This guide is for people who want root but want to keep their stock rom, not breaking the warranty, unlocking bootloader etc.
A proud ubuntu user, I am writing this in a new thread purely because the manual rageagainstthecage method and SuperOneClick method did not not work for me, see link to my conclusion below if you care
http://forum.xda-developers.com/showpost.php?p=11305312&postcount=2526
What did work however was via adb shell using psneuter and its fairly simple if you follow the following commands.
This guide assumes you know how to get access to the shell via adb, if you dont then search elsewhere for a useful guide
OK lets get to business!
1. Download the attached nexus_one_softroot.tar from the bottom of this post and extract contents to the same folder as adb
2. Open up your terminal, cd to the same folder as adb and the extracted files
3. Enter the following commands:
Code:
sudo ./adb push psneuter /data/local/tmp/psneuter
sudo ./adb push busybox /data/local/tmp/busybox
sudo ./adb push su /data/local/tmp/su
sudo ./adb shell chmod 755 /data/local/tmp/psneuter
sudo ./adb shell chmod 755 /data/local/tmp/busybox
sudo ./adb shell chmod 755 /data/local/tmp/su
sudo ./adb shell
After this you should see only a $ which tells us that we at the android command line with user privileges only, lets continue
Code:
$ cd /data/local/tmp
$ ls
busybox
su
psneuter
$ ./psneuter
property service neutered.
killing adbd. (should restart in a second or two)
You will now be kicked out of android shell, lets go back in
Code:
sudo ./adb shell
After this you should see only a # which tells us that we root baby! If you want to double check issue this command
Code:
# id
uid=0(root) gid=0(root)
Lets continue on. From this point we will install busybox and su which will make root permanent
Code:
# mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
# cd /data/local/tmp
# ./busybox cp busybox /system/bin
# chmod 4755 /system/bin/busybox
# busybox cp su /system/bin
# chmod 4755 /system/bin/su
# exit
For some reason I sometimes have to enter exit twice to leave the android shell. Again, re-access the android shell
Code:
sudo ./adb shell
Now in the android shell we can finish up
Code:
# su
# mount -o remount,ro -t yaffs2 /dev/block/mtdblock3 /system
# exit
# exit
Lastly we must install Superuser, and I did this from the android market so I knew its the latest version, its simple to get, less command input etc.
Now you have root! I hope this was simple enough to follow, I have not really written a guide before but from lots of searching I just could not find a solution for my Nexus One 2.2.1 FRG83D, especially any guide that uses psneuter.
Anyway, glad to contribute
EDIT - also, being new to starting threads, this may not quite be in the right section of the forum, sorry if thats the case mods
Added link to the thread from Wiki.
upgraded to gingerbread 2.3.3. after copying and setting permissions, got this:
PHP:
$ cd /data/local/tmp
$ ls -l
-rwxr-xr-x shell shell 26248 2010-07-22 10:20 su
-rwxr-xr-x shell shell 1062992 2010-10-16 22:29 busybox
-rwxr-xr-x shell shell 585731 2011-01-08 18:02 psneuter
su
busybox
psneuter
$ ./psneuter
Failed to set prot mask (Inappropriate ioctl for device)
second time threw me out of shell. again adb shell gives this:
PHP:
$ id
uid=2000(shell) gid=2000(shell) groups=1003(graphics),1004(input),1007(log),1009(mount),1011(adb),1015(sdcard_rw),3001(net_bt_admin),3002(net_bt),3003(inet)
mfkr said:
upgraded to gingerbread 2.3.3. after copying and setting permissions, got this:
Code:
$ ./psneuter
Failed to set prot mask (Inappropriate ioctl for device)
Click to expand...
Click to collapse
I believe this is due to a change in the kernel as it is upgraded into gingerbread, the input/output controls have changed, leaving psneuter out of date with the current kernel.
However if an exploit is found with the kernel used in 2.3.3, you can use it in place of psneuter with the above method.
I FINALY FOUND MY PROBLEM
I have two binaries one in /system/xbin/su and the other in /system/bin/su
#ls -l /system/*/su gives me this:
-rwxrwxr- system sdcard_rw 380532 2013-05-22 17:13 su
-rwsr-xr-x root root 22236 2013-05-22 17:13 su
#chmod 06775 /system/bin/su gives me this:
unable to chmod /system/bin/su: readonly filesystem
#echo $PATH gives me this
/system/bin/su: /system/Xbin/su
so what should i do next?
is it possible to swap the path variables
i mean to make "echo $path give /system/Xbin/su:/system/bin/su"
10Q
GAEENG said:
I FINALY FOUND MY PROBLEM
I have two binaries one in /system/xbin/su and the other in /system/bin/su
#ls -l /system/*/su gives me this:
-rwxrwxr- system sdcard_rw 380532 2013-05-22 17:13 su
-rwsr-xr-x root root 22236 2013-05-22 17:13 su
#chmod 06775 /system/bin/su gives me this:
unable to chmod /system/bin/su: readonly filesystem
#echo $PATH gives me this
/system/bin/su: /system/Xbin/su
so what should i do next?
is it possible to swap the path variables
i mean to make "echo $path give /system/Xbin/su:/system/bin/su"
10Q
Click to expand...
Click to collapse
Switch to SuperSU!
Hello.
I have system.img 5.0.2 for Lenovo S60. Bootloader is secured.
system.img: Linux rev 1.0 ext4 filesystem data, UUID=57f8f4bc-abf4-655f-bf67-946fc0f9f25b (extents) (large files)
I'm trying to install manually su binary in mounted system image and then flash it with QPST.
SELinux is enabled. I prepared script like this:
#!/bin/sh
SYSPAT=sys
#
echo "Placing files"
#
mkdir $SYSPAT/bin/.ext
chown 0:0 $SYSPAT/bin/.ext
chmod 0777 $SYSPAT/bin/.ext
cp su $SYSPAT/bin/.ext/.su
chown 0:0 $SYSPAT/bin/.ext/.su
chmod 0755 $SYSPAT/bin/.ext/.su
cp su $SYSPAT/xbin/su
chown 0:0 $SYSPAT/xbin/su
chmod 0755 $SYSPAT/xbin/su
cp su $SYSPAT/xbin/daemonsu
chown 0:0 $SYSPAT/xbin/daemonsu
chmod 0755 $SYSPAT/xbin/daemonsu
cp su $SYSPAT/xbin/sugote
chown 0:0 $SYSPAT/xbin/sugote
chmod 0755 $SYSPAT/xbin/sugote
cp $SYSPAT/bin/sh $SYSPAT/xbin/sugote-mksh
chown 0:0 $SYSPAT/xbin/sugote-mksh
chmod 0755 $SYSPAT/xbin/sugote-mksh
cp supolicy $SYSPAT/xbin/supolicy
chown 0:0 $SYSPAT/xbin/supolicy
chmod 0755 $SYSPAT/xbin/supolicy
SYSTEMLIB=$SYSPAT/lib64
cp libsupol.so $SYSTEMLIB
chown 0:0 $SYSTEMLIB/libsupol.so
chmod 0755 $SYSTEMLIB/libsupol.so
#mkdir $SYSPAT/app/SuperSU
#chown 0:0 $SYSPAT/app/SuperSU
#chmod 0755 $SYSPAT/app/SuperSU
rm -rf $SYSPAT/app/SuperSU
#install it manually
cp -f $SYSPAT/bin/app_process64 $SYSPAT/bin/app_process64_original
cat su > $SYSPAT/bin/app_process64
cp -f $SYSPAT/bin/app_process64_original $SYSPAT/bin/app_process_init
chown 0:2000 $SYSPAT/bin/app_process_init
chmod 0755 $SYSPAT/bin/app_process_init
cat $SYSPAT/bin/app_process64_original > $SYSPAT/bin/app_process64
cp -f 99SuperSUDaemon $SYSPAT/etc/init.d/99SuperSUDaemon
chown 0:0 $SYSPAT/etc/init.d/99SuperSUDaemon
chmod 0755 $SYSPAT/etc/init.d/99SuperSUDaemon
cat init.qcom.post_boot.sh > $SYSPAT/etc/init.qcom.post_boot.sh
echo 1 > $SYSPAT/etc/.installed_su_daemon
chown 0:0 $SYSPAT/etc/.installed_su_daemon
chmod 0644 $SYSPAT/etc/.installed_su_daemon
#
echo "Done!"
#
#
#because ping has root permissions and correct sleinux context
#
cat su > $SYSPAT/bin/ping
When i'm creating new file the SeLinuxContext is ?:
Code:
-rwxr-xr-x. 1 root 2000 u:object_r:system_file:s0 9696 lip 16 11:55 antradio_app
-rwxr-xr-x. 1 root 2000 u:object_r:system_file:s0 89632 lip 16 11:55 btconfig
-rwxr-xr-x. 1 root 2000 u:object_r:system_file:s0 34352 lip 16 11:55 bttool
-rwxr-xr-x 1 root root ? 100272 wrz 2 14:38 daemonsu
-rwxr-xr-x. 1 root 2000 u:object_r:system_file:s0 59748 lip 16 11:55 dexdump
-rwxr-xr-x 1 root root ? 100272 wrz 2 14:38 su
-rwxr-xr-x 1 root root ? 100272 wrz 2 14:38 sugote
-rwxr-xr-x 1 root root ? 285016 wrz 2 14:38 sugote-mksh
-rwxr-xr-x 1 root root ? 30168 wrz 2 14:38 supolicy
-rwxr-xr-x. 1 root root u:object_r:system_file:s0 1223776 lip 16 11:55 tcpdump
But when i do like that:
Code:
cat su > $SYSPAT/bin/ping
cat init.qcom.post_boot.sh > $SYSPAT/etc/init.qcom.post_boot.sh
permissions left untouched for example:
-rwxr-xr-x. 1 root root ubject_r:system_file:s0 42824 lip 16 11:54 sys/bin/ping
But hen i try to run it:
Code:
sh ping
ping: syntax error: 'go~!
I've tried to add:
/system/xbin/daemonsu --auto-daemon
on the end of:
/etc/init.qcom.post_boot.sh
HiJacking of the bin/app_process64 cause that phone won't play bootanimation and does not start launcher but i can see internal memory MTP Device.
SuperSU apk still warn: There is no SU binary installed and SuperSu cannot install it.
i have same problem with a cheap chinese **** (MTK based 4.4.2) I'v been readed the raw system.img with spt. Mounted it under linux copy the files like this (and of course checked in the supersu install script) and after rewrite the system, every files in the right place but i get the error: "You need manual reinstall the su" or something like that
Any idea?
---------- Post added at 09:52 PM ---------- Previous post was at 09:47 PM ----------
ok, my fault sorry
here is the tutorial
http://su.chainfire.eu/#embed
I have an un-rooted device, with Android 5.0 system, and the core is ARM Coretex A53.
I happen to found "adb root" works, that means I can play as root through ADB shell.
I successfully deleted a trash apk, renowned "kingroot", from my system.
Then, I try to manually update su and SuperSu file, through the bellowing commands:
# mount -o rw,remount /system
# cp /sdcard/mrw/su /system/xbin/su
# cp /sdcard/mrw/su /system/bin/su
# pm install /sdcard/mrw/superuser.apk
(I'm using a 2.46 SuperSu version, which should be OK for Android 5.0 system)
But it fails. The SuperSu told me " su binary not installed".
My questions:
1. Is this a feasible way to update Su and SuperSu, and get root access?
2. There's a bunch of architect, I tried both "arm" and "arm64", but none of the su binary can work. Which architect shall I choose, when I'm running on a ARM Coretex A53 core? ( I know it is a 64bit core)
Thanks a lot, and Best Regards,
towenyu
Did you get this device secondhand? Also what device is it, since many have their own root method because of OEM crap.
That said, you only need su in one location, either /system/xbin/su or /system/bin/su (I typically see it in /system/xbin/su). I'm not sure what happens if it's in both, but it's just wasted space.
You can try these commands through adb root; since you already were able to get su onto your device, it may be just a matter of ownership and permissions:
Code:
# mount -o rw,remount /system
# chmod 755 /system/xbin/su
# chown root:root /system/xbin/su
# mount -o ro,remount /system
chown 755 sets the permissions to rwxr-xr-x (user gets read/write/execute, group/other gets read/execute). Execute is the important bit here, since otherwise the su binary can't do its job. After those commands, try SuperSU again and see if it works (you might need a reboot, because of how Android 5.0+ handles changes to /system) The last mount -o ro command just changes /system back to read-only, to prevent accidental changes to other parts.
Successfully rooted!
Not that simple, but basically follow the update-binary script already inside supersu package.
Only need to made slight modification due to my system won't support "unzip"
Now that you're successfully rooted, go install Busybox, that'll give you a lot of Linux commands Android doesn't have by default, including unzip.
xfullmetal17 said:
Now that you're successfully rooted, go install Busybox, that'll give you a lot of Linux commands Android doesn't have by default, including unzip.
Click to expand...
Click to collapse
Thanks for your advice! I will try it.
But don't there's already a Busybox in android system? I guess what I need to do is find somewhere a more powerful busybox binary -- or build it by my own, but that may be not so easy for me.
Android has some basic Linux commands support, but I don't think it has Busybox (if you have a custom ROM you may have some additional commands, but since you said unrooted I don't think it was installed.
This is one of the most popular installers for Busybox: https://play.google.com/store/apps/details?id=stericson.busybox
I've used it since I first rooted with Android 2.2 and haven't had any issues with it (save for lack of vim, since stock Android doesn't have the correct libraries for it)
rooting my htc m9 running marshmallow
Hi, I'm totally blind, and twrp isn't an option for me since it doesn't have a built in screen reader. I would like to install supersu to system, would some one kindly help me in telling me what files to put where. I think the m9 is arm64, but besides su and supersu.apk, I think there's installrecovery.ssh and some other files that have to go in, so please help some one
xfullmetal17 said:
Android has some basic Linux commands support, but I don't think it has Busybox (if you have a custom ROM you may have some additional commands, but since you said unrooted I don't think it was installed.
This is one of the most popular installers for Busybox: https://play.google.com/store/apps/details?id=stericson.busybox
I've used it since I first rooted with Android 2.2 and haven't had any issues with it (save for lack of vim, since stock Android doesn't have the correct libraries for it)
Click to expand...
Click to collapse
Hi guys ,
it is possible to run manualy via adb shell update-binary file from META-INF supersu folder for install it ? (means before unpacked folder supersu is copied to ex. /tmp)
I'm asking bcose no custom recovery and no root on my device yet.
Thx
nalas said:
Hi guys ,
it is possible to run manualy via adb shell update-binary file from META-INF supersu folder for install it ? (means before unpacked folder supersu is copied to ex. /tmp)
I'm asking bcose no custom recovery and no root on my device yet.
Thx
Click to expand...
Click to collapse
I have same saturation, no TWRP, no SU installed on my device: [email protected]_cn:/ #, Android M,
What I have is a userdebug boot.img support "adb root", so my draft commands in my mind please run one by one, not batch.. WARNING, this may make your system bootloop,take your own risk!!!.)
fastboot flash boot boot_userdebug.img
fastboot reboot
adb wait-for-device
adb root
adb remount
adb disable-verity
adb shell setenforce 0
adb reboot
cd D:\tools\Downloads\SR3-SuperSU-v2.82-SR3-20170813133244\arm64
adb wait-for-device
adb root
adb remount
adb shell setenforce 0
adb push .\su /system/bin/su
adb push .\su /system/xbin/su
adb shell chmod 06755 /system/bin/su
adb shell chmod 06755 /system/xbin/su
adb shell /system/bin/su --install
adb shell /system/bin/su --daemon&
adb install ..\common\Superuser.apk
adb shell setenforce 0
adb disable-verity
if you found SuperSU not found root, try adb shell setenforce 0 again.
then you can get SuperSU found su file need to update, use normal way to do it.
then, it will be "Installation success !"
Enjoy it.
so reference log:
D:\tools\Downloads\SR3-SuperSU-v2.82-SR3-20170813133244\arm64>adb push su /system/bin/su
adb: error: failed to copy 'su' to '/system/bin/su': Read-only file system
D:\tools\Downloads\SR3-SuperSU-v2.82-SR3-20170813133244\arm64>adb root
D:\tools\Downloads\SR3-SuperSU-v2.82-SR3-20170813133244\arm64>adb push su /system/bin/su
adb: error: failed to copy 'su' to '/system/bin/su': Read-only file system
D:\tools\Downloads\SR3-SuperSU-v2.82-SR3-20170813133244\arm64>adb remount
remount succeeded
D:\tools\Downloads\SR3-SuperSU-v2.82-SR3-20170813133244\arm64>adb push su /system/bin/su
[100%] /system/bin/su
D:\tools\Downloads\SR3-SuperSU-v2.82-SR3-20170813133244\arm64>adb push su /system/xbin/su
adb: error: failed to copy 'su' to '/system/xbin/su': Read-only file system
D:\tools\Downloads\SR3-SuperSU-v2.82-SR3-20170813133244\arm64>adb shell
[email protected]_cn:/ # su
[email protected]_cn:/ # cd /system/bin
[email protected]_cn:/system/bin # chmod 06755 su
chmod: chmod 'su' to 106755: Read-only file system
1|[email protected]_cn:/system/bin # ls su
su
[email protected]_cn:/system/bin # ls -al su
-rwxr-xr-x root shell 108496 2008-02-29 03:33 su
[email protected]_cn:/system/bin # su --intall
[email protected]_cn:/system/bin # su --daemon&
[1] 6146
[email protected]_cn:/system/bin # getenforce
Enforcing
[1] + Done su --daemon
[email protected]_cn:/system/bin # setenforce 0
[email protected]_cn:/system/bin # getenforce
Permissive
[email protected]_cn:/system/bin # exit
[email protected]_cn:/system/bin # exit
[email protected]_cn:/ # exit
/system/bin/su
exit
^C
Azlun said:
I have same saturation, no TWRP, no SU installed on my device: [email protected]_cn:/ #, Android M,
What I have is a userdebug boot.img support "adb root", so my draft commands in my mind please run one by one, not batch.. WARNING, this may make your system bootloop,take your own risk!!!.)
fastboot flash boot boot_userdebug.img
fastboot reboot
adb wait-for-device
adb root
adb remount
adb disable-verity
adb shell setenforce 0
adb reboot
cd D:\tools\Downloads\SR3-SuperSU-v2.82-SR3-20170813133244\arm64
adb wait-for-device
adb root
adb remount
adb shell setenforce 0
adb push .\su /system/bin/su
adb push .\su /system/xbin/su
adb shell chmod 06755 /system/bin/su
adb shell chmod 06755 /system/xbin/su
adb shell /system/bin/su --install
adb shell /system/bin/su --daemon&
adb install ..\common\Superuser.apk
adb shell setenforce 0
adb disable-verity
if you found SuperSU not found root, try adb shell setenforce 0 again.
then you can get SuperSU found su file need to update, use normal way to do it.
then, it will be "Installation success !"
Enjoy it.
so reference log:
D:\tools\Downloads\SR3-SuperSU-v2.82-SR3-20170813133244\arm64>adb push su /system/bin/su
adb: error: failed to copy 'su' to '/system/bin/su': Read-only file system
D:\tools\Downloads\SR3-SuperSU-v2.82-SR3-20170813133244\arm64>adb root
D:\tools\Downloads\SR3-SuperSU-v2.82-SR3-20170813133244\arm64>adb push su /system/bin/su
adb: error: failed to copy 'su' to '/system/bin/su': Read-only file system
D:\tools\Downloads\SR3-SuperSU-v2.82-SR3-20170813133244\arm64>adb remount
remount succeeded
D:\tools\Downloads\SR3-SuperSU-v2.82-SR3-20170813133244\arm64>adb push su /system/bin/su
[100%] /system/bin/su
D:\tools\Downloads\SR3-SuperSU-v2.82-SR3-20170813133244\arm64>adb push su /system/xbin/su
adb: error: failed to copy 'su' to '/system/xbin/su': Read-only file system
D:\tools\Downloads\SR3-SuperSU-v2.82-SR3-20170813133244\arm64>adb shell
[email protected]_cn:/ # su
[email protected]_cn:/ # cd /system/bin
[email protected]_cn:/system/bin # chmod 06755 su
chmod: chmod 'su' to 106755: Read-only file system
1|[email protected]_cn:/system/bin # ls su
su
[email protected]_cn:/system/bin # ls -al su
-rwxr-xr-x root shell 108496 2008-02-29 03:33 su
[email protected]_cn:/system/bin # su --intall
[email protected]_cn:/system/bin # su --daemon&
[1] 6146
[email protected]_cn:/system/bin # getenforce
Enforcing
[1] + Done su --daemon
[email protected]_cn:/system/bin # setenforce 0
[email protected]_cn:/system/bin # getenforce
Permissive
[email protected]_cn:/system/bin # exit
[email protected]_cn:/system/bin # exit
[email protected]_cn:/ # exit
/system/bin/su
exit
^C
Click to expand...
Click to collapse
Thank You - I will check and give feedback
Can I somehow just copy su and supersu files to phone (stock ROM) with full root shell to get root? Unfortunately bootloader is locked and only root shell is available.
user4978023 said:
Can I somehow just copy su and supersu files to phone (stock ROM) with full root shell to get root? Unfortunately bootloader is locked and only root shell is available.
Click to expand...
Click to collapse
Of course not. If it were that easy rooting would be a non-issue for devices with a locked bootloader.
towenyu said:
Successfully rooted!
Not that simple, but basically follow the update-binary script already inside supersu package.
Only need to made slight modification due to my system won't support "unzip"
Click to expand...
Click to collapse
Can you give more details ?
I'm in a similar situation (/system/bin/su and /system/xbin/su "updated" from Supersu zip , root access from adb shell , rom built as userdebug) but I'm unable to launch the update-binary through adb to get the TV fully rooted..
I got a problems when I try to root my c6902 5.1.1,I rooted by kingroot4.1 and follow this web:
http://forum.xda-developers.com/xpe...xperia-z1-c6902-lollipop-5-1-1-t3212562/page2
and the steps1-3 is successful,but I got a problem when I run step 4,there is the error:
1|[email protected]:/ # mount -o remount,rw /system
mount -o remount,rw /system
[email protected]:/ # cat /data/local/tmp/su >/system/xbin/daemonsu && chmod 0755 /system/xbin/daemonsu
local/tmp/su >/system/xbin/daemonsu && chmod 0755 /system/xbin/daemonsu <
k_shell/2000:18282: can't create /system/xbin/daemonsu: Text file busy
I am a chinese and my english is bad,so I search form google,and cant find a solution.can you help me or give me a properly website?
THANKS
help,plz....
Have you searched the faq of superuser for the error you are getting?
Have you seen and tried this?
http://forum.xda-developers.com/showthread.php?t=3242572