Database Info

【HOW TOs】How to root UK v2.51 ROM.[Updated 12-27-20:50]

Hi Friends.
Please redownload defy_recovery.zip.sorry for my mistake.
please downloade attachment 474211
Here is the tut of how to root the defy uk 2.51 rom.
It's simple and easy way.
this will be a step by step tut.because of my poor english.i will try to explain more detial.
1、download attatch files.
defy_2.21_boot_only.sbf
View attachment 2.21boot.zip
defy_2.51_boot_only.sbf
View attachment 2.51boot.zip
defy_recovery.exe
View attachment 474211
2、flash the defy_2.21_boot_only.sbf via rsd then reboot in to system.
3、open you phone's usb debug mode(settings-application-development-usb debug mode),then double click the defy_recovery.exe you just downloaded ,it will process the root method.when it finished you phone is rooted with superuser and my clockworkmod recovery for defy.
4、the last step is flash the defy_2.51_boot_only.sbf via rsd lite.
5、and now your phone is rooted and customized recovery installed.
This method original comes from adlx @ modmymobile.com
if your like this tut.. please buy me or adlx a beer or I can buy another phone eg. Nexus S ...Thanks.

well done！

SteveChou said:
well done！
Click to expand...
Click to collapse
No way here... It doesn't fuction... There is a problem in the batch file:
Code:
@echo off
echo µÈ´ýÉ豸
adb wait-for-device
echo »ñµÃrootȨÏÞ
adb push rageagainstthecage-arm5.bin /data/local/tmp/rageagainstthecage-arm5.bin
adb shell "chmod 0755 /data/local/tmp/rageagainstthecage-arm5.bin"
adb shell "./data/local/tmp/rageagainstthecage-arm5.bin & sleep 300;kill $!"
echo ÖØÐÂÁ¬½ÓÉ豸£¬¿ÉÄÜÐèÒªÒ»¶Îʱ¼ä
adb kill-server
call :sleep 10
adb start-server
call :sleep 30
echo È¡ÏûsystemÖ»¶ÁÊôÐÔ
adb shell "mount -o rw,remount -t ext3 /dev/block/mmcblk1p21 /system"
echo °²×°Superuser.apk
adb push Superuser.apk /system/app/Superuser.apk
echo °²×°GoAPK MOD Recovery
adb push recovery.apk /system/app/recovery.apk
echo °²×°su
[B]adb push su /system/app/su[/B]
adb shell "chmod 4755 /system/bin/su"
echo °²×°busybox
adb push busybox /system/bin/busybox
adb shell "chmod 4755 /system/bin/busybox"
echo ÖØÉèsystemÖ»¶ÁÊôÐÔ
adb shell "mount -o ro,remount -t ext3 /dev/block/mmcblk1p21 /system"
echo Íê³Éroot£¬ÇëÖØÆôÊÖ»ú
:sleep
(ping 127.0.0.1 -n 2 -w 1000 > NUL)> sleep.txt
(ping 127.0.0.1 -n %1 -w 1000 > NUL)> sleep.txt
del sleep.txt
You have to push su in bin directory non in app directory...
Code:
[B]adb push su /system/app/su[/B]
Please correct this bug.
I've also tried to upload any file thought adb (after r/w mount), but the phone doesn't recognize the apk's (Superuser and Recovery), they still invisible...
Any solution?

Well done, i did it this:
- Downloaded your 2.21boot.zip;
- Flashed thought RSD;
- Downloaded Android SDK with ADB;
- Download this Rootpack http://www.mediafire.com/?kjee8aj22j9m5zj;
- Extract this files in you /sdk/tools directory;
- Open cmd and point it in the directory with ADB;
- Run this commands:
Code:
adb devices
adb shell mount -o rw,remount -t ext3 /dev/block/mmcblk1p21 /system
adb push Superuser.apk /system/app/Superuser.apk
adb push su /system/bin/su
adb shell chmod 4755 /system/bin/su
adb push busybox /system/bin/busybox
adb shell chmod 4755 /system/bin/busybox
adb shell mount -o ro,remount -t ext3 /dev/block/mmcblk1p21 /system
adb reboot
- Flash back to 2.51boot.zip
That's all!
Thank you sir!

sorry for my mistake...
bugfixed
View attachment defy_recovery.zip

its not working , root exe not found

socket84 said:
Well done, i did it this:
- Downloaded your 2.21boot.zip;
- Flashed thought RSD;
- Downloaded Android SDK with ADB;
- Download this Rootpack http://www.mediafire.com/?kjee8aj22j9m5zj;
- Extract this files in you /sdk/tools directory;
- Open cmd and point it in the directory with ADB;
- Run this commands:
Code:
adb devices
adb shell mount -o rw,remount -t ext3 /dev/block/mmcblk1p21 /system
adb push Superuser.apk /system/app/Superuser.apk
adb push su /system/bin/su
adb shell chmod 4755 /system/bin/su
adb push busybox /system/bin/busybox
adb shell chmod 4755 /system/bin/busybox
adb shell mount -o ro,remount -t ext3 /dev/block/mmcblk1p21 /system
adb reboot
- Flash back to 2.51boot.zip
That's all!
Thank you sir!
Click to expand...
Click to collapse
Thank you for Your Bug Report.

Is there any way now to flash back to an older SBF?

fixed recovery.exe = its not working , root exe not found windows warning

batch reply "root.exe not found" after double click the defy_recovery.exe
also, from above reply:
"mount: Operation not permitted"
---------------------------------------------------------------------------------------------------
Hello,
I found out the way to get this rooting working.
everything stays the same until running the recovery.exe part
then please refer to the old rooting method
BUT using the rooting pack mentioned above link
then flash back to 2.51
it should work!
cheers!

cometcao said:
batch reply "root.exe not found" after double click the defy_recovery.exe
also, from above reply:
"mount: Operation not permitted"
Click to expand...
Click to collapse
Try This One
View attachment defy_recovery.zip

sorry sir,
About the root process, Why different with "http://bbs.goapk.com/forum.php?mod=viewthread&tid=48445&extra=%26page%3D1&page=1" ??
In goapk forum, the process2-> flash the original SBF? process3->Wipe data?
no need ?
Can this solution fit for Taiwan version 2.51.0?

Dear Sir:
Taiwan version could rooting by your solution!!
Thanks a lot~
you so great!!!

yeah~ it works for my Taiwanese version.
great job!
thanks~

Thank you very much for the HOW TOs.
Has anyone tried this on 2.51 HK rom?

hkipaqer said:
Thank you very much for the HOW TOs.
Has anyone tried this on 2.51 HK rom?
Click to expand...
Click to collapse
this will work on HK TW SG version 2.51

can we have any details about the rooting process ?
i want to get the Taiwan version of the Defy (Blurless)
1) is there any way to get root access, but still use the firmware that came with the phone ? (TW SG HK 2.51) i wouldn't mind doing some stuff manually...
2) As far as i know the original ROM of the Taiwan SG HK defy isn't available for download right ?
thanks for your hard work.

tenfar, thank you very much for your great work, I just rooted my HK DEFY.
Here are few steps added for those like me very new to Android and Root.
1. If you RSD Lite did not recognize your DEFY, download the USB driver here:
http://developer.motorola.com/docstools/USB_Drivers/
2. Power off DEFY. Then press 'Volume Up' and 'Power' together to boot to loader before you flash the SBF to your DEFY.
Happy rooting.

Thanks
Now I finished my HK defy rooted.
Very thanks for tenfar.

rooting wit Uk 2.51 possible..not other ROM flashable
hi Guys.....i have installed the UK JRDNEM_U3_2.51....and the root method desribed here worked too...
My question is: What happens after
- rooting the Uk U3_25.1 with our method (Sytem.boot.only 2.1 2.5 etc.)
- Restore system with SystemRecovery-App "Recovery Boot"
- i restored with a backup of t-mobile U3_2.21 (from my friend)
-worked
??
Build Number ist U3_2.21.0 now
Did I downgraded my system now?
If yes,
the Problem is then:
I cannot flash any ROM (RSD 4.9) from here http://and-developers.com/sbf:defy
except the JRDNEM_U3_2.51.1_BLUR_P3_SIGN_SIGNED_USAJRDNEMARAB1B8RTGB02C.0R_USAJORDANRTGB_P035_A011_HWp3_Service1FF.sbf
Therefore I dont believe i downgraded anything :-mad:
The flash-procedure with all other ROMs is the same:
RSD : finished --> Defy is not booting is hanging in the bootLoader-mode
Any Help?
Or anyone with a Vodafone 360 Original Backup that would be great
Thanks

[DUMP] Sidekick 4G Partition + Kernel Source (Bootloader, Recovery, etc)

Credit to sofauxboho for performing dumps.
Partition Dump
http://gititbit.ch/sk4g2 - partition dump
Code:
bml1 256 KB contains boot.bin (262144 bytes), Primary Boot Loader (low-level hardware initialization)
bml2 256 KB contains PIT file first 512 bytes
bml3 10240 KB /dev/block/stl3 /efs
bml4 1280 KB contains Sbl.bin (1310720 bytes) Secondary Boot Loader (loads the Linux kernel and passes the necessary arguments)
bml5 1280 KB contains Secondary Boot Loader (for recovery, ect)
bml6 5120 KB param.lfs /mnt/.lfs j4fs
bml7 7680 KB contains zImage and initramfs
bml8 7680 KB empty - on Epic 4G and Fascinate, contains recovery.bin
bml9 293376 KB factoryfs.rfs ( /system RFS Partition) /dev/block/stl9
bml10 137216 KB dbdata.rfs ( /dbdata RFS Partition) /dev/block/stl10
bml11 35840 KB cache.rfs ( /cache RFS Partition) /dev/block/stl11
bml12 12800 KB modem.bin
EDIT: It has come to my attention that the Super One Click works, no need for a script.
More Mirrors
http://gititbit.ch/sk41 - Sidekick 4G system dump
http://gititbit.ch/sk4g1 - Sidekick 4G Info Dump
dev.txt
devblock.txt
efs.txt
mount.txt
partitions.txt
proc.txt
Kernel + Platform Source
http://gititbit.ch/sk4g5 - SGH-T839_OpenSource.zip
Now for custom roms...
SK4G development chat can be found at irc.freenode.net #sk4g

hey, sorry i'm not super code-savvy.... do i simply place the .rar file on my sd card, or open it with say, 7zip, and copy the autoroot folder over? i'm getting 'unable to chmod, operation not permitted' the second way, and 'not found, no such directory, etc' when i place the .rar file on my sd card. both of these are appearing after the first line with chmod 755 etc.

Use winrar to extract the .rar then place the extracted folder onto the sdcard.

dasmoover said:
Use winrar to extract the .rar then place the extracted folder onto the sdcard.
Click to expand...
Click to collapse
ok, think i did that, but am still getting 'operation not permitted'..... perhaps i'll hold off and see if someone else has success with it?

Hmm...
Should line 14 specify the su file rather than the containing directory?
It currently reads:
Code:
cp su /system/xbin/ && chmod 4755 /system/xbin/
But perhaps it should read:
Code:
cp su /system/xbin/ && chmod 4755 /system/xbin/su

Updated the script in the main download.

yogi2010 said:
hey, sorry i'm not super code-savvy.... do i simply place the .rar file on my sd card, or open it with say, 7zip, and copy the autoroot folder over? i'm getting 'unable to chmod, operation not permitted' the second way, and 'not found, no such directory, etc' when i place the .rar file on my sd card. both of these are appearing after the first line with chmod 755 etc.
Click to expand...
Click to collapse
Im getting this when I try the lines too.

When I copied the autoroot folder to my SK4G, the contents of the folder were already set to 775, so there should be no need to chmod (though I also get the permission error when trying to chmod them).
The bigger issue is that my device doesn't have the cp command. I'd assume it would be in /system/bin along with things like ls and mv, but it's not.

Huh. That's odd. You guys are using the newer download, right?
Do you have any idea which chmod command is erroring out? I'm wondering if it's the chmod on the rage...bin in line 9 or the chmod on su in line 14.
Unfortunately I can't test without wiping my SK4G back to unrooted, which I would rather not do as it's my primary handset.
If you don't know which line is causing the trouble, could you try copying the kit but then entering each line manually?

sofauxboho said:
Huh. That's odd. You guys are using the newer download, right?
Do you have any idea which chmod command is erroring out? I'm wondering if it's the chmod on the rage...bin in line 9 or the chmod on su in line 14.
Unfortunately I can't test without wiping my SK4G back to unrooted, which I would rather not do as it's my primary handset.
If you don't know which line is causing the trouble, could you try copying the kit but then entering each line manually?
Click to expand...
Click to collapse
No I was usin the old link didn't try new one yet. Still says same thing on new version
Sent From SK4G

sofauxboho said:
Huh. That's odd. You guys are using the newer download, right?
Do you have any idea which chmod command is erroring out? I'm wondering if it's the chmod on the rage...bin in line 9 or the chmod on su in line 14.
Unfortunately I can't test without wiping my SK4G back to unrooted, which I would rather not do as it's my primary handset.
If you don't know which line is causing the trouble, could you try copying the kit but then entering each line manually?
Click to expand...
Click to collapse
I tried the newer download. All of the chmods error because my user doesn't own those files or already have write permissions for any of them. I don't have read, write, or execute permissions for /data/local/tmp either, so I can't list or copy to that location. But, separate from that, there is no cp command, so I can't copy anything anywhere.

jarrodlombardo said:
When I copied the autoroot folder to my SK4G, the contents of the folder were already set to 775, so there should be no need to chmod (though I also get the permission error when trying to chmod them).
The bigger issue is that my device doesn't have the cp command. I'd assume it would be in /system/bin along with things like ls and mv, but it's not.
Click to expand...
Click to collapse
Ah, right! That's why I used cat instead of cp when I rooted mine.
Try this:
Code:
#!/bin/sh
#autoroot script for sidekick v0.1
#chmod 755 autoroot.sh
echo "Copying binaries to /data/local/tmp/"
cat su > /data/local/tmp/su
cat Superuser.apk > /data/local/tmp/Superuser.apk
cat rageagainstthecage-arm5.bin > /data/local/tmp/rageagainstthecage-arm5.bin
cd /data/local/tmp/
echo "I'm about to chmod rageagainstthecage-arm5.bin"
chmod 755 rageagainstthecage-arm5.bin
echo "Executing exploit, please wait"
./rageagainstthecage-arm5.bin
sleep 20
echo "Attempting to spawn root shell"
sh
whoami
echo "Attempting to mount /system read-write"
mount -o remount,rw /dev/block/stl9 /system
echo "Attempting to copy and chmod su"
cat /data/local/tmp/su > /system/xbin/su && chmod 4755 /system/xbin/su
echo "Attempting to copy Superuser.apk"
cat /data/local/tmp/Superuser.apk > /system/app/Superuser.apk
sleep 5
mount -o remount,ro /dev/block/stl9 /system
#add root entry to passwd and group
echo "root::0:0:root:/data/local:/system/bin/sh" > /etc/passwd
echo "root::0:" > /etc/group
echo "autoroot completed succesfully."
I've also added a bunch of echoed comments to help us track where things go wrong if it doesn't work.

sofauxboho said:
Ah, right! That's why I used cat instead of cp when I rooted mine.
Try this:
Code:
#!/bin/sh
#autoroot script for sidekick v0.1
#chmod 755 autoroot.sh
echo "Copying binaries to /data/local/tmp/"
cat su > /data/local/tmp/su
cat Superuser.apk > /data/local/tmp/Superuser.apk
cat rageagainstthecage-arm5.bin > /data/local/tmp/rageagainstthecage-arm5.bin
cd /data/local/tmp/
echo "I'm about to chmod rageagainstthecage-arm5.bin"
chmod 755 rageagainstthecage-arm5.bin
echo "Executing exploit, please wait"
./rageagainstthecage-arm5.bin
sleep 20
echo "Attempting to spawn root shell"
sh
whoami
echo "Attempting to mount /system read-write"
mount -o remount,rw /dev/block/stl9 /system
echo "Attempting to copy and chmod su"
cat /data/local/tmp/su > /system/xbin/su && chmod 4755 /system/xbin/su
echo "Attempting to copy Superuser.apk"
cat /data/local/tmp/Superuser.apk > /system/app/Superuser.apk
sleep 5
mount -o remount,ro /dev/block/stl9 /system
#add root entry to passwd and group
echo "root::0:0:root:/data/local:/system/bin/sh" > /etc/passwd
echo "root::0:" > /etc/group
echo "autoroot completed succesfully."
I've also added a bunch of echoed comments to help us track where things go wrong if it doesn't work.
Click to expand...
Click to collapse
Type this into terminal right?

Actually, I whipped up a modified version of dasmoover's tool with my changes:
http://notfine.com/android/sk4g/autoroot-V01b-sfb.zip
Unzip that and copy the "autoroot" folder to your SD card.
Next, eject your SK, turn off USB Storage mode, and unplug it from your computer.
Then follow dasmoover's instructions (I've cleaned them up slightlly):
1. Place autoroot folder on sdcard
2. Install the Terminal Emulator app from the Marketplace
3. Open the Terminal Emulator app and type the following commands exactly, one at a time, hitting enter at the end of the line:
Code:
chmod 755 /sdcard/autoroot/autoroot.sh
./sdcard/autoroot/autoroot.sh
If the sdcard is mounted as noexec, follow these steps:
1. Place autoroot folder on sdcard
2. Install the Terminal Emulator app from the Marketplace
3. Open the Terminal Emulator app and type the following commands exactly, one at a time, hitting enter at the end of the line:
Code:
cat > /sdcard/autoroot/autoroot.sh /data/local/tmp/autoroot.sh
chmod 755 /data/local/tmp/autoroot.sh
cd /sdcard/autoroot/
./data/local/tmp/autoroot.sh
Click to expand...
Click to collapse
All credit to dasmoover, btw! Thanks, and I hope you don't mind me modifying and repackaging your tool. Just trying to help get it working.

BTW, here are some good goodies on how this root exploit works for the technical and curious:
I'd read this one first: http://intrepidusgroup.com/insight/2010/09/android-root-source-code-looking-at-the-c-skills/
And this one second:
http://dtors.org/2010/08/25/reversing-latest-exploid-release/

How did you get rid of the $ sign and get a # ? When I type the first line with the ca it sayd directory can't be found.
Sent From SK4G

I copied the new cat version onto my device and did the following:
$ chmod 755 /sdcard/autoroot/autoroot.sh
Unable to chmod /sdcard/autoroot/autoroot.sh: Operation not permitted
$ cat /sdcard/autoroot/autoroot.sh > /data/local/tmp/autoroot.sh
Cannot create /data/local/tmp/autoroot.sh: permission denied
So, I'm still stuck since /data/local/tmp isn't writable. (Also, you'll note I fixed the small error in the cat line I used.)

Ace42 said:
How did you get rid of the $ sign and get a # ? When I type the first line with the ca it sayd directory can't be found.
Sent From SK4G
Click to expand...
Click to collapse
So, the # means root. The $ means not root. The whole point of this is to get the #, which indicates a root prompt.
If it says the directory can't be found then either the command was typed incorrectly or the files are in the wrong place. The files have to be in the exact right places with the exact right names.
Download my modified version:
http://notfine.com/android/sk4g/autoroot-V01b-sfb.zip
Unzip it, and it should give you a folder called "autoroot". Inside that should be four files:
autoroot.sh
rageagainstthecage-arm5.bin
su
Superuser.apk
Make sure there is only a folder named "autoroot" with those four files inside. If there is another directory inside it won't work. If the names are at all different it won't work.
Copy this "autoroot" folder to the top level of your SD card. There should be other folders there like Music, DCIM, Playlists, and Android. Maybe some others. Make sure it's at the very top level, along with these other directories.
Here, take a look at my directory structure:
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
(Yes, I'm on a Mac, but your SK and Android don't care. File locations work the same on Windows or Linux or whatever. Also, I may have some folders you don't have. That's ok.)
Next, eject your SK, turn off USB Storage mode, and unplug it from your computer. **I forgot this part earlier! It's important.**
Then open up Terminal Emulator an your SK4G. Type:
Code:
cd /sdcard/autoroot
Then type:
Code:
ls
This should list the same four files above. If it does, you're ready to start the instructions I posted previously.
If it doesn't, type:
Then type:
Code:
ls /sdcard/
Let me know what it says.

jarrodlombardo said:
I copied the new cat version onto my device and did the following:
$ chmod 755 /sdcard/autoroot/autoroot.sh
Unable to chmod /sdcard/autoroot/autoroot.sh: Operation not permitted
$ cat /sdcard/autoroot/autoroot.sh > /data/local/tmp/autoroot.sh
Cannot create /data/local/tmp/autoroot.sh: permission denied
So, I'm still stuck since /data/local/tmp isn't writable. (Also, you'll note I fixed the small error in the cat line I used.)
Click to expand...
Click to collapse
Yeah, I've confirmed this problem.
Folks, this thing won't work right now. We need a location that is both writable and allows execution. Any ideas?
(To confirm, you can still root by using adb to manually put these files at /data/local/tmp/ For some reason, adb has rights to this location. However, the standard Terminal Emulator does not. This is only a hang-up for on-device rooting, not rooting in general.)

sofauxboho said:
Yeah, I've confirmed this problem.
Folks, this thing won't work right now. We need a location that is both writable and allows execution. Any ideas?
Click to expand...
Click to collapse
I've poked around some and not found anywhere yet. :/

[GUIDE] Rooting Samsung Galaxy [email protected] GT-B5330

This might work on other devices.
WARNING: this might brick your phone use it at your own risk.
Warning you have to have some knowlage of linux to do this kind of stuff.
WARNING: actually you have to have _good_ knowlage of linux/gnu stuff to do it.
The idea is this is to make the /system/bin/toolbox from the stock rom suid (permision 6755, it originaly has 0755)
This is how I did it. It might be simpler.
get a stock rom that you want. for me it was B5330XWALH3
it is now available at samsung-updates.
You need odin (heimdal will not work with my phone) (my was 3.07)
unpack the zip.
you get a .tar.md5 file (the tar file has broken headers so tar from ubuntu 12.04 will not unpackit).
the tar file works in sectors of 512 bytes.
take out the md5sum at the end of file. (some thing like: head -c (the size up to the last md5sum) original.tar.md5 > file1)
split the file so you will have the system.img.md5 separated (some thing like: head -c (the size upto "system.img.md5") file1 > file2;
head -c (the size upto "dt-blob.md5") file1 | tail -c +(the size upto "system.img.md5" + 1) > file3;
tail -c +(the size upto "dt-blob.md5" + 1) file1 > file4
file3 now has the system.img.md5, trim the md5sum from the tail and the tar headr from head (ex.:
head -c (upto the md5sum output from the rear of the file) file3 | tail -c +513 > file5)
file5 is a sparce image file of an ext4 filesystem. run simg2img (from ext4fs_utils (search on xda)) (ex.:
simg2img file5 file6)
sudo mount -o loop,ro file6 /mnt
look for the file /mnt/bin/toolbox (ex.: ls -l /mnt/bin/toolbox) it will give you an output like this:
-rwxr-xr-x 1 root 2000 99068 Aug 9 07:59 /mnt/bin/toolbox
sudo umount /mnt
the permisions and the size of the file yield the following hex sequence that you get in the file (we will hexedit the ext4 fs): ED 81 00 00 FC 82 01 00
in file3 edit the sequence (it should be only one in the file) from ED 81 00 00 FC 82 01 00 to ED 8D 00 00 FC 82 01 00 (practically adding the suid guid bits to the inode of the toolbox)
we are almost done, now to pack our bags and go.
verify that you have indeed put suid guid to toolbox:
head -c (upto the md5sum output from the rear of the file) file3 | tail -c +513 > file5;
simg2img file5 file6;
sudo mount -o loop,ro file6 /mnt;
ls -l /mnt/bin/toolbox
It should give an output:
-rwsr-sr-x 1 root 2000 99068 Aug 9 07:59 /mnt/bin/toolbox
sudo umount /mnt
recalculate the md5sum to the _expanded_ image: md5sum file6 > file7
overide the md5sum at the end of file3 with the one from file7
now pack the pieces in one tar: cat file2 file3 file4 > myfirmware.tar
add the md5sum to it: md5sum myfirmware.tar >> myfirmware.tar
change the name to .tar.md5: mv myfirmware.tar myfirmware.tar.md5
copy the file on a windowze machine (that has odin and the samsung drivers intalled).
update with odin the new firmware (which you should put in the PDA section) (don't forget to un check the repartitioning).
you should have now a practivally rooted device.
in order to have su and Superuser.apk on it you have to do the following steps:
push with adb su, busybox and Superuser.apk into /data/local/tmp on device (you get the files from other forums here at xda)
the next steps are on device (use adb shell)
verify that indeed we have a suid toolbox: ls -l /system/bin/toolbox should give that wanderfull -rwsr-sr-x permission.
find a rw mount that has suid (in my case a tmpfs is mounted /mnt/obb)
copy su to /mnt/obb (remember that we have suid toolbox this means that toolbox now gives you root on any command):
dd if=/data/local/tmp/su of=/mnt/obb/su
give su suid and make it owned by root: chmod 6755 /mnt/obb/su; chown 0.0 /mnt/obb/su
run su now and enjoy the #: /mnt/obb/su -
Click to expand...
Click to collapse
Ofcorse after you get # you should remount /system as rw, copy su in /system/xbin, copy Superuser.apk in /system/app, copy busybox in /system/xbin, make symlinks to busybox for all the comands in /system/xbin.
You should also upon success remove suid from toolbox so as to not mistakely do damage to the system (for instance "rm /")
And here you have it.
If you do not understand what I have done, you should read more linux / tar / ext4 / md5sum.
This method should work for any phone provided that it has odin as bootloader and there is the stock rom available.

hello
I don't have knowledge about how you have rooted the firmware for b5330, the steps you made are waaaay to dificult for me . Could you provide here an already rooted firmware, to download and install. thanks in advance
ETTT said:
This might work on other devices.
WARNING: this might brick your phone use it at your own risk.
Warning you have to have some knowlage of linux to do this kind of stuff.
WARNING: actually you have to have _good_ knowlage of linux/gnu stuff to do it.
The idea is this is to make the /system/bin/toolbox from the stock rom suid (permision 6755, it originaly has 0755)
This is how I did it. It might be simpler.
Ofcorse after you get # you should remount /system as rw, copy su in /system/xbin, copy Superuser.apk in /system/app, copy busybox in /system/xbin, make symlinks to busybox for all the comands in /system/xbin.
You should also upon success remove suid from toolbox so as to not mistakely do damage to the system (for instance "rm /")
And here you have it.
If you do not understand what I have done, you should read more linux / tar / ext4 / md5sum.
This method should work for any phone provided that it has odin as bootloader and there is the stock rom available.
Click to expand...
Click to collapse

bogdan_rize said:
I don't have knowledge about how you have rooted the firmware for b5330, the steps you made are waaaay to dificult for me . Could you provide here an already rooted firmware, to download and install. thanks in advance
Click to expand...
Click to collapse
no need to upload 400M for this little modification.
I'm unable to post links, goto samsung-updates
go and download B5330XWALI2_B5330OXXALI2_B5330XWLH1_HOME stock firmware.
and apply this xdelta patch over it.
xdelta patch sGTB5330.patch B5330XWALI2_B5330OXXALI2_B5330XWLH1_HOME.tar.md5 myfrm.tar.md5
Click to expand...
Click to collapse
after that you have the firmware that I use to root my phone.
Still... this firmware will not have "su" install, it will just be a rootable firware because it has a suid'ed toolbox.
a suid'ed toolbox in android means that you can exec chown and chmod as a root.
So. After the patching of the stock rom and flashing it. you have to have this md5sum output:
032b4344ab503c8413db9127efaa3d83 myfrm.tar.md5
Click to expand...
Click to collapse
odin will accept it (I've used Oding 3.07).
after that you push the files from the attached tar.gz to /data/local/tmp
tar -xzf superuser_stuff.tar.gz
adb push su /data/local/tmp
adb push Superuser.apk /data/local/tmp
adb push busybox /data/local/tmp
Click to expand...
Click to collapse
after that you bassically have to run this commands in an android shell in order to get to a stardard rooted android:
adb shell # enter the in the phone
dd if=/data/local/tmp/su of=/mnt/obb/su # copy the su binary to a place that can be sudoed
chown 0.0 /mnt/obb/su # modify the owner
chmod 6755 /mnt/obb/su # set SUID flag.
/mnt/obb/su # becomes root !!
mount -o remount,rw /system # remount the system partition as readwrite.
dd if=/data/local/tmp/su of=/system/xbin/su #copy su in path
chown 0.0 /system/xbin/su
chmod 6755 /system/xbin/su
chmod 755 /system/bin/toolbox # close the security hole (toolbox is nologer with SUID)
dd if=/data/local/tmp/Superuser.apk of=/system/app/Superuser.apk # copy the superuser application
chown 0.0 /system/app/Superuser.apk
chmod 666 /system/app/Superuser.apk
#now this is done for busybox
dd if=/data/local/tmp/busybox of=/system/xbin/busybox
chown 0.0 /system/xbin/busybox
chmod 755 /system/xbin/busybox
Click to expand...
Click to collapse
have fun.

I downloaded this firmware: Samsung-Updates.com-GT-B5330_COA_1_20120913171601_pducfx5hbw.zip. Where, how, what???...i unzipped it and now how to apply the patch? The rest of the stept i think i get it....i think For you it's easy to say, for me it's hard to do. I've had sgs1, sgs2 and sgs3, and the root of those was sooooooo easy... but this piece of crap b5330 drives me crazy )
ETTT said:
no need to upload 400M for this little modification.
I'm unable to post links, goto samsung-updates
go and download B5330XWALI2_B5330OXXALI2_B5330XWLH1_HOME stock firmware.
and apply this xdelta patch over it.
after that you have the firmware that I use to root my phone.
Still... this firmware will not have "su" install, it will just be a rootable firware because it has a suid'ed toolbox.
a suid'ed toolbox in android means that you can exec chown and chmod as a root.
So. After the patching of the stock rom and flashing it. you have to have this md5sum output:
odin will accept it (I've used Oding 3.07).
after that you push the files from the attached tar.gz to /data/local/tmp
after that you bassically have to run this commands in an android shell in order to get to a stardard rooted android:
have fun.
Click to expand...
Click to collapse

bogdan_rize said:
I downloaded this firmware: Samsung-Updates.com-GT-B5330_COA_1_20120913171601_pducfx5hbw.zip. Where, how, what???...i unzipped it and now how to apply the patch? The rest of the stept i think i get it....i think For you it's easy to say, for me it's hard to do. I've had sgs1, sgs2 and sgs3, and the root of those was sooooooo easy... but this piece of crap b5330 drives me crazy )
Click to expand...
Click to collapse
I've used xdelta package.
if you are on win then you're on your own.
there is xdelta.org and it seems to have pachage for windows.
for sgs[123] was easy because are main streams. may hackers were working on it.
this device is very new/obscure.
I whould have made a script, but alas, "heimdal" firmware loader whould not work with this device.
I've used linux to patch the firmware and windowze to upload it.
So a script whould be imposible, but after you pach .tar.md5 file and load it on your phone is just about cut and paste form my previous post.
My hope is that a more android savy guy will take this concept and make it a script.
I am just happy that I can now have debian on my phone.

yes, i am on win....there is no way to patch that COA firmware (i am from romania) and upload somewhere to download???i know i am probably asking to much from you, but i dont't think i will manage by my own...this rooting busines is driving me crazyyyyy :crying::crying::crying: thank you so much for your answer!!!
ETTT said:
I've used xdelta package.
if you are on win then you're on your own.
there is xdelta.org and it seems to have pachage for windows.
for sgs[123] was easy because are main streams. may hackers were working on it.
this device is very new/obscure.
I whould have made a script, but alas, "heimdal" firmware loader whould not work with this device.
I've used linux to patch the firmware and windowze to upload it.
So a script whould be imposible, but after you pach .tar.md5 file and load it on your phone is just about cut and paste form my previous post.
My hope is that a more android savy guy will take this concept and make it a script.
I am just happy that I can now have debian on my phone.
Click to expand...
Click to collapse

bogdan_rize said:
yes, i am on win....there is no way to patch that COA firmware (i am from romania) and upload somewhere to download???i know i am probably asking to much from you, but i dont't think i will manage by my own...this rooting busines is driving me crazyyyyy :crying::crying::crying: thank you so much for your answer!!!
Click to expand...
Click to collapse
ok here it is the modified firmware.
http://dl.transfer.ro/myfrm-transfer_ro-29oct-8a4089.zip

Interesting, reading carefully
Sent from my GT-B5330 using xda app-developers app

Thank you so much, tomorow morning i know how i'll spend my time...installing and rooting my b5330, unfortunately this evening i don't have my laptop on me forgoted at work ), but i've downloaded the firmware from phone and now waiting to have it done...finally!!! I'll let you know what have i done. Have a nice day and once again thanks!!!
ETTT said:
ok here it is the modified firmware.
http://dl.transfer.ro/myfrm-transfer_ro-29oct-8a4089.zip
Click to expand...
Click to collapse

it's not working, when i'm trying to adb remont it says: remount failed: Opertaion not permited. After i flashed with odin the firmware you gave to me, i think i do not have permission to make any changes, and i don't know why
ETTT said:
ok here it is the modified firmware.
http://dl.transfer.ro/myfrm-transfer_ro-29oct-8a4089.zip
Click to expand...
Click to collapse

Can you make patch for dxlh3..? Thanks
Sent from my GT-B5330 using xda app-developers app

bogdan_rize said:
it's not working, when i'm trying to adb remont it says: remount failed: Opertaion not permited. After i flashed with odin the firmware you gave to me, i think i do not have permission to make any changes, and i don't know why
Click to expand...
Click to collapse
There commands are supposed to be given in a command line box (cmd on win).
where does it gives you error?
adb shell # enter the in the phone
dd if=/data/local/tmp/su of=/mnt/obb/su # copy the su binary to a place that can be sudoed
chown 0.0 /mnt/obb/su # modify the owner
chmod 6755 /mnt/obb/su # set SUID flag.
/mnt/obb/su # becomes root !!
mount -o remount,rw /system # remount the system partition as readwrite.
dd if=/data/local/tmp/su of=/system/xbin/su #copy su in path
chown 0.0 /system/xbin/su
chmod 6755 /system/xbin/su
chmod 755 /system/bin/toolbox # close the security hole (toolbox is nologer with SUID)
dd if=/data/local/tmp/Superuser.apk of=/system/app/Superuser.apk # copy the superuser application
chown 0.0 /system/app/Superuser.apk
chmod 666 /system/app/Superuser.apk
#now this is done for busybox
dd if=/data/local/tmp/busybox of=/system/xbin/busybox
chown 0.0 /system/xbin/busybox
chmod 755 /system/xbin/busybox

finally it worked
yeeeees, damn you're good!!!! i have managed to root my b5330, root checher tell me that i am rooted and busybox is instaled...the only problem is that it shows me that i do not have installed superuser and supersu. Is there a problem if i just copy paste the apk file (supersu.apk and superuser.apk -> i've downloaded the pro version of bouth of them ) straight into the directory /data/local/tmp where it should be? or to copy-paste in another directory. Thanks in advance, CMD(and adb shell) gave me headache, but i finally got it an succedeed )) :victory::good:
ETTT said:
There commands are supposed to be given in a command line box (cmd on win).
where does it gives you error?
adb shell # enter the in the phone
dd if=/data/local/tmp/su of=/mnt/obb/su # copy the su binary to a place that can be sudoed
chown 0.0 /mnt/obb/su # modify the owner
chmod 6755 /mnt/obb/su # set SUID flag.
/mnt/obb/su # becomes root !!
mount -o remount,rw /system # remount the system partition as readwrite.
dd if=/data/local/tmp/su of=/system/xbin/su #copy su in path
chown 0.0 /system/xbin/su
chmod 6755 /system/xbin/su
chmod 755 /system/bin/toolbox # close the security hole (toolbox is nologer with SUID)
dd if=/data/local/tmp/Superuser.apk of=/system/app/Superuser.apk # copy the superuser application
chown 0.0 /system/app/Superuser.apk
chmod 666 /system/app/Superuser.apk
#now this is done for busybox
dd if=/data/local/tmp/busybox of=/system/xbin/busybox
chown 0.0 /system/xbin/busybox
chmod 755 /system/xbin/busybox
Click to expand...
Click to collapse

bogdan_rize said:
yeeeees, damn you're good!!!! i have managed to root my b5330, root checher tell me that i am rooted and busybox is instaled...the only problem is that it shows me that i do not have installed superuser and supersu. Is there a problem if i just copy paste the apk file (supersu.apk and superuser.apk -> i've downloaded the pro version of bouth of them ) straight into the directory /data/local/tmp where it should be? or to copy-paste in another directory. Thanks in advance, CMD(and adb shell) gave me headache, but i finally got it an succedeed )) :victory::good:
Click to expand...
Click to collapse
1. I'm glad you got it.
2. You should give thanks (that button) if I helped you.
3. I'm you dont read instructions. Maybe it's a problem with us romanian engineers, or maybe engineers in general
look at item 11. from my previous post. maybe I just c&p here.
dd if=/data/local/tmp/Superuser.apk of=/system/app/Superuser.apk
So, when you are in adb shell and you go root (su command, you get the promt with #) and you have the /system mounted rw.
Then any apk that you copy to /system/app folder will get intalled and when you list your application (the button with 16 squares) you should see it.
Have fun.

i was having trouble understanding adb shell and cmd from the begining. I never used this command tool...ever ) and i think from yesterday to this day i managed really ok . Anyway i think i will just copy-paste the superuser.apk in "app" folder directly in the system (it's the same thing, isn't it??). I have done that in item 11., and after a restart supersu was instaled, only superuser.apk didn't, i think i wrote something wrong in adb shell
ETTT said:
1. I'm glad you got it.
2. You should give thanks (that button) if I helped you.
3. I'm you dont read instructions. Maybe it's a problem with us romanian engineers, or maybe engineers in general
look at item 11. from my previous post. maybe I just c&p here.
dd if=/data/local/tmp/Superuser.apk of=/system/app/Superuser.apk
So, when you are in adb shell and you go root (su command, you get the promt with #) and you have the /system mounted rw.
Then any apk that you copy to /system/app folder will get intalled and when you list your application (the button with 16 squares) you should see it.
Have fun.
Click to expand...
Click to collapse

hihihi
neeeah, my bad, i thought that in "superuser_stuff" is superuser and supersu files, it was just su->for superuser.apk, easy peasy, it worked and installed from the first time...it was just me verry verry dizzy and confused. Your guide is 100% OK, my phone is rooted and now i can enjoy !!!
ETTT said:
1. I'm glad you got it.
2. You should give thanks (that button) if I helped you.
3. I'm you dont read instructions. Maybe it's a problem with us romanian engineers, or maybe engineers in general
look at item 11. from my previous post. maybe I just c&p here.
dd if=/data/local/tmp/Superuser.apk of=/system/app/Superuser.apk
So, when you are in adb shell and you go root (su command, you get the promt with #) and you have the /system mounted rw.
Then any apk that you copy to /system/app folder will get intalled and when you list your application (the button with 16 squares) you should see it.
Have fun.
Click to expand...
Click to collapse

can you release xdelta patch for your XWALH3 because we have the same device..

phyxar said:
can you release xdelta patch for your XWALH3 because we have the same device..
Click to expand...
Click to collapse
I've started a new more universal thread:
http://forum.xda-developers.com/showthread.php?t=1965600
There you have the shell-script that will patch the firmware for you.
If you still want an xdelta patch I'll make one for you but:
Give a man a fish and it will be full for the day, teach him how to fish and it will never go hungry again.
Have fun.

ETTT said:
ok here it is the modified firmware.
dl.transfer.ro/myfrm-transfer_ro-29oct-8a4089.zip
Click to expand...
Click to collapse
Hello, i'm new here and i don't know about scripting, so need your help..
i downloaded your firmware and install it to my b5330 and did the cmd command, and it worked, thanks..:good:
but now i've a new problem that my b5330 can't type a question mark ('?').. can you help me please..
whenever i want to type a question mark it always typed a comma (',') in the screen..:crying:
it also it change the symbol and language key to emoticon and symbol, but that's not a problem for me..

andhikarogue said:
Hello, i'm new here and i don't know about scripting, so need your help..
i downloaded your firmware and install it to my b5330 and did the cmd command, and it worked, thanks..:good:
but now i've a new problem that my b5330 can't type a question mark ('?').. can you help me please..
whenever i want to type a question mark it always typed a comma (',') in the screen..:crying:
it also it change the symbol and language key to emoticon and symbol, but that's not a problem for me..
Click to expand...
Click to collapse
That's because you have use the romanian firmware. whitch has a qwerty layout keyboard.
you have to do it the right way:
first. find the firmaware for your region:
http://samsung-updates.com/device/?id=GT-B5330
second. find a linux machine and run the script from the thread.
It is unrealistic for me to just upload all the 40 version of the firmware patched.
That is why I've made the script.
If you don't have a linux machine then look for a virtual box ubuntu and run on it.
Cheers.

Can you root an XT925 without unlocking the bootloader?

Thinking about buying this phone, but don't wanna void my warranty. I've seen a wealth of information, but I am confused as to what is outdated or not.

timmytucker718 said:
Thinking about buying this phone, but don't wanna void my warranty. I've seen a wealth of information, but I am confused as to what is outdated or not.
Click to expand...
Click to collapse
My HD is rooted while bootloader is still locked

mr_5kool said:
My HD is rooted while bootloader is still locked
Click to expand...
Click to collapse
How did you do it?

timmytucker718 said:
How did you do it?
Click to expand...
Click to collapse
I use the method and files from my XT902 but it works. I don't remember the source of this method (Sorry). I made several changes. My HD is OTA updated from 4.0 to 4.1.2. Here is the method (The risk is yours):
1) Preparation
- SDK & USB Drivers
- Download file from the following address: http://www.mediafire.com/download/13htvihh6c2mhs2/HD.rar or scroll down
- Unzip the file to a specific folder (I put HD folder to the root of C drive)
2) Plug your HD to PC (connect as MTP, unknown source and debugging is on, of course)
3) Do these command (at the directory where you put and perform the adb commands)
- adb push C:\HD\su /data/local/tmp/su
- adb push C:\HD\Superuser.apk /data/local/tmp/Superuser.apk
- adb push C:\HD\busybox /data/local/tmp/busybox
- adb push C:\HD\auto_root.sh /data/local/tmp/auto_root.sh
- adb push C:\HD\unlock_security_module /data/local/tmp/unlock_security_module
- adb push C:\HD\break_setresuid /data/local/tmp/break_setresuid
- adb push C:\HD\mole-plough-ccsecurity.so /data/local/tmp/mole-plough-ccsecurity.so
- adb push C:\HD\mole-plough-lsm.so /data/local/tmp/mole-plough-lsm.so
If any file is pushed unsuccessfully, you have to re-push it, of course
4) Use unlock_security_module to obtain temporary root
- adb shell
- [email protected]:/ $ cd /data/local/tmp/
- [email protected]:/data/local/tmp $ chmod 777 *
- [email protected]:/data/local/tmp $ ./unlock_security_module
- [email protected]:/data/local/tmp $ ./break_setresuid
You’ll see messages about the process. If it fails, then I’m sorry, I don’t know why yet. If it works without “fail”, you success. Here you’ll something like: Unlocked LSM, Do setresuid… I don’t remember them exactly and after all, the command will change from shell ($) to su (#).
5) Load su, Superuser.apk busybox to system
- [email protected]:/data/local/tmp # mount -o rw,remount /system /system
- [email protected]:/data/local/tmp # cat /data/local/tmp/su > /system/xbin/su
- [email protected]:/data/local/tmp # cat /data/local/tmp/busybox > /system/xbin/busybox
- [email protected]:/data/local/tmp # cat /data/local/tmp/Superuser.apk > /system/app/Superuser.apk
- [email protected]:/data/local/tmp # chmod 644 /system/app/Superuser.apk
- [email protected]:/data/local/tmp # cd /system/xbin
- [email protected]:/system/xbin # chown root.root su
- [email protected]:/system/xbin # chown root.root busybox
- [email protected]:/system/xbin # chmod 6755 su
- [email protected]:/system/xbin # chmod 755 busybox
- [email protected]:/system/xbin # mount -o ro,remount /system /system
6) When it’s done, you can remove the cable from PC. Check and see if SuperSU was installed. If it wasn’t, you can download it (SuperSU) from Play Store. Install busybox from Play Store and do the Smart Install. Your HD is now temporary rooted so do not reboot your phone.
7) Install Script Manager – SManager (devwom) from Play Store. Run SManager and choose Browse as root.
- Navigate to /data/local/tmp/ and open auto_root.sh as Script/Excutable (touch and keep for a while).
- Toggle Su on (the icon will change colour to green) and save.
You can reboot and enjoy your permanent root now.

mr_5kool said:
I use the method and files from my XT902 but it works. I don't remember the source of this method (Sorry). I made several changes. My HD is OTA updated from 4.0 to 4.1.2. Here is the method (The risk is yours):
1) Preparation
- SDK & USB Drivers
- Download file from the following address: http://www.mediafire.com/download/13htvihh6c2mhs2/HD.rar or scroll down
- Unzip the file to a specific folder (I put HD folder to the root of C drive)
2) Plug your HD to PC (connect as MTP, unknown source and debugging is on, of course)
3) Do these command (at the directory where you put and perform the adb commands)
- adb push C:\HD\su /data/local/tmp/su
- adb push C:\HD\Superuser.apk /data/local/tmp/Superuser.apk
- adb push C:\HD\busybox /data/local/tmp/busybox
- adb push C:\HD\auto_root.sh /data/local/tmp/auto_root.sh
- adb push C:\HD\unlock_security_module /data/local/tmp/unlock_security_module
- adb push C:\HD\break_setresuid /data/local/tmp/break_setresuid
- adb push C:\HD\mole-plough-ccsecurity.so /data/local/tmp/mole-plough-ccsecurity.so
- adb push C:\HD\mole-plough-lsm.so /data/local/tmp/mole-plough-lsm.so
If any file is pushed unsuccessfully, you have to re-push it, of course
4) Use unlock_security_module to obtain temporary root
- adb shell
- [email protected]:/ $ cd /data/local/tmp/
- [email protected]:/data/local/tmp $ chmod 777 *
- [email protected]:/data/local/tmp $ ./unlock_security_module
- [email protected]:/data/local/tmp $ ./break_setresuid
You’ll see messages about the process. If it fails, then I’m sorry, I don’t know why yet. If it works without “fail”, you success. Here you’ll something like: Unlocked LSM, Do setresuid… I don’t remember them exactly and after all, the command will change from shell ($) to su (#).
5) Load su, Superuser.apk busybox to system
- [email protected]:/data/local/tmp # mount -o rw,remount /system /system
- [email protected]:/data/local/tmp # cat /data/local/tmp/su > /system/xbin/su
- [email protected]:/data/local/tmp # cat /data/local/tmp/busybox > /system/xbin/busybox
- [email protected]:/data/local/tmp # cat /data/local/tmp/Superuser.apk > /system/app/Superuser.apk
- [email protected]:/data/local/tmp # chmod 644 /system/app/Superuser.apk
- [email protected]:/data/local/tmp # cd /system/xbin
- [email protected]:/system/xbin # chown root.root su
- [email protected]:/system/xbin # chown root.root busybox
- [email protected]:/system/xbin # chmod 6755 su
- [email protected]:/system/xbin # chmod 755 busybox
- shell[email protected]:/system/xbin # mount -o ro,remount /system /system
6) When it’s done, you can remove the cable from PC. Check and see if SuperSU was installed. If it wasn’t, you can download it (SuperSU) from Play Store. Install busybox from Play Store and do the Smart Install. Your HD is now temporary rooted so do not reboot your phone.
7) Install Script Manager – SManager (devwom) from Play Store. Run SManager and choose Browse as root.
- Navigate to /data/local/tmp/ and open auto_root.sh as Script/Excutable (touch and keep for a while).
- Toggle Su on (the icon will change colour to green) and save.
You can reboot and enjoy your permanent root now.
Click to expand...
Click to collapse
is this a different method than the saferoot method I have since read about?

timmytucker718 said:
is this a different method than the saferoot method I have since read about?
Click to expand...
Click to collapse
I don't know the saferoot method
I've used this method when my M had failed to root by other method
It's worked on my M and HD

[TUT] How-To Root Fire HD 7, 8, and 10 6th, 7th, and 8th generation

Edit: Someone pointed out the title is not completely accurate, so I changed it to be more descriptive and I will add a list of devices this root method will work with here
Edit2: Thanks to @Rortiz2 for the automated method! You can download it here! Simply extract the files and run MTK-SU.bat to install the SuperSU app and root your device. Once you reboot after the batch script has completed, simply open SuperSU, go to settings, and ensure that default root access for apps is set to grant.
Fire HD 8 8th gen (2018) (thanks @xyz`)
Fire HD 8 7th gen (2017)
Fire HD 8 6th gen (2016) (thanks @bibikalka)
Fire HD 10 7th gen (2017) (thanks @bibikalka)
Fire TV 2 2015 (mt8173-based) (thanks @el7145) -- up to firmware 5.2.6.9
Fire 7 9th gen (2019) (thanks @Michajin)
Before trying this root method, please read through this entire post: 5 and make sure it will work for your device!
Note: I did not create these methods, all credit goes to @diplomatic and @dutchthomas
I simply wanted to put it into a single forum post with easy instructions.
With that out of the way, lets get started.
Only use this for Fire OS 5.x.x.x, I haven't tested it with the latest version, but it should still work.
First, follow these instructions by diplomatic:
After you have verified that you have access to a root shell (The '[email protected]:/ $' will change to '[email protected]:/ #) you can follow these steps by dutchthomas:
1. Install SuperSu from Playstore (if you do not have the playstore installed, you can follow the guide by @Gilly10 here https://forum.xda-developers.com/amazon-fire/general/how-to-install-google-play-store-fire-t3486603)
2. Download SuperSu and unzip somewhere (download the .zip from here)
3. Inside the UPDATE-SuperSU-v2.79-20161211114519.zip there should be an arm64 folder. Copy that folder to your platform-tools folder
Most of this is just going to be copy paste commands
4. adb push arm64/su arm64/supolicy arm64/libsupol.so /data/local/tmp
5. adb shell
6. cd /data/local/tmp
7. ./mtk-su
8. The $ after [email protected] should change to a #, if it doesn't, close the terminal and start again from step 5.
9. mount -o remount -rw /system
10. cp /data/local/tmp/su /system/xbin/su
11. cp /data/local/tmp/su /system/xbin/daemonsu
12. cp /data/local/tmp/supolicy /system/xbin/
13. cp /data/local/tmp/libsupol.so /system/lib/
14. cp /data/local/tmp/libsupol.so /system/lib64/
15. chmod 0755 /system/xbin/su
16.
Code:
chcon u:object_r:system_file:s0 /system/xbin/su
17.
Code:
chcon u:object_r:system_file:s0 /system/xbin/su
18.
Code:
chcon u:object_r:system_file:s0 /system/xbin/daemonsu
19. daemonsu --auto-daemon
20. Back on your device, open the SuperSU app and allow it to update its binaries.
After updating the SuperSU binaries, reboot your device. Once you are back to your main screen, open SuperSU, go to settings, Then scroll down to Access. Click the [Grant] option for Default Access. You need to do this because for unknown reasons the Kindle Fire is unable to show the root access popup. Your device is now fully rooted!

https://forum.xda-developers.com/showpost.php?p=79441935&postcount=629

The original thread is here: https://forum.xda-developers.com/hd8-hd10/orig-development/experimental-software-root-hd-8-hd-10-t3904595. The title of the current thread does not accurately reflect which tablets can rooted by this method. This information is in the first post of the original thread.

MontysEvilTwin said:
The original thread is here: https://forum.xda-developers.com/hd8-hd10/orig-development/experimental-software-root-hd-8-hd-10-t3904595. The title of the current thread does not accurately reflect which tablets can rooted by this method. This information is in the first post of the original thread.
Click to expand...
Click to collapse
Thanks for the feedback, I updated the post to be more informative!

Rortiz2 said:
https://forum.xda-developers.com/showpost.php?p=79441935&postcount=629
Click to expand...
Click to collapse
Added a link and credit to you on my post, thanks for the script!

SirHappyCatIII said:
Added a link and credit to you on my post, thanks for the script!
Click to expand...
Click to collapse
Ok.

Correction
I now realize it was obvious, but it took me a while to realize there shouldn't be two identical commands.
Instruction #17 should be #18
And #18 should be
Code:
chmod 0755 /system/xbin/daemonsu

Thanks got my Fire HD 8 (6th Gen) running Fire OS 5.3.6.4 (626536720) rooted

deleted

Hi, i followed the steps for my Fire HD 8 8th gen (2018), FireOS 6.3.0.0.
I was able to obtain temporary root access using mtk-su. Prompt is now #.
Step 9 (9. mount -o remount -rw /system) returns this error.
mount: '/dev/block/dm-0'->'/system' : Device or resource busy.
I also tried " "mount -o rw,remount /system"
And it returns this error '/dev/block/dm-0' is read-only.
So I cannot proceed any further. Your help is greatly appreciated.
PS: Your step 1 says install SuperSu from PlayStore. But it seems there isn't a ChianFire SuperSu available in PlayStore. And how is this related to the rest of the steps?

mxj_xda said:
Hi, i followed the steps for my Fire HD 8 8th gen (2018), FireOS 6.3.0.0.
I was able to obtain temporary root access using mtk-su. Prompt is now #.
Step 9 (9. mount -o remount -rw /system) returns this error.
mount: '/dev/block/dm-0'->'/system' : Device or resource busy.
I also tried " "mount -o rw,remount /system"
And it returns this error '/dev/block/dm-0' is read-only.
So I cannot proceed any further. Your help is greatly appreciated.
PS: Your step 1 says install SuperSu from PlayStore. But it seems there isn't a ChianFire SuperSu available in PlayStore. And how is this related to the rest of the steps?
Click to expand...
Click to collapse
what are you looking to do? If you have root access then you can unlock... This thread is kind of old....
https://forum.xda-developers.com/hd...nlock-fire-hd-8-2018-karnak-amonet-3-t3963496

i get this error when i try and download the release 22 zip file
C:\Users\cod3w\AppData\Local\Temp\kKb_tka2.zip.part could not be saved, because the source file could not be read.
Try again later, or contact the server administrator.

Can this be used on the Fire HD 10 8TH GEN?

This guide should be updated. There's no more SuperSU on the Play store. I believe that it hasn't been updated for quite a while before it was taken down. There should be a more updated guide somewhere.

Hi.
I have a Fire HD 8 (6th Generation) ...OS 5.6.8.0 (626542120).
please i use which prosedure for root?

I get a question mark after the 1st command.
PS C:\adb> adb push arm64/su arm64/supolicy arm64/libsupol.so /data/local/tmp
[ ?] /data/local/tmp/libsupol.so
If i continue, it will fail with:
[email protected]:/data/local/tmp $ ./mtk-su
/system/bin/sh: ./mtk-su: not found
Will keep digging, i'm on a fire hd 8 6th gen on 5.3.6.4
I'm only using a very small adb pack, maybe it's that, but i am able to commuinicate.
Will keep at it.
PS: Thank you so much for making this guide, hopefully i can breath some life into this now quite slow tablet.
EDIT: MTK was missing from all folders?
Heres the whole list of commands, now fails on the last part, daemon
PS C:\adb> adb push arm64/su arm64/supolicy arm64/libsupol.so /data/local/tmp
[ ?] /data/local/tmp/libsupol.so
PS C:\adb> adb shell
[email protected]:/ $ cd /data/local/tmp
[email protected]:/data/local/tmp $ ./mtk-su
UID: 0 cap: 3fffffffff selinux: permissive
[email protected]:/data/local/tmp # mount -o remount -rw /system
[email protected]:/data/local/tmp # cp /data/local/tmp/su /system/xbin/su
[email protected]:/data/local/tmp # cp /data/local/tmp/su /system/xbin/daemonsu
[email protected]:/data/local/tmp # cp /data/local/tmp/supolicy /system/xbin/
[email protected]:/data/local/tmp # cp /data/local/tmp/libsupol.so /system/lib/
[email protected]:/data/local/tmp # cp /data/local/tmp/libsupol.so /system/lib64/
[email protected]:/data/local/tmp # chmod 0755 /system/xbin/su
[email protected]:/data/local/tmp # chcon ubject_r:system_file:s0 /system/xbin/su
[email protected]:/data/local/tmp # chcon ubject_r:system_file:s0 /system/xbin/su
[email protected]:/data/local/tmp #
hcon ubject_r:system_file:s0 /system/xbin/daemonsu <
[email protected]:/data/local/tmp # daemonsu --auto-daemon
/system/bin/sh: daemonsu: can't execute: Permission denied
126|[email protected]:/data/local/tmp #
Need to allow permissions i guess but not sure how.
Have tried the other mtk method in the thread mentioned in the OP and have this in powershell, different response to the adb push.
PS C:\adb> adb push .\mtk-su /data/local/tmp
[100%] /data/local/tmp/mtk-su
PS C:\adb> adb shell
[email protected]:/ $ cd /data/local/tmp
[email protected]:/data/local/tmp $ chmod 755 mtk-su
[email protected]:/data/local/tmp $ ./mtk-su
UID: 0 cap: 3fffffffff selinux: permissive
[email protected]:/data/local/tmp #
help

Ok so i managed to root using the mtk-su app from here:
Releases · JunioJsv/mtk-easy-su
Get bootless root access with few clicks. Contribute to JunioJsv/mtk-easy-su development by creating an account on GitHub.
github.com
Now i do have magisk and super su installed but there is no prompt from any root request, however it does say i am rooted according the supersu root checker, plus magisk safetynet fails, so i'm at a loss now.