How to root stock 3.2

Search This thread
By:
Advanced…
T

timmyDean

Senior Member
Sep 8, 2011
315
213
Chicago
Ok, after messing around with 3.2 I decided to fix the rooting issues without downgrading. The problem with downgrading is it requires a SDCard and requires you to install a couple of programs and then to install an update.zip from the sdcard. I could not get half my ACER's to read and mount a sdcard, and some ACER's I have located in a remote office and trying to walk someone through the process was too painful. I tweaked the the downgrade tool's images to install 3.2 with root instead of downgrading it and jumping through hoops. All I did to the stock image is to copy the ash shell over to /system/xbin/su and set the sticky bit. Everything else is stock.


Update posted here, read thead http://xdaforums.com/showpost.php?p=20654298&postcount=129

New version V4

-- The instructions are in a PDF document inside the download --
== Version V4 ==
-- Added /system/subin/su which is a backup (backdoor) root in case an OTA deletes the /system/xbin/su
-- Set permissons on the su root(#) tool so OTA's shouldn't be able to break it.
-- Added drivers for XP

Summary:
Version V4 is the same as V3 with the only difference being that there is a NEW backdoor script which has some additional features to protect root(#) from getting broken when you do an OTA. I also applied these to this flash image so you wouldn't have to add the additional protection yourself. V4 also has the drivers for XP included. However, when taking an OTA you should also install the backdoor for additional protection. However, you cannot leave the backdoor installed as it turns off sound. So having a little more protection just might save your root in case you take an OTA and forget to install the backdoor.

Download it here: http://www.multiupload.com/NS0X5TK4D1

Alternative download location:
http://depositfiles.com/files/c6pr69ri6
http://www.fileserve.com/file/s2wCQpN/root-3.2.1-V4.7z
http://www.filesonic.com/file/jTA7AMN
http://www.filejungle.com/f/vRnfK5/root-3.2.1-V4.7z
 
Last edited:
  • Like
Reactions: nmat23, Johncpm, 1c3 and 53 others
B

bobby38

Senior Member
Apr 4, 2011
71
12
Which 3.2 update is it ? Fully working, no issues ? Good job. Is it power + volume down or volume up to go into recovery ? And is it possible to flash a custom kernel like Honeyvillain on this stock ROM ?
Thx :)
 
Last edited:
T

timmyDean

Senior Member
Sep 8, 2011
315
213
Chicago
It is the 3.2 OTA for WiFi that my Tablet picked up. It is total stock other than making a SU from the ash shell and putting it into /system/xbin.

Fully works, no issues, have used it on 8 ACER 500's with no issues.

To enter recover it is the left side of the volume button which is volume (-) oopps NOT (+) as I indicated.
 
Last edited:
fermunky

fermunky

Senior Member
Jun 11, 2007
1,163
59
Tampa, FL
Hah, saying Vol +/- is not intuitive on this device since when in landscape, Vol + is the "right" side, but in portrait mode Vol + is the "top" side.
 
J

JUGOMAN

Senior Member
Jan 7, 2011
161
25
no go

Hi, i can see my iconia uid from adb ( already installed in my pc) but
not from test.cmd, in the extracted package. Any ideas?

REPEATED STEPS 1-4 ( PER INSTRUCTIONS) ON 2 PC'S RUNNING W XP. SO FAR "NO GO" TEST.CMD CANNOT FIND PATH.... AND DOTNETDETECTER, THEREFORE, DOES NOT WORK.
 
Last edited:
J

jimmkd84

Member
Sep 19, 2011
5
0
will this wipe all the data on the tablet?

---------- Post added at 04:19 PM ---------- Previous post was at 03:40 PM ----------
JUGOMAN said:
Hi, i can see my iconia uid from adb ( already installed in my pc) but
not from test.cmd, in the extracted package. Any ideas?
Click to expand...
Click to collapse

same here i run the setup file and it installs but after i run test.cmd and it cant find it
 
T

timmyDean

Senior Member
Sep 8, 2011
315
213
Chicago
Sorry about the test.cmd not working. The script just calls adb.exe to make sure it is working and I have it installed in another directory that I did not include. I posted, to the original message an attachment, it is called fix-Test.7z that fixes the test.cmd. You should be able to just unzip it into the directory you created and run the test. The archive includes the adb.exe and dll's so the test.cmd should work. If you have adb.exe working you really don't the test.cmd, but I found out when talking someone through it (over the phone) this made sure that adb.exe was installed and they had the tablet USB Debugging turned on.

And it is a quick and easy way to get the serial number which you need to flash it.

Thanks,
Let me know if you have any more issues.
 
J

JUGOMAN

Senior Member
Jan 7, 2011
161
25
NO GO2

The attchment does fix the test.cmd "problem" but the next step, Dotnetdetecter, does not work. It re-installs the driver (?) then error "adb is old" or something like that. All packages in my computer's ADB are up to date. I think that the "target" directory in the DONETDETECTER IS NOT CORRECT. ANY IDEAS? btw GOOD WORK!!!!!
 
Last edited:
J

JUGOMAN

Senior Member
Jan 7, 2011
161
25
UPDATE

Installed, booted, but no root. Previous rom( acer update) was3.2 Gen 2, now 3.2 Gen 1. was worth a try.. Thank you... tablet is working just fine, just no root
 
Last edited:
a_rocklobster

a_rocklobster

Senior Member
Feb 16, 2011
134
10
jimmkd84 said:
does anyone know if flashing it this way will delete all your data on the tablet?
Click to expand...
Click to collapse

Yea. I've never done this before so I'm wondering the same thing.

Also
Idk about this test thing but if u type 'adb devices' it'll show you which devices (if any) are connected. I always use that as a test when i use the adb to install apks.
 
T

timmyDean

Senior Member
Sep 8, 2011
315
213
Chicago
bad adb

NO GO2 WROTE

The attchment does fix the test.cmd "problem" but the next step, Dotnetdetecter, does not work. It re-installs the driver (?) then error "adb is old" or something like that. All packages in my computer's ADB are up to date. I think that the "target" directory in the DONETDETECTER IS NOT CORRECT. ANY IDEAS? btw GOOD WORK!!!!!

Not sure what that would be. I just use the adb.exe and dlls that are in the fix.zip. Maybe you have a different version loaded?
 
T

timmyDean

Senior Member
Sep 8, 2011
315
213
Chicago
ROOT IS NOT in the apps. It is in the adb shell.

What this does is allows you to connect to the device using adb.exe shell and you will get the $ prompt.

at the $ prompt type su and press enter. You will get # and be in su mode.
Now you can do whatever you would like. What would that be, you might ask? Well you could do the following:
1. mount system as rw
2. Push your favorite su tools to the device so they are listed in the apps (busybox etc).

Again this gets you to 3.2 with the ability to have a SU when connected via the adb shell. I left the building of the tools and custom CW to you guys to do as you wish. Here's something else you could do.
1. Shell to it, and issue the SU
2. Mount system as rw
3. Push your favorite tools to where you want (busybox etc)
4. Take the recovery.img (in the zip) and dd dump it to the recovery partition. This will put clockwork on the device (1.5).
a. You should probably run itsmagic too.
5. Get everything the way you want it.
6. Reboot to recovery and CW will load.
7. Now with CW 1.5 loaded, you can build and make copies of your ACER and make them available to anyone you like. CW 1.5 does NOT require an external SDCARD.

Sorry, if I did not make it clear that this is just a SU that you have to use from the command line. If someone wants to give me the links to a SU apk, busybox, etc they'd like included I'd do it. It would only take a few minutes as I got hundreds of these ACER's to flash for our company. I just wanted to get SU, but what the heck, I could build it out if someone would like it that way. ACER really pee'd me off with this, and guess what? They left the ability to gain root in the 3.2 100. Why the 'Sam Heck' did they change the 500 3.2 so you cannot get root?

So, anything I can do to help let me know. Also, If you never want ACER to send you another update I can tell you how to fix that too. All you have to do is the following:
1. Get to the adb shell $
2. type su to get the # prompt
3. Now mount system as rw by doing the following:
a. mount -t rfs -o remount,rw system /system
4. Now rename the update tool by doing the following:
a. mv /system/app/FDUpdater.apk /system/app/FDUpdater.apk.old
mv /system/app/FWupdateService.apk /system/app/FWupdateService.apk.old
5. To get OTA then just reverse the process if you ever want ACER and their OTA to break your fleet of ACER Tablets by pushing silly updates that they think you want then you can undo it. The last I knew, I owned these ACER Tablets and I don't take kindly to them changing something that I do NOT WANT CHANGED. They should be sued, matter of fact, I think they are violating federal laws by destroying data on MY tablets. Anyway, off my soapbox.
 
Last edited:
  • Like
Reactions: BBAHunter and JUGOMAN
J

jimmkd84

Member
Sep 19, 2011
5
0
i have re run the new test.cmd and is working now, and have successfully run dotnetdetector but i dont want to proceed until someone can confirm if doing this will wipe all data on the tablet

appreciate it, great work btw dev!

---------- Post added at 05:05 PM ---------- Previous post was at 04:39 PM ----------

did this wipe the data on it?
 
T

timmyDean

Senior Member
Sep 8, 2011
315
213
Chicago
I did NOT test on the 501 so I do not know. If it was me, I would take the 501 stock images and put them in the kitchen and root them and then replace the ones in my zip with those or better yet, use CW to flash it in.

I think the ACER 501 has cell phone data connection doesn't it? I don't think the stock for WiFi only would be a good idea.

What ACER did on the 3.2 update (my opinion) was removed the Gingerbreak exploit and they removed the adb root exploit (they left the adb root exploit in on the 100). This is what many OEM's did, however many allow you to flash your own easier than ACER seems to want to let us. So if you got 3.2 NON-ROOTED loaded then there is no way to 'hack' out a root (just yet).

So how do you root it? You have to make a custom ROM and flash it. Now ASUS/Motorola/Samsung/Toshiba all allow you to flash your own ROM if you know what you are doing.

ACER seems to hide how to put the tablet into flash mode (if someone knows please let me know). Even if you did flash it they do want those ROMS running so they take each partition and calculate the MD5Sum and write it to, I think, partition #7. Therefore, if you do figure out how to flash in a new boot image or system image the tablet will not boot because the MD5Sums will not match (if you brick your tablet this way you are fubar). Fortunately, someone wrote a tool called itsmagic which you can run to tell the tablet to rebuild these. But if you fubar brick it before you get itsmagic run, I don't know how you get into flash mode using the keys so you'd be up a creek.

So, the 411 skinny on rooting an ACER with 3.2 is to get 3.2 off the device. Fortunately, they made an earlier flashing tool to flash in 3.0. I would guess this leaked out as a way for people to reflash to stock when they have issues.

Once you are on 3.0, you now can use Gingerbreak or the adb root exploit to root it. Once rooted, you can get CW loaded. CW allows you to install your own ROM's. Without CW you can only install ROM's signed by ACER and without ROOT you cannot install CW.

So, if you flash to the 3.0 now you are 'back to the future' in 3.0, you can root and install CW so you can now install a custom ROM from your SDCard.

What I would do is go get the STOCK ROM from ACER for your 501 device.

Once you have the stock ROM, you can use the kitchen tools to unzip the ACER ROM and root it to your liking. Now, re-zip it, but you cannot sign it with an ACER certificate so it will only install using CW. No, big deal because you got 3.0 loaded with CW. You boot to recovery CW and then run the update from your SDCard that you built in your kitchen.

This isn't really that hard to do if you're willing to read some documentation.
 
Last edited:
  • Like
Reactions: drkalo and maxx1973
T

timmyDean

Senior Member
Sep 8, 2011
315
213
Chicago
I have no idea if it wipes it clean totally. It does walk you through the setup again (like it was new out of the box) so I would assume most things would be wiped. I would back it up and not take the chance because it is best to be backed up.
 
Euclid's Brother

Euclid's Brother

Senior Member
May 3, 2011
954
264
Dallas, TX
www.interphaze.com
Just a note here. It says fully stock execpt root? i don't think that's entirely accurate. I believe that it's still downgrading the bootloader, otherwise you'd never be able to get CWM to run, as itsmagic doesn't work with the new bootloader. So your left with stock 3.2 ROM with adb/su abilities and pre 3.2 bootloader.

On another note, I believe step 17 is not needed. CWM run's itsmagic automatically on every boot. So just booting CWM and then rebooting to android should suffice.
 
You must log in or register to reply here.

Similar threads

Slowie911
How To Root An Acer Iconia A500
Replies
554
Views
713K
L
LONG KHOA
S
[HOWTO] Root for stock HC3.1
Replies
301
Views
292K
ZACQ8
ZACQ8
R
[ROM] Honeycomb 3.2 - HoneyVillain 1.2 A500/A501 18-09
Replies
804
Views
288K
zimphishmonger
zimphishmonger
vache
[ROM][ICS4.0.3] Taboonay 3.0.1 (28/02/2012)
Replies
3K
Views
963K
rayburne
rayburne
drkalo
[TUT] Revert OTA 3.2 back to 3.0.1
Replies
299
Views
240K
M
m1m1k

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 56
    T
    timmyDean
    Ok, after messing around with 3.2 I decided to fix the rooting issues without downgrading. The problem with downgrading is it requires a SDCard and requires you to install a couple of programs and then to install an update.zip from the sdcard. I could not get half my ACER's to read and mount a sdcard, and some ACER's I have located in a remote office and trying to walk someone through the process was too painful. I tweaked the the downgrade tool's images to install 3.2 with root instead of downgrading it and jumping through hoops. All I did to the stock image is to copy the ash shell over to /system/xbin/su and set the sticky bit. Everything else is stock.


    Update posted here, read thead http://xdaforums.com/showpost.php?p=20654298&postcount=129

    New version V4

    -- The instructions are in a PDF document inside the download --
    == Version V4 ==
    -- Added /system/subin/su which is a backup (backdoor) root in case an OTA deletes the /system/xbin/su
    -- Set permissons on the su root(#) tool so OTA's shouldn't be able to break it.
    -- Added drivers for XP

    Summary:
    Version V4 is the same as V3 with the only difference being that there is a NEW backdoor script which has some additional features to protect root(#) from getting broken when you do an OTA. I also applied these to this flash image so you wouldn't have to add the additional protection yourself. V4 also has the drivers for XP included. However, when taking an OTA you should also install the backdoor for additional protection. However, you cannot leave the backdoor installed as it turns off sound. So having a little more protection just might save your root in case you take an OTA and forget to install the backdoor.

    Download it here: http://www.multiupload.com/NS0X5TK4D1

    Alternative download location:
    http://depositfiles.com/files/c6pr69ri6
    http://www.fileserve.com/file/s2wCQpN/root-3.2.1-V4.7z
    http://www.filesonic.com/file/jTA7AMN
    http://www.filejungle.com/f/vRnfK5/root-3.2.1-V4.7z
    View
    19
    T
    timmyDean
    Rooted 3.2.1 V2 -- Fixed versions added tools

    Acer_A500_7.014.02_COM_GEN2 ROOTED
    Here’s the link http://www.multiupload.com/VD0L5WLQKK
    Version v2
    There is a V3 release http://xdaforums.com/showpost.php?p=20680452&postcount=137
    V3 installs all the tools for you

    ************** CHANGES ************************************
    Instructions are in the readme.pdf inside the zip

    I fixed the version numbers. When it flashed, it wasn’t setting the number correctly therefore it would redo the last update over again even though it was already on the tablet.

    Added a busyBox tool in the folder called busyBox where you will find installTools.cmd. This command script will install the superuser.apx, busybox, and su tool. This is what most of you would want instead of just the command line #(root). This does what chrishohl :) recommends (http://www.chdcomputers.gr/en/mnu-k...en/mnu-kb-android-a500-en/254-art-kb000005-en) to finish out your Acer rooting.

    ==================================================
    ******************** BACKDOOR UPDATE *********************
    ==================================================
    I added a little script that will build the backdoor for you. It is in the backdoor folder called backdoor.cmd. Just run this and it will set your adb shell to run as # (root).

    Also NOTE, if you reset your tablet (factory restore) you will loose your backdoor. You just run the backdoor.cmd and it will reset the backdoor.

    NO SOUND, when you have the backdoor enabled there appears to be no sound. So, you only want to use this before allowing a OTA to install.

    ==============================================
    ==Backdoor tool version 1.1 release notes===
    ==============================================

    Inside the backdoor folder is command script called backdoor.cmd.
    -------------------------------------------------------------------------
    Please select a option.
    Note: It is assumed you have su installed.
    -------------------------------------------------------------------------
    1. Turn ON backdoor (sound will be off).
    2. Turn OFF backdoor.
    3. Reset missing sticky bit on /system/xbin/su
    (must have backdoor on and rebooted)

    4. Quit (and reboot).
    5. Exit (no reboot).
    -------------------------------------------------------------------------

    This tool can be used to toggle On/Off the backdoor. When you install OTA updates these OTA’s run scripts that reset all the security permissions thereby removing the ‘sticky bit’ on your installed SU and hence removing root. The idea behind the backdoor is to install an alternate # (root) that the scripts won’t know about. To do this, we set the ro.kernel.qemu=1 flag inside the data/local.prop file therefore when you enter the ‘adb shell’ you immediately have # (root).

    This alternate # (root), I call a backdoor. Named such after the movie Wargames where the ‘geeks’ told Lightman that they install a backdoor into systems incase they ever want to get back into a system after someone changes security. And sense Lightman was trying to hack the WOPR (pronounced whopper) and staying one step ahead of Acer is a whopper of a challenge, it seemed appropriate.

    The downside is that if you have the backdoor on, it seems to turn off sound on the Acer. Therefore, I turn it on only before I run an OTA and then turn it back off after the OTA.

    So far, the backdoor has allowed me to get back in as root if the OTA changes security. However, it might too be plugged by the evil Acer empire. But for now it seems to work. If anyone has any other backdoor approaches then please share them (I have a couple more if Acer plugs this one), but making and using a backdoor has been my frontline defense.

    ==================================================
    ************** Toggle On/Off OTA version 1.1 *******************
    ==================================================

    Inside the OTA-Toggle folder is a command program called toggle.cmd
    -------------------------------------------------------------------------
    Please select a option.
    Note: It is assumed you have su installed or the backdoor.
    -------------------------------------------------------------------------
    1. Turn Off OTA.
    2. Turn On OTA.

    3. Quit.
    -------------------------------------------------------------------------

    So, if you’re like me and you do not like Acer hacking into your privately owned tablet and destroying data, you just might want to lock them out. This tool (assuming you have root or the backdoor installed), will allow you to turn off OTA’s.

    Once turned off, you will not be nagged or bothered with OTA’s ever again until you turn them back on.
    View
    16
    C
    chrishohl
    How to root stock 3.2 Extended

    Hello to all,

    I have created a nice How To about timmyDean's first post in this thread and extend it with the files and instructions needed in order to be completely root, not only in adb shell.

    It is a little big so I posted it in my website here http://www.chdcomputers.gr/en/mnu-kb-fus-en/mnu-kb-android-en/mnu-kb-android-devices-en/mnu-kb-android-a500-en/99-art-kb000005-en

    I have tested the whole procedure three times in three A500 that we have, for our development needs, with success.

    The how to also answers many questions asked here about the procedure. So go ahead and read it and tell me what you think or if you have any questions.

    Thank you,

    Christos Hohlidakis
    View
    13
    T
    timmyDean
    Rooted 3.2.1 V3 -- Released

    Version V3 released
    http://www.multiupload.com/MQ6V790WUX
    V3
    -- In this version I simplified getting the Serial number of your tablet making it easier to flash. Please read the instructions in the readme.pdf. Many people were struggling trying to load ADB drivers and the ADB tools which the instructions said you needed to load first so you could get your serial number. The flashing tool actually loads the drivers and tools therefore, all you have to do is run the test.cmd after the drivers are loaded to get the serial number. This is now documented better, also you should not have to save the serial number in the CPUID.txt file, so I removed it.

    -- I fixed the checksums during the flashing therefore you do not need to boot to recovery mode and fix them using CWM. Now your tablet will just reboot correctly after the flash.

    -- I added into the flash, Busybox and SU tools for you. No need to add them later.

    Bottom-line, if you installed V2 there is nothing new. V3 is just for those that struggled getting ADB working for their serial number and those that struggled installing the tools. Also, many people 'freaked' when their tablet didn't boot after the flash, because they did not read. Or they struggled with pushing the correct buttons to get into recovery mode to fix the checksums.

    Enjoy,
    TD
    View
    4
    T
    timmyDean
    Barafu Albino Cheetah said:
    Do I get it right that this backdoor idea will not allow me to upgrade from rooted 3.1 to rooted 3.2 with OTA?
    Click to expand...
    Click to collapse

    No, the backdoor idea is exactly what it says it is. It is a way to get back into a system after they change security when you install an OTA.

    To understand what happens during an OTA, is that it is only doing an update. Meaning they update the /system folder and replace (sometimes only updating) everything in /system/app. They may also update the boot and other areas of the device such as / (root folder). However, they don't wipe it totally clean (or most don't). That's why when you get an OTA, for example, you don't have to type in all your contacts again etc. Or reload all your applications you installed from the Marketplace.

    During this update process, the last thing they do is reset all the permissions recursively in the /system folder to their default and in doing so remove the 'sticky bit' that gives you root. Most people consider rooting as loading busybox, su, and a Superuser.apk. If you look after the update, you will see su and busybox (normally) are still loaded, just the permissions have the 'stick bit' removed. The Superuser.apk will be missing because they often replace the /system/app folder.

    So, what happens in the Android market, is OEM's fix things and push updates. Fix to WiFi, GPS, NetFlex etc and push an update. After the update, the user finds root (#) not working. So they use the exploit that gave them root and re-root the device. Unfortunately, as fast as developers are finding exploits, OEM's are patching them.

    In the ACER 3.0.1 there are several exploits to gain root(#) access that have been removed in 3.2.1. Therefore, if you do the OTA's you loose root and then you try to use your exploit to gain root, you get a surprise. The OEM has patched that hole.

    So, what you do is create a backdoor that allows you to gain root access outside the normal /system folder and 'sticky bit'. Therefore, when an update occurs, you can get back in as root.

    Now, for the ACER. If you have an a500 ACER 3.0.1 Stock, then you can gain root by simply using GingerBreak (Iconiaroot for example). However, if you take OTA's you will loose root and GingerBreak will no longer work. So, since you have root, you create a backdoor, now when you apply the OTA's and it removes the GingerBreak exploit; all you have to do is use your backdoor to get back in as root and set back up bussybox, su, and Superuser.apk.

    == Now the current state of the a500 ACER ===
    Earlier versions of the a500 had exploits that we used to gain root. These exploits were all removed in 3.2x. What people found out, was that if they had root they lost it once they upgraded. Or, if they bought it new, and it had 3.2x there was no way to root it.

    Therefore, the only solution, at first was to rollback your device to an earlier version that allowed rooting and to stay there or use CWM to apply a modified update of 3.2x with root. Using CWM is a major tool used to replace ROM's or replace with custom ROM's.

    However, now the catch 22. In 3.2x, ACER locked the bootloader and by doing so, it prevents you from installing CWM. Because you cannot install CWM, you cannot install custom ROM's or custom updates.

    3.2x closed all known exploits, but ACER left the ability to rollback to an earlier version. If they would not have done that, then we'd be stuck (screwed). So, you basically have to rollback to a version you could exploit and then stay there, or load a custom ROM, or install CWM and install a modified update.zip to get you to 3.2x.

    If you don't want to stay there and want to apply OTA's then you have to build a backdoor so you can get back in after the OTA's remove your normal root(#).

    Hope this helps,
    TD
    View

New posts