Related
All credit for the binary goes to Sebastian Krahmer at http://c-skills.blogspot.com/. Please see fit to donate via Paypal to [email protected]
If you want a simpler 'one-click' process, go to this thread: Easier 1-2-3 Droid 2 Root for Windows / Linux / Mac
***NOTE: Proceed at your own risk. I and the providers of this code are not responsible for anything you do to your phone!***
Setup:
- Install adb (here) and Motorola drivers for windows(32-bit or 64-bit)
- Download attached archive
- Extract to a directory, I used c:\Droid2Root
- Make sure you have USB degugging enabled
- Change connection to PC Mode
Process:
- Open command prompt
- cd c:/wherever-your-sdk-tools-folder-is
- adb devices (to verify the connection)
- cd c:/Droid2Root
- adb push Superuser.apk /sdcard/Superuser.apk
- adb push su /sdcard/su
- adb push busybox /sdcard/busybox
- adb push rageagainstthecage-arm5.bin /data/local/tmp/rageagainstthecage-arm5.bin
- adb shell
- cd data/local/tmp
- chmod 0755 rageagainstthecage-arm5.bin
- ./rageagainstthecage-arm5.bin
- let the process run until it 'kicks' you out (may take a minute or two) to c:/Droid2Root
- cd c:/wherever-your-sdk-tools-folder-is
- adb kill-server
- adb devices (to verify the connection)
- adb shell (you should now have a # prompt, if not return to ./rage step above)
- mount -o rw,remount -t ext3 /dev/block/mmcblk1p21 /system
- cp /sdcard/Superuser.apk /system/app/Superuser.apk
- cp /sdcard/su /system/bin/su
- cp /sdcard/busybox /system/bin/busybox
- chmod 4755 /system/bin/su
- chmod 4755 /system/bin/busybox
- mount -o ro,remount -t ext3 /dev/block/mmcblk1p21 /system
- exit
- exit
I'm sure there are certain steps that could be streamlined or eliminated, so please feel free to make a suggestion and I'll edit the post.
Additional thanks to @rainabba and AllDroid.org for their excellent Droid X rooting tutorial, which assisted me greatly in this process.
waiting for a recovery, glad to see its rooted
Android n00b here, I can remove the Verizon crapware with this right? And tether?
thelolotov said:
Android n00b here, I can remove the Verizon crapware with this right? And tether?
Click to expand...
Click to collapse
yes and yes
thelolotov said:
Android n00b here, I can remove the Verizon crapware with this right? And tether?
Click to expand...
Click to collapse
I wouldn't remove anything yet since we don't have a sbf file to recover from partial bricks. However, tethering and any other apps that require root can be used now.
I'm new to doing this all the adb way.
When you say extract to a directory what do you mean to extract. After it downloads the achive files its done.....
i understand the rest of the commands but im lost there
Hmm, alright, that's still worth it, will I lose my data/have to hard reset to root?
Right click the downloaded archive and "extract files". You need to do this so adb can push them to the phone.
thelolotov said:
Hmm, alright, that's still worth it, will I lose my data/have to hard reset to root?
Click to expand...
Click to collapse
Nope, it just gives you access. Nothing deleted.
I'm retarded i didnt realize it was attached to the post, i thought it was what adb downloaded when i first opened it cause it called them archives.
cannot access
I got as far as pushing super user su and busy box onto my phone but it says that system in read only.. how do i fix this?
Anybody actually try this?
Hello,
I am following your directions and when I get to the "adb push Superuser.apk" step I receive the following error:
"failed to copy 'Superuser.apk' to '/system/app/Superuser.apk': Read-only file system"
I get this same error for the other adb push steps that follow.
Edit: To verify, I get a # shell.
Edit 2: I tried pushing the Superuser.apk to /data/local/tmp then cp to /system/app/, this also popped up a read-only file system error.
I'm currently trying it.
I have a 64 bit driver on my computer that i used to use for my D1 but it doesn't recognize my D2 when doing adb devices and i cant install the 32 bit driver
GSletta said:
I got as far as pushing super user su and busy box onto my phone but it says that system in read only.. how do i fix this?
Click to expand...
Click to collapse
Did you verify you have the # prompt three steps before that?
Yeah i get the # but it wont let me push superuser su and busybox
GSletta said:
Yeah i get the # but it wont let me push superuser su and busybox
Click to expand...
Click to collapse
Weird.. I didn't need to mount the system manually, but let me if there's a step I left out.
and some more screens (feel free to use in first post):
http://i.imgur.com/nPllt.jpg
http://i.imgur.com/COTEA.jpg
http://i.imgur.com/open3.jpg
djh816 said:
and some more screens (feel free to use in first post):
http://i.imgur.com/nPllt.jpg
http://i.imgur.com/COTEA.jpg
http://i.imgur.com/open3.jpg
Click to expand...
Click to collapse
Did you add any steps to mount the system? I don't believe I did, but it seems others are finding it to be read-only.
jerseyh22accord said:
I'm currently trying it.
I have a 64 bit driver on my computer that i used to use for my D1 but it doesn't recognize my D2 when doing adb devices and i cant install the 32 bit driver
Click to expand...
Click to collapse
Don't know if it will help you, but if it's anything like the DInc, you could just use the SDK's drivers and add a few device identifier lines to the INF file before installing them.
Update: One click root has been using this "simple" method since version 2.2.7. If you're rooting your phone for the first time, please try that first. Consider this thread to be purely informational for those who want step-by-step details of how the process works.
I've been suspicious of the joeykrim root method since it was first posted at SDX. I finally got my Epic yesterday and confirmed that is, indeed unnecessary. I don't fault joeykrim though, he ported the working root method from the Moment to the Epic without actually having access to an Epic himself.
Anyways, the joeykrim root method is unnecessarilly complex becuase it works around an RFS permissions bug which loses the setuid bit on the Moment. It appears the Galaxy S phones have this bug fixed, which is why the root methods on the I9000, Vibrant, Captivate, Fascinate, etc., are much simpler.
So, for the simple root:
First, make sure joeykrim root is not installed.
Upgrade to DI18 (not strictly necessary, but you'll want to do it).
Setup a working adb from the Android SDK and whatever drivers are necessary for your platform.
Download rageagainstthecage-arm5.bin from the C skills blog (link removed due to my newbieness) or from any of the one-click root packages.
Download su-2.3.6.1-ef-signed.zip and extract "system/bin/su" and "system/app/Superuser.apk" to a temporary directory you'll be working from.
Enable USB debugging on your phone and connect it to your computer.
Now, open a command prompt/shell on your computer and cd to the appropriate temporary directory. Run:
Code:
adb push rageagainstthecage-arm5.bin /data/local/tmp
adb shell chmod 755 /data/local/tmp/rageagainstthecage-arm5.bin
adb shell /data/local/tmp/rageagainstthecage-arm5.bin
and confirm you have a working root shell. Then continue with:
Code:
adb push su /system/xbin
adb shell chmod 4755 /system/xbin/su
adb install Superuser.apk
That's it! You should have a working root via su & the Superuser package. At least, I did.
Note that the preceeding steps installs Superuser.apk to /data, which is what I prefer to do. This means if you do a "Factory data reset" su will be temporarilly broken until you reinstall the Superuser.apk package. Since installing the package itself doesn't require root, this is easily done after a /data reset.
Also note that I did not perform a /system remount-rw anywhere. At least on my Epic, /system appears to always be mounted read-write so it's an unnecessary step. It's actually the "joeykrim-root.sh" script that remounts /system read-only during the boot process, which is why folks who don't use root kernels have run into this problem before. I'm not sure why joeykrim's script does that, I guess he probably assumed /system is mounted read-only by default. There's arguments that /system should be read-only, but I didn't touch it in case some Samsung stuff depends on it being read-write.
Finally, if you're already rooted via joeykrim or are running a root kernel, there's nothing really to be gained by doing this. I'm just throwing this out there as I perfer to make the minimum invasive changes possible to obtain root.
Wow, that was really informative. To check for Super user you:
Type: adb shell
then type: SU
You should get a # sign if you have root. Correct?
In the original Noobln post method would the Epic keep root even after a wipe therefore not needing to re-apply the superuser apk again? That might be a reason why folks would want to go the more invasive route (considering rooters seems to change ROMS fairly often which requires wipes sometimes). Either way, keeping a copy of the apk file on your SD card is no big deal.
mkasick said:
Also note that I did not perform a /system remount-rw anywhere. At least on my Epic, /system appears to always be mounted read-write so it's an unnecessary step. It's actually the "joeykrim-root.sh" script that remounts /system read-only during the boot process, which is why folks who don't use root kernels have run into this problem before. I'm not sure why joeykrim's script does that, I guess he probably assumed /system is mounted read-only by default. There's arguments that /system should be read-only, but I didn't touch it in case some Samsung stuff depends on it being read-write.
Click to expand...
Click to collapse
This explains a lot of problems! thanks
EDIT- another noob question- why do you prefer to have superuser installed to /system/data- why not put it in /system/app? Also if I want to install busybox where is the best location to put it?
ZenInsight said:
Wow, that was really informative. To check for Super user you:
Type: adb shell
then type: SU
You should get a # sign if you have root. Correct?
Click to expand...
Click to collapse
Once you run rageagainstthecage-arm5.bin, you should get a root-shell automatically every time you run "adb shell" after until you reboot the phone. Yes, you can tell it's a root shell since it uses the "#" prompt. This is the important part to check, since if the exploit doesn't work, you'll have to run it again. But I haven't seen it not work.
After su is installed and you reboot, your steps are correct: run "adb shell", run "su", then you'll be prompted on the phone scren to authorize access and once you allow it you'll end up with a "#" prompt.
ZenInsight said:
In the original Noobln post method would the Epic keep root even after a wipe therefore not needing to re-apply the superuser apk again?
Click to expand...
Click to collapse
noobnl installs Superuser.apk to /system, you can do that here too. Just replace the "adb install Superuser.apk" step with "adb push Superuser.apk /system/app". It's independent of the joeykrim scripts.
With my captivate we have many update.zip root methods to choose from. Any chance this will be coming to the epic? Have a friend with an epic and command lines would be too much and one click didn't work.
Sent from my SAMSUNG-SGH-I897 using XDA App
jimmyz said:
why do you prefer to have superuser installed to /system/data- why not put it in /system/app?
Click to expand...
Click to collapse
I prefer to keep consistent with the idea that user-installed applications go in /data, and stock-installed-and-unmodified applications remain in /system/app. This way, upgrading Superuser.apk doesn't require a root-shell/root-explorer, you can remove it or upgrade it the way you do with any user installed application--adb install, side-loading via an sdcard, or downloading it from the market.
Plus, in general I prefer to keep my /system as untouched as possible. For example, I don't remove stock apps either. The "su" binary has to be installed in /system to persist after a /data wipe, and busybox is best installed to /system so it's in PATH (haven't looked into modifying the default PATH yet). Otherwise I try to keep /system alone.
jimmyz said:
Also if I want to install busybox where is the best location to put it?
Click to expand...
Click to collapse
Android's default PATH provides four places for busybox to be installed: /sbin, /system/bin, /system/sbin, and /system/xbin. /sbin is part of the initramfs, in other words it's controlled by the kernel you're running. You can install busybox to any of the three /system/*bin directories, but I prefer /system/xbin.
In the traditional Unix conventions, "/usr/bin" is for user-runnable stock-installed programs, and "/usr/sbin" is for root-requiring (superuser-runnable) stock-installed programs. "xbin" isn't part of the standard convention, but I'd guess it's intended for "extra binaries" that are not part of the stock installation (much like /usr/local/bin), thus it seems like an appropriate location for a user-added "su" and "busybox" programs.
The second reason is that "xbin" is relatively empty, so if you want to create the applet symlinks (i.e., so that you can call "cp" instead of "buybox cp") it won't overwrite the stock toolbox symlinks. Also, since "xbin" is last on the default PATH, any programs provided by both toolbox and busybox will default to the toolbox version--which would be important for stock system scripts that might run into compatibility issues if they were to use the busybox versions instead.
To install busybox, grab a copy of the binary from somewhere (one click packages, a copy of stericson.busybox.apk, etc.). Then, once rooted run:
Code:
adb push busybox /data/local/tmp
adb shell
su # Authorize on phone screen
cat /data/local/tmp/busybox > /system/xbin/busybox
chown root.shell /system/xbin/busybox
chmod 755 /system/xbin/busybox
rm /data/local/tmp/busybox
/system/xbin/busybox --install -s /system/xbin
jhnstn00 said:
With my captivate we have many update.zip root methods to choose from. Any chance this will be coming to the epic?
Click to expand...
Click to collapse
I don't believe so. The I9000/Vibrant/Captivate have recoveries that don't check the signature of update.zip (as I understand, or maybe they do but only require test keys) which makes rooting-via-recovery possible. Unfortuntaely the Epic and Fascinate do perform signature checks, so we can't enable root via stock-recovery.
That said, the Fascinate one-click methods should also work on the Epic. Although depending on why your friend couldn't get the Epic one-click to work, the Fascinate one may not work either.
mkasick said:
I prefer to keep consistent with the idea that user-installed applications go in /data, and stock-installed-and-unmodified applications remain in /system/app. This way, upgrading Superuser.apk doesn't require a root-shell/root-explorer, you can remove it or upgrade it the way you do with any user installed application--adb install, side-loading via an sdcard, or downloading it from the market.
Plus, in general I prefer to keep my /system as untouched as possible. For example, I don't remove stock apps either. The "su" binary has to be installed in /system to persist after a /data wipe, and busybox is best installed to /system so it's in PATH (haven't looked into modifying the default PATH yet). Otherwise I try to keep /system alone.
Android's default PATH provides four places for busybox to be installed: /sbin, /system/bin, /system/sbin, and /system/xbin. /sbin is part of the initramfs, in other words it's controlled by the kernel you're running. You can install busybox to any of the three /system/*bin directories, but I prefer /system/xbin.
In the traditional Unix conventions, "/usr/bin" is for user-runnable stock-installed programs, and "/usr/sbin" is for root-requiring (superuser-runnable) stock-installed programs. "xbin" isn't part of the standard convention, but I'd guess it's intended for "extra binaries" that are not part of the stock installation (much like /usr/local/bin), thus it seems like an appropriate location for a user-added "su" and "busybox" programs.
The second reason is that "xbin" is relatively empty, so if you want to create the applet symlinks (i.e., so that you can call "cp" instead of "buybox cp") it won't overwrite the stock toolbox symlinks. Also, since "xbin" is last on the default PATH, any programs provided by both toolbox and busybox will default to the toolbox version--which would be important for stock system scripts that might run into compatibility issues if they were to use the busybox versions instead.
To install busybox, grab a copy of the binary from somewhere (one click packages, a copy of stericson.busybox.apk, etc.). Then, once rooted run:
Code:
adb push busybox /data/local/tmp
adb shell
su # Authorize on phone screen
cat /data/local/tmp/busybox > /system/xbin/busybox
chown root.shell /system/xbin/busybox
chmod 755 /system/xbin/busybox
rm /data/local/tmp/busybox
/system/xbin/busybox --install -s /system/xbin
Click to expand...
Click to collapse
You sir are a true gentleman! Thank you for the informative answers- its great to have you over here! I have one more question- why can't I usually push directly to /system ?
jimmyz said:
why can't I usually push directly to /system ?
Click to expand...
Click to collapse
Pushing directly to /system requires running the adb service on the phone as the root user, so that it has permissions to write to that directory. Usually adb runs on the phone unprivileged, so you can only push to world-writable directories.
Running rageagainstthecage-arm5.bin actually changes this. The exploit forces the adb service to run as the root user, which is why "adb shell" gives you a root shell and "adb push" to /system does work, until the phone is restarted.
Interesting enough, the adb service also runs as root by default in the Android emulator. So there's probably a configuration setting, somewhere, to make it do that. In general it's safer to run adb unprivileged though, and "su" to move files to /system once uploaded elsewhere on the phoe.
mkasick said:
Pushing directly to /system requires running the adb service on the phone as the root user, so that it has permissions to write to that directory. Usually adb runs on the phone unprivileged, so you can only push to world-writable directories.
Running rageagainstthecage-arm5.bin actually changes this. The exploit forces the adb service to run as the root user, which is why "adb shell" gives you a root shell and "adb push" to /system does work, until the phone is restarted.
Interesting enough, the adb service also runs as root by default in the Android emulator. So there's probably a configuration setting, somewhere, to make it do that. In general it's safer to run adb unprivileged though, and "su" to move files to /system once uploaded elsewhere on the phoe.
Click to expand...
Click to collapse
I am learning a lot!!! Could you take a look at koush's kernel here, with it I noticed that when using adb I got the # prompt right away and was able to push to /system- maybe he was able to figure out the config settings? Once again thanks!!!
one more ? (feel free to ignore this one) what actually happens when you do
Code:
adb shell /data/local/tmp/rageagainstthecage-arm5.bin
and how does that give you permanent root?
mkasick said:
Pushing directly to /system requires running the adb service on the phone as the root user, so that it has permissions to write to that directory. Usually adb runs on the phone unprivileged, so you can only push to world-writable directories.
Running rageagainstthecage-arm5.bin actually changes this. The exploit forces the adb service to run as the root user, which is why "adb shell" gives you a root shell and "adb push" to /system does work, until the phone is restarted.
Interesting enough, the adb service also runs as root by default in the Android emulator. So there's probably a configuration setting, somewhere, to make it do that. In general it's safer to run adb unprivileged though, and "su" to move files to /system once uploaded elsewhere on the phoe.
Click to expand...
Click to collapse
It is indeed a config option in default.prop. However, this is in the initramfs and you can't change it on the fly, so you need to rebuild the kernel to change it. With some work you can modify the stock kernel to do it, but I personally haven't tried it.
Sent from my Epic 4G using XDA App
Thank you, this worked perfectly for me, running stock DI18 ROM that I flashed tonight!!! I confirmed by installing the wireless tethering pre-9 apk, and successfully ran the wireless tethering without any errors.
Quick question: do we need to do this after root or is it not needed?
NEEDED?? ===> SuperUser App to help with Security Concerns for the Epic - h**p://forum.sdx-developers.com/epic-development/superuser-app-to-help-with-security-concerns/
Also, Titanium Backup failed to work - it gave an error of denied root access, and said busybox was not installed. What needs to be done to make it work? Do I need to install clockwork mod (not exactly sure what it does though) or a custom ROM?
AndroidSPCS said:
Quick question: do we need to do this after root or is it not needed?
Click to expand...
Click to collapse
Not sure exactly what you're asking. This is an alternative to the joeykrim-based one-click roots and rooted kernels. If you already have one of those this isn't really necessary.
AndroidSPCS said:
NEEDED?? ===> SuperUser App
Click to expand...
Click to collapse
Yes, the su binary used here requires the Supruser appto be installed to authorize su requests. Otherwise they'll always be denied. Other su binaries might not require it, but then all apps have root access which isn't really a good thing.
AndroidSPCS said:
Also, Titanium Backup failed to work - it gave an error of denied root access, and said busybox was not installed. What needs to be done to make it work?
Click to expand...
Click to collapse
Did you authorize Titanium Backup when the Superuser prompt came up (requies the Superuser app to be instald too)?
Titanium Backup has an option to download and install it's preferred version of busybox. Follow the prompts to do that.
mkasick said:
Not sure exactly what you're asking. This is an alternative to the joeykrim-based one-click roots and rooted kernels. If you already have one of those this isn't really necessary.
Click to expand...
Click to collapse
Thanks, actually this was referring to the thread where the instructions for going to adb shell or terminal and typing in the following commands:
adb shell
su
mount -t rfs -o remount,rw /dev/block/stl9 /system
cp /system/bin/su /system/bin/jk-su
exit
Yes, the su binary used here requires the Supruser appto be installed to authorize su requests. Otherwise they'll always be denied. Other su binaries might not require it, but then all apps have root access which isn't really a good thing.
Click to expand...
Click to collapse
Yes same as above, the question is not whether we need SU app (I know we do), but whether we needed to type the additional commands:
adb shell
su
mount -t rfs -o remount,rw /dev/block/stl9 /system
cp /system/bin/su /system/bin/jk-su
exit
What do these commands do? It seems to me my Superuser app is working fine with wifi tether - popping up with allow / disable permission boxes, etc. Do these commands add something else to Superuser?
Did you authorize Titanium Backup when the Superuser prompt came up (requies the Superuser app to be instald too)?
Titanium Backup has an option to download and install it's preferred version of busybox. Follow the prompts to do that.
Click to expand...
Click to collapse
There was no Superuser prompt during the install of the app, nor anytime when it said it had a failure with root access. However there is an option to install BusyBox, which I have not done yet, because I am not sure what busybox is, or what it does. I'd like to find out why I need it and what it does, so I can feel comfortable with installing it.
Thanks again.
echo "root::0:0:root:/data/local:/system/bin/sh" > /etc/passwd
echo "root::0:" > /etc/group
you need to do that in a shell to make sure su works properly.
I'm updating the one click root right now to be less silly.
http://forum.xda-developers.com/showpost.php?p=8543226&postcount=455
I just cleaned up the one click root to not do many of the silly things joeykrim's root does. It also means your system will be mounted as rw after a reboot and it won't overwrite your su with jk-su every boot (no more modified playlogo).
Cleaned up all the old stuff from the root so it should work fine even if you were using one of the older one clicks. I made sure su works, incl titanium backup.
I'm still installing superuser.apk to /system/app because I think it belongs there.
Thanks for doing the footwork, mkasick!
Firon said:
http://forum.xda-developers.com/showpost.php?p=8543226&postcount=455
I just cleaned up the one click root to not do many of the silly things joeykrim's root does. It also means your system will be mounted as rw after a reboot and it won't overwrite your su with jk-su every boot (no more modified playlogo).
Cleaned up all the old stuff from the root so it should work fine even if you were using one of the older one clicks. I made sure su works, incl titanium backup.
I'm still installing superuser.apk to /system/app because I think it belongs there.
Thanks for doing the footwork, mkasick!
Click to expand...
Click to collapse
Firon- why are these lines still needed?
Code:
adb push playlogo /system/bin/playlogo
what is playlogo? Does this just put the stock one back in case you used the joeykrim method in the past?
Code:
adb push remount /system/xbin/remount
Are the remount scripts still needed?
Code:
adb shell ln -s /system/xbin/su /system/bin/su
why is this link needed? why cant su just be in xbin
thanks in advance!
Code:
jimmyz said:
Firon- why are these lines still needed?
Code:
adb push playlogo /system/bin/playlogo
what is playlogo? Does this just put the stock one back in case you used the joeykrim method in the past?
Click to expand...
Click to collapse
This is just pushing the stock playlogo, since joeykrim's method overwrites it with some custom script.
Code:
adb push remount /system/xbin/remount
Are the remount scripts still needed?
Click to expand...
Click to collapse
The script allows you to easily remount system as ro or rw at will. Why not?
Code:
adb shell ln -s /system/xbin/su /system/bin/su
why is this link needed? why cant su just be in xbin
Click to expand...
Click to collapse
I don't know if any apps depend on it being in a particular location. It is in xbin, but I'm also linking it to /system/bin to be safe.
AndroidSPCS said:
What do these commands do? It seems to me my Superuser app is working fine with wifi tether - popping up with allow / disable permission boxes, etc. Do these commands add something else to Superuser?
Click to expand...
Click to collapse
These commands were necessary to get Superuser working with the old joeykrim root method. They're not necessary with this method (or the newly released one-click). In other words, if wifi-tethering is already working for you, nothing further is needed to be done.
AndroidSPCS said:
There was no Superuser prompt during the install of the app, nor anytime when it said it had a failure with root access.
Click to expand...
Click to collapse
I don't actually use TitaniumBackup. I'm not sure why its superuser-requirements would be different from other apps, but I guess it is. The new one-click appears to address this.
AndroidSPCS said:
However there is an option to install BusyBox, which I have not done yet, because I am not sure what busybox is, or what it does. I'd like to find out why I need it and what it does, so I can feel comfortable with installing it.
Click to expand...
Click to collapse
Busybox is a suite of "familar" Unix command-line utilites (things like cp (copy), mv (move), ls (list), etc.). It targets embedded platforms by being very featureful, yet relatively small. It's installed and used on a wide variety of embedded devices including wireless routers, print servers, phones, even televisions.
Oddly enough, Android does not include busybox by default. Instead it comes with it's own utility-programs-package called "toolbox" that isn't nearly as featureful, and quickly becomes a pain to use. Some programs, like TitaniumBackup depend on busybox programs/features, and thus require it's installation. It's safe.
The only problem with busybox is that there's not one single version of it. There's multiple builds of it from the same source code with different sets of features turned on and off. In the past, some folks had a version of busybox installed that didn't contain all the features necessary to support TitaniumBackup, so they added the option to install their own version. It's installed in a separate location, so it won't overwrite any version you do have installed, and it's safe to do. But if you've already installed another version of busybox that does work, then it may be unnecessary.
I did the Jokeyrim method a few days ago. I installed a new kernal and now a new ROM. All seems ok, but ow when I do the "whoami" command in adb shell I get whoami not found. I don't think I'm really rooted anymore. Any attempt to reinstall the Jokeyrim root script results in failure (mostly "device not found" errors). When in adb shell, most commands I type now are either "not found" or "permission denied", so I'm not confident that I'm really rooted now.
Since I have / had Jokeyrim installed, how can I "uninstall" it so that I can use this method of rooting instead? BTW, the newest Clockworkmod is installed and working.
Do I need to flash to stock first? Sorry, but I'm a VERY STOOPID NOOB.
Okay, this was my first time trying to root my phone and it would figure that non of the automated methods worked for me. Still, I was able to get root on my US Cellular Samsung Galaxy S Mesmerize (SCH-i500 for the kids keeping track at home) and these are the steps that I took. I hope this helps others who may be scratching their head wondering what to do when the developers haven't gotten around to (read: forsaken) us.
The nice thing about this method is that it doesn't require Windows (though you still do download SuperOneClick).
NOTE: This is only for an officially updated Mesmerize. Rooting is unnecessary for the leaked version.
APOLOGY: I can't post any links to anything outside the forum as I am a newer member, so, sorry for not being able to post URLs.
1. Download the Android SDK from the Android developer website and install/unzip it. You may need to add the path to the adb tool (found under platform-tools for me) to your PATH variable.
2. Download the SuperOneClick tool and unzip it
3a. If you are using Windows, then make sure to install the drivers for your phone. I don't have Windows, so don't ask me which file to download. Sorry.
3b. Enable USB Debugging on your phone (Settings->Applications->Development->Check "USB Debugging").
4. Connect your phone to your computer using the USB cable
5. Open a shell (or command prompt on Windows) and change directories to where you unzipped SuperOneClick
6. Run the following commands to copy files to your device
A. adb push psneuter /data/local/tmp/psneuter
B. adb push busybox /sdcard/busybox
C. adb push su-v2 /sdcard/su
NOTE: A quick note of each of these files.
A. psneuter - an exploit to gain root access temporarily on your phone
B. busybox - a compilation of common unix commands to help you along the CLI world
C. su - the super-user command used to gain elevated privileges
7. Run the following command to get a command line interface to your device
adb shell
At this point, you should see a $ prompt indicating that you are on your phone.
From here, you will change directories to where you put the exploit, change the permissions so you can run it, copy over the files that we need to sustain root access, and finally, install the Superuser.apk app so that you can manage root access from the UI.
Execute the following commands:
$ cd /data/local/tmp
$ chmod 777 psneuter
$ ./psneuter
Here, you will be disconnected from your device. This is normal. Just run "adb shell" again to get back in, though now, you will notice that the prompt has changed to a #. The following commands will reflect that.
# mount -t rfs -o remount,rw /dev/block/st19 /system
# cd /system/xbin
# cat /sdcard/busybox > busybox
# cat /sdcard/su > su
# chmod 4755 busybox
# chmod 4755 su
# exit
Now, you will be back on your computer. Type the following to install the Superuser.apk app.
adb install Superuser.apk
That should do it! You now have root access. Go ahead and try to install Titanium Backup (requires root). You can also install a terminal app or anything else.
I hope this helps. Report your successes/failures in the comments.
I used the eacy one click to root phone. I would like to unroot it now. I am having touch screen freezing problem. I need to start removing applications to see which one is causing the problem or if it is a hardware issue or software.
I downloaded the zip file 1-click_exploit. I expanded the files and ran the application. I have read that there is an option to uninstall with in that file but I don't see one. Where do I find it. If I just do a factory reset will it remove it? If I do a reset do I have to repurchase all of my apps?
Thank you in advance!
A factory data reset will not remove root.
Also, a reset does not delete your purchases. They are all stored in your google account. So, if they do get deleted, just reinstall them.
As far as unrooting, I do not know. Someone else may chime in here...probably going to tell you to post in the Q&A section as well.
Doesn't the one-click have an un-root feature?
Sent from my bootloader-locked MB865.
The one click method also has an un root option in the folder.
Sent from my MB865 using xda app-developers app
Generally the only trace rooting leaves is a setuid binary "su" in /system/bin. And Superuser.apk to manage permission which apps get to invoke the binary. So unrooting involves uninstalling Superuser application and removing the su binary. If you want to do it by hand: (1) adb remount (2) adb shell (3) su (4) rm /system/bin/su
kousik said:
Generally the only trace rooting leaves is a setuid binary "su" in /system/bin. And Superuser.apk to manage permission which apps get to invoke the binary. So unrooting involves uninstalling Superuser application and removing the su binary. If you want to do it by hand: (1) adb remount (2) adb shell (3) su (4) rm /system/bin/su
Click to expand...
Click to collapse
I have no idea what the above manual steps are for. I can uninstall the application but where and how do I remove the su binary. On the phone? Please send directions for a non technical type of user.
Thank you!
MaTrixJ said:
The one click method also has an un root option in the folder.
Sent from my MB865 using xda app-developers app
Click to expand...
Click to collapse
Not sure where in the the following files in 1-click_exploit is the unroot option.I have attached a list of the files in the download.
bushbaum said:
Not sure where in the the following files in 1-click_exploit is the unroot option.I have attached a list of the files in the download.
Click to expand...
Click to collapse
Out of these files, adb.exe and .dll files are left in your windows PC. Not sure if they are deleted afterwards, if not, you can always unzip the above into a directory. You'll need the adb and the dll files.
The su and superuser.apk are two files that are pushed to your phone that provides the root functionality.
The zerg file is the exploit payload temporarily used to root your phone, and removed later by the script.
So if you have unzipped these into a directory, connect your phone via USB (make sure usb debugging is on), and run the commands
Code:
adb.exe remount
adb.exe shell
su // superuser may pop a permission request on phone screen
rm /system/bin/su
rm /system/app/Superuser.apk
exit
kousik said:
Out of these files, adb.exe and .dll files are left in your windows PC. Not sure if they are deleted afterwards, if not, you can always unzip the above into a directory. You'll need the adb and the dll files.
The su and superuser.apk are two files that are pushed to your phone that provides the root functionality.
The zerg file is the exploit payload temporarily used to root your phone, and removed later by the script.
So if you have unzipped these into a directory, connect your phone via USB (make sure usb debugging is on), and run the commands
Code:
adb.exe remount
adb.exe shell
su // superuser may pop a permission request on phone screen
rm /system/bin/wu
rm /system/app/Superuser.apk
exit
Click to expand...
Click to collapse
What mode is my usb connection? charge only? I have the phone setting usb setting on. I run the commands (using the run command in windows accessories). When I go run "adb.exe remount" the black command screen blinks on screen so then under I go to run again and entered "adb.exe shell" the run command screen opens up with [email protected]:/$ I put in "su" After I entered the command rm system/bin/wu I get a "read only error" how do I change from read only?
Sorry for all these questions but I warned you that I was not a technical user. Thanks
bushbaum said:
What mode is my usb connection? charge only? I have the phone setting usb setting on. I run the commands (using the run command in windows accessories). When I go run "adb.exe remount" the black command screen blinks on screen so then under I go to run again and entered "adb.exe shell" the run command screen opens up with [email protected]:/$ I put in "su" After I entered the command rm system/bin/wu I get a "read only error" how do I change from read only?
Sorry for all these questions but I warned you that I was not a technical user. Thanks
Click to expand...
Click to collapse
I was wondering do I have to have the elite version superuser installed to grant permission to system? I just have the free version.
bushbaum said:
What mode is my usb connection? charge only? I have the phone setting usb setting on. I run the commands (using the run command in windows accessories). When I go run "adb.exe remount" the black command screen blinks on screen so then under I go to run again and entered "adb.exe shell" the run command screen opens up with [email protected]:/$ I put in "su" After I entered the command rm system/bin/wu I get a "read only error" how do I change from read only?
Click to expand...
Click to collapse
1. yes -- charge only
2. it is better to open a command prompt -- in run commands type in "cmd" which'll give you a shell, easy to track command outputs
3. in that shell cd to the directory you unzipped and run "adb.exe remount"
4. Unless it says "remount succeeded" further operations won't succeed
5. After you execute "su" your prompt will change from $ to # ... is this happening?
6. Only on # prompt, you can do "rm /system/bin/su" ... that too only if remount succeeded
Let us know at which step it fails.
kousik said:
1. yes -- charge only
2. it is better to open a command prompt -- in run commands type in "cmd" which'll give you a shell, easy to track command outputs
3. in that shell cd to the directory you unzipped and run "adb.exe remount"
4. Unless it says "remount succeeded" further operations won't succeed
5. After you execute "su" your prompt will change from $ to # ... is this happening?
6. Only on # prompt, you can do "rm /system/bin/su" ... that too only if remount succeeded
Let us know at which step it fails.
Click to expand...
Click to collapse
I get the following error after entering the run "adb.exe remount"
*daemon not running starting it now*
*daemon started successfully*
remount failed: operation not permitted
bushbaum said:
I get the following error after entering the run "adb.exe remount"
*daemon not running starting it now*
*daemon started successfully*
remount failed: operation not permitted
Click to expand...
Click to collapse
Then try remounting manually:
Code:
C:\> adb.exe shell
edison$/ su
edison#/ mount -o remount,rw /dev/block/system /system
Afterwards proceed with rest of the script.
This is a work metod for root your not unlocked phone !
I find a solution after update to last new version
Download this : http://forum.xda-developers.com/showthread.php?t=2143437
After download and share fail with samba windows or mac sharing, you need to mount from file manage > remote storage
After fix permission go to adb folder and type :
"adb shell"
"cd /mnt/rfs0"
"./su"
"cd /"
"ln -s /mnt /storage"
Next step go to console and type :
adb kill-server
adb shell /storage/rfs0/pwn
Next : Install apk package from phone , Reboot Phone and now your phone is rooted!
Update from Play Market SuperSu and go.
Best regards,
m.
micron said:
This is a work metod for root your not unlocked phone !
I find a solution after update to last new version
Download this : http://forum.xda-developers.com/showthread.php?t=2143437
After download and share fail with samba windows or mac sharing, you need to mount from file manage > remote storage
After fix permission go to adb folder and type :
"adb shell"
"cd /mnt/rfs0"
"./su"
"cd /"
"ln -s /mnt /storage"
Next step go to console and type :
adb kill-server
adb shell /storage/rfs0/pwn
Next : Install apk package from phone , Reboot Phone and now your phone is rooted!
Update from Play Market SuperSu and go.
Best regards,
m.
Click to expand...
Click to collapse
lol if i saw this earlier i might not have unlocked my boot loader today. =) hope someone can try this
I gave this a try earlier today. I scoured through the forum to find that the new Ubuntu doesn't install ADB drivers by default, so you need to do this manually.
Anyway, I attempted to do it and got all the way to ./su. It then prompted me with the message "./su cannot execute - Permission denied". Obviously from there I can't link /mnt to /storage and I can't run pwn because it looks for the /storage folder.
If you have any suggestions how to get ./su running, let me know.
rykin said:
I gave this a try earlier today. I scoured through the forum to find that the new Ubuntu doesn't install ADB drivers by default, so you need to do this manually.
Anyway, I attempted to do it and got all the way to ./su. It then prompted me with the message "./su cannot execute - Permission denied". Obviously from there I can't link /mnt to /storage and I can't run pwn because it looks for the /storage folder.
If you have any suggestions how to get ./su running, let me know.
Click to expand...
Click to collapse
This method works but not all intructions are here.
First, you need to change permissions of su:
chown root:root su
chmod 6755 su
then run adb shell and remount / filesystem ro rw:
mount -o rw,remount /
now you can create symbolic link and run the exploit.
You can also perform rooting manually (without creating symlink and running pwn):
remount /system partition to rw: mount -o rw,remount /system
and copy su to /system/xbin, make sure that it has correct permissions (rwsr-sr-x) and that's it.
Now you can remount partitions back to ro.
Install supersu or superuser (whatever makes you happy, just check if it works correctly, superuser didn't work for me, it didn't prompt about root permission for any app, it just gave it, no matter how configured it was), Then install busybox, if you need one.
And you're done.
YES! Glad I waited!
Sent from my XT897 using xda premium
ujoty said:
This method works but not all intructions are here.
First, you need to change permissions of su:
chown root:root su
chmod 6755 su
then run adb shell and remount / filesystem ro rw:
mount -o rw,remount /
now you can create symbolic link and run the exploit.
You can also perform rooting manually (without creating symlink and running pwn):
remount /system partition to rw: mount -o rw,remount /system
and copy su to /system/xbin, make sure that it has correct permissions (rwsr-sr-x) and that's it.
Now you can remount partitions back to ro.
Install supersu or superuser (whatever makes you happy, just check if it works correctly, superuser didn't work for me, it didn't prompt about root permission for any app, it just gave it, no matter how configured it was), Then install busybox, if you need one.
And you're done.
Click to expand...
Click to collapse
Thank you. I just tried this and it worked. Confirmed with Root Checker. :>
micron said:
This is a work metod for root your not unlocked phone !
I find a solution after update to last new version
Download this : http://forum.xda-developers.com/showthread.php?t=2143437
After download and share fail with samba windows or mac sharing, you need to mount from file manage > remote storage
After fix permission go to adb folder and type :
"adb shell"
"cd /mnt/rfs0"
"./su"
"cd /"
"ln -s /mnt /storage"
Next step go to console and type :
adb kill-server
adb shell /storage/rfs0/pwn
Next : Install apk package from phone , Reboot Phone and now your phone is rooted!
Update from Play Market SuperSu and go.
Best regards,
m.
Click to expand...
Click to collapse
Thanks, I think this is exactly what I am looking for per this thread. Unfortunately, I don't quite have the knowledge (yet) to completely understand what you mean. I've rooted several phones, but never had to use ADB before so am unfamiliar with it. Also, what do you mean by this: "After download and share fail with samba windows..."?
cscotti said:
Thanks, I think this is exactly what I am looking for per this thread. Unfortunately, I don't quite have the knowledge (yet) to completely understand what you mean. I've rooted several phones, but never had to use ADB before so am unfamiliar with it. Also, what do you mean by this: "After download and share fail with samba windows..."?
Click to expand...
Click to collapse
By reading this link you will know hot to setup samba installation on a UBUNTU live cd. After doing that on your phone you should go to your FILE MANAGER --> remote storage and add the samba share to your phone. On the UBUNTU live cd, on your samba folder you should do this:
Code:
cd /path/to/share
wget http://vulnfactory.org/public/motoshare.tgz
tar xvf motoshare.tgz
sudo chown root:root pwn
sudo chmod 6755 pwn
After that you should put your phone in USB debugging mode and connect it to your PC. On your PC your should download the platform-tools folder of the Android SDK. The platform-tools folder contains adb (MAC) adb.exe (Windows) file. After you have adb, on your WIndows/MAC PC you should type:
Code:
./adb shell
cd /mnt/rfs0
./su
mount -o rw,remount /
cd /
ln -s /mnt /storage
exit (to exit the ADB shell)
adb kill-server
adb shell /storage/rfs0/pwn
Next you should copy eu.chainfire.supersu.apk on your phone storage and install it with file manager.
Reboot your device! Congratulations, your phone is rooted
desyncron said:
By reading this link you will know hot to setup samba installation on a UBUNTU live cd. After doing that on your phone you should go to your FILE MANAGER --> remote storage and add the samba share to your phone. On the UBUNTU live cd, on your samba folder you should do this:
Code:
cd /path/to/share
wget http://vulnfactory.org/public/motoshare.tgz
tar xvf motoshare.tgz
sudo chown root:root pwn
sudo chmod 6755 pwn
After that you should put your phone in USB debugging mode and connect it to your PC. On your PC your should download the platform-tools folder of the Android SDK. The platform-tools folder contains adb (MAC) adb.exe (Windows) file. After you have adb, on your WIndows/MAC PC you should type:
Code:
./adb shell
cd /mnt/rfs0
./su
mount -o rw,remount /
cd /
ln -s /mnt /storage
exit (to exit the ADB shell)
adb kill-server
adb shell /storage/rfs0/pwn
Next you should copy eu.chainfire.supersu.apk on your phone storage and install it with file manager.
Reboot your device! Congratulations, your phone is rooted
Click to expand...
Click to collapse
Wow, thanks for this. I was considering trying to condense down the instructions myself before I did this, but you beat me to it, and did a better job than I would have, considering I'm a novice at this stuff.
So your method uses a linux boot for samba, but then the rest is done on windows. Question: could you do the adb stuff on Linux? Seemed like some of the posts in the atrix threads were doing it that way, and I was just curious. I have mint 14-64 bit on a couple of my machines, as well windows, and was thinking this would be an opportunity to learn it a little better.
Sent from my XT897 using xda premium
Hello,
and what if I have unlocked bootloader? Is there any other way to root this phone?
desyncron said:
By reading this link you will know hot to setup samba installation on a UBUNTU live cd. After doing that on your phone you should go to your FILE MANAGER --> remote storage and add the samba share to your phone. On the UBUNTU live cd, on your samba folder you should do this:
Code:
cd /path/to/share
wget http://vulnfactory.org/public/motoshare.tgz
tar xvf motoshare.tgz
sudo chown root:root pwn
sudo chmod 6755 pwn
After that you should put your phone in USB debugging mode and connect it to your PC. On your PC your should download the platform-tools folder of the Android SDK. The platform-tools folder contains adb (MAC) adb.exe (Windows) file. After you have adb, on your WIndows/MAC PC you should type:
Code:
./adb shell
cd /mnt/rfs0
./su
mount -o rw,remount /
cd /
ln -s /mnt /storage
exit (to exit the ADB shell)
adb kill-server
adb shell /storage/rfs0/pwn
Next you should copy eu.chainfire.supersu.apk on your phone storage and install it with file manager.
Reboot your device! Congratulations, your phone is rooted
Click to expand...
Click to collapse
well that sounds a bit intimidating but thanks for spelling it out. I'll try to work up the nerve and make some time to give this a try.
Just curious, but why can't this be compressed into a one click batch file like before?
vangelm said:
Hello,
and what if I have unlocked bootloader? Is there any other way to root this phone?
Click to expand...
Click to collapse
If your bootloader is unlocked, you can easily root. You don't need any exploits etc.
Install TWRP, it will automatically root the device. Or, install CWM and then install SuperSU afterwards, which will root the device.
arrrghhh said:
If your bootloader is unlocked, you can easily root. You don't need any exploits etc.
Install TWRP, it will automatically root the device. Or, install CWM and then install SuperSU afterwards, which will root the device.
Click to expand...
Click to collapse
It works, thank you, have a nice day.
vangelm said:
It works, thank you, have a nice day.
Click to expand...
Click to collapse
Can you share what you did? Instructions seem to say that I need to install GooManager? The summary of GooManager says I need root to use it. TIA.
micron said:
This is a work metod for root your not unlocked phone !
I find a solution after update to last new version
Download this : http://forum.xda-developers.com/showthread.php?t=2143437
After download and share fail with samba windows or mac sharing, you need to mount from file manage > remote storage
After fix permission go to adb folder and type :
"adb shell"
"cd /mnt/rfs0"
"./su"
"cd /"
"ln -s /mnt /storage"
Next step go to console and type :
adb kill-server
adb shell /storage/rfs0/pwn
Next : Install apk package from phone , Reboot Phone and now your phone is rooted!
Update from Play Market SuperSu and go.
Best regards,
m.
Click to expand...
Click to collapse
**** I wish I saw this before i went to Motorola for my warranty voiding unlock code
---------- Post added at 05:01 PM ---------- Previous post was at 04:50 PM ----------
arrrghhh said:
If your bootloader is unlocked, you can easily root. You don't need any exploits etc.
Install TWRP, it will automatically root the device. Or, install CWM and then install SuperSU afterwards, which will root the device.
Click to expand...
Click to collapse
I like TWRP but CWM in my opinion is better (more supported).
amateurhack said:
Question: could you do the adb stuff on Linux? Seemed like some of the posts in the atrix threads were doing it that way, and I was just curious. I have mint 14-64 bit on a couple of my machines, as well windows, and was thinking this would be an opportunity to learn it a little better.
Sent from my XT897 using xda premium
Click to expand...
Click to collapse
Yes. This can be done in Linux. I did it entirely with a LIVE USB. However, adb might not be installed by default (on mine it was not). To install it, do the following:
sudo add-apt-repository ppa:nilarimogard/webupd8
sudo apt-get update
sudo apt-get install android-tools-adb android-tools-fastboot
Click to expand...
Click to collapse
This will prevent you from running into errors when you start typing: adb shell
swintec said:
Can you share what you did? Instructions seem to say that I need to install GooManager? The summary of GooManager says I need root to use it. TIA.
Click to expand...
Click to collapse
Either use GooManager or the fastboot flash method. I think you do need to be rooted in order for GooManager to get the permissions it requires to flash recovery... So in that case, the only way initially to flash might be fastboot flash... Sorry.
alexwoellhaf said:
I like TWRP but CWM in my opinion is better (more supported).
Click to expand...
Click to collapse
Not even sure what this means. Any zip you can flash with CWM, you should be able to flash with TWRP. No?
They're both recoveries. One is touch-based, one isn't.
Having trouble with abd
Im running Ubuntu 12.04 full install (not live CD)
When I connect my phone, dmesg see the new device, and so does lsusb
dmesg
Code:
[ 290.617377] usb 2-1: USB disconnect, device number 2
[ 295.476023] usb 2-1: new high-speed USB device number 4 using ehci_hcd
[ 295.611624] scsi9 : usb-storage 2-1:1.0
[ 296.610626] scsi 9:0:0:0: Direct-Access motorola XT897 0001 PQ: 0 ANSI: 2
[ 296.611152] sd 9:0:0:0: Attached scsi generic sg3 type 0
[ 296.613548] sd 9:0:0:0: [sdc] Attached SCSI removable disk
lsusb:
Code:
Bus 002 Device 004: ID 22b8:2e36 Motorola PCS
However no matter what, when I run "adb devices", the phone does not show up.
51-android.rules
Code:
SUBSYSTEM=="usb", ATTRS{idVendor}=="22b8", MODE="0666"
This is what I get with adb
Code:
[email protected]:/tmp/share# adb devices
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
List of devices attached
[email protected]:/tmp/share#
What else can I do???
desyncron said:
By reading this link you will know hot to setup samba installation on a UBUNTU live cd. After doing that on your phone you should go to your FILE MANAGER --> remote storage and add the samba share to your phone. On the UBUNTU live cd, on your samba folder you should do this:
Code:
cd /path/to/share
wget http://vulnfactory.org/public/motoshare.tgz
tar xvf motoshare.tgz
sudo chown root:root pwn
sudo chmod 6755 pwn
After that you should put your phone in USB debugging mode and connect it to your PC. On your PC your should download the platform-tools folder of the Android SDK. The platform-tools folder contains adb (MAC) adb.exe (Windows) file. After you have adb, on your WIndows/MAC PC you should type:
Code:
./adb shell
cd /mnt/rfs0
./su
mount -o rw,remount /
cd /
ln -s /mnt /storage
exit (to exit the ADB shell)
adb kill-server
adb shell /storage/rfs0/pwn
Next you should copy eu.chainfire.supersu.apk on your phone storage and install it with file manager.
Reboot your device! Congratulations, your phone is rooted
Click to expand...
Click to collapse
I am trying to run through these steps. For starters, when I enter the 'adp shell' I do not have a /mnt/rfs0 directory. The shared samba directory actually mounts at /storage/rfs0. No biggie. I go to that directory to run ./su. The su command runs, and I can see a pop up notification on my phone indicating the adb shell has been granted admin rights. The problem is that the ./su command never returns. As a matter of fact, if I just left it sit there, I get the admin rights pop up notification on my phone about once per minute so it seems like the su command is in some loop.
At this point I am stuck. I cant remount my file system as read/write without SU. I can run the ./su command in a different process, either in another adb shell or with the ./su& command but that does me no good as I cant execute any root commands in that same process.
Is there something that needs to change with the su command for the newer version my phone is running? I am running 9.8.2Q-122_XT897_FFW-5.
Thanks.
Use 'motochopper', search for it on xda then root is just one click away
Sent from my XT897 using xda app-developers app