To be honest, I'm a nice guy, but when threads get filled with utter "OMG, How do I root?" posts, I get pissed off. I don't mean to backseat moderate or anything, I just really get fed up sometimes. Hence, I've broken out the hardcore side of myself, and I present:
Coburn's (mostly) failproof rootmeplz kthxbai tutorial, featuring the awesome m7 exploit.
YOU CANNOT USE THIS ROOT GUIDE TO INSTALL ANDROID 2.0.x/2.1/2.x AT THIS MOMENT IN TIME. PLEASE DO NOT ASK IF YOU CAN INSTALL ANDROID 2.x USING ROOT, AT THIS STAGE IT'S A BIG FAT NO! THANK YOU FOR YOUR ATTENTION!!
Alright.
Easy to understand, plain english guide
Download the ZIP file attached to this post. Extract the files to a safe location - perhaps C:\Tattoo ?
Now, you'll need adb for windows. You can get it from my website's server here: ADB for windows.
Make sure your device is in USB Debug Mode (Settings > Applications > Development). This is ESSENTIAL!
Extract all the files in the adb4win zip file to your C:\Tattoo folder.
Now, go to Command Prompt. In XP, it's under System Tools in Accessories. In Vista/7, it'll be under accessories.
Do the following at the command line:
C:\Users\Coburn> cd C:\Tattoo
This will change your working directory from C:\Users\Coburn (or silimar) to C:\Tattoo .
Now, at the command line, do this:
C:\Tattoo> adb-windows shell "mkdir /data/local/bin" (with the quotes!).
This makes a directory on the Tattoo under /data/local, called bin. If you get a error (like mkdir failed, file/folder exists), this is fine! Don't sweat it.
Now, run this command:
C:\Tattoo> adb-windows push m7 /data/local/bin/m7
...and wait until finish.
Run this:
C:\Tattoo> adb-windows shell "cd /data/local/bin && chmod 755 ./m7" (with the quotes!)
This allows you to run the sucker.
Now, the fun part. Run this:
C:\Tattoo> adb-windows shell
This will dump you at a "$" shell. do the following:
C:\Tattoo> adb-windows shell
$ cd /data/local/bin
$ while ./m7 ; do : ; done
...lotsa text will flow down your screen. This is normal. Sometimes the exploit causes adb to freeze up, I don't know. I think it may be due to the exploit. It worked on my mac fine though...
Soon, you'll be greeted with this:
#
This is the root prompt! If you get stuff like this:
# usage: reboot ...
usage: reboot ....
usage: reboot ...
Just keep your cool, press enter and the # will say "Boo" again. This is due the exploit spawning reboots to gain the shell.
Then, do these commands from this thread's first post:
-bm- and the hax0rs crew said:
You did it, you should be root now!
Let's set some variables:
Code:
export LD_LIBRARY_PATH=/system/lib
export PATH=/system/bin
[...] check if ur root:
Code:
id
You should get something like this:
Code:
# id
uid=0(root) gid=1000(shell) groups=1003(graphics),1004(input),1007(log),1011(adb),1015(sdcard_rw),3001(net_bt_admin),3002(net_bt),3003(inet)
uid=0(root) is important.
Click to expand...
Click to collapse
When you get this:
C:\Tattoo> adb-windows shell
$ cd /data/local/bin
$ while ./m7 ; do : ; done
[... lotsa pasta ...]
#
You can do anything then! Look at /system, /data, etc etc. You're broken free, my friend, and you'll forever be free. Until you press that exit button. you didn't. You didn't press that exit button? lolwut u did? Grrrrrrr!!!
EDIT: Added Guide to remount partitions. It's below.
Now you need to install su. Exit your root shell (via CTRL+C) (NO, Coburn, are you serious? ME LOSE ROOT SHELL?! ) and download this su.zip and extract it to C:\Tattoo. DO NOT EXIT THE COMMAND PROMPT WINDOW.
Meanwhile, back at the ranch, in your command prompt window, do this:
C:\Tattoo> adb-windows push su /data/local/bin/su
Then break out a shell...
C:\Tattoo> adb-windows shell
at the $ prompt, enter:
$ chmod 755 /data/local/bin/su
$ cd /data/local/bin/
..run the exploit again via "while 'true' ; do ./m7 ; done" to get root again then enter ...
# chown root.root /data/local/bin/su
# chmod 4755 /data/local/bin/su
# mount -o rw,remount /dev/block/mtdblock5 /data
# mount -o rw,remount /dev/block/mtdblock3 /system (This line allows you to play around with files on the system partition!)
After that, you can exit out of the root shell, and try a normal shell and this:
$ /data/local/bin/su
...which should make you get a nice # prompt. (Sometimes it doesn't, for me it got su: permission denied, wtf?)
(End SU Part of guide)
Tested on Windows 7. Also works on a phone terminal emulator too!
Keep your cool peeps - I do this for fun, I'm not a fulltime android dev. I am an addict though.
Happy rootin my friends.
Cheers,
Tattoo Hacker Coburn.
Greets fly out to the geeks that hacked it originally - without you, I'd have got a nexus one.
Thanks for marsdroid for correcting an error. Kudos to you, bro!
"ANDROID - It's a virus. In a Good Way. Once it's in your system, you can't get rid of it."
You should also add the "su" part in order to get root easier after the first time. Otherwise you have to do the exploit every time you want #
You could also add an explanation on how to remount the partitions without nosuid, so that a suid su can work.
mainfram3 said:
You could also add an explanation on how to remount the partitions without nosuid, so that a suid su can work.
Click to expand...
Click to collapse
Noted. Will do.
LordGiotto said:
You should also add the "su" part in order to get root easier after the first time. Otherwise you have to do the exploit every time you want #
Click to expand...
Click to collapse
Heh, yeah. Might add that up too.
Coburn64.
Thanks Man.
Nice Thread.
Thank you Coburn
svprm said:
Coburn64.
Thanks Man.
Nice Thread.
Click to expand...
Click to collapse
Thanks bro for your thanks.
I'm very glad you did that work, I'm kind of busy but I will update my statusposting and link to your HowTo!
Thats great community work.
[ROOTING] The M7 Exploit + Newbie Guide
Easy to understand, plain english guide
Click to expand...
Click to collapse
I apologize for my english, it's not my native language and I tried my best. ;-)
Keep up your work!
-bm-
-bm- said:
I'm very glad you did that work, I'm kind of busy but I will update my statusposting and link to your HowTo!
Thats great community work.
I apologize for my english, it's not my native language and I tried my best. ;-)
Keep up your work!
-bm-
Click to expand...
Click to collapse
You're welcome. I actually wanted this thread to help your thread, I wanted to spawn a m7 exploit thread to keep the original thread (which is based on the classic m6 exploit) clean of "How do I root with m7" and such.
Keep up the good work too, bm!
Thanks Coburn, so m6 is useless..
adb shell rm /data/local/bin/m6?
thx for the work , and corrections ! deleted the ealyer post
?
When i get # , and type:
# chown root.root /data/local/bin/su
i get :
chown root.root /data/local/bin/su
chown: not found
#
What i'm doing wrong /??
liderzre said:
When i get # , and type:
# chown root.root /data/local/bin/su
i get :
chown root.root /data/local/bin/su
chown: not found
#
What i'm doing wrong /??
Click to expand...
Click to collapse
type
export LD_LIBRARY_PATH=/system/lib
export PATH=/system/bin
rooted
Ty. Guide is not 100% for noobs. (ME).
Problem copying files to system partition after successfull rooting
Hi
The device was rooted successfully (from the first time using m7)
But I have very strange problem.
I try to update some files in the /system (updating fonts in /system/fonts).
I successfully run following command to remount system with rw permissions
/system/bin/mount -o rw,remount /dev/block/mtdblock3 /system
But when I try to copy files to /system/fonts I get "not enough memory" error.
If I run "df" command it shows that /system has 14% free before write attempt
But if I run "df" command after the write attempt I see that there is no free space.
It looks like there is some protection mechanism that prevents copying files to /system partition.
Does any one has an idea how to solve it?
Thanks
ronyrad said:
Hi
The device was rooted successfully (from the first time using m7)
But I have very strange problem.
I try to update some files in the /system (updating fonts in /system/fonts).
I successfully run following command to remount system with rw permissions
/system/bin/mount -o rw,remount /dev/block/mtdblock3 /system
But when I try to copy files to /system/fonts I get "not enough memory" error.
If I run "df" command it shows that /system has 14% free before write attempt
But if I run "df" command after the write attempt I see that there is no free space.
It looks like there is some protection mechanism that prevents copying files to /system partition.
Does any one has an idea how to solve it?
Thanks
Click to expand...
Click to collapse
The problem is well known an jet we have got no explanation. It looks like an additional security system build in by HTC. That is what also prevents us from flashing Custom ROMS at the moment. Development goes on here: http://forum.xda-developers.com/showthread.php?t=631540&page=18 but there is no solution or explanation until now.
-bm-
Could it be that it seems to be that the driver (yaffs) is possibly trying to copy /system into memory, and then reflash the partition all at once (to prevent NAND/NOR tear and wear)?
this guide is in error and will for sure not work ...
you should post probberly ...specially now when things is working....
there is no reason do do a NONSENCE guide .....
thx for the work thoe
Click to expand...
Click to collapse
Excuse me, but it was tested working. I do not post false or misleading information, so please don't accuse me of posting something that won't work. It does work. If you have troubles, you're not following it correctly. Start again and work one step at a time.
Coburn64 said:
Excuse me, but it was tested working. I do not post false or misleading information, so please don't accuse me of posting something that won't work. It does work. If you have troubles, you're not following it correctly. Start again and work one step at a time.
Click to expand...
Click to collapse
don't worry for such baseless allegations coburn.... u r doing a great job. keep up this good work bro.... thanks a lot for this wonderful presentation...
waiting for ur custom ROM.....
Coburn64 u are missing a ; in the 2. while
and i dont expect the newbies to sit back and wait for the "BUUH"..
but im sure someone will....
thx again
EDIT Coburn64 fixed it
Related
so thats what i get when i try to run fix permissions from terminal.
HTML:
/system/bin/fix_permissions 2.03 started at 01-12-2010 05:08:24
99 does not exist (1 of 99). Reinstall...
/system/bin/fix_permissions 2.03 ended at 01-12-2010 05:08:25 (Runtime:0m1s)
i tried replacing the system/bin/fix_p.. with one from cyans rom using rootexplorer.apk but the i get permissions denied when i try to run fix_p.. in terminal.
Also mount -w doesn't work.
installed the room after full wipe n even repartitioned my sd.
im not the only one with that problem too
You are supposed to run it in recovery. Just select the option there.
evilkorn said:
You are supposed to run it in recovery. Just select the option there.
Click to expand...
Click to collapse
ill run it from where i want to run and it wasn't my question.
double post
BrutalHoe said:
ill run it from where i want to run and it wasn't my question.
Click to expand...
Click to collapse
What's with the hostility?
Code:
$su
# mount -o rw,remount /dev/block/mtdblock3 /system
# cp /sdcard/fix_permissions /system/bin
# reboot
When it loads back up, either ADB Shell or Terminal :
#fix_permissions
Use this fix_permissions:
http://www.mediafire.com/?mwkxynmzumy
akapoor said:
What's with the hostility?
Code:
$su
# mount -o rw,remount /dev/block/mtdblock3 /system
# cp /sdcard/fix_permissions /system/bin
# reboot
When it loads back up, either ADB Shell or Terminal :
#fix_permissions
Use this fix_permissions:
http://www.mediafire.com/?mwkxynmzumy
Click to expand...
Click to collapse
dont like pll who jsut wanna post something useless.
ty ill try that.
I might have editted the post a little late, but make sure you have the fix_permissions file on your sd card.
How is your Ivory Throne?
BrutalHoe said:
dont like pll who jsut wanna post something useless.
ty ill try that.
Click to expand...
Click to collapse
evilkorn made a legitimate post. he said you're supposed to run it from recovery. that was his input and he made it known. how is that useless?
Eh, I don't know what I was thinking, but this is the correct form:
Code:
$ su
# mount -o remount,rw /dev/block/mtdblock3 /system
# cp /sdcard/fix_permissions /system/bin/fix_permissions
# chmod 755 /system/bin/fix_permissions
# reboot
Then when its back up do
Code:
$su
# fix_permissions
Sorry about that.
akapoor said:
Eh, I don't know what I was thinking, but this is the correct form:
Code:
$ su
# mount -o remount,rw /dev/block/mtdblock3 /system
# cp /sdcard/fix_permissions /system/bin/fix_permissions
# chmod 755 /system/bin/fix_permissions
# reboot
Then when its back up do
Code:
$su
# fix_permissions
Sorry about that.
Click to expand...
Click to collapse
nvm .
Are you doing it through Terminal or ADB?
And make sure your phone is not mounted. If it is (since you had to put the fix_permissions on the sdcard), unmount it.
evilkorn said:
How is your Ivory Throne?
Click to expand...
Click to collapse
grandomegabosses said:
evilkorn made a legitimate post. he said you're supposed to run it from recovery. that was his input and he made it known. how is that useless?
Click to expand...
Click to collapse
if u dont have an answer for my question then plz
Mod Edit
no need for that is there?
akapoor said:
Are you doing it through Terminal or ADB?
And make sure your phone is not mounted. If it is (since you had to put the fix_permissions on the sdcard), unmount it.
Click to expand...
Click to collapse
terminal i jsut reinstalled windows 7 havent had time to set up adb but yeah i know ty man im gonna try in a min.
Oh by the way, posting pics like it's 4chan make you look like a 14 year old tool.
On topic: I was under the impression that fix_permissions was made to run in recovery. You make it seem like it's a chore to reboot and run it the proper way.
evilkorn said:
Oh by the way, posting pics like it's 4chan make you look like a 14 year old tool.
On topic: I was under the impression that fix_permissions was made to run in recovery. You make it seem like it's a chore to reboot and run it the proper way.
Click to expand...
Click to collapse
it can b run from either places. ty bye
akapoor said:
Eh, I don't know what I was thinking, but this is the correct form:
Code:
$ su
# mount -o remount,rw /dev/block/mtdblock3 /system
# cp /sdcard/fix_permissions /system/bin/fix_permissions
# chmod 755 /system/bin/fix_permissions
# reboot
Then when its back up do
Code:
$su
# fix_permissions
Sorry about that.
Click to expand...
Click to collapse
not working i get cp: cannot stat '/sdcard/fix_permissions' :no such file or dir
its at the root of sd n sd is unmounted
Are you sure that it's correctly named as "fix_permissions" on the root folder of the SD card?
In Terminal,
Code:
$ cd /sdcard
$ ls
Is the file listed there?
yea but its with .txt extension.....that my prob aint it?
BrutalHoe said:
yea but its with .txt extension.....that my prob aint it?
Click to expand...
Click to collapse
it should be .sh, if i remember correctly
Finally the race is over and some brave devs managed to get root on the tattoo and some were able to reproduce it on their own devices already. But notice: We are in an early stage of development. There is no one-klick-get-root app at the moment and there is still much work to be done until we get custom roms.
I will try to keep track of the ongoing development and update this post periodically. I've you find a mistake or get something new, let us know but we can't give support to every linux-nob at this point of development!
At the moment beeing root on the tattoo does NOT enable you to use the usual applications like Wifi Tethering that need root out of the box. You are also unable to write to /system by default. Now there is a new hack to make /system writable (look at the bottom of this post)
[size=+2]Status[/size]
Last update: 26.02.2010 - 12:55 MEZ
[size=+1]Rooting[/size]
The tattoo was successfully rooted the first time on 19.02.2010 ( http://forum.xda-developers.com/showpost.php?p=5672597&postcount=93 ). It was reproduced by some other users already, there is some work to be done make the exploit work more easily.
Because it has been asked many times: If there will ever be an OFFICIAL update with android 2.1 by HTC for the Tattoo (nobody knows definitively), this root-exploit will NOT work! You will lose root then!
It was done by porting this exploit http://www.milw0rm.com/exploits/8678 to the arm plattform and the tattoo. It uses a security hole in kernel 2.6.29 that wasn't patched in tattoos kernel. All began here on 10.2.2010 (the first post doesn't has to do anything with this): http://forum.xda-developers.com/showthread.php?t=631540
Kudos to zanfur, bftb0, mainfram3, HT123 and others (sorry if I forgot an important one).
The exploit was tweaked to deliver root more reliable.
[size=+1]Flashing custom roms[/size]
To develop custom roms won't be the problem, but the tattoo has got some extra security mechanisms that don't make it trivial to flash a new rom even now we have root. There is work going on to solve this.
[size=+1]Howto get root-privileges[/size]
I think it is save to follow but this is done at your own risk. Don't blame me if you Tattoo explodes, eats your hamster or make your girlfriend leave you.
Remember: We're in an early state of development, this is no Klick-an-Run-app, linux knowledge is needed.
Newbis on Windows should follow this howto made by Coburn64, its much easier than this one: http://forum.xda-developers.com/showthread.php?t=637927
Download this to your PC and unzip: View attachment 285070
(the older release was called m6 and can be found here: View attachment r00t.zip)
m7 is the binary. Push m7 to your Tattoo using adb:
Code:
adb push m7 /data/local/bin/m7
adb chmod 755 /data/local/bin/m7
Start a shell:
Code:
adb shell
Start the exploit in the shell:
Code:
cd /data/local/bin
while `true` ; do /data/local/bin/m7; done
The new m7 is an improved version of the old m6, it now should bring you root much more reliable.
With the old m6 while it is running, bring up and close random apps via task manager on the tattoo. This might not be necessary with m7. After a while the exploit should report success and come up with a root-shell. The promt should change from
Code:
$
to
Code:
#
Sometime the exploit stopps but no shell ('#') comes up. Just terminate it with ^C and try again.
You did it, you should be root now!
Let's set some variables:
Code:
export LD_LIBRARY_PATH=/system/lib
export PATH=/system/bin
When you got your shell, check if you are really root:
Code:
id
You should get something like this:
Code:
# id
uid=0(root) gid=1000(shell) groups=1003(graphics),1004(input),1007(log),1011(adb),1015(sdcard_rw),3001(net_bt_admin),3002(net_bt),3003(inet)
uid=0(root) is important.
To get a root-shell more easily next time, we have to make su work.
Take this su binary and push it in your tatto: http://www.fileuploadx.de/45656
Code:
adb push su /data/local/bin/su
Remount /data without the nosuid-option
Code:
# mount -o rw,remount /dev/block/mtdblock3 /data
Change the owner to root and set the suid-bit
Code:
# chown root.root /data/local/bin/su
# chmod 4755 /data/local/bin/su
Now you don't have to run the exploit again, just open a normal shell and run
Code:
$ /data/local/bin/su
Now you should be root!
Attention: If you reboot your phone, you have to run the exploit and the mount command again because /data will be mounted nosuid again!
Thats it!
Some suggestions for going on. When you run mount, you will see that some partitions are mounted read-only and/or with the nosuid-option. You can change this by running:
Code:
mount -o rw,remount /dev/block/mtdblockYOUWANT /DIRtoREMOUNT
[size=+2]Other developer stuff[/size]
Here I will list all other thinks, more dangerous and not with all steps described in detail because you should know how to do this if you want to
New: Make /system writeable
This is a dangerous part, it might break you system forever unless you don't know what you are doing! Don't try it unless you are a dev! That is the reason why the steps you have to do are not described in a more detailed way. If you don't know what to type in, you shouldn't try this hack!
Download View attachment 286072
1. Copy tattoo-hack.ko from the zip to /data/local/bin
2. # insmod /data/local/bin/tattoo-hack.ko
3. Remount system partition to be writeable
Now you can do everything with /system until you reboot. /system is the only partition that is mounted without nosuid after reboot, so copy su over to /system/bin/ to keep root permanently. To be able to use programs like setcpu you have to replace /system/bin/su with this su:
View attachment 286154
Flashing a custom recovery image
This is in alpha-state but we are able to flash custom recovery images what is the determining step to flashing custom roms. Don't ask how to flash android 2.x (we didn't do it right now) or when it will be ready. It will bes sometimes...
http://forum.xda-developers.com/showthread.php?t=639486
Have a lot of fun!
-bm-
BTW.. In order for /data/local/bin to exist it's probably best you do the busybox install to there first.. also the busybox commands are very handy.
Great - bm - thank you very much
-bm- said:
-bm-
Click to expand...
Click to collapse
This is a great day, it's really amazing how people could work together searching the good way to root this awesome little phone. Just to say I've really appreciated your work... I followed all you guys day by day... Thank you everyone, sorry for the OT.
Anyway... risks of bricks?
elvisior said:
BTW.. In order for /data/local/bin to exist it's probably best you do the busybox install to there first.. also the busybox commands are very handy.
Click to expand...
Click to collapse
Youre right, busybox makes further development more handy. But I think it isn't needed for /data/local/bin to exist, because for me it was there and I've got no busybox on my tattoo
chdir /data/local/bin
Click to expand...
Click to collapse
instead of
chdir to /data/local/bin
Click to expand...
Click to collapse
Thanks Man.
Nice team work.
stupid noobie question how Push m6 to your Tattoo using adb! can anyone possible make a noobie tutorial?!
@zoko : Use your favorite linux distribution.
please can you help me?when I do .m6 in shell i get
Code:
[ Overwritten 0xb0000100
but no #, any help for me?
ApotheoZ said:
@zoko : Use your favorite linux distribution.
Click to expand...
Click to collapse
You don't need Linux. Windows or even Mac OS will do just fine.
Zoko, grab adb.exe from the Android SDK. To install m6, just run:
Code:
adb push m6 /data/local/bin/m6
chusen said:
please can you help me?when I do .m6 in shell i get
Code:
[ Overwritten 0xb0000100
but no #, any help for me?
Click to expand...
Click to collapse
As I try to say in my howto (okay, my english is not the best ;-) ): That happens quite often. Just stop it with ^C ([control]+C) and start the exploit again until you have luck!
zoko said:
stupid noobie question how Push m6 to your Tattoo using adb! can anyone possible make a noobie tutorial?!
Click to expand...
Click to collapse
Hi zoko!
Please use google to find a tutorial for pushing files using adb, there are many out there and using adb is not tattoo-specific!
We don't have time to provide more service at the moment ;-)
By the way: I'm happy about everybody testing, but I wonder what you want to do with a root-shell I you even didn't use adb before. But learning and trying is always a good thing but please consider learning by googling also ;-)
Have a lot of fun!
-bm-
thanks but i try and try and try... and same result, more ideas or only try it?
Is there any way to mount /data r/w on boot?
I doubt it because the exploit should be run first... hmm
So now we need a custom rom with root privileges
...first a recovery.. i think
after i run the exploit once I have to reboot the phone to be able run it again or i get
HTML:
$ usage: reboot [-n] [-p] [rebootcommand]
.
any option to be able to run it more than once without rebooting the phone?
The Tattoo Root (kit)
Here's a small installation batch, to make it easier for everyone.
Download the supplied zip (TattooRoot).
Run 'install-tattoo-root'.
Code:
--------------------------------------------------
Creating /data/local/bin (it's ok to get an error)
mkdir failed for /data/local/bin, File exists
300 KB/s (5546 bytes in 0.018s)
1366 KB/s (356916 bytes in 0.255s)
9 KB/s (126 bytes in 0.013s)
--------------------------------------------------
M6 exploit (shoryuken derived with ARM shellcode from Zanfur)
installed to /data/local/bin
STEP 1:
Launch adb shell at the command prompt
Once in a shell type:
while `true` ; do /data/local/bin/m6; done
The exploit has succeded once you get a root prompt (indicated by #)
Retry the while loop above, until you get the root prompt
STEP 2:
Run /data/local/bin/create_su.sh to create a
suid shell in /data/local/bin/su
I think the comments are self-explanatory. If you can't get the m6 into your Tattoo, even with the help of this batch, I suggest you wait a little longer for a more foolproof way to free your Tattoo
Everytime you reboot your Tattoo you'll have to execute steps 1 and 2 again.
@mainfram3 i dont get same results
Code:
--------------------------------------------------
Creating /data/local/bin (it's ok to get an error)
mkdir failed for /data/local/bin, File exists
300 KB/s (5546 bytes in 0.018s)
1366 KB/s (356916 bytes in 0.255s)
9 KB/s (126 bytes in 0.013s)
--------------------------------------------------
M6 exploit (shoryuken derived with ARM shellcode from Zanfur)
installed to /data/local/bin
STEP 1:
Launch adb shell at the command prompt
Once in a shell type:
while `true` ; do /data/local/bin/m6; done
The exploit has succeded once you get a root prompt (indicated by #)
Retry the while loop above, until you get the root prompt
STEP 2:
Run /data/local/bin/create_su.sh to create a
suid shell in /data/local/bin/su
i get
Code:
Creating /data/local/bin (it's ok to get an error)
mkdir failed for /data/local/bin, File exists
34 KB/s (5546 bytes in 0.156s)
796 KB/s (356916 bytes in 0.437s)
7 KB/s (126 bytes in 0.015s)
--------------------------------------------------
where are my error?
chusen said:
i get
Code:
Creating /data/local/bin (it's ok to get an error)
mkdir failed for /data/local/bin, File exists
34 KB/s (5546 bytes in 0.156s)
796 KB/s (356916 bytes in 0.437s)
7 KB/s (126 bytes in 0.015s)
--------------------------------------------------
where are my error?
Click to expand...
Click to collapse
Chusen,
That is allright.
Now, launch a adb shell by typing
Code:
adb shell
and then try the exploit
Code:
$ while `true` ; do /data/local/bin/m6; done
until your greeted with:
Code:
[ Overwritten 0xb0000100
# <---- This # indicates you got root
Ok, I'm not a total noob. I've been trying to return to 1.5 as cleanly as possible, but now I'm having an error when trying to remount my phone.
Code:
C:\android-sdk-windows\tools>adb devices
List of devices attached
HT9C1HF03306 device
C:\android-sdk-windows\tools>adb remount
remount failed: Operation not permitted
C:\android-sdk-windows\tools>adb shell
$ su
su
#
This is what I did:
Flashed the 1.5 RUU that Flipz has had out for months. No errors
Ran the Avalaunch PRI fix to get rid of the flipz_01 PRI name
updated my profile
updated my PRL (which is now 65000??)
rooted through the normal sequence without error, I can boot to the recovery just fine, but when I adb shell into the phone I end up at $ instead of #. I have to su to get to # and at the c:\windows-sdk-windows\tools\adb remount fails with "remount failed: operation not permitted"
Is it possible that the PRI update has foiled the root exploit? I even restored a nand backup that I know had a working root and I still have the same results. This is too weird.
Anyone else have this issue? I searched the forum but I came up empty.
Try adb remount before adb shell. I'm pretty sure anythig with adb should be ran at just the command prompt.
Someone feel free to correct me if I'm wrong.
right, this is at the c:\android-sdk-windows\tools\ prompt. I guess I need to re-word that last bullet point to be more clear.
Code:
C:\android-sdk-windows\tools>adb devices
List of devices attached
HT9C1HF03306 device
C:\android-sdk-windows\tools>adb remount
remount failed: Operation not permitted
C:\android-sdk-windows\tools>adb shell
$ su
su
#
Yeah the wording got me. I was hoping it was as simple as that for you tho. Defiantly Strange. Believe me I've had plenty of those moments where hours would have been saved if someone could have just said "no your just doing it wrong".
Maybe try rerunning the RUU and start from scratch the PRI fix should hold thru the RUU but if it did affect something else running the RUU again may correct it.
I RUU'd about 4 times so far on two different laptops, one with XP and one with Win7, running both versions of the HTC Sync drivers.
Something is definitely different. I'm thinking of doing the PRI fix again to see if that helps. The PRL being 65000 instead of the normal 60664 is another anomaly I'm curious about.
looks as if the 65000 PRL is a new one. I can't confirm (not with Sprint) but there is a thread over in General talking about it.
http://forum.xda-developers.com/showthread.php?t=684873
YEAH! I fixed it....well....actually Flipz fixed it for me. I created a custom ROM in the kitchen and flashed it. Now the remount miraculously works. I'm back to being happy...though I don't know why. Its not like I was using root for anything
Nextelian said:
right, this is at the c:\android-sdk-windows\tools\ prompt. I guess I need to re-word that last bullet point to be more clear.
Code:
C:\android-sdk-windows\tools>adb devices
List of devices attached
HT9C1HF03306 device
C:\android-sdk-windows\tools>adb remount
remount failed: Operation not permitted
C:\android-sdk-windows\tools>adb shell
$ su
su
#
Click to expand...
Click to collapse
Can someone splain how to fix this issue w/o flashing? Like maybe from command prompt/shell? Pleeeeease?
mrsato said:
Can someone splain how to fix this issue w/o flashing? Like maybe from command prompt/shell? Pleeeeease?
Click to expand...
Click to collapse
I found something that help me and you. it properly works!!
I can't spell out instructions for the above mentioned suggestion, since I
don't know which file editor comes on the shipped device, but I have an
alternative solution.From the SDK's tools directory, run adb shell. In the
prompt run the following:
# su
# mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
# chmod 777 /system (Or any subdirectory you want to push to inside system)
# exit
adb push <local file> <device location>
and eventually you should restore the original directory permissions by:
# chmod 755 /system (Or any subdirectory you modified permissions to)
Hope this helps,
Yoav
Click to expand...
Click to collapse
still no Read/Write on /system
I tried the above, and I could not mount /system as read/write:
Code:
adb shell
$ su
mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
Permission denied
$ mount: Operation not permitted
My Android 1.6 is rooted, so I feel like I should be able to do this. But any help would be...helpful.
mojotexas said:
I tried the above, and I could not mount /system as read/write:
Code:
adb shell
$ su
mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
Permission denied
$ mount: Operation not permitted
My Android 1.6 is rooted, so I feel like I should be able to do this. But any help would be...helpful.
Click to expand...
Click to collapse
I'm not at my computer but I think the command is off... check to make sure its exactly how it should be... maybe the coma after the rw
Sent from my HERO200 using XDA App
mojotexas said:
I tried the above, and I could not mount /system as read/write:
Code:
adb shell
$ su
mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
Permission denied
$ mount: Operation not permitted
My Android 1.6 is rooted, so I feel like I should be able to do this. But any help would be...helpful.
Click to expand...
Click to collapse
Just cd to your tools directory and adb remount
huedawg said:
Just cd to your tools directory and adb remount
Click to expand...
Click to collapse
Is there a solution for this?
I have a rooted HTC Desire.
When I type adb remount I get permission denied.
When I type adb shell and then su , i get permission denied!
This was a stock 2.2 rooted with unrevoked 3.
Any idea?
[edit]
i noticed root permissions pop-up on the phone and allowed so su worked.
[/edit]
Hi,
I have a Desire with stock froyo rooted with unrevocked 3 too and cannot use adb remount:
D:\android-sdk-windows\tools>adb remount
remount failed: Operation not permitted
Click to expand...
Click to collapse
D:\android-sdk-windows\tools>adb shell
$ remount
remount
remount: permission denied
$
Click to expand...
Click to collapse
I have allowed ADB via the Super user app popup.
Any idea?
EDIT: I have set S-OFF using AlphaRev's recovery fastboot and I am now able to remount in rw (well no access denied anymore)
still missing some access as I fail to remove the Google Maps app (want to use Brut maps only)
ghost_boy1412 said:
I found something that help me and you. it properly works!!
Click to expand...
Click to collapse
This worked perfectly! Thank you!
Good freakin lord why the heck did you feel the need to bump this thread thats almost a year old just to say that!!!!!!!! I rarly shout like this, but this crap is starting to drive me crazy!!!!!!!!!!!!
Grrrrrrrrrrrrrrr
same thing for me. i get permission denied
DannyMichel said:
same thing for me. i get permission denied
Click to expand...
Click to collapse
thank you for letting us all know, and in such detail, and with new valuable information no less
/me shakes fists in rage.
Post deleted.
Don't mean to bring up this dead thread but a more simple solution would be this
adb shell
$ su
# busybox mount -o remount,rw /system (or another desired directory)
# chmod 777 (or another desired permission set) /system (or another desired directory)
# exit
$ exit
Stupid me go back to the stock rom and upgraded to 2.2.1 and lost the root. Ive been trying all day today by following the instruction from this tutorial(http://forum.xda-developers.com/showthread.php?t=736271) but im stuck at the rootshell command. its says permission denied. Can some one please help me..please.. is there any way to root this FRG83, please??
This method does not work anymore.. you have to go a different method..
you can try this method
Code:
adb push rageagainstthecage-arm5.bin /data/local/tmp/
adb shell
$chmod 700 /data/tmp rageagainstthecage
exit
go to sdk/tools
/tools>freenexus.bat
adb shell
$cd data/local/tmp
ls
check if all files are in
rage
su
Superuser.apk
busybox
$./rageagainstthecage
743C[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3084, 3084}[*] Searching for adb ...
[+] Found adb as PID 64[*] Spawning children. Dont type anything and wait for reset![*][*] If you like what we are doing you can send us PayPal money to[*] 7-4-3-C[at]web.de so we can compensate time, effort and HW costs.[*] If you are a company and feel like you profit from our work,[*] we also accept donations > 1000 USD![*][*] adb connection will be reset. restart adb server on desktop and re-login.
DONT TYPE ANYTHING TILL YOU HERE THE ADB ON PHONE RESTARTS.
C:/adb kill-server
C:/adb start-server
adb shell
#
should get pound sign if not run ragecage again and dont do anything to you here the last ding on computer
#cd /data/local/tmp
#./busybox cp busybox /system/bin/
(if get read-only error do this
mount -o remount,rw /dev/block/mtdblock3 /system)
#chmod 4755 /system/bin/busybox
#./busybox cp Superuser.apk /system/app
#./busybox cp su /system/bin/
#chmod 4755 /system/bin/su
#exit
if $ type exit again
then go into terminal on phone, and type su
if you get the # you have root once again! yay!
now to install busybox command
adb shell
$su
#cd /sdcard
#sh ./installbusybox.sh
thats it
i dont have files i will upload in a bit before i have to go
ok for busybox installing on phone..
put installer.sh
and busybox on root of sdcard
then follow rest of instructions..pretty simple
put su,busybox,and all the freenexus stuff in sdktools
http://www.mediafire.com/file/nm7k71ofdgltk5g/root.rar
ilostchild said:
This method does not work anymore.. you have to go a different method..
you can try this method
Code:
adb push rageagainstthecage-arm5.bin /data/local/tmp/
adb shell
$chmod 700 /data/tmp rageagainstthecage
exit
go to sdk/tools
/tools>freenexus.bat
adb shell
$cd data/local/tmp
ls
check if all files are in
rage
su
Superuser.apk
busybox
$./rageagainstthecage
743C[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3084, 3084}[*] Searching for adb ...
[+] Found adb as PID 64[*] Spawning children. Dont type anything and wait for reset![*][*] If you like what we are doing you can send us PayPal money to[*] 7-4-3-C[at]web.de so we can compensate time, effort and HW costs.[*] If you are a company and feel like you profit from our work,[*] we also accept donations > 1000 USD![*][*] adb connection will be reset. restart adb server on desktop and re-login.
DONT TYPE ANYTHING TILL YOU HERE THE ADB ON PHONE RESTARTS.
C:/adb kill-server
C:/adb start-server
adb shell
#
should get pound sign if not run ragecage again and dont do anything to you here the last ding on computer
#cd /data/local/tmp
#./busybox cp busybox /system/bin/
(if get read-only error do this
mount -o remount,rw /dev/block/mtdblock3 /system)
#chmod 4755 /system/bin/busybox
#./busybox cp Superuser.apk /system/app
#./busybox cp su /system/bin/
#chmod 4755 /system/bin/su
#exit
if $ type exit again
then go into terminal on phone, and type su
if you get the # you have root once again! yay!
now to install busybox command
adb shell
$su
#cd /sdcard
#sh ./installbusybox.sh
thats it
i dont have files i will upload in a bit before i have to go
ok for busybox installing on phone..
put installer.sh
and busybox on root of sdcard
then follow rest of instructions..pretty simple
put su,busybox,and all the freenexus stuff in sdktools
http://www.mediafire.com/file/nm7k71ofdgltk5g/root.rar
Click to expand...
Click to collapse
man thanks alot for your help, but im really a noob.
wud u mind telling me step by step, i know it sounds pretty stupid but pls just guide in the right direction. Much appreciated.
Ouch. I hope you can laugh about this one day. I'm sure you'll have root again.
Have you ever heard the term "curiosity kills the cat".
You knew enough to get root, revert to stock so that you could apply 2.2.1, to discover the hard way that the .1 was mainly, if nothing more than a security patch locking out root. And now need coles notes for above. Sorry, that'll be funny after you have root again.
In the meantime, I hope you find solace in paving the road for future noobs starting new from 2.2.1.
Anyway, the majority of the guide above are sequences while in ADB. You had to use some adb to get
root the first time. Google and do a little research on the subject. You need to polish up as I think the warnings above about "don't do anything until", are warnings to avoid bricking. If this procedure is that risky then your ounce of comprehension is worth a ton of hand holding.
Sent from my Nexus One using XDA App
read this thread first
my instructions are the same just more detailed..
and yes gotto do this thru adb
so you get the ragecage arm5
and go to android sdk/tools> and from there do adb push.. and im sure you can do the rest
ilostchild said:
my instructions are the same just more detailed..
and yes gotto do this thru adb
so you get the ragecage arm5
and go to android sdk/tools> and from there do adb push.. and im sure you can do the rest
Click to expand...
Click to collapse
ijust wanted to know which files to download and where to extract themm.. just lik ehow it was mentioned in the freenexus thread, it was defined so clear which fuiles to download and where,,.
Can anyone please help. thanks.
Loveact's post links you to a thread with multiple victims of the patch, links and details to get back root.
Sent from my Nexus One using XDA App
Detailed step-by-step instructions
nexusdue said:
Detailed step-by-step instructions
Click to expand...
Click to collapse
ok so i tried last nite several time but im stuck at the part after
$./rageagainstthecage
its says not found
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
what am i suppose to do now, I am stuck. All my files are in the tools folder
I need your help, please help me out.
If you are running windows, did you run freenexus.bat? I think that step was not mentioned unless u looked at the readme file in the freenexus.zip files.
kpjimmy said:
If you are running windows, did you run freenexus.bat? I think that step was not mentioned unless u looked at the readme file in the freenexus.zip files.
Click to expand...
Click to collapse
Do I have to double click it and run iton windows before i start the process??
is that what you mean??
junooni.1980 said:
ok so i tried last nite several time but im stuck at the part after
$./rageagainstthecage
its says not found
what am i suppose to do now, I am stuck. All my files are in the tools folder
I need your help, please help me out.
Click to expand...
Click to collapse
Congrats for not following the instructions.
nexusdue said:
Congrats for not following the instructions.
Click to expand...
Click to collapse
i did man.. can some one help me then dunno what am i m issing.. here pls.
Looks like you don't have the rageagainstthecage binary on your phone.
Doing 'adb shell ls -l /data/local/tmp' on your computer should get you something like this:
Code:
-rwxrwxrwx shell shell 5392 2010-08-25 01:42 rageagainstthecage-arm5.bin
-rwxr-xr-x shell shell 1926944 2010-03-22 20:29 busybox
-rwxrwxrwx shell shell 26248 2010-07-22 10:20 su
-rwxrwxrwx shell shell 27688 2010-07-22 10:19 Superuser.apk
There might be some other files in there; it's these that matter. If you don't see them then do all the 'adb push' and 'adb shell chmod' stuff in the previously linked instructions.
Egypt Urnash said:
Looks like you don't have the rageagainstthecage binary on your phone.
Doing 'adb shell ls -l /data/local/tmp' on your computer should get you something like this:
Code:
-rwxrwxrwx shell shell 5392 2010-08-25 01:42 rageagainstthecage-arm5.bin
-rwxr-xr-x shell shell 1926944 2010-03-22 20:29 busybox
-rwxrwxrwx shell shell 26248 2010-07-22 10:20 su
-rwxrwxrwx shell shell 27688 2010-07-22 10:19 Superuser.apk
There might be some other files in there; it's these that matter. If you don't see them then do all the 'adb push' and 'adb shell chmod' stuff in the previously linked instructions.
Click to expand...
Click to collapse
what is Doing 'adb shell ls ((-l /data/local/tmp' ))on your computer should get you something like this: i meant what is -I??
If you can't follow these instrucstions, you should NOT be rooting anyhow, since you obviously have NO IDEA what you are doing.
1) Get rageagainstthecage-arm5.bin
http://stealth.openwall.net/xSports/RageAgainstTheCage.tgz
2) Get Superuser.apk, busybox,su
http://dl.dropbox.com/u/1327667/freenexus.zip
3) Get the Android SDK (ADB)
http://dl.google.com/android/android-sdk_r07-windows.zip
4a) Unzip android SDK (e.g. so that the tools folder is F:\ADB\)
4b) connect Nexus One with with "applications=>development=>USB debug enabled" (and install USB driver if necessary)
5) Unzip/unrar files within RageAgainstTheCage.tgz to F:\ADB\
6) Unzip/unrar files within freenexus.zip to F:\ADB\
7) Open command prompt go to F:\ADB
[7b) Verify that your nexus one is connected and responding - type "adb devices" it should list your N1
8) Now within the command prompt do the following (commands in bold - the rest gives you an indication of the results)
(Note: if you get $ instead of #, just go back and repeat the instructions from where it says $ ./rageagainstthecage. Worked like a charm on the second try for me.)
F:\ADB>adb push rageagainstthecage-arm5.bin /data/local/tmp/rageagainstthecage
263 KB/s (5392 bytes in 0.020s)
F:\ADB>adb push Superuser.apk /data/local/tmp/Superuser.apk
263 KB/s (5392 bytes in 0.020s)
F:\ADB>adb push su /data/local/tmp/su
263 KB/s (5392 bytes in 0.020s)
F:\ADB>adb push busybox /data/local/tmp/busybox
263 KB/s (5392 bytes in 0.020s)
F:\ADB>adb shell chmod 700 /data/local/tmp/rageagainstthecage
F:\ADB>adb shell
$
$ cd /data/local/tmp
cd /data/local/tmp
$ ./rageagainstthecage
./rageagainstthecage[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3084, 3084}[*] Searching for adb ...
[+] Found adb as PID 64[*] Spawning children. Dont type anything and wait for reset![*][*] If you like what we are doing you can send us PayPal money to[*] 7-4-3-C[at]web.de so we can compensate time, effort and HW costs.[*] If you are a company and feel like you profit from our work,[*] we also accept donations > 1000 USD![*][*] adb connection will be reset. restart adb server on desktop and re-login.
$
F:\ADB>adb kill-server
F:\ADB>adb start-server
* daemon not running. starting it now *
* daemon started successfully *
F:\ADB>adb shell chmod 755 /data/local/tmp/busybox
F:\ADB>adb shell
#mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
# cd /data/local/tmp
cd /data/local/tmp
# ./busybox cp busybox /system/bin
./busybox cp busybox /system/bin
# chmod 4755 /system/bin/busybox
chmod 4755 /system/bin/busybox
# busybox cp Superuser.apk /system/app
busybox cp Superuser.apk /system/app
# busybox cp su /system/bin
busybox cp su /system/bin
# chmod 4755 /system/bin/su
chmod 4755 /system/bin/su
# exit
F:\ADB>adb shell
# su
su
#mount -o remount,ro -t yaffs2 /dev/block/mtdblock3 /system
mount -o remount,ro -t yaffs2 /dev/block/mtdblock3 /system
# exit
F:\ADB>exit
Click to expand...
Click to collapse
nexusdue said:
If you can't follow these instrucstions, you should NOT be rooting anyhow, since you obviously have NO IDEA what you are doing.
1) Get rageagainstthecage-arm5.bin
http://stealth.openwall.net/xSports/RageAgainstTheCage.tgz
2) Get Superuser.apk, busybox,su
http://dl.dropbox.com/u/1327667/freenexus.zip
3) Get the Android SDK (ADB)
http://dl.google.com/android/android-sdk_r07-windows.zip
4a) Unzip android SDK (e.g. so that the tools folder is F:\ADB\)
4b) connect Nexus One with with "applications=>development=>USB debug enabled" (and install USB driver if necessary)
5) Unzip/unrar files within RageAgainstTheCage.tgz to F:\ADB\
6) Unzip/unrar files within freenexus.zip to F:\ADB\
7) Open command prompt go to F:\ADB
[7b) Verify that your nexus one is connected and responding - type "adb devices" it should list your N1
8) Now within the command prompt do the following (commands in bold - the rest gives you an indication of the results)
(Note: if you get $ instead of #, just go back and repeat the instructions from where it says $ ./rageagainstthecage. Worked like a charm on the second try for me.)
Click to expand...
Click to collapse
Ok perhaps that what i am doing wrong...
so i download android-sdk_r07-windows.zip & unzip it..to a folder F:\ADB.
So i have to create a new folder named ADB and thne unzip all teh stuff in it??
because before i was unzipping the android-sdk_r07-windows.zip & then the folder named android-sdk_r07-windows & i was upzipping freenexus.zip & RageAgainstTheCage.tgz in the tools folder in the android-sdk_r07-windows folder.
So correct me if im wrong instead of android-sdk_r07-windows folder I have to make a new folder named F:\ADB and then unzinp android-sdk_r07-windows.zip & freenexus.zip & RageAgainstTheCage.tgz in teh F;\ADB folder not in the android-sdk_r07-windows tools folder??
Please advise?>?
junooni.1980 said:
Ok perhaps that what i am doing wrong...
so i download android-sdk_r07-windows.zip & unzip it..to a folder F:\ADB.
So i have to create a new folder named ADB and thne unzip all teh stuff in it??
because before i was unzipping the android-sdk_r07-windows.zip & then the folder named android-sdk_r07-windows & i was upzipping freenexus.zip & RageAgainstTheCage.tgz in the tools folder in the android-sdk_r07-windows folder.
So correct me if im wrong instead of android-sdk_r07-windows folder I have to make a new folder named F:\ADB and then unzinp android-sdk_r07-windows.zip & freenexus.zip & RageAgainstTheCage.tgz in teh F;\ADB folder not in the android-sdk_r07-windows tools folder??
Please advise?>?
Click to expand...
Click to collapse
Sorry this is so basic ... if you don't understand folder structures, you really SHOULD NOT ROOT!
Do NOT do it! Maybe after using computers for a couple of years you can "upgrade" to rooting your phone.
nexusdue said:
Sorry this is so basic ... if you don't understand folder structures, you really SHOULD NOT ROOT!
Do NOT do it! Maybe after using computers for a couple of years you can "upgrade" to rooting your phone.
Click to expand...
Click to collapse
I can admire how you're so annoyed but I guess i gotta suck it up cus It I who is in need.
LOL! i've been using computers for a while now & I do undrestand the folder structure pretty well why would i think that? Cus I was able to root the phone the first time.
It's just that i find the description so confusing, I use windows, dunno what OS are you on? But when you extract a zip file it creates a default folder of the same name so...
But i really don't think that my question was that hard, which shot you over the moon & piss you off and made you tell me to learn basic computing first.
All i asked was If I am suppose to make a separate folder named ADB & if I sould extract every thing in it rather than the default unzipped folder that windows makes. But I guess If you're so annoyed then i'l leave it for some one else, I am quite sure one of the purpose of this forum is to get and give help. And im pretty sure that there will be someone who can help me or perhaps i'll find a way myself. But anyways thanks alot for your time, you've been nothing but great help. LOL! And I mean it...
Sogarth's webtop2sd will be released soon, you really should wait and install that instead of this! Thanks -The Management
No longer breaks on 1.83, thanks to Romracer
Update: This script worked on my phone. Mind you I was installing it from a fresh SBF flash, but it should work on your phone too. Absolutely no guarantees as usual.
Update 11th April 2011, 06:59 PM: Won't be getting CWM package because it'd be huuuuuuuuuge.
Update 28th April 2011. 16:38 PM: Removing BETA tag since there have been no issues with the script for quite some time.
First off I would like to thank Sogarth for making this script in the first place as well as Romracer for fixing it for 1.83. Since he is busy doing more important work I decided to do this little hack for those of us that updated to 1.5.7 and dont feel like flashing back to earlier versions to get full Ubuntu working.
Again, this is only necessary if you're already running 1.5.7 or 1.8.3.
Secondly, I am still working on this script so it may not work for you. If you have a problem you may post in the thread or PM me showing exactly the error message, word for word, that you receive.
Updates will be included in the OP from time to time as I fix errors.
Instructions:
1) install.bat (from your computer)
2) adb shell (get a shell on your phone)
3) su (get root on your phone in that shell)
4) . /data/local/tmp/install.sh (run the install script *on your phone* don't forget the "." and the space after the dot, or you will have to chmod 755 the shell script manually)
5) ?????
6) profit\
Noob instructions, written by Viamonte (I take no credit or responsibility):
Thanks again for all your help. Now the noob instructions:
"1-Download "Terminal Emulator" from the market, on your phone (or any other terminal), and the file anexed in this thread to your computer.
2-Connect the Atrix to the computer via USB, configuring the connection mode to "None" and enabling USB Debugging mode (Settings>Applications>Development>USB debugging)
3-Unzip the file you downloaded on your pc, and run Install.bat. This will push the script to your phone.
4-Go back to your phone and open the emulator you downloaded. Then type "su" (without quotes) and press enter. Then type ". /data/local/tmp/install.sh" (without quotes) and press enter again.
The script should begin running now. It will stop in two moments where you'll be instructed to get a cup of coffee, and may take several minutes to continue form this point. When finished, the Atrix will reboot.
To check if this worked, use the Webtop either on your multimidia dock or your lapdock and verify if new itens appeared on your task bar and on the right upper side of the screen"
0.3.1 release
0.2 release
0.1 first release
Changelog
0.3.1 fix to gconf file's mdate so it does what its supposed to do =)
0.3 Small typo fixes and cpp package install fix by romracer, now works on 1.83 =)
0.2 Fixed some typos in uninstall.sh and make sure the %gconf file wound up in the right spot.
0.1 - first version. NOT CWM install but ready to be packaged for that more or less
Nice, I'll give this a shot later.
Ill give it a shot when I get home!
Sent from Motorola Atrix on TELUS.
My phone is working perfectly, so why not ruin it?
I'm giving this a try right now!
1.4.57 - Rooted and gingerblurred with HDMI Mirroring and Webtop hack.
I'll update as progress goes along:
Edit 1:
Initial try gave me this
Checking device state...
Obtaining temporary root access...pushing shell scripts
A filesystem file already exists. Reset it? [n] y
Mounting the filesystem...
07.sh
--------------------------------------------
EXECUTION FAILED
Unable to mount the filesystem file. ERR 07
--------------------------------------------
Press any key to continue . . .
Edit 2:
Ok, it doesnt work with resetting it. How about removing?
Checking device state...
Obtaining temporary root access...pushing shell scripts
A filesystem file already exists. Reset it? [n] n
A filesystem file already exists. Delete it? [n] y
Deleting the filesystem file...
--------------------------------------
EXECUTION FAILED
Unable to delete the filesystem file.
--------------------------------------
Press any key to continue . . .
Edit 3:
Ok, only one option left then.
Checking device state...
Obtaining temporary root access...pushing shell scripts
A filesystem file already exists. Reset it? [n] n
A filesystem file already exists. Delete it? [n] n
--------------------------------------------------------------------------
EXECUTION FAILED
The filesystem file already exists, but no operations have been selected.
--------------------------------------------------------------------------
Press any key to continue . . .
=====================================================================
Edit 4:
Since execution is failing I'm trying to find the problem. Using ADB Shell i tried to manually run the shell scripts and stumbled here:
(I tried chmod 777 @ 02.sh to see if that was the problem, no change is results)
# ls -l
...
...
-rwsr-sr-x shell shell 87 2011-04-06 12:13 03.sh
-rwxrwxrwx shell shell 82 2011-04-06 12:11 02.sh
-rwsr-sr-x shell shell 251 2011-04-06 12:04 01.sh
# pwd
pwd
/data/tmp/shell
# /data/tmp/shell/02.sh
/data/tmp/shell/02.sh
/data/tmp/shell/02.sh: not found
I had the same issue as flybob when I tried to run the script.
Sent from my MB860 using XDA Premium App
Good effort, but 1.57 changes how we have to run commands as root. On a normal linux box, I'm sure your methods would work fine, but we're not dealing with a normal su binary. You should look into doing this as CWM as opposed to .bat files. I had a hell of a time getting around the restrictions since the psneuter exploit was closed.
Ah, I did not think about that Ririal, thanks for the info. I am not familiar with CWM though.
Why is the /tmp directory in /data ? That would certainly cause every script to fail.
I'll look at this some more tonight.
Ririal said:
Good effort, but 1.57 changes how we have to run commands as root. On a normal linux box, I'm sure your methods would work fine, but we're not dealing with a normal su binary. You should look into doing this as CWM as opposed to .bat files. I had a hell of a time getting around the restrictions since the psneuter exploit was closed.
Click to expand...
Click to collapse
How about a shell script that we can run in terminal emulator ? and the output goes to screen and a log file for debug !
molotof said:
How about a shell script that we can run in terminal emulator ? and the output goes to screen and a log file for debug !
Click to expand...
Click to collapse
most of the script is now run by shell scripts, no reason you couldn't run them in the terminal emulator, just get the order right. There are also a few lines I didn't translate to shell so you'd have to enter them by hand.
In any case I'll keep working on this until Sogarth releases his version with union mounts =D
You might be interested to know this;
# cd /tmp
cd /tmp
# pwd
pwd
/data/tmp
# ls -l /tmp
lrwxrwxrwx root root 2011-04-09 14:47 tmp -> /data/tmp
I'll happily help with the script, i know tons of linux and got my Atrix ready to be bricked
flybob said:
You might be interested to know this;
# cd /tmp
cd /tmp
# pwd
pwd
/data/tmp
# ls -l /tmp
lrwxrwxrwx root root 2011-04-09 14:47 tmp -> /data/tmp
I'll happily help with the script, i know tons of linux and got my Atrix ready to be bricked
Click to expand...
Click to collapse
That's just a symlinked directory. I won't make a difference if you call either.
Yes, just replied to the previous question
Why is the /tmp directory in /data ? That would certainly cause every script to fail.
I'll look at this some more tonight.
Click to expand...
Click to collapse
However, why doesn't the scripts run as wanted...?
# cat /tmp/shell/02.sh
cat /tmp/shell/02.sh
#!/bin/sh
/system/bin/su
/bin/rm /data/ubuntu.disk > /dev/null 2>&1 && echo PASS#
# ls -l /tmp/shell/02.sh
ls -l /tmp/shell/02.sh
-rwxrwxrwx shell shell 82 2011-04-06 12:11 02.sh
# /tmp/shell/02.sh
/tmp/shell/02.sh
/tmp/shell/02.sh: not found
flybob said:
Yes, just replied to the previous question
However, why doesn't the scripts run as wanted...?
# cat /tmp/shell/02.sh
cat /tmp/shell/02.sh
#!/bin/sh
/system/bin/su
/bin/rm /data/ubuntu.disk > /dev/null 2>&1 && echo PASS#
# ls -l /tmp/shell/02.sh
ls -l /tmp/shell/02.sh
-rwxrwxrwx shell shell 82 2011-04-06 12:11 02.sh
# /tmp/shell/02.sh
/tmp/shell/02.sh
/tmp/shell/02.sh: not found
Click to expand...
Click to collapse
Ah ok my mistake, you didn't quote anything I didn't realize that's what you were responding too
Likely noexec flag causing that issue.
Also, you can't invoke su from inside a shell script. It just doesn't work with this su binary.
yeah, I guess not. I hadn't realized that it wasn't a real 'su' before making this... too bad.
If anyone figures out how to get around that we'll be in business Unfortunately that's way beyond my expertise.
Okay, after fiddling a little bit and talking to a friend I may have solved some of the problems, mainly with the scripts executing and su working.
I will have to rewrite a bunch of things but should report back tonight.
the2dcour said:
Okay, after fiddling a little bit and talking to a friend I may have solved some of the problems, mainly with the scripts executing and su working.
I will have to rewrite a bunch of things but should report back tonight.
Click to expand...
Click to collapse
su -c "command"
You'll have to allow superuser on the phone for every single command.
PM'd you my error. I tried manually editing the permissions, but that didn't work.
Running on GladAtrix2 v3
USB debugging on; USB set to none
Checking device state...
Obtaining temporary root access...pushing shell scripts
-------------------------
EXECUTION FAILED
Unable to chmod scripts.
-------------------------
Press any key to continue . . .
Changed /sdcard-ext to /sdcard in script. Got this error
Checking device state...
Obtaining temporary root access...pushing shell scripts
-------------------------
EXECUTION FAILED
Unable to chmod scripts.
-------------------------
* server not running *
Press any key to continue . . .
Running BETA_ubuntu-1.0.6.4.zip. File extracts to BETA_ubuntu-1.0.6.2 directory. Ran ubuntu-1.5.7.bat
Moved BETA_ubuntu-1.0.6.2 to C:\ Same error
The only easy workaround to that I can see at the moment is to
Code:
adb shell
su
chmod 777 /path-to-scripts/*
ls -l /path-to-scripts/*
make sure all the files are executable (should say rwxrwxrwx)
then remove the bit of code from 1.5.7.bat
Code:
set retval=
for /f "tokens=*" %%l in ('%~dps0adb.exe shell "/bin/chmod 6755 /mnt/sdcard-ext/shell/* > /dev/null 2>&1 && echo PASS"') do set retval=%%l
if "%retval%" neq "PASS" set message=Unable to chmod scripts. && goto abort
If anyone can help me fix this problem I should be able to automate the chmod process using ririal's suggestion of su -c. The problem is that there are too many nested quotation marks in this section of the batch file, and I can't for the life of me figure out how to escape quotes so they pass through to adb:
Code:
set retval=
for /f "tokens=*" %%l in ('%~dps0adb.exe shell "/system/bin/su -c [U]'/bin/chmod 6755 /mnt/sdcard-ext/shell/*'[/U] > /dev/null 2>&1 && echo PASS"') do set retval=%%l
if "%retval%" neq "PASS" set message=Unable to chmod scripts. && goto abort
The underlined bit is where I need to escape either single or double quotes.
the2dcour said:
The only easy workaround to that I can see at the moment is to
Code:
adb shell
su
chmod 777 /path-to-scripts/*
ls -l /path-to-scripts/*
make sure all the files are executable (should say rwxrwxrwx)
then remove the bit of code from 1.5.7.bat
Code:
set retval=
for /f "tokens=*" %%l in ('%~dps0adb.exe shell "/bin/chmod 6755 /mnt/sdcard-ext/shell/* > /dev/null 2>&1 && echo PASS"') do set retval=%%l
if "%retval%" neq "PASS" set message=Unable to chmod scripts. && goto abort
If anyone can help me fix this problem I should be able to automate the chmod process using ririal's suggestion of su -c. The problem is that there are too many nested quotation marks in this section of the batch file, and I can't for the life of me figure out how to escape quotes so they pass through to adb:
Code:
set retval=
for /f "tokens=*" %%l in ('%~dps0adb.exe shell "/system/bin/su -c [U]'/bin/chmod 6755 /mnt/sdcard-ext/shell/*'[/U] > /dev/null 2>&1 && echo PASS"') do set retval=%%l
if "%retval%" neq "PASS" set message=Unable to chmod scripts. && goto abort
The underlined bit is where I need to escape either single or double quotes.
Click to expand...
Click to collapse
^ escapes batch, \ escapes shell. Hope this helps. If you zip up and send me the whole process in a single .sh file I can wrap it up in CWM for you.