[ROOT ICS] The hard way && Digging for roots

Search This thread

eww245

Senior Member
Aug 19, 2008
494
77
Throop
I just got /system mounted as writable, and was able to install busybox to /system/xbin. It's a workaround for now but it works. Updating the OP with detalis.
 
  • Like
Reactions: mugna91
D

Deleted member 5132789

Guest
I just got /system mounted as writable, and was able to install busybox to /system/xbin. It's a workaround for now but it works. Updating the OP with detalis.

Nice! Looking forward to trying.

edit: on the command
./busybox cp su loop/xbin/ ; ./busybox cp busybox loop/xbin/

I don't think you need the trailing "/" - I get error with it, no error without trailing "/"
 
Last edited by a moderator:

Icewyng

Senior Member
Dec 10, 2010
309
109
Québec
Ok... still having trouble with fastboot. Once you issue the oem unluck, the white acer logo appears but the bootloader is still locked. However, you can check getvar with it.

I am sure it can be unlocked. We just need to figure out how.
 

pintek

Senior Member
May 10, 2011
372
43
I wish you guys the best of luck I'd try this but my literacy with trying to get ADB to install on windows is about as bad as me accidentally uninstalling gnome on ubuntu once >.>
 

jeromel

Senior Member
Jul 19, 2008
116
14
Winnipeg
Sorry if I'm asking a dumb question, I'm just learning adb and still don't fully understand it all...but are you saying root was successful? Or are you still trying to get system r/w? I'm going to use this method to at least make sure I get the same result and try to contribute whatever I can. If anyone needs a tester or anything, please let me know how I can help. Thanks for all of your hard work, guys.

Yup, sucessful. After getting the error line i continued with the remainder. Root it successful. System r/w isn't sticking. I'm just happy to get root so I can boost up the stats I really care about.

Sent from my A100 using Tapatalk
 

Icewyng

Senior Member
Dec 10, 2010
309
109
Québec
Did anyone else notice that the ADB devices number has changed now? Instead of a series of numbers & characters, it has 11 numbers instead?

This boot/flash_image/fastboot stuff is driving me nuts...

Did anyone try to fastboot oem unlock with 3.2/3.2.1?
 
Last edited:

ED2O9

Senior Member
Sep 2, 2009
295
129
Please excuse my ignorance on this, but where exactly to you add the three lines to install-recovery.sh? I've got root and r/w on system, but I'm a little shaky on editing a system file I'm unfamiliar with.
Thanks for all your work on this!!
 

eww245

Senior Member
Aug 19, 2008
494
77
Throop
Please excuse my ignorance on this, but where exactly to you add the three lines to install-recovery.sh? I've got root and r/w on system, but I'm a little shaky on editing a system file I'm unfamiliar with.
Thanks for all your work on this!!

It's safe to delete everything in the file. I usually like to make a copy of any files I edit ot let Root Explorer do it for you.
 

oneovakindoldys2

Senior Member
Nov 27, 2011
70
13
Did anyone else notice that the ADB devices number has changed now? Instead of a series of numbers & characters, it has 11 numbers instead?

This boot/flash_image/fastboot stuff is driving me nuts...

Did anyone try to fastboot oem unlock with 3.2/3.2.1?
yes, i tried fastboot in hc 3.2.1 with no luck. the new adb number is the serial number on your sd cover on your device. i am going to start working on fastboot again tonight when i get home from work. good luck guys!
 
D

Deleted member 5132789

Guest
So I went back to HC 3.2.1, rooted, and to my surprise I got a notification that there is an update from Acer - 2.008.03. Anyone know what this is?
 
D

Deleted member 5132789

Guest

I saw that as well - not much else out there when you search for acer iconia 2.008.03. There is a link to a zip file that I assume is for gaining root - but I can't download it. I'm trying to grab the zip file that is being downloaded from acer, but not having any luck.

Edit: The downloaded file is stored in /cache/fota_dn/309CEA5E573E2F0ACC60EF7F0537F2D9.zip - I pulled it to my pc via adb command, but the file is not valid and won't open - likewise on the acer, I can't view the contents using anything. Could it be secured/encrypted?
 
Last edited by a moderator:
D

Deleted member 5132789

Guest
I decided to install it - I can go back to honeycomb if necessary...

edit: not ics, but a HC update - still at 3.2.1, but kernel is 2.6.36.3 and build is Acer_A100_2.008.03_PA_CA
 
Last edited by a moderator:

Icewyng

Senior Member
Dec 10, 2010
309
109
Québec
Edit: The downloaded file is stored in /cache/fota_dn/309CEA5E573E2F0ACC60EF7F0537F2D9.zip - I pulled it to my pc via adb command, but the file is not valid and won't open - likewise on the acer, I can't view the contents using anything. Could it be secured/encrypted?

Updates are always encrypted. Most of the time, they make it harder to do anything instead of firmwares.
 

aznmode

Senior Member
Jun 23, 2007
5,044
1,034
Edit: The downloaded file is stored in /cache/fota_dn/309CEA5E573E2F0ACC60EF7F0537F2D9.zip - I pulled it to my pc via adb command, but the file is not valid and won't open - likewise on the acer, I can't view the contents using anything. Could it be secured/encrypted?

You need to decrypt OTAs. See below. I had to do this when I pulled the OTA 3.2.1 off my cache folder before.
http://xdaforums.com/showthread.php?t=1099673


You also need to shorten that long name. Here's what I did when I received OTA 3.2.1 2007.1. Followed my same instructions below it.
http://xdaforums.com/showpost.php?p=21112158&postcount=91
 
Last edited:

Icewyng

Senior Member
Dec 10, 2010
309
109
Québec
If you could send that udpate so we can put it online, it would be great.

I am working on a way to go around the bootloader... Not sure if it'll work. Will keep you all posted.
 
  • Like
Reactions: masterpker2

Top Liked Posts

  • There are no posts matching your filters.
  • 9
    Here's my attempt at a "double click" root for ics. I've included everything you might need including the usb drivers. It doesn't need anything special to run, just the usb driver installed and your tab with USB debugging enabled (go to settings -> developer options and check USB debugging.)

    Download:
    http://db.tt/77NSAPDs

    Extract and install the usb driver if needed. Plug your tab in to your pc & Double click the .bat file. Check to see if your device id is listed, if its not close the window out and check that your device is connected and recognized by windows (also check that you have the drivers for the tab installed and that USB debugging is enabled).

    If it is listed (should display a series of numbers) press any key to start the rooting scripts. It will load su and busybox to the loop mount for you. Once the script is done you may need to restart the tab and run the .bat file again to be able to write to the looped system (while the loop system is mounted you can modify the build.prop file and other files within /system by going to /data/local/rootme/loop/ but /system itself isnt r/w mounted. )

    This was a pain to get working and it still may not work right, if it does work for you though, you can re-run the .bat file each time you reboot your tab to be able to write to the looped system. Eventually I'll integrate the commands into the install-recovery.bat file along with some sdcard tweaks so you won't have to re-run the bat file after reboot.

    Thanks to eww245 for providing the commands initially (I used a variation of his and ones from the post on the toshiba forums to get this to work).

    Sent from my MB860 using XDA App
    4
    For anyone that doesn't want to root the hard way crossix has come up with a double click root for Windows xdaforums.com/showpost.php?p=23052186&postcount=105

    Update 2/26/12
    /system can now be mounted writable see the bottom of this post.

    So the old Honeycomb exploit has now been patched in ICS. But there was an exploit found in the newer ICS kernels. Written by saurik,: called mempodroid

    There is an offset needed as an argument to the binary, for the a100 we'll use what has worked for the a200 as noted in sauriks github linked above.

    The issue with this is mounting /system as writable. I'm not sure if it's something in ICS, but it appears to be write protected. As noted here and here we will loop mount the system partition.

    The tools needed are:

    1. mempodroid under Usage Instructions, download pre-compiled
    2. busybox 1.20 snapshot 3-10-12
    3. su the latest from androidsu.com, extract from system/bin
    4. mount.txt script

    After downloading and extracting place them all in a folder called tools.
    This must be done with adb. Issue the following from cmd or a terminal:
    Code:
    $ adb shell mkdir /data/local/tools
    $ adb push tools /data/local/tools ; adb shell
    $ cd /data/local ; chmod 755 tools/*
    $ cd tools ; ./mempodroid 0xd9f0 0xaf47 sh
    If all went well you should be at a hash # prompt. This is temp root.

    mount /system rw the new way:
    Code:
    # PATH=$PWD:$PATH
    # sh mount.txt -o remount,rw /system

    Copy su and busybox to /system
    Code:
    # ./busybox cp busybox /system/xbin; ./busybox cp su /system/xbin/
    # chmod 6755 /system/xbin/su

    Install busybox
    Code:
    # cd /system/xbin
    # for i in $(busybox --list); do ln -s busybox $i; done; sync
    Copy the mount script
    If busybox is updated this step must be run again
    Code:
    # cp /data/local/tools/mount.txt /system/bin/mount
    # cp /data/local/tools/mount.txt /system/xbin/mount

    Done your a100 should be rooted

    the old way:

    Now lets loop mount /system
    Code:
    [b]This is no longer needed[/b]
    # ./busybox losetup -o $((512 * 51200)) /dev/block/loop7 /dev/block/mmcblk0
    Code:
    # ./busybox losetup /dev/block/loop7 /dev/block/mmcblk0p3
    # mkdir loop ; mount -t ext4 /dev/block/loop7 loop

    Copy su and busybox to the new mount point.
    Code:
    # ./busybox cp su loop/xbin/ ; ./busybox cp busybox loop/xbin/
    # chmod 6755 loop/xbin/su ; sync
    If it worked your a100 is fully rooted. Make sure to install SuperUser from the Market.
    Either get busybox installer from the market, and install it to /data/local/tools/loop/xbin
    Or:
    Code:
    # cd loop/xbin
    # for i in $(busybox --list); do ln -s busybox $i; done; sync
    The mount point won't survive a reboot so in order to write to /system again run:
    Code:
    # busybox losetup /dev/block/loop7 /dev/block/mmcblk0p3
    # mount -t ext4 /dev/block/loop7 /data/local/tools/loop

    [update 2/26/12]
    To mount /system as writable do the following from adb. We'll just make a directory called /data/loop for easy access.
    Code:
    $ adb shell
    $ su
    # stop
    [b]your screen will go black[/b]
    # mkdir /data/loop
    [b]skip this if the loop is already set up
    # busybox losetup /dev/block/loop7 /dev/block/mmcblk0p3[/b]
    # mount -t ext4 /dev/block/loop7 /data/loop
    # mount -o bind /data/loop /system
    # start
    You can write to /system with any app but /system can't be remounted ro then back to rw.

    This can be added to /etc/install-recovery.sh to make it permanent
    Code:
    busybox losetup /dev/block/loop7 /dev/block/mmcblk0p3
    mount /dev/block/loop7 /data/loop
    mount -o bind /data/loop /system
    Thanks to crossix as the first to get temp root, and Icewyng for pointing out the exploit and helping with the magic number.
    3
    I got root using this method. http://xdaforums.com/showpost.php?p=22862959&postcount=306


    I used quick boot app and selected 'Bootloader'. May be useful?

    got this:
    2
    Not sure why the files aren't showing up. Maybe try busybox sync after copying them.

    [edit] I asssume you can get root manually and it's just a problem with your script?
    Let me know, hopefully the instructions are all correct now. I updated them several times yesterday.
    Also, there might be an easier way than what I posted, if you find one post it here or shoot me a PM.

    Thanks, I'm having to use a slightly different method since I can't pass arguments through adb shell and mempodroid. It's copying all the files to the tab and executing shell scripts for each step in the process based off a combo of your root method and the one found for the toshiba tab. Hopefully I'll get it figured out soon..
    2
    Thought that might happen, have to get some more ideas.

    [edit] So maybe using 'stop' will help, from adb

    # stop
    # mount -o bind /data/local/tools/loop /system
    # start

    There probably won't be a bootanimation, but if it gets to the lockscreen it should be ok without FCs. If it bootloops just hold in the power button or use the pinhole reset.

    I should just suck it up and upgrade just don't think I'm ready.

    bumping this^ could someone try it.


    Looks like the a500 got rooted with the same method. xdaforums.com/showpost.php?p=22862959&postcount=306 There's one difference with the loop mount. So can someone try this and see if it mounts writable. Just trying to make things simpler, Thanks

    busybox losetup /dev/block/loop7 /dev/block/mmcblk0p3
    mount -t ext4 /dev/block/loop7 /data/local/tools/loop

    Also looks like they ran memopdroid on the tablet, so maybe I can refine it some more.