Related
Hi there...
I'm finally considering rooting, however all the guides lead to flashing a custom rom... but actually I don't want to flash a custom ROM, I want to keep everything as it is, with the difference that I (and preferably only I) can become super user on the shell when I need to do some changes (like fixing the stock widget bug in the internal database).
I've read this right now:
http://forum.xda-developers.com/showthread.php?t=724741
And they say I can flash this files called EngTools.zip
Does this also work on the Hero assuming the guide (PossibleGSMRoot or something... fromt he villainforum) works on my phone?
I don't even want to permanently have some kind of AmonRa blabla recovery boot image on my phone. If I need it while I get root that's fine, but I want to get rid of it afterwards. I really don't need root for any applications liek overclocking etc. etc. just for smaller dives into the files system and changes there via adb.
olafos said:
Hi there...
I'm finally considering rooting, however all the guides lead to flashing a custom rom... but actually I don't want to flash a custom ROM, I want to keep everything as it is, with the difference that I (and preferably only I) can become super user on the shell when I need to do some changes (like fixing the stock widget bug in the internal database).
I've read this right now:
http://forum.xda-developers.com/showthread.php?t=724741
And they say I can flash this files called EngTools.zip
Does this also work on the Hero assuming the guide (PossibleGSMRoot or something... fromt he villainforum) works on my phone?
I don't even want to permanently have some kind of AmonRa blabla recovery boot image on my phone. If I need it while I get root that's fine, but I want to get rid of it afterwards. I really don't need root for any applications liek overclocking etc. etc. just for smaller dives into the files system and changes there via adb.
Click to expand...
Click to collapse
Hmmm. If you are on 2.1, then you can use the GSM root i posted over at VR. The recovery needs to be flashed to the phone though, so you can flash zips to the phone from there.
As for your wish to get rid of the patched recovery afterwards, you're missing out a lot, but if you can find the stock recovery img file, you can simply flash that using
"flash_image recovery FilenameHero.img" via the phone's shell or adb (once rooted, presuming you added the flash_image binary).
As for that file, I don't know, as I've never checked if that will work on the hero.
I'd be inclined to say DON'T TRY IT, since it will contain a kernel, and flashing the wrong kernel can brick your device's radio, essentially ruining it.
But if you locate the correct files for the GSM hero, and package them similarly, you could flash that onto your phone via recovery
Bear in mind the stock HTC ROM is basically full on the system partition, so you might have issues actually fitting the files on.
I've been a lurker for some time here but just before I had thought about exactly the same issue as OP... I always wondered why there's no way to just get root access temporarily. Most people told me I'd have to flash a custom ROM.
So today I finally looked into the matter and based on your (anon2122) post on VillainROM and the Eris exploits etc. I managed to do exactly what I wanted... and thought it's time to get an account...
I only really needed root for the Stock app currency issue: [HTTP]://forum[DOT]xda-developers[DOT]com/showthread[DOT]php?t=719149 which I was now able to fix.
HTC Hero GSM soft root guide by ixampl
(... credits belong to / based on: [HTTP]://www[DOT]villainrom[DOT]co[DOT] uk/viewtopic[DOT]php?f=110&t=2096)
1 Flashing a custom recovery image
1.1 Backup (1)
Code:
adb shell mkdir /data/local/backup
adb shell cat /data/local/rights/mid.txt > /data/local/backup/mid.txt
1.2 Uploading custom recovery image and image flashing tool and setting correct permissions
Code:
adb push recovery-RA-hero-v1.6.2.img /data/local/
adb push flash_image /data/local/
adb shell chmod 777 /data/local/recovery-RA-hero-v1.6.2.img
adb shell chmod 777 /data/local/flash_image
1.3 Center piece of the permissions exploit for the recovery ROM
Code:
adb shell ln -s /dev/mtd/mtd1 /data/local/rights/mid.txt
1.4 Normal reboot
Code:
adb reboot
1.5 Now that the recovery ROM (/dev/mtd/mtd1) is accessible: Backup (2)
Code:
adb shell cat /dev/mtd/mtd1 > /data/local/backup/recovery.img
1.6 Flashing the previously uploaded custom recovery image
Code:
adb shell /data/local/flash_image recovery /data/local/recovery.img
1.7 Rebooting into recovery mode
Code:
adb reboot recovery
2 Adding root shell (optional)
2.1 Mounting all devices
Code:
adb shell mount -a
2.2 Adding rootsh
Code:
adb shell cat /system/bin/sh > /system/bin/rootsh
adb shell chmod 4755 /system/bin/rootsh
2.3 Rebooting into system
Code:
adb reboot
After this you can flash the recovery.img you backed up in step 1.5 just as you flashed in step 1.6 (adjust the parameters accordingly).
ixampl said:
I've been a lurker for some time here but just before I had thought about exactly the same issue as OP... I always wondered why there's no way to just get root access temporarily. Most people told me I'd have to flash a custom ROM.
So today I finally looked into the matter and based on your (anon2122) post on VillainROM and the Eris exploits etc. I managed to do exactly what I wanted... and thought it's time to get an account...
I only really needed root for the Stock app currency issue: [HTTP]://forum[DOT]xda-developers[DOT]com/showthread[DOT]php?t=719149 which I was now able to fix.
HTC Hero GSM soft root guide by ixampl
(... credits belong to / based on: [HTTP]://www[DOT]villainrom[DOT]co[DOT] uk/viewtopic[DOT]php?f=110&t=2096)
1 Flashing a custom recovery image
1.1 Backup (1)
Code:
adb shell mkdir /data/local/backup
adb shell cat /data/local/rights/mid.txt > /data/local/backup/mid.txt
1.2 Uploading custom recovery image and image flashing tool and setting correct permissions
Code:
adb push recovery-RA-hero-v1.6.2.img /data/local/
adb push flash_image /data/local/
adb shell chmod 777 /data/local/recovery-RA-hero-v1.6.2.img
adb shell chmod 777 /data/local/flash_image
1.3 Center piece of the permissions exploit for the recovery ROM
Code:
adb shell ln -s /dev/mtd/mtd1 /data/local/rights/mid.txt
1.4 Normal reboot
Code:
adb reboot
1.5 Now that the recovery ROM (/dev/mtd/mtd1) is accessible: Backup (2)
Code:
adb shell cat /dev/mtd/mtd1 > /data/local/backup/recovery.img
1.6 Flashing the previously uploaded custom recovery image
Code:
adb shell /data/local/flash_image recovery /data/local/recovery.img
1.7 Rebooting into recovery mode
Code:
adb reboot recovery
2 Adding root shell (optional)
2.1 Mounting all devices
Code:
adb shell mount -a
2.2 Adding rootsh
Code:
adb shell cat /system/bin/sh > /system/bin/rootsh
adb shell chmod 4755 /system/bin/rootsh
2.3 Rebooting into system
Code:
adb reboot
After this you can flash the recovery.img you backed up in step 1.5 just as you flashed in step 1.6 (adjust the parameters accordingly).
Click to expand...
Click to collapse
That is a nice method.
I've long thought about making something similar, so maybe today I'll try, as an idea has come back to me...
I am thinking that I can avoid the whole recovery flashing, though I'm not going to say the idea till I've thought it through, as someone might try it before I realise how stupid an idea it is...
But I'll certainly see if it can get permanent root sorted out on the phone, although it won't give root adb access, as that is defined in the boot.img, though I guess I could flash that while I'm at it...
Good work.
Thanks!
Yes, a method to (safely) acquire super user access without flashing anything would be highly appreciated There's a small risk involved with flashing. Granted it usually causes no issues, but there is the slight possibility of bricking your phone.
Good work.
Click to expand...
Click to collapse
Thanks, although - as you know - I really didn't do anything special there
[...] although it won't give root adb access [...]
Click to expand...
Click to collapse
Yes, that's a minor annoyance, but really minor ... for the currency fix I naturally couldn't do
Code:
adb pull /data/data/com.htc.dcs.service.stock/databases/stock.db stock.db
or
Code:
adb push stock.db /data/data/com.htc.dcs.service.stock/databases/stock.db
but it's not that hard to just work around that via /data/local:
Code:
adb shell
$ rootsh
# cat /data/data/com.htc.dcs.service.stock/databases/stock.db > data/local/stock.db
then pull from there etc.
I really think "rooting" is a misnomer for most of the current guides.
I can see that most people "root" their phone in order to get custom ROMs (and I have no issue with that, it's just too much overkill for someone who just wanted to fix a small bug ) but In fact most people don't care about rooting per se, they care about flashing a recovery image which enables them to flash custom ROMs.
I actually wanted to try:
Code:
adb shell ln -s /dev/mtd/mtd3 /data/local/rights/mid.txt
...and see what happens if I remount after boot. If it causes the system to follow back the link with user permissions for the recovery ROM, maybe the system ROM could be (write-)accessed as well. Then again, it was my first venture into rooting so naturally there would have been no way to fix a broken system image safe for reflashing the 1.5 RUU.
Do you have any details about what the original purpose of the (original) mid.txt was? I mean, it was there, sitting in a directory named rights... quite an invitation (of course, we didn't actually "set" rights in that file or anything for the exploit, but still...)
Is it safe to delete mid.txt and will it be recreated with some default values by the system?
Click to expand...
Click to collapse
NOTE: For those of you that are looking to root thier Inc and already have the latest 2.2+ OTA released in November, these steps will not work. Changes have been made to the ROM so until a new root application has been developed by the unrEVOked team, I am afraid you are left with a stock phone. Sorry. If new updates come out, I will try to post them here.
NOTE: I have uploaded the 2.1 and 2.2 RUUs to Rapidshare and updated the links.
First, let me say that I did not come up with this nor did I create any of the tools. I am passing all this on in a single thread to let people know how update thier Droid Incredible to the OTA 2.2 and have root access if they have it in any of the following conditions:
1. Stock 2.1 without root or unrEVOked Forever
2. Stock 2.1 with root and no unrEVOked Forever
3. Stock 2.1 with root and unrEVOked Forever
4. Stock 2.2 without root and with unrEVOked Forever
5. Stock 2.2 without root and no unrEVOked Forever
6. Custom ROM with root and S-OFF
7. Getting free WiFi Tethering on 2.2
8. Removing unwanted preloaded applications.
NOTE: This may work with custom ROMs, but I have not verified it.
NOTE: SOME PEOPLE, INCLUDING ME HAVE HAD THE PROBLEM OF BEING STUCK IN HBOOT AFTER LOADING A ROM IMAGE. IF THIS HAPPENS TO YOU AFTER LOADING THE 2.1 OR 2.2 ROM, DO NOT PANIC, JUST REAPPLY THE ROM AND ALL WILL BE FINE. FOR SOME REASON THE ROM DOES NOT LOAD CORRECTLY ON THE FIRST TRY BUT DOES ON THE SECOND.
I am passing this on because I loaded the OTA 2.2 without unrEVOked forever loaded on my phone. What a mess. I tried everything (I thought) to try and downgrade it back to stock 2.1 but with no luck. If you do not know, unrEVOked3 cannot currently root a 2.2 updated Droid Incredable and if you have not used unrEVOked forever, you can not get clockworkmod recovery to reload on the phone. I tried the 2.1 RUU to downgrade, but never could get it to connect to the phone. I then tried to use the 2.1 PB31IMG.zip to load and the HBoot loader would just tell me that it was an older image and not load it. I thought I was hosed until the unrEVOked team breaks the code on the 2.2 HBoot loader until I got pointed in the right direction (sort of).
TNS201 pointed me to the following thread: http://forum.xda-developers.com/showthread.php?t=768295
I gave this a try and still could not downgrade my phone. I searched around and after much trial and error, I was able to put together the correct steps to downgrade my phone and then applied unrEVOked3, unrEVOked forever, the OTA 2.2 update, and then reroot the phone. Anyway, here is what I have come up with:
** NOTE: THIS WILL TOTALY WIPE YOUR PHONE CLEAN!!! BACKUP ANYTHING YOU WANT BACK ON THE PHONE!!! **
Condition 1
1. Go to the following link and follow the instructions: http://forum.xda-developers.com/showthread.php?t=709220 Only do the steps for getting ADB loaded on your computer!
This will get ADB loaded on your computer which you will need when doing customizations to the phone. It will also walk you through rooting your phone and doing a lot of other things. Good thread for us noobs.
2. Download unrEVOked Forever from here: http://unrevoked.com/rootwiki/doku.php/public/forever
3. Copy the file to the root of your sdcard.
4. Reboot your phone into clockworkmod recovery and load the unrEVOked Forever zip file. This will turn S to off and allow unsigned images to be loaded.
When you reboot your phone, you will have a fully rooted and S-OFF stock 2.1 Droid Incredible.
NOTE: If you are having troubles downloading the OTA 2.2 RUU, use this link to download the ROM. Just delete the "_2.2" from the file name and go straight to step 12. http://rapidshare.com/files/418523008/PB31IMG_2.2.zip
To load 2.2, do the following:
5. Download the OTA 2.2 RUU from here: http://rapidshare.com/files/418527589/RUU_Incredible_VERIZON_WWE_3.21.605.1_Radio_2.15.00.07.28_2k4k_NV_1.50_PRL58006_release_1433.exe
6. Connect your phone to your computer and ensure you have USB DEBUG turned on and CHARGE ONLY selected.
7. Run the RUU and update your phone to 2.2. If the RUU updates your phone, go on to step 15. If the RUU will not connect to your phone Go to step 8.
8. Start the RUU.
9. Go to your computers temp directory and locate the folder that contains the file rom.zip.
10. Once you locate this file, copy it to any folder (or your desktop).
11. Rename rom.zip to PB31IMG.zip
12. Copy PB31IMG.zip to the root of your phones sdcard.
13. Reboot your phone into HBoot. HBoot will load and then load PB31IMG.zip. This will take a while, so be patient.
14. Follow the instructions to have HBoot install PB31IMG.zip.
Whether you used the RUU or HBoot and PB31IMG.zip, at this point, you should have 2.2 loaded on your phone, but you will no longer have root. You will have S-OFF.
To regain root access, do the following:
15. Download clockworkmod recovery from here: http://downloads.unrevoked.com/forever/recovery/clockworkmod/PB31IMG.ZIP
16. Download the payload update from here: http://forum.xda-developers.com/attachment.php?attachmentid=388592&d=1282834695
17. Download superuser from here: http://dl.dropbox.com/u/6408470/su-releases/su-2.3.4-ef-signed.zip
18. Copy all three files to the root of the phones sdcard.
19. Reboot your phone into HBoot. HBoot will load and then load PB31IMG.zip.
20. Follow the instructions to have HBoot install PB31IMG.zip. Since the phone is still S-OFF, this will reload clockworkmod recovery on the phone.
21. Boot the phone into recovery and load the two zip files downloaded in steps 16 and 17. This will root the phone and reload superuser.
If all went well, when the phone reboots, it should now be loaded with 2.2 and have full root and S-OFF. Enjoy.
Condition 2
1. Do steps 2 through 21 under Condition 1.
Condition 3
1. Do steps 5 through 21 under Condition 1.
Condition 4
** NOTE: THIS ONE DOES NOT WIPE YOUR PHONE!! **
1. Do steps 15 through 21 under Condition 1.
Condition 5
This is a tuffer one and requires the phone to be downgraded to 2.1 before upgrading it back to 2.2. Anyway, here are the steps:
NOTE: YOU MUST USE THE 2.1 RUU I HAVE LINKED AND THE MTD0.IMG FILE I HAVE ATTACHED OR THIS MAY NOT WORK!!!
NOTE: If you are having troubles downloading the 2.1 RUU, use this link to download the ROM. Just delete the "_2.1" from the file name and go straight to step 5 after completing step 1 and 2 (skip step 3 and 4). http://rapidshare.com/files/418141003/PB31IMG_2.1.zip.html
1. Do steps 1 and 2 under Condition 1.
2. Download the attached zip file. It contains the files I had a hard time finding.
3. Download the 2.1 RUU file from here: http://rapidshare.com/files/418525132/RUU_Incredible_Verizon_WWE_1.22.605.2_Radio_1.00.03.04.06_hboot_0.79_.exe
4. Follow steps 8 through 11 under condition 1 to get a good copy of the 2.1 ROM.
5. Copy the 2.1 ROM to the c:\android-sdk-windows\tools folder.
6. Unzip the files downloaded in step 2 to the c:\android-sdk-windows\tools folder.
7. Copy the unrevoked-forever.zip to the c:\android-sdk-windows\tools folder.
Note: At this point, you should have the following files copied to your c:\android-sdk-windows\tools folder:
PB31IMG.zip (this is the 2.1 ROM)
unrevoked-forever.zip (will set S-OFF)
rageagainstthecage-arm5.bin (this is a root exploit - gives you temperary root)
mtd0.img (need to research this one)
flash_image (this flashes images)
7. Connect your phone to your computer and ensure you have USB DEBUG turned on and CHARGE ONLY selected.
8. Open a command promt window and change to the c:\android-sdk-windows\tools folder.
9. Enter adb push unrevoked-forever.zip /sdcard/ and then press enter.
10. Enter adb push flash_image /data/local/ and then press enter.
11. Enter adb push rageagainstthecage-arm5.bin /data/local/tmp/ and then press enter.
12. Enter adb push mtd0.img /sdcard/ and then press enter.
13. Enter adb push PB31IMG.zip /sdcard/ and then press enter.
14. Enter adb shell and then press enter.
15. Enter cd /data/local/tmp/ and then press enter.
16. Enter chmod 777 /data/local/tmp/rageagainstthecage-arm5.bin and then press enter.
17. Enter cd /data/local/ and then press enter.
18. Enter chmod 777 /data/local/flash_image and then press enter.
19. Enter cd /data/local/tmp/ and then press enter.
20. Enter ./rageagainstthecage-arm5.bin and then press enter. You will now see some text on your cmd prompt screen explaining the exploit. Wait for the adb shell to go away, and it will dump you into your windows command prompt again (no shell) should look something like this:
C:\android-sdk-windows\tools>
21. Enter adb shell and then press enter. You will see you now have a # instead of a $ prompt.
22. Enter cd /data/local and then press enter.
23. Enter ./flash_image misc /sdcard/mtd0.img and then press enter. This will flash your misc partition with Toast's mtd-eng.img and should return you to a # prompt.
24. Enter reboot bootloader and press enter.
25. HBoot will load. Select bootloader and HBoot will then load PB31IMG.zip.
26. Follow the instructions to have HBoot install PB31IMG.zip.
Once it is finished, select restart. You now are on the stock 2.1 build of Android. Now you can follow steps 3 through 21 under condition 1 and get your phone loaded back with 2.2 and have root and S-OFF.
Condition 6
1. Do steps 5 through 21 under Condition 1.
Condition 7
The following steps will allow you to use the 3G Mobile Hotspot that comes with the OTA 2.2 update and not have Verizon charge you for using it:
1. On your phone, bring up the dialer and dial ##778. This will load EPST.
2. Select EDIT.
3. Enter 000000 for the password.
4. Select SECURITY.
5. Select the username that has [email protected].
6. Edit the username to read [email protected] (delete "dun.").
7. Click the back button to return to the list.
8. Select M.IP DEFAULT PROFILE.
9. Repeat steps 5 and 6.
10. Click on MENU and select COMMIT.
At this point, your phone will reboot and you will be able to use the 3G Mobile Hotspot application to get free WiFi tethering. Enjoy.
Condition 8
I have so far found three options for removing the preloaded apps. They all require the phone to be rooted. Here they are:
1. The first way is to get Titanium Backup. You will also need to donate (as little as $3.99) to get full functionality of Titanium Backup, but it is well worth it. If you do not want to physically remove the application, you can use the FREEZE function and the application will be removed from the app list, but physically will still be on the phone. If you really want to get it off, you can uninstall and then deleted from the phone. All of this through a user interface that is pretty easy to use. By the way, it also does backups of apps and data.
2. Another option is to get Root Explorer. You have to pay for this one. It will let you mount the system folders on the phone as read/write and allow you to move and/or delete apps from the apps folder on the phone. This is a good app and worth having even if you do not use it to remove apps.
3. The final way is to use ADB and the command prompt to remove or move any application you do not want. This is tried and true, but combersome. You do not have to buy it, but there is no GUI to help you out.
My thanks to all the folks here on XDA that made it possible for us to release the possibilities of the Droid Incredable. As I stated above, I did not create the apps or the steps, I just put them together for others to use. I wish I could thank all the individuals that made this possible, but I did not get thier IDs, so in lew of an individual thank you, I am posting this group THANK YOU. Keep up the good work!
Thanks, I have a question on condition 4
4. Stock 2.2 without root and with unrEVOked Forever
If I do the steps and since I am not loading RUU (I manually updated the offical OTA and have S-off) will this still wipe my phone clean? Looks like all I am doing is loading clockwork back on and load superuser..etc, that shouldn't wipe all the data right?
Scblacksunshine said:
Thanks, I have a question on condition 4
4. Stock 2.2 without root and with unrEVOked Forever
If I do the steps and since I am not loading RUU (I manually updated the offical OTA and have S-off) will this still wipe my phone clean? Looks like all I am doing is loading clockwork back on and load superuser..etc, that shouldn't wipe all the data right?
Click to expand...
Click to collapse
No, in the case of having 2.2 already loaded and S-OFF, you are correct, the phone will not get wiped. The steps will root the phone and load superuser back on.
confirmation
Can anyone confirm option 4 working??
RBurn said:
Can anyone confirm option 4 working??
Click to expand...
Click to collapse
Those are steps I used to get root back on my phone after I update to 2.2. As I stated, I messed up the first time and did not load unrEVOked forever and could not root the phone, so I had to downgrade to 2.1 first and then go through the rooting process. That time I made sure to load unrEVOKED forever. After that, all went well.
Sent from my HTC Incredible.
RBurn said:
Can anyone confirm option 4 working??
Click to expand...
Click to collapse
I did option 4 early this morning. Worked perfectly.
Thank-you to all involved.
Thanks for the write up =)
I am trying condition five and on step 18 and after running ./rageagainstthecage-arm5.bin it exectues so I move to step 18 and type adb shell but it remains, $ not root(#). Does anyone know if This has worked yet?
also Im running Ubuntu 10.04 if that makes a difference
adb shell
cd /data/local/tmp
chmod 0755 /data/local/tmp/rageagainstthecage-arm5.bin
cd /data/local
chmod 0755 /data/local/flash_image
cd /data/local/tmp
./rageagainstthecage-arm5.bin
This worked
PimpShit420 said:
adb shell
cd /data/local/tmp
chmod 0755 /data/local/tmp/rageagainstthecage-arm5.bin
cd /data/local
chmod 0755 /data/local/flash_image
cd /data/local/tmp
./rageagainstthecage-arm5.bin
This worked
Click to expand...
Click to collapse
I tried this and it did not work for me. It looked as if it did. It gave me the proper prompt, but on reboot, no root access. I had to use chmod 777 instead of chmod 0755.
PimpShit420 said:
Thanks for the write up =)
I am trying condition five and on step 18 and after running ./rageagainstthecage-arm5.bin it exectues so I move to step 18 and type adb shell but it remains, $ not root(#). Does anyone know if This has worked yet?
Click to expand...
Click to collapse
I made a mistake, the line should have had 777 after chmod, not 0755. I have updated the instructions. If other individuals that use 0755 instead of 777 get the above to work, let me know. I do not know what the difference is. All I know is 0755 did not work for me. I had to use 777. I think I will do some research on chmod.
Hope other individuals find this helpful.
well I got to root in the shell and everyting seemed to work up until I tried to flash the PB31IMG, is says the main version is older and just reboots
I dont know what the difference is but it could be we are running different OS, windows vs linux but I have no clue
PimpShit420 said:
well I got to root in the shell and everyting seemed to work up until I tried to flash the PB31IMG, is says the main version is older and just reboots
Click to expand...
Click to collapse
This is the problem I had. Try 777 instead of 0755 after each of the chmod commands. That is what worked for me.
you were right, the first time 0755 gave me root but did not let me flash the PB file, the second time 0755 didnt work, and 777 did but it still says update fail
chmod 0755 vs chmod 777
PimpShit420 said:
I dont know what the difference is but it could be we are running different OS, windows vs linux but I have no clue
Click to expand...
Click to collapse
Well, I looked the chmod 777 and chmod 0755 commands up. Both commands change the read/write state for a file. 0755 changes the permissions for a specific group and user. 777 changes the permissions for everyone. You can find an explanation here: http://ss64.com/bash/chmod.html
0755 did not work for me, but 777 did. I am going to keep the instructions as they are unless I get feedback that 0755 is working for other people. If I do, I will add them as an alternative.
PimpShit420 said:
you were right, the first time 0755 gave me root but did not let me flash the PB file, the second time 0755 didnt work, and 777 did but it still says update fail
Click to expand...
Click to collapse
Are you using 777 for each chmod command?
Also, I was reading through the steps and found an error with step 16. It said the following:
16. Enter chmod 777 /data/local/tmp/rageagainstthecage-arm5.bin and then press enter.
It should have said this:
16. Enter chmod 777 /data/local/rageagainstthecage-arm5.bin and then press enter.
I have updated the steps on post 1.
Thanks very much for this thread!
My phone was in Condition 3. Instructions worked for me!
BNG303 said:
Thanks very much for this thread!
My phone was in Condition 3. Instructions worked for me!
Click to expand...
Click to collapse
Your welcome. I am glad it helped.
bagery77 said:
I did option 4 early this morning. Worked perfectly.
Thank-you to all involved.
Click to expand...
Click to collapse
Glad this helped. I wanted to give everyone a one stop shop for updating and root for 2.2. Also hoped everyone would not have to go though all that I did.
OUTDATED
Augest 14 2011
Unrevoked and AlpharevX released a new version of their http://revolutionary.io/ tool, use it, and preserve your data.
Do not use the root method below.
Original root left for a good read.
Advanced users wanting a different hboot please see http://forum.xda-developers.com/showthread.php?t=1186022, others continue as is.
Updated May 12th 2011
This guide has been updated to MR1/OTA Firmware 1.13.605.7
This guide has been updated on April 21 2011 to make it more reliable, and faster.
On request I am reposting this in full, but please check out the original here first.
HTC tried to stop us. They made signed images, a signed kernel, and a signed recovery. They locked the memory. In short, the ThunderBolt is their most locked-down phone to date.
We fixed it for you. Unlike the root method we described yesterday, following the instructions below will provide S-OFF, remove signature checks, and unlock eMMC. Enjoy!
Rooting The ThunderBolt – Version 3
Pros
Root with read/write access to /system
Ability to downgrade and flash any RUU (i.e. signed firmware)
S-OFF
Fully unlocked bootloader
All ThunderBolts survived testing
Cons
Voids warranty
Could brick your phone if you aren’t careful
The method of rooting your Android device as described in the article herein is solely for enthusiasts and not for the faint of heart.
IT WILL WIPE YOUR DATA. IT WILL WIPE YOUR DATA. IT WILL WIPE YOUR DATA.
Android Police and Team AndIRC disclaim all liability for any harm that may befall your device, including, but not limited to: bricked phones, voided manufacturer warranties, exploding batteries, etc.
The instructions below assume you already have a strong familiarity with adb command lines – this is not for beginners.
Credits
Scotty2, jamezelle, jcase, and all of Team AndIRC
dsb9938 for the tutorial cleanup
Testers, especially ProTekk and Trident
Thanks to scotty2 for WPThis
Busybox was pulled from a CyanogenMod ROM, source should be available here
psneuter was pulled from somewhere, credit to scotty2, source here
All firmware credit goes to 911sniper
Jaroslav from Android Police for editorial help
If I missed anyone in the credits, it was unintentional and I will fix it soon. Lots of people had their hands in on this project.
*** Please read the instructions in full before you attempt the process or head to IRC to ask questions. Also, make sure your battery is fully charged before taking the plunge. ***
Step 1
First, download these files:
Downgrade RUU PG05IMG_downgrade.zip ( (md5sum : aae974054fc3aed275ba3596480ccd5b) THIS IS THE DOWNGRADE RUU USED IN STEP 4:
Multiupload mirror
Mirrors for the package (contains busybox, wpthis, psneuter, su, readme.txt, misc.img, and hbooteng.nb0) (md5sum : 3b359efd76aac456ba7fb0d6972de3af) THIS IS THE EXPLOITS FILE:
Multiupload mirror
DroidSite mirror
Custom upgrade PG05IMG_MR1_upgrade.zip (md5sum : 7960c7977c25b2c8759605be264843ea) THIS IS THE CUSTOM RUU USED IN STEP 7:
http://www.multiupload.com/NEANZBS5S4
Step 2
Note that adb is required.
Push misc.img, busybox, and psnueter using the following commands:
Code:
adb push psneuter /data/local/
adb push busybox /data/local/
adb push misc.img /data/local/
adb shell chmod 777 /data/local/psneuter
adb shell chmod 777 /data/local/busybox
Step 3
This step will gain temp root and flash the custom misc.img. Run:
Code:
adb shell
Now the shell should display "$".
Run:
Code:
/data/local/psneuter
You will now be kicked out of adb, and adb will restart as root.
Let’s confirm the md5 of misc.img:
Code:
adb shell
At this point, the shell should display "#".
Now run:
Code:
/data/local/busybox md5sum /data/local/misc.img
Output should be "c88dd947eb3b36eec90503a3525ae0de." If it’s anything else, re-download the file and try again.
Now let’s write misc.img:
Code:
dd if=/data/local/misc.img of=/dev/block/mmcblk0p17
exit
Step 4
Here you will rename the downgrade RUU (PG05IMG_downgrade.zip) as PG05IMG.zip and place it on your SD card (put the phone in drive mode and just copy it with your OS). Then, run the following command:
Code:
adb reboot bootloader
Choose the bootloader option and press power; let the ROM flash. When asked to upgrade, choose yes. Don’t freak, it’s a long reboot.
Once done, reboot and delete PG05IMG.zip from your SD card.
Step 5
Set up the two part exploit, to gain root and unlock MMC.
Push wpthis, busybox, and psnueter:
Code:
adb push psneuter /data/local/
adb push busybox /data/local/
adb push wpthis /data/local/
adb shell chmod 777 /data/local/psneuter
adb shell chmod 777 /data/local/busybox
adb shell chmod 777 /data/local/wpthis
Gain root (this will once again throw you out of adb):
Code:
adb shell
/data/local/psneuter
Unlock MMC:
Code:
adb shell
/data/local/wpthis
exit
Step 6
Please pay attention – this is very important. This step involves a small chance of bricking if you mess up.
To push the eng bootloader:
Code:
adb push hbooteng.nb0 /data/local/
adb shell
/data/local/busybox md5sum /data/local/hbooteng.nb0
If the output does not match "6991368ee2deaf182048a3ed9d3c0fcb" exactly, stop, delete it, and re-download it. Otherwise, continue.
Now we will write the new bootloader.
Code:
dd if=/data/local/hbooteng.nb0 of=/dev/block/mmcblk0p18
Confirm proper write:
Code:
/data/local/busybox md5sum /dev/block/mmcblk0p18
If the output does not match "6991368ee2deaf182048a3ed9d3c0fcb," try again; if it still doesn’t work, seek help from chat.andirc.net in channel #root or go here AndIRC Thunderbolt Web Chat DO NOT REBOOT.
Reboot.
Step 7
Now, put the custom MR1 RUU (PG05IMG_MR1_upgrade.zip) on your SD card by putting the phone in drive mode and copying it with your OS. Then rename it to PG05IMG.zip
Then using an md5sum type program, check the md5sum and make sure it matches 7960c7977c25b2c8759605be264843ea, if it does not, redownload it. (Here is a free windows md5summer).
Next, run this command:
Code:
adb reboot bootloader
Choose the bootloader option and press power; let the ROM flash. When asked to upgrade, choose yes. Don’t freak, it’s a long reboot.
Once done, reboot and delete PG05IMG.zip from your SD card.
After it flashes, you will be running release firmware with S-OFF.
Reboot your phone. You should now have full root permissions, an engineering kernel and recovery.
I recommend you get rom manger from market.
If you still have problems, come to the chat: irc.andirc.net #thunderbolt or use http://chat.andirc.net:9090/?channels=#thunderbolt.
.
Good luck to you guys and thank you for the work you're putting into this. Definitely going to do a lot of projects once I get the TB and we get confirmed permanent root.
Cool, can't wait to hear about it!
Its against the nature of my being to have an unrooted Android phone for more than 72 hours. Good luck guys!
HAHAAAaaaaa
rulevoid said:
Its against the nature of my being to have an unrooted Android phone for more than 72 hours. Good luck guys!
Click to expand...
Click to collapse
Same here brother....
waiting for my instructions so i can root this
Waiting on this!
Ah...the cutting edge. Can't wait to see the development for this phone.
<- is very excited, I made it first in line for vzw opening at my store.
destroyerbmx said:
<- is very excited, I made it first in line for vzw opening at my store.
Click to expand...
Click to collapse
Me too! Now bring on the root! I need to restore data to some of my apps from my incredible.
Gimme Gimme
So pumped. TB is great, but like you guys, after five minutes, now on to rooting. Can't wait, and thanks for all the hard work on this. TB is going to be monster.
ahahaha
/10char
Awe yea!!!!!! Can't wait.
Got VZW to give me an early-up early-up! TB arriving in 12 hrs! Rooting in 12.5...
just copped my thunderbolt today so be on the lookout for the HOTNESS
XxXViRuSXxX said:
just copped my thunderbolt today so be on the lookout for the HOTNESS
Click to expand...
Click to collapse
Sweet, mine should be in hand tomorrow. Lookin' forward to it.
Picked up mine this am at local verizon looks sweet..., bring on the rooting
Ok guys I just picked up TB and itching to root and run cm7 ,It's not as fast as inc on gbread.
Sent from my ADR6400L using XDA App
I came from the fascinate and it feels a lot better to me. I don't use my phone for games but browsing feels like the xoom to me, minus the chrome browser. Hope we can port it.
santod040 said:
Sweet, mine should be in hand tomorrow. Lookin' forward to it.
Click to expand...
Click to collapse
WOW whats up man haven't talked to you in a WHILE man add me on gtalk [email protected]
After having nearly hung myself trying to figure out the whole SDK thing, what the hey ADB was and all that jazz, I thought I would give the rest of the people out there a step by step guide on getting from stock to root in no time. If you follow this guide, you won't spend the hours I did on google, XDA and irc trying to get where I am. This stuff can be confusing, and I am only here to make it less so.
Disclaimer: If you destroy your phone, I take no responsibility for it. You are performing this at your own risk.
I take no credit for the root process itself, there are people much smarter than I who worked on this. I used the method outlined here by jcase. I am simply compiling this and making it easy for people (much like myself) who had no prior experience be able to have root.
jcase said:
Credits (from original post here)
Scotty2, jamezelle, jcase, and all of Team AndIRC
Testers, especially ProTekk and Trident
Thanks to scotty2 for WPThis
Busybox was pulled from a CyanogenMod ROM, source should be available here
psneuter was pulled from somewhere, credit to scotty2, source here
All firmware credit goes to 911sniper
Jaroslav from Android Police for editorial help
If I missed anyone in the credits, it was unintentional and I will fix it soon. Lots of people had their hands in on this project.
Original warnings, posted by jcase:
Pros
Root with read/write access to /system
Ability to downgrade and flash any RUU (i.e. signed firmware)
S-OFF
Fully unlocked bootloader
All ThunderBolts survived testing
Cons
Voids warranty
Could brick your phone if you aren’t careful
The method of rooting your Android device as described in the article herein is solely for enthusiasts and not for the faint of heart.
IT WILL WIPE YOUR DATA. IT WILL WIPE YOUR DATA. IT WILL WIPE YOUR DATA.
Android Police and Team AndIRC disclaim all liability for any harm that may befall your device, including, but not limited to: bricked phones, voided manufacturer warranties, exploding batteries, etc.
The instructions below assume you already have a strong familiarity with adb command lines – this is not for beginners.*
Click to expand...
Click to collapse
*I made this guide as seamless and easy as possible. I have tested this 4 times now with success each time. Just follow every step to a T and there will be no problems. The warning is there to tell you what could happen if you don't listen very well...
Step 1: Download the Android SDK
http://developer.android.com/sdk/index.html
Step 2: Get into the SDK
After downloading, you should have a package named android-sdk_r10-mac_x86.zip in your downloads folder. Unzip it and move it to your desktop, to make life easier on yourself.
*Stop here right now if you have no idea what terminal is... shame on you, also this might be slightly more technical than you thought. No worries, I am going to hold your hand through it all*
Step 3: Get ADB
You can search as hard as you want to in that SDK and you won't find ADB. It's not there, leave it to google to be smug and leave a "ADB's not here sucka!!" readme in the file... cheeky muppets. Regardless of my personal feelings, You need to get ahold of the ADB. Easy enough to do. Open the tools folder located in the android-sdk-mac_x86 folder. Click on "android" (it's right next to google's smug readme...), and wait until it pulls up the screen seen below.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Once you've gotten here, click "available packages" on the left and install Android SDK Platform-tools, revision 3. Let it go through it's process and click close. Now, go back to your android-sdk-mac_x86 and you'll have the folder titled "Platform-tools", open it and, TA-DA! You have adb, don't click it... you don't need to.
Step 4: Prepare your phone for rooting.
Make sure your phone is fully charged before beginning. Go to Menu>Settings>Applications>Developer> and turn on USB Debugging. I had my phone on Disk Drive the entire procedure, I'm not sure if it had any benefits other than convenience, but, granted, it helped.
Step 5. Setup terminal for ADB.
To this point, you haven't had to open terminal on your own. It is probably still open from when you installed the platform-tools folder from the android executable file. If it is, right click (control click) the terminal icon, click new window and then click basic. If you closed it haphazardly (shame on you!) you need to open it. It is located in your application folder, in another folder titled Utilities.
Once you get to the terminal screen, you should see a white box, with the name of your computer, followed by the place your currently "located." A ~ means you are in your home folder. For fun, type the following into your terminal window.
Code:
touch test_file.txt
Now, navigate to your home folder and there is a text file there for you. Pretty neat, eh?
Now, we need to navigate to adb. Go to your android-sdk-mac_x86 folder, open it. Now, go back to terminal, type cd and drag the folder Platform-tools to the terminal window. You should see a green dot with a plus sign in it, that means you can add the folder to the terminal window. It should read something like this:
Code:
cd /Users/Your Computer's Name/Downloads/android-sdk-mac_x86/platform-tools
If you moved the android-sdk-mac_x86 folder (Like I did) after downloading it, it will only be slightly different. (My folder was in my home folder, so it just says /users/my computer/android-sdk-mac_x86/platform-tools)
Once you do this, you are ready to begin.
Step 6: GAIN ROOT!!!!11!!
Take a moment, breathe, cry, caress your phone... No, it really isn't that bad. I am what many consider a hypochondriac, I say I am just more "down to earth."
Glass half empty, half full, etc. we begin. I've slightly modified these to make them usable for us Apple guys. (All that has been changed is the adding of a "./" to the beginning of ever adb.)
Step 1
First, download these files:
RUU_Mecha_VERIZON_WWE_1.03.605.10_Radio_1.02.00.0103_2r_NV_8k_1.37_9k_1.52_release_
165253 (md5sum : aae974054fc3aed275ba3596480ccd5b):
Multiupload mirror
GalaxySense mirror
DroidSite mirror
Mirrors for the package (contains busybox, wpthis, psneuter, su, readme.txt, misc.img, and hbooteng.nb0) (md5sum : 3b359efd76aac456ba7fb0d6972de3af):
Multiupload mirror
GalaxySense mirror
DroidSite mirror
Custom RUU mirrors (md5sum : aff07b8256628a175c40938d408fa16f):
Multiupload mirror
GalaxySense mirror
(Personally, I extracted the exploit.zip folder, and the RUU_MECHA to my platform-tools folder so I never had to cd anywhere. I strongly recommend you do the same. I put the Custom RUU [PG05IMG.zip] on my desktop, so I didn't get it confused later in the process)
Step 2
Note that adb is required.
Push misc.img, busybox, and psnueter using the following commands:
Code:
./adb push psneuter /data/local/
./adb push busybox /data/local/
./adb push misc.img /data/local/
./adb shell chmod 777 /data/local/psneuter
./adb shell chmod 777 /data/local/busybox
Step 3
This step will gain temp root and flash the custom misc.img. Run:
Code:
./adb shell
Now the shell should display "$".
Run:
Code:
/data/local/psneuter
You will now be kicked out of adb, and adb will restart as root. Let’s confirm the md5 of misc.img:
./adb shell
At this point, the shell should display "#".
Run:
Code:
/data/local/busybox md5sum /data/local/misc.img
Output should be "c88dd947eb3b36eec90503a3525ae0de." If it’s anything else, re-download the file and try again.
Now let’s write misc.img:
Code:
dd if=/data/local/misc.img of=/dev/block/mmcblk0p17
exit
Step 4
Here you will rename the downgrade RUU (RUU_Mecha_VERIZON_WWE_1.03.605.10_Radio_1.02.00.0103_2r_NV_8k_1.37_9k_1.52_release_165253_signed.zip) as PG05IMG.zip and place it on your SD card. Then, run the following command:
Code:
./adb reboot bootloader
Choose the bootloader option and press power; let the ROM flash. When asked to upgrade, choose yes. Don’t freak, it’s a long reboot.
Once done, reboot and delete PG05IMG.zip from your SD card.
**Make sure to Re-enable USB Debugging!!! (Menu>Settings>Applications>Development>USB debugging)**
Set up the two part exploit, to gain root and unlock MMC.
Code:
Push wpthis, busybox, and psnueter.
./adb push psneuter /data/local/
./adb push busybox /data/local/
./adb push wpthis /data/local/
./adb shell chmod 777 /data/local/psneuter
./adb shell chmod 777 /data/local/busybox
./adb shell chmod 777 /data/local/wpthis
Step 5
Next, enter the following commands:
Code:
./adb shell
/data/local/psneuter
To unlock eMMC:
./adb shell
/data/local/wpthis
exit
Step 6
Please pay attention – this is very important. This step involves a small chance of bricking if you mess up.
To push the eng bootloader:
Code:
./adb push hbooteng.nb0 /data/local/
./adb shell
/data/local/busybox md5sum /data/local/hbooteng.nb0
If the output does not match "6991368ee2deaf182048a3ed9d3c0fcb" exactly, stop, delete it, and re-download it. Otherwise, continue.
Now we will write the new bootloader.
Code:
dd if=/data/local/hbooteng.nb0 of=/dev/block/mmcblk0p18
Confirm proper write:
Code:
/data/local/busybox md5sum /dev/block/mmcblk0p18
If the output does not match "6991368ee2deaf182048a3ed9d3c0fcb," try again; if it still doesn’t work, seek help from chat.andirc.net in channel #thunderbolt.
DO NOT REBOOT.
Now, reboot your phone and put the custom RUU (PG05IMG.zip) on your SD card. Then flash it. This will upgrade you to release firmware with an S-OFF bootloader.
**Make sure to Re-enable USB Debugging!!! (Menu>Settings>Applications>Development>USB debugging)**
Next, run this command:
Code:
./adb reboot bootloader
After it flashes, you will be running release firmware with S-OFF.
Step 7
Code:
Push SU, busybox, and psneuter.
./adb push psneuter /data/local/
./adb push busybox /data/local/
./adb push su /data/local/
./adb shell chmod 777 /data/local/psneuter
./adb shell chmod 777 /data/local/busybox
To gain root:
Code:
./adb shell
/data/local/psneuter
The following will remount /system and set up SU:
Code:
./adb shell
mount -o remount,rw -t ext3 /dev/block/mmcblk0p25 /system
/data/local/busybox cp /data/local/su /system/xbin/su
chown 0:0 /system/xbin/su
chmod 6755 /system/xbin/su
Step 8
Install Superuser from the Market.
Reboot your phone. You should now have full root permissions.
Step 9
Finally, install ROM Manager from the market, enter ROM Manager and flash the ThunderBolt recovery.
If you have problems getting SU to work, a couple extra reboots will likely fix it. If you still have problems, come to the chat: irc.andirc.net #thunderbolt or use http://chat.andirc.net:9090/?channels=#thunderbolt.
And there you go. You now have root. That was fun right? The irc is absolutely invaluable if you are having any trouble. The people there are really helpful and knowledgable. They won't talk down to you, just try to help.
Again, thank you to the people who made this possible, You all are awesome. the work that had to be done to make this user friendly is beyond amazing.
If I missed anything, please let me know. I might have missed something, I haven't slept all night.
Quite the thorough walk through. Nice job!
Sent from my ADR6400L using Tapatalk
Looks like a nice walk-through.
I may suggest including all of your steps for configuring the SDK and then simply referencing the official root guide... because if that would get updated then you would have old instructions on this thread.
It is not that hard for people to type the ./ in front of every command...
Alternatively (and recommended), you could provide a more thorough guide and include instructions on adding the SDK platform-tools directory to the PATH environment variable. Once this is added, the user can use adb whenever they want, they do not have to change directories to the SDK! This also allow for using the command without needing the leading ./
I knew people would come in who knew something... You both are right. The problem I was having was the same many of my friends and people on here were having, they kept getting a -bash: adb: command not found. I am working on fixing my .bash_profile, but until I get that fixed, this tutorial is the best I've got.
IISiDeK1CKII said:
I knew people would come in who knew something... You both are right. The problem I was having was the same many of my friends and people on here were having, they kept getting a -bash: adb: command not found. I am working on fixing my .bash_profile, but until I get that fixed, this tutorial is the best I've got.
Click to expand...
Click to collapse
I am excited try try this, thank you so much for writing this up. I get very confused doing these things the first time and didn't realize you could do this on mac by adding the prefix in the commands. So, now that I know that, I am hoping to try it!
One question.....and this is a total newbie question, sorry..... In the steps that have several commands like this one:
Set up the two part exploit, to gain root and unlock MMC.
Code:
Push wpthis, busybox, and psnueter.
./adb push psneuter /data/local/
./adb push busybox /data/local/
./adb push wpthis /data/local/
./adb shell chmod 777 /data/local/psneuter
./adb shell chmod 777 /data/local/busybox
./adb shell chmod 777 /data/local/wpthis
Click to expand...
Click to collapse
Should the commands all be ran individually, or all at the same time just on their own lines? Like, can I just copy all six commands and paste them in just like this then hit enter? Or do I need to run them all one at a time?
gadsden said:
I am excited try try this, thank you so much for writing this up. I get very confused doing these things the first time and didn't realize you could do this on mac by adding the prefix in the commands. So, now that I know that, I am hoping to try it!
One question.....and this is a total newbie question, sorry..... In the steps that have several commands like this one:
Should the commands all be ran individually, or all at the same time just on their own lines? Like, can I just copy all six commands and paste them in just like this then hit enter? Or do I need to run them all one at a time?
Click to expand...
Click to collapse
You hit enter after each of those commands.
I'm AMAZED at how well this went! I'd been avoiding ADB on windows, plus avoiding all the 1-click options as they didn't work correctly on VMWare/WinXp on my Mac Pro. So, I saw this post and decided to take the leap.
THANK YOU!!!! My device is now rooted and working flawlessly.
Nice write up, I completely avoided the whole ADB setup subject, due to a lack of mac/windows knowledge. Glad the community can come through.
Can you please paste in my warnings, full credits and links to the GPL (this part if very important to us) sources if you are going to base this on our stuff. Just take them from the original post please.
~jcase
I ALWAYS had to put the
./
before adb so it would be "./adb" for anything that started with adb. I see you missed it a couple times and that concerns me. I followed the original tut by jcase and put ./adb instead of plain adb and everything worked perfect. Just my 2¢.
bmcclure937 said:
Looks like a nice walk-through.
I may suggest including all of your steps for configuring the SDK and then simply referencing the official root guide... because if that would get updated then you would have old instructions on this thread.
It is not that hard for people to type the ./ in front of every command...
Alternatively (and recommended), you could provide a more thorough guide and include instructions on adding the SDK platform-tools directory to the PATH environment variable. Once this is added, the user can use adb whenever they want, they do not have to change directories to the SDK! This also allow for using the command without needing the leading ./
Click to expand...
Click to collapse
I really didn't realize until today that I could just as easily perform a manual root on a mac as a windows machine. So, I am trying to learn about this, been doing a bunch of reading. I am interested in what you are mentioning about adding SDK platform-tools directory to the PATH environment. On a mac, what environment should I be using? I am a little confused about the options listed on the Andorid Developer website. It seems Eclipse is what everything is all about primarily, but I have no clue which one to use. Perhaps I ought to just not worry about all that right now and just follow these steps to root my TB? I'm not really after doing anything other than rooting and flashing ROMs, so is it really necessary to set all that up?
xCHPx said:
I ALWAYS had to put the
./
before adb so it would be "./adb" for anything that started with adb. I see you missed it a couple times and that concerns me. I followed the original tut by jcase and put ./adb instead of plain adb and everything worked perfect. Just my 2¢.
Click to expand...
Click to collapse
Regarding the ./ Are you saying that we need to use that in front of these commands even though it's not listed in the steps?
adb reboot bootloader
adb shell
Other than that, the steps in this post work, right? I have everything downloaded and got as far as getting ADB, but I don't want to go any further if this isn't really as comprehensive as its made out to be.
gadsden said:
Regarding the ./ Are you saying that we need to use that in front of these commands even though it's not listed in the steps?
adb reboot bootloader
adb shell
Click to expand...
Click to collapse
Yes otherwise i don't believe it will work.
Wow! I really didn't think this would get quite as much attention. I think I need to do some more solid work and clean this up a bit. Now, for the individual responses:
@Gadsden: You're very welcome. I kept thinking, this is impossible! But, with a little Red Hat experience and some awesome google skills, I got this.
@Jayhammy: You're welcome man. Enjoy!
@jcase: Of course I can. I never really thought this would gain so many views. There aren't words to explain how psyched I am to see you talking directly to me... lol, I will give full credit to everyone, as soon as I post this
@xCHPx: I posted this after a long night, with no sleep. I knew I would miss something. The cool thing about that is if you copy and pasted the command without ./ in front of it, it would simply not run. There is really no way to mess this up.
@gadsden (pt.2): Hypothetically speaking, you don't need to do ANYTHING other than what I've listed. If you decide to start developing themes, apps, etc. you'd have to worry about eclipse. I made a mistake on the two things listed there, every adb command must have ./ in front of it. I simply overlooked it when typing this up. There was a lot of stuff to be typed.
thanks for the walk-through!
i have 2 quick questions...
for say like this step:
./adb shell
/data/local/psneuter
To unlock eMMC:
./adb shell
/data/local/wpthis
exit
Click to expand...
Click to collapse
ur hitting enter after shell correct? the /data/... doesnt need a program command like ./adb before it correct? same with all other lines with no ./adb in front of them?
also for this:
Step 9
Finally, install ROM Manager and flash the ThunderBolt recovery.
Click to expand...
Click to collapse
im assuming ROM Manager is in market like Super User but i dont know what flash the Thunderbolt recovery means...could u explain that?
Thanks again!
yeah, I'll explain that in the post but also here. ROM Manager is a program available in the market. If you go to the market and type it in, you'll see it. It's a top hat with a gear behind it.
After you install ROM Manager, You need to touch the first item in the screen, Flash ClockworkMod Recovery. Then you will be good. I am going to update that now in the OP.
IISiDeK1CKII said:
yeah, I'll explain that in the post but also here. ROM Manager is a program available in the market. If you go to the market and type it in, you'll see it. It's a top hat with a gear behind it.
After you install ROM Manager, You need to touch the first item in the screen, Flash ClockworkMod Recovery. Then you will be good. I am going to update that now in the OP.
Click to expand...
Click to collapse
Funny, I had the same exact question. I posted it in the jcase discussion and got the answer there. Definitely put that in the OP, because first timers don't know these things!
gadsden said:
Funny, I had the same exact question. I posted it in the jcase discussion and got the answer there. Definitely put that in the OP, because first timers don't know these things!
Click to expand...
Click to collapse
Fixed it, I overlooked it. I guess I assumed that everyone knew what ROM Manager was... lol. I've been rooting since the Droid 1, so I've always been around people who know these things. Sorry for not clarifying though, I hope my new updated post is more concrete.
gadsden said:
I really didn't realize until today that I could just as easily perform a manual root on a mac as a windows machine. So, I am trying to learn about this, been doing a bunch of reading. I am interested in what you are mentioning about adding SDK platform-tools directory to the PATH environment. On a mac, what environment should I be using? I am a little confused about the options listed on the Andorid Developer website. It seems Eclipse is what everything is all about primarily, but I have no clue which one to use. Perhaps I ought to just not worry about all that right now and just follow these steps to root my TB? I'm not really after doing anything other than rooting and flashing ROMs, so is it really necessary to set all that up?
Click to expand...
Click to collapse
You can add the path of the SDK to your $PATH variable. This allows you to run ADB from any directory and not need the ./ in front of every single command.
From terminal, do the following:
Code:
ls -la
You should see a file called ".bash-profile within your home directory.
Edit this file and add the path of your SDK to the $PATH variable.
Code:
nano .bash-profile
Familiarize yourself with editing files in nano if you have not done this before. It is very simple. Once you have edited and saved the file... run this last command to check if the PATH variable now contains the new path.
Code:
echo $PATH
If you get lost or confused... Google is your friend! There is a lot of info on editing the PATH environment variable.
*Please Note* this is not needed for the guide but it does allow you to run ADB from any directory... and without leading ./ in front of all commands.
Thanks for this. I'm going to go to lunch and then get into this. How long did it take everyone to go through this?
bmcclure937 said:
You can add the path of the SDK to your $PATH variable. This allows you to run ADB from any directory and not need the ./ in front of every single command.
Click to expand...
Click to collapse
I've set my path up, and it works when I want it to... but this is easier to do (imho) without getting too far into command line. If I feel I could streamline this by doing such, then I will do so.
edit: And now it is broken again... back to troubleshooting... not quite sure wth I did...
@want a droid: The thing that will take the longest is downloading the files needed. Everything else will take you all of 30 minutes at most.
IISiDeK1CKII said:
yeah, I'll explain that in the post but also here. ROM Manager is a program available in the market. If you go to the market and type it in, you'll see it. It's a top hat with a gear behind it.
After you install ROM Manager, You need to touch the first item in the screen, Flash ClockworkMod Recovery. Then you will be good. I am going to update that now in the OP.
Click to expand...
Click to collapse
IISiDeK1CKII said:
Fixed it, I overlooked it. I guess I assumed that everyone knew what ROM Manager was... lol. I've been rooting since the Droid 1, so I've always been around people who know these things. Sorry for not clarifying though, I hope my new updated post is more concrete.
Click to expand...
Click to collapse
thanks man!
yea im coming from a BB so new to this stuff...i have a PC and im doing long way to learn...doesnt seem hard, simple terminal commands but just want to get everything rights...soon as i do it once, ill be good to go and help out others like u guys
Ok, so I got TWRP on the phone then I used Flash Fire to try and get Android 7 while maintaining custom recovery (and even was supposed to inject SuperSU. It went and did it's thing and on boot I saw SuperSU on phone so I thought hey I am good sweet. HA, Well open it and it said can't find binary, ut oh. I go to manually boot recovery and it wipes user data instead so I lost TWRP.
Well Ok, I thought. Let me LG UP the modified TOT and select refurb to just get me back to Marshmellow with TWRP and try again. YEAH RIGHT. Looks like the Android 7 update blows another qfuse and now LG UP just states anti rollback version is smaller than installed.
I WANT ROOT I PAID FOR THIS THING IN FULL WHY IS IT SOO HARD FOR MANUFACTURERS TO ALLOW ME ACCESS TO MY OWN HARDWARE. When I buy a computer with an OS they don't give me a user only level account and tell me it is for my own good. They allow me to do whatever I WANT because you know why I BOUGHT THE HARDWARE IN FULL AND the supreme court has said no subsidy locks allowed as when a user buys a device it is theirs not yours. I feel this is another version of a subsidy lock at the rate we are going and I can't wait until someone with the time and money sues an OEM and wins us the right to not jump through all these damn hoops to be allowed to do what we wish with the hardware we buy IN FULL NOW.
Ok, rant over, Anyone out there know of a way to root android 7 on the H830? I dunno if a dev could maybe mod up a 20a image so that we can LGUP it to the H830s that have Android 7 and need root.
@RealPariah here ya go follow this Thanks to @godfather123189 for finding these instructions:
i can confirm dirtycow worked for me to reflash twrp. you have to make sure to have the newest version of twrp.img. i was also able to root 20a with the newest supersu.zip.
i will try going back to 10j nandroid i had made before i upgraded to 20a
download all the files from here:
https://build.nethunter.com/android-tools/dirtycow/arm64/
and follow these instructions:
**pushing files**
adb push dirtycow /data/local/tmp
adb push recowvery-applypatch /data/local/tmp
adb push recowvery-app_process64 /data/local/tmp
adb push recowvery-run-as /data/local/tmp
adb push twrp.img /sdcard/twrp.img
**end pushing files**
1) adb shell
2) cd /data/local/tmp
3) chmod 0777 *
4) ./dirtycow /system/bin/applypatch recowvery-applypatch
"<wait for completion>"
5) ./dirtycow /system/bin/app_process64 recowvery-app_process64
"<wait for completion, your phone will look like it's crashing>"
6) exit
7) adb logcat -s recowvery
"<wait for it to tell you it was successful>"
8) CTRL+C
9) adb shell reboot recovery
"<wait for phone to boot up again, your recovery will be reflashed to stock>"
10) adb shell
11) getenforce
"<it should say Permissive, adjust source and build for your device!>"
12) cd /data/local/tmp
13) ./dirtycow /system/bin/run-as recowvery-run-as
14) run-as exec ./recowvery-applypatch boot
"<wait for it to flash your boot image this time>"
15) run-as su
16) dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery
Well you arent alone. And I agree , I fully own my device and I think I should be able to do what ever the living F*&% I want with it .
Its only a question of time though,these guys are the best there are at cracking through companies 'efforts at locking us out of our own shiznat....in the meantime setup the stuff you can without ROOT (no Titanium Backup....*sniff) LOL.
Before long we'll wake up and see TWRP attached to the ROM like before and all will be well. Cheers
OK after 2 days of attempting this without even wrapping my head around the idea of how to access /data/local/temp without being rooted to begin with I hereby surrender :crying:
Thanks for posting this for dayum sure, I only wish I was a more proficient SDK user as to be able to utilize it.
I mean Im fully versed in the very basics of Fastboot/ADB as a long time Nexus user.Push,pull flashing recoveries and the other relatively easy stuff.But I cant get this worth a crap .....
Thanks guys
Jonathanpeyton said:
OK after 2 days of attempting this without even wrapping my head around the idea of how to access /data/local/temp without being rooted to begin with I hereby surrender :crying:
Thanks for posting this for dayum sure, I only wish I was a more proficient SDK user as to be able to utilize it.
I mean Im fully versed in the very basics of Fastboot/ADB as a long time Nexus user.Push,pull flashing recoveries and the other relatively easy stuff.But I cant get this worth a crap .....
Thanks guys
Click to expand...
Click to collapse
I struggled with it at first I would be glad to assist I'm not at home but when I get home and can access my desktop I would be glad to try to explain it better.
---------- Post added at 06:45 AM ---------- Previous post was at 06:12 AM ----------
Jonathanpeyton said:
OK after 2 days of attempting this without even wrapping my head around the idea of how to access /data/local/temp without being rooted to begin with I hereby surrender :crying:
Thanks for posting this for dayum sure, I only wish I was a more proficient SDK user as to be able to utilize it.
I mean Im fully versed in the very basics of Fastboot/ADB as a long time Nexus user.Push,pull flashing recoveries and the other relatively easy stuff.But I cant get this worth a crap .....
Thanks guys
Click to expand...
Click to collapse
OK here goes my best attempt at explaining it, you need to have your phone turned on with Android debugging turned on as well plug your phone into the pc and then accept the request from adb to access the device. Then start running the adb commands starting with the ones under ***pushing files*** then start following the steps 1-16. Let me know if you have any more questions or something you don't understand. Hopefully this was helpful. P.S. I also had all of the downloaded files inside my adb folder and opened the command window from that folder.
shaneg79 said:
@RealPariah here ya go follow this Thanks to @godfather123189 for finding these instructions:
i can confirm dirtycow worked for me to reflash twrp. you have to make sure to have the newest version of twrp.img. i was also able to root 20a with the newest supersu.zip.
i will try going back to 10j nandroid i had made before i upgraded to 20a
download all the files from here:
https://build.nethunter.com/android-tools/dirtycow/arm64/
and follow these instructions:
**pushing files**
adb push dirtycow /data/local/tmp
adb push recowvery-applypatch /data/local/tmp
adb push recowvery-app_process64 /data/local/tmp
adb push recowvery-run-as /data/local/tmp
adb push twrp.img /sdcard/twrp.img
**end pushing files**
1) adb shell
2) cd /data/local/tmp
3) chmod 0777 *
4) ./dirtycow /system/bin/applypatch recowvery-applypatch
"<wait for completion>"
5) ./dirtycow /system/bin/app_process64 recowvery-app_process64
"<wait for completion, your phone will look like it's crashing>"
6) exit
7) adb logcat -s recowvery
"<wait for it to tell you it was successful>"
8) CTRL+C
9) adb shell reboot recovery
"<wait for phone to boot up again, your recovery will be reflashed to stock>"
10) adb shell
11) getenforce
"<it should say Permissive, adjust source and build for your device!>"
12) cd /data/local/tmp
13) ./dirtycow /system/bin/run-as recowvery-run-as
14) run-as exec ./recowvery-applypatch boot
"<wait for it to flash your boot image this time>"
15) run-as su
16) dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery
Click to expand...
Click to collapse
This worked great! Thank you! After TWRP was flashed via steps above I just followed the video I linked below from the 8:20 mark and formatted data and then flashed dmverify encrypt and super su (both downloads in vid) and now I'm back to rooted on 7.0 nougat with TWRP and supersu!
Go dirtycow!
Thank you shaneG79 and Genardas this made all the difference!
so An Instruction List ,a Thoughtfully Worded Explanation and You Tube Video are worth a 1000 words
shaneg79 said:
I struggled with it at first I would be glad to assist I'm not at home but when I get home and can access my desktop I would be glad to try to explain it better.
---------- Post added at 06:45 AM ---------- Previous post was at 06:12 AM ----------
OK here goes my best attempt at explaining it, you need to have your phone turned on with Android debugging turned on as well plug your phone into the pc and then accept the request from adb to access the device. Then start running the adb commands starting with the ones under ***pushing files*** then start following the steps 1-16. Let me know if you have any more questions or something you don't understand. Hopefully this was helpful. P.S. I also had all of the downloaded files inside my adb folder and opened the command window from that folder.
Click to expand...
Click to collapse
Any Idea why Im still getting a "permission denied" affter my chmod 0777* here?
1) adb shell
2) cd /data/local/tmp
3) chmod 0777 *
4) ./dirtycow /system/bin/applypatch recowvery-applypatch
"<wait for completion>"
that seems to throw it all out of wack..
Jonathanpeyton said:
Any Idea why Im still getting a "permission denied" affter my chmod 0777* here?
1) adb shell
2) cd /data/local/tmp
3) chmod 0777 *
4) ./dirtycow /system/bin/applypatch recowvery-applypatch
"<wait for completion>"
that seems to throw it all out of wack..
Click to expand...
Click to collapse
I think there may be a space between the last 7 and the * I can't be sure though because I copy and pasted it into the adb window
shaneg79 said:
I think there may be a space between the last 7 and the * I can't be sure though because I copy and pasted it into the adb window
Click to expand...
Click to collapse
I think you may be right,and as I am copy pasting now Ive been been able to get past it.
I still was able to get root last night with it but was denied access to data in the end so I had to go back.Thank you!
when you finally get to "adb shell reboot recovery" did yours boot to the Firmware Update page? or to something else....mine repeatedly goes to Firmware update then of course isnt seen by adb anymore and no recovery is ever flashed I dont think..
Jonathanpeyton said:
when you finally get to "adb shell reboot recovery" did yours boot to the Firmware Update page? or to something else....mine repeatedly goes to Firmware update then of course isnt seen by adb anymore and no recovery is ever flashed I dont think..
Click to expand...
Click to collapse
No mine rebooted and I finished the rest of the steps I would try going through the steps again and copy and paste everything into adb window. I think in order for twrp to be flashed you have to finish all 16 steps.
shaneg79 said:
No mine rebooted and I finished the rest of the steps I would try going through the steps again and copy and paste everything into adb window. I think in order for twrp to be flashed you have to finish all 16 steps.
Click to expand...
Click to collapse
Roger will do thank you!
nah its no good.No matter what it will only go to that Firmware page.All the commands are correct.It must be something in my setup itself.
I had wondererd am I supposed to leave the cable in for the entirety of the 16 steps (which I have done)?
Jonathanpeyton said:
nah its no good.No matter what it will only go to that Firmware page.All the commands are correct.It must be something in my setup itself.
I had wondererd am I supposed to leave the cable in for the entirety of the 16 steps (which I have done)?
Click to expand...
Click to collapse
Yes I did, you might try using lg up and reflashing 20a and then trying again.
OK I went full on fresh as possible all installs.
Uninstalled reinstalled all drivers/ utils (Uppercut,LGUP ect.)
Copied all instructions to a separate file to ease copying
all before taking your advice (which I thought sounded like the right direction to go) and reflashing 20a.KMZ in LGUP.
Still the result is the same,step 9 (reboot to recovery) leads only to the Firmware Update screen ~~~~~> https://drive.google.com/open?id=0B03a0JRwWhkwX1RQdmlSRmh5c0U AND https://drive.google.com/open?id=0B03a0JRwWhkwT0lMNEViNGIxWkE
Also I want to mention, when I try to directly copy the chmod as is (0777 *) I get a permission denied so Ive been changing it to 0777* (no space between the asterisk [regex] and the last 7) which seems to work as I am able to continue entering code....
man and I thought Samsung devices were a pain to root lol.
Thanks so much for all the help so far Im usually not this much trouble....
Jonathanpeyton said:
OK I went full on fresh as possible all installs.
Uninstalled reinstalled all drivers/ utils (Uppercut,LGUP ect.)
Copied all instructions to a separate file to ease copying
all before taking your advice (which I thought sounded like the right direction to go) and reflashing 20a.KMZ in LGUP.
Still the result is the same,step 9 (reboot to recovery) leads only to the Firmware Update screen ~~~~~> https://drive.google.com/open?id=0B03a0JRwWhkwX1RQdmlSRmh5c0U AND https://drive.google.com/open?id=0B03a0JRwWhkwT0lMNEViNGIxWkE
Also I want to mention, when I try to directly copy the chmod as is (0777 *) I get a permission denied so Ive been changing it to 0777* (no space between the asterisk [regex] and the last 7) which seems to work as I am able to continue entering code....
man and I thought Samsung devices were a pain to root lol.
Thanks so much for all the help so far Im usually not this much trouble....
Click to expand...
Click to collapse
You're not being any trouble I just wish I knew why yours isn't working correctly
ok update..... I used the devices internal settings to do a factory reset then reinstalled 20a.THAT made it to where I am now able to grant the proper permissions to /data/local/tmp.However,I still wind up at the Firmware Update page after >adb shell reboot recovery instead of the recovery screen or just a reboot....but I guess its small progress.
shaneg79 said:
@RealPariah here ya go follow this Thanks to @godfather123189 for finding these instructions:
i can confirm dirtycow worked for me to reflash twrp. you have to make sure to have the newest version of twrp.img. i was also able to root 20a with the newest supersu.zip.
i will try going back to 10j nandroid i had made before i upgraded to 20a
download all the files from here:
https://build.nethunter.com/android-tools/dirtycow/arm64/
and follow these instructions:
**pushing files**
adb push dirtycow /data/local/tmp
adb push recowvery-applypatch /data/local/tmp
adb push recowvery-app_process64 /data/local/tmp
adb push recowvery-run-as /data/local/tmp
adb push twrp.img /sdcard/twrp.img
**end pushing files**
1) adb shell
2) cd /data/local/tmp
3) chmod 0777 *
4) ./dirtycow /system/bin/applypatch recowvery-applypatch
"<wait for completion>"
5) ./dirtycow /system/bin/app_process64 recowvery-app_process64
"<wait for completion, your phone will look like it's crashing>"
6) exit
7) adb logcat -s recowvery
"<wait for it to tell you it was successful>"
8) CTRL+C
9) adb shell reboot recovery
"<wait for phone to boot up again, your recovery will be reflashed to stock>"
10) adb shell
11) getenforce
"<it should say Permissive, adjust source and build for your device!>"
12) cd /data/local/tmp
13) ./dirtycow /system/bin/run-as recowvery-run-as
14) run-as exec ./recowvery-applypatch boot
"<wait for it to flash your boot image this time>"
15) run-as su
16) dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery
Click to expand...
Click to collapse
Thank you so much... And whom ever is behind this I anyway... One word... Genius... Simply Genius.. Well that was 2 words
Accidental double post see next post, my bad...
Accidental double post