[GUIDE] Make your android device True Root! - by Napalm

---

[GUIDE] Make your android device True Root! - by Napalm

I did this on my Nexus 7 but it should all still apply to most devices. You might need to follow different driver advice for other devices.

Pre-requirements:

• Installation of the SDK platform-tools.
• Have platform-tools directory of the SDK in your PATH environment variable (Google this if your unsure).

This was all done a Windows installation, but access to Linux will be required later on. Mac users might be able to get away with doing the Linux portions directly on there computer. Please let me know if your a Mac user and have had success with this and I will update the guide with details.



Step 1: Driver Installation (READ THIS, do not skip)

First I needed to update to the usb_driver from SDK and then modify the installation inf with the IDs for Nexus 7.

Browse to your SDK directory and futher into <SDK>\extras\google\usb_driver
Open android_winusb.inf in your favorite text editor.

Find the appropriate section Google.NTx86 if your on 32bit or Google.NTamd64 if your on 64bit (doesnt matter that your using intel chip). Now find the ";Google Nexus 7" line inside that section and you'll see a series of settings below. Add the following lines at the end of that block.

Code:

%CompositeAdbInterface%     = USB_Install, USB\VID_18D1&PID_4E44&MI_01
%CompositeAdbInterface%     = USB_Install, USB\VID_18D1&PID_D001

These are the identifiers for the Nexus 7 recovery and bootloader usb connections.



Step 2: Standard Root

Next you'll need access to the bootloader and recovery mode so follow this guide to unlock and "root" your device. http://forum.xda-developers.com/show....php?t=1741395

Here I've laid out the steps I did instead of the above. Remember this wipes your device and its internal memory completely, so backup your data.

All local work is done from the desktop, so when you first open a command prompt or if you close it and reopen it enter the following.

Code:

cd Desktop

Download CWM recovery image to Desktop. http://goo.im/devs/birdman/CWM-grouper-recovery.img
Download SuperSU CWM update zip to Desktop. http://forum.xda-developers.com/show....php?t=1538053
Go to Start or Start>Run and type in: cmd

Code:

cd Desktop
fastboot oem unlock
fastboot flash recovery CWM-grouper-recovery.img
adb reboot recovery

Now the device will reboot into recovery mode. If windows asks for drivers for the "new" usb connection direct the wizard to your <SDK>\extras\google\usb_driver. And the earlier modifications made in Step 1 should mean it installs the device and adb link.

Once drivers are installed and every is good go back to the command prompt, and type

Code:

adb devices

It should list your device with the word "recovery" next to it. If it doesn't then your device is not in recovery mode. Now enter in the following commands into the command prompt and it will make your devices CWM installation permanent.

Code:

adb shell
mount /system
cd /system
mv recovery-from-boot.p recovery-from-boot.bak
umount /system
exit

Now to install SuperSU. Tap "reboot system now" on the screen (if you dont see CWM, press the power button to show/hide it). Wait for the reboot. And then enter the following into the command prompt.

Code:

adb push CWM-SuperSU-v0.94.zip /sdcard
adb reboot recovery

Wait for reboot. You should see an image in the center of the screen. You might have to press the power button to toggle the visibility of the CWM menu. If you miss-tap on the screen, the power button acts like a back button and will return you to the previous menu screen.

Tap "install zip from sdcard" and then "choose zip from sdcard". Then select the CWM-SuperSU-v0.94.zip file (You may have to use the vol-up/down keys to highlight this if the file is listed off the bottom of the screen)

Let that install and then go back on the menus and choose "reboot system now".

Now if all is well after the reboot, if you run the following commands in command prompt.

Code:

adb shell
su

SuperSU might now prompt you on your devices screen to accept the root access, and then hopefully your command prompt should end in a # (this means you are root user 0). Now type exit twice to get back to the windows command prompt.

Now if you were to type "adb root" you will notice it tells you adbd is not able to go "full root". This will be solved in the next step. This is going to get complicated. You have been warned.



Step 3: True Rooting!

Now your device is "rooted". This is true, you now have a "su" binary installed and a visible app in the OS to manage super user privileges, but as a developer I want to be able to use things like "hierarchy viewer" on my live device. And have the room to do what I need to debug complex situations. So this is where True Root comes in. This essentially turns the device into a debug device that you would get direct from the manufacturer.

You may be able to get away with doing the following in a different way and you may not need to compile anything since fastboot has a boot flash option, but since I've never used this I've done it this way. If you prefer you can explore things in that direction, but be warned I've not tried it and so I have no idea if it would work.

Now for this step you will need access to a Linux installation. If you've never used Linux before don't be too afraid. But I am going to have to gloss over a few things. If you need further help on this step you will need to post in the topic and allow the community to advise on best pratices.

If you dont have access to a Linux installation or your newb to Linux then go here and follow the steps. It will add Linux to your PCs boot options and then you can go in and out of Linux when you need it. http://www.ubuntu.com/download/help/...u-with-windows

Remember if your working on this step from a fresh Linux install like the above then you will probably want to install the android sdk for linux, at least enough to use adb from linux. This topic might help with this: http://forum.xda-developers.com/showthread.php?t=537508

Ok now from Linux follow along. You'll need git installed for this "apt-get install git".

We now need to compile the apps needed to modify our boot image. Details can be found here https://gist.github.com/1087757 but you might just want to follow my specific instructions.

Open a console window and type.

Code:

git clone https://android.googlesource.com/platform/system/core
cd core/libmincrypt
gcc -c *.c -I../include
ar rcs libmincrypt.a  *.o
cd ../mkbootimg
gcc mkbootimg.c -o mkbootimg -I../include ../libmincrypt/libmincrypt.a
cd ../cpio
gcc mkbootfs.c  -o mkbootfs -I../include
cd ../..
git clone https://github.com/beide/Bootimg-scripts.git
cd Bootimg-scripts
cp ../core/mkbootimg/mkbootimg ./
cp ../core/cpio/mkbootfs ./

Ok that has prapared the a Bootimg-scripts directory with the perl scripts we need and compiled binaries they use. Now make sure you have perl installed "apt-get install perl".

This is where things are going to split and it becomes your best guess as to how to proceed. I will show you the method I used from Windows. But if you have a installation of the SDK in Linux then you should be able to just open a new console and continue from here and ignore the bits I used to transfer files between Linux and Windows.

Back to the command console on Windows. We use adb to identify our boot partition and extract it.

Code:

adb shell cat /proc/partitions

You will now be presented with a list of paritions on your Nexus 7. Each block here for my device is 1K. So I'm looking down the list and I see one thats 8192 blocks, called "mmcblk0p2". Thats 8MB and I'm taking a educated guess that this is the boot partition, and for my Nexus 7 it is. (Note: if anyone has a better way of determining the boot parition please let me know).

Now we need to take a image of the partition. From here on out replace my partition device name in the commands below with yours if it differs.

Code:

adb shell
cat /dev/block/mmcblk0p2 > /sdcard/boot.img
exit
adb pull /sdcard/boot.img

Now if you want to confirm that this is the boot partition you will need to open the image file in your favorite hex editor and confirm the first bytes of the file are "ANDROID!" in ascii.

Now I FTP'd this image file over to my Linux box and into the Bootimg-scripts directory we created previously. If your following these steps from Linux then you should be able to open up the file manager and move the file into the folder.

Now back to Linux. We'll need to modify repack-bootimg.pl with a text editor of your choice. I leave this up to the reader. We need to modify line 19 the system call so that it starts with "./mkbootimg" rather than "mkbootimg". This is so perl fines mkbootimg in the local directory rather than anywhere else.

Now type in the linux console we had open in the Bootimg-scripts directory the following command.

Code:

perl ./unpack-bootimg.pl boot.img
ls -l

You should see boot.img-kernel.gz and boot.img-ramdisk.cpio.gz and a directory boot.img-ramdisk.

Open boot.img-ramdisk/default.prop in your favorite text editor and make the following adjustments.
ro.secure=1 should be edited to ro.secure=0 and ro.debuggable=0 should be ro.debuggable=1 and if you want ro.allow.mock.location can also be changed to 1 if you like.

Now we've made the required changes to our initrd (initial ramdisk) files we need to repack them to put back on the device.

Code:

perl ./repack-bootimg.pl boot.img-kernel.gz boot.img-ramdisk boot-debug.img

You will now have a new file called boot-debug.img. This contains our modified initial ramdisk. It will probably be smaller than the original. This is no concern as the original we copied was an image of the entire disk including the unused areas, where as the new image is only the data we need.

I now FTP'd this file back to my Windows machine, but as before if your doing this from Linux then you can just carry on.

We now need to flash this image file back onto the Nexus 7 replacing our current boot image. To do this we need to put the device into bootloader mode.

Back to your console/command window, and enter in.

Code:

adb reboot bootloader

Windows might want to install drivers and as before direct the wizard to <SDK>\extras\google\usb_driver.

Once your device is in bootloader mode. Go back to the console/command and enter in.

Code:

fastboot flash boot boot-debug.img
fastboot reboot

Now cross your fingers and hopefully you will get the boot loading animation and your device will get back to the Android launcher.

Now finally from your console/command window type in:

Code:

adb root

Hopefully if all is well it should reply with "adbd is already running as root". Now if you type in:

Code:

adb shell getprop ro.debuggable

It should tell you that its set to 1, meaning it is switched on.


Congratulations!! You have now True Rooted your device!.

You can now debug even system level apps, see log messages from all processes and logcat will now resolve all app names. Use Hierarchy Viewer on a live device instead of the horrible emulator. Do absolutely everything with your device that you want.


Happy hacking,
Napalm

better late than never.....a thorough quide

Thanks for this guide.

Sent from my Nexus 7

Thanks.

Quote:

Originally Posted by Napalm2

[GUIDE] Make your android device True Root! - by Napalm

I did this on my Nexus 7 but it should all still apply to most devices. You might need to follow different driver advice for other devices.

Pre-requirements:

• Installation of the SDK platform-tools.
• Have platform-tools directory of the SDK in your PATH environment variable (Google this if your unsure).

This was all done a Windows installation, but access to Linux will be required later on. Mac users might be able to get away with doing the Linux portions directly on there computer. Please let me know if your a Mac user and have had success with this and I will update the guide with details.



Step 1: Driver Installation (READ THIS, do not skip)

First I needed to update to the usb_driver from SDK and then modify the installation inf with the IDs for Nexus 7.

Browse to your SDK directory and futher into <SDK>\extras\google\usb_driver
Open android_winusb.inf in your favorite text editor.

Find the appropriate section Google.NTx86 if your on 32bit or Google.NTamd64 if your on 64bit (doesnt matter that your using intel chip). Now find the ";Google Nexus 7" line inside that section and you'll see a series of settings below. Add the following lines at the end of that block.

Code:

%CompositeAdbInterface%     = USB_Install, USB\VID_18D1&PID_4E44&MI_01
%CompositeAdbInterface%     = USB_Install, USB\VID_18D1&PID_D001

These are the identifiers for the Nexus 7 recovery and bootloader usb connections.



Step 2: Standard Root

Next you'll need access to the bootloader and recovery mode so follow this guide to unlock and "root" your device. http://forum.xda-developers.com/show....php?t=1741395

Here I've laid out the steps I did instead of the above. Remember this wipes your device and its internal memory completely, so backup your data.

All local work is done from the desktop, so when you first open a command prompt or if you close it and reopen it enter the following.

Code:

cd Desktop

Download CWM recovery image to Desktop. http://goo.im/devs/birdman/CWM-grouper-recovery.img
Download SuperSU CWM update zip to Desktop. http://forum.xda-developers.com/show....php?t=1538053
Go to Start or Start>Run and type in: cmd

Code:

cd Desktop
fastboot oem unlock
fastboot flash recovery CWM-grouper-recovery.img
adb reboot recovery

Now the device will reboot into recovery mode. If windows asks for drivers for the "new" usb connection direct the wizard to your <SDK>\extras\google\usb_driver. And the earlier modifications made in Step 1 should mean it installs the device and adb link.

Once drivers are installed and every is good go back to the command prompt, and type

Code:

adb devices

It should list your device with the word "recovery" next to it. If it doesn't then your device is not in recovery mode. Now enter in the following commands into the command prompt and it will make your devices CWM installation permanent.

Code:

adb shell
mount /system
cd /system
mv recovery-from-boot.p recovery-from-boot.bak
umount /system
exit

Now to install SuperSU. Tap "reboot system now" on the screen (if you dont see CWM, press the power button to show/hide it). Wait for the reboot. And then enter the following into the command prompt.

Code:

adb push CWM-SuperSU-v0.94.zip /sdcard
adb reboot recovery

Wait for reboot. You should see an image in the center of the screen. You might have to press the power button to toggle the visibility of the CWM menu. If you miss-tap on the screen, the power button acts like a back button and will return you to the previous menu screen.

Tap "install zip from sdcard" and then "choose zip from sdcard". Then select the CWM-SuperSU-v0.94.zip file (You may have to use the vol-up/down keys to highlight this if the file is listed off the bottom of the screen)

Let that install and then go back on the menus and choose "reboot system now".

Now if all is well after the reboot, if you run the following commands in command prompt.

Code:

adb shell
su

SuperSU might now prompt you on your devices screen to accept the root access, and then hopefully your command prompt should end in a # (this means you are root user 0). Now type exit twice to get back to the windows command prompt.

Now if you were to type "adb root" you will notice it tells you adbd is not able to go "full root". This will be solved in the next step. This is going to get complicated. You have been warned.



Step 3: True Rooting!

Now your device is "rooted". This is true, you now have a "su" binary installed and a visible app in the OS to manage super user privileges, but as a developer I want to be able to use things like "hierarchy viewer" on my live device. And have the room to do what I need to debug complex situations. So this is where True Root comes in. This essentially turns the device into a debug device that you would get direct from the manufacturer.

You may be able to get away with doing the following in a different way and you may not need to compile anything since fastboot has a boot flash option, but since I've never used this I've done it this way. If you prefer you can explore things in that direction, but be warned I've not tried it and so I have no idea if it would work.

Now for this step you will need access to a Linux installation. If you've never used Linux before don't be too afraid. But I am going to have to gloss over a few things. If you need further help on this step you will need to post in the topic and allow the community to advise on best pratices.

If you dont have access to a Linux installation or your newb to Linux then go here and follow the steps. It will add Linux to your PCs boot options and then you can go in and out of Linux when you need it. http://www.ubuntu.com/download/help/...u-with-windows

Remember if your working on this step from a fresh Linux install like the above then you will probably want to install the android sdk for linux, at least enough to use adb from linux. This topic might help with this: http://forum.xda-developers.com/showthread.php?t=537508

Ok now from Linux follow along. You'll need git installed for this "apt-get install git".

We now need to compile the apps needed to modify our boot image. Details can be found here https://gist.github.com/1087757 but you might just want to follow my specific instructions.

Open a console window and type.

Code:

git clone https://android.googlesource.com/platform/system/core
cd core/libmincrypt
gcc -c *.c -I../include
ar rcs libmincrypt.a  *.o
cd ../mkbootimg
gcc mkbootimg.c -o mkbootimg -I../include ../libmincrypt/libmincrypt.a
cd ../cpio
gcc mkbootfs.c  -o mkbootfs -I../include
cd ../..
git clone https://github.com/beide/Bootimg-scripts.git
cd Bootimg-scripts
cp ../core/mkbootimg/mkbootimg ./
cp ../core/cpio/mkbootfs ./

Ok that has prapared the a Bootimg-scripts directory with the perl scripts we need and compiled binaries they use. Now make sure you have perl installed "apt-get install perl".

This is where things are going to split and it becomes your best guess as to how to proceed. I will show you the method I used from Windows. But if you have a installation of the SDK in Linux then you should be able to just open a new console and continue from here and ignore the bits I used to transfer files between Linux and Windows.

Back to the command console on Windows. We use adb to identify our boot partition and extract it.

Code:

adb shell cat /proc/partitions

You will now be presented with a list of paritions on your Nexus 7. Each block here for my device is 1K. So I'm looking down the list and I see one thats 8192 blocks, called "mmcblk0p2". Thats 8MB and I'm taking a educated guess that this is the boot partition, and for my Nexus 7 it is. (Note: if anyone has a better way of determining the boot parition please let me know).

Now we need to take a image of the partition. From here on out replace my partition device name in the commands below with yours if it differs.

Code:

adb shell
cat /dev/block/mmcblk0p2 > /sdcard/boot.img
exit
adb pull /sdcard/boot.img

Now if you want to confirm that this is the boot partition you will need to open the image file in your favorite hex editor and confirm the first bytes of the file are "ANDROID!" in ascii.

Now I FTP'd this image file over to my Linux box and into the Bootimg-scripts directory we created previously. If your following these steps from Linux then you should be able to open up the file manager and move the file into the folder.

Now back to Linux. We'll need to modify repack-bootimg.pl with a text editor of your choice. I leave this up to the reader. We need to modify line 19 the system call so that it starts with "./mkbootimg" rather than "mkbootimg". This is so perl fines mkbootimg in the local directory rather than anywhere else.

Now type in the linux console we had open in the Bootimg-scripts directory the following command.

Code:

perl ./unpack-bootimg.pl boot.img
ls -l

You should see boot.img-kernel.gz and boot.img-ramdisk.cpio.gz and a directory boot.img-ramdisk.

Open boot.img-ramdisk/default.prop in your favorite text editor and make the following adjustments.
ro.secure=1 should be edited to ro.secure=0 and ro.debuggable=0 should be ro.debuggable=1 and if you want ro.allow.mock.location can also be changed to 1 if you like.

Now we've made the required changes to our initrd (initial ramdisk) files we need to repack them to put back on the device.

Code:

perl ./repack-bootimg.pl boot.img-kernel.gz boot.img-ramdisk boot-debug.img

You will now have a new file called boot-debug.img. This contains our modified initial ramdisk. It will probably be smaller than the original. This is no concern as the original we copied was an image of the entire disk including the unused areas, where as the new image is only the data we need.

I now FTP'd this file back to my Windows machine, but as before if your doing this from Linux then you can just carry on.

We now need to flash this image file back onto the Nexus 7 replacing our current boot image. To do this we need to put the device into bootloader mode.

Back to your console/command window, and enter in.

Code:

adb reboot bootloader

Windows might want to install drivers and as before direct the wizard to <SDK>\extras\google\usb_driver.

Once your device is in bootloader mode. Go back to the console/command and enter in.

Code:

fastboot flash boot boot-debug.img
fastboot reboot

Now cross your fingers and hopefully you will get the boot loading animation and your device will get back to the Android launcher.

Now finally from your console/command window type in:

Code:

adb root

Hopefully if all is well it should reply with "adbd is already running as root". Now if you type in:

Code:

adb shell getprop ro.debuggable

It should tell you that its set to 1, meaning it is switched on.


Congratulations!! You have now True Rooted your device!.

You can now debug even system level apps, see log messages from all processes and logcat will now resolve all app names. Use Hierarchy Viewer on a live device instead of the horrible emulator. Do absolutely everything with your device that you want.


Happy hacking,
Napalm

can't find recovery-from-boot.p. Y?

Quote:

Originally Posted by 5implelove

can't find recovery-from-boot.p. Y?

Try not to quote a post that big mate, makes navigation a pain

Quote:

Originally Posted by 5implelove

can't find recovery-from-boot.p. Y?

That part is only for the Nexus 7, and if you are using a Nexus 7 with custom ROM then this file may not exist. If you are using stock on a Nexus 7 then the only other question is whether you have renamed/moved/deleted it before. Once you

Code:

cd /system

type

Code:

ls -l recovery*

and see if anything is listed.


Napalm

Where did you find the info for step one?

Sent from my Nexus 7 using Tapatalk 2

I worked it out. You can find your VID and PID from your unknown device in Device Manager. You have to right click the device > Properties > Details > Choose Hardware Ids from the list. Since the driver from Google supports the same interfaces for other devices we can assume it works with the Nexus 7. I made the modifications and it works. Below is a full list of IDs if anyone wants them.

Napalm

Code:

Nexus 7
USB\VID_18D1&PID_4E40      : fastboot
USB\VID_18D1&PID_D001      : adb-recovery
USB\VID_18D1&PID_4E42      : composite-adb-interface (with mtp)
USB\VID_18D1&PID_4E42&MI_00: mtp-composite
USB\VID_18D1&PID_4E42&MI_01: adb-composite
USB\VID_18D1&PID_4E44      : composite-adb-interface (with ptp)
USB\VID_18D1&PID_4E44&MI_00: mtp-composite
USB\VID_18D1&PID_4E44&MI_01: adb-composite
USB\VID_18D1&PID_4E41      : mtp-only
USB\VID_18D1&PID_4E43      : ptp-only

Galaxy Nexus
USB\VID_18D1&PID_4E30      : fastboot
USB\VID_18D1&PID_D001      : adb-recovery
USB\VID_04E8&PID_6860      : composite-adb-interface (with mtp)
USB\VID_04E8&PID_6860&MI_00: mtp-composite
USB\VID_04E8&PID_6860&MI_01: adb-composite
USB\VID_04E8&PID_6866      : composite-adb-interface (with ptp)
USB\VID_04E8&PID_6866&MI_00: ptp-composite
USB\VID_04E8&PID_6866&MI_01: adb-composite
USB\VID_04E8&PID_685C      : mtp-only
USB\VID_04E8&PID_6865      : ptp-only

Great guide, but why not just post up the new initrd for people that don't want to do this? It looks as if its the same for all devices.