Rooting GINGERBREAD.EK18

[GPOT]

So far I have had no luck in rooting gingerbread on the samsung replenish. I think that shabbys one click root for prevail and replenish could possibly work with a few modifications. Calling all developers: my task is to make a root by the end of this month. So far I have tried gingerbreak and shabbys on click root. I am assuming that gingerbread has different files then froyo and that we could possibly get shabbys one click root to work by modifying the .bat file. Please join me on my mission to gain root access on this phone!

 

[anon(335536)]

Shabbys root is based on KMS which I have yet to find source code for. So it is impossible to change unless someone has the source code for KMS (KillingMeSoftly). I've also tried Gingerbreak, KMS, another exploit that worked pre GB but that no longer works, OneClick,and zergRush, all with no luck I've also had a ROM developer play around with my phone with ADB and still no luck. But I agree- we need to root this phone! I've got some other ideas I'm cooking - I'll keep you all posted if any of them pan out.

 

[firehak]

So far I have had no luck in rooting gingerbread on the samsung replenish. I think that shabbys one click root for prevail and replenish could possibly work with a few modifications. Calling all developers: my task is to make a root by the end of this month. So far I have tried gingerbreak and shabbys on click root. I am assuming that gingerbread has different files then froyo and that we could possibly get shabbys one click root to work by modifying the .bat file. Please join me on my mission to gain root access on this phone!

It is the exploit itself that needs to be changed, not a bat script which runs the exploit. We could only wish it were that easy.

 

[afreed1]

Is anyone working on a rooted version of the EK18 update? I will wait until this is available before updating so that I will not loose root.

 

[GPOT]

does it look like anyone is on a rooted version of gingerbread right now? If we were this forum wouldnt exist.

 

[GPOT]

It is the exploit itself that needs to be changed, not a bat script which runs the exploit. We could only wish it were that easy.

Just a thought. I am kind of a noob when it comes to root exploits. I usually modify other people's stuff (eg. Shabby or Samsung) modify it and rebrand it as my own. If I were to get hold of the source code of an old exploit for the replenish and a couple new gingerbread exploits. I can locate the similarities and differences in the code and perhaps make the nessesary modifications to get it to work on the new update. If I cant do it I am friends with a few programmers who could probably figure it out. Let me know of anymore progress and name exploits that do and dont work as you test them.

 

[GPOT]

I did vi rootsetup on Shabby's one-click and I can understand the source code. Here is what I got. The attatchments seem to be down but I can still list the code. I am not quite sure what to modify but at least it isnt a bunch of random symbols like KMS.


rootsetup

#!/system/bin/sh
 
#remove old files
rm /system/bin/busybox > /dev/null 2>&1
rm /data/dalvik-cache/system@app@Superuser.apk@classes.dex > /dev/null 2>&1
rm /system/xbin/su > /dev/null 2>&1
rm /system/bin/su > /dev/null 2>&1

#remove old busybox symlinks
rm /system/xbin/[ > /dev/null 2>&1
rm /system/xbin/[[ > /dev/null 2>&1
rm /system/xbin/arp > /dev/null 2>&1
rm /system/xbin/ash > /dev/null 2>&1
rm /system/xbin/awk > /dev/null 2>&1
rm /system/xbin/basename > /dev/null 2>&1
rm /system/xbin/bootchartd > /dev/null 2>&1
rm /system/xbin/bunzip2 > /dev/null 2>&1
rm /system/xbin/bzcat > /dev/null 2>&1
rm /system/xbin/bzip2 > /dev/null 2>&1
rm /system/xbin/chgrp > /dev/null 2>&1
rm /system/xbin/chroot > /dev/null 2>&1
rm /system/xbin/cksum > /dev/null 2>&1
rm /system/xbin/cp > /dev/null 2>&1
rm /system/xbin/cut > /dev/null 2>&1
rm /system/xbin/date > /dev/null 2>&1
rm /system/xbin/df > /dev/null 2>&1
rm /system/xbin/diff > /dev/null 2>&1
rm /system/xbin/dirname > /dev/null 2>&1
rm /system/xbin/dmesg > /dev/null 2>&1
rm /system/xbin/dos2unix > /dev/null 2>&1
rm /system/xbin/du > /dev/null 2>&1
rm /system/xbin/dumpkmap > /dev/null 2>&1
rm /system/xbin/echo > /dev/null 2>&1
rm /system/xbin/egrep > /dev/null 2>&1
rm /system/xbin/env > /dev/null 2>&1
rm /system/xbin/expr > /dev/null 2>&1
rm /system/xbin/false > /dev/null 2>&1
rm /system/xbin/fgconsole > /dev/null 2>&1
rm /system/xbin/fgrep > /dev/null 2>&1
rm /system/xbin/find > /dev/null 2>&1
rm /system/xbin/flock > /dev/null 2>&1
rm /system/xbin/free > /dev/null 2>&1
rm /system/xbin/fuser > /dev/null 2>&1
rm /system/xbin/grep > /dev/null 2>&1
rm /system/xbin/gunzip > /dev/null 2>&1
rm /system/xbin/head > /dev/null 2>&1
rm /system/xbin/id > /dev/null 2>&1
rm /system/xbin/ifconfig > /dev/null 2>&1
rm /system/xbin/install > /dev/null 2>&1
rm /system/xbin/ip > /dev/null 2>&1
rm /system/xbin/ipaddr > /dev/null 2>&1
rm /system/xbin/iplink > /dev/null 2>&1
rm /system/xbin/iproute > /dev/null 2>&1
rm /system/xbin/iprule > /dev/null 2>&1
rm /system/xbin/iptunnel > /dev/null 2>&1
rm /system/xbin/kbd_mode > /dev/null 2>&1
rm /system/xbin/less > /dev/null 2>&1
rm /system/xbin/ls > /dev/null 2>&1
rm /system/xbin/md5sum > /dev/null 2>&1
rm /system/xbin/modinfo > /dev/null 2>&1
rm /system/xbin/more > /dev/null 2>&1
rm /system/xbin/mount > /dev/null 2>&1
rm /system/xbin/netstat > /dev/null 2>&1
rm /system/xbin/nohup > /dev/null 2>&1
rm /system/xbin/nslookup > /dev/null 2>&1
rm /system/xbin/pidof > /dev/null 2>&1
rm /system/xbin/pipe_progress > /dev/null 2>&1
rm /system/xbin/ps > /dev/null 2>&1
rm /system/xbin/pscan > /dev/null 2>&1
rm /system/xbin/pwd > /dev/null 2>&1
rm /system/xbin/readlink > /dev/null 2>&1
rm /system/xbin/realpath > /dev/null 2>&1
rm /system/xbin/reset > /dev/null 2>&1
rm /system/xbin/rev > /dev/null 2>&1
rm /system/xbin/route > /dev/null 2>&1
rm /system/xbin/sed > /dev/null 2>&1
rm /system/xbin/setconsole > /dev/null 2>&1
rm /system/xbin/setkeycodes > /dev/null 2>&1
rm /system/xbin/setlogcons > /dev/null 2>&1
rm /system/xbin/showkey > /dev/null 2>&1
rm /system/xbin/sleep > /dev/null 2>&1
rm /system/xbin/smemcap > /dev/null 2>&1
rm /system/xbin/sort > /dev/null 2>&1
rm /system/xbin/start-stop-daemon > /dev/null 2>&1
rm /system/xbin/stat > /dev/null 2>&1
rm /system/xbin/sum > /dev/null 2>&1
rm /system/xbin/tail > /dev/null 2>&1
rm /system/xbin/tar > /dev/null 2>&1
rm /system/xbin/tee > /dev/null 2>&1
rm /system/xbin/test > /dev/null 2>&1
rm /system/xbin/time > /dev/null 2>&1
rm /system/xbin/top > /dev/null 2>&1
rm /system/xbin/touch > /dev/null 2>&1
rm /system/xbin/tr > /dev/null 2>&1
rm /system/xbin/traceroute > /dev/null 2>&1
rm /system/xbin/true > /dev/null 2>&1
rm /system/xbin/tty > /dev/null 2>&1
rm /system/xbin/umount > /dev/null 2>&1
rm /system/xbin/uname > /dev/null 2>&1
rm /system/xbin/unix2dos > /dev/null 2>&1
rm /system/xbin/unxz > /dev/null 2>&1
rm /system/xbin/unzip > /dev/null 2>&1
rm /system/xbin/uptime > /dev/null 2>&1
rm /system/xbin/usleep > /dev/null 2>&1
rm /system/xbin/vi > /dev/null 2>&1
rm /system/xbin/wc > /dev/null 2>&1
rm /system/xbin/wget > /dev/null 2>&1
rm /system/xbin/which > /dev/null 2>&1
rm /system/xbin/whoami > /dev/null 2>&1
rm /system/xbin/xz > /dev/null 2>&1
rm /system/xbin/xzcat > /dev/null 2>&1
rm /system/xbin/zcat > /dev/null 2>&1

root.bat

@echo off
cls
color 0A
echo.
echo.
echo.
echo.
echo.
echo.
echo.
echo.
echo                       The Android Creative Syndicate
echo.
echo                              Presents to you
ping -n 2 127.0.0.1 > nul
cls
echo.
echo.
echo.
echo.
echo.
echo.
echo.
color 0C          
echo                              One Click Root 
echo                          for the Prevail/Replenish
ping -n 2 127.0.0.1 > nul
color 0A
echo.
echo.
echo                            Special shoutout to
echo.
echo.                                  Bliss
echo.
echo.
echo.
pause
cls
echo.
echo.
echo.
echo.
echo.
echo.
echo.
echo                    You need to enable usb debugging first
echo                  Go to settings - applications - development
color 0A
ping -n 2 127.0.0.1 > nul
color 0C
ping -n 2 127.0.0.1 > nul
color 0C
echo.
echo.
pause
cls
echo.
echo.
echo.
echo.
echo.
echo.
echo.
cls
adb.exe kill-server
adb.exe start-server
COLOR E0
echo Getting temp root
adb shell "rm /data/log/dumpState_app_native.log 2>/dev/null"
adb shell "ln -s /data/local.prop /data/log/dumpState_app_native.log 2>/dev/null"
adb shell "app_process /dev/null"
adb shell "echo "ro.kernel.qemu=1" > /data/local.prop 2>/dev/null"
adb reboot
COLOR E0
adb wait-for-device
adb shell "rm /data/local.prop 2>/dev/null"
adb shell "rm /data/log/dumpState_app_native.log 2>/dev/null"
echo.
echo deleting all yo [b] [/b][b] [/b][b] [/b][b] [/b]
ping -n 1 127.0.0.1 > nul
adb.exe shell mount -o remount,rw -t rfs /dev/stl12 /system
COLOR B0
adb.exe push rootsetup /data/local/tmp/rootsetup
adb.exe shell chmod 755 /data/local/tmp/rootsetup
adb.exe shell /data/local/tmp/rootsetup
adb.exe shell rm /data/local/tmp/rootsetup
adb.exe shell sync

echo Copying files onto phone...
adb.exe push su /system/xbin/su
adb.exe push Superuser.apk /system/app/Superuser.apk
adb.exe push busybox /system/xbin/busybox
adb.exe push remount /system/xbin/remount

echo Setting permissions...
adb.exe shell chmod 755 /system/xbin/busybox
adb.exe shell chmod 755 /system/xbin/remount
adb.exe shell chown root.shell /system/xbin/su
adb.exe shell chmod 6755 /system/xbin/su
adb.exe shell ln -s /system/xbin/su /system/bin/su

echo Installing busybox...
adb.exe shell /system/xbin/busybox --install -s /system/xbin

echo Cleaning up files...
@ping 127.0.0.1 -n 6 -w 1000 > nul
adb.exe shell rm /data/local/zergRush


echo "You should have root!" 
COLOR D0
ping -n 1 127.0.0.1 > nul
COLOR 90
ping -n 1 127.0.0.1 > nul
COLOR B0
ping -n 1 127.0.0.1 > nul
COLOR A0
ping -n 1 127.0.0.1 > nul
COLOR E0
ping -n 1 127.0.0.1 > nul
COLOR C0
ping -n 1 127.0.0.1 > nul
COLOR D0
ping -n 1 127.0.0.1 > nul
COLOR 90
ping -n 1 127.0.0.1 > nul
COLOR B0
ping -n 1 127.0.0.1 > nul
COLOR A0
ping -n 1 127.0.0.1 > nul
COLOR E0
ping -n 1 127.0.0.1 > nul
COLOR C0
ping -n 1 127.0.0.1 > nul
COLOR D0
ping -n 1 127.0.0.1 > nul
COLOR 90
ping -n 1 127.0.0.1 > nul
COLOR B0
ping -n 1 127.0.0.1 > nul
COLOR A0
ping -n 1 127.0.0.1 > nul
COLOR E0
ping -n 1 127.0.0.1 > nul
COLOR C0
echo.
pause
adb.exe kill-server
goto:eof

 

[firehak]

That is not the exploit. Rootsetup is just a script to quickly remove any junk files left over from previous attempts at rooting. KMS is the actual exploit, coded in C. You're only looking at scripts written to run the commands automatically rather than by typing them in yourself at the command prompt. If you wanted KMS, you would have to dig around or reverse engineer the exploit yourself.

 

[GPOT]

dig around maybe. reverse engineer no. cant we cotact the guy who made kms and request the code?

 

[anon(335536)]

Good luck with that - I have no idea who made it. If you can find the SRC code, that would be great, and very appreciated. There is source code for the zergRush exploit (just do a google search for zergRush) however I have not yet had a lot of time to understand it. The code is straight forward, however understanding how it is an exploit is not so easy.

 

[dakotajames2015]

Want to root this phone!! Not very tech savy though. Z4 root did nothing. Same with gingerbreak. Will cynogen get ported??

 

[GPOT]

Well cyanogen will be ported when someone starts doing something with it

 

[GPOT]

Good luck with that - I have no idea who made it. If you can find the SRC code, that would be great, and very appreciated. There is source code for the zergRush exploit (just do a google search for zergRush) however I have not yet had a lot of time to understand it. The code is straight forward, however understanding how it is an exploit is not so easy.

Does it insert itself into the android code or does it execute in a certain order because if it inserts itself into the code then you can figure out what differences it has from the original code. Does the code contain mount points? Perhaps you could modify them for our phone?

 

[anon(335536)]

It just runs in an android (linux) shell as any program run from the command line. As such is runs with the shell permissions which are not root. It does not modify or insert itself into any andoid code. That is not possible.

 

[GPOT]

Then how does it root the phone if it doesn't have root privileges? You should need to have root to do what the exploit wants to do right? I am sooooooooo clueless right now :-!.

 

[firehak]

An exploit is called an exploit because it does just that, it exploits flaws within the code. If we controlled something that already ran with root privileges, the need for rooting wouldn't be there.. Exploits take advantage of flaws which temporarily escalate privileges so that we can place binaries such as su and change permissions so ordinary users can access them at any time. Does that help clear things up any?

 

[bickelk09]

I looked at the source code to zergRush to see if it could work. It was made to exploit a flaw in a peice of Android called Viod. However that exploit is patched on the EK18 update. So just wanted to let you know that zergRush is off the table for rooting our phones.

 

[GPOT]

How do you hard root the phone? I would be willing to do anything to gain root on this thing. I know it has something to do with the boot.img but how do u get that off of the phone. I managed to successfully install cwm. I will list the steps below.

Flash shabbys ed23 odin
Delete install-recovery.sh from system
Delete install-recovery.sh from the gingerbread update.zip
Proceed with updating then installing cwm

Enjoy!


Sent from my SPH-M580 using Tapatalk

 

[anon(335536)]

Holy - so you have EK18 running on your phone with the CWM recovery GPOT? When you deleted the sh script from update.zip, the update still worked??? I would think they (sprint) would have calculated an MD5 on the update.zip file and then thrown an error message during the update process since the MD5 would not match since you modified the update file. If not, then they (sprint) are idiots.

At any rate, please confirm that you are back to gingerbread with CWM recovery. If so, then we all need to do this as well. However, I believe you skipped a step. I believe the process you would have followed is (and please confirm this GPOT):

1. Flash shabbys ed23 odin
2. Use the first update file uploaded by firehak to get to EF27.
3. If not rooted, use any of the Root METHODS that work (There are at least 2 that I know of)
4. Delete install-recovery.sh from system
5. Delete install-recovery.sh from the gingerbread update.zip
6. Proceed with updating to GB.
7. install cwm recovery using shabbys image (can be found on these forums) and ODIN.

Is this right? If this works, then we are a huge step closer to being rooted. And, with what I have learned, I believe I can created a rooted ROM from there that we will need to load on our phones with ODIN, or, if I can figure out how, with a new update.zip file that I would create (this method might be harder than I think)

FYI - this is a method I was researching - so if you did get this far GPOT, you saved me a ton of time. Thanks!

 

[GPOT]

I didn't even research it. It just occurred to me one day during a lecture in english and I wrote it down so I wouldn't forget it and when I got home I tried it out and it worked. I am assuming that to hard root the device I can use the boot.img from the cwm backup right?

Sent from my SPH-M580 using Tapatalk