[DEV][TOOL] Generic SBK dumper [Source included] - LG Optimus 4X HD

Generic Nvidia Tegra Secure Boot Key Dumper, v0.4
**************************************
YOU MUST GET ROOT BEFORE PROCESSING!!!
This is a temp memory only fix, after you reboot your phone, everything will restore to it's original status. So it WILL NOT brick your phone at all!
**************************************
I am not sure it work for your devices or not, because I only get a SU660 device!
So , you must knew that P880 use a Secure Boot Key to encrypt its nflash communication, if you don't know the SBK, you can't use nvflash backup/restore your partitions.
I found that in the linux kernel, there is some protection that block the user try to read out SBK when the phone in "odm_production" status. So I designed a little software try to patch the phone RAM to bypass the protection.
This is a kernel patcher which will remove the protection when trying to read /sys/firmware/fuse/secure_boot_key
The dumper will patch the kernel in memory, and let you show the secure_boot_key.
Hope it work for all tegra devices.
Usage:
1. adb push dumpSBK /data/local/
2. adb shell
su
chmod 0777 /data/local/dumpSBK
/data/local/dumpSBK
After that, you can
4. cat /sys/firmware/fuse/secure_boot_key
dumpSBK will search the first 1MB physical address(which kernel will be there), and try to patch it.
Usage: dumpSBK [star_mem_addr in KB]
for example: dumpSBK 32
which will search the 32KB~1MB physical memory.
2012/12/31:
re-compile it with -static switch, so it can run on all android platform.
update instructions.
2013/01/01:
modify the program, and let you select which memory range to patch.
usage: dumpSBK [start_memory_addr] [end_memory_addr]
for example: dumpSBK 1 1024
which will search 1MB ~ 1024MB memory and try to patch the kernel.
2013/01/01:
v0.3 add more error detection in the file.
2013/01/06:
v0.4 wil search the first 1MB physical memory, you can specify the start_address , for example dumpSBK 32
and update the search pattern , it will fit for more compiler options.
2013/01/07:
Secure_Boot_Key Dumper for tegra2/tegra3 v0.1
1. adb push ss.ko /sdcard/
2. adb shell
su
cd /sdcard/
insmod ss.ko
dmesg
3. at the end of dmesg, you should see the secure_boot_key.....
2013/01/08:
v0.2 dump all known fuses.....

If you get a error:
Kernel patching failed! Abort....
that means your device kernel has a differnt tegra source code, or compiled with a different compiler........
Please let me know which kernel source code and compiler / compile switch it used.

marsgod said:
If you get a error:
Kernel patching failed! Abort....
that means your device kernel has a differnt tegra source code, or compiled with a different compiler........
Please let me know which kernel source code and compiler / compile switch it used.
Click to expand...
Click to collapse
will it hard brick the phone???

razerblade17 said:
will it hard brick the phone???
Click to expand...
Click to collapse
Do you want to try and find out? I certainly don't.
I like my phone and don't want to end up with an expensive paperweight instead :banghead:

SimonTS said:
Do you want to try and find out? I certainly don't.
I like my phone and don't want to end up with an expensive paperweight instead :banghead:
Click to expand...
Click to collapse
i'd have tried if i didnt sell mine
plus this wont brick the device
nothing can since bootloader's lock so u practically cant mess up anything that matters for booting up

The Troll said:
i'd have tried if i didnt sell mine
plus this wont brick the device
nothing can since bootloader's lock so u practically cant mess up anything that matters for booting up
Click to expand...
Click to collapse
Yep, i think Troll isn't trolling us i would try it out ,but i'm waitin' for my LG, factory reset via recovery bricked it.

This is a temp memory only fix, after you reboot your phone, everything will restore to it's original status. So it WILL NOT brick your phone at all!
The patcher will patch a single byte in your phone RAM, it will not modify any bit in your NAND Flash.

C:\adb>adb shell chmod 0777 /data/local/dumpSBK
Unable to chmod /data/local/dumpSBK: Operation not permitted
I got this

Here is a log of what happened, after I ran the program on my 4X with 10H F/W:
[email protected]:/data/local # /data/local/dumpSBK
/data/local/dumpSBK
[1] + Stopped (signal) /data/local/dumpSBK
[email protected]:/data/local # cat /sys/firmware/fuse/secure_boot_key
cat /sys/firmware/fuse/secure_boot_key
[1] + Segmentation fault /data/local/dumpSBK
Click to expand...
Click to collapse

^ You guys have rooted phone and debugging turned on? maybe that's why these errors.

phone rooted, recheked with root checker.
I have debuging mode one.
But i cant push files to /data/local/
C:\o4xr>adb push dumpSBK /data/local/
push: dumpSBK/Readme.txt -> /data/local/Readme.txt
failed to copy 'dumpSBK/Readme.txt' to '/data/local/Readme.txt': Permission deni
ed
Click to expand...
Click to collapse
So i put those files there with es file explorer and try to run second comand:
C:\o4xr>adb shell chmod 0777 /data/local/dumpSBK
Unable to chmod /data/local/dumpSBK: Operation not permitted
Click to expand...
Click to collapse
Who can explain why?

s7ar73r said:
phone rooted, recheked with root checker.
I have debuging mode one.
But i cant push files to /data/local/
So i put those files there with es file explorer and try to run second comand:
Who can explain why?
Click to expand...
Click to collapse
uhmm
as i seem to recall, the hello world rooting method *only known method* turns on access to that location..
thats where superuser and binaries are added
so if im correct u'd be able to push it if u follow the rooting method and adding the commands to the root.bat *or whatever its name it* that we run in pc by using notepad or anything..
so it should reroot and push ur desired file as well
*again, dun remember, been months but im sure hello world/backuptest thingy will be useful*

k1337Ultra said:
Here is a log of what happened, after I ran the program on my 4X with 10H F/W:
Click to expand...
Click to collapse
I get the this,too.
the v1 patch did not completely work.

The Troll said:
uhmm
as i seem to recall, the hello world rooting method *only known method* turns on access to that location..
thats where superuser and binaries are added
so if im correct u'd be able to push it if u follow the rooting method and adding the commands to the root.bat *or whatever its name it* that we run in pc by using notepad or anything..
so it should reroot and push ur desired file as well
*again, dun remember, been months but im sure hello world/backuptest thingy will be useful*
Click to expand...
Click to collapse
Its not the only known method... but now I don't have time, even to think... I just woke up and came to the computer.
You need to think widder
Gonna back to sleep :angel:

k1337Ultra said:
Here is a log of what happened, after I ran the program on my 4X with 10H F/W:
Click to expand...
Click to collapse
En.... I think it is due to I compiled the dumpSBK with 4.1.2 android, so it will not work on a ICS rom... I will check it later...

s7ar73r said:
C:\adb>adb shell chmod 0777 /data/local/dumpSBK
Unable to chmod /data/local/dumpSBK: Operation not permitted
I got this
Click to expand...
Click to collapse
You MUST root your device.
then type
adb root
to get the adb rooted work.
Of couse, you must have your device USB debug ON.

please do all the steps the right way , starting with the OP instruction you the right way.
OP is assuming we got a "unsecure" booted device, which we have not exactly due to the locked bootloader.
so its pointless to write "root" instruction froms adb when the device is in secure mode. OP is now told and should update the instructions, thank you.
ignore all the "adb shell" instruction and log into the device with "adb shell" once only.
in that shell which is opened execute the "su", so you get a root # prompt.
then run instructions given and skip all "adb shell" infront.
thats it, good luck.
edit:
adb remount,adb root and running root commands only work on unsecure devices , we got ro.secure=1 here and adb not allowed to run root commands

i think it's better toroot Your 4X with Dexter http://forum.xda-developers.com/showpost.php?p=30574547&postcount=85 because it doesn't have any issues, for me with 1st root method for example titanium backup wasn't working.
@marsgod, yep - we don't have 4.1.2 but 4.0.3, but u can leave this version because we'll get 4.1.2 in january

k1337Ultra said:
Here is a log of what happened, after I ran the program on my 4X with 10H F/W:
Click to expand...
Click to collapse
[email protected]:/data/local # /data/local/dumpSBK
/data/local/dumpSBK
[1] + Stopped (signal) /data/local/dumpSBK
[email protected]:/data/local # cat /sys/firmware/fuse/secure_boot_key
cat /sys/firmware/fuse/secure_boot_key
[1] + Segmentation fault /data/local/dumpSBK
i have same result . segmentation fault
whats wrong?

bullghost said:
[email protected]:/data/local # /data/local/dumpSBK
/data/local/dumpSBK
[1] + Stopped (signal) /data/local/dumpSBK
[email protected]:/data/local # cat /sys/firmware/fuse/secure_boot_key
cat /sys/firmware/fuse/secure_boot_key
[1] + Segmentation fault /data/local/dumpSBK
i have same result . segmentation fault
whats wrong?
Click to expand...
Click to collapse
after adb shell type su, u should have [email protected], not [email protected]
@edit so... anyone tested it in right way?

Related

cat /sdcard/su > su

I am using the PRS complete rooting guide. And when it tells me to type cat /sdcard/su > su, i am getting this error message - cat: can't open '/sdcard/su': No such file or directory.
Can anyone help with this?
Do you have su on your sdcard?
use unrevoked. one click root
just use the one click method by unrevoleved its easier
Su is not on the SD card. The sd card is a brand new PNY card. I have Su in the sdk/tools folder.
Then obviously, that command will not work. Use the unrevoked method if you are unsure what these commands do/how they work. Less headache on your end.
where is it located?
maybe i'm missing something obvious, but why pipe the text rather than just copy the file?
Sorry if this is the wrong place, but that command is curious.
This is what it's asking me to do.
From PRS Complete Rooting Guide
Now type the following commands to make it persistent through reboot
Code:
adb shell
su
export PATH=$PATH:/system/bin
cd /system/app
cat /sdcard/Superuser.apk > Superuser.apk
cd /system/bin
cat /sdcard/su > su
ln -s /system/bin/su /system/xbin/su /* IF YOU GET AN ERROR HERE DO rm /system/xbin/su THEN REDO */
chmod 06755 su
k_flan said:
maybe i'm missing something obvious, but why pipe the text rather than just copy the file?
Sorry if this is the wrong place, but that command is curious.
Click to expand...
Click to collapse
I don't know what that guide does, but it doesn't seem right --- it'll mess up the privs, that's why the old root was written as an update-payload.
It's redirected I/O since you can't copy across filesystem boundaries -- ie /sdcard to a different mountpoint.
So if I reboot my phone now, do you think I'll lose root and have to start over?
csills said:
So if I reboot my phone now, do you think I'll lose root and have to start over?
Click to expand...
Click to collapse
Either way, it shouldn't matter much. If it didn't work or you lost root for any reason, just go to http://unrevoked.com/ and click on the image for the Incredible. Today unrevoked released version 3 of their tool. This will root your phone and flash the custom recovery all without your needing to do anything in a shell.
askwhy said:
Either way, it shouldn't matter much. If it didn't work or you lost root for any reason, just go to and click on the image for the Incredible. Today unrevoked released version 3 of their tool. This will root your phone and flash the custom recovery all without your needing to do anything in a shell.
Click to expand...
Click to collapse
AND - if you appreciate unREVoked's work - please donate. They do amazing work and they do it all for free! We're the lucky ones to have such [email protected] developers out there who do this kind of stuff so that we don't have to figure out the exact second to push in our SD cards, push files to the SD card, and then push them to the phone at exactly the right time...... just download, run, and you're done.
Just use the unrevoked 3 you will save plenty of pain and struggle
unrevoked3 worked! Thanks for the help guys.
No problem were glad to be of assistance

Root instructions...

Originally posted by Stetsonaw at androidforums...
Please be aware that I did not write these instructions. I only posted them. Stetsonaw wrote these instructions. While comfortable in ADB and have rooted my phone many times in testing as well as rolled back the versions etc... I have no more insight into how or why it is not working for you. If you followed the directions exactly on a version 4 phone, this should work no problem.
Haxcid
Links to the necessary files are listed at the bottom.
Remember, I am not at fault if you brick your phone, now, proceed.
Connect your phone in charge only mode to install the LG Bootstrapper and drivers, or grab the LG Universal Drivers.
Change your USB Mode to Internet Connection
Go into Settings/Applications/Development and ensure USB Debugging is turned on
If all goes according to plan, you should see the ADB Ladybug icon in your notification bar
I updated the Rootzwiki page with the same info found below.
Busybox actually comes installed by LG on the Revo, how awesome is that??
Download the rageagainstthecage binary
Download the SU binary
Move these files to the same directory your adb.exe is in.
Code:
The > and # characters below illustrate the prompt
you should have, if you have the $ when you go into adb shell,
exit out and type 'adb usb' then go back into adb shell and
you should see the #
Open Command prompt (either use the Windows Key+R and type cmd or start/run, then type cmd)
32-bit users: >cd c:\program files\android\android-sdk\platform-tools
64-bit users: >cd c:\program files (x86)\android\android-sdk\platform-tools
Or >cd (whatever directory adb is in)
>adb devices (verifies you are connected)
>adb push rageagainstthecage-arm5.bin /data/local/temp/rage
(if the above command fails due to read-only, type 'adb usb' then 'adb root' to validate root status, then 'adb devices' again to verify connection)
>adb push su /data/local/temp/su
>adb shell chmod 777 /data/local/temp/rage
>adb shell ./data/local/temp/rage
>adb shell (If this gives you a $ prompt instead of a # prompt, type 'su', if that fails, 'exit', 'adb usb' like above.)
#mount -o remount,rw -t ext3 /dev/mmcblk0p12 /system
#busybox cp /data/local/temp/su /system/bin/su
#chmod 6755 /system/bin/su
Verify the file is in place w/correct permissions
#cd /system/bin
#ls -l *su
After the ls command you should see the following returned by the system:
-rwsr-sr-x root root 26248 2011-05-29 01:09 su
At this point, you may way to remove the files you put in /data/local/temp (optional):
#rm /data/local/temp/su
#rm /data/local/temp/rage
continue with commands
#reboot
Download and install SuperUser from the Market
Thanks Zennmaster, _mrbirdman_ for finding the linux routes and birdman for helping me out, and droidx8971 for helping me find all the information possible!
http://wikifilez.com/Root Files/revolution/rageagainstthecage-arm5.bin
http://wikifilez.com/Root Files/revolution/su
https://market.android.com/details?id=com.noshufou.android.su&feature=search_result
http://www.lg.com/us/support/mc-support/drivers/LGAndroidDriver_Ver_1.0_All.exe
Just a note for some. The rageagainstthecage bin file may be detected as a virus/trojan. It is not. You may want to disable your antivirus before downloading the .bin file.
I run avira on my desktop and it caught the file as a virus everytime I downloaded it and then deleted it. Avast on my laptop however did not.
Root is simple if you follow the instructions. You need to make sure that adb recognizes your device. Takes 5 minutes to complete, took me longer to install adb again and update it.
Any reason to not use the one click method? Seems to be working
bwhxeon said:
Any reason to not use the one click method? Seems to be working
Click to expand...
Click to collapse
No idea. I have not used the one click. Create a thread for it. I posted what I know which is adb.
Successfully Rooted
with RootzWiki instructions for Windows, needed the remount and busybox lines to overcome the permission denied when pushing su.
Hey guys, either using S1C or ADB Commands, have we found out if it's possible to unroot this as long as you Nand Backup the stock rom then unroot from there yet? Just because I got this phone as a filler/4g unl. lock and got buyback on it from best buy so I could buy a dual/quad later on when they come out .
MXFrodo195 said:
Hey guys, either using S1C or ADB Commands, have we found out if it's possible to unroot this as long as you Nand Backup the stock rom then unroot from there yet? Just because I got this phone as a filler/4g unl. lock and got buyback on it from best buy so I could buy a dual/quad later on when they come out .
Click to expand...
Click to collapse
Doing a factory reset I believe will unroot you. There is no nand back up at this time. We are waiting for a recovery mod.
Haxcid said:
Doing a factory reset I believe will unroot you. There is no nand back up at this time. We are waiting for a recovery mod.
Click to expand...
Click to collapse
Oh ya I know, I just always keep a stock one, on the Inc if you factory reset from an AOSP rom, you'd bootloop, so you had to make sure you were on a Sense 1.0 or stock rom(from my experience), so I was just making sure it was no big deal to go back.
Any idea when we will have cw on this?
Haxcid said:
Doing a factory reset I believe will unroot you. There is no nand back up at this time. We are waiting for a recovery mod.
Click to expand...
Click to collapse
I tried the factory reset. I am still rooted.
navycow said:
I tried the factory reset. I am still rooted.
Click to expand...
Click to collapse
That's what i figured. Can anyone verify if you remove SU and Rage through adb will it unroot?
Sent from my VS910 4G using XDA Premium App
MXFrodo195 said:
That's what i figured. Can anyone verify if you remove SU and Rage through adb will it unroot?
Sent from my VS910 4G using XDA Premium App
Click to expand...
Click to collapse
If you have to return your device, simply remove the superuser app, after you unfreeze anything you may have frozen then factory reset. They honestly will never know it was rooted. The only way now that you can really tell is the super user app from market.
Just so everyone knows. SuperOneClick can root and unroot this phone ok.
navycow said:
Just so everyone knows. SuperOneClick can root and unroot this phone ok.
Click to expand...
Click to collapse
Thank you for confirming this. My revolution just came in the mail today!
Thanks for posting this here for me Haxcid!
Sent from 1885
navycow said:
Just so everyone knows. SuperOneClick can root and unroot this phone ok.
Click to expand...
Click to collapse
Cool thanks for checking. Any benefits for ADB over S1C? Can't wait to finally root and freeze half these apps. I think we need a few more twitters to praise koush for a recovery on this beast.
Sent from my VS910 4G using XDA Premium App
Is there recovery for this now? Did I miss something?
stetsonaw said:
Is there recovery for this now? Did I miss something?
Click to expand...
Click to collapse
No No, I was saying we need to praise Koush's good work so he will make one faster .
And Stetsonaw, any idea if I root through ADB, can I unroot with S1C, since it uses the same idea.
S1C for whatever reason will not run(tried three computers, a XP, Vista, and Win7 lol), it keeps freezing at the same spot, everytime.
Should be able to, since S1C does what the ADB method does... or you could just delete the 'su' file out of /system/bin and /system/xbin (if it's there) to unroot.
EDIT: I couldn't get S1C to open on my desktop, and my laptop, which would open the program, would bluescreen when i connected the phone, so i had no choice but to do it the ADB way.
stetsonaw said:
Should be able to, since S1C does what the ADB method does... or you could just delete the 'su' file out of /system/bin and /system/xbin (if it's there) to unroot.
EDIT: I couldn't get S1C to open on my desktop, and my laptop, which would open the program, would bluescreen when i connected the phone, so i had no choice but to do it the ADB way.
Click to expand...
Click to collapse
Hmmm, ya now my computer for whatever reason won't open up ADB through command. This is getting irritating lol. Should be nice and simple, but it just won't go through. If I downloaded the SDK Manager like 4 months ago, it shouldn't matter, correct?
make sure you change directory to wherever your adb.exe is located... as in:
Code:
cd C:\Program Files\Android\android-sdk-windows\platform-tools

Possible New Rooting Method!

Well, this is interesting.
On my Revo4g, all I did was enable USB debugging in internet only mode, and i'm faced with this:
Code:
c:\tools\android\android-sdk-windows\platform-tools>adb shell
# busybox whoami
busybox whoami
whoami: unknown uid 0
#
Looks like there's no need for rageagainstthecage, or any exploits. ADB is run as superuser already! (although for some reason ro.secure is set, and it seems to be ignored, so it possibly may be a bug)
EDIT: Nope, verified. Toggle ADB debugging on and off, and you're root!
This is most definitely not what LG intended, but hey- it works!
Still no signs of fastboot without accidentally erasing recovery or something. Looks like it's left in as emergency-only.
If you're not rooted, try this:
Open ADB shell
Your command prompt should be "$"
Run
Code:
kill `busybox pidof adbd`
Re-run ADB shell, your command prompt should change to "#"
Congrats! You're root.. now you can push "su" and whatnot.
That was strangely easy...
thecubed said:
Well, this is interesting.
On my Revo4g, all I did was enable USB debugging in internet only mode, and i'm faced with this:
Code:
c:\tools\android\android-sdk-windows\platform-tools>adb shell
# busybox whoami
busybox whoami
whoami: unknown uid 0
#
Looks like there's no need for rageagainstthecage, or any exploits. ADB is run as superuser already! (although for some reason ro.secure is set, and it seems to be ignored, so it possibly may be a bug)
EDIT: Nope, verified. Toggle ADB debugging on and off, and you're root!
This is most definitely not what LG intended, but hey- it works!
Still no signs of fastboot without accidentally erasing recovery or something. Looks like it's left in as emergency-only.
If you're not rooted, try this:
Open ADB shell
Your command prompt should be "$"
Run
Code:
kill `busybox pidof adbd`
Re-run ADB shell, your command prompt should change to "#"
Congrats! You're root.. now you can push "su" and whatnot.
That was strangely easy...
Click to expand...
Click to collapse
OKAY... So, I don't need to do superoneclick? And I don't need to go through the painful process of downloading 3-4 programs?
markapowell said:
OKAY... So, I don't need to do superoneclick? And I don't need to go through the painful process of downloading 3-4 programs?
Click to expand...
Click to collapse
Well, if you've got ADB installed, then no you don't need superoneclick, but it's main claim to fame is that it's got all of the tools bundled together.
Stick with superoneclick until I get an easy method put together...
LOL... That's sweet!
Like I mentioned elsewhere... LG wants Verizon to think all is locked down and such but secretly behind its back it is giving us free candy. Like when grandpa and grandma hide money in your room before leaving...
They left in everything needed, we only had to put the pieces together.
Bravo LG bravo... now can we have the source code for this device for 2.2 and 2.3..
Now i'm for sure rooting today, as i already have adb installed. Epic.
So i ran ADB Shell and it automatically gave me "#". I then proceeded to "kill 'busybox pidof adbd' " and it said it did it. Still had "#". I don't seem to have root though. I can't delete bingsearch.apk, can't do anything in setcpu.
When i installed super user from the market, it did say there was an update, so it asked if i wanted to install it. I said yes, and it said an error occurred but it put a zip on my sd card to update the binary and that i need to reboot into recovery and install it.
Any ideas? I don't have cwm yet so i can't exactly do that. Here's how the whole thing went down:
Code:
C:\AndroidSDK\platform-tools>adb shell
*daemon not running. starting it now on port 5037 *
*daemon started successfully *
# kill 'busybox pidof adbd'
kill 'busybox pidof adbd'
[1] Terminated kill "busybox pidof adbd"
#
Nevermind, i just went with super one click and i have root now.
powder007 said:
I then proceeded to "kill 'busybox pidof adbd' " and it said it did it.
Click to expand...
Click to collapse
Those were back-ticks, like this: `` not single quotes: ' '
powder007 said:
I don't seem to have root though. I can't delete bingsearch.apk, can't do anything in setcpu.
Click to expand...
Click to collapse
setCPU will require superuser.apk and a working su. Did you mount the system partition r/w by hand before trying to delete bing? Using this method, you'd have to mount r/w, then push su, etc.
Ah, my bad. I'm semi new to adb. Thanks for pointing that out.
I had the super user app from the market. On root explorer it didn't give me a Mount r/w button, so i knew i wasn't rooted.
The problem with this rooting method is that it's incomplete.
My method gives you entry to a root shell-- it does not "root" your device.
A "rooted" device requires a file in /system/bin/ called "su", which allows normal Android apps to access root functionality on the device.
The method I detail allows you to manually remount /system as r/w and push the required file to the proper location without requiring an exploit.
Once I have some time free from working on the deodex'd rom, and porting CM7, I will make a super-super easy one click root application for windows/linux.
Until then, this thread is mostly for technical reference for devs, and something interesting that I found

[HOWTO] Root HKTW 2.3.4 - The easier way

I don't know if I am the only one who realized there's su binary already in the build. Anyway, this is a shorter route to have root working on your phone. This only works with the HKTW 2.3.4 build! And this instruction have only be tested by me. So, do take precautionary measures.
DOWNLOAD: http://dl.dropbox.com/u/6418171/SuperUser.zip
INSTRUCTIONS:
1. Extract the zip to your internal storage (i.e. /sdcard)
2. Get into the phone shell i.e.
adb shell
Click to expand...
Click to collapse
3. Then, type and press enter:
su
Click to expand...
Click to collapse
4. Lastly, copy and paste these whole chunk to your phone shell and press enter:
mount -o remount,rw /dev/block/mmcblk0p12 /system && cp /sdcard/SuperUser/su /system/bin/su && chmod 6755 /system/bin/su && cp /sdcard/SuperUser/SuperUser.apk /system/app/SuperUser.apk && mv /system/xbin/su /system/xbin/dosu
Click to expand...
Click to collapse
If there's no error with the output, you should have root access on your phone now. Tada! Do report of this works for you!
Will try and report if it works or not
Sent from my MB860 using XDA App
Well I know I shouldn't say it here...
But is the HKTW rom blurred or blurless?
Different kind of blur but its still blur
Sent from my MB860 using XDA App
Do you mean Blur 4.5?
I don't know what its called lol
Sent from my MB860 using XDA App
Trying it out now. Will report back.
And this has Blur on it. It's not a custom ROM.
Anyone else experiencing issues getting their phone recognize by adb
Sent from my Atrix 4g Ubl 2.3.4
su is throwing me a permission denied
http://pastebin.com/brXVEYDb
i guess i didn't phrase the instruction clearly. sorry. just edited first post.. reread everything and try again.
had to run it a few times.. but it worked! thx!
Works! 10char
reserved *10chars
su: not found
For some reason USB debugging does not seem to be working properly, even with stay awake checked.
EDIT:
An even easier way.
I decided to run beforeupdate.bat and afterupdate.bat and was able to successfully gain root access on hktw-2.3.4.
jimmer411 said:
su: not found
For some reason USB debugging does not seem to be working properly, even with stay awake checked.
EDIT:
An even easier way.
I decided to run beforeupdate.bat and afterupdate.bat and was able to successfully gain root access on hktw-2.3.4.
Click to expand...
Click to collapse
having the same issue with SU
Are there any other alternatives to root currently?
jimmer411 said:
su: not found
For some reason USB debugging does not seem to be working properly, even with stay awake checked.
EDIT:
An even easier way.
I decided to run beforeupdate.bat and afterupdate.bat and was able to successfully gain root access on hktw-2.3.4.
Click to expand...
Click to collapse
Can you be more specifically on those files? Where to download and how exactly did you go about running those files?
Do I need the SDK for rooting it?
THIS WORKS ON WINDOWS, OSX, AND LINUX
once you type in adb shell then type dosu instead of su and see if that helps
I get an error at the last part when I put it in cmd
Whenever I type in 'su', I get permission denied - and dosu doesn't work either.

[ROOT][10-29-13]How to Manually Root the Nvidia Shield

Introduction
The following procedure will walk you through the step-by-step process for gaining root access on the Nvidia Shield.
Note: You must have an unlocked bootloader before you can proceed with this tutorial!
A tutorial on how to unlock your Shield's bootloader can be found here.
This tutorial also assumes how have the correct ADB and Fastboot drivers installed for your device, for a tutorial on how to install the ADB and Fastboot drivers for the Shield please look here.
Due to the nature of modifying devices system files the standard XDA disclaimer applies: I take no responsibility for bricked devices due to the following rooting procedure, no warranty express or implied is given, I will not be held responsible if you mess up your device by following this procedure!
Procedure
Before you begin please make sure to read and re-read the whole procedure, making sure you understand the directions.
1. Download the "Superuser-su.zip" file and the "roth-insecure-boot-63.img" file that are attached to this post. After you have downloaded the files, extract the contents of the "Superuser-su.zip" file which contains Superuser.apk and the su binary, and move them to your ADB and Fastboot folder on your computer. Also transfer the "roth-insecure-boot-63.img" to your computer's ADB and Fastboot folder.
MD5 Checksum for "roth-insecure-boot-63.img": F8BA5C48D0323D99E2A748C77BF647F6
2. Connect your Shield to your computer using your USB cable. For maximum reliability please connect the USB cable to a USB 2.0 port directly connected to the motherboard as USB ports on the front of a case panel or USB 3.0 ports can sometimes be unreliable.
3. Now that your Shield is connected to your computer make sure that "USB debugging" is enabled under the Developer Options section in the system settings menu (If the Developer Options section is hidden, go to the About Phone/About Tablet section of the system settings and then tap on the item that lists the Build number 7 times or until it says "You are now a developer" and the Developer Options section becomes visible in the system settings).
4. Open a command prompt window (cmd) in your ADB and Fastboot folder on your computer and issue the following commands (If you are new to using ADB and Fastboot I would recommend checking out this excellent guide to get you up and running):
Code:
adb reboot bootloader
Now that you are in fastboot mode let's make sure that the computer see's our device:
Code:
fastboot devices
If the computer see's our device then we can proceed, if it doesn't see your device make sure you are in fastboot mode and have the correct ADB and Fastboot drivers installed for the Shield.
Now we will be booting an insecure boot.img (ro.secure = 0) to our device to allow us to gain root acess:
Code:
fastboot boot roth-insecure-boot-63.img
After the insecure boot.img finishes flashing the device will automatically boot up using the insecure boot.img.
5.First we need to mount the /system partition as read/write so we can modify it:
Code:
adb shell
mount -o rw,remount -t ext4 /dev/block/platform/sdhci-tegra.3/by-name/APP /system
exit
6. Now we need to run the following commands to push the Superuser.apk and su binary to there correct positions and set the proper file permissions:
Code:
adb push su /system/xbin
adb push Superuser.apk /system/app
adb shell
chmod 6755 /system/xbin/su
chmod 644 /system/app/Superuser.apk
mount -o ro,remount -t ext4 /dev/block/platform/sdhci-tegra.3/by-name/APP /system
sync
reboot
7. After the device reboots and power on into the Android Operating System you should see Koush's Superuser app in your app-drawer and you should be rooted. If you would like to verify root access you can download and run Root Checker Basic from the Play Store here. Enjoy!
Credits: Koush for his open source Superuser.apk and the su binary (https://github.com/koush/Superuser)
If users would like me to create a 1-click root process of this please let me know and I will do so .
If you are stuck with the rooting procedures I would recommend checking out this great video tutorial by wwjoshdew.
Alternatively the following works in almost one click (one fast boot, actually): https://github.com/linux-shield/shield-root
Gnurou said:
Alternatively the following works in almost one click (one fast boot, actually): https://github.com/linux-shield/shield-root
Click to expand...
Click to collapse
It's just whole unlocking thing and giving up your devices warranty. NVIIDA being able to decline your RMA if your fan goes out and the unit overheats. Or if the scree dies (for example). I'll do it, just gotta grow a pair first.
wwjoshdew said:
It's just whole unlocking thing and giving up your devices warranty. NVIIDA being able to decline your RMA if your fan goes out and the unit overheats. Or if the scree dies (for example). I'll do it, just gotta grow a pair first.
Click to expand...
Click to collapse
I did my RMA and nvidia sent me a new 1. So you should get your new shield b4 you send it back if you happen to root it and the screen dies.
This is a pretty complicated way of rooting. All I did was unlock the bootloader, flashed Clockworkmod Recovery, and then flashed the SuperSu zip with that. Rooted! As easy as a Nexus.
dark42 said:
This is a pretty complicated way of rooting. All I did was unlock the bootloader, flashed Clockworkmod Recovery, and then flashed the SuperSu zip with that. Rooted! As easy as a Nexus.
Click to expand...
Click to collapse
I hear yeah, this procedure is meant for those that really want to understand how the basic rooting process works and who want to gain experience manually performing these types of procedures .
Sent from my SCH-I535 using xda premium
shimp208 said:
I hear yeah, this procedure is meant for those that really want to understand how the basic rooting process works and who want to gain experience manually performing these types of procedures .
Sent from my SCH-I535 using xda premium
Click to expand...
Click to collapse
This method is actually nearly the same. It's a bootable self-contained image (like recovery is) that mounts the correct partitions, installs the necessary bits, and is done.
I haven't done this yet ... but could you also provide instructions on how to revert? I ask this as it would be nice to know that there is a back-out plan.
Kris
i00 said:
I haven't done this yet ... but could you also provide instructions on how to revert? I ask this as it would be nice to know that there is a back-out plan.
Kris
Click to expand...
Click to collapse
To unroot your Shield since you are only temporarily booting an insecure boot image rather then flashing it, if you run the following commands in either ADB shell or terminal emulator will unroot your device:
Code:
$ su
# mount -o rw,remount -t ext4 /dev/block/platform/sdhci-tegra.3/by-name/APP /system
# rm -f /system/app/Superuser.apk
# rm -f /system/xbin/su
# mount -o ro,remount -t ext4 /dev/block/platform/sdhci-tegra.3/by-name/APP /system
Then after you have entered those commands reboot your device and you'll be unrooted.
shimp208 said:
To unroot your Shield since you are only temporarily booting an insecure boot image rather then flashing it, if you run the following commands in either ADB shell or terminal emulator will unroot your device:
Code:
$ su
# mount -o rw,remount -t ext4 /dev/block/platform/sdhci-tegra.3/by-name/APP /system
# rm -f /system/app/Superuser.apk
# rm -f /system/xbin/su
# mount -o ro,remount -t ext4 /dev/block/platform/sdhci-tegra.3/by-name/APP /system
Then after you have entered those commands reboot your device and you'll be unrooted.
Click to expand...
Click to collapse
OK ... well lets say after rooting we install an app that uses root access to stuff up your device ... how do you restore the original image?
Kris
i00 said:
OK ... well lets say after rooting we install an app that uses root access to stuff up your device ... how do you restore the original image?
Kris
Click to expand...
Click to collapse
The original factory restore image that you can be flashed to your shield to return it to stock can be downloaded from here, along with the factory image extraction instructions (Under the open source resources section), as well as the factory image flashing instructions.
Does anyone if the root stop you from updating the device like GS4?
Simply rooting does not. I was rooted and updated. You lose root but can just reroot it like the first time. I am not sure if you have a custom recovery installed though. I haven't used one on the shield.
I am using the window 8 and I can't get the command prompt to work either directly open or open it as administrator to type the command. Any idea what I am doing wrong?
Shimp208. Can you create a video on how to unlock and root the shield?
Sent from my SHIELD using Tapatalk 2
wrc1010 said:
I am using the window 8 and I can't get the command prompt to work either directly open or open it as administrator to type the command. Any idea what I am doing wrong?
Shimp208. Can you create a video on how to unlock and root the shield?
Sent from my SHIELD using Tapatalk 2
Click to expand...
Click to collapse
When you mean you can't get the command prompt to directly open what do you mean by that? Does command prompt not open or run at all when you open it? Do you have ADB and Fastboot installed and the files listed for this procedure in your ADB and Fastboot directory? The Shield I rooted was my friends and he's on vacation right now so I unfortunately can't make a video right now , but I'll still be happy to try and help you through the procedure.
Finally success root my shield
oh god
wrc1010 said:
Finally success root my shield
Click to expand...
Click to collapse
I want that feeling soooo bad. The drivers aren't installing on my computer correctly. I can boot my shield via command but when I enter adb devices nothing shows up even though in device manager the device shows up as Nvidia Shield ADB.
Sad times, its tough as its so new everyone is still trying to figure it out and if the drivers don't install first time there aren't any problem solving threads etc
gogul1 said:
I want that feeling soooo bad. The drivers aren't installing on my computer correctly. I can boot my shield via command but when I enter adb devices nothing shows up even though in device manager the device shows up as Nvidia Shield ADB.
Sad times, its tough as its so new everyone is still trying to figure it out and if the drivers don't install first time there aren't any problem solving threads etc
Click to expand...
Click to collapse
What drivers are you trying to install and which version of Windows are you running?
Drivers
shimp208 said:
What drivers are you trying to install and which version of Windows are you running?
Click to expand...
Click to collapse
The ADB drivers and I'm running windows 7 64bit
Been trying to install them all day but I can bootload into shield but it can't pick up devices so can't root it.
gogul1 said:
The ADB drivers and I'm running windows 7 64bit
Been trying to install them all day but I can bootload into shield but it can't pick up devices so can't root it.
Click to expand...
Click to collapse
Did you try and install these drivers? Make sure to uninstall your old driver installation first.

Categories

Resources