Database Info

Sharp IS01: introduce the root acquisition

Hi, I'm Japanese developer.
Please excuse my poor English.
I introduce the root acquisition these steps.
Take full responsibility for your actions.
Please download here and extract it.
root.7z: j.mp/fRq6Nr mirror: j.mp/eok7vq
Require: superuser.apk
Prepare:
Code:
$adb push install.tar.gz /sqlite_journals
$adb push busybox_s /sqlite_journals
$adb shell chmod 0755 /sqlite_journals/busybox_s
$adb shell
$cd /sqlite_journals
$./busybox_s tar xvzf install.tar.gz
Step1: Get root.
from IS01 Android Terminal,
Code:
$cd /sqlite_journals/install
$sh install.sh
Input install step [1/2/3/4/update/uninstall] : 1
If you become superuser, the dollar sign should change to a hash (or sharp) sign.
Success: $ → #
Step2: Install hack binaries at "/sqlite_journals/root".
from IS01 Android Terminal,
Code:
$cd /sqlite_journals/install
$sh install.sh
Input install step [1/2/3/4/update/uninstall] : 2
Enable iptables?[Y/n] : n
Enable samba?[Y/n] : n
Enter to reboot : Enter
Step3: Write Hacked kernel in recovery area.
from IS01 Android Terminal,
Code:
$/sqlite_journals/install/au
↑You have to get root.
Code:
#cd /sqlite_journals/install
#sh install.sh
Input install step [1/2/3/4/update/uninstall] : 3
Write kernel?[y/N] : y
Enter to reboot recovery
*UPDATE
You're free to do so. XD
Step4: Create symbolic links in system.
and replace libshsecure_jni.so.
from IS01 Android Terminal,
Code:
$/sqlite_journals/install/au
↑You have to get root.
Code:
#cd /sqlite_journals/install
#sh install.sh
Input install step [1/2/3/4/update/uninstall] : 4
Q. What is hacked kernel?
A. This kernel is release of the NAND lock.
You can write after mount system.
Q. What is /sqlite_journals/install/au?
A. It is su binary. But it became impossible to use the market when it was a name of su, it changed on purpose to the name of au.
Q. Why don't you write it at boot area?
A. Also there is no way to repair broken IS01 because blocked fastboot(cant use fastboot).
Q. So boot area?
A. NV softs built recovery_kit image.
recovery_kit_v130.7z: j.mp/hXEp7C mirror: j.mp/f4SHCq
Code:
$adb push recovery_kit.img /data/recovery_kit.img
from IS01 Android Terminal,
Code:
$/sqlite_journals/install/au
↑You have to get root.
Code:
#cd /sqlite_journals/install
#flash_image boot_wr /data/recovery_kit.img
Q. How to use recovery_kit?
A. When mirror recovery image is hidden, you input "Home+Power".
But if your PC is Windows, unplug USB cable.
Code:
HotKey:
Boot recovery partition: Home+Back
Boot boot partition: Home+Menu
Enable QXDM: Alt+Q
Start adbd recovery: Alt+A
Start recovery utility: Alt+R
Support command:
sh
toolbox
busybox
mount_system: Mount system partision to /system2
mount_data: Mount data partision to /data
Thanks, love_marijuana＠twitter, MobileHackerz＠twitter, goroh_kun＠twitter, gcd_org＠twitter, nvsofts＠twitter, Yukto8492＠twitter and more.
Wrote by DevRenax＠twitter. j.mp/g0pDZz
P.S I am transplanting CM6 for IS01.

[: permission denied
Took the plunge and tried this...
Got stuck at step 1:
$ sh install.sh
sh install.sh
IS01 root installer ver0.1.0
Input install step [1/2/3/4/update/uninstall] : 1
1
[: permission denied
Install STEP1
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[+] RLIMIT_NPROC={1856, 1856}
[*] Searching for adb ...
[+] Found adb as PID 31307
[*] Spawning children. Dont type anything and wait for reset!
[*]
[*] If you like what we are doing you can send us PayPal money to
[*] [email protected] so we can compensate time, effort and HW costs.
[*] If you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 USD!
[*]
[*] adb connection will be reset. restart adb server on desktop and re-login.
[: permission denied
Shut down terminal and reexecute this script!
$

xxolloxx said:
Took the plunge and tried this...
Got stuck at step 1:
$ sh install.sh
sh install.sh
IS01 root installer ver0.1.0
Input install step [1/2/3/4/update/uninstall] : 1
1
[: permission denied
Install STEP1
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[+] RLIMIT_NPROC={1856, 1856}
[*] Searching for adb ...
[+] Found adb as PID 31307
[*] Spawning children. Dont type anything and wait for reset!
[*]
[*] If you like what we are doing you can send us PayPal money to
[*] [email protected] so we can compensate time, effort and HW costs.
[*] If you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 USD!
[*]
[*] adb connection will be reset. restart adb server on desktop and re-login.
[: permission denied
Shut down terminal and reexecute this script!
$
Click to expand...
Click to collapse
hmm...
ok, tell me the results
1: What is your baseband version?
2:
Code:
$adb shell uname -a
3: from android terminal. Try running a few times, about 10times?
Code:
$/sqlite_journals/install/rageagainstthecage
4: after running Step1: Get root,
from android terminal.
Code:
$id

Baseband: 1.00.05
adb shell uname -a
uname: permission denied
$id
id
uid=2000(shell) gid=2000(shell) groups=1003(graphics),1004(input),1007(log),1011
(adb),1015(sdcard_rw),3001(net_bt_admin),3002(net_bt),3003(inet)
I ran
$/sqlite_journals/install/rageagainstthecage
...about 7 times, $ changed to #
Then I got stuck at:
$ cd /sqlite_journals/install
cd /sqlite_journals/install
$ sh install.sh
sh install.sh
IS01 root installer ver0.1.0
Unable to chmod ./busybox: Operation not permitted
Input install step [1/2/3/4/update/uninstall] : 1
1
[: permission denied
Install STEP1
Unable to chmod ./rageagainstthecage: Operation not permitted
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[+] RLIMIT_NPROC={1856, 1856}
[*] Searching for adb ...
[+] Found adb as PID 8052
[*] Spawning children. Dont type anything and wait for reset!
[*]
[*] If you like what we are doing you can send us PayPal money to
[*] [email protected] so we can compensate time, effort and HW costs.
[*] If you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 USD!
[*]
[*] adb connection will be reset. restart adb server on desktop and re-login.
[: permission denied

Baseband: 1.00.05
Click to expand...
Click to collapse
No problem.
I ran
$/sqlite_journals/install/rageagainstthecage
...about 7 times, $ changed to #
Click to expand...
Click to collapse
You got root. Next, run this command after reboot Android Term.
Code:
$/sqlite_journals/install/su
If you got root and installed superuser.apk, it will auto start superuser.apk.

triangle and exclamation point on boot
I did the steps above and I see it boot the recovery image, then it transitions into a boot screen that has a triangle with exclamation point. What do I do now?
Thanks in advance

I got to the recovery screen and enabled adb recovery, but adb states the device is offline. How do I get it online or push a new image.

plenpak said:
I did the steps above and I see it boot the recovery image, then it transitions into a boot screen that has a triangle with exclamation point. What do I do now?
Thanks in advance
Click to expand...
Click to collapse
you, too.
Sorry, I did not explain qxdm...
Code:
from hacked kernel
#echo 1 > /sys/devices/platform/msm_hsusb_periphera/qxdm_enable
or
recovery_kit -> Enable QXDM
And recovery_kit is unstabled. Try running a few times.
Be all about timing.
ScreenShot(recovery_kit) j.mp/hbHiL9

Thanks. You were right. Timing was everything. I now have a rooted device. I did have to modify the install.sh script. It wasnt working for me intially.
Have you tried to load Froyo or Gingerbread on it yet? Have you tried Cyanogen mod? I have Cyanogen mod 7 running on my N1, and would like to attempt a port to the IS01.

I did have to modify the install.sh script. It wasnt working for me intially.
Click to expand...
Click to collapse
Actually, I did not created it, and I have not tried. XD
this script was created by love_marijuana＠twitter.
If that's ok, upload modified scripts please?
Have you tried to load Froyo or Gingerbread on it yet? Have you tried Cyanogen mod? I have Cyanogen mod 7 running on my N1, and would like to attempt a port to the IS01.
Click to expand...
Click to collapse
Wow, you have nice device!
I transplanting CM6.
I have github acount. -> github.com/CM4IS01
But this rom is very buggy.
Not work:
Bluetooth, GPS, Accelerator Sensors, 3D Acceleration, Sound and more...

Sharp IS01
Hi Sharp IS01 users....don t waist your time with this device.....AU launch this month 04/2011...a HTC EVO 4G...with HDMI and WIMAX router mode for acess a internet from a notebook or others devices....GOOD DEAL...

Help me pls,
I'm stuck at Step1, too
$cd /sqlite_journals/install
$sh install.sh
IS01 root installer ver0.1.0
Unable to chmod .busybox: Operation not permitted
Input install step [1/2/3/4/update/uninstall] :
My phone's build number: 01.00.02
Model number: SH-01B
(Docomo)
Thanks much

@ DevRenax, I can't find this file, CM6byDevRenax-06242011-IS01.7z . Are you still working on it? I'd like to try it for my SH-10B device, base band 01.00.02. Could you post another link to it? Thanks

plenpak said:
I did the steps above and I see it boot the recovery image, then it transitions into a boot screen that has a triangle with exclamation point. What do I do now?
Thanks in advance
Click to expand...
Click to collapse
I skip all the way to flash recovery_kit.img since I didnt use the steps to get root. Now I am stuck at the triangle with exclamation point screen. How did you bypass it?
Edit: ok, the recovery_kit works with the hotkeys but, it still won't let my SH-10B boot the system. Does anyone have the ADB usb driver for win7-64? The one that came with the cd-rom and from Sharp's webite doesn't install on my computer. If I can use adb, I could probably fix this.

I'm very new to do rooting
I try to understand your description.
But i don't know how to start.
I have already download and try to use superuser but i don't know how to write the command line as you shown.
What program i need for writing command?
Actually I just want my LYNX SH-10B to read another language beside Jap and Eng.
If you have another easier way pls help......
BEN

Ok, I believe I know what screwed my system from booting. This;
Code:
#cd /sqlite_journals/install
#flash_image boot_wr /data/recovery_kit.img
From this code that I use the recovery_kit was flash to my boot partition and replaced the boot.img. That is why it goes from recovery-kit boot screen to recovery mode screen and does not start android as mentioned in my previous post. It should have been: flash_image recovery. So I've lost my boot.img for the stock android 1.6. Can anyone who has the device post it so I may flash it back on and get my SH-10B running again. Thanks

[UPDATED]how to root 1.47.161.2 hboot 002 (and possibly others)

sorry about all the updates i am trying to remember as i go along with the help of the comments below, we will get this working as i know it does
i have actually managed it i used fre3vo from this thread
http://forum.xda-developers.com/showthread.php?t=1178912
but i combined the instructions with post 4 from the downgrade thread ( part where you have to chmod the version file then change the version.
first download http://forum.xda-developers.com/attachment.php?attachmentid=591335&d=1304969547
and also this
http://forum.xda-developers.com/attachment.php?attachmentid=661246&d=1311240968
extract them to the same folder then open a command prompt in that folder and follow these instructions pressing enter at the end of each step
(big thanks to Jorgen2009 for cleaning up the instructions)
Instructions:
1. adb push fre3vo /data/local/tmp
2. adb push misc_version /data/local/tmp
3. adb shell chmod 777 /data/local/tmp/fre3vo
4. adb shell chmod 777 /data/local/tmp/misc_version
5. reboot the phone with the cable attached to the computer
6. adb shell (this gives a $-prompt)
7. /data/local/tmp/fre3vo -debug -start FAA90000 -end FFFFFFFF (when everything is OK you'll go back to your own prompt, not the phones)
8. adb shell (you'll have a #-prompt now, cause the the is temp-rooted)
9. /data/local/tmp/misc_version -s 1.27.405.6
10. install the earliest RUU version you can find. I used RUU_Saga_HTC_Europe_1.28.401.1_Radio_20.28b.30.080 5U_38.03.02.11_M_release_177977_signed
11. after rebooting your phone has the old HBOOT (0.98.0000)
12. enable USB Debugging (Settings - Applications - Development) and reboot the phone again
13. Run the AlphaRevX binary and don't install the CWM recovery, we'll use 4EXTRecovery lateron
congratulations, your phone is now S-OFF!
download the latest EXT4Recovery from here
adb reboot bootloader
fastboot flash recovery [PATH TO recovery.img]
fastboot reboot-bootloader
go to the recovery and install any ROM you like
hope this helps everyone.
as usuall not my fault, brick yadda yadda
credit to sethario, the fre3vo dev team and Jorgen2009

davidreece said:
i have actually managed it i used fre3vo from this thread
http://forum.xda-developers.com/showthread.php?t=1150006
but i combined the instructions with post 4 from the downgrade thread ( part where you have to chmod the version file then change the version.
first download http://forum.xda-developers.com/attachment.php?attachmentid=591335&d=1304969547
and also this
http://forum.xda-developers.com/attachment.php?attachmentid=661246&d=1311240968
extract them to the same folder then open a command prompt in that folder and follow these instructions
Instructions:
1. adb push fre3vo /data/local/tmp
2. adb push misc_version /data/local/tmp
3. adb shell chmod 777 /data/local/tmp/fre3vo
4. adb shell chmod 777 /data/local/tmp/misc_version
5. Run the binary via 'adb shell /data/local/tmp/fre3vo'
If all goes well, you'll be kicked back to your computer's command prompt.
run 'adb shell' and you should have a '#' prompt instead of $
6. cd /data/local/tmp
./misc_version -s 1.27.405.6
From here you can then install the update/downgrade from the ruu exe for your phone from http://forum.xda-developers.com/showthread.php?t=1002506
then you can just follow the alpharevx instructions as normal because you will be able to run gingerbreak etc, this works on the latest updates as i couldnt use gingerbreak to downgrade due to the vodafone uk update and i am now on a custom rom and s offed
hope this helps everyone.
as usuall not my fault, brick yadda yadda
Click to expand...
Click to collapse
Brilliant and well done. .
could you please add exactly which 1.47 version that you achieved this on and from which country.
also get this useful thread added to the INDEX sticky thread that we have be either PM' ing threads OP or adding post in that Thread.
Sent from my HTC Desire S using XDA Premium App

ben_pyett said:
Brilliant and well done. .
could you please add exactly which 1.47 version that you achieved this on and from which country.
also get this useful thread added to the INDEX sticky thread that we have be either PM' ing threads OP or adding post in that Thread.
Sent from my HTC Desire S using XDA Premium App
Click to expand...
Click to collapse
not sure exactly what 1.47 as its gone now but as i said in my post im on a vodafone uk if that helps
also just to make it clear, none of this is my own work guys a lot brighter than me figured all the hard stuff out, i just fitted the different bits together

davidreece said:
not sure exactly what 1.47 as its gone now but as i said in my post im on a vodafone uk if that helps
also just to make it clear, none of this is my own work guys a lot brighter than me figured all the hard stuff out, i just fitted the different bits together
Click to expand...
Click to collapse
All the same, Putting the bits together, writing the guide and having the balls to try all of these steps on your own device is worthy of thanks and just a little praise
Sent from my HTC Desire S using XDA Premium App

thanks ben just glad to put something back instead of leeching all the devs hard work all the time

Thanx davidreece, great find!
Unfortunately it's not working for me I get stuck at point 5 running the fre3vo binary. I waited 20 minutes for it to complete, but it's still saying "please wait" with a blinking cursor. For the record, I'm using this rom: RUU_Saga_HTC_Europe_1.47.401.4_Radio_20.28I.30.085 AU_3805.06.02.03_M_release_199410_signed. That could be the problem perhaps.
I also noticed that the the fre3vo link from your article is a bit older then the fre3vo version on the fre3vo thread. Of course i tried that one too, but it gives the same result for me
Any ideas?
Cheers

not a clue jorgen sorry i should maybe add the words "some"
just a thought when you ran the fre3vo command where you in adb shell or at the command prompt >, i seem to remember it happened to me the first time i tried it but i cant remember how i got it wrong, ithink you have to enter the adb shell command first then enter /data/local/tmp/fre3vo next or it may be enter them both together as one line i cant really remember, i was so surprised it worked if anyone else gets this to work could you please clarify the fre3vo steps and i will update the main post thanks, hope this helps, also i only used the link version not any newer one

davidreece said:
not a clue jorgen sorry i should maybe add the words "some"
just a thought when you ran the fre3vo command where you in adb shell or at the command prompt >, i seem to remember it happened to me the first time i tried it but i cant remember how i got it wrong, ithink you have to enter the adb shell command first then enter /data/local/tmp/fre3vo next or it may be enter them both together as one line i cant really remember, i was so surprised it worked if anyone else gets this to work could you please clarify the fre3vo steps and i will update the main post thanks, hope this helps, also i only used the link version not any newer one
Click to expand...
Click to collapse
I tried both methods, both with the same result. It's great to see however it worked for you. It means there is at least a possibility to get S-OFF on updated devices

jorgen2009 said:
I tried both methods, both with the same result. It's great to see however it worked for you. It means there is at least a possibility to get S-OFF on updated devices
Click to expand...
Click to collapse
really sorry i falsly got your hopes up, maybe ask in the fre3vo forum maybe im just getting it wrong, it was 4am here when i succeeded so its all a bit hazy

jorgen2009 said:
Thanx davidreece, great find!
Unfortunately it's not working for me I get stuck at point 5 running the fre3vo binary. I waited 20 minutes for it to complete, but it's still saying "please wait" with a blinking cursor. For the record, I'm using this rom: RUU_Saga_HTC_Europe_1.47.401.4_Radio_20.28I.30.085 AU_3805.06.02.03_M_release_199410_signed. That could be the problem perhaps.
I also noticed that the the fre3vo link from your article is a bit older then the fre3vo version on the fre3vo thread. Of course i tried that one too, but it gives the same result for me
Any ideas?
Cheers
Click to expand...
Click to collapse
Eureka i have updated the instructions jurgen also redownload my fre3vo link just in case it was different, i knew i had to do something else, please let me know if it works now

I remember seeing in the original fre3evo thread there was a series or range of hex addresses to try if the first default one didn't achieve root
Sent from my HTC Desire S using XDA Premium App

I am stuck on instructions step 5. it says unable to chmod -debug: No such file or directory. My Bootloader version is 0.98.0002. In my understanding instructions step 5 is confusing as first i wrote it with step 4 and then i realize that first write adb shell chmod 777 etc etc. Am i doing right?

maroof.saeed said:
I am stuck on instructions step 5. it says unable to chmod -debug: No such file or directory. My Bootloader version is 0.98.0002. In my understanding instructions step 5 is confusing as first i wrote it with step 4 and then i realize that first write adb shell chmod 777 etc etc. Am i doing right?
Click to expand...
Click to collapse
sorry maroof not sure whats wrong maybe ask in the original thread linked at the 1st post

maroof.saeed said:
I am stuck on instructions step 5. it says unable to chmod -debug: No such file or directory. My Bootloader version is 0.98.0002. In my understanding instructions step 5 is confusing as first i wrote it with step 4 and then i realize that first write adb shell chmod 777 etc etc. Am i doing right?
Click to expand...
Click to collapse
Hello, you're right there appears to is a slight mistake above, from my understanding of this the commands they should be entered as I've shown below from your PC within a command shell window with a <RETURN> at the end of every line.
Code:
C:\Program Files\Microsoft Support Tools> [B]adb shell [/B]
$ [B]chmod 777 /data/local/tmp/fre3vo[/B]
$ [B]chmod 777 /data/local/tmp/misc_version[/B]
$ [B]/data/local/tmp/fre3vo -debug -start FAA90000 -end FFFFFFFF[/B]

davidreece said:
sorry maroof not sure whats wrong maybe ask in the original thread linked at the 1st post
Click to expand...
Click to collapse
Thanks for the reply but the thing is that am i doing the right way as i wrote in my last thread that first i mix 4th step and fifth but then i realize and did the same as in 4th step? If its right then offcourse i 'll ask someone in the original thread.

davidreece said:
Eureka i have updated the instructions jurgen also redownload my fre3vo link just in case it was different, i knew i had to do something else, please let me know if it works now
Click to expand...
Click to collapse
That did the trick!! I'm running Saga LBC Mod as we speak!! The steps I followed after downloading the bits from the first post for this were the following:
adb push fre3vo /data/local/tmp
adb push misc_version /data/local/tmp
adb shell chmod 777 /data/local/tmp/fre3vo
adb shell chmod 777 /data/local/tmp/misc_version
reboot the phone with the cable attached to the computer
adb shell (this gives a $-prompt)
/data/local/tmp/fre3vo -debug -start FAA90000 -end FFFFFFFF (when everything is OK you'll go back to your own prompt, not the phones)
adb shell (you'll have a #-prompt now, cause the the is temp-rooted)
/data/local/tmp/misc_version -s 1.27.405.6
install the earliest RUU version you can find. I used RUU_Saga_HTC_Europe_1.28.401.1_Radio_20.28b.30.0805U_38.03.02.11_M_release_177977_signed
after rebooting your phone has the old HBOOT (0.98.0000)
enable USB Debugging (Settings - Applications - Development) and reboot the phone again
Run the AlphaRevX binary and don't install the CWM recovery, we'll use 4EXTRecovery lateron
congratulations, your phone is now S-OFF!
download the latest EXT4Recovery from here
adb reboot bootloader
fastboot flash recovery [PATH TO recovery.img]
fastboot reboot-bootloader
go to the recovery and install any ROM you like
Big thanx again to David!

glad it worked, i knew it was in there somewhere is it ok if i add your instructions to the first post to save confusion

@david
Of course it is, let the S-OFF-ing begin (again)

jorgen2009 said:
That did the trick!! I'm running Saga LBC Mod as we speak!! The steps I followed after downloading the bits from the first post for this were the following:
adb push fre3vo /data/local/tmp
adb push misc_version /data/local/tmp
adb shell chmod 777 /data/local/tmp/fre3vo
adb shell chmod 777 /data/local/tmp/misc_version
reboot the phone with the cable attached to the computer
adb shell (this gives a $-prompt)
/data/local/tmp/fre3vo -debug -start FAA90000 -end FFFFFFFF (when everything is OK you'll go back to your own prompt, not the phones)
adb shell (you'll have a #-prompt now, cause the the is temp-rooted)
/data/local/tmp/misc_version -s 1.27.405.6
install the earliest RUU version you can find. I used RUU_Saga_HTC_Europe_1.28.401.1_Radio_20.28b.30.0805U_38.03.02.11_M_release_177977_signed
after rebooting your phone has the old HBOOT (0.98.0000)
enable USB Debugging (Settings - Applications - Development) and reboot the phone again
Run the AlphaRevX binary and don't install the CWM recovery, we'll use 4EXTRecovery lateron
congratulations, your phone is now S-OFF!
download the latest EXT4Recovery from here
adb reboot bootloader
fastboot flash recovery [PATH TO recovery.img]
fastboot reboot-bootloader
go to the recovery and install any ROM you like
Big thanx again to David!
Click to expand...
Click to collapse
all worked well but while installing RUU_Saga_HTC_Europe_1.28.401.1. Its gives an error saying CUSTOMER ID Error. Now what

maroof.saeed said:
all worked well but while installing RUU_Saga_HTC_Europe_1.28.401.1. Its gives an error saying CUSTOMER ID Error. Now what
Click to expand...
Click to collapse
are you using the exe version of the ruu, if you are maybe try making your sdcard into a gold card

[ROOT] 1.85 - New, working method - ACT NOW, MAY NOT LAST FOREVER!

Silly HTC. THIS EXPLOIT MAY NOT LAST FOREVER. ATT COULD KILL THIS. DO IT NOW.
Warning: If something goes wrong, whatever you do, do NOT install the update that this process finds. If you DO, you will be stuck on 2.20 with no chance for root (currently)
What you need:
HOX on ATT 1.85
su binary from http://dl.dropbox.com/u/don'tusemeimabadsubinary
EDIT: The su binary above has issues. Use this one instead: http://dl.dropbox.com/u/9060692/su
Make sure HTC sync is NOT RUNNING (down in system tray)
Make sure phone is set to "charge only" and usb debugging is enabled!
Put su in same directory as ADB. Get to adb command prompt and cd into that directory
NEW - pull sim card
NEW - do factory reset
NEW - when reset is complete, do not replace sim, do NOT connect to wifi. Go through setup, go to settings, enable USB debugging. When that's done:
adb shell rm /data/data/com.redbend.vdmc/lib/libvd*
adb reboot
After the device reboots:
adb shell ln -s /data/local.prop /data/data/com.redbend.vdmc/lib/libvdmscomo.so
(If you get file doesn't exist after the FIRST command don't worry - they may not be there)
Now, on the phone, go to settings and check for software update. It will tell you you need to connect to network. Now, replace the SIM OR connect to wifi. Have it check for software update again. When it's done, do NOT click "yes" or "ok" on the phone. Simply:
adb shell ls -l /data/local.prop
IF AND ONLY IF you get "file not exists" or anything like that then set your phone's date 2 days ahead and reboot the phone and start over. If you get file info, you're golden. Proceed....
adb shell "echo 'ro.kernel.qemu=1' > /data/local.prop"
Now it's time to reboot
adb reboot
After phones reboots
adb remount
adb push su /system/xbin/su
adb shell chown 0.0 /system/xbin/su
adb shell chmod 06755 /system/xbin/su
adb shell rm /data/local.prop
adb reboot
Congrats, you have root. Install supersu and busybox installer from the market (or Play store).
If you pledged a bounty in the bounty thread, note the instructions here:
Please pay bounty to make a wish foundation
http://www.wish.org/help/donate
Please choose the "Make a Wish Foundation of America" (don't select a chapter). You can use Paypal as well.
Special thanks to designgears as well for being my tester and also writing the one click. He has several hours of work in this project as well. Consider a donation to him, too - http://rootzwiki.com/store
ADDED: Please let me know if this works for you!
ADDED: If you already pushed the wrong binary it's easiest just to start over with the correct binary.

SWEEEEEEEEEEET!
You have just made a lot of people. SCC/FGFD

where do we get the su binary. I have a supersu zip to gain root after unlock

Great job guys!!!

Do terminal apps need root to run? Can I do this with terminal and avoid ADB?

I got "no updates found" and permission denied...
-rw------- system system 1196598 2012-05-25 12:36 local.prop

beaups you are the ****ing best!!!

AWESOME. Thank you so much!
Where do we get su binary?
I'm thinking maybe from a rooted phone? I have a rooted HTC Inspire.

shgadwa said:
AWESOME. Thank you so much!
Where do we get su binary?
I'm thinking maybe from a rooted phone? I have a rooted HTC Inspire.
Click to expand...
Click to collapse
I added the link to op

shgadwa said:
AWESOME. Thank you so much!
Where do we get su binary?
I'm thinking maybe from a rooted phone? I have a rooted HTC Inspire.
Click to expand...
Click to collapse
It's in the op
Sent from my HTC One X using Tapatalk 2

2nd line after adb shell i get no device found. USB debugging is enabled.

Very awesome. Hard work and dedication finally paid off. Thanks to who all that contributed to this.

Omg. Awesome. Who discovered this exploit?

My brother, give us your PayPal so we can donate. This is awesome.

Anyway to put the setting up of ADB in lamens terms for some of us that aren't familiar? I am ok with the commands, I just don't know how to get ADB to command prompt and where to place the files.
---------- Post added at 05:52 PM ---------- Previous post was at 05:52 PM ----------
gunnyman said:
Omg. Awesome. Who discovered this exploit?
Click to expand...
Click to collapse
beaups and dg

I updated to op to fix a wrong instruction.

when I put in the first line it says device not found. It's weird I can boot into boot into bootloader and everything but can't do that line

gunnyman said:
Omg. Awesome. Who discovered this exploit?
Click to expand...
Click to collapse
Once we get a few success stories I'll be claiming bounty (charity).

OMG GOOD JOB!!!! Im already rooted but im proud of you guys!!! GOOD JOB!! Hopefully Me and a Simonsimons will be releasing S=OFF SOON! fingers crossed

SkizzMcNizz said:
when I put in the first line it says device not found.
Click to expand...
Click to collapse
Try again, updated instructions.

Root HTC ONE X AT&T

I welcome all and please help me.
I have HTC ONE X AT&T 1.85.502.3
USB debugging - enabled
fastboot - disable
HTCDriver3.0.0.007 -installed
HTC sync - disable
I tried this method "[ROOT] 1.85 One Click Root! - ACT NOW, MAY NOT LAST FOREVER!" http://forum.xda-developers.com/showthread.php?t=1709424
After starting the root.bat i see only:
Exploit by beaups, script by designgears
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
10 KB/s (334 bytes in 0.031s)
rm failed for /data/data/com.redbend.vdmc/lib/libvd*, No such file or directory
Go to Settings, ATT Software update, check for updates.
Waiting for device to Reboot...
Next, nothing happens.
"If you are stuck at "waiting for device to reboot" for a long time or you get "/data/local.prop was not created, exit the script, try again." followed by lots of junk, reboot your phone and push your clock forward two days, reboot, and try again."
I made as written here many times, but it did not help.
I tried this method "[ROOT] 1.85 - New, working method - ACT NOW, MAY NOT LAST FOREVER!" http://forum.xda-developers.com/showthread.php?t=1709296
I did everything by the instruction. But after entering
"adb shell rm /data/data/com.redbend.vdmc/lib/libvd*
adb shell ln -s /data/local.prop /data/data/com.redbend.vdmc/lib/libvdmscomo.so"
I see
C:\root>adb shell rm /data/data/com.redbend.vdmc/lib/libvd*
rm failed for /data/data/com.redbend.vdmc/lib/libvd*, No such file or directory
C:\root>adb shell ln -s /data/local.prop /data/data/com.redbend.vdmc/lib/libvdms
como.so
link failed File exists

Kerp setting the clock forward and retrying. It should take.

18th.abn said:
Kerp setting the clock forward and retrying. It should take.
Click to expand...
Click to collapse
Put clock on phone and the computer at 2 o'clock forward, and from the second attempt it was possible. Thanks)

[Root] Please test new rooting idea

Hi all,
well i made a small script to root Xperia devices, as it turns out more devices are affected to this.
Paul O'Brien over at Modaco tested it on his Nexus 7 [UK] and it worked, well some users in my thread over @ Xperia S section report it not working and some report it working.
I am opening this thread to get the idea why it is working for some users and why not for others.
So, as i don't have this device i cannot test it myself, so if you are a interested user or maybe a dev feel free to test it. Maybe you even get the idea why it is working on some and not on others. (BTW, are there any diffs between UK and other devices? How many firmwares are out for the device? Can i download somewhere firmware dumps?)
Paul's test: http://www.modaco.com/page/news/_/android/a-new-and-effective-root-method-for-ics-jb-r715
Best Regards

I will try it now with my UK device.
The device is STOCK, Bootloader locked and updated to the latest JB Build via OTA.
Will report back after my try.
EDIT:
It doesn't work for me:
======================================================================
= This script will root your Android phone with adb restore function =
= Script by Bin4ry (thanks to Goroh_kun and tkymgr for the idea) =
= (13.09.2012) =
======================================================================
Device type:
1) Xperia T
2) LT26,LT22 etc.
3) Other
Make a choice: 3
Normal Mode enabled!
Please connect device with ADB-Debugging enabled now....
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
1252 KB/s (1085140 bytes in 0.846s)
1039 KB/s (22364 bytes in 0.021s)
1305 KB/s (843503 bytes in 0.631s)
Please look at your device and click RESTORE!
If all is successful i will tell you, if not this shell will run forever.
Successful, going to reboot your device!
Waiting for device to show up again....
mount: permission denied (are you root?)
/system/xbin/su: cannot open for write: Read-only file system
Unable to chmod /system/xbin/su: No such file or directory
/system/app/Superuser.apk: cannot open for write: Read-only file system
Unable to chmod /system/app/Superuser.apk: No such file or directory
rm failed for /data/local.prop, No such file or directory
You can close all open command-prompts now!
After reboot all is done! Have fun with Root!
Bin4ry
Drücken Sie eine beliebige Taste . . .
Click to expand...
Click to collapse
With Version 2 I get the following output:
======================================================================
= This script will root your Android phone with adb restore function =
= Script by Bin4ry (thanks to Goroh_kun and tkymgr for the idea) =
= version 2 (14.09.2012) =
======================================================================
Device type:
1) Xperia T
2) LT26,LT22 etc.
3) Other
Make a choice: 3
Normal Mode enabled!
Please connect device with ADB-Debugging enabled now....
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
1290 KB/s (1085140 bytes in 0.821s)
992 KB/s (22364 bytes in 0.022s)
1285 KB/s (843503 bytes in 0.641s)
Please look at your device and click RESTORE!
If all is successful i will tell you, if not this shell will run forever.
rm failed for /data/data/com.android.settings/a, Permission denied
Please look at your device and click RESTORE (once again)!
If all is successful i will tell you, if not this shell will run forever.
Successful, going to reboot your device!
Waiting for device to show up again....
mount: permission denied (are you root?)
remount failed: Operation not permitted
/system/xbin/su: cannot open for write: Read-only file system
Unable to chmod /system/xbin/su: No such file or directory
/system/app/Superuser.apk: cannot open for write: Read-only file system
Unable to chmod /system/app/Superuser.apk: No such file or directory
rm failed for /data/local.prop, No such file or directory
You can close all open command-prompts now!
After reboot all is done! Have fun with Root!
Bin4ry
Drücken Sie eine beliebige Taste . . .
Click to expand...
Click to collapse
Ad Version 2: It doesn't ask me to restore 2 times. Only the first time it asks me and then the Nexus 7 reboots.

Ok thanks for this test.
Can you tell me if there is a /data/local.prop already present in you firmware version? If yes we need to alter the script a little, hopefully it can work then.
I am not sure which firmware version Paul tested, but i have a few feedbacks telling it works, so i suggest it is a firmware version "problem".
Regards

Bin4ry said:
Ok thanks for this test.
Can you tell me if there is a /data/local.prop already present in you firmware version? If yes we need to alter the script a little, hopefully it can work then.
I am not sure which firmware version Paul tested, but i have a few feedbacks telling it works, so i suggest it is a firmware version "problem".
Regards
Click to expand...
Click to collapse
Thanks for your answer.
Since I don't have root I can't answer you this question because /data is inaccessible.
The rooting success of Paul is the same as with the HTC One X. He could achieve root trough such a script with his One X, all the others couldn't.
Sent from my Nexus 7 using xda premium

Strange thing.
Can you try something for me ?
Do this manually:
adb restore stuff/fakebackup.ab
Do not click restore YET!
next command:
adb shell "while ! ln -s /data /data/data/com.android.settings/a/file99; do :; done" > NUL
this command will automatically stop when it "worked". Once this command runs please click restore on device!
Now please give me a:
adb shell "ls -ld /data"
I want to know if it changes the permissions of data folder, if all is fine it should be permissions of 777. Maybe then you can check for local.prop and if present rename or remove it
Regards

Bin4ry said:
Strange thing.
Can you try something for me ?
Do this manually:
adb restore stuff/fakebackup.ab
Do not click restore YET!
next command:
adb shell "while ! ln -s /data /data/data/com.android.settings/a/file99; do :; done" > NUL
this command will automatically stop when it "worked". Once this command runs please click restore on device!
Now please give me a:
adb shell "ls -ld /data"
I want to know if it changes the permissions of data folder, if all is fine it should be permissions of 777. Maybe then you can check for local.prop and if present rename or remove it
Regards
Click to expand...
Click to collapse
My output:
C:\Users\user\Desktop\stuff>adb devices
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
List of devices attached
xxxxxxxxxxx (censored) device
C:\Users\user\Desktop\stuff>adb restore fakebackup.ab
C:\Users\user\Desktop\stuff>adb shell "while ! ln -s /data /data/data/com.and
roid.settings/a/file99; do :; done" > NUL
C:\Users\user\Desktop\stuff>adb shell "ls -ld /data"
drwxrwx--x system system 2012-09-15 20:55 data
C:\Users\user\Desktop\stuff>
Click to expand...
Click to collapse
It seems it didn't get chmod 777

Ok thanks for the test. Too bad, it does not change the permissions, maybe there is something preventing it. For now i have no idea, but any dev can freely adapt the intial idea of the script. If someone owns this device i think it the basic idea maybe useful. As for now it seems all devices are initially vulnerable to the "problem", only a way to use it have to be found.
Regards

FYI here also, doesn't work on my fully stock 3568A-ME370T JRO03D Nexus 7

Bin4ry said:
adb shell "while ! ln -s /data /data/data/com.android.settings/a/file99; do :; done" > NUL
Click to expand...
Click to collapse
I think this, and things similar to this, are your problem as you already need root to access those folders.
Without root any running app/process is only allowed to access it's own subfolder in /data/data, nothing else.

This kind of works for me, clockwork mod says I'm rooted but titanium backup says I'm not.
I can't install clockwork mod recovery from the app. Something about assigning permissions.
My boot loader is unlocked. Dunno if that helps.
Sent from my Nexus 7 using xda app-developers app

Have you got Superuser or SuperSU installed?
Sent from my Nexus 7 using my toiletpaper

Yes SuperUser only because the script bin4ry posted contains the superuser.apk and installs it.

HellcatDroid said:
I think this, and things similar to this, are your problem as you already need root to access those folders.
Without root any running app/process is only allowed to access it's own subfolder in /data/data, nothing else.
Click to expand...
Click to collapse
This is not true, it is exactly the trick my scipt uses, in the moment you press restore in the Android Restore Service you will gain access to the partition
@Spazz Monk3y: I added v9 maybe it works now properly, in some old versions i had a nasty bug for giving permissions to su binary. Introduced because i wanted to make a singleline command and forgot atleast 1 command inside my line :crying:
Regards

Code:
mount: permission denied (are you root?)
With v9 and German Nexus 7

Nex 7 is really crazy, you some working some dont. i have no idea -.-

Welcome bin4ry! I remember you from my x10 days! Glad to see you doing well.
Sent from my Nexus 7 using XDA Premium HD app