EVO Shift Temp Root for 2.3.3 and HBoot Downgrade

Stuke00 · Sep 9, 2011

To downgrade your HBOOT to go back to 2.2 visit this link http://forum.xda-developers.com/showthread.php?t=1255474
This will allow you to flash 2.2 to perm root the phone

If you wish to help with perm root status for Android 2.3.3, please visit this thread http://forum.xda-developers.com/showthread.php?t=1218580

Thanks to everyone in this post who has helped get this far. You will need to have the Android SDK installed and working knowledge of ADB and basic file system structure.

Major help from minneyar

TEMP ROOT Instructions:

Download http://tinyw.in/1lI
Unzip if required and put in your ADB folder
Launch command prompt and navigate to your ADB folder
adb push fre3vo /data/local/tmp/
adb shell
chmod 777 /data/local/tmp/fre3vo
/data/local/tmp/fre3vo -debug -start fbb58a00 -end FFFFFFFF (if this doesn't work, try rebooting phone)
Download these 2 files here and put them in your ADB directory: http://forum.xda-developers.com/showthread.php?p=14927732#post14927732
exit back to command prompt if you aren't there already
adb push Superuser3-beta1.apk /data/app/
adb push su-3.0-alpha7 /data/local/tmp
adb shell (should now see # instead of $)
cd /data/local/tmp
chmod 777 su-3.0-alpha7
./su-3.0-alpha7
cd /
mount -o remount,rw -t rootfs rootfs /
rm vendor
mkdir vendor
mkdir vendor/bin
cat /data/local/tmp/su-3.0-alpha7 > /vendor/bin/su
chmod 4755 /vendor/bin/su

You now have temp root. Disregard any notification about outdated SU binary. Root will go away if you reboot. If you reboot your phone you can obtain root again by just running the following

adb shell
chmod 777 /data/local/tmp/fre3vo
/data/local/tmp/fre3vo -debug -start fbb58a00 -end FFFFFFFF
adb shell (should now see # instead of $)
cd /data/local/tmp
chmod 777 su-3.0-alpha7
./su-3.0-alpha7
cd /
mount -o remount,rw -t rootfs rootfs /
rm vendor
mkdir vendor
mkdir vendor/bin
cat /data/local/tmp/su-3.0-alpha7 > /vendor/bin/su
chmod 4755 /vendor/bin/su

I haven't found a way to re-root after rebooting without connecting to a PC

Rooster85 · Jul 25, 2011 at 5:54 PM

Type su and see if it gives you root permissions

Sent from my MiuiSpeedy

Stuke00 · Jul 25, 2011 at 6:57 PM

says su: not found.

tokuzumi · Jul 25, 2011 at 7:18 PM

You are saying you cannot install the superuser app? From reading in the Evo3D forums, you could install Superuser, even without being rooted, but it obviously won't allow root access, until you run a root exploit.

Try rebooting the phone, installing superuser, run fre3vo, and then try the adb shell, and su method.

This is getting interesting. Hopefully you are on to something.

FdxRider · Jul 25, 2011 at 7:48 PM

Stuke00 said:
See screenshot. Doesn't the # mean temp rooted? Tho I cannot install SU and Root Explorer isn't working. Anything else I need to do first or something?

Looks hopeful!

Stuke00 · Jul 25, 2011 at 7:59 PM

tokuzumi said:
You are saying you cannot install the superuser app? From reading in the Evo3D forums, you could install Superuser, even without being rooted, but it obviously won't allow root access, until you run a root exploit.

Try rebooting the phone, installing superuser, run fre3vo, and then try the adb shell, and su method.

This is getting interesting. Hopefully you are on to something.

Okay let me clarify

I can install SU but it wouldn't install the binaries. I did all of the above. Says su: not found.

I then tried something else.
# mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
# cat /system/bin/sh > /system/bin/su
# chmod 4755 /system/bin/su

I was then able to get the SU binaries to install but Titanium Backup says:
"Busybox works but the "su" command does not elevate to root: "whoami" reports "app_135" instead of root/uid 0.

then su from the command prompt was saying "link_image[1935]: 3160 missing essential tablesCANNOT LINK EXECUTABLE" and now back to su: not found again....

tokuzumi · Jul 25, 2011 at 8:24 PM

I don't know enough about linux commands to give you any real info. Like in the other thread, talk to agrabren, to see what he has to say.

Stuke00 · Jul 25, 2011 at 8:29 PM

tokuzumi said:
I don't know enough about linux commands to give you any real info. Like in the other thread, talk to agrabren, to see what he has to say.

Yeah I tweeted him with what I could provide with 160 characters. Just waiting now.

crump84 · Jul 25, 2011 at 8:29 PM

Well here's a tweet he put out a couple of hours ago.

@agrabren: For those with the SHIFT, it's a known bug in my code that we missed the address. One too many zeroes in the list. I'll try to fix it soon.

Sent from my PG06100 using XDA App

Stuke00 · Jul 25, 2011 at 8:33 PM

crump84 said:
Well here's a tweet he put out a couple of hours ago.

@agrabren: For those with the SHIFT, it's a known bug in my code that we missed the address. One too many zeroes in the list. I'll try to fix it soon.

Sent from my PG06100 using XDA App

Yeah he posted that right after I gave him the memory address for the exploit. Just means that I did it the manual way through debugging. At least I think so... hopefully soon!

minneyar · Jul 26, 2011

Good news, everybody! I have successfully acquired temp root on my Shift!

First, fre3vo has to be pointed at the right address. After copying it over to my phone, I did "adb shell" and then ran it like so:

/data/local/tmp/fre3vo -debug -start fbb58a00 -end FFFFFFFF

That printed out a message that it found an exploit and kicked me out of the shell. After doing "adb shell" again, I got a command prompt. I tried installing the 2.3.6.3 version of Superuser, but it complained about being unable to install "su"; I tried to find a separate su binary and copy it over manually, but it didn't work due to a linker error.

After searching around, I found a beta version of Superuser 3:
http://forum.xda-developers.com/showthread.php?p=14927732#post14927732

First I uninstalled the old version of Superuser and then used adb to install the new one from that thread. I ran it and it said it was unable to install su, so I downloaded the version of su provided there and installed it manually. The process went something like:

Code:

adb push su-3.0-alpha7 /data/local/tmp
adb shell
# cd /data/local/tmp
# chmod 4755 su-3.0-alpha7
# ./su-3.0-alpha7
# mount -o remount,rw -t ext3 /dev/block/mmcblk0p26 /system
# cat su-3.0-alpha7 > /system/bin/su
# chmod 4755 /system/bin/su

I don't know if explicitly running "./su-3.0-alpha7" is necessary, it just seemed like a good idea at the time. I don't know if everybody's block device will be named "mmcblk0p26", I used "mount" to figure out what was mounted at /system.

Anyway, after all that was done, I ran Superuser again and it didn't complain. To test it out, I started up Wireless Tether. It asked me for superuser permissions, which I granted it, and it's working fine.

Root successful!

Hero 4g · Jul 25, 2011 27 1 0

Good job!!

Sent from my Speedy HTC EVO shift on XDA Premium app

Kevets · Jul 26, 2011 at 1:58 AM

I followed those steps exactly and got what I would call a partial root. Some of the 'you need root' errors are gone but "su" still results in 'not found' even though "mkdir su" results in 'file exists.'

mmcblk0p26 exists on this unit.

The weirdest part is that Adfree will accept the device as rooted and with superuser but says it can't find a partition to modify. And after a reboot root is definitely gone.

I think you're on to it but it isn't quite there yet.

minneyar · Jul 26, 2011

It seems to be fully temprooted to me; I have to redo it if I reboot, but otherwise it's working perfectly. After following the steps I listed above, running "ls -l /system/bin/su" should produce this output:

Code:

# ls -l /system/bin/su
ls -l /system/bin/su
-rwsr-xr-x root     root        22228 2011-07-25 19:14 su

If it says "No such file or directory" instead, then the su binary isn't in the right place.

Looking back over what I wrote, I think I left out a step -- if you were following what I listed exactly, it probably won't work, because I forgot to change to the /data/local/tmp directory. I'll update that...

Update: after playing around with it for a while, something is definitely not quite right. Everything works fine at first; I've tested Wireless Tether and Titanium Backup and they're both fine. After leaving my phone for a while and coming back, though, applications that try to get root access mysteriously fail. The dialog prompt doesn't even appear.

Going back into the adb shell, /system/bin/su is still there, but trying to run "su" causes this to happen:

Code:

# su
su
link_image[1935]:  3802 missing essential tablesCANNOT LINK EXECUTABLE

But if I use cat to overwrite su and then chmod it again, everything works. su must somehow be getting modified by something else and replaced with a bad version... but I'm not sure where to look.

Kevets · Jul 26, 2011 at 2:50 AM

I caught something like that.

I think there should be a chmod 777 su-3.0-alpha7 after cd /data/local/tmp

Stuke00 · Jul 26, 2011 at 2:58 AM

minneyar said:
It seems to be fully temprooted to me; I have to redo it if I reboot, but otherwise it's working perfectly. After following the steps I listed above, running "ls -l /system/bin/su" should produce this output:

Code:

# ls -l /system/bin/su ls -l /system/bin/su -rwsr-xr-x root root 22228 2011-07-25 19:14 su

If it says "No such file or directory" instead, then the su binary isn't in the right place.

Looking back over what I wrote, I think I left out a step -- if you were following what I listed exactly, it probably won't work, because I forgot to change to the /data/local/tmp directory. I'll update that...

Update: after playing around with it for a while, something is definitely not quite right. Everything works fine at first; I've tested Wireless Tether and Titanium Backup and they're both fine. After leaving my phone for a while and coming back, though, applications that try to get root access mysteriously fail. The dialog prompt doesn't even appear.

Going back into the adb shell, /system/bin/su is still there, but trying to run "su" causes this to happen:

Code:

# su su link_image[1935]: 3802 missing essential tablesCANNOT LINK EXECUTABLE

But if I use cat to overwrite su and then chmod it again, everything works. su must somehow be getting modified by something else and replaced with a bad version... but I'm not sure where to look.

YES! I have root! I was able to install a screenshot app and test it

this is amazing progress! Thanks for that.

So now when I reboot, you have to do the entire thing again? SU and all?

minneyar · Jul 26, 2011 at 3:02 AM

Stuke00 said:
So now when I reboot, you have to do the entire thing again? SU and all?

Yes, every time you reboot you'll have to redo the whole process, including running fre3vo and then copying su into /system/bin. Hopefully somebody will figure out a permanent root soon.

Stuke00 · Jul 26, 2011 at 3:04 AM

Wow those SU binaries are disappearing before I even reboot! Already gone and I haven't rebooted the phone

Kevets · Jul 26, 2011 at 3:15 AM

I think I had that issue too. I just couldn't believe the files just disappeared and thought I did something wrong somewhere.

Stuke00 · Jul 26, 2011

Would a logcat help anyone at all? Anything I should look for?

EVO Shift Temp Root for 2.3.3 and HBoot Downgrade

Senior Member

Attachments

Senior Member

Senior Member

Senior Member

FdxRider

Guest

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Member

Member

Senior Member

Member

Senior Member

Senior Member

Member

Senior Member

Senior Member

Senior Member