Ways to root .29? - Transformer TF300T Q&A, Help & Troubleshooting

I've got some questions about rooting on a locked device, which I may as well fire away.
I'm on .17 DE and has got it setup nicely, so I don't want to go to .29 just to try things out, and if something goes wrong it's better if the tablet has got a boot manager installed so rescue flash is possible. So, if someone who knows what they're doing wants to unroot and try this out (or just tell me if anything is feasible) I believe many people (primarily not rooted .WW-people, but maybe all current ICS-device owners) would be very happy.
Q1 - In the "tweaks" post seanzscreams mentions there may be a way to push build.prop to /system/ at boot.
Wouldn't it be possible to create some root stuff to push and run, like
(pushsu.bat)
Code:
adb wait-for-device
adb push su /system/
run it, reboot tablet
create a shell script file for permissions (or some other mojo) and push it aswell:
(permsu.sh)
Code:
chown 0.0 /system/su
chmod 06755 /system/su
and then run:
(pushper.bat)
Code:
adb wait-for-device
adb push permsu.sh /system/
and finally run and reboot:
(setperms.bat)
Code:
adb wait-for-device
adb shell sh /system/permsu.sh
?
Q2 - wolf849 is doing some funky stuff to downgrade firmware where he's mounting stuff at /data/local/tmp and rebooting for (I assume) permissions to write to the "stuff".
Would it be possible to test these commands (modified to possibly work or break something) (mmcblk0p1 = /system on my device):
(in adb shell or something)
Code:
mv /data/local/tmp /data/local/tmp.bak
ln -s /dev/block/mmcblk0p1 /data/local/tmp
exit
Then reboot and see if /data/local/tmp is in fact /system mounted rw (ie "copy or push su"-able).
If the former wouldn't work because of symlinking rights maybe another approach would be a bat file, like
Code:
adb mv /data/local/tmp /data/local/tmp.bak
adb reboot
adb wait-for-device
adb ln -s /dev/block/mmcblk0p1 /data/local/tmp
adb reboot
Please don't try these suggestions if you don't know how to recover from possible bootloops or semibricks.
I would try them if I'd been unlocked and boot managered, but I'm out of luck if something goes wrong.

Related

Change the boot sound w/o re-flash the ROM for G7

It's my fault to have post this message here.
It's for G7, but I think it is also OK for Incredible.
========================================
1. Prepare a short mp3 and name it android_audio.mp3
2. Put the mp3 under the adb folder
3. Save the following code as !bootaudio.bat (I use this name)
4. Turn your phone into ADB debugging mode
5. run !bootaudio.bat
6. Reboot your phone and have fun!
This should work on almost all G7
Tips: During the boot animation, the volume would change twice. So I suggest insert 1 second before the audio for escaping from the volume changing side-effect.
Code:
adb shell mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
adb shell rm /data/local/android_audio.mp3
adb push android_audio.mp3 /data/local/
adb shell rm /system/customize/resource/android_audio.mp3
adb shell ln -s /data/local/android_audio.mp3 /system/customize/resource/android_audio.mp3
adb shell ls -l --color=never /data/local
adb shell ls -l --color=never /system/customize/resource/
adb pull /system/customize/CID/default.xml
pause
Script description:
Mount the system path to enable writing access.
Remove the original boot sound if it exists.
Push your mp3 into the data/local, where the bootanimation.zip is.
Make a link to data/local/android_audio.mp3
List the two affected pathes for you to confirm the result
Pull the default.xml out from the phone, if you find it not work after reboot, you can check the xml to see what the actural fullpath it is using. And manually change the script to try again.
My current boot sound is attached to the thread.
G7?
Sent from your mom's phone

help!!

hiya everyone, im new on here and really need some help.
im trying to downgrade my android software so im able to root it. only problem being ive never used command prompt lol!!
the guide im using says:
Launch a Command Prompt window and browse to the location of the files extracted in Step 1.
Enter the following commands:
adb push psneuter /data/local/tmp
adb push misc_version /data/local/tmp
adb shell chmod 777 /data/local/tmp/psneuter
adb shell chmod 777 /data/local/tmp/misc_version
adb shell /data/local/tmp/psneuter
adb shell
You should now get the # prompt, indicating temporary root.
Enter these commands:
cd /data/local/tmp
./misc_version -s 1.31.405.6
but how do i browse for the files if ive stored them in my documents and in a folder called downgrade android.
many thanks
keeps saying not a batch file :s
Moving them into the SDK tools folder temporarily would make things easier and would mean only the file name needs to be typed rather than the specific location, try it out, I hope I remembered correctly
dannysissons said:
hiya everyone, im new on here and really need some help.
im trying to downgrade my android software so im able to root it. only problem being ive never used command prompt lol!!
the guide im using says:
Launch a Command Prompt window and browse to the location of the files extracted in Step 1.
Enter the following commands:
adb push psneuter /data/local/tmp
adb push misc_version /data/local/tmp
adb shell chmod 777 /data/local/tmp/psneuter
adb shell chmod 777 /data/local/tmp/misc_version
adb shell /data/local/tmp/psneuter
adb shell
You should now get the # prompt, indicating temporary root.
Enter these commands:
cd /data/local/tmp
./misc_version -s 1.31.405.6
but how do i browse for the files if ive stored them in my documents and in a folder called downgrade android.
many thanks
Click to expand...
Click to collapse
you can either modify the command like this:
adb push C:\users\[YOURUSERNAME]\My documents\downgrade\psneuter /data/local/tmp
or setup a locale path variable to the dir, where adb is stored as mentioned in THIS thread. (step 4)
Then you can simply cd to the dir, where your files are stored, and run adb from there (actually you can run adb from any dir then)

problem downgrading gingerbread to froyo

I hope somebody can help me with this little anomaly.
Been trying to downgrade htc panache with gingerbread 2.3.3.
I was able to successfully execute the commands listed on the guide (http://forum.xda-developers.com/showthread.php?t=1178912) however, when i try to downgrade the misc_version, I get the "PERMISSION DENIED"
Here is how it goes:
> adb push misc_version /data/local/tmp/misc_version
> adb push flashgc /data/local/tmp/flashgc
> adb shell chmod 777 /data/local/tmp/*
> adb shell
> cd /data/local/tmp
# ./misc_version -s 1.00.000.0
./misc_version -s 1.00.000.0
./misc_version -s 1.00.000.0: PERMISSION DENIED
According to the guide I should have seen something like this (--set_version set. VERSION will be changed to: 1.00.000.0
Patching and backing up partition 17...)
Please help
I've been following (or trying to) the same guide. I ran into the same error. From another member here, "aDeQ666", I found the following:
To be entered in adb
cd /data/local/tmp/misc_version
chmod 777 misc_version
./misc_version -s 1.00.000.0
sync
Fixed my problem, but the next step, "./flashgc" , give the permission denied error. Still looking for answers ....
Type in
Code:
su
to gain superuser permissions before attempting those commands
They're most likely working in temp-root shell, where there is no su, and they don't need to call it explicitly.
The first case is solved, AFAIK.
The second case has some problems:
1) The first command is wrong. It should be:
cd /data/local/tmp/
2) A command is missing before running ./flashgc:
chmod 777 flashgc
3) You don't need to run ./flashgc in any case. You don't need a goldcard for downgrade, unless you have a Panache - and if you have and follow Panache guide, you'll see that a goldcard is already prepared in another form.
Nicgraner said:
Type in
Code:
su
to gain superuser permissions before attempting those commands
Click to expand...
Click to collapse
ive tried that, and it says su not found
How about actually reading the thread before posting?
Jack_R1 said:
They're most likely working in temp-root shell, where there is no su, and they don't need to call it explicitly.
Click to expand...
Click to collapse

[ROOT] LG Intuition & LG Spectrum ICS

Source: http://www.androidpolice.com/2012/0...root-the-lg-intuition-and-lg-spectrum-on-ics/
If you find this useful please follow me (jcase) on twitter ( https://twitter.com/teamandirc/ ).
Here you go, root for both the new LG Intuition and the LG Spectrum running ICS. The vulnerability is a simple permission bug allowing us to setup a symlink to local.prop (yes yet again). While the bug is the same, the procedure is slightly different, so I will have the instructions separate.
With the LG Intuition, they did seem to attempt to mitigate this attack. Not by setting correct permissions, but by dropping adbD to the shell user if it runs as root, even if ro.kernel.qemu=1 is set. They failed, they give us enough time to run one command before dropping the root privileges, in our case a script to root the phone.
LG Spectrum ICS Root (for the leaked ICS rom):
Expect this to be patched in the release rom. Leaked ICS rom has locked bootlaoders, ie no recovery at this point.
Files needed:
su ( http://dl.dropbox.com/u/8699733/lgroot/su )
adb shell
$ rm /data/vpnch/vpnc_starter_lock
$ ln -s /data/local.prop /data/vpnch/vpnc_starter_lock
$ exit
adb reboot
adb wait-for-device shell
$ echo 'ro.kernel.qemu=1' > /data/local.prop
$ exit
adb reboot
adb wait-for-device remount
adb push su /system/xbin/su
adb shell
# chown 0.0 /system/xbin/su
# chmod 06755 /system/xbin/su
# rm /data/local.prop
# rm /data/vpnch/vpnc_starter_lock
# reboot
Once rebooted, install Superuser from the market and enjoy.
LG Intuition Root
Files needed:
su ( http://dl.dropbox.com/u/8699733/lgroot/su )
lgroot.sh ( http://dl.dropbox.com/u/8699733/lgroot/lgroot.sh )
adb push su /data/local/tmp/su
adb push lgroot.sh /data/local/tmp/lgroot.sh
adb shell
$ chmod 777 /data/local/tmp/lgroot.sh
$ rm /data/vpnch/vpnc_starter_lock
$ ln -s /data/local.prop /data/vpnch/vpnc_starter_lock
$ exit
adb reboot
You may have to unplug/replug your phone to get some computers to pick it up again after this reboot.
adb wait-for-device shell
$ echo 'ro.kernel.qemu=1' > /data/local.prop
$ exit
Here is the important part, you will have to execute the next to commands one after the other. We want the second command to be fired off as soon as adbD comes up, before it drops root privileges. This may take some a few minutes, and after the second command is complete you may have to unplug/replug you phone to get your computer to see it again.
adb reboot
adb wait-for-device /data/local/tmp/lgroot.sh
(Here is where you may have to unplug/replug, but only after the second command has ran).
adb wait-for-device shell
$ su
# rm /data/local.prop
# rm /data/vpnch/vpnc_starter_lock
# reboot
Once rebooted, install Superuser from the market and enjoy.
Thanks!
Dude, it has been killing me not having root since I managed to get the leaked ICS installed. But I tried this, and just wasn't having any luck. I tried to make a .bat file for it, no go. So i tried inputting it line by line and i keep getting hung up at the $ echo 'ro.kernel.qemu=1' part. Just wondering if anyone else is having this problem.
Also, since yesterday whenever I check for a software update, I'm getting an "error occurred during download". I was wondering if I would even be able to get the final ICS OTA when it finally is available.
Thanks again jcase!
LostCauseSPM said:
Dude, it has been killing me not having root since I managed to get the leaked ICS installed. But I tried this, and just wasn't having any luck. I tried to make a .bat file for it, no go. So i tried inputting it line by line and i keep getting hung up at the $ echo 'ro.kernel.qemu=1' part. Just wondering if anyone else is having this problem.
Also, since yesterday whenever I check for a software update, I'm getting an "error occurred during download". I was wondering if I would even be able to get the final ICS OTA when it finally is available.
Thanks again jcase!
Click to expand...
Click to collapse
Which specific ICS version do you have, I had a couple different leaks to work with.
jcase said:
Which specific ICS version do you have, I had a couple different leaks to work with.
Click to expand...
Click to collapse
build #: IMM76D
Still tweeking on it. Just updated all my drivers, too. I'm not a total newb, but I'm no pro, either.
jcase said:
Source: http://www.androidpolice.com/2012/0...root-the-lg-intuition-and-lg-spectrum-on-ics/
LG Intuition Root
Files needed:
su ( http://dl.dropbox.com/u/8699733/lgroot/su )
lgroot.sh ( http://dl.dropbox.com/u/8699733/lgroot/lgroot.sh )
adb push su /data/local/tmp/su
adb push lgroot.sh /data/local/tmp/lgroot.sh
adb shell
$ chmod 777 /data/local/tmp/lgroot.sh
$ rm /data/vpnch/vpnc_starter_lock
$ ln -s /data/local.prop /data/vpnch/vpnc_starter_lock
$ exit
adb reboot
You may have to unplug/replug your phone to get some computers to pick it up again after this reboot.
adb wait-for-device shell
$ echo ‘ro.kernel.qemu=1’ > /data/local.prop
$ exit
Here is the important part, you will have to execute the next to commands one after the other. We want the second command to be fired off as soon as adbD comes up, before it drops root privileges. This may take some a few minutes, and after the second command is complete you may have to unplug/replug you phone to get your computer to see it again.
adb reboot
adb wait-for-device /data/local/tmp/lgroot.sh
(Here is where you may have to unplug/replug, but only after the second command has ran).
adb wait-for-device shell
$ su
# rm /data/local.prop
# rm /data/vpnch/vpnc_starter_lock
# reboot
:crying:
Once rebooted, install Superuser from the market and enjoy.
Click to expand...
Click to collapse
i tried but as soon as i entered adb shell it kick me off and haven't been able to try since
jcase said:
Which specific ICS version do you have, I had a couple different leaks to work with.
Click to expand...
Click to collapse
Ive got the spectrum, btw. Still trying to make a nice, clean, automated .bat, but it keeps failing now at the remount command.
---------- Post added at 07:37 PM ---------- Previous post was at 07:24 PM ----------
And now is saying "rm failed for /data/vpnch..."
When the remount fails, I get a "remount failed: operation not permitted" message.
Hope this is useful to you.
LostCauseSPM said:
Ive got the spectrum, btw. Still trying to make a nice, clean, automated .bat, but it keeps failing now at the remount command.
---------- Post added at 07:37 PM ---------- Previous post was at 07:24 PM ----------
And now is saying "rm failed for /data/vpnch..."
When the remount fails, I get a "remount failed: operation not permitted" message.
Hope this is useful to you.
Click to expand...
Click to collapse
add [email protected] to gltak and hit me up.
lahegry said:
i tried but as soon as i entered adb shell it kick me off and haven't been able to try since
Click to expand...
Click to collapse
unplug/replug, The intuition is very touchy. Might need to do it from another system or with another cable.
jcase said:
unplug/replug, The intuition is very touchy. Might need to do it from another system or with another cable.
Click to expand...
Click to collapse
i don't think i'm fast enough, i just can't type faster than it kicks me off
lahegry said:
i don't think i'm fast enough, i just can't type faster than it kicks me off
Click to expand...
Click to collapse
Place the two commands into a batch file/shell script, or setup teamviewer and msg me on gtalk
so this is just I've come up with tonight, the exploit still fails line by line, so I made a batch file just for that command, and I think I may be misunderstanding that "adb mount - o" command you recomended.
Wow, this chrome is NOT liking this txt box, keeps jumping backwards for some reason. C'mon Google...
I've got the intuition and here is what I'm coming up with using cmd prompt in windows:
C:\android-sdk\platform-tools>adb push su /data/local/tmp/su
2642 KB/s (380532 bytes in 0.140s)
C:\android-sdk\platform-tools>adb push lgroot.sh /data/local/tmp/lgroot.sh
10 KB/s (164 bytes in 0.015s)
C:\android-sdk\platform-tools>adb shell
[email protected]:/ $ chmod 777 /data/local/tmp/lgroot.sh
chmod 777 /data/local/tmp/lgroot.sh
[email protected]:/ $ rm /data/vpnch/vpnc_starter_lock
rm /data/vpnch/vpnc_starter_lock
[email protected]:/ $ ln -s /data/local.prop /data/vpnch/vpnc_starter_lock
ln -s /data/local.prop /data/vpnch/vpnc_starter_lock
[email protected]:/ $ exit
exit
C:\android-sdk\platform-tools>adb reboot
C:\android-sdk\platform-tools>adb wait-for-device shell
[email protected]:/ $ echo `ro.kernel.qemu=1' > /data/local.prop
echo `ro.kernel.qemu=1' > /data/local.prop
> exit
exit
> adb reboot
adb reboot
> adb wait-for-device /data/local/tmp/lgroot.sh
adb wait-for-device /data/local/tmp/lgroot.sh
> adb wait-for-device shell
adb wait-for-device shell
>
I believe I see where the mistake is, but don't know how to fix it.
---------- Post added 30th September 2012 at 12:02 AM ---------- Previous post was 29th September 2012 at 11:57 PM ----------
actually I don't see my mistake and I should be doing all this in PTP mode correct?
Try now, something was altering my post
arnshrty said:
I've got the intuition and here is what I'm coming up with using cmd prompt in windows:
C:\android-sdk\platform-tools>adb push su /data/local/tmp/su
2642 KB/s (380532 bytes in 0.140s)
C:\android-sdk\platform-tools>adb push lgroot.sh /data/local/tmp/lgroot.sh
10 KB/s (164 bytes in 0.015s)
C:\android-sdk\platform-tools>adb shell
[email protected]:/ $ chmod 777 /data/local/tmp/lgroot.sh
chmod 777 /data/local/tmp/lgroot.sh
[email protected]:/ $ rm /data/vpnch/vpnc_starter_lock
rm /data/vpnch/vpnc_starter_lock
[email protected]:/ $ ln -s /data/local.prop /data/vpnch/vpnc_starter_lock
ln -s /data/local.prop /data/vpnch/vpnc_starter_lock
[email protected]:/ $ exit
exit
C:\android-sdk\platform-tools>adb reboot
C:\android-sdk\platform-tools>adb wait-for-device shell
[email protected]:/ $ echo `ro.kernel.qemu=1' > /data/local.prop
echo `ro.kernel.qemu=1' > /data/local.prop
> exit
exit
> adb reboot
adb reboot
> adb wait-for-device /data/local/tmp/lgroot.sh
adb wait-for-device /data/local/tmp/lgroot.sh
> adb wait-for-device shell
adb wait-for-device shell
>
I believe I see where the mistake is, but don't know how to fix it.
---------- Post added 30th September 2012 at 12:02 AM ---------- Previous post was 29th September 2012 at 11:57 PM ----------
actually I don't see my mistake and I should be doing all this in PTP mode correct?
Click to expand...
Click to collapse
Correction needed for Intuition
First of all, thank you!!!
For Intuition, where the 'important part' is, the second command returns an error.
I was able to succeed by running
adb reboot
adb wait-for-device shell
then wait for the # to appear, and quickly paste and execute:
/data/local/tmp/lgroot.sh
took a few tries, but I am rooted! :laugh:
krapman said:
First of all, thank you!!!
For Intuition, where the 'important part' is, the second command returns an error.
I was able to succeed by running
adb reboot
adb wait-for-device shell
then wait for the # to appear, and quickly paste and execute:
/data/local/tmp/lgroot.sh
took a few tries, but I am rooted! :laugh:
Click to expand...
Click to collapse
Just wondering how you guys like this device? I was just debating on switching to verizon and this device stands out as the most interesting to me... so I had to look here to see if anybody rooted it.
Anybody try any different roms? or think there may be a Jelly Bean update for it?
/system/bin/sh su not found
any help with this was having an issue with the echo command but got past that but now it's giving me this error
davieslacker said:
Just wondering how you guys like this device? I was just debating on switching to verizon and this device stands out as the most interesting to me... so I had to look here to see if anybody rooted it.
Anybody try any different roms? or think there may be a Jelly Bean update for it?
Click to expand...
Click to collapse
It's an amazing device I love it and im rooted. used the steps above and it worked. I am sure it will get jelly bean love eventually. No roms yet. But LG added a lot of customization to the device form what developers usually add as mods.
Will there be a single click method for root on the intuition. I can't seem to get this method to work
Exploit still works on the final version of ICS for the LG Spectrum
Just updated my phone. Couldn't wait for the OTA rollout, updated via the Verizon Wireless Update Util on my comp. Root worked no problem. Thanks again Jcase!
What did you update your phone to?
Sent from my VS950 4G using xda app-developers app

[Q] Help! Problem with Tablet Olidata WB7-l

Hi! I'm a noob user, with a weird tablet.
The brand is Olidata (Chile), and the model is Wb7-l. The first problem was that the tipycal: many worng pattern attempts. I though about the usual: hard reset, but this weird tablet doesn't have one!So I tried all button combinations to enter th the hard reset menu, but was unuseful.
Then, I found a post, it said that with a program I could put anoter ROM (PhoenixSuite), and with the ADB Drivers. I could put another ROM, but the touch system doesn't work. Then I searched a second and a Third ROM, but was the same. Then, I remembered that the chip was a A13, and I found another post, where a user said that with a script you could fix that problem. I use the script and... it died :crying: . After that, i tried to connect it to the computer again, but I couldn't.
THEN, i read the script. Now, i'm really really afraid, because maybe the Tablet is dead.
Here's the script:
(I open it with notepad)
@ECHO off
echo Remount
adb remount
adb shell cd /
echo Mount root
adb shell mount -o remount,rw -t ext4 /dev/root /
echo Make dir bootfs
adb shell mkdir bootfs
echo Mount bootfs
adb shell mount -t vfat /dev/block/nanda /bootfs
echo Copy script.bin
adb push "script.bin" /bootfs/script.bin
echo Copy script0.bin
adb push "script.bin" /bootfs/script0.bin
echo Copy zet6221.ko to /system/vendor
adb push "zet6221.ko" /system/vendor/zet6221.ko
adb shell chmod 644 /system/vendor/zet6221.ko
echo Copy zet6221_ts.idc to /system/usr/idc
adb push "zet6221_ts.idc" /system/usr/idc/zet6221_ts.idc
adb shell chmod 644 /system/usr/idc/zet6221_ts.idc
echo Copy preinstall.sh
adb push "preinstall.sh" /system/bin/preinstall.sh
adb shell chmod 755 /system/bin/preinstall.sh
echo Copy setupsensors.sh
adb push "setupsensors.sh" /system/bin/setupsensors.sh
adb shell chmod 755 /system/bin/setupsensors.sh
pause
adb shell reboot
How can I undo what I did? What's the right ROM? (The other one was one called F1(A13)-20121129.1.1.1- )
Please, please help
(Sorry for my weird english, I know just a bit )

Categories

Resources