Android
Customizing Android phone
Obtaining root access
- requested unlock key on Sony website
- backed up data
- found out precise version of firmware/software
- installed
android-tools-adb
andandroid-tools-fastboot
- unlocked bootloader
fastboot -i 0x0fce oem unlock 0x2C...21
(erased user data)- may be it was unnecessary
-
then I downloaded [[http://forum.xda-developers.com/showthread.php?t=1886460 Bin4ry utility]] for rooting - changed executable permission on
stuff/*
files
Console:
michal@blackbox:~/phone/v36$ bash RunMe.sh
==================================================================================================
= This script will root your Android phone with adb restore function =
= Script by Bin4ry (converted to shell by jamcswain) =
= (15.06.2014) v36 =
===================================================================================================
Device type:
0) New Z2 Root Method by cubeandcube (thanks man!)
1) 2014 root (thx jcase for nice pwn binary :-) and xsacha for the exploit )
2) Xperia Root by cubeundcube
3) Normal
4) Special (for example: Sony Tablet S, Medion Lifetab)
5) New Xperia Root by Goroh_kun
G) Google Glass Root (thx to Saurik for the ab file)
x) Unroot
Make a choice:
Please enter a valid number(1 to x):
3
Checking if I should run in Normal Mode or special Sony Mode
Please connect your device with USB-Debugging enabled now
Waiting for device to shop up, if nothing happens please check if Windows ADB-drivers are installed correctly!
adb server is out of date. killing...
* daemon started successfully *
736 KB/s (210390 bytes in 0.278s)
remote object '/system/bin/ric' does not exist
Found Sony Backup-Restore.apk
LT26,LT22 etc. mode enabled!
Pushing busybox....
4215 KB/s (1165484 bytes in 0.270s)
Pushing su binary ....
1595 KB/s (104576 bytes in 0.063s)
Pushing Superuser app
3923 KB/s (2139595 bytes in 0.532s)
Making busybox runable ...
Pushing fake Backup
4177 KB/s (73728 bytes in 0.017s)
Extracting fakebackup on device ...
Watch now your device. Select the backup named RootMe and restore it!
Starting: Intent { act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] cmp=com.sonyericsson.vendor.backuprestore/.ui.BackupActivity }
If all is successful I will tell you, if not this shell will run forever.
Running ......
Good, it worked! Now we are rebooting soon, please be patient!
RunMe.sh: line 252: wait: pid 3 is not a child of this shell
RunMe.sh: line 255: wait: pid 10 is not a child of this shell
Waiting for device to come up again....
Going to copy files to it's place
mount: permission denied (are you root?)
You can close all open command-prompts now!
After reboot all is done! Have fun!
Bin4ry
^C
Then run it as root:
michal@blackbox:~/phone/v36$ sudo bash RunMe.sh
[sudo] password for michal:
==================================================================================================
= This script will root your Android phone with adb restore function =
= Script by Bin4ry (converted to shell by jamcswain) =
= (15.06.2014) v36 =
===================================================================================================
Device type:
0) New Z2 Root Method by cubeandcube (thanks man!)
1) 2014 root (thx jcase for nice pwn binary :-) and xsacha for the exploit )
2) Xperia Root by cubeundcube
3) Normal
4) Special (for example: Sony Tablet S, Medion Lifetab)
5) New Xperia Root by Goroh_kun
G) Google Glass Root (thx to Saurik for the ab file)
x) Unroot
Make a choice:
Please enter a valid number(1 to x):
3
Checking if I should run in Normal Mode or special Sony Mode
Please connect your device with USB-Debugging enabled now
Waiting for device to shop up, if nothing happens please check if Windows ADB-drivers are installed correctly!
1364 KB/s (210390 bytes in 0.150s)
remote object '/system/bin/ric' does not exist
Found Sony Backup-Restore.apk
LT26,LT22 etc. mode enabled!
Pushing busybox....
4744 KB/s (1165484 bytes in 0.239s)
Pushing su binary ....
1823 KB/s (104576 bytes in 0.055s)
Pushing Superuser app
5195 KB/s (2139595 bytes in 0.402s)
Making busybox runable ...
Pushing fake Backup
1391 KB/s (73728 bytes in 0.051s)
Extracting fakebackup on device ...
Watch now your device. Select the backup named RootMe and restore it!
Starting: Intent { act=android.intent.action.MAIN cat=[android.intent.category.LAUNCHER] cmp=com.sonyericsson.vendor.backuprestore/.ui.BackupActivity }
If all is successful I will tell you, if not this shell will run forever.
Running ......
Good, it worked! Now we are rebooting soon, please be patient!
RunMe.sh: line 252: wait: pid 3 is not a child of this shell
RunMe.sh: line 255: wait: pid 10 is not a child of this shell
Waiting for device to come up again....
Going to copy files to it's place
mount: permission denied (are you root?)
You can close all open command-prompts now!
After reboot all is done! Have fun!
Bin4ry
- didn’t work though
- I checked install from unknown sources option
So I tried different option:
michal@blackbox:~/phone/v36$ sudo bash RunMe.sh
==================================================================================================
= This script will root your Android phone with adb restore function =
= Script by Bin4ry (converted to shell by jamcswain) =
= (15.06.2014) v36 =
===================================================================================================
Device type:
0) New Z2 Root Method by cubeandcube (thanks man!)
1) 2014 root (thx jcase for nice pwn binary :-) and xsacha for the exploit )
2) Xperia Root by cubeundcube
3) Normal
4) Special (for example: Sony Tablet S, Medion Lifetab)
5) New Xperia Root by Goroh_kun
G) Google Glass Root (thx to Saurik for the ab file)
x) Unroot
Make a choice:
Please enter a valid number(1 to x):
2
Please connect your device with enabled USB-Debugging ...
Copy needed files ...
360 KB/s (17768 bytes in 0.048s)
2384 KB/s (104576 bytes in 0.042s)
3222 KB/s (2139595 bytes in 0.648s)
5096 KB/s (1165484 bytes in 0.223s)
3 KB/s (148 bytes in 0.040s)
50 KB/s (2092 bytes in 0.040s)
Running Exploit
ro.build.product=MT27i
ro.build.id=6.1.1.B.1.54
search kallsyms...
1 2 3 4 5 6 7 8 9 10
(kallsyms_addresses=c06b7170)
(kallsyms_num_syms=0000c29a)
kernel dump...
1 2 3 4 5 6 7 8 9
analyze ptmx_open...
search ptmx_fops...
prepare_kernel_cred=c00c48fc
commit_creds=c00c4138
ptmx_fops=c09e9a90
Succeeded in getroot!
204+1 records in
204+1 records out
104576 bytes transferred in 0.004 secs (26144000 bytes/sec)
4178+1 records in
4178+1 records out
2139595 bytes transferred in 0.082 secs (26092621 bytes/sec)
2276+1 records in
2276+1 records out
1165484 bytes transferred in 0.090 secs (12949822 bytes/sec)
Rebooting now, after reboot all should be done!
You can close all open command-prompts now!
After reboot all is done! Have fun!
Bin4ry
- and after reboot I had
SuperSU application
- then I’ve done factory reset (erase user data) and SuperSU application persisted