rooting
Differences
This shows you the differences between two versions of the page.
| rooting [2011/07/28 00:38] – created gilles | rooting [2011/08/11 18:49] (current) – removed ggrandou | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | Rooting | ||
| - | Gaining superuser (root) access on the Toshiba AC100. | ||
| - | |||
| - | Rooting an Android device usually means to gain the ability to run applications that require superuser (root) access. | ||
| - | |||
| - | VERY IMPORTANT NOTICE! | ||
| - | It seems that the Toshiba factory reset option does not truly reflash back to the original ROM on the device. In this tutorial, we will be making the /system partition writeable, and the factory reset does not amend this partition. Therefore, any changes you make to /system will persist even after a factory reset. If you do something silly in /system you could potentially get your device into a state where it no longer boots. | ||
| - | |||
| - | If you intent to follow this tutorial, I take no responsibility for any damage you may do to your device and its configuration, | ||
| - | |||
| - | I take no credit for any of this as I simply tried out various techniques that have been employed on other Android devices until I found one that worked (you can find the original tutorial here). | ||
| - | |||
| - | The first step is set setup and install ADB on the device, by downloading and installing the Android SDK from here. You can find further information in our ADB Setup section. You also need to enable "USB debugging" | ||
| - | |||
| - | You now need to download two items: | ||
| - | |||
| - | rageagainstthecage-arm.bin (from Joey Krim's website here - note that you only need the rageagainstthecage-arm.bin binary, none of the others are required) | ||
| - | Superuser.apk (from ChainsDD' | ||
| - | |||
| - | Extract the contents of the update.zip to a directory, and copy the files Superuser.apk and su from their respective subdirectories into whatever location you downloaded rageagainstthecage-arm.bin. | ||
| - | |||
| - | The next step is to push the rageagainstthecage-arm.bin file to your device. | ||
| - | |||
| - | Note in the following, [HOST], [AC100 $ prompt], [AC100 # prompt] indicates the sort of shell/ | ||
| - | |||
| - | From your host command prompt: | ||
| - | |||
| - | [HOST] adb push rageagainstthecage-arm5.bin / | ||
| - | |||
| - | This should copy rageagainstthecage-arm5.bin to / | ||
| - | |||
| - | Now to run the binary on the device, enter from the command prompt: | ||
| - | |||
| - | [HOST] adb shell | ||
| - | |||
| - | You should connect to the AC100 and get a $ prompt: | ||
| - | |||
| - | [AC100 $ prompt] chmod 755 / | ||
| - | [AC100 $ prompt] cd / | ||
| - | [AC100 $ prompt] ./ | ||
| - | |||
| - | You should get a message similar to this: | ||
| - | |||
| - | [*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C [*] checking NPROC limit ... | ||
| - | [+] RLIMIT_NPROC={3584, | ||
| - | [*] Searching for adb ... | ||
| - | [+] Found adb as PID 777 | ||
| - | [*] Spawning children. Dont type anything and wait for reset! | ||
| - | [*] | ||
| - | [*] If you like what we are doing you can send us PayPal money to | ||
| - | [*] 7-4-3-C@web.de so we can compensate time, effort and HW costs. | ||
| - | [*] If you are a company and feel like you profit from our work, | ||
| - | [*] we also accept donations > 1000 USD! | ||
| - | [*] | ||
| - | [*] adb connection will be reset. restart adb server on desktop and re-login. | ||
| - | |||
| - | Your ADB connection will drop. After a few seconds, your AC100 should chirp to indicated that USB debugging has been connected again. If you run "adb shell" again, you should now get a # prompt indicating you have superuser access. If you do not, follow these instructions again from your $ prompt until you do: | ||
| - | |||
| - | [AC100 $ prompt] cd / | ||
| - | [AC100 $ prompt] ./ | ||
| - | |||
| - | |||
| - | IMPORTANT: This exploit does not survive a device reboot! | ||
| - | |||
| - | |||
| - | Assuming you at a # prompt, the next step is to remount /system as r/w, with the following command: | ||
| - | |||
| - | [AC100 # prompt] mount -o rw,remount -t ext3 / | ||
| - | |||
| - | You should now exit the ADB shell, and enter the following commands from your host command prompt: | ||
| - | |||
| - | [HOST] adb push su /system/bin | ||
| - | [HOST] adb shell | ||
| - | |||
| - | [AC100 # prompt] chmod 6755 / | ||
| - | [AC100 # prompt] ln -s / | ||
| - | |||
| - | From now on, you can gain su access via adb by entering su at the device shell prompt. | ||
| - | |||
| - | Now, we need to install ChainsDDs excellent Superuser application for Android: | ||
| - | |||
| - | [HOST] adb push Superuser.apk /system/app | ||
| - | |||
| - | Once this is done, you should find the Superuser application in your application drawer, and whenever a new application requires root access, it should pop up to give you the option to allow or deny access | ||
rooting.1311806317.txt.gz · Last modified: 2011/07/28 00:38 by gilles