Related
To be honest, I'm a nice guy, but when threads get filled with utter "OMG, How do I root?" posts, I get pissed off. I don't mean to backseat moderate or anything, I just really get fed up sometimes. Hence, I've broken out the hardcore side of myself, and I present:
Coburn's (mostly) failproof rootmeplz kthxbai tutorial, featuring the awesome m7 exploit.
YOU CANNOT USE THIS ROOT GUIDE TO INSTALL ANDROID 2.0.x/2.1/2.x AT THIS MOMENT IN TIME. PLEASE DO NOT ASK IF YOU CAN INSTALL ANDROID 2.x USING ROOT, AT THIS STAGE IT'S A BIG FAT NO! THANK YOU FOR YOUR ATTENTION!!
Alright.
Easy to understand, plain english guide
Download the ZIP file attached to this post. Extract the files to a safe location - perhaps C:\Tattoo ?
Now, you'll need adb for windows. You can get it from my website's server here: ADB for windows.
Make sure your device is in USB Debug Mode (Settings > Applications > Development). This is ESSENTIAL!
Extract all the files in the adb4win zip file to your C:\Tattoo folder.
Now, go to Command Prompt. In XP, it's under System Tools in Accessories. In Vista/7, it'll be under accessories.
Do the following at the command line:
C:\Users\Coburn> cd C:\Tattoo
This will change your working directory from C:\Users\Coburn (or silimar) to C:\Tattoo .
Now, at the command line, do this:
C:\Tattoo> adb-windows shell "mkdir /data/local/bin" (with the quotes!).
This makes a directory on the Tattoo under /data/local, called bin. If you get a error (like mkdir failed, file/folder exists), this is fine! Don't sweat it.
Now, run this command:
C:\Tattoo> adb-windows push m7 /data/local/bin/m7
...and wait until finish.
Run this:
C:\Tattoo> adb-windows shell "cd /data/local/bin && chmod 755 ./m7" (with the quotes!)
This allows you to run the sucker.
Now, the fun part. Run this:
C:\Tattoo> adb-windows shell
This will dump you at a "$" shell. do the following:
C:\Tattoo> adb-windows shell
$ cd /data/local/bin
$ while ./m7 ; do : ; done
...lotsa text will flow down your screen. This is normal. Sometimes the exploit causes adb to freeze up, I don't know. I think it may be due to the exploit. It worked on my mac fine though...
Soon, you'll be greeted with this:
#
This is the root prompt! If you get stuff like this:
# usage: reboot ...
usage: reboot ....
usage: reboot ...
Just keep your cool, press enter and the # will say "Boo" again. This is due the exploit spawning reboots to gain the shell.
Then, do these commands from this thread's first post:
-bm- and the hax0rs crew said:
You did it, you should be root now!
Let's set some variables:
Code:
export LD_LIBRARY_PATH=/system/lib
export PATH=/system/bin
[...] check if ur root:
Code:
id
You should get something like this:
Code:
# id
uid=0(root) gid=1000(shell) groups=1003(graphics),1004(input),1007(log),1011(adb),1015(sdcard_rw),3001(net_bt_admin),3002(net_bt),3003(inet)
uid=0(root) is important.
Click to expand...
Click to collapse
When you get this:
C:\Tattoo> adb-windows shell
$ cd /data/local/bin
$ while ./m7 ; do : ; done
[... lotsa pasta ...]
#
You can do anything then! Look at /system, /data, etc etc. You're broken free, my friend, and you'll forever be free. Until you press that exit button. you didn't. You didn't press that exit button? lolwut u did? Grrrrrrr!!!
EDIT: Added Guide to remount partitions. It's below.
Now you need to install su. Exit your root shell (via CTRL+C) (NO, Coburn, are you serious? ME LOSE ROOT SHELL?! ) and download this su.zip and extract it to C:\Tattoo. DO NOT EXIT THE COMMAND PROMPT WINDOW.
Meanwhile, back at the ranch, in your command prompt window, do this:
C:\Tattoo> adb-windows push su /data/local/bin/su
Then break out a shell...
C:\Tattoo> adb-windows shell
at the $ prompt, enter:
$ chmod 755 /data/local/bin/su
$ cd /data/local/bin/
..run the exploit again via "while 'true' ; do ./m7 ; done" to get root again then enter ...
# chown root.root /data/local/bin/su
# chmod 4755 /data/local/bin/su
# mount -o rw,remount /dev/block/mtdblock5 /data
# mount -o rw,remount /dev/block/mtdblock3 /system (This line allows you to play around with files on the system partition!)
After that, you can exit out of the root shell, and try a normal shell and this:
$ /data/local/bin/su
...which should make you get a nice # prompt. (Sometimes it doesn't, for me it got su: permission denied, wtf?)
(End SU Part of guide)
Tested on Windows 7. Also works on a phone terminal emulator too!
Keep your cool peeps - I do this for fun, I'm not a fulltime android dev. I am an addict though.
Happy rootin my friends.
Cheers,
Tattoo Hacker Coburn.
Greets fly out to the geeks that hacked it originally - without you, I'd have got a nexus one.
Thanks for marsdroid for correcting an error. Kudos to you, bro!
"ANDROID - It's a virus. In a Good Way. Once it's in your system, you can't get rid of it."
You should also add the "su" part in order to get root easier after the first time. Otherwise you have to do the exploit every time you want #
You could also add an explanation on how to remount the partitions without nosuid, so that a suid su can work.
mainfram3 said:
You could also add an explanation on how to remount the partitions without nosuid, so that a suid su can work.
Click to expand...
Click to collapse
Noted. Will do.
LordGiotto said:
You should also add the "su" part in order to get root easier after the first time. Otherwise you have to do the exploit every time you want #
Click to expand...
Click to collapse
Heh, yeah. Might add that up too.
Coburn64.
Thanks Man.
Nice Thread.
Thank you Coburn
svprm said:
Coburn64.
Thanks Man.
Nice Thread.
Click to expand...
Click to collapse
Thanks bro for your thanks.
I'm very glad you did that work, I'm kind of busy but I will update my statusposting and link to your HowTo!
Thats great community work.
[ROOTING] The M7 Exploit + Newbie Guide
Easy to understand, plain english guide
Click to expand...
Click to collapse
I apologize for my english, it's not my native language and I tried my best. ;-)
Keep up your work!
-bm-
-bm- said:
I'm very glad you did that work, I'm kind of busy but I will update my statusposting and link to your HowTo!
Thats great community work.
I apologize for my english, it's not my native language and I tried my best. ;-)
Keep up your work!
-bm-
Click to expand...
Click to collapse
You're welcome. I actually wanted this thread to help your thread, I wanted to spawn a m7 exploit thread to keep the original thread (which is based on the classic m6 exploit) clean of "How do I root with m7" and such.
Keep up the good work too, bm!
Thanks Coburn, so m6 is useless..
adb shell rm /data/local/bin/m6?
thx for the work , and corrections ! deleted the ealyer post
?
When i get # , and type:
# chown root.root /data/local/bin/su
i get :
chown root.root /data/local/bin/su
chown: not found
#
What i'm doing wrong /??
liderzre said:
When i get # , and type:
# chown root.root /data/local/bin/su
i get :
chown root.root /data/local/bin/su
chown: not found
#
What i'm doing wrong /??
Click to expand...
Click to collapse
type
export LD_LIBRARY_PATH=/system/lib
export PATH=/system/bin
rooted
Ty. Guide is not 100% for noobs. (ME).
Problem copying files to system partition after successfull rooting
Hi
The device was rooted successfully (from the first time using m7)
But I have very strange problem.
I try to update some files in the /system (updating fonts in /system/fonts).
I successfully run following command to remount system with rw permissions
/system/bin/mount -o rw,remount /dev/block/mtdblock3 /system
But when I try to copy files to /system/fonts I get "not enough memory" error.
If I run "df" command it shows that /system has 14% free before write attempt
But if I run "df" command after the write attempt I see that there is no free space.
It looks like there is some protection mechanism that prevents copying files to /system partition.
Does any one has an idea how to solve it?
Thanks
ronyrad said:
Hi
The device was rooted successfully (from the first time using m7)
But I have very strange problem.
I try to update some files in the /system (updating fonts in /system/fonts).
I successfully run following command to remount system with rw permissions
/system/bin/mount -o rw,remount /dev/block/mtdblock3 /system
But when I try to copy files to /system/fonts I get "not enough memory" error.
If I run "df" command it shows that /system has 14% free before write attempt
But if I run "df" command after the write attempt I see that there is no free space.
It looks like there is some protection mechanism that prevents copying files to /system partition.
Does any one has an idea how to solve it?
Thanks
Click to expand...
Click to collapse
The problem is well known an jet we have got no explanation. It looks like an additional security system build in by HTC. That is what also prevents us from flashing Custom ROMS at the moment. Development goes on here: http://forum.xda-developers.com/showthread.php?t=631540&page=18 but there is no solution or explanation until now.
-bm-
Could it be that it seems to be that the driver (yaffs) is possibly trying to copy /system into memory, and then reflash the partition all at once (to prevent NAND/NOR tear and wear)?
this guide is in error and will for sure not work ...
you should post probberly ...specially now when things is working....
there is no reason do do a NONSENCE guide .....
thx for the work thoe
Click to expand...
Click to collapse
Excuse me, but it was tested working. I do not post false or misleading information, so please don't accuse me of posting something that won't work. It does work. If you have troubles, you're not following it correctly. Start again and work one step at a time.
Coburn64 said:
Excuse me, but it was tested working. I do not post false or misleading information, so please don't accuse me of posting something that won't work. It does work. If you have troubles, you're not following it correctly. Start again and work one step at a time.
Click to expand...
Click to collapse
don't worry for such baseless allegations coburn.... u r doing a great job. keep up this good work bro.... thanks a lot for this wonderful presentation...
waiting for ur custom ROM.....
Coburn64 u are missing a ; in the 2. while
and i dont expect the newbies to sit back and wait for the "BUUH"..
but im sure someone will....
thx again
EDIT Coburn64 fixed it
I was messing around with the ONE-click-lag-fix thingy on this thread
http://forum.xda-developers.com/showthread.php?p=8353541#post8353541
someone posted a "fix"
""you can fix the jpk issue by doing this:
after the failure, reboot the phone.
then with root explorer delete the file linux.ex2 in folder /data/ext2 this will give you back the space
open terminal emulator on phone and type:
su
busybox mount -o remount,rw /system
press home button and reapply the lagfix.
wait...
profit!"
So I went into my phone in /data and found linux.ex2 (although it wasn't in /ext2 it was just in /data) and I deleted it
and used the terminal commands etc.
I reset my phone and it books into the logo then turns black and turns off
I don't have the 3 button recovery mode enabled... I have ADB and stuff though
WHAT do I do ?
Please oh please tell me I didn't brick my phone
Please tell me how to fix this and I will give you $50 or $100 paypal right away
If it is bricked, what do I do to go about getting it replaced ?
Try: adb reboot recovery
And try a factory reset
Otherwise, you can boot into download mode by: adb reboot download and flash via Odin.
kalpik said:
Try: adb reboot recovery
And try a factory reset
Otherwise, you can boot into download mode by: adb reboot download and flash via Odin.
Click to expand...
Click to collapse
Where do I get ADB again (im at work) is there a tutorial ?
btw if this works Ill need your paypal info
You can use mke2fs to re-create linux.ex2
Ex. mke2fs /data/linux.ex2
This could get you booted up again. Then you could uninstall/reinstall the lagfix.
frankencat said:
You can use mke2fs to re-create linux.ex2
Ex. mke2fs /data/linux.ex2
This could get you booted up again. Then you could uninstall/reinstall the lagfix.
Click to expand...
Click to collapse
What do you mean? can you please explain this further?
what's mke2fs ?
Funkadelick said:
Where do I get ADB again (im at work) is there a tutorial ?
btw if this works Ill need your paypal info
Click to expand...
Click to collapse
ADB tutorial: http://forum.xda-developers.com/showpost.php?p=7239659&postcount=3
WAIT!!!!!!!: Before you do anything else!!! Look for /sdcard/linux.ex2 and see if it exists. This should be a backup that can be restored. Copy this back to data and you should be good to go. Might take a while to copy but it should work.
frankencat said:
WAIT!!!!!!!: Before you do anything else!!! Look for /sdcard/linux.ex2 and see if it exists. This should be a backup that can be restored. Copy this back to data and you should be good to go. Might take a while to copy but it should work.
Click to expand...
Click to collapse
I'm fairly new -- this is the problem
What do you mean "look" for it ? I can't even open up my phone -- it goes black on the boot screen (i shouldn't have deleted linux.ex2)
So I would assume this would be done through ADB ? I'm downloading it now
frankencat said:
WAIT!!!!!!!: Before you do anything else!!! Look for /sdcard/linux.ex2 and see if it exists. This should be a backup that can be restored. Copy this back to data and you should be good to go. Might take a while to copy but it should work.
Click to expand...
Click to collapse
I would need to know the commands to type to "restore" this file basically once I get ADB running
and if it works, please PM me your paypal info
I downloaded the android development SDK -- but when I ran it i got this: "Failed to fetch URL http://dl-ssl.google.com/android/repository/repository.xml, reason: dl-ssl.google.com"
Is this b/c I'm at work ? (firewall)
do I need to connect in order to use ADB ?
You said you have ADB so do this...hook up your phone and fire up a command window on you pc.
type in "adb shell"
this should get you into adb shell (duh).
next type "su"
Now enter the following one at a time on order. The last line will reboot your phone.
/data/lagfixtemp/busybox rm -rf /data/data;
/data/lagfixtemp/busybox rm -rf /data/system;
/data/lagfixtemp/busybox rm -rf /data/dalvik-cache;
/data/lagfixtemp/busybox rm -rf /data/app;
/data/lagfixtemp/busybox rm -rf /data/app-private;
/data/lagfixtemp/busybox mv /data/bak/data /data/;
/data/lagfixtemp/busybox mv /data/bak/system /data/;
/data/lagfixtemp/busybox mv /data/bak/dalvik-cache /data/;
/data/lagfixtemp/busybox mv /data/bak/app/app-private /data/;
/data/lagfixtemp/busybox mv /data/bak/app /data/;
/data/lagfixtemp/busybox mv /system/bin/playlogosnow /system/bin/playlogos1;
reboot
Funkadelick said:
I downloaded the android development SDK -- but when I ran it i got this: "Failed to fetch URL http://dl-ssl.google.com/android/repository/repository.xml, reason: dl-ssl.google.com"
Is this b/c I'm at work ? (firewall)
do I need to connect in order to use ADB ?
Click to expand...
Click to collapse
You don't need to run anything. Just download it and unzip the files to a directory on your computer like C:\android-sdk-windows
Then add the tools directory to you PATH setting
C:\android-sdk-windows\tools
Let me know if you don;t know how to do that and I will walk you through it.
frankencat said:
You said you have ADB so do this...hook up your phone and fire up a command window on you pc.
type in "adb shell"
this should get you into adb shell (duh).
next type "su"
Now enter the following one at a time on order. The last line will reboot your phone.
/data/lagfixtemp/busybox rm -rf /data/data;
/data/lagfixtemp/busybox rm -rf /data/system;
/data/lagfixtemp/busybox rm -rf /data/dalvik-cache;
/data/lagfixtemp/busybox rm -rf /data/app;
/data/lagfixtemp/busybox rm -rf /data/app-private;
/data/lagfixtemp/busybox mv /data/bak/data /data/;
/data/lagfixtemp/busybox mv /data/bak/system /data/;
/data/lagfixtemp/busybox mv /data/bak/dalvik-cache /data/;
/data/lagfixtemp/busybox mv /data/bak/app/app-private /data/;
/data/lagfixtemp/busybox mv /data/bak/app /data/;
/data/lagfixtemp/busybox mv /system/bin/playlogosnow /system/bin/playlogos1;
reboot
Click to expand...
Click to collapse
Jesus christ how did you know all this stuff ? gonna try it out ill let you know how it goes -- brb
frankencat said:
You don't need to run anything. Just download it and unzip the files to a directory on your computer like C:\android-sdk-windows
Then add the tools directory to you PATH setting
C:\android-sdk-windows\tools
Let me know if you don;t know how to do that and I will walk you through it.
Click to expand...
Click to collapse
I got adb up and running
but please explain (in detail) your solution you mentioned in the previous page --
"You can use mke2fs to re-create linux.ex2
Ex. mke2fs /data/linux.ex2
This could get you booted up again. Then you could uninstall/reinstall the lagfix."
Please in details explain what you mean and show commands. Thanks
frankencat said:
You said you have ADB so do this...hook up your phone and fire up a command window on you pc.
type in "adb shell"
this should get you into adb shell (duh).
next type "su"
Now enter the following one at a time on order. The last line will reboot your phone.
/data/lagfixtemp/busybox rm -rf /data/data;
/data/lagfixtemp/busybox rm -rf /data/system;
/data/lagfixtemp/busybox rm -rf /data/dalvik-cache;
/data/lagfixtemp/busybox rm -rf /data/app;
/data/lagfixtemp/busybox rm -rf /data/app-private;
/data/lagfixtemp/busybox mv /data/bak/data /data/;
/data/lagfixtemp/busybox mv /data/bak/system /data/;
/data/lagfixtemp/busybox mv /data/bak/dalvik-cache /data/;
/data/lagfixtemp/busybox mv /data/bak/app/app-private /data/;
/data/lagfixtemp/busybox mv /data/bak/app /data/;
/data/lagfixtemp/busybox mv /system/bin/playlogosnow /system/bin/playlogos1;
reboot
Click to expand...
Click to collapse
when I type adb shell I get
error: device not found
am I doing something wrong ?
I rebooted my phone (galaxy S logo / start up screen) then it goes black as usual -- then I connected the cable and ran ADB from CMD.exe and typed ADB shell and got that error
Add C:\android-sdk-windows\tools to you computer's PATH...
- Open System Properties by right-clicking on My Computer
- Click on Advanced tab
- Click on Environment Variables
- Find PATH in System Varibles (bottom window) and open it for editing by either double-clicking or selecting it and clickin Edit button
- Scroll all the way to the end of the PATH string and enter a semi-colon ; at the end
- Paste the path to the sdk tools directory right after the semi-colon (C:\android-sdk-windows\tools)
- Click OK, OK, OK all the way out.
Now type "PATH" (without the quotes) in the command window and you should see the new path in the window. If not then close the window and open a new one. The tools dir should now be in the path and you are ready to use ADB.
You probably do not have have USB debugging enabled. Do you know if you eneabled that before or not? Also, did you make an nandroid backup before you started this?
And yes, it is because of Jesus Christ that I know this stuff.
<><
frankencat said:
Add C:\android-sdk-windows\tools to you computer's PATH...
- Open System Properties by right-clicking on My Computer
- Click on Advanced tab
- Click on Environment Variables
- Find PATH in System Varibles (bottom window) and open it for editing by either double-clicking or selecting it and clickin Edit button
- Scroll all the way to the end of the PATH string and enter a semi-colon ; at the end
- Paste the path to the sdk tools directory right after the semi-colon (C:\android-sdk-windows\tools)
- Click OK, OK, OK all the way out.
Now type "PATH" (without the quotes) in the command window and you should see the new path in the window. If not then close the window and open a new one. The tools dir should now be in the path and you are ready to use ADB.
Click to expand...
Click to collapse
I did all of this - i type in PATH and I see the new path etc.
But when i type adb shell it still says "device not found"
frankencat said:
You probably do not have have USB debugging enabled. Do you know if you eneabled that before or not? Also, did you make an nandroid backup before you started this?
And yes, it is because of Jesus Christ that I know this stuff.
<><
Click to expand...
Click to collapse
I don't think I enabled it -- as this happened spontaneously -- is there any way to fix this ? or am I seriously screwed ?
Not screwed, there is always a way.
Try this, pull your battery to power down your phone and then put the battery back in but DONT power it back up.
Now you have to do this all at the same time...hold down the up and down volume buttons and press down the power button. Hold all three buttons until you see the black Vibrant screen. KEEP HOLDING the up and down volume buttons until you see the yellow diags screen and then the green recovery screen.
Using the up/down volume keys to move, select "Reinstall Packages" and press the power button to select.
Tell me what you see...
** Update ****************
************************
Posted a .zip with scripts for both Windows and *nix users to automate the process.
Linux:
-----
Unzip the contents of the attached ICS404root.zip anywhere on your computer and run the script aptly named "runme_root_script.sh". It should take care of the rest. Make sure you have USB Debugging enabled and you put the phone in Camera mode, not mass storage device.
Windows:
---------
Unzip ICS404root.zip wherever you want and then run "rootscript.bat". Make sure you have USB Debugging enabled and you put the phone in Camera mode, not mass storage device.
*************************
*************************
Credit to miloj for finding this technique on the Transformer. (See the thread noted below and be sure to thank him!) I modified it to work on our devices.
http://forum.xda-developers.com/showthread.php?t=1704209
I'll put together a script to automate this process shortly, but if you're antsy like me, here's the lowdown:
1. Download the following files:
su: http://db.tt/ShPzea6I
debugfs: http://db.tt/bGFh43LZ
2. Save the two files downloaded above on /sdcard. (ie: mount your sdcard in windows and copy them over, or "adb push" them to /sdcard).
**Make sure you have your phone on Mount Camera mode, not as a mass storage device; otherwise, you won't be able to access your /sdcard directory via adb. **
3. In a linux terminal/Windows command prompt:
Code:
adb shell
[email protected]_maserati:/ $ cd /sdcard
[email protected]_maserati:/ $ cp su /data/local/12m/
[email protected]_maserati:/ $ cp debugfs /data/local/12m/
[email protected]_maserati:/ $ cd /data/local/12m
[email protected]_maserati:/ $ chmod 755 debugfs
[email protected]_maserati:/ $ chmod 755 su
[email protected]_maserati:/ $ mv batch batch.bak
[email protected]_maserati:/ $ ln -s /dev/block/mmcblk1p20 batch
[email protected]_maserati:/ $ exit
adb reboot
4. While you are waiting for the phone to reboot, type the following into your terminal/command window:
Code:
adb wait-for-device shell
5. Once you're back into the android shell:
Code:
[email protected]_maserati:/ $ cd /data/local/12m
[email protected]_maserati:/ $ rm batch
[email protected]_maserati:/ $ mv batch.bak batch
[email protected]_maserati:/ $ /data/local/12m/debugfs -w /dev/block/mmcblk1p20
(The following is entered at the "debugfs:" prompt)
debugfs: # cd xbin
debugfs: # write /data/local/12m/su su
debugfs: # set_inode_field su mode 0104755
debugfs: # set_inode_field su uid 0
debugfs: # set_inode_field su gid 0
debugfs: # quit
[email protected]_maserati:/ $ cd /data/local/12m
[email protected]_maserati:/ $ rm su
[email protected]_maserati:/ $ rm debugfs
[email protected]_maserati:/ $ exit
adb reboot
Done deal. Now you've got the "su" binary pushed to your /system partition and set with the proper permissions for execution. Download the Superuser app from the market and you're good to go. Make sure you update the su binary within the Superuser app as well to make sure you're up to date.
Awesome! Were you able to upgrade to the latest leak and not lose root? Btw, what carrier are you on? I figured out how to get tethering fully functional on rogers but the process requires root...
Sent from my XT894 running ICS
You bet. I had to fastboot the leaked .208 update over top of the .206 update yesterday because I messed up my /system partition; I had used the OTA Rootkeeper to keep root permissions when upgrading from .219 but had foolishly disabled it right before I bungled everything up.
So to sum it up, this method didn't require anything to be done before updating to the .208 leak; since it has nothing to do with the technical details of the kernel itself, I'm fairly certain it should work for the .200 or .206 leaks as well. Root permissions were obtained from a completely stock system.
I'm in Canada with Bell but it doesn't matter because I imported the phone from the US; Verizon is the only carrier that has this phone. At any rate, this method is pretty universal, it is preying on a vulnerability present in the stock init.rc file and I bet it would work on other phones such as the RAZR as well.
So we can confirm this is 100% working with Fastbooting back and moving to 208? If so I will probably jump on this immediately.
I am trying to do this method but I cant adb to detect my phone. Im on the .208 leak. Can anybody help?
Have you enabled USB Debugging in the Settings->Developer Options menu?
Rick#2 said:
Have you enabled USB Debugging in the Settings->Developer Options menu?
Click to expand...
Click to collapse
Yep.
Not able to reboot, trying manually...
Code:
debugfs: /data/local/12m/su: Permission denied
debugfs: su: File not found by ext2_lookup
debugfs: su: File not found by ext2_lookup
debugfs: su: File not found by ext2_lookup
Had to reboot manually twice. This is the only error message I received. Tried Superuser, but it stops.
I'm on .200 btw.
droidian1441 said:
Yep.
Click to expand...
Click to collapse
I'm having the same issue. I'm on the 208 leak. I start command prompt in windows then type "adb shell" and I get the "device not found" message. I enabled usb debugging and my phone is connected as mass storage.
Likewise, Reboot requires su access, manual only. When I go and run the write command in debugfs permission denied. Any ideas what would cause this? Based on the code shown in the first post, SU had been already acquired(# vs $), which makes me wonder here.
Die Bruine said:
Not able to reboot, trying manually...
Code:
debugfs: /data/local/12m/su: Permission denied
debugfs: su: File not found by ext2_lookup
debugfs: su: File not found by ext2_lookup
debugfs: su: File not found by ext2_lookup
Had to reboot manually twice. This is the only error message I received. Tried Superuser, but it stops.
I'm on .200 btw.
Click to expand...
Click to collapse
Looks like you're doing something wrong with the debugfs command; you don't want to enter /data/local/12m/su at that prompt.
Running su from any partition other than /system will lead to a permissions error, so you don't want to bother trying to execute it from the /data/local/12m location.
(The following is entered at the "debugfs:" prompt, ie: after executing /data/local/12m/debugfs -w /dev/block/mmcblk1p20; see step 5.)
Code:
debugfs: # cd xbin
debugfs: # write /data/local/12m/su su
debugfs: # set_inode_field su mode 0104755
debugfs: # set_inode_field su uid 0
debugfs: # set_inode_field su gid 0
debugfs: # quit
Grizzy3 said:
I'm having the same issue. I'm on the 208 leak. I start command prompt in windows then type "adb shell" and I get the "device not found" message. I enabled usb debugging and my phone is connected as mass storage.
Click to expand...
Click to collapse
Ive got the same situation over here. I can stick without root, just the fact that I would have it again would be just the single reason to do it. Lol.
Sent from my DROID4 using Tapatalk 2
Code:
debugfs 1.42 (29-Nov-2011)
debugfs: cd xbin
cd xbin
debugfs: write /data/local/12m/su su
write /data/local/12m/su su
/data/local/12m/su: Permission denied
Rick, that's what we're putting in. From the code you posted it shows that you had root access already. Do you have any other suggestions on this? Because that's the in and out I get.
---------- Post added at 04:57 AM ---------- Previous post was at 04:53 AM ----------
Problem resolved. Need to run the following code:
Code:
chmod 755 debugfs
chmod 755 su
Then continue with rooting.
gdeeble said:
From the code you posted it shows that you had root access already.
Click to expand...
Click to collapse
Not sure where you're making this assumption from. I just wrote the "#" symbol in there to signal where to start entering commands... though I suppose you're correct in pointing out that the "#" shows up on a root prompt. A smarter choice probably would have been "$".
Trust me, I'm not an idiot. I wouldn't have gone through the hassle of writing up the guide in the first post if it didn't work.
Didn't mean it that way, just looked like it already had root, which was what confused me. But thanks again for this. :-D
Tried it again. This time no errors and the phone rebooted. But now Superuser keeps on FC .
Reinstalled superuser, updated and busybox. Now rooted! Thnx.
BTW, you might wanna update the OP. Do not batch the commands under windows. I tried several times. I think there is something wrong with the timing. Manually entering all the commands in a shell works. But putting them in a batch will enter them too fast for ADB to handle (under Windows shell) I guess.
Die Bruine said:
BTW, you might wanna update the OP. Do not batch the commands under windows. I tried several times.
Click to expand...
Click to collapse
I don't know, it seemed to work fine for me with the script I made. Anyways, glad it worked out for you.
Now that we can re-root as well as (somewhat convolutedly) fastboot ourselves back on track, we're good to go.
droidian1441 said:
Ive got the same situation over here. I can stick without root, just the fact that I would have it again would be just the single reason to do it. Lol.
Sent from my DROID4 using Tapatalk 2
Click to expand...
Click to collapse
As stated in the guide, you need to be in camera mode not mass storage.
Sent from my DROID4 using XDA
I was trying to do it manually last night before the OP posted the batch file, and it was not working because I was in MTP instead of PTP. SO make sure you use PTP.
Put your phone in camera (PTP) mode for the USB connection and it should work fine. Also, after it completes, download Superuser from the market.
I ran Titanium Backup after everything and it told me it needed to fix my su binary permissions or something like that... I let it do its thing... Either way, IT WORKED!!!!!
I put it in camera mode and made sure usb debugging is enabled. Then I ran the script for windows. Still getting the device not found error throughout. Really don't know what's going on.
I used Qemu local.prop method to set /system/fonts folder as 766 and bricked my KFHD with the following steps:
adb shell
rm -r /data/local/tmp
ln -s /data/ /data/local/tmp
exit
adb reboot
adb shell
echo ‘ro.kernel.qemu=1′ > /data/local.prop
exit
adb reboot
adb shell mount -o remount,rw /system
adb push myfont.ttf /system/fonts
adb shell
cd /system/fonts
mv DroidSans.ttf DroidSans.ttf.bak
ln -s myfont.ttf DroidSans.ttf
chmod -R 06766 /system/fonts
rm /data/local.prop
exit
adb reboot
Click to expand...
Click to collapse
Now my KFHD does gets stucked in
"Your Kindle doesn't seem to be able to boot"
Is that because I changed the permission? Or is it because I did not reboot first after changing permission, and than delete local.prop? Which step was wrong? I am worried that doing that again would cause the same problem. I assume that the only way to recover from this would be to get into fastboot mode with factory cable. But I still want to keep fonts folder as writable.
When you edit files like this, with a device like a KFHD, odds are they deal with the framework-res.apk And if you mess with files that deal with framework-res.apk, your bound to get boot loop. But anyways, can you get adb? If not, fast boot might be your best friend. Cables are available that can boot to it, and if you see the system img. Files in the android development section, you can use fasboot to flash those. It's not the easiest solution, but it is something.
Sent from my Fire HD with root!
Hey there.
i have my old sgs, and it cant boot to recovery. just to the rom.
the problem i have is that the usb port of the phone is messed up and only charges, cant be fixed.
so i cant use Odin.
is there any way to restore recovery? ive tried flashify and Rom Manager, both fails
purpleraintoxicity said:
Hey there.
i have my old sgs, and it cant boot to recovery. just to the rom.
the problem i have is that the usb port of the phone is messed up and only charges, cant be fixed.
so i cant use Odin.
is there any way to restore recovery? ive tried flashify and Rom Manager, both fails
Click to expand...
Click to collapse
We have recovery united with boot kernel if i'm not wrong, so it's risky for you.
If it isn't problem with keys, then you can flash kernel from terminal (i don't know on which ROM you are). I'm not too familiar with 2.3.6 layout, but on MTD you should:
- get any MTD ROM .zip.
- extract those files: bml_over_mtd \ bml_over_mtd.sh \ erase_image \ flash_image
- Take files to /sdcard
- Go in terminal (some file managers don't like copying to /sbin):
Code:
cp /sdcard/flash_image /sbin/flash_image
cp /sdcard/erase_image /sbin/erase_image
cp /sdcard/bml_over_mtd.sh /sbin/bml_over_mtd.sh
mkdir /tmp
cp /sdcard/bml_over_mtd /tmp/bml_over_mtd
chmod 755 /sbin/flash_image
chmod 755 /sbin/erase_image
chmod 755 /tmp/bml_over_mtd
chmod 755 /sbin/bml_over_mtd.sh
- Those files (^^^) should be in given locations (except /sbin/bml_over_mtd.sh - it can be somewhere else).
- Take desired boot.img to /sdcard/boot.img
- And make this:
Code:
su
erase_image boot
sh /sbin/bml_over_mtd.sh boot 72 reservoir 2004 /sdcard/boot.img
- Check /sdcard/bml_over_mtd.log for errors (it should be successful).
- If failed, don't restart! You must try different method.
Maybe wait before i will test it on my own (i can roll back anyway, you can't).
PS: Why not in General?
EDIT: It worked on PAC-ROM @ 4.4.4, so all MTD can be ok. BUT didn't tested on 2.3.6 firmware, here you shouldn't use bml_over_mtd i think, so try:
Code:
/sbin/flash_image boot /sdcard/boot.img
Still didn't guaranteed!!!
Ill try it. Thanks
Im on PA 4.4.4
on the lines:
cp /sdcard/flash_image /sbin/flash_image
cp /sdcard/erase_image /sbin/erase_image
i get error in terminal that this location is read-only
edit:
all went well after remounting this dir
the log was successful, now rebooted, waiting on boot logo for 5 min now. hope itll work, even though i dont really mind, i have my daily G2
thank you!
One more thing :you can always use mobile Odin...