Develop Bugs

[HOWTO] manual rooting of Galaxy Tab (EURO)

This howto is for those people who are unable to root their Galaxy Tab using any of the automated procedures and do not suffer from CLPS (command-line-phobia-syndrome).
My story: After upgrading my EURO (GSM) Galaxy Tab to JM6 my persistent efforts to root the device using either the z4root or SuperOnClick methods have all been unsuccessful. z4root (v1.3.0) kept crashing at different stages, apparently depending on which and how many background apps were running. With SuperOneClick I never managed to get beyond the "changing permissions" stage.
Since both methods are basically wrappers of the rageagainstthecage application, I tried to perform the rooting procedure manually. Guess what, that worked without any problem and it is pretty easy to do.
The basic steps of the rooting process are:
1) use rageagainstthecage to get a temporary root shell
2) use the temporary root shell to copy three files to the read-only system partition the device
While I find the outlined procedure straightforward, you may not. Anyhow, try this at your own risk.
==== Prerequisites ====
I used Ubuntu 10.10 for this, but it should work on any other distro and on Windows just as well. Whatever OS you use, you need a working adb connection to your Galaxy Tab. Odin or Kies are of no use here.
You need the following binaries
* su
* busybox
* Superuser.apk
* rageagainstthecage
To get the all required files, simply download "SuperOneClickv1.5.5-ShortFuse.zip". That's what I used.
Get it here: http://forum.xda-developers.com/showthread.php?t=803682
Extract the contents of the ZIP, open a command-prompt on your computer and change to the directory where the extracted files are located.
Some advice if shell commands are not your regular cup of tea.
The following instructions show the shell commands. Some are executed on the host computer. Others are executed on the Galaxy Tab. You can differentiate between the two easily: All commands which start with "> " need to be executed in a shell on the host computer. Commands which are prefixed with "$ " are executed on the Galaxy Tab. In both case the ">" and the "$" must not be typed. If you copy+paste from this howto, make sure only to copy the commands and leave out the prompt.
==== Step 1: getting a temporary root shell ====
Copy the rageagainstthecage exploit to a temporary directory.
Code:
> adb push rageagainstthecage /data/local/tmp
263 KB/s (5392 bytes in 0.020s)
Change the file permissions and execute the exploit.
Code:
> adb shell
$ cd /data/local/tmp
$ chmod 777 rageagainstthecage
$ ./rageagainstthecage
[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
(other output truncated)
Your shell session will be terminated which will throw you back to the regular command prompt of your host computer.
==== Step 2: restart adb server ====
Now stop and restart the adb server process.
Code:
> adb kill-server
> adb start-server
* daemon not running. starting it now *
* daemon started successfully *
Now reconnect to the Galaxy Tab again. Notice the '#' prompt. This means you have a temporary root shell now. We use this to execute some privileged commands which make the rooting permanent.
==== Step 3: making it permanent ====
First, make the system partition writeable. We need this to be able to copy su, busybox and Superuser.apk to the required locations. Then exit the android shell again.
Code:
> adb shell
# mount -o remount,rw -t rfs /dev/block/stl9 /system
# exit
Now we push busybox and su via adb. Then we install Superuser.apk.
Code:
> adb push busybox /system/bin
> adb push su /system/bin
> adb install Superuser.apk
The final steps are to change the file permissions for su and busybox and then remount the system partition as read-only again.
Code:
> adb shell
# chmod 4755 /system/bin/busybox
# chmod 4755 /system/bin/su
# mount -o remount,ro -t rfs /dev/block/stl9 /system
# exit
That should be all. Try a reboot and some apps which require root, like Titanium Backup. The Superuser.apk should popup a dialog requesting permission.
Hope this helps. Happy rooting.
[update]
This process worked for JMA and JMD as well.
"adb install" Superuser.apk instead of "adb push"
[/update]

It will help me !
Merci ;-)

Fantastic! This is just what I was looking for, thank you! I feel dumb now, because I started a thread of my own right as you posted this. You must just type faster than me
I ran a quick test, and it all looks good. One quick question actually. Why do you mount like this:
Code:
# mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
When most instructions for the Galaxy Tab have you doing something like this:
Code:
# mount -o remount,rw -t rfs /dev/block/stl9 /system
I'm not saying it is wrong, in fact, it actually worked for me. I'm just curious as to why it works like that? My understanding of mounting partitions and such in Linux is a little bit weak, so I like to indulge my curiousity by bugging fine people like yourself
Anyway, thanks again, this did exactly what I needed it to. Well done, I appreciate it.

DavidThompson256 said:
One quick question actually. Why do you mount like this:
Code:
# mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
When most instructions for the Galaxy Tab have you doing something like this:
Code:
# mount -o remount,rw -t rfs /dev/block/stl9 /system
I'm not saying it is wrong, in fact, it actually worked for me. I'm just curious as to why it works like that? My understanding of mounting partitions and such in Linux is a little bit weak, so I like to indulge my curiousity by bugging fine people like yourself
Click to expand...
Click to collapse
Thanks for pointing that out! Actually both the filesystem type and blockdevice name were totally wrong. Apparently the mount command ignores both parameters - at least when they are wrong.
I just verified this as self-punishment for not paying attention:
Code:
# mount
(...)
/dev/block/stl9 /system rfs ro,relatime,vfat,log_off,check=no,gid/uid/rwx,iocharset=utf8 0 0
(...)
/system is mounted read-only to /dev/block/stl9. This is the normal state of things.
Now I remount this without the fstype parameter and using a wrong blockdevice name:
Code:
# mount -o remount,rw /dev/block/xyz /system
# mount
(...)
/dev/block/stl9 /system rfs rw,relatime,vfat,llw,check=no,gid/uid/rwx,iocharset=utf8 0 0
(...)
Surprise, this actually remounts /system in read-write mode. This is why my original howto worked despite using the wrong parameters.
Thanks again. I corrected the HOWTO.

It works for me, but i get now error message: The application calendar save (proces com.android.providers.calendar) is unexpecly stopt. Try again. Forced closing
I had this also with SuperOneClick.
When i want to start the calender in the applications i get it also.
The application wil not run anymore.
How can i resolved this.
Thnx

leonreijnders said:
It works for me, but i get now error message: The application calendar save (proces com.android.providers.calendar) is unexpecly stopt. Try again. Forced closing
I had this also with SuperOneClick.
When i want to start the calender in the applications i get it also.
The application wil not run anymore.
How can i resolved this.
Thnx
Click to expand...
Click to collapse
That is strange. The result of the rooting process is just adding three files to the system partition. I find it hard to believe that this could lead to the problem you describe. However, while experimenting with z4root I had the the effect that there were many rageagainstthecage processes running in the background and the Galaxy Tab slowed down considerably. Perhaps there is something similar going on.
Have you tried rebooting after completing the rooting process?
Try shutting down the Tab completely.After rebooting get a shell on the Tab with "adb shell" and execute "ps". That shows the process list. If that looks normal, I would try a factory reset of the device. Which ROM version are you running?

BlackLevel: Thank you soooooooooo much... I don't get how to hit the Thanks Meter thing, but here is the old fashioned way. I used a MacBook to accomplish your perfect, step by step rooting of an AT&T Galaxy Tab i987. It helps that I'm more comfortable at the command line than with most GUI systems.
I could put this into a bash script, but that could be dangerous. People really need to look at whats happening with 'adb' and have some idea of what adb is for. I did renamed your 'adbmac' to 'adb', then I could cut and paste from your instructions except for adding ./ before the adb... ie. ./adb shell
Again, wonderful work at pulling this all together in one place.
Jeff

This guide worked perfectly! I love a nice quiet clean root and it doesn't get any better than this. You my friend deserve a cookie!

Hi Guys,
I flashed to JMA, rooted it with One Click Root, and everxthing seemdet to be okay, but activating OCLF failed....is there anybody with the same problem?
Jan

Thanks a lot !. It's clean and doesn't need a kies ...
Just a question : after reboot I have to use "su" after "adb shell" to become root.
Is there any way to be root directly after adb shell ?
And thanks again ...
Mike

mbaroukh said:
Just a question : after reboot I have to use "su" after "adb shell" to become root.
Is there any way to be root directly after adb shell ?
Click to expand...
Click to collapse
The reason is that "/sbin/adbd" (the adb daemon) is running as the shell user. It would need to run as root user instead. This requires changes to the initial ram disk where adbd the relevant settings are stored.

Dealing with "insufficient permissions for device"
Thanks, this worked for me.
One small thing: running from a Linux sustem (Ubuntu 9.04), to overcome a "insufficient permissions for device" problem, I had to put my Ubuntu terminal session into su mode and restart the ADB server -- cf. groups.google.com /group/android-discuss/browse_thread/thread/f85a795644e65b59?pli=1 :
[[
adb kill-server
sudo adb start-server
adb devices
]]

gklyne said:
One small thing: running from a Linux sustem (Ubuntu 9.04), to overcome a "insufficient permissions for device" problem, I had to put my Ubuntu terminal session into su mode and restart the ADB server -- cf. groups.google.com /group/android-discuss/browse_thread/thread/f85a795644e65b59?pli=1 :
[[
adb kill-server
sudo adb start-server
adb devices
]]
Click to expand...
Click to collapse
Thanks for the feedback. On my Ubuntu 10.10 adb runs under my regular user-id (1000) and I do not have to use sudo or run the local adb server as root. That might be due to the way the udev rules are set up. Mine are rather unrestrictive and look like this:
Code:
$ cat /etc/udev/rules.d/51-android.rules
SUBSYSTEMS=="usb", SYSFS{idVendor}=="0bb4", MODE="0666"
SUBSYSTEMS=="usb", SYSFS{idVendor}=="04e8", MODE="0666"
How do yours look like?

Which is the more simple method for root of galaxy tab euro ?are there ?

the incredible said:
Which is the more simple method for root of galaxy tab euro ?are there ?
Click to expand...
Click to collapse
Try z4root or SuperOneClick. Both methods are wrappers of the rageagainstthecage exploit and try to automate the manual process outlined here.

This thread should be a sticky. Worked like a charm.

z4root is very simple method..thanks.

thanks to Germany...
I agree, this thread should be sticky. Finaly some sense in android devel section...

Thank you very much for your guide!
I followed all the instructions in your guide, everything seems fine until I try to push the busybox and su to my Galaxy Tab.
blacklevel said:
Now we push busybox and su via adb. Then we install Superuser.apk.
Code:
> adb push busybox /system/bin
> adb push su /system/bin
> adb install Superuser.apk
[/update]
Click to expand...
Click to collapse
I received an error: "failed to copy 'busybox' to '/system/bin/busybox' : No space left on device\"
the same error for the 'su' too
(No space left on device) is impossible, my tab is brand new sealed when i got it.
I have been trying the z4root and SuperOneClick procedure to root this tab but are all unsuccessful.
I am not sure if it is because of my tab needed a "NAND unlock" (I cannot find any guide about the NAND unlock) because I received this message when I tried to install busybox from the market.
Please help! My tab is carrier locked to Bell Canada, I really wanna to unlock it and root it~
Thanks!

gummo6869 said:
I received an error: "failed to copy 'busybox' to '/system/bin/busybox' : No space left on device\"
the same error for the 'su' too,
Click to expand...
Click to collapse
The `no space left on device` message indicates that the /system partition is still read-only. That means the mount command in step 3 was unsuccessful. Did you get any error message when you executed it?

Visionary r7 or visionary from android market NEEDED seriously to ROOT G2 plz help

I have tried the latest version of Visionary "R14" but it doesn't work, I have also tried Visionary "R3" "R11" "R12" and "13" and they all don't work on my OTA updated T-mobile G2.... either for temp-root or permanent root..I have tried the ADB/Rage/gfree method of rooting and I getting an ERROR on the last part instructions.... ""## mkdir failed for /system/xbin, File exists"
My main question is if anyone could check to see if their version of the Visionary app is the version 7 or r7...if so could you please used titanium backup to send me a copy of the file....
thank you so so much...

Not sure why a specific older version of Visionary would work if the newer (or older) versions would not.
Regarding your error message, is that when you run the command:
/data/local/tmp/root
Click to expand...
Click to collapse
If so you will note that the instructions on the wiki state immediately below that: You may see an error message along the lines of "mkdir: /system/xbin already exists", but if so you can ignore that, the rest of the script should still run ok.
If you boot into the bootloader (press volume down while powering on device) do you have S-OFF? If so you know that the GFREE part at least did work.

sammd301 said:
I have tried the latest version of Visionary "R14" but it doesn't work, I have also tried Visionary "R3" "R11" "R12" and "13" and they all don't work on my OTA updated T-mobile G2.... either for temp-root or permanent root..I have tried the ADB/Rage/gfree method of rooting and I getting an ERROR on the last part instructions.... ""## mkdir failed for /system/xbin, File exists"
My main question is if anyone could check to see if their version of the Visionary app is the version 7 or r7...if so could you please used titanium backup to send me a copy of the file....
thank you so so much...
Click to expand...
Click to collapse
As has been explained in the Development section, be VERY CAREFUL with Visionary as it is known to brick phones.
When I first got my DZ I was eager to Root and uses V14 to obtain root but remember that this is not a 'Real' S-OFF. GFREE is the best and safest method to use. I was a lucky newbie who didn't end up with a brick!

raitchison said:
Not sure why a specific older version of Visionary would work if the newer (or older) versions would not.
Regarding your error message, is that when you run the command:
If so you will note that the instructions on the wiki state immediately below that: You may see an error message along the lines of "mkdir: /system/xbin already exists", but if so you can ignore that, the rest of the script should still run ok.
If you boot into the bootloader (press volume down while powering on device) do you have S-OFF? If so you know that the GFREE part at least did work.
Click to expand...
Click to collapse
yes you are exactly right...when I input in this command " /data/local/tmp/root" then I got back this error "mkdir failed for /system/xbin, File exists" you see the difference, instead of "already exits" I did ignore the error message but when I tried to used a root required app like root explorer...It states the phone needs to rooted before the app can work....Lastly when I enter into the boot loader "I indeed notice that S-OFF" the problem is that the phone is not rooted not even temporary...as far as visionary r7 goes I recall after the OTA, it did work on my phone for temporary rooting...it is when I attempted to used visionary r14 to obtain permanent root that visionary r7 was overwritten by r14...which doesn't work even for temp rooting thanks for your input

gbarayah said:
As has been explained in the Development section, be VERY CAREFUL with Visionary as it is known to brick phones.
When I first got my DZ I was eager to Root and uses V14 to obtain root but remember that this is not a 'Real' S-OFF. GFREE is the best and safest method to use. I was a lucky newbie who didn't end up with a brick!
Click to expand...
Click to collapse
right now...neither method works not the "visionary r14 or ADB/RAGE/GFREE" I wouldn't mind using either method, the problem is that ADB/Rage/GFREE METHOD keep giving this error message "mkdir failed for /system/xbin, File exists" which I have done a ton of research and still can find a fixed,

sammd301 said:
yes you are exactly right...when I input in this command " /data/local/tmp/root" then I got back this error "mkdir failed for /system/xbin, File exists" you see the difference, instead of "already exits" I did ignore the error message but when I tried to used a root required app like root explorer...It states the phone needs to rooted before the app can work....Lastly when I enter into the boot loader "I indeed notice that S-OFF" the problem is that the phone is not rooted not even temporary...as far as visionary r7 goes I recall after the OTA, it did work on my phone for temporary rooting...it is when I attempted to used visionary r14 to obtain permanent root that visionary r7 was overwritten by r14...which doesn't work even for temp rooting thanks for your input
Click to expand...
Click to collapse
Crap I typed up this response but I guess I didn't submit it because it's gone...
OK what you are saying is actually good news, it means you had temp root at one point or gfree would not have worked (you would not have S-OFF now)
If you can get temp root to work even one more time you can flash ClockWorkMod recovery and then load a custom/pre-rooted ROM.
I do suspect that you have messed up your system with your various attempts at rooting (especially the fact that you used visionary and other deprecated root methods) and you need to wipe your system and start over with either a custom ROM or a pre-rooted stock ROM.
I would start by running this section of the root process:
ON YOUR PHONE:
1. Launch Terminal Emulator
2. Execute /data/local/tmp/rage
3. Wait for the message: "Forked #### childs."
4. Menu > Reset Term - Terminal Emulator will exit.
5. Launch Terminal Emulator, it Force Closes. Launch a second time, and you'll have a root shell
Click to expand...
Click to collapse
If you have a # prompt that means you have temp root, from there I would use flash_image to flash ClockWorkMod 3.0.5 to the phone (see guide)
Get ClockWorkMod here
Once you have CWM installed you can basically ignore your current OS and flash whatever you want, you can go with a custom ROM or if you don't want to do that you can go with a pre-rooted stock ROM (see this thread). In any case I would definitely wipe first (from within CWM)

Yeah, flashing a pre-rooted custom ROM is probably your cleanest solution at this point. If you want to try and fix what you have though, you can try the following steps:
1. Follow the instructions to get temp root with rage again.
2. In Terminal, try these commands and look for an error at any point (this is what the root script is actually doing, with the addition of the deletion of the xbin file/directory since that seems to be what is messing up):
Code:
# /data/local/tmp/busybox killall rage
# mount -o rw,remount -t ext3 /dev/block/mmcblk0p25 /system
# rm -rf /system/xbin
# mkdir /system/xbin
# /data/local/tmp/busybox cp /data/local/tmp/busybox /system/xbin/busybox
# chmod 4755 /system/xbin/busybox
# /system/xbin/busybox --install -s /system/bin
# cp /sdcard/Superuser.apk /system/app/Superuser.apk
# cp /sdcard/su /system/bin/su
# chmod 4755 /system/bin/su
Flashing a custom ROM is probably easier though.

ianmcquinn said:
Yeah, flashing a pre-rooted custom ROM is probably your cleanest solution at this point. If you want to try and fix what you have though, you can try the following steps:
1. Follow the instructions to get temp root with rage again.
2. In Terminal, try these commands and look for an error at any point (this is what the root script is actually doing, with the addition of the deletion of the xbin file/directory since that seems to be what is messing up):
Code:
# /data/local/tmp/busybox killall rage
# mount -o rw,remount -t ext3 /dev/block/mmcblk0p25 /system
# rm -rf /system/xbin
# mkdir /system/xbin
# /data/local/tmp/busybox cp /data/local/tmp/busybox /system/xbin/busybox
# chmod 4755 /system/xbin/busybox
# /system/xbin/busybox --install -s /system/bin
# cp /sdcard/Superuser.apk /system/app/Superuser.apk
# cp /sdcard/su /system/bin/su
# chmod 4755 /system/bin/su
Flashing a custom ROM is probably easier though.
Click to expand...
Click to collapse
Right now I going to try to use this command to fix the error and if it doesn't work, I will then try to flash a custom and see how that goes...Update will be posted as I go along....thanks for the kind help....

raitchison said:
Crap I typed up this response but I guess I didn't submit it because it's gone...
OK what you are saying is actually good news, it means you had temp root at one point or gfree would not have worked (you would not have S-OFF now)
If you can get temp root to work even one more time you can flash ClockWorkMod recovery and then load a custom/pre-rooted ROM.
I do suspect that you have messed up your system with your various attempts at rooting (especially the fact that you used visionary and other deprecated root methods) and you need to wipe your system and start over with either a custom ROM or a pre-rooted stock ROM.
I would start by running this section of the root process:
If you have a # prompt that means you have temp root, from there I would use flash_image to flash ClockWorkMod 3.0.5 to the phone (see guide)
Get ClockWorkMod here
Once you have CWM installed you can basically ignore your current OS and flash whatever you want, you can go with a custom ROM or if you don't want to do that you can go with a pre-rooted stock ROM (see this thread). In any case I would definitely wipe first (from within CWM)
Click to expand...
Click to collapse
I will attempt to flash ClockWorkmod, once I try out "ianmcquinn" suggesting in trying to fix the rooting error...thanks for the help

ianmcquinn said:
Yeah, flashing a pre-rooted custom ROM is probably your cleanest solution at this point. If you want to try and fix what you have though, you can try the following steps:
1. Follow the instructions to get temp root with rage again.
2. In Terminal, try these commands and look for an error at any point (this is what the root script is actually doing, with the addition of the deletion of the xbin file/directory since that seems to be what is messing up):
Code:
# /data/local/tmp/busybox killall rage
# mount -o rw,remount -t ext3 /dev/block/mmcblk0p25 /system
# rm -rf /system/xbin
# mkdir /system/xbin
# /data/local/tmp/busybox cp /data/local/tmp/busybox /system/xbin/busybox
# chmod 4755 /system/xbin/busybox
# /system/xbin/busybox --install -s /system/bin
# cp /sdcard/Superuser.apk /system/app/Superuser.apk
# cp /sdcard/su /system/bin/su
# chmod 4755 /system/bin/su
Flashing a custom ROM is probably easier though.
Click to expand...
Click to collapse
Yes I used the wiki instruction to gain temporary root on the phone and proceeded to tryout the above command...I got mostly error with the command below is what I en-counted as I enter the command....
# /data/local/tmp/busybox killall rage
No error here just # prompt
# mount -o rw,remount -t ext3 /dev/block/mmcblk0p25 /system
No error again just # prompt
# rm -rf /system/xbin
Error "rm failed for -rf, Read-only file system"
# mkdir /system/xbin
Error "mkdir failed for /system/xbin, File exists"
# /data/local/tmp/busybox cp /data/local/tmp/busybox /system/xbin/busybox
Error "cp: can't stat '/system/xbin/busybox': Not a directory"
# chmod 4755 /system/xbin/busybox
Error "Unable to chmod /system/xbin/busybox: Not a directory"
# /system/xbin/busybox --install -s /system/bin
Error "/system/xbin/busybox: not found"
# cp /sdcard/Superuser.apk /system/app/Superuser.apk
Error "cp: not found"
# cp /sdcard/su /system/bin/su
Error "cp: not found"
# chmod 4755 /system/bin/su
Error "Unable to chmod /system/bin/su: No such file or directory
I am now going to attempt the Clockwork custom rom flash..

Folks victory is mine....No, VICTORY IS OURS, I sincerely like to thank all of you all, who replied with helpful suggesting...especially the following members "raitchison" from West Hill, CA and "ianmcquinn" a true senior member of xda-developer.
This is what I did to finally get the phone rooted....
I took "Raitchison" advice by trying to use flash_image to flash ClockWorkMod recovery... but during the process I could not get pass copying file to the phone root system folder usind android terminal emulator ...so I input this command "chmod 777/system" to gain write access to the folder...after doing that I manually moved busybox file to system folder and attempted a rooting the phone using the rooting instruction from the HTC G2/DESIRE Z wiki site...at...
http://forum.xda-developers.com/wik...cess_.28Permanent_Root_.2F_.22Permaroot.22.29
And this time around, everything went as normal after rooting the phone I open root required app and Wa La...no error message...
Guys I once again wants thank you all for the support....I also looked forward to help out others facing the same issue...so if anyone has encounter the same or similar issue please feel free to post here and I will response....

Can any one help me I am trying to close this thread...How do I go about doing it....thanks

There is no need to close the thread, if anyone has a similar problem and finds it via search they can come in here and bring the discussion back up, otherwise if there is no activity it will naturally fall to the bottom of the thread list.

It works for me I just did it yday using visionary and gfree all on my phone weird that it doesn't work for you?
Sent from my Liquid Metal using XDA Premium App

[GUIDE] Universal rooting to any ics that you have the stock firmware.

This guide was tested on my samsung galaxy [email protected] gt-B5330 and it worked.
WARNING: this can brick your phone, used on your own risk (both eyes wide open).
The idea behing can be ported on any phone that allows you to upload custom firmware (most samsungs with odin).
The idea is that you escalate to superuser by setting suid on /system/bin/toolbox executable.
By duing that you can run most of the unix commands on android as a superuser.
I is enought for you to copy su utility somewhere where there is not a nosuid option on mountpoint. and make it a suided executable then execute su and get the #.
It's all down hill from here.
I cannot verify for every ics rom out there, but it seems that now ics uses ext4 filesystem for the system partition.
I have made a script that inspects a stock rom firmware isolate the permissions for the toolbox executable and add to them SUID,SUIG.
After that it pachs the firmware back and you can flash it to your device and have a easylly rootable device. (I will post the stept to take to get a standard rooted device).
What you need:
a linux/gnu (it will not work with cygwin because we have to mount the ext4 partition).
simg2img utility (you can get it from xda site it is in ext4_utility packet).
su, busybox and superuser.apk binaries for android (you can take them from a rooting package).
heimdal (for linux) xor odin (for windows and if you cannot flash the firmware on your phone form linux).
I've put all untilities that are not standard into the tar.
just unpack and you have the universal-patch.sh to run over an .tar.md5 firware stock rom.
And post-firmwareUpdate.sh to run after you flash in order to make the root a standard android root.
This was not tested on any other phone (was tested only on GT-B5330) and do it on your own risk.
This rooting does not exploit any weakness (or flaw) in kernel or any thing, it just modifies the stock firmware to make it more flexible so it should be forward compatible with any version of android after ics.

I assume this would exclude HTC's since you meed to be s-off to flash a firmware. I would probably verify that and edit the title if necessary. Other than that, this looks like it could be helpful.

Help to understand the procedure
Hi ETTT,
first of all thanks for your job and effort in finding a solution to this issue.. it has been driving me crazy till now.. but thanx to you i see the light :good: I see it but i cannot really understand the procedure.. Could you please write a step by step explanation of what i need to do. (I am not what we could call a genius with linux).
Thanks in advance.

The First said:
Hi ETTT,
first of all thanks for your job and effort in finding a solution to this issue.. it has been driving me crazy till now.. but thanx to you i see the light :good: I see it but i cannot really understand the procedure.. Could you please write a step by step explanation of what i need to do. (I am not what we could call a genius with linux).
Thanks in advance.
Click to expand...
Click to collapse
If you are refering to the procedure that the script is doing here is the version of step by step (with-out the script):
http://forum.xda-developers.com/showthread.php?t=1956653
If you want to know the step by step with the script, here (I will not respond to more basic than this, like how to boot ubuntu and stuff.):
mkdir -p /tmp/foo
sudo mkdir /mnt
cd /tmp/foo
tar -xzf universal-patch.tar.gz
export PATH=./:$PATH
{get the firmware here and unzip it, it should have a file with .tar.md5 suffix}
./universal-patch.sh {the name of the firmware including the .tar.md5 suffix}
wait a while. you should have by the way about 10 times the size of the zip as free space.
if all goes well you will have a myfrm.tar.md5 rady for flashing.
flash the firmware, and after boot enable usb debuging, hook the phone to pc
sudo adb devices
./post-firmwareUpdate.sh
you should have a rooted phone.
you cannot go any more basic than that.
Have fun.

Thanks for your effort, I'm already have my XWALH3 patched, btw you should to check the patch on line 19, you've misstype something there
Sent from my GT-B5330 using xda app-developers app

The file after qa
phyxar said:
Thanks for your effort, I'm already have my XWALH3 patched, btw you should to check the patch on line 19, you've misstype something there
Sent from my GT-B5330 using xda app-developers app
Click to expand...
Click to collapse
Thanks for testing and input.

phyxar said:
Thanks for your effort, I'm already have my XWALH3 patched, btw you should to check the patch on line 19, you've misstype something there
Sent from my GT-B5330 using xda app-developers app
Click to expand...
Click to collapse
XWALH3 i've produce from your universal-patch cannot being flashed to my phone, odin crash each time open those files

phyxar said:
XWALH3 i've produce from your universal-patch cannot being flashed to my phone, odin crash each time open those files
Click to expand...
Click to collapse
I'm puting the xdelta to the XWALH3
here are the md5s for the original and patched firmware.
cfe3ca545c4a2c8d453e02cd549655a1 B5330XWALH3_B5330OJVALH1_B5330XXLH4_HOME.tar.md5
624f63943bff54941e4042a39d7928f2 myfrm.tar.md5
Now I have some question in order to debug:
does the patching you have done yeild the same file as I have here?
have you use the same imput? (that's why I've give you the md5 of my imput).

Hey you have rooted you b5330 then do you notice any performance upgrade
Sent from my GT-B5330 using xda premium

Can I patch the firmware using windows??
Because I'm on win
I don't really understand using linux
Or can you make single click batch file that I can use it to patch my firmware???
I really appreciate it if someone provide it
Thanks
Sent from my GT-B5330 using xda app-developers app

byboyz said:
Can I patch the firmware using windows??
Because I'm on win
I don't really understand using linux
Or can you make single click batch file that I can use it to patch my firmware???
I really appreciate it if someone provide it
Thanks
Sent from my GT-B5330 using xda app-developers app
Click to expand...
Click to collapse
I don't know windows that much to make a batch clone of the script. so you need linux.
But you can use a live cd (maybe from ubuntu) to run the script.

ETTT said:
I don't know windows that much to make a batch clone of the script. so you need linux.
But you can use a live cd (maybe from ubuntu) to run the script.
Click to expand...
Click to collapse
Thx for ur reply
How can I open XWALH3.patch that u give earlier??
Bcause I don't know anything about linux
Sent from my GT-B5330 using xda app-developers app

byboyz said:
Thx for ur reply
How can I open XWALH3.patch that u give earlier??
Bcause I don't know anything about linux
Sent from my GT-B5330 using xda app-developers app
Click to expand...
Click to collapse
that patch is an xdelta patch.
There is an xdelta application on windows, don't know if it works, but it should work.

ETTT said:
If you are refering to the procedure that the script is doing here is the version of step by step (with-out the script):
http://forum.xda-developers.com/showthread.php?t=1956653
If you want to know the step by step with the script, here (I will not respond to more basic than this, like how to boot ubuntu and stuff.):
mkdir -p /tmp/foo
sudo mkdir /mnt
cd /tmp/foo
tar -xzf universal-patch.tar.gz
export PATH=./:$PATH
{get the firmware here and unzip it, it should have a file with .tar.md5 suffix}
./universal-patch.sh {the name of the firmware including the .tar.md5 suffix}
wait a while. you should have by the way about 10 times the size of the zip as free space.
if all goes well you will have a myfrm.tar.md5 rady for flashing.
flash the firmware, and after boot enable usb debuging, hook the phone to pc
sudo adb devices
./post-firmwareUpdate.sh
you should have a rooted phone.
you cannot go any more basic than that.
Have fun.
Click to expand...
Click to collapse
hi there, I'm stuck at last point/step: ./post-firmwareUpdate.sh
my terminal respond many error about busybox
the code like this:
2684 KB/s (91980 bytes in 0.033s)
4016 KB/s (996704 bytes in 0.242s)
4491 KB/s (1085140 bytes in 0.235s)
.//busybox: 1: .//busybox: Syntax error: word unexpected (expecting ")")
.//busybox: 1: .//busybox: Syntax error: word unexpected (expecting ")")
dd if=/data/local/tmp/su of=/mnt/obb/su # copy the su binary to a place that can be sudoed
chown 0.0 /mnt/obb/su # modify the owner
chmod 6755 /mnt/obb/su # set SUID flag.
/mnt/obb/su # becomes root !!
mount -o remount,rw /system # remount the system partition as readwrite.
dd if=/data/local/tmp/su of=/system/xbin/su #copy su in path
chown 0.0 /system/xbin/su
chmod 6755 /system/xbin/su
chmod 755 /system/bin/toolbox # close the security hole (toolbox is nolonger with SUID)
dd if=/data/local/tmp/Superuser.apk of=/system/app/Superuser.apk # copy the superuser application
chown 0.0 /system/app/Superuser.apk
chmod 666 /system/app/Superuser.apk
#now this is done for busybox
dd if=/data/local/tmp/busybox of=/system/xbin/busybox
chown 0.0 /system/xbin/busybox
chmod 755 /system/xbin/busybox
cd /system/xbin
for k in
nt/obb/su # copy the su binary to a place that can be sudoed <
/mnt/obb/su: cannot open for write: Permission denied
1|[email protected]:/ $ chown 0.0 /mnt/obb/su # modify the owner
Unable to chmod /mnt/obb/su: No such file or directory
10|[email protected]:/ $ chmod 6755 /mnt/obb/su # set SUID flag.
Unable to chmod /mnt/obb/su: No such file or directory
10|[email protected]:/ $ /mnt/obb/su # becomes root !!
/system/bin/sh: /mnt/obb/su: not found
# remount the system partition as readwrite. <
mount: Operation not permitted
/system/xbin/su #copy su in path <
/system/xbin/su: cannot open for write: Read-only file system
1|[email protected]:/ $ chown 0.0 /system/xbin/su
Unable to chmod /system/xbin/su: No such file or directory
10|[email protected]:/ $ chmod 6755 /system/xbin/su
Unable to chmod /system/xbin/su: No such file or directory
# close the security hole (toolbox is nolonger with SUID) <
Unable to chmod /system/bin/toolbox: Read-only file system
er.apk of=/system/app/Superuser.apk # copy the superuser application <
/system/app/Superuser.apk: cannot open for write: Read-only file system
1|[email protected]:/ $ chown 0.0 /system/app/Superuser.apk
Unable to chmod /system/app/Superuser.apk: No such file or directory
10|[email protected]:/ $ chmod 666 /system/app/Superuser.apk
Unable to chmod /system/app/Superuser.apk: No such file or directory
10|[email protected]:/ $ #now this is done for busybox
10|[email protected]:/ $ dd if=/data/local/tmp/busybox of=/system/xbin/busybox
/system/xbin/busybox: cannot open for write: Read-only file system
1|[email protected]:/ $ chown 0.0 /system/xbin/busybox
Unable to chmod /system/xbin/busybox: No such file or directory
10|[email protected]:/ $ chmod 755 /system/xbin/busybox
Unable to chmod /system/xbin/busybox: No such file or directory
10|[email protected]:/ $ cd /system/xbin
[email protected]:/system/xbin $ for k in
Click to expand...
Click to collapse

smhybrid said:
hi there, I'm stuck at last point/step: ./post-firmwareUpdate.sh
my terminal respond many error about busybox
the code like this:
Click to expand...
Click to collapse
Ok it seams busybox has a thing against ")" in comments.
Here is the script without comments, so try this.

ETTT said:
Ok it seams busybox has a thing against ")" in comments.
Here is the script without comments, so try this.
Click to expand...
Click to collapse
no good, it's still have same error...
maybe the problem is in busybox?
and i don't know why I'm unable to do chmod

smhybrid said:
no good, it's still have same error...
maybe the problem is in busybox?
and i don't know why I'm unable to do chmod
Click to expand...
Click to collapse
give this command:
adb shell ls -l /system/bin/toolbox
and let's see if the toolbox has suid.

ETTT said:
give this command:
adb shell ls -l /system/bin/toolbox
and let's see if the toolbox has suid.
Click to expand...
Click to collapse
what i get is
-rwxr-xr-x root shell 99068 2012-08-09 11:59 toolbox
how to get suid?

smhybrid said:
what i get is
-rwxr-xr-x root shell 99068 2012-08-09 11:59 toolbox
how to get suid?
Click to expand...
Click to collapse
have you flash the patched firmware?

ETTT said:
have you flash the patched firmware?
Click to expand...
Click to collapse
well, I've just do all of Your step, except this:
flash the firmware, and after boot enable usb debuging, hook the phone to pc
Click to expand...
Click to collapse
because I don't know the meaning of flash the firmware. How to do that?
So I skip that and hook the phone to pc with usb debugging enabled
i'm new at linux, but I want to try this method for my galaxy chat

[Q] Linux user with some questions about root methods.

Okay folks, I am a rooting newb where it comes to this wonderous device known as the Optimus G, and I need some questions answered.
First lemme fill you all in on some details where the computer I might be using to root my Optimus G is concerned. I run Zorin OS 6.1 64bit Core edition (yes, Linux) and that obviously that begs my first question, of any of the rooting methods mentioned in the development part of this forum, are there any that will work with Linux? And if so which ones or is there some kind of special magic I'll need to cast or some kind of coding wizardry level I'll have to obtain in order to be able to root my Optimus G?
Second, to fill you in on the phone, yes I have updated to ZV9 so if that borks me if you could please let me know?
Third, and Fourth actually are my concerns over being able to fix whatever possible brick type damage might be done. 3)How stable are the root/unlock methods, meaning there would be no way to reverse them? Of course I mean outside of accepting an OTA update which I already know better than to do on a custom ROM (had a Samsung Epic 4g before this so yeah I know how that goes.)
and 4)Is there an LGNPST (sp?) version for Linux or will I have to figure out a wa to maybe run it on WINE or something along those lines?
I'd ask about ROMS but I know everybody has an opinion of their own and I don't so much mind the stock one, though I might get the debloated version and see what else I can do with that.
Thanks in advance everybody for any help you all can give.

1) You can root through linux, although I don't know about which distros. I did it on ubuntu, using one of the links in the link in my sig.
2) AFAIK, you have to be on zv7/8 to root or unlock. You will have to use LGNPST to go back to one of those, and as far as I've ever heard that is a windows program only.
3) Both the root and unlock methods are reversible through whatever program you use to do it.
4) ???

You forgot profit!!!!
Sent from my LG-LS970 using xda premium

As long as you can attain a root shell and install ADB aka Android SDK, and as long as after that you can run ADB shell and then receive a prompt from your device you should be able to push the necessary files and then run the exploit and install the superuser binary there should be no issues. I actually took the windows root method, and used the commands in my Debian box and it worked very well. The only thing that I would be concerned with is weather not you can get a root shell in your specific version once that is attained, run ADB start-server as root then finish.
Basically I took this root method, and modded the script to fit linux.
(as noted from my post on the last page of that thread)
Preparation
ADB can be found either from the android sdk(tools only) or from the 'stuff' folder, in the archive below (i ran the one from the sdk)
Download this zip file, and extract the 'stuff' folder to a newly created 'root' folder on your Desktop
Open a terminal and cd to ~/Desktop/root
My adb location is coded into my $PATH variable so when I issue adb, it runs ~/android-sdk-linux/platform-tools/adb but you can either set up an alias (to the one included which would be alias adb=~/Desktop/root/stuff/adb if you follow the below extraction procedures or the one from the sdk which could be anywhere)
Before running the root I ran:
Code:
su -
adb start-server
exit
Then to test whether or not I had the correct version of adb, I ran:
Code:
adb shell
You should see your prompt change to that of the phone. if it displays any type of error message, please check your version of adb. to exit this prompt and continue with the root, simply type exit and press enter.
ROOT:
Paste the following into your terminal (which should now be in the ~/Desktop/root directory)
Code:
adb "wait-for-device"
adb push stuff/busybox /data/local/tmp/.
adb push stuff/su /data/local/tmp/.
adb push stuff/Superuser.apk /data/local/tmp/.
adb shell chmod 755 /data/local/tmp/busybox
adb restore stuff/fakebackup.ab
echo 'Select "Restore my data" on your phone!'
adb shell "while ! ln -s /data/local.prop /data/data/com.android.settings/a/file99; do :; done" > /dev/null
echo "Your phone will now reboot twice, DO NOT DISCONNECT USB!"
adb reboot
adb "wait-for-device"
adb shell "/data/local/tmp/busybox mount -o remount,rw /system && /data/local/tmp/busybox mv /data/local/tmp/su /system/xbin/su && /data/local/tmp/busybox mv /data/local/tmp/Superuser.apk /system/app/Superuser.apk && /data/local/tmp/busybox cp /data/local/tmp/busybox /system/xbin/busybox && chown 0.0 /system/xbin/su && chmod 06755 /system/xbin/su && chmod 655 /system/app/Superuser.apk && chmod 755 /system/xbin/busybox && rm /data/local.prop && reboot"
echo "Rooting Complete!"
echo "SuperSU should now be available in your applications drawer!"
Assimilated using the interface that interacts with the advanced internet.

My success in rooting 8.5.1

I thought I'd let folks know what I did in order to root on 8.5.1 and not have slowness. This isn't a complete walkthrough and assumes you have ADB drivers installed and working and access to ADB.
First I used the exploit found in this thread.
http://forum.xda-developers.com/showthread.php?t=2544736
I downloaded kindlehd2013_root.zip and also got the zip copy of superuser from
http://download.clockworkmod.com/superuser/superuser.zip
I extracted all to a folder. I then replaced the su from the kindlehd2013_root.zip with the superuser.zip armeabi folder version. Then you run the commands it has in the post.
adb push su /data/local/tmp/
adb push rootme.sh /data/local/tmp/
adb push exploit /data/local/tmp/
adb shell chmod 755 /data/local/tmp/rootme.sh
adb shell chmod 755 /data/local/tmp/exploit
Before I ran this last line I made sure su had the correct permissions:
type adb shell:
then ran the command
chmod 6755 /data/local/tmp/su
adb shell /data/local/tmp/exploit -c "/data/local/tmp/rootme.sh"
now you can get root via ADB by going into
adb shell
then run the command su
from there I made sure the su had the correct permissions again in the new location:
mount -o remount,rw /system
I had a complaint about space so I just removed the officesuite.apk in /system/apps to the sdcard
chown 0:0 /system/xbin/su
chmod 6755 /system/xbin/su
Then using the superuser.apk from the zip installed it.
adb install superuser.apk
Hope this helps others have success. From here you can follow the tutorials to get Google apps and such. I'd love to run an alternative ROM but have the LTE version and haven't been able to find one that has working LTE.

Hi Macman005!!
I want to use your method to root my Hd 8.9, I dont want too install a room, only install google services to use my chromecast. But before I want to Know:
How I move the officesuite.apk in /system/apps to the sdcard, if I have the space complaint you had?
I really appreciate any help you can provide

jaramosparra said:
Hi Macman005!!
I want to use your method to root my Hd 8.9, I dont want too install a room, only install google services to use my chromecast. But before I want to Know:
How I move the officesuite.apk in /system/apps to the sdcard, if I have the space complaint you had?
I really appreciate any help you can provide
Click to expand...
Click to collapse
On device you can use es file explorer -> enable root explorer from the left side the click on root explorer -> mount r/w -> then make sure /system is rw
Via ADB
adb pull /system/app/OfficeSuite.apk
adb shell
su for root
mount -o remount,rw /system
rm /system/app/OfficeSuite.apk

Hi Macman005
I had follow your instructions and I had manage to root my hd 8.9, total success!!!
Thanks!!

hi there folks,
so i've read through a bunch of guides and steps to accompish getting root on a kindle fire hd 8.9 running 8.5.1
i followed your above steps to the T but everytime i try and execute the exploit i get a error like this
***********
Attempt msm_cameraconfig exploit...
Detected kernel physical address at 0x80008000 form iomem
Attempt put_user exploit...
write: No space left on device
************
i read further into this post and in others that moving files around was the answer but i'm unable to move the files using
Code:
./adb shell
mv /system/OfficeSuite.apk /sdcard
i get a error like "failed cross device link"
so i'm guessing i'll only have access after rooting to move or delete files in /system
************
Code:
$ df
Filesystem Size Used Free Blksize
/dev 383M 32K 383M 4096
/mnt/asec 383M 0K 383M 4096
/mnt/obb 383M 0K 383M 4096
/system 872M 872M 0K 4096
/data 13G 372M 12G 4096
/cache 639M 10M 628M 4096
/efs 15M 4M 11M 4096
/mnt/sdcard 13G 372M 12G 4096
[email protected]:/system/app $
*********
any suggestions tips or links would be appreciated

Use adb pull to get the file out of /system/app then just try to delete it. I'm guessing it won't work though without root.
Did you check to see if su was in the /system/xbin/su dir?

macman005 said:
Use adb pull to get the file out of /system/app then just try to delete it. I'm guessing it won't work though without root.
Did you check to see if su was in the /system/xbin/su dir?
Click to expand...
Click to collapse
already tried rm -rf OfficeSuit.apk
pulling it leaves the file inplace
su is in place in xbin
Code:
[email protected]:/ $ cd /system/xbin/
[email protected]:/system/xbin $ ll
-rwxr-xr-x root shell 59392 2008-08-01 12:00 dexdump
-rwxr-xr-x root shell 63448 2008-08-01 12:00 hciconfig
-rwxr-xr-x root shell 36776 2008-08-01 12:00 hcitool
-rwxr-xr-x root shell 5608 2008-08-01 12:00 hdcp-test
-rwsr-sr-x root root 94208 2014-11-19 22:25 su
127|[email protected]:/sdcard $ su --help
Segmentation fault
139|[email protected]:/sdcard $ su touch test
Segmentation fault
139|[email protected]:/sdcard $ su
Segmentation fault
139|[email protected]:/sdcard $
i've tried tinkering with permissions with no luck
i'm not worried about root on the kindle os, i mostly want to stick CM11 on it - i recall reading a article on cyanogenmod's page about flashing the CM11 rom on the kindle it didn't mention that root was required i just kind of assumed it was to be able to install a second bootloader etc

If you don't need to follow my root you just use this tutorial. The root being slow isn't a big deal since you'll replace it with cm11
http://forum.xda-developers.com/showthread.php?t=2789289

macman005 said:
If you don't need to follow my root you just use this tutorial. The root being slow isn't a big deal since you'll replace it with cm11
http://forum.xda-developers.com/showthread.php?t=2789289
Click to expand...
Click to collapse
sweet thanks for the tip - i'll give this one a try (i'd tried a couple other methods with no success)

Everything good for me until:
adb shell /data/local/tmp/exploit -c "/data/local/tmp/rootme.sh"
Then I get:
Code:
Device detected: KFJWI (IMM76D)
Attempt acdb exploit...
KFJWI (IMM76D) is not supported.
Attempt fj_hdcp exploit...
Attempt msm_cameraconfig exploit...
Detected kernel physical address at 0x80008000 form iomem
Attempt put_user exploit...
After that nothing works. Any ideas where i might have taken the wrong turn?

Do you have su in the /system/xbin folder?

macman005 said:
Do you have su in the /system/xbin folder?
Click to expand...
Click to collapse
Thanks for reply macman.
I gave up... Followed the instructions you gave and all seemed well until step: adb shell /data/local/tmp/exploit -c "/data/local/tmp/rootme.sh"
So not sure but will check when I can try again. Would love to totally clean out amazon junk and turn into android pad.

Im having the same problem as Justanumber, and I'm not sure if I have the su in the /system/xbin folder

I was able to root 8.5.1. What I did was try the Bin4ry method, first option 1, when that didn't work option 2. It made my kindle run slow and was almost unusable. Being very patient due to the slowness, I tried the QEMU method. It seems like some things transferred to the kindle and others didn't and I got an error. I then went back to Bin4ry and ran unroot and got an error. The last thing I tried was to run root option 2 once more and success. I then went right to Hashcodes post and installed a second bootloader and cm11. I'm not a developer so I put everything I did. Maybe someone who knows what they are doing can figure out what is needed from all that. Whatever I did though, I got for on 8.5.1 without any issues once it went through
Sent from my HTC6525LVW using XDA Premium 4 mobile app

worked perfectly for me on 8.5.1, always a bit nervous messing with the kindle but no problems . Big thanks to the op. I didn't have any complaints about space, and there was none of the slowdown problems so many people complain about after rooting the new firmware. Now i have installed hashcode's cm12 port and its like a brand new gadget...

I got as far as "adb shell", but the su command returns "permission denied"
What exactly do you mean when you say "check su permissions." First time using ADB.

please help me
macman005 said:
I thought I'd let folks know what I did in order to root on 8.5.1 and not have slowness. This isn't a complete walkthrough and assumes you have ADB drivers installed and working and access to ADB.
First I used the exploit found in this thread.
http://forum.xda-developers.com/showthread.php?t=2544736
I downloaded kindlehd2013_root.zip and also got the zip copy of superuser from
http://download.clockworkmod.com/superuser/superuser.zip
I extracted all to a folder. I then replaced the su from the kindlehd2013_root.zip with the superuser.zip armeabi folder version. Then you run the commands it has in the post.
adb push su /data/local/tmp/
adb push rootme.sh /data/local/tmp/
adb push exploit /data/local/tmp/
adb shell chmod 755 /data/local/tmp/rootme.sh
adb shell chmod 755 /data/local/tmp/exploit
Before I ran this last line I made sure su had the correct permissions:
type adb shell:
then ran the command
chmod 6755 /data/local/tmp/su
adb shell /data/local/tmp/exploit -c "/data/local/tmp/rootme.sh"
now you can get root via ADB by going into
adb shell
then run the command su
from there I made sure the su had the correct permissions again in the new location:
mount -o remount,rw /system
I had a complaint about space so I just removed the officesuite.apk in /system/apps to the sdcard
chown 0:0 /system/xbin/su
chmod 6755 /system/xbin/su
Then using the superuser.apk from the zip installed it.
adb install superuser.apk
Hope this helps others have success. From here you can follow the tutorials to get Google apps and such. I'd love to run an alternative ROM but have the LTE version and haven't been able to find one that has working LTE.
Click to expand...
Click to collapse
Please help sir can you do a video of it on how to root the version 8.5.1 cause I cnt follow hard instruction pls lemme see

macman005 said:
Do you have su in the /system/xbin folder?
Click to expand...
Click to collapse
Could you specify a little on how to find this out?
I'm also getting stuck after:
adb shell /data/local/tmp/exploit -c "/data/local/tmp/rootme.sh"
"Attempt acdb explot...
KFJWI <IMM76D> is not supported.
Attempt fj_hdcp exploit...
Attempt msm-cameraconfic exploit...
Detected kernel physical address at 0x80008000 from iomem
Attempt put_user exploit...
Thanks

macman005 said:
I thought I'd let folks know what I did in order to root on 8.5.1 and not have slowness. This isn't a complete walkthrough and assumes you have ADB drivers installed and working and access to ADB.
First I used the exploit found in this thread.
http://forum.xda-developers.com/showthread.php?t=2544736
I downloaded kindlehd2013_root.zip and also got the zip copy of superuser from
http://download.clockworkmod.com/superuser/superuser.zip
I extracted all to a folder. I then replaced the su from the kindlehd2013_root.zip with the superuser.zip armeabi folder version. Then you run the commands it has in the post.
adb push su /data/local/tmp/
adb push rootme.sh /data/local/tmp/
adb push exploit /data/local/tmp/
adb shell chmod 755 /data/local/tmp/rootme.sh
adb shell chmod 755 /data/local/tmp/exploit
Before I ran this last line I made sure su had the correct permissions:
type adb shell:
then ran the command
chmod 6755 /data/local/tmp/su
adb shell /data/local/tmp/exploit -c "/data/local/tmp/rootme.sh"
now you can get root via ADB by going into
adb shell
then run the command su
from there I made sure the su had the correct permissions again in the new location:
mount -o remount,rw /system
I had a complaint about space so I just removed the officesuite.apk in /system/apps to the sdcard
chown 0:0 /system/xbin/su
chmod 6755 /system/xbin/su
Then using the superuser.apk from the zip installed it.
adb install superuser.apk
Hope this helps others have success. From here you can follow the tutorials to get Google apps and such. I'd love to run an alternative ROM but have the LTE version and haven't been able to find one that has working LTE.
Click to expand...
Click to collapse
I'm pretty proficient with ADB, so your steps were easy to follow. Now I have a rooted Kindle Fire HD 8.9 on 8.5.1.
Thank you

Hello,
I'm following these instructions. When I run su, i get "Permission Denied."
Any ideas? The steps before seem to run fine.
When i run the exploit, i see the follwing:
Device detected: KFJWI (IMM76D)
Attempt acdb exploit...
KFJWI (IMM76D) is not supported.
Attempt fj_hdcp exploit...
Attempt msm_cameraconfig exploit...
Detected kernel physical address at 0x80008000 form iomem
Attempt put_user exploit...
---------- Post added at 04:27 PM ---------- Previous post was at 03:48 PM ----------
I got it to work.
I enterd adb shell, then exploit again, without the rootme.sh argument.
Then su worked and I was able to get everything to run
Thanks for the instructions!