FORUMS
Remove All Ads from XDA

[HOWTO] manual rooting of Galaxy Tab (EURO)

45 posts
Thanks Meter: 21
 
By blacklevel, Member on 3rd December 2010, 02:56 PM
Post Reply Email Thread
This howto is for those people who are unable to root their Galaxy Tab using any of the automated procedures and do not suffer from CLPS (command-line-phobia-syndrome).

My story: After upgrading my EURO (GSM) Galaxy Tab to JM6 my persistent efforts to root the device using either the z4root or SuperOnClick methods have all been unsuccessful. z4root (v1.3.0) kept crashing at different stages, apparently depending on which and how many background apps were running. With SuperOneClick I never managed to get beyond the "changing permissions" stage.

Since both methods are basically wrappers of the rageagainstthecage application, I tried to perform the rooting procedure manually. Guess what, that worked without any problem and it is pretty easy to do.

The basic steps of the rooting process are:

1) use rageagainstthecage to get a temporary root shell
2) use the temporary root shell to copy three files to the read-only system partition the device

While I find the outlined procedure straightforward, you may not. Anyhow, try this at your own risk.


==== Prerequisites ====

I used Ubuntu 10.10 for this, but it should work on any other distro and on Windows just as well. Whatever OS you use, you need a working adb connection to your Galaxy Tab. Odin or Kies are of no use here.

You need the following binaries
* su
* busybox
* Superuser.apk
* rageagainstthecage

To get the all required files, simply download "SuperOneClickv1.5.5-ShortFuse.zip". That's what I used.
Get it here: http://forum.xda-developers.com/showthread.php?t=803682

Extract the contents of the ZIP, open a command-prompt on your computer and change to the directory where the extracted files are located.

Some advice if shell commands are not your regular cup of tea.
The following instructions show the shell commands. Some are executed on the host computer. Others are executed on the Galaxy Tab. You can differentiate between the two easily: All commands which start with "> " need to be executed in a shell on the host computer. Commands which are prefixed with "$ " are executed on the Galaxy Tab. In both case the ">" and the "$" must not be typed. If you copy+paste from this howto, make sure only to copy the commands and leave out the prompt.


==== Step 1: getting a temporary root shell ====

Copy the rageagainstthecage exploit to a temporary directory.
Code:
> adb push rageagainstthecage /data/local/tmp
263 KB/s (5392 bytes in 0.020s)

Change the file permissions and execute the exploit.
Code:
> adb shell
$ cd /data/local/tmp
$ chmod 777 rageagainstthecage
$ ./rageagainstthecage
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
(other output truncated)
Your shell session will be terminated which will throw you back to the regular command prompt of your host computer.


==== Step 2: restart adb server ====

Now stop and restart the adb server process.
Code:
> adb kill-server
> adb start-server
* daemon not running. starting it now *
* daemon started successfully *

Now reconnect to the Galaxy Tab again. Notice the '#' prompt. This means you have a temporary root shell now. We use this to execute some privileged commands which make the rooting permanent.


==== Step 3: making it permanent ====

First, make the system partition writeable. We need this to be able to copy su, busybox and Superuser.apk to the required locations. Then exit the android shell again.
Code:
> adb shell
# mount -o remount,rw -t rfs /dev/block/stl9 /system
# exit

Now we push busybox and su via adb. Then we install Superuser.apk.
Code:
> adb push busybox /system/bin
> adb push su /system/bin
> adb install Superuser.apk

The final steps are to change the file permissions for su and busybox and then remount the system partition as read-only again.
Code:
> adb shell
# chmod 4755 /system/bin/busybox
# chmod 4755 /system/bin/su
# mount -o remount,ro -t rfs /dev/block/stl9 /system 
# exit
That should be all. Try a reboot and some apps which require root, like Titanium Backup. The Superuser.apk should popup a dialog requesting permission.

Hope this helps. Happy rooting.

[update]
This process worked for JMA and JMD as well.
"adb install" Superuser.apk instead of "adb push"
[/update]
The Following 17 Users Say Thank You to blacklevel For This Useful Post: [ View ] Gift blacklevel Ad-Free
 
 
3rd December 2010, 03:00 PM |#2  
hartyshow's Avatar
Member
Flag PARIS
Thanks Meter: 8
 
More
It will help me !
Merci ;)
3rd December 2010, 03:41 PM |#3  
Junior Member
Thanks Meter: 26
 
More
Fantastic! This is just what I was looking for, thank you! I feel dumb now, because I started a thread of my own right as you posted this. You must just type faster than me

I ran a quick test, and it all looks good. One quick question actually. Why do you mount like this:
Code:
# mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
When most instructions for the Galaxy Tab have you doing something like this:
Code:
# mount -o remount,rw -t rfs /dev/block/stl9 /system
I'm not saying it is wrong, in fact, it actually worked for me. I'm just curious as to why it works like that? My understanding of mounting partitions and such in Linux is a little bit weak, so I like to indulge my curiousity by bugging fine people like yourself

Anyway, thanks again, this did exactly what I needed it to. Well done, I appreciate it.
The Following 3 Users Say Thank You to DavidThompson256 For This Useful Post: [ View ] Gift DavidThompson256 Ad-Free
3rd December 2010, 04:26 PM |#4  
blacklevel's Avatar
OP Member
Thanks Meter: 21
 
More
Thumbs up
Quote:
Originally Posted by DavidThompson256

One quick question actually. Why do you mount like this:

Code:
# mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
When most instructions for the Galaxy Tab have you doing something like this:
Code:
# mount -o remount,rw -t rfs /dev/block/stl9 /system
I'm not saying it is wrong, in fact, it actually worked for me. I'm just curious as to why it works like that? My understanding of mounting partitions and such in Linux is a little bit weak, so I like to indulge my curiousity by bugging fine people like yourself

Thanks for pointing that out! Actually both the filesystem type and blockdevice name were totally wrong. Apparently the mount command ignores both parameters - at least when they are wrong.

I just verified this as self-punishment for not paying attention:
Code:
# mount
(...)
/dev/block/stl9 /system rfs ro,relatime,vfat,log_off,check=no,gid/uid/rwx,iocharset=utf8 0 0
(...)
/system is mounted read-only to /dev/block/stl9. This is the normal state of things.


Now I remount this without the fstype parameter and using a wrong blockdevice name:
Code:
# mount -o remount,rw /dev/block/xyz /system
# mount
(...)
/dev/block/stl9 /system rfs rw,relatime,vfat,llw,check=no,gid/uid/rwx,iocharset=utf8 0 0
(...)
Surprise, this actually remounts /system in read-write mode. This is why my original howto worked despite using the wrong parameters.

Thanks again. I corrected the HOWTO.
4th December 2010, 02:58 PM |#5  
Member
Flag Heerlen
Thanks Meter: 0
 
More
It works for me, but i get now error message: The application calendar save (proces com.android.providers.calendar) is unexpecly stopt. Try again. Forced closing
I had this also with SuperOneClick.
When i want to start the calender in the applications i get it also.
The application wil not run anymore.
How can i resolved this.
Thnx
4th December 2010, 08:56 PM |#6  
blacklevel's Avatar
OP Member
Thanks Meter: 21
 
More
Quote:
Originally Posted by leonreijnders

It works for me, but i get now error message: The application calendar save (proces com.android.providers.calendar) is unexpecly stopt. Try again. Forced closing
I had this also with SuperOneClick.
When i want to start the calender in the applications i get it also.
The application wil not run anymore.
How can i resolved this.
Thnx

That is strange. The result of the rooting process is just adding three files to the system partition. I find it hard to believe that this could lead to the problem you describe. However, while experimenting with z4root I had the the effect that there were many rageagainstthecage processes running in the background and the Galaxy Tab slowed down considerably. Perhaps there is something similar going on.

Have you tried rebooting after completing the rooting process?

Try shutting down the Tab completely.After rebooting get a shell on the Tab with "adb shell" and execute "ps". That shows the process list. If that looks normal, I would try a factory reset of the device. Which ROM version are you running?
13th December 2010, 05:51 AM |#7  
Cliffro's Avatar
Junior Member
Thanks Meter: 0
 
More
BlackLevel: Thank you soooooooooo much... I don't get how to hit the Thanks Meter thing, but here is the old fashioned way. I used a MacBook to accomplish your perfect, step by step rooting of an AT&T Galaxy Tab i987. It helps that I'm more comfortable at the command line than with most GUI systems.

I could put this into a bash script, but that could be dangerous. People really need to look at whats happening with 'adb' and have some idea of what adb is for. I did renamed your 'adbmac' to 'adb', then I could cut and paste from your instructions except for adding ./ before the adb... ie. ./adb shell

Again, wonderful work at pulling this all together in one place.

Jeff
15th December 2010, 01:51 AM |#8  
Squishie's Avatar
Senior Member
Thanks Meter: 21
 
More
This guide worked perfectly! I love a nice quiet clean root and it doesn't get any better than this. You my friend deserve a cookie!
17th December 2010, 10:43 PM |#9  
Senior Member
Flag Karlsruhe
Thanks Meter: 10
 
More
Hi Guys,
I flashed to JMA, rooted it with One Click Root, and everxthing seemdet to be okay, but activating OCLF failed....is there anybody with the same problem?

Jan
19th December 2010, 08:56 AM |#10  
Junior Member
Thanks Meter: 0
 
More
Thanks a lot !. It's clean and doesn't need a kies ...
Just a question : after reboot I have to use "su" after "adb shell" to become root.
Is there any way to be root directly after adb shell ?

And thanks again ...

Mike
26th December 2010, 01:12 AM |#11  
blacklevel's Avatar
OP Member
Thanks Meter: 21
 
More
Quote:
Originally Posted by mbaroukh

Just a question : after reboot I have to use "su" after "adb shell" to become root.
Is there any way to be root directly after adb shell ?

The reason is that "/sbin/adbd" (the adb daemon) is running as the shell user. It would need to run as root user instead. This requires changes to the initial ram disk where adbd the relevant settings are stored.
Post Reply Subscribe to Thread

Tags
rageagainstthecage, rooting

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes