Root for ZTE z990g aka ZTE Merit
by jcase - [email protected] - http://twitter.com/TeamAndIRC
June 16 2012 - Copyright 2012 CunningLogic
Do Not Distribute or republish without permission. (Sad that this is needed, but people/blogs like to profit off the work of others without credit)
Want to support my work? Donations are always appreciated, but never required:
Paypal: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=LZ62YFU3XCEK8
Amazon Giftcards: [email protected]
Required files:
http://dl.dropbox.com/u/8699733/chainsdd-su.zip
Unzip chaindsdd-su.zip and then get a shell with adb
Code:
adb shell
Set up the dirs, so shell owns them prior to logging. If shell does not own them then we can not control them. If the logs dir already exists, you may have to do a factory reset to remove them. They should not exist unless someone attempted this previously.
Code:
mkdir /data/local/logs
mkdir /data/local/logs/kernel
Open emode's logset activity. First button should be for enabling log set, enable it. Do not exit the activity, but if you do just repeat the below command.
Code:
am start -a android.intent.action.MAIN -n com.zte.emode/.logset
Confirm the log_kernel.txt file exists, if it does not wait a minute and check again.
Code:
ls -l /data/local/logs/kernel/log_kernel.txt
If it exists, delete it and immediately symlink it to /data/local.prop, logset may recreate it, if it does delete and try symlinking again.
Code:
rm /data/local/logs/kernel/log_kernel.txt
ln -s /data/local.prop /data/local/logs/kernel/log_kernel.txt
Now we want to wait for /data/local.prop to be created, it may take a minute or two. Keep checking until it exists.
Code:
ls -l /data/local.prop
Now once /data/local.prop exists, go back to the logset activity and disable logset. If you don't disable it, it will slowly eat away at all the disk space, and possibly overwrite the local.prop before you get root. Now lets set qemu=1 then reboot.
Code:
echo 'ro.kernel.qemu=1' > /data/local.prop
exit
adb reboot
Once you have rebooted, remount, install su.
Code:
adb remount
adb push su /system/xbin/su
adb shell chown 0.0 /system/xbin/su
adb shell chmod 06755 /system/xbin/su
Clean up your mess!
Code:
adb shell rm /data/local.prop
adb shell rm -r /data/local/logs
Reboot, install the Superuser app from the market and enjoy
Code:
adb reboot
Might Not Work As Expected
I just tried this procedure from JCase at the RootzWiki dot com site with mixed results. The phone is a ZTE Merit Z990G from Straight Talk.
I went through all the steps and everything performed as expected. When I start start an app that requires superuser permissions, the app reports that the device has not been properly rooted. I have repeated the process as outlined four times, including downloading the SU file, and have the same results. Titanium Plus, Busy Box Pro and Root Check Basic report that the device is not rooted.
However, a couple of the Google apps - music, movies and reader seem to think the phone is rooted. Any ideas or suggestions will be very appreciated.
bitshifter52 said:
I just tried this procedure from JCase at the RootzWiki dot com site with mixed results. The phone is a ZTE Merit Z990G from Straight Talk.
I went through all the steps and everything performed as expected. When I start start an app that requires superuser permissions, the app reports that the device has not been properly rooted. I have repeated the process as outlined four times, including downloading the SU file, and have the same results. Titanium Plus, Busy Box Pro and Root Check Basic report that the device is not rooted.
However, a couple of the Google apps - music, movies and reader seem to think the phone is rooted. Any ideas or suggestions will be very appreciated.
Click to expand...
Click to collapse
Sounds like band permissions on su, try
adb shell ls -l /system/xbin/su
if the permissions come out as "-rwsr-sr-x" then you are rooted, try updating su with the suepruser app, or finding a different copy of su.
If the permissions are different or it says it doesnt exist, then you need to repeat the instructions as you missed one or two
jcase said:
Sounds like band permissions on su, try
adb shell ls -l /system/xbin/su
if the permissions come out as "-rwsr-sr-x" then you are rooted, try updating su with the suepruser app, or finding a different copy of su.
If the permissions are different or it says it doesnt exist, then you need to repeat the instructions as you missed one or two
Click to expand...
Click to collapse
Thank you for the fast response. Here are the permissions for the SU file and based on what you are saying they look good:
C:\SDK>adb shell ls -l /system/xbin/su
-rwsr-sr-x root root 22364 2012-06-17 12:47 su
I have located and downloaded a couple of "su" files from XDA and similar sites and the files are identical. I will continue searching for a different "su" file and see if that makes a difference.
---------- Post added at 06:15 PM ---------- Previous post was at 05:43 PM ----------
bitshifter52 said:
Thank you for the fast response. Here are the permissions for the SU file and based on what you are saying they look good:
C:\SDK>adb shell ls -l /system/xbin/su
-rwsr-sr-x root root 22364 2012-06-17 12:47 su
I have located and downloaded a couple of "su" files from XDA and similar sites and the files are identical. I will continue searching for a different "su" file and see if that makes a difference.
Click to expand...
Click to collapse
I looked around and did not find any "su" files that were different than what I downloaded according to the root process. Just for grins I copied the "su" file from my Noot Tablet which is rooted and tried that file. Sadly, it did not make a difference.
Please let me know if there is any other information I can provide or if you would like me to try something else.
What happens when you open the Superuser app (note this is not supersu) and go to settings/options and attempt to update su?
bitshifter52 said:
Thank you for the fast response. Here are the permissions for the SU file and based on what you are saying they look good:
C:\SDK>adb shell ls -l /system/xbin/su
-rwsr-sr-x root root 22364 2012-06-17 12:47 su
I have located and downloaded a couple of "su" files from XDA and similar sites and the files are identical. I will continue searching for a different "su" file and see if that makes a difference.
---------- Post added at 06:15 PM ---------- Previous post was at 05:43 PM ----------
I looked around and did not find any "su" files that were different than what I downloaded according to the root process. Just for grins I copied the "su" file from my Noot Tablet which is rooted and tried that file. Sadly, it did not make a difference.
Please let me know if there is any other information I can provide or if you would like me to try something else.
Click to expand...
Click to collapse
It Worked - But Don't Know Why...
jcase said:
What happens when you open the Superuser app (note this is not supersu) and go to settings/options and attempt to update su?
Click to expand...
Click to collapse
I re-installed Superuser and Superuser Elite and now the phone says it's rooted. I've been in IT for over 35 years and it makes me nervous when software "magically" fixes itself. But now that it's working I won't question it and proceed from here. I appreciate your help and your effort.
Cheers
bitshifter52 said:
I re-installed Superuser and Superuser Elite and now the phone says it's rooted. I've been in IT for over 35 years and it makes me nervous when software "magically" fixes itself. But now that it's working I won't question it and proceed from here. I appreciate your help and your effort.
Cheers
Click to expand...
Click to collapse
Generally you have to run superuser once to get it to work I've found, at least recent builds (or maybe its recent android builds)
Problem.
Hello, i have followed this entirely but at parts it says "Access denied" when im on certain parts when i tryed to check if the Kernel log was there it said "access denied" same with some folders.
root or no root
followed steps, ended up with this...
$ ls -l /system/xbin/su
ls -l /system/xbin/su
-rw-rw-rw- root root 22364 2012-07-15 09:25 su
the superuser app shows all blank under apps and logs, when i try to update it, it says "checking" for a few secs and then nothing... also wondering how to do a factory reset cuz if i didn't screw the phone up yet, i will thx in advance
Has you can see I'm new here. I'm old and retired I would love to root my ZTE Merit 2.3.5 but this is over my head.
I was wondering if there's any accomplished phone rooters in the NC area that would be willing to walk me through this or do this for me
I'd be more than willing to make a donation to make this happen,
custom recovery
I was wondering if someone would make q custom recovery for this phone because the stock recovery is really bad
Not working
I can't even get past step 2, I have the file installed and unzipped on both my computer and my smart phone. The only thing I can find to put in the codes is command prompt which says "error: device not found" when I type in adb shell. My ZTE Merit phone has very low internal memory due to all the retarded system apps that came on the phone, I would very much like some assistance removing them from my phone. I also downloaded superuser elite onto my phone and it doesn't show up with ANYTHING. The first page says
superuse v3.1.3(46)
tap to display changelog
elite installed
su binary not found
a check in the box "outdated binary notification
unchecked box, temp unroot (When tapped it does nothing)
unchecked box ota survival (Again when tapped it does nothing)
I scroll over to the apps section of the program and it says "No apps in list"
What am I doing wrong? This lack of space is quite irritating
Worked!
omg I've wanted to root my phone. Thank you thank you! I thought I would brick my phone at first.
SIM Carrier unlock a ZTE Merit Z990G Straight Talk
I'm currently a T mobile prepaid customer and received the Merit from a friend of mine for doing some painting. I have looked for a month now and had a few unlock websites fail at attempting to unlock the phone via the IMEI (which the phone does have ). I have attempted to put my tmobile sim in the Merit but there is NO place to enter an unlock code. I really DONT wanna change my service to straight talk and would be willing to pay a decent amount to anyone that is capable of unlocking this phone for use with tmobile. If you think you have what it takes PM me and i will give you the IMEI and we can work out a deal. I challenge ANYONE achieve the impossible and get me the unlock code and a way to input it into the phone.
Cannot get local.prop
I have waited 20 minutes after trying to create the local.prop file and it simply won't create it. Any suggestions?
Can't get SU to upload
Hey I'm new to rooting android. I get to the point of installing SU but windows keeps telling me file not found. Would really like some help in fixing this issue. I have installed SU file to C:\Android\android-sdk\SU. Up to this point everything works fine.
adb push su /system/xbin/su
adb shell chown 0.0 /system/xbin/su
adb shell chmod 06755 /system/xbin/su
Any help would be really appreciated.
Thnks
Help getting Started
Hey Anyone and everyone that may be online, I have a real quick and probably REALLY EASY question for ya... I'm trying to get started Rooting my ZTE Merit and I need to find out how to get to or where to find the screen where I type in the commands. I already downloaded the chainsdd zip file. So now I'm supposed to get shell with adb. If someone would be so kind and put me in the right general direction, I sure would
be grateful.
Thanks in advance,
Jason
Not a Damn thing...
Rather sad....I have everything going as it should....all input correct...still no root after final reboot...I followed every step to a T several times -rw-rw-rw- grrr...ive rooted many devices none this big of a pain in tha butt!
Used updated su binary on root just for fun...same result
Help plz!
im a noob to this but have been messing around with ubuntu for some time now can someone show me step by step on how to root my zte merit plz? is there a video tut on how? i tried all the quick methods but they don't work, this one obviously does on this page, can someone help start me out plz, im learning still and love to learn more!
---------- Post added at 08:59 AM ---------- Previous post was at 08:45 AM ----------
Univarseman said:
I can't even get past step 2, I have the file installed and unzipped on both my computer and my smart phone. The only thing I can find to put in the codes is command prompt which says "error: device not found" when I type in adb shell. My ZTE Merit phone has very low internal memory due to all the retarded system apps that came on the phone, I would very much like some assistance removing them from my phone. I also downloaded superuser elite onto my phone and it doesn't show up with ANYTHING. The first page says
superuse v3.1.3(46)
tap to display changelog
elite installed
su binary not found
a check in the box "outdated binary notification
unchecked box, temp unroot (When tapped it does nothing)
unchecked box ota survival (Again when tapped it does nothing)
I scroll over to the apps section of the program and it says "No apps in list"
What am I doing wrong? This lack of space is quite irritating
Click to expand...
Click to collapse
help me, whats the first step then i can get the gearz in motion, i have not a clue on how to start this but if i do i can usually figure it out from them sometimes
Start menu
jjflappy said:
Hey Anyone and everyone that may be online, I have a real quick and probably REALLY EASY question for ya... I'm trying to get started Rooting my ZTE Merit and I need to find out how to get to or where to find the screen where I type in the commands. I already downloaded the chainsdd zip file. So now I'm supposed to get shell with adb. If someone would be so kind and put me in the right general direction, I sure would
be grateful.
Thanks in advance,
Jason
Click to expand...
Click to collapse
Start menu then type CMD hit enter
Related
i have a motorola flipside with 2.2.2 installed. somehow it lost its root and will not reroot z4root keeps shuting down and giving some odd error saying The application z4root (process com.z4mod.z4root) has stopped unexpectedly. Please try again and leaves only the option to force close the app. i left gingerbreak running all night and when i woke up it was still running not getting anywhere theyed superoneclick it will not finish im getting very fustrated with this phone i even went as far as asuming somthing on the phone went bad and flashed it to a stock att rom and still cannot get the root to finish and apply. is there some way i can mannualy root this phone? also yes usb debuging is on allow unknown aps to install is enabled
anyone please this dam phone is practicaly useless without a root to me id rather be using my stupid windows 7 phone at this rate because at least it had my ringtones and allowed me to use a different backround image than stock att ones.
---------- Post added at 02:09 PM ---------- Previous post was at 01:47 PM ----------
ok i have come accross this but i am a little lost at the steps
wiki.rootzwiki.com/index.php/Motorola_Flipside
it says to download 3 files psneuter busybox and super user unzip the downloads into the same folder. then it says to open a terminal and change to the folder i dont understand this what am i suposed to to? it then says i need android sdk installed and working witch i do i installed it for android screencast. then it says adb devices but does not say how im suposed to enter this command. after that im fairly sure its from the cmd entering the commands shown on that link. can anyone tell me how to get throgh the first few steps please?
copyed from link
Manual Root
[edit] Download
psneuter: Download
Superuser: Download
busybox: Download
Unzip the downloaded files into the same folder
Open a terminal and change to the folder.
You need the android SDK and ADB working. To make sure type:
adb devices
if your device lists, then you are ready to go!
[edit] Gain Root
Run the following commands:
adb push psneuter /data/local/temp/psneuter
adb shell
chmod 755 /data/local/temp/psneuter
./data/local/temp/psneuter
ADB should hang, wait a little while and then type:
adb shell
NOTE: You should have the "#" sign instead of the "$". If you do, you have temporary root, and can continue on.
Type:
exit
adb push busybox /data/local/temp/busybox
adb shell
chmod 755 /data/local/temp/busybox
./data/local/temp/busybox mount -o rw,remount /system
The last command should return nothing
update i learned how to do the procedure and finished sucesfully however the phone is still not rooted. i did reboot the phone after it seems faster now but not rooted.i downloaded the root checker app and scaned the phone it emailed me a log and here is that log
Root Access is not properly configured or was not granted.
Superuser.apk - com.noshufou.android.su - version 2.3.6.3 is installed!
System Environment PATH: /sbin /system/sbin /system/bin /system/xbin
The adb binary is set to default shell user access as a standard non-root user
Standard su binary location: ls -l /system/bin/su:
/system/bin/su: No such file or directory
Standard su binary location: ls -l /system/xbin/su:
/system/xbin/su: No such file or directory
Alternate su binary location: ls -l /sbin/su:
/sbin/su: Permission denied
Alternate su type binary location: ls -l /system/xbin/sudo:
/system/xbin/sudo: No such file or directory
SU binary not found or not operating properly
Results provided on your MB508 device by Root Checker version 3.7 from joeykrim in the Android Market
is it even posible to root this phone?
i guess im not allowed to be helped or somthing.
i have a procedure here that i had to build up from 2 seperate write ups. i had to use this one http://androidforums.com/droid-all-...oid-without-rsd-lite-up-including-frg83d.html along with this one together http://wiki.rootzwiki.com/index.php/Motorola_Flipside to get it to root properly.
here is what i did. u will need the downloads from both links for this to work i beleive. follow the steps from the second link to gain root once u get to where the number simbole is shown in the command line u need to switch to the instructions in link 1 and start at step 13 and follow to the end. this works to root your flipside when nothing els will work at least for me it did none of the apps that are suposed to root for you worked for me.
thank you me for having to figure this out on my own have fun
Problem rooting
I rooted my Flipside at its stock state and it worked fine. And then I upgraded my software to 2.2.2 Froyo and lost the root so now I am trying to reinstall z4root and re-root the phone but z4root now doesn't work. It gets successfully installed but when I hit PERMANENT ROOT it just stays in that window with the turning wheel and gets stuck there. It doesn't completely root. I've tried the hard reset by pulling the battery, and hitting the back key and forced closing it and then trying it again. Nothing works! HELP!
I once had a flipside. I rooted it the stock rom and then updated to gingerbread and then rooted again. I used superoneclick though. I'm not sure which version, but there is (or was) a flipside forum here on xda with documentation on the entire process.
Edit: here's the forum link: http://forum.xda-developers.com/forumdisplay.php?f=772
jovanphilip said:
I once had a flipside. I rooted it the stock rom and then updated to gingerbread and then rooted again. I used superoneclick though. I'm not sure which version, but there is (or was) a flipside forum here on xda with documentation on the entire process.
Edit: here's the forum link: http://forum.xda-developers.com/forumdisplay.php?f=772
Click to expand...
Click to collapse
Really? I thought the only upgrade I can do to it is from stock to Froyo. How'd you do that? I'm sorry. I am totally untechie. :/
Silly HTC. THIS EXPLOIT MAY NOT LAST FOREVER. ATT COULD KILL THIS. DO IT NOW.
Warning: If something goes wrong, whatever you do, do NOT install the update that this process finds. If you DO, you will be stuck on 2.20 with no chance for root (currently)
What you need:
HOX on ATT 1.85
su binary from http://dl.dropbox.com/u/don'tusemeimabadsubinary
EDIT: The su binary above has issues. Use this one instead: http://dl.dropbox.com/u/9060692/su
Make sure HTC sync is NOT RUNNING (down in system tray)
Make sure phone is set to "charge only" and usb debugging is enabled!
Put su in same directory as ADB. Get to adb command prompt and cd into that directory
NEW - pull sim card
NEW - do factory reset
NEW - when reset is complete, do not replace sim, do NOT connect to wifi. Go through setup, go to settings, enable USB debugging. When that's done:
adb shell rm /data/data/com.redbend.vdmc/lib/libvd*
adb reboot
After the device reboots:
adb shell ln -s /data/local.prop /data/data/com.redbend.vdmc/lib/libvdmscomo.so
(If you get file doesn't exist after the FIRST command don't worry - they may not be there)
Now, on the phone, go to settings and check for software update. It will tell you you need to connect to network. Now, replace the SIM OR connect to wifi. Have it check for software update again. When it's done, do NOT click "yes" or "ok" on the phone. Simply:
adb shell ls -l /data/local.prop
IF AND ONLY IF you get "file not exists" or anything like that then set your phone's date 2 days ahead and reboot the phone and start over. If you get file info, you're golden. Proceed....
adb shell "echo 'ro.kernel.qemu=1' > /data/local.prop"
Now it's time to reboot
adb reboot
After phones reboots
adb remount
adb push su /system/xbin/su
adb shell chown 0.0 /system/xbin/su
adb shell chmod 06755 /system/xbin/su
adb shell rm /data/local.prop
adb reboot
Congrats, you have root. Install supersu and busybox installer from the market (or Play store).
If you pledged a bounty in the bounty thread, note the instructions here:
Please pay bounty to make a wish foundation
http://www.wish.org/help/donate
Please choose the "Make a Wish Foundation of America" (don't select a chapter). You can use Paypal as well.
Special thanks to designgears as well for being my tester and also writing the one click. He has several hours of work in this project as well. Consider a donation to him, too - http://rootzwiki.com/store
ADDED: Please let me know if this works for you!
ADDED: If you already pushed the wrong binary it's easiest just to start over with the correct binary.
SWEEEEEEEEEEET!
You have just made a lot of people. SCC/FGFD
where do we get the su binary. I have a supersu zip to gain root after unlock
Great job guys!!!
Do terminal apps need root to run? Can I do this with terminal and avoid ADB?
I got "no updates found" and permission denied...
-rw------- system system 1196598 2012-05-25 12:36 local.prop
beaups you are the ****ing best!!!
AWESOME. Thank you so much!
Where do we get su binary?
I'm thinking maybe from a rooted phone? I have a rooted HTC Inspire.
shgadwa said:
AWESOME. Thank you so much!
Where do we get su binary?
I'm thinking maybe from a rooted phone? I have a rooted HTC Inspire.
Click to expand...
Click to collapse
I added the link to op
shgadwa said:
AWESOME. Thank you so much!
Where do we get su binary?
I'm thinking maybe from a rooted phone? I have a rooted HTC Inspire.
Click to expand...
Click to collapse
It's in the op
Sent from my HTC One X using Tapatalk 2
2nd line after adb shell i get no device found. USB debugging is enabled.
Very awesome. Hard work and dedication finally paid off. Thanks to who all that contributed to this.
Omg. Awesome. Who discovered this exploit?
My brother, give us your PayPal so we can donate. This is awesome.
Anyway to put the setting up of ADB in lamens terms for some of us that aren't familiar? I am ok with the commands, I just don't know how to get ADB to command prompt and where to place the files.
---------- Post added at 05:52 PM ---------- Previous post was at 05:52 PM ----------
gunnyman said:
Omg. Awesome. Who discovered this exploit?
Click to expand...
Click to collapse
beaups and dg
I updated to op to fix a wrong instruction.
when I put in the first line it says device not found. It's weird I can boot into boot into bootloader and everything but can't do that line
gunnyman said:
Omg. Awesome. Who discovered this exploit?
Click to expand...
Click to collapse
Once we get a few success stories I'll be claiming bounty (charity).
OMG GOOD JOB!!!! Im already rooted but im proud of you guys!!! GOOD JOB!! Hopefully Me and a Simonsimons will be releasing S=OFF SOON! fingers crossed
SkizzMcNizz said:
when I put in the first line it says device not found.
Click to expand...
Click to collapse
Try again, updated instructions.
UPDATE: I created a tool based on this method. Head over to the new thread.
---
WARNING: This is WIP for now. Don't run it if you aren't comfortable with the possibility of having something go wrong and having to re-Odin back to stock or worse. I was already rooted and had Busybox installed, so even though I temp-unrooted first, I don't know for certain if this will work on a stock device. If anyone wants to flash back to pure stock and give it a shot, I'd appreciate it. If it works, I'll try and make it easier to use.
NOTE: This may give you the custom unlock screen! I'm not 100% certain it was this root method that did it, though, as I had installed BusyBox and frozen several system apps with TiBu before my most recent reboot. I need someone willing to test. I don't have time to backup, flash to stock, and retry at the moment.
Background: Since some people seem to have mysterious issues after flashing the root66 image, I've been looking at existing ICS root methods which don't require flashing ROMs to see if any work on the GSIII. I think I've found one.
This is an adaptation of miloj's root method for the Asus TF300T. All credit goes to him and anyone else he mentioned in his post.
Instructions:
Install the USB drivers if you don't have them already: Verizon_Wireless_I535_GSIII_Samsung_USB_Driver_v1_4_6_0.exe
Download the attached binary package and extract them somewhere
Set up adb and make sure you can see your phone
Run the following commands in a shell. Red is a prompt you will see on the screen, black is something you type, blue is a comment.
Code:
adb push debugfs /data/local/
adb push su /data/local/
adb shell
[COLOR="Red"]$[/COLOR] cd /data/local/
[COLOR="Red"]$[/COLOR] mv tmp tmp.bak
[COLOR="Red"]$[/COLOR] ln -s /dev/block/mmcblk0p14 tmp
[COLOR="Red"]$[/COLOR] exit
adb reboot
[COLOR="RoyalBlue"]... wait for phone to reboot ...[/COLOR]
adb shell
[COLOR="Red"]$[/COLOR] cd /data/local
[COLOR="Red"]$[/COLOR] toolbox chmod 755 /data/local/debugfs
[COLOR="Red"]$[/COLOR] /data/local/debugfs -w /data/local/tmp
[COLOR="Red"]debugfs:[/COLOR] cd xbin
[COLOR="Red"]debugfs:[/COLOR] rm su
[COLOR="Red"]debugfs:[/COLOR] write /data/local/su su
[COLOR="Red"]debugfs:[/COLOR] set_inode_field su mode 0106755
[COLOR="Red"]debugfs:[/COLOR] set_inode_field su uid 0
[COLOR="Red"]debugfs:[/COLOR] set_inode_field su gid 0
[COLOR="Red"]debugfs:[/COLOR] quit
[COLOR="Red"]$[/COLOR] rm /data/local/tmp
[COLOR="Red"]$[/COLOR] mv /data/local/tmp.bak /data/local/tmp
[COLOR="Red"]$[/COLOR] exit
adb reboot
[COLOR="RoyalBlue"]... wait for phone to reboot ...[/COLOR]
adb shell
[COLOR="Red"]$[/COLOR] /system/xbin/su
[COLOR="Red"]#[/COLOR] id
[COLOR="RoyalBlue"]You should see: id=0(root) gid=0(root) ....[/COLOR]
[COLOR="Red"]#[/COLOR] exit
[COLOR="Red"]$[/COLOR] rm /data/local/su
[COLOR="Red"]$[/COLOR] rm /data/local/debugfs
[COLOR="Red"]$[/COLOR] exit
This is using miloj's insecure su, so you should install the superuser app and immediately use its binary update feature to install a proper binary. Otherwise, you're just asking to get malware.
I very much like this root method. Would be interested to see if anyone else is able to get this successfully done on their stock devices.
Worst case, I'll be getting a replacement phone on Wednesday due to some minor screen issues, so I'll be forced to try it then.
Let US know if it works...I have slow connection that times out at 80% because of these huge Rom files
Sent from my SCH-I535 using xda app-developers app
Thanks for working on this Ninja, and thanks for sharing with us. :good:
Sounds like it will be the cleanest root method yet.
$ mv /data/local/tmp.back /data/local/tmp
should be
$mv /data/local/tmp.bak /data/local/tmp
---------- Post added at 05:46 PM ---------- Previous post was at 05:38 PM ----------
This is CONFIRMED working on my VIRGIN SGS3 I got today. had to fix the one typo above. No problems yet. just don't break things freezing too many apps. Somone script up a one click root. If you dont, I will tonight. (In about 3 or four hours or so.)
FlyingPoo said:
$ mv /data/local/tmp.back /data/local/tmp
should be
$mv /data/local/tmp.bak /data/local/tmp
Click to expand...
Click to collapse
The perils of copy/pasting half from the original post and half from my local shell.
FlyingPoo said:
This is CONFIRMED working on my VIRGIN SGS3 I got today. had to fix the one typo above. No problems yet. just don't break things freezing too many apps. Somone script up a one click root. If you dont, I will tonight. (In about 3 or four hours or so.)
Click to expand...
Click to collapse
I'm working on one now. It's about 2/3 done. I have to go run a couple errands before I can finish it, though.
alrighty, cool beans!
FlyingPoo, did you get the "custom unlock" boot screen after adding the su binary?
May have to try this one out! Thanks
Tool here: http://forum.xda-developers.com/showthread.php?t=1792342
Did not want to post in the tool thread to confuse people so maybe this can be used a basic research to make this method as seamless as possible? Let us know what you prefer Ninja.
Wanted to give some more details on the "custom unlock" boot screen. There was some new findings from Lee (aka ralekdev) who is working on unlocking the bootloader.
Ralekdev said:
In other news, I found what keeps resetting the 16 byte encrypted romtype in param.img. It's libcordon.so, which is from /system/app/SysScope.apk (it'll also be copied to /system/lib/libcordon.so). It's using quite a few checks to see if you've modified your system.
There's an adb scanner, checking to see if you've changed the ro.secure or ro.debuggable props.
The root process scanner checks running processes and returns true if any are found running as root that are not one of:
"debuggerd", "init", "installd", "servicemanager", "vold", "zygote", "netd", "ueventd", "dock_kbd_attach", "pppd", "pppd_runner", "mpdecision", "thermald", "hdmid", "sec_keyboard", "seccmmond", "mfsc", "mfdp"
There's also a partition check, kernel checker, su scanner, and a file scanning mechanism using data from a sqlite db
So to completely remove the Samsung custom screen on bootup and 5 second delay you'd need to disable the SysScope.apk, then encrypt and write the 16 bytes yourself using 0xFF000000 as the first int to mark yourself as official
Click to expand...
Click to collapse
If I understand correctly, there is a SysScope.apk that does various checks detailed in that post so I'm assuming if that apk is disabled on a "virgin" system after doing this process would ensure that the custom flag never gets touched. There is also mention of a system dynamic library that does some checks but not sure impact of disabling that as well, maybe makes more sense to see what would other process would be using it besides SysScope.apk.
Interesting stuff. Sounds like just freezing/removing them will still give custom unlock, but it might be possible to write replacements which don't actually do the checks.
Unfortunately, I won't have a huge amount of time to spend on research for the next two weeks, but I'll see what I can do, and see what the other devs have done with reversing SysScope and libcordon.
This root method reminds me of Motorola's infamous "zergRush" root exploit. A great way to root the device without even touching the ROM.
Noxious Ninja said:
Interesting stuff. Sounds like just freezing/removing them will still give custom unlock, but it might be possible to write replacements which don't actually do the checks.
Unfortunately, I won't have a huge amount of time to spend on research for the next two weeks, but I'll see what I can do, and see what the other devs have done with reversing SysScope and libcordon.
Click to expand...
Click to collapse
Sounds good.
I could be wrong but I'd imagine that since that by default the flag is not set so we should be good by just disabling them. I might just be the guinea pig and immediately rename SysScope and the libcordon after rooting to see if flag gets tripped.
Based on Lee's analysis what doesn't add up is why people who flash the full rooted "stock image" have not reported this flag being tripped yet...
lowg said:
Sounds good.
I could be wrong but I'd imagine that since that by default the flag is not set so we should be good by just disabling them. I might just be the guinea pig and immediately rename SysScope and the libcordon after rooting to see if flag gets tripped.
Based on Lee's analysis what doesn't add up is why people who flash the full rooted "stock image" have not reported this flag being tripped yet...
Click to expand...
Click to collapse
It might be that if you disable them while you don't have custom unlock, it works, but if you already have custom unlock you would have to reset it somehow.
If you decide to try it, see if you can still bring up the Settings ––> About device ––> Status menu to see Device status, or if that crashes.
Noxious Ninja said:
It might be that if you disable them while you don't have custom unlock, it works, but if you already have custom unlock you would have to reset it somehow.
If you decide to try it, see if you can still bring up the Settings ––> About device ––> Status menu to see Device status, or if that crashes.
Click to expand...
Click to collapse
Ok, after rooting, I immediately disabled only SysScope.apk by renaming it, installed Superuser from market and updated binary, rebooted no unlock screen. Settings -> About device -> Status works fine. Device status section shows "Scanning..." for about two minutes after rebooting then simply "Modified".
After this tried soft reboot, hard reboot numerous times and still no "custom unlock" boot screen.
lowg said:
FlyingPoo, did you get the "custom unlock" boot screen after adding the su binary?
Click to expand...
Click to collapse
hmm. actually i do. Altho my Device status says normal.
FlyingPoo said:
hmm. actually i do.
Click to expand...
Click to collapse
hmmm, maybe it does have something to do with that apk then. originally that's all I renamed but since then froze a lot of apps and still no unlock, only showing modified status
Sent from my SCH-I535
FlyingPoo can you post more about what you did after rooting?
Did you immediately installs the ChainsDD version of su (via the binary updater in the Superuser market app) or did you stick with the version of su that came with the script for a while?
Did you ever enter "Odin/Download" mode of your device?
Just trying to figure out how our devices could have a different status if we both started from "virgin" GS3s.. Don't want to assume it's just SysScope either since I never disabled the libcordon.so and maybe it's used in other places in the system...
Update: Friday November 2nd 2012
Fixed a bad upload of the su file, must of become corrupt sorry.
Silly permission bug again, but w/e. LG should know better, from what I am told this is a recently released device. This is a long standing known issue. Lg get your sh*t together.
Directions:
unzip su.zip into the current path (directory) you are in.
adb shell
(while in adb shell)
rm /data/local/tmp/profile_calib_m
ln -s /data/local.prop /data/local/tmp/profile_calib_m
exit
adb reboot
adb wait-for-device shell
(once in the adb shell again)
echo 'ro.kernel.qemu=1' > /data/local.prop
rm /data/local/tmp/profile_calib_m
exit
adb reboot
adb wait-for-device remount
adb push su /system/xbin/su
adb shell chown 0.0 /system/xbin/su
adb shell chmod 6755 /system/xbin/su
adb shell rm /data/local.prop
adb reboot
Once rebooted install superuser from the market:
https://play.google.com/store/apps/details?id=com.noshufou.android.su
As usual thanks for all your work for this GREAT community!!! :good:
Thanks for letting me watch you work & getting root for my wife's phone.
Edit: DroidHost of Androidarea51.com has made a OneClick for this phone using Jcase's root. it also installs a recovery & Superuser all at the same time.
androidarea51.com/***-all-things-
root-***-174/
Help Me Please
what do you do when it says permission denied or not permitted when waiting for device, remounting, or pushing su?
lol now all we need is someone to write different roms :>
cyanogen would be nice :> lol
thank you for rooting this phone :>
jcase, i pmd you i need help please
TechManPro said:
what do you do when it says permission denied or not permitted when waiting for device, remounting, or pushing su?
Click to expand...
Click to collapse
run adb shell
make sure your prompt is a # not a $. If it is a $ start over, if it is a # make sure you run adb remount.
jbach44 said:
lol now all we need is someone to write different roms :>
cyanogen would be nice :> lol
thank you for rooting this phone :>
Click to expand...
Click to collapse
No problem.
You actually left out a step. In order to push su to the phone you have to adb remount -o rw. Otherwise it is a read-only filesystem and it cannot be pushed to the phone. Most people would probably get this, but the novices who end up with bricked phones will be angry.
Great work!
iliekandroid said:
You actually left out a step. In order to push su to the phone you have to adb remount -o rw. Otherwise it is a read-only filesystem and it cannot be pushed to the phone. Most people would probably get this, but the novices who end up with bricked phones will be angry.
Great work!
Click to expand...
Click to collapse
Actually no, you are incorrect.
adb remount without the additional parameters is correct, and not possible of bricking a phone with adb remount. No novice would be angry, because there is not possible brick from this guide, as long as it is followed.
I got the LG for my daughter (13 going on 30), and now it works fine. Thanks jcase.
Did not unlock my lgl35g
Yes I am a Noob... nobody likes me
I have exhausted every resource that I could find on this phone. I thought that this post was the answer to my problem, however it did not seem to help at all. Everything seemed as if it was working fine as I went step by step through the process. However, I rebooted my phone and there is no difference then when I started. The "su.zip" file enclosed in this post was not able to extract into the directory of my ADB client. It kept saying root already existed, but I was unable to see it in windows explorer? Is this "su.zip" a modified version of a pre-existing file in the SDK kit? I really need to unlock this phone so that I can clean up the junk. Any help would be greatly appreciated.
jcase said:
Update: Friday November 2nd 2012
Fixed a bad upload of the su file, must of become corrupt sorry.
Silly permission bug again, but w/e. LG should know better, from what I am told this is a recently released device. This is a long standing known issue. Lg get your sh*t together.
Directions:
unzip su.zip into the current path (directory) you are in.
adb shell
(while in adb shell)
rm /data/local/tmp/profile_calib_m
ln -s /data/local.prop /data/local/tmp/profile_calib_m
exit
adb reboot
adb wait-for-device shell
(once in the adb shell again)
echo 'ro.kernel.qemu=1' > /data/local.prop
rm /data/local/tmp/profile_calib_m
exit
adb reboot
adb wait-for-device remount
adb push su /system/xbin/su
adb shell chown 0.0 /system/xbin/su
adb shell chmod 6755 /system/xbin/su
adb shell rm /data/local.prop
adb reboot
Once rebooted install superuser from the market:
Click to expand...
Click to collapse
anyone know of a way to SIM unlock this device? I have AT&T and would like to use it om there, i bought it for $30 on clist thinking net 10 would work with an AT&T SIM but was wrong, any help would be appreciated...
anyone know of a way to SIM unlock this device? I have AT&T and would like to use it om there, i bought it for $30 on clist thinking net 10 would work with an AT&T SIM but was wrong, any help would be appreciated...
Click to expand...
Click to collapse
What is weird about that is i put the sim in a iphone and it worked just fine!!! Best bet would be ebay for unlock...
I have the Net10 one that I put a Straight Talk SIM in with no problems if I can get my hands on a AT&T SIM today I'll check it out.
---------- Post added at 07:39 AM ---------- Previous post was at 07:34 AM ----------
NateDoggTN said:
Yes I am a Noob... nobody likes me
I have exhausted every resource that I could find on this phone. I thought that this post was the answer to my problem, however it did not seem to help at all. Everything seemed as if it was working fine as I went step by step through the process. However, I rebooted my phone and there is no difference then when I started. The "su.zip" file enclosed in this post was not able to extract into the directory of my ADB client. It kept saying root already existed, but I was unable to see it in windows explorer? Is this "su.zip" a modified version of a pre-existing file in the SDK kit? I really need to unlock this phone so that I can clean up the junk. Any help would be greatly appreciated.
:
Click to expand...
Click to collapse
Did you push the su binary file or the whole folder? If you pushed the whole folder you will have to remove the directory & start over.
how to run root
Sorry for sounding like a noob, but I am...when it comes to LG. im trying to root my homies LG optimus logic but im not sure where to run the command from. if some one could help me out on to where the zip should actullay be placed and unziped to that would be a big help, thanks. and if there is a thread already for this please hook up a link.
thanks
thanks mate for this
i appreciate your time.
Anyone know of a rooted ROM
I have looked all over, but it doesn't look like a dev has created a ROM for this device. Has anyone come across one? If I knew programming I would give it a shot, but it's a mystery to me. I know that CyanogenMod 9 for the L3 (e400) works, but there is a problem with the radios, hence no cellular, wifi, or bluetooth.
Source code......
http://www.lg.com/global/support/opensource/opensource-detail.jsp
http://forum.xda-developers.com/showthread.php?p=34104009
This guy had some success with CM9, but no radio. Anyone know how to extract the radio? I've never built a rom, but this is tempting.
This thread is made in an effort to root the ZTE Grand X 4 (Z957). At this point I've made some progress by using the Dirty Cow exploit to access a root shell via ADB, but have been unable to install su to the system partition.
Notes: stock rom, no custom recovery.
Exploit method:
Follow the instructions posted by Arinerron on GitHub regarding CVE-2016-5195 (under 10 posts, cannot share direct link)
When successful you will see "[email protected]:/ #" as your shell prompt, however the session will hang after any command. That said, /system/run-as is still updated allowing you to do the following:
$ adb shell
[email protected]:/ $ run-as
uid run-as 2000
uid 0
0 u:r:runas:s0
context 0 u:r:shell:s0
[email protected]:/ # id
uid=0(root) gid=0(root) groups=0(root),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats) context=u:r:shell:s0
you have access to the android system as root within this shell, but this is where I'm getting stuck. I'm not able to find a way to mount the system partition as read/write, and as such unable to install su. Also note that you will need to run the exploit again anytime you reboot the device. I have tried the following methods:
$ adb shell cp /sdcard/Download/su /system/bin/su
cp: /system/bin/su: Read-only file system
[email protected]:/ # mount -o rw,remount /system
mount: Permission denied
adb reboot disemmcwp
#still unable to remount the system partition
At this point I'll share what I've been able to do so far and see if anyone else has ideas for a next step.
Have you figured out how to root the z957.
This worked on my ZTE GrandX Max Plus to permanently disable the write protection on the system partition.
Good luck!!
reboot disemmcwp
If you ever want to re-enable being blocked from mounting system rw:
reboot emmcwpenab
Any luck on this root? I am looking to buy a phone on Cricket, but I need one that I can root.
Bump? Would love to see root here!
Bump, I've tried but I also get stuck on the same three methods:
$ adb shell cp /sdcard/Download/su /system/bin/su
cp: /system/bin/su: Read-only file system
[email protected]:/ # mount -o rw,remount /system
mount: Permission denied
adb reboot disemmcwp
#still unable to remount the system partition
Grand X 4
has anyone successfully rooted the grand x ?!
Thought I would post an update: Still no success on my end.
"Rooting" is easy, but breaking out of the selinux context to do anything is hard. ie. I expanded on timwr/CVE-2016-5195 by trying to use vikiroot to break out of the u:r:shell:s0 context. To do this adb push the vikiroot exploit to /data/local/tmp and then use the timwr method to run that exploit as root:
[email protected]:/ # /data/local/tmp/exploit
Unfortunately I could only get the reverse shell to work as a glorified echo. If anyone knows where I could find some c++ code for running a shell in android for me to work off of I'm willing to see how much further I can get in that direction.
As disemmcwp doesn't work I'm wondering if ZTE found a different way to lock down the system partition? Interestingly there is an OEM-specific settings button that is greyed out (find it at *#*#4636#*#*).
I'm running firmware from Wind/Freedom Mobile so I can access the bootloader and unlock it, but I can't install SU or anything from stock. Additionally, there is no TWRP released for this phone yet. I have no idea where to find the board config files for this phone. Without a custom bootloader I'm not sure how to make permanent changes to the rom at this point.
Thanks for your work on this. Stock Rom is pretty clean, but root would be great on this.
I've tried many different ways to root this phone. For weeks, I've tried. Nothing. I personally think that there is no way to, not now at least.
Don't know if this will help but, I found that they lock the bootloader under the developer settings!
Has anyone tried a one click root application like KingoRoot ?
Or is this more for doing it on your own without a service like that?
Previously I had tried a series of one click solutions but I haven't found any that support this device yet. Typically they use the same exploits we've tried to use the hard way
After slacking for awhile I was finally able to poke around some of the internals of the phone in FTM mode using qualcomm developer tools. Lots of nifty things in the embedded file system and plenty of opportunities to flash new boot loaders and roms to the device for those of you who have a locked bootloader, but unfortunately I haven't been able to extract a copy of the stock rom or bootloaders. I'm still lacking the information I need to compile a new one for the phone.
Where I stand:
Can create a root shell, cannot remount system as read/write for permanent root in stock rom.
Can install new boot loader, no twrp or other found for this hardware.
Can compile new twrp, no boardconfig files (handy to avoid bricking your phone)
Can explore EFS and access chip via FTM, not sure how or if possible to download current rom / bootloader from here.
Happy for any tips on what to try next!
Can you tell me which tools you used? I looked at the Qualcomm site and there are plenty to choose from.
If you can get those tools off of the site maybe I'll message you about grabbing a few items on my Christmas list! QPST includes the tools necessary, and the tools to backup the 425 should you accidentally brick your phone (basically impossible to truly brick a qualcomm if you have the right tools). Archive.org has a copy, don't remember where to find the driver pack but you'll need that too (and a windows build).
Read through some notes on marshmellow and sounds like you have to remount system from recovery. I'm camping for the next month but will try talking to the TWRP team about porting a bootloader to the phone when I get back.
Let me know if you make any headway!
try this adb command and see if you get a qualcomm serial port after reboot
Code:
adb reboot edl
if that doesnt work try
Code:
adb reboot bootloader
then run the attached
How did you get into diag mode? Just do the temp root method and setprop sys.usb.config diag,adb?
https://freeandroidroot.com/root-zte-grand-x-4/
This page claims to have a root method but does it actually work? I've tried twice with no success.
How's everyone here? I also am awaiting root for this device. It really needs some shine on it's mid levelness. So here is my friend's zte warp 7 work for root. He also got some killer roms for the Huawei ascend XT. He does great work. I'm sure if he had a grand x 4 he could move this along. Just a suggestion. This man can this done. Just a suggestion for all of us. https://forum.xda-developers.com/showpost.php?p=72560392&postcount=246
---------- Post added at 11:31 PM ---------- Previous post was at 11:10 PM ----------
https://forum.xda-developers.com/member.php?u=7934375
Anyone root this phone yet?
Sent from my Z956 using XDA-Developers Legacy app