Yesterday, we talked about rooting your Android device and all the advantages root gives you. If that made you want to root, there are a couple ways you can go about it.
The easiest method is to use a one-click application solution like unrEVOked, but it only supports certain devices. SuperOneClick is a similar application that supports almost any device, but I cannot always get it to work with my computer.
In my experience, I have found that the most reliable root method is to simply run the commands yourself. It may be a little more difficult than the one-click solutions, but it is practically guaranteed to work.
Even so, you should still read through the directions before you begin, and if you are not comfortable with any of the steps, then you should probably not attempt to root. This is a fairly advanced tutorial, so make sure you're prepared for some bumps, even though there shouldn't be any.
Rooting gives you valuable experience with ADB, knowledge of root methods, and in general a better ability to solve problems with your device as well. Still, you do not need to do this if one-click solutions have worked for you, or if you do not feel comfortable with the process. If you do want to learn more about Android by manually rooting your device, just keep in mind that you root at your own risk, and any damage to your device is your fault.
Prerequisites
There are a few things that you need to have before you start rooting. Obviously, you will need an Android device with Android 1.5 or higher and a USB cable to connect it to your computer. You will also need to have some files from this SuperOneClick .zip and the Android SDK/ADB up and running on your computer. If you are unfamiliar with ADB, our sister site GoodAndEvo has an awesome ADB tutorial that should get you up to speed.
First, we need to move some files around to make running commands a bit easier.
Unzip the SuperOneClick .zip and pull out the su-v3, busybox, Superuser.apk, psneuter, and GingerBreak files. Rename su-v3 to su, and place the files in your ADB Platform-tools directory, which is contained in the Android SDK folder on your computer.
If you are on Windows, you will also need to have proper drivers for your phone installed. These can usually be found by going either to the manufacturer website or searching for the name of your phone and the word "drivers." Once you find drivers, download and install them like any other application.
Rooting your device
Now that you have ADB setup and the proper exploit files, you are finally ready to root. Still, before you start running commands, you need to put your phone in USB debugging mode (settings > applications > development > enable USB debugging) and connect it to your computer.
With that out of the way, you can finally open command prompt to run some commands.
To open the command prompt in Windows, just click on Start, then Run, and type cmd.exe. In Linux, open whichever terminal emulator suits you. Once you have a command prompt, you need to enter your platform-tools folder, also called a directory. You can use the "cd" or change directory command to accomplish this. If your sdk folder is called "android-sdk" the command should look like this: cd android-sdk_r11-windows/platform-tools.
This command will leave you with a shell prompt in the platform-tools directory. From here, you can run the commands that will actually root your phone. Be sure to run these commands exactly as they are written. The commands with an "$" or "#" will only run after the "adb shell" command.
First, here are the commands that run the psneuter exploit and gain a root shell.
- adb devices
- adb push psneuter /data/local/tmp
- adb shell
- $ cd /data/local/tmp
- $ chmod 777 psneuter
- $ ./psneuter
At this point, the exploit will run and close the shell. You will need to run these commands to restart the ADB server.
- adb kill-server
- adb devices
Now comes the moment of truth. Use the
- adb shell
command to open a shell. If you see a "#" sign, you have root access, so go ahead and continue to the next part of this tutorial. If not, you can go back and try the previous steps again, or ask for help in the comments.
We now need to make this root permanent. From the root shell you just opened, type the following commands.
- # mount -o remount,rw -t rfs /dev/block/st19 /system
- # exit
- adb push busybox /system/bin
- adb push su /system/bin
- adb install Superuser.apk
- adb shell
- # chmod 4755 /system/bin/busybox
- # chmod 4755 /system/bin/su
- # mount -o remount,ro -t rfs /dev/block/st19 /system
- # exit
- adb reboot
At this point, your device should reboot. You can check for the Superuser icon in the app drawer, and then try a root only app like Titanium Backup. If that works, congratulations. You have successfully rooted your Android device. Prepare to enjoy all the benefits of root.
If you are having trouble with this tutorial or want to offer others a tip, please leave a comment and I will do my best to respond.
Very nice. Thank you. Having first used PCs when there were no real GUIs, I’m comfortable with the command line and appreciate having these steps as a “foolproof” method to root most any android device.
I don’t get it… So is this a viable way to root any new phone like my evo 4g and 3d?
Why wouldn’t people just learn how to do this real quick instead of waiting for someone to make a one-click method?
use the paperclip trick for your htc evo 3d/4g
i did, it just takes some tries, but it’s no harm to your phone.
come visit our forums.
http://androidforums.com/evo-v-4g-all-things-root/546171-htc-evo-v-4g-all-things-root-guide.html
Help it says ‘The system cannot find the file path specified.’ when I typed in the 4th step: ‘cd /data/local/tmp’ after successfully completing the steps before it???
Make sure you are in the ADB shell, you should have a $ command prompt.
Devices like the EVO 3D and newer phones have locked bootloaders, and sometimes other security measures in place that have to be broken on a phone by phone basis. But for some devices, especially those released with an older version of Android, you can simply root them with this method.
Please explain these commands? thank you very much…
# mount -o remount,rw -t rfs /dev/block/st19 /system
Thank you. Thie worked when ALL else failed on my Galaxy tab
Glad to help, this has been my go to root for Samsung devices when superoneclick wont work.
This worked perfectly for my Droid X running froyo 2.2.1, I’m trying to prep my phone for 2.3, so thanks!
My device (Pantech Breakout) is not showing up at the “adb devices” stage. I do have USB debugging on. Any ideas?
Tried this on my Samsung Galaxy S i9000M running 2.3.3
Running psneuter results in:
$ ./psneuter
./psneuter
Failed to set prot mask (Inappropriate ioctl for device)
Googling around led me to try running GingerBreak:
$ ./GingerBreak
./GingerBreak
[**] Gingerbreak/Honeybomb — android 2.[2,3], 3.0 softbreak
…
[*] vold: 0000 GOT start: 0×00024404 GOT end: 0×00024444
but it never completes. Killing the server, and starting a new shell shows that root access has not been achieved.
Any ideas?
mount -o remount, rw -t rfs /dev/block/st19/system
Usage: mount [-r] [-w] [-o options] [-t type] device directory
aparantely for me this command it doesn’t work.
did you mean
# mount -o remount, -r -w -t rfs /dev/block/st19/system
?
# mount -o remount,ro -t rfs /dev/block/st19 /system
There is no space between remount, & ro.
Make sure you are running the command as admin on Windows or root on Linux, if you were already doing that they you can try following the instructions here: http://www.farside.org.uk/200906/adb_no_devices_found
Make sure you are running the command as admin on Windows or root on Linux, if you were already doing that they you can try following the instructions here: http://www.farside.org.uk/200906/adb_no_devices_found
I am fairly sure that it should be rw or at least -rw for read/write, as I used these instructions to root one of my devices, but does the other work for you?
I need to update the tutorial and instruct people to use GingerBreak for devices above 2.2, but I am not sure why the exploit is not working on your device. Basically, Googling is the best I can do until I have another Gingerbread device to root myself.
The reason people are waiting for one-click type methods is because of posts after yours. I haven’t even gone that far yet but I guarantee that there are people who get stuck, confused or can’t go beyond certain steps. In theory rooting your phone manually sounds easy until you actually do it and can’t get beyond a certain step or the phone fails to root.
The best one-click style app I’ve seen has been the z4Root. Load it to your phone, click the “Root” button and you are rooted. Want to unroot your phone? Click the “Unroot” button and you are unrooted. It doesn’t get much simpler than that and if it didn’t work you didn’t have to worry about messing up your phone. Unfortunately the developer of that app decided not to keep updating the app since Froyo gave him so much trouble. I’m no programmer so I have no idea who hard it is to make a true one-click rooting app but I wish someone with the talent would build one so the hundreds if not thousands who are too afraid to do it manually or do not want to learn the technical skills of rooting by computer manually.
Everyone’s experience varies. You could follow these directions and say “What a piece of cake” while there are many others who end up giving up or get stuck on a certain step and never get rooted. It seems to be that there is no consistency in the hardware, (Phones). Seriously, if you think about it, if it really was that easy and foolproof why would the forums be filled with questions and cries for help rooting their phones. Even experiences rooters run into problems but they don’t freak out because they know eventually someone will tweak the apps so they can use different ROMS or try other methods. Manually rooting is a little more than I would prefer to work with. I drive a car but I don’t have to know how to repair one. I’m hoping someone will be the mechanic for those who do not want to deal with the headaches.
I have nothing but respect for the developers who spend days/weeks/months putting apps together. Its just a matter of finding the right method for you and your phone. I haven’t found my savior yet but I”m still looking.
There should be a spece between /dev/block/st19 and /system, like this:
mount -o remount, rw -t rfs /dev/block/st19 /system
Does this work with Samsung Galaxy S2?
I understand that there is a need to flash an insecure kernel first prior to executing SuperOneClick, as the stock bootloader will prevent write access to all partitions except /cache and /data.
From your guide, it seems that we can just push (write) to the /system partition without modifying the bootloader. Am I missing anything here?
Thanks
You will need to run the gingerbreak exploit before you can push to /system, but I don’t believe you need to modify the bootloader first.
Must I use exploit like Gingerbreak, can I not just boot into debugging mode, and execute the commands to push in the necessary files?
Pushing can be done without root to most folders, yes.
when i start enter command got error “adb: permission denied”
what i do ?
I ./psneuter, and it says restarting adb, should restart in a few seconds, but nothings happening… What am I doing wrong?
Its a problem with psneuter, try downloading gingerbreak and running it instead
I have gotten to the point where I have temp root access indicated by the #, however my phone restarts itself anytime I try to do something. Help?
Ok so now anytime I type in mount -o remount,rw -t rfs /dev/block/st19 /system my phone freezes then I have to pull the battery to turn it on. Sorry to keep bugging you, I just have no idea whats wrong…
I’m having the same problem as jordan. When I get partial root access and i type that code in the phone shuts off. what to do?Q???Q?!?
Hi mate.. first of all, greate guide!
But I’m afraid I need to bump the thread here.. I’m stuck just after Jordan’s command.
I get following error message: failed to copy ‘busybox’ to ‘/system/bin/busybox’: Out of memory
hey man great job. I do have one question in regards to the gingerbreak. Where do I place the gingerbreak file to run the command in DOS? Hope I’m making sense
You need to actually push it to the phone, and then use ADB shell to run it .
hello I have a problem when root
in this line:
mount-o remount, rw-t RFS / dev/block/st19 / system failed: invalid argument
can you help me please
hello I have a problem when root
in this line:
mount-o remount, rw-t RFS / dev/block/st19 / system failed: invalid argument
can you help me please
This was the only I could manage to root a Vodafone smart. Thanks.
Glad it helped.
i can not push busybox to /system/bin , out of memory problem, how can i fix?
I was willing to test this on a desire s (hboot 2.00.0002, android vs 2.3.5), with a small variation…
I can get shell root acess “#” using unlockroot 2.3.1 tool, the thing is that this soft does not manage to install superuser.zpa, su and busybox on the phone, when i reboot, i loose shel root.
Can you tell me please if i run unlockroot 2.3.1 to get “#” and then run the commands:
# mount -o remount,rw -t rfs /dev/block/st19 /system
# exit
adb push busybox /system/bin
adb push su /system/bin
adb install Superuser.apk
adb shell
# chmod 4755 /system/bin/busybox
# chmod 4755 /system/bin/su
# mount -o remount,ro -t rfs /dev/block/st19 /system
# exit
adb reboot
I can get the root?
or do you think the desire s (HBOOT 2.00.0002, android 2.3.5) cam brick after this?
Thx for all the help.
i have android 2.3.6 both psneuter and gingerbreak don’t work. gingerbreak stops executing or perhaps hangs after this line:
[*] vold: 0000 GOT start: 0×00024404 GOT end:
0×00024444
As for Albert and Lois, ./psneuter does not work – “Failed to set prot mask (Inappropriate ioctl for device)”.
I am running Android 2.3.4 on a Kobo Vox eReader (Yes!) which used to run OK as a rooted tablet under 2.3.3. The forced upgrade seems to have added folder lockdowns (as mentioned above), preventing our programs writing to them.
Anyone worked out a way to unlock things yet? Preferably without very long-winded processes!
This method doesn’t work on LG p940 4.04
in my first attempt my tablet is android 2.3.3 m7206. it work out but it can’t install su, busybox in system it said system is read only. so it is temporary and when i reboot it the $ sign was back.
my second attempt boomsh unable to install when intalling zergRush, or psneuter and unable to root even for just temporary.
Please help how to renew or return it to new removing all tmp files?
and then is there a way to just copy paste the su, and busybox like an application when i rooted it for temporary and then download this application to browse in tmp and copy paste it to system files. what application can do this? please answer in my email.
I tried rooting my phone with this. I only reached this point. never moved after this.
$ ./gingerbreak
[**] Gingerbreak/Honeybomb — android 2.[2,3], 3.0 softbreak
…
[*] vold: 0085 GOT start: 0×00014374 GOT end: 0x000143b4
It stopped moving after this. What do I do? I tried a lot of different ways to root my phone. I’m using Alcatel Glory OT 918n.
Thanks.
This method does not work on Motorola Milestones XT720 (Android 2.1)
After I reboot the device (adb reboot), I found that the sign $ comes back. Not see the sign #
i try your way on buildroid for virtualbox ( http://www.buildroid.org/ )
but it’s not work i try to access root from
ES Explorer but it can’t
and i installed root checker and told me
the devices is rooted
Im not even sure how to get this started. Ive got the directory i need but when i type the first command i get
‘adb’ is not recognized as an internal or external command,
operable program or batch file.
this tutorial seems to be one of the best ive come across. my phone is china mt6516 engine, market name is GIONEE, model A10, running android 2.3.4. Tried different ways to root but to no avail. i believe manual tweaking might be the best option for now since others have failed even super1click. even if this fails, at least i will have advanced in my programming capabilities. im gonna give it a try. i dont think i will give up until my phone is rooted. thanks aaron
I am having following errors as well as mu device (Bsnl Penta IS701C) gets hang
uid=0 gid=0@android:/ # $ cd /data/local/tmp
$ cd /data/local/tmp
/system/bin/sh: $: not found
127|uid=0 gid=0@android:/ # $ chmod 777 psneuter
$ chmod 777 psneuter
/system/bin/sh: $: not found
127|uid=0 gid=0@android:/ # $ ./psneuter
$ ./psneuter
/system/bin/sh: $: not found
127|uid=0 gid=0@android:/ # adb kill-server
adb kill-server
uid=0 gid=0@android:/ # adb devices
adb devices
* daemon not running. starting it now on port 5038 *
* daemon started successfully *
adb shell
#
D:\Android\android-sdk-windows\platform-tools>
Thank you man. I did In a Samsung I5500 and It work first try.
Very good, Thank you again and again.
Is really necessary to Unroot? the SuperOneClick is blocking when I try it.
I can see in the screen on the right side that it block after trying the command:
chmod 775 /data/local/tmp/busybox
Thank you again.
Pretty good!
Other exploits did not work on my Motorola DEFY MD525.
For the version of Android that i was running i had to modify the procedure:
1- after “adb kill-server”, it is required an “adb remount” command before “adb devices”
2- different syntax of mount commands
mount -rw -o remount -t rfs /dev/block/st19 /system
mount -r -o remount -t rfs /dev/block/st19 /system
$ ./gingerbreak
[**] Gingerbreak/Honeybomb — android 2.[2,3], 3.0 softbreak
…
[*] vold: 0085 GOT start: 0×00014374 GOT end: 0x000143b4
It stopped moving after this. What do I do?.i am using
micromax a44 gingerbread 2.3.6
after three consecutive days trying everything including installing linux OS. this tutorial was the only one that works in my tablet (Storex eZee tab7c).
Thank very much (my brains also thank’s)
@apt…. am glad to see someone with the same type of my phone(gionee a10) ,I have tried almost all possible methods but still to no avail. How did yours go?? were you able to root your device???
$ ./pneuter doesn’t work what do I do???
That means the file isn’t there, try ls to see if psneuter is listed. You may have to cd to the proper directory, or push the exploit script again.
How long does GingerBreak usually take?
Thanks Aaron,
It worked on my captivate, now I wanted to check if my phone is rooted. So I tried to follow the instruction again, so I typed:
adb devices (listed my phone)
adb shell
Here I was supposed to get # but instead I got $ sign. what does that mean? Is my phone root? Why do I get # sign? BTW I already have superuser app in my phone from my first attempt to root.
I would also appreciate if anyone could show the update procedure from 2.2 to jellybean.
Try typing “su” and see if you get a prompt for root permissions from superuser or a root terminal. If so, everything went well.
Will this work on the Samsung Galaxy SIII international Lte? The OS is 4.1.2 Jelly Bean
Hello,
My device is HP Compaq AirLife 100 with Android 1.6. My system environment is Adb under LinuxMint13. Some days before this trial I installed Z4root including Superuser.apk. Z4root is deinstalled, Superuser was not possible to deinstall. Perhaps there is an influence from this history.
Afterwards I obeyed exactly your command sequence. Only one error message: Superuser is already installed. With the install -r option I forced overwrite of Superuser.
Now Titanium Backup tells me there is no root access.
What is wrong with my procedure?
My device is a zte vodafone smart tab 10 running honeycomb 3.2.1
I have followed all the first steps but after the “$ ./psneuter” step all i got was : “failed to set prot mask (inappropriate ioctl for device)” dose that mean that this will not work on my device and if so is there any other way to root my device?? please help
this worked for me : http://forum.xda-developers.com/showthread.php?t=1321582
This is very nice post
You have good knowledge of android
Can you give me some books name
on android which explain Internal Working
when i enter that $ chmod 777 psneuter it says permision denied
Dose this work for Android 4.1.1. Cuz I have tried to root my devices with one-click apps but it all failed.
stuck at the “chmod 777 psneuter” step
Hi,
I know the root principle and I did it successfully.
But now I get poblem with my new phone. It can be connected to the computer by the usb cable for file transafe. However, problem arises when I issue ADB command.
When I issue ADB devices command, the device is shown corretly. Then I try ADB shell. It comes up with error device.
I have tred serveal times and the result is the same.
Do you know what the problem is?
Problem with USB driver?
thanks
y is that this gionee a10 is really difficult to root? this is a badass phone. ll sale or give it for a tecno phone. tecno n7 just hit the market few months ago and the root file is every online. gionee suck! thanks pals for all your efforts, u guys rock but i think i should stop trying to root this silly phone and change brand!
i had this annoying smartphone from china that blocks most of the useful apps, including google play. now thanks to you, i have removed all the messy stuff. nice tip, man
Why does it say “No such file or directory” When I type in adb push /data/local/tmp ??? Please help