Ok everyone. First off do not update your phone if Sprint offers an upate. I don't think they are going to but if they do anytime soon and you update this exploit could likely be fixed. When updates are released the devs will make updates that keep root so do not update!
That said, this is a very newbie guide. This is meant for Windows but I will post instructions for linux as well (Ubuntu). I just need to warn you that I can't adb into my phone from Ubuntu so I have to do it through Windows. Don't know why it doesnt work but it doesnt. Mac users you can always (assuming you can get it to work in Ubuntu) download a live cd and boot into Ubuntu to try this. I don't have a mac (nor do I want one) so I can't give instructions (though I assume they should be relatively the same).
Step 1:
First you need to download the Android SDK. It may soumd confusing but it's not. There are tools in here that we need. You can get it from http://developer.android.com/sdk/index.html. This is a modular SDK and all the tools we need are in this download. Once downloaded you just need to extract it in a directory of choice.
The next thing we download is asroot2. This is a script that was developed that runs an exploit in Android's linux that allows us to run root. The link for that is here: http://forum.xda-developers.com/attachment.php?attachmentid=244212&d=1257621154. Unzip that file and place it in a directory of your choice. Also download http://www.androidspin.com/downloads.php?dir=amon_ra/RECOVERY/&file=recovery-RA-heroc-v1.2.3.img and place that into the same directory you extracted asroot2.
Step 2:
Connect the phone to the USB port.
Ubuntu is easy for this (again assuming it works for you). Simply open a terminal and cd into the directory that you extracted the sdk into. Then cd into the tools directory. Then run the following commands:
sudo ./adb push /directory_you_placed_asroot2/asroot2 /data/local/
sudo ./adb shell chmod 0755 /data/local/asroot2
/data/local/asroot2 /system/bin/sh
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
cd /system/bin
cat sh > su
chmod 4755 su
If all goes well you should be presented with a new prompt. This is the linux terminal built into Android. This will allow us to execute all the commands we need to execute because the asroot2 script gave us root access.
In Windows it is a little more difficult. You have to first install the driver for the phone. When Windows asks you for the drivers direct Windows to the directory you extracted the SDK into. You should see a folder called usb_driver. If you are running the 32 bit version of Windows select the x86 folder. If you are using a 64 bit version then select the x64 folder. Then select the android_usb.inf file. This should install the drivers.
If running XP or lower you will need to go to the start menu and click run, then you enter cmd and press enter. If Vista or higher you will press the start button and type cmd and press enter. When you are at the command prompt you cd to the directory you extracted the sdk into. Then cd into the tools directory. Then execute the following commands:
adb push /directory_you_placed_asroot2/asroot2 /data/local/
adb shell
chmod 0755 /data/local/asroot2
/data/local/asroot2 /system/bin/sh
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
cd /system/bin
cat sh > su
chmod 4755 su
Now your phone is officially rooted! We arent done yet though. Now you need to flash the recovery image. If you are still in adb shell type in exit until you are out. You should be in the directory where you extracted the recovery image. If not go there. Type in the following:
adb push recovery-RA-heroc-v1.2.3.img /sdcard/
Once that is done, type in adb shell (or sudo ./adb shell in ubuntu). If your command prompt is a dollar sign then type in su and press enter. If it is a pound sign you are good. Then type in the following:
adb shell flash_image recovery recovery-RA-heroc-v1.2.3.img
Once that is finished you are done. To reboot into recovery type in adb shell reboot recovery. You should reboot into recovery mode. Right now there is not a lot you can do but once we have some devs who make some roms then we will be well on our way to an even more awesome phone. Any questions please ask away. Also, I am sorry if this tutorial is hard to understand or badly laid out. My daughter is crawling all over me so it's hard to type or think. Good luck all and thanks to everyone who rooted this phone and made the recovery and did such a great job!
chuckhriczko said:
adb shell flash_image recovery recovery-RA-heroc-v1.2.3.img
Click to expand...
Click to collapse
Is this the right command, every time I try I get : "adb: not found"
The transfer to the sd card seemed to go fine, and I am @ root (#).
Am I missing something?
You beat me to it!!!! I was planning on laying out the steps to make sure I had my head on straight.
To continue with your guide: (The following are questions, not procedures)
1. We run a Nandroid back up to lock in our stock ROM so if we ever do something stupid, aka brick the phone, we can push this back on?
2. What comes on the SD card? Is it needing to be backed up when I go to a 16GB class 6 card?
3. Insert the new SDcard and use the ext2/swap/fat32 script
4. convert ext2 to ext3, (now ready for apps2SD?)
Anything else you can add would be nice.
Again thanks for the steps! They are clear for me.
rockcrawler said:
Is this the right command, every time I try I get : "adb: not found"
The transfer to the sd card seemed to go fine, and I am @ root (#).
Am I missing something?
Click to expand...
Click to collapse
Sounds like you need to add the directory where you have adb to be added to he path. is your adb in the same dir as the image?
rockcrawler said:
Is this the right command, every time I try I get : "adb: not found"
The transfer to the sd card seemed to go fine, and I am @ root (#).
Am I missing something?
Click to expand...
Click to collapse
You may currently be in adb shell already. If you are showing the pound sign this is likely. The command is supposed to be run outside of adb shell. Try the command below:
flash_image recovery recovery-RA-heroc-v1.2.3.img
Treefallingquietly said:
Sounds like you need to add the directory where you have adb to be added to he path. is your adb in the same dir as the image?
Click to expand...
Click to collapse
I apologize, but that went right over my head.
I have used this command to copy the image to the sd card.
Code:
adb push recovery-RA-heroc-v1.2.3.img /sdcard/
I got this output:
Code:
C:\androidSDK\android-sdk-windows\tools>adb push recovery-RA-heroc-v1.2.3.img /s
dcard/
1640 KB/s (3352576 bytes in 1.996s)
I then do the following with the noted result:
Code:
C:\androidSDK\android-sdk-windows\tools>adb shell
$ su
su
# adb shell flash_image recovery recovery-RA-heroc-v1.2.3.img
adb shell flash_image recovery recovery-RA-heroc-v1.2.3.img
adb: not found
Any help as to where I making my mistake would be greatly appreciated.
Treefallingquietly said:
You beat me to it!!!! I was planning on laying out the steps to make sure I had my head on straight.
To continue with your guide: (The following are questions, not procedures)
1. We run a Nandroid back up to lock in our stock ROM so if we ever do something stupid, aka brick the phone, we can push this back on?
Click to expand...
Click to collapse
Yes. A nandroid backup completely backs up every piece of information on your phone. It is a complete image of your phone and if it needs to be restored for whatever reason you just load up recovery and can restore it the way it was before.
Treefallingquietly said:
2. What comes on the SD card? Is it needing to be backed up when I go to a 16GB class 6 card?
Click to expand...
Click to collapse
What do you mean exactly? The only thing that gets copied to an sd card is the nandroid backup so yes, when switching to an sd card just do another backup. Or you can also copy the nandroid folder from your existing sd card to your new one.
Treefallingquietly said:
3. Insert the new SDcard and use the ext2/swap/fat32 script
4. convert ext2 to ext3, (now ready for apps2SD?)
Click to expand...
Click to collapse
Yes and no. Just run the ext2/swap/fat32 script and it should be ready for apps2sd. You can convert to ext3 if you want. Generally on normal hard drives ext3 is faster, however there has been some controversy with that on android phones. As for converting to apps2sd, right now the best way is probably the manual method which I can write up a tutorial on as well. The dream forum has some good tutorials on it as they were the first to do it. I actually need to go back and re read some of those because it's been so long since I did it. I tried the apps2sd apk but that didnt seem to work for me.
rockcrawler said:
I apologize, but that went right over my head.
I have used this command to copy the image to the sd card.
Code:
adb push recovery-RA-heroc-v1.2.3.img /sdcard/
I got this output:
Code:
C:\androidSDK\android-sdk-windows\tools>adb push recovery-RA-heroc-v1.2.3.img /s
dcard/
1640 KB/s (3352576 bytes in 1.996s)
I then do the following with the noted result:
Code:
C:\androidSDK\android-sdk-windows\tools>adb shell
$ su
su
# adb shell flash_image recovery recovery-RA-heroc-v1.2.3.img
adb shell flash_image recovery recovery-RA-heroc-v1.2.3.img
adb: not found
Any help as to where I making my mistake would be greatly appreciated.
Click to expand...
Click to collapse
Yeah. The problem is that you are trying to adb shell twice. After you adb push then just run the command adb shell flash_image recovery recovery-RA-heroc-v1.2.3.img. That should work.
chuckhriczko said:
You may currently be in adb shell already. If you are showing the pound sign this is likely. The command is supposed to be run outside of adb shell. Try the command below:
flash_image recovery recovery-RA-heroc-v1.2.3.img
Click to expand...
Click to collapse
Now I get the Following:
Code:
# flash_image recovery recovery-RA-heroc-v1.2.3.img
flash_image recovery recovery-RA-heroc-v1.2.3.img
error opening recovery-RA-heroc-v1.2.3.img: No such file or directory
#
And this outside adb shell, in the same directory where I did the push:
Code:
C:\androidSDK\android-sdk-windows\tools>adb shell flash_image recovery recovery-
RA-heroc-v1.2.3.img
error opening recovery-RA-heroc-v1.2.3.img: No such file or directory
Ideas?
rockcrawler said:
Is this the right command, every time I try I get : "adb: not found"
The transfer to the sd card seemed to go fine, and I am @ root (#).
Am I missing something?
Click to expand...
Click to collapse
yes he left out the /sdcard/in the path and if you are in teh shell you don't need the adb portion of the command.
rockcrawler said:
Now I get the Following:
Code:
# flash_image recovery recovery-RA-heroc-v1.2.3.img
flash_image recovery recovery-RA-heroc-v1.2.3.img
error opening recovery-RA-heroc-v1.2.3.img: No such file or directory
#
And this outside adb shell, in the same directory where I did the push:
Code:
C:\androidSDK\android-sdk-windows\tools>adb shell flash_image recovery recovery-
RA-heroc-v1.2.3.img
error opening recovery-RA-heroc-v1.2.3.img: No such file or directory
Ideas?
Click to expand...
Click to collapse
Ok. Most likely you dont have the recovery image in the directory. Try this. Copy the recovery image to the tools directory of the sdk. Then, outside of adb shell, (making sure you are in the tools directory of the sdk) execute the following command:
adb shell flash_image recovery recovery-RA-heroc-v1.2.3.img
This should work as long as you have the recovery image in the correct directory.
can i use the rom from modaco? or at least the themes?
magicalan said:
can i use the rom from modaco? or at least the themes?
Click to expand...
Click to collapse
No way! This rom is a GSM rom and if it works at all and does not brick your phone then it wont have the right software to make your phone work. A dev has to create a rom specially for the CDMA Hero that has the right drivers.
chuckhriczko said:
Ok. Most likely you dont have the recovery image in the directory. Try this. Copy the recovery image to the tools directory of the sdk. Then, outside of adb shell, (making sure you are in the tools directory of the sdk) execute the following command:
adb shell flash_image recovery recovery-RA-heroc-v1.2.3.img
This should work as long as you have the recovery image in the correct directory.
Click to expand...
Click to collapse
I am feeling really special, not being able to make this work, but that is the folder that it has been in all this time. I have even downloaded and pushed it several times. Proof:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
So I am not sure where I am messing up.
Thanks for all the help and hard work on this BTW!
rockcrawler said:
I am feeling really special, not being able to make this work, but that is the folder that it has been in all this time. I have even downloaded and pushed it several times. Proof:
So I am not sure where I am messing up.
Thanks for all the help and hard work on this BTW!
Click to expand...
Click to collapse
Meh. Not hard work. Just experience. The hard work is what the rom devs do. And it is difficult at first but once you get it trust me, you get it.Okay let's try this. Go into the command prompt (not adb shell) into the folder where adb and the recovery image is. Try to execute the following command and see if it works.
Code:
adb push recovery-RA-heroc-v1.2.3.img /sdcard/
This will put the recovery image on the sdcard. If this works then we will continue.
chuckhriczko said:
Meh. Not hard work. Just experience. The hard work is what the rom devs do. And it is difficult at first but once you get it trust me, you get it.Okay let's try this. Go into the command prompt (not adb shell) into the folder where adb and the recovery image is. Try to execute the following command and see if it works.
Code:
adb push recovery-RA-heroc-v1.2.3.img /sdcard/
This will put the recovery image on the sdcard. If this works then we will continue.
Click to expand...
Click to collapse
Done.
Code:
C:\androidSDK\android-sdk-windows\tools>adb push recovery-RA-heroc-v1.2.3.img /s
dcard/
1747 KB/s (3352576 bytes in 1.873s)
C:\androidSDK\android-sdk-windows\tools>
rockcrawler said:
Done.
Code:
C:\androidSDK\android-sdk-windows\tools>adb push recovery-RA-heroc-v1.2.3.img /s
dcard/
1747 KB/s (3352576 bytes in 1.873s)
C:\androidSDK\android-sdk-windows\tools>
Click to expand...
Click to collapse
Sweetness. Ok. Now type in the following:
Code:
$ adb shell
$ cd /sdcard/
$ su
# flash_image recovery recovery-RA-heroc-v1.2.3.img
That should work. Note, don't type in the $ or the #. Those are just there to show what the command prompt should look like.
THANK YOU!!!!!
chuckhriczko said:
Sweetness. Ok. Now type in the following:
Code:
$ adb shell
$ cd /sdcard/
$ su
# flash_image recovery recovery-RA-heroc-v1.2.3.img
That should work. Note, don't type in the $ or the #. Those are just there to show what the command prompt should look like.
Click to expand...
Click to collapse
Worked Like a charm, THANK YOU!!! Just booted to the recovery image and all is well.
p.s. Might want to edit the origional instructions, one your daughter goes to bed, to include the cd to the sd card, that is where my problem was.
rockcrawler said:
Worked Like a charm, THANK YOU!!! Just booted to the recovery image and all is well.
p.s. Might want to edit the origional instructions, one your daughter goes to bed, to include the cd to the sd card, that is where my problem was.
Click to expand...
Click to collapse
If I am able to I will. I understand that the instructions were a little hard to follow for beginners which was what I wanted to avoid. Glad you got it working though. Welcome to the world of Android hacking and please enjoy your stay
I'm getting suck trying to push the recovery img out to my sdcard
Code:
C:\AndroidSDK\tools>adb push recovery-RA-heroc-v1.2.3.img /sdcard/
cannot stat 'recovery-RA-heroc-v1.2.3.img': No such file or directory
I believe I have root access:
Code:
C:\AndroidSDK\tools>adb shell
$ su
su
#
Quick question about rooting and clockwork. I managed to gain root on 2.3.3 without using clockwork a while back (i find it buggy sometimes) but the current re-rooting guide for 2.3.4 assumes clockwork usage. Does it matter if I use the procedure in http://forum.xda-developers.com/showthread.php?t=1007782 but bypass clockwork? I.e. using vanilla recovery.
Actually you don't need clockworkmod -- or even recovery mode -- for rooting. The process of rooting is simply putting the su binary into /system/bin directory and install Superuser app.
You could try to install zip from stock recovery, I'm pretty sure it won't hurt even the installation is not successful. For me, I always do the rooting by:
Code:
adb remount
adb push su /system/bin/
adb shell chmod 6755 /system/bin/su
Then install the Superuser app from Market.
suksit said:
Actually you don't need clockworkmod -- or even recovery mode -- for rooting. The process of rooting is simply putting the su binary into /system/bin directory and install Superuser app.
You could try to install zip from stock recovery, I'm pretty sure it won't hurt even the installation is not successful. For me, I always do the rooting by:
Code:
adb remount
adb push su /system/bin/
adb shell chmod 6755 /system/bin/su
Then install the Superuser app from Market.
Click to expand...
Click to collapse
Does the bootloader need to be unlocked w/this method?
suksit said:
Actually you don't need clockworkmod -- or even recovery mode -- for rooting. The process of rooting is simply putting the su binary into /system/bin directory and install Superuser app.
You could try to install zip from stock recovery, I'm pretty sure it won't hurt even the installation is not successful. For me, I always do the rooting by:
Code:
adb remount
adb push su /system/bin/
adb shell chmod 6755 /system/bin/su
Then install the Superuser app from Market.
Click to expand...
Click to collapse
Thanks for that. But for the n00b part of me, could you tell me which directory I need to launch that command from? I.e. which directory of the android sdk.
From memory it was something like c:\program files (x86)\android\android-sdk\tools... or something.
EDIT: mm, I just tried initating those commands from within both the \\tools and \\platform-tools and in both instances I either get "unrecognised command" or "error: device not found" or "remount failed: operation not permitted"; depending on whether the device is fully booted or just in recovery. Any ideas?
Hello, I recently got a new android device, and I have been looking online trying to find a root; after a couple of days, I managed to find one, but however I am unable to do the steps. If you want to check it out at github (Unkn0wn0ne/RootMyValet)
Here is what the steps are;
Step 1: Push the su binary to /data/local/tmp using adb push su /data/local/tmp
Step 2: Push the roothandler binary to /data/local/tmp using adb push roothandler /data/local/tmp
Step 3: Set the roothandler binary permission using adb shell chmod 0755 /data/local/tmp/roothandler
Step 4: Push the installsu.sh script to /data/local/tmp using adb push installsu.sh /data/local/tmp
Step 5: Set the installsu.sh script the execution permission using adb shell chmod 755 /data/local/tmp/installsu.sh
Step 6: Install the APK using adb install RootMyValet.apk
Step 7: Start the app on the device, hit the button that says "Push SU Binary"
Step 8: Wait about a minute
Step 9: Enjoy your root!
Every time I try to follow the first instruction, adb returns:Cannot stat 'su' no such file or directory, I suppose thats because there is no su file in the download, and when I run the .bat file, it just runs through a list of commands and says my Valet should be rooted, but it never even reboots. Am I supposed to download the su binary myself? Hopefully someone can clarify some things.
Ive also attached a zip of the root files.
two things
Durion said:
Hello, I recently got a new android device, and I have been looking online trying to find a root; after a couple of days, I managed to find one, but however I am unable to do the steps. If you want to check it out at github (Unkn0wn0ne/RootMyValet)
Here is what the steps are;
Step 1: Push the su binary to /data/local/tmp using adb push su /data/local/tmp
Step 2: Push the roothandler binary to /data/local/tmp using adb push roothandler /data/local/tmp
Step 3: Set the roothandler binary permission using adb shell chmod 0755 /data/local/tmp/roothandler
Step 4: Push the installsu.sh script to /data/local/tmp using adb push installsu.sh /data/local/tmp
Step 5: Set the installsu.sh script the execution permission using adb shell chmod 755 /data/local/tmp/installsu.sh
Step 6: Install the APK using adb install RootMyValet.apk
Step 7: Start the app on the device, hit the button that says "Push SU Binary"
Step 8: Wait about a minute
Step 9: Enjoy your root!
Every time I try to follow the first instruction, adb returns:Cannot stat 'su' no such file or directory, I suppose thats because there is no su file in the download, and when I run the .bat file, it just runs through a list of commands and says my Valet should be rooted, but it never even reboots. Am I supposed to download the su binary myself? Hopefully someone can clarify some things.
Ive also attached a zip of the root files.
Click to expand...
Click to collapse
Yes Downlaod the SU binary yourself... I don't see it supplied either,
secondly when you go to line/ STEP 5 .... 755 will not be a valid code with shell... it should say
Step 5: Set the installsu.sh script the execution permission using adb shell chmod 0755 /data/local/tmp/installsu.sh
otherwise you also get a bad command....
ALSO... after completing the Adb commands... I have the apk and binary installer fully functional... hit push binary... and it says it pushing...
I wait... then it just goes back to the (push binary) button... without any changes...
Hi, I'm having trouble choosing the right section, anyway..
After more than a year i managed to correctly install ADB drivers, because before i installed Google driver, when i noticed i must install Motorola driver , the removing of previous one did not successful done, so the Motorola one did not installed well, by manually removing files it succeed.
But now another annoying not previewed issue, i need to exchange a file in /system/etc both in my tablet and my Motorola moto C tel. , it needs to remount system part. in r/w but to do this need to restart adb as root but with 'adb root' this is the answer:
adbd cannot run as root in production builds
my system is 7.0, what can i do?
You can install a temporary root to run shell-commmands what require root-rights like mount in ADB:
Code:
adb devices
adb push <FULL-PATH-TO-SU-BINARY-ON-PC> /data/local/tmp/
adb shell "chmod +x /data/local/tmp/su"
adb shell "/data/local/tmp/su -c 'mount -o rw,remount,rw /system'"
I have two questions, i don't find any su command available in the net.
I don't understand how it is possible to have to do all these hard maneuvers with a debug tool, i think it might be simpler.. why there's a command remount or root if it doesn't work?
Hi, I got a new phone recently, as the name implies it's a CC Core-m5, I would like to root this device but unfortunately there isn't anything on internet and the guys working at CC doesn't want to give me the firmware so that I can patch the boot using magisk.
Can someone help please ?
If someone manage to get temporary root access (even if it can't remount partitions) can he post how he managed to do it ? That way we could build our own TWRP image
Temporary root access is easy to realize: simply put a suitable su binary into Android's filesystem and make it executable:
Code:
adb devices
adb push <FULL-PATH-OF-SU-BINARY-ON-PC> /data/local/tmp/
adb shell "chmod +x /data/local/tmp/su"
xXx yYy said:
Temporary root access is easy to realize: simply put a suitable su binary into Android's filesystem and make it executable:
Code:
adb devices
adb push <FULL-PATH-OF-SU-BINARY-ON-PC> /data/local/tmp/
adb shell "chmod +x /data/local/tmp/su"
Click to expand...
Click to collapse
Thanks a lot, Im gonna try that, I thought of that technic but wasn't sure if it was possible
Hmm, look like this isn't possible anymore, or Im doing it wrong. Im using lineageOS 18.1 su binary, when executing it threw the shell I get the error code 255. Weird
Using the SU binaries you provided in an other thread I get the error code 1. Nothing more
xXx yYy said:
Temporary root access is easy to realize: simply put a suitable su binary into Android's filesystem and make it executable:
Code:
adb devices
adb push <FULL-PATH-OF-SU-BINARY-ON-PC> /data/local/tmp/
adb shell "chmod +x /data/local/tmp/su"
Click to expand...
Click to collapse
xXx yYy said:
Temporary root access is easy to realize: simply put a suitable su binary into Android's filesystem and make it executable:
Code:
adb devices
adb push <FULL-PATH-OF-SU-BINARY-ON-PC> /data/local/tmp/
adb shell "chmod +x /data/local/tmp/su"
Click to expand...
Click to collapse
You won't get root access this way, as root access is allowed for binaries in root partition.
As you can't write this partition <=> you can't put any binary on it.
idem-bis-repetita
As seen in this thread https://forum.xda-developers.com/t/rooting-crosscall-core-m5.4359409/ there is a way to get temporary root access.
@xXx yYy Any further ideas ? Thanks btw
Might be resolved once we get more informations on dirty-cred, as it may affect the android kernel too.
Bricked my phone lol, no working recovery