5000 bytes/sec)
(here i downloaded PC10IMG.zip and copied to my sdcart)
(then for Fastboot Downgrade i wrote these codes)
> adb reboot bootloader
> fastboot devices
(My device is recognized by typing the above command)
> fastboot oem rebootRUU
(but after finishing all the procedure it will give me this error: CID Incorrect update failed)
Click to expand...
Click to collapse
I even made a goldcard but i dont know how to use it, i mean the file name is Goldcard.img, i dont know whether i should place it in the related folder or not ? what should be the extension of the file.
one thing more: my device is htc desire z 2.3.3 . and i downloaded the ( Desire Z: PC10IMG.zip
Mirrors:
PC10IMG.zip
Vision_DZ_1.34.405.5_PC10IMG.zip
Vision_DZ_1.34.405.5_PC10IMG.zip) the first one is it correct or not? or i should download the (G2: PC10IMG_Vision_TMOUS_1.19.531.1_Radio_12.21.60.09b _26.02.01.15_M2_release_149459_signed.zip
Mirrors:
Vision_G2_1.19.531.1_PC10IMG.zip
Vision_G2_1.19.531.1_PC10IMG.zip
MD5: 531c08dc402e15577b947bf4cd22aec2)
please help me
Source: http://www.androidpolice.com/2012/0...root-the-lg-intuition-and-lg-spectrum-on-ics/
If you find this useful please follow me (jcase) on twitter ( https://twitter.com/teamandirc/ ).
Here you go, root for both the new LG Intuition and the LG Spectrum running ICS. The vulnerability is a simple permission bug allowing us to setup a symlink to local.prop (yes yet again). While the bug is the same, the procedure is slightly different, so I will have the instructions separate.
With the LG Intuition, they did seem to attempt to mitigate this attack. Not by setting correct permissions, but by dropping adbD to the shell user if it runs as root, even if ro.kernel.qemu=1 is set. They failed, they give us enough time to run one command before dropping the root privileges, in our case a script to root the phone.
LG Spectrum ICS Root (for the leaked ICS rom):
Expect this to be patched in the release rom. Leaked ICS rom has locked bootlaoders, ie no recovery at this point.
Files needed:
su ( http://dl.dropbox.com/u/8699733/lgroot/su )
adb shell
$ rm /data/vpnch/vpnc_starter_lock
$ ln -s /data/local.prop /data/vpnch/vpnc_starter_lock
$ exit
adb reboot
adb wait-for-device shell
$ echo 'ro.kernel.qemu=1' > /data/local.prop
$ exit
adb reboot
adb wait-for-device remount
adb push su /system/xbin/su
adb shell
# chown 0.0 /system/xbin/su
# chmod 06755 /system/xbin/su
# rm /data/local.prop
# rm /data/vpnch/vpnc_starter_lock
# reboot
Once rebooted, install Superuser from the market and enjoy.
LG Intuition Root
Files needed:
su ( http://dl.dropbox.com/u/8699733/lgroot/su )
lgroot.sh ( http://dl.dropbox.com/u/8699733/lgroot/lgroot.sh )
adb push su /data/local/tmp/su
adb push lgroot.sh /data/local/tmp/lgroot.sh
adb shell
$ chmod 777 /data/local/tmp/lgroot.sh
$ rm /data/vpnch/vpnc_starter_lock
$ ln -s /data/local.prop /data/vpnch/vpnc_starter_lock
$ exit
adb reboot
You may have to unplug/replug your phone to get some computers to pick it up again after this reboot.
adb wait-for-device shell
$ echo 'ro.kernel.qemu=1' > /data/local.prop
$ exit
Here is the important part, you will have to execute the next to commands one after the other. We want the second command to be fired off as soon as adbD comes up, before it drops root privileges. This may take some a few minutes, and after the second command is complete you may have to unplug/replug you phone to get your computer to see it again.
adb reboot
adb wait-for-device /data/local/tmp/lgroot.sh
(Here is where you may have to unplug/replug, but only after the second command has ran).
adb wait-for-device shell
$ su
# rm /data/local.prop
# rm /data/vpnch/vpnc_starter_lock
# reboot
Once rebooted, install Superuser from the market and enjoy.
Thanks!
Dude, it has been killing me not having root since I managed to get the leaked ICS installed. But I tried this, and just wasn't having any luck. I tried to make a .bat file for it, no go. So i tried inputting it line by line and i keep getting hung up at the $ echo 'ro.kernel.qemu=1' part. Just wondering if anyone else is having this problem.
Also, since yesterday whenever I check for a software update, I'm getting an "error occurred during download". I was wondering if I would even be able to get the final ICS OTA when it finally is available.
Thanks again jcase!
LostCauseSPM said:
Dude, it has been killing me not having root since I managed to get the leaked ICS installed. But I tried this, and just wasn't having any luck. I tried to make a .bat file for it, no go. So i tried inputting it line by line and i keep getting hung up at the $ echo 'ro.kernel.qemu=1' part. Just wondering if anyone else is having this problem.
Also, since yesterday whenever I check for a software update, I'm getting an "error occurred during download". I was wondering if I would even be able to get the final ICS OTA when it finally is available.
Thanks again jcase!
Click to expand...
Click to collapse
Which specific ICS version do you have, I had a couple different leaks to work with.
jcase said:
Which specific ICS version do you have, I had a couple different leaks to work with.
Click to expand...
Click to collapse
build #: IMM76D
Still tweeking on it. Just updated all my drivers, too. I'm not a total newb, but I'm no pro, either.
jcase said:
Source: http://www.androidpolice.com/2012/0...root-the-lg-intuition-and-lg-spectrum-on-ics/
LG Intuition Root
Files needed:
su ( http://dl.dropbox.com/u/8699733/lgroot/su )
lgroot.sh ( http://dl.dropbox.com/u/8699733/lgroot/lgroot.sh )
adb push su /data/local/tmp/su
adb push lgroot.sh /data/local/tmp/lgroot.sh
adb shell
$ chmod 777 /data/local/tmp/lgroot.sh
$ rm /data/vpnch/vpnc_starter_lock
$ ln -s /data/local.prop /data/vpnch/vpnc_starter_lock
$ exit
adb reboot
You may have to unplug/replug your phone to get some computers to pick it up again after this reboot.
adb wait-for-device shell
$ echo ‘ro.kernel.qemu=1’ > /data/local.prop
$ exit
Here is the important part, you will have to execute the next to commands one after the other. We want the second command to be fired off as soon as adbD comes up, before it drops root privileges. This may take some a few minutes, and after the second command is complete you may have to unplug/replug you phone to get your computer to see it again.
adb reboot
adb wait-for-device /data/local/tmp/lgroot.sh
(Here is where you may have to unplug/replug, but only after the second command has ran).
adb wait-for-device shell
$ su
# rm /data/local.prop
# rm /data/vpnch/vpnc_starter_lock
# reboot
:crying:
Once rebooted, install Superuser from the market and enjoy.
Click to expand...
Click to collapse
i tried but as soon as i entered adb shell it kick me off and haven't been able to try since
jcase said:
Which specific ICS version do you have, I had a couple different leaks to work with.
Click to expand...
Click to collapse
Ive got the spectrum, btw. Still trying to make a nice, clean, automated .bat, but it keeps failing now at the remount command.
---------- Post added at 07:37 PM ---------- Previous post was at 07:24 PM ----------
And now is saying "rm failed for /data/vpnch..."
When the remount fails, I get a "remount failed: operation not permitted" message.
Hope this is useful to you.
LostCauseSPM said:
Ive got the spectrum, btw. Still trying to make a nice, clean, automated .bat, but it keeps failing now at the remount command.
---------- Post added at 07:37 PM ---------- Previous post was at 07:24 PM ----------
And now is saying "rm failed for /data/vpnch..."
When the remount fails, I get a "remount failed: operation not permitted" message.
Hope this is useful to you.
Click to expand...
Click to collapse
add [email protected] to gltak and hit me up.
lahegry said:
i tried but as soon as i entered adb shell it kick me off and haven't been able to try since
Click to expand...
Click to collapse
unplug/replug, The intuition is very touchy. Might need to do it from another system or with another cable.
jcase said:
unplug/replug, The intuition is very touchy. Might need to do it from another system or with another cable.
Click to expand...
Click to collapse
i don't think i'm fast enough, i just can't type faster than it kicks me off
lahegry said:
i don't think i'm fast enough, i just can't type faster than it kicks me off
Click to expand...
Click to collapse
Place the two commands into a batch file/shell script, or setup teamviewer and msg me on gtalk
so this is just I've come up with tonight, the exploit still fails line by line, so I made a batch file just for that command, and I think I may be misunderstanding that "adb mount - o" command you recomended.
Wow, this chrome is NOT liking this txt box, keeps jumping backwards for some reason. C'mon Google...
I've got the intuition and here is what I'm coming up with using cmd prompt in windows:
C:\android-sdk\platform-tools>adb push su /data/local/tmp/su
2642 KB/s (380532 bytes in 0.140s)
C:\android-sdk\platform-tools>adb push lgroot.sh /data/local/tmp/lgroot.sh
10 KB/s (164 bytes in 0.015s)
C:\android-sdk\platform-tools>adb shell
[email protected]:/ $ chmod 777 /data/local/tmp/lgroot.sh
chmod 777 /data/local/tmp/lgroot.sh
[email protected]:/ $ rm /data/vpnch/vpnc_starter_lock
rm /data/vpnch/vpnc_starter_lock
[email protected]:/ $ ln -s /data/local.prop /data/vpnch/vpnc_starter_lock
ln -s /data/local.prop /data/vpnch/vpnc_starter_lock
[email protected]:/ $ exit
exit
C:\android-sdk\platform-tools>adb reboot
C:\android-sdk\platform-tools>adb wait-for-device shell
[email protected]:/ $ echo `ro.kernel.qemu=1' > /data/local.prop
echo `ro.kernel.qemu=1' > /data/local.prop
> exit
exit
> adb reboot
adb reboot
> adb wait-for-device /data/local/tmp/lgroot.sh
adb wait-for-device /data/local/tmp/lgroot.sh
> adb wait-for-device shell
adb wait-for-device shell
>
I believe I see where the mistake is, but don't know how to fix it.
---------- Post added 30th September 2012 at 12:02 AM ---------- Previous post was 29th September 2012 at 11:57 PM ----------
actually I don't see my mistake and I should be doing all this in PTP mode correct?
Try now, something was altering my post
arnshrty said:
I've got the intuition and here is what I'm coming up with using cmd prompt in windows:
C:\android-sdk\platform-tools>adb push su /data/local/tmp/su
2642 KB/s (380532 bytes in 0.140s)
C:\android-sdk\platform-tools>adb push lgroot.sh /data/local/tmp/lgroot.sh
10 KB/s (164 bytes in 0.015s)
C:\android-sdk\platform-tools>adb shell
[email protected]:/ $ chmod 777 /data/local/tmp/lgroot.sh
chmod 777 /data/local/tmp/lgroot.sh
[email protected]:/ $ rm /data/vpnch/vpnc_starter_lock
rm /data/vpnch/vpnc_starter_lock
[email protected]:/ $ ln -s /data/local.prop /data/vpnch/vpnc_starter_lock
ln -s /data/local.prop /data/vpnch/vpnc_starter_lock
[email protected]:/ $ exit
exit
C:\android-sdk\platform-tools>adb reboot
C:\android-sdk\platform-tools>adb wait-for-device shell
[email protected]:/ $ echo `ro.kernel.qemu=1' > /data/local.prop
echo `ro.kernel.qemu=1' > /data/local.prop
> exit
exit
> adb reboot
adb reboot
> adb wait-for-device /data/local/tmp/lgroot.sh
adb wait-for-device /data/local/tmp/lgroot.sh
> adb wait-for-device shell
adb wait-for-device shell
>
I believe I see where the mistake is, but don't know how to fix it.
---------- Post added 30th September 2012 at 12:02 AM ---------- Previous post was 29th September 2012 at 11:57 PM ----------
actually I don't see my mistake and I should be doing all this in PTP mode correct?
Click to expand...
Click to collapse
Correction needed for Intuition
First of all, thank you!!!
For Intuition, where the 'important part' is, the second command returns an error.
I was able to succeed by running
adb reboot
adb wait-for-device shell
then wait for the # to appear, and quickly paste and execute:
/data/local/tmp/lgroot.sh
took a few tries, but I am rooted! :laugh:
krapman said:
First of all, thank you!!!
For Intuition, where the 'important part' is, the second command returns an error.
I was able to succeed by running
adb reboot
adb wait-for-device shell
then wait for the # to appear, and quickly paste and execute:
/data/local/tmp/lgroot.sh
took a few tries, but I am rooted! :laugh:
Click to expand...
Click to collapse
Just wondering how you guys like this device? I was just debating on switching to verizon and this device stands out as the most interesting to me... so I had to look here to see if anybody rooted it.
Anybody try any different roms? or think there may be a Jelly Bean update for it?
/system/bin/sh su not found
any help with this was having an issue with the echo command but got past that but now it's giving me this error
davieslacker said:
Just wondering how you guys like this device? I was just debating on switching to verizon and this device stands out as the most interesting to me... so I had to look here to see if anybody rooted it.
Anybody try any different roms? or think there may be a Jelly Bean update for it?
Click to expand...
Click to collapse
It's an amazing device I love it and im rooted. used the steps above and it worked. I am sure it will get jelly bean love eventually. No roms yet. But LG added a lot of customization to the device form what developers usually add as mods.
Will there be a single click method for root on the intuition. I can't seem to get this method to work
Exploit still works on the final version of ICS for the LG Spectrum
Just updated my phone. Couldn't wait for the OTA rollout, updated via the Verizon Wireless Update Util on my comp. Root worked no problem. Thanks again Jcase!
What did you update your phone to?
Sent from my VS950 4G using xda app-developers app
This might work on other devices.
WARNING: this might brick your phone use it at your own risk.
Warning you have to have some knowlage of linux to do this kind of stuff.
WARNING: actually you have to have _good_ knowlage of linux/gnu stuff to do it.
The idea is this is to make the /system/bin/toolbox from the stock rom suid (permision 6755, it originaly has 0755)
This is how I did it. It might be simpler.
get a stock rom that you want. for me it was B5330XWALH3
it is now available at samsung-updates.
You need odin (heimdal will not work with my phone) (my was 3.07)
unpack the zip.
you get a .tar.md5 file (the tar file has broken headers so tar from ubuntu 12.04 will not unpackit).
the tar file works in sectors of 512 bytes.
take out the md5sum at the end of file. (some thing like: head -c (the size up to the last md5sum) original.tar.md5 > file1)
split the file so you will have the system.img.md5 separated (some thing like: head -c (the size upto "system.img.md5") file1 > file2;
head -c (the size upto "dt-blob.md5") file1 | tail -c +(the size upto "system.img.md5" + 1) > file3;
tail -c +(the size upto "dt-blob.md5" + 1) file1 > file4
file3 now has the system.img.md5, trim the md5sum from the tail and the tar headr from head (ex.:
head -c (upto the md5sum output from the rear of the file) file3 | tail -c +513 > file5)
file5 is a sparce image file of an ext4 filesystem. run simg2img (from ext4fs_utils (search on xda)) (ex.:
simg2img file5 file6)
sudo mount -o loop,ro file6 /mnt
look for the file /mnt/bin/toolbox (ex.: ls -l /mnt/bin/toolbox) it will give you an output like this:
-rwxr-xr-x 1 root 2000 99068 Aug 9 07:59 /mnt/bin/toolbox
sudo umount /mnt
the permisions and the size of the file yield the following hex sequence that you get in the file (we will hexedit the ext4 fs): ED 81 00 00 FC 82 01 00
in file3 edit the sequence (it should be only one in the file) from ED 81 00 00 FC 82 01 00 to ED 8D 00 00 FC 82 01 00 (practically adding the suid guid bits to the inode of the toolbox)
we are almost done, now to pack our bags and go.
verify that you have indeed put suid guid to toolbox:
head -c (upto the md5sum output from the rear of the file) file3 | tail -c +513 > file5;
simg2img file5 file6;
sudo mount -o loop,ro file6 /mnt;
ls -l /mnt/bin/toolbox
It should give an output:
-rwsr-sr-x 1 root 2000 99068 Aug 9 07:59 /mnt/bin/toolbox
sudo umount /mnt
recalculate the md5sum to the _expanded_ image: md5sum file6 > file7
overide the md5sum at the end of file3 with the one from file7
now pack the pieces in one tar: cat file2 file3 file4 > myfirmware.tar
add the md5sum to it: md5sum myfirmware.tar >> myfirmware.tar
change the name to .tar.md5: mv myfirmware.tar myfirmware.tar.md5
copy the file on a windowze machine (that has odin and the samsung drivers intalled).
update with odin the new firmware (which you should put in the PDA section) (don't forget to un check the repartitioning).
you should have now a practivally rooted device.
in order to have su and Superuser.apk on it you have to do the following steps:
push with adb su, busybox and Superuser.apk into /data/local/tmp on device (you get the files from other forums here at xda)
the next steps are on device (use adb shell)
verify that indeed we have a suid toolbox: ls -l /system/bin/toolbox should give that wanderfull -rwsr-sr-x permission.
find a rw mount that has suid (in my case a tmpfs is mounted /mnt/obb)
copy su to /mnt/obb (remember that we have suid toolbox this means that toolbox now gives you root on any command):
dd if=/data/local/tmp/su of=/mnt/obb/su
give su suid and make it owned by root: chmod 6755 /mnt/obb/su; chown 0.0 /mnt/obb/su
run su now and enjoy the #: /mnt/obb/su -
Click to expand...
Click to collapse
Ofcorse after you get # you should remount /system as rw, copy su in /system/xbin, copy Superuser.apk in /system/app, copy busybox in /system/xbin, make symlinks to busybox for all the comands in /system/xbin.
You should also upon success remove suid from toolbox so as to not mistakely do damage to the system (for instance "rm /")
And here you have it.
If you do not understand what I have done, you should read more linux / tar / ext4 / md5sum.
This method should work for any phone provided that it has odin as bootloader and there is the stock rom available.
hello
I don't have knowledge about how you have rooted the firmware for b5330, the steps you made are waaaay to dificult for me . Could you provide here an already rooted firmware, to download and install. thanks in advance
ETTT said:
This might work on other devices.
WARNING: this might brick your phone use it at your own risk.
Warning you have to have some knowlage of linux to do this kind of stuff.
WARNING: actually you have to have _good_ knowlage of linux/gnu stuff to do it.
The idea is this is to make the /system/bin/toolbox from the stock rom suid (permision 6755, it originaly has 0755)
This is how I did it. It might be simpler.
Ofcorse after you get # you should remount /system as rw, copy su in /system/xbin, copy Superuser.apk in /system/app, copy busybox in /system/xbin, make symlinks to busybox for all the comands in /system/xbin.
You should also upon success remove suid from toolbox so as to not mistakely do damage to the system (for instance "rm /")
And here you have it.
If you do not understand what I have done, you should read more linux / tar / ext4 / md5sum.
This method should work for any phone provided that it has odin as bootloader and there is the stock rom available.
Click to expand...
Click to collapse
bogdan_rize said:
I don't have knowledge about how you have rooted the firmware for b5330, the steps you made are waaaay to dificult for me . Could you provide here an already rooted firmware, to download and install. thanks in advance
Click to expand...
Click to collapse
no need to upload 400M for this little modification.
I'm unable to post links, goto samsung-updates
go and download B5330XWALI2_B5330OXXALI2_B5330XWLH1_HOME stock firmware.
and apply this xdelta patch over it.
xdelta patch sGTB5330.patch B5330XWALI2_B5330OXXALI2_B5330XWLH1_HOME.tar.md5 myfrm.tar.md5
Click to expand...
Click to collapse
after that you have the firmware that I use to root my phone.
Still... this firmware will not have "su" install, it will just be a rootable firware because it has a suid'ed toolbox.
a suid'ed toolbox in android means that you can exec chown and chmod as a root.
So. After the patching of the stock rom and flashing it. you have to have this md5sum output:
032b4344ab503c8413db9127efaa3d83 myfrm.tar.md5
Click to expand...
Click to collapse
odin will accept it (I've used Oding 3.07).
after that you push the files from the attached tar.gz to /data/local/tmp
tar -xzf superuser_stuff.tar.gz
adb push su /data/local/tmp
adb push Superuser.apk /data/local/tmp
adb push busybox /data/local/tmp
Click to expand...
Click to collapse
after that you bassically have to run this commands in an android shell in order to get to a stardard rooted android:
adb shell # enter the in the phone
dd if=/data/local/tmp/su of=/mnt/obb/su # copy the su binary to a place that can be sudoed
chown 0.0 /mnt/obb/su # modify the owner
chmod 6755 /mnt/obb/su # set SUID flag.
/mnt/obb/su # becomes root !!
mount -o remount,rw /system # remount the system partition as readwrite.
dd if=/data/local/tmp/su of=/system/xbin/su #copy su in path
chown 0.0 /system/xbin/su
chmod 6755 /system/xbin/su
chmod 755 /system/bin/toolbox # close the security hole (toolbox is nologer with SUID)
dd if=/data/local/tmp/Superuser.apk of=/system/app/Superuser.apk # copy the superuser application
chown 0.0 /system/app/Superuser.apk
chmod 666 /system/app/Superuser.apk
#now this is done for busybox
dd if=/data/local/tmp/busybox of=/system/xbin/busybox
chown 0.0 /system/xbin/busybox
chmod 755 /system/xbin/busybox
Click to expand...
Click to collapse
have fun.
I downloaded this firmware: Samsung-Updates.com-GT-B5330_COA_1_20120913171601_pducfx5hbw.zip. Where, how, what???...i unzipped it and now how to apply the patch? The rest of the stept i think i get it....i think For you it's easy to say, for me it's hard to do. I've had sgs1, sgs2 and sgs3, and the root of those was sooooooo easy... but this piece of crap b5330 drives me crazy )
ETTT said:
no need to upload 400M for this little modification.
I'm unable to post links, goto samsung-updates
go and download B5330XWALI2_B5330OXXALI2_B5330XWLH1_HOME stock firmware.
and apply this xdelta patch over it.
after that you have the firmware that I use to root my phone.
Still... this firmware will not have "su" install, it will just be a rootable firware because it has a suid'ed toolbox.
a suid'ed toolbox in android means that you can exec chown and chmod as a root.
So. After the patching of the stock rom and flashing it. you have to have this md5sum output:
odin will accept it (I've used Oding 3.07).
after that you push the files from the attached tar.gz to /data/local/tmp
after that you bassically have to run this commands in an android shell in order to get to a stardard rooted android:
have fun.
Click to expand...
Click to collapse
bogdan_rize said:
I downloaded this firmware: Samsung-Updates.com-GT-B5330_COA_1_20120913171601_pducfx5hbw.zip. Where, how, what???...i unzipped it and now how to apply the patch? The rest of the stept i think i get it....i think For you it's easy to say, for me it's hard to do. I've had sgs1, sgs2 and sgs3, and the root of those was sooooooo easy... but this piece of crap b5330 drives me crazy )
Click to expand...
Click to collapse
I've used xdelta package.
if you are on win then you're on your own.
there is xdelta.org and it seems to have pachage for windows.
for sgs[123] was easy because are main streams. may hackers were working on it.
this device is very new/obscure.
I whould have made a script, but alas, "heimdal" firmware loader whould not work with this device.
I've used linux to patch the firmware and windowze to upload it.
So a script whould be imposible, but after you pach .tar.md5 file and load it on your phone is just about cut and paste form my previous post.
My hope is that a more android savy guy will take this concept and make it a script.
I am just happy that I can now have debian on my phone.
yes, i am on win....there is no way to patch that COA firmware (i am from romania) and upload somewhere to download???i know i am probably asking to much from you, but i dont't think i will manage by my own...this rooting busines is driving me crazyyyyy :crying::crying::crying: thank you so much for your answer!!!
ETTT said:
I've used xdelta package.
if you are on win then you're on your own.
there is xdelta.org and it seems to have pachage for windows.
for sgs[123] was easy because are main streams. may hackers were working on it.
this device is very new/obscure.
I whould have made a script, but alas, "heimdal" firmware loader whould not work with this device.
I've used linux to patch the firmware and windowze to upload it.
So a script whould be imposible, but after you pach .tar.md5 file and load it on your phone is just about cut and paste form my previous post.
My hope is that a more android savy guy will take this concept and make it a script.
I am just happy that I can now have debian on my phone.
Click to expand...
Click to collapse
bogdan_rize said:
yes, i am on win....there is no way to patch that COA firmware (i am from romania) and upload somewhere to download???i know i am probably asking to much from you, but i dont't think i will manage by my own...this rooting busines is driving me crazyyyyy :crying::crying::crying: thank you so much for your answer!!!
Click to expand...
Click to collapse
ok here it is the modified firmware.
http://dl.transfer.ro/myfrm-transfer_ro-29oct-8a4089.zip
Interesting, reading carefully
Sent from my GT-B5330 using xda app-developers app
Thank you so much, tomorow morning i know how i'll spend my time...installing and rooting my b5330, unfortunately this evening i don't have my laptop on me forgoted at work ), but i've downloaded the firmware from phone and now waiting to have it done...finally!!! I'll let you know what have i done. Have a nice day and once again thanks!!!
ETTT said:
ok here it is the modified firmware.
http://dl.transfer.ro/myfrm-transfer_ro-29oct-8a4089.zip
Click to expand...
Click to collapse
it's not working, when i'm trying to adb remont it says: remount failed: Opertaion not permited. After i flashed with odin the firmware you gave to me, i think i do not have permission to make any changes, and i don't know why
ETTT said:
ok here it is the modified firmware.
http://dl.transfer.ro/myfrm-transfer_ro-29oct-8a4089.zip
Click to expand...
Click to collapse
Can you make patch for dxlh3..? Thanks
Sent from my GT-B5330 using xda app-developers app
bogdan_rize said:
it's not working, when i'm trying to adb remont it says: remount failed: Opertaion not permited. After i flashed with odin the firmware you gave to me, i think i do not have permission to make any changes, and i don't know why
Click to expand...
Click to collapse
There commands are supposed to be given in a command line box (cmd on win).
where does it gives you error?
adb shell # enter the in the phone
dd if=/data/local/tmp/su of=/mnt/obb/su # copy the su binary to a place that can be sudoed
chown 0.0 /mnt/obb/su # modify the owner
chmod 6755 /mnt/obb/su # set SUID flag.
/mnt/obb/su # becomes root !!
mount -o remount,rw /system # remount the system partition as readwrite.
dd if=/data/local/tmp/su of=/system/xbin/su #copy su in path
chown 0.0 /system/xbin/su
chmod 6755 /system/xbin/su
chmod 755 /system/bin/toolbox # close the security hole (toolbox is nologer with SUID)
dd if=/data/local/tmp/Superuser.apk of=/system/app/Superuser.apk # copy the superuser application
chown 0.0 /system/app/Superuser.apk
chmod 666 /system/app/Superuser.apk
#now this is done for busybox
dd if=/data/local/tmp/busybox of=/system/xbin/busybox
chown 0.0 /system/xbin/busybox
chmod 755 /system/xbin/busybox
finally it worked
yeeeees, damn you're good!!!! i have managed to root my b5330, root checher tell me that i am rooted and busybox is instaled...the only problem is that it shows me that i do not have installed superuser and supersu. Is there a problem if i just copy paste the apk file (supersu.apk and superuser.apk -> i've downloaded the pro version of bouth of them ) straight into the directory /data/local/tmp where it should be? or to copy-paste in another directory. Thanks in advance, CMD(and adb shell) gave me headache, but i finally got it an succedeed )) :victory::good:
ETTT said:
There commands are supposed to be given in a command line box (cmd on win).
where does it gives you error?
adb shell # enter the in the phone
dd if=/data/local/tmp/su of=/mnt/obb/su # copy the su binary to a place that can be sudoed
chown 0.0 /mnt/obb/su # modify the owner
chmod 6755 /mnt/obb/su # set SUID flag.
/mnt/obb/su # becomes root !!
mount -o remount,rw /system # remount the system partition as readwrite.
dd if=/data/local/tmp/su of=/system/xbin/su #copy su in path
chown 0.0 /system/xbin/su
chmod 6755 /system/xbin/su
chmod 755 /system/bin/toolbox # close the security hole (toolbox is nologer with SUID)
dd if=/data/local/tmp/Superuser.apk of=/system/app/Superuser.apk # copy the superuser application
chown 0.0 /system/app/Superuser.apk
chmod 666 /system/app/Superuser.apk
#now this is done for busybox
dd if=/data/local/tmp/busybox of=/system/xbin/busybox
chown 0.0 /system/xbin/busybox
chmod 755 /system/xbin/busybox
Click to expand...
Click to collapse
bogdan_rize said:
yeeeees, damn you're good!!!! i have managed to root my b5330, root checher tell me that i am rooted and busybox is instaled...the only problem is that it shows me that i do not have installed superuser and supersu. Is there a problem if i just copy paste the apk file (supersu.apk and superuser.apk -> i've downloaded the pro version of bouth of them ) straight into the directory /data/local/tmp where it should be? or to copy-paste in another directory. Thanks in advance, CMD(and adb shell) gave me headache, but i finally got it an succedeed )) :victory::good:
Click to expand...
Click to collapse
1. I'm glad you got it.
2. You should give thanks (that button) if I helped you.
3. I'm you dont read instructions. Maybe it's a problem with us romanian engineers, or maybe engineers in general
look at item 11. from my previous post. maybe I just c&p here.
dd if=/data/local/tmp/Superuser.apk of=/system/app/Superuser.apk
So, when you are in adb shell and you go root (su command, you get the promt with #) and you have the /system mounted rw.
Then any apk that you copy to /system/app folder will get intalled and when you list your application (the button with 16 squares) you should see it.
Have fun.
i was having trouble understanding adb shell and cmd from the begining. I never used this command tool...ever ) and i think from yesterday to this day i managed really ok . Anyway i think i will just copy-paste the superuser.apk in "app" folder directly in the system (it's the same thing, isn't it??). I have done that in item 11., and after a restart supersu was instaled, only superuser.apk didn't, i think i wrote something wrong in adb shell
ETTT said:
1. I'm glad you got it.
2. You should give thanks (that button) if I helped you.
3. I'm you dont read instructions. Maybe it's a problem with us romanian engineers, or maybe engineers in general
look at item 11. from my previous post. maybe I just c&p here.
dd if=/data/local/tmp/Superuser.apk of=/system/app/Superuser.apk
So, when you are in adb shell and you go root (su command, you get the promt with #) and you have the /system mounted rw.
Then any apk that you copy to /system/app folder will get intalled and when you list your application (the button with 16 squares) you should see it.
Have fun.
Click to expand...
Click to collapse
hihihi
neeeah, my bad, i thought that in "superuser_stuff" is superuser and supersu files, it was just su->for superuser.apk, easy peasy, it worked and installed from the first time...it was just me verry verry dizzy and confused. Your guide is 100% OK, my phone is rooted and now i can enjoy !!!
ETTT said:
1. I'm glad you got it.
2. You should give thanks (that button) if I helped you.
3. I'm you dont read instructions. Maybe it's a problem with us romanian engineers, or maybe engineers in general
look at item 11. from my previous post. maybe I just c&p here.
dd if=/data/local/tmp/Superuser.apk of=/system/app/Superuser.apk
So, when you are in adb shell and you go root (su command, you get the promt with #) and you have the /system mounted rw.
Then any apk that you copy to /system/app folder will get intalled and when you list your application (the button with 16 squares) you should see it.
Have fun.
Click to expand...
Click to collapse
can you release xdelta patch for your XWALH3 because we have the same device..
phyxar said:
can you release xdelta patch for your XWALH3 because we have the same device..
Click to expand...
Click to collapse
I've started a new more universal thread:
http://forum.xda-developers.com/showthread.php?t=1965600
There you have the shell-script that will patch the firmware for you.
If you still want an xdelta patch I'll make one for you but:
Give a man a fish and it will be full for the day, teach him how to fish and it will never go hungry again.
Have fun.
ETTT said:
ok here it is the modified firmware.
dl.transfer.ro/myfrm-transfer_ro-29oct-8a4089.zip
Click to expand...
Click to collapse
Hello, i'm new here and i don't know about scripting, so need your help..
i downloaded your firmware and install it to my b5330 and did the cmd command, and it worked, thanks..:good:
but now i've a new problem that my b5330 can't type a question mark ('?').. can you help me please..
whenever i want to type a question mark it always typed a comma (',') in the screen..:crying:
it also it change the symbol and language key to emoticon and symbol, but that's not a problem for me..
andhikarogue said:
Hello, i'm new here and i don't know about scripting, so need your help..
i downloaded your firmware and install it to my b5330 and did the cmd command, and it worked, thanks..:good:
but now i've a new problem that my b5330 can't type a question mark ('?').. can you help me please..
whenever i want to type a question mark it always typed a comma (',') in the screen..:crying:
it also it change the symbol and language key to emoticon and symbol, but that's not a problem for me..
Click to expand...
Click to collapse
That's because you have use the romanian firmware. whitch has a qwerty layout keyboard.
you have to do it the right way:
first. find the firmaware for your region:
http://samsung-updates.com/device/?id=GT-B5330
second. find a linux machine and run the script from the thread.
It is unrealistic for me to just upload all the 40 version of the firmware patched.
That is why I've made the script.
If you don't have a linux machine then look for a virtual box ubuntu and run on it.
Cheers.