My story: After upgrading my EURO (GSM) Galaxy Tab to JM6 my persistent efforts to root the device using either the z4root or SuperOnClick methods have all been unsuccessful. z4root (v1.3.0) kept crashing at different stages, apparently depending on which and how many background apps were running. With SuperOneClick I never managed to get beyond the "changing permissions" stage.
Since both methods are basically wrappers of the rageagainstthecage application, I tried to perform the rooting procedure manually. Guess what, that worked without any problem and it is pretty easy to do.
The basic steps of the rooting process are:
1) use rageagainstthecage to get a temporary root shell
2) use the temporary root shell to copy three files to the read-only system partition the device
While I find the outlined procedure straightforward, you may not. Anyhow, try this at your own risk.
==== Prerequisites ====
I used Ubuntu 10.10 for this, but it should work on any other distro and on Windows just as well. Whatever OS you use, you need a working adb connection to your Galaxy Tab. Odin or Kies are of no use here.
You need the following binaries
To get the all required files, simply download "SuperOneClickv1.5.5-ShortFuse.zip". That's what I used.
Get it here: http://forum.xda-developers.com/showthread.php?t=803682
Extract the contents of the ZIP, open a command-prompt on your computer and change to the directory where the extracted files are located.
Some advice if shell commands are not your regular cup of tea.
The following instructions show the shell commands. Some are executed on the host computer. Others are executed on the Galaxy Tab. You can differentiate between the two easily: All commands which start with "> " need to be executed in a shell on the host computer. Commands which are prefixed with "$ " are executed on the Galaxy Tab. In both case the ">" and the "$" must not be typed. If you copy+paste from this howto, make sure only to copy the commands and leave out the prompt.
==== Step 1: getting a temporary root shell ====
Copy the rageagainstthecage exploit to a temporary directory.
> adb push rageagainstthecage /data/local/tmp 263 KB/s (5392 bytes in 0.020s)
Change the file permissions and execute the exploit.
> adb shell $ cd /data/local/tmp $ chmod 777 rageagainstthecage $ ./rageagainstthecage [*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C (other output truncated)
==== Step 2: restart adb server ====
Now stop and restart the adb server process.
> adb kill-server > adb start-server * daemon not running. starting it now * * daemon started successfully *
Now reconnect to the Galaxy Tab again. Notice the '#' prompt. This means you have a temporary root shell now. We use this to execute some privileged commands which make the rooting permanent.
==== Step 3: making it permanent ====
First, make the system partition writeable. We need this to be able to copy su, busybox and Superuser.apk to the required locations. Then exit the android shell again.
> adb shell # mount -o remount,rw -t rfs /dev/block/stl9 /system # exit
Now we push busybox and su via adb. Then we install Superuser.apk.
> adb push busybox /system/bin > adb push su /system/bin > adb install Superuser.apk
The final steps are to change the file permissions for su and busybox and then remount the system partition as read-only again.
> adb shell # chmod 4755 /system/bin/busybox # chmod 4755 /system/bin/su # mount -o remount,ro -t rfs /dev/block/stl9 /system # exit
Hope this helps. Happy rooting.
This process worked for JMA and JMD as well.
"adb install" Superuser.apk instead of "adb push"