Related
Finally the race is over and some brave devs managed to get root on the tattoo and some were able to reproduce it on their own devices already. But notice: We are in an early stage of development. There is no one-klick-get-root app at the moment and there is still much work to be done until we get custom roms.
I will try to keep track of the ongoing development and update this post periodically. I've you find a mistake or get something new, let us know but we can't give support to every linux-nob at this point of development!
At the moment beeing root on the tattoo does NOT enable you to use the usual applications like Wifi Tethering that need root out of the box. You are also unable to write to /system by default. Now there is a new hack to make /system writable (look at the bottom of this post)
[size=+2]Status[/size]
Last update: 26.02.2010 - 12:55 MEZ
[size=+1]Rooting[/size]
The tattoo was successfully rooted the first time on 19.02.2010 ( http://forum.xda-developers.com/showpost.php?p=5672597&postcount=93 ). It was reproduced by some other users already, there is some work to be done make the exploit work more easily.
Because it has been asked many times: If there will ever be an OFFICIAL update with android 2.1 by HTC for the Tattoo (nobody knows definitively), this root-exploit will NOT work! You will lose root then!
It was done by porting this exploit http://www.milw0rm.com/exploits/8678 to the arm plattform and the tattoo. It uses a security hole in kernel 2.6.29 that wasn't patched in tattoos kernel. All began here on 10.2.2010 (the first post doesn't has to do anything with this): http://forum.xda-developers.com/showthread.php?t=631540
Kudos to zanfur, bftb0, mainfram3, HT123 and others (sorry if I forgot an important one).
The exploit was tweaked to deliver root more reliable.
[size=+1]Flashing custom roms[/size]
To develop custom roms won't be the problem, but the tattoo has got some extra security mechanisms that don't make it trivial to flash a new rom even now we have root. There is work going on to solve this.
[size=+1]Howto get root-privileges[/size]
I think it is save to follow but this is done at your own risk. Don't blame me if you Tattoo explodes, eats your hamster or make your girlfriend leave you.
Remember: We're in an early state of development, this is no Klick-an-Run-app, linux knowledge is needed.
Newbis on Windows should follow this howto made by Coburn64, its much easier than this one: http://forum.xda-developers.com/showthread.php?t=637927
Download this to your PC and unzip: View attachment 285070
(the older release was called m6 and can be found here: View attachment r00t.zip)
m7 is the binary. Push m7 to your Tattoo using adb:
Code:
adb push m7 /data/local/bin/m7
adb chmod 755 /data/local/bin/m7
Start a shell:
Code:
adb shell
Start the exploit in the shell:
Code:
cd /data/local/bin
while `true` ; do /data/local/bin/m7; done
The new m7 is an improved version of the old m6, it now should bring you root much more reliable.
With the old m6 while it is running, bring up and close random apps via task manager on the tattoo. This might not be necessary with m7. After a while the exploit should report success and come up with a root-shell. The promt should change from
Code:
$
to
Code:
#
Sometime the exploit stopps but no shell ('#') comes up. Just terminate it with ^C and try again.
You did it, you should be root now!
Let's set some variables:
Code:
export LD_LIBRARY_PATH=/system/lib
export PATH=/system/bin
When you got your shell, check if you are really root:
Code:
id
You should get something like this:
Code:
# id
uid=0(root) gid=1000(shell) groups=1003(graphics),1004(input),1007(log),1011(adb),1015(sdcard_rw),3001(net_bt_admin),3002(net_bt),3003(inet)
uid=0(root) is important.
To get a root-shell more easily next time, we have to make su work.
Take this su binary and push it in your tatto: http://www.fileuploadx.de/45656
Code:
adb push su /data/local/bin/su
Remount /data without the nosuid-option
Code:
# mount -o rw,remount /dev/block/mtdblock3 /data
Change the owner to root and set the suid-bit
Code:
# chown root.root /data/local/bin/su
# chmod 4755 /data/local/bin/su
Now you don't have to run the exploit again, just open a normal shell and run
Code:
$ /data/local/bin/su
Now you should be root!
Attention: If you reboot your phone, you have to run the exploit and the mount command again because /data will be mounted nosuid again!
Thats it!
Some suggestions for going on. When you run mount, you will see that some partitions are mounted read-only and/or with the nosuid-option. You can change this by running:
Code:
mount -o rw,remount /dev/block/mtdblockYOUWANT /DIRtoREMOUNT
[size=+2]Other developer stuff[/size]
Here I will list all other thinks, more dangerous and not with all steps described in detail because you should know how to do this if you want to
New: Make /system writeable
This is a dangerous part, it might break you system forever unless you don't know what you are doing! Don't try it unless you are a dev! That is the reason why the steps you have to do are not described in a more detailed way. If you don't know what to type in, you shouldn't try this hack!
Download View attachment 286072
1. Copy tattoo-hack.ko from the zip to /data/local/bin
2. # insmod /data/local/bin/tattoo-hack.ko
3. Remount system partition to be writeable
Now you can do everything with /system until you reboot. /system is the only partition that is mounted without nosuid after reboot, so copy su over to /system/bin/ to keep root permanently. To be able to use programs like setcpu you have to replace /system/bin/su with this su:
View attachment 286154
Flashing a custom recovery image
This is in alpha-state but we are able to flash custom recovery images what is the determining step to flashing custom roms. Don't ask how to flash android 2.x (we didn't do it right now) or when it will be ready. It will bes sometimes...
http://forum.xda-developers.com/showthread.php?t=639486
Have a lot of fun!
-bm-
BTW.. In order for /data/local/bin to exist it's probably best you do the busybox install to there first.. also the busybox commands are very handy.
Great - bm - thank you very much
-bm- said:
-bm-
Click to expand...
Click to collapse
This is a great day, it's really amazing how people could work together searching the good way to root this awesome little phone. Just to say I've really appreciated your work... I followed all you guys day by day... Thank you everyone, sorry for the OT.
Anyway... risks of bricks?
elvisior said:
BTW.. In order for /data/local/bin to exist it's probably best you do the busybox install to there first.. also the busybox commands are very handy.
Click to expand...
Click to collapse
Youre right, busybox makes further development more handy. But I think it isn't needed for /data/local/bin to exist, because for me it was there and I've got no busybox on my tattoo
chdir /data/local/bin
Click to expand...
Click to collapse
instead of
chdir to /data/local/bin
Click to expand...
Click to collapse
Thanks Man.
Nice team work.
stupid noobie question how Push m6 to your Tattoo using adb! can anyone possible make a noobie tutorial?!
@zoko : Use your favorite linux distribution.
please can you help me?when I do .m6 in shell i get
Code:
[ Overwritten 0xb0000100
but no #, any help for me?
ApotheoZ said:
@zoko : Use your favorite linux distribution.
Click to expand...
Click to collapse
You don't need Linux. Windows or even Mac OS will do just fine.
Zoko, grab adb.exe from the Android SDK. To install m6, just run:
Code:
adb push m6 /data/local/bin/m6
chusen said:
please can you help me?when I do .m6 in shell i get
Code:
[ Overwritten 0xb0000100
but no #, any help for me?
Click to expand...
Click to collapse
As I try to say in my howto (okay, my english is not the best ;-) ): That happens quite often. Just stop it with ^C ([control]+C) and start the exploit again until you have luck!
zoko said:
stupid noobie question how Push m6 to your Tattoo using adb! can anyone possible make a noobie tutorial?!
Click to expand...
Click to collapse
Hi zoko!
Please use google to find a tutorial for pushing files using adb, there are many out there and using adb is not tattoo-specific!
We don't have time to provide more service at the moment ;-)
By the way: I'm happy about everybody testing, but I wonder what you want to do with a root-shell I you even didn't use adb before. But learning and trying is always a good thing but please consider learning by googling also ;-)
Have a lot of fun!
-bm-
thanks but i try and try and try... and same result, more ideas or only try it?
Is there any way to mount /data r/w on boot?
I doubt it because the exploit should be run first... hmm
So now we need a custom rom with root privileges
...first a recovery.. i think
after i run the exploit once I have to reboot the phone to be able run it again or i get
HTML:
$ usage: reboot [-n] [-p] [rebootcommand]
.
any option to be able to run it more than once without rebooting the phone?
The Tattoo Root (kit)
Here's a small installation batch, to make it easier for everyone.
Download the supplied zip (TattooRoot).
Run 'install-tattoo-root'.
Code:
--------------------------------------------------
Creating /data/local/bin (it's ok to get an error)
mkdir failed for /data/local/bin, File exists
300 KB/s (5546 bytes in 0.018s)
1366 KB/s (356916 bytes in 0.255s)
9 KB/s (126 bytes in 0.013s)
--------------------------------------------------
M6 exploit (shoryuken derived with ARM shellcode from Zanfur)
installed to /data/local/bin
STEP 1:
Launch adb shell at the command prompt
Once in a shell type:
while `true` ; do /data/local/bin/m6; done
The exploit has succeded once you get a root prompt (indicated by #)
Retry the while loop above, until you get the root prompt
STEP 2:
Run /data/local/bin/create_su.sh to create a
suid shell in /data/local/bin/su
I think the comments are self-explanatory. If you can't get the m6 into your Tattoo, even with the help of this batch, I suggest you wait a little longer for a more foolproof way to free your Tattoo
Everytime you reboot your Tattoo you'll have to execute steps 1 and 2 again.
@mainfram3 i dont get same results
Code:
--------------------------------------------------
Creating /data/local/bin (it's ok to get an error)
mkdir failed for /data/local/bin, File exists
300 KB/s (5546 bytes in 0.018s)
1366 KB/s (356916 bytes in 0.255s)
9 KB/s (126 bytes in 0.013s)
--------------------------------------------------
M6 exploit (shoryuken derived with ARM shellcode from Zanfur)
installed to /data/local/bin
STEP 1:
Launch adb shell at the command prompt
Once in a shell type:
while `true` ; do /data/local/bin/m6; done
The exploit has succeded once you get a root prompt (indicated by #)
Retry the while loop above, until you get the root prompt
STEP 2:
Run /data/local/bin/create_su.sh to create a
suid shell in /data/local/bin/su
i get
Code:
Creating /data/local/bin (it's ok to get an error)
mkdir failed for /data/local/bin, File exists
34 KB/s (5546 bytes in 0.156s)
796 KB/s (356916 bytes in 0.437s)
7 KB/s (126 bytes in 0.015s)
--------------------------------------------------
where are my error?
chusen said:
i get
Code:
Creating /data/local/bin (it's ok to get an error)
mkdir failed for /data/local/bin, File exists
34 KB/s (5546 bytes in 0.156s)
796 KB/s (356916 bytes in 0.437s)
7 KB/s (126 bytes in 0.015s)
--------------------------------------------------
where are my error?
Click to expand...
Click to collapse
Chusen,
That is allright.
Now, launch a adb shell by typing
Code:
adb shell
and then try the exploit
Code:
$ while `true` ; do /data/local/bin/m6; done
until your greeted with:
Code:
[ Overwritten 0xb0000100
# <---- This # indicates you got root
Ok, I'm not a total noob. I've been trying to return to 1.5 as cleanly as possible, but now I'm having an error when trying to remount my phone.
Code:
C:\android-sdk-windows\tools>adb devices
List of devices attached
HT9C1HF03306 device
C:\android-sdk-windows\tools>adb remount
remount failed: Operation not permitted
C:\android-sdk-windows\tools>adb shell
$ su
su
#
This is what I did:
Flashed the 1.5 RUU that Flipz has had out for months. No errors
Ran the Avalaunch PRI fix to get rid of the flipz_01 PRI name
updated my profile
updated my PRL (which is now 65000??)
rooted through the normal sequence without error, I can boot to the recovery just fine, but when I adb shell into the phone I end up at $ instead of #. I have to su to get to # and at the c:\windows-sdk-windows\tools\adb remount fails with "remount failed: operation not permitted"
Is it possible that the PRI update has foiled the root exploit? I even restored a nand backup that I know had a working root and I still have the same results. This is too weird.
Anyone else have this issue? I searched the forum but I came up empty.
Try adb remount before adb shell. I'm pretty sure anythig with adb should be ran at just the command prompt.
Someone feel free to correct me if I'm wrong.
right, this is at the c:\android-sdk-windows\tools\ prompt. I guess I need to re-word that last bullet point to be more clear.
Code:
C:\android-sdk-windows\tools>adb devices
List of devices attached
HT9C1HF03306 device
C:\android-sdk-windows\tools>adb remount
remount failed: Operation not permitted
C:\android-sdk-windows\tools>adb shell
$ su
su
#
Yeah the wording got me. I was hoping it was as simple as that for you tho. Defiantly Strange. Believe me I've had plenty of those moments where hours would have been saved if someone could have just said "no your just doing it wrong".
Maybe try rerunning the RUU and start from scratch the PRI fix should hold thru the RUU but if it did affect something else running the RUU again may correct it.
I RUU'd about 4 times so far on two different laptops, one with XP and one with Win7, running both versions of the HTC Sync drivers.
Something is definitely different. I'm thinking of doing the PRI fix again to see if that helps. The PRL being 65000 instead of the normal 60664 is another anomaly I'm curious about.
looks as if the 65000 PRL is a new one. I can't confirm (not with Sprint) but there is a thread over in General talking about it.
http://forum.xda-developers.com/showthread.php?t=684873
YEAH! I fixed it....well....actually Flipz fixed it for me. I created a custom ROM in the kitchen and flashed it. Now the remount miraculously works. I'm back to being happy...though I don't know why. Its not like I was using root for anything
Nextelian said:
right, this is at the c:\android-sdk-windows\tools\ prompt. I guess I need to re-word that last bullet point to be more clear.
Code:
C:\android-sdk-windows\tools>adb devices
List of devices attached
HT9C1HF03306 device
C:\android-sdk-windows\tools>adb remount
remount failed: Operation not permitted
C:\android-sdk-windows\tools>adb shell
$ su
su
#
Click to expand...
Click to collapse
Can someone splain how to fix this issue w/o flashing? Like maybe from command prompt/shell? Pleeeeease?
mrsato said:
Can someone splain how to fix this issue w/o flashing? Like maybe from command prompt/shell? Pleeeeease?
Click to expand...
Click to collapse
I found something that help me and you. it properly works!!
I can't spell out instructions for the above mentioned suggestion, since I
don't know which file editor comes on the shipped device, but I have an
alternative solution.From the SDK's tools directory, run adb shell. In the
prompt run the following:
# su
# mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
# chmod 777 /system (Or any subdirectory you want to push to inside system)
# exit
adb push <local file> <device location>
and eventually you should restore the original directory permissions by:
# chmod 755 /system (Or any subdirectory you modified permissions to)
Hope this helps,
Yoav
Click to expand...
Click to collapse
still no Read/Write on /system
I tried the above, and I could not mount /system as read/write:
Code:
adb shell
$ su
mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
Permission denied
$ mount: Operation not permitted
My Android 1.6 is rooted, so I feel like I should be able to do this. But any help would be...helpful.
mojotexas said:
I tried the above, and I could not mount /system as read/write:
Code:
adb shell
$ su
mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
Permission denied
$ mount: Operation not permitted
My Android 1.6 is rooted, so I feel like I should be able to do this. But any help would be...helpful.
Click to expand...
Click to collapse
I'm not at my computer but I think the command is off... check to make sure its exactly how it should be... maybe the coma after the rw
Sent from my HERO200 using XDA App
mojotexas said:
I tried the above, and I could not mount /system as read/write:
Code:
adb shell
$ su
mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
Permission denied
$ mount: Operation not permitted
My Android 1.6 is rooted, so I feel like I should be able to do this. But any help would be...helpful.
Click to expand...
Click to collapse
Just cd to your tools directory and adb remount
huedawg said:
Just cd to your tools directory and adb remount
Click to expand...
Click to collapse
Is there a solution for this?
I have a rooted HTC Desire.
When I type adb remount I get permission denied.
When I type adb shell and then su , i get permission denied!
This was a stock 2.2 rooted with unrevoked 3.
Any idea?
[edit]
i noticed root permissions pop-up on the phone and allowed so su worked.
[/edit]
Hi,
I have a Desire with stock froyo rooted with unrevocked 3 too and cannot use adb remount:
D:\android-sdk-windows\tools>adb remount
remount failed: Operation not permitted
Click to expand...
Click to collapse
D:\android-sdk-windows\tools>adb shell
$ remount
remount
remount: permission denied
$
Click to expand...
Click to collapse
I have allowed ADB via the Super user app popup.
Any idea?
EDIT: I have set S-OFF using AlphaRev's recovery fastboot and I am now able to remount in rw (well no access denied anymore)
still missing some access as I fail to remove the Google Maps app (want to use Brut maps only)
ghost_boy1412 said:
I found something that help me and you. it properly works!!
Click to expand...
Click to collapse
This worked perfectly! Thank you!
Good freakin lord why the heck did you feel the need to bump this thread thats almost a year old just to say that!!!!!!!! I rarly shout like this, but this crap is starting to drive me crazy!!!!!!!!!!!!
Grrrrrrrrrrrrrrr
same thing for me. i get permission denied
DannyMichel said:
same thing for me. i get permission denied
Click to expand...
Click to collapse
thank you for letting us all know, and in such detail, and with new valuable information no less
/me shakes fists in rage.
Post deleted.
Don't mean to bring up this dead thread but a more simple solution would be this
adb shell
$ su
# busybox mount -o remount,rw /system (or another desired directory)
# chmod 777 (or another desired permission set) /system (or another desired directory)
# exit
$ exit
First off I take no credit for any of these instructions!! I did not make them and they were found at another area of the forum, I just thought since I used them to deodex my OLYEM_U4_2.2.3 that they may be of use to someone.
P.S. For step 5 there was no guava.odex, so if nothing show's up don't worry about; and I also changed the mount codes for step 10, these were out of my experience and just made things quicker.
You must be rooted!
Get xUltimate here.
Process:
1. Unzip xUltimate v2.2, and launch "Main.exe"
2. If everything goes well xUlt should recognize the phone and make a connection. You now should see a list of options.
3. Run option 1. After option 1 is done, run option 2.
4. Now these well take a while. Run option 3.
5. IMPORTANT: After you have run option 3, you MUST navigate to the xUltimate folder and find "origi_frame" folder, and delete "guava.odex". It's a bad file, and interferes with deodexing process.
6. Now run option 4, and wait.
7. Exit xUltimate, and put the phone in USB mass storage.
8. Go back into the xUltimate folder and copy "done_frame", and "done_app", and move them to the root of the sdcard.
9. Put the phone in PC mode
10. Open a command prompt, and do the following:
Code:
adb shell
su
stop
mount -o rw,remount /system/ /system/
cp /sdcard/done_app/* /system/app/
cp /sdcard/done_frame/* /system/framework/
rm /system/app/*.odex
rm /system/framework/*.odex
mount -o ro,remount /system/ /system/
reboot
Credits:
Rainabba and Mike919: For initially working with me to get a white clock, and later deodex.
toxman: For testing, and being a huge risk taker.
teenfaces: For letting me use his services.jar
And especially Xeudoxus: For letting me a guinea pig, for xUltimate, and answering my questions. And also for the making the xUltimate tool. It defiantly makes thing easier.
I get a virus warning Trojan when I downloaded the file, anyone else get this. I'm using Norton Antivirus.
Update:
The developers notes this on the OP. Figured what the hell and went ahead and tried it out. But when i press 3 i get "java" is not recognized and an internal or external command operable or batch file. So in english this means? I need Java SDK installed?
Update2:
I installed Java. And now everything seems to be working.
No virus However I got the java error, just downloaded java and problem sorted and now I'm deodexed Thanks for posting the information, really useful!
hexxor93 said:
No virus However I got the java error, just downloaded java and problem sorted and now I'm deodexed Thanks for posting the information, really useful!
Click to expand...
Click to collapse
No problem. Glad it worked.
Got the Java error. I already had it installed so I uninstalled and reinstalled to no avail. Can you guys be more specific as to which you downloaded? I have win 7 64 bit so I did the bottom option here: http://www.oracle.com/technetwork/java/javase/downloads/jdk-6u26-download-400750.html
Did anyone choose differently? I'll try 32 bit as I wait for a response.
omni_angel7 said:
Got the Java error. I already had it installed so I uninstalled and reinstalled to no avail. Can you guys be more specific as to which you downloaded? I have win 7 64 bit so I did the bottom option here: http://www.oracle.com/technetwork/java/javase/downloads/jdk-6u26-download-400750.html
Did anyone choose differently? I'll try 32 bit as I wait for a response.
Click to expand...
Click to collapse
http://www.java.com/en/download/ That's all nothing special just normal java
hexxor93 said:
http://www.java.com/en/download/ That's all nothing special just normal java
Click to expand...
Click to collapse
What the... That worked >.< Thanks man
omni_angel7 said:
What the... That worked >.< Thanks man
Click to expand...
Click to collapse
xD Glad it did. Random huh lol
hexxor93 said:
xD Glad it did. Random huh lol
Click to expand...
Click to collapse
Has anyone deodexed 2.3.4 build 4.5.91 yet? Can you confirm if this works?
TIA.
EDIT - Just went ahead and did it and it works well. The process is well documented by the OP.
i just tried this, gettin error any ideas ?this is what i did...
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\ADB>adb shell
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
# su
su
# stop
stop
# mount -o rw,remount /system/ /system/
mount -o rw,remount /system/ /system/
# cp /sdcard/done_app/* /system/app/
cp /sdcard/done_app/* /system/app/
# cp /sdcard/done_frame/* /system/framework/
cp /sdcard/done_frame/* /system/framework/
cp: /system/framework/services.jar: No such file or directory
cp: /system/framework/sqlite-jdbc.jar: No space left on device
cp: /system/framework/svc.jar: No space left on device
# rm /system/app/*.odex
rm /system/app/*.odex
# rm /system/framework/*.odex
rm /system/framework/*.odex
# mount -o ro,remount /system/ /system/
mount -o ro,remount /system/ /system/
# reboot
reboot
C:\ADB>
simplesid242002 said:
i just tried this, gettin error any ideas ?this is what i did...
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\ADB>adb shell
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
# su
su
# stop
stop
# mount -o rw,remount /system/ /system/
mount -o rw,remount /system/ /system/
# cp /sdcard/done_app/* /system/app/
cp /sdcard/done_app/* /system/app/
# cp /sdcard/done_frame/* /system/framework/
cp /sdcard/done_frame/* /system/framework/
cp: /system/framework/services.jar: No such file or directory
cp: /system/framework/sqlite-jdbc.jar: No space left on device
cp: /system/framework/svc.jar: No space left on device
# rm /system/app/*.odex
rm /system/app/*.odex
# rm /system/framework/*.odex
rm /system/framework/*.odex
# mount -o ro,remount /system/ /system/
mount -o ro,remount /system/ /system/
# reboot
reboot
C:\ADB>
Click to expand...
Click to collapse
I ran into that as well... I treated it as if I ran out of space, so I reran the copy command: cp /sdcard/done_frame/* /system/framework/ . With the odex files gone it ran without issue.
But it looks like you copied and pasted the entire block. I did it line by line and only rebooted at the end (after my second attempt to copy those files).
Can it deodex official 2.3.4?
Sent from my MB860 using XDA App
Javi97100 said:
Can it deodex official 2.3.4?
Sent from my MB860 using XDA App
Click to expand...
Click to collapse
Yes it can.
how do I know if i am dedoexed after doing all the steps?
and i keep getting error when trying to flash blur music.apk
i am at the adb shell step. When i get to typing: mount -o rw,remount /system/ /system/ it gives me a permission denied. What am i doing wrong?
and1baller said:
i am at the adb shell step. When i get to typing: mount -o rw,remount /system/ /system/ it gives me a permission denied. What am i doing wrong?
Click to expand...
Click to collapse
are you rooted?
did you enter "su"?
does the prompt appear as "#"?
yes i am rooted and i did type SU. But i don't see a # sign. All i see is a $ sign.
and1baller said:
yes i am rooted and i did type SU. But i don't see a # sign. All i see is a $ sign.
Click to expand...
Click to collapse
Then you are not in as root. When you type "su" do you check the phone screen to see if it is asking for you to grant permissions?
i checked the screen when typing su but it doesn't ask me to give permission. I am in usb debugging and the usb connection is set as none.
Hi folks,
here's an easy-to-install busybox for your Galaxy Tab 2. NOW with Cyanogen Mod support.
ChangeLog:
BusyBox 1.21.0-git Nano1 (2012-07-28): initial release
BusyBox 1.21.0-git Nano2 (2012-07-29): applied various patches:
BUGFIX: flush all open files after listing them (ls)
BUGFIX: when setting hostname from file p**** whole name
COMPAT: ps now accepts (= ignores) all options a POSIX ps should
allow passing -mthumb to make
ash applet now exports HOME
silently ignore processes from inittab with terminal names without matching device file
default behaviour of 'showkey' applet changed from displaying interpreted keycode to decimals
do not show a message when testing an uninitialized variable
changed some terms in top applet output (rss vs. vsz)
BusyBox 1.21.0-git Nano3 (2012-08-05): major fix
NEW: rfkill applet¹
several minor modifications to applet
BUGFIX fixed a bug in busyinstall that left system without 'sh' upon uninstall²
provide busybox-patches to the world
BusyBox 1.21.0-git Nano4 (2012-08-15): minor fix / cm 10 edition
updated to latest git (some bugfixes)
BUGFIX: reading profile now works
BUGFIX: adjusted shell paths
BUGFIX: history now works
BUGFIX: no longer replace reboot on stock rom³
NEW: Cyanogen Mod edition (tested on cm10)
¹ Either redo 'busyinstall install', or do 'ln -sf /system/bin/busybox /system/bin/rfkill'
² You can find the original sh in you CWM backup, or here: http://www.nanolx.org/downloads/P3110/original-sh
If you didn't get /system/bin/sh.orig after 'busyinstall install', use this file as /system/bin/sh.orig
³ push new busyinstall into tablet to ensure future install/uninstall is fine. then do 'mv /system/bin/reboot.orig /system/bin/reboot'
from within 'adb shell' as root to get original reboot back.
Prerequisites:
* root access on your Tablet
Download:
busybox (normal): http://www.nanolx.org/downloads/P3110/busybox-nano4
busybox (debug): http://www.nanolx.org/downloads/P3110/busybox_unstripped-nano4
busyinstall (installer/stock): http://www.nanolx.org/downloads/P3110/busyinstall
busyinstall (installer/cm10): http://www.nanolx.org/downloads/P3110/busyinstall-cm
profile (optional): http://www.nanolx.org/downloads/P3110/profile¹
busybox (patches): http://www.nanolx.org/downloads/index.php?dir=P3110/busybox-patches/
¹ profile is a generic file, read on each startup of busybox. Mine sets HOME to /,
and puts /system/xbin/ in front of /system/bin/ in PATH. You can also adjust the
prompt (PS1) or whatever here, it's valid for all users. You could check for
'$(id -u) == 0' to adjust prompt for root, if not 0, for ordinary user.
Ordinary user should get 'busybox (normal)', rather than 'busybox (debug)'.
NEW INSTALLATION (STOCK ROM):
Putting busybox on internal sd-storage:
Code:
adb push busybox /mnt/extSdCard/
adb push busyinstall /mnt/extSdCard/
replace "extSdCard" if you saved busybox somewhere else
Code:
adb shell
su
chmod 0777 /mnt/extSdCard/busybox
chmod 0777 /mnt/extSdCard/busyinstall
/mnt/extSdCard/busybox remount -o rw,remount /system
/mnt/extSdCard/busybox mv -f /mnt/extSdCard/busybox /system/bin/
/system/bin/busybox mv -f /mnt/extSdCard/busyinstall /system/bin
busyinstall install
NEW INSTALLATION (CYANOGEN ROM):
Putting busybox on device:
in Settings > Development > set 'root access' to 'apps + adb'
Code:
adb root
adb shell
busybox mount -o rw,remount /system
exit
adb push busybox /system/xbin/busybox.nano
adb push busyinstall /system/bin/busyinstall
adb push profile /system/etc/profile # optional, if downloaded profile
adb shell
chmod 0777 /system/bin/busyinstall
busyinstall install
UPDATE:
Just download busybox, busyinstall and replace the ones in /system/bin/ - it will instantly work:
Code:
adb push busybox /system/bin/
adb push busyinstall /system/bin/
adb shell
su
toolbox chmod 0777 /system/bin/busybox # if you use windows, the executable bit might be missing in the uploaded file
chmod 0777 /system/bin/busyinstall
UNINSTALLATION:
Code:
ab shell
su
busyinstall --
That's it!
I tested everything and it does work perfect, either way a backup (CWM) is always recommened, when working around with stuff down the stack.
Suggestions welcome.
Out of curiosity, what is the difference between what this does and what BusyBox (by Stericson) from the Play Store does?
Sent from my MB855 using Tapatalk 2
Jleeblanch said:
Out of curiosity, what is the difference between what this does and what BusyBox (by Stericson) from the Play Store does?
Sent from my MB855 using Tapatalk 2
Click to expand...
Click to collapse
mine is a newer version
has all features of busybox (stericsons free version does not have all applets in busybox enabled, eg. 'sh' applet is missing)
installation 100% GT-P3XXX optimized
As of now, mostly personal preference I'd say.
Edit: But I'm currently applying stuff from busybox-power (maemo) which adds serveral bugfixes and stuff to busybox.
OK, improved version of busybox available in post 1 (+ changelog)
OK, thanks for letting me know!
I actually haven't done much with my Tablet lately as I've been busy with my phone as that now has CM10 too
But once I get my phone all set I'll use your BusyBox and give it a go!
Also, you said your busybox version is newer...but busybox via my phone is version 1.20.2. Just letting you know!
Thanks for this btw, I'd rather have a modified version optimized for my tablet versus a more universal version so to speak. Plus, with your updated applets! Thanks!
Sent from my MB855 using Tapatalk 2
Jleeblanch said:
Also, you said your busybox version is newer...but busybox via my phone is version 1.20.2. Just letting you know!
Sent from my MB855 using Tapatalk 2
Click to expand...
Click to collapse
Oh, ... mine is 1.21.0-git - fixed the typo
First,thank you for your work,second I've a question: I've an p3100 (wifi+gsm) ,it rooted on stock 4.0.4 ,and no busybox installed.It has 16gb onboard ,and I don't have at the moment any external microsd in slot,I've ordered an 32gb,but it hasn't come yet.Can you please tell me if it's safe puting your files in /sdcad (not ExtSdCard like you wrote) and give the commands using ''sdcard'' word ?
For e.g:
db shell
su
/mnt/sdcard/busybox remount -o rw,remount /system
I need busybox to backup my /efs folder ,but I don't want to screw something,so please tell me if it is safe to use internal memory (sdcard) for busybox install?Also ,when I'll receive the microsd ,I will need to install again busybox with your original commands from this topic ?
Thanks a lot!!
Best Regards!
viasat said:
First,thank you for your work,second I've a question: I've an p3100 (wifi+gsm) ,it rooted on stock 4.0.4 ,and no busybox installed.It has 16gb onboard ,and I don't have at the moment any external microsd in slot,I've ordered an 32gb,but it hasn't come yet.Can you please tell me if it's safe puting your files in /sdcad (not ExtSdCard like you wrote) and give the commands using ''sdcard'' word ?
For e.g:
db shell
su
/mnt/sdcard/busybox remount -o rw,remount /system
I need busybox to backup my /efs folder ,but I don't want to screw something,so please tell me if it is safe to use internal memory (sdcard) for busybox install?Also ,when I'll receive the microsd ,I will need to install again busybox with your original commands from this topic ?
Thanks a lot!!
Best Regards!
Click to expand...
Click to collapse
Of course you can. It does not matter where you put busybox. All that matters is, that you adjust the commands to your path.
In your you would push the files using ADB, like
Code:
adb push busybox /mnt/sdcard
adb push busyinstall /mnt/sdcard
also you don't need to re-do this when you got your sd-card, because during the steps you move busybox/busyinstall into /system/bin/.
Edit: updated instructions to clarify this.
Ok,thank you for your time,everything it's clear now.I'll try later,when I'm going home.
Cheers!
---------- Post added at 07:04 PM ---------- Previous post was at 06:11 PM ----------
OK,first problem:when I try to execute the first comand,it gives me ''permission denied'',so after a little reading,because my kernel it's stock,I've installed Chainfire's ''adbd Insecure v1.0 '' http://forum.xda-developers.com/showthread.php?t=1687590 to give me rights.After that I've no more errors,but,when I execute first command in adb,it says nothing,just hanging,and adb doesn't come back to # symbol ,and because of that I can't execute the next command.Any ideea what I'm doing wrong?Thanks!
What command failed?
Gesendet von meinem GT-P3110 mit Tapatalk 2
I don't know how to explain,it not really failed, but when I type
/mnt/sdcard/busybox remount -o rw,remount /system the adb doesn't return anything back,and doesn't come back to # symbol ,it just staying,nothing more,no response.I was waiting 2 minutes,and nothing ,doesn't return to # .I can type the next command
/mnt/sdcard/busybox mv /mnt/sdcard/busybox /mnt/sdcard/busyinstall /system/bin/
it's the same,no output,nothing.
Can you please tell me what I'm doing wrong?
Thanks again!
Now I'm stuck,even with adbd insecure activate I cannot execute commands:
C:\Documents and Settings\X\Desktop\ADB>adb shell
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
[email protected]:/ # /mnt/sdcard/busybox remount -o rw,remount /system
/mnt/sdcard/busybox remount -o rw,remount /system
/system/bin/sh: /mnt/sdcard/busybox: cannot execute - Permission denied
126|[email protected]:/ # /mnt/sdcard/busybox mv /mnt/sdcard/busybox /mnt/sdcard/busy
install /system/bin/
dcard/busybox /mnt/sdcard/busyinstall /system/bin/ <
/system/bin/sh: /mnt/sdcard/busybox: cannot execute - Permission denied
126|[email protected]:/ #
Maybe I need first to install Stericsson's busybox from Market?At the moment,as I said before I don't have busybox installed at all,only su.
One more thing,every time when I save from your link busyinstall,no matter what browser,the file is saved as busyinstall.txt
It is normal ,or I need to rename it?
Thanks a lot!
Hmm... seems I forgot a little thing.
do this after you put busybox on tablet, before anything else:
Code:
adb shell
su
chmod 0777 /mnt/sdcard/busybox
then follow the rest of the instructions.
/goingtofixfirstpost
Same story,take a look:
[email protected]:/ # chmod 0777 /mnt/sdcard/busybox
chmod 0777 /mnt/sdcard/busybox
[email protected]:/ # chmod 0777 /mnt/sdcard/busyinstall
chmod 0777 /mnt/sdcard/busyinstall
[email protected]:/ # /mnt/sdcard/busybox remount -o rw,remount /system
/mnt/sdcard/busybox remount -o rw,remount /system
/system/bin/sh: /mnt/sdcard/busybox: cannot execute - Permission denied
126|[email protected]:/ #
Hmmm... > could you provide me the details of 'adb logcat'? Ensure to run those commands while logging.
Gesendet von meinem GT-P3110 mit Tapatalk 2
I don't know if this is what you want,but here we go:
I'm going to check your logs soon and report back.
Meanwhile I updated to Nano3 - see first post.
I got no clue why it does not work for you, but me.
What boot image and ROM are you using? Default boot/ROM, rooted boot/ROM, cyanogen?
I only tested default ROM with my boot. Currently testing cyanogenmod 10, but except some adjustments to busyinstall it will work there, too.
Sorry for the late reply,I'm on vacation until Sunday,and my acces to internet it's very limited here.Now,regarding my problem,first when I got the tablet it was on stock 4.0.3 ,wich I rooted manually to keep the counter to 0 (for warranity) ,and after that I updated to stock 4.0.4 using Mobile Odin Pro,with Everoot option ( it's rooting the rom on the fly) .So now I'm rooted on stock 4.0.4 ,stock recovery, and no busybox installed.I fell more secure and want to install your busybox version,because it's specialy designed for tab2,and it's has features from Maemo (I'm a big fan,I owned an N800,and I've also an N900 ).Maybe,if you have the time and the skills,you can pack it on an .apk version,if it's possible,of course.I will try more Sunday,when I'll be back home.Thanks again for your patience and help.Best Regards!
It will be great if we have a kernel (even stock) with CWM and this busybox...
I am also rooted with flash counter 0 and stock recovery.
Sent from my GT-P3110 using Tapatalk 2
Maybe some contributor creates a flashable zip (for CWM).
So... uploaded 1.20.1-Nano4. See first post for changes.
This time an addtional install-script for cyanogen mod was added, along some fixes.
ah... and: 100th post
Device is pre-rooted, but only lets you do stuff via terminal. I didn't find a way to install Superuser/busybox on Mac, so I decided to make a simple guide. Took me all of 3min to complete, well since I already had the sdk and everything else installed.
You'll need this Superuser.apk, su binary and busybox.apk, dL the files from here http://d-h.st/BBk, once you have the files installed and launch Superuser it will ask you to update the binary, just click yes. Place the 3 files in your sdk/platform-tools folder.
Open Terminal cd sdk/platform-tools
On your Desktop go to Go…Go to Folder and type ~/.android, open adb_usb.ini and add 0x2836 to that file, save and close.
To verify it's listed:
./adb kill-server
echo 0x2836
./adb start-server
./adb devices
Your device should be listed here. If you want wireless adb access so you're not always hooked up to the console do the following, make sure your device is still connected via usb:
./adb tcpip 5555
unplug console
./adb connect xxx.xxx.xxx.xxx (this is the ip of your console, this is listed under manage…system…console info, should be the second line)
You're set, now you can install apps wirelessly to your OUYA console. You need to make the console read/write to do this do the following
./adb shell
su
mount -o rw,remount -t ext4 /dev/block/platform/sdhci-tegra.3/by-name/APP
mount -o rw,remount -t ext4 /dev/block/platform/sdhci-tegra.3/by-name/UDA
mount -o rw,remount -t ext4 /dev/block/platform/sdhci-tegra.3/by-name/CAC
Now we will install su binary, superuser and busybox
./adb push su/system/bin/su /sdcard/su
./adb shell
su
cat /sdcard/su > /system/xbin/su
ln -s /system/xbin/su /system/bin/su
chmod 6755 /system/xbin/su
exit
exit
./adb install com.koushikdutta.superuser.apk
./adb install stericson.busybox.apk
Should be up and running, if this helped you please thank me or donate a couple bucks
You rock!
I was at this for a while before I found your post. I'm on windows, but this is the only thread I could find that had anything useful Mind if I share this around on other forums?
Just link them back, steps are almost identical for Windows. Just need to remove the ./ from the adb commands
Sent from my HTC One using Tapatalk 4 Beta
WinDroidGuy said:
Device is pre-rooted, but only lets you do stuff via terminal. I didn't find a way to install Superuser/busybox on Mac, so I decided to make a simple guide. Took me all of 3min to complete, well since I already had the sdk and everything else installed.
You'll need this Superuser.apk, su binary and busybox.apk, dL the files from here http://d-h.st/BBk, once you have the files installed and launch Superuser it will ask you to update the binary, just click yes. Place the 3 files in your sdk/platform-tools folder.
Open Terminal cd sdk/platform-tools
On your Desktop go to Go…Go to Folder and type ~/.android, open adb_usb.ini and add 0x2836 to that file, save and close.
To verify it's listed:
./adb kill-server
echo 0x2836
./adb start-server
./adb devices
Your device should be listed here. If you want wireless adb access so you're not always hooked up to the console do the following, make sure your device is still connected via usb:
./adb tcpip 5555
unplug console
./adb connect xxx.xxx.xxx.xxx (this is the ip of your console, this is listed under manage…system…console info, should be the second line)
You're set, now you can install apps wirelessly to your OUYA console. You need to make the console read/write to do this do the following
./adb shell
su
mount -o rw,remount -t ext4 /dev/block/platform/sdhci-tegra.3/by-name/APP
mount -o rw,remount -t ext4 /dev/block/platform/sdhci-tegra.3/by-name/UDA
mount -o rw,remount -t ext4 /dev/block/platform/sdhci-tegra.3/by-name/CAC
Now we will install su binary, superuser and busybox
./adb push su/system/bin/su /sdcard/su
./adb shell
su
cat /sdcard/su > /system/bin/su
cat /sdcard/su > /system/xbin/su
exit
exit
./adb install com.koushikdutta.superuser.apk
./adb install stericson.busybox.apk
Should be up and running, if this helped you please thank me or donate a couple bucks
Click to expand...
Click to collapse
It's pure luck that this works. There's several things wrong with it.
There's no reason to have two copies of su. There should only be one, and at most have the other be a symlink.
the su binary should be chmodded '6755'.
It works because piping the contents of a file to another file usually leaves the permissions intact. So, sort of works - it leaves a broken copy of su in /system/bin and a luckily working one in /system/xbin.
So, tl;dr, the guide should be:
Code:
./adb push su/system/bin/su /sdcard/su
./adb shell
su
cat /sdcard/su > /system/xbin/su
ln -s /system/xbin/su /system/bin/su
chmod 6755 /system/xbin/su
exit
exit
./adb install com.koushikdutta.superuser.apk
rayman said:
It's pure luck that this works. There's several things wrong with it.
There's no reason to have two copies of su. There should only be one, and at most have the other be a symlink.
the su binary should be chmodded '6755'.
It works because piping the contents of a file to another file usually leaves the permissions intact. So, sort of works - it leaves a broken copy of su in /system/bin and a luckily working one in /system/xbin.
So, tl;dr, the guide should be:
Code:
./adb push su/system/bin/su /sdcard/su
./adb shell
su
cat /sdcard/su > /system/xbin/su
ln -s /system/xbin/su /system/bin/su
chmod 6755 /system/xbin/su
exit
exit
./adb install com.koushikdutta.superuser.apk
Click to expand...
Click to collapse
Thanks, this was my first time doing anything like this...figured I'd try to hack together something from other guides, since I didn't see very many people with the device yet. I will change it now
WinDroidGuy said:
mount -o rw,remount -t ext4 /dev/block/platform/sdhci-tegra.3/by-name/UDA
mount -o rw,remount -t ext4 /dev/block/platform/sdhci-tegra.3/by-name/CAC
Click to expand...
Click to collapse
This is really pointless, userdata is already RW, cache should be RW, but more importantly you do nothing that would require them to be remounted
I'm not sure what I am doing wrong here. Can anyone help? All the files are there.
TadeoNYC said:
I'm not sure what I am doing wrong here. Can anyone help? All the files are there.
Click to expand...
Click to collapse
The command should be "adb push su /sdcard/su" (pushing su to the sdcard).
Setup wired and/or wireless ADB
(Optional) Put adb.exe in your Windows PATH variable so you can run it from anywhere
Download and unzip the SuperUser files from http://d-h.st/BBk
Open an ADB shell with elevated permissions
Code:
adb shell
su
Mount the system partition as read-write
Code:
mount -o rw,remount -t ext4 /dev/block/platform/sdhci-tegra.3/by-name/APP
Exit the ADB shell
Code:
exit
exit
or CTRL + C
Push su to the sdcard
Code:
adb push su /sdcard/su
Open an ADB shell with elevated permissions
Code:
adb shell
su
Cat su into /system/xbin
Code:
cat /sdcard/su > /system/xbin/su
Create a symbolic link to su in /system/xbin from /system/bin (safer/cleaner than just putting su directly in the bin folder)
Code:
ln -s /system/xbin/su /system/bin/su
Set the su permissions to -rwsr-sr-x
Code:
chmod 6755 /system/xbin/su
Exit the ADB shell
Code:
exit
exit
or CTRL + C
Install SuperUser
Code:
adb install com.koushikdutta.superuser.apk
Install BusyBox
Code:
adb install stericson.busybox.apk
Run SuperUser on the OUYA (Make > Software > SuperUser) and allow it to update
Thank you Elmero.
I'm so glad I gave up and went to bed last night. It could not have gone smoother. I followed the instructions for setting up wireless adb from here http://forum.xda-developers.com/showthread.php?t=2272266 as well.
TIP: I wasted an hour or more trying to figure out why PC was not recognizing the OUYA at all. It was the stupid Micro usb port, compunding the fact that all the ports are to close to begin with the micro usb port is very deep. Neither of my Samsung cables worked, fortunately I have a kodak pocket video cam and the cable for that is a few mm longer and worked perfectly.
And who said Kodac isn't relevant anymore?
Sent from my Nexus 7 using xda premium
The link to the Superuser.apk is not working.
pdelponte said:
The link to the Superuser.apk is not working.
Click to expand...
Click to collapse
Working fine for me...
Sent from my HTC One using Tapatalk 4 Beta
WinDroidGuy said:
Working fine for me...
Sent from my HTC One using Tapatalk 4 Beta
Click to expand...
Click to collapse
Not working for me either.
This webpage is not available
The webpage at http://fs1.d-h.st/download/00044/BBk/superuser.zip might be temporarily down or it may have moved permanently to a new web address.
Click to expand...
Click to collapse
There is an issue with the website. Just try back until it connects.
Sent from my GT-P3113 using Tapatalk 2
just to be clear. once its rooted, can i install any android apk to the console? the one that i've bought from android play market?
tanush said:
just to be clear. once its rooted, can i install any android apk to the console? the one that i've bought from android play market?
Click to expand...
Click to collapse
1) It's already rooted.
2) You can already sideload anything you want to it, same as (almost) any android device, whether it is rooted or not. (http://forum.xda-developers.com/showpost.php?p=41796467&postcount=11)
elmerohueso said:
The command should be "adb push su /sdcard/su" (pushing su to the sdcard).
Setup wired and/or wireless ADB
(Optional) Put adb.exe in your Windows PATH variable so you can run it from anywhere
Download and unzip the SuperUser files from http://d-h.st/BBk
Open an ADB shell with elevated permissions
Code:
adb shell
su
Mount the system partition as read-write
Code:
mount -o rw,remount -t ext4 /dev/block/platform/sdhci-tegra.3/by-name/APP
Exit the ADB shell
Code:
exit
exit
or CTRL + C
Push su to the sdcard
Code:
adb push su /sdcard/su
Open an ADB shell with elevated permissions
Code:
adb shell
su
Cat su into /system/xbin
Code:
cat /sdcard/su > /system/xbin/su
Create a symbolic link to su in /system/xbin from /system/bin (safer/cleaner than just putting su directly in the bin folder)
Code:
ln -s /system/xbin/su /system/bin/su
Set the su permissions to -rwsr-sr-x
Code:
chmod 6755 /system/xbin/su
Exit the ADB shell
Code:
exit
exit
or CTRL + C
Install SuperUser
Code:
adb install com.koushikdutta.superuser.apk
Install BusyBox
Code:
adb install stericson.busybox.apk
Run SuperUser on the OUYA (Make > Software > SuperUser) and allow it to update
Click to expand...
Click to collapse
So what steps need to be repeated after the OTA?
from my limited understanding I think it should be steps 4 through 12. Or does the system partition not need to be mounted as read-write again?
Sent from my GT-P3113 using Tapatalk 4 Beta
Yup 4-12
Edit
If su is still on the sdcard you can skip 6-8... wont hurt if you do them though...
Sent from my SAMSUNG-SGH-I337 using xda app-developers app
professorpoptart said:
Yup 4-12
Edit
If su is still on the sdcard you can skip 6-8... wont hurt if you do them though...
Sent from my SAMSUNG-SGH-I337 using xda app-developers app
Click to expand...
Click to collapse
Might be a good idea to do them. The OTA version of such is different from the one in this guide. I had tried keeping the stock su and superuser complained
Sent from my Nexus 7 using xda premium
Do you still have access to the ouya store after SU installed? I heard rumors that access to the store was blocked until root access removed?
Sent from my GT-N7100 using Tapatalk 2