Supported firmware: 9.0.1.D.0.10, probably also 9.0.D.0.484.
Reportedly does not work with 9.1.A.0.489. (for Xperia V with jellybean visit here)
You will need: TRIMMED-LT25i-SOL21_9.0.F.0.195.ftf (direct link: TRIMMED-LT25i-SOL21_9.0.F.0.195.ftf) or the original LT25i-SOL21_9.0.F.0.195.ftf (this FTF has its loader.sin replaced with LT25i's loader.sin; the trimmed version lacks unneeded files like baseband etc. and as such removes unneeded wipe/exclude options, leaving only the three files we actually need) and
an LT25i FTF of your choice; therootkit (this one is "translated" and edited for convenience; do NOT use regular GX/SX rootkits blindly as they require modification).
Make a backup using the stock Backup and Restore app in case something goes wrong so you can perform a factory reset.
Once rooted, you can safely restore from that backup.
1. Power the phone up in Flashmode (hold Volume down; connect USB). Using Flashtool, flash TRIMMED-LT25i-SOL21_9.0.F.0.195.ftf (or the untrimmed version if you like fiddling with excess checkboxes) using:
kernel.sin
loader.sin
system.sin
(Remember to uncheck the wipe options!)
2. Unplug USB. Turn the phone on. Enable USB debugging if it wasn't enabled previously. Connect the phone via USB again.
3. Unpack the Rootkit and start it (run install.bat). Confirm restore of the backup as requested, and press any key in the cmd window. Press any key again; the device will reboot (twice).
4. Run adb shell. To do it, you can open the rootkit folder in Windows Explorer, and shift-Right Click the "files" folder inside it. Choose "Open command window here". Type "adb shell" in that window.
If you're presented with a prompt that ends with "$", type "su".
The prompt should end with "#" now.
Type "echo ro.kernel.qemu=1 > /data/local.prop" and check if the file was created successfully by typing "ls -l /data/local.prop": below you will find an example of what the output looks like.
C:\Software\Rootkit\files\> adb shell root@android:/ $ su su root@android:/ # echo ro.kernel.qemu=1 > /data/local.prop echo ro.kernel.qemu=1 > /data/local.prop root@android:/ # ls -l /data/local.prop ls -l /data/local.prop -rw-r--r-- system system 17 2013-01-15 17:29 local.prop root@android:/ #
loader.sin
system.sin
(Remember to uncheck the wipe options!)
6. Turn the phone on. Open a command prompt into the files subfolder of the rootkit folder, like in step 4, or return to that window if you haven't closed it.
Type "adb shell". If you get a $ prompt, try "su" to get to "#". Once in adb, type "/data/local/tmp/step2.sh", then "reboot". The phone will reboot.
When it boots back, run adb shell again, and type "/data/local/tmp/step3.sh". You'll witness another reboot or maybe two. You should be rooted now.
C:\Software\Rootkit\files\> adb shell root@android:/ # /data/local/tmp/step2.sh /data/local/tmp/step2.sh 0+1 records in 0+1 records out 57 bytes transferred in 0.001 secs (57000 bytes/sec) root@android:/ # reboot C:\Software\Rootkit\files\> adb shell root@android:/ # data/local/tmp/step3.sh data/local/tmp/step3.sh 43+1 records in 43+1 records out 22364 bytes transferred in 0.002 secs (11182000 bytes/sec) 1647+1 records in 1647+1 records out 843503 bytes transferred in 0.123 secs (6857747 bytes/sec) 2119+1 records in 2119+1 records out 1085140 bytes transferred in 0.089 secs (12192584 bytes/sec)
kernel.sin
loader.sin
(Remember to uncheck the wipe options!)
Do NOT skip this step: you need the LT25i kernel on your LT25i system!
8. Let's finish.
We will need adb shell once again. This time, you will need to type a few lines as follows:
Obtain root:
su
Remount /system:
mount -o remount,rw -t ext4 /dev/block/mmcblk0p12 /system
Remove /data/local.prop since it's a security hole; this is important and is normally done by the rootkit's step 3, but we needed to save the file to get to keep root access on our LT25i firmware:
rm /data/local.prop
And finally reboot:
reboot
G:\Android\LT25i\rootkitGXSX_v3\files>adb shell shell@android:/ $ su su shell@android:/ # mount -o remount,rw -t ext4 /dev/block/mmcblk0p12 /system mount -o remount,rw -t ext4 /dev/block/mmcblk0p12 /system shell@android:/ # rm /data/local.prop rm /data/local.prop shell@android:/ # reboot reboot
Source: xda forum
,
Xperia Phone
0 komentar:
Post a Comment