Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,729,145 Members 41,949 Now Online
XDA Developers Android and Mobile Development Forum

[HOW-TO] Root FRGxx builds without unlocking bootloader

Tip us?
 
Jack_R1
Old
(Last edited by Jack_R1; 27th September 2010 at 08:10 AM.)
#11  
Senior Member
Thanks Meter 945
Posts: 4,300
Join Date: Aug 2009
Quote:
Originally Posted by highvista View Post
The only gotcha I ran into was that I had to mount the /system partition read/write before I could set permissions on the files there. After the exploit was active and I had shelled back into the phone via ADB, I issued the command

mount -o remount,rw -t yaffs2 /dev/block/mtdblock4 /system
It's mtdblock3, not mtdblock4, though for some reason the mount worked for me even on 6. But in any case, much better and easier done using ADB command:

adb remount


Finally the Wiki is also back to work, the "Rooting FRG83" link is updated to point to this thread.
Wiki on this forum exists for a reason. PLEASE READ THE WIKI BEFORE ASKING QUESTIONS.
Glacier (MyTouch 4G / Panache) Wiki
Nexus One Wiki
Nexus One FAQ.


[Lockscreen MOD] Trackball/trackpad wake-sleep toggle for Sense ROMs - [Nexus One], [MyTouch 4G]
[MOD]NoClock for Sense ROMs
[MOD] Change WiFi hostname

[MOD]Gallery3D with high-res patch, for stock and HTC cameras
 
Atento
Old
#12  
Senior Member
Thanks Meter 121
Posts: 391
Join Date: Jun 2010
Location: Curitiba
Here, the rageagainstthecage didn't work.
I followed these steps:
Quote:
F:\ADB>adb push rageagainstthecage-arm5.bin /data/local/tmp/rageagainstthecage
263 KB/s (5392 bytes in 0.020s)

F:\ADB>adb shell chmod 700 /data/local/tmp/rageagainstthecage

F:\ADB>adb shell
$ cd /data/local/tmp
cd /data/local/tmp
$ ./rageagainstthecage
./rageagainstthecage[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3084, 3084}[*] Searching for adb ...
[+] Found adb as PID 64[*] Spawning children. Dont type anything and wait for reset![*][*] If you like what we are doing you can send us PayPal money to[*] 7-4-3-C[at]web.de so we can compensate time, effort and HW costs.[*] If you are a company and feel like you profit from our work,[*] we also accept donations > 1000 USD![*][*] adb connection will be reset. restart adb server on desktop and re-login.
$
F:\ADB>adb kill-server

F:\ADB>adb start-server
* daemon not running. starting it now *
* daemon started successfully *

F:\ADB>adb shell
#
But, I didn't get root shell (#), when I typed "adb shell" I still got ($).
I'm in FRG83, Android 2.2.1.

Any ideas?
 
snovvman
Old
#13  
Senior Member
Thanks Meter 89
Posts: 741
Join Date: Jun 2008
Quote:
Originally Posted by cmstlist View Post
Thanks to efrant for pointing the way to this guide.
Thank you for posting this. It was a big help. I lost my root after 2.2.1 and this worked great. I did have to execute the .bin file 3 times. The first time, I got $, and the second time as well. It was only on the 3rd execute that I got the # prompt. I read that others had the same problem, that it only worked after a few times.

Quote:
Originally Posted by highvista View Post
I used the steps posted here to restore root access to a Nexus One which had been previously rooted with 1-click. It was running stock FRF91. It was a fairly smooth process, especially since the update to FRG83 did not delete my Superuser.apk, su, or busybox files. The permissions had just been turned down, so with the RageAgainstTheCage exploit active, I was able to change the permissions as indicated and was off and running.

The only gotcha I ran into was that I had to mount the /system partition read/write before I could set permissions on the files there. After the exploit was active and I had shelled back into the phone via ADB, I issued the command

mount -o remount,rw -t yaffs2 /dev/block/mtdblock4 /system

for the read/write mount and was then able to turn up the permissions. And, in the interests of completeness, to mount /system read-only again afterward:

mount -o remount,ro -t yaffs2 /dev/block/mtdblock4 /system

Thanks much for consolidating the procedure where it was easy to find.
Thank you for this. I was in the same situation and I was not able to set the premissions. Then I saw your post. I am not a Linux/Unix guy, so it was step-by-step for me. Curiously, why is it necessary to change the premission for su, busybox, etc.?

Thanks guys.
 
Xel'Naga
Old
#14  
Junior Member
Thanks Meter 3
Posts: 22
Join Date: Apr 2010
Quote:
Originally Posted by Atento View Post
Here, the rageagainstthecage didn't work.
I followed these steps:

But, I didn't get root shell (#), when I typed "adb shell" I still got ($).
I'm in FRG83, Android 2.2.1.

Any ideas?
I had this, too. Like the above poster said, I got # after several tries. However something went wrong midway through the other steps from efrant, and I went back and lost #, only had $.

Also looking for ideas.
 
snovvman
Old
#15  
Senior Member
Thanks Meter 89
Posts: 741
Join Date: Jun 2008
Quote:
Originally Posted by Xel'Naga View Post
I had this, too. Like the above poster said, I got # after several tries. However something went wrong midway through the other steps from efrant, and I went back and lost #, only had $.

Also looking for ideas.
I would try the process over again from the beginning. Once you get the #, follow highvista's information to mount the file system as RW, and do the chmods. After you are done, re-mount as RO.
 
Xel'Naga
Old
#16  
Junior Member
Thanks Meter 3
Posts: 22
Join Date: Apr 2010
Quote:
Originally Posted by snovvman View Post
I would try the process over again from the beginning. Once you get the #, follow highvista's information to mount the file system as RW, and do the chmods. After you are done, re-mount as RO.
Yup, had to reboot the device and try again about four times and then it finally all stuck. Now rooted on 2.2.1.
 
Atento
Old
#17  
Senior Member
Thanks Meter 121
Posts: 391
Join Date: Jun 2010
Location: Curitiba
Quote:
Originally Posted by snovvman View Post
Thank you for posting this. It was a big help. I lost my root after 2.2.1 and this worked great. I did have to execute the .bin file 3 times. The first time, I got $, and the second time as well. It was only on the 3rd execute that I got the # prompt. I read that others had the same problem, that it only worked after a few times.



Thank you for this. I was in the same situation and I was not able to set the premissions. Then I saw your post. I am not a Linux/Unix guy, so it was step-by-step for me. Curiously, why is it necessary to change the premission for su, busybox, etc.?

Thanks guys.
Thanks for your replies! I'm rooted now.

Thanks for all!!!
 
hmanxx
Old
(Last edited by hmanxx; 28th September 2010 at 08:37 AM.)
#18  
Senior Member
Thanks Meter 9
Posts: 149
Join Date: Nov 2008
Hi OP,
You may want to edit your post #2, I have inserted the mounting commands in the thread i posted previously. this will help novice users to get thing right out of box without figuring why permission denied.
I have just tried out the additional mounting steps..things are working fine..

Tidy up step by step rooting

1) Getting rageagainstthecage-arm5.bin
http://stealth.openwall.net/xSports/...nstTheCage.tgz

2) Getting Superuser.apk, busybox,su
http://forum.xda-developers.com/showthread.php?t=736271
Or
Find yourself..there are many floating around.

3) Rooting Process (Installing custom Recovery rom section is deleted to simplify illustration
Reference:http://forum.xda-developers.com/show...&postcount=250

Code:
F:\ADB>adb push rageagainstthecage-arm5.bin /data/local/tmp/rageagainstthecage
263 KB/s (5392 bytes in 0.020s)

F:\ADB>adb shell chmod 700 /data/local/tmp/rageagainstthecage

F:\ADB>adb shell
$ cd /data/local/tmp
cd /data/local/tmp
$ ./rageagainstthecage
./rageagainstthecage[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3084, 3084}[*] Searching for adb ...
[+] Found adb as PID 64[*] Spawning children. Dont type anything and wait for reset![*][*] If you like what we are doing you can send us PayPal money to[*] 7-4-3-C[at]web.de so we can compensate time, effort and HW costs.[*] If you are a company and feel like you profit from our work,[*] we also accept donations > 1000 USD![*][*] adb connection will be reset. restart adb server on desktop and re-login.
$
F:\ADB>adb kill-server

F:\ADB>adb start-server
* daemon not running. starting it now *
* daemon started successfully *

F:\ADB>adb shell
#mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system 

Follow the following steps to install Superuser.apk, busybox,su

F:\ADB>adb shell
# cd /data/local/tmp
cd /data/local/tmp
# ./busybox cp busybox /system/bin
./busybox cp busybox /system/bin
# chmod 4755 /system/bin/busybox
chmod 4755 /system/bin/busybox
# busybox cp Superuser.apk /system/app
busybox cp Superuser.apk /system/app
# busybox cp su /system/bin
busybox cp su /system/bin
# chmod 4755 /system/bin/su
chmod 4755 /system/bin/su
# exit
exit

F:\ADB>adb shell
# su
su
#mount -o remount,ro -t yaffs2 /dev/block/mtdblock3 /system 
# exit 
exit
 
cmstlist
Old
#19  
Senior Member - OP
Thanks Meter 480
Posts: 3,114
Join Date: Jan 2010
Location: Vancouver
Thanks, I'll fix it up when I'm at a desktop computer again and less occupied by the Masters thesis I'm defending in just over 2 weeks

Sent from my Nexus One using XDA App
 
Fredro
Old
#20  
Junior Member
Thanks Meter 4
Posts: 26
Join Date: Feb 2010
hehe oh noes. I gave the cage file a go 3 times, failed, so I got pissed and unlocked the bootloader, then now I read about the remounting of the file system.. didn't think about that.

well.. now I can't undo the unlocking :/

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


TRENDING IN THEMER...