Post Reply

[ROOT][HOW-TO]Working Root Method for ICS 4.0.4

13th June 2012, 12:35 AM   |  #1  
OP Senior Member
Flag Victoria
Thanks Meter: 123
 
172 posts
Join Date:Joined: Mar 2009
More
** Update ****************
************************
Posted a .zip with scripts for both Windows and *nix users to automate the process.

Linux:
-----
Unzip the contents of the attached ICS404root.zip anywhere on your computer and run the script aptly named "runme_root_script.sh". It should take care of the rest. Make sure you have USB Debugging enabled and you put the phone in Camera mode, not mass storage device.

Windows:
---------
Unzip ICS404root.zip wherever you want and then run "rootscript.bat". Make sure you have USB Debugging enabled and you put the phone in Camera mode, not mass storage device.
*************************
*************************

Credit to miloj for finding this technique on the Transformer. (See the thread noted below and be sure to thank him!) I modified it to work on our devices.

http://forum.xda-developers.com/show....php?t=1704209

I'll put together a script to automate this process shortly, but if you're antsy like me, here's the lowdown:

1. Download the following files:

su: http://db.tt/ShPzea6I
debugfs: http://db.tt/bGFh43LZ

2. Save the two files downloaded above on /sdcard. (ie: mount your sdcard in windows and copy them over, or "adb push" them to /sdcard).

**Make sure you have your phone on Mount Camera mode, not as a mass storage device; otherwise, you won't be able to access your /sdcard directory via adb. **

3. In a linux terminal/Windows command prompt:

Code:
adb shell

shell@cdma_maserati:/ $ cd /sdcard
shell@cdma_maserati:/ $ cp su /data/local/12m/
shell@cdma_maserati:/ $ cp debugfs /data/local/12m/
shell@cdma_maserati:/ $ cd /data/local/12m
shell@cdma_maserati:/ $ chmod 755 debugfs
shell@cdma_maserati:/ $ chmod 755 su
shell@cdma_maserati:/ $ mv batch batch.bak
shell@cdma_maserati:/ $ ln -s /dev/block/mmcblk1p20 batch
shell@cdma_maserati:/ $ exit

adb reboot
4. While you are waiting for the phone to reboot, type the following into your terminal/command window:

Code:
adb wait-for-device shell
5. Once you're back into the android shell:

Code:
shell@cdma_maserati:/ $ cd /data/local/12m
shell@cdma_maserati:/ $ rm batch
shell@cdma_maserati:/ $ mv batch.bak batch
shell@cdma_maserati:/ $ /data/local/12m/debugfs -w /dev/block/mmcblk1p20

(The following is entered at the "debugfs:" prompt)

debugfs: # cd xbin
debugfs: # write /data/local/12m/su su
debugfs: # set_inode_field su mode 0104755
debugfs: # set_inode_field su uid 0
debugfs: # set_inode_field su gid 0
debugfs: # quit

shell@cdma_maserati:/ $ cd /data/local/12m
shell@cdma_maserati:/ $ rm su
shell@cdma_maserati:/ $ rm debugfs
shell@cdma_maserati:/ $ exit

adb reboot
Done deal. Now you've got the "su" binary pushed to your /system partition and set with the proper permissions for execution. Download the Superuser app from the market and you're good to go. Make sure you update the su binary within the Superuser app as well to make sure you're up to date.
Attached Files
File Type: zip ICS404root.zip - [Click for QR Code] (1.40 MB, 39843 views)
Last edited by Rick#2; 19th June 2012 at 08:08 AM.
The Following 20 Users Say Thank You to Rick#2 For This Useful Post: [ View ]
13th June 2012, 01:28 AM   |  #2  
Recognized Contributor
Flag Toronto
Thanks Meter: 239
 
889 posts
Join Date:Joined: Sep 2011
Donate to Me
More
Awesome! Were you able to upgrade to the latest leak and not lose root? Btw, what carrier are you on? I figured out how to get tethering fully functional on rogers but the process requires root...

Sent from my XT894 running ICS
13th June 2012, 06:00 AM   |  #3  
OP Senior Member
Flag Victoria
Thanks Meter: 123
 
172 posts
Join Date:Joined: Mar 2009
More
You bet. I had to fastboot the leaked .208 update over top of the .206 update yesterday because I messed up my /system partition; I had used the OTA Rootkeeper to keep root permissions when upgrading from .219 but had foolishly disabled it right before I bungled everything up.

So to sum it up, this method didn't require anything to be done before updating to the .208 leak; since it has nothing to do with the technical details of the kernel itself, I'm fairly certain it should work for the .200 or .206 leaks as well. Root permissions were obtained from a completely stock system.

I'm in Canada with Bell but it doesn't matter because I imported the phone from the US; Verizon is the only carrier that has this phone. At any rate, this method is pretty universal, it is preying on a vulnerability present in the stock init.rc file and I bet it would work on other phones such as the RAZR as well.
Last edited by Rick#2; 13th June 2012 at 06:03 AM.
13th June 2012, 06:26 AM   |  #4  
Member
Thanks Meter: 7
 
95 posts
Join Date:Joined: Oct 2011
So we can confirm this is 100% working with Fastbooting back and moving to 208? If so I will probably jump on this immediately.
13th June 2012, 08:14 AM   |  #5  
Senior Member
Thanks Meter: 121
 
444 posts
Join Date:Joined: Sep 2011
More
I am trying to do this method but I cant adb to detect my phone. Im on the .208 leak. Can anybody help?
13th June 2012, 08:47 AM   |  #6  
OP Senior Member
Flag Victoria
Thanks Meter: 123
 
172 posts
Join Date:Joined: Mar 2009
More
Have you enabled USB Debugging in the Settings->Developer Options menu?
13th June 2012, 08:51 AM   |  #7  
Senior Member
Thanks Meter: 121
 
444 posts
Join Date:Joined: Sep 2011
More
Quote:
Originally Posted by Rick#2

Have you enabled USB Debugging in the Settings->Developer Options menu?

Yep.
13th June 2012, 09:04 AM   |  #8  
Die Bruine's Avatar
Senior Member
Flag Delft
Thanks Meter: 22
 
518 posts
Join Date:Joined: Jan 2008
More
Not able to reboot, trying manually...

Code:
debugfs:  /data/local/12m/su: Permission denied
debugfs:  su: File not found by ext2_lookup
debugfs:  su: File not found by ext2_lookup
debugfs:  su: File not found by ext2_lookup
Had to reboot manually twice. This is the only error message I received. Tried Superuser, but it stops.

I'm on .200 btw.
Last edited by Die Bruine; 13th June 2012 at 09:16 AM.
13th June 2012, 09:14 AM   |  #9  
Senior Member
Thanks Meter: 28
 
187 posts
Join Date:Joined: Jan 2012
Quote:
Originally Posted by droidian1441

Yep.

I'm having the same issue. I'm on the 208 leak. I start command prompt in windows then type "adb shell" and I get the "device not found" message. I enabled usb debugging and my phone is connected as mass storage.
Last edited by Grizzy3; 13th June 2012 at 09:29 AM.
13th June 2012, 09:15 AM   |  #10  
Member
Thanks Meter: 7
 
95 posts
Join Date:Joined: Oct 2011
Likewise, Reboot requires su access, manual only. When I go and run the write command in debugfs permission denied. Any ideas what would cause this? Based on the code shown in the first post, SU had been already acquired(# vs $), which makes me wonder here.
Last edited by gdeeble; 13th June 2012 at 09:21 AM.

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes