If you have any suggestions on making this guide better or to correct any mistakes I may have made please let me know.
This guide is intended for any Linux OS and includes detailed instructions. It should work with another Linux OS although I have only verified these steps using Ubuntu 9.10 aka Karmic. includes detailed instructions. This will work with software versions 1.29.651.1 and 1.56.651.2 (aka Android 1.5). It will cover the steps necessary to root, flash the new recovery image, create a full backup. I am not responsible for any damage done to your phone using this guide. Root at your own risk.
Step 1: Download the Android SDK from http://developer.android.com/sdk/index.html The linux file is called android-sdk_r06-linux_86.tgz. Extract the files to your home user directory so that you now have the folder /home/USERNAME/android-sdk-linux. Please note you must replace USERNAME with your own.
Step 2: Download the asroot2 exploit file from http://forum.xda-developers.com/attachment.php?attachmentid=244212&d=1257621154 Extract asroot2.zip to /home/username/android-sdk-linux/tools folder.
Step 3: Download the Hero recovery image from http://forum.xda-developers.com/showpost.php?p=4898505&postcount=1g DO NOT OPEN. Simply place this file in /home/username/android-sdk-linux/tools as well.
Step 4: USB Debugging should be disable before connecting your phone via the USB cable. Connect your phone and now enable USB Debugging.
Step 5: Open a terminal found under Applications>Accessories>Terminal
Step 6: You will now enter a series of commands which I will place in code boxes to indicate the entire command.
A.
Code:
cd ~/android-sdk-linux/tools
B.
Code:
sudo su
C.
Code:
./adb push asroot2 /data/local/
D.
Code:
./adb shell
E.
Code:
chmod 0755 /data/local/asroot2
F.
Code:
/data/local/asroot2 /system/bin/sh
You should see an output that says:
$ /data/local/asroot2 /system/bin/sh
[+] Using newer pope_inode_info layout
Opening: /proc/857/fd/3
SUCCESS: Enjoy the shell.
#Now for a few last commands.
G.
Code:
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
H.
Code:
cd /system/bin
I.
Code:
cat sh > su
J.
Code:
chmod 4755 su
You are now officially rooted. A few more steps and you will have flashed the recovery image.
K.
Code:
exit
L.
Code:
exit
This will return the command line to ~/android-sdk-linux/tools.
M.
Code:
./adb push recovery-RA-heroc-v1.6.2.img /sdcard
N.
Code:
./adb shell reboot
This will cause to power off then back on automatically. Wait till the phone is fully booted to continue.
O.
Code:
./adb shell
P.
Code:
su
Q.
Code:
cd /sdcard/
R.
Code:
flash_image recovery recovery-RA-heroc-v1.6.2.img
FLASHING TO THE RECOVERY TAKES SEVERAL SECONDS-- BE PATIENT. ENTER THE NEXT COMMAND ONLY AFTER THE COMMAND PROMPT RETURNS TO THE # (ROOT SYMBOL).
S.
Code:
reboot recovery
Step 8: This is the last command; You may now close the terminal. It will cause your phone to boot into recovery mode; it should take no longer than 30 secs.
The third option on the list is "- Backup/Restore"; select it. Now, select the first option "- Nand backup". The phone will prompt you to press HOME to confirm which is want you want to do. The backup will begin. You will see the screen say, "Performing backup : .........." When done, the bottom of the screen will say "Backup complete!" and you will be given the menu options again. Go back to the main menu and select reboot system.
Step 9: Once your phone is fully booted, mount the sdcard. You will see a folder called "nandroid"; I highly recommend you copy this to your pc in case you lose your sdcard data or reformat it. Your phone is rooted, 100% backed up, and ready to install a custom rom if you wish!
[email protected]:/home/lepri/android-sdk-linux/tools# sudo su lepri
[email protected]:~/android-sdk-linux/tools$ su root
Password:
[email protected]:/home/lepri/android-sdk-linux/tools# /adb push asroot2 /data/local/
bash: /adb: No such file or directory
[email protected]:/home/lepri/android-sdk-linux/tools# ./adb push asroot2 /data/local/
828 KB/s (74512 bytes in 0.087s)
[email protected]:/home/lepri/android-sdk-linux/tools# ./adb shell
$ chmod 0755 /data/local/asroot2
$ /abd shell
/abd: not found
$ /data/local/asroot2 /system/bin/sh
[+] Using newer pipe_inode_info layout
Opening: /proc/493/fd/3
SUCCESS: Enjoy the shell.
# mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
# cd /system/bin
# cat sh > su
# chmod 4755 su
# exit
$ exit
[email protected]:/home/lepri/android-sdk-linux/tools# ./adb shell
$ su
# cd /sdcard/
# flash_image recovery recovery-RA-heroc-v1.2.3.img
Thanks for guide but I dont think it worked for me, HTC logo stays on but thats it... have to pull out battery to start the phone phone works but no joy with recovery image ((
I have HTC hero with sim(If this info any use to you)
lepri13 said:
[email protected]:/home/lepri/android-sdk-linux/tools# sudo su lepri
[email protected]:~/android-sdk-linux/tools$ su root
Password:
[email protected]:/home/lepri/android-sdk-linux/tools# /adb push asroot2 /data/local/
bash: /adb: No such file or directory
[email protected]:/home/lepri/android-sdk-linux/tools# ./adb push asroot2 /data/local/
828 KB/s (74512 bytes in 0.087s)
[email protected]:/home/lepri/android-sdk-linux/tools# ./adb shell
$ chmod 0755 /data/local/asroot2
$ /abd shell
/abd: not found
$ /data/local/asroot2 /system/bin/sh
[+] Using newer pipe_inode_info layout
Opening: /proc/493/fd/3
SUCCESS: Enjoy the shell.
# mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
# cd /system/bin
# cat sh > su
# chmod 4755 su
# exit
$ exit
[email protected]:/home/lepri/android-sdk-linux/tools# ./adb shell
$ su
# cd /sdcard/
# flash_image recovery recovery-RA-heroc-v1.2.3.img
Thanks for guide but I dont think it worked for me, HTC logo stays on but thats it... have to pull out battery to start the phone phone works but no joy with recovery image ((
I have HTC hero with sim(If this info any use to you)
Click to expand...
Click to collapse
You have a GSM HERO not a CDMA. This guide is intended for CDMA heros only.
Updated for recovery 1.5.1 image.
I keep getting the same error of insufficient permissions for device. What am I doing wrong? I disable USB debugging before I plug my phone in. Then I plug my phone in and enable USB debugging and then actually connect my mounting the SD card.
Edit: Ok. I found how to fix the insufficient permission problem...
Code:
./adb kill-server
sudo ./adb start-server
That will get your permissions correct but once I did that, I ran across a new error once I did ./adb shell the second time after the "chmod 0755".
Code:
[email protected]:/home/justin/android-sdk-linux_86/tools# ./adb push asroot2 /data/local/
711 KB/s (74512 bytes in 0.102s)
[email protected]:/home/justin/android-sdk-linux_86/tools# ./adb shell
$ chmod 0755 /data/local/asroot2
$ ./adb shell
./adb: not found
Whats wrong now?
I couldn't edit my post anymore but I found that it works if I just skip the second ./adb shell. It just caused problems for me because I was already in shell and was coming up with errors. I skipped it and my root smoothly after that.
Part I skipped...
You must replace username with your own actual username.
C. "./adb push asroot2 /data/local/"
D. "./adb shell"
E. "chmod 0755 /data/local/asroot2"
F. "./adb shell"
G. "/data/local/asroot2 /system/bin/sh"
For some reason the forums are letting me edit my posts. I know I'm wasting space but I would like to give credit to jnwhiteh for the ./adb fix. I searched for it and found it in a different part of the forums.
Problem flashing recovery
Thank you for the Howto.
I have no problem with the howto, until i try to flash recovery. It seems its going ok without error messages, but when i try to boot in recovery mode it does'nt work. Remains with the HERO logo in the screen and nothing happens.
Anyone can help me.
goshi0 said:
Thank you for the Howto.
I have no problem with the howto, until i try to flash recovery. It seems its going ok without error messages, but when i try to boot in recovery mode it does'nt work. Remains with the HERO logo in the screen and nothing happens.
Anyone can help me.
Click to expand...
Click to collapse
You're not giving the terminal enough time to flash the image probably. Give it like 10 secs to be on the safe side.
flash image not found
everything works fine up until i get to the part where you actually flash the recovery image, at which point i get an error reading : flash_image: not found
this is my code for the last part.
"[email protected]:/home/amills/android-sdk-linux/tools# ./adb push recovery-RA-heroc-v1.5.2.img /sdcard
1106 KB/s (3356672 bytes in 2.962s)
[email protected]:/home/amills/android-sdk-linux/tools# ./adb shell reboot
[email protected]:/home/amills/android-sdk-linux/tools# ./adb shell
# su
# cd /sdcard/
# flash_image recovery recovery-RA-heroc-v1.5.2.img
flash_image: not found"
goyanks said:
everything works fine up until i get to the part where you actually flash the recovery image, at which point i get an error reading : flash_image: not found
this is my code for the last part.
"[email protected]:/home/amills/android-sdk-linux/tools# ./adb push recovery-RA-heroc-v1.5.2.img /sdcard
1106 KB/s (3356672 bytes in 2.962s)
[email protected]:/home/amills/android-sdk-linux/tools# ./adb shell reboot
[email protected]:/home/amills/android-sdk-linux/tools# ./adb shell
# su
# cd /sdcard/
# flash_image recovery recovery-RA-heroc-v1.5.2.img
flash_image: not found"
Click to expand...
Click to collapse
is the phone fully booted when you run the flash_image command?
theresthatguy said:
is the phone fully booted when you run the flash_image command?
Click to expand...
Click to collapse
Yes, sense has booted up and everything, if this matters, my current recovery image is Amon Ra v1.2.3 and i had Eclair 2.1 v1.8 on it up until last night, as of now i have Fresh 1.1
If you're going to transfer the recovery image to the sdcard using adb push (as opposed to using usb-storage to drag/drop) you need to make sure that usb storage is turned off and the sdcard is mounted when you push the file.
My guess is that the sdcard wasn't mounted, and the file went to the (empty) /sdcard directory. Then when the sdcard is mounted, you can't see it. If you just reboot and do:
Code:
./adb shell
cd /sdcard
ls
does the recovery image file show up in the list?
I'm assuming that "flash_image: not found" means that the image file isn't where you're telling it to look.
buck2202 said:
If you're going to transfer the recovery image to the sdcard using adb push (as opposed to using usb-storage to drag/drop) you need to make sure that usb storage is turned off and the sdcard is mounted when you push the file.
My guess is that the sdcard wasn't mounted, and the file went to the (empty) /sdcard directory. Then when the sdcard is mounted, you can't see it. If you just reboot and do:
Code:
./adb shell
cd /sdcard
ls
does the recovery image file show up in the list?
I'm assuming that "flash_image: not found" means that the image file isn't where you're telling it to look.
Click to expand...
Click to collapse
no, it's there, when i tyle "ls", i get the following list returned.
Code:
# ls
2.1v1.8_heroc_7_signed.zip flashrec-1.1.3-20091107-2.apk
BetterTerm15.apk fresh-cdma-hero-1.1.zip
DCIM google_maps_navigation
HTC Sync media
LOST.DIR nandroid
Music prettybattery-googlecode-com
PicSay recovery-RA-heroc-v1.2.3.img
ToggleSettings recovery-RA-heroc-v1.5.2.img
Wallpaper rosie_scroll
aHome rssreader
albumthumbs tmp
aosp_heroc_20091217d.zip uloops
dolphinbrowser_gestures waze
furthermore, when i try to flash the recovery image now, i get no such error, instead I get a seemingly infinitely repeating series of "out of memory errors"
Code:
# flash_image recovery recovery-RA-heroc-v1.5.2.img
mtd: read error at 0x00000000 (Out of memory)
mtd: read error at 0x00020000 (Out of memory)
mtd: read error at 0x00040000 (Out of memory)
mtd: read error at 0x00060000 (Out of memory)
mtd: read error at 0x00080000 (Out of memory)
mtd: read error at 0x000a0000 (Out of memory)
mtd: read error at 0x000c0000 (Out of memory)
mtd: read error at 0x000e0000 (Out of memory)
mtd: read error at 0x00100000 (Out of memory)
mtd: read error at 0x00120000 (Out of memory)
mtd: read error at 0x00140000 (Out of memory)
mtd: read error at 0x00160000 (Out of memory)
mtd: read error at 0x00180000 (Out of memory)
mtd: read error at 0x001a0000 (Out of memory)
mtd: read error at 0x001c0000 (Out of memory)
mtd: read error at 0x001e0000 (Out of memory)
mtd: read error at 0x00200000 (Out of memory)
mtd: read error at 0x00220000 (Out of memory)
mtd: read error at 0x00240000 (Out of memory)
errors
I'm going to try rebooting the device and start from there. :|
this is bizzare, the first two times i attempted this (both times in Kubuntu 10.04 Alpha), i was able to flash the image with no trouble whatsoever.
------------------------------------------------------
i dont know what was up, fixed it and 1.5.2 is working great. thanks for the advice everyone. : )
problem :-(
Here's where I get to in the procedure, what's going on?
Code:
$ chmod 0755 /data/local/asroot2
$ /data/local/asroot2 /system/bin/sh
[1] Killed /data/local/asroot2 /system/bin/sh
$
Many thanks
David
swatsbiz said:
Here's where I get to in the procedure, what's going on?
Code:
$ chmod 0755 /data/local/asroot2
$ /data/local/asroot2 /system/bin/sh
[1] Killed /data/local/asroot2 /system/bin/sh
$
Many thanks
David
Click to expand...
Click to collapse
Do you have a non-Sprint hero? If say I recommend you check out the rooting a non-sprint hero thread.
Thanks so much for this great howto!
Looking down the road..... can the phone be unroot/restored from linux?
diordnahero said:
Thanks so much for this great howto!
Looking down the road..... can the phone be unroot/restored from linux?
Click to expand...
Click to collapse
After you flash a custom rom, no. You will need to RUU from a Windows box.
Doesn't work from a VM or from Mac Bootcamp either. Need to have a Windows-only craputer.
whenever i turn my phone, i get an error that says the com.android.sdksetup application failed or something like that and when forced to close, it would just show up again.
as a result, i'm stuck in that infinite loop, i can only access recovery (3e) and the bootloader. I've tried a factory reset but that only erases user data. Since it runs on 3e recovery, I get signature verification errors when trying to flash to a different rom. I was wondering if there's any way I can access the system files through any of these two modes? the phone is the Gooapple 3g
I dont know about your specific phone, but i managed to get a bit of info from a google search
I believe what yo want to be doing is flashing a recovery that allows you ADB write access to /system (if your recovery doesnt already - try 'adb remount' or 'adb shell mount -o remount,rw /system')
You may need the PdaNetA302.exe file from http://www.alcatel-mobilephones.com/...iew/full/25287 to use USB ADB
This thread may be useful: http://forum.xda-developers.com/showthread.php?t=1252195
the clockworkmod recovery section may be useful as cwm allows read/write access to the /system partition via ADB:
INSTALL CLOCKWORK RECOVERY (orange lantern recovery)
Flashing custom recovery image:
{Non ADB method}
1) Download flash_image and place it on the root of your SD card: http://db.tt/flHRxiG
2) Download recovery.img to the root of your SD card: http://db.tt/uy56zhj
3) Open Terminal Emulator and issue these commands:
Code:
$ su
# cp /sdcard/flash_image /system/bin
# chmod 747 /system/bin/flash_image
# flash_image recovery /sdcard/recovery.img
4) If you see a bunch of successful on your screen then it has flashed properly.
{ADB method}
1) Open up command prompt and issue these commands:
Code:
C:\Users\Your_Name> cd ..
C:\Users> cd ..
2) Navigate to your installed Android SDK (Mine is under the Program Files (x86) folder):
Code:
C:\> cd Program Files (x86)
C:\Program Files (x86)> cd Android/android-sdk/platform-tools
3) Connect your device to your computer and make sure you have USB Debugging enabled on your phone.
4) Issue this command to verify that your computer recognizes your phone:
Code:
C:\Program Files (x86)\Android\android-sdk\platform-tools> adb devices
5) If you see your phones serial then it is connected.
6) Download flash_image and place it in the platform-tools folder: http://db.tt/flHRxiG
7) Download the recovery.img and place it on the root of your SD card: http://db.tt/uy56zhj
8) Issue these commands in command prompt:
Code:
C:\Program Files (x86)\Android\android-sdk\platform-tools> adb push flash_image /system/bin
C:\Program Files (x86)\Android\android-sdk\platform-tools> adb shell chmod 747 /system/bin/flash_image
C:\Program Files (x86)\Android\android-sdk\platform-tools> adb shell
# flash_image recovery /sdcard/recovery.img
9) If you see a bunch of successful on your screen then it has flashed properly.
boot into recovery, hold home whilst powering on, after 5 long seconds, let go of home and then push home again, you will need to put the volume/menu-back toggle to "volume" mode and according to deepakpitrola333, you need to cycle the list 3 times using volume to allow selection.
Video by mayiandjay;
http://www.youtube.com/watch?v=B_dX9Ruoljo
Hello,
Could someone having access to a rooted Zenfone 4 Pro do me a favour by dumping a partition on their device?
As root, execute the following commands:
Code:
# dump the sec partition to /data/local/tmp/sec.img
# it might be in /dev/block/platform/soc/<something>/by-name/
dd if=/dev/block/by-name/sec of=/data/local/tmp/sec.img
chmod 755 /data/local/tmp/sec.img
Then use ADB to retrieve the file from your device:
Code:
adb pull /data/local/tmp/sec.img
There is no personal data in this partition. It is either empty, or what's in it is the same for all devices.
Thanks a lot for the help!
You still need this?
Hello,
Could someone having access to a rooted Zenfone 6 do me a favour by dumping a partition on their device?
As root, execute the following commands:
Code:
# dump the sec partition to /data/local/tmp/sec.img
# it might be in /dev/block/platform/soc/<something>/by-name/
dd if=/dev/block/by-name/sec of=/data/local/tmp/sec.img
chmod 755 /data/local/tmp/sec.img
Then use ADB to retrieve the file from your device:
Code:
adb pull /data/local/tmp/sec.img
There is no personal data in this partition. It is either empty, or what's in it is the same for all devices.
Thanks a lot for the help!
After the March security update my Pixel 5 is not receiving any mobile network and i am not able to turn on radio power via the *#*#4636#*# command.
After googling for a solution i found similar posts which suggested resetting the modemst1 and 2 partitions
Tried running the following commands in adb but was unable to
Code:
adb shell 'dd if=/dev/zero of=/dev/block/bootdevice/by-name/modemst1'
adb shell 'dd if=/dev/zero of=/dev/block/bootdevice/by-name/modemst2'
For fastboot I used the following commands
Code:
fastboot erase modemst1
fastboot erase modemst2
which gave me an error
Code:
FAILED (remote: Not allowed to erase (modemst1))
I'm also not able to boot into adb root but i am able to run adb shell su
I tried installing adbd insecure which was unable to patch adbd and also installed an adb_root module in magisk which still failed to initialize adb root
Currently I'm running ProtonOS on my Pixel 5. I thought running a custom rom might help but the problem still persists
Please help
Hi.
I would suggest making a back up before you erase a partition in case you need to restore it.
Make sure to name the backup clearly so you know what it is.
Since you do not have adb root, you need to run the command as root using su -c "NameOfCommand".
If you boot into a custom recovery, you generally have adbd and do not need to use the su -c option.
Also double check your path, you should be able to call it from /dev/block/by-name.
or list by-name, ls -la /dev/block/by-name/ and call it from the true partition number.
Example of making a backup.
Dump the partition(s) into an image.
Code:
adb shell su -c "dd if=/dev/block/by-name/modemst1 of=/sdcard/redfin-modemst1.img"
adb shell su -c "dd if=/dev/block/by-name/modemst2 of=/sdcard/redfin-modemst2.img"
Copy the image(s) to computer.
Code:
adb pull /sdcard/redfin-modemst1.img
adb pull /sdcard/redfin-modemst2.img
Delete the image(s) from the device.
Code:
adb shell rm /sdcard/redfin-modemst1.img
adb shell rm /sdcard/redfin-modemst2.img
You need to be in fastbootd to modify critical partitions.
adb reboot bootloader will reboot into fastboot.
adb reboot fastboot will reboot into fastbootd.
You can do the same in fastboot/fastbootd
fastboot reboot bootloader will reboot into fastboot.
fastboot reboot fastboot will reboot into fastbootd.
Be Careful.
There are always risks involved when you start messing around with a device.
If something goes wrong, you may end up with a non-working "bricked" device.
This is especially true when you start modifying partitions.
Good luck.
Cheers.
ipdev said:
Hi.
I would suggest making a back up before you erase a partition in case you need to restore it.
Make sure to name the backup clearly so you know what it is.
Since you do not have adb root, you need to run the command as root using su -c "NameOfCommand".
If you boot into a custom recovery, you generally have adbd and do not need to use the su -c option.
Also double check your path, you should be able to call it from /dev/block/by-name.
or list by-name, ls -la /dev/block/by-name/ and call it from the true partition number.
Example of making a backup.
Dump the partition(s) into an image.
Code:
adb shell su -c "dd if=/dev/block/by-name/modemst1 of=/sdcard/redfin-modemst1.img"
adb shell su -c "dd if=/dev/block/by-name/modemst2 of=/sdcard/redfin-modemst2.img"
Copy the image(s) to computer.
Code:
adb pull /sdcard/redfin-modemst1.img
adb pull /sdcard/redfin-modemst2.img
Delete the image(s) from the device.
Code:
adb shell rm /sdcard/redfin-modemst1.img
adb shell rm /sdcard/redfin-modemst2.img
You need to be in fastbootd to modify critical partitions.
adb reboot bootloader will reboot into fastboot.
adb reboot fastboot will reboot into fastbootd.
You can do the same in fastboot/fastbootd
fastboot reboot bootloader will reboot into fastboot.
fastboot reboot fastboot will reboot into fastbootd.
Be Careful.
There are always risks involved when you start messing around with a device.
If something goes wrong, you may end up with a non-working "bricked" device.
This is especially true when you start modifying partitions.
Good luck.
Cheers.
Click to expand...
Click to collapse
Hello, I hope you will see this text. As you have mentioned, I have rebooted my Pixel 5 to fastbootd but I cannot erase any critical partition. for example, when i run fastboot erase cache OR fastboot erase modemst1, i get the same error message saying FAILED (remote: 'Partition doesn't exist'). Would you mind helping me? I would appreciate it a lot. Thank you.