Rooting the TF300T *without* downgrading (from .29)
Hello,
I managed to root my TF300 this week-end.
Since the method of downgrading to .17, getting root, then waiting for Asus to update it again OTA to .29... was not really satisfying to me, I found a simpler (and hopefully safer) way to do it.
Story short: instead of getting write access to mmcblk0p4 to write a blob (as in method #2 of http://forum.xda-developers.com/show....php?t=1622628), I'm getting write access to mmcblk0p1 to write a single file, with suid perms.
Here is the full guide, and the link to the binaries at the end.
Please be sure to read it until the end, and to understand every line of it. I thus encourage you to read the debugfs manpage here: http://linux.die.net/man/8/debugfs
Of course, there is no garantee for this to work or to not brick your device, especially if you don't understand what you type, so RTFM twice.
Here is now the full guide:
Rooting the Asus Transformer TF300T
===================================
: first, use known method to get write access to the /system partition
Code:
adb push debugfs /data/local/
adb push su /data/local/
adb shell
$ toolbox chmod 755 /data/local/debugfs
$ /data/local/debugfs -w /data/local/tmp
debugfs: cd xbin
debugfs: rm su
NOTE: if this is your first attempt, you should see an error message here, simply ignore it
debugfs: write /data/local/su su
debugfs: set_inode_field su mode 0106755
debugfs: set_inode_field su uid 0
debugfs: set_inode_field su gid 0
debugfs: quit
$ rm /data/local/tmp
$ mv /data/local/tmp.back /data/local/tmp
$ exit
Next step is to install ASAP the superuser app from the market, since my version of su is home-made, and was not designed with security in mind.
After installation, or if you previously installed, open it and check for an update, there should be one available. This will replace the non-securised su binary with the one provided by superuser. Reboot when asked to, and you're done.
The source code of su is given, and debugfs was compiled natively from a gentoo chroot inside my Transformer (the first version was cross-compiled but segfaulted now and then).
Please let me know how it goes for you.
Credits: wolf849 for the symlink exploit
EDIT0: sparkym3 created a tool integrating this procedure. Although it seems to work only on Windows, a "few" users could make use of it
Here is the URL:
Quote:
Originally Posted by sparkym3
I have created an automated tool using this root method and am looking for confirmation that it works on a Transformer 300.
EDIT1: Here are the devices successfully rooted so far:
ASUS TF300T .26 .29 .30
ASUS TF201 .21 .28
ASUS TF101 S/N B70* .24
ASUS PadFone IML74K.CHT_PadFone-9.18.8.41_CHT_9.1.15-0
ASUS TF700T
SAMSUNG Galaxy II ICS 4.0.3
SAMSUNG Galaxy Tab 2 7"
Since the method of downgrading to .17, getting root, then waiting for Asus to update it again OTA to .29... was not really satisfying to me, I found a simpler (and hopefully safer) way to do it.
Story short: instead of getting write access to mmcblk0p4 to write a blob (as in method #2 of http://forum.xda-developers.com/show....php?t=1622628), I'm getting write access to mmcblk0p1 to write a single file, with suid perms.
Here is the full guide, and the link to the binaries at the end.
Please be sure to read it until the end, and to understand every line of it. I thus encourage you to read the debugfs manpage here: http://linux.die.net/man/8/debugfs
Of course, there is no garantee for this to work or to not brick your device, especially if you don't understand what you type, so RTFM twice.
Here is now the full guide:
Rooting the Asus Transformer TF300T
===================================
: first, use known method to get write access to the /system partition
The source code of su is given, and debugfs was compiled natively from a gentoo chroot inside my Transformer (the first version was cross-compiled but segfaulted now and then).
Please let me know how it goes for you.
Credits: wolf849 for the symlink exploit
milo
If this proves to be successful across multiple users, I may try this out; I'm excited to see how this information pans out.
Yep. That was me.
In essence I had a locked (can get OTA), not rooted device with .26 WW firmware.
Now I've got a locked (can still get OTA unless Asus changes something), rooted device with .29 WW firmware.
This is the holy grail for tf300t users at the moment.
Question: Why weren't you satisfied with downgrading method? i asked because I did the downgrade method and the tf300 has been working fine.
Because risk was too high in my opinion:
- risk to brick when injecting the blob into mmcblk0p4 (if the tablet reboot in the middle, I guess you get a 500€ brick)
- risk to not receiving any ASUS OTA (many users have reported this, I didn't want to test it myself)
The procedure was also a bit too complex, between US, DE, DE to WW, and WW blobs.
Also the .17 WW blob is nowhere available.
With my method, there is one risk, it is if the tablet reboot in the middle of writing into the partition. But I guess than, like any other linux (or unix for that matter), the android boot would run fsck on the partition and get it repaired.
And my method is faster !!
Sent from my ASUS Transformer Pad TF300T using XDA
ASUS TF300T Stock - SAMSUNG Galaxy SIII Stock - HTC Desire HD CM7 - Got root !
The topic of piracy is always a touchy subject, but I feel that the grass roots style of Android … more
XDA Developers was founded by developers, for developers. It is now a valuable resource for people who want to make the most of their mobile devices, from customizing the look and feel to adding new functionality. Are you a developer?
Introducing XDA:DevCon – A Conference For Developers By Developers
>
Rooting the TF300T *without* downgrading (from .29)
Print
Email
Rooting the TF300T *without* downgrading (from .29)
View Profile
View Forum Posts
Confirmed
)
Linear Mode
