Related
Update: One click root has been using this "simple" method since version 2.2.7. If you're rooting your phone for the first time, please try that first. Consider this thread to be purely informational for those who want step-by-step details of how the process works.
I've been suspicious of the joeykrim root method since it was first posted at SDX. I finally got my Epic yesterday and confirmed that is, indeed unnecessary. I don't fault joeykrim though, he ported the working root method from the Moment to the Epic without actually having access to an Epic himself.
Anyways, the joeykrim root method is unnecessarilly complex becuase it works around an RFS permissions bug which loses the setuid bit on the Moment. It appears the Galaxy S phones have this bug fixed, which is why the root methods on the I9000, Vibrant, Captivate, Fascinate, etc., are much simpler.
So, for the simple root:
First, make sure joeykrim root is not installed.
Upgrade to DI18 (not strictly necessary, but you'll want to do it).
Setup a working adb from the Android SDK and whatever drivers are necessary for your platform.
Download rageagainstthecage-arm5.bin from the C skills blog (link removed due to my newbieness) or from any of the one-click root packages.
Download su-2.3.6.1-ef-signed.zip and extract "system/bin/su" and "system/app/Superuser.apk" to a temporary directory you'll be working from.
Enable USB debugging on your phone and connect it to your computer.
Now, open a command prompt/shell on your computer and cd to the appropriate temporary directory. Run:
Code:
adb push rageagainstthecage-arm5.bin /data/local/tmp
adb shell chmod 755 /data/local/tmp/rageagainstthecage-arm5.bin
adb shell /data/local/tmp/rageagainstthecage-arm5.bin
and confirm you have a working root shell. Then continue with:
Code:
adb push su /system/xbin
adb shell chmod 4755 /system/xbin/su
adb install Superuser.apk
That's it! You should have a working root via su & the Superuser package. At least, I did.
Note that the preceeding steps installs Superuser.apk to /data, which is what I prefer to do. This means if you do a "Factory data reset" su will be temporarilly broken until you reinstall the Superuser.apk package. Since installing the package itself doesn't require root, this is easily done after a /data reset.
Also note that I did not perform a /system remount-rw anywhere. At least on my Epic, /system appears to always be mounted read-write so it's an unnecessary step. It's actually the "joeykrim-root.sh" script that remounts /system read-only during the boot process, which is why folks who don't use root kernels have run into this problem before. I'm not sure why joeykrim's script does that, I guess he probably assumed /system is mounted read-only by default. There's arguments that /system should be read-only, but I didn't touch it in case some Samsung stuff depends on it being read-write.
Finally, if you're already rooted via joeykrim or are running a root kernel, there's nothing really to be gained by doing this. I'm just throwing this out there as I perfer to make the minimum invasive changes possible to obtain root.
Wow, that was really informative. To check for Super user you:
Type: adb shell
then type: SU
You should get a # sign if you have root. Correct?
In the original Noobln post method would the Epic keep root even after a wipe therefore not needing to re-apply the superuser apk again? That might be a reason why folks would want to go the more invasive route (considering rooters seems to change ROMS fairly often which requires wipes sometimes). Either way, keeping a copy of the apk file on your SD card is no big deal.
mkasick said:
Also note that I did not perform a /system remount-rw anywhere. At least on my Epic, /system appears to always be mounted read-write so it's an unnecessary step. It's actually the "joeykrim-root.sh" script that remounts /system read-only during the boot process, which is why folks who don't use root kernels have run into this problem before. I'm not sure why joeykrim's script does that, I guess he probably assumed /system is mounted read-only by default. There's arguments that /system should be read-only, but I didn't touch it in case some Samsung stuff depends on it being read-write.
Click to expand...
Click to collapse
This explains a lot of problems! thanks
EDIT- another noob question- why do you prefer to have superuser installed to /system/data- why not put it in /system/app? Also if I want to install busybox where is the best location to put it?
ZenInsight said:
Wow, that was really informative. To check for Super user you:
Type: adb shell
then type: SU
You should get a # sign if you have root. Correct?
Click to expand...
Click to collapse
Once you run rageagainstthecage-arm5.bin, you should get a root-shell automatically every time you run "adb shell" after until you reboot the phone. Yes, you can tell it's a root shell since it uses the "#" prompt. This is the important part to check, since if the exploit doesn't work, you'll have to run it again. But I haven't seen it not work.
After su is installed and you reboot, your steps are correct: run "adb shell", run "su", then you'll be prompted on the phone scren to authorize access and once you allow it you'll end up with a "#" prompt.
ZenInsight said:
In the original Noobln post method would the Epic keep root even after a wipe therefore not needing to re-apply the superuser apk again?
Click to expand...
Click to collapse
noobnl installs Superuser.apk to /system, you can do that here too. Just replace the "adb install Superuser.apk" step with "adb push Superuser.apk /system/app". It's independent of the joeykrim scripts.
With my captivate we have many update.zip root methods to choose from. Any chance this will be coming to the epic? Have a friend with an epic and command lines would be too much and one click didn't work.
Sent from my SAMSUNG-SGH-I897 using XDA App
jimmyz said:
why do you prefer to have superuser installed to /system/data- why not put it in /system/app?
Click to expand...
Click to collapse
I prefer to keep consistent with the idea that user-installed applications go in /data, and stock-installed-and-unmodified applications remain in /system/app. This way, upgrading Superuser.apk doesn't require a root-shell/root-explorer, you can remove it or upgrade it the way you do with any user installed application--adb install, side-loading via an sdcard, or downloading it from the market.
Plus, in general I prefer to keep my /system as untouched as possible. For example, I don't remove stock apps either. The "su" binary has to be installed in /system to persist after a /data wipe, and busybox is best installed to /system so it's in PATH (haven't looked into modifying the default PATH yet). Otherwise I try to keep /system alone.
jimmyz said:
Also if I want to install busybox where is the best location to put it?
Click to expand...
Click to collapse
Android's default PATH provides four places for busybox to be installed: /sbin, /system/bin, /system/sbin, and /system/xbin. /sbin is part of the initramfs, in other words it's controlled by the kernel you're running. You can install busybox to any of the three /system/*bin directories, but I prefer /system/xbin.
In the traditional Unix conventions, "/usr/bin" is for user-runnable stock-installed programs, and "/usr/sbin" is for root-requiring (superuser-runnable) stock-installed programs. "xbin" isn't part of the standard convention, but I'd guess it's intended for "extra binaries" that are not part of the stock installation (much like /usr/local/bin), thus it seems like an appropriate location for a user-added "su" and "busybox" programs.
The second reason is that "xbin" is relatively empty, so if you want to create the applet symlinks (i.e., so that you can call "cp" instead of "buybox cp") it won't overwrite the stock toolbox symlinks. Also, since "xbin" is last on the default PATH, any programs provided by both toolbox and busybox will default to the toolbox version--which would be important for stock system scripts that might run into compatibility issues if they were to use the busybox versions instead.
To install busybox, grab a copy of the binary from somewhere (one click packages, a copy of stericson.busybox.apk, etc.). Then, once rooted run:
Code:
adb push busybox /data/local/tmp
adb shell
su # Authorize on phone screen
cat /data/local/tmp/busybox > /system/xbin/busybox
chown root.shell /system/xbin/busybox
chmod 755 /system/xbin/busybox
rm /data/local/tmp/busybox
/system/xbin/busybox --install -s /system/xbin
jhnstn00 said:
With my captivate we have many update.zip root methods to choose from. Any chance this will be coming to the epic?
Click to expand...
Click to collapse
I don't believe so. The I9000/Vibrant/Captivate have recoveries that don't check the signature of update.zip (as I understand, or maybe they do but only require test keys) which makes rooting-via-recovery possible. Unfortuntaely the Epic and Fascinate do perform signature checks, so we can't enable root via stock-recovery.
That said, the Fascinate one-click methods should also work on the Epic. Although depending on why your friend couldn't get the Epic one-click to work, the Fascinate one may not work either.
mkasick said:
I prefer to keep consistent with the idea that user-installed applications go in /data, and stock-installed-and-unmodified applications remain in /system/app. This way, upgrading Superuser.apk doesn't require a root-shell/root-explorer, you can remove it or upgrade it the way you do with any user installed application--adb install, side-loading via an sdcard, or downloading it from the market.
Plus, in general I prefer to keep my /system as untouched as possible. For example, I don't remove stock apps either. The "su" binary has to be installed in /system to persist after a /data wipe, and busybox is best installed to /system so it's in PATH (haven't looked into modifying the default PATH yet). Otherwise I try to keep /system alone.
Android's default PATH provides four places for busybox to be installed: /sbin, /system/bin, /system/sbin, and /system/xbin. /sbin is part of the initramfs, in other words it's controlled by the kernel you're running. You can install busybox to any of the three /system/*bin directories, but I prefer /system/xbin.
In the traditional Unix conventions, "/usr/bin" is for user-runnable stock-installed programs, and "/usr/sbin" is for root-requiring (superuser-runnable) stock-installed programs. "xbin" isn't part of the standard convention, but I'd guess it's intended for "extra binaries" that are not part of the stock installation (much like /usr/local/bin), thus it seems like an appropriate location for a user-added "su" and "busybox" programs.
The second reason is that "xbin" is relatively empty, so if you want to create the applet symlinks (i.e., so that you can call "cp" instead of "buybox cp") it won't overwrite the stock toolbox symlinks. Also, since "xbin" is last on the default PATH, any programs provided by both toolbox and busybox will default to the toolbox version--which would be important for stock system scripts that might run into compatibility issues if they were to use the busybox versions instead.
To install busybox, grab a copy of the binary from somewhere (one click packages, a copy of stericson.busybox.apk, etc.). Then, once rooted run:
Code:
adb push busybox /data/local/tmp
adb shell
su # Authorize on phone screen
cat /data/local/tmp/busybox > /system/xbin/busybox
chown root.shell /system/xbin/busybox
chmod 755 /system/xbin/busybox
rm /data/local/tmp/busybox
/system/xbin/busybox --install -s /system/xbin
Click to expand...
Click to collapse
You sir are a true gentleman! Thank you for the informative answers- its great to have you over here! I have one more question- why can't I usually push directly to /system ?
jimmyz said:
why can't I usually push directly to /system ?
Click to expand...
Click to collapse
Pushing directly to /system requires running the adb service on the phone as the root user, so that it has permissions to write to that directory. Usually adb runs on the phone unprivileged, so you can only push to world-writable directories.
Running rageagainstthecage-arm5.bin actually changes this. The exploit forces the adb service to run as the root user, which is why "adb shell" gives you a root shell and "adb push" to /system does work, until the phone is restarted.
Interesting enough, the adb service also runs as root by default in the Android emulator. So there's probably a configuration setting, somewhere, to make it do that. In general it's safer to run adb unprivileged though, and "su" to move files to /system once uploaded elsewhere on the phoe.
mkasick said:
Pushing directly to /system requires running the adb service on the phone as the root user, so that it has permissions to write to that directory. Usually adb runs on the phone unprivileged, so you can only push to world-writable directories.
Running rageagainstthecage-arm5.bin actually changes this. The exploit forces the adb service to run as the root user, which is why "adb shell" gives you a root shell and "adb push" to /system does work, until the phone is restarted.
Interesting enough, the adb service also runs as root by default in the Android emulator. So there's probably a configuration setting, somewhere, to make it do that. In general it's safer to run adb unprivileged though, and "su" to move files to /system once uploaded elsewhere on the phoe.
Click to expand...
Click to collapse
I am learning a lot!!! Could you take a look at koush's kernel here, with it I noticed that when using adb I got the # prompt right away and was able to push to /system- maybe he was able to figure out the config settings? Once again thanks!!!
one more ? (feel free to ignore this one) what actually happens when you do
Code:
adb shell /data/local/tmp/rageagainstthecage-arm5.bin
and how does that give you permanent root?
mkasick said:
Pushing directly to /system requires running the adb service on the phone as the root user, so that it has permissions to write to that directory. Usually adb runs on the phone unprivileged, so you can only push to world-writable directories.
Running rageagainstthecage-arm5.bin actually changes this. The exploit forces the adb service to run as the root user, which is why "adb shell" gives you a root shell and "adb push" to /system does work, until the phone is restarted.
Interesting enough, the adb service also runs as root by default in the Android emulator. So there's probably a configuration setting, somewhere, to make it do that. In general it's safer to run adb unprivileged though, and "su" to move files to /system once uploaded elsewhere on the phoe.
Click to expand...
Click to collapse
It is indeed a config option in default.prop. However, this is in the initramfs and you can't change it on the fly, so you need to rebuild the kernel to change it. With some work you can modify the stock kernel to do it, but I personally haven't tried it.
Sent from my Epic 4G using XDA App
Thank you, this worked perfectly for me, running stock DI18 ROM that I flashed tonight!!! I confirmed by installing the wireless tethering pre-9 apk, and successfully ran the wireless tethering without any errors.
Quick question: do we need to do this after root or is it not needed?
NEEDED?? ===> SuperUser App to help with Security Concerns for the Epic - h**p://forum.sdx-developers.com/epic-development/superuser-app-to-help-with-security-concerns/
Also, Titanium Backup failed to work - it gave an error of denied root access, and said busybox was not installed. What needs to be done to make it work? Do I need to install clockwork mod (not exactly sure what it does though) or a custom ROM?
AndroidSPCS said:
Quick question: do we need to do this after root or is it not needed?
Click to expand...
Click to collapse
Not sure exactly what you're asking. This is an alternative to the joeykrim-based one-click roots and rooted kernels. If you already have one of those this isn't really necessary.
AndroidSPCS said:
NEEDED?? ===> SuperUser App
Click to expand...
Click to collapse
Yes, the su binary used here requires the Supruser appto be installed to authorize su requests. Otherwise they'll always be denied. Other su binaries might not require it, but then all apps have root access which isn't really a good thing.
AndroidSPCS said:
Also, Titanium Backup failed to work - it gave an error of denied root access, and said busybox was not installed. What needs to be done to make it work?
Click to expand...
Click to collapse
Did you authorize Titanium Backup when the Superuser prompt came up (requies the Superuser app to be instald too)?
Titanium Backup has an option to download and install it's preferred version of busybox. Follow the prompts to do that.
mkasick said:
Not sure exactly what you're asking. This is an alternative to the joeykrim-based one-click roots and rooted kernels. If you already have one of those this isn't really necessary.
Click to expand...
Click to collapse
Thanks, actually this was referring to the thread where the instructions for going to adb shell or terminal and typing in the following commands:
adb shell
su
mount -t rfs -o remount,rw /dev/block/stl9 /system
cp /system/bin/su /system/bin/jk-su
exit
Yes, the su binary used here requires the Supruser appto be installed to authorize su requests. Otherwise they'll always be denied. Other su binaries might not require it, but then all apps have root access which isn't really a good thing.
Click to expand...
Click to collapse
Yes same as above, the question is not whether we need SU app (I know we do), but whether we needed to type the additional commands:
adb shell
su
mount -t rfs -o remount,rw /dev/block/stl9 /system
cp /system/bin/su /system/bin/jk-su
exit
What do these commands do? It seems to me my Superuser app is working fine with wifi tether - popping up with allow / disable permission boxes, etc. Do these commands add something else to Superuser?
Did you authorize Titanium Backup when the Superuser prompt came up (requies the Superuser app to be instald too)?
Titanium Backup has an option to download and install it's preferred version of busybox. Follow the prompts to do that.
Click to expand...
Click to collapse
There was no Superuser prompt during the install of the app, nor anytime when it said it had a failure with root access. However there is an option to install BusyBox, which I have not done yet, because I am not sure what busybox is, or what it does. I'd like to find out why I need it and what it does, so I can feel comfortable with installing it.
Thanks again.
echo "root::0:0:root:/data/local:/system/bin/sh" > /etc/passwd
echo "root::0:" > /etc/group
you need to do that in a shell to make sure su works properly.
I'm updating the one click root right now to be less silly.
http://forum.xda-developers.com/showpost.php?p=8543226&postcount=455
I just cleaned up the one click root to not do many of the silly things joeykrim's root does. It also means your system will be mounted as rw after a reboot and it won't overwrite your su with jk-su every boot (no more modified playlogo).
Cleaned up all the old stuff from the root so it should work fine even if you were using one of the older one clicks. I made sure su works, incl titanium backup.
I'm still installing superuser.apk to /system/app because I think it belongs there.
Thanks for doing the footwork, mkasick!
Firon said:
http://forum.xda-developers.com/showpost.php?p=8543226&postcount=455
I just cleaned up the one click root to not do many of the silly things joeykrim's root does. It also means your system will be mounted as rw after a reboot and it won't overwrite your su with jk-su every boot (no more modified playlogo).
Cleaned up all the old stuff from the root so it should work fine even if you were using one of the older one clicks. I made sure su works, incl titanium backup.
I'm still installing superuser.apk to /system/app because I think it belongs there.
Thanks for doing the footwork, mkasick!
Click to expand...
Click to collapse
Firon- why are these lines still needed?
Code:
adb push playlogo /system/bin/playlogo
what is playlogo? Does this just put the stock one back in case you used the joeykrim method in the past?
Code:
adb push remount /system/xbin/remount
Are the remount scripts still needed?
Code:
adb shell ln -s /system/xbin/su /system/bin/su
why is this link needed? why cant su just be in xbin
thanks in advance!
Code:
jimmyz said:
Firon- why are these lines still needed?
Code:
adb push playlogo /system/bin/playlogo
what is playlogo? Does this just put the stock one back in case you used the joeykrim method in the past?
Click to expand...
Click to collapse
This is just pushing the stock playlogo, since joeykrim's method overwrites it with some custom script.
Code:
adb push remount /system/xbin/remount
Are the remount scripts still needed?
Click to expand...
Click to collapse
The script allows you to easily remount system as ro or rw at will. Why not?
Code:
adb shell ln -s /system/xbin/su /system/bin/su
why is this link needed? why cant su just be in xbin
Click to expand...
Click to collapse
I don't know if any apps depend on it being in a particular location. It is in xbin, but I'm also linking it to /system/bin to be safe.
AndroidSPCS said:
What do these commands do? It seems to me my Superuser app is working fine with wifi tether - popping up with allow / disable permission boxes, etc. Do these commands add something else to Superuser?
Click to expand...
Click to collapse
These commands were necessary to get Superuser working with the old joeykrim root method. They're not necessary with this method (or the newly released one-click). In other words, if wifi-tethering is already working for you, nothing further is needed to be done.
AndroidSPCS said:
There was no Superuser prompt during the install of the app, nor anytime when it said it had a failure with root access.
Click to expand...
Click to collapse
I don't actually use TitaniumBackup. I'm not sure why its superuser-requirements would be different from other apps, but I guess it is. The new one-click appears to address this.
AndroidSPCS said:
However there is an option to install BusyBox, which I have not done yet, because I am not sure what busybox is, or what it does. I'd like to find out why I need it and what it does, so I can feel comfortable with installing it.
Click to expand...
Click to collapse
Busybox is a suite of "familar" Unix command-line utilites (things like cp (copy), mv (move), ls (list), etc.). It targets embedded platforms by being very featureful, yet relatively small. It's installed and used on a wide variety of embedded devices including wireless routers, print servers, phones, even televisions.
Oddly enough, Android does not include busybox by default. Instead it comes with it's own utility-programs-package called "toolbox" that isn't nearly as featureful, and quickly becomes a pain to use. Some programs, like TitaniumBackup depend on busybox programs/features, and thus require it's installation. It's safe.
The only problem with busybox is that there's not one single version of it. There's multiple builds of it from the same source code with different sets of features turned on and off. In the past, some folks had a version of busybox installed that didn't contain all the features necessary to support TitaniumBackup, so they added the option to install their own version. It's installed in a separate location, so it won't overwrite any version you do have installed, and it's safe to do. But if you've already installed another version of busybox that does work, then it may be unnecessary.
I did the Jokeyrim method a few days ago. I installed a new kernal and now a new ROM. All seems ok, but ow when I do the "whoami" command in adb shell I get whoami not found. I don't think I'm really rooted anymore. Any attempt to reinstall the Jokeyrim root script results in failure (mostly "device not found" errors). When in adb shell, most commands I type now are either "not found" or "permission denied", so I'm not confident that I'm really rooted now.
Since I have / had Jokeyrim installed, how can I "uninstall" it so that I can use this method of rooting instead? BTW, the newest Clockworkmod is installed and working.
Do I need to flash to stock first? Sorry, but I'm a VERY STOOPID NOOB.
Hi, it is possible to root ZiiO tablet with Android 2.2 ?
I try with z4root 1.3.0 but is not working
Is there any other solutions ?
my friend's sister is working as a designer and user experience officer at creative. as far as her knowledge will carry her, the answer to root is NO
in any case, why did you wish to root it? even after you root it, it wun be able to perform up to anywhere normal tablets can
Thanks for the replay, i what root access to try to install Android Market ... do you think is possible?
coljuay said:
in any case, why did you wish to root it? even after you root it, it wun be able to perform up to anywhere normal tablets can
Click to expand...
Click to collapse
Solution
Just finished rooting this damn thing and it wasn't the easiest thing to figure out.
I used a 2 stage process.
Stage 1 (run superoneclick using the psneuter option until it fails)
If you're familiar with this skip to stage 2
get the adb driver from here
configure it to see the ziio using these instructions
get SuperOneClick from here
run it with psneuter root option selected until it stops and says FAILED
Explenation:
The ADB driver is needed for interacting with the tablet in a command line.
SuperOneClick comes with all you need to crack this baby. It loads the psneuter app which gives you temporary shell root and loads busybox on which is an app everybody and their grandmother uses.
Stage 2 (finishing what superoneclick can't)
Go to superoneclick's folder then in the Root folder you find there
Copy the su-v3 file to the adb folder (situated in Program Files/Android/android-sdk/platform-tools
Rename it to simply su
Start cmd and navigate to the adb folder
Use the following commands:
Code:
adb push su /sbin
adb install Superuser.apk
adb shell
chmod 4755 /sbin/su
rm /data/busybox/su
cp /data/local/tmp/busybox /data/busybox/busybox
chmod 4755 /data/busybox/busybox
exit
adb pull /system/ziilabs/init.rc
Open the new file in the adb folder named init.rc
Edit it and change the line
Code:
mount ext4 /dev/block/mmcblk_data1 /data nosuid nodev noatime nodiratime
with
Code:
mount ext4 /dev/block/mmcblk_data1 /data nodev noatime nodiratime
Save the file
Push it back to the ziio using
Code:
adb push init.rc /system/ziilabs/init.rc
Reboot the tablet and you should have root
Explanations:
SuperOneClick fails because it expects normal android file locations, which the ziio doesn't uses (probably to make it harder to root). All the files that are normally held in sbin apear to be in /data/busybox (weird). You have to delete the original su app, load the new su app in the /sbin directory where the superuser apk expects it to be, move the busybox application to the folder where the ziio has it's internal apps and allow it's use.
Thanks to CLShortFuse for superoneclick, to toolzz whose information gathering started me on this trail and thanks to mrrooty whose post here helped me figure out which su version I was suposed to use.
rooting too...
i try the guide and my ziio has now permanent root and android market working fine...
Im going to give it a try as soon as i can find out how to update the drivers in windows. Cant find the device in device manager on XP.
Any tips?
EDIT: OMG thanks so much it worked!! PS you need to shell root first or you cant adb push su /sdin
Thanks! It worked great on my Ziio 10 as well.
Thanks to linkerro!
I also have rooted my Ziio 7". But some additions by using Windows 7 for the guide i have:
1. Every programm (Editor, CMD, etc.) you need to start it as Administrator!
2. I added the file "adb_usb.ini" manually in %USERPROFILE%\.android
3. The Superuser.apk i have copied it manually to /sbin by using ADB
Dont forget to press the THANKS button ;-)
Thanks!
Thx for this Guide.
My ZiiO 10" was rooted and i had google apps alredy installed, but without a change file (/ system / ziilabs / init.rc) Now i edited it with totalcomander on my ziio.
Is this a 100% root pernament?
Work all the root only programs?
Anyone tested Chainfire 3d @ ziio ?
Thanks a lof for guide, i have only one problem with my ziio, i haven't notrification sound i app (gmail, facebook, talk, vCommunicator), it's some fix for this problem ?
help
I am stuck... I cannot get my ziio 7 to appear under adb..
On putting 'adb devices' under cmd it just shows 'List of devices'.. but the list is empty.
With a lot of persistence i finally managed to root and get the market running.
Initially my Ziio 7 did not show under abd devices as the file adb_usb.ini was non existing.. then i followed another thread "Tegra forum about adb-usb driver"...... which helped me create the above mentioned file.. and then got my ziio 7 to appear on the adb devices list.
and following this guide i got the root....but to get the markets and rest stuff installed i have followed the below mentioned guide.
"19300-ziio-shell-root-fully-working-android-market-ad-hoc-fix.html"
avathor said:
Thx for this Guide.
My ZiiO 10" was rooted and i had google apps alredy installed, but without a change file (/ system / ziilabs / init.rc) Now i edited it with totalcomander on my ziio.
Is this a 100% root pernament?
Work all the root only programs?
Anyone tested Chainfire 3d @ ziio ?
Click to expand...
Click to collapse
Yes it is full root, all root requiring apps working 100%
I just want android market, don't need root. Is it possible? how to?
i have full root now... thanks...
ROM Manager
In ROM Manager, which ROM should I choose? Without which, don't believe I can install Google market.
laverdone said:
i try the guide and my ziio has now permanent root and android market working fine...
Click to expand...
Click to collapse
@laverdone What method did you use to install the google apps?
thasan said:
@laverdone What method did you use to install the google apps?
Click to expand...
Click to collapse
guide to installing google apps:
After you have rooted or shell rooted your ziio
1. download rar with the apps from here (http:// www. megaupload .com/ ?d=QSM6ATPB)
2. unrar them into a directory (and rename them to something like googleApps so it's easier to work with)
3. delete app/SetupWizard.apk (you allready have this)
4. use adb to push the files to /data/googleApps (or any directory as long as it's not on the sdcard)
5. run chmod -R 755 /data/googleApps in the adb shell
6. copy the files to /system (cp -rf /data/googleApps/* /system)
7. clean up (rm -r /data/googleApps)
One more thing. The market doesn't see gmail and the other apps as installed so you have to get them again from the market if you want updates.
Someone can help me how to root aigopad m60?.. im already searching all over the net...
Thanks.
kickhopperX said:
Someone can help me how to root aigopad m60?.. im already searching all over the net...
Thanks.
Click to expand...
Click to collapse
There are two apps aimed at rooting Android devices: 'z4root' and 'superoneclick' but success with these is hit or miss. It's worth a shot
Sent from my SCH-R880 using xda app-developers app
kickhopperX said:
Someone can help me how to root aigopad m60?.. im already searching all over the net...
Thanks.
Click to expand...
Click to collapse
Hello kickhopperX
I also have a tablet aigopad m60 like you. this tablet is already rooter, you need just one application as ES Explorer which will allow you access to the tree (/).
I needed time to mount my sd card external sd card to the system.
One question: your tablet restarts all the time?
Good Day
Escuse me if I speak a little sore I use google translate to translate.
aigoPad m60
fariik said:
Hello kickhopperX
I also have a tablet aigopad m60 like you. this tablet is already rooter, you need just one application as ES Explorer which will allow you access to the tree (/).
I needed time to mount my sd card external sd card to the system.
One question: your tablet restarts all the time?
Good Day
Escuse me if I speak a little sore I use google translate to translate.
Click to expand...
Click to collapse
do you mean that it's already rooted ?
have you tried Directory Bind or SwapSD ?
i already tried z4root & super one click to root this device..both option won't work..please help us
I already found the solution guys!
Search 4Shared this apps :
DamNxQQr/doomlord_v1_xperia-2011-ics-ro
hoho.. thanks dude.. its working!!..
well... got custom rom for this tablet?..
its working ? how u do it ?
kickhopperX said:
hoho.. thanks dude.. its working!!..
well... got custom rom for this tablet?..
Click to expand...
Click to collapse
Not working with my aigopad m60 need help here cause Im dont know where to start
already have DamNxQQr/doomlord_v1_xperia-2011-ics-ro download to my PC and i have not install anything yet on aigopad m60
follow the instruction on runme(windows batch file) and when i run the batch it say " adb server is out of date " and " more the 1 device and emulator " then its say "complete
YAY!!!!! nothing happen
arerain86 said:
I already found the solution guys!
Search 4Shared this apps :
DamNxQQr/doomlord_v1_xperia-2011-ics-ro
Click to expand...
Click to collapse
I'm trying on my AigoPad M60, but not working
Here's how i did it.
Download and install moborobo.Launch the app and let it download the driver for m60.
once stabilize, unplug your tablet and reboot. on your dektop exit moborobo and kill the process. Reconnect tablet and execute runme.bat.
Let me know.
Thanks
[ROOT] [HOWTO] aigoPad M60 rooting script + generic su + generic usb driver
Hi.
I owned several aigoPad M60 bought from all over (to say it have slightly different ICS 4.0.3 revisions) and some I actually got them revisions by sending to service centre and flashed to a newer firmware.
Nevertheless, all of them can be rooted using this script (for Windows, 380 KB).
I actually rooted a Kindle Fire HD first using this script found on some chinese site (sorry I already forgot where I did so please pardon me for lack of credits). I cleaned up and englicised the whole thing, and updated the ADB tools to greater (and more compatible) version. Actually most ICS root scripts found everywhere are more or less the same.
So far, devices tested and succeded:
- Amazon Kindle Fire HD (ICS version)
- aigoPad M60 (ICS)
- Samsung Galaxy SII (GT-I9100 & GT-I9100G) ICS and Jellybean (works on mine, both phones and both 4.0.3 and 4.1.2)
- Chinese Samsung Galaxy SIII clone (can't explain much since it's a bootleg, it has MTK board) (ICS)
- Several other chinese tablets which somehow lose it's root or not rooted (ICS): Momo.cn 3G, AMPE, MaPaN. Sorry didn't remember it's exact models anymore.
This script contains a batch file, ADB exe file and two API libraries, and a generic su found in chinese tablets. The su works up to certain level but it is preferred to replace that with SuperSU from chainfire (Superuser from chainsdd didn't work well on these ICS chinese tablets, for me. Not sure about koushik's). Just install and when it asks to replace binary, choose normal and tap yes.
You have to have installed USB driver first. I have uploaded the compatible USB ADB driver for most chinese phones and tablets (8.5 MB, have to be split into x32 and x64 since the forum doesn't allow 8MB+ attachments, if you're not sure, download both and merge the folders, overwriting duplicate files).
Note: The driver works on Windows XP, 7 and 8. On Win 7 and 8 you will have to disable driver signature verify in order to install. (Win 7: Boot, F8, Disable signature. Win 8: Setting, Change PC Settings, General, Advanced Startup, look for Disable signature)
Those who already have ADB and drivers installed, here it is (simplified form of the actual script):
Windows (no need admin for ADB, just for driver installation):
Code:
adb wait-for-device
adb shell mv /data/local/tmp /data/local/tmp.bak
adb shell ln -s /data /data/local/tmp
adb reboot
adb wait-for-device
adb shell rm /data/local.prop
adb shell "echo \"ro.kernel.qemu=1\" > /data/local.prop"
adb reboot
adb wait-for-device
adb remount
adb push su /system/xbin/su
adb shell chown 0.0 /system/xbin/su
adb shell chmod 06755 /system/xbin/su
adb shell rm /data/local.prop
adb shell rm /data/local/tmp
adb shell mv /data/local/tmp.bak /data/local/tmp
adb reboot
adb kill-server
Linux:
Same
Tip: If you want to, you don't have to download anything. Just copy+paste the script. But make sure you have su in current directory. You can get chainfire's su from SuperSU.apk (assets\supersu.arm.png, rename it to su).
Careful though, this copy+paste script lacks safety measures compared to the one in the archive, such as it doesn't check if the rooting is a success or not, but the script inside archive will prompt you first before wiping /data/local/tmp ...
Note: What I mean by the su works 'up to certain level' is, it doesn't accept command lines such as su -c command. Also you will have to replace it with a proper superuser app (SuperSU, Superuser) if you want to use Titanium Backup, Lucky Patcher and so on...
i juz purchase one for my kids to play games and i google on how to root the aigopad m60, it took me here.
Many thanks for the guide, i succesfully root it.
This thread is made in an effort to root the ZTE Grand X 4 (Z957). At this point I've made some progress by using the Dirty Cow exploit to access a root shell via ADB, but have been unable to install su to the system partition.
Notes: stock rom, no custom recovery.
Exploit method:
Follow the instructions posted by Arinerron on GitHub regarding CVE-2016-5195 (under 10 posts, cannot share direct link)
When successful you will see "[email protected]:/ #" as your shell prompt, however the session will hang after any command. That said, /system/run-as is still updated allowing you to do the following:
$ adb shell
[email protected]:/ $ run-as
uid run-as 2000
uid 0
0 u:r:runas:s0
context 0 u:r:shell:s0
[email protected]:/ # id
uid=0(root) gid=0(root) groups=0(root),1004(input),1007(log),1011(adb),1015(sdcard_rw),1028(sdcard_r),3001(net_bt_admin),3002(net_bt),3003(inet),3006(net_bw_stats) context=u:r:shell:s0
you have access to the android system as root within this shell, but this is where I'm getting stuck. I'm not able to find a way to mount the system partition as read/write, and as such unable to install su. Also note that you will need to run the exploit again anytime you reboot the device. I have tried the following methods:
$ adb shell cp /sdcard/Download/su /system/bin/su
cp: /system/bin/su: Read-only file system
[email protected]:/ # mount -o rw,remount /system
mount: Permission denied
adb reboot disemmcwp
#still unable to remount the system partition
At this point I'll share what I've been able to do so far and see if anyone else has ideas for a next step.
Have you figured out how to root the z957.
This worked on my ZTE GrandX Max Plus to permanently disable the write protection on the system partition.
Good luck!!
reboot disemmcwp
If you ever want to re-enable being blocked from mounting system rw:
reboot emmcwpenab
Any luck on this root? I am looking to buy a phone on Cricket, but I need one that I can root.
Bump? Would love to see root here!
Bump, I've tried but I also get stuck on the same three methods:
$ adb shell cp /sdcard/Download/su /system/bin/su
cp: /system/bin/su: Read-only file system
[email protected]:/ # mount -o rw,remount /system
mount: Permission denied
adb reboot disemmcwp
#still unable to remount the system partition
Grand X 4
has anyone successfully rooted the grand x ?!
Thought I would post an update: Still no success on my end.
"Rooting" is easy, but breaking out of the selinux context to do anything is hard. ie. I expanded on timwr/CVE-2016-5195 by trying to use vikiroot to break out of the u:r:shell:s0 context. To do this adb push the vikiroot exploit to /data/local/tmp and then use the timwr method to run that exploit as root:
[email protected]:/ # /data/local/tmp/exploit
Unfortunately I could only get the reverse shell to work as a glorified echo. If anyone knows where I could find some c++ code for running a shell in android for me to work off of I'm willing to see how much further I can get in that direction.
As disemmcwp doesn't work I'm wondering if ZTE found a different way to lock down the system partition? Interestingly there is an OEM-specific settings button that is greyed out (find it at *#*#4636#*#*).
I'm running firmware from Wind/Freedom Mobile so I can access the bootloader and unlock it, but I can't install SU or anything from stock. Additionally, there is no TWRP released for this phone yet. I have no idea where to find the board config files for this phone. Without a custom bootloader I'm not sure how to make permanent changes to the rom at this point.
Thanks for your work on this. Stock Rom is pretty clean, but root would be great on this.
I've tried many different ways to root this phone. For weeks, I've tried. Nothing. I personally think that there is no way to, not now at least.
Don't know if this will help but, I found that they lock the bootloader under the developer settings!
Has anyone tried a one click root application like KingoRoot ?
Or is this more for doing it on your own without a service like that?
Previously I had tried a series of one click solutions but I haven't found any that support this device yet. Typically they use the same exploits we've tried to use the hard way
After slacking for awhile I was finally able to poke around some of the internals of the phone in FTM mode using qualcomm developer tools. Lots of nifty things in the embedded file system and plenty of opportunities to flash new boot loaders and roms to the device for those of you who have a locked bootloader, but unfortunately I haven't been able to extract a copy of the stock rom or bootloaders. I'm still lacking the information I need to compile a new one for the phone.
Where I stand:
Can create a root shell, cannot remount system as read/write for permanent root in stock rom.
Can install new boot loader, no twrp or other found for this hardware.
Can compile new twrp, no boardconfig files (handy to avoid bricking your phone)
Can explore EFS and access chip via FTM, not sure how or if possible to download current rom / bootloader from here.
Happy for any tips on what to try next!
Can you tell me which tools you used? I looked at the Qualcomm site and there are plenty to choose from.
If you can get those tools off of the site maybe I'll message you about grabbing a few items on my Christmas list! QPST includes the tools necessary, and the tools to backup the 425 should you accidentally brick your phone (basically impossible to truly brick a qualcomm if you have the right tools). Archive.org has a copy, don't remember where to find the driver pack but you'll need that too (and a windows build).
Read through some notes on marshmellow and sounds like you have to remount system from recovery. I'm camping for the next month but will try talking to the TWRP team about porting a bootloader to the phone when I get back.
Let me know if you make any headway!
try this adb command and see if you get a qualcomm serial port after reboot
Code:
adb reboot edl
if that doesnt work try
Code:
adb reboot bootloader
then run the attached
How did you get into diag mode? Just do the temp root method and setprop sys.usb.config diag,adb?
https://freeandroidroot.com/root-zte-grand-x-4/
This page claims to have a root method but does it actually work? I've tried twice with no success.
How's everyone here? I also am awaiting root for this device. It really needs some shine on it's mid levelness. So here is my friend's zte warp 7 work for root. He also got some killer roms for the Huawei ascend XT. He does great work. I'm sure if he had a grand x 4 he could move this along. Just a suggestion. This man can this done. Just a suggestion for all of us. https://forum.xda-developers.com/showpost.php?p=72560392&postcount=246
---------- Post added at 11:31 PM ---------- Previous post was at 11:10 PM ----------
https://forum.xda-developers.com/member.php?u=7934375
Anyone root this phone yet?
Sent from my Z956 using XDA-Developers Legacy app
Hey have a Nploe tablet rooted and wanted to put a custom rom one it. I'm having trouble finding one.
How'd you root it? I can't get mine to root at all.
Npole 10.1 nt103
MLP1295 said:
Hey have a Nploe tablet rooted and wanted to put a custom rom one it. I'm having trouble finding one.
Click to expand...
Click to collapse
Mine has 6.0 interested in 7.0 upgrade
How did you root this tablet? Please share.
Successfull Root! (still need android 7?)
Hi All,
I just rooted this device!
Since OP is not responding, I thought I would share (BTW I really want to get this device to android 7. Or at least get multi window into android 6, so hopefully someone can help)
SO!
Roughly speaking I followed this guide with some notes (below):
https://forum.xda-developers.com/showthread.php?t=2684210
Notes:
dont adb push the files where the guide says, dont use nautilus, Do use their files.
Once you have downladed their zip, and unzipped, in terminal:
adb start-server
adb reboot recovery
On the tablet (once you see recovery): mount /system
then back to their tutorial, push all the files they sugest, but push them to /, E.G.:
adb push su /
adb push busybox /
adb push Superuser.apk /
then adb shell, and do the chmod they sugest (remember your files are just there in root)
then move the files to the corret location
then reboot.
Job done.
If you have any issues ill try to help, but really I just followed that guide and guessed hard when it didnt work.
If anyone can take us from Root to Android 7, that would be great!
Regards,
code-forger