If you have any suggestions on making this guide better or to correct any mistakes I may have made please let me know.
This guide is intended for any Linux OS and includes detailed instructions. It should work with another Linux OS although I have only verified these steps using Ubuntu 9.10 aka Karmic. includes detailed instructions. This will work with software versions 1.29.651.1 and 1.56.651.2 (aka Android 1.5). It will cover the steps necessary to root, flash the new recovery image, create a full backup. I am not responsible for any damage done to your phone using this guide. Root at your own risk.
Step 1: Download the Android SDK from http://developer.android.com/sdk/index.html The linux file is called android-sdk_r06-linux_86.tgz. Extract the files to your home user directory so that you now have the folder /home/USERNAME/android-sdk-linux. Please note you must replace USERNAME with your own.
Step 2: Download the asroot2 exploit file from http://forum.xda-developers.com/attachment.php?attachmentid=244212&d=1257621154 Extract asroot2.zip to /home/username/android-sdk-linux/tools folder.
Step 3: Download the Hero recovery image from http://forum.xda-developers.com/showpost.php?p=4898505&postcount=1g DO NOT OPEN. Simply place this file in /home/username/android-sdk-linux/tools as well.
Step 4: USB Debugging should be disable before connecting your phone via the USB cable. Connect your phone and now enable USB Debugging.
Step 5: Open a terminal found under Applications>Accessories>Terminal
Step 6: You will now enter a series of commands which I will place in code boxes to indicate the entire command.
A.
Code:
cd ~/android-sdk-linux/tools
B.
Code:
sudo su
C.
Code:
./adb push asroot2 /data/local/
D.
Code:
./adb shell
E.
Code:
chmod 0755 /data/local/asroot2
F.
Code:
/data/local/asroot2 /system/bin/sh
You should see an output that says:
$ /data/local/asroot2 /system/bin/sh
[+] Using newer pope_inode_info layout
Opening: /proc/857/fd/3
SUCCESS: Enjoy the shell.
#Now for a few last commands.
G.
Code:
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
H.
Code:
cd /system/bin
I.
Code:
cat sh > su
J.
Code:
chmod 4755 su
You are now officially rooted. A few more steps and you will have flashed the recovery image.
K.
Code:
exit
L.
Code:
exit
This will return the command line to ~/android-sdk-linux/tools.
M.
Code:
./adb push recovery-RA-heroc-v1.6.2.img /sdcard
N.
Code:
./adb shell reboot
This will cause to power off then back on automatically. Wait till the phone is fully booted to continue.
O.
Code:
./adb shell
P.
Code:
su
Q.
Code:
cd /sdcard/
R.
Code:
flash_image recovery recovery-RA-heroc-v1.6.2.img
FLASHING TO THE RECOVERY TAKES SEVERAL SECONDS-- BE PATIENT. ENTER THE NEXT COMMAND ONLY AFTER THE COMMAND PROMPT RETURNS TO THE # (ROOT SYMBOL).
S.
Code:
reboot recovery
Step 8: This is the last command; You may now close the terminal. It will cause your phone to boot into recovery mode; it should take no longer than 30 secs.
The third option on the list is "- Backup/Restore"; select it. Now, select the first option "- Nand backup". The phone will prompt you to press HOME to confirm which is want you want to do. The backup will begin. You will see the screen say, "Performing backup : .........." When done, the bottom of the screen will say "Backup complete!" and you will be given the menu options again. Go back to the main menu and select reboot system.
Step 9: Once your phone is fully booted, mount the sdcard. You will see a folder called "nandroid"; I highly recommend you copy this to your pc in case you lose your sdcard data or reformat it. Your phone is rooted, 100% backed up, and ready to install a custom rom if you wish!
[email protected]:/home/lepri/android-sdk-linux/tools# sudo su lepri
[email protected]:~/android-sdk-linux/tools$ su root
Password:
[email protected]:/home/lepri/android-sdk-linux/tools# /adb push asroot2 /data/local/
bash: /adb: No such file or directory
[email protected]:/home/lepri/android-sdk-linux/tools# ./adb push asroot2 /data/local/
828 KB/s (74512 bytes in 0.087s)
[email protected]:/home/lepri/android-sdk-linux/tools# ./adb shell
$ chmod 0755 /data/local/asroot2
$ /abd shell
/abd: not found
$ /data/local/asroot2 /system/bin/sh
[+] Using newer pipe_inode_info layout
Opening: /proc/493/fd/3
SUCCESS: Enjoy the shell.
# mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
# cd /system/bin
# cat sh > su
# chmod 4755 su
# exit
$ exit
[email protected]:/home/lepri/android-sdk-linux/tools# ./adb shell
$ su
# cd /sdcard/
# flash_image recovery recovery-RA-heroc-v1.2.3.img
Thanks for guide but I dont think it worked for me, HTC logo stays on but thats it... have to pull out battery to start the phone phone works but no joy with recovery image ((
I have HTC hero with sim(If this info any use to you)
lepri13 said:
[email protected]:/home/lepri/android-sdk-linux/tools# sudo su lepri
[email protected]:~/android-sdk-linux/tools$ su root
Password:
[email protected]:/home/lepri/android-sdk-linux/tools# /adb push asroot2 /data/local/
bash: /adb: No such file or directory
[email protected]:/home/lepri/android-sdk-linux/tools# ./adb push asroot2 /data/local/
828 KB/s (74512 bytes in 0.087s)
[email protected]:/home/lepri/android-sdk-linux/tools# ./adb shell
$ chmod 0755 /data/local/asroot2
$ /abd shell
/abd: not found
$ /data/local/asroot2 /system/bin/sh
[+] Using newer pipe_inode_info layout
Opening: /proc/493/fd/3
SUCCESS: Enjoy the shell.
# mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
# cd /system/bin
# cat sh > su
# chmod 4755 su
# exit
$ exit
[email protected]:/home/lepri/android-sdk-linux/tools# ./adb shell
$ su
# cd /sdcard/
# flash_image recovery recovery-RA-heroc-v1.2.3.img
Thanks for guide but I dont think it worked for me, HTC logo stays on but thats it... have to pull out battery to start the phone phone works but no joy with recovery image ((
I have HTC hero with sim(If this info any use to you)
Click to expand...
Click to collapse
You have a GSM HERO not a CDMA. This guide is intended for CDMA heros only.
Updated for recovery 1.5.1 image.
I keep getting the same error of insufficient permissions for device. What am I doing wrong? I disable USB debugging before I plug my phone in. Then I plug my phone in and enable USB debugging and then actually connect my mounting the SD card.
Edit: Ok. I found how to fix the insufficient permission problem...
Code:
./adb kill-server
sudo ./adb start-server
That will get your permissions correct but once I did that, I ran across a new error once I did ./adb shell the second time after the "chmod 0755".
Code:
[email protected]:/home/justin/android-sdk-linux_86/tools# ./adb push asroot2 /data/local/
711 KB/s (74512 bytes in 0.102s)
[email protected]:/home/justin/android-sdk-linux_86/tools# ./adb shell
$ chmod 0755 /data/local/asroot2
$ ./adb shell
./adb: not found
Whats wrong now?
I couldn't edit my post anymore but I found that it works if I just skip the second ./adb shell. It just caused problems for me because I was already in shell and was coming up with errors. I skipped it and my root smoothly after that.
Part I skipped...
You must replace username with your own actual username.
C. "./adb push asroot2 /data/local/"
D. "./adb shell"
E. "chmod 0755 /data/local/asroot2"
F. "./adb shell"
G. "/data/local/asroot2 /system/bin/sh"
For some reason the forums are letting me edit my posts. I know I'm wasting space but I would like to give credit to jnwhiteh for the ./adb fix. I searched for it and found it in a different part of the forums.
Problem flashing recovery
Thank you for the Howto.
I have no problem with the howto, until i try to flash recovery. It seems its going ok without error messages, but when i try to boot in recovery mode it does'nt work. Remains with the HERO logo in the screen and nothing happens.
Anyone can help me.
goshi0 said:
Thank you for the Howto.
I have no problem with the howto, until i try to flash recovery. It seems its going ok without error messages, but when i try to boot in recovery mode it does'nt work. Remains with the HERO logo in the screen and nothing happens.
Anyone can help me.
Click to expand...
Click to collapse
You're not giving the terminal enough time to flash the image probably. Give it like 10 secs to be on the safe side.
flash image not found
everything works fine up until i get to the part where you actually flash the recovery image, at which point i get an error reading : flash_image: not found
this is my code for the last part.
"[email protected]:/home/amills/android-sdk-linux/tools# ./adb push recovery-RA-heroc-v1.5.2.img /sdcard
1106 KB/s (3356672 bytes in 2.962s)
[email protected]:/home/amills/android-sdk-linux/tools# ./adb shell reboot
[email protected]:/home/amills/android-sdk-linux/tools# ./adb shell
# su
# cd /sdcard/
# flash_image recovery recovery-RA-heroc-v1.5.2.img
flash_image: not found"
goyanks said:
everything works fine up until i get to the part where you actually flash the recovery image, at which point i get an error reading : flash_image: not found
this is my code for the last part.
"[email protected]:/home/amills/android-sdk-linux/tools# ./adb push recovery-RA-heroc-v1.5.2.img /sdcard
1106 KB/s (3356672 bytes in 2.962s)
[email protected]:/home/amills/android-sdk-linux/tools# ./adb shell reboot
[email protected]:/home/amills/android-sdk-linux/tools# ./adb shell
# su
# cd /sdcard/
# flash_image recovery recovery-RA-heroc-v1.5.2.img
flash_image: not found"
Click to expand...
Click to collapse
is the phone fully booted when you run the flash_image command?
theresthatguy said:
is the phone fully booted when you run the flash_image command?
Click to expand...
Click to collapse
Yes, sense has booted up and everything, if this matters, my current recovery image is Amon Ra v1.2.3 and i had Eclair 2.1 v1.8 on it up until last night, as of now i have Fresh 1.1
If you're going to transfer the recovery image to the sdcard using adb push (as opposed to using usb-storage to drag/drop) you need to make sure that usb storage is turned off and the sdcard is mounted when you push the file.
My guess is that the sdcard wasn't mounted, and the file went to the (empty) /sdcard directory. Then when the sdcard is mounted, you can't see it. If you just reboot and do:
Code:
./adb shell
cd /sdcard
ls
does the recovery image file show up in the list?
I'm assuming that "flash_image: not found" means that the image file isn't where you're telling it to look.
buck2202 said:
If you're going to transfer the recovery image to the sdcard using adb push (as opposed to using usb-storage to drag/drop) you need to make sure that usb storage is turned off and the sdcard is mounted when you push the file.
My guess is that the sdcard wasn't mounted, and the file went to the (empty) /sdcard directory. Then when the sdcard is mounted, you can't see it. If you just reboot and do:
Code:
./adb shell
cd /sdcard
ls
does the recovery image file show up in the list?
I'm assuming that "flash_image: not found" means that the image file isn't where you're telling it to look.
Click to expand...
Click to collapse
no, it's there, when i tyle "ls", i get the following list returned.
Code:
# ls
2.1v1.8_heroc_7_signed.zip flashrec-1.1.3-20091107-2.apk
BetterTerm15.apk fresh-cdma-hero-1.1.zip
DCIM google_maps_navigation
HTC Sync media
LOST.DIR nandroid
Music prettybattery-googlecode-com
PicSay recovery-RA-heroc-v1.2.3.img
ToggleSettings recovery-RA-heroc-v1.5.2.img
Wallpaper rosie_scroll
aHome rssreader
albumthumbs tmp
aosp_heroc_20091217d.zip uloops
dolphinbrowser_gestures waze
furthermore, when i try to flash the recovery image now, i get no such error, instead I get a seemingly infinitely repeating series of "out of memory errors"
Code:
# flash_image recovery recovery-RA-heroc-v1.5.2.img
mtd: read error at 0x00000000 (Out of memory)
mtd: read error at 0x00020000 (Out of memory)
mtd: read error at 0x00040000 (Out of memory)
mtd: read error at 0x00060000 (Out of memory)
mtd: read error at 0x00080000 (Out of memory)
mtd: read error at 0x000a0000 (Out of memory)
mtd: read error at 0x000c0000 (Out of memory)
mtd: read error at 0x000e0000 (Out of memory)
mtd: read error at 0x00100000 (Out of memory)
mtd: read error at 0x00120000 (Out of memory)
mtd: read error at 0x00140000 (Out of memory)
mtd: read error at 0x00160000 (Out of memory)
mtd: read error at 0x00180000 (Out of memory)
mtd: read error at 0x001a0000 (Out of memory)
mtd: read error at 0x001c0000 (Out of memory)
mtd: read error at 0x001e0000 (Out of memory)
mtd: read error at 0x00200000 (Out of memory)
mtd: read error at 0x00220000 (Out of memory)
mtd: read error at 0x00240000 (Out of memory)
errors
I'm going to try rebooting the device and start from there. :|
this is bizzare, the first two times i attempted this (both times in Kubuntu 10.04 Alpha), i was able to flash the image with no trouble whatsoever.
------------------------------------------------------
i dont know what was up, fixed it and 1.5.2 is working great. thanks for the advice everyone. : )
problem :-(
Here's where I get to in the procedure, what's going on?
Code:
$ chmod 0755 /data/local/asroot2
$ /data/local/asroot2 /system/bin/sh
[1] Killed /data/local/asroot2 /system/bin/sh
$
Many thanks
David
swatsbiz said:
Here's where I get to in the procedure, what's going on?
Code:
$ chmod 0755 /data/local/asroot2
$ /data/local/asroot2 /system/bin/sh
[1] Killed /data/local/asroot2 /system/bin/sh
$
Many thanks
David
Click to expand...
Click to collapse
Do you have a non-Sprint hero? If say I recommend you check out the rooting a non-sprint hero thread.
Thanks so much for this great howto!
Looking down the road..... can the phone be unroot/restored from linux?
diordnahero said:
Thanks so much for this great howto!
Looking down the road..... can the phone be unroot/restored from linux?
Click to expand...
Click to collapse
After you flash a custom rom, no. You will need to RUU from a Windows box.
Doesn't work from a VM or from Mac Bootcamp either. Need to have a Windows-only craputer.
Hi,
I have a rooted phone and I'm trying copy dexopt-wrapper to /system/bin but always has the error "permission denied", I'm trying do this with the adb.
When I try "adb remount" I have the error "remount failed: Operation not permitted".
I remount the /system with Root Explorer but always has the error "permission denied" when I make "adb push c:\dexopt-wrapper /system/bin".
Can anyone help me with this, I'm very confused.
P.S. I have root access with adb shell.
Help need with dexopt-wrapper (Solved)
Problem solved.
I fallow this tutorial and it works just fine.
Just one thing, when I decompile the .odex file with the Baksmali I had to use the BOOTCLASSPATH.
To Baksmali and dexopt-wrapper we need to know the BOOTCLASSPATH.
In adb just type: adb shell echo $BOOTCLASSPATH
As we all no, If you error a file while on GB, then it is hard to reflash due to voodoo and all.
Here is how to boot loop recover.
1. Odin the KG4 Voodoo kernel.(it has a hacky adb shell su thing)
2. open a cmd or terminal windows
3. RUN "adb shell"
4. Type "mount -o rw,remount /dev/block/st19 /system"
5. Type "exit"
6. Run "adb push"
eg. adb push /Users/example/Desktop/fixed file.jar or apk /system/app or framework
7. Run "adb reboot"
I have copyied a damaged file in /system/app folder and now my phone is in the Bootloop. I wanna acces that file and replace it with the original. Can I do that?
I managed to solve it by deleting the 2 damaged files with this piece of code
Code:
echo " "
echo "Waiting for device..."
adb wait-for-device
echo " "
adb -d shell su -c "mount -o rw,remount /system"
adb -d shell su -c "ls /system"
adb -d shell su -c "rm /system/app/AudioEffectService.apk"
adb -d shell su -c "rm /system/app/SoundEnhancement.apk"
(of course the boot-loop forced me to find the right moment in the boot sequence to run the script)
ROM: LineageOS 18.1, Recovery: LineageOS 18.1 recovery
I messed up and put my build.prop in an invalid state. I got the default build.prop from the rom zip,rebooted the phone to recovery (lineageos 18.1 recovery), mounted the system partition on /mnt/system, and tried to write build.prop to default via adb shell and then cat >/mnt/system/system/build.prop and writing whatever stuff I want. However, even after remounting as rw, I get the following error message:
Code:
cat: xwrite: No space left on device
The same thing happens if I just edit on my PC and do adb push
Code:
$ adb push build.prop /mnt/system/system/build.prop
build.prop: 1 file pushed, 0 skipped. 89.9 MB/s (2662 bytes in 0.000s)
adb: error: failed to copy 'build.prop' to '/mnt/system/system/build.prop': remote write failed: No space left on device
Now what does this even mean?? There is 3.1M free space, as confirmed by df -h. I really searched I cannot find anything on this. Any help would be really appreciated!
---
I can confirm it is mounted as rw by checking this line in /proc/mounts
Code:
/dev/block/dm-0 /mnt/system ext4 rw,seclabel,relatime 0 0
adb remount also fails with
/system/bin/sh: remount: inaccessible or not found
I'm at my wit's end, any guidance here? I feel this should really not be this difficult! I just want to rewrite build.prop from adb/recovery!
---
It might have something to do with overlayfs, as seen here https://android.googlesource.com/platform/system/core/+/master/fs_mgr/README.overlayfs.md. However adb remount merely says /system/bin/sh: remount: inaccessible or not found! How should I get this to work?
---
Finally: maybe I could just try to flash a zip containing only the build.prop via adb sideload? Will adb sideload wipe anything (e.g. system) or just overwrite the files which are present in the zip?
---
Just ended up flashing again. It worked without deleting apps or data