Credits: The 743C exploit, and ChainsDD for Superuser.
- Android SDK installed and working.
- The zip attached to this post.
- If you're still on Cupcake (Android 1.5) you'll need su and Superuser from http://bit.ly/su2361cd
So, let's get down to business.
- Unzip the attached file into your /android-sdk/tools/ directory, it'll make your life (and ours) easier.
- Open up your command line, change to the SDK tools directory, and enter these commands:
adb push rageagainstthecage-arm5.bin /data/local/tmp adb shell chmod 755 /data/local/tmp/rageagainstthecage-arm5.bin
- Now execute the exploit:
adb shell /data/local/tmp/rageagainstthecage-arm5.bin
- Wait for the exploit to finish.
- If it doesn't exit cleanly, chances are it worked, just close your terminal or command prompt and open a new one.
- Test that it worked:
adb kill-server adb start-server adb shell
- If you see a $, it DID NOT work, execute the exploit again. (Step 3)
- If you see a #, it WORKED, continue:
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system exit adb push su /system/xbin adb shell chmod 4755 /system/xbin/su adb install Superuser.apk
- You may need to ctrl-c once it says Success!
- Next time you 'su' in adb shell, make sure to click Allow in Superuser!
- You may instead install Superuser from the Market if you wish.
- Clean up the exploit:
adb shell rm /data/local/tmp/rageagainstthecage-arm5.bin
If you ever do a "Factory Reset", Superuser will go away, but you DO NOT lose root. Just reinstall Superuser.
What next? The choice is yours! Remove stock apps, get some good 'ol WiFi tethering, or flash something different!
The above steps DO NOT put a recovery on your phone, though it is VERY EASY.
Once you're rooted, install ROM Manager by Koushik Dutta from the Market. Open it up, click "Flash ClockworkMod Recovery".
Select your model (Hero CDMA), and hit Allow when the Superuser Prompt shows up.
The above steps DO NOT install Busybox on your phone.
Simply install Busybox from Stephen (Stericson), available on the market.
Start the app and click Allow when prompted by Superuser.
How To Uninstall
adb shell su mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system rm /system/xbin/su rm /etc/passwd rm /etc/group