Hi
Have you an idea for root the Gen10 ?
YES it is possible
If you know ADB and the developper mode
see this method
http://www.arctablet.com/blog/featured/archos-101-xs-easy-root-method/
thanks globula_neagra
The tablet is OK - not slow
The result
http://forum.xda-developers.com/showpost.php?p=34888910&postcount=73
first the keys...
Hi cajl!
cajl said:
Have you an idea for root the Gen10 ?
Click to expand...
Click to collapse
Got no idea right now... but you may do us a favor to find the Gen10 keys and extract firmware files first.
Assuming you got a Gen10 device and MicroSD card inserted.
From your ADB console could you please type the following:
dd if=/dev/block/mmcblk0 of=/mnt/sdcard/first-64k.bin bs=512 count=128
Please post the resulting file here and i'll try to extract the keys for Gen10 and update the well known aos-tools.
You may have a look at this:
http://forum.xda-developers.com/showpost.php?p=32418976&postcount=20
I had a discussion there with trevd a few weeks ago :laugh:
Thanks a lot in advance!!!
Best regards,
scholbert
+1. I have just ordered it on Amazon (arriving late this week) but I see there is no dedicated session here in XDA for modding. Maybe it is early time... Hope to get possibility for root soon
scholbert said:
Hi cajl!
Got no idea right now... but you may do us a favor to find the Gen10 keys and extract firmware files first.
Assuming you got a Gen10 device and MicroSD card inserted.
From your ADB console could you please type the following:
dd if=/dev/block/mmcblk0 of=/mnt/sdcard/first-64k.bin bs=512 count=128
Please post the resulting file here and i'll try to extract the keys for Gen10 and update the well known aos-tools.
You may have a look at this:
http://forum.xda-developers.com/showpost.php?p=32418976&postcount=20
I had a discussion there with trevd a few weeks ago :laugh:
Thanks a lot in advance!!!
Best regards,
scholbert
Click to expand...
Click to collapse
Thanks but when i use this command , adb say : cannot open for read !
Hi cajl!
cajl said:
Thanks but when i use this command , adb say : cannot open for read !
Click to expand...
Click to collapse
Mmmmh... that's worse.
So they restricted the block devices for user access.
Guess we'll need a temporary root first.
We all used the 1 and 2 binaries for Gen9 without any research.
These had been developed by Paul O'Brien and AFAIK we have no further details about the procedure.
I guess he's using a bug in the kernel or similar to inject some code and get root permission.
See original thread again:
http://www.modaco.com/topic/347305-archos-80-g9-root-phase-1/
This would be the way for Gen10 then as well.
Did anyone try if it works for Gen10?
Might be little risky though, because we got no background of what the binaries do exactely.
Anyway if we got temporary root first we could read first blocks form eMMC.
Then it would be easier to examine the parts of bootcode and look for similarites with Gen9.
As a second step we would need a procedure to flash unofficial SDE to the device.
Would give us the same comfort as on the Gen9 then.
I'll do a little research about Paul's rooting method, maybe it could be used for Gen10 without any mod.
If anyone got some insights on this, feel free to post it here
Regards,
scholbert
i just use this Paul's method...
The adb Shell say "ROOT" !
and the DD command say
128 +0 records in
128+ 0 records out
65536 bytes transferred
how send the file
but with the root the tablet running slowly
it use the command "adb shell rm /data/local.prop" for delete the root !
...wow...cooool
Hey cajl,
seems that you were brave enough to try :victory:
Very cool!!!
cajl said:
The adb Shell say "ROOT" !
Click to expand...
Click to collapse
That's awesome.
So basically Paul's method works for the Gen10 as well.
cajl said:
and the DD command say
128 +0 records in
128+ 0 records out
65536 bytes transferred
how send the file
Click to expand...
Click to collapse
O.K., very nice!
So now you got a file first-64k.bin on your Micro-SD right?
Copy the file to your Host PC... by using adb or take out the card.
Zip that file and post it here.
I'll then try to extract the key.
If the key structure is similar to Gen9, then maybe tomorrow i'll try to tweak aos-tools to handle Gen10 files.
We could get some more insights then...
cajl said:
but with the root the tablet running slowly
Click to expand...
Click to collapse
O.K., so there's some side effect.
Should be hopefully gone after reboot...
Please report!
Good luck!
scholbert
the file i ok
after reboot the "slowly" is the same
i remove the root and it is ok
cajl said:
the file i ok
Click to expand...
Click to collapse
Thanks a lot... as i said, i'll start investigating this weekend.
My time is limited these days
EDIT:
Key section has the same structure as Gen9!
Let's go for Gen10
cajl said:
after reboot the "slowly" is the same
i remove the root and it is ok
Click to expand...
Click to collapse
Glad to hear that.
So there's some side effect. Remember the sound and restart issues on Gen9 wiht the root hack.
I guess it's similar here, but little different indeed
Cheers,
scholbert
scholbert said:
Thanks a lot... as i said, i'll start investigating this weekend.
My time is limited these days
scholbert
Click to expand...
Click to collapse
Thanks of all !
cajl said:
Thanks of all !
Click to expand...
Click to collapse
Appreciated...
Just built the keys header file. I'll publish them, if i got it verified with the tools.
Ready to get implemented to aos-tools. Maybe i'll try tonight.
As soon as we could extract the firmware files we might hover to the next step.
I guess we need someone to build custom SDE for Gen10.
EDIT:
Just a few words...
Maybe letama again is the right person to ask for this task.
AFAIK the 1st stage loader on Gen10 is quite similar to Gen9.
Assuming they also kept their security checks on the rawfs section equal to the Gen9 tablets, we're fine.
If not, it would be much harder to activate SDE menu for the Gen10.
In fact it's a little to early for speculations...
EDIT2:
O.K. i could not wait till tonight... so i just put it all together
http://forum.xda-developers.com/showpost.php?p=34492366&postcount=1
Regards,
scholbert
Hi Guys,
Having fun ?
Scholbert, your next step is to verify that sde menu still exists in recovery cpio.
If it does and it works like before, enabling it is only a matter of flashing a sde kernel. To do that, grab abcbox from firmware, extract zImage and cpio, then do on tablet:
abcbox kd_flasher -k my_zimage -i mycpio
It should enable sde menu.
Forgot one thing: kd_flasher should be launched as root... You need to temp root it, flash, remove temp root.
possible rooting method...
Hi cajl,
just extracted Gen10 firmware and had a look into the recovery.cpio.
The SDE menu is already included as we know it from the Gen9 already.
Though i don't know what letama did exactly within his custom SDE hack for Gen9, here's my theory:
1. extract Gen10 firmware with my latest aos-tool package
2. split init (stock kernel+initramfs.cpio.lzo)
3. extract initramfs.cpio.lzo and tweak it like we always do for having root access
4. build custom kernel with default config for Gen10 (alternatively use stock kernel)
5. use Paul's temporary root exploit (this might be still little dangerous. as being reported by cajl the tablet is getting slow, but it will give root)
6. umount rawfs partition
7. use kd_flasher to write custom kernel and tweaked initramfs.cpio.lzo (should create a file named custom inside rawfs partition)
8. remove temporary root
9. reboot (check if everything is still fine)
10. reboot again and hold down volume key (if there is one on Gen10)
11. check for SDE menu
Need some confirmation from the cracks here.
So letama, surdu, trevd join in if you like :angel:
EDIT:
Uuups, just saw that letama joined in while i wrote these sentences.
O.K. seems to be alright. Running out of time though...
I'll come back!
Regards,
scholbert
letama said:
Hi Guys,
Having fun ?
Scholbert, your next step is to verify that sde menu still exists in recovery cpio.
If it does and it works like before, enabling it is only a matter of flashing a sde kernel. To do that, grab abcbox from firmware, extract zImage and cpio, then do on tablet:
abcbox kd_flasher -k my_zimage -i mycpio
It should enable sde menu.
Forgot one thing: kd_flasher should be launched as root... You need to temp root it, flash, remove temp root.
Click to expand...
Click to collapse
OK Letama !
Thanks.
Need some confirmation from the cracks here.
So letama, surdu, trevd join in if you like :angel:
Click to expand...
Click to collapse
That's what I call simultaneous post!
Basically your method is ok. I'd do two steps to avoid doing too much work for nothing, first enable sde, you don't need to tweak cpio, any kernel +cpio would do the trick. After verifying that sde is indeed working, tweak cpio as usual...
Last, you don't have to umount rawfs, it's mounted read only afaik and kd_flasher is fine with it mounted.
letama said:
If it does and it works like before, enabling it is only a matter of flashing a sde kernel. To do that, grab abcbox from firmware, extract zImage and cpio, then do on tablet:
abcbox kd_flasher -k my_zimage -i mycpio
It should enable sde menu.
Forgot one thing: kd_flasher should be launched as root... You need to temp root it, flash, remove temp root.
Click to expand...
Click to collapse
O.k. just grabbed the files from latest firmware.
Without any warranty though.
Took the init file (kernel+initramfs), removed the header and searched for the begining of the initramfs.cpio.lzo by using a hex-editor.
Then splitted stock kernel and initramfs.
So in fact a little bit quick and dirty, but should be o.k.
use abcbox kd_flasher -k zImage -i initramfs.cpio.lzo
It's up to you if you want to try. I take no responsibility for bricks at this early point...
In fact we got it merely together. Please developers confirm, that the files are intact.
I'm definitely on my way now... see ya tomorrow :fingers-crossed:
NOTE:
These files will not root your device but should enable SDE recovery menu on Gen10.
Use at your own risk!
Good luck!
scholbert
How use this ?
abcbox kd_flasher -k zImage -i initramfs.cpio.lzo
i working on w7 64bits
cajl said:
How use this ?
abcbox kd_flasher -k zImage -i initramfs.cpio.lzo
i working on w7 64bits
Click to expand...
Click to collapse
If adb is enabled and working, do this:
1) unzip all the files in the directory where adb is
2) do this:
adb push zImage /data/local/tmp
adb push initramfs.cpio.lzo /data/local/tmp
adb push abcbox /data/local/tmp
adb shell chmod 755 /data/local/tmp/abcbox
adb shell /data/local/tmp/abcbox kd_flasher -k /data/local/tmp/zImage -i /data/local/tmp/initramfs.cpio.lzo
If last command goes well, you should have sde enabled, check in recovery if menu is there...
---------- Post added at 10:13 AM ---------- Previous post was at 10:05 AM ----------
scholbert said:
Took the init file (kernel+initramfs), removed the header and searched for the begining of the initramfs.cpio.lzo by using a hex-editor.
Click to expand...
Click to collapse
Hi Scholbert,
I have a tool that unpack properly kernels if you are interested:
http://pastebin.com/Yp5RXm2S
It's using libaos.h structure definition... you can forget about the unpack-unknown part, it's unused part of the file.
Generating KD
Updating KD (5638560 bytes)
Related
Ok so the ubuntu install now works on slide credit goes to eratosthene he updated all the files to make it work all other credit goes to the dev’s listed on the links provided. FYI this was tested on eugenes latest froyo rom.
1. Go to http://nexusonehacks.net/nexus-one-hacks/how-to-install-ubuntu-on-your-nexus-oneandroid/ download the ubuntu.zip file .
2. Unzip to a location on your pc to a folder named ubuntu.
3. Download the ubuntu-slide-v2 from here.
4. Unzip the ubuntu-slide-v2 to the same folder you used in step 2.
5. Create a ubuntu folder on the root of your sdcard .
6. Connect your Slide to the pc verify debugging enabled and storage disabled.
7. Adb push the files in the ubuntu folder to the /sdcard/ubuntu.
8. Then adb shell.
9. cd /sdcard then sh ubuntu.sh
Note: At this point, the scripts are now located in /data/local/bin and the mount point is /data/local/mnt
10. sh /data/local/bin/bootubuntu
11. you should now see [email protected]:/#
Note : install completed only do the following if you want to access ubuntu from android vnc app.
12. apt-get update
13. apt-get install tightvncserver
14. export USER=root
15. vncserver -geometry 480x320
16. • Run the android-vnc-viewer app and specify localhost port 5901 .
UPDATE: This is not working on CM 6 , I'm not sure why please help if you know .
That would be sooooo coool
Sent From My HTC Espresso Running Froyo Thanks to eugene373
Tried it but the install fails , may be the script or may be rights to edit the files im not that good with linux yet so im not sure .
Ok thanks, any help would be apriciated . If we can get a procedure that works ill write up a step by step for everyone and maybe make a video how to also.
Just guessing but it's probably because we don't have rw access to /system.
Until we get an unlocked bootloader it ain't happenin...
I could be completely way off though
I think you are right , if i rember most the errors where do to access issue's with files in the system folder. If it is the bootloader what would need to be done to " unlock " it ?
bled82 said:
I think you are right , if i rember most the errors where do to access issue's with files in the system folder. If it is the bootloader what would need to be done to " unlock " it ?
Click to expand...
Click to collapse
An OTA update would unlock it.
So once we get the froyo ota we should be able to follow the same process as the nexus one then ?
i would say "unlikely," i dont see how an ota would unlock the bootloader in any fashion. but i guess he might have been referencing the possibility of someone using the new ota to create an unlocked bootloader. the whole "how could the bootloader be unlocked," question bothers me, i never seem to get a straight answer
aceraider4 said:
i would say "unlikely," i dont see how an ota would unlock the bootloader in any fashion. but i guess he might have been referencing the possibility of someone using the new ota to create an unlocked bootloader. the whole "how could the bootloader be unlocked," question bothers me, i never seem to get a straight answer
Click to expand...
Click to collapse
Once there is an official OTA devs will be able to extract the keys needed to properly sign files I believe.
I thought the engineering build had an unlocked boot loader on it and once we flashed it that was that ?
Here's an updated zip for you guys. The process is generally the same as on the above-linked nexus one version, I just changed the scripts to move a few files to different places. You'll need to download ubuntu.zip from that post as well. Summary:
unzip ubuntu.zip somewhere
unzip ubuntu-slide.zip in the same place, replace all the files
make a directory called 'ubuntu' on your sdcard
adb push all the files in the zip to that directory
adb shell
cd /sdcard/ubuntu
sh ubuntu.sh
At this point, the scripts are now located in /data/local/bin and the mount point is /data/local/mnt
sh /data/local/bin/bootubuntu
You're now chrooted into the ubuntu install. Have fun.
Thanks going to try it now !!!
Does not work get attached error.
bled82 said:
Does not work get attached error.
Click to expand...
Click to collapse
I haven't tried this but based on your error, try this from the shell:
mkdir /data/local/bin
then run the ubuntu.sh again
falken98 said:
I haven't tried this but based on your error, try this from the shell:
mkdir /data/local/bin
then run the ubuntu.sh again
Click to expand...
Click to collapse
I did cd /data/local then ls and bin is listed , ran mkdir /data/local/bin failed file exists . i cant cd /data/local/bin get error cant cd to /data/local/bin
bled82 said:
I did cd /data/local then ls and bin is listed , ran mkdir /data/local/bin failed file exists . i cant cd /data/local/bin get error cant cd to /data/local/bin
Click to expand...
Click to collapse
This is some other script messed up when bin wasn't there and ended up creating a file called bin instead of it being a directory.
rm /data/local/bin
mkdir /data/local/bin
falken98 said:
This is some other script messed up when bin wasn't there and ended up creating a file called bin instead of it being a directory.
rm /data/local/bin
mkdir /data/local/bin
Click to expand...
Click to collapse
Ok getting closer , Thank you very much . Now when i ran sh .data/local/bin/bootubuntu i get error attached .
bled82 said:
Ok getting closer , Thank you very much . Now when i ran sh .data/local/bin/bootubuntu i get error attached .
Click to expand...
Click to collapse
What rom are you using? It looks like you don't have the ext3 module built into your kernel. I set my scripts up to use ext3 (more reliable, I really don't care that it eats into the life of my sd card), but many roms only have ext2. You might try uncommenting the first line of bootubuntu, and changing the ext3 to ext2 on line 10.
eratosthene said:
What rom are you using? It looks like you don't have the ext3 module built into your kernel. I set my scripts up to use ext3 (more reliable, I really don't care that it eats into the life of my sd card), but many roms only have ext2. You might try uncommenting the first line of bootubuntu, and changing the ext3 to ext2 on line 10.
Click to expand...
Click to collapse
I am running froyo using Kanged CM6 newbuild.zip from eugene373 , http://forum.xda-developers.com/showthread.php?t=721515 .
This is it guys... HUGE props to bigrushdog (his kernel made this possible!), MADindustries and modplan!
Download the Motorola WiFi Xoom Root Zip file and unzip it. (MediaFire) - Contains Tiamat 1.3.1
You need the Moto Drivers - Read this thread to START you - http://forum.xda-developers.com/showthread.php?t=981578
You'll need fastboot - get it here http://developer.htc.com/adp.html
Make sure you have the latest SDK - adb and fastboot should be in /platform-tools - http://developer.android.com/sdk/index.html
Place the files in the SDK Tools folder.
If rebooting works... - This will wipe your phone by the way!!
adb reboot bootloader
fastboot oem unlock
adb reboot bootloader
If stuck at "Dual Core Technology"
Hold VolUp and power to restart Xoom
Hold VolDown will booting unit for fastboot mode
fastboot flash boot boot.img
fastboot reboot
adb shell
mkdir /data/media/sdcard2
exit
(physically put in microSD card if you are planning to use)
adb reboot
adb remount
adb push bcm4329.ko /system/lib/modules/bcm4329.ko
adb push cifs.ko /system/lib/modules/cifs.ko
adb push tun.ko /system/lib/modules/tun.ko
adb push scsi_wait_scan.ko /system/lib/modules/scsi_wait_scan.ko
adb push su /system/bin
adb shell ln -s /system/bin/su /system/xbin/su
adb shell chmod 4755 /system/bin/su
adb push Superuser.apk /system/app
adb push vold.fstab /system/etc/vold.fstab
adb reboot
adb shell
WE HAZ ROOT!!
Check out this video for basic Windows walkthrough from Buddhahb - http://www.youtube.com/watch?v=ZsVpY0PDwtQ
Check out this video for basic Mac walkthrough from sleeplessninjas - http://www.youtube.com/watch?v=zC6J-hV6SM4
Update: 3/27/2011 12:04pm CST Added cifs.ko, tun.ko, and scsi_wait_scan.ko
Update: 3/27/2011 12:22pm CST Added vold.fstab file for USB mounting & MegaUpload
Update: 4/13/2011 10:07am CST Updated to Tiamat's 1.3.1 kernel for SD card support & Gallery support.
awesome work guys!
Woooooooooooooooooooooooooot
fantastic work!!
\o/
can you try the cifs.ko module as well? i have a 3g version and am curious
Thanks Xaositek and HUGE props to MADindustries and modplan for coming up with a quick solution.
Is there a rip of the stock "boot.img" in case it doesn't work so that people who soft brick their xoom can return it back to stock? If so can that be posted in the OP's post? I know I am not the only paranoid one that would like to have the stock boot.img before attempting any rooting.
Also just for curiousity, can someone explain the differences between the wifi and wifi+3g boot.img versions and what they had to do to workaround this. Thanks.
We end up replacing the stock boot - We'll probably need to wait for Motorola to toss us a bone there
I just downloaded the "xoomwifiroot.zip" file and realized the files in the "xoomwifiroot.zip" are just tiamat's 1.1.6 files (boot.img and kernel modules) that can be found in tiamat's thread.
I was expecting the files to be something different that was close to the original root method by Koush where there is a "rootboot.img".
Maybe a better question for my understanding is this. Sorry if I am a noob.
Is Koush's file rootboot.img for the original xoom root only good for rooting the system while tiamat's boot.img file not only roots the system but also has code to overclock the xoom?
ericdabbs said:
I just downloaded the "xoomwifiroot.zip" file and realized the files in the "xoomwifiroot.zip" are just tiamat's 1.1.6 files (boot.img and kernel modules) that can be found in tiamat's thread.
Click to expand...
Click to collapse
It also has the su and Superuser.apk but essentially yes...
ericdabbs said:
Is Koush's file rootboot.img for the original xoom root only good for rooting the system while tiamat's boot.img file not only roots the system but also has code to overclock the xoom?
Click to expand...
Click to collapse
Koush's rootboot got us into this mess, Tiamat's boot.img got us out of it. It also allows the critical adb remount to allow the next steps.
Xaositek said:
It also has the su and Superuser.apk but essentially yes...
Koush's rootboot got us into this mess, Tiamat's boot.img got us out of it. It also allows the critical adb remount to allow the next steps.
Click to expand...
Click to collapse
Gotcha. Thanks for all your help.
ericdabbs said:
Gotcha. Thanks for all your help.
Click to expand...
Click to collapse
Grab the latest file from MegaUpload and add the additional modules
glad I could help get this working and glad that it fixed my bricked xoom! One thing that I would suggest is someone pull the stock ko files and save them, after moto releases the stock boot.img files I am sure that there will be some people that want to go back to the stock kernel which will then be as easy as flashing the stock boot.Img and then pushing the stock ko files back on.
Guess I'll run out and grab one now at Best Buy then. Thanks!
modplan said:
glad I could help get this working and glad that it fixed my bricked xoom! One thing that I would suggest is someone pull the stock ko files and save them, after moto releases the stock boot.img files I am sure that there will be some people that want to go back to the stock kernel which will then be as easy as flashing the stock boot.Img and then pushing the stock ko files back on.
Click to expand...
Click to collapse
Is there a way to extract the stock boot.img and wifi ko files before flashing it with tiamat's files? If so, what are the instructions so that people who haven't rooted it yet can give it a try. That way we can give back to the community.
ericdabbs said:
Is there a way to extract the stock boot.img and wifi ko files before flashing it with tiamat's files? If so, what are the instructions so that people who haven't rooted it yet can give it a try. That way we can give back to the community.
Click to expand...
Click to collapse
Pulling the boot image looks like it is rather difficult but pulling the ko files should be as simple as using the adb pull command instead of adb push. For example
Adb pull /system/lib/modules/something.ko c:/something.ko (put the right paths obviously the second path is just where you want to save it on your computer)
As an FYI. coolbho's ocboot.img does not work on the wi-fi version of the xoom yet. To prevent your headaches I have already flashed and it stays at boot screen. Tiamat's seems the only kernel that is working for wi-fi only
modplan said:
Pulling the boot image looks like it is rather difficult but pulling the ko files should be as simple as using the adb pull command instead of adb push. For example
Adb pull /system/lib/modules/something.ko c:/something.ko (put the right paths obviously the second path is just where you want to save it on your computer)
Click to expand...
Click to collapse
Got it. When I get my wifi xoom, I'll give this a shot.
d3coy3d said:
As an FYI. coolbho's ocboot.img does not work on the wi-fi version of the xoom yet. To prevent your headaches I have already flashed and it stays at boot screen. Tiamat's seems the only kernel that is working for wi-fi only
Click to expand...
Click to collapse
Tiamat's kernel allows for the 1.5ghz OC
When i command to push the first file, I get all the info on android debug.
chaz03 said:
When i command to push the first file, I get all the info on android debug.
Click to expand...
Click to collapse
Revisit the instructions now - you can just copy and paste them all now
Hi, today i've buy this "awesome" device.
i'm very disappointed for phone calls, beacuse i want to use it like a phone.
I haven't found any way to root this device.
So, i'm very newbie to make this possible because i don't know any programming languages, and i looking for a developer to help me and all A101 users to get root.
Please HELP!!!
Hello, if you want to use your tablet like a phone, download Google voice and groove ip. And the Acer a100 does have a devlopement section and there is a thread on how to root your tablet. Good luck---timothy
Sent from my A100 using Tapatalk
as of right now I don't believe there is a way to root your device the A101 to be exact.
Opps...I just now saw in the title that the op had an A101...sorry for the wrong information...
Sent from my A100 using Tapatalk
Tablets are not phones and can NOT make regular phone calls over the cell network. The SIM is for data connections only.
The best you can do is an IP phone call with app's like Skype.
I'm very sad to read this....
There is no way to see my A101 rooted?
I've follow the guide for root the A100 but problem is when script try to copy the "su" file in /system/xbin.
"su" don't copy for unknown reason.
Currently, no. No known rooting method exists.
Did you activate the USB debbuging on your tablet?
You might also need ADB to be able to do something with it.
Rooting method for Acer Iconia A101 (Russian language).
Code:
4pda.ru/forum/index.php?s=&showtopic=272402&view=findpost&p=11229134
Sorry, i can't translate this in English. My english is bad. Please, help me to translate my instruction and to place at this forum. Thanks.
ZeroNull said:
Rooting method for Acer Iconia A101 (Russian language).
Code:
//4pda.ru/forum/index.php?s=&showtopic=272402&view=findpost&p=11229134//
Sorry, i can't translate this in English. My english is bad.
Click to expand...
Click to collapse
Here it is, How to root the a101. This does work for the a100 also.
from adb or a terminal
Code:
/system/bin/cmdclient ec_micswitch '`echo ro.kernel.qemu=1 > /data/local.prop`'
Reboot adb shell to the a101 and you should have temp root.
su will have to pushed to /system/xbin and SuperUser.apk installed from the market.
That prop seems to stop haptic feedback, on the russian site it also mentions bluetooth also not working.
So remove local.prop after
Code:
rm /data/local.prop
[edit] Sorry, I guess this does not work on the a101 unless an a100 firmware is flashed.
eww245 said:
Here it is, How to root the a101. This does work for the a100 also.
from adb or a terminal
Code:
/system/bin/cmdclient ec_micswitch '`echo ro.kernel.qemu=1 > /data/local.prop`'
Reboot then adb shell to the a101 and you have temp root
Click to expand...
Click to collapse
eww245 said:
[edit] Sorry, I guess this does not work on the a101 unless an a100 firmware is flashed.
Click to expand...
Click to collapse
This is work in A101, if flashing A101 firmware from A100, execute command
Code:
/system/bin/cmdclient ec_micswitch '`echo 'ro.kernel.qemu=1' > /data/local.prop`'
and then flashing firmware A101 back. Then use adb for get root access.
ZeroNull said:
Rooting method for Acer Iconia A101 (Russian language).
Code:
//4pda.ru/forum/index.php?s=&showtopic=272402&view=findpost&p=11229134//
Sorry, i can't translate this in English. My english is bad. Please, help me to translate my instruction and to place at this forum. Thanks.
Click to expand...
Click to collapse
I was sent this link last night in a pm but I haven't been able to try it yet because there's a download in the original thread that seems to be needed and the link to it doesn't work for me. Can someone post that file up here please?
FloatingFatMan said:
I was sent this link last night in a pm but I haven't been able to try it yet because there's a download in the original thread that seems to be needed and the link to it doesn't work for me. Can someone post that file up here please?
Click to expand...
Click to collapse
No one? OK, can someone else please try downloading the A10x_rooting.zip file supposedly found at the following address? It doesn't work for me...
http://4pda.ru/forum/dl/post/1448282/A10x_rooting.zip
This is very interesting it looks it should work. In fact it looks like this little exploit it getting root on ICS(but nost latest version). a quick search revealed the following.
#This will determin if android is running inside an emulator
if ("1".equals(SystemProperties.get("ro.kernel.qemu")) {
// Emulator
}
/data/local.prop is loaded at boot and can set various system parameters.
Some vendor implementations have system parameters that allow root access - so being able to create /data/local.prop allows any user to set those system parameters. It would be more secure if the vendor created an empty /data/local.prop file with access permissions that would only allow write access to root.
So my guess is somehow redirecting the output from ro.kernel.qemu to the local.prop tricks android into granting superuser. Very cool. Too bad it looks like they patched the latest ICS
Were you able to download that file, then? If so, could you please post it up here? I can't get it at all, just get told the file doesn't exist...
Content file
This is file content next:
adb.exe
AdbWinApi.dll
AdbWinUsbApi.dll
fastboot.exe
su
It tools adb for windows and su file for rooting android arm cpu device.
Plan get "root" for Acer ICONIA TAB A101
Plan get "root" for Acer ICONIA TAB A101
1. Flash firmware A100
2. Touch file "/data/local.prop" and put variable "ro.kernel.qemu=1":
Code:
/system/bin/cmdclient ec_micswitch '`echo 'ro.kernel.qemu=1' > /data/local.prop`'
3. Flash firmware A101
4. Execute "adb tools" for Windows with this command:
Code:
adb remount
adb push su /system/xbin/
adb shell "chmod 06755 /system/xbin/su"
5. Off variable "ro.kernel.qemu=1":
Code:
adb shell "echo '#' >/data/local.prop"
6. Install app
BusyBox
SuperUser APK
Titanium Backup
7. Reboot device
This is work. It is checked up time and again.
Great, thanks! I'll try it later today and presuming I read your instructions correctly, will post up a more native English version of them afterwards, if that's OK with you?
Ok
It would be very good! Thank you!
Root confirmed, awesome! Thanks ZeroNull, you are da MAN!
I want to go a step further and update my A101 to the latest leaked ROM and see if I keep root before I post a more native English set of instructions, but for anyone who wants to try it now, it works!
[HOW-TO] [GSM & CDMA] Root without Unlocking Bootloader via exploit (for 4.0.1/4.0.2)
Edit: This does not works on anything newer than ICL53F (i.e., 4.0.2). It works fine on ITL41D (4.0.1), ITL41F (4.0.1) and ICL53F (4.0.2)
Once you have got root, you can now use segv11's BootUnlocker app to unlock your bootloader without wiping anything. Easy as pie!
Disclaimer: I take no credit for this exploit or the implementation of it (but I will take credit for the step-by step ). Thanks to kendong2 for pointing it out to me here.
So, it looks like zx2c4 has found a local privilege escalation exploit. See source here, and saurik has managed to package it together for Android. See here. Although this may be old news to some, I hadn't seen it before.
So what does this all mean:
If you are running a 2.6.39 kernel (or above), which all Galaxy Nexus' are, you can now root your device without having to unlock your bootloader (and without losing your data).
Moreover, you should now be able to root your device even if your hardware buttons are not working.
Additionally, this allows those who have not received an OTA update and want to apply it without having an unlocked bootloader or root to do so by copying the OTA update to /cache from /sdcard.
Notes:
1) This assumes that you have USB Debugging enable on your device (Settings > Developer Options > Enable USB Debugging) and the drivers for your device installed on your computer. For the drivers, I would recommend you remove all old drivers and install these. If you don't know how to install them, or are having issues, look here.
2) This needs to be done over ADB, as a terminal emulator on-device does not have the appropriate access. If you do not have ADB, I've attached it in the zip. Unzip all files.
3) Some users indicate that, once finished the procedure, they needed to open the Superuser app.
Step-by-step:
1) Download the attached files to your computer and unzip them in the same directory as your adb.exe file;
2) Open a command prompt in the same directory;
3) Copy the files to your device:
adb push mempodroid /data/local/tmp/mempodroid
adb push su /data/local/tmp/su
adb push Superuser.apk /data/local/tmp/Superuser.apk
4) Open a shell: adb shell
5) Change permission on mempodroid to allow it to run: chmod 777 /data/local/tmp/mempodroid
6) Run the exploit: ./data/local/tmp/mempodroid 0xd7f4 0xad4b sh
Note: Once you do step 6, your prompt should change from $ to #. If not, it did not work.
7) Mount the system partition as rw: mount -o remount,rw -t ext4 /dev/block/mmcblk0p1 /system
8) Copy su to /system: cat /data/local/tmp/su > /system/bin/su
9) Change permissions on su: chmod 06755 /system/bin/su
10) Copy Superuser.apk: cat /data/local/tmp/Superuser.apk > /system/app/Superuser.apk
11) Change permissions on Superuser.apk: chmod 0644 /system/app/Superuser.apk
12) Mount the system partition as r/o: mount -o remount,ro -t ext4 /dev/block/mmcblk0p1 /system
13) Rescind root: exit
14) Exit the ADB shell: exit
15) Done. You now should have root without having to unlock your bootloader.
Reserved
Reserved
This is the same as https://github.com/saurik/mempodroid
saurik ftw.
times_infinity said:
This is the same as https://github.com/saurik/mempodroid
saurik ftw.
Click to expand...
Click to collapse
Not sure what you are getting at? I mentioned saurik in the first post, and the link you posted is in the first post. And I mentioned that this may be old news, but I haven't seen it anywhere before today in the GN forums.
Yikes! This exploit works on any kernel from 2.6.39 and >. This could become a common root method for many devices. Linus Torvalds himself posted the fix commit! Nice work by zx2c4!
Sleuth255 said:
Yikes! This exploit works on any kernel from 2.6.39 and >. This could become a common root method for many devices. Linus Torvalds himself posted the fix commit! Nice work by zx2c4!
Click to expand...
Click to collapse
You need ics to have a vulnerable kernel version, so given the number of devices which currently have ics officially, I doubt it will be common. I'd also expect Google and vendors to correct this in next release.
Also many custom kernels don't have this flaw as they are at or over 3.0.18 or have patched it. This prevents gaining unnoticed root.
Sent from my Galaxy Nexus
Hmmm I thought 2.6.39 was found in GB builds. This exploit is almost a root fix for the Moto DX 4.5.621 fiasco. Unfortunately the kernel for that build is 2.6.32.9.
Sent from my Galaxy Nexus using xda premium
This was huge in the headlines a few weeks back. It's nice to see someone putting it to a good use!
Sent from my Galaxy Nexus using xda premium
Hi, been lurking awhile, registered to clear up somethings.
I did some research while attempting to access the /data/local/ -folder with terminal emulator and I found that it would be impossible to write or to find it while being unrooted. Rooting a phone through using an unrooted access root seems impossible.
Did I miss something or is there any other way to copy mempodroid to the data- folder? I sure would like to keep all my files.
Huxleysäl said:
Hi, been lurking awhile, registered to clear up somethings.
I did some research while attempting to access the /data/local/ -folder with terminal emulator and I found that it would be impossible to write or to find it while being unrooted. Rooting a phone through using an unrooted access root seems impossible.
Did I miss something or is there any other way to copy mempodroid to the data- folder? I sure would like to keep all my files.
Click to expand...
Click to collapse
I think you are mistaken. In a terminal emulator type: cd /data/local/tmp
Edit: Fixed a mistake made by auto correct...
Sent from my Galaxy Nexus using Tapatalk
efrant said:
I think you are mistaken. In a terminal emulator type: cd /data/local/temp
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
Just did. It says "No such file or directory."
Not the best source, but if you google it, people state what I state. Sorry, can't post links
try /data/local/tmp
Huxleysäl said:
Just did. It says "No such file or directory."
Not the best source, but if you google it, people state what I state. Sorry, can't post links
Click to expand...
Click to collapse
Sorry, damn auto correct. It should be: cd /data/local/tmp
Not "temp".
It works fine.
Edit: Sleuth255 beat me to it!
Sent from my Galaxy Nexus using Tapatalk
efrant said:
Sorry, damn auto correct. It should be: cd /data/local/tmp
Not "temp".
It works fine.
Edit: Sleuth255 beat me to it!
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
Sure, OK, it worked. But as I'm trying to replicate his instructions, copying mempodroid to data/local/tmp doesn't compute. I tried extracting the files, puting mempodroid in a new folder in ./sdcard/ (which I named Nex), and it still couldn't find it.
Wait, just had an idea. Brb
Huxleysäl said:
Sure, OK, it worked. But as I'm trying to replicate his instructions, copying mempodroid to data/local/tmp doesn't compute. I tried extracting the files, puting mempodroid in a new folder in ./sdcard/ (which I named Nex), and it still couldn't find it.
Wait, just had an idea. Brb
Click to expand...
Click to collapse
Hmm. Looks like you may be correct. In GB, we had write access to that directory, but it looks like we don't in ICS. I'll have another look tomorrow and try to figure something out.
Sent from my Galaxy Nexus using Tapatalk
OK, this is exactly what I did:
I downloaded the files, extracted them into the ./sdcard folder of my android. I opened the console, wrote exactly as stated. Reaction? Cannot create /data/local/tmp/mempodroid: Permission denied
So, what I'm thinking is this: I tried the cd ./sdcard/mempodroid, found it. So, logically, that should mean that since the permission is dennied, the problem lies not in where I put the mempodroid, but with my authority over my phone. So, here we are again. Could anybody smarter then me clarify?
efrant said:
Hmm. Looks like you may be correct. In GB, we had write access to that directory, but it looks like we don't in ICS. I'll have another look tomorrow and try to figure something out.
Sent from my Galaxy Nexus using Tapatalk
Click to expand...
Click to collapse
****, I was hoping I was wrong. I originally thought that the exploit was this. But alas.
Try finding an alternative write route to the /data/local/- folder. That should solve all problems, I guess. Big words, ey? This is for the simpletons like me, who stupidly forgot to bootload.
Might want to expand on the steps.
Like what program to use to copy the file.
How do you change permission.
How do you run the exploit.
How to mount rw.
How to copy su.
convolution said:
Might want to expand on the steps.
Like what program to use to copy the file.
How do you change permission.
How do you run the exploit.
How to mount rw.
How to copy su.
Click to expand...
Click to collapse
I hade my initial problems with that too. But as if this moment it doesn't really matter. Read above posts. Anyhow, to answer your question: you need to download a console emulator
Just search for it in the market. Also the commands go in this console
For example: cat /directory/filename > /newdirectory/samefilename means to copy or move from one place. To change permission you just write that line of code ending with 777 instead of cat and then the filename etc and etc.
I didn't know any of this 'till yesterday, so it is quite understandable.
cheers
Huxleysäl said:
F***, I was hoping I was wrong. I originally thought that the exploit was this. But alas.
Try finding an alternative write route to the /data/local/- folder. That should solve all problems, I guess. Big words, ey? This is for the simpletons like me, who stupidly forgot to bootload.
Click to expand...
Click to collapse
I've updated the first post. Give that a go and let me know how it turns out. (The guide may need some minor tweaking, but I am here to help you through it.)
It seems that ADB has rw access to /data/local/tmp but a terminal emulator on-device does not. So for now, you need to be plugged into your computer.
It may be possible to do this with ADB-over-Wi-Fi, but I haven't gotten there yet.
Hello everyone!
Here's another release thread for y'all!
What is this?
This is a flashable TWRP recovery for the Optimus G Pro.
Special thanks to @djrbliss
You can safely flash this to your phone's recovery and enjoy modding bliss!
How do I use this, and where do I get it?
Good question!
There are two ways to use the files provided here.
To Flash to Recovery:
I've created an easy installer for all you Windows folks!
Download this: http://downloads.codefi.re/thecubed/lgoptimusg_pro/gkatt/recovery/e98010g/easy-twrp-e98010g.zip
Extract it to somewhere on your computer.
Enable USB debugging on your phone, if you need the drivers I've included them in the "files/drivers" folder in the zip
Run the 'install.bat' script.
Check for any errors, if it was successful, you can 'adb reboot recovery' or use an app on your phone to get you into TWRP now!
Profit! (and realize that this was pretty easy!)
(thanks to hkfriends for pointing out the errors in my script!)
OR..
Download this file to somewhere on your computer https://github.com/djrbliss/loki/raw/master/bin/loki_flash
Download this file http://downloads.codefi.re/thecubed/lgoptimusg_pro/gkatt/recovery/e98010g/gkatt-twrp-e98010g.lok
Run the following:
Code:
adb push loki_flash /data/local/tmp
adb push gkatt-twrp-e98010g.lok /data/local/tmp
abd shell
su
cd /data/local/tmp
chmod 755 loki_flash
./loki_flash recovery gkatt-twrp-e98010g.lok
To boot
Download this file: http://downloads.codefi.re/thecubed/lgoptimusg_pro/gkatt/recovery/e98010g/gkatt-twrp-e98010g.img
Use fastboot boot to boot it
DO NOT FLASH THE .IMG FILE TO YOUR PHONE. It is only meant for fastboot booting.
Where can I find the source you used to build this?
All on my github!
http://github.com/thecubed/
Or, follow my guide here:
http://forum.xda-developers.com/showthread.php?p=43514195
What can I do with this?
Right now, the possibilities are unlimited. Once a security-lax boot.img is released, we can flash that through recovery and let the modding commence.
Please remember though, modding /system with the stock boot.img will result in a security error!
What works, and what doesnt?
I have not tested external SD cards, since I don't have one with me at work.
I have also not tested backups or restores in TWRP yet.
Can you show me a video?
Why yes I can!
As usual, please pardon the crappy camera work.
I <3 you so much, how do I show my love?
You are so kind
I most definitely do not expect donations of any kind, however they are appreciated a lot.
I purchased this phone off-contract just to get it unlocked, if you are a kind soul and would like to send me a token of your appreciation I would love you forever.
XDA has a neat "Donate to me" button that should be on the left side of this page under my name. Donations go to purchasing new hardware to work on and other neat stuff, so they're always appreciated.
Special Thanks!
In no particular order, special thanks to all of you guys!
djrbliss
hkfriends
synergy
Shelnutt2
DeamonFish
If I forgot anyone, let me know and I'll add you here!
Alright guys! Let me know if you find any bugs!
This is killer, I love twrp. So this will just over flash the cwm currently added earlier of course correct? Awesome work m8:thumbup:
EDIT: Not sure why but the Loki flash file downloads as a. Txt file for me
Sent from my LG-E980 using Tapatalk 2
maybe i am doing something wrong, but when i get into twrp the touch does not work
Very nice work there
testing back up and restore now
rbf351 said:
maybe i am doing something wrong, but when i get into twrp the touch does not work
Click to expand...
Click to collapse
Touch doesn't work? You have the ATT version, right?
That'd be very strange if it didn't work because of something in my kernel... it's pretty much just stock...
sorry for the "newbie" question...but the file to download are getting to the phone right?
thecubed said:
Touch doesn't work? You have the ATT version, right?
That'd be very strange if it didn't work because of something in my kernel... it's pretty much just stock...
Click to expand...
Click to collapse
yup, AT&T version, but it happens when i type in adb reboot recovery
Everything works so far tried backing up restore flashing and external sd... very nice work I will keep playing to see if i find any bugs
rbf351 said:
yup, AT&T version, but it happens when i type in adb reboot recovery
Click to expand...
Click to collapse
That's weird... I've been testing with that exact command and it's not doing it.
Can you possibly pull the kernel logs and pastebin them?
Do this while you're booted in recovery:
Code:
adb shell
dmesg > /sdcard/twrp_kmsg.txt
[press ctrl-c after a few seconds]
adb pull /sdcard/twrp_kmsg.txt
Thanks!
thecubed said:
That's weird... I've been testing with that exact command and it's not doing it.
Can you possibly pull the kernel logs and pastebin them?
Do this while you're booted in recovery:
Code:
adb shell
dmesg > /sdcard/twrp_kmsg.txt
[press ctrl-c after a few seconds]
adb pull /sdcard/twrp_kmsg.txt
Thanks!
Click to expand...
Click to collapse
won't all me to do it, i get the following error
C:\Program Files (x86)\Minimal ADB and Fastboot>adb shell
error: device not found
rbf351 said:
won't all me to do it, i get the following error
C:\Program Files (x86)\Minimal ADB and Fastboot>adb shell
error: device not found
Click to expand...
Click to collapse
Can you check to ensure that you have the ADB driver installed for your system? It is possible that your desktop hasn't installed the ADB interface while the phone is in recovery mode.
Start -> devmgmt.msc [enter]
Look to see if you have any unknown devices or "Android Phone" entries with no driver installed. That should do the trick.
thecubed said:
Can you check to ensure that you have the ADB driver installed for your system? It is possible that your desktop hasn't installed the ADB interface while the phone is in recovery mode.
Start -> devmgmt.msc [enter]
Look to see if you have any unknown devices or "Android Phone" entries with no driver installed. That should do the trick.
Click to expand...
Click to collapse
i have the following
ADB Interface
Android Sooner Single ADB Interface
edit, that wasn't while i was in recovery mode
in recovery mode i have
other devices
LG-E980 with an exclamation
I was able to flash and get into recovery without any issues. Excellent work! Thecubed and djrbliss, you guys are awesome!
here is the pastebin
http://pastebin.com/XPYi0v44
rbf351 said:
here is the pastebin
http://pastebin.com/XPYi0v44
Click to expand...
Click to collapse
Here's an interesting question... if you flash CWM instead, and press the softkeys at the bottom of the phone (the normal back and menu buttons) does anything happen? It looks like your touchscreen is being brought up successfully (despite the "[ 8.270257 / 03-05 11:00:29.766] Reflash Completed. Please reboot." line)
If softkeys work in CWM, then it means that something in TWRP isn't registering your touchscreen right. I'll look into that, should be fairly straightforward.
If softkeys don't work in CWM... that means something more strange. That means my kernel (or the boot commands I'm using) aren't compatible with your phone... which is indeed possible, since there are many revisions of each phone. (I hope this isn't the case!)
thecubed said:
Here's an interesting question... if you flash CWM instead, and press the softkeys at the bottom of the phone (the normal back and menu buttons) does anything happen? It looks like your touchscreen is being brought up successfully (despite the "[ 8.270257 / 03-05 11:00:29.766] Reflash Completed. Please reboot." line)
If softkeys work in CWM, then it means that something in TWRP isn't registering your touchscreen right. I'll look into that, should be fairly straightforward.
If softkeys don't work in CWM... that means something more strange. That means my kernel (or the boot commands I'm using) aren't compatible with your phone... which is indeed possible, since there are many revisions of each phone. (I hope this isn't the case!)
Click to expand...
Click to collapse
CWM works perfectly, i can navigate through all the menus using the softkeys
TWRP working perfectly here for me also! thank you for this! :good:
verry nice work........would be nice to have a kind od "how to" when thing get all set.....:good:
Uhmm there is a how to..
Sent from my LG-E980 using xda premium
Gotroot said:
Uhmm there is a how to..
Sent from my LG-E980 using xda premium
Click to expand...
Click to collapse
yeah ...but i have all the file....does i have to put the phone in download mode??