How to Root the Sony Tablet S

[condi]

I just uploaded a new version of the exploit that should fix this problem. Just unzip it, execute "run.bat", and let me know how it goes.

If anyone has been having any problems with the exploit, please try the new version here:
http://vulnfactory.org/public/Sony_Tablet_S_Root_Windows.zip

Hi djrbliss,

I've got problems with rooting my tab.
Here is what i've got:

[*] Waiting for device...
* daemon not running. starting it now *
* daemon started successfully *
[*] Device found.
[*] Pushing log flooder to device...
525 KB/s (5382 bytes in 0.010s)
[*] Preparing to append to packages.list...
[*] Rebooting device...
[*] Waiting for tablet to reboot.
[*] Attempting to move system package library directory...
[+] System package com.google.android.location has uid 10027
[+] Flooding log...
[COLOR="Red"][B]run-as: Package 'com.pwn.me' is unknown[/B][/COLOR]
[*] If you received any errors in the previous step, abort the exploit
[*] and try again.  Otherwise, press any key to continue.
Aby kontynuować, naciśnij dowolny klawisz . . .
[*] Rebooting device...
[*] Waiting for tablet to reboot.
[*] Attempting to insert fake local.prop entry...
[+] Flooding log...
[*] Rebooting device...
[*] Waiting for tablet to reboot.
[*] Attemping persistence...
remount failed: Operation not permitted
failed to copy 'su' to '/system/bin/su': Read-only file system
Unable to chmod /system/bin/su: No such file or directory
failed to copy 'busybox' to '/system/xbin/busybox': Read-only file system
Unable to chmod /system/xbin/busybox: No such file or directory
/system/xbin/busybox: not found
failed to copy 'Superuser.apk' to '/system/app/Superuser.apk': Read-only file sy
stem
[*] Cleaning up...
failed on '/data/data/com.google.android.location/lib.bak' - No such file or dir
ectory

 

[unclespoon]

I had both of the exact same errors as you, I'm waiting for the launcher to boot before hitting restart. I'll let you know what happens...

 

[el0heem]

i can't for the life of me figure this out. i did the steps and the i've been looking at this screen for a while now.

 

[djrbliss]

condi and unclespoon:

Download a fresh version of the exploit. Make sure you try to run it several times, there's a timing issue so it might take more than one attempt.

And read the directions. If you receive errors, abort the exploit when it tells you to abort.

 

[unclespoon]

Sometimes I get the error at the beginning and sometimes I don't. What's the timing issue? When am I supposed to hit restart cause I've waited for the OS to fully boot and I've tried hitting reboot right away, and either way I get "permission denied" on the second reboot... I'll keep trying I guess?

 

[condi]

condi and unclespoon:

Download a fresh version of the exploit. Make sure you try to run it several times, there's a timing issue so it might take more than one attempt.

And read the directions. If you receive errors, abort the exploit when it tells you to abort.

What about "run-as: Package 'com.pwn.me' is unknown" error?
I havent seen anybody else got it?

 

[HKboy92]

Weird that it just succeeded in 1 try for me, it might have to do with different firmware versions. Mine runs on the model SGPT111NL/S.
Can you guys tell me what model number it displays beneath the SONY logo on the back? That might give a small indication, or not. Who knows.

ANYWAY.
I promised to make a vid, here it is:

Note: Quality sucks (not screen quality, but quality quality. It does display the process)

 

[unclespoon]

Mine is SGPT111US/S with the latest Sony firmware. I've tried a few more times and it says system is read only in that last step... frustrating...

 

[animaleyes76]

Weird that it just succeeded in 1 try for me, it might have to do with different firmware versions. Mine runs on the model SGPT111NL/S.
Can you guys tell me what model number it displays beneath the SONY logo on the back? That might give a small indication, or not. Who knows.

ANYWAY.
I promised to make a vid, here it is:

Note: Quality sucks (not screen quality, but quality quality. It does display the process)

Dutch accents are soooo cool and i promise i'm not taking the piss!

Nice video

 

[djrbliss]

unclespoon and condi:

Check your private messages.

 

[unclespoon]

Thanks for the PM, I appreciate your effort I hope we can get root! I also hope we can find a more universal solution. I've tried about 10 times now and no success. Which firmware (android version) are you guys running? I'm on 3.2.1 (release2). kernel is 2.6.36.3 [email protected] #1 and build number is THMA50012400.

 

[HKboy92]

Thanks for the PM, I appreciate your effort I hope we can get root! I also hope we can find a more universal solution. I've tried about 10 times now and no success. Which firmware (android version) are you guys running? I'm on 3.2.1 (release2). kernel is 2.6.36.3 [email protected] #1 and build number is THMA50012400.

Build8, not 5.
And yur buildnumber, is that really THMA5..... or THMAS.... I got the latter.

 

[Maine_Coon]

Thanks for the PM, I appreciate your effort I hope we can get root! I also hope we can find a more universal solution. I've tried about 10 times now and no success. Which firmware (android version) are you guys running? I'm on 3.2.1 (release2). kernel is 2.6.36.3 [email protected] #1 and build number is THMA50012400.

Everything is the same as yours.

Dan's root solution worked flawlessly for me.

---------- Post added at 12:56 PM ---------- Previous post was at 12:55 PM ----------

Build8, not 5.
And yur buildnumber, is that really THMA5..... or THMAS.... I got the latter.

It is THMAS.

 

[unclespoon]

Does it matter what folder we unzip to? Is there anything I can try differently? I noticed my tablet takes longer to boot than in the youtube video, maybe that's messing with the "timing" you mentioned... Man I just keep trying over and over and getting the same problem: system is read-only... EFF!

 

[HKboy92]

Does it matter what folder we unzip to? Is there anything I can try differently? I noticed my tablet takes longer to boot than in the youtube video, maybe that's messing with the "timing" you mentioned... Man I just keep trying over and over and getting the same problem: system is read-only... EFF!

When the music kicks in, it's sped up. I'm looking at the run.bat file (as long as you extract the whole folder, it doesn't matter where to place it), and it just waits on when the device is back on again (adb wait-for-device).
Putting an annotation in there, thanks for the tip ;]

 

[dtaylorr]

Cool. Looking forward to doing this over the weekend.

 

[unclespoon]

When the music kicks in, it's sped up. I'm looking at the run.bat file (as long as you extract the whole folder, it doesn't matter where to place it), and it just waits on when the device is back on again (adb wait-for-device).
Putting an annotation in there, thanks for the tip ;]

Oh well at least that makes me feel better; I was worried something was wrong with my tablet! Guess I'll just wait...

 

[djrbliss]

unclespoon: your problem is definitely fixable, don't worry. I just need to do some testing to adjust the script so it doesn't happen to anyone else.

condi: your problem is a bit more mysterious. I'll have some time tomorrow to look into what's causing it.

 

[dory70]

also works for sony p tablet?

 

[Silvist]

Heyo everyone,

Yeah I got the exact same issue:

Mines Sony Tablet S

Android 3.2.1 (rel 2)
Kernel (2.6.36.3)
Build # THMAS0012400

[*]
[*] Sony Tablet S root script (Windows version)
[*] by Dan Rosenberg (@djrbliss)
[*]
[*] Before continuing, ensure USB debugging is enabled, that ADB
[*] is working properly, and that your tablet is connected via USB.
[*]
[*] WARNING: This exploit may result in wiping your /data partition,
[*] causing you to lose any applications and data on your tablet.
[*] There should be no risk of permanent damage to your device, but
[*] by running this script you accept all responsibility.
[*]
[*] Press enter to root your tablet...
Press any key to continue . . .
[*]
[*] Waiting for device...
* daemon not running. starting it now *
* daemon started successfully *
[*] Device found.
[*] Pushing log flooder to device...
525 KB/s (5382 bytes in 0.010s)
[*] Preparing to append to packages.list...
[*] Rebooting device...
[*] Waiting for tablet to reboot.
[*] Attempting to move system package library directory...
[+] System package com.google.android.location has uid 10029
[+] Flooding log...
run-as: Package 'com.pwn.me' is unknown
[*] If you received any errors in the previous step, abort the exploit
[*] and try again. Otherwise, press any key to continue.
Press any key to continue . . .

For some reason it looked like it tried to run the package to fast. My tablet barely rebooted and everytime it would do the mv before it had time to fully boot up. I even tried to edit your bat to see if this would fix it, but nope ;/. I also have a feeling that it could be related to adb.

I have to check my file paths, because unlike when I had linux, I cannot just do an adb command anywhere. The only place adb works for me is inside android/android-sdk/platform-tools/. I just haven't set this back up in a long long time lol.

Edit:

Actually a better question is what should I be using as a proper file path to adb? In win7 x64 that is.