Okay, this was my first time trying to root my phone and it would figure that non of the automated methods worked for me. Still, I was able to get root on my US Cellular Samsung Galaxy S Mesmerize (SCH-i500 for the kids keeping track at home) and these are the steps that I took. I hope this helps others who may be scratching their head wondering what to do when the developers haven't gotten around to (read: forsaken) us.
The nice thing about this method is that it doesn't require Windows (though you still do download SuperOneClick).
NOTE: This is only for an officially updated Mesmerize. Rooting is unnecessary for the leaked version.
APOLOGY: I can't post any links to anything outside the forum as I am a newer member, so, sorry for not being able to post URLs.
1. Download the Android SDK from the Android developer website and install/unzip it. You may need to add the path to the adb tool (found under platform-tools for me) to your PATH variable.
2. Download the SuperOneClick tool and unzip it
3a. If you are using Windows, then make sure to install the drivers for your phone. I don't have Windows, so don't ask me which file to download. Sorry.
3b. Enable USB Debugging on your phone (Settings->Applications->Development->Check "USB Debugging").
4. Connect your phone to your computer using the USB cable
5. Open a shell (or command prompt on Windows) and change directories to where you unzipped SuperOneClick
6. Run the following commands to copy files to your device
A. adb push psneuter /data/local/tmp/psneuter
B. adb push busybox /sdcard/busybox
C. adb push su-v2 /sdcard/su
NOTE: A quick note of each of these files.
A. psneuter - an exploit to gain root access temporarily on your phone
B. busybox - a compilation of common unix commands to help you along the CLI world
C. su - the super-user command used to gain elevated privileges
7. Run the following command to get a command line interface to your device
adb shell
At this point, you should see a $ prompt indicating that you are on your phone.
From here, you will change directories to where you put the exploit, change the permissions so you can run it, copy over the files that we need to sustain root access, and finally, install the Superuser.apk app so that you can manage root access from the UI.
Execute the following commands:
$ cd /data/local/tmp
$ chmod 777 psneuter
$ ./psneuter
Here, you will be disconnected from your device. This is normal. Just run "adb shell" again to get back in, though now, you will notice that the prompt has changed to a #. The following commands will reflect that.
# mount -t rfs -o remount,rw /dev/block/st19 /system
# cd /system/xbin
# cat /sdcard/busybox > busybox
# cat /sdcard/su > su
# chmod 4755 busybox
# chmod 4755 su
# exit
Now, you will be back on your computer. Type the following to install the Superuser.apk app.
adb install Superuser.apk
That should do it! You now have root access. Go ahead and try to install Titanium Backup (requires root). You can also install a terminal app or anything else.
I hope this helps. Report your successes/failures in the comments.
My Xoom is rooted and running tiamat 1.41.
I'm trying to push a file onto the xoom and having trouble with it.
I have the Android SDK installed.
When I type ADB DEVICES, it shows my xoom listed as a long string of letters and numbers.
I figured out I could get into the shell by using ADB -s ###### shell (where #### is the numbers/letters shown as the device).
If I type remount, i get permission denied.
If I try to push a file onto the Xoom, I get permission denied.
What am I missing here and how do I mount the Xoom so that I can push files onto the it?
Anyone know where the libflashplayer.so goes? I have the official flash installed and don't see it in /system/lib
you have to cd into the directory where adb is. most people put it right on the root of there C drive so in terminal type "cd c:\android-sdk-windows\platform-tools" without quotes then type "adb remount" and you should be mounted
if you need more help with adb check out this guide http://androidsamurai.com/forum/viewtopic.php?f=12&t=4&sid=b8c229b771793d03bb84efbcf562e55b
I have tools and platform-tools directories in my PATH so I can run them from any directory. Even running it from the directory containing the executable fails with 'remount failed - operation not permitted'
you could try uninstalling and reinstalling android sdk
shobirama said:
If I type remount, i get permission denied.
If I try to push a file onto the Xoom, I get permission denied.
Click to expand...
Click to collapse
What does running "getprop ro.secure" say? (in adb shell/terminal on the tablet)
ydaraishy said:
What does running "getprop ro.secure" say? (in adb shell/terminal on the tablet)
Click to expand...
Click to collapse
Running getprop ro.secure in both adb shell and in terminal emulator on the tablet returns 1
shobirama said:
Running getprop ro.secure in both adb shell and in terminal emulator on the tablet returns 1
Click to expand...
Click to collapse
You're not in insecure mode. I thought flashing that kernel would put you into insecure mode? Maybe you need to reflash?
If you still actually have a working su binary, copy the file somewhere writeable, then su to root, then copy it from there again to the location.
So I was performing the Facepalm S-off method and ran into this when I got the push soffbin3 step
-------------------------------------------------
adb push soffbin3 /data/local/tmp
"cannot stat 'soffbin3': No such file or directory"
-------------------------------------------------------------------------
Any idea what that means or what to do from here?
Did you put the file in the folder that contains adb (most likely your platform-tools folder) or change directory to that folder?
panda_mode said:
Did you put the file in the folder that contains adb (most likely your platform-tools folder) or change directory to that folder?
Click to expand...
Click to collapse
yep. the soffbin3.zip file is there.
Do I have to extract it?
Yup you have to extract it lol
panda_mode said:
Yup you have to extract it lol
Click to expand...
Click to collapse
haha!
<----noob
no dice though... I'm still S-ON :/
Did you get the 99 error instead of the 92?
panda_mode said:
Did you get the 99 error instead of the 92?
Click to expand...
Click to collapse
First off - got it work. I'm showing S-off now! :arty::
Yep, had the 99 error. So I rebooted into recovery, wiped cache and dalvik cache - then did a hard power off. Powered on into bootloader.
Then repeated all the steps and got the 92 this time.
The reason why it failed the first time was because I forgot to grant adb su access. Second time around I caught it and granted the permissions request but only on third command of "adb shell su -c...etc"
Does the second command "adb shell chmod 744...etc" need su access to perform correctly? What does that command do anyway.
I'm wondering if the second command needed su, I may have messed something up that won't rear its ugly head until I stumble on it.
I checked the log for su requests and adb only popped up once, which means the "adb shell su -c..." is the only one that needed.
I think I'm in the clear!
To be honest I'm not sure what it does either lol. But I do know the command: adb shell su -c "/data/local/tmp/soffbin3" will contact SU and you have to grant access. Glad you got it, though!
This is a work metod for root your not unlocked phone !
I find a solution after update to last new version
Download this : http://forum.xda-developers.com/showthread.php?t=2143437
After download and share fail with samba windows or mac sharing, you need to mount from file manage > remote storage
After fix permission go to adb folder and type :
"adb shell"
"cd /mnt/rfs0"
"./su"
"cd /"
"ln -s /mnt /storage"
Next step go to console and type :
adb kill-server
adb shell /storage/rfs0/pwn
Next : Install apk package from phone , Reboot Phone and now your phone is rooted!
Update from Play Market SuperSu and go.
Best regards,
m.
micron said:
This is a work metod for root your not unlocked phone !
I find a solution after update to last new version
Download this : http://forum.xda-developers.com/showthread.php?t=2143437
After download and share fail with samba windows or mac sharing, you need to mount from file manage > remote storage
After fix permission go to adb folder and type :
"adb shell"
"cd /mnt/rfs0"
"./su"
"cd /"
"ln -s /mnt /storage"
Next step go to console and type :
adb kill-server
adb shell /storage/rfs0/pwn
Next : Install apk package from phone , Reboot Phone and now your phone is rooted!
Update from Play Market SuperSu and go.
Best regards,
m.
Click to expand...
Click to collapse
lol if i saw this earlier i might not have unlocked my boot loader today. =) hope someone can try this
I gave this a try earlier today. I scoured through the forum to find that the new Ubuntu doesn't install ADB drivers by default, so you need to do this manually.
Anyway, I attempted to do it and got all the way to ./su. It then prompted me with the message "./su cannot execute - Permission denied". Obviously from there I can't link /mnt to /storage and I can't run pwn because it looks for the /storage folder.
If you have any suggestions how to get ./su running, let me know.
rykin said:
I gave this a try earlier today. I scoured through the forum to find that the new Ubuntu doesn't install ADB drivers by default, so you need to do this manually.
Anyway, I attempted to do it and got all the way to ./su. It then prompted me with the message "./su cannot execute - Permission denied". Obviously from there I can't link /mnt to /storage and I can't run pwn because it looks for the /storage folder.
If you have any suggestions how to get ./su running, let me know.
Click to expand...
Click to collapse
This method works but not all intructions are here.
First, you need to change permissions of su:
chown root:root su
chmod 6755 su
then run adb shell and remount / filesystem ro rw:
mount -o rw,remount /
now you can create symbolic link and run the exploit.
You can also perform rooting manually (without creating symlink and running pwn):
remount /system partition to rw: mount -o rw,remount /system
and copy su to /system/xbin, make sure that it has correct permissions (rwsr-sr-x) and that's it.
Now you can remount partitions back to ro.
Install supersu or superuser (whatever makes you happy, just check if it works correctly, superuser didn't work for me, it didn't prompt about root permission for any app, it just gave it, no matter how configured it was), Then install busybox, if you need one.
And you're done.
YES! Glad I waited!
Sent from my XT897 using xda premium
ujoty said:
This method works but not all intructions are here.
First, you need to change permissions of su:
chown root:root su
chmod 6755 su
then run adb shell and remount / filesystem ro rw:
mount -o rw,remount /
now you can create symbolic link and run the exploit.
You can also perform rooting manually (without creating symlink and running pwn):
remount /system partition to rw: mount -o rw,remount /system
and copy su to /system/xbin, make sure that it has correct permissions (rwsr-sr-x) and that's it.
Now you can remount partitions back to ro.
Install supersu or superuser (whatever makes you happy, just check if it works correctly, superuser didn't work for me, it didn't prompt about root permission for any app, it just gave it, no matter how configured it was), Then install busybox, if you need one.
And you're done.
Click to expand...
Click to collapse
Thank you. I just tried this and it worked. Confirmed with Root Checker. :>
micron said:
This is a work metod for root your not unlocked phone !
I find a solution after update to last new version
Download this : http://forum.xda-developers.com/showthread.php?t=2143437
After download and share fail with samba windows or mac sharing, you need to mount from file manage > remote storage
After fix permission go to adb folder and type :
"adb shell"
"cd /mnt/rfs0"
"./su"
"cd /"
"ln -s /mnt /storage"
Next step go to console and type :
adb kill-server
adb shell /storage/rfs0/pwn
Next : Install apk package from phone , Reboot Phone and now your phone is rooted!
Update from Play Market SuperSu and go.
Best regards,
m.
Click to expand...
Click to collapse
Thanks, I think this is exactly what I am looking for per this thread. Unfortunately, I don't quite have the knowledge (yet) to completely understand what you mean. I've rooted several phones, but never had to use ADB before so am unfamiliar with it. Also, what do you mean by this: "After download and share fail with samba windows..."?
cscotti said:
Thanks, I think this is exactly what I am looking for per this thread. Unfortunately, I don't quite have the knowledge (yet) to completely understand what you mean. I've rooted several phones, but never had to use ADB before so am unfamiliar with it. Also, what do you mean by this: "After download and share fail with samba windows..."?
Click to expand...
Click to collapse
By reading this link you will know hot to setup samba installation on a UBUNTU live cd. After doing that on your phone you should go to your FILE MANAGER --> remote storage and add the samba share to your phone. On the UBUNTU live cd, on your samba folder you should do this:
Code:
cd /path/to/share
wget http://vulnfactory.org/public/motoshare.tgz
tar xvf motoshare.tgz
sudo chown root:root pwn
sudo chmod 6755 pwn
After that you should put your phone in USB debugging mode and connect it to your PC. On your PC your should download the platform-tools folder of the Android SDK. The platform-tools folder contains adb (MAC) adb.exe (Windows) file. After you have adb, on your WIndows/MAC PC you should type:
Code:
./adb shell
cd /mnt/rfs0
./su
mount -o rw,remount /
cd /
ln -s /mnt /storage
exit (to exit the ADB shell)
adb kill-server
adb shell /storage/rfs0/pwn
Next you should copy eu.chainfire.supersu.apk on your phone storage and install it with file manager.
Reboot your device! Congratulations, your phone is rooted
desyncron said:
By reading this link you will know hot to setup samba installation on a UBUNTU live cd. After doing that on your phone you should go to your FILE MANAGER --> remote storage and add the samba share to your phone. On the UBUNTU live cd, on your samba folder you should do this:
Code:
cd /path/to/share
wget http://vulnfactory.org/public/motoshare.tgz
tar xvf motoshare.tgz
sudo chown root:root pwn
sudo chmod 6755 pwn
After that you should put your phone in USB debugging mode and connect it to your PC. On your PC your should download the platform-tools folder of the Android SDK. The platform-tools folder contains adb (MAC) adb.exe (Windows) file. After you have adb, on your WIndows/MAC PC you should type:
Code:
./adb shell
cd /mnt/rfs0
./su
mount -o rw,remount /
cd /
ln -s /mnt /storage
exit (to exit the ADB shell)
adb kill-server
adb shell /storage/rfs0/pwn
Next you should copy eu.chainfire.supersu.apk on your phone storage and install it with file manager.
Reboot your device! Congratulations, your phone is rooted
Click to expand...
Click to collapse
Wow, thanks for this. I was considering trying to condense down the instructions myself before I did this, but you beat me to it, and did a better job than I would have, considering I'm a novice at this stuff.
So your method uses a linux boot for samba, but then the rest is done on windows. Question: could you do the adb stuff on Linux? Seemed like some of the posts in the atrix threads were doing it that way, and I was just curious. I have mint 14-64 bit on a couple of my machines, as well windows, and was thinking this would be an opportunity to learn it a little better.
Sent from my XT897 using xda premium
Hello,
and what if I have unlocked bootloader? Is there any other way to root this phone?
desyncron said:
By reading this link you will know hot to setup samba installation on a UBUNTU live cd. After doing that on your phone you should go to your FILE MANAGER --> remote storage and add the samba share to your phone. On the UBUNTU live cd, on your samba folder you should do this:
Code:
cd /path/to/share
wget http://vulnfactory.org/public/motoshare.tgz
tar xvf motoshare.tgz
sudo chown root:root pwn
sudo chmod 6755 pwn
After that you should put your phone in USB debugging mode and connect it to your PC. On your PC your should download the platform-tools folder of the Android SDK. The platform-tools folder contains adb (MAC) adb.exe (Windows) file. After you have adb, on your WIndows/MAC PC you should type:
Code:
./adb shell
cd /mnt/rfs0
./su
mount -o rw,remount /
cd /
ln -s /mnt /storage
exit (to exit the ADB shell)
adb kill-server
adb shell /storage/rfs0/pwn
Next you should copy eu.chainfire.supersu.apk on your phone storage and install it with file manager.
Reboot your device! Congratulations, your phone is rooted
Click to expand...
Click to collapse
well that sounds a bit intimidating but thanks for spelling it out. I'll try to work up the nerve and make some time to give this a try.
Just curious, but why can't this be compressed into a one click batch file like before?
vangelm said:
Hello,
and what if I have unlocked bootloader? Is there any other way to root this phone?
Click to expand...
Click to collapse
If your bootloader is unlocked, you can easily root. You don't need any exploits etc.
Install TWRP, it will automatically root the device. Or, install CWM and then install SuperSU afterwards, which will root the device.
arrrghhh said:
If your bootloader is unlocked, you can easily root. You don't need any exploits etc.
Install TWRP, it will automatically root the device. Or, install CWM and then install SuperSU afterwards, which will root the device.
Click to expand...
Click to collapse
It works, thank you, have a nice day.
vangelm said:
It works, thank you, have a nice day.
Click to expand...
Click to collapse
Can you share what you did? Instructions seem to say that I need to install GooManager? The summary of GooManager says I need root to use it. TIA.
micron said:
This is a work metod for root your not unlocked phone !
I find a solution after update to last new version
Download this : http://forum.xda-developers.com/showthread.php?t=2143437
After download and share fail with samba windows or mac sharing, you need to mount from file manage > remote storage
After fix permission go to adb folder and type :
"adb shell"
"cd /mnt/rfs0"
"./su"
"cd /"
"ln -s /mnt /storage"
Next step go to console and type :
adb kill-server
adb shell /storage/rfs0/pwn
Next : Install apk package from phone , Reboot Phone and now your phone is rooted!
Update from Play Market SuperSu and go.
Best regards,
m.
Click to expand...
Click to collapse
**** I wish I saw this before i went to Motorola for my warranty voiding unlock code
---------- Post added at 05:01 PM ---------- Previous post was at 04:50 PM ----------
arrrghhh said:
If your bootloader is unlocked, you can easily root. You don't need any exploits etc.
Install TWRP, it will automatically root the device. Or, install CWM and then install SuperSU afterwards, which will root the device.
Click to expand...
Click to collapse
I like TWRP but CWM in my opinion is better (more supported).
amateurhack said:
Question: could you do the adb stuff on Linux? Seemed like some of the posts in the atrix threads were doing it that way, and I was just curious. I have mint 14-64 bit on a couple of my machines, as well windows, and was thinking this would be an opportunity to learn it a little better.
Sent from my XT897 using xda premium
Click to expand...
Click to collapse
Yes. This can be done in Linux. I did it entirely with a LIVE USB. However, adb might not be installed by default (on mine it was not). To install it, do the following:
sudo add-apt-repository ppa:nilarimogard/webupd8
sudo apt-get update
sudo apt-get install android-tools-adb android-tools-fastboot
Click to expand...
Click to collapse
This will prevent you from running into errors when you start typing: adb shell
swintec said:
Can you share what you did? Instructions seem to say that I need to install GooManager? The summary of GooManager says I need root to use it. TIA.
Click to expand...
Click to collapse
Either use GooManager or the fastboot flash method. I think you do need to be rooted in order for GooManager to get the permissions it requires to flash recovery... So in that case, the only way initially to flash might be fastboot flash... Sorry.
alexwoellhaf said:
I like TWRP but CWM in my opinion is better (more supported).
Click to expand...
Click to collapse
Not even sure what this means. Any zip you can flash with CWM, you should be able to flash with TWRP. No?
They're both recoveries. One is touch-based, one isn't.
Having trouble with abd
Im running Ubuntu 12.04 full install (not live CD)
When I connect my phone, dmesg see the new device, and so does lsusb
dmesg
Code:
[ 290.617377] usb 2-1: USB disconnect, device number 2
[ 295.476023] usb 2-1: new high-speed USB device number 4 using ehci_hcd
[ 295.611624] scsi9 : usb-storage 2-1:1.0
[ 296.610626] scsi 9:0:0:0: Direct-Access motorola XT897 0001 PQ: 0 ANSI: 2
[ 296.611152] sd 9:0:0:0: Attached scsi generic sg3 type 0
[ 296.613548] sd 9:0:0:0: [sdc] Attached SCSI removable disk
lsusb:
Code:
Bus 002 Device 004: ID 22b8:2e36 Motorola PCS
However no matter what, when I run "adb devices", the phone does not show up.
51-android.rules
Code:
SUBSYSTEM=="usb", ATTRS{idVendor}=="22b8", MODE="0666"
This is what I get with adb
Code:
[email protected]:/tmp/share# adb devices
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
List of devices attached
[email protected]:/tmp/share#
What else can I do???
desyncron said:
By reading this link you will know hot to setup samba installation on a UBUNTU live cd. After doing that on your phone you should go to your FILE MANAGER --> remote storage and add the samba share to your phone. On the UBUNTU live cd, on your samba folder you should do this:
Code:
cd /path/to/share
wget http://vulnfactory.org/public/motoshare.tgz
tar xvf motoshare.tgz
sudo chown root:root pwn
sudo chmod 6755 pwn
After that you should put your phone in USB debugging mode and connect it to your PC. On your PC your should download the platform-tools folder of the Android SDK. The platform-tools folder contains adb (MAC) adb.exe (Windows) file. After you have adb, on your WIndows/MAC PC you should type:
Code:
./adb shell
cd /mnt/rfs0
./su
mount -o rw,remount /
cd /
ln -s /mnt /storage
exit (to exit the ADB shell)
adb kill-server
adb shell /storage/rfs0/pwn
Next you should copy eu.chainfire.supersu.apk on your phone storage and install it with file manager.
Reboot your device! Congratulations, your phone is rooted
Click to expand...
Click to collapse
I am trying to run through these steps. For starters, when I enter the 'adp shell' I do not have a /mnt/rfs0 directory. The shared samba directory actually mounts at /storage/rfs0. No biggie. I go to that directory to run ./su. The su command runs, and I can see a pop up notification on my phone indicating the adb shell has been granted admin rights. The problem is that the ./su command never returns. As a matter of fact, if I just left it sit there, I get the admin rights pop up notification on my phone about once per minute so it seems like the su command is in some loop.
At this point I am stuck. I cant remount my file system as read/write without SU. I can run the ./su command in a different process, either in another adb shell or with the ./su& command but that does me no good as I cant execute any root commands in that same process.
Is there something that needs to change with the su command for the newer version my phone is running? I am running 9.8.2Q-122_XT897_FFW-5.
Thanks.
Use 'motochopper', search for it on xda then root is just one click away
Sent from my XT897 using xda app-developers app
Here's (almost) the process I used
change settings on device
"Unknown Sources"
"USB Debugging"
Find which device is mounted as "/system"
On my stock ICS .26 system this is "/dev/block/mmcblk0p1", but this might be something different (?)
adb shell mount | grep " /system"
copy files to device
copy debugfs to device
adb push debugfs /data/local/
copy su to device
adb push su /data/local/
copy debugfsinput to device
adb push debugfsinput /data/local/
setup temp directory
rename /data/local/tmp to /data/local/tmp.bak
make a new /data/local/tmp that is a symlink to /system device (as determined in step B)
ln -s /dev/block/mmcblk0p1 /data/local/tmp
reboot tablet
mark debugfs program executable
adb shell chmod 777 /data/local/debugfs
run debugfs using "/data/local/debugfsinput" script
adb shell "/data/local/debugfs -w /dev/block/mmcblk0p1 < /data/local/debugfsinput"
cleanup
remove /data/local/tmp symlink
move /data/local/tmp.bak to /data/local/tmp
remove /data/local/su
remove /data/local/debugfs
remove /data/local/debugfsinput
reboot
test superuser (see if "su" command works [no output, especially no error message])
install superuser app
adb install Superuser.apk
One thing I did different in some places was to just do "adb shell", and then issue commands one-by-one in the remote shell.
Related threads:
How to root TF700 Jelly Bean from Linux without unlocking?
[description of process updated and moved to first post]
It occurs to me that steps D through J should be doable on the device using the Terminal Emulator app that I've got installed.
Thoughts, anyone? See any dangerous pitfalls ahead on the path I'm about to undertake?
I'm going to hold off on actually doing this until tomorrow. This will to give people a chance to respond, and I need to attend to other matters (dinner, chores, etc...)
bsammon said:
It occurs to me that steps D through J should be doable on the device using the Terminal Emulator app that I've got installed.
Click to expand...
Click to collapse
Another thought.... step C obviously doesn't need adb, and step K could be done with the "pm" command in the Terminal Emulator.
It seems I could do this without using adb at all--- not sure why I'd bother, unless I have problems getting it to work, or just to prove that I can.
I rooted my TF700 under Linux by reading the batch file and doing the steps manually - similar as you describe in your second post, but I even typed the input to debugfs manually. The whole process depends on getting at least "shell" user access, so I am not sure that it could be done without adb - a local terminal app would run under its own, more restricted user account.
_that said:
I rooted my TF700 under Linux by reading the batch file and doing the steps manually - similar as you describe in your second post, but I even typed the input to debugfs manually. The whole process depends on getting at least "shell" user access, so I am not sure that it could be done without adb - a local terminal app would run under its own, more restricted user account.
Click to expand...
Click to collapse
There is also a shell script version around for that famous rooting batch file. Technically obviously the same as reading the commands and typing them manually ... but still
FordPrefect said:
There is also a shell script version around for that famous rooting batch file. Technically obviously the same as reading the commands and typing them manually ... but still
Click to expand...
Click to collapse
But doing it manually is so much more l33t.
FordPrefect said:
There is also a shell script version around for that famous rooting batch file. Technically obviously the same as reading the commands and typing them manually ... but still
Click to expand...
Click to collapse
Got a link?