Related
Hi there...
I'm finally considering rooting, however all the guides lead to flashing a custom rom... but actually I don't want to flash a custom ROM, I want to keep everything as it is, with the difference that I (and preferably only I) can become super user on the shell when I need to do some changes (like fixing the stock widget bug in the internal database).
I've read this right now:
http://forum.xda-developers.com/showthread.php?t=724741
And they say I can flash this files called EngTools.zip
Does this also work on the Hero assuming the guide (PossibleGSMRoot or something... fromt he villainforum) works on my phone?
I don't even want to permanently have some kind of AmonRa blabla recovery boot image on my phone. If I need it while I get root that's fine, but I want to get rid of it afterwards. I really don't need root for any applications liek overclocking etc. etc. just for smaller dives into the files system and changes there via adb.
olafos said:
Hi there...
I'm finally considering rooting, however all the guides lead to flashing a custom rom... but actually I don't want to flash a custom ROM, I want to keep everything as it is, with the difference that I (and preferably only I) can become super user on the shell when I need to do some changes (like fixing the stock widget bug in the internal database).
I've read this right now:
http://forum.xda-developers.com/showthread.php?t=724741
And they say I can flash this files called EngTools.zip
Does this also work on the Hero assuming the guide (PossibleGSMRoot or something... fromt he villainforum) works on my phone?
I don't even want to permanently have some kind of AmonRa blabla recovery boot image on my phone. If I need it while I get root that's fine, but I want to get rid of it afterwards. I really don't need root for any applications liek overclocking etc. etc. just for smaller dives into the files system and changes there via adb.
Click to expand...
Click to collapse
Hmmm. If you are on 2.1, then you can use the GSM root i posted over at VR. The recovery needs to be flashed to the phone though, so you can flash zips to the phone from there.
As for your wish to get rid of the patched recovery afterwards, you're missing out a lot, but if you can find the stock recovery img file, you can simply flash that using
"flash_image recovery FilenameHero.img" via the phone's shell or adb (once rooted, presuming you added the flash_image binary).
As for that file, I don't know, as I've never checked if that will work on the hero.
I'd be inclined to say DON'T TRY IT, since it will contain a kernel, and flashing the wrong kernel can brick your device's radio, essentially ruining it.
But if you locate the correct files for the GSM hero, and package them similarly, you could flash that onto your phone via recovery
Bear in mind the stock HTC ROM is basically full on the system partition, so you might have issues actually fitting the files on.
I've been a lurker for some time here but just before I had thought about exactly the same issue as OP... I always wondered why there's no way to just get root access temporarily. Most people told me I'd have to flash a custom ROM.
So today I finally looked into the matter and based on your (anon2122) post on VillainROM and the Eris exploits etc. I managed to do exactly what I wanted... and thought it's time to get an account...
I only really needed root for the Stock app currency issue: [HTTP]://forum[DOT]xda-developers[DOT]com/showthread[DOT]php?t=719149 which I was now able to fix.
HTC Hero GSM soft root guide by ixampl
(... credits belong to / based on: [HTTP]://www[DOT]villainrom[DOT]co[DOT] uk/viewtopic[DOT]php?f=110&t=2096)
1 Flashing a custom recovery image
1.1 Backup (1)
Code:
adb shell mkdir /data/local/backup
adb shell cat /data/local/rights/mid.txt > /data/local/backup/mid.txt
1.2 Uploading custom recovery image and image flashing tool and setting correct permissions
Code:
adb push recovery-RA-hero-v1.6.2.img /data/local/
adb push flash_image /data/local/
adb shell chmod 777 /data/local/recovery-RA-hero-v1.6.2.img
adb shell chmod 777 /data/local/flash_image
1.3 Center piece of the permissions exploit for the recovery ROM
Code:
adb shell ln -s /dev/mtd/mtd1 /data/local/rights/mid.txt
1.4 Normal reboot
Code:
adb reboot
1.5 Now that the recovery ROM (/dev/mtd/mtd1) is accessible: Backup (2)
Code:
adb shell cat /dev/mtd/mtd1 > /data/local/backup/recovery.img
1.6 Flashing the previously uploaded custom recovery image
Code:
adb shell /data/local/flash_image recovery /data/local/recovery.img
1.7 Rebooting into recovery mode
Code:
adb reboot recovery
2 Adding root shell (optional)
2.1 Mounting all devices
Code:
adb shell mount -a
2.2 Adding rootsh
Code:
adb shell cat /system/bin/sh > /system/bin/rootsh
adb shell chmod 4755 /system/bin/rootsh
2.3 Rebooting into system
Code:
adb reboot
After this you can flash the recovery.img you backed up in step 1.5 just as you flashed in step 1.6 (adjust the parameters accordingly).
ixampl said:
I've been a lurker for some time here but just before I had thought about exactly the same issue as OP... I always wondered why there's no way to just get root access temporarily. Most people told me I'd have to flash a custom ROM.
So today I finally looked into the matter and based on your (anon2122) post on VillainROM and the Eris exploits etc. I managed to do exactly what I wanted... and thought it's time to get an account...
I only really needed root for the Stock app currency issue: [HTTP]://forum[DOT]xda-developers[DOT]com/showthread[DOT]php?t=719149 which I was now able to fix.
HTC Hero GSM soft root guide by ixampl
(... credits belong to / based on: [HTTP]://www[DOT]villainrom[DOT]co[DOT] uk/viewtopic[DOT]php?f=110&t=2096)
1 Flashing a custom recovery image
1.1 Backup (1)
Code:
adb shell mkdir /data/local/backup
adb shell cat /data/local/rights/mid.txt > /data/local/backup/mid.txt
1.2 Uploading custom recovery image and image flashing tool and setting correct permissions
Code:
adb push recovery-RA-hero-v1.6.2.img /data/local/
adb push flash_image /data/local/
adb shell chmod 777 /data/local/recovery-RA-hero-v1.6.2.img
adb shell chmod 777 /data/local/flash_image
1.3 Center piece of the permissions exploit for the recovery ROM
Code:
adb shell ln -s /dev/mtd/mtd1 /data/local/rights/mid.txt
1.4 Normal reboot
Code:
adb reboot
1.5 Now that the recovery ROM (/dev/mtd/mtd1) is accessible: Backup (2)
Code:
adb shell cat /dev/mtd/mtd1 > /data/local/backup/recovery.img
1.6 Flashing the previously uploaded custom recovery image
Code:
adb shell /data/local/flash_image recovery /data/local/recovery.img
1.7 Rebooting into recovery mode
Code:
adb reboot recovery
2 Adding root shell (optional)
2.1 Mounting all devices
Code:
adb shell mount -a
2.2 Adding rootsh
Code:
adb shell cat /system/bin/sh > /system/bin/rootsh
adb shell chmod 4755 /system/bin/rootsh
2.3 Rebooting into system
Code:
adb reboot
After this you can flash the recovery.img you backed up in step 1.5 just as you flashed in step 1.6 (adjust the parameters accordingly).
Click to expand...
Click to collapse
That is a nice method.
I've long thought about making something similar, so maybe today I'll try, as an idea has come back to me...
I am thinking that I can avoid the whole recovery flashing, though I'm not going to say the idea till I've thought it through, as someone might try it before I realise how stupid an idea it is...
But I'll certainly see if it can get permanent root sorted out on the phone, although it won't give root adb access, as that is defined in the boot.img, though I guess I could flash that while I'm at it...
Good work.
Thanks!
Yes, a method to (safely) acquire super user access without flashing anything would be highly appreciated There's a small risk involved with flashing. Granted it usually causes no issues, but there is the slight possibility of bricking your phone.
Good work.
Click to expand...
Click to collapse
Thanks, although - as you know - I really didn't do anything special there
[...] although it won't give root adb access [...]
Click to expand...
Click to collapse
Yes, that's a minor annoyance, but really minor ... for the currency fix I naturally couldn't do
Code:
adb pull /data/data/com.htc.dcs.service.stock/databases/stock.db stock.db
or
Code:
adb push stock.db /data/data/com.htc.dcs.service.stock/databases/stock.db
but it's not that hard to just work around that via /data/local:
Code:
adb shell
$ rootsh
# cat /data/data/com.htc.dcs.service.stock/databases/stock.db > data/local/stock.db
then pull from there etc.
I really think "rooting" is a misnomer for most of the current guides.
I can see that most people "root" their phone in order to get custom ROMs (and I have no issue with that, it's just too much overkill for someone who just wanted to fix a small bug ) but In fact most people don't care about rooting per se, they care about flashing a recovery image which enables them to flash custom ROMs.
I actually wanted to try:
Code:
adb shell ln -s /dev/mtd/mtd3 /data/local/rights/mid.txt
...and see what happens if I remount after boot. If it causes the system to follow back the link with user permissions for the recovery ROM, maybe the system ROM could be (write-)accessed as well. Then again, it was my first venture into rooting so naturally there would have been no way to fix a broken system image safe for reflashing the 1.5 RUU.
Do you have any details about what the original purpose of the (original) mid.txt was? I mean, it was there, sitting in a directory named rights... quite an invitation (of course, we didn't actually "set" rights in that file or anything for the exploit, but still...)
Is it safe to delete mid.txt and will it be recreated with some default values by the system?
Click to expand...
Click to collapse
Well this was a bit of a mess!
Firstly updating:
http://forum.xda-developers.com/showthread.php?t=1043349
http://phonedock.net/huawei-ideos-s7-froyo-2-2-2-update.html I followed this nice writeup. Be sure to delete the log file in dload for the second round of the upgrade as your device might, like mine, just blink on and off for a while trying to flash what it thinks it finds is already flashed but what just gives an error!
http://www.androidtablets.net/forum...uawei-ideos-s7-official-firmware-2-2-2-a.html Links to 2.2.2 Brazil which is the best for the 101 apparently, some tests done in that post on which rom work best for which model.
Now,
REMOVE YOUR SDCARD IF ANY! AND REBOOT THE DEVICE ! THIS HACK RELIES HEAVILY ON HIGH STRANGENESS AND SPOOKY ACTION AT A DISTANCE!
Originally i though modifying an ol doroot.sh script to using the psneuter exploit from SuperOneClick i would manage to root the device. Not without some fuzz, no. Firstly i discovered "cp" and many basic fileutils im used to in the world of *nix was missing from the 2.2.2 image kindly provided by Huawei ( The Norwegian Telenor image i might add that the camera on a model 101 will not work with!) so i found an easier way! push push push!
Here's what i did, for convenience ill try making it a script, but be prepared to copy these commands manually instead! For windows simply remove the ./ and add .exe .
Now, to make this work, simply get SuperOneClick from http://shortfuse.org/?page_id=2 and unzip, i used the adb from the google android sdk, but i guess the adb binary that comes with SOC is a simpler route if your just in for a quick root fix. Simply rename the appropriate adb for your system and use this method.
The simplest thing to do i guess is to copy Exploits/psneuter or gingerbreak to the ADB folder (in SuperOneClick's folder) and go on from there, also copy su-v3 (rename it to su) and Superuser.apk from "Root/" to the folder (ADB), or if you choose to, rewrite this "script" with the appropriate paths. Im unsure if the following script will work in every case, so you might want to do it manually, but most should get the drift, if you are not comfortable with this procedure you probably have no business or reason rooting the device in the first place. Disclaimer; if this bricks your device don't blame me, this is a fact of "it worked for me", your results may differ.
Be sure to set your USB mode to "Developer" mode
AND BE ROOT ON YOUR MACHINE!
Code:
#/bin/bash
echo "The BackAsswardsRootScript!\n\n"
echo "Lets start the adb server.\n\n"
./adb kill-server
./adb start-server
echo "Pushing the exploit psneuter onto the device.\n\n"
./adb push psneuter /data/local/tmp/psneuter
./adb shell "chmod 0755 /data/local/tmp/psneuter"
./adb push busybox /data/local/tmp/busybox
./adb shell "chmod 4755 /data/local/tmp/busybox"
echo "Now we run the root exploit.\n\n"
./adb shell "./data/local/tmp/psneuter"
echo "We should be root now, making sure.\n\n"
./adb root
echo "Remointing the FS as RW!\n\n"
./adb shell " /data/local/tmp/busybox mount -o rw,remount /system"
echo "Pushing the system files in place\n"
./adb shell "/data/local/tmp/busybox cp /data/local/tmp/busybox /system/bin/busybox"
./adb push su /system/bin/su
./adb push Superuser.apk /system/app/Superuser.apk
echo "Correct permissions might be nice.\n"
./adb shell "chmod 4755 /system/bin/busybox"
./adb shell "chmod 4755 /system/bin/su"
./adb shell "chmod 755 /system/app/Superuser.apk"
# Lets go back to read only, just for kicks!
echo "Remounting the filesystem as Read-Only\n\n"
./adb shell "busybox mount -o ro,remount -t /system"
echo "You should now be rooted my friend.\n Enjoy!\n"
Please help feed my Linux addiction! Go to http://threader.zapto.org and click Donate!
Rooting S7 using Gingerbreak
Just too inform you. I've just succesfully rooted the Indonesian 2.2.2 running on a
S7-105 using Chainfire's Gingerbreak v1.2.
Cool, theres a gingerbreak exploit in the superoneclick package also, i tried that after i though psneuter didnt work, just a matter of replacing psneuter with gingerbreak. Did you use this method though or did you find some other way?
I didn't change or replace anything. My terminal skills are not on a level to have the guts anyway.
I simply updated from S7V100R001C43B010 to S7v100R001C98B021.
Then ran the Gingerbreak 1.2 exploit.
Interesting, yeah the gingerbreak exploit will work, when i wrote the fist post i used the gingerbreak exploit instead of the psneuter one thinking psneuter didnt work, turns out it did though and i went back to that one as its designed for 2.2.2, didnt know of this wrapper though, thanks!
Just granted su superuser permissions on the Australian s7
Great work. Just noticed a missing final quotation mark:
threader said:
./adb shell "chmod 0755 /data/local/tmp/psneuter
Click to expand...
Click to collapse
Probably works because of the end of line but should be:
./adb shell "chmod 0755 /data/local/tmp/psneuter"
threader said:
Well this was a bit of a mess!
Firstly updating:
http://forum.xda-developers.com/showthread.php?t=1043349
http://phonedock.net/huawei-ideos-s7-froyo-2-2-2-update.html I followed this nice writeup. Be sure to delete the log file in dload for the second round of the upgrade as your device might like mine just blink on and off for a while trying to flash what it finds is already flashed but what just gives an error. !
http://www.androidtablets.net/forum...uawei-ideos-s7-official-firmware-2-2-2-a.html Links to 2.2.2 Brazil which is the best for the 101 apparently, some tests there on which roms work best for which models also.
Now,
REMOVE YOUR SDCARD IF ANY! AND REBOOT THE DEVICE ! THIS HACK RELIES HEAVILY ON HIGH STRANGENESS AND SPOOKY ACTION AT A DISTANCE!
Originally i though modifying an ol doroot.sh script to using the psneuter exploit from SuperOneClick i would manage to root the device. Not without some fuzz, no. Firstly i discovered "cp" and many basic fileutils was missing from the 2.2.2 image kindly provided by Huawei (Norwegian Telenor image, that i might add, the camera on a model 101 will not work with!) soo i found an easier way! push push push!
Heres what i did, for convenience ill try making it a script, but im making it as i type this post so this is untested as a script(!) Be prepared to copy these commands instead!
Now, to make this work, simply get SuperOneClick from http://shortfuse.org/?page_id=2 and unzip, i used the adb from the google android sdk, but i guess the adblinux binary that comes with SOC will work just as well, simply rename it to adb and use this method. The simplest thing to do i guess is copy Exploits/psneuter to the ADB folder (in SuperOneClick's folder) and go from there, also copy su-v3 (and rename it to su) and Superuser.apk from Root to the folder (ADB), or rewrite this "script"/collection of commands i used" with the appropriate paths. Im unsure if the following script will work as is as i said, so you might want to do it manually, but most should get the drift, if not you probably have no business or reason rooting the device in the first place. Disclaimer; if this bricks your device don't blame me, this is a fact of "it worked for me", your results may differ.
Be sure to set your usb mode to Developer mode
BE ROOT!
#/bin/bash
echo "The backasswardsrootscript!\n\n"
echo "Lets start the adb\n\n"
./adb kill-server
./adb start-server
./adb push psneuter /data/local/tmp/psneuter
./adb shell "chmod 0755 /data/local/tmp/psneuter
echo "Now we run the root exploit.\n\n"
./adb shell "./data/local/tmp/psneuter"
echo "Should say we are already root now.\n\n"
./adb root
echo "Remointing the FS as RW!\n\n"
# This really should be /dev/block/mmcblk0p1, i have no idea why this works.
./adb shell "mount -o rw,remount -t ext3 /dev/block/mmcblk1p1 /system"
# Now instead of copying using cp or moving with mv, considering "cp" was missing
# and mv just didnt work for some reason...! I found just pushing the files straight to the
# system after remounting worked just fine
echo "Pushing the system files in place\n"
./adb push su /system/bin/su
./adb push Superuser.apk /system/app/Superuser.apk
./adb push busybox /system/bin/busybox
echo "Correct permissions might be nice.\n"
./adb shell "chmod 4755 /system/bin/busybox
./adb shell "chmod 4755 /system/bin/su"
./adb shell "chmod 755 /system/app/Superuser.apk"
# Lets go back to read only just for kicks!
echo "Remounting the filesystem as Read-Only\n"
./adb shell "mount -o ro,remount -t ext3 /dev/block/mmcblk1p1 /system"
echo "You should be rooted my friend\n Enjoy!\n BE SURE TO DONATE TO SUPERONECLICK!!!"
# One of the main strangenesses i found was the block device was logically enough placed on
# partioton 1, of block1 which really should have been block 0 part 1, but that doesnt work.
# So it boils down to that this shouldnt work but does for no apparent reason(!).
# even /etc/mtab says that mmcblk0p1 is mounted to a non existent /mnt/dcard
# as an EXT4 partition which isnt supposed to be supported until 2.3.x
Click to expand...
Click to collapse
Dear S7 users,I am using the ideos s7 by Teltra supllier and i did unlock sim by norwegian rom.I read a lot of document but i didnt find out an easy way to run clockwork that i can run cook rom,can u help me how to run it in easy way.Thanks and appreciate that.
http://www.androidtablets.net/forum...wegian-2-2-2-s7v100r001c57b111.html#post82863
PuZZleDucK said:
Just granted su superuser permissions on the Australian s7
Great work. Just noticed a missing final quotation mark:
Probably works because of the end of line but should be:
./adb shell "chmod 0755 /data/local/tmp/psneuter"
Click to expand...
Click to collapse
Great! Thanks! Ops, yeah missed that, fixed now, thank you for pointing that out. I haven't spent much more time on this. the pad has pretty much been untouched since i moved house. I would like to make this easier for less technical inclined here but its just a matter of replacing ./adb with adb.exe if your on windows. Besides, i don't want to be at fault for bricking someone. And maybe i could write some simple application for installing Gnu/Linux as well, ( http://forum.xda-developers.com/showthread.php?t=1109730 ) but that will have to wait until someone bribes me or hits me over the head i guess.
tell me how you did it. i have a s7 - 105 too. please tell me the full tutorial, beginning to the end. cause i'm new to this android stuff. please..
---------- Post added at 08:53 PM ---------- Previous post was at 08:51 PM ----------
Maniacnl said:
Just too inform you. I've just succesfully rooted the Indonesian 2.2.2 running on a
S7-105 using Chainfire's Gingerbreak v1.2.
Click to expand...
Click to collapse
tell me how you did it. i have a s7 - 105 too. please tell me the full tutorial, beginning to the end. cause i'm new to this android stuff. please..
I can't post this on the original thread because of The Rules about new users being blocked from developer forums(feh), but I wanted to share the script I used to automatically update the telephony database instead of buying the Root Explorer and SQLite Editor apps. Tested on my AT&T Atrix with stock builds 1.8.3 (Android 2.2.2 Froyo) and 4.5.91 (Android 2.3.4 Gingerbread).
Install the Android SDK and the Android Debug Bridge if you haven't already.
Get a copy of the sqlite3 binary for Android (I found one in the SuperOneClick zip file)
Root your phone (one method is here). The important part is to be able to su to root in an ADB shell.
Download the attached shell script, chmod it +x (and change the extension to .sh if you fee like it)
Push the sqlite3 binary and the shell script to a temp dir on the device:
Code:
$ adb push sqlite3 /data/local/tmp
$ adb push telephony.sh /data/local/tmp
Shell into the phone (make sure USB debugging is enabled):
Code:
$ adb shell
su to root:
Code:
$ su root
cd to /data/local/tmp:
Code:
# cd /data/local/tmp
make sure the script is executable:
Code:
# chmod 755 telephony.sh
run it:
Code:
# ./telephony.sh
Select AT&T Tether APN from list (Settings->Wireless & networking->Mobile Networks->Access point names)
Reboot device
Enable WiFi Hotspot
(Optional) Raise your fist in the air as you triumph over bloodsucking corporate greed.
If things get fouled for any reason, the script makes a backup of the files it modifies in the same directory with a "_backup" extension. You can restore the original databases by running the following commands in a root shell on the phone:
Code:
# cp -p /data/data/com.android.providers.telephony/databases/telephony.db_backup /data/data/com.android.providers.telephony/databases/telephony.db
# cp -p /data/data/com.motorola.android.providers.settings/databases/settings.db_backup /data/data/com.motorola.android.providers.settings/databases/settings.db
Make sure to include the -p switch, otherwise the file permissions won't be correct. It doesn't seem to be possible to set file permissions/ownership manually ("chgrp radio" gives an error).
Okay I need help......... I've rooted and I've completely lost the ability to have free wifi tethering.!!! I've been trying to do this procedure all day long and when I try and run the script from a cmd prompt (just like this........ ./telephony.sh) it tell me I do not have permission to do that even though I've already CHMOD'd the file to give SU permission........ GRRRRRRrrrrrrrrrrrrrrrrrrr please help.
Changing the permissions on the script with chmod is just the first step.
Make sure you've shelled into the phone ('adb shell'), and then logged in as root ('su root'). The command prompt should change from a '$' to a '#' when you're logged in as root.
If you're having problems getting the script to work for you, try this method for Wifi/tether enabling, it worked perfect for me on Stock 2.3.4, as well as Ninja Speed Freak
http://forum.xda-developers.com/showthread.php?t=1160452
yes sir
Malibee said:
Changing the permissions on the script with chmod is just the first step.
Make sure you've shelled into the phone ('adb shell'), and then logged in as root ('su root'). The command prompt should change from a '$' to a '#' when you're logged in as root.
Click to expand...
Click to collapse
Iam ssomewhat familiar with linux redhat enterprise. I will try the thread below.
BRILLIANT
Brilliant now that was easy as hell thank very much! I'm posting on the newly enabled Atrix hotspot using my Xoom! THANK YOU AL!
Awesome!
Agreed, worked perfect. Immediately. Now, I'm just having trouble getting my Xoom to connect. Everything else can, except the Xoom.
I have a Verizon tab that was rooted. I updated to gingerbread which removed root. Is there a way to root now that I have gingerbread?
Thanks!
you may try SuperOneClick 2.2 with ZergRush...
Thanks. I'll give it a shot.
Soundchasr said:
Thanks. I'll give it a shot.
Click to expand...
Click to collapse
Did it work?
Haven't had a chance yet.
I tried it hangs on Step 7.. Does not root.
Sent from my SCH-I800 using xda premium
receptr said:
I tried it hangs on Step 7.. Does not root.
Sent from my SCH-I800 using xda premium
Click to expand...
Click to collapse
I've had the same problem. I can't seem to find a method that works; this Tab isn't getting much attention at all anymore.
Telling me, I have gingerbread on mine and it does nothing but forceclose crap all over the place
Lakilaulea said:
I've had the same problem. I can't seem to find a method that works; this Tab isn't getting much attention at all anymore.
Click to expand...
Click to collapse
I was able to get mine rooted by using the kernel from Galaxy Cubed 3 ROM. Downloaded the whole ROM and flashed only the kernel in heimdall. Then I used adb to push the correct files to the system and fixed permissions and rebooted. Worked great.
UPDATE:
If people want to know the adb commands I used, here they are:
adb push busybox /data/local/tmp/.
adb shell "chmod 755 /data/local/tmp/busybox"
adb shell "/data/local/tmp/busybox mount -o remount,rw /system"
adb shell "dd if=/data/local/tmp/busybox of=/system/xbin/busybox"
adb shell "chown root.shell /system/xbin/busybox"
adb shell "chmod 04755 /system/xbin/busybox"
adb shell "/system/xbin/busybox --install -s /system/xbin"
adb shell "rm -r /data/local/tmp/busybox"
adb push su /system/bin/su
adb shell "chown root.shell /system/bin/su"
adb shell "chmod 06755 /system/bin/su"
adb shell "rm /system/xbin/su"
adb shell "ln -s /system/bin/su /system/xbin/su"
adb push Superuser.apk /system/app/.
adb shell "cd /data/local/tmp/; rm *"
You can copy and paste these commands to a bat file and run it in a command prompt window. These were taken from a script used to root devices.
Here are links for the files you need. They are:
su
superuser.apk
busybox
They need to be placed in the same directory that you run the adb commands from.
SECOND UPDATE:
Rather than go through all this, go here:
http://forum.xda-developers.com/showthread.php?p=19678785
This is dsb9938's plain stock EI04 VZW ROM that is pre-rooted. Just flash in Heimdall and you are good to go. As long as you only wipe cache and dalvik, all your apps should stay intact.
Gingerbreak.apk should do the trick. Worked on my P1010
chris_toshiba said:
Gingerbreak.apk should do the trick. Worked on my P1010
Click to expand...
Click to collapse
It did not work on my VZW Tab. Someone said it is because it only works on 2.3.3 and older gingerbread and we have 2.3.5.
BTW, look at my earlier post (second update) to get a really easy way to have rooted stock 2.3.5 VZW Tab.
Ok, so I got TWRP on the phone then I used Flash Fire to try and get Android 7 while maintaining custom recovery (and even was supposed to inject SuperSU. It went and did it's thing and on boot I saw SuperSU on phone so I thought hey I am good sweet. HA, Well open it and it said can't find binary, ut oh. I go to manually boot recovery and it wipes user data instead so I lost TWRP.
Well Ok, I thought. Let me LG UP the modified TOT and select refurb to just get me back to Marshmellow with TWRP and try again. YEAH RIGHT. Looks like the Android 7 update blows another qfuse and now LG UP just states anti rollback version is smaller than installed.
I WANT ROOT I PAID FOR THIS THING IN FULL WHY IS IT SOO HARD FOR MANUFACTURERS TO ALLOW ME ACCESS TO MY OWN HARDWARE. When I buy a computer with an OS they don't give me a user only level account and tell me it is for my own good. They allow me to do whatever I WANT because you know why I BOUGHT THE HARDWARE IN FULL AND the supreme court has said no subsidy locks allowed as when a user buys a device it is theirs not yours. I feel this is another version of a subsidy lock at the rate we are going and I can't wait until someone with the time and money sues an OEM and wins us the right to not jump through all these damn hoops to be allowed to do what we wish with the hardware we buy IN FULL NOW.
Ok, rant over, Anyone out there know of a way to root android 7 on the H830? I dunno if a dev could maybe mod up a 20a image so that we can LGUP it to the H830s that have Android 7 and need root.
@RealPariah here ya go follow this Thanks to @godfather123189 for finding these instructions:
i can confirm dirtycow worked for me to reflash twrp. you have to make sure to have the newest version of twrp.img. i was also able to root 20a with the newest supersu.zip.
i will try going back to 10j nandroid i had made before i upgraded to 20a
download all the files from here:
https://build.nethunter.com/android-tools/dirtycow/arm64/
and follow these instructions:
**pushing files**
adb push dirtycow /data/local/tmp
adb push recowvery-applypatch /data/local/tmp
adb push recowvery-app_process64 /data/local/tmp
adb push recowvery-run-as /data/local/tmp
adb push twrp.img /sdcard/twrp.img
**end pushing files**
1) adb shell
2) cd /data/local/tmp
3) chmod 0777 *
4) ./dirtycow /system/bin/applypatch recowvery-applypatch
"<wait for completion>"
5) ./dirtycow /system/bin/app_process64 recowvery-app_process64
"<wait for completion, your phone will look like it's crashing>"
6) exit
7) adb logcat -s recowvery
"<wait for it to tell you it was successful>"
8) CTRL+C
9) adb shell reboot recovery
"<wait for phone to boot up again, your recovery will be reflashed to stock>"
10) adb shell
11) getenforce
"<it should say Permissive, adjust source and build for your device!>"
12) cd /data/local/tmp
13) ./dirtycow /system/bin/run-as recowvery-run-as
14) run-as exec ./recowvery-applypatch boot
"<wait for it to flash your boot image this time>"
15) run-as su
16) dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery
Well you arent alone. And I agree , I fully own my device and I think I should be able to do what ever the living F*&% I want with it .
Its only a question of time though,these guys are the best there are at cracking through companies 'efforts at locking us out of our own shiznat....in the meantime setup the stuff you can without ROOT (no Titanium Backup....*sniff) LOL.
Before long we'll wake up and see TWRP attached to the ROM like before and all will be well. Cheers
OK after 2 days of attempting this without even wrapping my head around the idea of how to access /data/local/temp without being rooted to begin with I hereby surrender :crying:
Thanks for posting this for dayum sure, I only wish I was a more proficient SDK user as to be able to utilize it.
I mean Im fully versed in the very basics of Fastboot/ADB as a long time Nexus user.Push,pull flashing recoveries and the other relatively easy stuff.But I cant get this worth a crap .....
Thanks guys
Jonathanpeyton said:
OK after 2 days of attempting this without even wrapping my head around the idea of how to access /data/local/temp without being rooted to begin with I hereby surrender :crying:
Thanks for posting this for dayum sure, I only wish I was a more proficient SDK user as to be able to utilize it.
I mean Im fully versed in the very basics of Fastboot/ADB as a long time Nexus user.Push,pull flashing recoveries and the other relatively easy stuff.But I cant get this worth a crap .....
Thanks guys
Click to expand...
Click to collapse
I struggled with it at first I would be glad to assist I'm not at home but when I get home and can access my desktop I would be glad to try to explain it better.
---------- Post added at 06:45 AM ---------- Previous post was at 06:12 AM ----------
Jonathanpeyton said:
OK after 2 days of attempting this without even wrapping my head around the idea of how to access /data/local/temp without being rooted to begin with I hereby surrender :crying:
Thanks for posting this for dayum sure, I only wish I was a more proficient SDK user as to be able to utilize it.
I mean Im fully versed in the very basics of Fastboot/ADB as a long time Nexus user.Push,pull flashing recoveries and the other relatively easy stuff.But I cant get this worth a crap .....
Thanks guys
Click to expand...
Click to collapse
OK here goes my best attempt at explaining it, you need to have your phone turned on with Android debugging turned on as well plug your phone into the pc and then accept the request from adb to access the device. Then start running the adb commands starting with the ones under ***pushing files*** then start following the steps 1-16. Let me know if you have any more questions or something you don't understand. Hopefully this was helpful. P.S. I also had all of the downloaded files inside my adb folder and opened the command window from that folder.
shaneg79 said:
@RealPariah here ya go follow this Thanks to @godfather123189 for finding these instructions:
i can confirm dirtycow worked for me to reflash twrp. you have to make sure to have the newest version of twrp.img. i was also able to root 20a with the newest supersu.zip.
i will try going back to 10j nandroid i had made before i upgraded to 20a
download all the files from here:
https://build.nethunter.com/android-tools/dirtycow/arm64/
and follow these instructions:
**pushing files**
adb push dirtycow /data/local/tmp
adb push recowvery-applypatch /data/local/tmp
adb push recowvery-app_process64 /data/local/tmp
adb push recowvery-run-as /data/local/tmp
adb push twrp.img /sdcard/twrp.img
**end pushing files**
1) adb shell
2) cd /data/local/tmp
3) chmod 0777 *
4) ./dirtycow /system/bin/applypatch recowvery-applypatch
"<wait for completion>"
5) ./dirtycow /system/bin/app_process64 recowvery-app_process64
"<wait for completion, your phone will look like it's crashing>"
6) exit
7) adb logcat -s recowvery
"<wait for it to tell you it was successful>"
8) CTRL+C
9) adb shell reboot recovery
"<wait for phone to boot up again, your recovery will be reflashed to stock>"
10) adb shell
11) getenforce
"<it should say Permissive, adjust source and build for your device!>"
12) cd /data/local/tmp
13) ./dirtycow /system/bin/run-as recowvery-run-as
14) run-as exec ./recowvery-applypatch boot
"<wait for it to flash your boot image this time>"
15) run-as su
16) dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery
Click to expand...
Click to collapse
This worked great! Thank you! After TWRP was flashed via steps above I just followed the video I linked below from the 8:20 mark and formatted data and then flashed dmverify encrypt and super su (both downloads in vid) and now I'm back to rooted on 7.0 nougat with TWRP and supersu!
Go dirtycow!
Thank you shaneG79 and Genardas this made all the difference!
so An Instruction List ,a Thoughtfully Worded Explanation and You Tube Video are worth a 1000 words
shaneg79 said:
I struggled with it at first I would be glad to assist I'm not at home but when I get home and can access my desktop I would be glad to try to explain it better.
---------- Post added at 06:45 AM ---------- Previous post was at 06:12 AM ----------
OK here goes my best attempt at explaining it, you need to have your phone turned on with Android debugging turned on as well plug your phone into the pc and then accept the request from adb to access the device. Then start running the adb commands starting with the ones under ***pushing files*** then start following the steps 1-16. Let me know if you have any more questions or something you don't understand. Hopefully this was helpful. P.S. I also had all of the downloaded files inside my adb folder and opened the command window from that folder.
Click to expand...
Click to collapse
Any Idea why Im still getting a "permission denied" affter my chmod 0777* here?
1) adb shell
2) cd /data/local/tmp
3) chmod 0777 *
4) ./dirtycow /system/bin/applypatch recowvery-applypatch
"<wait for completion>"
that seems to throw it all out of wack..
Jonathanpeyton said:
Any Idea why Im still getting a "permission denied" affter my chmod 0777* here?
1) adb shell
2) cd /data/local/tmp
3) chmod 0777 *
4) ./dirtycow /system/bin/applypatch recowvery-applypatch
"<wait for completion>"
that seems to throw it all out of wack..
Click to expand...
Click to collapse
I think there may be a space between the last 7 and the * I can't be sure though because I copy and pasted it into the adb window
shaneg79 said:
I think there may be a space between the last 7 and the * I can't be sure though because I copy and pasted it into the adb window
Click to expand...
Click to collapse
I think you may be right,and as I am copy pasting now Ive been been able to get past it.
I still was able to get root last night with it but was denied access to data in the end so I had to go back.Thank you!
when you finally get to "adb shell reboot recovery" did yours boot to the Firmware Update page? or to something else....mine repeatedly goes to Firmware update then of course isnt seen by adb anymore and no recovery is ever flashed I dont think..
Jonathanpeyton said:
when you finally get to "adb shell reboot recovery" did yours boot to the Firmware Update page? or to something else....mine repeatedly goes to Firmware update then of course isnt seen by adb anymore and no recovery is ever flashed I dont think..
Click to expand...
Click to collapse
No mine rebooted and I finished the rest of the steps I would try going through the steps again and copy and paste everything into adb window. I think in order for twrp to be flashed you have to finish all 16 steps.
shaneg79 said:
No mine rebooted and I finished the rest of the steps I would try going through the steps again and copy and paste everything into adb window. I think in order for twrp to be flashed you have to finish all 16 steps.
Click to expand...
Click to collapse
Roger will do thank you!
nah its no good.No matter what it will only go to that Firmware page.All the commands are correct.It must be something in my setup itself.
I had wondererd am I supposed to leave the cable in for the entirety of the 16 steps (which I have done)?
Jonathanpeyton said:
nah its no good.No matter what it will only go to that Firmware page.All the commands are correct.It must be something in my setup itself.
I had wondererd am I supposed to leave the cable in for the entirety of the 16 steps (which I have done)?
Click to expand...
Click to collapse
Yes I did, you might try using lg up and reflashing 20a and then trying again.
OK I went full on fresh as possible all installs.
Uninstalled reinstalled all drivers/ utils (Uppercut,LGUP ect.)
Copied all instructions to a separate file to ease copying
all before taking your advice (which I thought sounded like the right direction to go) and reflashing 20a.KMZ in LGUP.
Still the result is the same,step 9 (reboot to recovery) leads only to the Firmware Update screen ~~~~~> https://drive.google.com/open?id=0B03a0JRwWhkwX1RQdmlSRmh5c0U AND https://drive.google.com/open?id=0B03a0JRwWhkwT0lMNEViNGIxWkE
Also I want to mention, when I try to directly copy the chmod as is (0777 *) I get a permission denied so Ive been changing it to 0777* (no space between the asterisk [regex] and the last 7) which seems to work as I am able to continue entering code....
man and I thought Samsung devices were a pain to root lol.
Thanks so much for all the help so far Im usually not this much trouble....
Jonathanpeyton said:
OK I went full on fresh as possible all installs.
Uninstalled reinstalled all drivers/ utils (Uppercut,LGUP ect.)
Copied all instructions to a separate file to ease copying
all before taking your advice (which I thought sounded like the right direction to go) and reflashing 20a.KMZ in LGUP.
Still the result is the same,step 9 (reboot to recovery) leads only to the Firmware Update screen ~~~~~> https://drive.google.com/open?id=0B03a0JRwWhkwX1RQdmlSRmh5c0U AND https://drive.google.com/open?id=0B03a0JRwWhkwT0lMNEViNGIxWkE
Also I want to mention, when I try to directly copy the chmod as is (0777 *) I get a permission denied so Ive been changing it to 0777* (no space between the asterisk [regex] and the last 7) which seems to work as I am able to continue entering code....
man and I thought Samsung devices were a pain to root lol.
Thanks so much for all the help so far Im usually not this much trouble....
Click to expand...
Click to collapse
You're not being any trouble I just wish I knew why yours isn't working correctly
ok update..... I used the devices internal settings to do a factory reset then reinstalled 20a.THAT made it to where I am now able to grant the proper permissions to /data/local/tmp.However,I still wind up at the Firmware Update page after >adb shell reboot recovery instead of the recovery screen or just a reboot....but I guess its small progress.
shaneg79 said:
@RealPariah here ya go follow this Thanks to @godfather123189 for finding these instructions:
i can confirm dirtycow worked for me to reflash twrp. you have to make sure to have the newest version of twrp.img. i was also able to root 20a with the newest supersu.zip.
i will try going back to 10j nandroid i had made before i upgraded to 20a
download all the files from here:
https://build.nethunter.com/android-tools/dirtycow/arm64/
and follow these instructions:
**pushing files**
adb push dirtycow /data/local/tmp
adb push recowvery-applypatch /data/local/tmp
adb push recowvery-app_process64 /data/local/tmp
adb push recowvery-run-as /data/local/tmp
adb push twrp.img /sdcard/twrp.img
**end pushing files**
1) adb shell
2) cd /data/local/tmp
3) chmod 0777 *
4) ./dirtycow /system/bin/applypatch recowvery-applypatch
"<wait for completion>"
5) ./dirtycow /system/bin/app_process64 recowvery-app_process64
"<wait for completion, your phone will look like it's crashing>"
6) exit
7) adb logcat -s recowvery
"<wait for it to tell you it was successful>"
8) CTRL+C
9) adb shell reboot recovery
"<wait for phone to boot up again, your recovery will be reflashed to stock>"
10) adb shell
11) getenforce
"<it should say Permissive, adjust source and build for your device!>"
12) cd /data/local/tmp
13) ./dirtycow /system/bin/run-as recowvery-run-as
14) run-as exec ./recowvery-applypatch boot
"<wait for it to flash your boot image this time>"
15) run-as su
16) dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery
Click to expand...
Click to collapse
Thank you so much... And whom ever is behind this I anyway... One word... Genius... Simply Genius.. Well that was 2 words
Accidental double post see next post, my bad...
Accidental double post