Database Develop

Rooting the Tattoo(its done!) - what we have got so far

Finally the race is over and some brave devs managed to get root on the tattoo and some were able to reproduce it on their own devices already. But notice: We are in an early stage of development. There is no one-klick-get-root app at the moment and there is still much work to be done until we get custom roms.
I will try to keep track of the ongoing development and update this post periodically. I've you find a mistake or get something new, let us know but we can't give support to every linux-nob at this point of development!
At the moment beeing root on the tattoo does NOT enable you to use the usual applications like Wifi Tethering that need root out of the box. You are also unable to write to /system by default. Now there is a new hack to make /system writable (look at the bottom of this post)
[size=+2]Status[/size]
Last update: 26.02.2010 - 12:55 MEZ
[size=+1]Rooting[/size]
The tattoo was successfully rooted the first time on 19.02.2010 ( http://forum.xda-developers.com/showpost.php?p=5672597&postcount=93 ). It was reproduced by some other users already, there is some work to be done make the exploit work more easily.
Because it has been asked many times: If there will ever be an OFFICIAL update with android 2.1 by HTC for the Tattoo (nobody knows definitively), this root-exploit will NOT work! You will lose root then!
It was done by porting this exploit http://www.milw0rm.com/exploits/8678 to the arm plattform and the tattoo. It uses a security hole in kernel 2.6.29 that wasn't patched in tattoos kernel. All began here on 10.2.2010 (the first post doesn't has to do anything with this): http://forum.xda-developers.com/showthread.php?t=631540
Kudos to zanfur, bftb0, mainfram3, HT123 and others (sorry if I forgot an important one).
The exploit was tweaked to deliver root more reliable.
[size=+1]Flashing custom roms[/size]
To develop custom roms won't be the problem, but the tattoo has got some extra security mechanisms that don't make it trivial to flash a new rom even now we have root. There is work going on to solve this.
[size=+1]Howto get root-privileges[/size]
I think it is save to follow but this is done at your own risk. Don't blame me if you Tattoo explodes, eats your hamster or make your girlfriend leave you.
Remember: We're in an early state of development, this is no Klick-an-Run-app, linux knowledge is needed.
Newbis on Windows should follow this howto made by Coburn64, its much easier than this one: http://forum.xda-developers.com/showthread.php?t=637927
Download this to your PC and unzip: View attachment 285070
(the older release was called m6 and can be found here: View attachment r00t.zip)
m7 is the binary. Push m7 to your Tattoo using adb:
Code:
adb push m7 /data/local/bin/m7
adb chmod 755 /data/local/bin/m7
Start a shell:
Code:
adb shell
Start the exploit in the shell:
Code:
cd /data/local/bin
while `true` ; do /data/local/bin/m7; done
The new m7 is an improved version of the old m6, it now should bring you root much more reliable.
With the old m6 while it is running, bring up and close random apps via task manager on the tattoo. This might not be necessary with m7. After a while the exploit should report success and come up with a root-shell. The promt should change from
Code:
$
to
Code:
#
Sometime the exploit stopps but no shell ('#') comes up. Just terminate it with ^C and try again.
You did it, you should be root now!
Let's set some variables:
Code:
export LD_LIBRARY_PATH=/system/lib
export PATH=/system/bin
When you got your shell, check if you are really root:
Code:
id
You should get something like this:
Code:
# id
uid=0(root) gid=1000(shell) groups=1003(graphics),1004(input),1007(log),1011(adb),1015(sdcard_rw),3001(net_bt_admin),3002(net_bt),3003(inet)
uid=0(root) is important.
To get a root-shell more easily next time, we have to make su work.
Take this su binary and push it in your tatto: http://www.fileuploadx.de/45656
Code:
adb push su /data/local/bin/su
Remount /data without the nosuid-option
Code:
# mount -o rw,remount /dev/block/mtdblock3 /data
Change the owner to root and set the suid-bit
Code:
# chown root.root /data/local/bin/su
# chmod 4755 /data/local/bin/su
Now you don't have to run the exploit again, just open a normal shell and run
Code:
$ /data/local/bin/su
Now you should be root!
Attention: If you reboot your phone, you have to run the exploit and the mount command again because /data will be mounted nosuid again!
Thats it!
Some suggestions for going on. When you run mount, you will see that some partitions are mounted read-only and/or with the nosuid-option. You can change this by running:
Code:
mount -o rw,remount /dev/block/mtdblockYOUWANT /DIRtoREMOUNT
[size=+2]Other developer stuff[/size]
Here I will list all other thinks, more dangerous and not with all steps described in detail because you should know how to do this if you want to
New: Make /system writeable
This is a dangerous part, it might break you system forever unless you don't know what you are doing! Don't try it unless you are a dev! That is the reason why the steps you have to do are not described in a more detailed way. If you don't know what to type in, you shouldn't try this hack!
Download View attachment 286072
1. Copy tattoo-hack.ko from the zip to /data/local/bin
2. # insmod /data/local/bin/tattoo-hack.ko
3. Remount system partition to be writeable
Now you can do everything with /system until you reboot. /system is the only partition that is mounted without nosuid after reboot, so copy su over to /system/bin/ to keep root permanently. To be able to use programs like setcpu you have to replace /system/bin/su with this su:
View attachment 286154
Flashing a custom recovery image
This is in alpha-state but we are able to flash custom recovery images what is the determining step to flashing custom roms. Don't ask how to flash android 2.x (we didn't do it right now) or when it will be ready. It will bes sometimes...
http://forum.xda-developers.com/showthread.php?t=639486
Have a lot of fun!
-bm-

BTW.. In order for /data/local/bin to exist it's probably best you do the busybox install to there first.. also the busybox commands are very handy.

Great - bm - thank you very much

-bm- said:
-bm-
Click to expand...
Click to collapse
This is a great day, it's really amazing how people could work together searching the good way to root this awesome little phone. Just to say I've really appreciated your work... I followed all you guys day by day... Thank you everyone, sorry for the OT.
Anyway... risks of bricks?

elvisior said:
BTW.. In order for /data/local/bin to exist it's probably best you do the busybox install to there first.. also the busybox commands are very handy.
Click to expand...
Click to collapse
Youre right, busybox makes further development more handy. But I think it isn't needed for /data/local/bin to exist, because for me it was there and I've got no busybox on my tattoo

chdir /data/local/bin
Click to expand...
Click to collapse
instead of
chdir to /data/local/bin
Click to expand...
Click to collapse

Thanks Man.
Nice team work.

stupid noobie question how Push m6 to your Tattoo using adb! can anyone possible make a noobie tutorial?!

@zoko : Use your favorite linux distribution.

please can you help me?when I do .m6 in shell i get
Code:
[ Overwritten 0xb0000100
but no #, any help for me?

ApotheoZ said:
@zoko : Use your favorite linux distribution.
Click to expand...
Click to collapse
You don't need Linux. Windows or even Mac OS will do just fine.
Zoko, grab adb.exe from the Android SDK. To install m6, just run:
Code:
adb push m6 /data/local/bin/m6

chusen said:
please can you help me?when I do .m6 in shell i get
Code:
[ Overwritten 0xb0000100
but no #, any help for me?
Click to expand...
Click to collapse
As I try to say in my howto (okay, my english is not the best ;-) ): That happens quite often. Just stop it with ^C ([control]+C) and start the exploit again until you have luck!

zoko said:
stupid noobie question how Push m6 to your Tattoo using adb! can anyone possible make a noobie tutorial?!
Click to expand...
Click to collapse
Hi zoko!
Please use google to find a tutorial for pushing files using adb, there are many out there and using adb is not tattoo-specific!
We don't have time to provide more service at the moment ;-)
By the way: I'm happy about everybody testing, but I wonder what you want to do with a root-shell I you even didn't use adb before. But learning and trying is always a good thing but please consider learning by googling also ;-)
Have a lot of fun!
-bm-

thanks but i try and try and try... and same result, more ideas or only try it?

Is there any way to mount /data r/w on boot?
I doubt it because the exploit should be run first... hmm
So now we need a custom rom with root privileges

...first a recovery.. i think

after i run the exploit once I have to reboot the phone to be able run it again or i get
HTML:
$ usage: reboot [-n] [-p] [rebootcommand]
.
any option to be able to run it more than once without rebooting the phone?

The Tattoo Root (kit)
Here's a small installation batch, to make it easier for everyone.
Download the supplied zip (TattooRoot).
Run 'install-tattoo-root'.
Code:
--------------------------------------------------
Creating /data/local/bin (it's ok to get an error)
mkdir failed for /data/local/bin, File exists
300 KB/s (5546 bytes in 0.018s)
1366 KB/s (356916 bytes in 0.255s)
9 KB/s (126 bytes in 0.013s)
--------------------------------------------------
M6 exploit (shoryuken derived with ARM shellcode from Zanfur)
installed to /data/local/bin
STEP 1:
Launch adb shell at the command prompt
Once in a shell type:
while `true` ; do /data/local/bin/m6; done
The exploit has succeded once you get a root prompt (indicated by #)
Retry the while loop above, until you get the root prompt
STEP 2:
Run /data/local/bin/create_su.sh to create a
suid shell in /data/local/bin/su
I think the comments are self-explanatory. If you can't get the m6 into your Tattoo, even with the help of this batch, I suggest you wait a little longer for a more foolproof way to free your Tattoo
Everytime you reboot your Tattoo you'll have to execute steps 1 and 2 again.

@mainfram3 i dont get same results
Code:
--------------------------------------------------
Creating /data/local/bin (it's ok to get an error)
mkdir failed for /data/local/bin, File exists
300 KB/s (5546 bytes in 0.018s)
1366 KB/s (356916 bytes in 0.255s)
9 KB/s (126 bytes in 0.013s)
--------------------------------------------------
M6 exploit (shoryuken derived with ARM shellcode from Zanfur)
installed to /data/local/bin
STEP 1:
Launch adb shell at the command prompt
Once in a shell type:
while `true` ; do /data/local/bin/m6; done
The exploit has succeded once you get a root prompt (indicated by #)
Retry the while loop above, until you get the root prompt
STEP 2:
Run /data/local/bin/create_su.sh to create a
suid shell in /data/local/bin/su
i get
Code:
Creating /data/local/bin (it's ok to get an error)
mkdir failed for /data/local/bin, File exists
34 KB/s (5546 bytes in 0.156s)
796 KB/s (356916 bytes in 0.437s)
7 KB/s (126 bytes in 0.015s)
--------------------------------------------------
where are my error?

chusen said:
i get
Code:
Creating /data/local/bin (it's ok to get an error)
mkdir failed for /data/local/bin, File exists
34 KB/s (5546 bytes in 0.156s)
796 KB/s (356916 bytes in 0.437s)
7 KB/s (126 bytes in 0.015s)
--------------------------------------------------
where are my error?
Click to expand...
Click to collapse
Chusen,
That is allright.
Now, launch a adb shell by typing
Code:
adb shell
and then try the exploit
Code:
$ while `true` ; do /data/local/bin/m6; done
until your greeted with:
Code:
[ Overwritten 0xb0000100
# <---- This # indicates you got root

[Q] Odex before compression

Is it possible to odex a system before I compress it into a androidinstall and send it to my device to install?
If so how?

only way i have found to odex is through the phone

How do people release odex'ed builds then?

2 ways
1. if adb works push the odex script to /data run the scrpit (search odex donut or dzo's instructions on how to use it), then do an adb pull of /system then repack it into a .tar and go
2 adb doesnt work for me so here is how i do it, i load up my build and in the /data folder i have the odex script, i run the script using terminal emulator, then i restart after its finished and put in a blank sd card then i copy the app and framework folders from /system to the SD and replace those folders in the original .tar with the newly odex'd ones

I put the odex script into data and then added it to init

jholtom said:
Is it possible to odex a system before I compress it into a androidinstall and send it to my device to install?
If so how?
Click to expand...
Click to collapse
I asked dzo once and he answered me, in the Fresh Froyo thread. The search function isn't working right now, but when you read this it might be working. Another thread described things in more detail, but I long ago forgot where that thread is. I never got odexing to work outside the phone, but here is the script I have tried. Note that the dexpreopt.py python script has to be edited to mount system as read/write, or it completely fails. I run this after a complete build.
Code:
#! /bin/sh
. build/envsetup.sh
lunch us_vogue-userdebug
rm out/target/product/vogue/obj/PACKAGING/systemimage_unopt_intermediates/system.img
ONE_SHOT_MAKEFILE=/home/devel/android/build/tools/dexpreopt/Android.mk make -C /home/devel/android/ files
make
mkdir /tmp/system-odex
rm -rf /tmp/system-odex/system
cp -ra out/target/product/vogue/system /tmp/system-odex
dexpreopt.py --outsystemdir=/tmp/system-odex/system
for i in /tmp/system-odex/system/app/*.apk; do zipalign -f 4 $i /tmp/zip; mv /tmp/zip $i; done
tar -C /tmp/system-odex -czf odex.tgz system

n2rjt said:
I asked dzo once and he answered me, in the Fresh Froyo thread. The search function isn't working right now, but when you read this it might be working. Another thread described things in more detail, but I long ago forgot where that thread is. I never got odexing to work outside the phone, but here is the script I have tried. Note that the dexpreopt.py python script has to be edited to mount system as read/write, or it completely fails. I run this after a complete build.
Code:
#! /bin/sh
. build/envsetup.sh
lunch us_vogue-userdebug
rm out/target/product/vogue/obj/PACKAGING/systemimage_unopt_intermediates/system.img
ONE_SHOT_MAKEFILE=/home/devel/android/build/tools/dexpreopt/Android.mk make -C /home/devel/android/ files
make
mkdir /tmp/system-odex
rm -rf /tmp/system-odex/system
cp -ra out/target/product/vogue/system /tmp/system-odex
dexpreopt.py --outsystemdir=/tmp/system-odex/system
for i in /tmp/system-odex/system/app/*.apk; do zipalign -f 4 $i /tmp/zip; mv /tmp/zip $i; done
tar -C /tmp/system-odex -czf odex.tgz system
Click to expand...
Click to collapse
ok thanks
I'll work with it

Also there is a script I use to odex files as they are downloaded from the market or installed on the phone. It is inside of my barebones build and if you look inside my userinit from my build you will see the call to the file.
Edit: I do not take credit for it, I just claim to be a source of the file as I already have it.

Linux installer

Trying to get Ubuntu chroot up and running with Linux installer from the market.
Followed the quick start guide to a "t", only changes I made from the default settings were distribution and version. This resulted in a /data/local/mnt/Linux directory with the Ubuntu file structure inside and a Linux.loop file in the root of my internal storage.
The part that is confusing of how to mount. The last step in the guide is to press the button that creates the linuxchroot script; when I press the button out says it's creating the file but the file isn't created.
I'm attempting to use the following commands to mount manually:
Code: ---------# mount loop.img directory ---------If for some reason that doesn't work use losetup.
Code: ---------# losetup /dev/block/loop7 loop.img # mount -t auto /dev/block/loop7 directory
But not sure how to use them because there isn't a .img file, just the previously mentioned /data/local/mnt/Linux directory and the Linux.loop file.
Anyone? Thanks in advance
Sent from my DROID3 using Tapatalk 2

Q9Nap said:
Trying to get Ubuntu chroot up and running with Linux installer from the market.
Followed the quick start guide to a "t", only changes I made from the default settings were distribution and version. This resulted in a /data/local/mnt/Linux directory with the Ubuntu file structure inside and a Linux.loop file in the root of my internal storage.
The part that is confusing of how to mount. The last step in the guide is to press the button that creates the linuxchroot script; when I press the button out says it's creating the file but the file isn't created.
I'm attempting to use the following commands to mount manually:
Code: ---------# mount loop.img directory ---------If for some reason that doesn't work use losetup.
Code: ---------# losetup /dev/block/loop7 loop.img # mount -t auto /dev/block/loop7 directory
But not sure how to use them because there isn't a .img file, just the previously mentioned /data/local/mnt/Linux directory and the Linux.loop file.
Anyone? Thanks in advance
Sent from my DROID3 using Tapatalk 2
Click to expand...
Click to collapse
If you see the directory structure in /data/local/mnt/Linux then it's already mounted.
Code:
chroot /data/local/mnt/Linux /bin/bash
Should work, but I have no idea why the script isn't being created.
To manually mount.
Code:
mount /sdcard/Linux.loop /data/local/mnt/Linux
and un-mount after exiting the chroot environment by a ctrl-d or typing "exit".
Code:
umount /data/local/mnt/Linux
if un-mounting causes a device is busy error, un-mount the lazy way
Code:
umount -l /data/local/mnt/Linux
Doing any of this manually might cause some errors because the script isn't doing whatever it is that it does.

Ok so I finally got Ubuntu up and running with vnc server and all, & realized there's no way to input text.
Anyone know if there's any possible way to be able to use the d3 keyboard while in chroot (other than in terminal of course) ?
*edit*
Seems to be working now...

[tutorial] install bash command line on your android

it is not tested on galaxy mini so I will say it beta, please its a request to post a reply whether it is working or not
bash:- an advanced command line than sh, it is colorful so you can differentiate the commands easily
steps for installing bash if you have cwm and want automated process
1:- download the bash command line flashable zip from here
2. download bash enabler script from here
3. flash the bash command line dhlalit11.zip in cwm recovery
4. boot the device normally
5. with the help of script manager execute the bash install.sh script with su privilege
and you are done
Click to expand...
Click to collapse
steps for installing bash if you don't have cwm or want to do it manually
1:- download the bash command line flashable zip from here
2. extract the files to a folder
3. go to /extracted folder/system
4. copy all the files to your system as they are placed
5. open terminal and type chmod 0755 /system/xbin/bash
and its done
Click to expand...
Click to collapse
note:- running bash will not give you root privilege automatically, you will need to type "su -c bash" to go directly into bash with root

reserved

if you don't mind...you can add this line into your updater script
Code:
set_perm(0, 0, 0755, "/system/blabla-the file position");
this one will automatically change the file permission for you so that we don't have to run the script anymore. you can also add symlink("/system/bin/bash", "/system/bin/sh"); to replace our old sh with bash so that everytime we use sh command, we will run bash instead. I was using these trick on my old ROM. however, this step will erase our sh binary file. so we must use it carefully. I usually did these step on a fresh rom installation. you might want to test it by yourself to make sure everything is alright.

I like to make scripts and one more reason is the script first looks for bash in /system/xbin to ensure a proper flash, if bash is not found it will tell the owner
didn't wanted to replace sh

if the purpose is to check whether it was installed correctly or not you can use run_program command instead and make the installation a lot simpler. you can put the script temporary in cache and delete it after the installation complete. or else...you can play with aroma installer. you can design the UI with several option like
1. install bash
2. symlink bash to sh
3. check the bash installation status
4. etc etc (as you like)
aroma could make our usual installation stuff into sumething more fun and interactive ^,^v
anyway, this is only a suggestion. if you want to use aroma you can modify my multi tweak installer. you said that you like to make scripts. it will be easy for you to get the basic stuff on aroma and starting to made one for your self. the link is in my sig. check the akuro or one pack tweak thread and got the aroma from the latest version there.

script run in cwm do not print anything on the UI and the user will not see whether the it was done or not
and I had previously used aroma in my rom patch for galaxy s series but this is just a simple task to do
I will think about it, but sure it will take time and I don't have time as I wanted to update the sticky of this forum then I am working on two mods for my karbonn smart tab 1
but I will for sure figure it out

installing bash
hi i have a Galaxy Centura tracphone and i get this error after executing su-c bash into the cmd via adb......I have installed the flashable zip and ran the installer script....
255|[email protected]:/system/bin # su -c bash
su -c bash
link_image[1936]: 7974 could not load needed library 'libncurses.so' for 'bash
(load_library[1091]: Library 'libncurses.so' not found)CANNOT LINK EXECUTABLE
255|[email protected]:/system/bin #
any ideas?

Bash
Hi, I managed to install the ZIP file (Moto G XT1032) and the script worked as well but after it was done, bash didn't have 755.
I tried adding it manually (as root) but it fails with this error:
Unable to chmod /system/xbin/bash: read-only filesystem
I tried remount using this:
su mount -o remount,rw /
But still no luck, any suggestions?
---------------------------------------------------- UPDATE -------------------------------------------------------
managed to get it via ADB Shell with this commands:
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
chmod 755 /system/xbin/bash
still not working because of not having "libncurses.so" which will try to install manually.

ThePlayer10 said:
Hi, I managed to install the ZIP file (Moto G XT1032) and the script worked as well but after it was done, bash didn't have 755.
I tried adding it manually (as root) but it fails with this error:
Unable to chmod /system/xbin/bash: read-only filesystem
I tried remount using this:
su mount -o remount,rw /
But still no luck, any suggestions?
---------------------------------------------------- UPDATE -------------------------------------------------------
managed to get it via ADB Shell with this commands:
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
chmod 755 /system/xbin/bash
still not working because of not having "libncurses.so" which will try to install manually.
Click to expand...
Click to collapse
You didn't needed to type whole dev block address, what you were missing was
(su
mount -o remount,re /system)
You were actually mountung the root of your device instead of system partition, which was the reason of non-working

[Q] help w jb root

all is good until the last step whats going on?
[email protected]:/tmp/share$ tar xvf motoshare.tgz
adb
busybox
pwn
su
Superuser.apk
[email protected]:/tmp/share$ sudo chown root:root pwn
[email protected]:/tmp/share$ sudo chmod 6755 pwn
[email protected]:/tmp/share$ /tmp/share/adb shell /storage/rfs0/pwn
bash: /tmp/share/adb: No such file or directory
[email protected]:/tmp/share$

Please give me the response for the terminal command:
ls -l /tmp/share/adb

re jb root
[email protected]:/tmp/share$ ls -l /tmp/share/adb
-rwsr-sr-x 1 jody jody 204436 Feb 11 11:49 /tmp/share/adb

jodybgoode said:
[email protected]:/tmp/share$ ls -l /tmp/share/adb
-rwsr-sr-x 1 jody jody 204436 Feb 11 11:49 /tmp/share/adb
Click to expand...
Click to collapse
I will get back to you after I talk with Dan. Unless another set of eyes knows the solution.
Sent from my MB886 using xda app-developers app

Try running the last command as simply "adb shell /storage/rfs0/pwn"
(i.e. without the prefix /tmp/share/)

Help confused
djrbliss said:
As promised, this post describes how to root the Atrix HD Jelly Bean build. This should also work on other Motorola 4.1.2 builds (Razr/Razr Maxx, Razr HD, Razr M, etc.).
The exploit requires setting up a special Samba share and mounting this share on your phone using the File Manager app. I apologize that this process may seem involved for some of you, and request that members of this community help each other out if some of you are having problems completing the procedure. I'm not able to provide individual tech support to every user who wants to root this phone.
The following instructions require a working Linux installation. The following instructions are for Ubuntu. If you don't want to install Ubuntu permanently on your machine, I suggest using a LiveCD installation. Instructions on setting this up are described here:
https://help.ubuntu.com/community/LiveCD#How-To_LiveCD_Ubuntu
Once you're booted into Ubuntu, open a terminal. Create a new directory for your Samba share:
Code:
mkdir /tmp/share
Next, install the samba package:
Code:
sudo apt-get install samba
Edit the configuration file for samba:
Code:
sudo gedit /etc/samba/smb.conf
Add the following lines to the end of the configuration file and save your changes:
Code:
[share]
path = /tmp/share
available = yes
valid users = guest
read only = yes
browsable = yes
public = yes
Close the text editor once you've saved your changes.
Next, create a user for the Samba share by typing in the terminal:
Code:
sudo useradd guest -m -G users
Set a password for the new user. Remember this password:
Code:
sudo passwd guest
Provide a password here and press enter. You won't see the characters you're typing, so be careful.
Next, set a password on the share. Use the same password you just provided:
Code:
sudo smbpasswd -a guest
Type the password you created before and press enter.
Next, restart the Samba server:
Code:
sudo restart smbd
Finally, download and prepare the required files to the Samba share:
Code:
cd /tmp/share
wget [url]http://vulnfactory.org/public/motoshare.tgz[/url]
tar xvf motoshare.tgz
sudo chown root:root pwn
sudo chmod 6755 pwn
At this point, you'll need to know the IP address of your Linux host, which you can get by running "ifconfig" from your terminal (it should be of the form "192.168.x.x").
Next, move over to your Android device. Ensure you have enabled USB Debugging Mode (under Settings -> Development Settings). Ensure your device is connected via Wifi.
Open the "File Manager" app, and select "Remote storage". Click "Add storage", and fill in fields as follows:
Code:
Host IP address: [your Linux machine's IP address]
Domain name: WORKGROUP
Shared folder name: share
User: guest
Password: [the password you created above]
At this point, the phone will mount your Linux share. To complete the process, plug in your phone via USB to your Linux machine, and type the following in your Linux terminal:
Code:
sudo /tmp/share/adb kill-server
sudo /tmp/share/adb shell /storage/rfs0/pwn
If it's successful, this should print "[+] Rooting complete!".
Finally, install Supersu by typing the following in the terminal:
Code:
sudo /tmp/share/adb install /tmp/share/eu.chainfire.supersu.apk
Congratulations, enjoy your rooted device.
I can't stress this enough: I can't provide individualized tech support for everyone on this forum. Please help each other.
TTLayland has been successfully rooted using this technique and has volunteered to help. If you get stuck and can't find support on these forums, feel free to email him at ttlayland (at) gmail (dot) com.
Paypal:
http://goo.gl/zBGb0
Click to expand...
Click to collapse
Got this error:
[email protected]:/tmp/share$ sudo /tmp/share/adb shell /storage/rfs0/pwn
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
mount: Operation not permitted
sh: can't create /system/xbin/busybox: Read-only file system
Unable to chmod /system/xbin/busybox: No such file or directory
sh: busybox: not found
cp: /system/bin/su: Read-only file system
Unable to chown /system/bin/su: No such file or directory
Unable to chmod /system/bin/su: No such file or directory
link failed Read-only file system
[+] Rooting complete!
[email protected]:/tmp/share$
Then it says: "There is no SU binary installed, and SuperSU cannot install it. This is a problem!" when opening SuperSU
PLEASE HELP HERE OR MY EMAIL! : [email protected]
Thanks in advanced
progrockguy said:
Try running the last command as simply "adb shell /storage/rfs0/pwn"
(i.e. without the prefix /tmp/share/)
Click to expand...
Click to collapse

progrockguy said:
Try running the last command as simply "adb shell /storage/rfs0/pwn"
(i.e. without the prefix /tmp/share/)
Click to expand...
Click to collapse
that worked kinda. well it says rooting complete but when i update superuser or root checker says root fail

Please Help: error: device offline
I am getting the following error
[email protected]:/tmp/share$ sudo /tmp/share/adb kill-server
[email protected]:/tmp/share$ sudo /tmp/share/adb shell /storage/rfs0/pwn
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
error: device offline
[email protected]:/tmp/share$
I am running the LiveCD in VMware Workstation
Sorry for the duplicate posts

worked perfectly after i used a 32 bit live disk

jodybgoode said:
worked perfectly after i used a 32 bit live disk[/QUOTE
Did you use Ubuntu and which version?
do you have a link to the CD?
Did you boot a machine or you used VMware or Virtualbox?
Click to expand...
Click to collapse

Why would anyone even attempt to use a VM for this simple root method? You could've been rooted already if you had just followed the instructions.

Same problem here. I couldn't get past the adb kill-server command. It would tell me there is no such directory. If any one can get past this can someone please tell me what they did to get past it.

Black_halo said:
Same problem here. I couldn't get past the adb kill-server command. It would tell me there is no such directory. If any one can get past this can someone please tell me what they did to get past it.
Click to expand...
Click to collapse
I am stuck, I have tried so many machine to no luck
Please someone help

Start over and just copy and paste each single line and hit enter do not copy multiple code lines .
ATRIX HD running BATAKANG 1.10

sickkside13 said:
Start over and just copy and paste each single line and hit enter do not copy multiple code lines .
ATRIX HD running BATAKANG 1.10
Click to expand...
Click to collapse
I did, no luck

Dammz man idk what else to tell you yesterday i spend all day trying to root too but just when i was about to give up i got everything g working
ATRIX HD running BATAKANG 1.10

sickkside13 said:
Dammz man idk what else to tell you yesterday i spend all day trying to root too but just when i was about to give up i got everything g working
ATRIX HD running BATAKANG 1.10
Click to expand...
Click to collapse
hehehehe

Does the root method have anything to do with having android sdk and ndk on your system? Im thinking thats what it is now. Would i have to have linux sdk to run with terminal root or windows sdk?

Black_halo said:
Does the root method have anything to do with having android sdk and ndk on your system? Im thinking thats what it is now. Would i have to have linux sdk to run with terminal root or windows sdk?
Click to expand...
Click to collapse
No, you don't need the Android SDK/NDK, since I included a copy of ADB in the tarball file that you extracted to /tmp/share.
What's the output of "ls -l /tmp/share/adb" on your Linux machine?

I had to re-flash official JB firmware in RSD Lite before the exploit would work. Before that, the Exploit would return "Root Complete", but there was no root access (though I could su to # in adb). I run Ubuntu 12.04 x64 at work already with Windows in VirtualBox.
RSD Lite doesn't seem to want to complete a flash in the Windows VMs I run in VirtualBox at work, so I waited until I got home and used my Windows 8 Pro machine to RSD the phone with the official JB firmware. I run Ubuntu 12.04 in a VirtualBox on that machine already, so after the RSD flash, I ran the exploit from that VM - BINGO - worked on the first try.
Failing other options, you might want to try re-flashing JB in RSD Lite and running the exploit on a fresh device.
I used the firmware in this thread (To fix the issue the thread is about):
http://forum.xda-developers.com/showthread.php?t=2057078
If you decide to try that, Be SURE to get the firmware zip AND THE XML and replace the XML before flashing!!