- Rooting the Droid 3
- The Bug
- The Exploit
- ] Root Your Droid 3
- Similar threads
- Подготовка к активации Root на Android
- Особенности процедуры
- Последствия использования Root, о которых нужно знать
- Что можно сделать со смартфоном, имея рут-права?
- Пошаговая инструкция
- Со смартфона
- Через компьютер
- Через ADB-терминал (с компьютера)
- Особые случаи
Rooting the Droid 3
The Motorola Droid 3 was released July 14, 2011, and has no public technique available to get root access. On request of some members of the Android community, I decided to audit the platform in order to root the device.
Update: this exploit is also confirmed to work on the Droid X, Droid X2, Droid Cliq, Droid Cliq 2, Droid 2, and Droid Bionic.
The Bug
I identified a vulnerability specific to Motorola devices in the script parsed by the init thread (this is existing code, not commands for you to run):
mkdir /data/local 0771 mot_tcmd shell
mkdir /data/local/tmp 0771 mot_tcmd shell
mkdir /data/local/12m 0771 mot_tcmd shell
mkdir /data/local/12m/batch 0771 mot_tcmd shell
chown mot_tcmd shell /data/local
chown mot_tcmd shell /data/local/12m
chown mot_tcmd shell /data/local/12m/batch
chown mot_tcmd shell /data/local/tmp
Since the contents of /data/local are group “shell” and group-writable, we can modify the contents of this directory using ADB. By logging into the device and replacing one of the sub-directories listed here with a symbolic link, then when the device reboots it will change the ownership of the symlink target to group “shell”. This can be used to edit property files to manipulate the behavior of ADB to achieve root.
So, without further ado:
The Exploit
mv /data/local/12m /data/local/12m.bak
ln -s /data /data/local/12m
The ro.sys.atvc_allow_all_adb property is a Motorola-specific configuration that prevents ADB from dropping its root privileges. Reboot the device one final time, and on logging in with “adb shell”, you should be presented with a root prompt. Enjoy!
Thanks to mkultramega, Toaday, and zdooder for testing, KrazyKrivda for raising funds, scottml and Edgan for bouncing ideas, and rweb for convincing me to look at Droid 3 in the first place.
] Root Your Droid 3
Droid 3 possibly rooted
Security Research by Dan Rosenberg
Have any one tried this:
Rooting the Droid 3
The Motorola Droid 3 was released July 14, 2011, and has no public technique available to get root access. On request of some members of the Android community, I decided to audit the platform in order to root the device.
The Bug
I identified a vulnerability specific to Motorola devices in the script parsed by the init thread (this is existing code, not commands for you to run):
mkdir /data/local 0771 mot_tcmd shell mkdir /data/local/tmp 0771 mot_tcmd shell mkdir /data/local/12m 0771 mot_tcmd shell mkdir /data/local/12m/batch 0771 mot_tcmd shell chown mot_tcmd shell /data/local chown mot_tcmd shell /data/local/12m chown mot_tcmd shell /data/local/12m/batch chown mot_tcmd shell /data/local/tmp Since the contents of /data/local are group “shell” and group-writable, we can modify the contents of this directory using ADB. By logging into the device and replacing one of the sub-directories listed here with a symbolic link, then when the device reboots it will change the ownership of the symlink target to group “shell”. This can be used to edit property files to manipulate the behavior of ADB to achieve root.
So, without further ado:
The Exploit
Below is a method posted by woodyman along with the zip file for su.
First I want to say I CAN NOT take credit for this nor will I post the full details because they have already been posted, so without further delay, here is a nice simple guide for all of you on how to root your precious Droid 3!
This is just a rough quick sketch up for everyone, I will refine it and add more details tonight, I Just wanted to get it up for now so everyone had the chance if they wanted.
Last edited: Aug 25, 2011
Gang, Droid-Life is reporting that our beloved Droid 3 has been rooted. They (we) are waiting for official photo’s. If its so, Mungo is dancing the Gig!!
See link from XDA. HAY Djrblis!!
I just posted a thread on this. Would love to try it out. Can you tell me what is meant by logging in using «adb shell»?
Sent from my DROID3 using DroidForums
adb shell is a command used via android debug bridge.
Edit: yes — it has been confirmed it works by people I trust
adb shell is a command used via android debug bridge.
Thanks man. Going to give it a try.
Makes me want to but the phone, but its 3g. Frownz
Jesus is the Christ
I posted separate so it would be the first message any way you can rearrange so that that is closer to the top, the main reason I made the thread is because he talks you through how to get TEMP ROOT so after that there is no more instruction which is why I made the thread to provide more instruction so the average person knows what to do next in order to get a permanant root
Just aiming to keep things uncluttered was all.
I now have Titanium installed and running backups. I just have to get a list of the apps I need to boot off
Has 4g been bad on every 4g device?
Similar threads
Just a quick ? Is this still the preferred and best method to root the D3? Just want to make sure I’m using the most recent files.
Any input would be appreciated. This is my first foray into android from Windows Mobile, so I am quite (obviously) a noob.
Is there any way to root 5.7.894?
I stupidly lost my root while updating on leaked OTA.:icon_evil:
Hi, can I unroot my droid 3 if i dont have an sd card? please help
Just got a D3, just logging in Thx.
Well folks I ran into an issue. I’ve had my Droid3 replaced for the second time and now with Pete’s one click tool it is no long completing step 3. Do any of you have any insight to this issue? Thanks
EDIT: After more research I found that Motorola changed the Version number of our phones and therefore Pete’s root does not work with the newish system. Now for an easy root you must search «Motofail root» and download a command prompt type program.
The Droid 3’s latest update requires you to use the motofail exploit for the Droid 4. The root method is by the same person (Dan Rosenberg) just Pete never got around to writing a utility that uses it like he did after Dan released the first root method for the Droid 3.
Just search Droid 4 motofail.
Will motofail work on the motorola electrify from u.s.cellular? The reason I asked here is because I can’t find any form of 1-click root for it anywhere, its like the phone doesn’t exist.
issues with new phone
Had a Droid3 since last Dec. it was rooted, safestrap, radio hack, all working fine and then boom phone froze last Sunday pulled the battery and wouldn’t get past the duo core splash screen on reboot.
Now I received a new phone today Android version 2.3.4 system ver. 5.7.906 now safestrap forecloses when I try to install and after my radio hack was applied it connects to my network but browser won’t navigate.
Anyone have any suggestions??
This thread is out of date and probably should no longer be a sticky post—or perhaps the beining of the thread can be updated.
Current Phone Model
Lot’s of that around here and elsewhere. Should see how out of date the stickies are for the Droid 1.
This thread may be out of date, but to those helpless souls who’ve wandered back to the last page — HOPE DOES EXIST!
I have been rooting my phone and breaking things and getting new ones and rerooting for years now, and moto has gotten pretty tricky with their bootloaders, and what we the consumers need to keep in mind is that our phones arent necessarily supposed to do this.
That being said, my new rule of thumb (after FINALLY gaining root this time) is to always treat your phone like youve never rooted it before — computer too.
I was getting failure after failure while i did all these things again and again, and my problem was this —
INSTALL YOUR ROOT TOOL TO A FOLDER PLACED ON THE DESKTOP
I dont know why, but when i had it placed on or two subfolders down it seemed to fail every time, and as a last resort i redownloaded and unzipped the file into a different directory (unwittingly) and WALA! worked perfectly.
I was on stock .906:icon_eek:
I tried to use the one click root method by Psouza but I keep getting a jit exception error. The crappy part is I cannot post the pop up error box on. Xda as a new member cannot post url links. If anyone has run across this error and can point me in the right direction.
Last edited by a moderator: Sep 12, 2011
Make sure USB debugging is enabled. Try a different USB port. Or try a different USB cable.
yup, i tried all the usb ports but kept getting this error. I was able to get it done via my wifes laptop so maybe my pc is about to shyt the bed. happily rooted now.
Droid 2g 2.3.3 rooted
with MotorolaOneClickRoot_psouza4
thanks this is great
How du u root the droid 3 plz help
suppose to work on droid 3
it the droid 3 easy root scriptv7.zip
So I have a Droid 2 Global and I was told to root via the Droid 3 way because I have android 2.3.3
I’m very confused on how to root because the motorolaoneclickroot didn’t work, gingerbreak didnt work. ugh
I got up the courage to try to root and got these lousy errors from the one-touch software. Can someone provide feedback on this? I’m a computer geek but not a phone geek so I’m in over my technical level.
Thanks
View attachment 40948
Thanks to Framework43 for writing the early one click and psouza4 for rewriting the whole damn thing 6 times
Instructions couldn’t be more simple:
The new Do-All One Click by psouza4. This version can root, unroot, restore to factory, and re-enable ADB temp root(not to be confused with temp root of the phone).
This is a link to psouza4’s website
Screenshot of Version 1.06
↑↑This is the latest and greatest version. Below are previous versions.
The MotorolaOneClickRoot.exe file will looks like this when opened:
DX Owners: read this if you have trouble LINK
Bloat removal:
My preferred method is simply grabbing Titanium Backup from the market and freezing anything you don’t use or want. This is the safest method because it is fully reversible and app space is not at a premium on the D3.
Another method is here: LINK to psouza4’s bloat removal script
See less
See more
This has been tested on Linux and OSX(also confirmed on Ubuntu 11.04)
Credit to zdooder for preparing this Linux version of One Click Root for Droid 3
Instructions should be the same as the Windows version above.
I just saw a tweet from P3Droid that this will work with all moto devices running gingerbread. Dies this mean I can and back to stock, take the update and use this to regain root?
Nope. He meant all of them except yours
Yes, you could do that if you wanted.
At least for the immediate future this will work. I suggest not being the first one to take the OTA.
I ****ing love you guys! Thanks for all the hard work!
now i need to go count the penny jar .. YAY.. thanks for all the hard work!!!
If anyone could provide 32 bit windows drivers that would be great. Also Mac/linux drivers(duh, linux don’t need no stinking drivers). I want this to be a one stop shop.
Did you run the .bat from the folder it was originally unzipped to? Windows?
okay im confused on how to do this on mac osx what are the drivers that are needed to do this beause when i open the file for mac/linux it doesnt do anything.
No one has tested on OSX yet. Hopefully someone can chime in on drivers needed.
Hold tight, the windows version is being tweaked as we speak.
**EDIT** : Just saw post above me after posting this, I apologize.
It doesn’t seem to be working for me.
Win 7 x64 Home Edition
ERROR: The process «adb.exe» not found.
Press any key to continue . . .
Do you not need to deal with adb or have the sdk or any that stuff installed to do this? i.e. are the steps in post #2 really all you have to do?
Also, are the drivers in post #2 for 64-bit or will they work on 32-bit?
Version 6 should be good to go. Make sure you checked the box for ‘usb debugging’ and also make sure you were in ‘charge only mode’ when you plug your phone into the computer.
I don’t know about 32-bit drivers, was hoping someone who made this work in 32-bit would provide drivers that worked for them.
No you DO NOT need to install anything on your computer other than Moto Drivers. The zip includes ADB. No SDK or anything needed.
A huge thanks to djrbliss!
One click root for Windows in the second post
One click for Linux/OSX in third post
Old root method(the good old hard way):
As promised, I have successfully rooted the Droid 3. I still have never physically touched a Droid 3 phone.
If you appreciate this work, feel free to donate
Thanks I didnt think I would have to unplug and rebooted everytime I thought it would do it by itself. I am rooted now took less than 3 min
Yeah it’s supposed to reboot for you and go to the next step by itself, but your situation is known to happen.
wherews the best plce to go and find roms and read about them in detail and ask people like this forum
I’m still getting stuck at the error about needing to extract the whole archive. Perhaps this has been solved, but I didn’t see it in the 20 pages I read, and google has not been helpful either.
-Running OSX Lion
-using v7d
-extracted using the UnArchiver
-copied all the files to a new folder, just to make sure they weren’t still zipped.
-still getting an error.
i used the mac method. root worked perfectly but i want to start my phone fresh b/c its getting kind of jumbled what’s the easiest / is there a way to unroot from that?
Any ideas? Has this problem come up before?
Edit: Disregard everything. For some reason I wasn’t using the latest update. Just tried 1.06 and it worked like a charm.
I used to know all about rooting and ROMs on FROYO, but this has been my first time trying to root on Gingerbread with my little brothers phone. He has OTA gingerbread and I tried using this program (windows 7), but the phone is not being seen after rebooting the first time. Any suggestions? It completes step 1 and then just sits there. I am sure that it was in charge only mode and I am talking about a Droid 2. Thanks guys, love all the help I’ve received from this website over the years.
Merry (late) Christmas.
When it reboots, unlock the screen
Correct. After attempting to remove them using Titanium they still show up under All Apps. Is another app similar to TB available that I can use for this purpose?
I don’t have one, but I think the Bionic’s latest update broke this root method.
Quick question i have a droid 3 that i’ve rooted and that ive ran the TBH hack on, curious how can i reset the phone? like wipe all my data? can i just do a factory restore? or do i need to go through unrooting the phone first? and what about the TBH wifi hack, will that effect resetting the phone? there are no custom roms or anything on the phone. selling it to someone today and want to make sure when i go to wipe it i dont mess it up. thanks.
hey all, I am new to this forum but I realy hope someone can help me.
I had a Milestone 2 on stock rom rooted using z4root. Then I did something stupid, I updated to the new gingerbread without first un-rooting. No I have lost root and unable to reroot.
Any help is much appreciated.
I read on the first few pages that the OS X rooting solution is ‘in the making’ or not quite here yet, but I’m not about to go through 60 pages to look for updates.
I have a Droid X, running Gingerbread, and OS X. When I try to open «run_to_root_your_droid» my phone is unable to open that type of file. This is a problem.
you have to read the updated OP for the latest info.
This is an older thread, you may not receive a response, and could
be reviving an old thread. Please consider creating a new thread.
I got an OTA update this morning. System version is now 5.7.906.XT862. Kernel is 2.6.35-7-g5fa4155. Build 5.5..1_84_D3G-66_M2-10
This method no longer works for me to root the phone. I’m perfectly willing to except that I’ve done something wrong in the process but I’d like to hear if other folks have been able to re-obtain root after the OTA update.
can i get a chicken dinner, por favor?
yes. yes you can.
That appears to go to a post about rooting via Windows. I’m running a Mac but I would also like to thank you for posting back to the original source which eventually got me here:
It’s listed as a Droid4 utility but it says it was tested on Droid 3, Droid Bionic, Droid RAZR, and Droid 4.
Worked flawlessly. Thanks for the pointer.
Yep. Just make sure its named exactly the same
****************************************************************************
** **
** MOTOROLA GINGERBREAD 2.3.4 ONE-CLICK ROOT **
** **
****************************************************************************
A huge thanks to Dan Rosenberg (‘djrbliss’) who discovered this exploit!
This one-click root brought to you by Peter Souza (‘psouza4’).
Congratulations: your phone should now have be rooted!
Be careful what you do with this kind of access as you can ruin your phone
if you are not careful.
I had the exact same problem with my Droid X on 2.3.4
Figures, I decide to root and there’s a bug somewhere.
I keep getting the permission denied but it says you should have root access.
I have a DROID PRO with 2.3.4. Im even trying to do it the hard way and getting permission denied.
Try using the motofail root script
Sent from my XT862
Impossible to root my vzw Droid3
Sent from my XT862 using Tapatalk
This tool, OneClickRoot for Android, tries to push about half a dozen different pieces of bloatware/adware, including Icarus, which is reported by Avast! as being infected with the Win32:Evo-gen virus. Then after all that, it wants $30 to actually root your phone.
Что такое Root-права? Root-права (или Root-доступ, или права суперпользователя) — аналог прав администратора на ПК в Windows. Получить можно на любом устройстве под Android (смартфон, планшет).
По умолчанию операционная система не дает пользоваться рут-доступом, чтобы случайно не удалить важный файл. Для опытного пользователя такие права — это возможность более широко использовать свое устройство.
Рассмотрим, как включить права суперпользователя на Андроид.
Подготовка к активации Root на Android
Прежде чем разбираться с вопросом: «Root-доступ на Андроид – как включить?», устройство надо подготовить.
Для резервного копирования всей информации из памяти гаджета используйте приложение для резервного копирования. Например:
Особенности процедуры
Получать доступ можно либо через сам смартфон, либо через компьютер. В обоих случаях придется использовать специальное приложение.
Если хотите знать, как включить рут-права на Андроид, и боитесь не справиться — зря. Процедура простая, активировать Root получится и у неопытного человека.
Последствия использования Root, о которых нужно знать
Получение рут-доступа имеет 3 важных последствия.
Что можно сделать со смартфоном, имея рут-права?
Имея полный доступ, пользователь может:
Пошаговая инструкция
Как открыть рут-права на Андроид:
Ниже рассмотрим вопрос: «Root доступ на Андроид – как включить на русском языке разными способами?».
Со смартфона
Список приложений, предоставляющих Root-права на Android, которые устанавливают на сам гаджет (без подключения к ПК):
У каждого приложения свой список моделей гаджетов и версий Android, для которых оно подходит. Перед загрузкой проверяйте, подходит ли программа для вашего устройства.
Самая распространенная программа — Kingo Root (на русском языке). Рассмотрим, как открыть Root права на Android через это приложение.
Через компьютер
Если интересует, как открыть Root доступ на Android через компьютер, подойдут такие программы (устанавливаются не на смартфон, а на ПК):
Пошаговый план установки (на примере Vroot, остальные приложения — применяются так же).
Через ADB-терминал (с компьютера)
ADB (Android Debug Bridge, или «отладочный мост») – драйвер для смартфонов, связывающий гаджет с ПК. Разрешает управлять устройством из командной строки.
Способ актуален, если производитель устройства постарался максимально закрыть рут-доступ пользователям.
Что нужно для разблокировки через ADB:
Как подключить рут-права на Андроид через ADB-терминал?
Универсальных команд для этого нет. Поэтому ищите нужные в инструкции к телефону. Если в бумажной инструкции информации нет, или она утеряна, или нет руководства на русском языке — найдите сведения в Интернете, на сайте производителя смартфона.
Особые случаи
В гаджетах с прошивками MIUI (ставится на гаджеты Xiaomi) и LewaOS (и в некоторых других неоригинальных прошивках) активация рут-прав делается без сторонних приложений. Функция уже встроена в ОС и активируется в настройках.
Обычно включается в разделе «Безопасность». По умолчанию стоит «Выкл». Ползунок надо перевести на «Вкл», и режим суперпользователя включится.
Если Root-доступ уже не нужен, для отключения удалите файлы:
Затем перезагрузите смартфон.
Другой способ удаления — через приложение, которым открывали доступ. В некоторых программах в настройках есть функция отключения.