How to root stock 3.2

Search This thread
By:
Advanced…
C

chrishohl

Member
Oct 6, 2010
49
35
Heraklion Crete
How to root stock 3.2 Extended

Hello to all,

I have created a nice How To about timmyDean's first post in this thread and extend it with the files and instructions needed in order to be completely root, not only in adb shell.

It is a little big so I posted it in my website here http://www.chdcomputers.gr/en/mnu-kb-fus-en/mnu-kb-android-en/mnu-kb-android-devices-en/mnu-kb-android-a500-en/99-art-kb000005-en

I have tested the whole procedure three times in three A500 that we have, for our development needs, with success.

The how to also answers many questions asked here about the procedure. So go ahead and read it and tell me what you think or if you have any questions.

Thank you,

Christos Hohlidakis
 
  • Like
Reactions: kikosan, Duckman33, deltafire006 and 13 others
M

mur466

Member
Jun 2, 2008
7
0
Nice job, chrishohl.
Could you please add an advice how to backup and restore all data and installed programs. At least recommend a backup/restore app that you tested, which can handle this job.
 
maxx1973

maxx1973

Member
Sep 18, 2008
34
2
Florence
timmyDean said:
I did NOT test on the 501 so I do not know. If it was me, I would take the 501 stock images and put them in the kitchen and root them and then replace the ones in my zip with those or better yet, use CW to flash it in.

I think the ACER 501 has cell phone data connection doesn't it? I don't think the stock for WiFi only would be a good idea.

What ACER did on the 3.2 update (my opinion) was removed the Gingerbreak exploit and they removed the adb root exploit (they left the adb root exploit in on the 100). This is what many OEM's did, however many allow you to flash your own easier than ACER seems to want to let us. So if you got 3.2 NON-ROOTED loaded then there is no way to 'hack' out a root (just yet).

So how do you root it? You have to make a custom ROM and flash it. Now ASUS/Motorola/Samsung/Toshiba all allow you to flash your own ROM if you know what you are doing.

ACER seems to hide how to put the tablet into flash mode (if someone knows please let me know). Even if you did flash it they do want those ROMS running so they take each partition and calculate the MD5Sum and write it to, I think, partition #7. Therefore, if you do figure out how to flash in a new boot image or system image the tablet will not boot because the MD5Sums will not match (if you brick your tablet this way you are fubar). Fortunately, someone wrote a tool called itsmagic which you can run to tell the tablet to rebuild these. But if you fubar brick it before you get itsmagic run, I don't know how you get into flash mode using the keys so you'd be up a creek.

So, the 411 skinny on rooting an ACER with 3.2 is to get 3.2 off the device. Fortunately, they made an earlier flashing tool to flash in 3.0. I would guess this leaked out as a way for people to reflash to stock when they have issues.

Once you are on 3.0, you now can use Gingerbreak or the adb root exploit to root it. Once rooted, you can get CW loaded. CW allows you to install your own ROM's. Without CW you can only install ROM's signed by ACER and without ROOT you cannot install CW.

So, if you flash to the 3.0 now you are 'back to the future' in 3.0, you can root and install CW so you can now install a custom ROM from your SDCard.

What I would do is go get the STOCK ROM from ACER for your 501 device.

Once you have the stock ROM, you can use the kitchen tools to unzip the ACER ROM and root it to your liking. Now, re-zip it, but you cannot sign it with an ACER certificate so it will only install using CW. No, big deal because you got 3.0 loaded with CW. You boot to recovery CW and then run the update from your SDCard that you built in your kitchen.

This isn't really that hard to do if you're willing to read some documentation.
Click to expand...
Click to collapse


Thanks for this explanation; but for me could be a problem :)
I don't have all this knowledge and i should start study how to, from what is a kitchen to, cooking a rom and that could be a beautiful thing and a great hobby, but my limited time disponibility in this moment can't help me.
Now i think i have 2 choices: wait for icecream and hope something change in root options or using the revert to back on 3.0.1 and put on my A501 a coocked rooted rom on 3.2....
be or not to be...:D
 
teflontactics

teflontactics

Member
Sep 27, 2011
44
7
mur466 said:
Nice job, chrishohl.
Could you please add an advice how to backup and restore all data and installed programs. At least recommend a backup/restore app that you tested, which can handle this job.
Click to expand...
Click to collapse

Titanium backup will allow you to backup your entire tablet with ease.
Make sure the files it backs up (the ones under the titanium backup folder) are either on the external SD, or backed up to the computer before you try anything though, as the internal 'sd' will likely get wiped.
 
  • Like
Reactions: mur466
J

JUGOMAN

Senior Member
Jan 7, 2011
161
25
ROOTED!!!

TIMMYDEAN OPPENED THE "DOOR" TO ROOTING, chrishohl ADB INSTALL, COMPLETED THE "ROOT" FOR MY ICONIA. NOW FULLY ROOTED HC 3.2!!!!!
THANK YOU VERY, VERY MUCH!! WORKED LIKE A CHARM.
 
Last edited:
C

chrishohl

Member
Oct 6, 2010
49
35
Heraklion Crete
mur466 said:
Nice job, chrishohl.
Could you please add an advice how to backup and restore all data and installed programs. At least recommend a backup/restore app that you tested, which can handle this job.
Click to expand...
Click to collapse
Right now we are only using our devices for development purposes, we are not using them for everyday tasks. Because of that we haven't deal with backup / restore yet, so I have nothing to recommend you except the Titanium Backup, like teflontactics said. However one issue with Titanium is that it requires root to do the job but it is the best of its kind...
 
P

piotrdev

Member
Oct 8, 2011
6
2
Hi there,
I just tried this method and it did work like a charm with the first trial. SU works from terminal emulator.

UPDATE:
After following this procedure Market and other Google apps did not work (said "No connection" even though there was wifi connection). I did what is shown in here: androidtablets. net /forum /sylvania-tablets /12539-market-2-2-sylvania-disco-work-progress-14.html#post94294 and now the device is fully ok!
 
Last edited:
  • Like
Reactions: chrishohl
T

traceedwards

Member
Apr 26, 2009
23
4
A big thanks to timmyDean & chrishohl for your efforts

Nice job guys

Unfortunately I dont have enough posts to 'thank' you both
 
Last edited:
T

timmyDean

Senior Member
Sep 8, 2011
315
213
Chicago
Thanks Christos Hohlidakis for helping make this happen, nice post. Like you, we develop software for our business and need total control over our devices. Why ACER would do such a hard lock on 3.2 has us amazed.

The problem with anyone that does NOT allow rooting is missing the business world! Not everyone that runs a tablet/cell is a consumer.

Just think of a business where the company has hundreds of employees which they issue cell phones and tablets to. Now why should my devices (some with data plans) have facebook/chat/social programs loaded? Why would you want your employees to install software? Why should they be able to destroy company data by erasing it accidental or on purpose? We do not provide these devices to employees so they can twitter or facebook their days away.

Rooting allows us to remove all the stuff we do NOT want run by an employee on company tablets. Secondly, we can install our company sales applications so it can not be removed and is secure. Then we remove root.

A perfect business requirement for one of our apps, is for a hospital that wants to use tablets to control medical records (or clinics). A person walks in, the clerk hands them a tablet with all the forms on it and their medical records. Mr TimmyDean, please have a seat, review these forms, fill out current information, and sign them. When done, click transmit and your records will be sent to the Doctor's tablet which will be used during your visit. Anyway, you get the point, do you think you can sell such an application 'Heck yes' but we don't make hardware so you have to go buy the tablets from someone else and you better be able to tell the hospital how to secure the heck out of them and by gosh, when you demo it to the hospital management team you better NOT have facebook and Internet icons showing up.

Anyway, off my soapbox (well not just yet)

MFG should do this: All tablets have root and a default password.

1. You need to physically connect the tablet to your computer. Once connected via a cable, you now need to enter the default password.
2. Now you set your password, heck maybe that's forced upon you if you insist on forcing something.
Rules:
a. You cannot get root unless you physically connect it therefore someone cannot do it via an application.
b. If you forget the root password then you have to use the OEM reset keys which wipes it clean.
c. To keep from using the same factory password for root on all devices, assign the password to the device serial number.

Bottom-line, anyone having a Linksys router knows what I'm talking about. You get a default password and if you forget it, you wipe it clean with the paperclip reset, but Linksys doesn't stop me from changing anything I want.

Also, for anyone that says it breaks the warranty, I say BIG DEAL and do the MATH. I sell the medical records application to a hospital and they save millions in cost each year. So what if because they rooted it they cannot get ACER to warranty repair a $400 tablet.
 
Last edited:
C

chrishohl

Member
Oct 6, 2010
49
35
Heraklion Crete
timmyDean said:
Thanks Christos Hohlidakis for helping make this happen, nice post. Like you, we develop software for our business and need total control over our devices. Why ACER would do such a hard lock on 3.2 has us amazed.

The problem with anyone that does NOT allow rooting is missing the business world! Not everyone that runs a tablet/cell is a consumer.

Just think of a business where the company has hundreds of employees which they issue cell phones and tablets to. Now why should my devices (some with data plans) have facebook/chat/social programs loaded? Why would you want your employees to install software? Why should they be able to destroy company data by erasing it accidental or on purpose? We do not provide these devices to employees so they can twitter or facebook their days away.

Rooting allows us to remove all the stuff we do NOT want run by an employee on company tablets. Secondly, we can install our company sales applications so it can not be removed and is secure. Then we remove root.

A perfect business requirement for one of our apps, is for a hospital that wants to use tablets to control medical records (or clinics). A person walks in, the clerk hands them a tablet with all the forms on it and their medical records. Mr TimmyDean, please have a seat, review these forms, fill out current information, and sign them. When done, click transmit and your records will be sent to the Doctor's tablet which will be used during your visit. Anyway, you get the point, do you think you can sell such an application 'Heck yes' but we don't make hardware so you have to go buy the tablets from someone else and you better be able to tell the hospital how to secure the heck out of them and by gosh, when you demo it to the hospital management team you better NOT have facebook and Internet icons showing up.

Anyway, off my soapbox (well not just yet)

MFG should do this: All tablets have root and a default password.

1. You need to physically connect the tablet to your computer. Once connected via a cable, you now need to enter the default password.
2. Now you set your password, heck maybe that's forced upon you if you insist on forcing something.
Rules:
a. You cannot get root unless you physically connect it therefore someone cannot do it via an application.
b. If you forget the root password then you have to use the OEM reset keys which wipes it clean.
c. To keep from using the same factory password for root on all devices, assign the password to the device serial number.

Bottom-line, anyone having a Linksys router knows what I'm talking about. You get a default password and if you forget it, you wipe it clean with the paperclip reset, but Linksys doesn't stop me from changing anything I want.

Also, for anyone that says it breaks the warranty, I say BIG DEAL and do the MATH. I sell the medical records application to a hospital and they save millions in cost each year. So what if because they rooted it they cannot get ACER to warranty repair a $400 tablet.
Click to expand...
Click to collapse
Hi timmyDean,

First of all I TOTALLY agree with you in all aspects of your post.

We write software for the health business too, especially in dialysis division, and we use the tablets for medical records and patient monitoring when they are in dialysis session.

When this project started ALL of the nurses that had to record the vitals of the patients in the tablets were browsing the internet or chat in fb instead and after we block them with the firewall then they started to play games!!!

So the need to have Administrator Controlled ROOTED devices for such purposes (Just like you pointed out with the linksys paradigm) is HUGE. It would make our lifes a lot easier.

Furthermore I don't understand why the warranty should be voided if you root your device. I think that Acer and other manufactures have the resources to build a warranty system that covers Hardware issues separately from firmware ones. Let's say for example that I have rooted my device and sometime the touchscreen becomes unresponsive because of hardware malfunction (in warranty), why I must pay for the repair and a non rooted user does not?

Anyway thanks a lot for your work and keep it coming!

Christos
 
A

Azuske

Senior Member
Jan 31, 2009
622
381
Tampa, Florida
I'm having a lot of issues with this. Its on stock 3.2 directly from the store so the rom has been untouched. When ever I try to use the dotnetdetecter.exe i get the "adb not up to date daemon" notice and it wont allow me to continue with the rooting process... ive tried everythin including downloading the new test.cmd and im getting the same results... please help soon
 
Euclid's Brother

Euclid's Brother

Senior Member
May 3, 2011
954
264
Dallas, TX
www.interphaze.com
JUGOMAN said:
TIMMYDEAN OPPENED THE "DOOR" TO ROOTING, chrishohl ADB INSTALL, COMPLETED THE "ROOT" FOR MY ICONIA. NOW FULLY ROOTED HC 3.2!!!!!
THANK YOU VERY, VERY MUCH!! WORKED LIKE A CHARM.
Click to expand...
Click to collapse

once again, an FYI to everyone using this. You end up with the 3.1 bootloader. Don't assume your fully stock with root. You (probably) can't do another FTA update after doing this. The end result is the same as flashing a pre-rooted 3.2 ROM that has the new bootloader removed.

However, I think this is a great tool for those that updated to 3.2 and want root back. Thanks timmyDean for this work. I just don't want peeps thinking they are fully stock and able to do FTA's w/o risk.
 
A

AlexWS

New member
Oct 25, 2011
1
0
Worked like a charm

Thanks I was waiting for this since a month ago!! Worked great!! Keep going! and good job!! Also I want to thank to the guys from chdcomputers.gr too!! No issues, just followed the instructions and voila!
 
F

freedom1776

Member
Mar 6, 2011
7
0
Wuhan
hi here
i read all the article you wrote in the link upon and i try to translate it into chinese in order to let more people to know this.
but when i read the 27th step's of "27. Download this file and unzip it anywhere you want.",i didn't see any link or attachement of the file.where can i download them?

thank you,
freedom li
 
C

chrishohl

Member
Oct 6, 2010
49
35
Heraklion Crete
Euclid's Brother said:
once again, an FYI to everyone using this. You end up with the 3.1 bootloader. Don't assume your fully stock with root. You (probably) can't do another FTA update after doing this. The end result is the same as flashing a pre-rooted 3.2 ROM that has the new bootloader removed.

However, I think this is a great tool for those that updated to 3.2 and want root back. Thanks timmyDean for this work. I just don't want peeps thinking they are fully stock and able to do FTA's w/o risk.
Click to expand...
Click to collapse
Actually I never looked at the boot loader version with this update.
However I did check it (binary compare) with my previous O.T.A. 3.2 update and the boot loader was the same.
Unfortunately I don't have my previous 3.1 files to check with them but I assume that my previous boot loader was changed with O.T.A. So it is safe to say that this update is a FULL stock one with the su binary exception as timmyDean's first post says.

The next O.T.A. probably will break the root (if Acer continues this tactic) but every user who roots his device should know that and not applying it before consulting xda-developers members.

Thanks!
 
C

chrishohl

Member
Oct 6, 2010
49
35
Heraklion Crete
Azuske said:
I'm having a lot of issues with this. Its on stock 3.2 directly from the store so the rom has been untouched. When ever I try to use the dotnetdetecter.exe i get the "adb not up to date daemon" notice and it wont allow me to continue with the rooting process... ive tried everythin including downloading the new test.cmd and im getting the same results... please help soon
Click to expand...
Click to collapse
I have never see this message before but here are a few thinks you should check:

1. USB Debugging mode in you device should be enabled
2. Allow fake locations setting in your device should be enabled
3. Unknown sources setting in your device should be enabled
4. dotnetdetector must run with Administrator rights
5. If your windows are 64bit you may have to replace the adb.exe along with its .DLLs files with the 64bit versions from google (unfortunately I don't have 64bit system to tell you more about this) but you may find more info here http://www.xoomforums.com/forum/motorola-xoom-hacking-guides/1838-setting-up-adb-windows-7-64-bit-other-windows-platforms.html
6. You must install the Acer USB drivers in you pc

Hope this helps...
 
Euclid's Brother

Euclid's Brother

Senior Member
May 3, 2011
954
264
Dallas, TX
www.interphaze.com
chrishohl said:
Actually I never looked at the boot loader version with this update.
However I did check it (binary compare) with my previous O.T.A. 3.2 update and the boot loader was the same.
Unfortunately I don't have my previous 3.1 files to check with them but I assume that my previous boot loader was changed with O.T.A. So it is safe to say that this update is a FULL stock one with the su binary exception as timmyDean's first post says.

The next O.T.A. probably will break the root (if Acer continues this tactic) but every user who roots his device should know that and not applying it before consulting xda-developers members.

Thanks!
Click to expand...
Click to collapse

Maybe sc2k can chime in here, but it's my understanding that if clockworkmod boots successfully, then it does not have the 3.2 bootloader. As there is no way around the "Boot Verification Failed" on the new 3.2 bootloader (yet).

Unless the OP has figured out how to calculate proper signature for the recovery image.

But hey.. i've been wrong before, and won't mind being proven wrong here.
 
C

chrishohl

Member
Oct 6, 2010
49
35
Heraklion Crete
Euclid's Brother said:
Maybe sc2k can chime in here, but it's my understanding that if clockworkmod boots successfully, then it does not have the 3.2 bootloader. As there is no way around the "Boot Verification Failed" on the new 3.2 bootloader (yet).

Unless the OP has figured out how to calculate proper signature for the recovery image.

But hey.. i've been wrong before, and won't mind being proven wrong here.
Click to expand...
Click to collapse
If you read the first post from timmyDean you 'll see that CWM is just used to recalculate the checksums after that and when the tablet reboots the actual flash is taking place and the bootloader is replaced with the locked one. The checksums recalculation is needed because timmyDean add the su binary in the firmware and they are changed. This is why the first boot after dotnetdetector fails.
It is a stock locked firmware...
 
Euclid's Brother

Euclid's Brother

Senior Member
May 3, 2011
954
264
Dallas, TX
www.interphaze.com
chrishohl said:
If you read the first post from timmyDean you 'll see that CWM is just used to recalculate the checksums after that and when the tablet reboots the actual flash is taking place and the bootloader is replaced with the locked one. The checksums recalculation is needed because timmyDean add the su binary in the firmware and they are changed. This is why the first boot after dotnetdetector fails.
It is a stock locked firmware...
Click to expand...
Click to collapse

Okay, that makes since.. so once it's finished, you are rooted on 3.2, but don't have CWM?
 
You must log in or register to reply here.

Similar threads

Slowie911
How To Root An Acer Iconia A500
Replies
554
Views
713K
L
LONG KHOA
S
[HOWTO] Root for stock HC3.1
Replies
301
Views
292K
ZACQ8
ZACQ8
R
[ROM] Honeycomb 3.2 - HoneyVillain 1.2 A500/A501 18-09
Replies
804
Views
288K
zimphishmonger
zimphishmonger
vache
[ROM][ICS4.0.3] Taboonay 3.0.1 (28/02/2012)
Replies
3K
Views
963K
rayburne
rayburne
drkalo
[TUT] Revert OTA 3.2 back to 3.0.1
Replies
299
Views
240K
M
m1m1k

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 56
    T
    timmyDean
    Ok, after messing around with 3.2 I decided to fix the rooting issues without downgrading. The problem with downgrading is it requires a SDCard and requires you to install a couple of programs and then to install an update.zip from the sdcard. I could not get half my ACER's to read and mount a sdcard, and some ACER's I have located in a remote office and trying to walk someone through the process was too painful. I tweaked the the downgrade tool's images to install 3.2 with root instead of downgrading it and jumping through hoops. All I did to the stock image is to copy the ash shell over to /system/xbin/su and set the sticky bit. Everything else is stock.


    Update posted here, read thead http://xdaforums.com/showpost.php?p=20654298&postcount=129

    New version V4

    -- The instructions are in a PDF document inside the download --
    == Version V4 ==
    -- Added /system/subin/su which is a backup (backdoor) root in case an OTA deletes the /system/xbin/su
    -- Set permissons on the su root(#) tool so OTA's shouldn't be able to break it.
    -- Added drivers for XP

    Summary:
    Version V4 is the same as V3 with the only difference being that there is a NEW backdoor script which has some additional features to protect root(#) from getting broken when you do an OTA. I also applied these to this flash image so you wouldn't have to add the additional protection yourself. V4 also has the drivers for XP included. However, when taking an OTA you should also install the backdoor for additional protection. However, you cannot leave the backdoor installed as it turns off sound. So having a little more protection just might save your root in case you take an OTA and forget to install the backdoor.

    Download it here: http://www.multiupload.com/NS0X5TK4D1

    Alternative download location:
    http://depositfiles.com/files/c6pr69ri6
    http://www.fileserve.com/file/s2wCQpN/root-3.2.1-V4.7z
    http://www.filesonic.com/file/jTA7AMN
    http://www.filejungle.com/f/vRnfK5/root-3.2.1-V4.7z
    View
    19
    T
    timmyDean
    Rooted 3.2.1 V2 -- Fixed versions added tools

    Acer_A500_7.014.02_COM_GEN2 ROOTED
    Here’s the link http://www.multiupload.com/VD0L5WLQKK
    Version v2
    There is a V3 release http://xdaforums.com/showpost.php?p=20680452&postcount=137
    V3 installs all the tools for you

    ************** CHANGES ************************************
    Instructions are in the readme.pdf inside the zip

    I fixed the version numbers. When it flashed, it wasn’t setting the number correctly therefore it would redo the last update over again even though it was already on the tablet.

    Added a busyBox tool in the folder called busyBox where you will find installTools.cmd. This command script will install the superuser.apx, busybox, and su tool. This is what most of you would want instead of just the command line #(root). This does what chrishohl :) recommends (http://www.chdcomputers.gr/en/mnu-k...en/mnu-kb-android-a500-en/254-art-kb000005-en) to finish out your Acer rooting.

    ==================================================
    ******************** BACKDOOR UPDATE *********************
    ==================================================
    I added a little script that will build the backdoor for you. It is in the backdoor folder called backdoor.cmd. Just run this and it will set your adb shell to run as # (root).

    Also NOTE, if you reset your tablet (factory restore) you will loose your backdoor. You just run the backdoor.cmd and it will reset the backdoor.

    NO SOUND, when you have the backdoor enabled there appears to be no sound. So, you only want to use this before allowing a OTA to install.

    ==============================================
    ==Backdoor tool version 1.1 release notes===
    ==============================================

    Inside the backdoor folder is command script called backdoor.cmd.
    -------------------------------------------------------------------------
    Please select a option.
    Note: It is assumed you have su installed.
    -------------------------------------------------------------------------
    1. Turn ON backdoor (sound will be off).
    2. Turn OFF backdoor.
    3. Reset missing sticky bit on /system/xbin/su
    (must have backdoor on and rebooted)

    4. Quit (and reboot).
    5. Exit (no reboot).
    -------------------------------------------------------------------------

    This tool can be used to toggle On/Off the backdoor. When you install OTA updates these OTA’s run scripts that reset all the security permissions thereby removing the ‘sticky bit’ on your installed SU and hence removing root. The idea behind the backdoor is to install an alternate # (root) that the scripts won’t know about. To do this, we set the ro.kernel.qemu=1 flag inside the data/local.prop file therefore when you enter the ‘adb shell’ you immediately have # (root).

    This alternate # (root), I call a backdoor. Named such after the movie Wargames where the ‘geeks’ told Lightman that they install a backdoor into systems incase they ever want to get back into a system after someone changes security. And sense Lightman was trying to hack the WOPR (pronounced whopper) and staying one step ahead of Acer is a whopper of a challenge, it seemed appropriate.

    The downside is that if you have the backdoor on, it seems to turn off sound on the Acer. Therefore, I turn it on only before I run an OTA and then turn it back off after the OTA.

    So far, the backdoor has allowed me to get back in as root if the OTA changes security. However, it might too be plugged by the evil Acer empire. But for now it seems to work. If anyone has any other backdoor approaches then please share them (I have a couple more if Acer plugs this one), but making and using a backdoor has been my frontline defense.

    ==================================================
    ************** Toggle On/Off OTA version 1.1 *******************
    ==================================================

    Inside the OTA-Toggle folder is a command program called toggle.cmd
    -------------------------------------------------------------------------
    Please select a option.
    Note: It is assumed you have su installed or the backdoor.
    -------------------------------------------------------------------------
    1. Turn Off OTA.
    2. Turn On OTA.

    3. Quit.
    -------------------------------------------------------------------------

    So, if you’re like me and you do not like Acer hacking into your privately owned tablet and destroying data, you just might want to lock them out. This tool (assuming you have root or the backdoor installed), will allow you to turn off OTA’s.

    Once turned off, you will not be nagged or bothered with OTA’s ever again until you turn them back on.
    View
    16
    C
    chrishohl
    How to root stock 3.2 Extended

    Hello to all,

    I have created a nice How To about timmyDean's first post in this thread and extend it with the files and instructions needed in order to be completely root, not only in adb shell.

    It is a little big so I posted it in my website here http://www.chdcomputers.gr/en/mnu-kb-fus-en/mnu-kb-android-en/mnu-kb-android-devices-en/mnu-kb-android-a500-en/99-art-kb000005-en

    I have tested the whole procedure three times in three A500 that we have, for our development needs, with success.

    The how to also answers many questions asked here about the procedure. So go ahead and read it and tell me what you think or if you have any questions.

    Thank you,

    Christos Hohlidakis
    View
    13
    T
    timmyDean
    Rooted 3.2.1 V3 -- Released

    Version V3 released
    http://www.multiupload.com/MQ6V790WUX
    V3
    -- In this version I simplified getting the Serial number of your tablet making it easier to flash. Please read the instructions in the readme.pdf. Many people were struggling trying to load ADB drivers and the ADB tools which the instructions said you needed to load first so you could get your serial number. The flashing tool actually loads the drivers and tools therefore, all you have to do is run the test.cmd after the drivers are loaded to get the serial number. This is now documented better, also you should not have to save the serial number in the CPUID.txt file, so I removed it.

    -- I fixed the checksums during the flashing therefore you do not need to boot to recovery mode and fix them using CWM. Now your tablet will just reboot correctly after the flash.

    -- I added into the flash, Busybox and SU tools for you. No need to add them later.

    Bottom-line, if you installed V2 there is nothing new. V3 is just for those that struggled getting ADB working for their serial number and those that struggled installing the tools. Also, many people 'freaked' when their tablet didn't boot after the flash, because they did not read. Or they struggled with pushing the correct buttons to get into recovery mode to fix the checksums.

    Enjoy,
    TD
    View
    4
    T
    timmyDean
    Barafu Albino Cheetah said:
    Do I get it right that this backdoor idea will not allow me to upgrade from rooted 3.1 to rooted 3.2 with OTA?
    Click to expand...
    Click to collapse

    No, the backdoor idea is exactly what it says it is. It is a way to get back into a system after they change security when you install an OTA.

    To understand what happens during an OTA, is that it is only doing an update. Meaning they update the /system folder and replace (sometimes only updating) everything in /system/app. They may also update the boot and other areas of the device such as / (root folder). However, they don't wipe it totally clean (or most don't). That's why when you get an OTA, for example, you don't have to type in all your contacts again etc. Or reload all your applications you installed from the Marketplace.

    During this update process, the last thing they do is reset all the permissions recursively in the /system folder to their default and in doing so remove the 'sticky bit' that gives you root. Most people consider rooting as loading busybox, su, and a Superuser.apk. If you look after the update, you will see su and busybox (normally) are still loaded, just the permissions have the 'stick bit' removed. The Superuser.apk will be missing because they often replace the /system/app folder.

    So, what happens in the Android market, is OEM's fix things and push updates. Fix to WiFi, GPS, NetFlex etc and push an update. After the update, the user finds root (#) not working. So they use the exploit that gave them root and re-root the device. Unfortunately, as fast as developers are finding exploits, OEM's are patching them.

    In the ACER 3.0.1 there are several exploits to gain root(#) access that have been removed in 3.2.1. Therefore, if you do the OTA's you loose root and then you try to use your exploit to gain root, you get a surprise. The OEM has patched that hole.

    So, what you do is create a backdoor that allows you to gain root access outside the normal /system folder and 'sticky bit'. Therefore, when an update occurs, you can get back in as root.

    Now, for the ACER. If you have an a500 ACER 3.0.1 Stock, then you can gain root by simply using GingerBreak (Iconiaroot for example). However, if you take OTA's you will loose root and GingerBreak will no longer work. So, since you have root, you create a backdoor, now when you apply the OTA's and it removes the GingerBreak exploit; all you have to do is use your backdoor to get back in as root and set back up bussybox, su, and Superuser.apk.

    == Now the current state of the a500 ACER ===
    Earlier versions of the a500 had exploits that we used to gain root. These exploits were all removed in 3.2x. What people found out, was that if they had root they lost it once they upgraded. Or, if they bought it new, and it had 3.2x there was no way to root it.

    Therefore, the only solution, at first was to rollback your device to an earlier version that allowed rooting and to stay there or use CWM to apply a modified update of 3.2x with root. Using CWM is a major tool used to replace ROM's or replace with custom ROM's.

    However, now the catch 22. In 3.2x, ACER locked the bootloader and by doing so, it prevents you from installing CWM. Because you cannot install CWM, you cannot install custom ROM's or custom updates.

    3.2x closed all known exploits, but ACER left the ability to rollback to an earlier version. If they would not have done that, then we'd be stuck (screwed). So, you basically have to rollback to a version you could exploit and then stay there, or load a custom ROM, or install CWM and install a modified update.zip to get you to 3.2x.

    If you don't want to stay there and want to apply OTA's then you have to build a backdoor so you can get back in after the OTA's remove your normal root(#).

    Hope this helps,
    TD
    View

New posts