hello,
i have read on the forums about rooting the stock honeycomb through clockwork mod and fastboot and what not but i have tried everything know to man trying to get that to work, but no dice.
has anyone rooted successfully using SuperOneClick on a dell streak 7 with android 3.2 honeycomb official OTA update?
thanks for the help.
cboulais61 said:
hello,
i have read on the forums about rooting the stock honeycomb through clockwork mod and fastboot and what not but i have tried everything know to man trying to get that to work, but no dice.
has anyone rooted successfully using SuperOneClick on a dell streak 7 with android 3.2 honeycomb official OTA update?
thanks for the help.
Click to expand...
Click to collapse
Yes, with 2.2.2. You have to remember to take out the SD card before you do it though.
Regards,
Hans
Just tried this with the latest 2.3.1 on my Dell Streak 7 4G that came with 3.2 on it. SuperOneClick gets to:
Rooting Device Step #7 Wait for Device - and then hangs
In the output windows I see the following:
Code:
export TEMPRANDOM=92181 export PS1=END:$TEMPRANDOM;cat /data/local/tmp/output mount: permission denied (are you root?) END:92181export PS1="" /data/local/tmp/busybox mount > /data/local/tmp/output 2>&1 export TEMPRANDOM=49649 export PS1=END:$TEMPRANDOM;cat /data/local/tmp/output rootfs on / type rootfs (ro,relatime) tmpfs on /dev type tmpfs (rw,nosuid,relatime,mode=755) devpts on /dev/pts type devpts (rw,relatime,mode=600) proc on /proc type proc (rw,relatime) sysfs on /sys type sysfs (rw,relatime) none on /acct type cgroup (rw,relatime,cpuacct) tmpfs on /mnt/asec type tmpfs (rw,relatime,mode=755,gid=1000) tmpfs on /mnt/obb type tmpfs (rw,relatime,mode=755,gid=1000) none on /dev/cpuctl type cgroup (rw,relatime,cpu) /dev/APP on /system type ext4 (ro,relatime,barrier=1,data=ordered) /dev/UDA on /data type ext3 (rw,nosuid,nodev,noatime,barrier=0,data=writeback) /dev/CAC on /cache type ext3 (rw,nosuid,nodev,noatime,barrier=0,data=writeback) /dev/SDC on /mnt/sdcard type vfat (rw,dirsync,nosuid,nodev,noexec,relatime,uid=1000,gid=1015,fmask=0702,dmask=0702,allow_utime=0020,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro) END:49649export PS1="" mount -o rw,remount /dev/APP /system > /data/local/tmp/output 2>&1 export TEMPRANDOM=93079 export PS1=END:$TEMPRANDOM;cat /data/local/tmp/output mount: Operation not permitted END:93079
Any ideas?
All known exploits were patched in Android 3.0.
There have been no known exploits that work on anything newer then that since it was released.
TheManii said:
All known exploits were patched in Android 3.0.
There have been no known exploits that work on anything newer then that since it was released.
Click to expand...
Click to collapse
So back to trying to get drivers for my Streak 7 installed under Win 64 so I can fastboot is pretty much it then, eh?
Looks Confused said:
Yes, with 2.2.2. You have to remember to take out the SD card before you do it though.
Regards,
Hans
Click to expand...
Click to collapse
Fail. He asked for 3.2.
I think you should use the fastboot way
exebreez said:
Fail. He asked for 3.2.
I think you should use the fastboot way
Click to expand...
Click to collapse
Ha. You should be nicer (kidding). I meant SuperOneClick v2.2.2. Which is what I've used to root HC V3.2 a couple of times now. I've done this so I can use one of the application managers to remove some of the factory installed dross in the stock firmware (which I think requires root access).
I'm a bit puzzled about one thing: As mentioned in another post in this thread, there are no known exploits for HC. So, I don't understand how this could be working, unless I'm not really rooting my tablet, or maybe its because the boot loader isn't locked in the first place?
If anyone happens to understand what's going on, I'd be happy to listen.
Regards,
Hans
Looks Confused said:
Ha. You should be nicer (kidding). I meant SuperOneClick v2.2.2. Which is what I've used to root HC V3.2 a couple of times now. I've done this so I can use one of the application managers to remove some of the factory installed dross in the stock firmware (which I think requires root access).
I'm a bit puzzled about one thing: As mentioned in another post in this thread, there are no known exploits for HC. So, I don't understand how this could be working, unless I'm not really rooting my tablet, or maybe its because the boot loader isn't locked in the first place?
If anyone happens to understand what's going on, I'd be happy to listen.
Regards,
Hans
Click to expand...
Click to collapse
So what you are saying is super one click 2.2.2 root DS7 hc 3.2.. I tryed super one click 2.3. Whatever... And it didn't work...
Sent from my Desire HD using XDA App
s14evil said:
So what you are saying is super one click 2.2.2 root DS7 hc 3.2.. I tryed super one click 2.3. Whatever... And it didn't work...
Sent from my Desire HD using XDA App
Click to expand...
Click to collapse
TL;DR: Yes.
I went and double checked. I'm running HC 3.2 on my Streak 7. The latest version of SuperOneClick I have is 2.2, according to the file I downloaded (dunno where I got 2.2.2 from, probably some mental issue).
I enabled USB debugging, took out my SD card, plugged my tablet in, and clicked the "Root" button.
It said my tablet was rooted. I installed "Root Uninstaller" and Superuser asked me if I wanted to grant it root access. I used this to remove Evernote and Kongregate. So, I think it worked.
Regards,
Hans
Looks Confused said:
Ha. You should be nicer (kidding). I meant SuperOneClick v2.2.2. Which is what I've used to root HC V3.2 a couple of times now. I've done this so I can use one of the application managers to remove some of the factory installed dross in the stock firmware (which I think requires root access).
Hans
Click to expand...
Click to collapse
Sorry dude, i didnt read that carefully.
Looks Confused said:
TL;DR: Yes.
I went and double checked. I'm running HC 3.2 on my Streak 7. The latest version of SuperOneClick I have is 2.2, according to the file I downloaded (dunno where I got 2.2.2 from, probably some mental issue).
I enabled USB debugging, took out my SD card, plugged my tablet in, and clicked the "Root" button.
It said my tablet was rooted. I installed "Root Uninstaller" and Superuser asked me if I wanted to grant it root access. I used this to remove Evernote and Kongregate. So, I think it worked.
Regards,
Hans
Click to expand...
Click to collapse
Thanks mate
Sent from my Dell Streak 7 using XDA App
What rom did you have installed? It could have already been rooted.
Also, there's always the possibility that there is a new exploit out that SoC uses that isnt patched. If there is then it will work for the time being. I dont actually read SoCs changelogs.
It COULD get fixed in the next stock rom (dell is still making more updates, they're simply not releasing them as pkgs) though. IF they ever actually decide to release another update OTA
I tried it and it failed so I went about rooting the long way. Took a while but I got it figured out. I would recommend doing the same.
TheManii said:
What rom did you have installed? It could have already been rooted.
Also, there's always the possibility that there is a new exploit out that SoC uses that isnt patched. If there is then it will work for the time being. I dont actually read SoCs changelogs.
It COULD get fixed in the next stock rom (dell is still making more updates, they're simply not releasing them as pkgs) though. IF they ever actually decide to release another update OTA
Click to expand...
Click to collapse
One of the stock HC roms from Dell. The OEM version is: GLUNB1A350630.
I had rooted it before I did the upgrade (with the factory shipped firmware), but after upgrading, Superuser no longer worked. I did a full reset to stock 3.2 (via the recovery menu VOL+ or - (I forget which) while powering on), then did the SuperOneClick rooting procedure.
Regards,
Hans
Instead of trying to use Super one click, Why not just follow this guide. Should have no issues rooting using the following steps. Yes its more than just click and wait, but its not very difficult if you follow the steps to the letter.
http://forum.xda-developers.com/showthread.php?t=1411193
[Guide] Absolute Newbie's Guide to Rooting a Streak 7 that has Stock Honeycomb
Hope this helps someone
Noticed there was not a link to Superuser7.zip on the newbie guide to rooting.. so I'm attaching a link.
http://www.tablet-cables.com/streak/tools/root/Superuser7.zip (Cap in file name required or it won't be found.)
Superuser7.zip
Related
Obviously a radio difference, but what else prevents roms being easily ported to Milestone from Droid? Im not sure on the internals differences, but could we start porting.
NB do we even have root !?
we have root on both devices i think the exploit may be the same? forgive me if i am wrong.
(root guide for 2.1) the latest update at time of this post.
http://android.modaco.com/content/m...m/308422/milestone-2-1-update-and-root-guide/
the problem on the milestone as anyone will tell you, the LOCKED BOOT LOADER this isnt a problem for the Droid users, they got this for free. Hopefully with the power of the XDA super Dev team, we will have a solution for this, and start pumping out custom roms!
all of the accessories fit for each other, which maes it handy if you want some cheap bits from china, there isnt any carrier in the uk that has the milestone, what i am saying... carrier.. i mean mobile phone network!
i got my milestone from here. buymobilephones.net on a contract, but you can also get them from expansys, as far as i have researched, they are all unlocked. So you shouldnt even need to post about unlocking the sim.
there is another differnce i remember, if you are loading busybox on your device, this will not load if you use droid root helper from the market, you will need to manually do this via ADB and the loaction on the partition is different.
carphone warehouse sell the milestone on t-mobile and you can install busybox with droid root helper.
The kexec modules are nearly working. So there will be a 2nd bootloader in near future.
http://and-developers.com/motorola_milestone
I messed my first one up when I used droid root helper, but I have recently download titaium backup and that says it has installed busy box for me over the net. But terminal tells me no busy box found, the only way I have had it working was via the manual install.
iamdarren said:
I messed my first one up when I used droid root helper, but I have recently download titaium backup and that says it has installed busy box for me over the net. But terminal tells me no busy box found, the only way I have had it working was via the manual install.
Click to expand...
Click to collapse
Titanium installs busybox in its own data directory so that only it can access it.
Cool that answers that. I want to put busybox back on to use cachemate again. But can't find any instructions. So haven't yet
Main difference is the locked bootloader , there is a signature verification at boot time that prevents us from running custom Kernel .
Its unlikely that the bootloader signature will ever be cracked , other workaround like Kexec will most likely help achieve further mods to our device eventho it seem to be right around the corner there is still much work to be done
iamdarren said:
Cool that answers that. I want to put busybox back on to use cachemate again. But can't find any instructions. So haven't yet
Click to expand...
Click to collapse
Download Busybox and use this to install it:
Code:
ADB push busybox /sdcard/busybox
ADB shell
$ su
# mount -o remount,rw -t yaffs2 /dev/block/mtdblock6 /system
# cat /sdcard/busybox > /system/bin/busybox && chmod 700 /system/bin/busybox
# sync
# mount -o ro,remount -t yaffs2 /dev/block/mtdblock6 /system
Its better to push it to xbin and not to bin, as the most apps search there for the busybox
After Titanium had installed busybox, I opened Root Explorer and moved it from Titanium's data folder to /system/xbin (had to temporarily mount R/W to do so, using the button up top). Titanium is still happy as it still finds busybox. Do I need to do anything else for other programs that require it?
cmstlist said:
After Titanium had installed busybox, I opened Root Explorer and moved it from Titanium's data folder to /system/xbin (had to temporarily mount R/W to do so, using the button up top). Titanium is still happy as it still finds busybox. Do I need to do anything else for other programs that require it?
Click to expand...
Click to collapse
your good ..
I spoke to a bookseller tonight that informed me we will be getting a minor update tomorrow morning to 1.0.1. Apparently it improves wifi connectivity and addresses something to do with mobile/desktop browser mode with the stock NC browser.
It is supposed to be available for manual update in the morning and will be staggered out to NCs via wifi over the next couple of days.
I'm turning my wifi off just in case, I'd rather not wake up without root tomorrow.
The original nook updates pull the assets from images.barnesandnoble.com domain. Is it possible that if the NC updates are located on the same domain, would adding images.barnesandnoble.com to the hosts file block it from downloading?
rpollard00 said:
I spoke to a bookseller tonight that informed me we will be getting a minor update tomorrow morning to 1.0.1. Apparently it improves wifi connectivity and addresses something to do with mobile/desktop browser mode with the stock NC browser.
It is supposed to be available for manual update in the morning and will be staggered out to NCs via wifi over the next couple of days.
I'm turning my wifi off just in case, I'd rather not wake up without root tomorrow.
The original nook updates pull the assets from images.barnesandnoble.com domain. Is it possible that if the NC updates are located on the same domain, would adding images.barnesandnoble.com to the hosts file block it from downloading?
Click to expand...
Click to collapse
so are you going to leave wifi off forever? It's not like it's hard to root the NC. I want to enjoy my NC not be paranoid it will update
Novarider said:
so are you going to leave wifi off forever? It's not like it's hard to root the NC. I want to enjoy my NC not be paranoid it will update
Click to expand...
Click to collapse
Unless of course the new update makes it unrootable... or just takes longer to get the new version rooted.
Homer
*
* Disabling OTA Updates
*
adb shell mount -o rw,remount -t ext2 /dev/block/mmcblk0p5 /system
adb shell mv /etc/security/otacerts.zip /etc/security/otacerts.zip_DISABLED_OTA_UPDATES
xboxexpert said:
*
* Disabling OTA Updates
*
adb shell mount -o rw,remount -t ext2 /dev/block/mmcblk0p5 /system
adb shell mv /etc/security/otacerts.zip /etc/security/otacerts.zip_DISABLED_OTA_UPDATES
Click to expand...
Click to collapse
xbox,
Does this keep the nook from randomly (or systematically) resetting itself to factory stock???
Thanks for the tip regardless!!!
I don't see the manual update posted on the B&N website yet.
bbtheory said:
xbox,
Does this keep the nook from randomly (or systematically) resetting itself to factory stock???
Thanks for the tip regardless!!!
Click to expand...
Click to collapse
It looks like it takes the file that allows over the air update and changes the file name so that file is never activiated, thus not installing any updates automatically.
Correct me if I'm wrong. I'm recalling some old tivo hacking unix knowledge here.
Another option would be to block barnesandnoble.com in your DNS or router, then it won't be able to check for updates but you'll still be able to browse other sites. But you won't be able to buy B&N books.
Just a thought, in case changing the update file name doesn't work.
An update this quickly may point to rooted users rather than a wifi fix.
considering that Barnes and Nobel announced that froyo and the market are coming in January, I don't think they really care about rooting. We haven't found a way to cheat their store and we are not abusing any cellular networks, I bet they will just let us be.
This last idea could work but I connect from at least 3 different locations: home, work, coffee shop. Still, eliminating one would limit your chances.
xboxexpert said:
*
* Disabling OTA Updates
*
adb shell mount -o rw,remount -t ext2 /dev/block/mmcblk0p5 /system
adb shell mv /etc/security/otacerts.zip /etc/security/otacerts.zip_DISABLED_OTA_UPDATES
Click to expand...
Click to collapse
This should be done using ADB.
It's the command line script that is use to disable ota updates on android phones as well.
I'll post the host file blocking B&N later on tonight. You guys do know that there is a host file on your nook color that you can use just like your windows host file, right?
xboxexpert said:
I'll post the host file blocking B&N later on tonight. You guys do know that there is a host file on your nook color that you can use just like your windows host file, right?
Click to expand...
Click to collapse
I looked in Windows/System32/drivers/etc but I couldnt find it... might have something to do with the lack of a Windows folder
Clear Blocking
On the possibility that the imminent update is benign (towards root), what are the commands for re-enabling updating?
on your windows computer its in
windows/system32/drives/etc/hosts (its hidden)
on your nook I dont remember where its at but I know its there.
ender89 said:
considering that Barnes and Nobel announced that froyo and the market are coming in January, I don't think they really care about rooting. We haven't found a way to cheat their store and we are not abusing any cellular networks, I bet they will just let us be.
Click to expand...
Click to collapse
No they didn't, the news was not right, B&N then corrected it saying that update is coming 2011 (not necessarily in January).
If you used my block updates script below
adb shell mount -o rw,remount -t ext2 /dev/block/mmcblk0p5 /system
adb shell mv /etc/security/otacerts.zip /etc/security/otacerts.zip_DISABLED_OTA_UPDATES
too undo it you would do
adb shell mount -o rw,remount -t ext2 /dev/block/mmcblk0p5 /system
adb shell mv /etc/security/otacerts.zip_DISABLED_OTA_UPDATES /etc/security/otacerts.zip
That would rename the old file back to normal
ender89 said:
considering that Barnes and Nobel announced that froyo and the market are coming in January, I don't think they really care about rooting. We haven't found a way to cheat their store and we are not abusing any cellular networks, I bet they will just let us be.
Click to expand...
Click to collapse
In addition to it being sometime in 2011, it won't include the Android market but Barnes and nobles own market. They released a statement earlier this week.
Sent from my EVO using XDA App
Thanks for the info
The update is now available
http://www.barnesandnoble.com/u/nookcolor-support-software-update/379002520/?cds2Pid=35758#
Before anything............. This may Brick your phone, follow instructions and it wont
Big shoutouts to:
2nd-init------
skrilax_cz for writing this awesome trick!
edgan for getting it working on atrix with taskset
this hack:
eval for crazy loopback mount idea and all scripts
unknown for lots of helpful testing and debug
XLR88 for the system.img of GB 2.3.4
This is an example of the sort of thing that 2ndinit makes possible
but it is a quick hack and running with the wrong kernel - so still buggy
Bugs
1) The screen flips out when locked, so basically you swipe left and screen goes right.
2) No wifi
3) Camera dont work
4) Moto sign in not working
5) fingerprint
Working
1) Mobile data
2) network
3) Google sign in
4) Market
5) Calls
Will update when fixes are found and bugs are ironed out.
How to get GingerBread via 2ndinit on a locked bootloader for motorola atrix
Tools you need
Adb or Rootexplorer, 2ndinit.apk, terminal
Fastboot
Install 2ndinit.apk
Reboot
in terminal type
ls -a /sys/kernel/debug
Click to expand...
Click to collapse
should get output not
...
Click to expand...
Click to collapse
Download this ...........http://download839.mediafire.com/gv6kzdu34z3g/lcldnltaqj8xd9x/2ndGB.tgz
extract this to sdcard
Download this ...........http://hotfile.com/dl/122055970/0a6dfce/moto-fastboot.zip.html
Extract to sdcard
Delete everything in /preinstall
adb shell
su
cd /preinstall
rm -rf
Click to expand...
Click to collapse
copy 2nd-init, taskset, busybox to /preinstall
In ternimal
chmod 755 2nd-int
chmod 755 taskset
chmod 755 busybox
Click to expand...
Click to collapse
Rename hk. Img to system.img to and then copy to /preinstall folder
copy files from /ETC/rootfs/ to /system/etc/rootfs/ and set permissions
chmod 644 /system/etc/rootfs/*
Click to expand...
Click to collapse
copy this to /system/bin/ download and add gb directory to /data/ so it becomes /data/gb/
In terminal type
ls -a /sys/kernel/debug
Click to expand...
Click to collapse
you should get nothing at all
reboot.....
Backup your data this is a recommendation just in case
reboot again...........
when rebooting hold volume down then scroll down to EARLY USB ENUMERATION then volume up (do this everytime you want gingerbread)
wait.............
You should successfully boot into GingerBread... Congradulations
getting back to froyo
reboot
If all this fails, install 2ndinit.apk from here
Then repeat this tutorial...
Sorry about the crap video
WATCH HERE
If anyone can help to solve the flip of screen here is some clues that may help
1) screen is working prefectly until screen turns off, then it flips
Glad my work could be of use =)
And thanks for taking this off my hands while I'm away... hope you can fix the touch screen left-right input flip ... if anyone has any ideas, PM me, _unknown and stevendeb25. Here's to hoping all international users can enjoy 2.3.4 soon!
PS. haha thanks for quoting all my cursing in IRC about my /data failures
How my hack works
For international devs who want an idea of how I did it (before stevendeb25's tutorial & release) the following details my mount_ext3.sh:
Loopback hack only loads if you fastboot menu to early USB enum, so, run if ro.usb_mode==debug (plus helps us debug to adb early... why /system/etc/rootfs/default.prop we copy to / has ro.secure=0 & persist.service.adb.enable=1) In addition to default.prop we copy, extracted files from GB's ramdisk:, /init, /init.rc (modified, comment out mounting /system) and ueventd.rc from etc/rootfs, plus symlink /sbin/ueventd->/init.
Next, mknod and mount /preinstall rw, where we keep taskset, 2nd-init and busybox binaries, as well as system.img (CG60 from hktw 2.3.4 sbf.) It's probably already in /dev/block/ but this varied across froyo builds so mknod and mount rw to be safe. Good idea to use /preinstall/busybox from now on as /system mount dis/appears.
e2fsck -y the system.img and then losetup the loopback mount, umount -f -l /system, and mount -t ext3 <loopbackdevice> /system. For debug cat out /proc/mounts to a file in /preinstall or /data, actually I also append ">>/preinstall/debug 2>&1" to every command. Finally, now you can (taskset) 2nd-init your new system!
Unfortunately, seems necessary to fastboot -w or just rm -r /data/* between boots of froyo and GB. Annoying, but I couldn't easily get a GB-only /data mounted.
Now, can you fix the input flip left-right after lock screen? Clues are: it doesn't happen if this trick is tried on GB kernel (with Froyo ramdisk, system, and same 2nd-init trick.) Also, it persists after warm reboot, GB->GB. Pulling in /system/lib/hw from Froyo didn't help. Tho you'll want to bring back (and insmod) aev.ko, evfwd.ko, plus revert dhd.ko to Froyo version, as the first two are in-kernel on GB, and the latter seems to differ. I am fairly confident most bugs can be fixed by replacing (lock screen? nvrm_daemon?) pieces of GB userspace with Froyo versions in system.img. I just lost a bit of ambition after finding the fastboot oem unlock in the BL plus I will be away for a bit.
So, good luck to stevendeb25 and all you non-ATT Atrix hackers!
At least International users get some Gingerbread love! Good job guys!
i can't believe!!!
what a great new!!!
thanks guys!
the video seems to be really amazing!
wanna try it!!!!
that bootscreen looks awesome at first part in the video, is that stock?? oo
Excellent work brothers, you guys are really making us proud as well as you should be!
Very good job!
Now I can start dreaming about GB in my non-att atrix
You sexy, sexy man! Rawr!!
Great news
Sent from my MB860 using XDA Premium App
stratax said:
that bootscreen looks awesome at first part in the video, is that stock?? oo
Click to expand...
Click to collapse
Yeah stock orange uk bootscreen
Sent from my MB860 using XDA Premium App
Lol..
Awesome Steven, lookin' forward
bongd said:
You sexy, sexy man! Rawr!!
Click to expand...
Click to collapse
Stock Bell Atrix on Rogers with updated radio, Rooted, deodexed, Honeycomb theme, and frozen!
Released ............ enjoy guys, if dont want flip screen, dont lock the phone
This remember me when we try to put android on Windows Mobile Phones!haha
Anyway, nice work man, Let's play a lil
Wow, good work guys. I am sure this has been torture for international users. For the past couple of weeks, we in the states (or anyone on at&t) have been like kids on Christmas, while everyone else sits on the sidelines It's a good thing the 2nd init port got put to good use.
HolySorento said:
This remember me when we try to put android on Windows Mobile Phones!haha
Anyway, nice work man, Let's play a lil
Click to expand...
Click to collapse
Android has been ported to the Iphone, but as far as I know only to the older generations.
c'mon guys, are you trying that??
post your opinions!!
stevendeb25 said:
Released ............ enjoy guys, if dont want flip screen, dont lock the phone
Click to expand...
Click to collapse
Great work steve
Steven, is there no way for you to use drivers from the hktw build to fix wifi and camera?
Or do those require kernel level access or something?
Sent from my MB860 using XDA Premium App
stevendeb25 said:
Yeah stock orange uk bootscreen
Sent from my MB860 using XDA Premium App
Click to expand...
Click to collapse
Think anyone could post this? It looks much better than the ATT one.
tasty_boy said:
c'mon guys, are you trying that??
post your opinions!!
Click to expand...
Click to collapse
I'd love to try but without wifi and that flip issue I think I'll pass this version.
Sinful Animosity said:
Steven, is there no way for you to use drivers from the hktw build to fix wifi and camera?
Or do those require kernel level access or something?
Click to expand...
Click to collapse
Other way around... if you pull in dhd.ko from the latest Froyo build you flashed on your system, as well as aev.ko and evfwd.ko (and /system/etc/firmware or wifi/ ?) into loopback mounted /system you will have more chance of working wifi in HKTW2.3.4. (HINT HINT you could do this directly in the mount_ext3.sh script... copy useful 2.2 stuff to /preinstall, copy back into new /system after unmount,remount, even insmod if you have to...)
Remember, this trick produces a mismatch between /system version (GB,2.3.4) and kernel version in boot.img which is actually running. We can take care of ramdisk post-hoc before 2nd-init but older kernel and its API is still in place so pieces of HKTW userspace will have to be replaced/modded to fix bugs. This version of mount_ext3 is an early release for the hackers who want to tinker until it works... good luck! I will have only web and ssh access off and on for 10 days but can answer any questions by PM, on IRC or here..
Hi,
Here's a method based on a security hole to gain root on the Galaxy Tab 2 7" without heavy flashing by Odin. I've successfuly tested this method on my GT-P3110 running stock Android 4.0.3 on kernel 3.0.8-379370, version IML74K.P3110XXALD4.
The original post by Miloj :good: can be viewed here :
http://forum.xda-developers.com/showthread.php?t=1704209
I've only "translated" the trick from TF300T to our Galaxy Tab. I guess it should work for other devices too... To make short, the goal here is to create a symbolic link from the famous /data/local/tmp to the block device on which /system is mounted. The mount command runned in an ADB shell can give the required information :
$ mount
rootfs / rootfs ro,relatime 0 0
tmpfs /dev tmpfs rw,nosuid,relatime,mode=755 0 0
devpts /dev/pts devpts rw,relatime,mode=600 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,relatime 0 0
none /acct cgroup rw,relatime,cpuacct 0 0
tmpfs /mnt/asec tmpfs rw,relatime,mode=755,gid=1000 0 0
tmpfs /mnt/obb tmpfs rw,relatime,mode=755,gid=1000 0 0
none /dev/cpuctl cgroup rw,relatime,cpu 0 0
/dev/block/platform/omap/omap_hsmmc.1/by-name/FACTORYFS /system ext4 ro,relatime,barrier=1,data=ordered 0 0
/dev/block/platform/omap/omap_hsmmc.1/by-name/DATAFS /data ext4 rw,nosuid,nodev,noatime,barrier=1,data=ordered,noauto_da_alloc,discard 0 0
/dev/block/platform/omap/omap_hsmmc.1/by-name/CACHE /cache ext4 rw,nosuid,nodev,noatime,barrier=1,nomblk_io_submit,data=ordered 0 0
/dev/block/platform/omap/omap_hsmmc.1/by-name/EFS /efs ext4 rw,relatime,barrier=1,data=ordered 0 0
/sys/kernel/debug /sys/kernel/debug debugfs rw,relatime 0 0
After identifying the block device, refer to the well-explained Miloj post and consider :
Code:
[COLOR="Red"]FOR SAMSUNG GALAXY TAB 2 7" ONLY:[/COLOR]
Code:
$ ln -s /dev/block/platform/omap/omap_hsmmc.1/by-name/FACTORYFS tmp
$ exit
Hope it will help !
after typing what you said all i get is " link failed Read-only file system"
tried on galaxy tab 2 p3100 (stock)
ze0 said:
after typing what you said all i get is " link failed Read-only file system"
tried on galaxy tab 2 p3100 (stock)
Click to expand...
Click to collapse
Well, you must follow Miloj's tutorial http://forum.xda-developers.com/showthread.php?t=1704209 from the start : push the binaries downloaded from http://db.tt/FBUNeVmo to /data/local, run an ADB shell and change directory to /data/local, move tmp to tmp.back then create the symbolic link to the block device with the ln command given in my post for the Galaxy Tab and type (or copy / paste) all the following commands (reboot, shell, clean-up, dirty work, ...) given by Miloj.
I know it's a little rough, I'll try to find some time to script all the stuff or adapt the one click tool quoted in Miloj's post.
Good luck !
yes it worked .awesome man thank you you rock ,now i have root in stock with binary counter value 0
The automated tool
Sparkym3 provides an automated tool for rooting the Transformer TF300T with Miloj method :
http://forum.xda-developers.com/showthread.php?t=1706588
I've modded the tool for the Samsung Galaxy Tab 2 7" (see attached file). Check the link above for the instructions and run the modded version called RootDebugfs_n95.bat instead of the original RootDebugfs.bat.
The original tool includes the Asus USB drivers... I failed to join the Samsung ones to the attached zip, maybe due to an excessive weight (near 19 Mo).
Happy rooting !
Gee, it's already been impossible with ICS4.0.4
Wish I hadn't upraded...
Thanks Nesquick95, I've updated my topic with your informations.
hayatama said:
Gee, it's already been impossible with ICS4.0.4
Wish I hadn't upraded...
Click to expand...
Click to collapse
If the security hole is patched in the 4.0.4 release, you'll get an "access denied" error while executing the "debugfs -w /data/local/tmp" command.
If it's the case, we must look for another rooting trick
Can you please tell which kind of error you get and if it's not the "access denied" one, post the result of a "mount" of your tablet (adb shell mount) ?
First,great job,thank you for your work,now we don't need to worry about warranity.Second,maybe you can help us again,can you please tell us how do we keep root,when upgrading 4.0.4? I know that Transformer tabs have some kind of app,named Root Keeper ,if you flash OTA update,and want to keep root.Maybe we can try something similar for our tab ,or using Mobile Odin maybe?
Thanks again!
Best Regards!
Nesquick95 said:
If the security hole is patched in the 4.0.4 release, you'll get an "access denied" error while executing the "debugfs -w /data/local/tmp" command.
If it's the case, we must look for another rooting trick
Can you please tell which kind of error you get and if it's not the "access denied" one, post the result of a "mount" of your tablet (adb shell mount) ?
Click to expand...
Click to collapse
thanx. if my memory serves, it was an error you mentioned, but i will check it soon.
btw, i've got another updates...
Sent from my GT-P3113 using xda app-developers app
hayatama said:
Gee, it's already been impossible with ICS4.0.4
Wish I hadn't upraded...
Click to expand...
Click to collapse
would you like to test this one?
I'm tested in my P3100 with 4.0.4 and worked
Fz.hary said:
would you like to test this one?
I'm tested in my P3100 with 4.0.4 and worked
Click to expand...
Click to collapse
Thanx, i know it'd work, but i want to root "without" flashing rom.
Sent from my SC-02C using xda app-developers app
Yep,the whole point of this root method it's not to flash unofficial kernel using Odin,because it triggers the counter ,and it will void your warranity.If you root without Odin,than you can use Mobile Odin to flash roms,and you'll have the counter 0 ,so you'll keep your warranity. intact.
Cheers
Nesquick95 said:
Sparkym3 provides an automated tool for rooting the Transformer TF300T with Miloj method :
http://forum.xda-developers.com/showthread.php?t=1706588
I've modded the tool for the Samsung Galaxy Tab 2 7" (see attached file). Check the link above for the instructions and run the modded version called RootDebugfs_n95.bat instead of the original RootDebugfs.bat.
The original tool includes the Asus USB drivers... I failed to join the Samsung ones to the attached zip, maybe due to an excessive weight (near 19 Mo).
Happy rooting !
Click to expand...
Click to collapse
So if i use this it will root amid leave tab 2 at 0 on odin
Sent from my Tab 2
photon4glover said:
So if i use this it will root amid leave tab 2 at 0 on odin
Sent from my Tab 2
Click to expand...
Click to collapse
Yes, because this root method exploits a security hole of the tab's software integration and thus doesn't need Odin.
But I'd like to say that this kind of rooting method isn't better or worst than recovery flash...
Recovery flash causes warranty to be broken but is nearly granted to work.
Tricky methods keep warranty alive but have short lifetimes, like the one discussed here that seems to work only on 4.0.3, since providers like Samsung can't leave security holes on their systems and apply patches so the work (find a new trick or write an OTA-rootkeeper) must be done each time an update is released.
Man so no method like this forv4.04
Sent from my Tab 2
photon4glover said:
Man so no method like this forv4.04
Sent from my Tab 2
Click to expand...
Click to collapse
Haven't got 4.0.4 myself so it's hard for me to say...
An unsuccessful try on 4.0.4 is reported here and hole patching by Samsung is strongly suspected.
Well, it's always the same never-ending rooting story : flashing & losing warranty or waiting for a rooting exploit that may never be found & keeping warranty alive.
May I ask how 4.0.4 comes to our tabs ? Is it regular OTA or alternative ROM flashing ? I'm on stock 4.0.3, rooted but not unlocked and have no signs of an OTA update coming.
4.0.4 is available from kies only [p3100] No OTA update
Nesquick95 said:
Haven't got 4.0.4 myself so it's hard for me to say...
An unsuccessful try on 4.0.4 is reported here and hole patching by Samsung is strongly suspected.
Well, it's always the same never-ending rooting story : flashing & losing warranty or waiting for a rooting exploit that may never be found & keeping warranty alive.
May I ask how 4.0.4 comes to our tabs ? Is it regular OTA or alternative ROM flashing ? I'm on stock 4.0.3, rooted but not unlocked and have no signs of an OTA update coming.
Click to expand...
Click to collapse
Since your alrdy rooted u can flash a recovery via mobile Odin or desktop Odin of your not worried about flash counter. If u guys have a link for your 4.0.4 update ill root and de odex for ya. Or let me know what region the 4.0.4 update is for ill try and find it on samsung firm
Sent from my ADR6425LVW using xda premium
Nesquick95 said:
Haven't got 4.0.4 myself so it's hard for me to say...
An unsuccessful try on 4.0.4 is reported here and hole patching by Samsung is strongly suspected.
Well, it's always the same never-ending rooting story : flashing & losing warranty or waiting for a rooting exploit that may never be found & keeping warranty alive.
May I ask how 4.0.4 comes to our tabs ? Is it regular OTA or alternative ROM flashing ? I'm on stock 4.0.3, rooted but not unlocked and have no signs of an OTA update coming.
Click to expand...
Click to collapse
Mine came OTA, and additional OTA was available (P3113)
Sent from my SC-02C using xda app-developers app
Another S-Off script that was sent to me by coremark. Successfully s-off my device and supercid.
http://firewater-soff.com/
Thanks to @coremark.
After gaining S-off on a fully stock device using Firewater + temproot, what is the easiest method for permanent rooting?
Since due to S-off full access is granted to all partitions, is it possible to install the su binary and superuser / superSu apk to the /system partition without flashing a custom recovery? For example by using "adb push" or a root file manager?
Where can I get a su binary? Should I extract it from superSu / superuser recovery ZIP package?
Could anyone walk me through the steps?
edorner said:
After gaining S-off on a fully stock device using Firewater + temproot, what is the easiest method for permanent rooting?
Since due to S-off full access is granted to all partitions, is it possible to install the su binary and superuser / superSu apk to the /system partition without flashing a custom recovery? For example by using "adb push" or a root file manager?
Where can I get a su binary? Should I extract it from superSu / superuser recovery ZIP package?
Could anyone walk me through the steps?
Click to expand...
Click to collapse
I'm afraid you'll need a custom recovery for this. The /system write protection is implemented in kernel (the kernel doesn't sync changes to the actual block device and keeps them in RAM) and S-OFF is completely orthogonal to this. To work around it, you'd need a custom kernel (which is not feasible at the moment since HTC haven't released the full source tree yet, unfortunately) or the wp-mod hack (which I would be afraid of using, to be honest).
Also, why avoid custom recovery when you're already S-OFF and you can flash the stock recovey anytime?
koniiiik said:
The /system write protection is implemented in kernel (the kernel doesn't sync changes to the actual block device and keeps them in RAM) and S-OFF is completely orthogonal to this.
Click to expand...
Click to collapse
You are right, that makes sense.
But then how is this possible (if it is at all)? -> http://forum.xda-developers.com/showthread.php?t=2339056
(Pls check out the 2nd post from member "Indirect".)
AFAIK the One has the exact same kind of /system write protection as the 901s. Doesn't it?
Just out of curiosity, why would you be afraid to use wp-mod? Unknown / unpublished source? Bad feedback from users?
edorner said:
You are right, that makes sense.
But then how is this possible (if it is at all)? -> http://forum.xda-developers.com/showthread.php?t=2339056
(Pls check out the 2nd post from member "Indirect".)
AFAIK the One has the exact same kind of /system write protection as the 901s. Doesn't it?
Click to expand...
Click to collapse
To be honest, no idea. All I do know is that on my phone the write protection works the way it does and I don't really see a feasible way around it. Also, I haven't tried these exact steps. It's possible that adb remount does some extra work or something. Moreover, I'm not sure about the adb shell chmod ... command – that would require root, wouldn't it? But since I haven't tried it, I can only guess.
If you don't mind trying it, I'd be interested in the results.
edorner said:
Just out of curiosity, why would you be afraid to use wp-mod? Unknown / unpublished source? Bad feedback from users?
Click to expand...
Click to collapse
The way I understand wp_mod works is that it monkey-patches the running kernel's filesystem driver to skip the check for the /system partition. In other words, it rewrites the code of the running kernel in-memory. This by itself is reason enough to be extremely careful around such code as it has potential for a major disaster. Missing the right memory location by any nonzero number of bytes can result in the kernel doing practically anything (most likely a crash).
Now, to make matters worse, these seem to be only a few binary versions of the kernel module and people seem to just take a binary compiled for one kernel, modify the version information within the file to make it match other kernels and load it on a completely different kernel. This, to me, is borderline insane, considering that the kernel binaries depend on the version of the kernel, used compiler and even compiler flags used when building.
Again, though, I haven't actually looked at the module's source code; can't say I'm suffering from a surplus of free time and I'm also not *that* interested in it. Most likely it's written in a robust enough way to have a high chance of success. (This seems to be backed up by anecdotal evidence – the thing appears to work for people, which is a small wonder for me.) All of the above is actually just my interpretation of stuff I read in some threads here on XDA-developers and I haven't even tried to confirm it myself.
Still, for me, using the recovery for any such changes is a sufficient and acceptable workaround, since I don't need to modify /system that often.
Wow! Thanks for the exhaustive expanation about WP-mod!
If you don't mind trying it, I'd be interested in the results.
Click to expand...
Click to collapse
Well I am also a bit skeptical about this solution. So I am not sure I will be brave enough to try it
But if I do decide to give it a try, I will post the results here, I promise.
edorner said:
Well I am also a bit skeptical about this solution. So I am not sure I will be brave enough to try it
But if I do decide to give it a try, I will post the results here, I promise.
Click to expand...
Click to collapse
As far as @Indirect's post goes, that should be risk-free – either it does work, or it doesn't do anything. I don't see how it could harm your phone. Worst case, you end up with a /system/xbin/su binary that doesn't work due to wrong privileges (or owner information), in which case you should be able to just remove it and start over.
koniiiik said:
As far as @Indirect's post goes, that should be risk-free – either it does work, or it doesn't do anything. I don't see how it could harm your phone. Worst case, you end up with a /system/xbin/su binary that doesn't work due to wrong privileges (or owner information), in which case you should be able to just remove it and start over.
Click to expand...
Click to collapse
Ah, I see. In that case I will definitely try it!
Truth is I am still an Android noob, I used ADB maybe on two occasions so far, and did not have the time yet to properly check out the documentation for these particular commands.
One more question:
If I understand correctly, Firewater (when used together with the temproot) will also unlock your bootloader. Do you think the apps in /data/preloadwill be deleted in this case too? (I.e. does it do a factory wipe like the unlock process via HTCDev?)
If so, how do I restore the apps? Do I simply copy the APK's back to /data/preload with a root file manager, and that's it?
IIRC Helium backup is not really perfect for the purpose, because it is unable to restore those apps to /data/preload, and puts them to the standard app path. Is this what you remember, too?
edorner said:
One more question:
If I understand correctly, Firewater (when used together with the temproot) will also unlock your bootloader. Do you think the apps in /data/preloadwill be deleted in this case too? (I.e. does it do a factory wipe like the unlock process via HTCDev?)
If so, how do I restore the apps? Do I simply copy the APK's back to /data/preload with a root file manager, and that's it?
IIRC Helium backup is not really perfect for the purpose, because it is unable to restore those apps to /data/preload, and puts them to the standard app path. Is this what you remember, too?
Click to expand...
Click to collapse
No idea, I haven't used firewater, but my guess would be that it won't wipe anything…
As for backing up /data/preload, you can for example use temproot to get access to the directory, copy it somewhere on your sdcard and adb pull it. In case it gets wiped, you can just push it back again and voilà. It's going to require some shell-fu, however.
Alternately, you can just download my ZIP of the latest stock ROM and extract it, it contains the latest /data/preload.
And yes, just copying the APK files into /data/preload should suffice *– Dalvik and its package manager is intelligent enough to detect something has changed in there and perform any installation steps necessary. If it doesn't work right away, a reboot should fix things.
Edorner. It won't wipe. I tried it already.
Sent from my GT-I9305 using XDA Premium 4 mobile app
koniiiik said:
As far as @Indirect's post goes, that should be risk-free – either it does work, or it doesn't do anything. I don't see how it could harm your phone. Worst case, you end up with a /system/xbin/su binary that doesn't work due to wrong privileges (or owner information), in which case you should be able to just remove it and start over.
Click to expand...
Click to collapse
So, as promised, I tried the "adb remount" command on my device and it did not work.
Code:
adb remount
remount failed: Operation not permitted
However "mount -o remount,rw -t ext4 /dev/block/mmcblk0p38 /system" in root shell (acquired by temproot) worked like a charm And the modifications to /system performed afterwards turned out to be permanent. So in the end I was able to gain root without using a custom recovery.
Based on my experiences, I created a guide which summarizes all the steps necessary to S-OFF and root a completely stock device without using HTCDev unlock and custom recoveries.
I investigated a bit as to why "adb remount" would not work, and found two interesting topics on XDA about the issue:
[2013.05.24][ROOT] adbd Insecure v1.30
Can't get ADB Root Access in certain ROMs?
In short, "adb remount" is only available if the ADB daemon is run in "insecure" mode in a particular ROM. And unfortunately our stock ROMs seem to use secure ADB.
edorner said:
So, as promised, I tried the "adb remount" command on my device and it did not work.
Code:
adb remount
remount failed: Operation not permitted
However "mount -o remount,rw -t ext4 /dev/block/mmcblk0p38 /system" in root shell (acquired by temproot) worked like a charm And the modifications to /system performed afterwards turned out to be permanent. So in the end I was able to gain root without using a custom recovery.
Based on my experiences, I created a guide which summarizes all the steps necessary to S-OFF and root a completely stock device without using HTCDev unlock and custom recoveries.
I investigated a bit as to why "adb remount" would not work, and found two interesting topics on XDA about the issue:
[2013.05.24][ROOT] adbd Insecure v1.30
Can't get ADB Root Access in certain ROMs?
In short, "adb remount" is only available if the ADB daemon is run in "insecure" mode in a particular ROM. And unfortunately our stock ROMs seem to use secure ADB.
Click to expand...
Click to collapse
Fantastic guide, I just read it and wow.
Also, good to know that particular procedure disables the write protection. I'll have to investigate this sometime, because just now I tried and found out that on my device, the changes to /system are rolled back as soon as I remount /system read-only again. Maybe if I left it read-write all the time, they would persist as well...? I'll have a closer look at this later.
koniiiik said:
Fantastic guide, I just read it and wow.
Also, good to know that particular procedure disables the write protection. I'll have to investigate this sometime, because just now I tried and found out that on my device, the changes to /system are rolled back as soon as I remount /system read-only again. Maybe if I left it read-write all the time, they would persist as well...? I'll have a closer look at this later.
Click to expand...
Click to collapse
Thanks
Hm... Strange...
Instead of manually remounting /system as "ro", I simply rebooted the device. (What can I say, I am hopelessly lazy ) After the reboot I checked the permissions of /system by issuing the "mount" command without any parameters. It showed that it was remounted using the original settings:
Code:
/dev/block/mmcblk0p38 /system ext4 ro,noatime,data=ordered 0 0
So in theory, rebooting instead of manually remounting as "ro" should not make any difference. But who knows
After the reboot, I checked the changes I made to /system previously, and fortunately they did not disappear. (su was still there, I could successfully copy it, and execute it.)
Since then, I've performed a couple more reboots and at least one full shutdown-startup cycle as well. And I still have not lost any changes.
Please let me know if you find something out! I am very interested.