I do not know why you say this...
MOD EDIT: Rooters beware. Proceed with extreme caution, as these are highly uncharted waters.
Hi,
I am here to provide you a new method in rooting your xoom, it does not require to flash the decrypted boot.img image.
I have tried it only on my Wifi XOOM, which is a UK version. (With a Japan version of ROM, downloaded from Motodev and upgrade to 3.1)
***EDIT***
I have also tried on a HK 3g xoom (which shows MZ601 in MTP but MZ602 in fastboot). It works without any problem, and internal storage preserved untouched.
===============================================================
I am NOT a xoom developer, nor a rom cook. I am just a user of xoom, which know
a little on developing and are willing to try new things.
So, I can not be sure that the method below works on your device. By following the
things below, your xoom may have a chance to brick.
I am not responsible for any brick or mulfunction device.
===============================================================
To root your xoom, you should start with flashing your device with the clockworkmod recovery (Please refer to the post by solarnz).
After flashing the clockworkmod recovery, do the following.
1. Download the attached ROOT.zip, place it on the root directory of the external sd card, and rename it to update.zip
2. Restart your device to the recovery by:
Type "adb reboot recovery" from your pc
OR press volumn down ~2 seconds after the motorola logo appears when the device starts,
then volumn up when "-->Android recovery" appears.
3. Apply the update in the recovery.
That's it. Your device should be already rooted.
=======================================================================
I am not the inventor of the method, I think about this since I have a Samsung i9000,
and the method of rooting the i9000 is by applying a update.zip file.
I have created the ROOT.zip file by changing the i9000 root zip file with the newer su and superuser.apk (From here: http://forum.xda-developers.com/showthread.php?t=1010568)
I have also changed the updater-script in order to let the updater mount the correct partition for the update.
I am not sure if this update applies to other devices (especially for the 3g ones). This should work if the system partition have name "/dev/block/platform/sdhci-tegra.3/by-name/system".
I would like to thank solarnz for providing the clockmodwork recovery for xoom,
the one who invented the method of rooting the i9000 with a update.zip (I cannot find who make that, sorry...),
and also Xaositek for providing the su and superuser.apk files (I am too lazy to find it by myself...).
========================================================================
That's all. Please try on your device (especially for those stock 3.2) if you would like to take some risk, and report if it is success or not.
Thanks.
eddielo said:
Hi,
I am here to provide you a new method in rooting your xoom, it does not require to flash the decrypted boot.img image.
I have tried it only on my Wifi XOOM, which is a UK version. (With a Japan version of ROM, downloaded from Motodev and upgrade to 3.1)
===============================================================
I am NOT a xoom developer, nor a rom cook. I am just a user of xoom, which know
a little on developing and are willing to try new things.
So, I can not be sure that the method below works on your device. By following the
things below, your xoom may have a chance to brick.
I am not responsible for any brick or mulfunction device.
===============================================================
To root your xoom, you should start with flashing your device with the clockworkmod recovery (Please refer to the post by solarnz).
After flashing the clockworkmod recovery, do the following.
1. Download the attached ROOT.zip, place it on the root directory of the external sd card, and rename it to update.zip
2. Restart your device to the recovery by:
Type "adb reboot recovery" from your pc
OR press volumn down ~2 seconds after the motorola logo appears when the device starts,
then volumn up when "-->Android recovery" appears.
3. Apply the update in the recovery.
That's it. Your device should be already rooted.
=======================================================================
I am not the inventor of the method, I think about this since I have a Samsung i9000,
and the method of rooting the i9000 is by applying a update.zip file.
I have created the ROOT.zip file by changing the i9000 root zip file with the newer su and superuser.apk (From here: http://forum.xda-developers.com/showthread.php?t=1010568)
I have also changed the updater-script in order to let the updater mount the correct partition for the update.
I am not sure if this update applies to other devices (especially for the 3g ones). This should work if the system partition have name "/dev/block/platform/sdhci-tegra.3/by-name/system".
I would like to thank solarnz for providing the clockmodwork recovery for xoom,
the one who invented the method of rooting the i9000 with a update.zip (I cannot find who make that, sorry...),
and also Xaositek for providing the su and superuser.apk files (I am too lazy to find it by myself...).
========================================================================
That's all. Please try on your device (especially for those stock 3.2) if you would like to take some risk, and report if it is success or not.
Thanks.
Click to expand...
Click to collapse
How do you flash cwm if your device if locked? Also the purpose of the rooted boot.img is to allow you to mount your device for adb commands.
Sent from my PG86100 using Tapatalk
yeah no offense but this sounds a little sketch... I see you make a quote at the bottom asking people to report success if they try... I personally would not try this.
Unlocking and rooting is really not that hard and not very time consuming using current methods
Of course, for installing CWM, you have to unlock your device by using "fastboot oem unlock", but that will not brick your device anyway.
For this method, you do not need to issue adb commands to root your device, so no need to have a modified boot.img.
Also, for the current rooting methods, it is not 100% work on some device (like the HK 3g version, which reported missing of internal storage after rooting with currently available method), I would like to see if this work on that.
Rooters beware. Proceed with extreme caution, as these are highly uncharted waters.
eddielo said:
For this method, you do not need to issue adb commands to root your device, so no need to have a modified boot.img.
Click to expand...
Click to collapse
I think you missed my point. Rooted boot.img isn't used for rooting. Its used for adb commands like adb remount. Say i want to adb push a file to my xoom, ls a directory on my xoom, or adb rename system files. Those are all reason you need the rooted boot.img.
Sorry, this is not a rooting method. All what this is doing is flashing su, busybox and Superuser.apk.
There is more to rooting a device than this. You also need an insecure boot image.
I am sorry if I do not catch the real meaning of rooting a device.
What I think of rooting is to let my device, starting from everything stock, untouched, to a state that applications that need root, like Titanium backup or root explorer, works without problem.
I have tried on my two devices with this method, titanium backup works perfectly, root explorer can remount the system partition to rw and can successfully copy files and delete files from that.
The insecure boot.img image, as far as I know, provides everyone to use "adb remount" and make changes to the system directory. But my method do not need adb in copying the binaries and chmod them. You may call it flashing, but after that, su works without problem.
Please, try it first. If you think it is not a method of rooting, I am sorry about that.
Actually guys, don't dismiss him just yet, over in the Galaxy S II forums we only flash insecured images long enough to root the OS then flash back to a secure one, so you have root access but no remount or system r/w.
It's a (fairly) legitimate method and is exactly how I rooted my xoom this time round, well not exactly, I did it like this:
unlock
flash solarnz CWM
adb mount system r/w
push su and busybox
reboot
install superuser from market
done
This is how most people run their GSII and means you can use root apps but no insecure boot image (because the GSII shows a warning on every boot with insecure images and keeps a binary flash counter, cheeky samsung).
This will at least get you to the point where you can su from within android and dump your boot image to modify it yourself, which is what I just did to update my Euro 3G root guide.
So does this mean just "rooted".....like can't flash a rom?
Sent from my Xoom using XDA Premium App
roughneckboren said:
So does this mean just "rooted".....like can't flash a rom?
Sent from my Xoom using XDA Premium App
Click to expand...
Click to collapse
Rooting has nothing to do with installing a rom. To install a rom, you just need to unlock and fastboot flash CWM. This guide in noway helps you flash a rom.
alias_neo said:
Actually guys, don't dismiss him just yet, over in the Galaxy S II forums we only flash insecured images long enough to root the OS then flash back to a secure one, so you have root access but no remount or system r/w.
It's a (fairly) legitimate method and is exactly how I rooted my xoom this time round, well not exactly, I did it like this:
unlock
flash solarnz CWM
adb mount system r/w
push su and busybox
reboot
install superuser from market
done
This is how most people run their GSII and means you can use root apps but no insecure boot image (because the GSII shows a warning on every boot with insecure images and keeps a binary flash counter, cheeky samsung).
This will at least get you to the point where you can su from within android and dump your boot image to modify it yourself, which is what I just did to update my Euro 3G root guide.
Click to expand...
Click to collapse
Without an rooted boot.img your recovery will get wiped out every time you boot the OS.
So will this let you make a titanium backup of your data? That way you could recover your data after using the regular unlock method that erases everything?
silvinoa said:
So will this let you make a titanium backup of your data? That way you could recover your data after using the regular unlock method that erases everything?
Click to expand...
Click to collapse
Yes and NO...
Yes this method will allow you to run titanium backup. But to use this method you have to unlock, which erases everything.
Related
After seeing lots of users struggle to root their phone with the existing guides (or worse, brick their phones), often times because of an inability to install/use ADB correctly (so they hobble together steps from multiple guides), I decided to write up a guide for rooting without the need for ADB. This guide uses the Visionary program to achieve temporary root and then gfree to achieve permanent root. Visionary is used only for the temporary root and nothing else (since many on these forums are wary of the app for permanent rooting). All of the gfree steps were scripted together to make things more convenient (and allow less room for user error in typing things in). This has been tested to work with multiple G2s and theoretically should work with the Desire Z as well (if you have the 1.72 OTA though, you will need to downgrade first in order to root as per the instructions in the wiki). All credit goes to the original developers of these programs and those others who aided in achieving root originally (I didn't add anything new content-wise, just bundled it up nicely).
WARNING: A few Desire Z users have reported being stuck on the HTC logo after following this guide. Without having a Desire Z myself, it is difficult to figure out why (since this simple automates known working methods). For the time being, I recommend Desire Z users obtain permanent root using one of the other guides out there.
Instructions
1. Install Terminal Emulator and a file manager (such as Astro File Manager) from the Market.
2. Extract the contents of the zip file to the SD card (this will create a directory called root_files on the card). When done, make sure you unmount your SD card from your computer if you had mounted it as a storage device to transfer the files.
3. Enable Unknown Sources (under Settings->Applications) and USB Debugging (under Settings->Applications->Development).
4. Using your file manager, navigate to the root_files directory on your SD card and select "com.modaco.visionaryplus.r14.apk" to install the Visionary app.
5. Start the Visionary app.
6. Click on "Temproot now." Leave all other settings unchecked.
7. Start the Terminal app.
8. Type the following commands (the $ and # symbols represent the command prompt and should not be typed):
Code:
$ su
# cp /sdcard/root_files/perm_root /data/local/perm_root
# chmod 777 /data/local/*
# /data/local/perm_root
You will see multiple messages scroll by as the programs run. Once you are returned to the prompt in terminal, you will have permanent root (S-OFF), as well as subsidy unlock and SuperCID. At this point, you can also choose to flash the engineering hboot as explained in the wiki. Flashing this hboot allows you to use the flashboot program to flash images from your computer to your phone (which can be very helpful when stuck in a bootloop for example). Note, this is often times the step that bricks people's phones when following other guides. To help mitigate the danger involved, I created a script that first checks the md5 of the hboot file to ensure it didn't get corrupted and then actually performs the flash (many times the bricking occurs because of a typo in this command). If you wish to flash the engineering hboot, type the following command in terminal if you have a G2:
Code:
# /data/local/tmp/flash_hboot
Or this command if you have a Desire Z
Code:
# /data/local/tmp/flash_hboot_z
If you get a verification failed message, you should re-download the files, re-extract them to your SD card, and run the flash_hboot script again.
If you don't want the engineering hboot, just reboot your phone. You can verify you have permanent root by holding volume down while powering on (you'll see S-OFF in the first line of the bootloader). You are now free to install a new recovery and start flashing custom ROMs. If you don't want to flash a new ROM, it's safe to uninstall the Visionary app at this point.
And if you are curious, you can open the perm_root and flash_hboot files in a text editor to see what they are actually doing...
thnak you bro man this was way better !!!
does this apply to someone who just bought the G2.currently on stock 2.2?
GHOST99K said:
does this apply to someone who just bought the G2.currently on stock 2.2?
Click to expand...
Click to collapse
YES!!!! Especially you! This is much easier than the previous ways!
NICE!
I wish I had seen this last night before I spent 4 hour trying to get ADB to see my wife's new phone. Oh well got it working the hard way
Copy flash_hboot
Do you need to copy the flash_hboot like the perm_root file?
Crey23 said:
YES!!!! Especially you! This is much easier than the previous ways!
NICE!
Click to expand...
Click to collapse
cool i guess 2 of my friends will be pleased to hear this cuz i'll be helping them to root their phones.
worked like a charm! sweet man, saved me a lot of time by making this thread and guide, definitely should be added to wiki or sticky thread.
I just bought a T-mobile G2 as well, and I love the phone as is, but I just want to root it, so I can over-clock the cpu just a little bit (maybe about 1Ghz is fine). Can I use this method and keep the phone as is? Or does this method delete everything and I need to use custom rom? I'm coming from original MyTouch 3G (without 3.5 jack) rooted with CM, but I am still a newb.
misterykid89 said:
I just bought a T-mobile G2 as well, and I love the phone as is, but I just want to root it, so I can over-clock the cpu just a little bit (maybe about 1Ghz is fine). Can I use this method and keep the phone as is? Or does this method delete everything and I need to use custom rom? I'm coming from original MyTouch 3G (without 3.5 jack) rooted with CM, but I am still a newb.
Click to expand...
Click to collapse
Once you root the phone, everything will stay as is. Here's a link to overclock to at least 1 GHz on stock ROM: http://theunlockr.com/2010/10/20/t-mobile-g2-overclocked-to-1-42ghz-how-to-overclock-your-t-mobile-g2/
However, it's required you first set up ADB.
I can't just download setCPU and over-clock? I thought as long as the phone is rooted, I can do that...
misterykid89 said:
I can't just download setCPU and over-clock? I thought as long as the phone is rooted, I can do that...
Click to expand...
Click to collapse
You can still download SetCPU, but just having the app itself won't let you overclock the phone. You can try flashing a different ROM and you'll be overclocked once you run that ROM.
Wait, but the recommended and safest way is still with Rage and GFree, right? VISIONary was found to do something with the phones file system that messes up some phones I thought, right? I thought that is why scotty2 made Rage, or am I wrong?
KoolKidsKlub said:
Wait, but the recommended and safest way is still with Rage and GFree, right? VISIONary was found to do something with the phones file system that messes up some phones I thought, right? I thought that is why scotty2 made Rage, or am I wrong?
Click to expand...
Click to collapse
Rage/G-Free is still the safest but they both require ADB, which can be quite a hassle to install for many. True that Visionary has been found to mess one's phone up, but this method only implements the temp root procedure from Visionary (which doesn't require ADB) and the perm root procedures from Rage/G-Free for a more simple way to root one's G2.
so its more like the best of both methods then... i gave up cus i couldnt figure out the ADB but this way looks way easier so ima give this a try thanks for this
Worked perfectly first try. Thanks!
What exactly is kernel? I've seen some people saying they are running over-clock on their G2 with a modded kernel on stock ROM.
misterykid89 said:
What exactly is kernel? I've seen some people saying they are running over-clock on their G2 with a modded kernel on stock ROM.
Click to expand...
Click to collapse
Search google for "Kernel Operating System"
What I meant was is it okay to just change the kernel and run stock ROM that came with my T-mobile G2? Would it not change anything except for the clock speed?
misterykid89 said:
What I meant was is it okay to just change the kernel and run stock ROM that came with my T-mobile G2? Would it not change anything except for the clock speed?
Click to expand...
Click to collapse
Different kernels can be compatible only with certain ROM's. Check on on the kernel before you flash to stock ROM
I would like create a backup (of my entire system including boot image, data and system partitions. Is there any way I can do this without the CWM. The main reason is that I could return the phone to the original state in case if I have to return for service.
For my knowledge (and i have no knoledge! ) samsung accept rooted device on service (otherwise if the phone has broken screen it is not accepted)...but, if i were you, i would install cwm and make a nandroid backup of the whole system. If you want to have all of google system images(to restore original stock) you could set your sdk environment http://developer.android.com/sdk/index.html and download google images (bootloader, rom, radio) and put in a safe place (the SDK supply adb/fasboot which are tools that you would use to restore the google's files). that's the thread with these contents: http://forum.xda-developers.com/showthread.php?t=1366806 That's the standard (so yours) original stock files from google actually on your phone!
and also i advise you to follow these steps to save your /EFS partition (you never know) before flashing custom things, BUT IT REQUIRES ROOT: http://forum.xda-developers.com/showthread.php?t=1352371
BUT, if you don't want to install cwm, you could also see here: http://forum.xda-developers.com/showthread.php?t=1392310
Thank you. If I am right, msskip's tools will install the CWM onto my phone as well. I have just come across a guide for back-up without CWM <http://forum.xda-developers.com/showthread.php?t=1420351>. I am just not quite sure if it is the same full back-up as I get for the Nandriod or CWM. Does anyone have any experience with this?
The post you linked doens' backup /boot partition and recovery. So you can backup only /system and /data; you can obtain these EXACTLY files just downloading the google system (4.0.1 - 4.0.2 - 4.0.3) files (*.img estension) and you have the same result, plus you can get bootloader.img and recovery (evrything stock, meaning samsung galaxy nexus stock files)...these are in the post i linked and are the stock google images and these are the files that our phones has inside (also including system.img).
that' the explanation why i think that is basically useless to make a backup of /system and /data for warranty purpose, because google (or first phone users in november when the phone came out on the market) provied all .img that you need to revert (using fastboot) anytime your phone to a stock 'new'phone (which is your now, so in warranty!). Make, instead, a backup for the files and apps (apk) (usually /data) that you need if you want to try custom roms and then if you are not satisfied get back to stock...
To answer to your question, no is not the same kind of backup, you will lack /boot and recovery.
adding that you can use adb to generate .img by
Code:
cat /proc/mtd
and you will have a fs table with adresses (i have no phone now so cannot provide), then using dd (assuming boot is on mtd2):
Code:
dd if=/dev/mtd/mtd2 of=/sdcard/boot-stock.img bs=2048
and also use this for recovery partition...never tried for system and data partition (but could work, i'm not sure so not do that in this way, wait more knowing-knoledge people and also never tried on ics but, just ginger remembering...dont' know if it's the same in this new system)
but this process make use of
Code:
adb shell
su
the second one requires root....
as of now, i dont' now any method not involving root to make these things but as i stated at first post, i don't know anything
Thank you. I am wondering if the image file you have provided is for yakjuux. I have come across many posts that if I get the wrong baseband, the phone will not work correctly.
post, please, your baseband version which you can find on settings->phone info->basedand version in your phone; mine is 19250xxkl1 that i have recently updated from xxkk1 (the stock one)
My Build # is ITL41F I9250 UGKL1 and the kernel is 3.0.1-ga052f63 [email protected] #1.
Do you think you have a image of this? Thanks.
As far is i know, you have a GSM version of Galaxy Nexus. So it's safe to grab google image of /system, /boot and for the radio grab UGKL1 radio/baseband version. To better answear it's better to know also you bootloader version (which probably is primekk15): you can view this by going on bootloader on you phone doing this:
1 setup android sdk environment (include fastboot) for your pc system (windows-linux-osx)
2 enter in the settings menu of the phone and tic the 'debug usb'
3 attach the phone to the pc and let it recognize your phone (windows-osx), for linux install udev that already are in your distrib/repo
4 (assuming you are on windows) on pc... start/run/ cmd: the the terminal open up and go in your android-sdk directory, enter and then go to platform-tools; there is adb command, run: adb reboot bootloader
this will restart your phone in the bootloader menu. There, you have all of information you need...just write here your bootloader version (to have a confirmation) to understand which versione you need to download and put in a safe place in case of warranty-need...
Then wait someone better than me that knows how to make backup of all partitions without root (without exploit i think it's difficult to grant su access on the standard ics system); if there is no such possibility, just root, install cwm and do a nandroid backup and then trasnferr on a safe place on your place and you are good to go to try modding.....
now i need sleep as here is 8 in the morning and finishing compilemy l701x kernel which weight 3,4 mb lzo compressed, fine tuning.....good nite,ehm,good mornig..mmm... good is enough
Thank you. It takes some time to download the packages.
The Bootloader shows the following
Product Name: Tuna
Variant: Maguro
HW Version: 9
Bootloader Verson: Primekk14
Baseband Version: I9250UGKL1
Carrier Info: None
Signing: Production
What would be the appropriate to donload. Do you have their respective link? Thank you for your ongoing support.
Would anyone with experience please provide me with inputs if:
1. there is any way to back-up without root
OR
2. the phone has to be rooted, is there any way to have a program residing in my computer iso the phone (CWM in this case).
OR
3. there is any way to remove CWM and other rooted apps before I use GNex Toolkit to relock the phone.
Thanks.
Here you go:
http://forum.xda-developers.com/showthread.php?t=1420351
Would anyone with experience please help?
I am struggling with the same issue. Restoring the nandroid, removing su and superuser.apk and then relocking the bootloader actually brings the phone to quite factory looking mode (except for timestamps in system)
I wonder if it is possible to pull dump of system the same way it is done for boot and recovery.
Guys - it is pretty trivial to restore all partitions you would be modifying to factory conditions because Google provides the factory images for which you can use fastboot to restore. You don't even need to be unlocked much less rooted or have CWM installed because the Google images are official and have the correct signatures.
As for making image copies of your phones partitions this cannot be done w/o root access because these partitions are only available to root. If you are rooted you can use a utility such as dd on the phone to copy the partitions.
Sent from my Galaxy Nexus using XDA App
silow said:
Guys - it is pretty trivial to restore all partitions you would be modifying to factory conditions because Google provides the factory images for which you can use fastboot to restore. You don't even need to be unlocked much less rooted or have CWM installed because the Google images are official and have the correct signatures.
As for making image copies of your phones partitions this cannot be done w/o root access because these partitions are only available to root. If you are rooted you can use a utility such as dd on the phone to copy the partitions.
Sent from my Galaxy Nexus using XDA App
Click to expand...
Click to collapse
Google provides yakju images only. Phones here in Canada come with yakjuux which is even 4.0.1. It will be pretty obvious you have thinkered with your phone if you return it with yakju image instead the original one.
As for root - I think it might not be necesary - I was able to do nandroid backup without flashing neither recovery or root to my system by simply unlocking the boot loader and booting CWM off fastboot. I am thinking can we dd while in CWM (flash of phone still intact - except of bootloader which is not an issue since it can be relocked)
Anyone have the dd syntax handy and the partition that needs to be dumped?
system partition seems to be /dev/block/platform/omap/omap_hsmmc.0/by-name/system (this is the df output after I mounted it in CWM)
Would the dd command be something like
Code:
dd if=/dev/block/platform/omap/omap_hsmmc.0/by-name/system of=/sdcard/yakjuux.img
CWM provides you "root" because it has the su binaries in the ramdisk.
You can run the following when booted into CWM since CWM will mount /data:
Code:
dd if=/dev/block/mmcblk0p10 of=/data/media/system.img
leobg said:
[snip]
Anyone have the dd syntax handy and the partition that needs to be dumped?
system partition seems to be /dev/block/platform/omap/omap_hsmmc.0/by-name/system (this is the df output after I mounted it in CWM)
Would the dd command be something like
Code:
dd if=/dev/block/platform/omap/omap_hsmmc.0/by-name/system of=/sdcard/yakjuux.img
Click to expand...
Click to collapse
I think that may work. The output file may be padded with extra zeros, so you may need to trim them before flashing (this is certainly the case when you dump the radio).
EDIT: I would probably use this instead (although I am not sure it will make a difference:
Code:
dd if=/dev/block/platform/omap/omap_hsmmc.0/by-name/system of=/data/media/yakjuux.img
efrant said:
I think that may work. The output file may be padded with extra zeros, so you may need to trim them before flashing (this is certainly the case when you dump the radio).
EDIT: I would probably use this instead (although I am not sure it will make a difference:
Code:
dd if=/dev/block/platform/omap/omap_hsmmc.0/by-name/system of=/data/media/yakjuux.img
Click to expand...
Click to collapse
Yes, that was what I actually ended up doing since /sdcard was a sym link to /data/media. Resulting file is 654MB uncompressed. I wonder how can I easily check if content is right on a win machine.
---------- Post added at 09:44 PM ---------- Previous post was at 09:37 PM ----------
silow said:
CWM provides you "root" because it has the su binaries in the ramdisk.
You can run the following when booted into CWM since CWM will mount /data:
Code:
dd if=/dev/block/mmcblk0p10 of=/data/media/system.img
Click to expand...
Click to collapse
Yes, I meant it's not necessary to make any changes on the filesystem to achieve it once bootloader lock is off. And by simply relocking the device after, there are zero traces of any 'hackery' being done on the phone.
leobg said:
Yes, that was what I actually ended up doing since /sdcard was a sym link to /data/media. Resulting file is 654MB uncompressed. I wonder how can I easily check if content is right on a win machine.
Click to expand...
Click to collapse
There is obviously some extra padding in there, as the file size should be closer to half that size uncompressed.
---------- Post added at 09:08 AM ---------- Previous post was at 08:51 AM ----------
leobg said:
[snip]
And by simply relocking the device after, there are zero traces of any 'hackery' being done on the phone.
Click to expand...
Click to collapse
Not sure why so many people are worried about "traces of hackery". I can't speak from personal experience, but many Nexus One owners (if not all of who have attempted), had NO issues returning devices to HTC that were unlocked... Remember, the N1 did not have a relockable bootloader, so they obviously knew you were messing around.
You don't have to FLASH CWM to USE CWM.
Just BOOT CWM. Simple.
I have the Hong Kong variant of the Galaxy Nexus GSM (yakjuzs) running 4.0.2.
I haven't even unlocked the bootloader yet. (Stupid, I know.)
I've had the phone long enough to know "how it's supposed to behave" so that when I unlock and root a ROM I'll know if something is behaving badly, so now I'm looking to switch to the latest/greatest yakju (who comes up with these terrible names?) 4.0.4.
However, before I do so, I'd like a perfect backup of my phone 'as-is' so that if something goes horribly, horribly wrong I can get back to the 'original state'.
Now, I've done some reading around and I'm confused. It looks like I need several different kinds of backups, and I'm not even sure if all of them are going to be 'worth it'.
First, I found the Galaxy Nexus Toolkit. It only mentions the yakju variant, not my yakjuzs, but it "seems to" work for making a backup of my phone's data. I just haven't tested the backups, nor do I know how to, so I don't know if it's actually working or not.
I'm just not sure what it's backing up. It's obviously NOT backing up the ROM or radios (is there anything else it's not backing up?), and I don't know what it means by "System Apps", nor "apps data". Obviously it's backing up all the APKs I've installed from the market, etc. That part I get. What else is it backing up? (I know it's also backing up the virtual SD card if I tell it to, as long as I uninstall Google Currents first, which seems to have a directory structure that doesn't jive well with Win7.)
Secondly, I found this thread about backing up the Desire S which I'm going to take a wild guess and say that the advice given in it still applies to my phone as well: namely that a "NANDROID" backup will backup the ROM and radios and other 'stuff' on my phone that the GNT doesn't grab.
Thing is: I don't know what "Clockwork Recovery Mod" or "NANDROID" are, or where to get them. If I Google "Clockwork Recovery Mod", it takes me to this page which doesn't have anything on it called "Recovery Mod" at all. Is it the "ROM Manager" app?
A little more Googling suggests that this is true, or at least that I can get "Clockwork Recovery Mod" through that app (weird way of getting it, honestly), but I thought I'd ask here first.
Is "NANDROID" a part of CRM? I'd use this, which is the first thing that shows up when I Google 'Nandroid', but it seems to be four years old, and references phones that I might not even be able to find on eBay, so I'm thinking it's not a trustworthy source.
Of course, all of this requires root, right? I've been told this requires unlocking the Bootloader, though I do see this exploit that lets you get Root without doing that. So, basically, I can root with that exploit, then download that 'ROM Manager', use it to flash CRM over my locked Bootloader, then use that to do a NANDROID backup of my phone?
Right?
And, regarding that whole 'rooting/superuser' thing, I know that the 'standard' is to use 'superuser.apk' for root permissions for apps. I've read about SuperSU, the 'superior' superuser alternative. Does that require superuser.apk, or can it be used as a replacement for it? And if it can be a replacement for superuser.apk, does that mean I can use it *instead* of superuser.apk in that root exploit? How would I get the APK to use? Buy it on the market, and then somehow (adb pull? Is that it?) take the APK off of my phone and on to my computer?
I'm asking mostly because any app that checks for 'root permissions' (such as Google Movies Play Movies Play Play Movies or whatever it's called) apparently dislikes root permissions being available on a phone, but only checks for a file called 'superuser.apk'. If I don't have that file, no problem, right?
Finally, how do I get the 4.0.4 yakju straight-from-Google ROM? Do I need new radios for that? Where do I get those? No, I don't want AOKP or CM9.
Moleculor said:
[snip]
Of course, all of this requires root, right? I've been told this requires unlocking the Bootloader, though I do see this exploit that lets you get Root without doing that. So, basically, I can root with that exploit, then download that 'ROM Manager', use it to flash CRM over my locked Bootloader, then use that to do a NANDROID backup of my phone?
Right?
Click to expand...
Click to collapse
Right. Root with the exploit, install ROM Manager from the market, use ROM Manager to flash CWM recovery, boot into CWM recovery, and perform a (nandroid) backup. This will be saved in a folder in /sdcard. Now you have to pull all of the data off your phone somehow*, and save it to your computer. Then follow this guide to flash yakju 4.0.4.
*The easiest way to pull the data off your device is to boot into CWM recovery, and plug into your computer (assuming you have the drivers set up properly), open a command prompt in the directory where you have your adb.exe file, and type adb pull /data/media. This will put everything in /sdcard onto your computer.
Moleculor said:
And, regarding that whole 'rooting/superuser' thing, I know that the 'standard' is to use 'superuser.apk' for root permissions for apps. I've read about SuperSU, the 'superior' superuser alternative. Does that require superuser.apk, or can it be used as a replacement for it? And if it can be a replacement for superuser.apk, does that mean I can use it *instead* of superuser.apk in that root exploit? How would I get the APK to use? Buy it on the market, and then somehow (adb pull? Is that it?) take the APK off of my phone and on to my computer?
I'm asking mostly because any app that checks for 'root permissions' (such as Google Movies Play Movies Play Play Movies or whatever it's called) apparently dislikes root permissions being available on a phone, but only checks for a file called 'superuser.apk'. If I don't have that file, no problem, right?
Finally, how do I get the 4.0.4 yakju straight-from-Google ROM? Do I need new radios for that? Where do I get those? No, I don't want AOKP or CM9.
Click to expand...
Click to collapse
Just flash su and you will be fine. There are still some issues with supersu that have not been sorted out yet. (And by the way, the file that the apps look for is su, not Superuser.apk. Superuser.apk does not give root access - it basically acts as a firewall for apps requesting root from the su binary.)
efrant said:
Right. Root with the exploit, install ROM Manager from the market, use ROM Manager to flash CWM recovery, boot into CWM recovery, and perform a (nandroid) backup. This will be saved in a folder in /sdcard.
Click to expand...
Click to collapse
Ok, this is one thing I've never understood: I don't have an /sdcard, or at least I don't see it. Is this because I don't have root, and thus when I access my phone's internal storage, it's shortcutting me directly into /sdcard as if it's the root directory, thus I never see the directory /sdcard is in?
efrant said:
Now you have to pull all of the data off your phone somehow*, and save it to your computer. Then follow this guide to flash yakju 4.0.4.
*The easiest way to pull the data off your device is to boot into CWM recovery,
Click to expand...
Click to collapse
Ok. Wat? I've booted into the stock bootloader once before, would I do that same process to get into CWM recovery once CWM recovery is installed? And can a CWM recovery be installed on a phone with a locked bootloader (but with root)? Or should I just bite the bullet and unlock the bootloader?
efrant said:
and plug into your computer (assuming you have the drivers set up properly), open a command prompt in the directory where you have your adb.exe file, and type adb pull /data/media. This will put everything in /sdcard onto your computer.
Click to expand...
Click to collapse
Wait, what? Ok. I'm an ancient IBM-DOS and MS-DOS user, so I 'get' directory structures, but... where exactly is /sdcard? What's the directory structure of the phone like? Because /data/media doesn't exactly scream "/sdcard" to me.
efrant said:
Just flash su and you will be fine. There are still some issues with supersu that have not been sorted out yet.
Click to expand...
Click to collapse
Aww. SuperSU looked so nifty.
efrant said:
(And by the way, the file that the apps look for is su, not Superuser.apk. Superuser.apk does not give root access - it basically acts as a firewall for apps requesting root from the su binary.)
Click to expand...
Click to collapse
Hm. So if the APK were to instead look for... say... "tacolicker" instead of "su" for root access, apps that detect root would be less likely to find root access and be all DRM-y?
----
Also, I downloaded the binaries for 4.0.4 from the AOSP, including radios, drivers, etc. Do I leave them in the tarballs? (Those are called tarballs, right? The TGZ files? Only used linux for two minutes in my life, not counting this phone,) Or do I extract them first? And I'm assuming some of this goes onto my phone... somehow?
Moleculor said:
Ok, this is one thing I've never understood: I don't have an /sdcard, or at least I don't see it. Is this because I don't have root, and thus when I access my phone's internal storage, it's shortcutting me directly into /sdcard as if it's the root directory, thus I never see the directory /sdcard is in?
Click to expand...
Click to collapse
Yes, it is shortcutting you there.
Moleculor said:
Ok. Wat? I've booted into the stock bootloader once before, would I do that same process to get into CWM recovery once CWM recovery is installed? And can a CWM recovery be installed on a phone with a locked bootloader (but with root)? Or should I just bite the bullet and unlock the bootloader?
Click to expand...
Click to collapse
Yes, CWM can be installed with root and a locked bootloader. What I suggested to do is root, install CWM, backup, then unlock.
Moleculor said:
Wait, what? Ok. I'm an ancient IBM-DOS and MS-DOS user, so I 'get' directory structures, but... where exactly is /sdcard? What's the directory structure of the phone like? Because /data/media doesn't exactly scream "/sdcard" to me.
Click to expand...
Click to collapse
That is because /sdcard is just a symlink (linux term -- just a link/shortcut) to /data/media, which is the actual directory.
Moleculor said:
Aww. SuperSU looked so nifty.
Hm. So if the APK were to instead look for... say... "tacolicker" instead of "su" for root access, apps that detect root would be less likely to find root access and be all DRM-y?
Click to expand...
Click to collapse
Yes.
Moleculor said:
Also, I downloaded the binaries for 4.0.4 from the AOSP, including radios, drivers, etc. Do I leave them in the tarballs? (Those are called tarballs, right? The TGZ files? Only used linux for two minutes in my life, not counting this phone,) Or do I extract them first? And I'm assuming some of this goes onto my phone... somehow?
Click to expand...
Click to collapse
Follow the directions in the link I provided in my previous post. If you do that, you will need to extract everything: the tgz, the tar, and the zip inside.
efrant said:
Yes, CWM can be installed with root and a locked bootloader. What I suggested to do is root, install CWM, backup, then unlock.
Click to expand...
Click to collapse
Ok, just to completely clarify... to boot into CWM Recovery, I hold both volume buttons and turn the phone on? Or is that just the bootloader, and Recovery is something different? Or am I right, but I'm missing a step?
efrant said:
That is because /sdcard is just a symlink (linux term -- just a link/shortcut) to /data/media, which is the actual directory.
Click to expand...
Click to collapse
S'what I thought. They use the same thing in Win7, apparently.
Thanks!
Moleculor said:
Ok, just to completely clarify... to boot into CWM Recovery, I hold both volume buttons and turn the phone on? Or is that just the bootloader, and Recovery is something different? Or am I right, but I'm missing a step?
Click to expand...
Click to collapse
To boot into CWM recovery (after you flash it), you can:
1) Hold both volume buttons and turn the phone on to get you into the bootloader, then scroll with the volume buttons until you see recovery and then select it with the power button; or
2) Install Quick Boot from the market. Awesome app.
---------- Post added at 10:38 PM ---------- Previous post was at 10:34 PM ----------
Moleculor said:
[snip]
Also, I downloaded the binaries for 4.0.4 from the AOSP, including radios, drivers, etc. Do I leave them in the tarballs? (Those are called tarballs, right? The TGZ files? Only used linux for two minutes in my life, not counting this phone,) Or do I extract them first? And I'm assuming some of this goes onto my phone... somehow?
Click to expand...
Click to collapse
And you don't need to download the binaries. All you need to download is the IMM76D "factory images" found here: http://code.google.com/android/nexus/images.html
efrant said:
To boot into CWM recovery (after you flash it), you can:
1) Hold both volume buttons and turn the phone on to get you into the bootloader, then scroll with the volume buttons until you see recovery and then select it with the power button; or
2) Install Quick Boot from the market. Awesome app.
Click to expand...
Click to collapse
Excellent. Thanks. So Recovery shows up as another option in the bootloader. Or something.
efrant said:
And you don't need to download the binaries. All you need to download is the IMM76D "factory images" found here: http://code.google.com/android/nexus/images.html
Click to expand...
Click to collapse
Ohh, good to know, since I downloaded both that AND the drivers. So, no drivers, just that one image. K.
Dumb question: What's 'fastboot'? I "get" adb... but what's "fastboot"?
Moleculor said:
Dumb question: What's 'fastboot'? I "get" adb... but what's "fastboot"?
Click to expand...
Click to collapse
Nexus devices have two interfaces: fastboot and ADB.
Fastboot commands (used via the fastboot.exe file) can only be used when your device is booted in the bootloader (or fastboot mode).
ADB commands (used via the adb.exe file, along with two .dll files) can only be used when your device is booted normally with USB Debugging enabled in your device's settings, or booted into CWM.
They each do different things. For example, fastboot allows you to unlock/re-lock your bootloader, flash images to partitions on your device, boot kernels on your device without flashing them, erase partitions, etc. ADB has a set of commands that let you interface with the OS. As well, it allows you to execute shell commands directly on the phone using adb shell.
Aha. Weird that there would be two separate interfaces... unless technically the bootloader and Android are two separate OSes?
Final questions I hope (since I have your attention)... this might actually be more appropriate in the exploit thread, but once I have root access, how do I clean up after myself? i.e. Delete the files I put into /data/local/tmp? Did I create the /tmp directory when I pushed those files onto the phone, or is there other stuff in there too?
EDIT:Scratch that, I just used cd, ls, and rm to remove the files, rmdir to remove the ../tmp directory... but now I note that /data/local is empty too. Can I safely delete that?
Does the ROM Manager ROM backup thing that I'm running (is this nandroid? I didn't have to boot into the bootloader to do it) back up the /data/local/tmp directory? If so, I think I might need to delete my ROM backup, delete those files, and rerun the backup.
It's running now. I'm assuming it's dumping everything into one file, or something?
And is this the nandroid backup thing, or is that something in the recovery mode?
Actually, where can I read about the directory structure and all what each directory is for? /data/media is the fake SD Card, obviously, so what's /data/local? Etc.
Moleculor said:
Aha. Weird that there would be two separate interfaces... unless technically the bootloader and Android are two separate OSes?
Click to expand...
Click to collapse
Think of the bootloader as the BIOS, nothing more. The recovery is like a mini OS.
Moleculor said:
Final questions I hope (since I have your attention)... this might actually be more appropriate in the exploit thread, but once I have root access, how do I clean up after myself? i.e. Delete the files I put into /data/local/tmp? Did I create the /tmp directory when I pushed those files onto the phone, or is there other stuff in there too?
EDIT:Scratch that, I just used cd, ls, and rm to remove the files, rmdir to remove the ../tmp directory... but now I note that /data/local is empty too. Can I safely delete that?
Click to expand...
Click to collapse
No, you did not create the /tmp directory. And there is no harm in leaving the three files there, but feel free to remove them.
Moleculor said:
Does the ROM Manager ROM backup thing that I'm running (is this nandroid? I didn't have to boot into the bootloader to do it) back up the /data/local/tmp directory? If so, I think I might need to delete my ROM backup, delete those files, and rerun the backup.
Click to expand...
Click to collapse
Yes, a backup in CWM is called a nandroid backup. The three files that you copied there don't matter. They can be deleted at any time, with or without root.
Moleculor said:
It's running now. I'm assuming it's dumping everything into one file, or something?
And is this the nandroid backup thing, or is that something in the recovery mode?
Click to expand...
Click to collapse
It's creating a backup and storing it in /clockworkmod/backup/
Moleculor said:
Actually, where can I read about the directory structure and all what each directory is for? /data/media is the fake SD Card, obviously, so what's /data/local? Etc.
Click to expand...
Click to collapse
Look in these forums. When I first started, I spent hours reading before I attempted anything.
Okay, ive been doing my research, and I lasted aprox. 4-5 days and its sadly to know but this phone (HTC Evo Design 4G / Kingdom / Hero S) doesnt have that much of fame. But I was crazy trying and trying alot of methods trying to root my phone, but just couldnt. I was about to give up, until I found a Guide, and made it possible for me to root the phone, so I decided to share this guide to you guys, to who ever has a HTC Evo Design 4G / Kingdom / Hero S. Credits go to LOLINTERNET who wrote this guide. :good:
Ok, here we go. :laugh:
In order to root your Evo Design you'll need to unlock your bootloader, flash recovery, flash su binary, and install superuser and busybox. In this guide I will try to explain these steps as simply as I can. My goal is for it to be thorough enough that anyone that reads it can root their phone and enjoy the full benefits of this nifty little phone.
First and foremost, you will need to install the Java SE Development Kit. You won't use this directly in any way, but you need it in order to install the Android SDK.
Click Here To Download SDK
After installing the Java JDK, you will have to install the Android SDK which contains two tools that are essential to gaining root. They are adb (Android Debug Bridge) and fastboot. These tools are used to send files to your phone from a Windows command prompt. You will need these tools to unlock your bootloader and flash recovery.
Click Here to Download Android SDK
Instructions on installing the SDK
How to add packages to the SDK
Once you have the Java JDK and the Android SDK installed you will need to install the proper drivers for your phone. This one is pretty straightforward and necessary for your phone to be recognized while plugged into your computer. After you have the HTC drivers installed you can begin the fun parts, but first you will need a few things. :good:
HTC Drivers CREDITS TO: CNexus
You will need a recovery.img. 2fast4u88's unofficial ClockWorkMod Recovery version 5.0.2.7 and 5.0.2.8 are the only two recoveries I have used since I got my Evo Design. Many thanks to him for putting in so much work to get this device where it is today.
Download Recovery
Also, you'll need su binary version 3.0.3.2 efghi. This is the actual file that will root your device. It is a flashable .zip file that you save to your sdcard and flash in recovery. You'll be amazed at how easy this step is.
Download for su binary version 3.0.3.2 efghi
Download for su binary version 3.0.7 efghi
3.0.3.2 binary is for Gingerbread and 3.0.7 is for ICS
The superuser app is like the control center for apps that request root permissions after you're finally rooted. You will need to install this app and then Busybox, both of which can be found in the Google Play Store. After installing the Busybox app you will need to actually install busybox. The app itself is basically an installer for Linux applets that are required by root apps such as Titanium Backup and Root Explorer among many others.
Now that you have a basic overview of what it is you will be doing and the files need to do it, the only thing left is to actually perform these steps and root your device. So, lets do this!
1. Unlock your bootloader at htcdev.com. You will need to sign up and you will be warned that unlocking your bootloader will void your warranty. Once you've followed all instructions at the website an unlock token will be emailed to you. DO NOT DELETE THIS FILE. You can place it in the platform tools folder of the Android SDK and use fastboot in command prompt to relock and unlock your bootloader whenever you like. Also, anytime you unlock your bootloader all data will be wiped so be sure you sync all your contacts and backup other information first before performing this step.
2. After unlocking your bootloader you will need to flash a recovery.img. The manual way to flash recovery is to place the downloaded recovery.img for 2fast4u88's unofficial ClockWorkMod recovery port of version 5.0.2.7 in the platform-tools folder of the Android SDK. Power down your phone but be sure that Fast Boot in Power under the settings menu is unchecked or it will just reboot normally instead of into bootloader (also called hboot) like you want. After it's been powered down for a minute or two, press and hold Volume down then press and hold the power button. When the white HTC splash screen appears you can let go. Scroll down with the volume down button and select fastboot by pressing power. Plug your phone into your computer and open a command prompt, then run these commands without quotations.
"cd C:\android\platform-tools" (This is where adb and fastboot live. It may be different for you depending on where you installed the SDK. I always suggest installing it to the root of your C: drive.)
"fastboot flash recovery recovery.img"
Should only take a few seconds, then you have yourself a recovery partition and you can proceed to the next step after rebooting. Yay!
3. Next, we're going to flash the su binary in recovery. First, you'll need to place it on your sdcard. Doesn't matter where exactly just as long as you can find it. I would suggest the root of your sd just to make things easier on yourself. After you have the su binary zip saved to your sdcard power off your phone and boot into hboot. Now, I can't remember which, but either hboot or fastboot will have an option to boot into Recovery. Once you're booted into recovery, select "install zip from sdcard," then "choose zip from sdcard." Scroll down and find the su binary then select it. Pressing the Up Vol button will take you directly to the end if you don't want to scroll all the way through. After selecting the su binary zip select "yes" to flash. It's a small file, so it won't take long. When it's done select "reboot to system" and we'll move on to the next step because you just rooted your phone.
4. But, you're not done yet. You need to install the superuser app and the busybox app in that order. This is the easy part because both apps are free in the Play Store. Install Superuser, then Busybox. You shouldn't have to interact with the Superuser app, but if you want to set an automatic response to apps that request root you can open it and go to Preferences. Scroll down and you should see a few options. I have mine set to automatically grant su permission to apps that request it because I have no reason not to lol. I also unchecked the option to receive a notification every time an app is granted root permission because that junk just gets annoying. Next, after you install the Busybox app, you'll need to actually install Busybox. The app is merely an installer for the actual Busybox applets that govern root apps. The app should open automatically after you install it. You should see it in your notification bar. Open it up and follow the prompts. When you're done, reboot your phone.
5. Check If you have rooted your phone successfully, download Root Checker on Play Store.
6. Congratulations! You should now have a rooted Evo Design 4G. Enjoy. I hope this guide is both complete and comprehensive enough that everyone can enjoy the benefits of having a rooted device, but if I've missed something or if you have any questions whatsoever, please post them here and I will do my best to answer them in a timely manner. I hope you enjoy rooting your device, but please be careful. You now have administrator privileges, so use them wisely. I would highly suggest installing Quick Boot from the Play Store so that you can boot into recovery easily without having to go through hboot. I would also suggest using your newly installed app that requires root access to boot into recovery and make a backup. If anything should ever happen to your phone's system and data you will have a backup and can restore it to that state. Again, I hope you enjoy. I apologize for this being such a lengthy guide, but hopefully you understand the wonderful world of Android a little better for having read it. :good:
*EXTRA* 7. I recommend doing a backup via recovery of your phone, because this phone doesnt seem to have any roms or any stock roms etc, so i recommend making a backup, but dont worry, ill try to make a backup ROM so there could be one on the internet, because I searched and could find one! :s
Great post Julio. I saw this post somewhere else but I could not remember were.
Will this work on a Freedompop version of this phone?
THe evo design 4g FreedomPop version IS supposed to be already rooted. But when I try to load SU from the app store it says su binaries are out of date. Will flashing these binaries do the trick for it to accept it?
If it is rooted, do you think all I need to do is update that damned su binaries file?
Hope you still visit this site because those are my first questions towards doing some goodness towards my Evo!
Hope to catch you later.
maikalwolf said:
Great post Juan. I saw this post somewere else but I could not remember were.
Will this work on a Freedompop version of this phone?
THe evo design 4g FreedomPop version IS supposed to be already rooted. But when I try to load SU from the app store it says su binaries are out of date. Will flashing these binaries do the trick for it to accept it?
If it is rooted, do you think all I need to do is update that damned su binaries file?
Hope you still visit this site because those are my first questions towards doing some goodness towards my Evo!
Hope to catch you later.
Click to expand...
Click to collapse
Lmao, its Julio! :laugh: and yea I think that will do it!! Try flashing the su binary I have up in the post! Do you have CWM Recovery?
re you follow up question
julio626 said:
Lmao, its Julio! :laugh: and yea I think that will do it!! Try flashing the su binary I have up in the post! Do you have CWM Recovery?
Click to expand...
Click to collapse
Yes, the phone was rooted and just needed the new binaries, which I promptly fixed. I have also put a link to your page to the instruction for others to use.
maikalwolf said:
Yes, the phone was rooted and just needed the new binaries, which I promptly fixed. I have also put a link to your page to the instruction for others to use.
Click to expand...
Click to collapse
Thanks man!
Gracias Julio
It was quite tedious to be honest. But reading your guide and this one how-to-unlock-the-bootloader-of-any-htc-device en cultofandroid I finally was able to root my phone. Thank you so much!
Amazing
This is the best guide I have ever found. It was fluid and easy to understand for me. Just went from my JB IPhone 5 (cellular happened to break). now i have this phone lol (but its so slow and useless I decided to root and it was an unbelievable pain.. nothing worked). Then I found your guide which is fantastic, completely like no other. I am very impressed with it and just wanted to say THANK YOU!!!!!! :good:
So Close PLEASE can you help.
I followed this guide about a year ago & got to the image you see linked h**p://i.imgur.com/zfle9n7.jpg To be blunt I do not recall where I left off in the rooting process except to say I'm dead ended. Where did my efforts go wrong and what do I need to do in order to finally get this rooted? Also please tell me what bearing info in this thread: h**p://forums.androidcentral.com/htc-evo-design-4g/142434-s-off-s.html may have on my results. THANK YOU
In other systems I have worked with there are sometimes ways to boot from a file other than the NVRAM that you ordinarily operate from. For some reason people
like to call this the ROM, even though it is writable.
I have an old tablet that has a recovery mode that is only a Chinese menu. I have seen a translation so I know what the items are but none of them
are helpful for re-flashing or booting from a file.
I have been able to connect the tablet using adb and run the shell, and I can get it into fastboot mode but the instructions for "unlocking" the boot loader do
not work so I am stuck with a fastboot prompt on the tablet with no way to proceed. I was able to upload a short file but not the TWRP (I did find one for this
phone). The failure was permission.
My questions:
I have rooted this phone using kingroot and promptly decided that was unsafe and did a full reset to manufacturer. But I am still trying to root. I suppose that the
rooting programs must have to run an exploit, perhaps a buffer overflow thing, but at any rate some series of commands to Android that cause elevation to
be accomplished. Where do I find the exploit documented in order to just do it manually?
Can I extract the su binary from the TWRP and jam it in there? Probably not but I thought I'd ask. Is the su binary in there just an ordinary program unless it
has a file bit set that elevates it?
What exactly is meant by the phrase "unlock the bootloader"? Can I unlock the bootloader manually in the adb shell?
Can I kingroot again and find an su binary, rename it, uninstall kingroot, rename it again? I don't suppose that re-named binary would survive a reflash?
How can I flash this tablet? The tools don't quite work. Even if I can back it up I can't reflash. Best would be the ability to boot a file separate from the ROM. I
read somewhere that sometimes after the flash the phone boots the old ROM once. How can that be true, and if it is true what does that say about the way
those images are actually stored and used?