FORUMS

OnePlus 2 Announced: Specs, Price and Details

The OnePlus 2 has just had its Virtual Reality Launch event, and at the XDA Office we all … more

A Helpful Guide to Music Streaming Services

With the launch of Apple Music, music streaming services have recently gained a lot of … more

An Inside Look at the Redesign of Business Calendar

The much-acclaimed calendar app, Business Calendar, underwent a major design … more

New Android One Device Dead On Arrival

Today, Google announced the second generation of Android One devices, with the new Lava Pixel … more

[ROOT][HOW-TO]Working Root Method for ICS 4.0.4

178 posts
Thanks Meter: 127
 
By Rick#2, Senior Member on 13th June 2012, 12:35 AM
Post Reply Subscribe to Thread Email Thread
** Update ****************
************************
Posted a .zip with scripts for both Windows and *nix users to automate the process.

Linux:
-----
Unzip the contents of the attached ICS404root.zip anywhere on your computer and run the script aptly named "runme_root_script.sh". It should take care of the rest. Make sure you have USB Debugging enabled and you put the phone in Camera mode, not mass storage device.

Windows:
---------
Unzip ICS404root.zip wherever you want and then run "rootscript.bat". Make sure you have USB Debugging enabled and you put the phone in Camera mode, not mass storage device.
*************************
*************************

Credit to miloj for finding this technique on the Transformer. (See the thread noted below and be sure to thank him!) I modified it to work on our devices.

http://forum.xda-developers.com/show....php?t=1704209

I'll put together a script to automate this process shortly, but if you're antsy like me, here's the lowdown:

1. Download the following files:

su: http://db.tt/ShPzea6I
debugfs: http://db.tt/bGFh43LZ

2. Save the two files downloaded above on /sdcard. (ie: mount your sdcard in windows and copy them over, or "adb push" them to /sdcard).

**Make sure you have your phone on Mount Camera mode, not as a mass storage device; otherwise, you won't be able to access your /sdcard directory via adb. **

3. In a linux terminal/Windows command prompt:

Code:
adb shell

shell@cdma_maserati:/ $ cd /sdcard
shell@cdma_maserati:/ $ cp su /data/local/12m/
shell@cdma_maserati:/ $ cp debugfs /data/local/12m/
shell@cdma_maserati:/ $ cd /data/local/12m
shell@cdma_maserati:/ $ chmod 755 debugfs
shell@cdma_maserati:/ $ chmod 755 su
shell@cdma_maserati:/ $ mv batch batch.bak
shell@cdma_maserati:/ $ ln -s /dev/block/mmcblk1p20 batch
shell@cdma_maserati:/ $ exit

adb reboot
4. While you are waiting for the phone to reboot, type the following into your terminal/command window:

Code:
adb wait-for-device shell
5. Once you're back into the android shell:

Code:
shell@cdma_maserati:/ $ cd /data/local/12m
shell@cdma_maserati:/ $ rm batch
shell@cdma_maserati:/ $ mv batch.bak batch
shell@cdma_maserati:/ $ /data/local/12m/debugfs -w /dev/block/mmcblk1p20

(The following is entered at the "debugfs:" prompt)

debugfs: # cd xbin
debugfs: # write /data/local/12m/su su
debugfs: # set_inode_field su mode 0104755
debugfs: # set_inode_field su uid 0
debugfs: # set_inode_field su gid 0
debugfs: # quit

shell@cdma_maserati:/ $ cd /data/local/12m
shell@cdma_maserati:/ $ rm su
shell@cdma_maserati:/ $ rm debugfs
shell@cdma_maserati:/ $ exit

adb reboot
Done deal. Now you've got the "su" binary pushed to your /system partition and set with the proper permissions for execution. Download the Superuser app from the market and you're good to go. Make sure you update the su binary within the Superuser app as well to make sure you're up to date.
Attached Files
File Type: zip ICS404root.zip - [Click for QR Code] (1.40 MB, 45630 views)
Last edited by Rick#2; 19th June 2012 at 08:08 AM.
The Following 20 Users Say Thank You to Rick#2 For This Useful Post: [ View ]
 
 
13th June 2012, 01:28 AM |#2  
Recognized Contributor
Flag Toronto
Thanks Meter: 241
 
Donate to Me
More
Awesome! Were you able to upgrade to the latest leak and not lose root? Btw, what carrier are you on? I figured out how to get tethering fully functional on rogers but the process requires root...

Sent from my XT894 running ICS
13th June 2012, 06:00 AM |#3  
OP Senior Member
Flag St. Albert
Thanks Meter: 127
 
More
You bet. I had to fastboot the leaked .208 update over top of the .206 update yesterday because I messed up my /system partition; I had used the OTA Rootkeeper to keep root permissions when upgrading from .219 but had foolishly disabled it right before I bungled everything up.

So to sum it up, this method didn't require anything to be done before updating to the .208 leak; since it has nothing to do with the technical details of the kernel itself, I'm fairly certain it should work for the .200 or .206 leaks as well. Root permissions were obtained from a completely stock system.

I'm in Canada with Bell but it doesn't matter because I imported the phone from the US; Verizon is the only carrier that has this phone. At any rate, this method is pretty universal, it is preying on a vulnerability present in the stock init.rc file and I bet it would work on other phones such as the RAZR as well.
Last edited by Rick#2; 13th June 2012 at 06:03 AM.
13th June 2012, 06:26 AM |#4  
Member
Thanks Meter: 7
 
More
So we can confirm this is 100% working with Fastbooting back and moving to 208? If so I will probably jump on this immediately.
13th June 2012, 08:14 AM |#5  
Senior Member
Flag Christiansburg
Thanks Meter: 122
 
More
I am trying to do this method but I cant adb to detect my phone. Im on the .208 leak. Can anybody help?
13th June 2012, 08:47 AM |#6  
OP Senior Member
Flag St. Albert
Thanks Meter: 127
 
More
Have you enabled USB Debugging in the Settings->Developer Options menu?
13th June 2012, 08:51 AM |#7  
Senior Member
Flag Christiansburg
Thanks Meter: 122
 
More
Quote:
Originally Posted by Rick#2

Have you enabled USB Debugging in the Settings->Developer Options menu?

Yep.
13th June 2012, 09:04 AM |#8  
Die Bruine's Avatar
Senior Member
Flag Delft
Thanks Meter: 33
 
More
Not able to reboot, trying manually...

Code:
debugfs:  /data/local/12m/su: Permission denied
debugfs:  su: File not found by ext2_lookup
debugfs:  su: File not found by ext2_lookup
debugfs:  su: File not found by ext2_lookup
Had to reboot manually twice. This is the only error message I received. Tried Superuser, but it stops.

I'm on .200 btw.
Last edited by Die Bruine; 13th June 2012 at 09:16 AM.
13th June 2012, 09:14 AM |#9  
Senior Member
Thanks Meter: 28
 
More
Quote:
Originally Posted by droidian1441

Yep.

I'm having the same issue. I'm on the 208 leak. I start command prompt in windows then type "adb shell" and I get the "device not found" message. I enabled usb debugging and my phone is connected as mass storage.
Last edited by Grizzy3; 13th June 2012 at 09:29 AM.
13th June 2012, 09:15 AM |#10  
Member
Thanks Meter: 7
 
More
Likewise, Reboot requires su access, manual only. When I go and run the write command in debugfs permission denied. Any ideas what would cause this? Based on the code shown in the first post, SU had been already acquired(# vs $), which makes me wonder here.
Last edited by gdeeble; 13th June 2012 at 09:21 AM.
13th June 2012, 09:26 AM |#11  
OP Senior Member
Flag St. Albert
Thanks Meter: 127
 
More
Quote:
Originally Posted by Die Bruine

Not able to reboot, trying manually...

Code:
debugfs:  /data/local/12m/su: Permission denied
debugfs:  su: File not found by ext2_lookup
debugfs:  su: File not found by ext2_lookup
debugfs:  su: File not found by ext2_lookup
Had to reboot manually twice. This is the only error message I received. Tried Superuser, but it stops.

I'm on .200 btw.

Looks like you're doing something wrong with the debugfs command; you don't want to enter /data/local/12m/su at that prompt.

Running su from any partition other than /system will lead to a permissions error, so you don't want to bother trying to execute it from the /data/local/12m location.

(The following is entered at the "debugfs:" prompt, ie: after executing /data/local/12m/debugfs -w /dev/block/mmcblk1p20; see step 5.)

Code:
debugfs: # cd xbin
debugfs: # write /data/local/12m/su su
debugfs: # set_inode_field su mode 0104755
debugfs: # set_inode_field su uid 0
debugfs: # set_inode_field su gid 0
debugfs: # quit

Read More
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes