[HOWTO] manual rooting of Galaxy Tab (EURO)

blacklevel · Dec 3, 2010

This howto is for those people who are unable to root their Galaxy Tab using any of the automated procedures and do not suffer from CLPS (command-line-phobia-syndrome).

My story: After upgrading my EURO (GSM) Galaxy Tab to JM6 my persistent efforts to root the device using either the z4root or SuperOnClick methods have all been unsuccessful. z4root (v1.3.0) kept crashing at different stages, apparently depending on which and how many background apps were running. With SuperOneClick I never managed to get beyond the "changing permissions" stage.

Since both methods are basically wrappers of the rageagainstthecage application, I tried to perform the rooting procedure manually. Guess what, that worked without any problem and it is pretty easy to do.

The basic steps of the rooting process are:

1) use rageagainstthecage to get a temporary root shell
2) use the temporary root shell to copy three files to the read-only system partition the device

While I find the outlined procedure straightforward, you may not. Anyhow, try this at your own risk.

==== Prerequisites ====

I used Ubuntu 10.10 for this, but it should work on any other distro and on Windows just as well. Whatever OS you use, you need a working adb connection to your Galaxy Tab. Odin or Kies are of no use here.

You need the following binaries
* su
* busybox
* Superuser.apk
* rageagainstthecage

To get the all required files, simply download "SuperOneClickv1.5.5-ShortFuse.zip". That's what I used.
Get it here: http://xdaforums.com/showthread.php?t=803682

Extract the contents of the ZIP, open a command-prompt on your computer and change to the directory where the extracted files are located.

Some advice if shell commands are not your regular cup of tea.
The following instructions show the shell commands. Some are executed on the host computer. Others are executed on the Galaxy Tab. You can differentiate between the two easily: All commands which start with "> " need to be executed in a shell on the host computer. Commands which are prefixed with "$ " are executed on the Galaxy Tab. In both case the ">" and the "$" must not be typed. If you copy+paste from this howto, make sure only to copy the commands and leave out the prompt.

==== Step 1: getting a temporary root shell ====

Copy the rageagainstthecage exploit to a temporary directory.

Code:

> adb push rageagainstthecage /data/local/tmp
263 KB/s (5392 bytes in 0.020s)

Change the file permissions and execute the exploit.

Code:

> adb shell
$ cd /data/local/tmp
$ chmod 777 rageagainstthecage
$ ./rageagainstthecage

[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
(other output truncated)

Your shell session will be terminated which will throw you back to the regular command prompt of your host computer.

==== Step 2: restart adb server ====

Now stop and restart the adb server process.

Code:

> adb kill-server
> adb start-server
* daemon not running. starting it now *
* daemon started successfully *

Now reconnect to the Galaxy Tab again. Notice the '#' prompt. This means you have a temporary root shell now. We use this to execute some privileged commands which make the rooting permanent.

==== Step 3: making it permanent ====

First, make the system partition writeable. We need this to be able to copy su, busybox and Superuser.apk to the required locations. Then exit the android shell again.

Code:

> adb shell
# mount -o remount,rw -t rfs /dev/block/stl9 /system
# exit

Now we push busybox and su via adb. Then we install Superuser.apk.

Code:

> adb push busybox /system/bin
> adb push su /system/bin
> adb install Superuser.apk

The final steps are to change the file permissions for su and busybox and then remount the system partition as read-only again.

Code:

> adb shell
# chmod 4755 /system/bin/busybox
# chmod 4755 /system/bin/su
# mount -o remount,ro -t rfs /dev/block/stl9 /system 
# exit

That should be all. Try a reboot and some apps which require root, like Titanium Backup. The Superuser.apk should popup a dialog requesting permission.

Hope this helps. Happy rooting.

[update]
This process worked for JMA and JMD as well.
"adb install" Superuser.apk instead of "adb push"
[/update]

hartyshow · Dec 3, 2010

It will help me !
Merci ;-)

DavidThompson256 · Dec 3, 2010

Fantastic! This is just what I was looking for, thank you! I feel dumb now, because I started a thread of my own right as you posted this. You must just type faster than me

I ran a quick test, and it all looks good. One quick question actually. Why do you mount like this:

Code:

# mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system

When most instructions for the Galaxy Tab have you doing something like this:

Code:

# mount -o remount,rw -t rfs /dev/block/stl9 /system

I'm not saying it is wrong, in fact, it actually worked for me. I'm just curious as to why it works like that? My understanding of mounting partitions and such in Linux is a little bit weak, so I like to indulge my curiousity by bugging fine people like yourself

Anyway, thanks again, this did exactly what I needed it to. Well done, I appreciate it.

blacklevel · Dec 3, 2010

DavidThompson256 said:
One quick question actually. Why do you mount like this:

Code:

# mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system

When most instructions for the Galaxy Tab have you doing something like this:

Code:

# mount -o remount,rw -t rfs /dev/block/stl9 /system

I'm not saying it is wrong, in fact, it actually worked for me. I'm just curious as to why it works like that? My understanding of mounting partitions and such in Linux is a little bit weak, so I like to indulge my curiousity by bugging fine people like yourself

Thanks for pointing that out! Actually both the filesystem type and blockdevice name were totally wrong. Apparently the mount command ignores both parameters - at least when they are wrong.

I just verified this as self-punishment for not paying attention:

Code:

# mount
(...)
/dev/block/stl9 /system rfs ro,relatime,vfat,log_off,check=no,gid/uid/rwx,iocharset=utf8 0 0
(...)

/system is mounted read-only to /dev/block/stl9. This is the normal state of things.

Now I remount this without the fstype parameter and using a wrong blockdevice name:

Code:

# mount -o remount,rw /dev/block/xyz /system
# mount
(...)
/dev/block/stl9 /system rfs rw,relatime,vfat,llw,check=no,gid/uid/rwx,iocharset=utf8 0 0
(...)

Surprise, this actually remounts /system in read-write mode. This is why my original howto worked despite using the wrong parameters.

Thanks again. I corrected the HOWTO.

leonreijnders · Dec 4, 2010

It works for me, but i get now error message: The application calendar save (proces com.android.providers.calendar) is unexpecly stopt. Try again. Forced closing
I had this also with SuperOneClick.
When i want to start the calender in the applications i get it also.
The application wil not run anymore.
How can i resolved this.
Thnx

blacklevel · Dec 4, 2010

leonreijnders said:
It works for me, but i get now error message: The application calendar save (proces com.android.providers.calendar) is unexpecly stopt. Try again. Forced closing
I had this also with SuperOneClick.
When i want to start the calender in the applications i get it also.
The application wil not run anymore.
How can i resolved this.
Thnx

That is strange. The result of the rooting process is just adding three files to the system partition. I find it hard to believe that this could lead to the problem you describe. However, while experimenting with z4root I had the the effect that there were many rageagainstthecage processes running in the background and the Galaxy Tab slowed down considerably. Perhaps there is something similar going on.

Have you tried rebooting after completing the rooting process?

Try shutting down the Tab completely.After rebooting get a shell on the Tab with "adb shell" and execute "ps". That shows the process list. If that looks normal, I would try a factory reset of the device. Which ROM version are you running?

Cliffro · Dec 13, 2010

BlackLevel: Thank you soooooooooo much... I don't get how to hit the Thanks Meter thing, but here is the old fashioned way. I used a MacBook to accomplish your perfect, step by step rooting of an AT&T Galaxy Tab i987. It helps that I'm more comfortable at the command line than with most GUI systems.

I could put this into a bash script, but that could be dangerous. People really need to look at whats happening with 'adb' and have some idea of what adb is for. I did renamed your 'adbmac' to 'adb', then I could cut and paste from your instructions except for adding ./ before the adb... ie. ./adb shell

Again, wonderful work at pulling this all together in one place.

Jeff

Squishie · Dec 15, 2010

This guide worked perfectly! I love a nice quiet clean root and it doesn't get any better than this. You my friend deserve a cookie!

jammysunny · Dec 17, 2010

Hi Guys,
I flashed to JMA, rooted it with One Click Root, and everxthing seemdet to be okay, but activating OCLF failed....is there anybody with the same problem?

Jan

mbaroukh · Dec 19, 2010

Thanks a lot !. It's clean and doesn't need a kies ...
Just a question : after reboot I have to use "su" after "adb shell" to become root.
Is there any way to be root directly after adb shell ?

And thanks again ...

Mike

blacklevel · Dec 26, 2010

mbaroukh said:
Just a question : after reboot I have to use "su" after "adb shell" to become root.
Is there any way to be root directly after adb shell ?

The reason is that "/sbin/adbd" (the adb daemon) is running as the shell user. It would need to run as root user instead. This requires changes to the initial ram disk where adbd the relevant settings are stored.

gklyne · Dec 29, 2010

Dealing with "insufficient permissions for device"

Thanks, this worked for me.

One small thing: running from a Linux sustem (Ubuntu 9.04), to overcome a "insufficient permissions for device" problem, I had to put my Ubuntu terminal session into su mode and restart the ADB server -- cf. groups.google.com /group/android-discuss/browse_thread/thread/f85a795644e65b59?pli=1 :
[[
adb kill-server
sudo adb start-server
adb devices
]]

blacklevel · Dec 29, 2010

gklyne said:
One small thing: running from a Linux sustem (Ubuntu 9.04), to overcome a "insufficient permissions for device" problem, I had to put my Ubuntu terminal session into su mode and restart the ADB server -- cf. groups.google.com /group/android-discuss/browse_thread/thread/f85a795644e65b59?pli=1 :
[[
adb kill-server
sudo adb start-server
adb devices
]]

Thanks for the feedback. On my Ubuntu 10.10 adb runs under my regular user-id (1000) and I do not have to use sudo or run the local adb server as root. That might be due to the way the udev rules are set up. Mine are rather unrestrictive and look like this:

Code:

$ cat /etc/udev/rules.d/51-android.rules
SUBSYSTEMS=="usb", SYSFS{idVendor}=="0bb4", MODE="0666"
SUBSYSTEMS=="usb", SYSFS{idVendor}=="04e8", MODE="0666"

How do yours look like?

the incredible · Dec 29, 2010

Which is the more simple method for root of galaxy tab euro ?are there ?

blacklevel · Dec 29, 2010

the incredible said:
Which is the more simple method for root of galaxy tab euro ?are there ?

Try z4root or SuperOneClick. Both methods are wrappers of the rageagainstthecage exploit and try to automate the manual process outlined here.

JanovPelorat · Jan 4, 2011

This thread should be a sticky. Worked like a charm.

the incredible · Jan 4, 2011

z4root is very simple method..thanks.

cowgaR · Jan 4, 2011

thanks to Germany...

I agree, this thread should be sticky. Finaly some sense in android devel section...

gummo6869 · Jan 5, 2011

Thank you very much for your guide!

I followed all the instructions in your guide, everything seems fine until I try to push the busybox and su to my Galaxy Tab.

blacklevel said:
Now we push busybox and su via adb. Then we install Superuser.apk.

Code:

> adb push busybox /system/bin > adb push su /system/bin > adb install Superuser.apk

[/update]

I received an error: "failed to copy 'busybox' to '/system/bin/busybox' : No space left on device\"
the same error for the 'su' too

(No space left on device) is impossible, my tab is brand new sealed when i got it.
I have been trying the z4root and SuperOneClick procedure to root this tab but are all unsuccessful.

I am not sure if it is because of my tab needed a "NAND unlock" (I cannot find any guide about the NAND unlock) because I received this message when I tried to install busybox from the market.

Please help! My tab is carrier locked to Bell Canada, I really wanna to unlock it and root it~

Thanks!

blacklevel · Jan 5, 2011

gummo6869 said:
I received an error: "failed to copy 'busybox' to '/system/bin/busybox' : No space left on device\"
the same error for the 'su' too,

The `no space left on device` message indicates that the /system partition is still read-only. That means the mount command in step 3 was unsuccessful. Did you get any error message when you executed it?

[HOWTO] manual rooting of Galaxy Tab (EURO)

Member

Senior Member

Member

Member

Member

Member

Member

Senior Member

Senior Member

Member

Member

New member

Member

Senior Member

Member

Member

Senior Member

Senior Member

Member

Member

Similar threads

Top Liked Posts