The ICS404root script package has a fatal bug if a broken su already exists. Here's what happened on my D4.
I had root working fine on the GB version that shipped when I got the phone
I updated my stock (but rooted) D4 to 6.13.219 using normal OTA update and like an idiot, I forgot to use a root-keeper.
Confirmed root was broken as expected
Updated to ICS with "D4 6.16.217.zip". (I did no wipes other than the cache partition).
Everything worked fine and ICS is up and running
I ran the ICS404root.zip script package and get the following:
Code:
ICS404root # sh linux_runme_root_script.sh
Pushing files from root package to device...
4393 KB/s (586212 bytes in 0.130s)
4554 KB/s (1862336 bytes in 0.399s)
15 KB/s (660 bytes in 0.042s)
473 KB/s (22364 bytes in 0.046s)
Removing local copies.
Setting permissions.
Rebooting device...
Waiting for device to boot...
Attempting to place su binary on /system...
debugfs 1.42 (29-Nov-2011)
debugfs: debugfs: write: The file 'su' already exists
debugfs: debugfs: debugfs: debugfs: Cleaning up...
Rooting completed, must reboot.
Rebooting device...
Rooted.
So I have an old broken root on my phone, and this breaks the root script. I tried reinstalling superuser, but could only "uninstall updates" rather than uninstalling. (Uninstalling updates and re-installing them did not work.) I tried installing busybox but got root denied messages.
I *really* don't want to wipe my /system to fix this. Can the script be modified to deal with pre-existing su binaries?
UPDATE: (partially solved)
I ran debugfs in interactive mode and did a
Code:
debugfs: cd xbin
debugfs: rm su
debugfs: cd ..
debugfs: cd bin
debugfs: rm su
Then I completed the root hack manually and rebooted. I then updated Superuser and ran Titanium since I saw somewhere in a thread the TB will correct permissions on the su binary if they were funky. Sure enough it changed su from 4755 to 6755. After a reboot, everything was fine!
So... Root is attainable on ICS in the presence of a broken GB root, but the script should still be updated to deal with this.
ryanmcdonald said:
UPDATE: (partially solved)
I ran debugfs in interactive mode and did a
Code:
debugfs: cd xbin
debugfs: rm su
debugfs: cd ..
debugfs: cd bin
debugfs: rm su
Then I completed the root hack manually and rebooted. I then updated Superuser and ran Titanium since I saw somewhere in a thread the TB will correct permissions on the su binary if they were funky. Sure enough it changed su from 4755 to 6755. After a reboot, everything was fine!
So... Root is attainable on ICS in the presence of a broken GB root, but the script should still be updated to deal with this.
Click to expand...
Click to collapse
looks like i have the same issue except i got there a different way. i did use rootkeeper (though didn't do temp unroot before allowing OTA update to run), so i lost root when going to ics. not a big deal though, as the ics404root util worked fine to re-root.
well, i was having some odd issues like no sound when getting an sms, among others, so decided to do factory reset (without unrooting first). su is gone from the app drawer, but apparently it's still there as i get the same "debugfs: debugfs: write: The file 'su' already exists". i had to add a pause to the end of the batch file to be able to see that message, since it quits whether it worked or not, and you never see it.
i'm not familiar with what you mentioned about running debugfs in interactive. i tried using adb shell to poke around to see if i could find su and mv it to a .bak or something, but my linux command line skills are apparently too rusty. i found su in /system, but since /system is mounted as read only, i can't do anything. i eventually figured out how to get into interactive mode (forgot i had to specify the full path to debugfs since it's not in the default search path), but it tells me fs not open. i try to open, but i don't know what to give it for things like block size, etc:
Code:
[email protected]_maserati:/ $ /data/local/12m/debugfs
/data/local/12m/debugfs
debugfs 1.42 (29-Nov-2011)
debugfs: cd xbin
cd xbin
cd: Filesystem not open
debugfs: open_filesys
open_filesys
open_filesys: Usage: open [-s superblock] [-b blocksize] [-c] [-w] <device>
when looking around in adb shell, i could only find an su in /system/xbin - if i could come up with a way to delete this via adb, i think i could just run the regular root script and be done. any ideas?
still broken. i found a command that let me remount /system as rw, then i used rm su and verified it was gone w/ ls. re-ran ics404root batch file. no errors this time, but still no root on the phone. it seems to be putting su in there, but apparently it's corrupt. the way i check for root is to simply start titanium. right away it says it couldn't get root privileges.
Code:
C:\temp\droid4\ICS404root>adb shell
[email protected]_maserati:/ $ su
su
[email protected]_maserati:/ # mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /syste
m
2 /dev/block/mtdblock3 /system <
[email protected]_maserati:/ # cd /system/xbin
cd /system/xbin
[email protected]_maserati:/system/xbin # ls s*
ls s*
script
scriptreplay
sed
sendmail
seq
setarch
setconsole
setfont
setkeycodes
setlogcons
setsid
setuidgid
sh
sha1sum
sha256sum
sha512sum
showkey
slattach
sleep
smemcap
softlimit
sort
split
start-stop-daemon
stat
strings
stty
su
su.bak
sulogin
sum
sv
svlogd
swapoff
swapon
switch_root
sync
sysctl
syslogd
[email protected]_maserati:/system/xbin # rm su
rm su
[email protected]_maserati:/system/xbin # ls s*
ls s*
script
scriptreplay
sed
sendmail
seq
setarch
setconsole
setfont
setkeycodes
setlogcons
setsid
setuidgid
sh
sha1sum
sha256sum
sha512sum
showkey
slattach
sleep
smemcap
softlimit
sort
split
start-stop-daemon
stat
strings
stty
su.bak
sulogin
sum
sv
svlogd
swapoff
swapon
switch_root
sync
sysctl
syslogd
[email protected]_maserati:/system/xbin # rm su.bak
rm su.bak
[email protected]_maserati:/system/xbin # ls s*
ls s*
script
scriptreplay
sed
sendmail
seq
setarch
setconsole
setfont
setkeycodes
setlogcons
setsid
setuidgid
sh
sha1sum
sha256sum
sha512sum
showkey
slattach
sleep
smemcap
softlimit
sort
split
start-stop-daemon
stat
strings
stty
sulogin
sum
sv
svlogd
swapoff
swapon
switch_root
sync
sysctl
syslogd
[email protected]_maserati:/system/xbin # exit
exit
[email protected]_maserati:/ $ exit
exit
i have modified the batch file. i turned echo on and rem'd out the delete statements so i could see what was going on and so i wouldn't have to unzip it every time i tried it. (why does it delete the local stuff anyway?) i also added a pause at the end.
Code:
C:\temp\droid4\ICS404root>echo Connect your phone via USB to your PC and be sure
Connect your phone via USB to your PC and be sure
C:\temp\droid4\ICS404root>echo it ISN'T set to mount as a mass storage device.
it ISN'T set to mount as a mass storage device.
C:\temp\droid4\ICS404root>echo (ENTER to continue or push Ctrl-C to exit)
(ENTER to continue or push Ctrl-C to exit)
C:\temp\droid4\ICS404root>pause
Press any key to continue . . .
C:\temp\droid4\ICS404root>echo "Pushing files from root package to device..."
"Pushing files from root package to device..."
C:\temp\droid4\ICS404root>adb push busybox /data/local/12m/
2434 KB/s (586212 bytes in 0.235s)
C:\temp\droid4\ICS404root>adb push debugfs /data/local/12m/
2774 KB/s (1862336 bytes in 0.655s)
C:\temp\droid4\ICS404root>adb push rooter /data/local/12m/
71 KB/s (660 bytes in 0.009s)
C:\temp\droid4\ICS404root>adb push su /data/local/12m/
1818 KB/s (22364 bytes in 0.012s)
C:\temp\droid4\ICS404root>echo "Removing local copies."
"Removing local copies."
C:\temp\droid4\ICS404root>rem del busybox
C:\temp\droid4\ICS404root>rem del debugfs
C:\temp\droid4\ICS404root>rem del rooter
C:\temp\droid4\ICS404root>rem del su
C:\temp\droid4\ICS404root>echo "Setting permissions."
"Setting permissions."
C:\temp\droid4\ICS404root>adb shell chmod 755 /data/local/12m/busybox
C:\temp\droid4\ICS404root>adb shell chmod 755 /data/local/12m/debugfs
C:\temp\droid4\ICS404root>adb shell chmod 755 /data/local/12m/rooter
C:\temp\droid4\ICS404root>adb shell chmod 755 /data/local/12m/su
C:\temp\droid4\ICS404root>adb shell mv /data/local/12m/batch /data/local/12m/bat
ch.bak
C:\temp\droid4\ICS404root>adb shell ln -s /dev/block/mmcblk1p20 /data/local/12m/
batch
C:\temp\droid4\ICS404root>echo "Rebooting device..."
"Rebooting device..."
C:\temp\droid4\ICS404root>adb reboot
C:\temp\droid4\ICS404root>echo "Waiting for device to boot..."
"Waiting for device to boot..."
C:\temp\droid4\ICS404root>adb wait-for-device shell /data/local/12m/rooter
Attempting to place su binary on /system...
debugfs 1.42 (29-Nov-2011)
debugfs: debugfs: Allocated inode: 4359
debugfs: debugfs: debugfs: debugfs: Cleaning up...
Rooting completed, must reboot.
C:\temp\droid4\ICS404root>adb shell rm /data/local/12m/rooter
C:\temp\droid4\ICS404root>echo "Rebooting device..."
"Rebooting device..."
C:\temp\droid4\ICS404root>adb reboot
C:\temp\droid4\ICS404root>echo "Rooted."
"Rooted."
C:\temp\droid4\ICS404root>rem del AdbWinUsbApi.dll
C:\temp\droid4\ICS404root>rem del AdbWinApi.dll
C:\temp\droid4\ICS404root>rem del adb.exe
C:\temp\droid4\ICS404root>rem del linux_runme_root_script.sh
C:\temp\droid4\ICS404root>del
The syntax of the command is incorrect.
C:\temp\droid4\ICS404root>pause
Press any key to continue . . .
C:\temp\droid4\ICS404root>
i'm kinda stuck at this point, but at least my phone isn't bricked. but considering all the issues i've had w/ ICS (the separate notification and ringtone volumes which cannot be linked being the TOP of my sh*t list, right after the crappy dialer, the lousy SMS client (seriously, gray on black? i cant read that!) and the list goes on and on...) i'd honestly rather go back to stock rooted GB. chrome was the only other reason i wanted ics and it seemed to be pretty poorly implemented to me, so i have no more interest in ICS.
i almost wonder if it's worth intentionally bricking it and bringing it back to vzw for exchange, and hopefully the new one won't have ics yet.
ok, i am rooted again! i had to use the Droid 4 Utility ICS Only to do it. the links to the LITE version are broken, so i had to download the entire 600mb package, but it worked to root my phone. now to start reinstalling stuff w/ titanium!
Related
Sogarth's webtop2sd will be released soon, you really should wait and install that instead of this! Thanks -The Management
No longer breaks on 1.83, thanks to Romracer
Update: This script worked on my phone. Mind you I was installing it from a fresh SBF flash, but it should work on your phone too. Absolutely no guarantees as usual.
Update 11th April 2011, 06:59 PM: Won't be getting CWM package because it'd be huuuuuuuuuge.
Update 28th April 2011. 16:38 PM: Removing BETA tag since there have been no issues with the script for quite some time.
First off I would like to thank Sogarth for making this script in the first place as well as Romracer for fixing it for 1.83. Since he is busy doing more important work I decided to do this little hack for those of us that updated to 1.5.7 and dont feel like flashing back to earlier versions to get full Ubuntu working.
Again, this is only necessary if you're already running 1.5.7 or 1.8.3.
Secondly, I am still working on this script so it may not work for you. If you have a problem you may post in the thread or PM me showing exactly the error message, word for word, that you receive.
Updates will be included in the OP from time to time as I fix errors.
Instructions:
1) install.bat (from your computer)
2) adb shell (get a shell on your phone)
3) su (get root on your phone in that shell)
4) . /data/local/tmp/install.sh (run the install script *on your phone* don't forget the "." and the space after the dot, or you will have to chmod 755 the shell script manually)
5) ?????
6) profit\
Noob instructions, written by Viamonte (I take no credit or responsibility):
Thanks again for all your help. Now the noob instructions:
"1-Download "Terminal Emulator" from the market, on your phone (or any other terminal), and the file anexed in this thread to your computer.
2-Connect the Atrix to the computer via USB, configuring the connection mode to "None" and enabling USB Debugging mode (Settings>Applications>Development>USB debugging)
3-Unzip the file you downloaded on your pc, and run Install.bat. This will push the script to your phone.
4-Go back to your phone and open the emulator you downloaded. Then type "su" (without quotes) and press enter. Then type ". /data/local/tmp/install.sh" (without quotes) and press enter again.
The script should begin running now. It will stop in two moments where you'll be instructed to get a cup of coffee, and may take several minutes to continue form this point. When finished, the Atrix will reboot.
To check if this worked, use the Webtop either on your multimidia dock or your lapdock and verify if new itens appeared on your task bar and on the right upper side of the screen"
0.3.1 release
0.2 release
0.1 first release
Changelog
0.3.1 fix to gconf file's mdate so it does what its supposed to do =)
0.3 Small typo fixes and cpp package install fix by romracer, now works on 1.83 =)
0.2 Fixed some typos in uninstall.sh and make sure the %gconf file wound up in the right spot.
0.1 - first version. NOT CWM install but ready to be packaged for that more or less
Nice, I'll give this a shot later.
Ill give it a shot when I get home!
Sent from Motorola Atrix on TELUS.
My phone is working perfectly, so why not ruin it?
I'm giving this a try right now!
1.4.57 - Rooted and gingerblurred with HDMI Mirroring and Webtop hack.
I'll update as progress goes along:
Edit 1:
Initial try gave me this
Checking device state...
Obtaining temporary root access...pushing shell scripts
A filesystem file already exists. Reset it? [n] y
Mounting the filesystem...
07.sh
--------------------------------------------
EXECUTION FAILED
Unable to mount the filesystem file. ERR 07
--------------------------------------------
Press any key to continue . . .
Edit 2:
Ok, it doesnt work with resetting it. How about removing?
Checking device state...
Obtaining temporary root access...pushing shell scripts
A filesystem file already exists. Reset it? [n] n
A filesystem file already exists. Delete it? [n] y
Deleting the filesystem file...
--------------------------------------
EXECUTION FAILED
Unable to delete the filesystem file.
--------------------------------------
Press any key to continue . . .
Edit 3:
Ok, only one option left then.
Checking device state...
Obtaining temporary root access...pushing shell scripts
A filesystem file already exists. Reset it? [n] n
A filesystem file already exists. Delete it? [n] n
--------------------------------------------------------------------------
EXECUTION FAILED
The filesystem file already exists, but no operations have been selected.
--------------------------------------------------------------------------
Press any key to continue . . .
=====================================================================
Edit 4:
Since execution is failing I'm trying to find the problem. Using ADB Shell i tried to manually run the shell scripts and stumbled here:
(I tried chmod 777 @ 02.sh to see if that was the problem, no change is results)
# ls -l
...
...
-rwsr-sr-x shell shell 87 2011-04-06 12:13 03.sh
-rwxrwxrwx shell shell 82 2011-04-06 12:11 02.sh
-rwsr-sr-x shell shell 251 2011-04-06 12:04 01.sh
# pwd
pwd
/data/tmp/shell
# /data/tmp/shell/02.sh
/data/tmp/shell/02.sh
/data/tmp/shell/02.sh: not found
I had the same issue as flybob when I tried to run the script.
Sent from my MB860 using XDA Premium App
Good effort, but 1.57 changes how we have to run commands as root. On a normal linux box, I'm sure your methods would work fine, but we're not dealing with a normal su binary. You should look into doing this as CWM as opposed to .bat files. I had a hell of a time getting around the restrictions since the psneuter exploit was closed.
Ah, I did not think about that Ririal, thanks for the info. I am not familiar with CWM though.
Why is the /tmp directory in /data ? That would certainly cause every script to fail.
I'll look at this some more tonight.
Ririal said:
Good effort, but 1.57 changes how we have to run commands as root. On a normal linux box, I'm sure your methods would work fine, but we're not dealing with a normal su binary. You should look into doing this as CWM as opposed to .bat files. I had a hell of a time getting around the restrictions since the psneuter exploit was closed.
Click to expand...
Click to collapse
How about a shell script that we can run in terminal emulator ? and the output goes to screen and a log file for debug !
molotof said:
How about a shell script that we can run in terminal emulator ? and the output goes to screen and a log file for debug !
Click to expand...
Click to collapse
most of the script is now run by shell scripts, no reason you couldn't run them in the terminal emulator, just get the order right. There are also a few lines I didn't translate to shell so you'd have to enter them by hand.
In any case I'll keep working on this until Sogarth releases his version with union mounts =D
You might be interested to know this;
# cd /tmp
cd /tmp
# pwd
pwd
/data/tmp
# ls -l /tmp
lrwxrwxrwx root root 2011-04-09 14:47 tmp -> /data/tmp
I'll happily help with the script, i know tons of linux and got my Atrix ready to be bricked
flybob said:
You might be interested to know this;
# cd /tmp
cd /tmp
# pwd
pwd
/data/tmp
# ls -l /tmp
lrwxrwxrwx root root 2011-04-09 14:47 tmp -> /data/tmp
I'll happily help with the script, i know tons of linux and got my Atrix ready to be bricked
Click to expand...
Click to collapse
That's just a symlinked directory. I won't make a difference if you call either.
Yes, just replied to the previous question
Why is the /tmp directory in /data ? That would certainly cause every script to fail.
I'll look at this some more tonight.
Click to expand...
Click to collapse
However, why doesn't the scripts run as wanted...?
# cat /tmp/shell/02.sh
cat /tmp/shell/02.sh
#!/bin/sh
/system/bin/su
/bin/rm /data/ubuntu.disk > /dev/null 2>&1 && echo PASS#
# ls -l /tmp/shell/02.sh
ls -l /tmp/shell/02.sh
-rwxrwxrwx shell shell 82 2011-04-06 12:11 02.sh
# /tmp/shell/02.sh
/tmp/shell/02.sh
/tmp/shell/02.sh: not found
flybob said:
Yes, just replied to the previous question
However, why doesn't the scripts run as wanted...?
# cat /tmp/shell/02.sh
cat /tmp/shell/02.sh
#!/bin/sh
/system/bin/su
/bin/rm /data/ubuntu.disk > /dev/null 2>&1 && echo PASS#
# ls -l /tmp/shell/02.sh
ls -l /tmp/shell/02.sh
-rwxrwxrwx shell shell 82 2011-04-06 12:11 02.sh
# /tmp/shell/02.sh
/tmp/shell/02.sh
/tmp/shell/02.sh: not found
Click to expand...
Click to collapse
Ah ok my mistake, you didn't quote anything I didn't realize that's what you were responding too
Likely noexec flag causing that issue.
Also, you can't invoke su from inside a shell script. It just doesn't work with this su binary.
yeah, I guess not. I hadn't realized that it wasn't a real 'su' before making this... too bad.
If anyone figures out how to get around that we'll be in business Unfortunately that's way beyond my expertise.
Okay, after fiddling a little bit and talking to a friend I may have solved some of the problems, mainly with the scripts executing and su working.
I will have to rewrite a bunch of things but should report back tonight.
the2dcour said:
Okay, after fiddling a little bit and talking to a friend I may have solved some of the problems, mainly with the scripts executing and su working.
I will have to rewrite a bunch of things but should report back tonight.
Click to expand...
Click to collapse
su -c "command"
You'll have to allow superuser on the phone for every single command.
PM'd you my error. I tried manually editing the permissions, but that didn't work.
Running on GladAtrix2 v3
USB debugging on; USB set to none
Checking device state...
Obtaining temporary root access...pushing shell scripts
-------------------------
EXECUTION FAILED
Unable to chmod scripts.
-------------------------
Press any key to continue . . .
Changed /sdcard-ext to /sdcard in script. Got this error
Checking device state...
Obtaining temporary root access...pushing shell scripts
-------------------------
EXECUTION FAILED
Unable to chmod scripts.
-------------------------
* server not running *
Press any key to continue . . .
Running BETA_ubuntu-1.0.6.4.zip. File extracts to BETA_ubuntu-1.0.6.2 directory. Ran ubuntu-1.5.7.bat
Moved BETA_ubuntu-1.0.6.2 to C:\ Same error
The only easy workaround to that I can see at the moment is to
Code:
adb shell
su
chmod 777 /path-to-scripts/*
ls -l /path-to-scripts/*
make sure all the files are executable (should say rwxrwxrwx)
then remove the bit of code from 1.5.7.bat
Code:
set retval=
for /f "tokens=*" %%l in ('%~dps0adb.exe shell "/bin/chmod 6755 /mnt/sdcard-ext/shell/* > /dev/null 2>&1 && echo PASS"') do set retval=%%l
if "%retval%" neq "PASS" set message=Unable to chmod scripts. && goto abort
If anyone can help me fix this problem I should be able to automate the chmod process using ririal's suggestion of su -c. The problem is that there are too many nested quotation marks in this section of the batch file, and I can't for the life of me figure out how to escape quotes so they pass through to adb:
Code:
set retval=
for /f "tokens=*" %%l in ('%~dps0adb.exe shell "/system/bin/su -c [U]'/bin/chmod 6755 /mnt/sdcard-ext/shell/*'[/U] > /dev/null 2>&1 && echo PASS"') do set retval=%%l
if "%retval%" neq "PASS" set message=Unable to chmod scripts. && goto abort
The underlined bit is where I need to escape either single or double quotes.
the2dcour said:
The only easy workaround to that I can see at the moment is to
Code:
adb shell
su
chmod 777 /path-to-scripts/*
ls -l /path-to-scripts/*
make sure all the files are executable (should say rwxrwxrwx)
then remove the bit of code from 1.5.7.bat
Code:
set retval=
for /f "tokens=*" %%l in ('%~dps0adb.exe shell "/bin/chmod 6755 /mnt/sdcard-ext/shell/* > /dev/null 2>&1 && echo PASS"') do set retval=%%l
if "%retval%" neq "PASS" set message=Unable to chmod scripts. && goto abort
If anyone can help me fix this problem I should be able to automate the chmod process using ririal's suggestion of su -c. The problem is that there are too many nested quotation marks in this section of the batch file, and I can't for the life of me figure out how to escape quotes so they pass through to adb:
Code:
set retval=
for /f "tokens=*" %%l in ('%~dps0adb.exe shell "/system/bin/su -c [U]'/bin/chmod 6755 /mnt/sdcard-ext/shell/*'[/U] > /dev/null 2>&1 && echo PASS"') do set retval=%%l
if "%retval%" neq "PASS" set message=Unable to chmod scripts. && goto abort
The underlined bit is where I need to escape either single or double quotes.
Click to expand...
Click to collapse
^ escapes batch, \ escapes shell. Hope this helps. If you zip up and send me the whole process in a single .sh file I can wrap it up in CWM for you.
Hi.
I've tried many times to root my LG2X with Z4root, UniversalAndRoot, Visionary and SuperOneClick since I've bought it but it failed each time.
I've seen the [Root] topic in the developpement thread but I can't post there (less than 10 posts...) but I want to help someone to root his/her mobile.
I've searched a long time a good way to do so without SuperOneClick (which doesn't respond with Windows Seven or Ubuntu 11.04) but there is none.
There we go...
Disclaimer : I can't be responsible if you break your phone, cancel your warranty or launch your LG2X on the wall in rage.
If you want, there is already SuperOneClick which run smoothly for many geeks : LG2X SuperOneClick Forum and SuperOneClick Forum
My HTC Magic had been rooted with the command line and I've tried myself to do so with every bit of informations and tips I could find on Internet.
I recommand to test the SuperOneClick method and if it fails, come test this with a Linux terminal (psneuter, su-v2, busybox and the SuperUser.apk can be found in the SuperOneClick archive) :
Code:
adb push psneuter /data/local/tmp
adb push su-v2 /data/local/tmp
adb push busybox /data/local/tmp
adb shell
$ busybox chmod +x /data/local/tmp/psneuter
$ /data/local/tmp/psneuter
adb remount
adb shell
# busybox mv /data/local/tmp/su-v2 /system/xbin/su
# busybox chmod 6755 /system/xbin/su
# busybox chown 0.0 /system/xbin/su
# busybox cp /system/xbin/su /system/bin/su
# busybox chown 0.2000 /system/bin/su
# busybox cp /data/local/tmp/busybox /system/xbin
# busybox chmod 0755 /system/xbin/busybox
# busybox chown 0.2000 /system/xbin/busybox
# exit
adb install Superuser.apk
adb reboot
And... Normally you have permanent root on your LG2X.
You can check the files permissions with
Code:
ls -l /system/xbin/su /system/bin/su
-rwsr-sr-x root root 26264 2011-04-23 20:07 su
-rwsr-sr-x root shell 26264 2011-04-23 23:20 su
It seems that /system/xbin/su isn't necessary at all. The su command which gave you the root is the one in /system/bin/. And I had some problems with /system/xbin, I've deleted the folder (with rm /system/xbin or mv /system/xbin /dev/null, I can't recall) and applied mkdir on it again.
If this can be of help, I'll update this later.
thanks for the detailed instructions, but super one click definitely works with win7 (64bit too) as long as you have the right drivers installed
Thanks but with Windows Seven 64 bits, Linux ou Windows Seven 32 bits with Virtualbox I end up with "SuperOneClick doesn't respond" or stuck on with "chmod psneuter" (with the drivers properly installed).
It's only an alternative solution if SuperOneClick doesn't run properly for another guy.
Thanks a lot for that tips.
The problem I have now is that su isn't persistant.
When I use
$ su
It hangs up few seconds... and says "Permission denied"
I've used su-v2
Here are the su permission :
-rwsr-sr-x root shell 26324 2011-02-13 14:43 su
Is there a more up-to-date su, that will maybe fix the problem ?
Thanks.
EDIT :
Ok.
The wait time seems to come from SuperUser, I've removed it.
Now I have directly the "permission denied", and "stat failed with 2: No such file or directory" in the logcat.
Maybe that can help.
Hannes The Hun said:
thanks for the detailed instructions, but super one click definitely works with win7 (64bit too) as long as you have the right drivers installed
Click to expand...
Click to collapse
It didn't for me (after installing nightly 51)
With the step-by-step instructions I get "Failed to set prot mask (inappropriate ioctl for device)" when trying to execute psneuter.
Hi.
Sorry for the wait.
Have you resolved your problem with your rooting?
** Update ****************
************************
Posted a .zip with scripts for both Windows and *nix users to automate the process.
Linux:
-----
Unzip the contents of the attached ICS404root.zip anywhere on your computer and run the script aptly named "runme_root_script.sh". It should take care of the rest. Make sure you have USB Debugging enabled and you put the phone in Camera mode, not mass storage device.
Windows:
---------
Unzip ICS404root.zip wherever you want and then run "rootscript.bat". Make sure you have USB Debugging enabled and you put the phone in Camera mode, not mass storage device.
*************************
*************************
Credit to miloj for finding this technique on the Transformer. (See the thread noted below and be sure to thank him!) I modified it to work on our devices.
http://forum.xda-developers.com/showthread.php?t=1704209
I'll put together a script to automate this process shortly, but if you're antsy like me, here's the lowdown:
1. Download the following files:
su: http://db.tt/ShPzea6I
debugfs: http://db.tt/bGFh43LZ
2. Save the two files downloaded above on /sdcard. (ie: mount your sdcard in windows and copy them over, or "adb push" them to /sdcard).
**Make sure you have your phone on Mount Camera mode, not as a mass storage device; otherwise, you won't be able to access your /sdcard directory via adb. **
3. In a linux terminal/Windows command prompt:
Code:
adb shell
[email protected]_maserati:/ $ cd /sdcard
[email protected]_maserati:/ $ cp su /data/local/12m/
[email protected]_maserati:/ $ cp debugfs /data/local/12m/
[email protected]_maserati:/ $ cd /data/local/12m
[email protected]_maserati:/ $ chmod 755 debugfs
[email protected]_maserati:/ $ chmod 755 su
[email protected]_maserati:/ $ mv batch batch.bak
[email protected]_maserati:/ $ ln -s /dev/block/mmcblk1p20 batch
[email protected]_maserati:/ $ exit
adb reboot
4. While you are waiting for the phone to reboot, type the following into your terminal/command window:
Code:
adb wait-for-device shell
5. Once you're back into the android shell:
Code:
[email protected]_maserati:/ $ cd /data/local/12m
[email protected]_maserati:/ $ rm batch
[email protected]_maserati:/ $ mv batch.bak batch
[email protected]_maserati:/ $ /data/local/12m/debugfs -w /dev/block/mmcblk1p20
(The following is entered at the "debugfs:" prompt)
debugfs: # cd xbin
debugfs: # write /data/local/12m/su su
debugfs: # set_inode_field su mode 0104755
debugfs: # set_inode_field su uid 0
debugfs: # set_inode_field su gid 0
debugfs: # quit
[email protected]_maserati:/ $ cd /data/local/12m
[email protected]_maserati:/ $ rm su
[email protected]_maserati:/ $ rm debugfs
[email protected]_maserati:/ $ exit
adb reboot
Done deal. Now you've got the "su" binary pushed to your /system partition and set with the proper permissions for execution. Download the Superuser app from the market and you're good to go. Make sure you update the su binary within the Superuser app as well to make sure you're up to date.
Awesome! Were you able to upgrade to the latest leak and not lose root? Btw, what carrier are you on? I figured out how to get tethering fully functional on rogers but the process requires root...
Sent from my XT894 running ICS
You bet. I had to fastboot the leaked .208 update over top of the .206 update yesterday because I messed up my /system partition; I had used the OTA Rootkeeper to keep root permissions when upgrading from .219 but had foolishly disabled it right before I bungled everything up.
So to sum it up, this method didn't require anything to be done before updating to the .208 leak; since it has nothing to do with the technical details of the kernel itself, I'm fairly certain it should work for the .200 or .206 leaks as well. Root permissions were obtained from a completely stock system.
I'm in Canada with Bell but it doesn't matter because I imported the phone from the US; Verizon is the only carrier that has this phone. At any rate, this method is pretty universal, it is preying on a vulnerability present in the stock init.rc file and I bet it would work on other phones such as the RAZR as well.
So we can confirm this is 100% working with Fastbooting back and moving to 208? If so I will probably jump on this immediately.
I am trying to do this method but I cant adb to detect my phone. Im on the .208 leak. Can anybody help?
Have you enabled USB Debugging in the Settings->Developer Options menu?
Rick#2 said:
Have you enabled USB Debugging in the Settings->Developer Options menu?
Click to expand...
Click to collapse
Yep.
Not able to reboot, trying manually...
Code:
debugfs: /data/local/12m/su: Permission denied
debugfs: su: File not found by ext2_lookup
debugfs: su: File not found by ext2_lookup
debugfs: su: File not found by ext2_lookup
Had to reboot manually twice. This is the only error message I received. Tried Superuser, but it stops.
I'm on .200 btw.
droidian1441 said:
Yep.
Click to expand...
Click to collapse
I'm having the same issue. I'm on the 208 leak. I start command prompt in windows then type "adb shell" and I get the "device not found" message. I enabled usb debugging and my phone is connected as mass storage.
Likewise, Reboot requires su access, manual only. When I go and run the write command in debugfs permission denied. Any ideas what would cause this? Based on the code shown in the first post, SU had been already acquired(# vs $), which makes me wonder here.
Die Bruine said:
Not able to reboot, trying manually...
Code:
debugfs: /data/local/12m/su: Permission denied
debugfs: su: File not found by ext2_lookup
debugfs: su: File not found by ext2_lookup
debugfs: su: File not found by ext2_lookup
Had to reboot manually twice. This is the only error message I received. Tried Superuser, but it stops.
I'm on .200 btw.
Click to expand...
Click to collapse
Looks like you're doing something wrong with the debugfs command; you don't want to enter /data/local/12m/su at that prompt.
Running su from any partition other than /system will lead to a permissions error, so you don't want to bother trying to execute it from the /data/local/12m location.
(The following is entered at the "debugfs:" prompt, ie: after executing /data/local/12m/debugfs -w /dev/block/mmcblk1p20; see step 5.)
Code:
debugfs: # cd xbin
debugfs: # write /data/local/12m/su su
debugfs: # set_inode_field su mode 0104755
debugfs: # set_inode_field su uid 0
debugfs: # set_inode_field su gid 0
debugfs: # quit
Grizzy3 said:
I'm having the same issue. I'm on the 208 leak. I start command prompt in windows then type "adb shell" and I get the "device not found" message. I enabled usb debugging and my phone is connected as mass storage.
Click to expand...
Click to collapse
Ive got the same situation over here. I can stick without root, just the fact that I would have it again would be just the single reason to do it. Lol.
Sent from my DROID4 using Tapatalk 2
Code:
debugfs 1.42 (29-Nov-2011)
debugfs: cd xbin
cd xbin
debugfs: write /data/local/12m/su su
write /data/local/12m/su su
/data/local/12m/su: Permission denied
Rick, that's what we're putting in. From the code you posted it shows that you had root access already. Do you have any other suggestions on this? Because that's the in and out I get.
---------- Post added at 04:57 AM ---------- Previous post was at 04:53 AM ----------
Problem resolved. Need to run the following code:
Code:
chmod 755 debugfs
chmod 755 su
Then continue with rooting.
gdeeble said:
From the code you posted it shows that you had root access already.
Click to expand...
Click to collapse
Not sure where you're making this assumption from. I just wrote the "#" symbol in there to signal where to start entering commands... though I suppose you're correct in pointing out that the "#" shows up on a root prompt. A smarter choice probably would have been "$".
Trust me, I'm not an idiot. I wouldn't have gone through the hassle of writing up the guide in the first post if it didn't work.
Didn't mean it that way, just looked like it already had root, which was what confused me. But thanks again for this. :-D
Tried it again. This time no errors and the phone rebooted. But now Superuser keeps on FC .
Reinstalled superuser, updated and busybox. Now rooted! Thnx.
BTW, you might wanna update the OP. Do not batch the commands under windows. I tried several times. I think there is something wrong with the timing. Manually entering all the commands in a shell works. But putting them in a batch will enter them too fast for ADB to handle (under Windows shell) I guess.
Die Bruine said:
BTW, you might wanna update the OP. Do not batch the commands under windows. I tried several times.
Click to expand...
Click to collapse
I don't know, it seemed to work fine for me with the script I made. Anyways, glad it worked out for you.
Now that we can re-root as well as (somewhat convolutedly) fastboot ourselves back on track, we're good to go.
droidian1441 said:
Ive got the same situation over here. I can stick without root, just the fact that I would have it again would be just the single reason to do it. Lol.
Sent from my DROID4 using Tapatalk 2
Click to expand...
Click to collapse
As stated in the guide, you need to be in camera mode not mass storage.
Sent from my DROID4 using XDA
I was trying to do it manually last night before the OP posted the batch file, and it was not working because I was in MTP instead of PTP. SO make sure you use PTP.
Put your phone in camera (PTP) mode for the USB connection and it should work fine. Also, after it completes, download Superuser from the market.
I ran Titanium Backup after everything and it told me it needed to fix my su binary permissions or something like that... I let it do its thing... Either way, IT WORKED!!!!!
I put it in camera mode and made sure usb debugging is enabled. Then I ran the script for windows. Still getting the device not found error throughout. Really don't know what's going on.
Sorry if this is known but I just saw this today and though some people might like to know. There's a link to Busybox within.
tizenexperts.com/2014/06/developers-install-busy-box-on-your-root-tizen-samsung-gear-smartwatch
.Killabyte said:
Sorry if this is known but I just saw this today and though some people might like to know. There's a link to Busybox within.
tizenexperts.com/2014/06/developers-install-busy-box-on-your-root-tizen-samsung-gear-smartwatch
Click to expand...
Click to collapse
Can't figure out the sdb instructions to actually install it?
lazer9 said:
Can't figure out the sdb instructions to actually install it?
Click to expand...
Click to collapse
Yeah I got the same issue here so apologies. I pushed the file to a couple directories and did "root on" then "sdb shell" to make sure but when it goes to install it complains about needing something like 188kb free space (the package is half that).
So yeah obviously a regular sdb install won't work and it seems I don't know which directory to have the package in when I try to install but that's all I got.
Recreation steps:
1) Ran sdb devices until device was listed (had usb debugging enabled on the gear being rooted running the original Gear Tizen release)
2) Ran sdb root on again to be paranoid
3) Ran sdb shell
4) Copied the file in to /home with "sdb push filename /home". Later on I tried the same thing using the Tizen SDK explorer function to a few more directories since that has drag and drop.
5) Ran the install command it has (rpm -i busybox-1.17.1-2.3.armv7l.rpm)
6) Got free space error. Grr'd.
Here's some of my log excluding the first part:
C:\tizen-wearable-sdk\tools>sdb push busybox-1.17.1-2.3.armv7l.rpm /home
pushed busybox-1.17.1-2.3.armv7l.rpm 100% 75KB
1 file(s) pushed. 0 file(s) skipped.
busybox-1.17.1-2.3.armv7l.rpm 1172 KB/s (76839 bytes in 0.064s)
C:\tizen-wearable-sdk\tools>sdb shell
sh-3.2# ls
bin dev home lost+found opt run smack system var
boot efs initrd media proc sbin srv tmp
csa etc lib mnt root sdcard sys usr
sh-3.2# cd home
sh-3.2# ls
abuild app busybox-1.17.1-2.3.armv7l.rpm developer root
sh-3.2# rpm -i busybox-1.17.1-2.3.armv7l.rpm
installing package busybox-1.17.1-2.3.armv7l needs 188KB on the / filesystem
Ok so someone clued me in to the missing mount command and now I can get it installed! But like the article states the only advantage I see immediately is a working VI from sdb shell. There's no icon created in the launcher. The only way I know it's installed is when I run the command it tells me and busybox is in the /bin directory. Now some more adventurous people may Google and find out how to manually install busybox packages so for those let me know if you find anything cool!
Here's the log. This was on the initial Tizen release with the root package installed.
C:\tizen-wearable-sdk\tools>sdb devices
* daemon not running. starting it now on port 26099 *
* daemon started successfully *
List of devices attached
412ba0e141019466 device SM-V700
C:\tizen-wearable-sdk\tools>sdb root on
Switched to 'root' account mode
C:\tizen-wearable-sdk\tools>sdb shell
sh-3.2# su
sh-3.2# mount -o remount,rw /
//The line above was the missing step.
sh-3.2# exit
//Then I go back to command prompt to push the package again to root.
C:\tizen-wearable-sdk\tools>sdb push busybox-1.17.1-2.3.armv7l.rpm /
pushed busybox-1.17.1-2.3.armv7l.rpm 100% 75KB
1 file(s) pushed. 0 file(s) skipped.
busybox-1.17.1-2.3.armv7l.rpm 1316 KB/s (76839 bytes in 0.057s)
C:\tizen-wearable-sdk\tools>sdb shell
sh-3.2# mount -o remount,rw /
sh-3.2# rpm -i busybox-1.17.1-2.3.armv7l.rpm
package busybox-1.17.1-2.3.armv7l is already installed
sh-3.2# mount -o remount,rw /
sh-3.2# reboot
Rebooting.
The guy that gave me the said to do this again after. I imagine you might need to do this anytime you try to play around with Busybox if you don't see files listed when you do an "ls -a" or get permission errors:
sdb root on
sdb shell
sdb mount -o remount,rw /
exit
Hope this helps someone.
I replaced old /system/bin/toybox with a new binary from http://landley.net/toybox/bin then I created symlinks with for i in $(./toybox); do ln -s toybox $i. There is su in symlinks.
Now I cannot open Magisk anymore, stuck at splash screen mask.
Also MiXplorer cannot browse root dirs.
With Terminal Emulator I can still browse root dirs.
If I type which su I get /sbin/su which is a symlink to /sbin/magisk.
I have not yet tried to reboot because I fear to get stuck, maybe it would repair by itself but who knows?
If I type whoami I get bad uid 0, after su shell I get bad uid 2000 and so on.
How can I restore root? I can access TWRP recovery.
how about /sbin/su -c unlink /system/bin/su or wherever you symlinked toybox applets?
are you sure that binary is actually a replacement including all android specific applets (like getevent) for built-in toybox?
why did you replace system files in first place if you're actually on Magisk and could just use systemless overlays instead?
If I try to unlink it says it's read-only file system. I could try to do it in recovery but I'm afraid to reboot...
What is strange is that which su points to /sbin/magisk, so it should not consider the other su symlink to toybox
Another thing I noticed is that new symlink to toybox created with my script are root both UID and GID, while existing ones are root UID and shell GID
Toybox binary is specific for my Android ARMv8 http://landley.net/toybox/downloads/binaries/0.8.9/toybox-aarch64.
You are right about systemless overlays.
aarch64 is only the cpu architecture, doesn't say anything about android.
how did you install toybox on read-only file system? remount -o,rw /
ok, however the arch is right for my Snap855, I tried other applets embedded in toybox, like factor, and they work.
I used MiXplorer to write to system, I gave it root permissions so it could work on it. Now MiX is unarmed and Terminal Emulator can only read into root dirs but not write.
quick check with my toybox yours is missing all android specific applets
Code:
:/ $ cd $HOME
:/data/user/0/jackpal.androidterm/app_HOME $ ls -la
total 780
drwxrwx--x 2 u0_a152 u0_a152 4096 2023-01-30 14:46 .
drwxr-x--x 6 u0_a152 u0_a152 4096 2023-01-28 01:58 ..
-rwx--x--x 1 u0_a152 u0_a152 783680 2023-01-30 14:24 toybox
:/data/user/0/jackpal.androidterm/app_HOME $ ./toybox --version
toybox 0.8.9
:/data/user/0/jackpal.androidterm/app_HOME $ toybox --version
toybox 0.7.6-android
:/data/user/0/jackpal.androidterm/app_HOME $ for i in $(toybox); do ./toybox | grep -qw $i || echo $i; done
chcon
dd
diff
expr
getenforce
getfattr
gzip
load_policy
lsof
modprobe
more
restorecon
runcon
sendevent
setenforce
setprop
start
stop
stty
tr
traceroute
traceroute6
you should reinstall stock toybox from TWRP backup.
edit: this might help
Code:
:/ $ ls -lZ /system/bin/toybox
-rwxr-xr-x 1 root shell u:object_r:toolbox_exec:s0 352532 2008-12-31 17:00 /system/bin/toybox
I renamed the old toybox, so I could restore it from recovery.
Btw, I get this with ls -lZ
-rwxr-xr-x 1 0 2000 ? 825176 2023-01-29 07:34 /system/bin/toybox
Seem to have lost context there.
Thanks for your quick replies.
either you're on Jelly bean or you lost secontext. repair with chcon
Code:
chcon u:object_r:toolbox_exec:s0 /system/bin/toybox
You are right, new toybox does not have specific Android applet, like chcon or restorecon.
So, please correct me if I'm wrong, I reboot in TWRP, restore old toybox.
Then should I run chcon / restorecon or reboot straight away?
I lost secontext in all root dirs /, /system, /vendor, /sdcard...
not sure what ROM you're talking about. maybe you used ls of wrong toybox?
Don't understand your answer, what ROM are you referring to?
If I ./"toybox old" restorecon I get restorecon: Needs 1 argument (see "restorecon --help")
If I restorecon I get toybox: Unknown command restorecon (see "toybox --help")
Please advise me if it's right to restore old toybox via TWRP and reboot to system or there's the need to chcon / restorecon, thanks
please give the output of
Code:
grep ro.build.fingerprint /system/build.prop /system*/system/build.prop
it's very unlikely you lost every secontext. either it never existed or you just can't view.
restorecon won't help you much. only restoring TWRP backup could restore secontext as it was before.
grep ro.build.fingerprint /system/build.prop
ro.build.fingerprint=Xiaomi/cepheus_eea/cepheus:10/QKQ1.190825.002/V11.0.9.0.QFAEUXM:user/release-keys
ro.build.fingerprint_real=Xiaomi/cepheus/cepheus:10/QKQ1.190825.002/20.7.2:user/release-keys/1593694646
so your ROM is stock ROM Android 10 it must have secontext of course. in case it's true you lost every secontext best is download cepheus_eea_global_images_V11.0.9.0.QFAEUXM_20200421.0000.00_10.0_eea_31715f4bd1.tgz and flash_all_except_storage.bat
(you can backup boot in TWRP beforehand and flash boot.emmc.win from fastboot right after)
edit: build.prop usually is in /system(_root)/system/build.prop on new devices, so most likely what you think is build.prop is just from the TWRP image used.
maybe you didn't mount System?
Resolved
Rebooted into TWRP, restored original toybox, deleted my symlinks, checked secontexts ok, rebooted to system, all fine.
Thank for your support
you can place toybox in /data/adb/modules/toybox/system/xbin/toybox, make a diff and only symlink missing applets in there.
then create modules.prop, reboot and done.