Unofficial Android 4.4 Lands on Three Mediatek Devices

For the last few years, devices with MTK systems-on-chip haven’t received much … more

MultiImagePicker Library for Multiple Image Selection

App developmentcan be done in more than a handful of ways. You can write every single … more

Shoot Troubles, Not Users w/ Alex Boag-Munroe – XDA:DevCon 2014

In presenting the various sessions from XDA:DevCon 2014, weve mainly … more

Oppo Releases ColorOS for the Find 5… Poorly

Almost every OEM has taken the liberty of creating its own incarnation of the Android OS. … more

Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

[HOW-TO] Root FRGxx builds without unlocking bootloader

OP cmstlist

27th September 2010, 08:40 AM   |  #11  
Senior Member
Thanks Meter: 955
 
4,319 posts
Join Date:Joined: Aug 2009
More
Quote:
Originally Posted by highvista

The only gotcha I ran into was that I had to mount the /system partition read/write before I could set permissions on the files there. After the exploit was active and I had shelled back into the phone via ADB, I issued the command

mount -o remount,rw -t yaffs2 /dev/block/mtdblock4 /system

It's mtdblock3, not mtdblock4, though for some reason the mount worked for me even on 6. But in any case, much better and easier done using ADB command:

adb remount


Finally the Wiki is also back to work, the "Rooting FRG83" link is updated to point to this thread.
Last edited by Jack_R1; 27th September 2010 at 09:10 AM.
28th September 2010, 04:01 AM   |  #12  
Senior Member
Flag Curitiba
Thanks Meter: 133
 
445 posts
Join Date:Joined: Jun 2010
Here, the rageagainstthecage didn't work.
I followed these steps:
Quote:

F:\ADB>adb push rageagainstthecage-arm5.bin /data/local/tmp/rageagainstthecage
263 KB/s (5392 bytes in 0.020s)

F:\ADB>adb shell chmod 700 /data/local/tmp/rageagainstthecage

F:\ADB>adb shell
$ cd /data/local/tmp
cd /data/local/tmp
$ ./rageagainstthecage
./rageagainstthecage[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3084, 3084}[*] Searching for adb ...
[+] Found adb as PID 64[*] Spawning children. Dont type anything and wait for reset![*][*] If you like what we are doing you can send us PayPal money to[*] 7-4-3-C[at]web.de so we can compensate time, effort and HW costs.[*] If you are a company and feel like you profit from our work,[*] we also accept donations > 1000 USD![*][*] adb connection will be reset. restart adb server on desktop and re-login.
$
F:\ADB>adb kill-server

F:\ADB>adb start-server
* daemon not running. starting it now *
* daemon started successfully *

F:\ADB>adb shell
#

But, I didn't get root shell (#), when I typed "adb shell" I still got ($).
I'm in FRG83, Android 2.2.1.

Any ideas?
28th September 2010, 04:05 AM   |  #13  
Senior Member
Thanks Meter: 165
 
855 posts
Join Date:Joined: Jun 2008
Quote:
Originally Posted by cmstlist

Thanks to efrant for pointing the way to this guide.

Thank you for posting this. It was a big help. I lost my root after 2.2.1 and this worked great. I did have to execute the .bin file 3 times. The first time, I got $, and the second time as well. It was only on the 3rd execute that I got the # prompt. I read that others had the same problem, that it only worked after a few times.

Quote:
Originally Posted by highvista

I used the steps posted here to restore root access to a Nexus One which had been previously rooted with 1-click. It was running stock FRF91. It was a fairly smooth process, especially since the update to FRG83 did not delete my Superuser.apk, su, or busybox files. The permissions had just been turned down, so with the RageAgainstTheCage exploit active, I was able to change the permissions as indicated and was off and running.

The only gotcha I ran into was that I had to mount the /system partition read/write before I could set permissions on the files there. After the exploit was active and I had shelled back into the phone via ADB, I issued the command

mount -o remount,rw -t yaffs2 /dev/block/mtdblock4 /system

for the read/write mount and was then able to turn up the permissions. And, in the interests of completeness, to mount /system read-only again afterward:

mount -o remount,ro -t yaffs2 /dev/block/mtdblock4 /system

Thanks much for consolidating the procedure where it was easy to find.

Thank you for this. I was in the same situation and I was not able to set the premissions. Then I saw your post. I am not a Linux/Unix guy, so it was step-by-step for me. Curiously, why is it necessary to change the premission for su, busybox, etc.?

Thanks guys.
28th September 2010, 05:01 AM   |  #14  
Junior Member
Thanks Meter: 3
 
22 posts
Join Date:Joined: Apr 2010
Quote:
Originally Posted by Atento

Here, the rageagainstthecage didn't work.
I followed these steps:

But, I didn't get root shell (#), when I typed "adb shell" I still got ($).
I'm in FRG83, Android 2.2.1.

Any ideas?

I had this, too. Like the above poster said, I got # after several tries. However something went wrong midway through the other steps from efrant, and I went back and lost #, only had $.

Also looking for ideas.
28th September 2010, 05:11 AM   |  #15  
Senior Member
Thanks Meter: 165
 
855 posts
Join Date:Joined: Jun 2008
Quote:
Originally Posted by Xel'Naga

I had this, too. Like the above poster said, I got # after several tries. However something went wrong midway through the other steps from efrant, and I went back and lost #, only had $.

Also looking for ideas.

I would try the process over again from the beginning. Once you get the #, follow highvista's information to mount the file system as RW, and do the chmods. After you are done, re-mount as RO.
28th September 2010, 05:15 AM   |  #16  
Junior Member
Thanks Meter: 3
 
22 posts
Join Date:Joined: Apr 2010
Quote:
Originally Posted by snovvman

I would try the process over again from the beginning. Once you get the #, follow highvista's information to mount the file system as RW, and do the chmods. After you are done, re-mount as RO.

Yup, had to reboot the device and try again about four times and then it finally all stuck. Now rooted on 2.2.1.
28th September 2010, 05:39 AM   |  #17  
Senior Member
Flag Curitiba
Thanks Meter: 133
 
445 posts
Join Date:Joined: Jun 2010
Quote:
Originally Posted by snovvman

Thank you for posting this. It was a big help. I lost my root after 2.2.1 and this worked great. I did have to execute the .bin file 3 times. The first time, I got $, and the second time as well. It was only on the 3rd execute that I got the # prompt. I read that others had the same problem, that it only worked after a few times.



Thank you for this. I was in the same situation and I was not able to set the premissions. Then I saw your post. I am not a Linux/Unix guy, so it was step-by-step for me. Curiously, why is it necessary to change the premission for su, busybox, etc.?

Thanks guys.

Thanks for your replies! I'm rooted now.

Thanks for all!!!
28th September 2010, 09:33 AM   |  #18  
Senior Member
Thanks Meter: 9
 
163 posts
Join Date:Joined: Nov 2008
Hi OP,
You may want to edit your post #2, I have inserted the mounting commands in the thread i posted previously. this will help novice users to get thing right out of box without figuring why permission denied.
I have just tried out the additional mounting steps..things are working fine..

Tidy up step by step rooting

1) Getting rageagainstthecage-arm5.bin
http://stealth.openwall.net/xSports/...nstTheCage.tgz

2) Getting Superuser.apk, busybox,su
http://forum.xda-developers.com/showthread.php?t=736271
Or
Find yourself..there are many floating around.

3) Rooting Process (Installing custom Recovery rom section is deleted to simplify illustration
Reference:http://forum.xda-developers.com/show...&postcount=250

Code:
F:\ADB>adb push rageagainstthecage-arm5.bin /data/local/tmp/rageagainstthecage
263 KB/s (5392 bytes in 0.020s)

F:\ADB>adb shell chmod 700 /data/local/tmp/rageagainstthecage

F:\ADB>adb shell
$ cd /data/local/tmp
cd /data/local/tmp
$ ./rageagainstthecage
./rageagainstthecage[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3084, 3084}[*] Searching for adb ...
[+] Found adb as PID 64[*] Spawning children. Dont type anything and wait for reset![*][*] If you like what we are doing you can send us PayPal money to[*] 7-4-3-C[at]web.de so we can compensate time, effort and HW costs.[*] If you are a company and feel like you profit from our work,[*] we also accept donations > 1000 USD![*][*] adb connection will be reset. restart adb server on desktop and re-login.
$
F:\ADB>adb kill-server

F:\ADB>adb start-server
* daemon not running. starting it now *
* daemon started successfully *

F:\ADB>adb shell
#mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system 

Follow the following steps to install Superuser.apk, busybox,su

F:\ADB>adb shell
# cd /data/local/tmp
cd /data/local/tmp
# ./busybox cp busybox /system/bin
./busybox cp busybox /system/bin
# chmod 4755 /system/bin/busybox
chmod 4755 /system/bin/busybox
# busybox cp Superuser.apk /system/app
busybox cp Superuser.apk /system/app
# busybox cp su /system/bin
busybox cp su /system/bin
# chmod 4755 /system/bin/su
chmod 4755 /system/bin/su
# exit
exit

F:\ADB>adb shell
# su
su
#mount -o remount,ro -t yaffs2 /dev/block/mtdblock3 /system 
# exit 
exit
Last edited by hmanxx; 28th September 2010 at 09:37 AM.
28th September 2010, 04:13 PM   |  #19  
OP Senior Member
Flag Toronto
Thanks Meter: 486
 
3,143 posts
Join Date:Joined: Jan 2010
More
Thanks, I'll fix it up when I'm at a desktop computer again and less occupied by the Masters thesis I'm defending in just over 2 weeks

Sent from my Nexus One using XDA App
28th September 2010, 11:14 PM   |  #20  
Junior Member
Thanks Meter: 4
 
26 posts
Join Date:Joined: Feb 2010
More
hehe oh noes. I gave the cage file a go 3 times, failed, so I got pissed and unlocked the bootloader, then now I read about the remounting of the file system.. didn't think about that.

well.. now I can't undo the unlocking :/

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes