[GUIDE] Rooting Samsung Galaxy [email protected] GT-B5330 - Samsung Galaxy Chat

This might work on other devices.
WARNING: this might brick your phone use it at your own risk.
Warning you have to have some knowlage of linux to do this kind of stuff.
WARNING: actually you have to have _good_ knowlage of linux/gnu stuff to do it.
The idea is this is to make the /system/bin/toolbox from the stock rom suid (permision 6755, it originaly has 0755)
This is how I did it. It might be simpler.
get a stock rom that you want. for me it was B5330XWALH3
it is now available at samsung-updates.
You need odin (heimdal will not work with my phone) (my was 3.07)
unpack the zip.
you get a .tar.md5 file (the tar file has broken headers so tar from ubuntu 12.04 will not unpackit).
the tar file works in sectors of 512 bytes.
take out the md5sum at the end of file. (some thing like: head -c (the size up to the last md5sum) original.tar.md5 > file1)
split the file so you will have the system.img.md5 separated (some thing like: head -c (the size upto "system.img.md5") file1 > file2;
head -c (the size upto "dt-blob.md5") file1 | tail -c +(the size upto "system.img.md5" + 1) > file3;
tail -c +(the size upto "dt-blob.md5" + 1) file1 > file4
file3 now has the system.img.md5, trim the md5sum from the tail and the tar headr from head (ex.:
head -c (upto the md5sum output from the rear of the file) file3 | tail -c +513 > file5)
file5 is a sparce image file of an ext4 filesystem. run simg2img (from ext4fs_utils (search on xda)) (ex.:
simg2img file5 file6)
sudo mount -o loop,ro file6 /mnt
look for the file /mnt/bin/toolbox (ex.: ls -l /mnt/bin/toolbox) it will give you an output like this:
-rwxr-xr-x 1 root 2000 99068 Aug 9 07:59 /mnt/bin/toolbox
sudo umount /mnt
the permisions and the size of the file yield the following hex sequence that you get in the file (we will hexedit the ext4 fs): ED 81 00 00 FC 82 01 00
in file3 edit the sequence (it should be only one in the file) from ED 81 00 00 FC 82 01 00 to ED 8D 00 00 FC 82 01 00 (practically adding the suid guid bits to the inode of the toolbox)
we are almost done, now to pack our bags and go.
verify that you have indeed put suid guid to toolbox:
head -c (upto the md5sum output from the rear of the file) file3 | tail -c +513 > file5;
simg2img file5 file6;
sudo mount -o loop,ro file6 /mnt;
ls -l /mnt/bin/toolbox
It should give an output:
-rwsr-sr-x 1 root 2000 99068 Aug 9 07:59 /mnt/bin/toolbox
sudo umount /mnt
recalculate the md5sum to the _expanded_ image: md5sum file6 > file7
overide the md5sum at the end of file3 with the one from file7
now pack the pieces in one tar: cat file2 file3 file4 > myfirmware.tar
add the md5sum to it: md5sum myfirmware.tar >> myfirmware.tar
change the name to .tar.md5: mv myfirmware.tar myfirmware.tar.md5
copy the file on a windowze machine (that has odin and the samsung drivers intalled).
update with odin the new firmware (which you should put in the PDA section) (don't forget to un check the repartitioning).
you should have now a practivally rooted device.
in order to have su and Superuser.apk on it you have to do the following steps:
push with adb su, busybox and Superuser.apk into /data/local/tmp on device (you get the files from other forums here at xda)
the next steps are on device (use adb shell)
verify that indeed we have a suid toolbox: ls -l /system/bin/toolbox should give that wanderfull -rwsr-sr-x permission.
find a rw mount that has suid (in my case a tmpfs is mounted /mnt/obb)
copy su to /mnt/obb (remember that we have suid toolbox this means that toolbox now gives you root on any command):
dd if=/data/local/tmp/su of=/mnt/obb/su
give su suid and make it owned by root: chmod 6755 /mnt/obb/su; chown 0.0 /mnt/obb/su
run su now and enjoy the #: /mnt/obb/su -
Click to expand...
Click to collapse
Ofcorse after you get # you should remount /system as rw, copy su in /system/xbin, copy Superuser.apk in /system/app, copy busybox in /system/xbin, make symlinks to busybox for all the comands in /system/xbin.
You should also upon success remove suid from toolbox so as to not mistakely do damage to the system (for instance "rm /")
And here you have it.
If you do not understand what I have done, you should read more linux / tar / ext4 / md5sum.
This method should work for any phone provided that it has odin as bootloader and there is the stock rom available.

hello
I don't have knowledge about how you have rooted the firmware for b5330, the steps you made are waaaay to dificult for me . Could you provide here an already rooted firmware, to download and install. thanks in advance
ETTT said:
This might work on other devices.
WARNING: this might brick your phone use it at your own risk.
Warning you have to have some knowlage of linux to do this kind of stuff.
WARNING: actually you have to have _good_ knowlage of linux/gnu stuff to do it.
The idea is this is to make the /system/bin/toolbox from the stock rom suid (permision 6755, it originaly has 0755)
This is how I did it. It might be simpler.
Ofcorse after you get # you should remount /system as rw, copy su in /system/xbin, copy Superuser.apk in /system/app, copy busybox in /system/xbin, make symlinks to busybox for all the comands in /system/xbin.
You should also upon success remove suid from toolbox so as to not mistakely do damage to the system (for instance "rm /")
And here you have it.
If you do not understand what I have done, you should read more linux / tar / ext4 / md5sum.
This method should work for any phone provided that it has odin as bootloader and there is the stock rom available.
Click to expand...
Click to collapse

bogdan_rize said:
I don't have knowledge about how you have rooted the firmware for b5330, the steps you made are waaaay to dificult for me . Could you provide here an already rooted firmware, to download and install. thanks in advance
Click to expand...
Click to collapse
no need to upload 400M for this little modification.
I'm unable to post links, goto samsung-updates
go and download B5330XWALI2_B5330OXXALI2_B5330XWLH1_HOME stock firmware.
and apply this xdelta patch over it.
xdelta patch sGTB5330.patch B5330XWALI2_B5330OXXALI2_B5330XWLH1_HOME.tar.md5 myfrm.tar.md5
Click to expand...
Click to collapse
after that you have the firmware that I use to root my phone.
Still... this firmware will not have "su" install, it will just be a rootable firware because it has a suid'ed toolbox.
a suid'ed toolbox in android means that you can exec chown and chmod as a root.
So. After the patching of the stock rom and flashing it. you have to have this md5sum output:
032b4344ab503c8413db9127efaa3d83 myfrm.tar.md5
Click to expand...
Click to collapse
odin will accept it (I've used Oding 3.07).
after that you push the files from the attached tar.gz to /data/local/tmp
tar -xzf superuser_stuff.tar.gz
adb push su /data/local/tmp
adb push Superuser.apk /data/local/tmp
adb push busybox /data/local/tmp
Click to expand...
Click to collapse
after that you bassically have to run this commands in an android shell in order to get to a stardard rooted android:
adb shell # enter the in the phone
dd if=/data/local/tmp/su of=/mnt/obb/su # copy the su binary to a place that can be sudoed
chown 0.0 /mnt/obb/su # modify the owner
chmod 6755 /mnt/obb/su # set SUID flag.
/mnt/obb/su # becomes root !!
mount -o remount,rw /system # remount the system partition as readwrite.
dd if=/data/local/tmp/su of=/system/xbin/su #copy su in path
chown 0.0 /system/xbin/su
chmod 6755 /system/xbin/su
chmod 755 /system/bin/toolbox # close the security hole (toolbox is nologer with SUID)
dd if=/data/local/tmp/Superuser.apk of=/system/app/Superuser.apk # copy the superuser application
chown 0.0 /system/app/Superuser.apk
chmod 666 /system/app/Superuser.apk
#now this is done for busybox
dd if=/data/local/tmp/busybox of=/system/xbin/busybox
chown 0.0 /system/xbin/busybox
chmod 755 /system/xbin/busybox
Click to expand...
Click to collapse
have fun.

I downloaded this firmware: Samsung-Updates.com-GT-B5330_COA_1_20120913171601_pducfx5hbw.zip. Where, how, what???...i unzipped it and now how to apply the patch? The rest of the stept i think i get it....i think For you it's easy to say, for me it's hard to do. I've had sgs1, sgs2 and sgs3, and the root of those was sooooooo easy... but this piece of crap b5330 drives me crazy )
ETTT said:
no need to upload 400M for this little modification.
I'm unable to post links, goto samsung-updates
go and download B5330XWALI2_B5330OXXALI2_B5330XWLH1_HOME stock firmware.
and apply this xdelta patch over it.
after that you have the firmware that I use to root my phone.
Still... this firmware will not have "su" install, it will just be a rootable firware because it has a suid'ed toolbox.
a suid'ed toolbox in android means that you can exec chown and chmod as a root.
So. After the patching of the stock rom and flashing it. you have to have this md5sum output:
odin will accept it (I've used Oding 3.07).
after that you push the files from the attached tar.gz to /data/local/tmp
after that you bassically have to run this commands in an android shell in order to get to a stardard rooted android:
have fun.
Click to expand...
Click to collapse

bogdan_rize said:
I downloaded this firmware: Samsung-Updates.com-GT-B5330_COA_1_20120913171601_pducfx5hbw.zip. Where, how, what???...i unzipped it and now how to apply the patch? The rest of the stept i think i get it....i think For you it's easy to say, for me it's hard to do. I've had sgs1, sgs2 and sgs3, and the root of those was sooooooo easy... but this piece of crap b5330 drives me crazy )
Click to expand...
Click to collapse
I've used xdelta package.
if you are on win then you're on your own.
there is xdelta.org and it seems to have pachage for windows.
for sgs[123] was easy because are main streams. may hackers were working on it.
this device is very new/obscure.
I whould have made a script, but alas, "heimdal" firmware loader whould not work with this device.
I've used linux to patch the firmware and windowze to upload it.
So a script whould be imposible, but after you pach .tar.md5 file and load it on your phone is just about cut and paste form my previous post.
My hope is that a more android savy guy will take this concept and make it a script.
I am just happy that I can now have debian on my phone.

yes, i am on win....there is no way to patch that COA firmware (i am from romania) and upload somewhere to download???i know i am probably asking to much from you, but i dont't think i will manage by my own...this rooting busines is driving me crazyyyyy :crying::crying::crying: thank you so much for your answer!!!
ETTT said:
I've used xdelta package.
if you are on win then you're on your own.
there is xdelta.org and it seems to have pachage for windows.
for sgs[123] was easy because are main streams. may hackers were working on it.
this device is very new/obscure.
I whould have made a script, but alas, "heimdal" firmware loader whould not work with this device.
I've used linux to patch the firmware and windowze to upload it.
So a script whould be imposible, but after you pach .tar.md5 file and load it on your phone is just about cut and paste form my previous post.
My hope is that a more android savy guy will take this concept and make it a script.
I am just happy that I can now have debian on my phone.
Click to expand...
Click to collapse

bogdan_rize said:
yes, i am on win....there is no way to patch that COA firmware (i am from romania) and upload somewhere to download???i know i am probably asking to much from you, but i dont't think i will manage by my own...this rooting busines is driving me crazyyyyy :crying::crying::crying: thank you so much for your answer!!!
Click to expand...
Click to collapse
ok here it is the modified firmware.
http://dl.transfer.ro/myfrm-transfer_ro-29oct-8a4089.zip

Interesting, reading carefully
Sent from my GT-B5330 using xda app-developers app

Thank you so much, tomorow morning i know how i'll spend my time...installing and rooting my b5330, unfortunately this evening i don't have my laptop on me forgoted at work ), but i've downloaded the firmware from phone and now waiting to have it done...finally!!! I'll let you know what have i done. Have a nice day and once again thanks!!!
ETTT said:
ok here it is the modified firmware.
http://dl.transfer.ro/myfrm-transfer_ro-29oct-8a4089.zip
Click to expand...
Click to collapse

it's not working, when i'm trying to adb remont it says: remount failed: Opertaion not permited. After i flashed with odin the firmware you gave to me, i think i do not have permission to make any changes, and i don't know why
ETTT said:
ok here it is the modified firmware.
http://dl.transfer.ro/myfrm-transfer_ro-29oct-8a4089.zip
Click to expand...
Click to collapse

Can you make patch for dxlh3..? Thanks
Sent from my GT-B5330 using xda app-developers app

bogdan_rize said:
it's not working, when i'm trying to adb remont it says: remount failed: Opertaion not permited. After i flashed with odin the firmware you gave to me, i think i do not have permission to make any changes, and i don't know why
Click to expand...
Click to collapse
There commands are supposed to be given in a command line box (cmd on win).
where does it gives you error?
adb shell # enter the in the phone
dd if=/data/local/tmp/su of=/mnt/obb/su # copy the su binary to a place that can be sudoed
chown 0.0 /mnt/obb/su # modify the owner
chmod 6755 /mnt/obb/su # set SUID flag.
/mnt/obb/su # becomes root !!
mount -o remount,rw /system # remount the system partition as readwrite.
dd if=/data/local/tmp/su of=/system/xbin/su #copy su in path
chown 0.0 /system/xbin/su
chmod 6755 /system/xbin/su
chmod 755 /system/bin/toolbox # close the security hole (toolbox is nologer with SUID)
dd if=/data/local/tmp/Superuser.apk of=/system/app/Superuser.apk # copy the superuser application
chown 0.0 /system/app/Superuser.apk
chmod 666 /system/app/Superuser.apk
#now this is done for busybox
dd if=/data/local/tmp/busybox of=/system/xbin/busybox
chown 0.0 /system/xbin/busybox
chmod 755 /system/xbin/busybox

finally it worked
yeeeees, damn you're good!!!! i have managed to root my b5330, root checher tell me that i am rooted and busybox is instaled...the only problem is that it shows me that i do not have installed superuser and supersu. Is there a problem if i just copy paste the apk file (supersu.apk and superuser.apk -> i've downloaded the pro version of bouth of them ) straight into the directory /data/local/tmp where it should be? or to copy-paste in another directory. Thanks in advance, CMD(and adb shell) gave me headache, but i finally got it an succedeed )) :victory::good:
ETTT said:
There commands are supposed to be given in a command line box (cmd on win).
where does it gives you error?
adb shell # enter the in the phone
dd if=/data/local/tmp/su of=/mnt/obb/su # copy the su binary to a place that can be sudoed
chown 0.0 /mnt/obb/su # modify the owner
chmod 6755 /mnt/obb/su # set SUID flag.
/mnt/obb/su # becomes root !!
mount -o remount,rw /system # remount the system partition as readwrite.
dd if=/data/local/tmp/su of=/system/xbin/su #copy su in path
chown 0.0 /system/xbin/su
chmod 6755 /system/xbin/su
chmod 755 /system/bin/toolbox # close the security hole (toolbox is nologer with SUID)
dd if=/data/local/tmp/Superuser.apk of=/system/app/Superuser.apk # copy the superuser application
chown 0.0 /system/app/Superuser.apk
chmod 666 /system/app/Superuser.apk
#now this is done for busybox
dd if=/data/local/tmp/busybox of=/system/xbin/busybox
chown 0.0 /system/xbin/busybox
chmod 755 /system/xbin/busybox
Click to expand...
Click to collapse

bogdan_rize said:
yeeeees, damn you're good!!!! i have managed to root my b5330, root checher tell me that i am rooted and busybox is instaled...the only problem is that it shows me that i do not have installed superuser and supersu. Is there a problem if i just copy paste the apk file (supersu.apk and superuser.apk -> i've downloaded the pro version of bouth of them ) straight into the directory /data/local/tmp where it should be? or to copy-paste in another directory. Thanks in advance, CMD(and adb shell) gave me headache, but i finally got it an succedeed )) :victory::good:
Click to expand...
Click to collapse
1. I'm glad you got it.
2. You should give thanks (that button) if I helped you.
3. I'm you dont read instructions. Maybe it's a problem with us romanian engineers, or maybe engineers in general
look at item 11. from my previous post. maybe I just c&p here.
dd if=/data/local/tmp/Superuser.apk of=/system/app/Superuser.apk
So, when you are in adb shell and you go root (su command, you get the promt with #) and you have the /system mounted rw.
Then any apk that you copy to /system/app folder will get intalled and when you list your application (the button with 16 squares) you should see it.
Have fun.

i was having trouble understanding adb shell and cmd from the begining. I never used this command tool...ever ) and i think from yesterday to this day i managed really ok . Anyway i think i will just copy-paste the superuser.apk in "app" folder directly in the system (it's the same thing, isn't it??). I have done that in item 11., and after a restart supersu was instaled, only superuser.apk didn't, i think i wrote something wrong in adb shell
ETTT said:
1. I'm glad you got it.
2. You should give thanks (that button) if I helped you.
3. I'm you dont read instructions. Maybe it's a problem with us romanian engineers, or maybe engineers in general
look at item 11. from my previous post. maybe I just c&p here.
dd if=/data/local/tmp/Superuser.apk of=/system/app/Superuser.apk
So, when you are in adb shell and you go root (su command, you get the promt with #) and you have the /system mounted rw.
Then any apk that you copy to /system/app folder will get intalled and when you list your application (the button with 16 squares) you should see it.
Have fun.
Click to expand...
Click to collapse

hihihi
neeeah, my bad, i thought that in "superuser_stuff" is superuser and supersu files, it was just su->for superuser.apk, easy peasy, it worked and installed from the first time...it was just me verry verry dizzy and confused. Your guide is 100% OK, my phone is rooted and now i can enjoy !!!
ETTT said:
1. I'm glad you got it.
2. You should give thanks (that button) if I helped you.
3. I'm you dont read instructions. Maybe it's a problem with us romanian engineers, or maybe engineers in general
look at item 11. from my previous post. maybe I just c&p here.
dd if=/data/local/tmp/Superuser.apk of=/system/app/Superuser.apk
So, when you are in adb shell and you go root (su command, you get the promt with #) and you have the /system mounted rw.
Then any apk that you copy to /system/app folder will get intalled and when you list your application (the button with 16 squares) you should see it.
Have fun.
Click to expand...
Click to collapse

can you release xdelta patch for your XWALH3 because we have the same device..

phyxar said:
can you release xdelta patch for your XWALH3 because we have the same device..
Click to expand...
Click to collapse
I've started a new more universal thread:
http://forum.xda-developers.com/showthread.php?t=1965600
There you have the shell-script that will patch the firmware for you.
If you still want an xdelta patch I'll make one for you but:
Give a man a fish and it will be full for the day, teach him how to fish and it will never go hungry again.
Have fun.

ETTT said:
ok here it is the modified firmware.
dl.transfer.ro/myfrm-transfer_ro-29oct-8a4089.zip
Click to expand...
Click to collapse
Hello, i'm new here and i don't know about scripting, so need your help..
i downloaded your firmware and install it to my b5330 and did the cmd command, and it worked, thanks..:good:
but now i've a new problem that my b5330 can't type a question mark ('?').. can you help me please..
whenever i want to type a question mark it always typed a comma (',') in the screen..:crying:
it also it change the symbol and language key to emoticon and symbol, but that's not a problem for me..

andhikarogue said:
Hello, i'm new here and i don't know about scripting, so need your help..
i downloaded your firmware and install it to my b5330 and did the cmd command, and it worked, thanks..:good:
but now i've a new problem that my b5330 can't type a question mark ('?').. can you help me please..
whenever i want to type a question mark it always typed a comma (',') in the screen..:crying:
it also it change the symbol and language key to emoticon and symbol, but that's not a problem for me..
Click to expand...
Click to collapse
That's because you have use the romanian firmware. whitch has a qwerty layout keyboard.
you have to do it the right way:
first. find the firmaware for your region:
http://samsung-updates.com/device/?id=GT-B5330
second. find a linux machine and run the script from the thread.
It is unrealistic for me to just upload all the 40 version of the firmware patched.
That is why I've made the script.
If you don't have a linux machine then look for a virtual box ubuntu and run on it.
Cheers.

Related

【HOW TOs】How to root UK v2.51 ROM.[Updated 12-27-20:50]

Hi Friends.
Please redownload defy_recovery.zip.sorry for my mistake.
please downloade attachment 474211
Here is the tut of how to root the defy uk 2.51 rom.
It's simple and easy way.
this will be a step by step tut.because of my poor english.i will try to explain more detial.
1、download attatch files.
defy_2.21_boot_only.sbf
View attachment 2.21boot.zip
defy_2.51_boot_only.sbf
View attachment 2.51boot.zip
defy_recovery.exe
View attachment 474211
2、flash the defy_2.21_boot_only.sbf via rsd then reboot in to system.
3、open you phone's usb debug mode(settings-application-development-usb debug mode),then double click the defy_recovery.exe you just downloaded ,it will process the root method.when it finished you phone is rooted with superuser and my clockworkmod recovery for defy.
4、the last step is flash the defy_2.51_boot_only.sbf via rsd lite.
5、and now your phone is rooted and customized recovery installed.
This method original comes from adlx @ modmymobile.com
if your like this tut.. please buy me or adlx a beer or I can buy another phone eg. Nexus S ...Thanks.
well done!
SteveChou said:
well done!
Click to expand...
Click to collapse
No way here... It doesn't fuction... There is a problem in the batch file:
Code:
@echo off
echo µÈ´ýÉ豸
adb wait-for-device
echo »ñµÃrootȨÏÞ
adb push rageagainstthecage-arm5.bin /data/local/tmp/rageagainstthecage-arm5.bin
adb shell "chmod 0755 /data/local/tmp/rageagainstthecage-arm5.bin"
adb shell "./data/local/tmp/rageagainstthecage-arm5.bin & sleep 300;kill $!"
echo ÖØÐÂÁ¬½ÓÉ豸£¬¿ÉÄÜÐèÒªÒ»¶Îʱ¼ä
adb kill-server
call :sleep 10
adb start-server
call :sleep 30
echo È¡ÏûsystemÖ»¶ÁÊôÐÔ
adb shell "mount -o rw,remount -t ext3 /dev/block/mmcblk1p21 /system"
echo °²×°Superuser.apk
adb push Superuser.apk /system/app/Superuser.apk
echo °²×°GoAPK MOD Recovery
adb push recovery.apk /system/app/recovery.apk
echo °²×°su
[B]adb push su /system/app/su[/B]
adb shell "chmod 4755 /system/bin/su"
echo °²×°busybox
adb push busybox /system/bin/busybox
adb shell "chmod 4755 /system/bin/busybox"
echo ÖØÉèsystemÖ»¶ÁÊôÐÔ
adb shell "mount -o ro,remount -t ext3 /dev/block/mmcblk1p21 /system"
echo Íê³Éroot£¬ÇëÖØÆôÊÖ»ú
:sleep
(ping 127.0.0.1 -n 2 -w 1000 > NUL)> sleep.txt
(ping 127.0.0.1 -n %1 -w 1000 > NUL)> sleep.txt
del sleep.txt
You have to push su in bin directory non in app directory...
Code:
[B]adb push su /system/app/su[/B]
Please correct this bug.
I've also tried to upload any file thought adb (after r/w mount), but the phone doesn't recognize the apk's (Superuser and Recovery), they still invisible...
Any solution?
Well done, i did it this:
- Downloaded your 2.21boot.zip;
- Flashed thought RSD;
- Downloaded Android SDK with ADB;
- Download this Rootpack http://www.mediafire.com/?kjee8aj22j9m5zj;
- Extract this files in you /sdk/tools directory;
- Open cmd and point it in the directory with ADB;
- Run this commands:
Code:
adb devices
adb shell mount -o rw,remount -t ext3 /dev/block/mmcblk1p21 /system
adb push Superuser.apk /system/app/Superuser.apk
adb push su /system/bin/su
adb shell chmod 4755 /system/bin/su
adb push busybox /system/bin/busybox
adb shell chmod 4755 /system/bin/busybox
adb shell mount -o ro,remount -t ext3 /dev/block/mmcblk1p21 /system
adb reboot
- Flash back to 2.51boot.zip
That's all!
Thank you sir!
sorry for my mistake...
bugfixed
View attachment defy_recovery.zip
its not working , root exe not found
socket84 said:
Well done, i did it this:
- Downloaded your 2.21boot.zip;
- Flashed thought RSD;
- Downloaded Android SDK with ADB;
- Download this Rootpack http://www.mediafire.com/?kjee8aj22j9m5zj;
- Extract this files in you /sdk/tools directory;
- Open cmd and point it in the directory with ADB;
- Run this commands:
Code:
adb devices
adb shell mount -o rw,remount -t ext3 /dev/block/mmcblk1p21 /system
adb push Superuser.apk /system/app/Superuser.apk
adb push su /system/bin/su
adb shell chmod 4755 /system/bin/su
adb push busybox /system/bin/busybox
adb shell chmod 4755 /system/bin/busybox
adb shell mount -o ro,remount -t ext3 /dev/block/mmcblk1p21 /system
adb reboot
- Flash back to 2.51boot.zip
That's all!
Thank you sir!
Click to expand...
Click to collapse
Thank you for Your Bug Report.
Is there any way now to flash back to an older SBF?
fixed recovery.exe = its not working , root exe not found windows warning
batch reply "root.exe not found" after double click the defy_recovery.exe
also, from above reply:
"mount: Operation not permitted"
---------------------------------------------------------------------------------------------------
Hello,
I found out the way to get this rooting working.
everything stays the same until running the recovery.exe part
then please refer to the old rooting method
BUT using the rooting pack mentioned above link
then flash back to 2.51
it should work!
cheers!
cometcao said:
batch reply "root.exe not found" after double click the defy_recovery.exe
also, from above reply:
"mount: Operation not permitted"
Click to expand...
Click to collapse
Try This One
View attachment defy_recovery.zip
sorry sir,
About the root process, Why different with "http://bbs.goapk.com/forum.php?mod=viewthread&tid=48445&extra=%26page%3D1&page=1" ??
In goapk forum, the process2-> flash the original SBF? process3->Wipe data?
no need ?
Can this solution fit for Taiwan version 2.51.0?
Dear Sir:
Taiwan version could rooting by your solution!!
Thanks a lot~
you so great!!!
yeah~ it works for my Taiwanese version.
great job!
thanks~
Thank you very much for the HOW TOs.
Has anyone tried this on 2.51 HK rom?
hkipaqer said:
Thank you very much for the HOW TOs.
Has anyone tried this on 2.51 HK rom?
Click to expand...
Click to collapse
this will work on HK TW SG version 2.51
can we have any details about the rooting process ?
i want to get the Taiwan version of the Defy (Blurless)
1) is there any way to get root access, but still use the firmware that came with the phone ? (TW SG HK 2.51) i wouldn't mind doing some stuff manually...
2) As far as i know the original ROM of the Taiwan SG HK defy isn't available for download right ?
thanks for your hard work.
tenfar, thank you very much for your great work, I just rooted my HK DEFY.
Here are few steps added for those like me very new to Android and Root.
1. If you RSD Lite did not recognize your DEFY, download the USB driver here:
http://developer.motorola.com/docstools/USB_Drivers/
2. Power off DEFY. Then press 'Volume Up' and 'Power' together to boot to loader before you flash the SBF to your DEFY.
Happy rooting.
Thanks
Now I finished my HK defy rooted.
Very thanks for tenfar.
rooting wit Uk 2.51 possible..not other ROM flashable
hi Guys.....i have installed the UK JRDNEM_U3_2.51....and the root method desribed here worked too...
My question is: What happens after
- rooting the Uk U3_25.1 with our method (Sytem.boot.only 2.1 2.5 etc.)
- Restore system with SystemRecovery-App "Recovery Boot"
- i restored with a backup of t-mobile U3_2.21 (from my friend)
-worked
??
Build Number ist U3_2.21.0 now
Did I downgraded my system now?
If yes,
the Problem is then:
I cannot flash any ROM (RSD 4.9) from here http://and-developers.com/sbf:defy
except the JRDNEM_U3_2.51.1_BLUR_P3_SIGN_SIGNED_USAJRDNEMARAB1B8RTGB02C.0R_USAJORDANRTGB_P035_A011_HWp3_Service1FF.sbf
Therefore I dont believe i downgraded anything :-mad:
The flash-procedure with all other ROMs is the same:
RSD : finished --> Defy is not booting is hanging in the bootLoader-mode
Any Help?
Or anyone with a Vodafone 360 Original Backup that would be great
Thanks

[DUMP] Sidekick 4G Partition + Kernel Source (Bootloader, Recovery, etc)

Credit to sofauxboho for performing dumps.
Partition Dump
http://gititbit.ch/sk4g2 - partition dump
Code:
bml1 256 KB contains boot.bin (262144 bytes), Primary Boot Loader (low-level hardware initialization)
bml2 256 KB contains PIT file first 512 bytes
bml3 10240 KB /dev/block/stl3 /efs
bml4 1280 KB contains Sbl.bin (1310720 bytes) Secondary Boot Loader (loads the Linux kernel and passes the necessary arguments)
bml5 1280 KB contains Secondary Boot Loader (for recovery, ect)
bml6 5120 KB param.lfs /mnt/.lfs j4fs
bml7 7680 KB contains zImage and initramfs
bml8 7680 KB empty - on Epic 4G and Fascinate, contains recovery.bin
bml9 293376 KB factoryfs.rfs ( /system RFS Partition) /dev/block/stl9
bml10 137216 KB dbdata.rfs ( /dbdata RFS Partition) /dev/block/stl10
bml11 35840 KB cache.rfs ( /cache RFS Partition) /dev/block/stl11
bml12 12800 KB modem.bin
EDIT: It has come to my attention that the Super One Click works, no need for a script.
More Mirrors
http://gititbit.ch/sk41 - Sidekick 4G system dump
http://gititbit.ch/sk4g1 - Sidekick 4G Info Dump
dev.txt
devblock.txt
efs.txt
mount.txt
partitions.txt
proc.txt
Kernel + Platform Source
http://gititbit.ch/sk4g5 - SGH-T839_OpenSource.zip
Now for custom roms...
SK4G development chat can be found at irc.freenode.net #sk4g
hey, sorry i'm not super code-savvy.... do i simply place the .rar file on my sd card, or open it with say, 7zip, and copy the autoroot folder over? i'm getting 'unable to chmod, operation not permitted' the second way, and 'not found, no such directory, etc' when i place the .rar file on my sd card. both of these are appearing after the first line with chmod 755 etc.
Use winrar to extract the .rar then place the extracted folder onto the sdcard.
dasmoover said:
Use winrar to extract the .rar then place the extracted folder onto the sdcard.
Click to expand...
Click to collapse
ok, think i did that, but am still getting 'operation not permitted'..... perhaps i'll hold off and see if someone else has success with it?
Hmm...
Should line 14 specify the su file rather than the containing directory?
It currently reads:
Code:
cp su /system/xbin/ && chmod 4755 /system/xbin/
But perhaps it should read:
Code:
cp su /system/xbin/ && chmod 4755 /system/xbin/su
Updated the script in the main download.
yogi2010 said:
hey, sorry i'm not super code-savvy.... do i simply place the .rar file on my sd card, or open it with say, 7zip, and copy the autoroot folder over? i'm getting 'unable to chmod, operation not permitted' the second way, and 'not found, no such directory, etc' when i place the .rar file on my sd card. both of these are appearing after the first line with chmod 755 etc.
Click to expand...
Click to collapse
Im getting this when I try the lines too.
When I copied the autoroot folder to my SK4G, the contents of the folder were already set to 775, so there should be no need to chmod (though I also get the permission error when trying to chmod them).
The bigger issue is that my device doesn't have the cp command. I'd assume it would be in /system/bin along with things like ls and mv, but it's not.
Huh. That's odd. You guys are using the newer download, right?
Do you have any idea which chmod command is erroring out? I'm wondering if it's the chmod on the rage...bin in line 9 or the chmod on su in line 14.
Unfortunately I can't test without wiping my SK4G back to unrooted, which I would rather not do as it's my primary handset.
If you don't know which line is causing the trouble, could you try copying the kit but then entering each line manually?
sofauxboho said:
Huh. That's odd. You guys are using the newer download, right?
Do you have any idea which chmod command is erroring out? I'm wondering if it's the chmod on the rage...bin in line 9 or the chmod on su in line 14.
Unfortunately I can't test without wiping my SK4G back to unrooted, which I would rather not do as it's my primary handset.
If you don't know which line is causing the trouble, could you try copying the kit but then entering each line manually?
Click to expand...
Click to collapse
No I was usin the old link didn't try new one yet. Still says same thing on new version
Sent From SK4G
sofauxboho said:
Huh. That's odd. You guys are using the newer download, right?
Do you have any idea which chmod command is erroring out? I'm wondering if it's the chmod on the rage...bin in line 9 or the chmod on su in line 14.
Unfortunately I can't test without wiping my SK4G back to unrooted, which I would rather not do as it's my primary handset.
If you don't know which line is causing the trouble, could you try copying the kit but then entering each line manually?
Click to expand...
Click to collapse
I tried the newer download. All of the chmods error because my user doesn't own those files or already have write permissions for any of them. I don't have read, write, or execute permissions for /data/local/tmp either, so I can't list or copy to that location. But, separate from that, there is no cp command, so I can't copy anything anywhere.
jarrodlombardo said:
When I copied the autoroot folder to my SK4G, the contents of the folder were already set to 775, so there should be no need to chmod (though I also get the permission error when trying to chmod them).
The bigger issue is that my device doesn't have the cp command. I'd assume it would be in /system/bin along with things like ls and mv, but it's not.
Click to expand...
Click to collapse
Ah, right! That's why I used cat instead of cp when I rooted mine.
Try this:
Code:
#!/bin/sh
#autoroot script for sidekick v0.1
#chmod 755 autoroot.sh
echo "Copying binaries to /data/local/tmp/"
cat su > /data/local/tmp/su
cat Superuser.apk > /data/local/tmp/Superuser.apk
cat rageagainstthecage-arm5.bin > /data/local/tmp/rageagainstthecage-arm5.bin
cd /data/local/tmp/
echo "I'm about to chmod rageagainstthecage-arm5.bin"
chmod 755 rageagainstthecage-arm5.bin
echo "Executing exploit, please wait"
./rageagainstthecage-arm5.bin
sleep 20
echo "Attempting to spawn root shell"
sh
whoami
echo "Attempting to mount /system read-write"
mount -o remount,rw /dev/block/stl9 /system
echo "Attempting to copy and chmod su"
cat /data/local/tmp/su > /system/xbin/su && chmod 4755 /system/xbin/su
echo "Attempting to copy Superuser.apk"
cat /data/local/tmp/Superuser.apk > /system/app/Superuser.apk
sleep 5
mount -o remount,ro /dev/block/stl9 /system
#add root entry to passwd and group
echo "root::0:0:root:/data/local:/system/bin/sh" > /etc/passwd
echo "root::0:" > /etc/group
echo "autoroot completed succesfully."
I've also added a bunch of echoed comments to help us track where things go wrong if it doesn't work.
sofauxboho said:
Ah, right! That's why I used cat instead of cp when I rooted mine.
Try this:
Code:
#!/bin/sh
#autoroot script for sidekick v0.1
#chmod 755 autoroot.sh
echo "Copying binaries to /data/local/tmp/"
cat su > /data/local/tmp/su
cat Superuser.apk > /data/local/tmp/Superuser.apk
cat rageagainstthecage-arm5.bin > /data/local/tmp/rageagainstthecage-arm5.bin
cd /data/local/tmp/
echo "I'm about to chmod rageagainstthecage-arm5.bin"
chmod 755 rageagainstthecage-arm5.bin
echo "Executing exploit, please wait"
./rageagainstthecage-arm5.bin
sleep 20
echo "Attempting to spawn root shell"
sh
whoami
echo "Attempting to mount /system read-write"
mount -o remount,rw /dev/block/stl9 /system
echo "Attempting to copy and chmod su"
cat /data/local/tmp/su > /system/xbin/su && chmod 4755 /system/xbin/su
echo "Attempting to copy Superuser.apk"
cat /data/local/tmp/Superuser.apk > /system/app/Superuser.apk
sleep 5
mount -o remount,ro /dev/block/stl9 /system
#add root entry to passwd and group
echo "root::0:0:root:/data/local:/system/bin/sh" > /etc/passwd
echo "root::0:" > /etc/group
echo "autoroot completed succesfully."
I've also added a bunch of echoed comments to help us track where things go wrong if it doesn't work.
Click to expand...
Click to collapse
Type this into terminal right?
Actually, I whipped up a modified version of dasmoover's tool with my changes:
http://notfine.com/android/sk4g/autoroot-V01b-sfb.zip
Unzip that and copy the "autoroot" folder to your SD card.
Next, eject your SK, turn off USB Storage mode, and unplug it from your computer.
Then follow dasmoover's instructions (I've cleaned them up slightlly):
1. Place autoroot folder on sdcard
2. Install the Terminal Emulator app from the Marketplace
3. Open the Terminal Emulator app and type the following commands exactly, one at a time, hitting enter at the end of the line:
Code:
chmod 755 /sdcard/autoroot/autoroot.sh
./sdcard/autoroot/autoroot.sh
If the sdcard is mounted as noexec, follow these steps:
1. Place autoroot folder on sdcard
2. Install the Terminal Emulator app from the Marketplace
3. Open the Terminal Emulator app and type the following commands exactly, one at a time, hitting enter at the end of the line:
Code:
cat > /sdcard/autoroot/autoroot.sh /data/local/tmp/autoroot.sh
chmod 755 /data/local/tmp/autoroot.sh
cd /sdcard/autoroot/
./data/local/tmp/autoroot.sh
Click to expand...
Click to collapse
All credit to dasmoover, btw! Thanks, and I hope you don't mind me modifying and repackaging your tool. Just trying to help get it working.
BTW, here are some good goodies on how this root exploit works for the technical and curious:
I'd read this one first: http://intrepidusgroup.com/insight/2010/09/android-root-source-code-looking-at-the-c-skills/
And this one second:
http://dtors.org/2010/08/25/reversing-latest-exploid-release/
How did you get rid of the $ sign and get a # ? When I type the first line with the ca it sayd directory can't be found.
Sent From SK4G
I copied the new cat version onto my device and did the following:
$ chmod 755 /sdcard/autoroot/autoroot.sh
Unable to chmod /sdcard/autoroot/autoroot.sh: Operation not permitted
$ cat /sdcard/autoroot/autoroot.sh > /data/local/tmp/autoroot.sh
Cannot create /data/local/tmp/autoroot.sh: permission denied
So, I'm still stuck since /data/local/tmp isn't writable. (Also, you'll note I fixed the small error in the cat line I used.)
Ace42 said:
How did you get rid of the $ sign and get a # ? When I type the first line with the ca it sayd directory can't be found.
Sent From SK4G
Click to expand...
Click to collapse
So, the # means root. The $ means not root. The whole point of this is to get the #, which indicates a root prompt.
If it says the directory can't be found then either the command was typed incorrectly or the files are in the wrong place. The files have to be in the exact right places with the exact right names.
Download my modified version:
http://notfine.com/android/sk4g/autoroot-V01b-sfb.zip
Unzip it, and it should give you a folder called "autoroot". Inside that should be four files:
autoroot.sh
rageagainstthecage-arm5.bin
su
Superuser.apk
Make sure there is only a folder named "autoroot" with those four files inside. If there is another directory inside it won't work. If the names are at all different it won't work.
Copy this "autoroot" folder to the top level of your SD card. There should be other folders there like Music, DCIM, Playlists, and Android. Maybe some others. Make sure it's at the very top level, along with these other directories.
Here, take a look at my directory structure:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
(Yes, I'm on a Mac, but your SK and Android don't care. File locations work the same on Windows or Linux or whatever. Also, I may have some folders you don't have. That's ok.)
Next, eject your SK, turn off USB Storage mode, and unplug it from your computer. **I forgot this part earlier! It's important.**
Then open up Terminal Emulator an your SK4G. Type:
Code:
cd /sdcard/autoroot
Then type:
Code:
ls
This should list the same four files above. If it does, you're ready to start the instructions I posted previously.
If it doesn't, type:
Then type:
Code:
ls /sdcard/
Let me know what it says.
jarrodlombardo said:
I copied the new cat version onto my device and did the following:
$ chmod 755 /sdcard/autoroot/autoroot.sh
Unable to chmod /sdcard/autoroot/autoroot.sh: Operation not permitted
$ cat /sdcard/autoroot/autoroot.sh > /data/local/tmp/autoroot.sh
Cannot create /data/local/tmp/autoroot.sh: permission denied
So, I'm still stuck since /data/local/tmp isn't writable. (Also, you'll note I fixed the small error in the cat line I used.)
Click to expand...
Click to collapse
Yeah, I've confirmed this problem.
Folks, this thing won't work right now. We need a location that is both writable and allows execution. Any ideas?
(To confirm, you can still root by using adb to manually put these files at /data/local/tmp/ For some reason, adb has rights to this location. However, the standard Terminal Emulator does not. This is only a hang-up for on-device rooting, not rooting in general.)
sofauxboho said:
Yeah, I've confirmed this problem.
Folks, this thing won't work right now. We need a location that is both writable and allows execution. Any ideas?
Click to expand...
Click to collapse
I've poked around some and not found anywhere yet. :/

Issues with c4droid. "Permission Denied". [Solved]

I have a rooted ASUS Transformer running Revolver 2.1.1 (Android 3.2).
I am a programmer and want a simple programming environment for my Transformer. I purchased an app called c4droid the other day and have had issues compiling c++ code using the g++ compiler.
When I try to compile/run code, I get the messages below:
C4droid has been granted superuser permissions
Click to expand...
Click to collapse
Then....
sh: /sdcard/Android/data/com.n0n3m4.droidc/files/gcc/compile-g++.sh: Permission Denied
Click to expand...
Click to collapse
How can I get this to work? Did I root wrong?
If you face these issues, click on the link below -
http://forum.xda-developers.com/showpost.php?p=16604606&postcount=6
What about trying this:
$su
#chmod 755 /sdcard/Android/data/com.n0n3m4.droidc/files/gcc/compile-g++.sh
I'm not sure what type of FS /sdcard is on the TF, so I don't know if those permissions will a) be allowed to be set, and b) work, but I doubt if any shell script will give anything but a permissions error without having +x permissions.
By the way:: If you can't do a chmod and that is due also to a permissions error, then I'm guessing you're not really rooted or not correctly rooted.
Good luck.
hachamacha said:
What about trying this:
$su
#chmod 755 /sdcard/Android/data/com.n0n3m4.droidc/files/gcc/compile-g++.sh
I'm not sure what type of FS /sdcard is on the TF, so I don't know if those permissions will a) be allowed to be set, and b) work, but I doubt if any shell script will give anything but a permissions error without having +x permissions.
By the way:: If you can't do a chmod and that is due also to a permissions error, then I'm guessing you're not really rooted or not correctly rooted.
Good luck.
Click to expand...
Click to collapse
did.......
su then chmod 755 /sdcard/Android/data/com.n0n3m4.droidc/files/gcc/compile-g++.sh and it had no such error but if I ran both on the same line I got a "Permission Denied" error. Either way, it still provided me with the permission denied error through c4droid.
Also, I've used root checker to verify that it's rooted.
So is it a sure thing that the .sh file you're getting the error on is actually the problem or could it be something inside it that is also having a permissions error?
I guess you could easily test that by writing a single line test.sh script that does an ls or a ps command.
Code:
example:
--start of test.sh--
#!/system/bin/sh #or whatever the path is for your case
ls > /sdcard/ls.txt
-- end of file ---
# cd {pathoftestfile}
# chmod 755 test.sh
# ./test.sh
# more ls.txt # or cat ls.txt, etc.
If that doesn't give an error then something in your 'real' shell script is.
One other thing worth a shot, which I "think" I've noticed on droids in the past is to just test the script inside the /system FS and see if it does any better there. At least we know that scripts have no problems in for example, /system/xbin or /system/bin, so mount /system rw (mount -o remount,rw /system) and move the test.sh over there , fix permissions, (mount -o remount,ro /system) and cd to /system/*bin/ and ./test.sh.
You've probably tried all this already, but if not.
NOTE: Never mind: I just tested my stuff ^^ myself, and it just doesn't work in the /sdcard tree. I moved it to /system/xbin after mounting rw and it works fine without any change.
There might be some way past this, but I can't recall ever getting a shell script working while on the /sdcard share.
I tried making the shell script but I had no luck actually running it. I chmodded it without error and ran it without error but it didn't produce a .txt file so I guess it failed to run or didn't have permissions to create a file.
The app developer/creator specifies that the compiler I'm using should work fine on rooted phones. I don't have an android phone to test it. I've tried working out problems with the developer but he couldn't figure it out either.
Okay, the creator helped me out and we resolved it. Here are the steps I took to do it, for other users.-
Pre-requisites: You must have BusyBox, SuperUser, C4droid, GCC for C4droid, and a Terminal Emulator installed. You also need a rooted device.
1. Open Terminal emulator and type "su" and press enter. A superuser screen will pop up and you need to click allow.
2. Type the following lines into the terminal (one by one):
cd /Removable/MicroSD/
mkdir Android
mkdir Android/data
cp -r /sdcard/Android/data/com.n0n3m4.droidc/ /Removable/MicroSD/Android/data/
su
mount -o remount,rw,exec -t vfat /dev/block/vold/179:9 /Removable/MicroSD
/system/xbin/mount -o bind /Removable/MicroSD/Android/data/com.n0n3m4.droidc/ /sdcard/Android/data/com.n0n3m4.droidc/
3. Change the default compiler in C4droid to G++ + bionic (Root required)
4. Done
Congratulations!
I guess it was mainly the 'noexec' switch of the mount -o {} that kept things from being executable.
I didn't notice that and am glad you posted the solution and I also wasn't really aware of the use of the "mount -o bind" for dual-pathing as well.
-- Thanks.

Root Mediapad/Honor X2 SuperSu (no kingroot)

All,
I've moved this to it's own thread just to keep thing separate.
In case you are uncomfortable with kingroot, or you want a less intrusive install (since we don't need any exploits to root this device - kudos Huawei!) I have built a modified version of the boot image that uses supersu by chainfire instead. This is based on the work done here http://cn.club.vmall.com/space-uid-5467988.html, so we still owe them thanks. All this does, is move the Superuser.apk package into the system partition so that it can be installed as an administrative application, add in a /sbin/su file, and copy /sbin/su into /sbin/xbin so we can use it. Here is a full diff for the 0012 version from the default boot.img supplied by Huawei:
Code:
diff: ./charger: No such file or directory
diff: ~/mediapad/dload.012/boot/filesystem/charger: No such file or directory
diff -r ./default.prop ~/mediapad/dload.012/boot/filesystem/default.prop
4c4
< ro.secure=0
---
> ro.secure=1
6,7c6,7
< ro.debuggable=1
< ro.adb.secure=0
---
> ro.debuggable=0
> ro.adb.secure=1
diff -r ./init.rc ~/mediapad/dload.012/boot/filesystem/init.rc
528,532d527
< service load_boot /sbin/load_boot
< class main
< seclabel u:r:install_recovery:s0
< oneshot
<
Only in ./sbin: load_boot
Only in ./sbin: su
load_boot contains the following:
Code:
#!/system/bin/sh
/sbin/su --auto-daemon &
if [ ! -e /system/app/Superuser.apk ];then
mount -o rw,remount /system
cp -rpf /data/local/tmp/Superuser.apk /system/app/Superuser.apk
chmod 644 /system/app/Superuser.apk
fi
if [ ! -e /system/xbin/su ];then
mount -o rw,remount /system
cp -rpf /sbin/su /system/xbin/
chmod 06755 /system/xbin/su
fi
The /sbin/su file has an md5sum:
Code:
md5sum sbin/su
cd029c6b8b7065ff8ff2860137aeff99 sbin/su
and that matches the md5sum of the su included with v2.46 of chainfires supersu ZIP file (in the link below). So from a security perspective, I think we are pretty clean.
To use this, do the following:
0) Make sure you have unlocked the bootloader first!!!
1) Download chainfires Superuser from here: https://download.chainfire.eu/696/SuperSU/UPDATE-SuperSU-v2.46.zip , and extract the Superuser.apk file from the common folder.
2) adb shell "rm -rf /data/local/tmp/*"
3) adb push <path_to>/Superuser..apk /data/local/tmp/Superuser.apk
4) adb reboot bootloader
( your device will restart)
5) fastboot flash boot <path_to>/super_boot.img
6) fastboot reboot
7) Open the supersu App and update su (otherwise you may have strange issues)
That's it! You're rooted!
This does not do any odd exploits or camera driver adjustments or anything so there shouldn't be any issues with the camera or sound, but, as always, no guarantees.
File is to big too upload here so grab it from here:
703L
b012:
https://www.dropbox.com/s/7wqs6qghphy42sl/super_boot.b012.img?dl=0
b013 - untested for now!!! Tested and works fine:
https://www.dropbox.com/s/9so1wdbofhlbcmo/super_boot.b013.img?dl=0
b015 - Tested and works fine:
https://www.dropbox.com/s/cs767z8yjyfsfku/super_boot.703L.B015.img?dl=0
b106 - Tested and works fine:
https://www.dropbox.com/s/4qvtvpemiko01ie/super_boot.703L.B106.img?dl=0
702L
b003 - Untested! - Potentially Insecure! - I got the link for the 702L image from xda, NOT from emui.com. So I can't speak to the security:
https://www.dropbox.com/s/fp1cj25m1zzqq0m/super_boot.702L.B003.img?dl=0
Root sucessfully without any problems.
Big thanks.
dfsteen said:
All,
I've moved this to it's own thread just to keep thing separate.
In case you are uncomfortable with kingroot, or you want a less intrusive install (since we don't need any exploits to root this device - kudos Huawei!) I have built a modified version of the boot image that uses supersu by chainfire instead. This is based on the work done here http://cn.club.vmall.com/space-uid-5467988.html, so we still owe them thanks. All this does, is move the Superuser.apk package into the system partition so that it can be installed as an administrative application, add in a /sbin/su file, and copy /sbin/su into /sbin/xbin so we can use it. Here is a full diff for the 0012 version from the default boot.img supplied by Huawei:
Code:
diff: ./charger: No such file or directory
diff: ~/mediapad/dload.012/boot/filesystem/charger: No such file or directory
diff -r ./default.prop ~/mediapad/dload.012/boot/filesystem/default.prop
4c4
< ro.secure=0
---
> ro.secure=1
6,7c6,7
< ro.debuggable=1
< ro.adb.secure=0
---
> ro.debuggable=0
> ro.adb.secure=1
diff -r ./init.rc ~/mediapad/dload.012/boot/filesystem/init.rc
528,532d527
< service load_boot /sbin/load_boot
< class main
< seclabel u:r:install_recovery:s0
< oneshot
<
Only in ./sbin: load_boot
Only in ./sbin: su
load_boot contains the following:
Code:
#!/system/bin/sh
/sbin/su --auto-daemon &
if [ ! -e /system/app/Superuser.apk ];then
mount -o rw,remount /system
cp -rpf /data/local/tmp/Superuser.apk /system/app/Superuser.apk
chmod 644 /system/app/Superuser.apk
fi
if [ ! -e /system/xbin/su ];then
mount -o rw,remount /system
cp -rpf /sbin/su /system/xbin/
chmod 06755 /system/xbin/su
fi
The /sbin/su file has an md5sum:
Code:
md5sum sbin/su
cd029c6b8b7065ff8ff2860137aeff99 sbin/su
and that matches the md5sum of the su included with v2.46 of chainfires supersu ZIP file (in the link below). So from a security perspective, I think we are pretty clean.
To use this, do the following:
0) Make sure you have unlocked the bootloader first!!!
1) Download chainfires Superuser from here: https://download.chainfire.eu/696/SuperSU/UPDATE-SuperSU-v2.46.zip , and extract the Superuser.apk file from the common folder.
2) adb shell "rm -rf /data/local/tmp/*"
3) adb push <path_to>/Superuser..apk /data/local/tmp/Superuser.apk
4) adb reboot bootloader
( your device will restart)
5) fastboot flash boot <path_to>/super_boot.img
6) fastboot reboot
7) Open the supersu App and update su (otherwise you may have strange issues)
That's it! You're rooted!
This does not do any odd exploits or camera driver adjustments or anything so there shouldn't be any issues with the camera or sound, but, as always, no guarantees.
File is to big too upload here so grab it from here:
b012:
https://www.dropbox.com/s/wlsjjixext9kbjf/super_boot.b012.img?dl=0
b013 - untested for now!!! Tested and works fine:
https://www.dropbox.com/s/wchc8w6d0qy1npv/super_boot.b013.img?dl=0
Click to expand...
Click to collapse
Would this method work on a GEM-701L as well?
if you point me to the firmware image for that device i can tell you for sure.
Sent from my GEM-703L using XDA Free mobile app
thank you very much, its working great on b013 !
What i did was restoring b012 from sdcard, then i installed directly b013 update, then i rooted the phone using your method and everything is working great.
Now, this probably sounds studip, but could you please explain point 2-6? My Honor X2 is bootloader unlocked but I have no idea what I have to do when you write adb shell.. etc... Do I need any software to do what you suggest or is there a visual guide somewhere to get me going?
Thanks
Can someone give me a link to the Windows drivers please .
dfsteen said:
All,
I've moved this to it's own thread just to keep thing separate.
In case you are uncomfortable with kingroot, or you want a less intrusive install (since we don't need any exploits to root this device - kudos Huawei!) I have built a modified version of the boot image that uses supersu by chainfire instead. This is based on the work done here http://cn.club.vmall.com/space-uid-5467988.html, so we still owe them thanks. All this does, is move the Superuser.apk package into the system partition so that it can be installed as an administrative application, add in a /sbin/su file, and copy /sbin/su into /sbin/xbin so we can use it. Here is a full diff for the 0012 version from the default boot.img supplied by Huawei:
Code:
diff: ./charger: No such file or directory
diff: ~/mediapad/dload.012/boot/filesystem/charger: No such file or directory
diff -r ./default.prop ~/mediapad/dload.012/boot/filesystem/default.prop
4c4
< ro.secure=0
---
> ro.secure=1
6,7c6,7
< ro.debuggable=1
< ro.adb.secure=0
---
> ro.debuggable=0
> ro.adb.secure=1
diff -r ./init.rc ~/mediapad/dload.012/boot/filesystem/init.rc
528,532d527
< service load_boot /sbin/load_boot
< class main
< seclabel u:r:install_recovery:s0
< oneshot
<
Only in ./sbin: load_boot
Only in ./sbin: su
load_boot contains the following:
Code:
#!/system/bin/sh
/sbin/su --auto-daemon &
if [ ! -e /system/app/Superuser.apk ];then
mount -o rw,remount /system
cp -rpf /data/local/tmp/Superuser.apk /system/app/Superuser.apk
chmod 644 /system/app/Superuser.apk
fi
if [ ! -e /system/xbin/su ];then
mount -o rw,remount /system
cp -rpf /sbin/su /system/xbin/
chmod 06755 /system/xbin/su
fi
The /sbin/su file has an md5sum:
Code:
md5sum sbin/su
cd029c6b8b7065ff8ff2860137aeff99 sbin/su
and that matches the md5sum of the su included with v2.46 of chainfires supersu ZIP file (in the link below). So from a security perspective, I think we are pretty clean.
To use this, do the following:
0) Make sure you have unlocked the bootloader first!!!
1) Download chainfires Superuser from here: https://download.chainfire.eu/696/SuperSU/UPDATE-SuperSU-v2.46.zip , and extract the Superuser.apk file from the common folder.
2) adb shell "rm -rf /data/local/tmp/*"
3) adb push <path_to>/Superuser..apk /data/local/tmp/Superuser.apk
4) adb reboot bootloader
( your device will restart)
5) fastboot flash boot <path_to>/super_boot.img
6) fastboot reboot
7) Open the supersu App and update su (otherwise you may have strange issues)
That's it! You're rooted!
This does not do any odd exploits or camera driver adjustments or anything so there shouldn't be any issues with the camera or sound, but, as always, no guarantees.
File is to big too upload here so grab it from here:
b012:
https://www.dropbox.com/s/wlsjjixext9kbjf/super_boot.b012.img?dl=0
b013 - untested for now!!! Tested and works fine:
https://www.dropbox.com/s/wchc8w6d0qy1npv/super_boot.b013.img?dl=0
Click to expand...
Click to collapse
Very nice guide. I followed your instructions and I rooted successfully. I am getting a Cell broadcasts has stopped error upon boot but it really doesn't affect anything so I'm going to freeze it. The good part of this whole process is I ordered my X2 from a seller (zomlong-trading) on eBay and they said they installed an "international" ROM which has all the GAPPS like the Play Store etc.... I had the phone within a week (It shipped on Monday and I got it on Thursday) and the phone came working perfectly. I emailed Huawei for the unlock code and had it within three hours. When I went to unlock apparently the phone was already unlocked so all i had to do was follow your root procedure and that worked like a charm. I can't wait for someone to port the Chinese TWRP to an English version. I'm excited about being able to flash anything AOSP based on this when and if it ever happens. Anyway, thanks for your help.
Bunkerstudio said:
Now, this probably sounds studip, but could you please explain point 2-6? My Honor X2 is bootloader unlocked but I have no idea what I have to do when you write adb shell.. etc... Do I need any software to do what you suggest or is there a visual guide somewhere to get me going?
Thanks
Click to expand...
Click to collapse
Adb and fastboot are tools that you use to interact with android from your PC. You can look here for beginner information:
http://forum.xda-developers.com/showthread.php?t=690362
Note that there are many many threads discussing these things on xda, and the above is only one example. Search around and you will find a whole lot more information.
Confirm: Worked well with GEM-703LT version (32Gb storage)
Didn't work. Rooted using another method
dfsteen said:
All,
I've moved this to it's own thread just to keep thing separate.
In case you are uncomfortable with kingroot, or you want a less intrusive install (since we don't need any exploits to root this device - kudos Huawei!) I have built a modified version of the boot image that uses supersu by chainfire instead. This is based on the work done here http://cn.club.vmall.com/space-uid-5467988.html, so we still owe them thanks. All this does, is move the Superuser.apk package into the system partition so that it can be installed as an administrative application, add in a /sbin/su file, and copy /sbin/su into /sbin/xbin so we can use it. Here is a full diff for the 0012 version from the default boot.img supplied by Huawei:
Code:
diff: ./charger: No such file or directory
diff: ~/mediapad/dload.012/boot/filesystem/charger: No such file or directory
diff -r ./default.prop ~/mediapad/dload.012/boot/filesystem/default.prop
4c4
< ro.secure=0
---
> ro.secure=1
6,7c6,7
< ro.debuggable=1
< ro.adb.secure=0
---
> ro.debuggable=0
> ro.adb.secure=1
diff -r ./init.rc ~/mediapad/dload.012/boot/filesystem/init.rc
528,532d527
< service load_boot /sbin/load_boot
< class main
< seclabel u:r:install_recovery:s0
< oneshot
<
Only in ./sbin: load_boot
Only in ./sbin: su
load_boot contains the following:
Code:
#!/system/bin/sh
/sbin/su --auto-daemon &
if [ ! -e /system/app/Superuser.apk ];then
mount -o rw,remount /system
cp -rpf /data/local/tmp/Superuser.apk /system/app/Superuser.apk
chmod 644 /system/app/Superuser.apk
fi
if [ ! -e /system/xbin/su ];then
mount -o rw,remount /system
cp -rpf /sbin/su /system/xbin/
chmod 06755 /system/xbin/su
fi
The /sbin/su file has an md5sum:
Code:
md5sum sbin/su
cd029c6b8b7065ff8ff2860137aeff99 sbin/su
and that matches the md5sum of the su included with v2.46 of chainfires supersu ZIP file (in the link below). So from a security perspective, I think we are pretty clean.
To use this, do the following:
0) Make sure you have unlocked the bootloader first!!!
1) Download chainfires Superuser from here: https://download.chainfire.eu/696/SuperSU/UPDATE-SuperSU-v2.46.zip , and extract the Superuser.apk file from the common folder.
2) adb shell "rm -rf /data/local/tmp/*"
3) adb push <path_to>/Superuser..apk /data/local/tmp/Superuser.apk
4) adb reboot bootloader
( your device will restart)
5) fastboot flash boot <path_to>/super_boot.img
6) fastboot reboot
7) Open the supersu App and update su (otherwise you may have strange issues)
That's it! You're rooted!
This does not do any odd exploits or camera driver adjustments or anything so there shouldn't be any issues with the camera or sound, but, as always, no guarantees.
File is to big too upload here so grab it from here:
b012:
https://www.dropbox.com/s/wlsjjixext9kbjf/super_boot.b012.img?dl=0
b013 - untested for now!!! Tested and works fine:
https://www.dropbox.com/s/wchc8w6d0qy1npv/super_boot.b013.img?dl=0
Click to expand...
Click to collapse
hi
thanks for your efforts, but do you have the stock recovery.img for b013 rom
thankyou
All,
As soon as b015 goes up on the website I will pull it apart and generate a rooted version. It usually goes up within a week of the OTA update so hang in there!
-Dan
Hi there... I wonder if u can take a look @ GEM-702L ???
theres only one FW for the 702.... but there no stable working boot.img could work with...T.T
While I mean all the 703 bxyz method could root...the 702... but probably theres some problems... like GPU driver sth like that... first.. it caused no sound problem.... random freezes.... n cheesy screen
lcw622 said:
Hi there... I wonder if u can take a look @ GEM-702L ???
theres only one FW for the 702.... but there no stable working boot.img could work with...T.T
While I mean all the 703 bxyz method could root...the 702... but probably theres some problems... like GPU driver sth like that... first.. it caused no sound problem.... random freezes.... n cheesy screen
Click to expand...
Click to collapse
Do you have a link to the firmware?
dfsteen said:
Do you have a link to the firmware?
Click to expand...
Click to collapse
http://forum.xda-developers.com/huawei-mediapad/general/mediapad-x2-firmware-702l-703l-t3168925
dfsteen said:
All,
As soon as b015 goes up on the website I will pull it apart and generate a rooted version. It usually goes up within a week of the OTA update so hang in there!
-Dan
Click to expand...
Click to collapse
Thanks and btw the b015 is already on the website. Excited now
Can't wait for the root of b015 [emoji18]
Gesendet von iPad mit Tapatalk
b015 rooted is now up on the initial posting. Enjoy!
lcw622 said:
http://forum.xda-developers.com/huawei-mediapad/general/mediapad-x2-firmware-702l-703l-t3168925
Click to expand...
Click to collapse
I've posted a rooted boot.img for 702l.b003 from the link you provided. I don't own this device, so it's not tested, but let me know if it works.

[TUT] How-To Root Fire HD 7, 8, and 10 6th, 7th, and 8th generation

Edit: Someone pointed out the title is not completely accurate, so I changed it to be more descriptive and I will add a list of devices this root method will work with here
Edit2: Thanks to @Rortiz2 for the automated method! You can download it here! Simply extract the files and run MTK-SU.bat to install the SuperSU app and root your device. Once you reboot after the batch script has completed, simply open SuperSU, go to settings, and ensure that default root access for apps is set to grant.
Fire HD 8 8th gen (2018) (thanks @xyz`)
Fire HD 8 7th gen (2017)
Fire HD 8 6th gen (2016) (thanks @bibikalka)
Fire HD 10 7th gen (2017) (thanks @bibikalka)
Fire TV 2 2015 (mt8173-based) (thanks @el7145) -- up to firmware 5.2.6.9
Fire 7 9th gen (2019) (thanks @Michajin)
Before trying this root method, please read through this entire post: 5 and make sure it will work for your device!
Note: I did not create these methods, all credit goes to @diplomatic and @dutchthomas
I simply wanted to put it into a single forum post with easy instructions.
With that out of the way, lets get started.
Only use this for Fire OS 5.x.x.x, I haven't tested it with the latest version, but it should still work.
First, follow these instructions by diplomatic:
After you have verified that you have access to a root shell (The '[email protected]:/ $' will change to '[email protected]:/ #) you can follow these steps by dutchthomas:
1. Install SuperSu from Playstore (if you do not have the playstore installed, you can follow the guide by @Gilly10 here https://forum.xda-developers.com/amazon-fire/general/how-to-install-google-play-store-fire-t3486603)
2. Download SuperSu and unzip somewhere (download the .zip from here)
3. Inside the UPDATE-SuperSU-v2.79-20161211114519.zip there should be an arm64 folder. Copy that folder to your platform-tools folder
Most of this is just going to be copy paste commands
4. adb push arm64/su arm64/supolicy arm64/libsupol.so /data/local/tmp
5. adb shell
6. cd /data/local/tmp
7. ./mtk-su
8. The $ after [email protected] should change to a #, if it doesn't, close the terminal and start again from step 5.
9. mount -o remount -rw /system
10. cp /data/local/tmp/su /system/xbin/su
11. cp /data/local/tmp/su /system/xbin/daemonsu
12. cp /data/local/tmp/supolicy /system/xbin/
13. cp /data/local/tmp/libsupol.so /system/lib/
14. cp /data/local/tmp/libsupol.so /system/lib64/
15. chmod 0755 /system/xbin/su
16.
Code:
chcon u:object_r:system_file:s0 /system/xbin/su
17.
Code:
chcon u:object_r:system_file:s0 /system/xbin/su
18.
Code:
chcon u:object_r:system_file:s0 /system/xbin/daemonsu
19. daemonsu --auto-daemon
20. Back on your device, open the SuperSU app and allow it to update its binaries.
After updating the SuperSU binaries, reboot your device. Once you are back to your main screen, open SuperSU, go to settings, Then scroll down to Access. Click the [Grant] option for Default Access. You need to do this because for unknown reasons the Kindle Fire is unable to show the root access popup. Your device is now fully rooted!
https://forum.xda-developers.com/showpost.php?p=79441935&postcount=629
The original thread is here: https://forum.xda-developers.com/hd8-hd10/orig-development/experimental-software-root-hd-8-hd-10-t3904595. The title of the current thread does not accurately reflect which tablets can rooted by this method. This information is in the first post of the original thread.
MontysEvilTwin said:
The original thread is here: https://forum.xda-developers.com/hd8-hd10/orig-development/experimental-software-root-hd-8-hd-10-t3904595. The title of the current thread does not accurately reflect which tablets can rooted by this method. This information is in the first post of the original thread.
Click to expand...
Click to collapse
Thanks for the feedback, I updated the post to be more informative!
Rortiz2 said:
https://forum.xda-developers.com/showpost.php?p=79441935&postcount=629
Click to expand...
Click to collapse
Added a link and credit to you on my post, thanks for the script!
SirHappyCatIII said:
Added a link and credit to you on my post, thanks for the script!
Click to expand...
Click to collapse
Ok.
Correction
I now realize it was obvious, but it took me a while to realize there shouldn't be two identical commands.
Instruction #17 should be #18
And #18 should be
Code:
chmod 0755 /system/xbin/daemonsu
Thanks got my Fire HD 8 (6th Gen) running Fire OS 5.3.6.4 (626536720) rooted
deleted
Hi, i followed the steps for my Fire HD 8 8th gen (2018), FireOS 6.3.0.0.
I was able to obtain temporary root access using mtk-su. Prompt is now #.
Step 9 (9. mount -o remount -rw /system) returns this error.
mount: '/dev/block/dm-0'->'/system' : Device or resource busy.
I also tried " "mount -o rw,remount /system"
And it returns this error '/dev/block/dm-0' is read-only.
So I cannot proceed any further. Your help is greatly appreciated.
PS: Your step 1 says install SuperSu from PlayStore. But it seems there isn't a ChianFire SuperSu available in PlayStore. And how is this related to the rest of the steps?
mxj_xda said:
Hi, i followed the steps for my Fire HD 8 8th gen (2018), FireOS 6.3.0.0.
I was able to obtain temporary root access using mtk-su. Prompt is now #.
Step 9 (9. mount -o remount -rw /system) returns this error.
mount: '/dev/block/dm-0'->'/system' : Device or resource busy.
I also tried " "mount -o rw,remount /system"
And it returns this error '/dev/block/dm-0' is read-only.
So I cannot proceed any further. Your help is greatly appreciated.
PS: Your step 1 says install SuperSu from PlayStore. But it seems there isn't a ChianFire SuperSu available in PlayStore. And how is this related to the rest of the steps?
Click to expand...
Click to collapse
what are you looking to do? If you have root access then you can unlock... This thread is kind of old....
https://forum.xda-developers.com/hd...nlock-fire-hd-8-2018-karnak-amonet-3-t3963496
i get this error when i try and download the release 22 zip file
C:\Users\cod3w\AppData\Local\Temp\kKb_tka2.zip.part could not be saved, because the source file could not be read.
Try again later, or contact the server administrator.
Can this be used on the Fire HD 10 8TH GEN?
This guide should be updated. There's no more SuperSU on the Play store. I believe that it hasn't been updated for quite a while before it was taken down. There should be a more updated guide somewhere.
Hi.
I have a Fire HD 8 (6th Generation) ...OS 5.6.8.0 (626542120).
please i use which prosedure for root?
I get a question mark after the 1st command.
PS C:\adb> adb push arm64/su arm64/supolicy arm64/libsupol.so /data/local/tmp
[ ?] /data/local/tmp/libsupol.so
If i continue, it will fail with:
[email protected]:/data/local/tmp $ ./mtk-su
/system/bin/sh: ./mtk-su: not found
Will keep digging, i'm on a fire hd 8 6th gen on 5.3.6.4
I'm only using a very small adb pack, maybe it's that, but i am able to commuinicate.
Will keep at it.
PS: Thank you so much for making this guide, hopefully i can breath some life into this now quite slow tablet.
EDIT: MTK was missing from all folders?
Heres the whole list of commands, now fails on the last part, daemon
PS C:\adb> adb push arm64/su arm64/supolicy arm64/libsupol.so /data/local/tmp
[ ?] /data/local/tmp/libsupol.so
PS C:\adb> adb shell
[email protected]:/ $ cd /data/local/tmp
[email protected]:/data/local/tmp $ ./mtk-su
UID: 0 cap: 3fffffffff selinux: permissive
[email protected]:/data/local/tmp # mount -o remount -rw /system
[email protected]:/data/local/tmp # cp /data/local/tmp/su /system/xbin/su
[email protected]:/data/local/tmp # cp /data/local/tmp/su /system/xbin/daemonsu
[email protected]:/data/local/tmp # cp /data/local/tmp/supolicy /system/xbin/
[email protected]:/data/local/tmp # cp /data/local/tmp/libsupol.so /system/lib/
[email protected]:/data/local/tmp # cp /data/local/tmp/libsupol.so /system/lib64/
[email protected]:/data/local/tmp # chmod 0755 /system/xbin/su
[email protected]:/data/local/tmp # chcon ubject_r:system_file:s0 /system/xbin/su
[email protected]:/data/local/tmp # chcon ubject_r:system_file:s0 /system/xbin/su
[email protected]:/data/local/tmp #
hcon ubject_r:system_file:s0 /system/xbin/daemonsu <
[email protected]:/data/local/tmp # daemonsu --auto-daemon
/system/bin/sh: daemonsu: can't execute: Permission denied
126|[email protected]:/data/local/tmp #
Need to allow permissions i guess but not sure how.
Have tried the other mtk method in the thread mentioned in the OP and have this in powershell, different response to the adb push.
PS C:\adb> adb push .\mtk-su /data/local/tmp
[100%] /data/local/tmp/mtk-su
PS C:\adb> adb shell
[email protected]:/ $ cd /data/local/tmp
[email protected]:/data/local/tmp $ chmod 755 mtk-su
[email protected]:/data/local/tmp $ ./mtk-su
UID: 0 cap: 3fffffffff selinux: permissive
[email protected]:/data/local/tmp #
help
Ok so i managed to root using the mtk-su app from here:
Releases · JunioJsv/mtk-easy-su
Get bootless root access with few clicks. Contribute to JunioJsv/mtk-easy-su development by creating an account on GitHub.
github.com
Now i do have magisk and super su installed but there is no prompt from any root request, however it does say i am rooted according the supersu root checker, plus magisk safetynet fails, so i'm at a loss now.

Categories

Resources