Database Info

****ROOT EVO After July 1 OTA Update

I tried every method, read every thread in every forum in an effort to root my EVO. Nothing worked. I was driving myself mad and spending tons of time. I Eventually I came across a post which directed me to XDA Developers Thread ---==={ROOT GUIDE}===--- | 1.47.651.1 ROOT, post 579 by SharkUW . I have used this on my own phone and I don't see a reason why it wouldn't work. I modified some of the instructions to make it clearer. The instructions may not be exact, and there is some seat-of-the-pants involved, but I got it to work. Use it at your own risk.
Prerequisites (follow in order)
Android-SDK developers program. I loaded it to C:
JAVA SE Development (use correct bit – 32 or 64). loaded in C:
Microsoft .NET Framework V 4.0
Reboot your phone and do a factory reset. Erase everything
Set phone to Charge Only and USB debugging
Open the stock browser and sign-in with your PCS phone number. Leave running.
Shutdown the phone, then restart
Make sure ADB is functional on your computer. You should be able to "adb shell" (confirming adb is working, exit shell if you're in it).
Extract the Do_root.zip (link below) and place all these files into the SAME folder as adb.exe. I have not included the appropriate PC36IMG.zip. Get it here. http://forum.xda-developers.com/showthread.php?t=701835 Leave the name as "eng-PC36IMG.zip". Place that in the SAME directory as well as the .zip.
Open a command prompt on your computer. point directory to Android-SDK directory\tools and a list will come up… click on "root.bat” and click RUN.
If it hangs for more than 30 seconds with the browser ****, CTRL+C, yes to kill the bat and just run it again.
Follow the directions. Your phone is going to reboot. It is then going to do a little **** and reboot into the boot loader. Keep track of the Command screen and wait because some steps take a while and there is no way of telling if it’s working. Nothing lasted more than 5 minutes. Eventually it will be in a "bootloader" and ask if you want to reboot. Say Yes with a Volume UP.
The .bat is now done. You have root. (not sure if next part is true) You now need a custom recovery to flash a proper ROM beyond the scope of this guide.
In original instructions but I’ve found the following Recovery step and code is not necessary: Now take the last step and flash the recovery.img that will already be on the root of your sdcard. To do this, after the PC36IMG flash:
Code:
adb shell
cat /sdcard/flash_image > /data/flash_image
chmod 755 /data/flash_image
/data/flash_image recovery /sdcard/recovery.img
To check for root do ADB Shell and should get #.
If you're all advancedy you can put on a different recovery image.
IMPORTANT If you get a message here about "not writing bad block", flash it again until you get 0 errors. I don't know how common it is, but personally my recovery has issues with flashing. Do NOT let that be a bad flash.
Attached Files
do_root.zip (4.07 MB, 49 views)
________________________________________
Last edited by SharkUW; 7th July 2010 at 01:06 AM.

Going to try it tomorrow and hope it works. Thanks

Where are the attached files?

Can't find the do_root.zip file. Seems there is no attachment, please re-post. Thanks.

I tried to attach the do_root.zip file and a link to Toast 2 file. If that doesn't work, go to the referenced post #579 here: http://forum.xda-developers.com/showthread.php?t=718889&page=58.

Have you tried this SimpleRoot? I just did it, and it worked flawlessly.

Vivix729 said:
Have you tried this SimpleRoot? I just did it, and it worked flawlessly.
Click to expand...
Click to collapse
Simpleroot ftw.

mattrb said:
Simpleroot ftw.
Click to expand...
Click to collapse
QFT. I did simple root (I still setup adb and ensured it was working first) and then flashed the rooted Stock 1.47 ROM in about 40 min. I think most people that are running into issues with Simpleroot do not have adb setup properly or they did something inadvertently and need to clear out the files/cache and need to start over from scratch.

gmanvbva said:
QFT. I did simple root (I still setup adb and ensured it was working first) and then flashed the rooted Stock 1.47 ROM in about 40 min. I think most people that are running into issues with Simpleroot do not have adb setup properly or they did something inadvertently and need to clear out the files/cache and need to start over from scratch.
Click to expand...
Click to collapse
I did simple root and it worked fine too. I don't think the issue is adb being setup since he has an adb file in his download.

Update from a few days ago.
Just got a new SDHC card and simpleroot worked. The SDHC that came with my phone died. I placed a spare in there that was a 2gd regular micro and Hboot would not ready the IMG for nothing.
If simple root is not working then it's the Sh!tty card acting up.
Happy ending for me.

I just got my phone yesterday did the ota simpleroot and seems like it worked fine
but now i dont know what to do next
to get custom roms or froyo 2.2 or anything lol

Awesome post |OP|.
My desktop is Windows 7 x64 and doesn't play nicely with the standard tools.
I was forced to adapt your root.bat script to an OSX friendly BASH script.
The only requirement is that you download the android SDK from developer.android.com/sdk/index.html (apparently, I'm too new to post links).
The steps I took to get root:
Unzip the android SDK
follow |OP|'s instructions, unzipping the contens of do_root into [sdk-root]/tools/
unzip the attached bash script to the [sdk-root]/tools/
run my bash script from the [sdk-root] folder instead of root.bat - type "./root.sh" without the double-quotes
Grab a copy of Froyo while your phone is being rooted

GUIDES & FAQs [Android]: ADB Workshop by Adrynalyne and Guide by Captainkrtek

DO NOT POST IN THIS THREAD BEFORE READING THE WHOLE POST
PLEASE ADD GUIDES TO COMMON ISSUES YOURSELVES
To my recollection, the previous WM Guides thread was successful.. so we'll be moving on to android as well - from beginner to pro.
I hope this thread will provide answers to a decent percentage of your questions.
Please hold until guide collecting is finished..
In the meanwhile you are ALL invited to send me links or full guides to add to this thread.. remember, we are all about sharing.
COMING SOON! (in the meanwhile, you've got a great battery life guide at http://forum.xda-developers.com/showthread.php?t=471521 - be sure to thank BruceElliot for it!)
also, if you decide to post a guide, please keep the guide as neat as possible, with a title containing the LEVEL ([BEGINNER], [INTERMEDIATE], [PRO]) and the commonly searched words so that people who look for it can find it easily. (if you can, use the same color (dark orange) and same size (4) and Bold.. for the main title.. tho that's not a must )
post #2. [BEGINNERS+INTERMEDIATE] Replacing System Files using Android Commander
post #3. [EVERYONE] ADB Workshop by Adrynalyne and Guide by Captainkrtek
post #4. [QUICK FAQ's] Common QnA's for beginners by Timmymarsh (work in progress)

[BEGINNERS] Replacing system files using Android Commander
Replacing system files using Android Commander:
(This post was formally based in the HD2's RTL support thread and revolved around our need to replace frameworks)
so:
1. Download the android SDK from: http://dl.google.com/android/android...08-windows.zip
2. EXTRACT(!!!) the android-sdk-windows to c:\
(make sure you extract the dir - not run the setup from inside the zip file)
3. install Android Commander from http://androidcommander.com
4. Connect your device and make sure it's set to Debugging mode in /settings/applications/development/
5. You might have to set a dir containing your adb.exe file. set it to c:\android-sdk-windows\tools\
6. You will see a Total Commander-like interface. you can then copy the framework.jar file to the correct directory (there's no difference between SD android builds and androids in ROM - the system dir will be shown the same way)
a. Yes, you can replace/delete system files while android is running.
b. (for androids running from SD) Any file copied to /sdcard/android/root/system/X will be copied to /system/X in the system file. The sdcard/android root dir is JUST LIKE your root in ROM androids.
c. Make sure you either created a backup or verified a match in any other way before replacing files like frameworks, zimage, modules, etc.. your android might not boot afterwards (I keep all system.ext2 files backed up so that i can restore them incase i screw something up.)
enjoy

[EVERYONE] ADB Workshop by Adrynalyne and Guide by Captainkrtek
This following guide was rewritten by Captainkrtek, please make sure to thank him for it
Original Post:
(http://forum.xda-developers.com/showthread.php?t=879701)
This workshop was held in #android-learning on irc.freenode.net by XDA Member Adrynalyne. All credit to him for this guide, I simply am taking it and turning it into a guide. Here we go!
You can find the raw IRC log here
Good evening folks, and welcome to my ADB workshop. This is by no means a full explanation on the subject, but more of a crash course to help folks get up to speed, and get more from their devices. There may be some things you already know here, so please be patient and respect those who do not.
Reference Files
http://adrynalyne.us/files/How to install adb.pdf
http://adrynalyne.us/files/Using ADB.pdf
So, lets just start with the basics.
What is ADB?
ADB stands for the android debugging bridge and is used for testing and debugging purposes by developers.
However, we like to get more out of our devices, and its a great way to fix things.
Knowing adb can mean the difference between a paperweight and a working phone.
So, to start with, we will look at installing ADB.
Generally speaking, the Sun/Oracle JDK is required to run all SDK functions.
ADB is but one tool in the SDK arsenal.
So, we begin by downloading and installing the JDK. This can be found here:
https://cds.sun.com/is-bin/[email protected]_Developer
Choose your OS, download and install. I recommend that 64 bit users use the regular x86/32 bit version as well.
Moving ahead, we download the Windows sdk from here:
http://dl.google.com/android/installer_r08-windows.exe
Due to already installing JDK, you won't be stopped by the install process.
Now, if you notice, I installed it to:
C:\android-sdk-windows
I did this because it makes things easier when setting up path variables.
I encourage everyone to do the same, but obviously it is not required.
So, this SDK is handy, but is only good up to 2.2. We want the latest and greatest! (Well I do)
So, we navigate to:
C:\android-sdk-windows\
and we run SDK Manager.exe
If you notice in your PDF file for installing adb, you will notice that you can update, and I made a choice not to include earlier sdk versions.
I won't go into full detail on that, but depending on the version of SDK you have, 8 or 9, it WILL make a difference in using adb.
By default, for version 8 adb.exe resides in C:\android-sdk-windows\tools
By default, for version 9 adb.exe resides in C:\android-sdk-windows\platform-tools
We will assume version 9 in this guide
Really, the SDK is installed and adb is usable right now, but in my humble opinion, its not enough
I like the ability to use adb in ANY directory on my machine.
To do this, we edit Windows's environment variables.
Specifically, the system path.
To do this, we click on start, or the orb (depending on OS), and right click on Computer, left clicking on properties in the menu.
If its windows XP, I believe it brings you into advanced system properties immediatly. Vista and 7 need a second step.
On the left hand side, as you notice I have highlighted in the pdf, left click advanced system settings.
Under advanced tab, we left click environment variables...
There are two boxes here.
We are concerned with system variables, however.
So we scroll down the list and highlight path and click edit.
Ignoring all the extra stuff in here, make sure you are at the end of the line, and type
Code:
;C:\android-sdk-windows\platform-tools
The semicolon allows us to separate it
from the previous path statement.
Click ok all the way out.
We now have ADB setup globally. We can use cmd.exe (I use powershell) and no matter what directory we are in, adb is recognized.
If it is not, make certain you entered the path into system variables, and made no typos.
If you installed to a different location, you will need to adjust the path accordingly.
This concludes the section on installing the Android SDK to use ADB.
This next section will be on using ADB, so please open that pdf now.
Now, this applies to any OS, not just Windows.
Well, with the exception of the USB drivers.
I will not go too much into that, but if you take a look at the PDF, it goes through installing usb drivers for the sdk, and how to download them.
Fiarly straightforward, in that rspect.
Now, to setup our phones to use with the SDK and ADB, we must change some settings.
First, we go to menu softkey, then settings.
We scroll down to Applications and tap it.
Under Development, we will check Enable USB Debugging. Please note the SGS phones are different in this respect.
The USB cable must be unplugged before enabling or disabling this setting.
Once this is done, we are now ready to play with adb
One quick note: If you get device not found/conencted, please reboot your phone. DJ05 has a quirk in it where ADBD randomly crashes on boot.
A reboot will fix this
ADBD= ADB Daemon
Ok, continuing on.
Lets look at installing applications. This is also known as sideloading.
Unlike installing from the SD card, it does not require unknown sources to be enabled.
The command for this is
Code:
adb install packagename
This assumes that you are working from the directory where the file is located.
This will install the application to /data/app.
It will also show sometimes useful errors if install fails.
That is not something you will see from the Android GUI.
Now, a lot of us have probably deleted files with apps like Root Explorer. While this isn't really a bad thing, it leaves behind databases and data for the application removed.
This is where the 0kb applicaiton entries come from.
If you take that application entry name, you can uninstall the extra data via adb.
First we go to the adb shell which logs into the phone.
Code:
adb shell
If we end up with a $, we will want admin rights, in many cases. This is not one of them, I don't beleive.
To get admin rights, you want to type
Code:
su
Look at your phone if this is the first time, it may prompt you to allow access. Else you will get permission denied.
If you are not rooted, this will not work either.
Ok, now that we are logged in, we will type
Code:
pm uninstall packagename
where packagename is the name of the 0kb listing.
Now this seems like a pain in the a** and I agree.
HOWEVER
There will be a time where Manage applications crashes when you try to uninstall it from the phone. In this case, a factory reset, or this method is the only effective way to fix the problem.
Moving on.
How many of us have removed system applications or renamed them? Did you know that you can simply disable them from the system?
Code:
adb shell
su
pm disable appllicationname
This will disable it, and the system will ignore it.
This can be seen as safer than deleting or renaming things, but your mileage may vary.
On the other hand, you can also re-enable these applications.
Code:
adb shell
su
pm enable applicationname
Please note: Not all applications will properly re-enable. I believe a factory reset or reinstall of said application will fix the issue.
Also, application names are absolutely case sensitive.
*nix based Operating Systems see the letter 'a' and 'A' as two different things.
when you log into adb shell, you are playing by android rules
Ok, a lot of us tweak and mod our phones and turning off the device to get to clockwork recovery, or battery pulls, or multiple button holds to get into Download mode are troublesome and annoying at best.
ADB can help us here.
Here, we do not need to be logged into the shell
If we want to merely reboot the phone:
Code:
adb reboot
If we want to go to recovery (works well with voodoo5)
Code:
adb reboot recovery
If we want to go to Download Mode because we need Odin, heaven forbid:
Code:
adb reboot download
Its instant. No waiting on animations or anything else.
Its also handy if Android has locked up, but yet still works in adb.
I for one hate taking my case off to battery pull.
So now we move on to pushing and pulling files.
Sometimes, I don't feel like mounting my sd card to copy a file over to my phone.
I can use this command to push a file straight to my sd card:
Code:
adb push filename /pathtodirectoryonphone
So for instance, if I have test.txt that I want to send, I would type:
Code:
adb push test.txt /sdcard/
and there it goes.
Ok moving on
Pushing files can be done to any directory, however, some are protected.
For instance, /system is going to give you a permission denied or a read only filesystem error.
To get around this, the easiest thing to do is push the file to your sdcard, then log into the shell:
Code:
adb shell
Code:
su
We will then mount the system as writable
Code:
mount -o rw,remount /dev/block/stl9 /system
Then we can use something like
Code:
cp /sdcard/test.txt /system/app/test.txt
cp stands for copy
and it requires the path of the file and destination path. The name of the file is optional
When you copy it, you can rename it to whatever you like.
For instance, if we wanted to backup a file
Code:
cp /sdcard/test.txt /sdcard/backuptest.txt
Now, lets assume you do not have busybox installed.
You non rooted users will not.
Then you must use a slightly more complicated command called dd
This is used like this:
Code:
dd if=/sdcard/test.txt of=/system/app/test.txt
if is for inputfile
of= output file
Not every user friendly, but probably one of the safer copy commands.
Ok, moving on to pulling files.
Lets say you want to get a file from your phone, to modify, backup, etc.
To do this, we simply use adb in this manner:
Code:
adb pull /pathtofile/filename destinationname
For instance, if I wanted to backup ADW launcher in system/app
I would do this
Code:
adb pull /system/app/ADWLaucnher.apk ADWLauncher.apk
And it will pull the file from the phone and put it in the current directory.
Like above, you can specifcy where it goes.
pushing files to the sdcard, it seems prudent to talk about changing permissions.
sdcards are typically fat32, which destroys permisisons, and Android is heavily permission based.
So if you push an application to your sd card, then try to copy it to /system/app/ bad things are going to happen, or the app may not even show up.
So in that case, we use something called chmod.
This is used in this manner
Code:
adb shell
su
chmod 755 /pathtoapplication/applicationname
Keep in mind
you dont want to do this while its still on your sd card.
an example
Code:
adb shell
su
chmod 755 /system/app/ADWLauncher.apk
755 is good for applications and script files.
Just a couple more topics to cover.
Lets go over deleting files.
This becomes especially handy for removing rogue applications.
To do this, we must be in the adb shell.
Code:
adb shell
su
rm /system/app/ADWLauncher.apk
You may need to remount system as writable with:
Code:
mount -o rw,remount /dev/block/stl9 /system
That applies when using chmod as well.
So what I did above was delete ADW Launcher from system/app
However, what if I wanted to delete the entire contents of a directory?
Same thing as before, except
Code:
adb shell
rm -f /data/dalvik-cache/*.*
I just cleared my dalvik-cache with that command
very quick, very effective.
If you just tried that, please reboot your phone now
Ok....this leaves us with the final topic: logcat
logcat allows us to log what the OS is doing, and possibly delve information for when things are not working
its quite simple Reading it is another.
To use logcat
Code:
adb shell
logcat
To logcat to a certain file do
Code:
adb shell
logcat > /sdcard/logcat.txt
Now we let the log settle down to a reasonable amount of data coming in and not a wall of scrolling, then start the app in question. When it gives an error, we hit ctrl-C and kill the adb shell session.
This should have captured enough data to see the error. Now, I prepared an example. A user came to me on IRC, and Google Maps was force closing. Clearing data didnt fix it, Clearing dalvik-cache, and fix permissions did not fix it. In this case, the user did not know how to use adb So I had him grab an app called alogcat from the market and email me the log. This is also a very valid method.
this file explains what the problem was, and highlights what to look for as an example.
http://adrynalyne.us/files/logcat.pdf
___________________________________________________________________
This concludes the guide from Adrynalyne, there will be more workshops such as this one in irc.freenode.net #android-learning.
Thanks to everyone in #samsung-fascinate !

QUICK FAQ's
sources: Q&A Section, The Weekly Q&A Section by XDA News Writers (thanks guys)
Q: ‘Is there any way to block specific apps from using my data connection?’
A: Try the Droid Wall application.
Q: ‘I read how you can make changes in the build.prop file on my Android device. How exactly do I get to it?’
A: Install ASTRO file manager, browse to /system, long press on build.prop – Edit – Copy. Press on the home icon then Edit icon – Paste. Connect sd card, edit it, and paste it over from where you copied build.prop
Q: What happens if I update my phone? will I need to re-root it and get the ROM again? will all of my applications get erased? If so, is there a way around this?
A: You will lose your root, but not apps if it is just an update.
Q: I just tried to flash a ROM from recovery on my Android phone and got “Verification Failed, Installation Aborted” What happened?
A: Before you can flash a custom ROM the .zip file must be digitally signed in the ROM kitchen, if unzipped and re-zipped it will lose its verification, this happens often using the Safari browser as it likes to decompress .zip’s. Or if your download is corrupted (download the ROM again) it will fail the Verification.
Q - HTC Location Widget shows "map data unavailable"
A - On the widget, click the pin/then click the windows button/click get more/scroll to download maps/download relevant map (care, maybe a big file). Now exit and click onto map, your location should now be visible :)
Q:So, I moved all the apps on the SD, but is still not enough. How can I free some memory? I could delete the cache of the older upgrade or something else?
A:Do you have pictures and videos? If so, check if they are on the SD card and not on your internal memory. Cleaning your cache helps, and try deleting your text messages threads.
Q: ‘What exactly is a kernel and what are the benefits in changing it?’
A: A kernel is a bridge between the applications and the actual data processing done at the hardware level. The kernel’s responsibilities include managing the system’s resources – the communication between hardware and software components. Flashing different kernels gives you different operating speeds, better battery life, the ability to overclock, and more.

Android control other device with IOIO Board.
It use ADB.
http://androidcontrol.blogspot.com/2011/10/ioio-board-for-android-control-io.html

timmymarsh said:
QUICK FAQ's
sources: Q&A Section, The Weekly Q&A Section by XDA News Writers (thanks guys)
Q: ‘Is there any way to block specific apps from using my data connection?’
A: Try the Droid Wall application.
Q: ‘I read how you can make changes in the build.prop file on my Android device. How exactly do I get to it?’
A: Install ASTRO file manager, browse to /system, long press on build.prop – Edit – Copy. Press on the home icon then Edit icon – Paste. Connect sd card, edit it, and paste it over from where you copied build.prop
Q: What happens if I update my phone? will I need to re-root it and get the ROM again? will all of my applications get erased? If so, is there a way around this?
A: You will lose your root, but not apps if it is just an update.
Q: I just tried to flash a ROM from recovery on my Android phone and got “Verification Failed, Installation Aborted” What happened?
A: Before you can flash a custom ROM the .zip file must be digitally signed in the ROM kitchen, if unzipped and re-zipped it will lose its verification, this happens often using the Safari browser as it likes to decompress .zip’s. Or if your download is corrupted (download the ROM again) it will fail the Verification.
Q - HTC Location Widget shows "map data unavailable"
A - On the widget, click the pin/then click the windows button/click get more/scroll to download maps/download relevant map (care, maybe a big file). Now exit and click onto map, your location should now be visible :)
Q:So, I moved all the apps on the SD, but is still not enough. How can I free some memory? I could delete the cache of the older upgrade or something else?
A:Do you have pictures and videos? If so, check if they are on the SD card and not on your internal memory. Cleaning your cache helps, and try deleting your text messages threads.
Q: ‘What exactly is a kernel and what are the benefits in changing it?’
A: A kernel is a bridge between the applications and the actual data processing done at the hardware level. The kernel’s responsibilities include managing the system’s resources – the communication between hardware and software components. Flashing different kernels gives you different operating speeds, better battery life, the ability to overclock, and more.
Click to expand...
Click to collapse
Thank you for your patience and taking the time to answer those questions. I loved your simple and easily digestible format.

There is a note
*nix based Operating Systems see the letter 'a' and 'A' as two different things.
when you log into adb shell, you are playing by android rules
Click to expand...
Click to collapse
this note is all wrong..
1. linNUX is not *NIX.
2. Mac OS-X is a *NIX OS, it is based upon UNIX, they use their own variant called Darwin. Darwin does not require capitolization.
3. The word should be POSIX. Linux is POSIX compliant and POSIX defines the capitolization standardards

soft brick
Taioba said:
Is there any way to use ADB even though I can not enable USB debugging by the android?
I have an Atrix with soft-brick. How can I restore a file (framework-res.apk) knowing that my USB debugging is off?
I can enable ADB via fastboot?
Thanks!
Click to expand...
Click to collapse
I found this for atrix 4g....
http://forum.xda-developers.com/showthread.php?t=965546
hope it helps

knoknot said:
i have a bricked s2 not so sure how to go about reviving it via adb
Click to expand...
Click to collapse
check this thread
http://forum.xda-developers.com/showthread.php?t=1237815

thanks. searched for that

Thanks for it.

Great Guys............ :good:

Thanks for sharing.
Thanks for sharing this guild :d, i am new member for reccod

Great job~ Sometimes could be used this.

I'm using Windows 10 RTM and I've set the path, yet I still get the "unrecognized application" error in the command console. What am I missing?
Nevermind, a restart fixed it. Used to be you didn't have to.... sheesh.

nir36 said:
Replacing system files using Android Commander:
(This post was formally based in the HD2's RTL support thread and revolved around our need to replace frameworks)
so:
1. Download the android SDK from: http://dl.google.com/android/android...08-windows.zip
2. EXTRACT(!!!) the android-sdk-windows to c:\
(make sure you extract the dir - not run the setup from inside the zip file)
3. install Android Commander from http://androidcommander.com
4. Connect your device and make sure it's set to Debugging mode in /settings/applications/development/
5. You might have to set a dir containing your adb.exe file. set it to c:\android-sdk-windows\tools\
6. You will see a Total Commander-like interface. you can then copy the framework.jar file to the correct directory (there's no difference between SD android builds and androids in ROM - the system dir will be shown the same way)
a. Yes, you can replace/delete system files while android is running.
b. (for androids running from SD) Any file copied to /sdcard/android/root/system/X will be copied to /system/X in the system file. The sdcard/android root dir is JUST LIKE your root in ROM androids.
c. Make sure you either created a backup or verified a match in any other way before replacing files like frameworks, zimage, modules, etc.. your android might not boot afterwards (I keep all system.ext2 files backed up so that i can restore them incase i screw something up.)
enjoy
Click to expand...
Click to collapse
Thanks, this Guide is very informative

Help with LG D722
I'm using LG D722 phone and I somehow unlocked bootloader and installed twrp recovery. I backed up Lollipop that's what I'm using and i want to restore custom ROM
I know I need to install Google Apps after installing Custom ROM. But Do I also need to install Modem files on my device ? Because I can't find them on XDA Forums. Please give me a link or something. The help is not just appreciated but seriously needed.

Success. Thanks

Hello, I walk testing one recovery but I'm booting before flashing, the question is, will the recovery feel same when booted vs flashed? I've booted and used to flash a pair of zips but felt very laggy and bugged although did the work right. Thanks
Edit: solved, tried myself
Sent from my SHIELD Tablet K1 using XDA-Developers mobile app

http://forum.xda-developers.com/showthread.php?t=872128&page=2

[Q] A few quick questions. [ANSWERED]

A friend wants me to do a temp root/downgrade/root combo on his GB Shift. I am not a total noob to this but i have not done a shift. i have read numerous threads and just wondering if i could do this
HTML:
http://forum.xda-developers.com/showthread.php?t=1255474
by replacing step one with this (I would imagine so sense its in the same thread. Just making sure.)
HTML:
http://forum.xda-developers.com/showthread.php?t=1185243&page=28
I also plan on doing this right from the phone (the hboot way) and am clueless about the Terminal Emulator. I just searched "terminal" on my evos market and first one is Android Terminal Emulator. I assume that is the one i need, correct?
Plus, is this info relevant?
"SPCS_001
DeviceWarmBoot
CE Serial InUse
Debug Cable Ena
CE USB InUse
ClearAutoImage
2.76.651.4
FNOC
FNOC"
Please and thank you for your time. He is paranoid about bricking his phone, and i dont want to brick it being my first shift mod(s).

Are you referring to this post?
galaara98 said:
This zip has ADB, the exploit, the latest su and Superuser.apk [8/18/11], and the latest busybox for android.
The script is a combination of Windows PowerShell and a sh script. You Must have PowerShell installed (Google it or search Microsoft downloads), preferably version 2. (windows 7 you enable it as a feature, but i think it is on by default)
Unzip into a folder, preferably near the root of your hard drive. Like C:\TempRootEvoShift
there is a readme.txt ... it is mostly this information
Run Powershell (generally Start -> All Programs -> Accessories -> Windows Powershell -> Windows Powershell) [or Start -> Run -> Powershell, or many have an icon in the quick launch bar ... small blue greater than symbol]
IF you have never run a Powershell script you will need to enable PS1 files by typing set-executionpolicy remotesigned
CD into the folder you unzipped and run the script by typing
.\TempRootEvoShift.ps1
i have tested it on 2 computers, but i digitally signed the script and i do not know what your computers will do with that. If they do not like it, open the script in Notepad, Copy all of it down to, but not including the signature block, and paste it into Powershell (AFTER YOU Change directories into where you unzipped)
Click to expand...
Click to collapse
If so then let me start off with, how you obtain temp root doesn't matter for the exploit to downgrade hboot/android. So you can get temp root however you want, seeing as how that looks like just a packaged up fre3vo temp root, if it works, then you can replace the first fre3vo temp root in my guide with that yes.
So in short, yes you can replace getting temp root with any method you want, as long as you get it before continuing.
Yes that terminal emulator can work, or connect bot or any other terminal application.
To the users, no that isn't really relevant, it's just explaining what the exploit does to the developers(mainly aimed at ones for other devices)
Just follow the guide and you should be fine.
Also, it should be noted that it /looks/ like it errors out a few times when flashing but it isn't erroring, it's doing it's job(We made this mistake earlier but it works)
Before you go on messing with hboot, make sure hboot picks up the sdcard.

Thank you so much. ^.^
Just wanted to understand everything before trying. I figured any temp root way would be fine.
Much appreciated.

ZTE Maven root (Z831)

Here's how I got my zte maven 2 (ATT) rooted.
Disclaimer: This method worked for me but may not work for others, I am not responsible if your device is bricked as a result of this. Also, this method does seem to be a bit finicky and inconsistent.
I rooted this phone twice, and it took about 15-20 tries each time for it to finally work. This is not a root you can do in 5 minutes (unless you are extremely lucky) Plan to set aside an hour or two, and a lot of patience, if you want this to work.
Credit to @madvane20 his post here helped me get root for this phone. He also got his phone rooted before I did, be sure to give him thanks.
Credit to @ZTE Girl for finding a way to remove ads from King root and keeping perm root.
With KingRoot you can get perm root, but personally I hate KingRoot, so at the end there is a method to replace KingRoot with SuperSu. Unfortunately SuperSu root resets on reboot, but a quick, 10 second adb command will reroot your phone with SuperSu
Edit: @ZTE Girl found that using lucky patcher to remove ads from King root worked for her and kept permroot.
Step 1: Enable USB debugging on your phone, and download adb and ZTE drivers to your PC.
2: Download KingRoot from KingRoot.net (download the apk for android)
3: Connect your phone to ADB, and run this command in terminal adb shell make sure you get no errors and accept any USB debugging requests.
4: Now type reboot disemmcwp This will reboot your phone without write protection.
5: When your phone reboots, run adb shell again, and install the kingroot APK. Google will give you a warning about this app being unsafe, install it anyways.
6: Now, here's the finicky part, sometimes KingRoot works, sometimes it doesn't, you just have to keep trying. Make sure your phone is still connected to the computer through adb shell, and then click try root in KingRoot. While KingRoot is attempting to get root: in adb shell keep typing su and pressing enter. Just spam this, It will keep giving errors, but eventually it (should) work. Make sure to accept any prompts on your device while you do this.
7: When you are able to successfully get into su, wait a bit, just to make sure your device doesn't restart
8: Now type getprop ro.product.name, the response should be Z831
9: Now type setprop persist.sys.k Z831, then type getprop persist.sys.k It should say Z831
10: Now type cd /dev/block/platform/soc.0/7824900.sdhci/by-name/
11: Then type dd if=recovery of=/sdcard/recovery.img This will backup your recovery, I highly recommend that you copy the backup to your computer in case something goes wrong.
12: Now type dd if=boot of=recovery, this will write boot to recovery. This part can be risky, it worked for me, but if it bricks your device, you can't say I didn't warn you with that said, don't let that scare you away from finally rooting this device and getting all the advantages that come with it
13: Now type this reboot recovery Your device my blackscreen and not boot after this, personally mine did, and I fixed it by removing the battery, and after puttting it back in, it booted normally.
14: When your phone boots up, type adb shell again, and then type su
15: Type id response should be "uid=0(root) gid=0(root) context=u:r:shell:s0" Note: I don't think my uid showed when I did this, if yours doesn't show, don't worry, it should work fine.
16: Now type setenforce 0
17: After that, type getenforce, it should respond back with "permissive"
18: To test if system is writable, type mount -o remount,rw /system, if you get no errors, everything is working , if you get an error, type reboot disemmcwp, and then try to mount system RW again.
19: I would recommend removing the update service now, so an update doesn't come and screw up your root.
20: Read this: Now you should have permroot with kingroot, however, as you will soon find, kingroot has a ton of ads, and can get very annoying. So, if you want SuperSu and no kingroot, keep reading. If you want to keep KingRoot, then you are done, have fun with your rooted Maven 2
Edit: @ZTE Girl found that you can use lucky patcher to remove ads from Kingroot while still keeping permroot.
21: Download the KingToSuperSu zip in attachments, I have modified it slightly from the original zip so it works better. You will see a folder inside the zip named "mrw" copy this folder to the root of your /sdcard (must be copied to the root of /sdcard)
22: Now go into adb shell again, and then type su
23: Type mount -o remount,rw /system
24: If you get no errors, simply type sh /sdcard/mrw/root.sh, you will see a lot of errors in the script, no need to worry, now you should have SuperSu. Note: sometimes you get a notification saying "com.eu.chainfireSuperSu has stopped" or something like that, run the command again, and it should work.
25: SuperSu will say binary needs to be updated, but the update always fails, however you can click no thanks, and it will work fine.
26: SuperSu root will go away after you reboot, however, to get root back, simply type adb shell (while connected to your computer of course) then su and then sh /sdcard/mrw/root.sh and just like that, you're rooted again. Note: I couldn't get this to work in a terminal emulator, and it would only work in adb shell for me.
Edit: If you want stock recovery back, run this command in adb shell with su dd of=recovery if=/sdcard/recovery.img. I haven't tested this, and it might unroot/brick your device. This is at your own risk.
This guide was long and complicated, sorry for that, if you need any help, just ask me and I will try to help the best I can.
If this guide helped, please clicks thanks, it means a lot to me
Proof: http://imgur.com/a/zecyU

btw easy way to get rid of ads diasbale the charging thing in king settings and adaway its what i did on the warp 7

carrier iq
this phone has carrier iq, i was able to get temp root without write using kingroot, so i was able to delete, disable apps, and also, remove carrier iq with the quide you can find on the: androidexplained website. i could not actually delete the files in the last two steps but it seemed to work anyway. this is my first post so i can't put links.
Question1: i don't like typing cause i make stupid mistakes, but im assuming i could put all your command in individual batch files ending with a pause on each, and prefixing all you commands with "adb.exe shell su". that way i could stop and see what happened and then continue.
Question2:
dd if=recovery of=/sdcard/recovery.img
seems to mean copy the boot partion to an image file on the internal sd card. am i correct?
and
dd if=boot of=recovery
seems to mean overwrite the boot partition with an image- (file)?
if so what image file?
sorry, im new to all this, i guess i probably don't have enough confidence to do this, my z831 works very well without all the bloat anyway. and yes i understand the risks if i do decide to proceed, anyway. i have 3 $10 and $20 phones that are not bricked but i forgot to reenable the system apps before i removed root and reset, so they might as well be bricked cause they cant do anything after they boot.
btw, you mentioned in one step to wait, to see if it reboots, to see if it is stable before continuing:
for me i remember that either having too many apps running or stopping too many system apps, seemed to make this z831 unstable and reboot, while it had temp root.
Question last: do i need to start the process as you said while kingroot is in the process of rooting, or can i wait till it is finished getting it's root?

duane2064 said:
this phone has carrier iq, i was able to get temp root without write using kingroot, so i was able to delete, disable apps, and also, remove carrier iq with the quide you can find on the: androidexplained website. i could not actually delete the files in the last two steps but it seemed to work anyway. this is my first post so i can't put links.
Question1: i don't like typing cause i make stupid mistakes, but im assuming i could put all your command in individual batch files ending with a pause on each, and prefixing all you commands with "adb.exe shell su". that way i could stop and see what happened and then continue.
Question2:
dd if=recovery of=/sdcard/recovery.img
seems to mean copy the boot partion to an image file on the internal sd card. am i correct?
and
dd if=boot of=recovery
seems to mean overwrite the boot partition with an image- (file)?
if so what image file?
sorry, im new to all this, i guess i probably don't have enough confidence to do this, my z831 works very well without all the bloat anyway. and yes i understand the risks if i do decide to proceed, anyway. i have 3 $10 and $20 phones that are not bricked but i forgot to reenable the system apps before i removed root and reset, so they might as well be bricked cause they cant do anything after they boot.
btw, you mentioned in one step to wait, to see if it reboots, to see if it is stable before continuing:
for me i remember that either having too many apps running or stopping too many system apps, seemed to make this z831 unstable and reboot, while it had temp root.
Question last: do i need to start the process as you said while kingroot is in the process of rooting, or can i wait till it is finished getting it's root?
Click to expand...
Click to collapse
i have a batch script i made for the warp 7 that i think will work for this phone but i never posted any of it cause he released the guide first so i told him to keep it and no the boot to recovery overwrites recovery with boot image from boot then after everything has perm root u can flash the recovery back to recovery. do we need a batch script no do we need to mess with other files risking a brick no kingroot is fine til we can find a way to get access to bootloader for fastboot as well as get a twrp built for the phone. theres ways to make kingroot not as annoying ad blocker disable notifications from kingroot and disable fastcharging lock screen. but u more than welcome to tamper just be aware u brick ur phone in the process theres no fix. as well if it makes it easier for people i will write a batch script that walks them through the process with the pauses shows them what it does so they can learn for future purpose but i m0ean the guides pretty simple
---------- Post added at 01:55 PM ---------- Previous post was at 01:51 PM ----------
wait is this thread maven or maven 2?

step 9 is different than yours, why?
Question for madvane20
XCnathan32's step 9: "Now type
setprop persist.sys.k Z831
BUT in your bat file:
adb.exe shell su
setprop ro.product.name Z831
of course swaping out ZTE_BEAM for Z831
is one better than the other or should they both be done?

yea i think i need to maybe fix the bat but im working on stuff atm got rl stuff im busy with but once im done i will finish a bat for the warp 7 and one for this phone. but yes u swap the name of the phone out for what phone u have.
---------- Post added at 03:26 PM ---------- Previous post was at 03:25 PM ----------
the warp 7 has different name etc so yea the warp 7 post is different im trying to work on everything as well keep working on my huawei ascend xt as well real life stuff

Question for madvane20, im sorry, i meant persist.sys.k OR setprop ro.product.name, this is the discrepancy in the two instructions.

did u read the guide for the zte maven 2 and also look at the guide for the warp 7 u will see the difference it just takes u to read them then u shouldnt have any questions

is this syntax correct, before i try it?
batch.txt:
https://dl.xda-developers.com/4/2/2/0/4/0/3/batchfiles.txt?key=NgPk58hMrJO5QXnvDcnCPw&ts=1500762566

if anyone wants to ask me questions just pm me or get ahole of me on hangouts im listed as dav ril or madvane20

I have used Wugfresh's NRT with my previous Nexus devices with stellar results and I downloaded ADB to try your guys method with a Z831 however, I need ti know if this guide is Android version specific? I recently went from 5.1.1 to 7.1.1 in like 3 OTA AT&T updates, so this device is running Nougat. Also, is PIE something new to 7.0 ? I read somewhere this affects the root process. Why do they have "Unlock bootloader" option in Dev settings ? Can I just run an ADB command to enable Write permission to delete 40-50 #/System/App .apk's?

Yo OP, I genuinely appreciate you sharing this. I found that everything has worked perfectly. I managed to get perm root and I just tried to install SU, gonna see if it worked. Thanks bro
Sent from my N9519 using Tapatalk

So, is it working? please let me know because i also want to root it.
---------- Post added at 04:36 AM ---------- Previous post was at 04:27 AM ----------
How to install adb and Zte drivers on your computer? please reply

379068 said:
So, is it working? please let me know because i also want to root it.
---------- Post added at 04:36 AM ---------- Previous post was at 04:27 AM ----------
How to install adb and Zte drivers on your computer? please reply
Click to expand...
Click to collapse
The ZTE drivers should be on your phone. One of the mount options, when you plug in your phone is to install drivers.

This method really works. You can copy your recovery back after, you do not loose root. You are also able to re-root and make it permanent again after a factory reset, it is just takes many more exploit attempts. You can also install Xposed through Xposed Installer.
Anybody bought and tried Super-Sume Pro with this phone yet?

can thsi be done on other mavens?
Can you do this on a Maven 3 running nougat?

Is the root method working with ZTE Maven 3?
Anyone tried this on ZTE Maven 3? Got 2 from Bestbuy, would like to have them rooted.
Thanks.
Logos Ascetic said:
Can you do this on a Maven 3 running nougat?
Click to expand...
Click to collapse

I recently dissected the partition index and firmware structure of the ZTE Maven 3, in hopes of discovering a viable root exploit. Because it ships with stock Android Nougat, systemless root via patched boot image would be preferable. But, because the bootloader does not appear to be unlockable by any known method or exploit, systemless root is not currently an option. Accordingly, I focused on the less desirable method of system-mode rooting, which injects the SU daemon and corresponding root binaries to the Android OS by way of the /system partition directly. Again, an obstacle ensued: the stock kernel of the ZTE Maven 3 is secured by AVB 2.0/dm-verity (device mapping), which checks the /system partition for any modifications whatsoever prior to allowing the OS to boot. So, if /system is modified in any way, or so much as mounted r/w, a perpetual boot loop will commence via dm-verity.
So, in short, due to the locked bootloader state and verified boot/device mapping, safely & effectively rooting the stock Android Nougat OS of the ZTE Maven 3 doesn't presently appear to be feasible.
Note: I realize that the OP designated this as a ZTE Maven 2 thread, and I apologize to the OP if I'm off topic. I only addressed the Maven 3 because of the number of questions in the thread.

I have the z831 through at&t. I'm pretty sure I unlocked the bootloader in developer options as nothing would root the phone until I turned it on. Everything worked, but is there a custom recovery or rom?

kingroot.net even if you choose english gives you a chinese app

[ROOT][SamPWND][N960U][WIP-Combo Needed]

Hello XDA!
Samsung has been semi SamPWND again!
Disclaimer:
This root method was developed and tested on the N960U model. This is the only model I have that is a Samsung device. I do have friends and other devs however that have tested this method on various other Samsung devices on both Qualcomm and Exynos chipsets and it has worked on a good number of them meaning this method is not limited to the Note 9. With that being said, due to all the time I have already spent on this and not having any other devices, I will ONLY be supporting the N960U. So do not get upset if I do not respond to you if you have a Samsung A8934839K312 on 7.1 Android (aka a device I have never even heard of before.)
Disclaimer 2:
This root method is mainly for dev's or those who like to tinker and figure things out. The reason I say this is because at this time, you are REQUIRED to be on a factory/combination firmware to mess with the root method. I will ignore any comments/questions for people who do not read this disclaimer and ask me how to root stock etc. as that is what I have been trying to do for over a month now. If you need your phone for work or a daily then I suggest only messing with this root method if you have a lot of spare time since it involves flashing combo firmware at which mobile services and other stuff will not be functional. You have been warned!
Disclaimer 3:
This thread/poc are essentially to get you the ability to use root apps and have a root shell, that is it. If I have time and see some questions that are legit questions I will try to provide help in a timely manner. This POC simply pushes busybox binary from Magisk.zip and SuperSU (the last version chains released before retirement) and installs it in sbin/daemon mode. There is also a way to install MagiskSU in daemon mode as well as ways to install root to /system/xbin for example and do mods such as Xposed that typically need to modify the system partition but that is not the purpose of this thread and these methods are a bit more involved (require modifying the root script as well as setting up bind mounts and other stuff.) Hopefully once this is released and some devs chime in I hope there will eventually be others contributing with various root scripts, install methods etc. and of course HOPEFULLY find a way to write to system/odm/vendor partitions so we can eventually run root on stock!
Disclaimer 4:
I am NOT responsible if you break your phone, wipe your IMEI, hard brick etc. etc.! Also, I spent months to get to this point and already had someone steal my files from AFH (I know, my fault for not hiding them) so please do not take my work as your own. If you want to use it in any way/shape/form just ask for permission and/or give credits in your thread is all I ask! If you are however using someone else's modified files and in here trying to get help I might turn you away (back to the person who provided the modified files) just an FYI!
I think that is enough disclaimers for now!
Note: This thread will most likely be ugly for a bit as I am terrible with making these things look pretty... Hopefully as time goes I will keep improving it or find someone who is trustworthy I can make a "contributor" so they can fix it up for me haha.
Now, Let's Get To It!
Technical Details:
This is sort of a spawn from an exploit I found and reported to Samsung back on the Tab S3 that I never released on XDA. That method (long story short) involved modifying the Persist partition and flashing it in ODIN as ODIN did not check it for integrity. Of course it was patched by Samsung who gave me some $$$ and gave me a shout out on their security bulletin which was pretty cool!
This method is similar to "Persist Root" except we are not flashing any modified partitions in ODIN. Instead, on many Samsung combination firmwares there is an init rc script on /system. If you want to know if your device is compatible a good starting point would be to look for a file called "init.lab.rc" which is typically located at "/system/etc/init/init.lab.rc" like so:
-rw-r--r-- 1 root root ubject_r:system_file:s0 14784 2008-12-31 10:00 init.lab.rc
As it stands, we cannot edit this script. I noticed something cool however when I was reading it one day. Specifically one thing that caught my eye was this:
chmod 777 /data/lab/run_lab_app.sh
There are MANY files and scripts at /data/lab. Luckily, the init.lab.rc sets permissions to "0777" and sets ownership to system on the entire /data/lab directory! If you are still with me, this means all the contents of this directory are world readable/writeable and we can modify any of the files in this DIR without elevated privileges!
Now I am showing the "run_lab_app.sh" script specifically for a reason. We know we can modify any scripts on /data/lab, but how can we execute it with elevates privileges? Going back to the init.lab.rc, if you scroll to the bottom of the rc file you will see this:
service start_abc /system/bin/sh /data/lab/run_lab_app.sh factory abc+
user system
group system
disabled
oneshot
on property:sec.lab.abc.start=1
start start_abc
setprop sec.lab.abc.start 0
Now what that means is, when you set the property "sec.lab.abc.start" to "1" it executes the abc service as system user and more specifically it will start by executing the "run_lab_app.sh" script! Therefore, after you modify the script to your liking, push it to /data/lab/run_lab_app.sh, then do a "setprop sec.lab.abc.start 1" your script will be executed as system user!
Now system obviously is not "root". Now that we can execute as system user we have more attack vectors to elevate privileges even more. Ideally, I remembered how I rooted the Tab S3 about a year ago using Persist partition. As it stands, we are not able to read/write on persist. If we were to set permissions however on /persist using the run_lab_app.sh script, then we can gain access to it! Therefore, one would only need to add this command to the run_lab_app.sh script and execute it using the setprop command:
chmod -R 0777 /persist
As soon as you modify the script, push it and execute the setprop command, it will change permissions on the /persist DIR to be world readable/writeable!
Now, the reason why I like to use Persist, there is a script that is executed by INIT on every reboot automatically (this means it is executed by root!) The script in question is this one "/persist/coresight/qdss.agent.sh." (I am not sure if this script itself is a Qualcomm specific script or not.) Modifying this script has no ill effects on anything from what I have seen.
Now to see how the script is executed you can look in "/vendor/etc/init/hw/init.qcom.test.rc" and you will see some interesting stuff including this:
crownqltesq:/vendor/etc/init/hw # cat init.qcom.test.rc | grep persist
service cs-early-boot /vendor/bin/sh /persist/coresight/qdss.agent.sh early-boot /vendor/bin/init.qcom.debug.sh
service cs-post-boot /vendor/bin/sh /persist/coresight/qdss.agent.sh post-boot /vendor/bin/init.qcom.debug.sh
write /persist/coresight/enable 1
write /persist/coresight/enable 0
crownqltesq:/vendor/etc/init/hw #
As I stated earlier, due to this init script, the qdss.agent.sh script is executed by init context/root user automatically during early boot and post boot. This means once you get everything set up, you won't need to keep reinstalling root (unless you mess something up) on each reboot. This is ideal since we don't have a way yet to modify system/vendor/odm partitions yet. Think of it as a "systemless" root.
For the POC I have provided in this thread for example, it contains the bare minimum SU files. The files in the attached zip are simple: SamPWND.bat, sampwnd1.sh, sampwnd2.sh, /sampwnd which contains su, sukernel, supolicy, libsupol.so and busybox. The way it works is this:
1) You double click the .bat file and it should do everything for you! The .bat file will:
- Push sampwnd1.sh to /data/lab/run_lab_app.sh
- Execute the lab script by doing "setprop sec.lab.abc.start 1"
- Push sampwnd2.sh to /persist/coresight/qdss.agent.sh
- Push root files in "sampwnd" folder to /persist/coresight/sampwnd
- Set permissions on the files we just pushed to Persist to 0777
- Reboot the device (Note: The .bat file reboots the device at this point since everything is in place to root when the device reboots, it's that simple!)
After the device reboots, you should now be able to use a root shell as well as sideloading any root apps will work (apps such as TiBu, Root Explorer, Flashfire etc. etc.)
When the device reboots, the qdss.agent.sh script does the following automatically:
1) Mounts rootfs and sets permissions to 0777 so we can access /sbin
2) Pushes the contents of the root files folder "sampwnd" to /sbin
3) Sets permissions to the files we just moved to /sbin
4) Exports the LIB path to /sbin due to the libsupol.so being needed to patch the sepolicy with supolicy
- The export command is "export LD_LIBRARY_PATH=/sbin"
- Once the script is over and you use another app or go into a shell etc. the LIB path will be gone/reset so you don't need to
worry.
5) Patches the sepolicy for SU
6) Installs SU by executing "su --install"
7) Executes the SU daemon by running "su --daemon"
8) Lastly, remounts rootfs back to RO.
As stated earlier, these commands are all automatically executed by init/root each time you reboot the device. Essentially, whatever we put into the qdss.agent.sh script will be executed on boot by init/root. If for some reason permissions are lost, we should still have our lab script and we would only need to run "setprop sec.lab.abc.start 1" to change permissions on persist again!
The initial files I provide today are just a simple root install script. I have successfully used the root script to install MagiskSU, Xposed (using bind mounts to overlay on /system) and other tests. I also at one point made a backup script that backed up all the partitions on the device into a folder which I extracted to my PC for safe keeping, you get the picture! Once you have root however, you can do these things easier as you will have root access.
Now that you know the workings of the exploit (err exploits?) I will explain briefly what is needed and how to test it.
Pre-requisites:
1) Download links will be in 2nd post.
2) For the purpose of this thread and the only device I personally have, you should have a N960U/U1/W on a rev1 bootloader (there isn't a rev2 BL yet so most should be good to go.)
3) A vulnerable Combo Firmware. I linked the one I use in Post 2. I use 1ARG4 Factory/Combo firmware. Of course you will need ODIN to flash the combo.
4) The root files/7z linked in post 2.
5) Stock firmware for when you are done playing, testing, etc. etc.
6) Almost forgot, you will need ADB. I will not go into details on this, if you don't have a working ADB Google is your friend. I recommend setting it to your path so you can use ADB from anywhere on the PC.
Install Instructions:
1) Extract the root files 7z into a DIR of your choice.
2) Flash whichever vulnerable combo firmware you are using via ODIN.
3) Once it boots up, make sure your device is seen by adb by running "adb devices"
4) Double click the .bat file.
5) That's it! Your device will reboot and you should be rooted!
If for some reason it is not working and you are on a N960U/U1/W, there could be a number of reasons. If you are not using the 1ARG4 combo I linked then it's possible the combo you are using is not vulnerable. It could also be an issue with ADB. Sometimes if things get crazy throughout your testing you might need to reflash /persist in ODIN or reflash the combo firmware in ODIN then re-run the .bat file (I only experience this typically when I get crazy with the root script and end up losing permissions to everything or something I added in the root script is causing the device to boot-loop etc. etc.)
Now donations are not required but feel free to throw me some beer money if you want! My paypal email/link is in a few places, you shouldn't have any trouble finding it!
TELEGRAM LINK
https://t.me/joinchat/DxwvAlhtzHjg4EI9973BGQ
We will use the TGRAM to provide support, ideas, share scripts/files and HOPEFULLY, we can all figure out together how to turn this into rooting the stock firmware as this is the goal and will be the primary focus of the chat!
Credits:
 @samsung - for letting us PWND them time and time again!
@chainfire - SuperSU of course
 @topjohnwu - MagiskSU of course
 @me2151 - For all the time and help he is going to be putting in with us! Such a great guy! lol
@jrkruse - For everything! Everything from EDL support, ROM support, Root support you name it!
 @partcyborg - For also spending countless hours helping answer questions in here so I don't have to hahah
 @mweinbach - He writes great articles for XDA! He is a good kid who gets his hands on cool things frequently
@"mysecretfriendfromfaraway - I will not name him haha, he knows who he is. He always helps out and gets great things!
XDA:DevDB Information
SamPWND N960U Root, Tool/Utility for the Samsung Galaxy Note 9
Contributors
elliwigy
Version Information
Status: Testing
Created 2019-05-05
Last Updated 2019-05-05

Downloads:
1) 1ARG4 Factory/Combo Firmware
MD5: bf0702b4e85ac1547b5706bb4859f554
2) Root Files
MD5: 342f15e13c72f3d0f9194d8a14058ac9

Mine also...

Nice job!

Thank you @elliwigy !!!
Your determined effort is soooooooooooooooo much appreciated. :good:

You are the man! This has got to be the first out. I dont think i have seen anything else. As usual you have done something remarkable for Samsung and this time the Note 9 of all. I wish there was the ability to get root on U5 for the S8/S8+ with SamPWND. Have you researched any more into that lately?

noidodroid said:
You are the man! This has got to be the first out. I dont think i have seen anything else. As usual you have done something remarkable for Samsung and this time the Note 9 of all. I wish there was the ability to get root on U5 for the S8/S8+ with SamPWND. Have you researched any more into that lately?
Click to expand...
Click to collapse
not possible.. sampwnd used rev1 eng firmware lol. it was done soon as they incremented the bootloader

elliwigy said:
not possible.. sampwnd used rev1 eng firmware lol. it was done soon as they incremented the bootloader
Click to expand...
Click to collapse
Yup. =] I don't know though. Always something new that pops out of Sammys goodie bag and lands in someones lap and crawls its away onto XDA. Like you I have a silentguywhospeaksanotherlanguage that always seems to amaze me... the past 14 years. Would be awesome. Could be something kewl. Time will tell.

Definitely going to test out and report back! Sent you some money for some beers lol :highfive:

still no ones tried? lol i thought ppl would b all over it haha

elliwigy said:
still no ones tried? lol i thought ppl would b all over it haha
Click to expand...
Click to collapse
Im gonna try it when i get off work

Incredible!! Wow this alone is awesome, and that word doesn't justify it. The talent you all have for this is really impressive. Thanks to all who had a major role in this alone. I will be posting results as soon as i can, hopefully tonight. Its all possible!!
Thank You

noidodroid said:
You are the man! This has got to be the first out. I dont think i have seen anything else. As usual you have done something remarkable for Samsung and this time the Note 9 of all. I wish there was the ability to get root on U5 for the S8/S8+ with SamPWND. Have you researched any more into that lately?
Click to expand...
Click to collapse
Im PRETTY sure samfail works via edl rom from @jrkruse

Trying to install right now... So for the Combo Firmware, I am on BUild N960USQS1CSD1 . How do i find the Combo firmware for that ? is that just finding the stock firmware ?

Yeteneğiniz hayranlık uyandırdı bende. Takdir ediyorum. Tebrik ediyorum sizi.
Cihazımı test ederken yapmam gerekenleri şu şekilde sıralayabilirmiyiz kısaca?
1) 1ARG4 Factory/Combo Firmware
Odin ile telefonuma flash yapmalıyım.
2) Flashlama işlemi bittikten sonra cihazımın açılmasını beklemeliyim.
3) Cihazım açıldıktan sonra Root dosyasını cihazıma Pc üzerinden anlattığınız şekilde uygulamalıyım.
4) Root işlemi cihazımı yeniden başlattıktan sonra stok yazılım yüklemeliyim.
5) Mutlu Son.
---------------------‐---------------------------------------------
Your talent has aroused admiration. I appreciate. I congratulate you.
When I test my device, can I sort the things I need to do in the following way?
1) 1ARG4 Factory / Combo Firmware
I need to do a flash with Odin on my phone.
2) After flashing, I have to wait until my device is turned on.
3) After opening my device, I need to apply the root file to my device in the same way as I told it on PC.
4) After the root process reboot my device, I need to install the stock software.
5) Happy End

Raz12 said:
Trying to install right now... So for the Combo Firmware, I am on BUild N960USQS1CSD1 . How do i find the Combo firmware for that ? is that just finding the stock firmware ?
Click to expand...
Click to collapse
will be easiest to just use the combo linked in second post.. newrr combos r most likely patched.. also, if csd1 is pie then there will never be a pie combo so ull need to flash an oreo combo either way

axioneer said:
Yeteneğiniz hayranlık uyandırdı bende. Takdir ediyorum. Tebrik ediyorum sizi.
Cihazımı test ederken yapmam gerekenleri şu şekilde sıralayabilirmiyiz kısaca?
1) 1ARG4 Factory/Combo Firmware
Odin ile telefonuma flash yapmalıyım.
2) Flashlama işlemi bittikten sonra cihazımın açılmasını beklemeliyim.
3) Cihazım açıldıktan sonra Root dosyasını cihazıma Pc üzerinden anlattığınız şekilde uygulamalıyım.
4) Root işlemi cihazımı yeniden başlattıktan sonra stok yazılım yüklemeliyim.
5) Mutlu Son.
---------------------‐---------------------------------------------
Your talent has aroused admiration. I appreciate. I congratulate you.
When I test my device, can I sort the things I need to do in the following way?
1) 1ARG4 Factory / Combo Firmware
I need to do a flash with Odin on my phone.
2) After flashing, I have to wait until my device is turned on.
3) After opening my device, I need to apply the root file to my device in the same way as I told it on PC.
4) After the root process reboot my device, I need to install the stock software.
5) Happy End
Click to expand...
Click to collapse
read the op. id say its pretty easy/clear..
also, it is not possible to have root on stock firmware right now, this was also clear in op.
the root only works on combo firmware.. if u need to use ur phone then i suggest not using this root method until we figure out how to make it work on stock

elliwigy said:
will be easiest to just use the combo linked in second post.. newrr combos r most likely patched.. also, if csd1 is pie then there will never be a pie combo so ull need to flash an oreo combo either way
Click to expand...
Click to collapse
Yikes, i see the difference now. I mean it's done but it's not like a normal android it seems. I see what you mean. Well I guess ill just go back to stock pie. Good work though man, you are doing great ! Just to see though, It went to a factory binary screen then to this lime green and showing all this info. That's it right ?

I hope this leads to root for normal u1 firmware. ??????

Raz12 said:
Yikes, i see the difference now. I mean it's done but it's not like a normal android it seems. I see what you mean. Well I guess ill just go back to stock pie. Good work though man, you are doing great ! Just to see though, It went to a factory binary screen then to this lime green and showing all this info. That's it right ?
Click to expand...
Click to collapse
it was prolly green due to battery being low.. it changes the color once it dips below a certain %
and yea, i assume uve never been on a combo firmware before lol they are all like that