[ROOT ICS] The hard way && Digging for roots

Search This thread
By:
Advanced…
E

eww245

Senior Member
Aug 19, 2008
494
77
Throop
ethanwinkley said:
Shouldn't the command you have listed:
./busybox losetup -o $((512 * 51200)) /dev/block/loop7 /dev/block/mmcblk0

Actually be:
./busybox losetup -o $((512 * 51200)) /dev/block/loop7 /dev/block/mmcblk0p3

When I issue the command 'mount' it shows /dev/block/mmcblk0p3 /system ext4 ro,relatime,user_xattr,acl,barrier=1,data=ordered 0 0, among other items. Just trying to help... I don't see the mmcblk0 listed...

---------- Post added at 07:52 PM ---------- Previous post was at 07:11 PM ----------



OK - I just performed the steps in the link you provided above - for the A500 - and I have root. I can't get su permissions to work under adb shell, but I can get into root apps such as TiBu - running a batch job now.

I set up Superuser.apk by default to allow SU rights. Now I already gave TiBu SU rights before I upgraded to ICS - when I try to grant su rights to a new app, such as AppExtractor, it didn't work - I got an error - no root. If I try to mount /system/xbin or /system/bin with R/W in Root Explorer, it doesn't - the "mount r/w" button is at the top (I think because it was rooted prior to upgrade).

I do see su in /system/bin, but can't see or modify the permissions. Hope this info helps.
Click to expand...
Click to collapse

$((512 * 51200)) is the first sector of partition mmcblk0p3 on device mmcblk0 so it is correct. Mounting a partition at a sector would fail with an invalid argument, but losetup usually would not return an error. At the time the acer a200 was rooted similarly so that's why I posted it this way. Thanks for confirming that it's not needed, I'll change the OP.
/system can't be remounted as rw, that's why it has to be loop mounted, don't know why I'm still looking into it. So in the meantime loop mount it somewhere and then use root explorer to make any changes.
 
D

deadpieface

Member
Jul 8, 2010
24
6

Attachments

  • IMG_20120225_232359.jpg
    IMG_20120225_232359.jpg
    182 KB · Views: 270
  • Like
Reactions: Icewyng, ptesmoke and LoverBoyV
J

jeromel

Senior Member
Jul 19, 2008
116
14
Winnipeg
Success with rooting using the following
$ adb shell mkdir /data/local/tools
$ adb push tools /data/local/tools ; adb shell
$ cd /data/local ; chmod 755 tools/*
$ cd tools
$ ./mempodroid 0xd9f0 0xaf47 sh
# ./busybox losetup -o $((512 * 51200)) /dev/block/loop7 /dev/block/mmcblk0
# mkdir loop
# mount -t ext4 /dev/block/loop7 loop FAILED: INVALID ARGUMENT
# ./busybox losetup -d /dev/block/loop7
# ./busybox losetup /dev/block/loop7 /dev/block/mmcblk0p3
# mount -t ext4 /dev/block/loop7 loop
# ./busybox cp su loop/xbin/ ; ./busybox cp busybox loop/xbin/
# chmod 6755 loop/xbin/su ; sync
 
  • Like
Reactions: Icewyng
S

StonedYoda

Senior Member
May 1, 2011
255
155
Nederland
jeromel said:
Success with rooting using the following
$ adb shell mkdir /data/local/tools
$ adb push tools /data/local/tools ; adb shell
$ cd /data/local ; chmod 755 tools/*
$ cd tools
$ ./mempodroid 0xd9f0 0xaf47 sh
# ./busybox losetup -o $((512 * 51200)) /dev/block/loop7 /dev/block/mmcblk0
# mkdir loop
# mount -t ext4 /dev/block/loop7 loop FAILED: INVALID ARGUMENT
# ./busybox losetup -d /dev/block/loop7
# ./busybox losetup /dev/block/loop7 /dev/block/mmcblk0p3
# mount -t ext4 /dev/block/loop7 loop
# ./busybox cp su loop/xbin/ ; ./busybox cp busybox loop/xbin/
# chmod 6755 loop/xbin/su ; sync
Click to expand...
Click to collapse


Sorry if I'm asking a dumb question, I'm just learning adb and still don't fully understand it all...but are you saying root was successful? Or are you still trying to get system r/w? I'm going to use this method to at least make sure I get the same result and try to contribute whatever I can. If anyone needs a tester or anything, please let me know how I can help. Thanks for all of your hard work, guys.
 
D

Deleted member 5132789

Guest
jeromel said:
Success with rooting using the following
$ adb shell mkdir /data/local/tools
$ adb push tools /data/local/tools ; adb shell
$ cd /data/local ; chmod 755 tools/*
$ cd tools
$ ./mempodroid 0xd9f0 0xaf47 sh
# ./busybox losetup -o $((512 * 51200)) /dev/block/loop7 /dev/block/mmcblk0
# mkdir loop
# mount -t ext4 /dev/block/loop7 loop FAILED: INVALID ARGUMENT
# ./busybox losetup -d /dev/block/loop7
# ./busybox losetup /dev/block/loop7 /dev/block/mmcblk0p3
# mount -t ext4 /dev/block/loop7 loop
# ./busybox cp su loop/xbin/ ; ./busybox cp busybox loop/xbin/
# chmod 6755 loop/xbin/su ; sync
Click to expand...
Click to collapse

Jeromel - how did you install ICS? Did you upgrade from HC, and if so, were you rooted?
 
J

jakob95

Senior Member
Sep 14, 2011
374
21
NYC
Where does the folder tools need to be? On the desktop?

Can anyone make a video explaining how to do this please?
 
Last edited:
D

Deleted member 5132789

Guest
jakob95 said:
Where does the folder tools need to be? On the desktop?
Click to expand...
Click to collapse

Anywhere on your system, just ensure that you start the adb commands from the folder just above tools. Please let us know how it goes. I still haven't officially rooted - I have root for the apps that had superuser access before the upgrade it ICS - but anything that didn't have root can't get root.
 
J

jakob95

Senior Member
Sep 14, 2011
374
21
NYC
ethanwinkley said:
Anywhere on your system, just ensure that you start the adb commands from the folder just above tools. Please let us know how it goes. I still haven't officially rooted - I have root for the apps that had superuser access before the upgrade it ICS - but anything that didn't have root can't get root.
Click to expand...
Click to collapse

I don't understand what to do. Do I press start and from my start menu press Cmd.exe?
And I can't download busybox its down.
EDIT: I keep getting an error that device isn't found.
 
Last edited:
oneovakindoldys2

oneovakindoldys2

Senior Member
Nov 27, 2011
70
13
hello guys, i have been communicating with some guys on acertabletforum.com....one gentleman in particular [oldhacker] is the guy that got fastboot and r/w working correctly on the a200. i myself have been working on nvflash and fastboot on and off for the past week with some success, however i was still unable to fully access fastboot to flash. i had come to the conclusion that acer had disabled fastboot in boot via ro.secure...... anyway,oldhacker explained how he did it but right now i don't have everything setup on my windows machine, nor have i ever tried this, so i thought maybe some of you had more experience in the editing the boot.img/kernel/ramdisk than myself...... anyway, here is the response that i got from him and i am 99% sure it will work.

Re: hello
I dont have the time tonight as I am heading out to work but tommorrow I will write something up and go ahead and post it here. Very quickly I took the leaked ICS zip, uncompressed it, split the boot image, which gives you boot.img-kernel and boot.img-ramdisk.gz. I uncompress the ramdisk image into a directory then edited init.picasso_e.rc, init.rc, and postboot.sh to remove and remounts of /system. I gzipped the directory back up into boot.img-ramdisk.gz. Fastboot lets you flash the kernel and ramdisk at the same time, which is what I did.

I used Cygwin Terminal on windows 7....
hope this helps someone!
 
  • Like
Reactions: Icewyng
Icewyng

Icewyng

Senior Member
Dec 10, 2010
309
109
Québec
oneovakindoldys2 said:
Re: hello
I dont have the time tonight as I am heading out to work but tommorrow I will write something up and go ahead and post it here. Very quickly I took the leaked ICS zip, uncompressed it, split the boot image, which gives you boot.img-kernel and boot.img-ramdisk.gz. I uncompress the ramdisk image into a directory then edited init.picasso_e.rc, init.rc, and postboot.sh to remove and remounts of /system. I gzipped the directory back up into boot.img-ramdisk.gz. Fastboot lets you flash the kernel and ramdisk at the same time, which is what I did.
Click to expand...
Click to collapse

I"ve figured it was something like that... Just did not have time this weekend to check it out (was sick).

I am used to that kind of work...let me do something quick and I will get back to you.
 
mvan4310

mvan4310

Senior Member
Jan 14, 2012
125
9
Well, using adb, Ive unlocked the bootloader, or so says fastboot. How can I verify this and what should I do next?

EDIT: Im actually unsure at the moment of a confimed unlock. I dont have any errors, but no indication from the bootloader its been unlocked. Reading the A500 dev forums, it seems as though the command is there, but does nothing.
 
Last edited:
Icewyng

Icewyng

Senior Member
Dec 10, 2010
309
109
Québec
mvan4310 said:
Well, using adb, Ive unlocked the bootloader, or so says fastboot. How can I verify this and what should I do next?

EDIT: Im actually unsure at the moment of a confimed unlock. I dont have any errors, but no indication from the bootloader its been unlocked. Reading the A500 dev forums, it seems as though the command is there, but does nothing.
Click to expand...
Click to collapse

Could you specify what exactly you did? There might be a few things to try but we have to know what you did.
 
mvan4310

mvan4310

Senior Member
Jan 14, 2012
125
9
adb reboot bootloader
fastboot oem unlock

although using fastboot getvar secure it shows 1, so not sure, and using fastboot oem lock, it says its already locked. So it seems as though the unlock function does nothing at this point.
 
oneovakindoldys2

oneovakindoldys2

Senior Member
Nov 27, 2011
70
13
Yes,I do beleive the problem is ro.secure=1,it needs to be 0. I have been working through the fastboot oem unlock for a long time[several days].... instead of the white acer logo that you likely see, it should go to an unlock screen with choices. When we get there we will be in business! I may have a chance to work on it tomorrow if someone don't get it before then. If we can get fastboot working correctly we should be golden....good luck!

---------- Post added at 07:46 PM ---------- Previous post was at 07:42 PM ----------

Has anyone been able to achieve the fastboot screen without issuing the command [adb reboot-bootloader]....i have not. There should be someway to get into the fastboot mode from power off, however i have not found it yet.....i dont mean recovery or apx mode, i mean fastboot. if someone knows how i would be greatful. thanks guys and good luck!
 
E

eww245

Senior Member
Aug 19, 2008
494
77
Throop
oneovakindoldys2 said:
Yes,I do beleive the problem is ro.secure=1,it needs to be 0. I have been working through the fastboot oem unlock for a long time[several days].... instead of the white acer logo that you likely see, it should go to an unlock screen with choices. When we get there we will be in business! I may have a chance to work on it tomorrow if someone don't get it before then. If we can get fastboot working correctly we should be golden....good luck!

---------- Post added at 07:46 PM ---------- Previous post was at 07:42 PM ----------

Has anyone been able to achieve the fastboot screen without issuing the command [adb reboot-bootloader]....i have not. There should be someway to get into the fastboot mode from power off, however i have not found it yet.....i dont mean recovery or apx mode, i mean fastboot. if someone knows how i would be greatful. thanks guys and good luck!
Click to expand...
Click to collapse

Any app that has an option to reboot bootloader works. I just used Rom Toolbox
 
Icewyng

Icewyng

Senior Member
Dec 10, 2010
309
109
Québec
oneovakindoldys2 said:
[/COLOR]Has anyone been able to achieve the fastboot screen without issuing the command [adb reboot-bootloader]....i have not. There should be someway to get into the fastboot mode from power off, however i have not found it yet.....i dont mean recovery or apx mode, i mean fastboot. if someone knows how i would be greatful. thanks guys and good luck!
Click to expand...
Click to collapse

Since the people over at the A500 Forums has NvFlash working, they were able to patch the bootloader to unlock it and make it work. If we had NvFlash working or some kind of recovery, it would help a lot.

This thread could be of interest to us:
A500 ICS Bootloader (plus unlocked patched version)
 
You must log in or register to reply here.

Similar threads

Z
Full root for A10x and A5xx ICS. Simple method.
Replies
363
Views
315K
M
manjulapra
vache
[LEAK][ICS 4.0.3] Acer_AV041_A100_1.012.00_WW_GEN1
Replies
453
Views
243K
Hussainch
Hussainch
A
[ROOTED] Rooting An Acer Iconia A100
Replies
224
Views
148K
O
onuris
Z
[Stock Rom] [ICS 4.0.3] Acer_A100_AV041_1.014.00_COM_GEN1
Replies
103
Views
115K
pio_masaki
pio_masaki
civato
[ROM]ICS-"FLEX-A100-REAPER-RELIX_Rev2 (15-Sep-2012)ntfs-3Gusb-GoogleNow,.......
Replies
527
Views
137K
Y
yazyazoo

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 9
    C
    crossix
    Here's my attempt at a "double click" root for ics. I've included everything you might need including the usb drivers. It doesn't need anything special to run, just the usb driver installed and your tab with USB debugging enabled (go to settings -> developer options and check USB debugging.)

    Download:
    http://db.tt/77NSAPDs

    Extract and install the usb driver if needed. Plug your tab in to your pc & Double click the .bat file. Check to see if your device id is listed, if its not close the window out and check that your device is connected and recognized by windows (also check that you have the drivers for the tab installed and that USB debugging is enabled).

    If it is listed (should display a series of numbers) press any key to start the rooting scripts. It will load su and busybox to the loop mount for you. Once the script is done you may need to restart the tab and run the .bat file again to be able to write to the looped system (while the loop system is mounted you can modify the build.prop file and other files within /system by going to /data/local/rootme/loop/ but /system itself isnt r/w mounted. )

    This was a pain to get working and it still may not work right, if it does work for you though, you can re-run the .bat file each time you reboot your tab to be able to write to the looped system. Eventually I'll integrate the commands into the install-recovery.bat file along with some sdcard tweaks so you won't have to re-run the bat file after reboot.

    Thanks to eww245 for providing the commands initially (I used a variation of his and ones from the post on the toshiba forums to get this to work).

    Sent from my MB860 using XDA App
    View
    4
    E
    eww245
    For anyone that doesn't want to root the hard way crossix has come up with a double click root for Windows xdaforums.com/showpost.php?p=23052186&postcount=105

    Update 2/26/12
    /system can now be mounted writable see the bottom of this post.

    So the old Honeycomb exploit has now been patched in ICS. But there was an exploit found in the newer ICS kernels. Written by saurik,: called mempodroid

    There is an offset needed as an argument to the binary, for the a100 we'll use what has worked for the a200 as noted in sauriks github linked above.

    The issue with this is mounting /system as writable. I'm not sure if it's something in ICS, but it appears to be write protected. As noted here and here we will loop mount the system partition.

    The tools needed are:

    1. mempodroid under Usage Instructions, download pre-compiled
    2. busybox 1.20 snapshot 3-10-12
    3. su the latest from androidsu.com, extract from system/bin
    4. mount.txt script

    After downloading and extracting place them all in a folder called tools.
    This must be done with adb. Issue the following from cmd or a terminal:
    Code: 
    $ adb shell mkdir /data/local/tools
$ adb push tools /data/local/tools ; adb shell
$ cd /data/local ; chmod 755 tools/*
$ cd tools ; ./mempodroid 0xd9f0 0xaf47 sh
    If all went well you should be at a hash # prompt. This is temp root.

    mount /system rw the new way:
    Code: 
    # PATH=$PWD:$PATH
# sh mount.txt -o remount,rw /system

    Copy su and busybox to /system
    Code: 
    # ./busybox cp busybox /system/xbin; ./busybox cp su /system/xbin/
# chmod 6755 /system/xbin/su

    Install busybox
    Code: 
    # cd /system/xbin
# for i in $(busybox --list); do ln -s busybox $i; done; sync
    Copy the mount script
    If busybox is updated this step must be run again
    Code: 
    # cp /data/local/tools/mount.txt /system/bin/mount
# cp /data/local/tools/mount.txt /system/xbin/mount

    Done your a100 should be rooted

    the old way:

    Now lets loop mount /system
    Code: 
    [b]This is no longer needed[/b]
# ./busybox losetup -o $((512 * 51200)) /dev/block/loop7 /dev/block/mmcblk0
    Code: 
    # ./busybox losetup /dev/block/loop7 /dev/block/mmcblk0p3
# mkdir loop ; mount -t ext4 /dev/block/loop7 loop

    Copy su and busybox to the new mount point.
    Code: 
    # ./busybox cp su loop/xbin/ ; ./busybox cp busybox loop/xbin/
# chmod 6755 loop/xbin/su ; sync
    If it worked your a100 is fully rooted. Make sure to install SuperUser from the Market.
    Either get busybox installer from the market, and install it to /data/local/tools/loop/xbin
    Or:
    Code: 
    # cd loop/xbin
# for i in $(busybox --list); do ln -s busybox $i; done; sync
    The mount point won't survive a reboot so in order to write to /system again run:
    Code: 
    # busybox losetup /dev/block/loop7 /dev/block/mmcblk0p3
# mount -t ext4 /dev/block/loop7 /data/local/tools/loop

    [update 2/26/12]
    To mount /system as writable do the following from adb. We'll just make a directory called /data/loop for easy access.
    Code: 
    $ adb shell
$ su
# stop
[b]your screen will go black[/b]
# mkdir /data/loop
[b]skip this if the loop is already set up
# busybox losetup /dev/block/loop7 /dev/block/mmcblk0p3[/b]
# mount -t ext4 /dev/block/loop7 /data/loop
# mount -o bind /data/loop /system
# start
    You can write to /system with any app but /system can't be remounted ro then back to rw.

    This can be added to /etc/install-recovery.sh to make it permanent
    Code: 
    busybox losetup /dev/block/loop7 /dev/block/mmcblk0p3
mount /dev/block/loop7 /data/loop
mount -o bind /data/loop /system
    Thanks to crossix as the first to get temp root, and Icewyng for pointing out the exploit and helping with the magic number.
    View
    3
    D
    deadpieface
    I got root using this method. http://xdaforums.com/showpost.php?p=22862959&postcount=306


    I used quick boot app and selected 'Bootloader'. May be useful?

    got this:
    View
    2
    C
    crossix
    eww245 said:
    Not sure why the files aren't showing up. Maybe try busybox sync after copying them.

    [edit] I asssume you can get root manually and it's just a problem with your script?
    Let me know, hopefully the instructions are all correct now. I updated them several times yesterday.
    Also, there might be an easier way than what I posted, if you find one post it here or shoot me a PM.
    Click to expand...
    Click to collapse

    Thanks, I'm having to use a slightly different method since I can't pass arguments through adb shell and mempodroid. It's copying all the files to the tab and executing shell scripts for each step in the process based off a combo of your root method and the one found for the toshiba tab. Hopefully I'll get it figured out soon..
    View
    2
    E
    eww245
    eww245 said:
    Thought that might happen, have to get some more ideas.

    [edit] So maybe using 'stop' will help, from adb

    # stop
    # mount -o bind /data/local/tools/loop /system
    # start

    There probably won't be a bootanimation, but if it gets to the lockscreen it should be ok without FCs. If it bootloops just hold in the power button or use the pinhole reset.

    I should just suck it up and upgrade just don't think I'm ready.
    Click to expand...
    Click to collapse

    bumping this^ could someone try it.


    Looks like the a500 got rooted with the same method. xdaforums.com/showpost.php?p=22862959&postcount=306 There's one difference with the loop mount. So can someone try this and see if it mounts writable. Just trying to make things simpler, Thanks

    busybox losetup /dev/block/loop7 /dev/block/mmcblk0p3
    mount -t ext4 /dev/block/loop7 /data/local/tools/loop

    Also looks like they ran memopdroid on the tablet, so maybe I can refine it some more.
    View

New posts