[HOW-TO][zergRush Root] Root w/ v2.2.x-2.3.x (NOT ICS 4.x or GB after 11/2011)

CrimsonKnight13 · 02:29 PM

[HOW-TO][zergRush Root] Root w/ v2.2.x-2.3.x (NOT ICS 4.x or GB after 11/2011)

This thread is a collaboration by myself, paxChristos, DooMLorD, & amishxda. Please give credit where credit is due. Thanks.

This method has been confirmed to work on all models of the Xperia PLAY - R800x / R800i / R800a / R800at. Also works perfectly with the Xperia Arc.
WARNING: This doesn't work, however, on the Verizon Wireless R800x v2.3.2. Please update to v2.3.3 before rooting. - confirmed by paxChristos
WARNING #2: Confirmed that this doesn't work with 4.0.2.A.0.62

MAJOR WARNING - ICS (4.x) doesn't work with it & any update to GB (2.3.x) after November 2011 won't either.

Quote:

Originally Posted by paxChristos

The exploit used in this toolkit was patched back in November of 2011. No more updates will come from the exploit devs.

Thanks to everyone who tested this out for me & confirmed that it worked!

NOTE: Before you attempt to root your phone, please ensure that you have the Android SDK installed. It has the adb binary within it.

Android SDK
http://developer.android.com/sdk/index.html

All needed files have been attached for this process to work correctly.
Note: I didn't create zergRush. I only found the method to implement permanent root after zergRush has done its job.

Automatic Root
1) SuperOneClick
SuperOneClick now has the zergRush method built-in.
Please see the source thread if you have any questions.
Downloads available @ http://shortfuse.org/
Source: http://forum.xda-developers.com/show....php?t=803682a

2a) DooMLoRD's Easy Rooting Toolkit [v4] (zergRush Exploit)

This is the one click method that everyone has been asking for & DooMLoRD has answered with this.

Quote:

Originally Posted by DooMLoRD

UPDATE: added v4, with newest zergRush binary (21 Nov 2011) and few corrections/additions to script

UPDATE: most companies are patching the exploit in the latest firmwares (Samsung, Motorola, Sony Ericsson, etc)

UPDATE: added v3, with newest zergRush binary (16 Nov 2011) and newer superuser files

UPDATE: added v2, with newest zergRush binary (10 Nov 2011) and newer superuser files

[ support the developers ]

There have now been nearly 440,000 downloads of this easy rooting toolkit for various devices (see list here), and many more if you include variations/different translations, etc that use it.

Don't be a leech, buy me a coffee/beer/etc (and use the "Thanks" button!). Imagine if every user of this tool had donated me even $1...

if you want to support Revolutionary Team (creators of the Exploit which makes this possible ) you can donate to Revolutionary Team's PayPal Donation Link

[ Info ]

(WINDOWS ONLY)

WILL WORK ON BOTH LOCKED & UNLOCKED BOOTLOADER DEVICES!

just download the attached file, extract it using winzip/winrar

go to the folder where its extracted and execute "RUNME.bat"

read and follow the instructions on the screen!

Code:

 ---------------------------------------------------------------
                  Easy rooting toolkit (v4.0)
                    created by DooMLoRD
         using exploit zergRush (Revolutionary Team)
    Credits go to all those involved in making this possible!
 ---------------------------------------------------------------[*] This script will:
      (1) root ur device using latest zergRush exploit (21 Nov)
      (2) install Busybox (1.18.4)
      (3) install SU files (binary: 3.0.3 and apk: 3.0.6)
  [*] Before u begin:   
      (1) make sure u have installed adb drivers for ur device
      (2) enable "USB DEBUGGING" 
            from (Menu\Settings\Applications\Development)
      (3) enable "UNKNOWN SOURCES"
            from (Menu\Settings\Applications)
      (4) [OPTIONAL] increase screen timeout to 10 minutes
      (5) connect USB cable to PHONE and then connect to PC
      (6) skip "PC Companion Software" prompt on device

[ Tested on ]

Tested & Reported to be working on the THESE devices

[ Credits ]

Credits go to all those involved in making this possible!

zergRush Binary from: Revolutionary - zergRush local root

Inspired from: http://forum.xda-developers.com/show....php?t=1312859

[ Donations ]

if u feel that this work has helped u OR u think that the work i put into making this is worthy of donations, then click on the following link for buying me some coffee/beer/etc My PayPal Donation Link

if you want to support Revolutionary Team (creators of the Exploit which makes this possible ) you can donate to Revolutionary Team's PayPal Donation Link

[ Download Links ]

DooMLoRD_v4_ROOT-zergRush-busybox-su.zip <NEW>

DooMLoRD_v3_ROOT-zergRush-busybox-su.zip

DooMLoRD_v2_ROOT-zergRush-busybox-su.zip

DooMLoRD_v1_ROOT-zergRush-busybox-su.zip

[ UnRooting ]

want to unroot? read this

[ Scripts posted by others ]

Rooting script for Linux
Rooting script for MAC OSX
Toolkit for GT-I9000
For Atrix 2
For VIZIO vTab1008

regards,

DooMLoRD

Source: http://forum.xda-developers.com/show....php?t=1319653

My deepest thanks to DooMLoRD for automating & simplifying this process!

2b) amishxda's modified Linux script (based on paxChristos' script // Source: DooMLoRD's Easy Rooting Toolkit)

Quote:

Originally Posted by amishxda

Update: Updated as per DooMLoRD's v4.0 script with zergRush binary of 21 Nov 2011 and with makespace which deletes Google Maps if there is not enough space.(< 6MB)

Hello

I am completely new to Android but not at all new to Linux.

I used paxchristos script (ran commands manually though) to root my Sony Ericsson Live with Walkman. (WT19i / Android 2.3.4 / Build 4.0.2.A.0.58)

Source threads used:
http://forum.xda-developers.com/show....php?t=1319653
http://forum.xda-developers.com/show...php?p=18615502

In an attached file, I fixed/modified/added few things in paxchristos script. Here is the detail:

1) Fixed error in symlinking su. (source/destination were same)
2) Don't delete (and recreate) /data/local/tmp/ directory unnecessarily, just delete its contents
3) Uses dd instead of cp (because DooMLoRD's script does, ~~dont know why!~~). Update: as per anantshri, dd is used because cp has been known to give errors.
4) If your system already has 'adb' then it uses system 'adb' instead of one in zip-archive.
5) Updated zip archive to contain the latest files from DooMLoRD's archive (paxchristos archive seemed old)

Please try/verify and let me know if I missed something.

Thanks.

zergRush_automated_Linux_root.zip

Source: http://forum.xda-developers.com/show...php?p=20869699
Original script by paxChristos: http://forum.xda-developers.com/show...2#post18615502

Manual Root
3) Noob Friendly Guide
paxChristos has provided me with a very comprehensive guide regarding this process for anyone that absolutely wants a step-by-step layout.
It has been attached to this thread within a 7-zip file. If you would like the faster route, please follow my own instructions.

Download PDF Guide

4) Advanced Android Users (& those that are aiming to be) Guide
Download all required files. Drivers have been provided courtesy of paxChristos for anyone that needs them.
Do the following within a cmd (as administrator) or terminal prompt (through sudo or root user)

Code:

adb shell mkdir /data/local/tmp
adb push zergRush /data/local/tmp
adb chmod 755 /data/local/tmp/zergRush
adb shell
cd /data/local/tmp/
./zergRush
adb remount
adb push su /system/bin
adb push su /system/xbin
chmod 4755 /system/bin/su
chmod 4755 /system/xbin/su
exit
adb install Superuser.apk
Alternate: adb push Superuser.apk /system/app

installed BusyBox (if it doesn't show up on the system already) via any busybox installer market app
Ran SuperUser & verified settings

Code:

adb reboot

Android should be completely rooted!

Automatic Unroot
DooMLoRD's Unrooting Script

Quote:

Originally Posted by DooMLoRD

UNROOTING SCRIPT v1.0

so here is the unrooting script to be USED ONLY AND ONLY IF U HAVE USED MY FILES (Easy Rooting Toolkit) FOR ROOTING

[ WARNING ]

if u have used any other way/solution for rooting then PLEASE DO NOT RUN THIS... you MIGHT END UP with damaged system...

(thats cause some ppl create symlinks for busybox in /system/bin/ which wipes out stock symlinks to /system/bin/toolbox and breaks/damages system)

[ DISCLAIMER ]

I AM NOT TO BE HELD RESPONSIBLE IF U DAMAGE UR PHONE / SPILL UR COFFEE / MISS UR ALARMS / ANY OTHER CALAMITY/MISHAP

REMEMBER YOU ARE DOING THIS AT YOUR OWN RISK

now that the warning is clear (hopefully) lets get to unrooting

Tested on:

Sony Xperia ARC

so here is the file.. (WINDOWS ONLY)

just download the attached file, extract it using winzip/winrar

go to the folder where its extracted and execute "RUNME-UNROOT.bat"

read and follow the instructions on the screen!

Code:

---------------------------------------------------------------
                   Easy rooting toolkit (v1.0)
                       UNROOTING SCRIPT
                      created by DooMLoRD
   based heavily on FlashTool scripts (by Bin4ry and Androxyde)
    Credits go to all those involved in making this possible!
---------------------------------------------------------------
 [*] This script will:
      (1) unroot ur device using special script
      (2) remove Busybox and assocaited symlinks
      (3) remove SU files and assocaiated data
 [*] Before u begin:   
      (1) make sure u have installed adb drivers for ur device
      (2) enable "USB DEBUGGING" 
            from (Menu\Settings\Applications\Development)
      (3) enable "UNKNOWN SOURCES"
            from (Menu\Settings\Applications)
      (4) [OPTIONAL] increase screen timeout to 10 minutes
      (5) connect USB cable to PHONE and then connect to PC
      (6) skip "PC Companion Software" prompt on device
 ---------------------------------------------------------------

if all goes well u will get output LIKE THIS

regards,

DooMLoRD

DooMLoRD_v1_UNROOTING.zip

Sources/Acks/Links/Attachments
Sources:
http://forum.xda-developers.com/show....php?t=1312082
http://forum.xda-developers.com/show....php?t=1296916
http://androidsu.com/superuser/

Acknowledgments:
Ch4lky - Sony Ericsson Xperia fix for zergRush (Revolutionary Team)
ieftm - zergRush (Revolutionary Team)
Revolutionary Team - many thanks to everyone who worked on zergRush
paxChristos - provided debug info to Ch4lky & created the Noob PDF guide
ChainsDD - Superuser & su
DooMLoRD - for the awesome rooting & unrooting scripts
CLShortFuse - SuperOneClick
Cl8rs - identified possibility for Xperia PLAY to use zergRush
XenonMD - confirmed that this works on the R800i
barlw - confirmed that this works on the R800a
Luniticus - confirmed that this works on the R800at
AndroHero - recommended the alternate method for pushing the Superuser.apk to /system/app for working around stability issues
amishxda - for updating paxChristos' script to work on more phones from Linux
Everyone else - who have confirmed that it works on many other phones

Please let me know any new information to smooth out the process. I'll modify this post to ensure it's a smooth one.

zergRush (no longer attaching due to new updates from the devs) - supports a large amount of phones
https://github.com/downloads/revolut...h/zergRush.zip

Superuser v3.0.7 apk
http://goo-inside.me/superuser/Super...fgh-signed.zip
su v3.0.3.2 binary
http://goo-inside.me/superuser/su-bin-3.0.3.2-efghi-signed.zip

Cl8rs · 03:25 AM

Thanks!!!

CrimsonKnight13 · 03:34 AM

Edit: Please PM me if you were a part of discovery, research or one of the tools listed.

Cl8rs · 21st October 2011, 03:23 AM

Thanks

I wasn't trying to be stuck up or anything, just wanted credit.

pomdave · 21st October 2011, 04:08 AM

Awesome...I've been watching the Zerg thread with bated breath and I didn't have to wait long.

i just wish I had my damn usb cable with me right now.

Big thanks to all involved, I will be trying this asap.

Cl8rs · 21st October 2011, 04:12 AM

Is there a way to un-root? Just curious...

paxChristos · 09:01 PM

Step-by-literal-step

If you feel like seeing the step by step PDF Guide, go to these : attached to post #1, or:
At dropbox.com: http://db.tt/RaAUnzjW
At Ubuntu one: http://ubuntuone.com/64OujxgkGMv1N2QSoPmXin
or at Filesonic: http://www.filesonic.com/file/2730341354

If you're doing the script rooting in linux, do these things first
1) Download and unzip file (it's below at dropbox.com or ubuntu one; or it's posted in #1 as an attachment)
2) open up terminal
3) type "su"
4) enter your password
4a) if you don't have su set up
4b) type "passwd"
4c) enter you username password (no, there will be no ***s to show that you entered anything, just hit enter when you've inputted your password)
4d) input a password for root (unix) (no, there will be no ***s to show that you entered anything, just hit enter when you've inputted your password)
4e) type "su" and enter your password
5) navigate to location you unzipped the file to (chrome default download is /home/[your username]/Downloads)
6) type "chmod 755 runme-linux"
7) type "cd files"
8) type "chmod 755 adb"
9) type "cd .."
10) type "./runme-linux"
11) type "exit" x2 to exit terminal
12) enjoy your rooted play!

Here's the script (and all applicable files) (totally ripped off DooMLoRD's code, thank him, please, for me), go to these links:
At dropbox.com: http://db.tt/a4H6QFfV
At Ubuntu one: http://ubuntuone.com/7mD63kpsKzGmaou5hcftBV

Here's the linux script code

Code:

#!/bin/bash

#This is DooMLoRD's script for windows. I've ported it to linux
#Somethings to remember
#1) Chmod this file!! ("chmod 777 runme-linux")
#2) Run this script as su in terminal (if you haven't set up your su     password run the command "passwd" in terminal, it'll ask you for your   username password, and then you'll type in a root password. NOTE: You   will not see any changes (i.e. *** representing typed letters) but the  password is still being inputted.


#I skipped all of DooMLoRD's info because I'm using VIM and don't feel   like rewritting it
echo "--Starting---"
echo "---Killing the adb server to make sure that there are no problems---"
./files/adb kill-server

echo "---Waiting for Device---"
./files/adb wait-for-device

echo "---Cleaning out any previous zergRush attempts---"
./files/adb shell rm -r /data/local/tmp

echo "---Creating temp folder for zergRush---"
./files/adb shell mkdir /data/local/tmp

echo "---Pushing zergRush---" 
./files/adb push ./files/zergRush /data/local/tmp/

echo "---Fixing permissions for zergRush---"
./files/adb shell chmod 755 /data/local/tmp/zergRush

echo "---Running zergRush---"
./files/adb shell /data/local/tmp/zergRush

#If it gets stuck here for a long time then try:
#1)disconnect usb cable and reconnect it
#2)toggle "Usb Debugging" (first disable it then reenable it")

echo "---Device found!---"
./files/adb wait-for-device

echo "---Pushing busybox---"
./files/adb push ./files/busybox /data/local/tmp

echo "---Fixing busybox permissions---" 
./files/adb shell chmod 755 /data/local/tmp/busybox

echo "---remounting system---"
./files/adb shell /data/local/tmp/busybox mount -o remount,rw /system

echo "---copying busybox to /system/xbin---" 
./files/adb push files/busybox /system/xbin

echo "---fixing ownership and permissions---"
./files/adb shell chown root.shell /system/xbin/busybox
./files/adb shell chmod 04755 /system/xbin/busybox

echo "---installing busybox---"
./files/adb shell /system/xbin/busybox --install -s /system/xbin

echo "---cleaning up---" 
./files/adb shell rm -r /data/local/tmp/busybox

echo "---pushing SU binary---" 
./files/adb push ./files/su /system/bin/su

echo "---correcting ownership and permissions for SU---"
./files/adb shell chown root.shell /system/bin/su
./files/adb shell chmod 06755 /system/bin/su

echo "---correcting symlinks---"
./files/adb shell rm /system/xbin/su
./files/adb shell ln -s /system/bin/su /system/xbin/su

echo "---Pushing Superuser app---"
./files/adb push ./files/Superuser.apk /system/app/

echo "--cleaning---"
./files/adb shell rm -r /data/local/tmp

echo "---rebooting---"
./files/adb reboot

echo "---All done, your Xperia Play has been rooted by DooMLoRD---"
echo "---This script has been ported by paxchristos!!---"
echo "---If have any questions, feel free to email me @ nielson.peter@gmail.com---"

[Removed walkthrough because it's in the PDF guide. And the PDF guide has pictures. Pretty, pretty pictures of unicorns. Or command line. You decide.]

Thank you to: cl8rs for stumbling up zergRush,
Ch4lky, ieftm, and the Revolutionary team for making (and updating zergRush)
CrimsonSentinal13 for getting us from adb root to phone rooted!
DooMLoRD for doing the script in windows, and giving me something to work off of!

Have fun people, and enjoy!!

Note: With the stock kernal, we cannot overclock, but you can underclock your cpu

Note2: Drivers were added to the first post (Crimsonsentinal13) for sake of keeping everything simpler added drivers for Xperia Play -- to get them to work (if you don't already have them installed, goto device manager, find the SEMC driver (it might show up as android device or unknown device) then update driver, and point it to this zip (unzipped, of course) :P
Note3: Android SDK Download link: http://developer.android.com/sdk/index.html

Note4: Unrooting?? Who would want to unroot?? :P One way I unrooted (using my wife's Casio Commando was to uninstall superuser.apk, and the busybox installer (i know, i didn't get rid of everything) but at that point, unless the Verizon/Phone Company employee is a genius, they won't know whether or not you're rooted

Note5: OTA Updates. We don't know what'll happen. If one comes, DENY until we can figure out what'll happen... Most likely, it'll just lose root (hopefully temporarily, we won't know until we get there) but if it bricks all the rooted Plays, I don't want an angry mob with pitchforks at my or Crimsonsentinals13's doorstep

Note6: Updated guide!! Hopefully I fixed all the errors that were in there before (thank you to all the users that pointed them out to me) and added a few things.

Note6B: Somebody had a problem with a busybox installer not downloading from the android market. attached a free one off android market that I used. I only have guesses why this happened (pm setInstallLocation 2...?) but here one is so you have that option as well...

Note6C:I also attached insecure adb. Insecure ADB is COMPLETELY OPTIONAL and should only be downloaded and installed AFTER YOU HAVE ROOT if you want to use root in adb after you reboot. Again COMPLETELY OPTIONAL and you won't necessarily need it.

Note7: As jeffkhlam found out, at no point do you need fastboot. This doesn't unlock the bootloader (no custom roms.)

Note8: If you're having issues doing this, I'll be hopping on and off the thread between 8:00am until about 11:00pm Central Standard Time. If it's not between those hours, please wait, we'll get around to helping you!