[Tutorial][S-on]Temp root Wildfire s

---

Original Thread

Quote:

Originally Posted by qzfive

In attempt to get root apps working on my Chacha after obtaining root shell via zergRush, I remembered an old exploit that my old Desire Z used called VISIONary+ that ran an exploit called rageagainstthecage (has since been patched by HTC) and mounted a ramdisk at /system/xbin, copied the su and busybox binaries to this ramdisk, and installed Superuser.apk as a normal application, which allowed for an almost fully functional root until reboot.

I opened up the VISIONary.apk with WinRAR and found a shell script with individual shell commands which match everything the application does. I typed these commands into adb shell running from my computer with my Chacha connected:


adb shell /data/local/zergRush (to obtain temproot via shell)

Once zergRush was done:

adb remount
adb shell mkdir /system/xbin (told me it already exists, assuming this is normal)
adb push Superuser.apk /data/app/
adb shell chmod 0644 /data/app/Superuser.apk
adb shell mount -t tmpfs none /system/xbin (this creates a ramdisk out of /system/xbin for the su and busybox binaries since they can't be pushed to the physical /system/xbin due to locked bootloader)
adb push busybox /system/xbin
adb shell chmod 4755 /system/xbin/busybox
adb push su /system/xbin/su
adb shell chmod 4755 /system/xbin/su
adb shell /system/xbin/busybox --install -s /system/xbin


After I typed all of that into adb on my computer, I obtained temproot on my Chacha (opened SetCPU, was asked for a Superuser prompt, haven't tested anything else yet). If anyone is willing to try this, please do so and report back. If this is better suited in the Development section, please inform me and I will remake this in Development.

EDIT: a modified su/Superuser.apk was required for this to work on newer Sense ROMs (Chacha included) - I have attached the modified su binary (must unzip) and Superuser.apk

VISIONary+ obtained from: http://android.modaco.com/topic/3203...ne-click-root/
Modified su/Superuser.apk from: http://forum.xda-developers.com/show...ight=superuser

-----
EDIT 2: attached a .zip which contains a .bat script which executes these commands for you, to make it easier and quicker to apply/reapply this temp root. Use the contents of temproot.zip instead.

Test it by myself and it works.

If you're running zergrush more than once you need to remove boomsh and sh.
type the following into adb shell:
1) "rm /data/local/tmp/boomsh"
2) "rm /data/local/tmp/sh"

App tested to be OK
-setcpu
-Titanium Backup (Backup and restore Data app only.)
-Root Explore (can't edit /system unless s-off)

Something that will never happen unless s-off
-flash custom rom
-flash recovery
-motify system, etc.

Bug:
-Speaker won't work ?

Is there some way not to loose root in such case after reboot ? Otherwise I don't see how temp root could be really useful.

Can we uninstall the stock apps using this method?

Sent from my HTC Wildfire S A510e using XDA App

Quote:

Originally Posted by drsjlazar

Can we uninstall the stock apps using this method?

Sent from my HTC Wildfire S A510e using XDA App

Something that will never happen unless s-off
-flash custom rom
-flash recovery
-motify system, etc.

Have I answered your question ?! NO

Reboot problem.....

---

It worked pretty well but my phone reboots if I keep it locked for a while.Any suggestions????

Wow, nice to know this works on other devices


The only "bugs" I noticed when I do this on my Chacha (similar device/same processor), is that the SD card unmounts itself when zergRush runs (might be part of the exploit zergRush does?), and that if I do this too early (ie. the "HTC Quietly Brilliant" bootanimation), it throws my phone into a bootloop -- haven't noticed any speaker bugs as of yet.
EDIT: I only get reboots when something tries modifying the /system partition - because my device is still S-ON (I'm trying to find an XTC Clip), the bootloader triggers a reboot


--Just another thought: since this mounts a ramdisk, would it work on any device that's temprootable? o_O

Hmmm. Is it possible to make a fake flash of the recovery? Anyone try this?

Quote:

Originally Posted by qzfive

Wow, nice to know this works on other devices


The only "bugs" I noticed when I do this on my Chacha (similar device/same processor), is that the SD card unmounts itself when zergRush runs (might be part of the exploit zergRush does?), and that if I do this too early (ie. the "HTC Quietly Brilliant" bootanimation), it throws my phone into a bootloop -- haven't noticed any speaker bugs as of yet.
EDIT: I only get reboots when something tries modifying the /system partition - because my device is still S-ON (I'm trying to find an XTC Clip), the bootloader triggers a reboot


--Just another thought: since this mounts a ramdisk, would it work on any device that's temprootable? o_O

Yes...I have used zergRush many times and it unmounts the SD card everytime.....so I think its not a bug......you answered my question of reboots tough,thanks.
And maybe this temproot method just might work for every device.

It doesnt work on htc pico (s"on).
Zergrush dont succeed

Sent from my Dell Streak using XDA App

Quote:

Originally Posted by jitin02

It doesnt work on htc pico (s"on).
Zergrush dont succeed

Sent from my Dell Streak using XDA App

Maybe HTC patched zergRush on the Pico/Explorer