I have been unlocking/rooting since i pre-ordered my G1. I am no way an expert. I just follow GREAT instructions by other users/devs. Anyhow everyone knows how bad the samsung vibrant is b4 a new rom. So i took my girlfriends Samsung Vibrant (tmobile).
my steps
1. downloaded rom manager
2. flashed to the 2.5.1.2
3. downloaded bionix v 1.3.1 (team whiskey)
4. made a backup of the current stock with rom manager (should of used nandroid or titaium)
5. Needed to restore to stock backup i made, cause she needed some contacts, and she doesnt use google sync! "smack, now she does"
6. Restored backup from rom manager! it boots back up and does something weird. i see the lock screen but the signal bar is a blue circle crossed out, and nothing works, it just flips out right there.
So i boot into clockwork (cause i cant do anything in the os) and install the bionx file again. It works great, and the phone rocks once again........but i still need those contacts.
Please please help me.
Does it have something to do with the newer recovery i put on it. ???
I also apologize for asking all this, but i just don't know what i did, so i don't know what to search for on the Forums
Thanks in advance.
M
This may or may not work...
Do you have adb experience?
Be very careful using "dd" command...
1. Boot into CWM Recovery
2. Restore broken backup (don't reboot!)
2.5. Forgot--go to "Mounts and Storage" and mount /data
3. While still in recovery, enter an adb shell
4. In shell, enter "dd if=/data/data/com.android.providers.contacts/databases/contacts.db of=/sdcard/contacts.db"
5. Exit shell (stay in recovery) -- don't know if exiting shell is absolutely necessary, but might as well
6. While still in recovery, flash Bionix from .zip file
7. Before exiting recovery, once again enter adb shell
8. In shell, enter "dd if=/sdcard/contacts.db of=/data/data/com.android.providers.contacts/databases/contacts.db"
9. Reboot and pray lol
Above all else, try this at your own risk...no idea if it will work.
Source: http://hackervisions.org/?p=640
Also, I have no idea why the backup/restore doesn't work. Sorry.
Awesome. Thank You Sir
I have no problem trying this. Just one question
Am i risking a brick with this? i know rooting/unlocking i am at risk. but what is the dd command. by the looks of it, its copying the contacts file ??
Don't think so...but no guarantees lol. You always have the option to wipe /data in recovery, so I don't think potentially messing with one file would result in a brick. Just be sure to triple check the dd command when you enter it.
Will do
Ill let you know. brb
Any luck?
nope
~ # dd if=/data/data/com.android.providers.contacts/databases/contacts.db of=/sd
card/contacts.db
dd if=/data/data/com.android.providers.contacts/databases/contacts.db of=/sd
card/contacts.db
dd: can't open '/data/data/com.android.providers.contacts/databases/contacts.db'
: No such file or directory
~ #
Ok, think I have a possible fix...give me a sec.
thanks for sticking with me through this
im gonna go outside, clear my head.
Thank you Inconceeeivable
Hmmm, yeah that's the wrong contact file...not sure where it would be on your device.
Try this: (be sure to note the extra mount commands)
1. Boot into CWM Recovery
2. Restore broken backup (don't reboot!)
3. While still in recovery, enter an adb shell. Type "mount /dev/block/stl10 /dbdata"
4. Still in shell, enter "dd if=/dbdata/databases/com.android.providers.contacts/contacts2.db of=/sdcard/contacts.db"
5. Exit shell
6. Flash Bionix while still in recovery
7. Reboot Bionix -- let sit for a couple minutes
8. Reboot back into CWM Recovery
9. Enter adb shell, again type "mount /dev/block/stl10 /dbdata"
10.In shell, enter "dd if=/sdcard/contacts.db of=/dbdata/databases/com.android.providers.contacts/contacts2.db"
11. Reboot and pray
EDIT: If step 3 throws an error about /dbdata not existing, replace steps 3 and 4 with the following commands:
"mount /dev/block/stl10 /datadata"
"dd if=/datadata/databases/com.android.providers.contacts/contacts2.db of=/sdcard/contacts.db"
NOTE: If you've upgraded to Bionix-V, Steps 9 and 10 do not change. Still do:
9. Enter adb shell, again type "mount /dev/block/stl10 /dbdata"
10. In shell, enter "dd if=/sdcard/contacts.db of=/dbdata/databases/com.android.providers.contacts/contacts2.db"
I Love You, I Love You, I Love You
You have saved me from so much grief from the girlfriend. I just might get laid tonight!!!
Where do i donate, or ill buy you a beer.....ummm (six pack) if your close, lol
Wow, that worked? Awesome. Don't worry about it, man. Gave me something to do with my free time. Not to mention the fact that the credit for the entire concept goes to the blog linked in the first reply lol.
Not sure if it matters, but you might want to add those contacts to the Google account (I've never moved contacts from the phone to Google...is this possible?) and then rewipe the phone (after confirming the sync of course ). I don't think using "dd" on the contacts2.db would result in any strange behavior (file permissions issue maybe?), but you could be absolutely certain by backing up the contacts, wiping, and resyncing. Again, not sure it if matters though. Either way, glad you got it figured out.
Edit: Wow, I know nothing about how contacts actually work lol. In any case, you may want to somehow (even manually) transfer them to Google and then rewipe the phone.
Yes i thought of the same thing, i hope the contacts can be resaved as google, and not sim or phone !
I know i have this problem with my dads windows 7 phone. Lame.
But im sure google makes it work.
Thanks again man.
Trying to wipe battery stats with terminal emulator, get the following:
$ $ rm failed for /data/system/batterystats.bin, no such file or directory
Verified in root explorer that directory is there but not the file. CWm battery stats wipe doesnt work either.
-50 PBJ, UK 2.0 with ec09 radio.
any suggestions on how to wipe the battery stats ? performance has been lacking since the UK upgrade, radio change didnt help.
Two ways: manually wipe in cwm, or download battery calibration from the market. Both do the exact same thing.
Also, from your terminal command, you tried to do it without superuser access. Type "su" first, then hit enter.
Sent from mah Fascinate using XDA Premium App
Thanks, i did try it with su, but it failed to reboot. Just goes back to a prompt, #.
Also tried in cwm, blank response. I do have cwm red if that matters.
Sent from my SCH-I500 using XDA App
The # sign means the next command will be executed with root access, so try your original command again at the # prompt.
Sent from mah Fascinate using XDA Premium App
I experienced that in Terminal Emulator as well. However, it appeared to work fine in CWM.
I just got an update for the Terminal Emulator software and tried again but still get a return to the # prompt with no reboot. It *used* to work just fine - it was just since loading UKB 2.0 -50 PBJ that it didn't.
---------------
Did some Googling --- Try this:
For Terminal
1. open terminal emulator, press menu button, then preferences
2. scroll down to "shell" and changed initial command to read
"export PATH=/system/xbin: $PATH
3. press back button, Terminal will close, reopen terminal
4. type "su" hit return, grant su when promt pops up
5. type "bstats" and hit return
6. phone will reboot.
Found it here.
Yup, I see the same thing........was working fine with the reboot under commavolt, quite working only after the switch to PBJ -50
Tried the instructions above, no reboot. Acts the same as if I copied and pasted the extracted bstats commands like I used to do. ( back to # prompt)
So I was having the issue with the settings menu force closing after I rooted the device.
This morning I've done a factory data reset, gone to turn the tablet on, and I'm not getting "The application OLS (process com.sony.nfx.app.ols) has stopped unexpectedly. Please try again.
Can't access the device, tried another factory data reset, can't flash a firmware as I can't access the device.
Not very happy at all.
But any ideas please?
**I can get into the settings menu and when I press the home button is when I get the OLS force close, so I assume it's the home launcher, I did remove it when my device was working.....
I can't access device storage either, even when my device is on - or ADB, but I can access an SD Card through the boot menu.
Well factory reseting doesn't restore anything you deleted from system, but wipe anything else you installed.. so there's the big problem.
On my tab, I can force a boot loop by holding volume down when booting (hold vol down for what seems like an eternity/till you are satisfied that it is boot looping).
ADB seems to work here, so you could potentially push a different launcher apk and get it going that way.
Thanks for the response Dan,
What I can do is start the device, there's no launcher there, but inbetween the force closes I can get into the settings, there's no force closes when I'm in there.
I connect the USB, ADB Devices and it shows, I can pull from the /system but not push.
As soon as I type ADB Shell, then the commands, it tells me "error: device not found"
Exit out of ADB Shell, ADB Devices again, and it's there - but ADB Devices when inside ADB Shell shows nothing.
I've tried all of the OTA packages in the other thread and nothing - I'm at a bit of a loss, i doubt Sony would work with me on this one, so It looks like I've got £349 of paper weight. Any ideas on the ADB? At least then I could push a launcher in.
The issue clearly is becuase there's no launcher.
I remove the default launcher from the /system/app folder and install ADW, the factory reset obviously removed it, hence there's no launcher...
What if the APK for ADW was made into an update.zip?
Would it flash when I hold down power + volume+, Update System from zip?
bummer
Not really sure what can be done if you deleted them from the system and the reset does not reinstall them.
Perhaps someone who has rooted can send them to you, but not sure how that would work.
I'll get in touch with Sony tomorrow, now I know that this is my own fault, but under the warranty they are still abliged to fix it, I certainly won't be rooting it again, thats for sure.
I hope they will help me if I'm honest?
Did you have a look at if ADB works for you in the forced boot loop state I mentioned? It could possibly do some extras from there that you can't otherwise.
Also just try sending a third party launcher in so it's doesn't have to go to system, perhaps it will let you write the file then. And hopefully auto - detect it upon booting .
Tried it Dan, if I attempt ADB Install launcher.apk, it starts installation then;
[1] Killed pm install /data....
I'm getting permission denied in every ADB command when in the Boot Loop.
Thanks anyway - I've emailed them, and been totally honest about what I've done.
I could swear all day - I've fixed it, my tablets working again, what a bloody relief. Thanks ADB!
I tried to duplicate your problem with adb :-
Typed ADB Devices - reports attached device OK
Typed ADB Shell - prompt changes to $
Typed ls - shows root of tablet
Typed cd system - changed to system directory
Then ls again then cd app then ls again - shows all system apps
I then typed ADB devices again and lost the connection to the tablet
It would seem that on my tablet at least that typing ADB devices whilst within the ADB shell breaks the connection with the tablet
Thanks for testing it praed0r, I'm pleased to know that it's not just me that had that issue.
It may be of use to someone, but what I did was mount the /system partition as rw using busybox.
Code:
adb shell
su
busybox mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
From there I removed the app that kept forceclosing, in this case it was OLS (or something like that)
I then mounted the /data drive with;
Code:
busybox mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /data
Then using cp instead of ADB Push,
Code:
cp /sdcard2/golauncher.apk /system/app/golauncher.apk
Rebooted the device and it all worked fine, GoLauncher booted as my default launcher.
For some reason it didn't like adb push, and would give me permission errors, but mounting as busybox fixed it all....
I changed the build.prop so that it would system update, it indeed does, but all STOCK apps (Sony apps) force close, it could be becuase of the framework.jar from the other thread, so I'll try and source one from a kind individual. Then I'll do the update and my system will be OK.
I'd consider myself very lucky this time, lesson learnt not to tweak with things.
I'll stick to the build.prop/local.prop tweaks for now
Any idea why the system apps aren't working, i've retraced my steps to before it happened, the only notable thing that would have an affect was changing the framework.jar?
Yep, you read that right and I'm not trolling. THE ZMAX IS ROOTED!!
Discaimer and N00Bproof warning:
We have root, yes, but that doesn't mean get hasty. At the moment, there are partition images (system, boot and recovery) in my and other users' possession (free of access to all), but we don't have a working recovery at the moment and this process involves deleting the stock recovery (it will make sense later). So, if you screw up and get root-happy, there's no way to recover until we get a recovery and a custom rom, and even then you might be screwed because we don't have access to the bootloader to use fastboot. Things may change, but root-use with caution.
Also, once you root, DO NOT TAKE ETAs from T-Mo and ZTE!!!!!!! Now that we have root, we can capture the OTA and make it root-friendly. To make a long story short, the updater-script (thing that tells your recovery where and how to flash stuff) has a list of stuff it has to... well... flash. If you, for example, delete the stock ZTE Music app, and the ETA replaces the app with a new version, it's going to stop (because the script requires a REPLACEMENT and not a PLACEMENT, computers don't have the best common sense), then it will interrupt and you will likely be bricked. This shouldn't be a problem because you don't have a recovery to begin with, but I'm not taking chances here.
NOW! Let's Root. This is a long process, so don't expect to do anything for a good 10-20 minutes.
FIRST: KINGROOT
This is one of those things where your mileage may very, there have been many different ways to get KingRoot (not King"O"Root, two different apps) to work, but this one was the one that worked for me. I'll also place alternate KingRoot methods in the second post if you wanna try those. Just for the sake of knowledge, this was run on a T-Mobile ZTE ZMAX, Android 4.4.2, build 22. I don't know if it makes a difference that I factor reset my phone before doing another round of root attempts (not this one specifically, maybe a couple hours worth of attempts).
Credits to @fire3element for this method.
1) Download KingRoot APK from here (the first one with the image of the phone if you are on the desktop site).
2) Install KingRoot and run it. It will restart the phone, and it will fail (or, if you have some Android God luck, it may succeed), this is supposed to happen.
3) Clear KingRoots cache and data (in that order) and power off the phone (not reboot). Then, power it back on again.
4) Now this is where things get... well complicated for this part. You are going to need to load your RAM with a bunch of processor heavy stuff. The person that made this method used CounterSpy and Final Fantasy Type-0 in the PPSSPP v1.0.1-411 emulator, but for those of you that don't have access to that, get creative and load up. Here is what I had running (all at the same time, mind you).
Note: Force Stop Task Manager in the app settings first or it will purge to free memory automatically and this won't work.
1. Next Launcher Lite
2. Apex Launcher
3. Nova Launcher
4. Cheetah Launcher
5. CM Launcher
6. Mi Launcher
7. 25 tabs on Google Chrome (No joke)
8. Both Temple Runs
9. Fruit Ninja
10. Google Play Store
11. Google Now
12. Google Play
13. Amazon
14. Google Play Music
Mine was definitely a bit extreme but I knew all of this stuff would guarantee a good memory hogging.
5) Run all of your apps at the same time. The TL;DR for this is that apparently it's some exploit that the app uses as a buffer overflow. Now, go to settings and Force Stop KingRoot. Then Run it again. If it works, you should go from 0 to 100 real quick (no pun intended). It shouldn't progess slowly or reboot the phone to do this, but your journey does not stop here.
Click to expand...
Click to collapse
If you did it correctly, the screen from a successful root will have a green checkmark. Run RootChecker to verify root status.
SECOND: PERMA-ROOT
Now you need to permanently root the phone. This method was all @jcase, and simplified by another user. I encourage you to read JCase's original G+ post to learn something, as this guy is the master of exploits, and we are on XDA to learn.
Credits to @xtremeasure for the simplification of JCase's process.
1) Plug phone into computer...
2) Open cmd type "adb shell" (without quotes, moving forward, type all commands without quotes). This will open a terminal for the phone.
3) While in ADB Shell, type "su" to gain root shell privileges
4) Type "getprop ro.build.fingerprint"
Output for that command should be...
zte/P892T57/draconis:4.4.2/KVT49L/20140804.141306.18686:user/release-keys (the part with P892T57 may be different depending on what model ZMAX You have). If you haven't updated that number will be different, this ok, just replace the number in the next command with whatever your output is.
5) type "setprop persist.sys.k P892T57"
6) type "getprop persist.sys.k" and your output should be your build number
7) type "cd /dev/block/platform/msm_sdcc.1/by-name/" to change directories so that we can back up your recovery image (remember I said something about that?) and set the boot to our recovery partition.
8) type "dd if=recovery of=/sdcard/recovery.img" to backup the recovery image.
9) type "dd if=boot of=recovery" to set recovery as boot. Another TL;DR is that this disables the write protection set by the stock recovery, allowing you to write to the system. It will mount the /system partition upon boot.
DELETE KINGUSER NOW
10) type "reboot recovery" and restart your phone. YOU MUST RESTART WITH THIS COMMAND!!!!! It will boot straight into Android, this is good, that means you haven't screwed up anything.
11) Reopene the adb shell (using "adb shell") in your command prompt or terminal (for OSX and Linux) and type "Id". If your output is "uid=0(root) gid=0(root) context=u:r:shell:s0" then It worked...
12) Remount system as writable "mount -o rw,remount /system"
13) Manual install for supersu you can get that here: http://download.chainfire.eu/supersu
14) Type "exit" into the terminal/command and it should drop you back to your normal cmd...unzip the su zip anywhere you want in your cmd switch to that directory...
14B) I advise taking the "su" binary and "install-recovery.sh" file from the superSU folder you downloaded and putting them in the same place (on the desktop or wherever your adb.exe is if you didn't set $PATH on your computer). su can be found in the "arm" folder and install-recovery.sh can be found in the "common" folder. It is important to note that where ever your files are, you will have to type that path (if it isn't in the same directory as your adb). So, as an example, I put mine on the desktop, so I have to type "adb push ~/Desktop/su /data/local/tmp/su". If you do not know how to do that, then stop what you are doing and research it, as that's just too much to explain.
15) "adb push su /data/local/tmp/su"
16) "adb push install-recovery.sh /data/local/tmp"
17) Reenter adb shell with "adb shell"
18) Make sure system is mounted writable with "mount -o remount,rw /system"
19) Move the so files into place with these commands
"cat /data/local/tmp/su > /system/xbin/su"
"cat /data/local/tmp/su > /system/xbin/daemonsu"
"cat /data/local/tmp/install-recovery.sh > /system/etc/install-recovery.sh"
20) Give them all permissions
"chmod 755 /system/xbin/su"
"chmod 755 /system/xbin/daemonsu"
"chmod 755 /system/etc/install-recovery.sh"
21) Reboot your phone to complete install with "reboot"
22) After rebooting go into the play store and install the supersu app. It's going to tell you the su binary is out of date to fix that we need to open the adb shell on our pc again with "adb shell"
23) Reboot into recovery (you're really rebooting the system with r/w privileges) using "reboot recovery"
24) Once rebooted open the app and update your binaries one finished reboot add your done 100% perm rooted
Click to expand...
Click to collapse
Now, you are rooted! If you did everything right, you should be good. Now people are going to ask, "Is there a script for this?" The short answer is No, don't hold your breath for something immediate. There was a user that said he would be happy to make one for the second half, but the writing, testing and verification of success alone on that will take some time, as the wrong line of code can make you end up with a good old fashioned paperweight. I can verify Xposed works fine, Viper4Android works fine, and if you try to delete system apps, they will just reinstall themselves (I recommend using "System App Remover (ROOT)" on the play store, as it will actually tell you which apps are and aren't safe to install. If you have any questions, after searching of course, feel free to ask. If I can't answer, some freaking body can lol.
CREDITS:
@tech_yeet for showing us the KingRoot
@jcase for his amazing work
@xtremeasure for his method
@fire3element for his method
@the zMAX Community for staying dedicated when the going got tough, it's been a long road. Here's to custom roms and a TWRP recovery!
Please share this with others, as there is a big community of people begging for this info, let's share the love . If I forgot to credit you, let me know and I'll fix that!
ADDITIONAL INFORMATION
If you by some chance flash the TWRP Recovery Image (found in post 2), and would like to revert back to root ability (being able to write to system). Please follow the steps below:
1. cd /dev/block/platform/msm_sdcc.1/by-name
2. su
3. dd if=/sdcard/recovery.img of=recovery
4. reboot recovery
Please make sure you have the recovery in your sdcard root folder.
Alternate Root Methods and ZTE Custom ROMs/Kernels/etc
If the above first part doesn't work for you, you can find alternative root methods
Alternate Method 1 HERE
Alternate Method 2 HERE
As I see more added, I'll add them here.
CUSTOM STUFF
TWRP Image for ZTE ZMAX
Q&A/Other [UDPATED MAY 13, 2015 @ 5:45PM]
If A question is asked and you feel like it needs to be here, please tag or DM me with the Q AND THE A so that I can do so.
OTHER:
Original Discussion Thread for the ZTE ZMAX
Please see fire3element's post on what each screen in the KingRoot app means
WHAT THE SCREENS MEAN IN THE APP
That's a whole lot to swallow but I'm glad to see y'all can finally get rooted. Definitely not a method for noobs or the faint of heart but its a HUUUGE step in the right direction. Thanks to everyone responsible for this.
Hroark13 has TWRP - http://androidforums.com/threads/zte-zmax-twrp.918537/
mingolianbeef said:
Yep, you read that right and I'm not trolling. THE ZMAX IS ROOTED!!
Discaimer and N00Bproof warning:
We have root, yes, but that doesn't mean get hasty. At the moment, there are partition images (system, boot and recovery) in my and other users' possession (free of access to all), but we don't have a working recovery at the moment and this process involves deleting the stock recovery (it will make sense later). So, if you screw up and get root-happy, there's no way to recover until we get a recovery and a custom rom, and even then you might be screwed because we don't have access to the bootloader to use fastboot. Things may change, but root-use with caution.
Also, once you root, DO NOT TAKE ETAs from T-Mo and ZTE!!!!!!! Now that we have root, we can capture the OTA and make it root-friendly. To make a long story short, the updater-script (thing that tells your recovery where and how to flash stuff) has a list of stuff it has to... well... flash. If you, for example, delete the stock ZTE Music app, and the ETA replaces the app with a new version, it's going to stop (because the script requires a REPLACEMENT and not a PLACEMENT, computers don't have the best common sense), then it will interrupt and you will likely be bricked. This shouldn't be a problem because you don't have a recovery to begin with, but I'm not taking chances here.
NOW! Let's Root. This is a long process, so don't expect to do anything for a good 10-20 minutes.
FIRST: KINGROOT
This is one of those things where your mileage may very, there have been many different ways to get KingRoot (not King"O"Root, two different apps) to work, but this one was the one that worked for me. I'll also place alternate KingRoot methods in the second post if you wanna try those. Just for the sake of knowledge, this was run on a T-Mobile ZTE ZMAX, Android 4.4.2, build 22. I don't know if it makes a difference that I factor reset my phone before doing another round of root attempts (not this one specifically, maybe a couple hours worth of attempts).
Credits to @fire3element for this method.
If you did it correctly, the screen from a successful root will have a blue envelope with a checkmark. Run RootChecker to verify root status.
SECOND: PERMA-ROOT
Now you need to permanently root the phone. This method was all @jcase, and simplified by another user. I encourage you to read JCase's original G+ post to learn something, as this guy is the master of exploits, and we are on XDA to learn.
Credits to @xtremeasure for the simplification of JCase's process.
Now, you are rooted! If you did everything right, you should be good. Now people are going to ask, "Is there a script for this?" The short answer is No, don't hold your breath for something immediate. There was a user that said he would be happy to make one for the second half, but the writing, testing and verification of success alone on that will take some time, as the wrong line of code can make you end up with a good old fashioned paperweight. I can verify Xposed works fine, Viper4Android works fine, and if you try to delete system apps, they will just reinstall themselves (I recommend using "System App Remover (ROOT)" on the play store, as it will actually tell you which apps are and aren't safe to install. If you have any questions, after searching of course, feel free to ask. If I can't answer, some freaking body can lol.
CREDITS:
@tech_yeet for showing us the KingRoot
@jcase for his amazing work
@xtremeasure for his method
@fire3element for his method
@the zMAX Community for staying dedicated when the going got tough, it's been a long road. Here's to custom roms and a TWRP recovery!
Please share this with others, as there is a big community of people begging for this info, let's share the love . If I forgot to credit you, let me know and I'll fix that!
Click to expand...
Click to collapse
I have followed EVERYTHING step by step over and over again, and yet i still cant get this to work.
Basically, everything is fine up until reboot recovery.
it goes into android, but i dont start off as root, i start off as if i wasnt rooted, and i always have to do "su" to gain privledges.
afterwards, mount -o remount,rw /system/ does work but i cant write to it still for some reason.
has anyone else gotten this!? have any of you got a clue how to fix?
Here is some more info for those of you wondering what the KingRoot app is doing.
Screenshots will follow.
Text ABOVE the screenshot is for the image directly under it.
Let's begin -------------->
FIRST SCREEN WHEN YOU OPEN KINGROOT
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
SECOND SCREEN
- CLICK BUTTON TO BEGIN ROOT -
ROOTING IN PROGRESS...
ROOT FAILURE
[Blue Button]: SUBMIT (submits the error report to KingRoot devs)
ROOT FAILURE
ROOT FAILURE
NO DATA CONNECTION (WiFi or cellular singnal required)
[Blue Button]: ANDROID SETTINGS MENU
SUCCESSFUL ROOT
IF YOU SEE THIS MESSAGE POP UP DURING ROOTING, JUST LEAVE IT ALONE. LET THE ROOT FINISH
SUCCESSFUL ROOT
[trash can]: [...]: [...]:
SUCCESSFUL ROOT
[Blue Button]: PURIFICATION (I believe this is similar to fixing permissions)
- CLICK IT AND LET IT RUN -
^ from clicking blue button above ^
PURIFICATION PROCESS
xIP- said:
I have followed EVERYTHING step by step over and over again, and yet i still cant get this to work.
Basically, everything is fine up until reboot recovery.
it goes into android, but i dont start off as root, i start off as if i wasnt rooted, and i always have to do "su" to gain privledges.
afterwards, mount -o remount,rw /system/ does work but i cant write to it still for some reason.
has anyone else gotten this!? have any of you got a clue how to fix?
Click to expand...
Click to collapse
Should just be mount -o remount,rw /system
No extra slash
Sent from my Z970 using XDA Free mobile app
---------- Post added at 04:40 PM ---------- Previous post was at 04:36 PM ----------
I would the recovery image restore commands added.. If people feel the need to recover and try again they should run these
cd /dev/block/platform/msm_sdcc.1/by-name
su
dd if=/sdcard/recovery.img of=recovery
reboot recovery
*edited to remove a potentially harmful commands per jcase's advice*
Sent from my Z970 using XDA Free mobile app
xtremeasure said:
Should just be mount -o remount,rw /system
No extra slash
Sent from my Z970 using XDA Free mobile app
---------- Post added at 04:40 PM ---------- Previous post was at 04:36 PM ----------
I would the recovery image restore commands added.. If people feel the need to recover and try again they should run these
cd /dev/block/platform/msm_sdcc.1/by-name
su
dd if=boot of=boot
dd if=/sdcard/recovery.img of=recovery
reboot recovery
Sent from my Z970 using XDA Free mobile app
Click to expand...
Click to collapse
even with just one slash I still have a problem
Sent from my Z970 using XDA Free mobile app
Ok, so I am about to flash back the stock recovery from my backup and see if I can go through all these steps again to figure out what is going wrong.
I have a theory as to where and why KingUser is locking down SU in xbin. After I restore stock recovery, I will then Factory Reset and attempt to log my progress.
Stay tuned and I will try to report back later today. Hopefully with more insight on this problem.
@xIP-
Are you talking about pushing "su" , "daemonsu" , and "install-recovery.sh" files to /system ?
Keeps saying permission denied?
If that is the case, you can not. KingUser has a lock on system and is already in place as SU in /system/xbin
You will most likely need to factory reset and try again.
---------- Post added at 12:57 PM ---------- Previous post was at 12:37 PM ----------
UPDATE UPDATE!!!
Do not run the dd if=boot of=boot command
Could brick your device. As per Jcase warning. Wait for more info
fire3element said:
Ok, so I am about to flash back the stock recovery from my backup and see if I can go through all these steps again to figure out what is going wrong.
I have a theory as to where and why KingUser is locking down SU in xbin. After I restore stock recovery, I will then Factory Reset and attempt to log my progress.
Stay tuned and I will try to report back later today. Hopefully with more insight on this problem.
@xIP-
Are you talking about pushing "su" , "daemonsu" , and "install-recovery.sh" files to /system ?
Keeps saying permission denied?
If that is the case, you can not. KingUser has a lock on system and is already in place as SU in /system/xbin
You will most likely need to factory reset and try again.
---------- Post added at 12:57 PM ---------- Previous post was at 12:37 PM ----------
UPDATE UPDATE!!!
Do not run the dd if=boot of=boot command
Could brick your device. As per Jcase warning. Wait for more info
Click to expand...
Click to collapse
Remember remove kinguser after you run the dd commands but before you reboot recovery...
Sent from my Z970 using XDA Free mobile app
xtremeasure said:
Remember remove kinguser after you run the dd commands but before you reboot recovery...
Click to expand...
Click to collapse
Just so this is clear... full Root uninstall through the KingUser app, or just uninstall it through android app settings menu.
^ In case someone else has the same question ^
fire3element said:
Just so this is clear... full Root uninstall through the KingUser app, or just uninstall it through android app settings menu.
^ In case someone else has the same question ^
Click to expand...
Click to collapse
I would do a full root uninstall....
The backdoor keeps root for adb so installing the new su shouldn't be an issue
Sent from my Z970 using XDA Free mobile app
Got it. Will report back after this headache is done. *slams head on desk*
I just read the boot flash advice, I am not going to do it because I know that's a stupid idea, but if it does in fact let us flash boot.IMG, omg overclocking, custom kernels, full read write, awesome recovery, dual boot custom Roms with custom kernels here we come.
Unlocked boot.IMG
Can you Ya hoooouoo
And subscribed.
Sent from my Z970
[email protected]:/ # id
uid=0(root) gid=0(root) context=u:r:init:s0
fire3element said:
Ok, so I am about to flash back the stock recovery from my backup and see if I can go through all these steps again to figure out what is going wrong.
I have a theory as to where and why KingUser is locking down SU in xbin. After I restore stock recovery, I will then Factory Reset and attempt to log my progress.
Stay tuned and I will try to report back later today. Hopefully with more insight on this problem.
@xIP-
Are you talking about pushing "su" , "daemonsu" , and "install-recovery.sh" files to /system ?
Keeps saying permission denied?
If that is the case, you can not. KingUser has a lock on system and is already in place as SU in /system/xbin
You will most likely need to factory reset and try again.
---------- Post added at 12:57 PM ---------- Previous post was at 12:37 PM ----------
UPDATE UPDATE!!!
Do not run the dd if=boot of=boot command
Could brick your device. As per Jcase warning. Wait for more info
Click to expand...
Click to collapse
Is there anyway to do it without a factory reset? Could I just remove kinguser? or it must be factory reset? and will I have to reroot with factory reset?
Sent from my Z970 using XDA Free mobile app
Sorry guys, kinda been running around all day, have a lot of catching up to do I see. I'll fix the thread with updated information that people have so generously contributed!
DroidisLINUX said:
I just read the boot flash advice, I am not going to do it because I know that's a stupid idea, but if it does in fact let us flash boot.IMG, omg overclocking, custom kernels, full read write, awesome recovery, dual boot custom Roms with custom kernels here we come.
Unlocked boot.IMG
Can you Ya hoooouoo
And subscribed.
Sent from my Z970
[email protected]:/ # id
uid=0(root) gid=0(root) context=u:r:init:s0
Click to expand...
Click to collapse
I know right!!! First hurdle... done... second hurdle, bootloader with no fastboot lmao...
a bit unclear on this
are we actually rebooting into recovery or its supposed to go straight back into the phone
i was never able to get into recovery
10) type "reboot recovery" and restart your phone. YOU MUST RESTART WITH THIS COMMAND!!!!! It will boot straight into Android, this is good, that means you haven't screwed up anything.
"cat /data/local/tmp/su > /system/xbin/su"
"cat /data/local/tmp/install-recovery.sh > /system/etc/install-recovery.sh"
getting permission denied when running this.
"chmod 755 /system/xbin/su"
"chmod 755 /system/etc/install-recovery.sh"
as well as operation denied or something along those lines. any help would be nice. also and running id on adb. its showing.
uid=0(root) gid=0(root) context=u:r:init:s0
rather than
uid=0(root) gid=0(root) context=u:r:shell:s0
xIP- said:
I have followed EVERYTHING step by step over and over again, and yet i still cant get this to work.
Basically, everything is fine up until reboot recovery.
it goes into android, but i dont start off as root, i start off as if i wasnt rooted, and i always have to do "su" to gain privledges.
afterwards, mount -o remount,rw /system/ does work but i cant write to it still for some reason.
has anyone else gotten this!? have any of you got a clue how to fix?
Click to expand...
Click to collapse
You have to exit adb shell to push files to /data/local/tmp, which does not require root. That was a major exploit in earlier android versions, as people would push scripts to /data/local/tmp without root, run the exploit in the directory, and it would root. That was patched of course, but that directory can be accessed without root. Once you use "reboot recovery" to reboot, then just plug your phone back up and type "adb shell" to which the phone should respond with a "#" instead of a "$". If you have the $, you are not root and need to go back. If you do, just be patient with it and make sure you are not just copying and pasting (I know this can be the root of the issue at times with command, just type it out). It should work, the second half is the easy part lol.