Database Info

HDC Galaxy S3 G9300 - ROOT

Has anyone got a root method that works for the HDC Galaxy S3 G9300?
Have tried Bin4ry v18 and another script but they didn't work.
The phone has JB 4.1.1. The Kernel is 3.4.0 dated Dec 3 2012. The build number is; e1920_v77_zlh_9p017_asx_20121203
Thanks for any help or advice.
Is now rooted, read on..

garyo said:
Has anyone got a root method that works for the HDC Galaxy S3 G9300?
...
Thanks for any help or advice.
Click to expand...
Click to collapse
Me too. I've spent probably 6 hours today messing around with the 1.8 version script, on both windows 7 and Linux. It always fails the same place, with mount permission denied ... are you root?
I have other issues with the G9300 that I'd like to tackle, like WiFi range, but digging in requires root access. Here's hoping somebody smarter than I can find a way to root this thing.

wseverin said:
Me too. I've spent probably 6 hours today messing around with the 1.8 version script, on both windows 7 and Linux. It always fails the same place, with mount permission denied ... are you root?
I have other issues with the G9300 that I'd like to tackle, like WiFi range, but digging in requires root access. Here's hoping somebody smarter than I can find a way to root this thing.
Click to expand...
Click to collapse
Same here. I need root to build a custom CWM recovery.
Anyone has rooted phone that can help rip out the rom?

..

Finally. I've rooted my HDC G9300.
See my post in another thread here:
http://forum.xda-developers.com/showthread.php?t=1886460&page=165
My phone is now nicely rooted with no problems. But it's not an easy process.

wseverin said:
See my post in another thread here:
http://forum.xda-developers.com/showthread.php?t=1886460&page=165
My phone is now nicely rooted with no problems. But it's not an easy process.
The tutorial isn't clear about how to run Android Kitchen. In the Android Kitchen folder is a script called 'menu' that has to be executed by cygwin. Launch cygwin first with the .bat file in its install folder. Then, navigate to the 'menu' script. Hint: '/cygdrive/c/<path to Android Kitchen>/menu'
Nowhere does the tutorial say to copy 'Root_Superuser_3.1.3_Busybox_1.20.2-Update1-signed.zip' onto your sd. You will want to do that before beginning the final recovery step.
Click to expand...
Click to collapse
Its great you figured out a root method, and thanks for sharing it :good:
I have just run through it on my phone and all has gone well until I got to where mobileuncle tools flashes the recovery.img. It needs Superuser access to do that and I don't have it. I am thinking it must be something to do with the Menu script you mentioned. How to you run that script? What is the command for it?
Thanks for any help!

Sounds like you're 95% there
garyo said:
I have just run through it on my phone and all has gone well until I got to where mobileuncle tools flashes the recovery.img. It needs Superuser access to do that and I don't have it. I am thinking it must be something to do with the Menu script you mentioned. How to you run that script? What is the command for it?
Thanks for any help!
Click to expand...
Click to collapse
From what you've written I will make a few assumptions. It sounds like you successfully did the rebuild with Android Kitchen, where it created a new recovery.img. And then you used SP Flash Tool to successfully transfer the new image to your phone.
You don't need mobileuncle. It's a great utility to have, but you don't need if for this process. Install it later when this is all done.
If the above assumptions are correct, you already have downloaded the modded recovery to your phone and you're 95% done. It sounds like all you need to do is put the zip install for su, superuser, and busybox onto your sd card, boot into recovery (upvolume+power), navigate to 'install zip from sd card', install the su-superuser-busybox zip, and reboot.
If that doesn't work, I suggest working your way back up the chain – re-downlod the new recovery.img; if that fails, rebuild the new recovery.img; etc.

wseverin said:
From what you've written I will make a few assumptions. It sounds like you successfully did the rebuild with Android Kitchen, where it created a new recovery.img. And then you used SP Flash Tool to successfully transfer the new image to your phone.
You don't need mobileuncle. It's a great utility to have, but you don't need if for this process. Install it later when this is all done.
If the above assumptions are correct, you already have downloaded the modded recovery to your phone and you're 95% done. It sounds like all you need to do is put the zip install for su, superuser, and busybox onto your sd card, boot into recovery (upvolume+power), navigate to 'install zip from sd card', install the su-superuser-busybox zip, and reboot.
If that doesn't work, I suggest working your way back up the chain – re-downlod the new recovery.img; if that fails, rebuild the new recovery.img; etc.
Click to expand...
Click to collapse
Finally, you rooted the phone. Do you think you could upload the rom somewhere? Others can just download it and flash without going through the entire process. Good Job!!

wseverin said:
From what you've written I will make a few assumptions. It sounds like you successfully did the rebuild with Android Kitchen, where it created a new recovery.img. And then you used SP Flash Tool to successfully transfer the new image to your phone.
You don't need mobileuncle. It's a great utility to have, but you don't need if for this process. Install it later when this is all done.
If the above assumptions are correct, you already have downloaded the modded recovery to your phone and you're 95% done. It sounds like all you need to do is put the zip install for su, superuser, and busybox onto your sd card, boot into recovery (upvolume+power), navigate to 'install zip from sd card', install the su-superuser-busybox zip, and reboot.
If that doesn't work, I suggest working your way back up the chain – re-downlod the new recovery.img; if that fails, rebuild the new recovery.img; etc.
Click to expand...
Click to collapse
Hi - Yes you are right, I have created the recovery.img and transferred it to the phone.
Thanks for the tip that I don't need to use mobileuncle.. So I have booted up into CWM and have the su-superuser-busybox zip on my sd card. Trouble is CWM doesn't recognise the sd card and says E: unknown volume. That is strange because android sees it fine when the phone starts.
I am still wondering if my problem is from the the android kitchen part. I wasn't able to run android kitchen. I think I better run through the process again. How did you bring up the 'menu' in kitchen? I ran cygwin first and then navigated to kitchens path and used /menu and also ./menu but just got an error message. Even dumped all of kitchens files into cygwins root directory in case I had messed up the navigation path but still got the same error message whenever I tried to run menu. How did you get it to run please?
Thanks for your help :fingers-crossed:

GT35pro said:
Do you think you could upload the rom somewhere? Others can just download it and flash without going through the entire process.
Click to expand...
Click to collapse
I have uploaded the recovery.img that I created here. Remember, because it works on my phone is no guarantee that it won't break yours. You use it solely at your own risk. Also, you will still need to use CWM to install the su+superuser+busybox zip from your sd.

Next problem - no 3G
Having the phone rooted, I've gone on to the next problem that has no ready solution.
That is, no 3G. I use the AT&T network in the USA. AT&T uses WCDMA on 850MHz and 1900MHz for their 3G service. The HDC G9300+ doesn't support WCDMA at 1900MHz, which is the band that AT&T uses most. Where I am (Phoenix AZ) there is only 1900MHz service, which means that I can't get any 3G. Only 2G "Edge".
The problem *might* be remedied through software - or maybe not. If the MTK6577 radio doesn't support 1900MHz in some hardware sense, then the game is over. But I doubt that for two reasons. First, from a marketing standpoint, the AT&T network is too big to just ignore when designing a generic platform like the MTK6577. Second, from a hardware standpoint, the transceiver frequencies are synthesized from one base oscillator through a set of on-chip frequency multipliers and dividers. If the MTK6577 can generate frequencies in the 2100MHz band it can almost surely generate frequencies in the 1900MHz band. What's required is a software driver that properly sets the multipliers and dividers.
My bet is that somewhere out there in the world there is a software driver for the phone's radio that can set the chip to work in the 1900MHz band.
Can somebody find that driver so that we can bundle it into a ROM for this phone? Or a tool to adjust the driver that's bundled with the phone?

Please tell me
garyo said:
has anyone got a root method that works for the hdc galaxy s3 g9300?
Have tried bin4ry v18 and another script but they didn't work.
The phone has jb 4.1.1. The kernel is 3.4.0 dated dec 3 2012. The build number is; e1920_v77_zlh_9p017_asx_20121203
thanks for any help or advice.
Click to expand...
Click to collapse
brother please tell me
where from you bought this phone "hdc galaxy g9300"???
I also want to buy this phone

wseverin said:
I have uploaded the recovery.img that I created here. Remember, because it works on my phone is no guarantee that it won't break yours. You use it solely at your own risk. Also, you will still need to use CWM to install the su+superuser+busybox zip from your sd.
Click to expand...
Click to collapse
Thanks for uploaded your recovery file. I thought I would try that before going through the process of redoing mine. This time it kicked straight into CWM without any sdcard errors, so was able to install the zip file. It is now nicely rooted and has been running for several hours, and as yet I have found no problems.
Great job and thanks for sharing your knowledge :good:

joneswilson02 said:
brother please tell me
where from you bought this phone "hdc galaxy g9300"???
I also want to buy this phone
Click to expand...
Click to collapse
http://www.fastcardtech.com/goods.php?u=53399&id=8113
First time I purchased from them, found them very good and had no problems. Took about 15 days to get it. Considering there were xmas & new year holidays at the time it was pretty good.

How to root your HDC Galaxy S3 G9300+
For those wanting to root their HDC Galaxy S3 G9300+ phones follow these steps;
Download wseverin's 'recovery.img' from post #10.
Download my 'MT6577_Android_scatter_emmc.txt', 'su+superuser+busybox.zip', 'SP_Flash_Tool_v3.1224.01.rar' and 'MT657x_USB_Win7_Driver.zip' files that I have attached to this post.
Install the USB drivers to your computer if you don't already have them.
Copy the su+superuser+busybox.zip file to your phones SD Card.
Run Flash Tool (Flash_tool.exe) in administrator mode.
Load my scatter file.
Next, backup your original recovery file (This is very important in case something gets messed up) Do this using the 'Read-Back' function. Select Hex and enter 0x1588000 for Start Address and 0x600000 for Length. Before clicking the Read Back button, shutdown your phone and remove the battery and USB cable. Next click Read Back, plug in the USB cable and replace the battery (But do not switch the phone on) The software will backup the file and come up with an OK window if successful.
Next flash your phone with wseverin's recovery.img. Do this from the Download tab in Flash Tool and tick the Recovery option. Before pushing the Download button you will also need to shutdown the phone, remove the battery and USB cable as above.
Next start the phone holding the volume-up + power buttons. This will boot the phone into CWM. Choose 'Install zip from sdcard', then 'choose zip from sdcard', navigate to the su+superuser+busybox.zip file and select yes to install it.
That's it! So easy!!
If you followed the steps correctly, after you reboot the phone it should have root access.. However, be warned that your phone could be bricked if something goes wrong or your phone is a different model, so do this at your own risk and backup your original first!
PS: thanks to wseverin for the modded recovery file and being the 1st to root this phone.

joneswilson02 said:
brother please tell me
where from you bought this phone "hdc galaxy g9300"???
I also want to buy this phone
Click to expand...
Click to collapse
Do I detect a hint of cynicism?
It seems to be a decently built phone. The display is good; actually better resolution than many competing models. Fit and finish are as good as you'll get anywhere. The capacitive touch screen is just fine. GPS, WiFi, and Bluetooth all work well except that the WiFi range is a bit anemic. Software is pretty much standard Android Jelly Bean. I consider it worth what I paid for it, especially since I am not about to spend 3X that for a cell phone. Oh, and it actually makes and receives phone calls!

help me
Help me please, i've bricked my g9300+.
i need a rom.zip to flash with recovery or complete rom to flash with spflashtool.
help me!!!!

bersarak said:
Help me please, i've bricked my g9300+.
i need a rom.zip to flash with recovery or complete rom to flash with spflashtool.
help me!!!!
Click to expand...
Click to collapse
How do you have brick your phone?
With the garyo's guide?
Thanks
I have a G9300+ and I want to root it

root Star G9300+
garyo said:
Has anyone got a root method that works for the HDC Galaxy S3 G9300?
Have tried Bin4ry v18 and another script but they didn't work.
The phone has JB 4.1.1. The Kernel is 3.4.0 dated Dec 3 2012. The build number is; e1920_v77_zlh_9p017_asx_20121203
Thanks for any help or advice.
Is now rooted, read on..
Click to expand...
Click to collapse
Hello,
First of all, please excuse my english...
I have a Star G9300+ smartphone with the same JB 4.1.1, same kernel (3.4.0 dated Dec 3 2012), same build number (e1920_v77_zlh_9p017_asx_20121203) than yours, but 1Gb RAM memory.
Could I use the same method to root my smartphone? How much RAM have yours?
Thanks!

xnicks said:
Hello,
First of all, please excuse my english...
I have a Star G9300+ smartphone with the same JB 4.1.1, same kernel (3.4.0 dated Dec 3 2012), same build number (e1920_v77_zlh_9p017_asx_20121203) than yours, but 1Gb RAM memory.
Could I use the same method to root my smartphone? How much RAM have yours?
Thanks!
Click to expand...
Click to collapse
Yes mine is also 1Gb RAM. I have read that HDC and Star are the same, however I don't know this for sure. This is where I purchased my phone;
http://www.fastcardtech.com/goods.php?u=53399&id=8113
Does yours look the same??
If yours looks the same you could always try it I suppose, but make sure you backup your phones entire ROM first. That way you can reinstate the original in case it doesn't work.

ClockWorkMod Recovery Touch 6.0.4.4 Loki'd "CWM.LOK" file [10/27/2013]

This is a Loki'd ClockWorkMod Recovery TOUCH file that I created on my AT&T Samsung Galaxy S4 SGH-I337 with the UCUAMDL baseband.
Flash using loki_flash in a Terminal window (how I did mine) or ADB using the command loki_patch recovery cwm.lok. If running in a Terminal window, make sure you have SU access first and that the cwm.lok file is in the same folder as the loki_patch file. I placed both of mine on the root of my external SD card.
After flashing this I rebooted into Recovery via ROM Manager and Touch was installed.
Hope this helps someone else!

Can you give clearer, more specific instructions on how to use this?

this is pre-lokid whe build by builder.clockworkmod.ckm
Sent from my SGH-I337 using Tapatalk

jd1639 said:
Can you give clearer, more specific instructions on how to use this?
Click to expand...
Click to collapse
UnRar the file and copy the CWM.LOK file onto your SD card.
Download and save the loki_flash file from here:https: // github dot com/djrbliss/loki/tree/master/bin
Copy the loki_flash file onto your SD card in the same location as the CWM.LOK file.
Open a Terminal session (download and install your favorite Terminal app from the Play store)
In the Terminal window type:
[email protected]:/ $ su
[email protected]:/ # cd /<path to location you saved the files to>
[email protected]:/ # ./loki_flash recovery cwm.lok
* Note - not responsible if this bricks your device. Your best bet is to read up on how to do this yourself at https:// github dot com/djrbliss/loki, save your own aboot.img file and built your own CWM.LOK file.

blackwing182 said:
this is pre-lokid whe build by builder.clockworkmod.ckm
Sent from my SGH-I337 using Tapatalk
Click to expand...
Click to collapse
If this recovery.img file was downloaded from http://www.clockworkmod.com/rommanager then it is not loki'd by default. I actually just tried to flash the .img file i downloaded from there and it gave me the unauthorized BS and i had to heimdall the stock recovery image back on.
ROM Manager has a script that it runs AFTER the recovery.img file is downloaded that loki's the recovery.img, then flashes it to the device.

Question....
jakew02 said:
If this recovery.img file was downloaded from http://www.clockworkmod.com/rommanager then it is not loki'd by default. I actually just tried to flash the .img file i downloaded from there and it gave me the unauthorized BS and i had to heimdall the stock recovery image back on.
ROM Manager has a script that it runs AFTER the recovery.img file is downloaded that loki's the recovery.img, then flashes it to the device.
Click to expand...
Click to collapse
I have full root access with SuperSU on sgh_i337 NC1 SELinux permissive. I froze all Knox related apps with TiBu. You flashed and soft bricked... now my question is.... Is it Knox that gave you the warning about the unauthorized flash attempt? I don't think I can flash traditionally anyway with the boot loader the way it is, but I havnt found anyone else that's fully rooted 4.4.2 either, so this is an original question lol. If I soft brick, I'm pretty well dead at this point, but in for a dime, in for a dollar I guess lol. After a 15 hour hack session fighting with Knox I don't wan to lose now :cyclops: I need a recovery though,

Lt1streconbn said:
I have full root access with SuperSU on sgh_i337 NC1 SELinux permissive. I froze all Knox related apps with TiBu. You flashed and soft bricked... now my question is.... Is it Knox that gave you the warning about the unauthorized flash attempt? I don't think I can flash traditionally anyway with the boot loader the way it is, but I havnt found anyone else that's fully rooted 4.4.2 either, so this is an original question lol. If I soft brick, I'm pretty well dead at this point, but in for a dime, in for a dollar I guess lol. After a 15 hour hack session fighting with Knox I don't wan to lose now :cyclops: I need a recovery though,
Click to expand...
Click to collapse
This thread is from 2013, and it's referring to the old MDL firmware. Your on NC1, which came out nearly a year after this was posted... the reason your phone is softbricked is because any loki-based recoveries,etc do not work on devices MF3+. Your want to check out this thread to get help in restoring your device. Remember, next time to look at the date of the posting and to read around the forums before trying to modify your device if you are unsure what you are suppose to be doing.
Your need to use Odin, to flash your phone back to stock NC1. It's in the thread I linked above....

I'm not soft bricked lol... I'm trying to figure out how far I can push it without that happening I have su in /system/xbin & /system/bin... Long story but I needed it there while I was restricted to root access only in terminal emulator for a few hours getting Knox to take a nap. I have learned new respect for that dang little app!!!! I actually got full root without PC/Linux support In 4.4.2 that's... Probably the reason's Knox never saw it happening lol I'm still messed on recovery besides safe strap unfortunately, but I'll take SuperSU over towelroot or safe root any day I grabbed a nap and I'm deodexing my system apps and framework now. I was kinda excited and didn't notice the date... Ty for the help, but Ialready have stock firmware I'd need. I'll head over to the newer thread... I actually have an idea on the boot loader from the decompiled Knox file I've gone thru. The boot loader IS locked, but we have a very limited exploit. Knox has been revamped five times that I caught I believe, and it ridiculously still had the ability to safely uninstall itself like it done early on lol. Crazy! Anyhow tks... I'll head over there. This was just funnier than when I found 'vold 2.0 the vengence' rofl

[Q] Batch file won't open

Hi All, new to forums. No one else seems to have had this problem, or am I trying to open it wrong? I try to d-click the batch file runme.bat to get root access but it won't open as the message says it's not supported on LG-Optimus L7II dual running Android 4.1.2. It opens in Win 7 so it proves that the file is OK. Hope I get some info on this, thanks.

Hello,
.bat files are Windows/DOS batch scripts that does not (generally) work on Android.
Most likely you have to run that .bat file on the Windows computer with your phone connected.

Root It Using Exploit
firey55 said:
Hi All, new to forums. No one else seems to have had this problem, or am I trying to open it wrong? I try to d-click the batch file runme.bat to get root access but it won't open as the message says it's not supported on LG-Optimus L7II dual running Android 4.1.2. It opens in Win 7 so it proves that the file is OK. Hope I get some info on this, thanks.
Click to expand...
Click to collapse
Root with Restore is very old method and is Patched on almost all new devices..
Here are some new methods ..
Cydia Impactor
http://www.cydiaimpactor.com/
This tool roots almost any Android device..
After rooting download either Superuser.apk or SuperSU.apk
I have tested this Exploit on almost 10 devices, And it rooted them all.. :good:
Hey Hit the Thanks if it helps..

Batch file help
Mrkvak said:
Hello,
.bat files are Windows/DOS batch scripts that does not (generally) work on Android.
Most likely you have to run that .bat file on the Windows computer with your phone connected.
Click to expand...
Click to collapse
Sorry it took so long to get back and thank you, got busy new years eve and had to check a few things out.
I was trying to root with Rootland app and I mistook the instructions for runme.bat to run on mobile and not
computer.Thanks for putting me right. I will also reply to Cyrus_pc who also has helped.
Firey55

Fixed Root
Cyrus_pc said:
Root with Restore is very old method and is Patched on almost all new devices..
Here are some new methods ..
Cydia Impactor
This tool roots almost any Android device..
After rooting download either Superuser.apk or SuperSU.apk
I have tested this Exploit on almost 10 devices, And it rooted them all.. :good:
Hey Hit the Thanks if it helps..
Click to expand...
Click to collapse
Thanks heaps Cyrus_pc, Had to use Cydia Impactor a few times to reroot, worked perfectly. It gained root but Root Checker from Jacksoft labs
said no root. So did search on xda forums (can't Remember thread to thank them) and used terminal to type SU and check root(thanks). Also, used Root Checker by joeykrim and that does work.
If I can indulge a bit about other problems with my phone model LG Optimus L7 II Duo P716, this may help others. I first wanted root access to use Titanium Backup and Rom Manager before using LG update to see what was new and roll back if needed. Bad move, Rom Manager wouldn't backup or boot to recovery mode just kept Factory resetting and loosing settings(what a pain).
Fix this from xda thread from Blackzair with (CWM Recovery on LG P&15 L7 II Dual) boothack+recovery.rar to load Gscript.apk. Got into recovery even though as he said screen is upside down.Tried to load a CM 10 but it didn't take, will have to check boot image version.
Thanks again to everyone
Firey55

[Q] CF-Auto-Root for Nexus 5 - How it works?

Hey guys,
I couldn't find it anywhere and I don't really know if this is the right place to ask, but I'll give it a try...
I wonder how does the CF-Auto-Root for the nexus 5 works?
I can see in the windows batch file that it unlocks the bootloader (that's the easy part) and than boot with some image file.
It seems that this tool is not installing any custom recovery which I always saw is a necessary tool for rooting.
What exactly is this image file? what does it do? Where does it come from? What it contains?
Why it's device related (different image files for different nexus devices running the same stock version).
Thanks,
Casteel.

Casteel said:
Hey guys,
I couldn't find it anywhere and I don't really know if this is the right place to ask, but I'll give it a try...
I wonder how does the CF-Auto-Root for the nexus 5 works?
I can see in the windows batch file that it unlocks the bootloader (that's the easy part) and than boot with some image file.
It seems that this tool is not installing any custom recovery which I always saw is a necessary tool for rooting.
What exactly is this image file? what does it do? Where does it come from? What it contains?
Why it's device related (different image files for different nexus devices running the same stock version).
Thanks,
Casteel.
Click to expand...
Click to collapse
Unlocking and rooting is a piece of cake with CF Auto Root for the N5, i never xperienced issues with it. Download CF Root for the Nexus 5, unzip it with 7-zip. Enable usb debugging in developer options, then go into bootloader/fastboot mode, open the uznipped CF Root folder and press Root_windows.bat and follow instructions. Takes 30 seconds - 1 minute all in all.

Thanks, but...
gee2012 said:
Unlocking and rooting is a piece of cake with CF Auto Root for the N5, i never xperienced issues with it. Download CF Root for the Nexus 5, unzip it with 7-zip. Enable usb debugging in developer options, then go into bootloader/fastboot mode, open the uznipped CF Root folder and press Root_windows,bat and follow instructions. Takes 30 seconds - 1 munute all in all.
Click to expand...
Click to collapse
First, thanks for your response.
I don't have a problem with making it work.
As you said, it is super simple and no question it's a great tool.
My question is about how it works? What exactly does it do behind the scene?

Casteel said:
First, thanks for your response.
I don't have a problem with making it work.
As you said, it is super simple and no question it's a great tool.
My question is about how it works? What exactly does it do behind the scene?
Click to expand...
Click to collapse
It unlocks the BL and injects superSU in one go without having to flash a seperate superSU.zip with a custom recovery. Thats all.

gee2012 said:
It unlocks the BL and injects superSU in one go without having to flash a seperate superSU.zip with a custom recovery. Thats all.
Click to expand...
Click to collapse
What do you mean by "injects SuperSU" ?
It sounds very simple from the way you say it. Why can't I do this myself?
I believe it doesn't just mean copy it to the right place.
Does it also include putting the su binary in the right system path with the right permissions?
How does the root privilage is gained?
Does only unlocking the BL let me write to the system partition?
I would really appreciate some technical details to understand this rooting process and what this image file contains.
Thanks again!

Read this http://forum.xda-developers.com/showthread.php?t=2507211 and this http://forum.xda-developers.com/showthread.php?t=1980683. You can also do the root yourself manualy if that more comfortable for you.

gee2012 said:
Read this http://forum.xda-developers.com/showthread.php?t=2507211 and this http://forum.xda-developers.com/showthread.php?t=1980683. You can also do the root yourself manualy if that more comfortable for you.
Click to expand...
Click to collapse
gee2012, I really appreciate your help.
I've already read (most of) these two threads before posted here, and couldn't find an answer to my questions,
only general explanations about how to make it work and how to solve problems,
nothing about HOW it works and what it actually does.
I have already rooted my device with this tool, I don't have any discomfort with is,
just pure technological curiosity about how it works.
Sure, I can also root myself manually, but all the guides I read about it mentioned installing custom recovery, and that tool does it with out it.

Casteel said:
gee2012, I really appreciate your help.
I've already read (most of) these two threads before posted here, and couldn't find an answer to my questions,
only general explanations about how to make it work and how to solve problems,
nothing about HOW it works and what it actually does.
I have already rooted my device with this tool, I don't have any discomfort with is,
just pure technological curiosity about how it works.
Sure, I can also root myself manually, but all the guides I read about it mentioned installing custom recovery, and that tool does it with out it.
Click to expand...
Click to collapse
Look here https://www.google.com/search?q=how+root+works&ie=utf-8&oe=utf-8&aq=t and other sites how root works http://stackoverflow.com/questions/...hat-are-the-pre-requisites-for-it-to-work-wha.
With Google you can find anything

Actually, I read this also...
It only talks about gaining root privilage using some system exploit.
So, you're telling that CF-Auto-Root is running some script in its bootable image file that is using some kind of exploit to gain root access?
Shouldn't it be less "hacky" thing in nexus devices?
And how can it be that the image file is related to specific devices and not to specific stock versions?
What prevents from other apps to use this so called "exploit"?

This is probably what you are looking for...
Embedded in the boot image a folder cfroot with the SuperSU apk file, the su binary and the necessary init scripts and there is a binary under sbin does the remaining steps of copying the files to the respective places. It is not an exploit, it merely uses the boot image and the boot process to "install" SuperSU. You do not need a custom recovery to root your phone, merely the capability to copy the superuser files to the /system partition.
In more detail:
1. Embedded in the ramdisk is a folder "cfroot" with "99SuperSUDaemon, install-recovery.sh, su and Superuser.apk".
2. In the sbin folder in the ramdisk is a binary "cfautoroot" which does stuff like copy the above files to the correct locations and set the appropriate permissions, etc.
3. This file is called through the "recovery" script/binary in the sbin folder
4. The "recovery" script/binary is executed as a startup server via the init system in "init.rc" within the ramdisk
The result:
When you boot up, the superuser files are copied to the respective locations with the right permission, thereby rooting the system

OK! Now we're getting closer
Thank you very much.
But I still have some confusions...
You said:
craigacgomez said:
there is a binary under sbin does the remaining steps of copying the files to the respective places.
You do not need a custom recovery to root your phone, merely the capability to copy the superuser files to the /system partition.
Click to expand...
Click to collapse
How did the "cfautoroot" got to my phone sbin folder?
How do I get the capability to copy the superuser files to the system partition?
Putting things in these folders and set their appropriate permissions doesn't require root from the first place?
How is the init.rc calling the recovery script to run the cfautoroot? shouldn't I need root access to modify init.rc?
[Is the CF-Auto-Root source code available somewhere to see all these files you're talking about?]
It sounds like only unlocking the bootloader is giving me some sort of "root" capabilities to do all these stuff. is it true?
Will this method work in non Nexus devices either?
And what are all those "exploits" that so many rooting guides are talking about?
I'm guessing it desn't have anything with rooting Nexus devices since rooting them is kind of part of their existence, isn't it?
Thanks again! :good:

Casteel said:
OK! Now we're getting closer
Thank you very much.
But I still have some confusions...
You said:
How did the "cfautoroot" got to my phone sbin folder?
How do I get the capability to copy the superuser files to the system partition?
Putting things in these folders and set their appropriate permissions doesn't require root from the first place?
How is the init.rc calling the recovery script to run the cfautoroot? shouldn't I need root access to modify init.rc?
[Is the CF-Auto-Root source code available somewhere to see all these files you're talking about?]
It sounds like only unlocking the bootloader is giving me some sort of "root" capabilities to do all these stuff. is it true?
Will this method work in non Nexus devices either?
And what are all those "exploits" that so many rooting guides are talking about?
I'm guessing it desn't have anything with rooting Nexus devices since rooting them is kind of part of their existence, isn't it?
Thanks again! :good:
Click to expand...
Click to collapse
"cfautoroot" is a binary created by Chainfire which is embedded in the sbin folder in the kernel ramdisk. It's in the CF Auto Root boot image. Android kernels are essentially Linux kernels and have an init process which is basically a bootstrap/startup process. init.rc is part of this process. It is run when the kernel boots up. Anything within the init process is low-level and essentially run as "root". It kick-starts various other processes like zygote which is the Android process management system. This will help you understand the init process a bit better (http://www.mekya.com/blog/2012/03/android-initialization-from-init-rc-to-third-party-code/). In the init.rc file is a line which "executes" the file /sbin/recovery (which is embedded in the ramdisk along with cfautoroot). This in turn "executes" cfautoroot which takes care of copying the superuser files to the correct locations and setting the correct permission. All this is done within the init process and has elevated (root) permission.
Unlocking the bootloader does not root your phone. It simply allows you to flash "unsigned" (custom) boot images.
Any phone with the ability to flash a custom boot image can make use of this process.
Exploits make use of holes or workarounds to either flash a custom boot image or inject files into the system partition without unlocking the bootloader and are only needed if you cannot unlock the phone bootloader.
Hope this helps!

Casteel said:
Hey guys,
I couldn't find it anywhere and I don't really know if this is the right place to ask, but I'll give it a try...
I wonder how does the CF-Auto-Root for the nexus 5 works?
I can see in the windows batch file that it unlocks the bootloader (that's the easy part) and than boot with some image file.
It seems that this tool is not installing any custom recovery which I always saw is a necessary tool for rooting.
What exactly is this image file? what does it do? Where does it come from? What it contains?
Why it's device related (different image files for different nexus devices running the same stock version).
Thanks,
Casteel.
Click to expand...
Click to collapse
Thank you for asking the question and being polite yet persistent about getting your answer. I have been trying to get to this answer myself for some time now.
Sent from my Nexus 5 using Tapatalk

Great! now we're even closer :victory:
So in the boot process I have elevated privilages, that basically what I was missing.
But this bootable image file is not an image of the OS, isn't it?
It is an image of the kernel?
It is some sort of pre-handled file system that the device is booted into and than startup the OS?
Or something like that...?
Thanks for your patient and the very quiqc responses!
We're almost there...

Casteel said:
Great! now we're even closer :victory:
So in the boot process I have elevated privilages, that basically what I was missing.
But this bootable image file is not an image of the OS, isn't it?
It is an image of the kernel?
It is some sort of pre-handled file system that the device is booted into and than startup the OS?
Or something like that...?
Thanks for your patient and the very quiqc responses!
We're almost there...
Click to expand...
Click to collapse
The boot image is not the OS image. It contains the kernel and the ramdisk. The ramdisk is the basically the root filesystem (/) which the kernel mounts, after which the init process begins and init.rc is called. Nothing is ever persisted or modified in the root filesystem unless it is done during the init process or it is embedded in the ramdisk

craigacgomez said:
The boot image is not the OS image. It contains the kernel and the ramdisk. The ramdisk is the basically the root filesystem (/) which the kernel mounts, after which the init process begins and init.rc is called. Nothing is ever persisted or modified in the root filesystem unless it is done during the init process or it is embedded in the ramdisk
Click to expand...
Click to collapse
Nice.
I thought the root file system is part of the OS image.
So basically, I can have the same OS installed on my devices with different file systems according to what is defined in boot?
One last question and I will stop bother you
Why is the image file device related?
Meaning, why nexus 4, 5 and 7 have different CF-Auto-Root?
(Nexus 7 even got several).
Thanks again!

Casteel said:
Nice.
I thought the root file system is part of the OS image.
So basically, I can have the same OS installed on my devices with different file systems according to what is defined in boot?
One last question and I will stop bother you
Why is the image file device related?
Meaning, why nexus 4, 5 and 7 have different CF-Auto-Root?
(Nexus 7 even got several).
Thanks again!
Click to expand...
Click to collapse
Yes, you could theoretically change the way your filesystem is defined via the boot image, but Android as an OS expects some things.
And each device has different autoroot files because they have different kernels and some differences in some init scripts specific to the hardware. Some devices like the Nexus 7 have multiple version (LTE & non-LTE for example) and there are hardware differences and different kernels.

craigacgomez said:
Yes, you could theoretically change the way your filesystem is defined via the boot image, but Android as an OS expects some things.
And each device has different autoroot files because they have different kernels and some differences in some init scripts specific to the hardware. Some devices like the Nexus 7 have multiple version (LTE & non-LTE for example) and there are hardware differences and different kernels.
Click to expand...
Click to collapse
A thousand thanks, Craig Gomez!
You really helped.
I truely appreciate the patient and the kindful responses.
It was a nice first experience in this forum.
Thank you very much!

Casteel said:
A thousand thanks, Craig Gomez!
You really helped.
I truely appreciate the patient and the kindful responses.
It was a nice first experience in this forum.
Thank you very much!
Click to expand...
Click to collapse
Glad I could help you... It's what communities are all about... Sharing knowledge and experiences.
Sent from my Nexus 5

Excellent thread. Thanks to OP and members who responded.

Flashing custom recovery without PC (Samsung)

Hi guys I have Samsung Galaxy Trend Plus (Gt-S7580) and I want to flash custom rom. I was curious if it is possible to flash custom recovery ( https://www.androidfilehost.com/?w=files&flid=42027 ) with file extension .tar.md5 without using Odin because I dont have access to PC with administrator rights. All apps which provide flashing only use .img file. If any of you guys have solution I would love to hear it. Thanks in advance.

serious_man said:
Hi guys I have Samsung Galaxy Trend Plus (Gt-S7580) and I want to flash custom rom. I was curious if it is possible to flash custom recovery ( https://www.androidfilehost.com/?w=files&flid=42027 ) with file extension .tar.md5 without using Odin because I dont have access to PC with administrator rights. All apps which provide flashing only use .img file. If any of you guys have solution I would love to hear it. Thanks in advance.
Click to expand...
Click to collapse
Have you tried the app "mobile odin"?. It is made by chainfire and is availible (at cost, but I highly recommend it) in the play store. That is, assuming if you have root. But, not sure if he supports your phone. If not, you can always dd flash it in android terminal emulator.

RAZERZDAHACKER said:
Have you tried the app "mobile odin"?. It is made by chainfire and is availible (at cost, but I highly recommend it) in the play store. That is, assuming if you have root. But, not sure if he supports your phone. If not, you can always dd flash it in android terminal emulator.
Click to expand...
Click to collapse
Thank you very much for quick response i tried mobile odin but my device wasnt supported. But one dude at cyanogen forum found out that .tar.md5 is just compressed .img so if you have right app you can easily extract it. Now is everything running perfectly.