Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,733,834 Members 46,561 Now Online
XDA Developers Android and Mobile Development Forum

[ROOT][HOW-TO]Working Root Method for ICS 4.0.4

Tip us?
 
Rick#2
Old
(Last edited by Rick#2; 19th June 2012 at 08:08 AM.)
#1  
Senior Member - OP
Thanks Meter 123
Posts: 172
Join Date: Mar 2009
Location: Victoria
Default [ROOT][HOW-TO]Working Root Method for ICS 4.0.4

** Update ****************
************************
Posted a .zip with scripts for both Windows and *nix users to automate the process.

Linux:
-----
Unzip the contents of the attached ICS404root.zip anywhere on your computer and run the script aptly named "runme_root_script.sh". It should take care of the rest. Make sure you have USB Debugging enabled and you put the phone in Camera mode, not mass storage device.

Windows:
---------
Unzip ICS404root.zip wherever you want and then run "rootscript.bat". Make sure you have USB Debugging enabled and you put the phone in Camera mode, not mass storage device.
*************************
*************************

Credit to miloj for finding this technique on the Transformer. (See the thread noted below and be sure to thank him!) I modified it to work on our devices.

http://forum.xda-developers.com/show....php?t=1704209

I'll put together a script to automate this process shortly, but if you're antsy like me, here's the lowdown:

1. Download the following files:

su: http://db.tt/ShPzea6I
debugfs: http://db.tt/bGFh43LZ

2. Save the two files downloaded above on /sdcard. (ie: mount your sdcard in windows and copy them over, or "adb push" them to /sdcard).

**Make sure you have your phone on Mount Camera mode, not as a mass storage device; otherwise, you won't be able to access your /sdcard directory via adb. **

3. In a linux terminal/Windows command prompt:

Code:
adb shell

shell@cdma_maserati:/ $ cd /sdcard
shell@cdma_maserati:/ $ cp su /data/local/12m/
shell@cdma_maserati:/ $ cp debugfs /data/local/12m/
shell@cdma_maserati:/ $ cd /data/local/12m
shell@cdma_maserati:/ $ chmod 755 debugfs
shell@cdma_maserati:/ $ chmod 755 su
shell@cdma_maserati:/ $ mv batch batch.bak
shell@cdma_maserati:/ $ ln -s /dev/block/mmcblk1p20 batch
shell@cdma_maserati:/ $ exit

adb reboot
4. While you are waiting for the phone to reboot, type the following into your terminal/command window:

Code:
adb wait-for-device shell
5. Once you're back into the android shell:

Code:
shell@cdma_maserati:/ $ cd /data/local/12m
shell@cdma_maserati:/ $ rm batch
shell@cdma_maserati:/ $ mv batch.bak batch
shell@cdma_maserati:/ $ /data/local/12m/debugfs -w /dev/block/mmcblk1p20

(The following is entered at the "debugfs:" prompt)

debugfs: # cd xbin
debugfs: # write /data/local/12m/su su
debugfs: # set_inode_field su mode 0104755
debugfs: # set_inode_field su uid 0
debugfs: # set_inode_field su gid 0
debugfs: # quit

shell@cdma_maserati:/ $ cd /data/local/12m
shell@cdma_maserati:/ $ rm su
shell@cdma_maserati:/ $ rm debugfs
shell@cdma_maserati:/ $ exit

adb reboot
Done deal. Now you've got the "su" binary pushed to your /system partition and set with the proper permissions for execution. Download the Superuser app from the market and you're good to go. Make sure you update the su binary within the Superuser app as well to make sure you're up to date.
Attached Files
File Type: zip ICS404root.zip - [Click for QR Code] (1.40 MB, 38717 views)
The Following 20 Users Say Thank You to Rick#2 For This Useful Post: [ Click to Expand ]
 
danifunker
Old
#2  
Recognized Contributor
Thanks Meter 239
Posts: 889
Join Date: Sep 2011
Location: Toronto

 
DONATE TO ME
Awesome! Were you able to upgrade to the latest leak and not lose root? Btw, what carrier are you on? I figured out how to get tethering fully functional on rogers but the process requires root...

Sent from my XT894 running ICS
Need help restoring your Motorola phone back to stock firmware? Check out my tutorial here
 
Rick#2
Old
(Last edited by Rick#2; 13th June 2012 at 06:03 AM.)
#3  
Senior Member - OP
Thanks Meter 123
Posts: 172
Join Date: Mar 2009
Location: Victoria
You bet. I had to fastboot the leaked .208 update over top of the .206 update yesterday because I messed up my /system partition; I had used the OTA Rootkeeper to keep root permissions when upgrading from .219 but had foolishly disabled it right before I bungled everything up.

So to sum it up, this method didn't require anything to be done before updating to the .208 leak; since it has nothing to do with the technical details of the kernel itself, I'm fairly certain it should work for the .200 or .206 leaks as well. Root permissions were obtained from a completely stock system.

I'm in Canada with Bell but it doesn't matter because I imported the phone from the US; Verizon is the only carrier that has this phone. At any rate, this method is pretty universal, it is preying on a vulnerability present in the stock init.rc file and I bet it would work on other phones such as the RAZR as well.
 
gdeeble
Old
#4  
Member
Thanks Meter 7
Posts: 95
Join Date: Oct 2011
So we can confirm this is 100% working with Fastbooting back and moving to 208? If so I will probably jump on this immediately.
 
droidian1441
Old
#5  
Senior Member
Thanks Meter 121
Posts: 444
Join Date: Sep 2011
I am trying to do this method but I cant adb to detect my phone. Im on the .208 leak. Can anybody help?
Phone: Verizon Samsung Galaxy Note II
Baseband: I605VRALJB
Recovery: TWRP 2.6.3.0
Bootloader Status: Unlocked
 
Rick#2
Old
#6  
Senior Member - OP
Thanks Meter 123
Posts: 172
Join Date: Mar 2009
Location: Victoria
Have you enabled USB Debugging in the Settings->Developer Options menu?
 
droidian1441
Old
#7  
Senior Member
Thanks Meter 121
Posts: 444
Join Date: Sep 2011
Quote:
Originally Posted by Rick#2 View Post
Have you enabled USB Debugging in the Settings->Developer Options menu?
Yep.
Phone: Verizon Samsung Galaxy Note II
Baseband: I605VRALJB
Recovery: TWRP 2.6.3.0
Bootloader Status: Unlocked
 
Die Bruine
Old
(Last edited by Die Bruine; 13th June 2012 at 09:16 AM.)
#8  
Die Bruine's Avatar
Senior Member
Thanks Meter 20
Posts: 502
Join Date: Jan 2008
Location: Delft
Not able to reboot, trying manually...

Code:
debugfs:  /data/local/12m/su: Permission denied
debugfs:  su: File not found by ext2_lookup
debugfs:  su: File not found by ext2_lookup
debugfs:  su: File not found by ext2_lookup
Had to reboot manually twice. This is the only error message I received. Tried Superuser, but it stops.

I'm on .200 btw.
Lost my first ID
Canary/Voyager/Magician/Typhoon/Vox/Elf/Raphael/Rhodium/A853/U20i/A953/sk17i/XT894/XT897/HOX+/XT925
Currently XT897/XT925
 
Grizzy3
Old
(Last edited by Grizzy3; 13th June 2012 at 09:29 AM.)
#9  
Senior Member
Thanks Meter 28
Posts: 187
Join Date: Jan 2012
Quote:
Originally Posted by droidian1441 View Post
Yep.
I'm having the same issue. I'm on the 208 leak. I start command prompt in windows then type "adb shell" and I get the "device not found" message. I enabled usb debugging and my phone is connected as mass storage.
 
gdeeble
Old
(Last edited by gdeeble; 13th June 2012 at 09:21 AM.)
#10  
Member
Thanks Meter 7
Posts: 95
Join Date: Oct 2011
Likewise, Reboot requires su access, manual only. When I go and run the write command in debugfs permission denied. Any ideas what would cause this? Based on the code shown in the first post, SU had been already acquired(# vs $), which makes me wonder here.

Thread Tools
Display Modes