Ok, so I got TWRP on the phone then I used Flash Fire to try and get Android 7 while maintaining custom recovery (and even was supposed to inject SuperSU. It went and did it's thing and on boot I saw SuperSU on phone so I thought hey I am good sweet. HA, Well open it and it said can't find binary, ut oh. I go to manually boot recovery and it wipes user data instead so I lost TWRP.
Well Ok, I thought. Let me LG UP the modified TOT and select refurb to just get me back to Marshmellow with TWRP and try again. YEAH RIGHT. Looks like the Android 7 update blows another qfuse and now LG UP just states anti rollback version is smaller than installed.
I WANT ROOT I PAID FOR THIS THING IN FULL WHY IS IT SOO HARD FOR MANUFACTURERS TO ALLOW ME ACCESS TO MY OWN HARDWARE. When I buy a computer with an OS they don't give me a user only level account and tell me it is for my own good. They allow me to do whatever I WANT because you know why I BOUGHT THE HARDWARE IN FULL AND the supreme court has said no subsidy locks allowed as when a user buys a device it is theirs not yours. I feel this is another version of a subsidy lock at the rate we are going and I can't wait until someone with the time and money sues an OEM and wins us the right to not jump through all these damn hoops to be allowed to do what we wish with the hardware we buy IN FULL NOW.
Ok, rant over, Anyone out there know of a way to root android 7 on the H830? I dunno if a dev could maybe mod up a 20a image so that we can LGUP it to the H830s that have Android 7 and need root.
@RealPariah here ya go follow this Thanks to @godfather123189 for finding these instructions:
i can confirm dirtycow worked for me to reflash twrp. you have to make sure to have the newest version of twrp.img. i was also able to root 20a with the newest supersu.zip.
i will try going back to 10j nandroid i had made before i upgraded to 20a
download all the files from here:
https://build.nethunter.com/android-tools/dirtycow/arm64/
and follow these instructions:
**pushing files**
adb push dirtycow /data/local/tmp
adb push recowvery-applypatch /data/local/tmp
adb push recowvery-app_process64 /data/local/tmp
adb push recowvery-run-as /data/local/tmp
adb push twrp.img /sdcard/twrp.img
**end pushing files**
1) adb shell
2) cd /data/local/tmp
3) chmod 0777 *
4) ./dirtycow /system/bin/applypatch recowvery-applypatch
"<wait for completion>"
5) ./dirtycow /system/bin/app_process64 recowvery-app_process64
"<wait for completion, your phone will look like it's crashing>"
6) exit
7) adb logcat -s recowvery
"<wait for it to tell you it was successful>"
8) CTRL+C
9) adb shell reboot recovery
"<wait for phone to boot up again, your recovery will be reflashed to stock>"
10) adb shell
11) getenforce
"<it should say Permissive, adjust source and build for your device!>"
12) cd /data/local/tmp
13) ./dirtycow /system/bin/run-as recowvery-run-as
14) run-as exec ./recowvery-applypatch boot
"<wait for it to flash your boot image this time>"
15) run-as su
16) dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery
Well you arent alone. And I agree , I fully own my device and I think I should be able to do what ever the living F*&% I want with it .
Its only a question of time though,these guys are the best there are at cracking through companies 'efforts at locking us out of our own shiznat....in the meantime setup the stuff you can without ROOT (no Titanium Backup....*sniff) LOL.
Before long we'll wake up and see TWRP attached to the ROM like before and all will be well. Cheers
OK after 2 days of attempting this without even wrapping my head around the idea of how to access /data/local/temp without being rooted to begin with I hereby surrender :crying:
Thanks for posting this for dayum sure, I only wish I was a more proficient SDK user as to be able to utilize it.
I mean Im fully versed in the very basics of Fastboot/ADB as a long time Nexus user.Push,pull flashing recoveries and the other relatively easy stuff.But I cant get this worth a crap .....
Thanks guys
Jonathanpeyton said:
OK after 2 days of attempting this without even wrapping my head around the idea of how to access /data/local/temp without being rooted to begin with I hereby surrender :crying:
Thanks for posting this for dayum sure, I only wish I was a more proficient SDK user as to be able to utilize it.
I mean Im fully versed in the very basics of Fastboot/ADB as a long time Nexus user.Push,pull flashing recoveries and the other relatively easy stuff.But I cant get this worth a crap .....
Thanks guys
Click to expand...
Click to collapse
I struggled with it at first I would be glad to assist I'm not at home but when I get home and can access my desktop I would be glad to try to explain it better.
---------- Post added at 06:45 AM ---------- Previous post was at 06:12 AM ----------
Jonathanpeyton said:
OK after 2 days of attempting this without even wrapping my head around the idea of how to access /data/local/temp without being rooted to begin with I hereby surrender :crying:
Thanks for posting this for dayum sure, I only wish I was a more proficient SDK user as to be able to utilize it.
I mean Im fully versed in the very basics of Fastboot/ADB as a long time Nexus user.Push,pull flashing recoveries and the other relatively easy stuff.But I cant get this worth a crap .....
Thanks guys
Click to expand...
Click to collapse
OK here goes my best attempt at explaining it, you need to have your phone turned on with Android debugging turned on as well plug your phone into the pc and then accept the request from adb to access the device. Then start running the adb commands starting with the ones under ***pushing files*** then start following the steps 1-16. Let me know if you have any more questions or something you don't understand. Hopefully this was helpful. P.S. I also had all of the downloaded files inside my adb folder and opened the command window from that folder.
shaneg79 said:
@RealPariah here ya go follow this Thanks to @godfather123189 for finding these instructions:
i can confirm dirtycow worked for me to reflash twrp. you have to make sure to have the newest version of twrp.img. i was also able to root 20a with the newest supersu.zip.
i will try going back to 10j nandroid i had made before i upgraded to 20a
download all the files from here:
https://build.nethunter.com/android-tools/dirtycow/arm64/
and follow these instructions:
**pushing files**
adb push dirtycow /data/local/tmp
adb push recowvery-applypatch /data/local/tmp
adb push recowvery-app_process64 /data/local/tmp
adb push recowvery-run-as /data/local/tmp
adb push twrp.img /sdcard/twrp.img
**end pushing files**
1) adb shell
2) cd /data/local/tmp
3) chmod 0777 *
4) ./dirtycow /system/bin/applypatch recowvery-applypatch
"<wait for completion>"
5) ./dirtycow /system/bin/app_process64 recowvery-app_process64
"<wait for completion, your phone will look like it's crashing>"
6) exit
7) adb logcat -s recowvery
"<wait for it to tell you it was successful>"
8) CTRL+C
9) adb shell reboot recovery
"<wait for phone to boot up again, your recovery will be reflashed to stock>"
10) adb shell
11) getenforce
"<it should say Permissive, adjust source and build for your device!>"
12) cd /data/local/tmp
13) ./dirtycow /system/bin/run-as recowvery-run-as
14) run-as exec ./recowvery-applypatch boot
"<wait for it to flash your boot image this time>"
15) run-as su
16) dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery
Click to expand...
Click to collapse
This worked great! Thank you! After TWRP was flashed via steps above I just followed the video I linked below from the 8:20 mark and formatted data and then flashed dmverify encrypt and super su (both downloads in vid) and now I'm back to rooted on 7.0 nougat with TWRP and supersu!
Go dirtycow!
Thank you shaneG79 and Genardas this made all the difference!
so An Instruction List ,a Thoughtfully Worded Explanation and You Tube Video are worth a 1000 words
shaneg79 said:
I struggled with it at first I would be glad to assist I'm not at home but when I get home and can access my desktop I would be glad to try to explain it better.
---------- Post added at 06:45 AM ---------- Previous post was at 06:12 AM ----------
OK here goes my best attempt at explaining it, you need to have your phone turned on with Android debugging turned on as well plug your phone into the pc and then accept the request from adb to access the device. Then start running the adb commands starting with the ones under ***pushing files*** then start following the steps 1-16. Let me know if you have any more questions or something you don't understand. Hopefully this was helpful. P.S. I also had all of the downloaded files inside my adb folder and opened the command window from that folder.
Click to expand...
Click to collapse
Any Idea why Im still getting a "permission denied" affter my chmod 0777* here?
1) adb shell
2) cd /data/local/tmp
3) chmod 0777 *
4) ./dirtycow /system/bin/applypatch recowvery-applypatch
"<wait for completion>"
that seems to throw it all out of wack..
Jonathanpeyton said:
Any Idea why Im still getting a "permission denied" affter my chmod 0777* here?
1) adb shell
2) cd /data/local/tmp
3) chmod 0777 *
4) ./dirtycow /system/bin/applypatch recowvery-applypatch
"<wait for completion>"
that seems to throw it all out of wack..
Click to expand...
Click to collapse
I think there may be a space between the last 7 and the * I can't be sure though because I copy and pasted it into the adb window
shaneg79 said:
I think there may be a space between the last 7 and the * I can't be sure though because I copy and pasted it into the adb window
Click to expand...
Click to collapse
I think you may be right,and as I am copy pasting now Ive been been able to get past it.
I still was able to get root last night with it but was denied access to data in the end so I had to go back.Thank you!
when you finally get to "adb shell reboot recovery" did yours boot to the Firmware Update page? or to something else....mine repeatedly goes to Firmware update then of course isnt seen by adb anymore and no recovery is ever flashed I dont think..
Jonathanpeyton said:
when you finally get to "adb shell reboot recovery" did yours boot to the Firmware Update page? or to something else....mine repeatedly goes to Firmware update then of course isnt seen by adb anymore and no recovery is ever flashed I dont think..
Click to expand...
Click to collapse
No mine rebooted and I finished the rest of the steps I would try going through the steps again and copy and paste everything into adb window. I think in order for twrp to be flashed you have to finish all 16 steps.
shaneg79 said:
No mine rebooted and I finished the rest of the steps I would try going through the steps again and copy and paste everything into adb window. I think in order for twrp to be flashed you have to finish all 16 steps.
Click to expand...
Click to collapse
Roger will do thank you!
nah its no good.No matter what it will only go to that Firmware page.All the commands are correct.It must be something in my setup itself.
I had wondererd am I supposed to leave the cable in for the entirety of the 16 steps (which I have done)?
Jonathanpeyton said:
nah its no good.No matter what it will only go to that Firmware page.All the commands are correct.It must be something in my setup itself.
I had wondererd am I supposed to leave the cable in for the entirety of the 16 steps (which I have done)?
Click to expand...
Click to collapse
Yes I did, you might try using lg up and reflashing 20a and then trying again.
OK I went full on fresh as possible all installs.
Uninstalled reinstalled all drivers/ utils (Uppercut,LGUP ect.)
Copied all instructions to a separate file to ease copying
all before taking your advice (which I thought sounded like the right direction to go) and reflashing 20a.KMZ in LGUP.
Still the result is the same,step 9 (reboot to recovery) leads only to the Firmware Update screen ~~~~~> https://drive.google.com/open?id=0B03a0JRwWhkwX1RQdmlSRmh5c0U AND https://drive.google.com/open?id=0B03a0JRwWhkwT0lMNEViNGIxWkE
Also I want to mention, when I try to directly copy the chmod as is (0777 *) I get a permission denied so Ive been changing it to 0777* (no space between the asterisk [regex] and the last 7) which seems to work as I am able to continue entering code....
man and I thought Samsung devices were a pain to root lol.
Thanks so much for all the help so far Im usually not this much trouble....
Jonathanpeyton said:
OK I went full on fresh as possible all installs.
Uninstalled reinstalled all drivers/ utils (Uppercut,LGUP ect.)
Copied all instructions to a separate file to ease copying
all before taking your advice (which I thought sounded like the right direction to go) and reflashing 20a.KMZ in LGUP.
Still the result is the same,step 9 (reboot to recovery) leads only to the Firmware Update screen ~~~~~> https://drive.google.com/open?id=0B03a0JRwWhkwX1RQdmlSRmh5c0U AND https://drive.google.com/open?id=0B03a0JRwWhkwT0lMNEViNGIxWkE
Also I want to mention, when I try to directly copy the chmod as is (0777 *) I get a permission denied so Ive been changing it to 0777* (no space between the asterisk [regex] and the last 7) which seems to work as I am able to continue entering code....
man and I thought Samsung devices were a pain to root lol.
Thanks so much for all the help so far Im usually not this much trouble....
Click to expand...
Click to collapse
You're not being any trouble I just wish I knew why yours isn't working correctly
ok update..... I used the devices internal settings to do a factory reset then reinstalled 20a.THAT made it to where I am now able to grant the proper permissions to /data/local/tmp.However,I still wind up at the Firmware Update page after >adb shell reboot recovery instead of the recovery screen or just a reboot....but I guess its small progress.
shaneg79 said:
@RealPariah here ya go follow this Thanks to @godfather123189 for finding these instructions:
i can confirm dirtycow worked for me to reflash twrp. you have to make sure to have the newest version of twrp.img. i was also able to root 20a with the newest supersu.zip.
i will try going back to 10j nandroid i had made before i upgraded to 20a
download all the files from here:
https://build.nethunter.com/android-tools/dirtycow/arm64/
and follow these instructions:
**pushing files**
adb push dirtycow /data/local/tmp
adb push recowvery-applypatch /data/local/tmp
adb push recowvery-app_process64 /data/local/tmp
adb push recowvery-run-as /data/local/tmp
adb push twrp.img /sdcard/twrp.img
**end pushing files**
1) adb shell
2) cd /data/local/tmp
3) chmod 0777 *
4) ./dirtycow /system/bin/applypatch recowvery-applypatch
"<wait for completion>"
5) ./dirtycow /system/bin/app_process64 recowvery-app_process64
"<wait for completion, your phone will look like it's crashing>"
6) exit
7) adb logcat -s recowvery
"<wait for it to tell you it was successful>"
8) CTRL+C
9) adb shell reboot recovery
"<wait for phone to boot up again, your recovery will be reflashed to stock>"
10) adb shell
11) getenforce
"<it should say Permissive, adjust source and build for your device!>"
12) cd /data/local/tmp
13) ./dirtycow /system/bin/run-as recowvery-run-as
14) run-as exec ./recowvery-applypatch boot
"<wait for it to flash your boot image this time>"
15) run-as su
16) dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery
Click to expand...
Click to collapse
Thank you so much... And whom ever is behind this I anyway... One word... Genius... Simply Genius.. Well that was 2 words
Accidental double post see next post, my bad...
Accidental double post
Related
If anyone can post a link to a detailed Ubuntu guide for newbies to root the Hero and remove stock apps, I would appreciate it. The guide posted doesn't go into too much detail in Ubuntu since the OP said that he could not get it to work in Ubuntu. Thanks.
killabee44 said:
If anyone can post a link to a detailed Ubuntu guide for newbies to root the Hero and remove stock apps, I would appreciate it. The guide posted doesn't go into too much detail in Ubuntu since the OP said that he could not get it to work in Ubuntu. Thanks.
Click to expand...
Click to collapse
Wouldnt the Mac version work since they are both *nix?
I was able to root my Sprint HTC hero just fine running Jaunty. I followed the instructions in the guide you mentioned, for Ubuntu. One thing I noticed is before adb recognized my phone, I had to start "HTC Sync" from the phone's notifications. Just ignore the error about it not finding HTC Sync on your PC. Obviously it never will since HTC Sync is a Windows app
Here's the step by step that worked for me: http://romeosidvicious.com/2009/11/09/rooting-the-htc-hero-with-ubuntu-karmic/
I typed it so I could find it easily if necessary and figured why not share it....
romeosidvicious,
Thanks for all your hard work. I and others really appreciate it.
Stevious said:
I was able to root my Sprint HTC hero just fine running Jaunty. I followed the instructions in the guide you mentioned, for Ubuntu. One thing I noticed is before adb recognized my phone, I had to start "HTC Sync" from the phone's notifications. Just ignore the error about it not finding HTC Sync on your PC. Obviously it never will since HTC Sync is a Windows app
Click to expand...
Click to collapse
Yep, that is something I had to do in windows XP as well. It will help many others as well. Thanks.
Stevious said:
I was able to root my Sprint HTC hero just fine running Jaunty. I followed the instructions in the guide you mentioned, for Ubuntu. One thing I noticed is before adb recognized my phone, I had to start "HTC Sync" from the phone's notifications. Just ignore the error about it not finding HTC Sync on your PC. Obviously it never will since HTC Sync is a Windows app
Click to expand...
Click to collapse
Great, now my Ubuntu Jaunty machine won't detect the phone. I did the above but it still won't work. Im gonna reboot and retry...
Edit:
Nope, no love for my Ubuntu. It's not seeing the Hero. I will have to research this one.. If anyone has suggestions, please chime in.
Ok, found a solution:
http://forum.xda-developers.com/showthread.php?t=537508
----------------------------------------------------------------
Here is the part that solved it for me:
Setting up UDEV to recognize HTC Device -
1. Type the following into a terminal (Applications > Accessories > Terminal):
Code:
gksudo gedit /etc/udev/rules.d/51-android.rules
2. Now add the following line to the blank file:
Code:
SUBSYSTEM=="usb", SYSFS{idVendor}=="0bb4", MODE="0666"
3. Click save and close.
4. To restart udev, open up a terminal and enter:
Code:
sudo /etc/init.d/udev restart
---------------------------------------------------------------------
Thanks to Wddglr for all the useful info. It looks like I will be using other things he posted about. Hopefully that info will help someone else.
Just curious, which version of Ubuntu are you running? I didn't have to make any UDEV changes in Jaunty.
romeosidvicious said:
Here's the step by step that worked for me: http://romeosidvicious.com/2009/11/09/rooting-the-htc-hero-with-ubuntu-karmic/
I typed it so I could find it easily if necessary and figured why not share it....
Click to expand...
Click to collapse
I want to follow through with this...
I was following this
http://www.youtube.com/watch?v=ArMO5IHS2eI
until the step came to plug it in and then he suggested typing "adb devices" which told me this.
"~/android-sdk-linux/tools$ adb devices
bash: adb: command not found"
So I came here and I want to follow the links tutorial.. two questions
Is it safe to proceed even though i've been told adb: Command not found
will i be able to proceed although ive been told this command is not found?
Onompoly2 said:
"~/android-sdk-linux/tools$ adb devices
bash: adb: command not found"
So I came here and I want to follow the links tutorial.. two questions
Is it safe to proceed even though i've been told adb: Command not found
will i be able to proceed although ive been told this command is not found?
Click to expand...
Click to collapse
Try:
sudo ./adb devices
From the same directory. Or, you can specify the full path:
sudo ~/android-sdk-linux/tools/adb devices
To answer your other questions, it won't work if it says the command is not found.
Okay
It worked but I must have turned into an idiot when i decided my operating system was good enough.
This isn't working, and I am not even upgraded to the operating system the tutorial is written for...
194 updates due... running 8.04 with a bunch of double half installed broken applications.. maybe I should reformat.
I'll let you guys know how things go which ever way it goes.
back again. fresh 9.10 install fully updated.
Following this
http://romeosidvicious.com/2009/11/09/rooting-the-htc-hero-with-ubuntu-karmic/
I get this far
[email protected]:~# sudo su
[email protected]:~# cd ~/android-sdk-linux/tools
[email protected]:~/android-sdk-linux/tools#
[email protected]:~/android-sdk-linux/tools#
[email protected]:~/android-sdk-linux/tools# ./adb push ../asroot2 /data/local/
711 KB/s (74512 bytes in 0.102s)
[email protected]:~/android-sdk-linux/tools# ./adb shell chmod 0755 /data/local/asroot2
[email protected]:~/android-sdk-linux/tools# /data/local/asroot2 /system/bin/sh
bash: /data/local/asroot2: No such file or directory
[email protected]:~/android-sdk-linux/tools# ./adb shell /data/local/asroot2 /system/bin/sh
[+] Using newer pipe_inode_info layout
Opening: /proc/559/fd/3
SUCCESS: Enjoy the shell.
# mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
cd /system/bin
cat sh > su
chmod 4755 su
reboot
Click to expand...
Click to collapse
It seems as though after it says "SUCCESS" that my terminal just stops responding to code...
Tried reading the link to where he made the tutorial from, but its a mixture of ubuntu and windows with 30 pages of posts.
Any thoughts/help?
Thanks
[Continuing]
So just pretending that everything is going as planned I reboot the phone and it actually turns my computer off as well..
So I continue with the steps.
[email protected]:~# cd ~/android-sdk-linux/tools
[email protected]:~/android-sdk-linux/tools# ./adb push ../recovery-RA-heroc-v1.2.3.img /sdcard/
* daemon not running. starting it now *
* daemon started successfully *
1199 KB/s (3352576 bytes in 2.730s)
[email protected]:~/android-sdk-linux/tools# ./adb shell
$ su
su: permission denied
Click to expand...
Click to collapse
But Get permission denied.
I'm going to go ahead and start over but skip the first line that i input that said SUCCESS and stopped the terminal.
(really don't know what i'm doing but I think I need to get these two lines in
cat sh > su
chmod 4755 su)
EDIT: on second thought perhaps this has something to do with me being logged in as root on my computer from the get go, i'll try that.
A dummy and his cell phone perhaps soon part.
# mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
cd /system/bin
cat sh > su
chmod 4755 su
reboot
Click to expand...
Click to collapse
It looks like you copy/pasted this whole section as a block. I think you need to execute the commands one at a time, and wait for a new "#" prompt between each one. The reason the terminal stops responding is that as one long string, it's not a meaningful command.
buck2202 said:
It looks like you copy/pasted this whole section as a block. I think you need to execute the commands one at a time, and wait for a new "#" prompt between each one. The reason the terminal stops responding is that as one long string, it's not a meaningful command.
Click to expand...
Click to collapse
I didn't, although i did try that as well
after I would do the mount commands i would no longer get a $ or a # sign, it was just a bunch of nothingness...
I ended up booting up my girlfriends vista and then spent quite a while figuring out how to get the driver for adb, I had to follow two different windows guides for rooting for some reason as well... so if that says anything.. just imagine how long it took me to realize how to get the driver hahah
buck2202 said:
It looks like you copy/pasted this whole section as a block. I think you need to execute the commands one at a time, and wait for a new "#" prompt between each one. The reason the terminal stops responding is that as one long string, it's not a meaningful command.
Click to expand...
Click to collapse
no, I'm having the same problem. After the "mount" command it gives me nothing.
Edit: doing this in karmic
Odd. I've had no problems following the generic procedure from theunlockr on ubuntu. My only suggestion would be to turn
Code:
./adb shell /data/local/asroot2 /system/bin/sh
into
Code:
./adb shell
/data/local/asroot2 /system/bin/sh
I'm not sure why it should make a difference, but on my computer "./adb shell <command>" exits the shell when it finishes. From what you've pasted, it doesn't look like that's happening to you, but that's my only guess right now.
If you run "./adb devices" do you see your serial number?
And out of curiosity, why are you running as root on your computer? (sudo su) Have you tried just starting the adb server as root, and running the rest of the commands normally? Does this work?
Code:
./adb kill-server
sudo ./adb start-server
./adb devices
Hi there...
I'm finally considering rooting, however all the guides lead to flashing a custom rom... but actually I don't want to flash a custom ROM, I want to keep everything as it is, with the difference that I (and preferably only I) can become super user on the shell when I need to do some changes (like fixing the stock widget bug in the internal database).
I've read this right now:
http://forum.xda-developers.com/showthread.php?t=724741
And they say I can flash this files called EngTools.zip
Does this also work on the Hero assuming the guide (PossibleGSMRoot or something... fromt he villainforum) works on my phone?
I don't even want to permanently have some kind of AmonRa blabla recovery boot image on my phone. If I need it while I get root that's fine, but I want to get rid of it afterwards. I really don't need root for any applications liek overclocking etc. etc. just for smaller dives into the files system and changes there via adb.
olafos said:
Hi there...
I'm finally considering rooting, however all the guides lead to flashing a custom rom... but actually I don't want to flash a custom ROM, I want to keep everything as it is, with the difference that I (and preferably only I) can become super user on the shell when I need to do some changes (like fixing the stock widget bug in the internal database).
I've read this right now:
http://forum.xda-developers.com/showthread.php?t=724741
And they say I can flash this files called EngTools.zip
Does this also work on the Hero assuming the guide (PossibleGSMRoot or something... fromt he villainforum) works on my phone?
I don't even want to permanently have some kind of AmonRa blabla recovery boot image on my phone. If I need it while I get root that's fine, but I want to get rid of it afterwards. I really don't need root for any applications liek overclocking etc. etc. just for smaller dives into the files system and changes there via adb.
Click to expand...
Click to collapse
Hmmm. If you are on 2.1, then you can use the GSM root i posted over at VR. The recovery needs to be flashed to the phone though, so you can flash zips to the phone from there.
As for your wish to get rid of the patched recovery afterwards, you're missing out a lot, but if you can find the stock recovery img file, you can simply flash that using
"flash_image recovery FilenameHero.img" via the phone's shell or adb (once rooted, presuming you added the flash_image binary).
As for that file, I don't know, as I've never checked if that will work on the hero.
I'd be inclined to say DON'T TRY IT, since it will contain a kernel, and flashing the wrong kernel can brick your device's radio, essentially ruining it.
But if you locate the correct files for the GSM hero, and package them similarly, you could flash that onto your phone via recovery
Bear in mind the stock HTC ROM is basically full on the system partition, so you might have issues actually fitting the files on.
I've been a lurker for some time here but just before I had thought about exactly the same issue as OP... I always wondered why there's no way to just get root access temporarily. Most people told me I'd have to flash a custom ROM.
So today I finally looked into the matter and based on your (anon2122) post on VillainROM and the Eris exploits etc. I managed to do exactly what I wanted... and thought it's time to get an account...
I only really needed root for the Stock app currency issue: [HTTP]://forum[DOT]xda-developers[DOT]com/showthread[DOT]php?t=719149 which I was now able to fix.
HTC Hero GSM soft root guide by ixampl
(... credits belong to / based on: [HTTP]://www[DOT]villainrom[DOT]co[DOT] uk/viewtopic[DOT]php?f=110&t=2096)
1 Flashing a custom recovery image
1.1 Backup (1)
Code:
adb shell mkdir /data/local/backup
adb shell cat /data/local/rights/mid.txt > /data/local/backup/mid.txt
1.2 Uploading custom recovery image and image flashing tool and setting correct permissions
Code:
adb push recovery-RA-hero-v1.6.2.img /data/local/
adb push flash_image /data/local/
adb shell chmod 777 /data/local/recovery-RA-hero-v1.6.2.img
adb shell chmod 777 /data/local/flash_image
1.3 Center piece of the permissions exploit for the recovery ROM
Code:
adb shell ln -s /dev/mtd/mtd1 /data/local/rights/mid.txt
1.4 Normal reboot
Code:
adb reboot
1.5 Now that the recovery ROM (/dev/mtd/mtd1) is accessible: Backup (2)
Code:
adb shell cat /dev/mtd/mtd1 > /data/local/backup/recovery.img
1.6 Flashing the previously uploaded custom recovery image
Code:
adb shell /data/local/flash_image recovery /data/local/recovery.img
1.7 Rebooting into recovery mode
Code:
adb reboot recovery
2 Adding root shell (optional)
2.1 Mounting all devices
Code:
adb shell mount -a
2.2 Adding rootsh
Code:
adb shell cat /system/bin/sh > /system/bin/rootsh
adb shell chmod 4755 /system/bin/rootsh
2.3 Rebooting into system
Code:
adb reboot
After this you can flash the recovery.img you backed up in step 1.5 just as you flashed in step 1.6 (adjust the parameters accordingly).
ixampl said:
I've been a lurker for some time here but just before I had thought about exactly the same issue as OP... I always wondered why there's no way to just get root access temporarily. Most people told me I'd have to flash a custom ROM.
So today I finally looked into the matter and based on your (anon2122) post on VillainROM and the Eris exploits etc. I managed to do exactly what I wanted... and thought it's time to get an account...
I only really needed root for the Stock app currency issue: [HTTP]://forum[DOT]xda-developers[DOT]com/showthread[DOT]php?t=719149 which I was now able to fix.
HTC Hero GSM soft root guide by ixampl
(... credits belong to / based on: [HTTP]://www[DOT]villainrom[DOT]co[DOT] uk/viewtopic[DOT]php?f=110&t=2096)
1 Flashing a custom recovery image
1.1 Backup (1)
Code:
adb shell mkdir /data/local/backup
adb shell cat /data/local/rights/mid.txt > /data/local/backup/mid.txt
1.2 Uploading custom recovery image and image flashing tool and setting correct permissions
Code:
adb push recovery-RA-hero-v1.6.2.img /data/local/
adb push flash_image /data/local/
adb shell chmod 777 /data/local/recovery-RA-hero-v1.6.2.img
adb shell chmod 777 /data/local/flash_image
1.3 Center piece of the permissions exploit for the recovery ROM
Code:
adb shell ln -s /dev/mtd/mtd1 /data/local/rights/mid.txt
1.4 Normal reboot
Code:
adb reboot
1.5 Now that the recovery ROM (/dev/mtd/mtd1) is accessible: Backup (2)
Code:
adb shell cat /dev/mtd/mtd1 > /data/local/backup/recovery.img
1.6 Flashing the previously uploaded custom recovery image
Code:
adb shell /data/local/flash_image recovery /data/local/recovery.img
1.7 Rebooting into recovery mode
Code:
adb reboot recovery
2 Adding root shell (optional)
2.1 Mounting all devices
Code:
adb shell mount -a
2.2 Adding rootsh
Code:
adb shell cat /system/bin/sh > /system/bin/rootsh
adb shell chmod 4755 /system/bin/rootsh
2.3 Rebooting into system
Code:
adb reboot
After this you can flash the recovery.img you backed up in step 1.5 just as you flashed in step 1.6 (adjust the parameters accordingly).
Click to expand...
Click to collapse
That is a nice method.
I've long thought about making something similar, so maybe today I'll try, as an idea has come back to me...
I am thinking that I can avoid the whole recovery flashing, though I'm not going to say the idea till I've thought it through, as someone might try it before I realise how stupid an idea it is...
But I'll certainly see if it can get permanent root sorted out on the phone, although it won't give root adb access, as that is defined in the boot.img, though I guess I could flash that while I'm at it...
Good work.
Thanks!
Yes, a method to (safely) acquire super user access without flashing anything would be highly appreciated There's a small risk involved with flashing. Granted it usually causes no issues, but there is the slight possibility of bricking your phone.
Good work.
Click to expand...
Click to collapse
Thanks, although - as you know - I really didn't do anything special there
[...] although it won't give root adb access [...]
Click to expand...
Click to collapse
Yes, that's a minor annoyance, but really minor ... for the currency fix I naturally couldn't do
Code:
adb pull /data/data/com.htc.dcs.service.stock/databases/stock.db stock.db
or
Code:
adb push stock.db /data/data/com.htc.dcs.service.stock/databases/stock.db
but it's not that hard to just work around that via /data/local:
Code:
adb shell
$ rootsh
# cat /data/data/com.htc.dcs.service.stock/databases/stock.db > data/local/stock.db
then pull from there etc.
I really think "rooting" is a misnomer for most of the current guides.
I can see that most people "root" their phone in order to get custom ROMs (and I have no issue with that, it's just too much overkill for someone who just wanted to fix a small bug ) but In fact most people don't care about rooting per se, they care about flashing a recovery image which enables them to flash custom ROMs.
I actually wanted to try:
Code:
adb shell ln -s /dev/mtd/mtd3 /data/local/rights/mid.txt
...and see what happens if I remount after boot. If it causes the system to follow back the link with user permissions for the recovery ROM, maybe the system ROM could be (write-)accessed as well. Then again, it was my first venture into rooting so naturally there would have been no way to fix a broken system image safe for reflashing the 1.5 RUU.
Do you have any details about what the original purpose of the (original) mid.txt was? I mean, it was there, sitting in a directory named rights... quite an invitation (of course, we didn't actually "set" rights in that file or anything for the exploit, but still...)
Is it safe to delete mid.txt and will it be recreated with some default values by the system?
Click to expand...
Click to collapse
All root credit still goes to AndIRC and crew.
Rooting The ThunderBolt – Updating The Radio – And Installing BAMF 1.5
From Adrynalyne: This totally awesome wtfomgroflbbq ungodly large PG05IMG.zip contains the latest of everything 1.13.605.7 has to offer plus engineering hboot for s-off, BAMF 1.5, BAMF 4.4.2 kernel, clockwork, and custom boot splash by gadget!
Pros
Root with read/write access to /system
Ability to downgrade and flash any RUU (i.e. signed firmware)
S-OFF
Fully unlocked bootloader
Latest RUU installed
BAMF 1.5nte installed
Cons
Voids warranty
Could brick your phone if you aren’t careful
Its an RUU, IT CAN BREAK YOSELF.....FOO!!!
Its an RUU, IT CAN BREAK YOSELF.....FOO!!!
Its an RUU, IT CAN BREAK YOSELF.....FOO!!!
The method of rooting your Android device as described in the article herein is solely for enthusiasts and not for the faint of heart.
IT WILL WIPE YOUR DATA. IT WILL WIPE YOUR DATA. IT WILL WIPE YOUR DATA.
Android Police and Team AndIRC and Adrynalyne disclaim all liability for any harm that may befall your device, including, but not limited to: bricked phones, voided manufacturer warranties, exploding batteries, etc.
The instructions below assume you already have a strong familiarity with adb command lines – this is not for beginners.
Credits
Adrynalyne for the Custom RUU, BAMF, and Kernel
Scotty2, jamezelle, jcase, and all of Team AndIRC
dsb9938 for writing this, testing, boot ani, and just being an overall great guy
Testers, especially ProTekk and Trident
Gadget for boot splash and ani
Thanks to scotty2 for WPThis
Busybox was pulled from a CyanogenMod ROM, source should be available here
psneuter was pulled from somewhere, credit to scotty2, source here
All firmware credit goes to 911sniper
If I missed anyone in the credits, it was unintentional and I will fix it soon. Lots of people had their hands in on this project.
Please read the instructions in full before you start. Also, make sure your battery is fully charged before taking the plunge.
Step 1
First, download these files:
RUU_Mecha_VERIZON_WWE_1.03.605.10_Radio_1.02.00.01 03_2r_NV_8k_1.37_9k_1.52_release_165253 (md5sum : aae974054fc3aed275ba3596480ccd5b) THIS IS THE DOWNGRADE RUU USED IN STEP 4:
Multiupload mirror
GalaxySense mirror
DroidSite mirror
Mirrors for the package (contains busybox, wpthis, psneuter, su, readme.txt, misc.img, and hbooteng.nb0) (md5sum : 3b359efd76aac456ba7fb0d6972de3af) THIS IS THE EXPLOITS FILE:
Multiupload mirror
GalaxySense mirror
DroidSite mirror
BAMF/Leaked RUU mirrors (md5sum : ede0dc842ab676080befe2ae01c74cd3) THIS IS THE CUSTOM RUU USED IN STEP 7:
Single Source
Step 2
Note that adb is required.
Push misc.img, busybox, and psnueter using the following commands:
Code:
adb push psneuter /data/local/
adb push busybox /data/local/
adb push misc.img /data/local/
adb shell chmod 777 /data/local/psneuter
adb shell chmod 777 /data/local/busybox
Step 3
This step will gain temp root and flash the custom misc.img. Run:
Code:
adb shell
Now the shell should display "$".
Run:
Code:
/data/local/psneuter
You will now be kicked out of adb, and adb will restart as root.
Let’s confirm the md5 of misc.img:
Code:
adb shell
At this point, the shell should display "#".
Now run:
Code:
/data/local/busybox md5sum /data/local/misc.img
Output should be "c88dd947eb3b36eec90503a3525ae0de." If it’s anything else, re-download the file and try again.
Now let’s write misc.img:
Code:
dd if=/data/local/misc.img of=/dev/block/mmcblk0p17
exit
Step 4
Here you will rename the downgrade RUU (RUU_Mecha_VERIZON_WWE_1.03.605.10_Radio_1.02.00.01 03_2r_NV_8k_1.37_9k_1.52_release_165253) as PG05IMG.zip and place it on your SD card (put the phone in drive mode and just copy it with your OS). Then, run the following command:
Code:
adb reboot bootloader
Choose the bootloader option and press power; let the ROM flash. When asked to upgrade, choose yes. Don’t freak, it’s a long reboot.
Once done, reboot and delete PG05IMG.zip from your SD card.
Step 5
Set up the two part exploit, to gain root and unlock MMC.
Push wpthis, busybox, and psnueter:
Code:
adb push psneuter /data/local/
adb push busybox /data/local/
adb push wpthis /data/local/
adb shell chmod 777 /data/local/psneuter
adb shell chmod 777 /data/local/busybox
adb shell chmod 777 /data/local/wpthis
Gain root (this will once again throw you out of adb):
Code:
adb shell
/data/local/psneuter
Unlock MMC:
Code:
adb shell
/data/local/wpthis
exit
Step 6
Please pay attention – this is very important. This step involves a small chance of bricking if you mess up.
To push the eng bootloader:
Code:
adb push hbooteng.nb0 /data/local/
adb shell
/data/local/busybox md5sum /data/local/hbooteng.nb0
If the output does not match "6991368ee2deaf182048a3ed9d3c0fcb" exactly, stop, delete it, and re-download it. Otherwise, continue.
Now we will write the new bootloader.
Code:
dd if=/data/local/hbooteng.nb0 of=/dev/block/mmcblk0p18
Confirm proper write:
Code:
/data/local/busybox md5sum /dev/block/mmcblk0p18
If the output does not match "6991368ee2deaf182048a3ed9d3c0fcb," try again; if it still doesn’t work, seek help from http://chat.andirc.net:9090/?channels=#root. DO NOT REBOOT.
Reboot.
Step 7
Now, put the custom leaked RUU (Adrynalyne.1.5.PG05IMG.zip) on your SD card by putting the phone in drive mode and copying it with your OS. Now rename it to PG05IMG.zip.
Then using an md5sum type program, check the md5sum and make sure it matches ede0dc842ab676080befe2ae01c74cd3, if it does not, redownload it. (Here is a free windows md5summer).
Next, run this command:
Code:
adb reboot bootloader
Choose the bootloader option and press power; let the ROM flash. When asked to upgrade, choose yes. Don’t freak, it’s a long reboot.
Once done, reboot and delete PG05IMG.zip from your SD card.
After it flashes, you will be running BAMF 1.5nte with S-OFF on the latest leaked RUU.
Please Note: One of the TP images will be bypassed while flashing, this is normal. Also, on first boot, there will be no boot sound, this is normal.
Please make a nand backup in Rom Manager after you go thorugh phone set up.
Rom Manager, SuperUser, and Titanium Backup are already installed.
ClockWork Recovery 3.0.2.5 is already installed.
If you have problems, come to the chat: irc.andirc.net #root or use http://chat.andirc.net:9090/?channels=#root.
.
"omg, no one-click method!?"
jk, this will be a nice time-saver for those just getting their Thunderbolts. Great job compiling this all into one package!
Sweet!
Nice job! Gotta love how the Android community is always trying to help the non-tech savvy be awesome too.
Sent from a bit of awesomeness...
Great job this will come in handy if I decide to root the wifes phone. Mine has been rooted for a while now.
this isnt working so well for me... flashing the last part and boot failed and its stuck on mdm9k
lllboredlll said:
this isnt working so well for me... flashing the last part and boot failed and its stuck on mdm9k
Click to expand...
Click to collapse
Please post back and let us know how things work out after you get the new phone. Sorry you had to have what I think is a bad nand chip that wouldn't take a flash.
D
dsb9938 said:
Please post back and let us know how things work out after you get the new phone. Sorry you had to have what I think is a bad nand chip that wouldn't take a flash.
D
Click to expand...
Click to collapse
well just for the record ... i hold no one accountable but myself or vzw on this one.... what a weird experience.... all the flashing and modding i've done over the last 5 years or so and I kill this phone right out of the gate... it literally made it 2hrs 45 minutes before i had a funeral for it lol
lllboredlll said:
well just for the record ... i hold no one accountable but myself or vzw on this one.... what a weird experience.... all the flashing and modding i've done over the last 5 years or so and I kill this phone right out of the gate... it literally made it 2hrs 45 minutes before i had a funeral for it lol
Click to expand...
Click to collapse
Thanks. I think we did all we could. Happy to help with the new one.
Sent from my ThunderBAMF using the XDA app.
Thank you for this.. Made ROOTING my wife's phone a breeze!
New possible root method on Thinkpad tablet forums, by OPDECIRKEL. He needs help testing it out.
look here and lets cross our fingers =D
http://www.thinkpadtabletforums.com...nt/yareftpt-yet-another-root-exploit-for-tpt/
opdecirkel released the exploit -> http://opdecirkel.wordpress.com/2012/03/18/yareftpt/
unfortunately, it doesn't work. =( can't execute "adb remount" when the script calls for it, but hopefully things will get ironed out soon.
***EDIT***
updated script worked!
-=HOLLYW00D=- said:
unfortunately, it doesn't work. =( can't execute "adb remount" when the script calls for it, but hopefully things will get ironed out soon.
Click to expand...
Click to collapse
Not sure if it can help you, but try checking the TPT forum thread again, there has been some advances and troubleshooting going on
Moved To General
As the first post is just a link and contains no development, this has no place in this section
updated -> http://opdecirkel.wordpress.com/2012/03/18/yareftpt/
Someone thinkpadtabletforum reported that it worked for him.
updated script worked for me! cwm installed fine as well!
I achieved root with the new method on OTA 2.5. Also installed CWM with no issues. Works great.
Sent from my PC36100 using Tapatalk
I can confirm it worked!
I had to update first because the "Disable Battery Discharge" option was not there. (I guess my Tablet stopped getting OTA updates since I was on ThinkPadTablet_A310_02_0024_0065_US... Also, you have to update one at a time, you can't go from 24_65 straight to 37_75. Also, I stopped at 39_86 since I was impatient.)
I like this once since we can see how it worked rather than blindly running some guys program (I never tried the first root.)
I can also confirm the new method to be working. Just rooted my 0089_WE TPT. Works like a charm
I am quoting the following post (i don't have privilege to post there): forum.xda-developers.com/showpost.php?p=23902281&postcount=64
daswahnsinn said:
I unrooted and then updated, now I can't root. I updated the SDK and made sure I have the proper drivers needed. So I take back my easy comment. I'll keep trying I might just manually push the files back.
Click to expand...
Click to collapse
How did it fail? At which stage and what error did you get?
Okay, I'll try and flash the oldest update zip, and it fails as it should, then I wipe the cache part, reboot, and I hit enter when I gets to the unlock screen then the CMD window closes.
EDIT: I spent a good hour or so combing through my PC and these forums and tried both methods a lot, and this one finally worked. It wouldn't let me get to the /cache/recovery/pwn/su part of the script. Thank you all for your support.
I have problems...
Hi all,
Apologizes for my english, too bad to discuss this kind of issues. Sorry in advance.
I had the "fantastic" idea to update the firmware some weeks ago, when I was SU. After this, I've lost most of capabilities!
I tried to follow the procedure, but I cannot reach 'root' in any case. I have version WE089. Downloaded US060, but there's only 065 for Western Europe. I got both, just in case..
Unfortunately, in the first step it failed I'm not able to update anything. The process crashes when is loading old firmware, either US060 or WE065.
I've realised that during the process I loose the USB link connection (when I reboot), and the system tries to install again and again the driver. If the TPT is running in recovery mode, it seems that is not connected via USB... If I have the tablet in "normal use", I see it through the Windows Desktop.
Other question: should I disconnect the Internet connection?
I guess other requirements are right (ADBD, debugging mode,...). It's really annoying, it took me a lot of hours and I haven't found any solution.
Can anybody help me? What I'm doing wrong?
Cheers!
jm
W7 64bits - TPT WE089
@jm
goto device manager. right click on Android device. reinstall device driver.
This worked for me in recovery when the device was not recognized.
Edit: look here: http://forum.xda-developers.com/showthread.php?t=1471106&page=2
What do you mean with loosing the connection? Is the adb driver installed correctly? Where did you get it from? Is it an genuine lenovo driver? If so, than you shouldn't worry!
Perhabs it's the MTP driver, that is missing when you boot into recovery? If it's the adb driver, than you should try jlove's method.
In addition I wanted to inform you, that the new method worked for me, too! Even with some complications... by this way, thanks again to opdecirkel!
Because the run.bat script did't worked correctly, I had to do it manually. So I put the "yareftpt" on C:\\, started cmd.exe, booted the TPT into recovery and changed the directory in cmd.exe with "cd.." to "cd yareftpt" ...followed the instructions with the update...
echo 4. Reboot in RECOVERY: (shutdown the tablet, then start it and press volume + few times until it starts in recovery)
echo 5. Go to apply update, select the update from the sdcard and try to apply it. It will fail, but that is OK.
echo 5. Then, go to 'WIPE CACHE PARTITION' and select it (navigate with volume buttons and select it with power button),
echo 6. When wipe cache complete, press (here) ^<ENTER^>.
and after that I copied the first line of the script into cmd and executed. I did it line after line, just to the next step. (dark green= copy line after line, paste and execute)
adb shell "/system/bin/mkdir /data/local/pwn"
adb shell "/system/bin/mkdir /data/local/pwn-bak"
adb shell "/system/bin/cat /system/etc/install-recovery.sh > /data/local/pwn-bak/install-recovery.sh.orig"
adb shell "/system/bin/mkdir /cache/recovery/pwn"
adb push su /cache/recovery/pwn
adb shell "/system/bin/rm /cache/recovery/log"
adb shell "/system/bin/ln -s /system/etc/install-recovery.sh /cache/recovery/log"
adb shell "echo \"/system/bin/chmod 777 /cache\" >> /tmp/recovery.log"
adb shell "echo \"/system/bin/mount -t ext4 /dev/block/mmcblk0p4 /cache\" >> /tmp/recovery.log"
adb shell "echo \"/system/bin/chmod 777 /cache\" >> /tmp/recovery.log"
adb shell "echo \"/system/bin/mount -oremount,rw -t ext4 /dev/block/mmcblk0p4 /cache\" >> /tmp/recovery.log"
adb shell "echo \"/system/bin/chmod 777 /cache\" >> /tmp/recovery.log"
adb shell "echo \"/system/bin/chmod 777 /cache/recovery\" >> /tmp/recovery.log"
adb shell "echo \"/system/bin/chown root /cache/recovery/pwn/su\" >> /tmp/recovery.log"
adb shell "echo \"/system/bin/chmod 4777 /cache/recovery/pwn/su\" >> /tmp/recovery.log"
echo 7. On the device, go to 'DISABLE BATTERY DISCHARGE' and select it. When complete press (here) ^<ENTER^>
pause
some of commands might cause failures, but don't worry and just go on
adb shell "/system/bin/rm /cache/recovery/log"
echo 8. On the device, select REBOOT. When startup COMPLETE press (here) ^<ENTER^>
pause
adb push Superuser.apk /data/local/pwn/Superuser.apk
adb push busybox /data/local/pwn/busybox
adb push su /data/local/pwn/su
adb push pwn-in.sh /data/local/pwn/pwn-in.sh
adb shell "/system/bin/chmod 777 /data/local/pwn/pwn-in.sh"
echo Your PC command prompt appears next. Do the following things:
echo 1. adb shell
echo when '$' (adb shell) appear, do:
echo 2. /cache/recovery/pwn/su
echo when '#' appears. You are root. run the following:
echo 3. /data/local/pwn/pwn-in.sh
now you should try if you have su, even if you don't see in your app list..
download root checker, install, open and try it!
You should have root right now.
In my case, i had root, but no CWM!
So I had to install in manually, but with root it should't be a problem. you only have to download the correct cwm version:
http://forum.xda-developers.com/showpost.php?p=21916505&postcount=71
then I installed it with the Android Terminal Emulator app, because the cmd.exe method did't worked for me. You should just follow the instructions:
or you can copy img file on /data/local/ folder of your tablet (with a file manager with root permissions)
launch "Android Terminal Emulator" application
and tape the instructions
su
mount -o rw,remount /system
echo "#!/system/bin/sh" > /system/etc/install-recovery.sh
dd if=/data/local/NameOfCWMFile.img of=/dev/block/mmcblk0p1
http://www.thinkpadtabletforums.com...nd-development/clockworkmod-recovery-for-tpt/
After a shutdown and reboot into recovery I had cwm! So I am able to do nandroid backups...
In this way, I would particularly like to thank to all devs that made the TPT root possible! Now i like my TPT 1000% more than before...e.g. no status-bar in lecture notes -> sooo great!!
I do get the following error maybe someone can help me out
[*]
[*]
[*]
/system/bin/mkdir: not found
/system/bin/mkdir: not found
cannot create /data/local/pwn-bak/install-recovery.sh.orig: directory nonexisten
t
/system/bin/mkdir: not found
699 KB/s (22364 bytes in 0.031s)
/system/bin/rm: not found
/system/bin/ln: not found
7. On the device, go to 'DISABLE BATTERY DISCHARGE' and select it. When complete
press (here) <ENTER>
Drücken Sie eine beliebige Taste . . .
it cant find the mkdir command very strange
I'm a little rusty, but are the / and \ facing the correct way? And are you in the correct directory? Not found usually means path is incorrect.
@rangercaptain
thats the commands from the root script. I didnt change them.
the commands are send over from adb shell and the tablet is in root directory i think.
When i go into shell and type in ls i get access denied error.
and you load the update zip and wiped cache before typing the commands, right? You have to do this every time you try to root...
Try to do it with another method. Don't do it directly trough adb shell...just type the shell commands in the cmd.exe
You just have to chance the directory in cmd, before executing the commands.
Then try not to input 'adb shell' before the shortened command, but the whole command as one line like:
adb shell "/system/bin/mkdir /data/local/pwn"
Perhabs it will work..?!?
@neos
yes i do the same procedure.
I also tried over cmd with adb shell "command" and also in shell.
Always the same error.
I looked into the system/bin directory and mkdir does have filesize of 0kb...
So I have two v20s with 10d firmware.
I have followed Github's instruction to root the phones. Which are as follows:
Building:
lunch your_device-eng
make -j5 dirtycow recowvery-applypatch recowvery-app_process recowvery-run-as
Running:
Note: Use app_process32 on 32-bit targets.
adb push dirtycow /data/local/tmp
adb push recowvery-applypatch /data/local/tmp
adb push recowvery-app_process64 /data/local/tmp
adb push recowvery-run-as /data/local/tmp
adb shell
$ cd /data/local/tmp
$ chmod 0777 *
$ ./dirtycow /system/bin/applypatch recowvery-applypatch
"<wait for completion>"
$ ./dirtycow /system/bin/app_process64 recowvery-app_process64
"<wait for completion, your phone will look like it's crashing>"
$ exit
adb logcat -s recowvery
"<wait for it to tell you it was successful>"
"[CTRL+C]"
adb shell reboot recovery
"<wait for phone to boot up again, your recovery will be reflashed to stock>"
adb shell
$ getenforce
"<it should say Permissive, adjust source and build for your device!>"
$ cd /data/local/tmp
$ ./dirtycow /system/bin/run-as recowvery-run-as
$ run-as exec ./recowvery-applypatch boot
"<wait for it to flash your boot image this time>"
$ run-as su
#
"<play around in your somewhat limited root shell full of possibilities>"
From your root shell, it's possible to use commands such as:
dd if=/sdcard/twrp.img of=/dev/block/bootdevice/by-name/recovery
Now, first phone I was able to get TWRP however when I rebot the phone to recovery, it would ask me for password. It would not instal super user without the password. It would be read only. When I reset the phone, it went into infamous recovery bootloop. It would only boot to TWRP.
Second phone I have got to as far as getenforce however it says enforcing instead of permissive.
Now I am sure what to do next and I am stuck with two bricked? phone.
I have been trying to find firmware 10d but I could not find it. Only 10i or 10j were found. Do I restore it to stock then re-root? What would be best solutions for me? Thanks in advance.
Edit: I am reading several threads and I do see same symptoms but no solutions were posted later. So I dont know what were done to fix it. I just don't what to do next at this point.
sharpeyedman said:
The 1st one that is asking for password is because you have not FORMATTED DATA
this is required for twrp to be able to read the entire phone as it was encrypted by lg.
FORMAT DATA OPTION requires you to type YES if you haven't done that it needs done,
after flash a stock rom and reboot. Usually 1st boot is 10-20 min wait time for it to setup.
This is covered on the main thread that it must be done to resolve.
If you get boot loops, put the device into fastboot ,
wipe /fota , /misc , /cache and /etc using
fastboot erase fota replace "fota" with each directory.
Furthermore, you can also wipe "system" and "data" also but you will have to flash rom again if you wipe those 2.
as well there has been some devices that wouldn't boot or booted 10x slower, and the resolution was to
push a alternate boot.img to the device that was not the engineering/debug image.
For the 2nd one, you've not provided enough info.
What software version are you on?
as well you may need to post in the root/unlock page for direct assistance to the process on this one.
.......
Click to expand...
Click to collapse
Team DevDigitel said:
sharpeyedman said:
The 1st one that is asking for password is because you have not FORMATTED DATA
this is required for twrp to be able to read the entire phone as it was encrypted by lg.
FORMAT DATA OPTION requires you to type YES if you haven't done that it needs done,
after flash a stock rom and reboot. Usually 1st boot is 10-20 min wait time for it to setup.
This is covered on the main thread that it must be done to resolve.
If you get boot loops, put the device into fastboot ,
wipe /fota , /misc , /cache and /etc using
fastboot erase fota replace "fota" with each directory.
Furthermore, you can also wipe "system" and "data" also but you will have to flash rom again if you wipe those 2.
as well there has been some devices that wouldn't boot or booted 10x slower, and the resolution was to
push a alternate boot.img to the device that was not the engineering/debug image.
For the 2nd one, you've not provided enough info.
What software version are you on?
as well you may need to post in the root/unlock page for direct assistance to the process on this one.
.......
Click to expand...
Click to collapse
Both are on 10d stock firmware. When I run getenforce then it prompts me with "enforcing". Instead of "permissive". Now when I ignore the prompt and proceed further, it later would not let me install new recovery or TWRP. So I cannot boot to customer recovery it TWRP. If I retry the procedures all over from the beginning then it would not run chmod 0777 *. It would say not granted or permitted. What should I do with the second phone? Thanks so much for your help.
Click to expand...
Click to collapse
sharpeyedman said:
Team DevDigitel said:
Both are on 10d stock firmware. When I run getenforce then it prompts me with "enforcing". Instead of "permissive". Now when I ignore the prompt and proceed further, it later would not let me install new recovery or TWRP. So I cannot boot to customer recovery it TWRP. If I retry the procedures all over from the beginning then it would not run chmod 0777 *. It would say not granted or permitted. What should I do with the second phone? Thanks so much for your help.
Click to expand...
Click to collapse
i dont know, post this one in other page
Click to expand...
Click to collapse