It’s Bugs All the Way Down

Rooting the Droid 3

The Motorola Droid 3 was released July 14, 2011, and has no public technique available to get root access. On request of some members of the Android community, I decided to audit the platform in order to root the device.

Update: this exploit is also confirmed to work on the Droid X, Droid X2, Droid Cliq, Droid Cliq 2, Droid 2, and Droid Bionic.

The Bug

I identified a vulnerability specific to Motorola devices in the script parsed by the init thread (this is existing code, not commands for you to run):

mkdir /data/local 0771 mot_tcmd shell
mkdir /data/local/tmp 0771 mot_tcmd shell
mkdir /data/local/12m 0771 mot_tcmd shell
mkdir /data/local/12m/batch 0771 mot_tcmd shell
chown mot_tcmd shell /data/local
chown mot_tcmd shell /data/local/12m
chown mot_tcmd shell /data/local/12m/batch
chown mot_tcmd shell /data/local/tmp

Since the contents of /data/local are group “shell” and group-writable, we can modify the contents of this directory using ADB. By logging into the device and replacing one of the sub-directories listed here with a symbolic link, then when the device reboots it will change the ownership of the symlink target to group “shell”. This can be used to edit property files to manipulate the behavior of ADB to achieve root.

So, without further ado:

The Exploit

mv /data/local/12m /data/local/12m.bak
ln -s /data /data/local/12m

The ro.sys.atvc_allow_all_adb property is a Motorola-specific configuration that prevents ADB from dropping its root privileges. Reboot the device one final time, and on logging in with “adb shell”, you should be presented with a root prompt. Enjoy!

Thanks to mkultramega, Toaday, and zdooder for testing, KrazyKrivda for raising funds, scottml and Edgan for bouncing ideas, and rweb for convincing me to look at Droid 3 in the first place.

] Root Your Droid 3

Droid 3 possibly rooted

Security Research by Dan Rosenberg

Have any one tried this:

Rooting the Droid 3

The Motorola Droid 3 was released July 14, 2011, and has no public technique available to get root access. On request of some members of the Android community, I decided to audit the platform in order to root the device.
The Bug

I identified a vulnerability specific to Motorola devices in the script parsed by the init thread (this is existing code, not commands for you to run):

mkdir /data/local 0771 mot_tcmd shell mkdir /data/local/tmp 0771 mot_tcmd shell mkdir /data/local/12m 0771 mot_tcmd shell mkdir /data/local/12m/batch 0771 mot_tcmd shell chown mot_tcmd shell /data/local chown mot_tcmd shell /data/local/12m chown mot_tcmd shell /data/local/12m/batch chown mot_tcmd shell /data/local/tmp Since the contents of /data/local are group “shell” and group-writable, we can modify the contents of this directory using ADB. By logging into the device and replacing one of the sub-directories listed here with a symbolic link, then when the device reboots it will change the ownership of the symlink target to group “shell”. This can be used to edit property files to manipulate the behavior of ADB to achieve root.
So, without further ado:
The Exploit

Below is a method posted by woodyman along with the zip file for su.

First I want to say I CAN NOT take credit for this nor will I post the full details because they have already been posted, so without further delay, here is a nice simple guide for all of you on how to root your precious Droid 3!

This is just a rough quick sketch up for everyone, I will refine it and add more details tonight, I Just wanted to get it up for now so everyone had the chance if they wanted.​

Last edited: Aug 25, 2011

Gang, Droid-Life is reporting that our beloved Droid 3 has been rooted. They (we) are waiting for official photo’s. If its so, Mungo is dancing the Gig!!

See link from XDA. HAY Djrblis!!

I just posted a thread on this. Would love to try it out. Can you tell me what is meant by logging in using «adb shell»?

Sent from my DROID3 using DroidForums

adb shell is a command used via android debug bridge.

Edit: yes — it has been confirmed it works by people I trust

It's Bugs All the Way Down

adb shell is a command used via android debug bridge.

Thanks man. Going to give it a try.

Makes me want to but the phone, but its 3g. Frownz

Jesus is the Christ

I posted separate so it would be the first message any way you can rearrange so that that is closer to the top, the main reason I made the thread is because he talks you through how to get TEMP ROOT so after that there is no more instruction which is why I made the thread to provide more instruction so the average person knows what to do next in order to get a permanant root

Just aiming to keep things uncluttered was all.

I now have Titanium installed and running backups. I just have to get a list of the apps I need to boot off

Has 4g been bad on every 4g device?

Similar threads

Just a quick ? Is this still the preferred and best method to root the D3? Just want to make sure I’m using the most recent files.

Any input would be appreciated. This is my first foray into android from Windows Mobile, so I am quite (obviously) a noob.

Дополнительно:  Почему пропало изображение на телевизоре, а звук есть

Is there any way to root 5.7.894?
I stupidly lost my root while updating on leaked OTA.:icon_evil:

Hi, can I unroot my droid 3 if i dont have an sd card? please help

Just got a D3, just logging in Thx.

Well folks I ran into an issue. I’ve had my Droid3 replaced for the second time and now with Pete’s one click tool it is no long completing step 3. Do any of you have any insight to this issue? Thanks

EDIT: After more research I found that Motorola changed the Version number of our phones and therefore Pete’s root does not work with the newish system. Now for an easy root you must search «Motofail root» and download a command prompt type program.

The Droid 3’s latest update requires you to use the motofail exploit for the Droid 4. The root method is by the same person (Dan Rosenberg) just Pete never got around to writing a utility that uses it like he did after Dan released the first root method for the Droid 3.

Just search Droid 4 motofail.

Will motofail work on the motorola electrify from u.s.cellular? The reason I asked here is because I can’t find any form of 1-click root for it anywhere, its like the phone doesn’t exist.

issues with new phone

Had a Droid3 since last Dec. it was rooted, safestrap, radio hack, all working fine and then boom phone froze last Sunday pulled the battery and wouldn’t get past the duo core splash screen on reboot.

Now I received a new phone today Android version 2.3.4 system ver. 5.7.906 now safestrap forecloses when I try to install and after my radio hack was applied it connects to my network but browser won’t navigate.

Anyone have any suggestions??

This thread is out of date and probably should no longer be a sticky post—or perhaps the beining of the thread can be updated.

Current Phone Model

Lot’s of that around here and elsewhere. Should see how out of date the stickies are for the Droid 1.

This thread may be out of date, but to those helpless souls who’ve wandered back to the last page — HOPE DOES EXIST!

I have been rooting my phone and breaking things and getting new ones and rerooting for years now, and moto has gotten pretty tricky with their bootloaders, and what we the consumers need to keep in mind is that our phones arent necessarily supposed to do this.

That being said, my new rule of thumb (after FINALLY gaining root this time) is to always treat your phone like youve never rooted it before — computer too.

I was getting failure after failure while i did all these things again and again, and my problem was this —

INSTALL YOUR ROOT TOOL TO A FOLDER PLACED ON THE DESKTOP

I dont know why, but when i had it placed on or two subfolders down it seemed to fail every time, and as a last resort i redownloaded and unzipped the file into a different directory (unwittingly) and WALA! worked perfectly.

I was on stock .906:icon_eek:

I tried to use the one click root method by Psouza but I keep getting a jit exception error. The crappy part is I cannot post the pop up error box on. Xda as a new member cannot post url links. If anyone has run across this error and can point me in the right direction.

Last edited by a moderator: Sep 12, 2011

Make sure USB debugging is enabled. Try a different USB port. Or try a different USB cable.

yup, i tried all the usb ports but kept getting this error. I was able to get it done via my wifes laptop so maybe my pc is about to shyt the bed. happily rooted now.

Droid 2g 2.3.3 rooted
with MotorolaOneClickRoot_psouza4
thanks this is great

How du u root the droid 3 plz help

suppose to work on droid 3

it the droid 3 easy root scriptv7.zip

So I have a Droid 2 Global and I was told to root via the Droid 3 way because I have android 2.3.3
I’m very confused on how to root because the motorolaoneclickroot didn’t work, gingerbreak didnt work. ugh

I got up the courage to try to root and got these lousy errors from the one-touch software. Can someone provide feedback on this? I’m a computer geek but not a phone geek so I’m in over my technical level.

Thanks
View attachment 40948

Thanks to Framework43 for writing the early one click and psouza4 for rewriting the whole damn thing 6 times

Instructions couldn’t be more simple:

The new Do-All One Click by psouza4. This version can root, unroot, restore to factory, and re-enable ADB temp root(not to be confused with temp root of the phone).
This is a link to psouza4’s website

Screenshot of Version 1.06

It's Bugs All the Way Down

↑↑This is the latest and greatest version. Below are previous versions.

The MotorolaOneClickRoot.exe file will looks like this when opened:

It's Bugs All the Way Down

DX Owners: read this if you have trouble LINK

Bloat removal:
My preferred method is simply grabbing Titanium Backup from the market and freezing anything you don’t use or want. This is the safest method because it is fully reversible and app space is not at a premium on the D3.

Another method is here: LINK to psouza4’s bloat removal script

See less

See more

This has been tested on Linux and OSX(also confirmed on Ubuntu 11.04)

Дополнительно:  Почему ноутбук не включается

Credit to zdooder for preparing this Linux version of One Click Root for Droid 3

Instructions should be the same as the Windows version above.

I just saw a tweet from P3Droid that this will work with all moto devices running gingerbread. Dies this mean I can and back to stock, take the update and use this to regain root?

Nope. He meant all of them except yours

It's Bugs All the Way Down

Yes, you could do that if you wanted.

At least for the immediate future this will work. I suggest not being the first one to take the OTA.

I ****ing love you guys! Thanks for all the hard work!

now i need to go count the penny jar .. YAY.. thanks for all the hard work!!!

If anyone could provide 32 bit windows drivers that would be great. Also Mac/linux drivers(duh, linux don’t need no stinking drivers). I want this to be a one stop shop.

Did you run the .bat from the folder it was originally unzipped to? Windows?

okay im confused on how to do this on mac osx what are the drivers that are needed to do this beause when i open the file for mac/linux it doesnt do anything.

No one has tested on OSX yet. Hopefully someone can chime in on drivers needed.

Hold tight, the windows version is being tweaked as we speak.

**EDIT** : Just saw post above me after posting this, I apologize.

It doesn’t seem to be working for me.

Win 7 x64 Home Edition

ERROR: The process «adb.exe» not found.
Press any key to continue . . .

Do you not need to deal with adb or have the sdk or any that stuff installed to do this? i.e. are the steps in post #2 really all you have to do?

Also, are the drivers in post #2 for 64-bit or will they work on 32-bit?

Version 6 should be good to go. Make sure you checked the box for ‘usb debugging’ and also make sure you were in ‘charge only mode’ when you plug your phone into the computer.

I don’t know about 32-bit drivers, was hoping someone who made this work in 32-bit would provide drivers that worked for them.

No you DO NOT need to install anything on your computer other than Moto Drivers. The zip includes ADB. No SDK or anything needed.

A huge thanks to djrbliss!

One click root for Windows in the second post

One click for Linux/OSX in third post

Old root method(the good old hard way):

As promised, I have successfully rooted the Droid 3. I still have never physically touched a Droid 3 phone.

If you appreciate this work, feel free to donate

Thanks I didnt think I would have to unplug and rebooted everytime I thought it would do it by itself. I am rooted now took less than 3 min

Yeah it’s supposed to reboot for you and go to the next step by itself, but your situation is known to happen.

wherews the best plce to go and find roms and read about them in detail and ask people like this forum

I’m still getting stuck at the error about needing to extract the whole archive. Perhaps this has been solved, but I didn’t see it in the 20 pages I read, and google has not been helpful either.

-Running OSX Lion
-using v7d
-extracted using the UnArchiver
-copied all the files to a new folder, just to make sure they weren’t still zipped.
-still getting an error.

i used the mac method. root worked perfectly but i want to start my phone fresh b/c its getting kind of jumbled what’s the easiest / is there a way to unroot from that?

Any ideas? Has this problem come up before?

Edit: Disregard everything. For some reason I wasn’t using the latest update. Just tried 1.06 and it worked like a charm.

I used to know all about rooting and ROMs on FROYO, but this has been my first time trying to root on Gingerbread with my little brothers phone. He has OTA gingerbread and I tried using this program (windows 7), but the phone is not being seen after rebooting the first time. Any suggestions? It completes step 1 and then just sits there. I am sure that it was in charge only mode and I am talking about a Droid 2. Thanks guys, love all the help I’ve received from this website over the years.

Merry (late) Christmas.

When it reboots, unlock the screen

Correct. After attempting to remove them using Titanium they still show up under All Apps. Is another app similar to TB available that I can use for this purpose?

I don’t have one, but I think the Bionic’s latest update broke this root method.

Quick question i have a droid 3 that i’ve rooted and that ive ran the TBH hack on, curious how can i reset the phone? like wipe all my data? can i just do a factory restore? or do i need to go through unrooting the phone first? and what about the TBH wifi hack, will that effect resetting the phone? there are no custom roms or anything on the phone. selling it to someone today and want to make sure when i go to wipe it i dont mess it up. thanks.

hey all, I am new to this forum but I realy hope someone can help me.

I had a Milestone 2 on stock rom rooted using z4root. Then I did something stupid, I updated to the new gingerbread without first un-rooting. No I have lost root and unable to reroot.

Дополнительно:  Wi-Fi карта Atheros ar5b95 не подключается к роутеру — Хабр Q&A

Any help is much appreciated.

I read on the first few pages that the OS X rooting solution is ‘in the making’ or not quite here yet, but I’m not about to go through 60 pages to look for updates.

I have a Droid X, running Gingerbread, and OS X. When I try to open «run_to_root_your_droid» my phone is unable to open that type of file. This is a problem.

you have to read the updated OP for the latest info.

This is an older thread, you may not receive a response, and could
be reviving an old thread. Please consider creating a new thread.

I got an OTA update this morning. System version is now 5.7.906.XT862. Kernel is 2.6.35-7-g5fa4155. Build 5.5..1_84_D3G-66_M2-10

This method no longer works for me to root the phone. I’m perfectly willing to except that I’ve done something wrong in the process but I’d like to hear if other folks have been able to re-obtain root after the OTA update.

can i get a chicken dinner, por favor?

yes. yes you can.

That appears to go to a post about rooting via Windows. I’m running a Mac but I would also like to thank you for posting back to the original source which eventually got me here:

It’s listed as a Droid4 utility but it says it was tested on Droid 3, Droid Bionic, Droid RAZR, and Droid 4.

Worked flawlessly. Thanks for the pointer.

Yep. Just make sure its named exactly the same

****************************************************************************
** **
** MOTOROLA GINGERBREAD 2.3.4 ONE-CLICK ROOT **
** **
****************************************************************************

A huge thanks to Dan Rosenberg (‘djrbliss’) who discovered this exploit!

This one-click root brought to you by Peter Souza (‘psouza4’).

Congratulations: your phone should now have be rooted!

Be careful what you do with this kind of access as you can ruin your phone
if you are not careful.

I had the exact same problem with my Droid X on 2.3.4

Figures, I decide to root and there’s a bug somewhere.

I keep getting the permission denied but it says you should have root access.
I have a DROID PRO with 2.3.4. Im even trying to do it the hard way and getting permission denied.

Try using the motofail root script

Sent from my XT862

Impossible to root my vzw Droid3

Sent from my XT862 using Tapatalk

This tool, OneClickRoot for Android, tries to push about half a dozen different pieces of bloatware/adware, including Icarus, which is reported by Avast! as being infected with the Win32:Evo-gen virus. Then after all that, it wants $30 to actually root your phone.

Что такое Root-права? Root-права (или Root-доступ, или права суперпользователя) — аналог прав администратора на ПК в Windows. Получить можно на любом устройстве под Android (смартфон, планшет).

По умолчанию операционная система не дает пользоваться рут-доступом, чтобы случайно не удалить важный файл. Для опытного пользователя такие права — это возможность более широко использовать свое устройство.

Рассмотрим, как включить права суперпользователя на Андроид.

It's Bugs All the Way Down

Подготовка к активации Root на Android

Прежде чем разбираться с вопросом: «Root-доступ на Андроид – как включить?»,  устройство надо подготовить.

It's Bugs All the Way Down

Для резервного копирования всей информации из памяти гаджета используйте приложение для резервного копирования. Например:

It's Bugs All the Way Down

Особенности процедуры

Получать доступ можно либо через сам смартфон, либо через компьютер. В обоих случаях придется использовать специальное приложение.

Если хотите знать, как включить рут-права на Андроид, и боитесь не справиться — зря. Процедура простая, активировать Root получится и у неопытного человека.

It's Bugs All the Way Down

Последствия использования Root, о которых нужно знать

Получение рут-доступа имеет 3 важных последствия.

It's Bugs All the Way Down

Что можно сделать со смартфоном, имея рут-права?

Имея полный доступ, пользователь может:

It's Bugs All the Way Down

Пошаговая инструкция

Как открыть рут-права на Андроид:

Ниже рассмотрим вопрос: «Root доступ на Андроид – как включить на русском языке разными способами?».

It's Bugs All the Way Down

Со смартфона

Список приложений, предоставляющих Root-права на Android, которые устанавливают на сам гаджет (без подключения к ПК):

It's Bugs All the Way Down

У каждого приложения свой список моделей гаджетов и версий Android, для которых оно подходит. Перед загрузкой проверяйте, подходит ли программа для вашего устройства.

Самая распространенная программа — Kingo Root (на русском языке). Рассмотрим, как открыть Root права на Android через это приложение.

It's Bugs All the Way Down

Через компьютер

Если интересует, как открыть Root доступ на Android через компьютер, подойдут такие программы (устанавливаются не на смартфон, а на ПК):

Пошаговый план установки (на примере Vroot, остальные приложения — применяются так же).

It's Bugs All the Way Down

It's Bugs All the Way Down

Через ADB-терминал (с компьютера)

ADB (Android Debug Bridge, или «отладочный мост») – драйвер для смартфонов, связывающий гаджет с ПК. Разрешает управлять устройством из командной строки.

Способ актуален, если производитель устройства постарался максимально закрыть рут-доступ пользователям.

Что нужно для разблокировки через ADB:

It's Bugs All the Way Down

Как подключить рут-права на Андроид через ADB-терминал?

Универсальных команд для этого нет. Поэтому ищите нужные в инструкции к телефону. Если в бумажной инструкции информации нет, или она утеряна, или нет руководства на русском языке — найдите сведения в Интернете, на сайте производителя смартфона.

Особые случаи

В гаджетах с прошивками MIUI (ставится на гаджеты Xiaomi) и LewaOS (и в некоторых других неоригинальных прошивках) активация рут-прав делается без сторонних приложений. Функция уже встроена в ОС и активируется в настройках.

It's Bugs All the Way Down

Обычно включается в разделе «Безопасность». По умолчанию стоит «Выкл». Ползунок надо перевести на «Вкл», и режим суперпользователя включится.

Если Root-доступ уже не нужен, для отключения удалите файлы:

Затем перезагрузите смартфон.

Другой способ удаления — через приложение, которым открывали доступ. В некоторых программах в настройках есть функция отключения.

Оцените статью
Master Hi-technology
Добавить комментарий