Develop Bugs

[MOD] 3-Click QuickTempRoot TerminalMOD :/

Alright all,
I know there's another thread about "easier" method, but this is easiest for me. 3-Clicks after installation.
I was really tired of typing the same crap over and over after rebooting just to get my temproot back to do more testing/playing.
So I redeveloped this to be quicker/easier upon reboot. Mainly I altered the Term app to be have a scripted start-up on the 1st 3 launches.
I also updated the su/Superuser combo with ChainDD's latest stuff.
Here's how it works, after it's installed.
3ClickTempRooter said:
1) You run the terminal app once, wait a few seconds and it disappears.
2) You run the terminal again, wait for it to FC.
3) You run the terminal a final time and receive root.
Click to expand...
Click to collapse
Now on each reboot, it will be simply 3-clicks (running terminal app 3 times).
Finally ... any executable script placed in /data/local/tmp will be in the path of the new terminal mod. This makes running other scripts very easy.
Installation
Download the attached QuickTempRooter.zip and place it in a directory and unpack it.
Turn on USB debugging and install through adb ...
Here's the adb installation snippet ...
Code:
adb kill-server
adb push su /sdcard/su
adb push Superuser.apk /sdcard/Superuser.apk
adb push busybox /data/local/tmp/busybox
adb push rage /data/local/tmp/rage
adb push root /data/local/tmp/root
adb shell chmod 0755 /data/local/tmp/busybox
adb shell chmod 0755 /data/local/tmp/rage
adb shell chmod 0755 /data/local/tmp/root
adb shell 'pm uninstall com.android.term'
adb install Term.apk
Has made my life wayyy easier when playing with this phone while we wait for the real-deal!!!
Hope you enjoy!
NOTES
If you get a permission denied on the ''adb shell 'pm uninstall com.android.term' '' ... this is normal if you don't have a terminal already installed or have an alternate terminal app (using a namespace other than com.android.term.
If you have another Terminal App installed, you may want to uninstall it first, to avoid confusion.
Also, you may need to reboot after the initial installation for it to work properly!

ummmmm.....Enomther??
Did you get a G2 already?
Great to see you helping out with this

Great to see you here man! Trying this now can't wait to get themes rolling once we get permanent root!
Sent from my T-Mobile G2 using XDA App

I get a permission denied response when running "adb shell 'pm uninstall com.android.term'"

burton14e7 said:
I get a permission denied response when running "adb shell 'pm uninstall com.android.term'"
Click to expand...
Click to collapse
If you didn't already have a terminal app installed that error is normal. Also you may need to reboot once after the initial installation for it to work properly.
~enom~

Thank you sir. Appreciate the goodness.

damn i wish i could hit the thanks button

Thanks man good to have you on the G2 too
Sent from my T-Mobile G2

enomther said:
If you didn't already have a terminal app installed that error is normal. Also you may need to reboot once after the initial installation for it to work properly.
~enom~
Click to expand...
Click to collapse
good to see you on this side.... i have terminal app installed rebooted but still get this denied when running adb shell 'pm uninstall com.android.term
Edit: fixed it uninstalled the Android Terminal E,ulator and just ran the setup now have root thanks

Thank You..
Enom.. (sigh)
Welcome Home..

thank u so much now i can wireless tether. easiest root ever

Sorry, this is my first Android. I came from WM and I was pretty good with it.
I've searched XDA, Youtube, and web to ADB and SDK. I've downloaded it and it's installed. The only thing I don't get is when you said to
"Download the attached QuickTempRooter.zip and place it in a directory and unpack it."
You mean place the extracted files into the sd card correct? That's why the command is "adb push su /sdcard/su".

ddgarcia05 said:
Sorry, this is my first Android. I came from WM and I was pretty good with it.
I've searched XDA, Youtube, and web to ADB and SDK. I've downloaded it and it's installed. The only thing I don't get is when you said to
"Download the attached QuickTempRooter.zip and place it in a directory and unpack it."
You mean place the extracted files into the sd card correct? That's why the command is "adb push su /sdcard/su".
Click to expand...
Click to collapse
No, he means on your PC. You are running adb to push files contained in the zip to your phone.

HamNCheese said:
No, he means on your PC. You are running adb to push files contained in the zip to your phone.
Click to expand...
Click to collapse
So they go into the tools folder? Damn. I think I've in over my head here.
Like this?

If you have better terminal, you can also add the rage and root to specific keys.

At this command I'm getting told "failed to copy 'su' to '/sdcard/su': Read-only file system"
adb push su /sdcard/su

kevdawg said:
At this command I'm getting told "failed to copy 'su' to '/sdcard/su': Read-only file system"
adb push su /sdcard/su
Click to expand...
Click to collapse
Unplug then plug ur phone back in then try again also make sure u are in usb debug mode

Good work, Temp root in like 5 seconds

Quick question, ok I was able to get root for a few mins, then it went away I guess I have to have the terminal always open or ignore so my taskiller doesnt terminated it?

Don't use task killers. (IMHO)
But I tend to have to reboot every once in a while to keep root in tacked within terminal but all my apps seem to stay with su permissions until reboot (or sometimes 12 hours)

[Tutorial][S-on]Temp root Wildfire s

Original Thread
qzfive said:
In attempt to get root apps working on my Chacha after obtaining root shell via zergRush, I remembered an old exploit that my old Desire Z used called VISIONary+ that ran an exploit called rageagainstthecage (has since been patched by HTC) and mounted a ramdisk at /system/xbin, copied the su and busybox binaries to this ramdisk, and installed Superuser.apk as a normal application, which allowed for an almost fully functional root until reboot.
I opened up the VISIONary.apk with WinRAR and found a shell script with individual shell commands which match everything the application does. I typed these commands into adb shell running from my computer with my Chacha connected:
adb shell /data/local/zergRush (to obtain temproot via shell)
Once zergRush was done:
adb remount
adb shell mkdir /system/xbin (told me it already exists, assuming this is normal)
adb push Superuser.apk /data/app/
adb shell chmod 0644 /data/app/Superuser.apk
adb shell mount -t tmpfs none /system/xbin (this creates a ramdisk out of /system/xbin for the su and busybox binaries since they can't be pushed to the physical /system/xbin due to locked bootloader)
adb push busybox /system/xbin
adb shell chmod 4755 /system/xbin/busybox
adb push su /system/xbin/su
adb shell chmod 4755 /system/xbin/su
adb shell /system/xbin/busybox --install -s /system/xbin
After I typed all of that into adb on my computer, I obtained temproot on my Chacha (opened SetCPU, was asked for a Superuser prompt, haven't tested anything else yet). If anyone is willing to try this, please do so and report back. If this is better suited in the Development section, please inform me and I will remake this in Development.
EDIT: a modified su/Superuser.apk was required for this to work on newer Sense ROMs (Chacha included) - I have attached the modified su binary (must unzip) and Superuser.apk
VISIONary+ obtained from: http://android.modaco.com/topic/320350-19nov-r14-visionary-one-click-root/
Modified su/Superuser.apk from: http://forum.xda-developers.com/showthread.php?t=886999&highlight=superuser
-----
EDIT 2: attached a .zip which contains a .bat script which executes these commands for you, to make it easier and quicker to apply/reapply this temp root. Use the contents of temproot.zip instead.
Click to expand...
Click to collapse
Test it by myself and it works.
If you're running zergrush more than once you need to remove boomsh and sh.
type the following into adb shell:
1) "rm /data/local/tmp/boomsh"
2) "rm /data/local/tmp/sh"
App tested to be OK
-setcpu
-Titanium Backup (Backup and restore Data app only.)
-Root Explore (can't edit /system unless s-off)
Something that will never happen unless s-off
-flash custom rom
-flash recovery
-motify system, etc.
Bug:
-Speaker won't work ?

Is there some way not to loose root in such case after reboot ? Otherwise I don't see how temp root could be really useful.

Can we uninstall the stock apps using this method?
Sent from my HTC Wildfire S A510e using XDA App

drsjlazar said:
Can we uninstall the stock apps using this method?
Sent from my HTC Wildfire S A510e using XDA App
Click to expand...
Click to collapse
Something that will never happen unless s-off
-flash custom rom
-flash recovery
-motify system, etc.
Have I answered your question ?! NO

Reboot problem.....
It worked pretty well but my phone reboots if I keep it locked for a while.Any suggestions????

Wow, nice to know this works on other devices
The only "bugs" I noticed when I do this on my Chacha (similar device/same processor), is that the SD card unmounts itself when zergRush runs (might be part of the exploit zergRush does?), and that if I do this too early (ie. the "HTC Quietly Brilliant" bootanimation), it throws my phone into a bootloop -- haven't noticed any speaker bugs as of yet.
EDIT: I only get reboots when something tries modifying the /system partition - because my device is still S-ON (I'm trying to find an XTC Clip), the bootloader triggers a reboot
--Just another thought: since this mounts a ramdisk, would it work on any device that's temprootable?

Hmmm. Is it possible to make a fake flash of the recovery? Anyone try this?

qzfive said:
Wow, nice to know this works on other devices
The only "bugs" I noticed when I do this on my Chacha (similar device/same processor), is that the SD card unmounts itself when zergRush runs (might be part of the exploit zergRush does?), and that if I do this too early (ie. the "HTC Quietly Brilliant" bootanimation), it throws my phone into a bootloop -- haven't noticed any speaker bugs as of yet.
EDIT: I only get reboots when something tries modifying the /system partition - because my device is still S-ON (I'm trying to find an XTC Clip), the bootloader triggers a reboot
--Just another thought: since this mounts a ramdisk, would it work on any device that's temprootable?
Click to expand...
Click to collapse
Yes...I have used zergRush many times and it unmounts the SD card everytime.....so I think its not a bug......you answered my question of reboots tough,thanks.
And maybe this temproot method just might work for every device.

It doesnt work on htc pico (s"on).
Zergrush dont succeed
Sent from my Dell Streak using XDA App

jitin02 said:
It doesnt work on htc pico (s"on).
Zergrush dont succeed
Sent from my Dell Streak using XDA App
Click to expand...
Click to collapse
Maybe HTC patched zergRush on the Pico/Explorer

Guyz, ya don't have to fight with mills, take a look at my topic: http://forum.xda-developers.com/showthread.php?p=21167193

[HOW-TO] [GSM & CDMA] Root without Unlocking Bootloader via exploit (for 4.0.1/4.0.2)

[HOW-TO] [GSM & CDMA] Root without Unlocking Bootloader via exploit (for 4.0.1/4.0.2)
Edit: This does not works on anything newer than ICL53F (i.e., 4.0.2). It works fine on ITL41D (4.0.1), ITL41F (4.0.1) and ICL53F (4.0.2)
Once you have got root, you can now use segv11's BootUnlocker app to unlock your bootloader without wiping anything. Easy as pie!
Disclaimer: I take no credit for this exploit or the implementation of it (but I will take credit for the step-by step ). Thanks to kendong2 for pointing it out to me here.
So, it looks like zx2c4 has found a local privilege escalation exploit. See source here, and saurik has managed to package it together for Android. See here. Although this may be old news to some, I hadn't seen it before.
So what does this all mean:
If you are running a 2.6.39 kernel (or above), which all Galaxy Nexus' are, you can now root your device without having to unlock your bootloader (and without losing your data).
Moreover, you should now be able to root your device even if your hardware buttons are not working.
Additionally, this allows those who have not received an OTA update and want to apply it without having an unlocked bootloader or root to do so by copying the OTA update to /cache from /sdcard.
Notes:
1) This assumes that you have USB Debugging enable on your device (Settings > Developer Options > Enable USB Debugging) and the drivers for your device installed on your computer. For the drivers, I would recommend you remove all old drivers and install these. If you don't know how to install them, or are having issues, look here.
2) This needs to be done over ADB, as a terminal emulator on-device does not have the appropriate access. If you do not have ADB, I've attached it in the zip. Unzip all files.
3) Some users indicate that, once finished the procedure, they needed to open the Superuser app.
Step-by-step:
1) Download the attached files to your computer and unzip them in the same directory as your adb.exe file;
2) Open a command prompt in the same directory;
3) Copy the files to your device:
adb push mempodroid /data/local/tmp/mempodroid
adb push su /data/local/tmp/su
adb push Superuser.apk /data/local/tmp/Superuser.apk
4) Open a shell: adb shell
5) Change permission on mempodroid to allow it to run: chmod 777 /data/local/tmp/mempodroid
6) Run the exploit: ./data/local/tmp/mempodroid 0xd7f4 0xad4b sh
Note: Once you do step 6, your prompt should change from $ to #. If not, it did not work.
7) Mount the system partition as rw: mount -o remount,rw -t ext4 /dev/block/mmcblk0p1 /system
8) Copy su to /system: cat /data/local/tmp/su > /system/bin/su
9) Change permissions on su: chmod 06755 /system/bin/su
10) Copy Superuser.apk: cat /data/local/tmp/Superuser.apk > /system/app/Superuser.apk
11) Change permissions on Superuser.apk: chmod 0644 /system/app/Superuser.apk
12) Mount the system partition as r/o: mount -o remount,ro -t ext4 /dev/block/mmcblk0p1 /system
13) Rescind root: exit
14) Exit the ADB shell: exit
15) Done. You now should have root without having to unlock your bootloader.

Reserved

Reserved

This is the same as https://github.com/saurik/mempodroid
saurik ftw.

times_infinity said:
This is the same as https://github.com/saurik/mempodroid
saurik ftw.
Click to expand...
Click to collapse
Not sure what you are getting at? I mentioned saurik in the first post, and the link you posted is in the first post. And I mentioned that this may be old news, but I haven't seen it anywhere before today in the GN forums.

Yikes! This exploit works on any kernel from 2.6.39 and >. This could become a common root method for many devices. Linus Torvalds himself posted the fix commit! Nice work by zx2c4!

Sleuth255 said:
Yikes! This exploit works on any kernel from 2.6.39 and >. This could become a common root method for many devices. Linus Torvalds himself posted the fix commit! Nice work by zx2c4!
Click to expand...
Click to collapse
You need ics to have a vulnerable kernel version, so given the number of devices which currently have ics officially, I doubt it will be common. I'd also expect Google and vendors to correct this in next release.
Also many custom kernels don't have this flaw as they are at or over 3.0.18 or have patched it. This prevents gaining unnoticed root.
Sent from my Galaxy Nexus

Hmmm I thought 2.6.39 was found in GB builds. This exploit is almost a root fix for the Moto DX 4.5.621 fiasco. Unfortunately the kernel for that build is 2.6.32.9.
Sent from my Galaxy Nexus using xda premium

This was huge in the headlines a few weeks back. It's nice to see someone putting it to a good use!
Sent from my Galaxy Nexus using xda premium

Hi, been lurking awhile, registered to clear up somethings.
I did some research while attempting to access the /data/local/ -folder with terminal emulator and I found that it would be impossible to write or to find it while being unrooted. Rooting a phone through using an unrooted access root seems impossible.
Did I miss something or is there any other way to copy mempodroid to the data- folder? I sure would like to keep all my files.

Huxleysäl said:
Hi, been lurking awhile, registered to clear up somethings.
I did some research while attempting to access the /data/local/ -folder with terminal emulator and I found that it would be impossible to write or to find it while being unrooted. Rooting a phone through using an unrooted access root seems impossible.
Did I miss something or is there any other way to copy mempodroid to the data- folder? I sure would like to keep all my files.
Click to expand...
Click to collapse
I think you are mistaken. In a terminal emulator type: cd /data/local/tmp
Edit: Fixed a mistake made by auto correct...
Sent from my Galaxy Nexus using Tapatalk

efrant said:
I think you are mistaken. In a terminal emulator type: cd /data/local/temp
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
Just did. It says "No such file or directory."
Not the best source, but if you google it, people state what I state. Sorry, can't post links

try /data/local/tmp

Huxleysäl said:
Just did. It says "No such file or directory."
Not the best source, but if you google it, people state what I state. Sorry, can't post links
Click to expand...
Click to collapse
Sorry, damn auto correct. It should be: cd /data/local/tmp
Not "temp".
It works fine.
Edit: Sleuth255 beat me to it!
Sent from my Galaxy Nexus using Tapatalk

efrant said:
Sorry, damn auto correct. It should be: cd /data/local/tmp
Not "temp".
It works fine.
Edit: Sleuth255 beat me to it!
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
Sure, OK, it worked. But as I'm trying to replicate his instructions, copying mempodroid to data/local/tmp doesn't compute. I tried extracting the files, puting mempodroid in a new folder in ./sdcard/ (which I named Nex), and it still couldn't find it.
Wait, just had an idea. Brb

Huxleysäl said:
Sure, OK, it worked. But as I'm trying to replicate his instructions, copying mempodroid to data/local/tmp doesn't compute. I tried extracting the files, puting mempodroid in a new folder in ./sdcard/ (which I named Nex), and it still couldn't find it.
Wait, just had an idea. Brb
Click to expand...
Click to collapse
Hmm. Looks like you may be correct. In GB, we had write access to that directory, but it looks like we don't in ICS. I'll have another look tomorrow and try to figure something out.
Sent from my Galaxy Nexus using Tapatalk

OK, this is exactly what I did:
I downloaded the files, extracted them into the ./sdcard folder of my android. I opened the console, wrote exactly as stated. Reaction? Cannot create /data/local/tmp/mempodroid: Permission denied
So, what I'm thinking is this: I tried the cd ./sdcard/mempodroid, found it. So, logically, that should mean that since the permission is dennied, the problem lies not in where I put the mempodroid, but with my authority over my phone. So, here we are again. Could anybody smarter then me clarify?
efrant said:
Hmm. Looks like you may be correct. In GB, we had write access to that directory, but it looks like we don't in ICS. I'll have another look tomorrow and try to figure something out.
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
****, I was hoping I was wrong. I originally thought that the exploit was this. But alas.
Try finding an alternative write route to the /data/local/- folder. That should solve all problems, I guess. Big words, ey? This is for the simpletons like me, who stupidly forgot to bootload.

Might want to expand on the steps.
Like what program to use to copy the file.
How do you change permission.
How do you run the exploit.
How to mount rw.
How to copy su.

convolution said:
Might want to expand on the steps.
Like what program to use to copy the file.
How do you change permission.
How do you run the exploit.
How to mount rw.
How to copy su.
Click to expand...
Click to collapse
I hade my initial problems with that too. But as if this moment it doesn't really matter. Read above posts. Anyhow, to answer your question: you need to download a console emulator
Just search for it in the market. Also the commands go in this console
For example: cat /directory/filename > /newdirectory/samefilename means to copy or move from one place. To change permission you just write that line of code ending with 777 instead of cat and then the filename etc and etc.
I didn't know any of this 'till yesterday, so it is quite understandable.
cheers

Huxleysäl said:
F***, I was hoping I was wrong. I originally thought that the exploit was this. But alas.
Try finding an alternative write route to the /data/local/- folder. That should solve all problems, I guess. Big words, ey? This is for the simpletons like me, who stupidly forgot to bootload.
Click to expand...
Click to collapse
I've updated the first post. Give that a go and let me know how it turns out. (The guide may need some minor tweaking, but I am here to help you through it.)
It seems that ADB has rw access to /data/local/tmp but a terminal emulator on-device does not. So for now, you need to be plugged into your computer.
It may be possible to do this with ADB-over-Wi-Fi, but I haven't gotten there yet.

[Q] ZVB Will Not Root on LGOG

My first phone bricked when I attempted to update ZVB from ZV9 so they gave me a new one with 4.1.2 installed. When I try to root, the fiddy's program says that the root was completed, but none of my apps (Such as Titanium Backup) will work. It says I don't have root. Any idea's?

bodehart said:
My first phone bricked when I attempted to update ZVB from ZV9 so they gave me a new one with 4.1.2 installed. When I try to root, the fiddy's program says that the root was completed, but none of my apps (Such as Titanium Backup) will work. It says I don't have root. Any idea's?
Click to expand...
Click to collapse
Run fiddy root again.
1. Settings>PC Connection, Make sure it says under USB connection type, "Charge Only"
2. Start root
3. plug phone in
4. follow what is says
It'll work. I've done this many times. And that's what I got when I got in too big of a hurry.
Also, when you switch from charge to mtp, give it about 15 sec for any extra screens that might pop up. Just close them, then finish root.

ZVB still will not root successfully
engine95 said:
Run fiddy root again.
1. Settings>PC Connection, Make sure it says under USB connection type, "Charge Only"
2. Start root
3. plug phone in
4. follow what is says
It'll work. I've done this many times. And that's what I got when I got in too big of a hurry.
Also, when you switch from charge to mtp, give it about 15 sec for any extra screens that might pop up. Just close them, then finish root.
Click to expand...
Click to collapse
thanks for the reply.
Did exactly as instructed and screen says I have been successful (I have attached screenshot thumbnail). Titanium is still unable to get root and Superuser v.3.1.3 (46) says "su binary not found" and below that a box ticked "outdated binary notification". Not sure what that means and if it is even important. I successfully rooted ZV9 using the above method, but keep striking out on JB.
Should I just factory reset and start all over? Any help would be appreciated.

It looks like busybox didn't install. Did you use fiddy Universal root? Or, install busybox from the Playstore.
Sent from my LG-LS970 using xda premium

Finally
engine95 said:
It looks like busybox didn't install. Did you use fiddy Universal root? Or, install busybox from the Playstore.
Sent from my LG-LS970 using xda premium
Click to expand...
Click to collapse
thanx once again. I manually installed busybox and SuperSU and it worked like a charm. I used fiddy's zip file for Windows each time and I guess I thought that it installed Busybox in the bat command. My bad. Maybe making a notation in the directions of it needing to be installed prior to running zip would be helpful to some other egghead like me. thanks again.
BTW, are you running a stock kernel or have any suggestions on another one i might try to improve performance?

I've used fiddy' "Universal" many times with no issues. It installs BB and SU. Strange it didn't for you.
I was running stock kernel till just a few minutes ago. Evolutionmod has been putting them out regularly. Many people running it. Jokersax1 kernel is good too.
Sent from my LG-LS970 using xda premium

I tried a few different utilities and all of them failed every time.
I bought the phone Sunday, Build: JZ054K Software LS970ZVB
I found a post at lg-phones.org with these steps.
The steps needed some tweaking, and I was able to root my phone.
Enable Install from Unknown sources
Enable USB debugging mode
Connect your phone to PC as charge only
At a CLI
adb shell “echo -en \\x0d > /sdcard/G_security"
Disconnect the phone
Disable Install from Unknown sources
Disable USB debugging mode
Power off the phone
Power on the phone
Enable Install from Unknown sources
Enable USB debugging mode
Connect your phone to PC as charge only
At a CLI
adb shell id
It should report: uid=0(root), gid=0(root)
If the response is as above, continue
else, see note below and start over
(Note: The power off/on cycle seems to be critical, I had several iterations before it worked.
Each time I powered on the phone USB debugging was already enabled. When this occured, the shell
would not run as root. These are the steps that worked for me.)
adb.exe push busybox /data/local/tmp/busybox
adb.exe shell "chmod 755 /data/local/tmp/busybox"
adb.exe shell /data/local/tmp/busybox mount -o remount,rw /system
adb.exe push su /system/xbin/su
adb.exe shell chmod 06755 /system/xbin/su
adb.exe push SuperuserPro.apk /system/app/SuperuserPro.apk
adb.exe push Superuser.apk /system/app/Superuser.apk
adb shell chmod 0644 /system/app/Superuser.apk
cycle power
install busybox from the play store
I got root...

bought this phone last thursday rooted using thus method
http://forum.xda-developers.com/showthread.php?t=
also try downloading busybox from market not sure if it was supposed to install it but it didn't,
then i used root checker from market to verify root (suppose any app thats asking for permission for root access would do though)
then unlocked with paid version of freegee now running lifeless 14 and evolution 1.6 kernel
Sent from my LG-LS970 using xda premium

Root for Fire Phone with SuperSU

** DISCLAIMER: I AM NOT A DEVELOPER. I DO THIS AS A HOBBY AND SHARE MY FINDINGS IN CASE SOMEONE ELSE FINDS THEM USEFUL. **
** THIS WORKED ON MY DEVICE BUT IT MAY NOT WORK ON YOURS. APPLY AT YOUR OWN RISK **​** This method is designed for Amazon fire phone. Do not use it on other devices unless you are familiar with Android file system and are able to apply proper modifications. **​
This has been tested with the unlocked US version running 4.6.1.
This procedure installs superSU root binaries and busybox on your system.
Requirements
Make sure your PC can communicate with your fire phone via adb.
The success of this method depends on following the procedure very carefully. So read the instructions and make sure you understand every step before you try it.
Procedure
1- Install and run Kingroot 4.0. You can google and download it or you can use the one in the attached zip file. When Kingroot runs it is all in Chinese, but basically you need to be connected to the internet for it to work. It will do its thing and show progress up to 100% after which you can exit the program. Now your phone is rooted. The following steps replaces the Kinguser with SuperSU.
2- Unzip the attached file in your adb directory and then open an adb terminal and make sure the PC can see your phone (you can check that by typing adb devices). Then type the following:
Code:
adb push su /data/local/tmp
adb push busybox /data/local/tmp
adb shell
3- In the shell that you get type the following and make sure you give the permission when the phone prompts you:
Code:
su
4- Continue by typing the following commands:
Code:
mount -o remount,rw /system
cat /data/local/tmp/su >/system/xbin/daemonsu && chmod 0755 /system/xbin/daemonsu
cat /data/local/tmp/busybox >/system/xbin/busybox && chmod 0755 /system/xbin/busybox
daemonsu -d &
The key is to keep this session running while you continue with the rest, so be careful with typos and monitor this window for any errors.
5- At this point, leave the adb terminal window running and go to your phone, open the Kinguser app, open settings (the wheel at the top right corner of the screen), Root authorization setting, and Remove Root permission. The app will self-uninstall.
6- Uninstall the other two Kingroot programs that are still on your phone (KingRoot and the other one with the blue icon and Chinese text under it).
7- Back to the adb terminal, and type the following:
Code:
cat /data/local/tmp/su >/system/xbin/su && chmod 0755 /system/xbin/su
busybox chattr -ia /system/xbin/ku.sud
busybox chattr -ia /system/xbin/supolicy
rm /system/xbin/ku.sud
rm /system/xbin/supolicy
rm /system/bin/rt.sh
rm /system/bin/install-recovery.sh
rm /system/bin/shipclean
rm /system/bin/start-ssh
busybox chattr -ia /system/etc/install-recovery.sh
busybox chattr -ia /system/etc/install-recovery.sh-ku.bak
rm /system/etc/install-recovery.sh
rm /system/etc/install-recovery.sh-ku.bak
rm /system/etc/install_recovery.sh
rm /system/usr/icu/icusuflag.conf
busybox chattr -ia /system/usr/iku/isu
rm -rf /system/usr/iku
rm /system/kroot_*
rm /sdcard/kr-stock-conf
rm -rf /sdcard/Kingroot
rm -rf /data/data-lib/com.kingroot.RushRoot
rm -rf /data/data-lib/com.kingroot.kinguser
rm -rf /data/data-lib/king
Again, leave the adb terminal window running and go to your phone.
8- Install superSU (from the attached file) on your phone, run it, and let it update the SU binary.
9- Reboot the phone. After about 5 minutes your root is ready.
Hint: It is a good idea to disable Amazon device client platform, DCP platform contracts, and two apps called System Updates in Amazon settings. They are responsible for regular updates, constant chatter with Amazon servers, and possible patching of your root exploit. Also disable Kinesis service which is responsible for major battery drain and heating. You will find it under settings, display, configure motion and gesture settings. Disable all.
Troubleshooting
1- Most of the problems that I noticed people have encountered is due to not reading the instructions fully. So make sure you read the OP word by word.
2- If you miss a step or mess up something go back to installing Kingroot and start over from the beginning.
3- If instant video or some other Amazon app doesn't work it is because you should run them at least once prior to rooting the phone.
4- Finally, I noticed that with an AT&T sim card in the phone Kingroot fails (why am I not surprised?) Either a reboot occurs in the middle of rooting or it completes the cycle without accomplishing root. If that occurs, my best advice is to change your phone company. If that fails, you may need to factory reset your phone or even install the firmware from scratch and try again without the sim card.

Okay. Working. I tried it 2 Times because i get in troubles with the SuperSu App.
After First Time i Cant open it anymore after adb shell.
Second Time i installed SuperSu, but after adbshell the app was gone (!?) - but i installed it again with adb shell before reboot. Now SuperSu is Working.
And now tell me how to change the FireOS to a Android Status Bar with Notifications, and youre my Hero ;D

najoor said:
** DISCLAIMER: I AM NOT A DEVELOPER. I DO THIS AS A HOBBY AND SHARE MY FINDINGS IN CASE SOMEONE ELSE FINDS THEM USEFUL. **
** THIS WORKED ON MY DEVICE BUT IT MAY NOT WORK ON YOURS. APPLY AT YOUR OWN RISK **​
This has been tested with the unlocked US version running 4.6.1.
Requirements
Make sure your PC can communicate with your fire phone via adb.
The success of this method depends on following the procedure very carefully. So read the instructions and make sure you understand every step before you try it.
Procedure
1- Install and run Kingroot 4.0. You can google and download it or you can use the one in the attached zip file. When Kingroot runs it is all in Chinese, but basically you need to be connected to the internet for it to work. It will do its thing and show progress up to 100% after which you can exit the program. Now your phone is rooted. The following steps replaces the Kinguser with SuperSU.
2- Unzip the attached file in your adb directory and then open an adb terminal and make sure the PC can see your phone (you can check that by typing adb devices). Then type the following:
Code:
adb push su /data/local/tmp
adb push busybox /data/local/tmp
adb shell
3- In the shell that you get type the following and make sure you give the permission when the phone prompts you:
Code:
su
4- Continue by typing the following commands:
Code:
mount -o remount,rw /system
cat /data/local/tmp/su >/system/xbin/daemonsu && chmod 0755 /system/xbin/daemonsu
cat /data/local/tmp/busybox >/system/xbin/busybox && chmod 0755 /system/xbin/busybox
daemonsu -d &
The key is to keep this session running while you continue with the rest, so be careful with typos and monitor this window for any errors.
5- At this point, leave the adb terminal window running and go to your phone, open the Kinguser app, open settings, Root authorization setting, and Remove Root permission .
6- Uninstall the other two Kingroot programs that are still on your phone (KingRoot and the other one with the blue icon and Chinese text under it).
7- Back to the adb terminal, and type the following:
Code:
cat /data/local/tmp/su >/system/xbin/su && chmod 0755 /system/xbin/su
busybox chattr -ia /system/xbin/ku.sud
busybox chattr -ia /system/xbin/supolicy
rm /system/xbin/ku.sud
rm /system/xbin/supolicy
rm /system/bin/rt.sh
rm /system/bin/install-recovery.sh
busybox chattr -ia /system/etc/install-recovery.sh
rm /system/etc/install-recovery.sh
busybox chattr -ia /system/etc/install-recovery.sh-ku.bak
rm /system/etc/install-recovery.sh-ku.bak
rm /system/kroot_*
rm /sdcard/kr-stock-conf
rm -rf /sdcard/Kingroot
rm /system/usr/icu/icusuflag.conf
busybox chattr -ia /system/usr/iku/isu
rm -rf /system/usr/iku
Again, leave the adb terminal window running and go to your phone.
8- Install superSU (from the attached file) on your phone, run it, and let it update the SU binary.
9- Reboot the phone. After about 5 minutes your root is ready.
Hint: It is a good idea to disable Amazon device client platform, DCP platform contracts, and two apps called System Updates in Amazon settings.
Click to expand...
Click to collapse
Not sure what I'm doing wrong but everything works till I get to rm stage of step 7. Im getting 255 read only file system error. Any ideas what I did wrong. since it didnt work to I have reinstall Kingroot and start over or do I start over from the adb shell part?

Viperise152 said:
Not sure what I'm doing wrong but everything works till I get to rm stage of step 7. Im getting 255 read only file system error. Any ideas what I did wrong. since it didnt work to I have reinstall Kingroot and start over or do I start over from the adb shell part?
Click to expand...
Click to collapse
Do you close the adb window between steps 4 and 7? Step 7 should be continued in the window that you left open in step 4.
Do you get any error message after you type each command in part 4?
To redo the process you should install the Kingroot again and stay overt from the beginning.

I did not get any errors for part 4 just when I get to the first rm command in part 7, I'm getting (rm failed for /system/xbin/ku.sud, Read-only file system). Is that normal?
FIXED!!!
Ok i was not following this step properly "open the Kinguser app, open settings, Root authorization setting, and Remove Root permission ." I was not doing through that Root authorization setting which was a few slots down.

Viperise152 said:
Not sure what I'm doing wrong but everything works till I get to rm stage of step 7. Im getting 255 read only file system error. Any ideas what I did wrong. since it didnt work to I have reinstall Kingroot and start over or do I start over from the adb shell part?
Click to expand...
Click to collapse
Please copy and paste the entire content of the adb terminal up to the point that you get the error message and send it to me via pm so I can debug it.

najoor said:
Please copy and paste the entire content of the adb terminal up to the point that you get the error message and send it to me via pm so I can debug it.
Click to expand...
Click to collapse
I still had this page open while I was giving it another go. I figured out what i was doing wrong. The " open the Kinguser app,open settings, Root authorization setting, and remove root permission." part I was just opening Kinguser settings and hitting the big center button turning it off. Did'nt realize i had to go down a few slots to the Root Authorization Setting then hit the Remove Root Permission. After i did it right Kinguser disappeared unistalled the other 2 apps. Everything after that work fine then. Thanks for trying to help me out. Maybe my confusion will help others.

Viperise152 said:
I still had this page open while I was giving it another go. I figured out what i was doing wrong. The " open the Kinguser app,open settings, Root authorization setting, and remove root permission." part I was just opening Kinguser settings and hitting the big center button turning it off. Did'nt realize i had to go down a few slots to the Root Authorization Setting then hit the Remove Root Permission. After i did it right Kinguser disappeared unistalled the other 2 apps. Everything after that work fine then. Thanks for trying to help me out. Maybe my confusion will help others.
Click to expand...
Click to collapse
Thanks for updating with what you were doing wrong. I was having the same issue. Cheers!

funkadelik said:
Thanks for updating with what you were doing wrong. I was having the same issue. Cheers!
Click to expand...
Click to collapse
And me too I should have read your post instead of bugging najoor who has been a great help to resolve my SuperSU
installation
Great thread :good::good:

thx for the guide.
can you explain why it is better to have SuperSu. What is wrong with kingsu?

planning to do this soon, cheers for the guide
so what is safe to remove out of the stock apps

veti said:
thx for the guide.
can you explain why it is better to have SuperSu. What is wrong with kingsu?
Click to expand...
Click to collapse
King user might even be a better SU than superSU, who knows? The problem is that we don't know kinguser. We don't know who wrote it, we don't know what kind of information it gathers, we don't know if it puts a backdoor exploit in your OS, etc. Super SU is a tool that we have used for years. We know exactly what supersu does and who wrote it. We can even communicate with him on xda. Chainfire, the author of SuperSU even has a weblog that he often uses to talk about the intricacies of designing a tool like superSU. There is almost nothing unknown or suspicious about superSU.
On the contrary kingroot/kinguser seems to be intrusive and sneaky. The first thing it does after rooting your phone is to install some random app on it that has nothing to do with rooting and at best I can describe it as bloat. It saves files and folders all over your phone for no apparent reason. Then, it does everything it can to prevent you from removing it. In effect, the only straightforward way to remove it is to give up root, and even then it very suspiciously leaves some executable files behind that God knows if they are sleeper cells or what. To devise the procedure in the OP I had to go through an extensive search to find every little carp that king user has planted into the system and truth be told I will not be surprised if I discover more hidden gems left behind.

The corrected op guide worked great. I had to tap a blue rectangle at two different times to get kingroot to finish (get to a screen that had 100% on it), but other than that, everything worked.

najoor said:
King user might even be a better SU than superSU, who knows? The problem is that we don't know kinguser. We don't know who wrote it, we don't know what kind of information it gathers, we don't know if it puts a backdoor exploit in your OS, etc. Super SU is a tool that we have used for years. We know exactly what supersu does and who wrote it. We can even communicate with him on xda. Chainfire, the author of SuperSU even has a weblog that he often uses to talk about the intricacies of designing a tool like superSU. There is almost nothing unknown or suspicious about superSU.
On the contrary kingroot/kinguser seems to be intrusive and sneaky. The first thing it does after rooting your phone is to install some random app on it that has nothing to do with rooting and at best I can describe it as bloat. It saves files and folders all over your phone for no apparent reason. Then, it does everything it can to prevent you from removing it. In effect, the only straightforward way to remove it is to give up root, and even then it very suspiciously leaves some executable files behind that God knows if they are sleeper cells or what. To devise the procedure in the OP I had to go through an extensive search to find every little carp that king user has planted into the system and truth be told I will not be surprised if I discover more hidden gems left behind.
Click to expand...
Click to collapse
Thank you _so_ much for your effort. I was doing some research too in advance prior to installing kingroot, but didn't get near as much useful information. Sniffing the network connection for any suspicious behaviour via wireshark and my router wasn't successful at all, as they use https.
I came up with the idea that they could have patched some of the system-apps to load an payload even after you tried to "delete everything"(tm). I am currently checking the MD5 and SHA-1 checksum of a identical, second Firephone without root.
---------- Post added at 09:09 PM ---------- Previous post was at 09:05 PM ----------
Also the Mods should pin your post. I totally agree that KingRoot uses intrusive behaviour - as it seems mostly for statistics, but anyway - and should be replaced with the method described in the OP.
EDIT: The MD5 checksum of an unrooted firephone is identical. The System apps might not have been replaced or touched at all. I didn't got a easy chance to check all apps with the SHA-1 checksum though.

Followed the directions and got the root with 0 issues

Just saw this article saying root is now achievable w/ SuperSU via Towelroot: http://dottech.org/180812/how-to-root-amazon-fire-phone-on-android-4-4-kitkat-guide/
Can anyone verify?

amf100 said:
Just saw this article saying root is now achievable w/ SuperSU via Towelroot: http://dottech.org/180812/how-to-root-amazon-fire-phone-on-android-4-4-kitkat-guide/
Can anyone verify?
Click to expand...
Click to collapse
No, it doesn't work. When you run it, the towelroot app pops up a message saying the phone is currently not supported.

Hmph! That's too bad. I wasn't with my fire phone to check for myself. The internet is so weird lol. Why make a whole page with instructions for nothing? Ugh lol

rm /system/bin/rt.sh
Click to expand...
Click to collapse
This part is not working for me. Can't seem to remove it with root explorer either. Any tips?

Im on 4.6.1 with SuperSu. If im Sideload 4.6.1 again and do an Factory Reset. Is root gone? Because Amazon send me New One Because Hardware issues