Root MANY ANDROID! [Upd: 20.07.2014] - Updated: New Z2 Root by CubeandCube

Search This thread

Bin4ry

Inactive Recognized Developer
Nov 14, 2008
2,007
5,907
Berlin
Hi,

i made a small script which is able to root ICS/JB phones. It uses a remount timing issue in Androids "adb restore" service.
So normally it should work on nearly all ICS/JB devices, for some it won't but the idea may work in a slightly modded version :)

There is a case for Xperia T and Xperia S,P etc. phones, this phones run ICS but don't have android's native restore with adb, Sony has added a own custom "Backup&Restore" app, the script handles this cases too, just choose the correct option!


Download:
Root_with_Restore_by_Bin4ry_v36: Download
New Z2 Root method by CubeandCube (thanks man!) See original: https://twitter.com/cubeundcube/status/490153209164349441


New 2014 root method, Z1s, Z2 Tablet etc. thanks to jcase for the exploit (http://xdaforums.com/showpost.php?p=53407127&postcount=1004)and xsacha the z2tablet implementation (http://xdaforums.com/showthread.php?t=2781109). donate to them please !
For Z2 Tablet be sure to be on a firmware < .402, else it will not work!
Ubuntu users please edit the runme.sh to use the system inbuilt adb command.

I removed the PWN binary from jcase method on request, to get the newest working binary please download it here: Click and then copy it to "z2root" folder of my tool!



v33:
New Root for some newer Xperias by cubeundcube
supported devices (thanks RyokoN for collecting this infos):
bug 9950697
・Xperia Z C6603/C6602 10.3.1.A.2.67 / 10.3.1.A.2.74 / 10.3.1.A.0.244
・Xperia ZL C6502
・Xperia Tablet Z SGP311JP / SGP312 10.3.1.C.0.136
・Xperia V LT25i 9.1.A.1.140
・Xperia AX SO-01E 9.1.C.1.103
・Xperia Z SO-02E 10.3.1.B.0.256
・Xperia Tablet Z SO-03E 10.1.E.0.305
・Xpeira A/MIKU SO-04E 10.3.1.B.0.224 / 10.3.1.B.0.256
・Xpeira UL SOL22 10.2.F.3.81
・Xperia GX SO-04D 9.1.C.1.103

CVE-2013-6282
・Above devices/firmwares
・Xperia Z1 C6903 14.1.G.1.534
・Xperia Z Ultra 14.1.B.1.532
・Xperia UL SOL22 10.3.1.D.0.220
・Xperia SX SO-05D 9.1.C.1.103
・Xperia VL SOL21 9.1.D.0.401
・Xperia miro ST23i 11.0.A.5.5
・Xperia J ST26i 11.2.A.0.33
・Xperia L C2105 15.3.A.0.26
・Xperia E C1505 11.3.A.2.23



NOTE: If you have problems downloading, please use: http://unrestrict.li/
Mirror 1 Uploaded.to : http://ul.to/a1ycrsqj

For Xperia S 2.55 Firmware look in this thread: http://xdaforums.com/showthread.php?p=39498268

DO NOT MIRROR IT! If you cannot download kindly ask other users to send you a private message with a link, dont post public Mirrors!
Also if you have download problems try rapid8 or unrestricted.li !


Have fun with it and if you like you can donate to me :)

How-To:
1.) Download attached file.
2.) Extract it using 7zip
3.) Double click the RunMe.bat and follow instructions!
Xperia phones with "older" firmware = Normal mode
Sony Tablet and similar = Special mode
Xperia phones with JB Firmare = Mode 3 (Goroh_kun mode)

Video Tutorial: http://xdaforums.com/showthread.php?p=33470626#post33470626

Updates:
Updated to v2 windows&linux! (thanks kamistral for the Unix port :) )
Updated to v3 (no unix script included yet, sorry no time!) - Included Sony Tablet S mode :D thanks WonderEkin for helping me out there!
Updated to v4 - On many requests i added a unroot option
Updated to v5 - Other renamed to Normal, Xperia T integrated to Normal-Mode, adjusted wait-for-device time to atleast 10 seconds etc...
Updated to v6 - Made it even more simple :) Checks itself for Xperia S, P etc etc and switches modes automatically. So only 3 modes left: Normal, Tablet S and unroot.
Updated to v7 - Fixed some scripting errors & added some more output!
Updated to v8 - Fixed very very stupid scripting error!
Updated to v9 - Fixed another bug (thanks maxrfon) & Added automatic stat for Backup&Restore on special Sony devices like LT26,LT22 ...
Updated to v10 - Just updated Superuser app and su binary
Updated to v11 - Added sync to Special mode, thanks to smokey_joe
Updated to v12 - Added ric for Xperia T, device will not reboot anymore on system remount + Full Unix script (thanks codeworkx for port)
Updated to v13 - Fixed selfmade bugs -.-
Updated to v14 - Fixed several Unix bugs, added support for more devices with RIC, no more reboot issues on this devices after remounting system partition to RW
Updated to v14_2 - Just a fix for Unix SH script (thanks to shadyabhi)
Updated to v15 - Fixed "lagging devices", just re-root a lagging device and it will be fine
Updated to v16 - Added a 10 second delay before reboot (needed for some devices!)
Updated to v17 - Added more settings to local.prop, hopefully it will work on some more phones now!
Updated to v18 - Fixed "unroot" Option, fixed Linux Version, added a notice for usb-drivers in Windows Version
Updated to v20 - New method by Goroh_kun for Xperia Z/ZL added, maybe also it works for other new Xperia Firmwares! All credits for this belongs to him!
Updated to v21 - Fixed NFC Bug on Xperia Z after rooting !
Updated to v22 - Fixed ServiceMenu Status of Rooting Allowed & Added choice if Superuser or SuperSu should be installed & install other RIC to prevent phones from rebooting @ System RW remount
Updated to v23 - Fixed stupid script error.
Updated to v24 - More robust NFC fix & unrooting improved
Updated to v25 - Fixed Problems with SuperSU (SuperSU reported NOT rooted before) & updated to newest ADB version (be sure to have actual drivers installed!!)
Updated to v26 - Fixed Problem with last step of mode 3. (Now rm -rf of busybox is used instead android one which misses -f flag)
Updated to v27 - Fixed little script error and added a Linux version (chmod +x it yourself) [thanks to jamcswain for the unix script]
Updated to v28 - Reboot issue fixed, NFC more stable fix (Mode 3)
Updated to v29 - Small fixes
Updated to v30 - Updated Busybox version, Added Rooting for Google Glass Explorer Edition (thx Saurik for the ab file)
Updated to v31 - Added a improved Root-Method by Ariel Berkman (see here for details: http://seclists.org/fulldisclosure/2013/Jun/115)
Updated to v32 - Added new Z1 14.1.G.1.534 Root method by cubeandcube
Updated to v33 - More devices
Updated to v34 - Z2 Tablet root
Updated to v35 - removed the pwn binary on request!

Notice:
Normal Mode will not wipe any other data, dont worry! (only maybe your backgroud vanishes ;) )
Special Mode CAN wipe your data, Rollback SHOULD restore, but to be sure backup you data somehow!
New Mode SHOULD be able to root all new Sony Firmwares like 2.55 and higher where Normal mode was failing :) [thanks Goroh]


Confirmed devices:
Sony Xperia : S, T, P , Acro S, Ion , Tipo , Tablet S, Go, Sola, U, Z, ZL
Google: Nexus 7 [UK Firmware] (thanks Paul O'Brien for test) [seems some firmwares to work and some don't, as i dont have this device myself i would appreciate reports with FW-versions]
XTouch: X401
Jiayu G2-S thanks txakar
LG: P705 thanks mariolcneto, P7510 thanks fdothivanka
HTC: One S thanks sebagsm, Sensation XL [ICS 4.03] thanks Koate via PM, Sprint's OTA ICS update on Evo3D seems incompatible, Desire S thanks to Krayt via PM
Kyocera: Rise & Hydro thanks jmztaylor
Samsung: Galaxy S2 thanks danroob
Some more :)
Ainol: Novo 7 Tornado 7 thanks anoperson
Prestigio: MultiPad PMP5197D 9.7 ULTRA thanks logofreax
HDC: I9300 S3 clone thanks PMmshprojects

Additional info for SONY 2012 Owners:
If your STOCK ROM does not have preinstalles Sony's Backup&Restore app please visit arielhezi thread, it may help you:
http://xdaforums.com/showthread.php?t=1898240

Older Versions:
v35 - http://ul.to/a1ycrsqj
v34 - removed
v33 - Click
v32 - http://ul.to/lsm7hw6t
v31 - http://ul.to/z7krermj
v30 - http://ul.to/qdwj779r
v29 - http://ul.to/gmg1x5cn
v28 - http://ul.to/k2yx2rmz
v27- http://ul.to/8qh0ictt
v26 - http://ul.to/45k0f6t7
v25 - http://ul.to/ni1svkhk
v24 - http://ul.to/zdb0h9lz
v23 - http://ul.to/5kw7a8r9
v22 - http://ul.to/4cn4kwd3
v21 - http://ul.to/aa18qpkh
v18 - http://ul.to/0fpyh5c5
v17 - http://ul.to/xdevcthz
v16 - http://ul.to/2vabz461
v15 - http://ul.to/h44f6vni

Regards
 
Last edited:

Bin4ry

Inactive Recognized Developer
Nov 14, 2008
2,007
5,907
Berlin
Hi, thanks for the root :D
I do have a question though, what are the FakeBackup.ab and VPNFaker.apk for?! just curiosity :D

fakebackup.ab is the file which is used for XperiaT and other devices which can do directly "adb restore"

vpnfaker is from tabletS rooting trick, i removed it now because someone else has posted already a good version in TabletS forum :)

Regards
 
M

Mr_Bartek

Guest
@Bin4ry

In your batch file you have the following lines:
Code:
echo Device type:
echo 1) Xperia T
echo 2) Tablet S
echo 3) LT26,LT22 etc.
echo 4) Other
set /p type=Make a choice: 
if %type% == 1 GOTO XPT
if %type% == 2 GOTO XPS
if %type% == 3 GOTO OTHER

By choosing 4 the script won't do anything as nothing is defined for that operation.
 

zbuh

Senior Member
Mar 3, 2008
59
3
It works here, have you started the restore app ? On Xperia S you have to start the "Backup&Restore" app from menu and select the backup to restore manually.

Regards


The "hacked" backup is not there to restore... :(

Device type:
1) Xperia T
2) Tablet S
3) LT26,LT22 etc.
4) Other
Make a choice: 3

Normal Mode enabled!

Please connect device with ADB-Debugging enabled now....
3201 KB/s (1085140 bytes in 0.331s)
2426 KB/s (22364 bytes in 0.009s)
3217 KB/s (843503 bytes in 0.256s)
Please look at your device and click RESTORE!
If all is successful i will tell you, if not this shell will run forever.
 

rogeliodh

Member
May 20, 2011
10
7
It worked in Xperia P but it said:
cannot stat 'stuff\ric': No such file or directory

wondering if it could affect something...
 

Top Liked Posts

  • There are no posts matching your filters.
  • 2042
    Hi,

    i made a small script which is able to root ICS/JB phones. It uses a remount timing issue in Androids "adb restore" service.
    So normally it should work on nearly all ICS/JB devices, for some it won't but the idea may work in a slightly modded version :)

    There is a case for Xperia T and Xperia S,P etc. phones, this phones run ICS but don't have android's native restore with adb, Sony has added a own custom "Backup&Restore" app, the script handles this cases too, just choose the correct option!


    Download:
    Root_with_Restore_by_Bin4ry_v36: Download
    New Z2 Root method by CubeandCube (thanks man!) See original: https://twitter.com/cubeundcube/status/490153209164349441


    New 2014 root method, Z1s, Z2 Tablet etc. thanks to jcase for the exploit (http://xdaforums.com/showpost.php?p=53407127&postcount=1004)and xsacha the z2tablet implementation (http://xdaforums.com/showthread.php?t=2781109). donate to them please !
    For Z2 Tablet be sure to be on a firmware < .402, else it will not work!
    Ubuntu users please edit the runme.sh to use the system inbuilt adb command.

    I removed the PWN binary from jcase method on request, to get the newest working binary please download it here: Click and then copy it to "z2root" folder of my tool!



    v33:
    New Root for some newer Xperias by cubeundcube
    supported devices (thanks RyokoN for collecting this infos):
    bug 9950697
    ・Xperia Z C6603/C6602 10.3.1.A.2.67 / 10.3.1.A.2.74 / 10.3.1.A.0.244
    ・Xperia ZL C6502
    ・Xperia Tablet Z SGP311JP / SGP312 10.3.1.C.0.136
    ・Xperia V LT25i 9.1.A.1.140
    ・Xperia AX SO-01E 9.1.C.1.103
    ・Xperia Z SO-02E 10.3.1.B.0.256
    ・Xperia Tablet Z SO-03E 10.1.E.0.305
    ・Xpeira A/MIKU SO-04E 10.3.1.B.0.224 / 10.3.1.B.0.256
    ・Xpeira UL SOL22 10.2.F.3.81
    ・Xperia GX SO-04D 9.1.C.1.103

    CVE-2013-6282
    ・Above devices/firmwares
    ・Xperia Z1 C6903 14.1.G.1.534
    ・Xperia Z Ultra 14.1.B.1.532
    ・Xperia UL SOL22 10.3.1.D.0.220
    ・Xperia SX SO-05D 9.1.C.1.103
    ・Xperia VL SOL21 9.1.D.0.401
    ・Xperia miro ST23i 11.0.A.5.5
    ・Xperia J ST26i 11.2.A.0.33
    ・Xperia L C2105 15.3.A.0.26
    ・Xperia E C1505 11.3.A.2.23



    NOTE: If you have problems downloading, please use: http://unrestrict.li/
    Mirror 1 Uploaded.to : http://ul.to/a1ycrsqj

    For Xperia S 2.55 Firmware look in this thread: http://xdaforums.com/showthread.php?p=39498268

    DO NOT MIRROR IT! If you cannot download kindly ask other users to send you a private message with a link, dont post public Mirrors!
    Also if you have download problems try rapid8 or unrestricted.li !


    Have fun with it and if you like you can donate to me :)

    How-To:
    1.) Download attached file.
    2.) Extract it using 7zip
    3.) Double click the RunMe.bat and follow instructions!
    Xperia phones with "older" firmware = Normal mode
    Sony Tablet and similar = Special mode
    Xperia phones with JB Firmare = Mode 3 (Goroh_kun mode)

    Video Tutorial: http://xdaforums.com/showthread.php?p=33470626#post33470626

    Updates:
    Updated to v2 windows&linux! (thanks kamistral for the Unix port :) )
    Updated to v3 (no unix script included yet, sorry no time!) - Included Sony Tablet S mode :D thanks WonderEkin for helping me out there!
    Updated to v4 - On many requests i added a unroot option
    Updated to v5 - Other renamed to Normal, Xperia T integrated to Normal-Mode, adjusted wait-for-device time to atleast 10 seconds etc...
    Updated to v6 - Made it even more simple :) Checks itself for Xperia S, P etc etc and switches modes automatically. So only 3 modes left: Normal, Tablet S and unroot.
    Updated to v7 - Fixed some scripting errors & added some more output!
    Updated to v8 - Fixed very very stupid scripting error!
    Updated to v9 - Fixed another bug (thanks maxrfon) & Added automatic stat for Backup&Restore on special Sony devices like LT26,LT22 ...
    Updated to v10 - Just updated Superuser app and su binary
    Updated to v11 - Added sync to Special mode, thanks to smokey_joe
    Updated to v12 - Added ric for Xperia T, device will not reboot anymore on system remount + Full Unix script (thanks codeworkx for port)
    Updated to v13 - Fixed selfmade bugs -.-
    Updated to v14 - Fixed several Unix bugs, added support for more devices with RIC, no more reboot issues on this devices after remounting system partition to RW
    Updated to v14_2 - Just a fix for Unix SH script (thanks to shadyabhi)
    Updated to v15 - Fixed "lagging devices", just re-root a lagging device and it will be fine
    Updated to v16 - Added a 10 second delay before reboot (needed for some devices!)
    Updated to v17 - Added more settings to local.prop, hopefully it will work on some more phones now!
    Updated to v18 - Fixed "unroot" Option, fixed Linux Version, added a notice for usb-drivers in Windows Version
    Updated to v20 - New method by Goroh_kun for Xperia Z/ZL added, maybe also it works for other new Xperia Firmwares! All credits for this belongs to him!
    Updated to v21 - Fixed NFC Bug on Xperia Z after rooting !
    Updated to v22 - Fixed ServiceMenu Status of Rooting Allowed & Added choice if Superuser or SuperSu should be installed & install other RIC to prevent phones from rebooting @ System RW remount
    Updated to v23 - Fixed stupid script error.
    Updated to v24 - More robust NFC fix & unrooting improved
    Updated to v25 - Fixed Problems with SuperSU (SuperSU reported NOT rooted before) & updated to newest ADB version (be sure to have actual drivers installed!!)
    Updated to v26 - Fixed Problem with last step of mode 3. (Now rm -rf of busybox is used instead android one which misses -f flag)
    Updated to v27 - Fixed little script error and added a Linux version (chmod +x it yourself) [thanks to jamcswain for the unix script]
    Updated to v28 - Reboot issue fixed, NFC more stable fix (Mode 3)
    Updated to v29 - Small fixes
    Updated to v30 - Updated Busybox version, Added Rooting for Google Glass Explorer Edition (thx Saurik for the ab file)
    Updated to v31 - Added a improved Root-Method by Ariel Berkman (see here for details: http://seclists.org/fulldisclosure/2013/Jun/115)
    Updated to v32 - Added new Z1 14.1.G.1.534 Root method by cubeandcube
    Updated to v33 - More devices
    Updated to v34 - Z2 Tablet root
    Updated to v35 - removed the pwn binary on request!

    Notice:
    Normal Mode will not wipe any other data, dont worry! (only maybe your backgroud vanishes ;) )
    Special Mode CAN wipe your data, Rollback SHOULD restore, but to be sure backup you data somehow!
    New Mode SHOULD be able to root all new Sony Firmwares like 2.55 and higher where Normal mode was failing :) [thanks Goroh]


    Confirmed devices:
    Sony Xperia : S, T, P , Acro S, Ion , Tipo , Tablet S, Go, Sola, U, Z, ZL
    Google: Nexus 7 [UK Firmware] (thanks Paul O'Brien for test) [seems some firmwares to work and some don't, as i dont have this device myself i would appreciate reports with FW-versions]
    XTouch: X401
    Jiayu G2-S thanks txakar
    LG: P705 thanks mariolcneto, P7510 thanks fdothivanka
    HTC: One S thanks sebagsm, Sensation XL [ICS 4.03] thanks Koate via PM, Sprint's OTA ICS update on Evo3D seems incompatible, Desire S thanks to Krayt via PM
    Kyocera: Rise & Hydro thanks jmztaylor
    Samsung: Galaxy S2 thanks danroob
    Some more :)
    Ainol: Novo 7 Tornado 7 thanks anoperson
    Prestigio: MultiPad PMP5197D 9.7 ULTRA thanks logofreax
    HDC: I9300 S3 clone thanks PMmshprojects

    Additional info for SONY 2012 Owners:
    If your STOCK ROM does not have preinstalles Sony's Backup&Restore app please visit arielhezi thread, it may help you:
    http://xdaforums.com/showthread.php?t=1898240

    Older Versions:
    v35 - http://ul.to/a1ycrsqj
    v34 - removed
    v33 - Click
    v32 - http://ul.to/lsm7hw6t
    v31 - http://ul.to/z7krermj
    v30 - http://ul.to/qdwj779r
    v29 - http://ul.to/gmg1x5cn
    v28 - http://ul.to/k2yx2rmz
    v27- http://ul.to/8qh0ictt
    v26 - http://ul.to/45k0f6t7
    v25 - http://ul.to/ni1svkhk
    v24 - http://ul.to/zdb0h9lz
    v23 - http://ul.to/5kw7a8r9
    v22 - http://ul.to/4cn4kwd3
    v21 - http://ul.to/aa18qpkh
    v18 - http://ul.to/0fpyh5c5
    v17 - http://ul.to/xdevcthz
    v16 - http://ul.to/2vabz461
    v15 - http://ul.to/h44f6vni

    Regards
    30
    Not working on a Stock Xperia S... doesnt ask to restore... just reboots... and fails to chmod

    It works here, have you started the restore app ? On Xperia S you have to start the "Backup&Restore" app from menu and select the backup to restore manually.

    Regards
    27
    Confirmed working on a Canadian LG Optimus G (LG-E973) [Bell] using v15 of the toolkit.

    Android: v4.0.4
    Baseband: APQ8064/MDM9x15M
    Kernel: 3.0.21
    Build: IMM76L
    Software: E97310f

    FCC ID: ZNFE973
    Industry Canada #: 2703C-E973

    Video showing the toolkit on:
    • Xperia S
    • Xperia Tablet S
    • LG Optimus G (E973)
    23
    The RunMe.bat failed frequently.

    so Ive searched the adb backup format and found the following link

    http://nelenkov.blogspot.kr/2012/06/unpacking-android-backups.html

    It says the adb backup is a almost normal tarball.
    and Ive found the following method.

    Code:
    $ dd if=fakebackup.ab bs=1 skip=24 | openssl zlib -d >fakebackup.tar
    extract it using
    gzuncompress() like as in PHP.

    this is the stored order of the fakebackup.ab
    Code:
    $ tar tvf fakebackup.tar
    -rw-rw-rw- user/user      2093 2012-08-02 03:21 apps/com.android.settings/_manifest
    drwxr-xr-x user/user         0 2012-07-12 16:55 apps/com.android.settings/r/
    drwxrwxrwx user/user         0 2012-08-02 22:23 apps/com.android.settings/r/a/
    -rw-r--r-- user/user    524288 2012-08-02 22:22 apps/com.android.settings/r/a/[B][COLOR="Red"]file44[/COLOR][/B]
    -rw-r--r-- user/user    524288 2012-08-02 22:22 apps/com.android.settings/r/a/file50
    -rw-r--r-- user/user    524288 2012-08-02 22:22 apps/com.android.settings/r/a/file71
    -rw-r--r-- user/user    524288 2012-08-02 22:22 apps/com.android.settings/r/a/file72
    -rw-r--r-- user/user    524288 2012-08-02 22:22 apps/com.android.settings/r/a/file25
    -rw-r--r-- user/user    524288 2012-08-02 22:22 apps/com.android.settings/r/a/file49
    -rw-r--r-- user/user    524288 2012-08-02 22:22 apps/com.android.settings/r/a/file61
    -rw-r--r-- user/user    524288 2012-08-02 22:22 apps/com.android.settings/r/a/file34
    -rw-r--r-- user/user    524288 2012-08-02 22:22 apps/com.android.settings/r/a/file05
    -rw-r--r-- user/user    524288 2012-08-02 22:22 apps/com.android.settings/r/a/file78
    -rw-r--r-- user/user    524288 2012-08-02 22:22 apps/com.android.settings/r/a/file33
    -rw-r--r-- user/user    524288 2012-08-02 22:22 apps/com.android.settings/r/a/file39
    -rw-r--r-- user/user    524288 2012-08-02 22:22 apps/com.android.settings/r/a/file70
    ...

    and I just have made a new shell script named rooting.sh and its wrapper rooting.bat for win32 only for the Normal mode.
    adb_restore_rooting.png
    View attachment adb_restore_rooting-v1.0.zip
    View attachment adb_restore_rooting-v1.1.zip
    View attachment adb_restore_rooting-v1.2.zip
    View attachment adb_restore_rooting-v1.6.zip

    Summary
    • wait for the Backup agent runing by check the magic file "file44"
    • check /data/local.prop correctly
    • does not iterate forever.
    • does not install busybox
    • both win32 and Linux supported by same script. (the win32 port of busybox is used made by pclouds https://github.com/pclouds/busybox-w32 )

    Changes
    * update rooting.sh script
    * fakebackup-sorted.ab added for experiment (files are sorted using the pax and some shell script)
    * remove needless symlink tries.
    * support "adb root" case (ro.debuggable=1)
    Please see also
    http://xdaforums.com/showpost.php?p=31981511&postcount=540
    21
    point " 4)other " isn't working

    For which phone? IF you are using a Xperia NXT you have to choose option 3) LT26,LT22 etc.

    Regards