Keeping Root

From Android Wiki

Revision as of 04:19, 8 December 2008 by DarkriftX (Talk | contribs)
Jump to: navigation, searcha

These methods can only be done on RC29 or lower. If you are already on RC30 this will NOT work for you and you must wait for the next root exploit to be found.

Using pre-modified RC30

JesusFreke has created a pre-modified version of RC30 (RC8/UK) that you can use if you do not wish to manually edit it yourself.

  • If you copy files over USB to /sdcard remember to unmount before unplugging the USB.
  • Unzip the file and copy (or adb push) recovery_testkeys.img to /sdcard
  • copy (or adb push) this file to /sdcard/ - Make sure that if you copy over USB that you unmount before unplugging
  • with a root shell run:
mount -o remount,rw /dev/block/mtdblock3 /system

cd /system

cat /sdcard/recovery_testkeys.img > recovery.img

flash_image recovery recovery.img 
  • turn off phone
  • Hold down power and home to enter recovery mode
  • At the exclamation point and phone image hit Alt-L look for test-keys on the second line. If missing, the above steps failed and you should hold Home and Back to reboot and start over. If not, continue.
  • Press Alt+S. The system will proceed to verify the image and install it. When done, it will say to reboot by pressing Home + Back.
  • Press Home + Back. The system should show an open box and arrow into phone, then an arrow onto a chip, then reboot twice.
  • Once you are booted it is suggested that you do the following to stop OTA updates from attempting (and failing) to update your phone:
mv /system/etc/security/ /system/etc/security/

This will give you an rc30 that has 'su' for gaining root access. (Not quite the same thing you get with the manual steps below.)

More information and updates can be found on the original thread at XDA-Developers

Manually modifying your own RC30

  1. Download the recovery image:
    1. .xxx file- G1 downloadable link (rename to .zip)
    2. .zip file: Non G1 download, no need to rename,
  2. Flash the recovery image
  3. Unzip the FULL RC30
  4. Replace the /system/recovery.img with the one from step 1.
  5. Copy /system/bin/sh to system/bin/rootshell, and make the following changes to META-INF/com/google/android/update-script (or download a modified copy from a trusted source)

Add this to the end of the first line, which should start with: assert getprop("

|| getprop("") == "generic/htc_dream/dream/trout:1.0/TC3/eng.jesusfreke.20081105.164210:eng/test-keys"

Then after:

set_perm_recursive 0 2000 0755 0755 SYSTEM:bin


set_perm 0 2000 04755 SYSTEM:bin/rootshell

BACKUP anything from /system as it will be formatted. Do -not- use the 4 meg rc30 patch, as it will brick your device at this stage.

Resign with the utility provided in the zip file from step 1, copy it to your SD card, enter recovery, and pray. If it works, you can run the following from the terminal app (not pterminal) /system/bin/rootshell

  • in terminal (as root) do:
mv /system/etc/security/ /system/etc/security/

It is not yet known if this last step is needed, but better safe then derooted

This has been successfully tested, but as always, perform these steps at your own risk.

Personal tools