Find Your Device:
Or Continue to Thread: [HOW-TO] Root FRGxx builds wit…
5th October 2010, 01:47 AM |#88  
Account currently disabled
Thanks Meter: 0
1) Get rageagainstthecage-arm5.bin

2) Get Superuser.apk, busybox,su

3) Get the Android SDK (ADB)

4a) Unzip android SDK (e.g. so that the tools folder is F:\ADB\)

4b) connect Nexus One with with "applications=>development=>USB debug enabled" (and install USB driver if necessary)

5) Unzip/unrar files within RageAgainstTheCage.tgz to F:\ADB\

6) Unzip/unrar files within to F:\ADB\

7) Open command prompt go to F:\ADB

[7b) Verify that your nexus one is connected and responding - type "adb devices" it should list your N1

8) Now within the command prompt do the following (commands in bold - the rest gives you an indication of the results)

(Note: if you get $ instead of #, just go back and repeat the instructions from where it says $ ./rageagainstthecage. Worked like a charm on the second try for me.)


F:\ADB>adb push rageagainstthecage-arm5.bin /data/local/tmp/rageagainstthecage
263 KB/s (5392 bytes in 0.020s)

F:\ADB>adb push Superuser.apk /data/local/tmp/Superuser.apk
263 KB/s (5392 bytes in 0.020s)

F:\ADB>adb push su /data/local/tmp/su
263 KB/s (5392 bytes in 0.020s)

F:\ADB>adb push busybox /data/local/tmp/busybox
263 KB/s (5392 bytes in 0.020s)

F:\ADB>adb shell chmod 700 /data/local/tmp/rageagainstthecage

F:\ADB>adb shell
$ cd /data/local/tmp
cd /data/local/tmp
$ ./rageagainstthecage
./rageagainstthecage[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3084, 3084}[*] Searching for adb ...
[+] Found adb as PID 64[*] Spawning children. Dont type anything and wait for reset![*][*] If you like what we are doing you can send us PayPal money to[*] 7-4-3-C[at] so we can compensate time, effort and HW costs.[*] If you are a company and feel like you profit from our work,[*] we also accept donations > 1000 USD![*][*] adb connection will be reset. restart adb server on desktop and re-login.
F:\ADB>adb kill-server

F:\ADB>adb start-server
* daemon not running. starting it now *
* daemon started successfully *

F:\ADB>adb shell chmod 755 /data/local/tmp/busybox

F:\ADB>adb shell
#mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system

mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
# cd /data/local/tmp
cd /data/local/tmp
# ./busybox cp busybox /system/bin
./busybox cp busybox /system/bin
# chmod 4755 /system/bin/busybox
chmod 4755 /system/bin/busybox
# busybox cp Superuser.apk /system/app
busybox cp Superuser.apk /system/app
# busybox cp su /system/bin
busybox cp su /system/bin
# chmod 4755 /system/bin/su
chmod 4755 /system/bin/su
# exit

F:\ADB>adb shell
# su
#mount -o remount,ro -t yaffs2 /dev/block/mtdblock3 /system
mount -o remount,ro -t yaffs2 /dev/block/mtdblock3 /system
# exit

Last edited by nexusdue; 5th October 2010 at 05:17 PM.