• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root First attempt at rooting

All these root programs do with the exception of unrevoked for HTC, they all just work for phones without NAND lock. The only other phone nearly as hard as the Indulge seemed to be the EVO. Which is what unrevoked is for.
 
Well like I said before, it can't work. Simply because the software has to be tailored to exactly what our phone has. It might turn on, but that's practically all it can do. Maybe volume up and down and power button if your lucky. That's why we need clockwork for this phone ; ;.
 
I did a little testing. Here is a fix for su not working

Gain root access thru rageagainstthecage binary
adb shell
mount -o rw,remount -t rfs /dev/block/stl10 /system
echo root:\$1\$uTLqFpvI\$7sqdAsiz7ID7/itfGxzZd.:0:0:root:/:/system/bin/sh > /etc/passwd
echo shell:x:2000:2000:shell:/:/system/bin/sh >> /etc/passwd
chmod 4755 /system/bin/busybox
rm /system/bin/su
ln -s /system/bin/busybox /system/bin/su
reboot

My phone shows /dev/block/stl10, your's may be diff. Use the mount command to find what is mounting to /system.

Wait for the phone to reboot, now, open a terminal (adb shell for instance) and do
su
The password is blank. I am not sure why the normal su does not work however busybox's simlink for su works.
 
Nice find. So with this did you gain Su with that? Like when you typed Su in terminal, did it actually not deny it?

Edit: Yeah mine shows dev/block/stl10.

Now that say you made the password blank, does that just allow Su automatically?
 
Correct, the original su fails to run properly. Busybox uses simlinks to determine functionality so simlinking it to the normal su command works. The alternative is to do "busybox su". Of course busybox requires a password file to exist hence creating 2 entries, the normal user logged in and the root user.
 
The su command still asks for a password using busybox's version. Busybox could be recompiled of course to avoid this. I don't have the environment at the moment but could set it up at work.
 
When I get home I'm definitely going to try this. Does this allow apps that require root to acquire super user permission?
 
I'd have to assume so but I just got my phone so I'm new to the rooting and what apps require. It should be possible to at least mark an app to run as a root user (chown a file to root then chmod 4755 to make it run as the uid that owns it) that would allow for it. Would appreciate someone that has done a bit more rooting to confirm or at least tell me a few things to test and i'll let you know :)
 
This is basically what we've been using, especially for Mikes bloatware removal.

C:\souproot\android-sdk-windows\tools>adb push c:\souproot\droidroot\rageagainst
thecage-arm5.bin /data/local/tmp
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
175 KB/s (5392 bytes in 0.030s)

C:\souproot\android-sdk-windows\tools>adb shell
cd /data/local/tmp
chmod 0755 rageagainstthecage-arm5.bin
./rageagainstthecage-arm5.bin
$ cd /data/local/tmp
chmod 0755 rageagainstthecage-arm5.bin
./rageagainstthecage-arm5.bin
$ $[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C
[*] checking NPROC limit ...
[+] RLIMIT_NPROC={2294, 2294}[*] Searching for adb ...
[+] Found adb as PID 2347[*] Spawning children. Dont type anything and wait for reset![*][*] If you like what we are doing you can send us PayPal money to[*] 7-4-3-C@web.de so we can compensate time, effort and HW costs.[*] If you are a company and feel like you profit from our work,[*] we also accept donations > 1000 USD![*][*] adb connection will be reset. restart adb server on desktop and re-login.
$
C:\souproot\android-sdk-windows\tools>adb devices
List of devices attached
R910e8d667be device


C:\souproot\android-sdk-windows\tools>adb shell
# mount -o remount,rw -t yaffs2 /dev/block/mtdblock4 /system
mount -o remount,rw -t yaffs2 /dev/block/mtdblock4 /system
# exit
exit

C:\souproot\android-sdk-windows\tools>adb push c:\souproot\droidroot\Superuser.a
pk /system/app
641 KB/s (196521 bytes in 0.299s)

C:\souproot\android-sdk-windows\tools>adb push c:\souproot\droidroot\su /system/
bin
493 KB/s (26264 bytes in 0.052s)

C:\souproot\android-sdk-windows\tools>adb push c:\souproot\droidroot\busybox /sy
stem/bin
1968 KB/s (1926944 bytes in 0.956s)

C:\souproot\android-sdk-windows\tools>adb shell
# chmod 4755 /system/bin/su
chmod 4755 /system/bin/su
# chmod 4755 /system/bin/busybox
chmod 4755 /system/bin/busybox
# mv /system/recovery-from-boot.p /system/recovery-from-boot.p.disabled
mv /system/recovery-from-boot.p /system/recovery-from-boot.p.disabled
failed on '/system/recovery-from-boot.p' - No such file or directory
# mount -o ro,remount -t yaffs2 /dev/block/mtdblock4 /system
mount -o ro,remount -t yaffs2 /dev/block/mtdblock4 /system
# rm /data/local/tmp/rageagainstthecage-arm5.bin
rm /data/local/tmp/rageagainstthecage-arm5.bin
# exit
exit

C:\souproot\android-sdk-windows\tools>echo Your Droid should now be rooted!! Pl
ease restart your Droid and close cmd.
Your Droid should now be rooted!! Please restart your Droid and close cmd.

C:\souproot\android-sdk-windows\tools>pause>nul


As you can see it does chmod 4755. So I'd be interested in altering this in order to obtain what you suggested.
 
The line for adb push of su would go away. Before the chmod 4755 of su would be the ln line. Sometime before the mount back to ro would be the echo lines to /etc/passwd.

The mounts need to be redone to be the proper dev and fs too.

As a side note, I have the SuperUser file in the /system/app folder although I don't see it show up in my menu. Unsure how to get it to show as being installed so I can attempt to run it.
 
Well if you have been able to sucessful install it, try using any cut app. Any cut brought up tons of hidden things for me including stuff like youtube settings lol.
 
Oddly enough, cut app won't show it although it is in the /system/app folder. The original soup or root exe put it there. I can't install it from the sdcard (install fails) so I'm unsure what else has to occur to "install".
 
Yeah that's what I was trying to point out I noticed. Compared to the regular commands most of the programs like Super one click, and other ADB apps, the Samsung Indulge has different folder styles.
 
Well i'm going to try this all at home for sure, and test it to the max. Just in class right now. Really I don't know much about adb, but I was raised around DOS. So I just need a list of commands.
 
I'm off to bed. I know my way around linux and have used busybox before. I just need to figure out what else changes during an app install so superuser shows up. See what I come up with.
 
Hmm, and of course i don't know the password lol. But i guess that's why you need to recompile busybox to not have a pass. If we gotta use some kind of loop hole to exploit su, i'm all down for it. I just really want to use root explorer and set cpu. Hate not being able to use those apps. Those are root only ;/
 
OK, so I made a leap of faith with ClockWorkMod kernel and got stuck at the CWM recovery (2.5.1.0) screen with volume up/down buttons not working. Dawned on me after like an hour of hitting my head against the wall. well, I tell ya... this was a f$ck me moment (or rather like 3 hrs)... got it out of the loop finally by pressing the red FN key on the keyboard. arrow keys didn't work. My kernel version is (still?) 2.6.32.9 but I now have the clockwork recovery mode. Just can't figure out the keys to pres-n-hold to put the phone into download and or recovery mode, since I had it done by the rooting software... any ideas? also what's going to be the keys instead of what used to be "volume up/down" to navigate through recovery/download modes? that was my biggest problem... finally, I figured the keys. they are as follows:
down = 9 or shift
up - w
select = 2 or x

for some reason I'm not seeing the contents of the SD Card. There's something called "internal SD Card" and then there's external one. Honestly, I don't understand what exactly I'm seeing when trying to apply a zip file from sd card but definitely not the contents of my card. Can't mount usb storage either, as my PC doesn't see that smth.'s "plugged into" the mass storage device (no disk in drive). Hell, we're making some progress, I'mna go crash for a couple of hrs before work :(
 

Attachments

  • IMAG0078.jpg
    IMAG0078.jpg
    827 KB · Views: 95
external would be the 4gig and the internal would be your 2gig inside the phone....the internal probably has your zip file
 
You must log in or register to reply here.
Back
Top Bottom