[Root Locked Bloader]Nexus One Easy Rooting Toolkit (DoomLord's via Zergrush Exploit)

[Airbag888]

Just a heads up (I nearly missed it),

After rooting my Galaxy S2 with Doomlord's Rooting Toolkit I pulled out my N1 to see if it would work and it did! Within 30secs I was fully rooted.

My N1 was running 2.3.6 stock till now and I didn't want to wipe to be able to root and this is the way.

I know I had been waiting a long time for this so maybe it'll be useful to others.

Doomlord's Rooting Toolkit: http://forum.xda-developers.com/showthread.php?t=1319653
Zergrush Exploit: http://forum.xda-developers.com/showthread.php?t=1296916

Update: Note that several manufacturers have patched their firmware to make this exploit fail. I don't know if this still works for the N1 though I believe it should considering I haven't seen an update come out for it (could've missed it) So if it fails for you and you got a very recent firmware could be google fixed it.

 

[DarsVaeda]

Could you give a little more detailed instruction how to do it?

 

[Airbag888]

Instructions are in the first link.

The gist of it is
1. You need to have your phone's drivers installed for adb to work
2. set to usb debugging
3. connect usb cable
4. run the bat file
5. press space to start the process
6 30secs later (for me) it rebooted and I was rooted.

 

[cpm]

So to confirm, this I's a working Gingerbread 2.3.4 / 2.3.6 Root exploit without unlocking the bootloader?

Oh man, my Nexus is just begging to be reunited with CyanogenMod!

Sent from my Nexus One using XDA App

 

[DarsVaeda]

Instructions are in the first link.

The gist of it is
1. You need to have your phone's drivers installed for adb to work
2. set to usb debugging
3. connect usb cable
4. run the bat file
5. press space to start the process
6 30secs later (for me) it rebooted and I was rooted.

Oh okay, I thought you have to do something special as you provided two links.
I just did those steps and it worked flawless.

Thanks!

 

[Airbag888]

@CPM

Yes it roots your phone without unlocking the Bootloader even on 2.3.6 (as is my case)

@DarsVaeda

Sorry for the confusion I was just trying to provide references and credits where due.

 

[j00m]

Works great! Thanks.
last exploit here: http://cloud.github.com/downloads/revolutionary/zergRush/zergRush.zip

Step by step:
empty /data/local/tmp/
C:\adb pust zergRush /data/loca/tmp
adb chmod 755 /data/local/tmp/zergRush
wait...
C:\adb remount
adb push su /system/bin
adb push su /system/xbin
adb push Superuser.apk /system/app
adb chmod 4755 /system/bin/su
adb chmod 4755 /system/xbin/su
reboot phone

You can su

Try: Install connectbot (or any Terminal) from Google Market connect local, type su, allow. Done.

Now remote bloatware: facebook, Amazone, twitter )

 

[cpm]

Cheers Airbag888 for bringing this exploit to our attention (and of course everyone else involved in finding the exploit and scripting it)

Works like a charm. I couldn't revert back to the older 2.3.3 Gingerbread after HTC fixed my power button. Suffered the "Main version is older" error downgrading and nothing else worked.

My Nexus is now safely reunited with CyanogenMod and I'm mighty happy

Sent from my Nexus One using XDA App

 

[adamspir]

I'm new to this so I have a question!

If I root my phone using this method will i then be able to use rom manager to install cyanogen rom or do I have to do anything extra?

 

[Airbag888]

I'm new to this so I have a dummy question!

If I root my phone using this method will i then be able to use rom manager to install cyanogen rom or do I have to do anything extra?

If you root via any method (this one included)

you can install a custom recovery of any kind (including clockwork which comes with Rom Manager)

you can install compatible Roms via Rom manager as well.

It should not void your warranty either since you're not unlocking your bootloader.

However make sure to do a backup before you install a new ROM and also to wipe your data/cache via recovery when you install another ROM

 

[adamspir]

Thanks!

 

[Ad3lphi]

Hi !

Assuming that an unlocked bootloader wouldn't be a problem, I just tried your method, alas to no avail. Here is the output I got :

---------------------------------------------------------------
 CONFIRM ALL THE ABOVE THEN
Pressione qualquer tecla para continuar. . .
--- STARTING ----
--- WAITING FOR DEVICE
* daemon not running. starting it now *
ADB server didn't ACK
* failed to start daemon *
error: cannot connect to daemon
--- cleaning
* daemon not running. starting it now *
ADB server didn't ACK
* failed to start daemon *
error: cannot connect to daemon
--- pushing zergRush"
* daemon not running. starting it now *
ADB server didn't ACK
* failed to start daemon *
error: cannot connect to daemon
--- correcting permissions
* daemon not running. starting it now *
ADB server didn't ACK
* failed to start daemon *
error: cannot connect to daemon
--- executing zergRush
* daemon not running. starting it now *
ADB server didn't ACK
* failed to start daemon *
error: cannot connect to daemon
--- WAITING FOR DEVICE TO RECONNECT
if it gets stuck over here for a long time then try:
   disconnect usb cable and reconnect it
   toggle "USB DEBUGGING" (first disable it then enable it)
--- DEVICE FOUND
* daemon not running. starting it now *
ADB server didn't ACK
* failed to start daemon *
error: cannot connect to daemon
--- pushing busybox
* daemon not running. starting it now *
ADB server didn't ACK
* failed to start daemon *
error: cannot connect to daemon
--- correcting permissions
* daemon not running. starting it now *
ADB server didn't ACK
* failed to start daemon *
error: cannot connect to daemon
--- remounting /system
* daemon not running. starting it now *
ADB server didn't ACK
* failed to start daemon *
error: cannot connect to daemon
--- copying busybox to /system/xbin/
* daemon not running. starting it now *
ADB server didn't ACK
* failed to start daemon *
error: cannot connect to daemon
--- correcting ownership
* daemon not running. starting it now *
ADB server didn't ACK
* failed to start daemon *
error: cannot connect to daemon
--- correcting permissions
* daemon not running. starting it now *
ADB server didn't ACK
* failed to start daemon *
error: cannot connect to daemon
--- installing busybox
* daemon not running. starting it now *
ADB server didn't ACK
* failed to start daemon *
error: cannot connect to daemon
* daemon not running. starting it now *
ADB server didn't ACK
* failed to start daemon *
error: cannot connect to daemon
--- pushing SU binary
* daemon not running. starting it now *
ADB server didn't ACK
* failed to start daemon *
error: cannot connect to daemon
--- correcting ownership
* daemon not running. starting it now *
ADB server didn't ACK
* failed to start daemon *
error: cannot connect to daemon
--- correcting permissions
* daemon not running. starting it now *
ADB server didn't ACK
* failed to start daemon *
error: cannot connect to daemon
--- correcting symlinks
* daemon not running. starting it now *
ADB server didn't ACK
* failed to start daemon *
error: cannot connect to daemon
* daemon not running. starting it now *
ADB server didn't ACK
* failed to start daemon *
error: cannot connect to daemon
--- pushing Superuser app
* daemon not running. starting it now *
ADB server didn't ACK
* failed to start daemon *
error: cannot connect to daemon
--- cleaning
* daemon not running. starting it now *
ADB server didn't ACK
* failed to start daemon *
error: cannot connect to daemon
--- rebooting
* daemon not running. starting it now *
ADB server didn't ACK
* failed to start daemon *
error: cannot connect to daemon
ALL DONE!!!
Pressione qualquer tecla para continuar. . .

I just loved the "ALL DONE!!!" message in spite of every single step having failed

My config looks like this...

• Nexus One
  • Bought directy from Google
  • running 2.3.6, build GRK39F
  • bootloader unlocked for the first time through the SDK afew moment before trying to root
• MacBook pro running Windows XP
• Also tried Bexton's scripts, unsuccessfully.

Out of the blue, I would blame faulty ADB drivers, but since they worked for unlocking my bootloader, I guess they're ok. I'm a bit at loss there, what do you think I did wrong?

Edit: I'm now the first result for "nexus one"+"cannot connect to daemon" on google.fr. Yay me!

 

[Airbag888]

I'm not an expert, merely a messenger. But it appears adb isn't starting for you somehow.
I'd look into that.
Try launching it manually and trying to get a list of connected devices. (should give one named HTC#########)

Also if you have unlocked your bootloader then there are other methods to try.

 

[Ad3lphi]

Thanks Airbag888!

For future fellow rooters in need, here is what I did :

• Tried to run a sample adb command from the command line, got the dreaded "ADB server didn't ACK"
• Opened the Task Manager, noticed two instances of adb running, killed them both
• Ran adb devices once again, and TADAA! it worked!
• Mad with hope, launched DooMLoRD's script, and so far, it's running. Right now, I've reached the "executing zergRush" stage.

It's been running for a few minutes with no error message so far... Murphy's Law dictates that the process surely is frozen

Edit:
It has indeed frozen (or silently crashed) at "executing zergRush". Killed the adb process again, started the script again. But we're making progresses, I'm now stuck at

...
[+] Rush did it ! It's a GG, man !
[+] Killing ADB and restarting as root... enjoy!
--- WAITING FOR DEVICE TO RECONNECT
if it gets stuck over here for a long time then try:
   disconnect usb cable and reconnect it
   toggle "USB DEBUGGING" (first disable it then enable it)
--- DEVICE FOUND

 

[efrant]

Hi !

Assuming that an unlocked bootloader wouldn't be a problem, I just tried your method, alas to no avail.

If your bootloader is unlocked, why are you even bothering with this. Just start up your phone in fastboot mode, connect to your computer, and flash a custom recovery (i.e., fastboot flash recovery <NameOfYourRecoveryHere.img>, then boot into your custom, and flash ChainsDD's superuser zip. Done.

If your bootloader is unlocked, you never have to worry about root, because you can root at any time...

 

[Ad3lphi]

If your bootloader is unlocked, why are you even bothering with this.

Because I feel like keeping the stock ROM until the first ICS-based custom ROMS are out. I just want root access to get the hang of tinkering with my N1 and trashing some bloatware apps.

 

[efrant]

Because I feel like keeping the stock ROM until the first ICS-based custom ROMS are out. I just want root access to get the hang of tinkering with my N1 and trashing some bloatware apps.

What does that have to do with anything? Did you read the rest of my post? What I gave you was the way to root if your bootloader is unlocked. I never mentioned anything about switching ROMS...

Just start up your phone in fastboot mode, connect to your computer, and flash a custom recovery (i.e., fastboot flash recovery <NameOfYourRecoveryHere.img>, then boot into your custom recovery, and flash ChainsDD's superuser zip. Done.

Much simpler. No change to your stock ROM at all.

 

[Warmo161]

Finally a exploit that doesnt involve formatting my phone

Now, I am planning to run this exploit when I get home tonight

My phone at the moment is 2.3.4 and I would guess this exploit would work for it?

And I also guess you can't install clockworkmod without unlocking your bootloader?

 

[cpm]

Finally a exploit that doesnt involve formatting my phone

Now, I am planning to run this exploit when I get home tonight

My phone at the moment is 2.3.4 and I would guess this exploit would work for it?

And I also guess you can't install clockworkmod without unlocking your bootloader?

I successfully rooted 2.3.4 using the exploit. Then installed RA Amon recovery rather than ClockworkMod (personal choice). Then onto CyanogenMod 7.1 and S2E for loading my apps onto SD Card. All worked perfectly fine too.

Sent from my Nexus One using XDA App

 

[Airbag888]

Finally a exploit that doesnt involve formatting my phone

Now, I am planning to run this exploit when I get home tonight

My phone at the moment is 2.3.4 and I would guess this exploit would work for it?

And I also guess you can't install clockworkmod without unlocking your bootloader?

You don't need to unlock the bootloader to install recovery or any different rom or run nandroid backup etc