How can i root with android 4.4

[orangechoochoo]

Thats to go from one leak to the next, it will may work going from a leak to the official but we don't for certain.

 

[kwyrt]

Thats to go from one leak to the next, it will may work going from a leak to the official but we don't for certain.

That is my fear as well. It seems PROBABLE that it would work for the official OTA but I don't think there is any way to know for sure.

 

[orangechoochoo]

What Im looking forward to are the roms based purely on ICS and Hashcodes said they are, so maybe having the ability to get ICS OTA is not much of a concern.

 

[Nerdcorist]

\I put all my trust into the Devs. Hashcode is already breaking some serious ground with the Leaks and will most likely have methods of upgrading, rooting, and release new versions soon enough. but for now, I'm really enjoying my experience with the .206 leak. Haven't run into any issues so far, and the whole phone runs very smooth. I say jump on it and see what's up.

 

[zagan13]

\I put all my trust into the Devs. Hashcode is already breaking some serious ground with the Leaks and will most likely have methods of upgrading, rooting, and release new versions soon enough. but for now, I'm really enjoying my experience with the .206 leak. Haven't run into any issues so far, and the whole phone runs very smooth. I say jump on it and see what's up.

is it just me or does this version have a really poor battery quality. i harge my phone 100%. ive been using it for 58 mins and its already down to 70%

 

[Nerdcorist]

is it just me or does this version have a really poor battery quality. i harge my phone 100%. ive been using it for 58 mins and its already down to 70%

My battery life is pretty much the same as on GB. Still not great, but its good.

 

[siggma]

okay so i upgraded to the leak version of android 4.4. i did the voodoo root keeper but it didnt work. im trying to root my phone again but it can only be done with android2.3.6. pleasseee help.:hail:

What error did you or do you get?
Have you tried "su" in an adb shell?

When I updated to ICS the rootkeeper worked fine but it restored a version of SU that won't run on ICS. I get "_mktemp" library error:

C:\Users\Tom>adb shell
shell@cdma_maserati:/ $ su
su
reloc_library[1289]: 19904 cannot locate '_mktemp'...
CANNOT LINK EXECUTABLE
 255|shell@cdma_maserati:/ [COLOR="#FF0000"]$[/COLOR]

Has anybody else received this error?

Normally I'd go find the missing library (I run a linux server) and copy it to /lib or wherever but in this case there is no way to gain root to copy it. How can I overwrite the messed up SU binary? I'm worried that even a working exploit won't fix this problem. At least the phone works...

It seems that the ro file system prevents adb from "pushing" any files at all. I can't even push to /sdcard or /sdcard-ext

C:\Users\Tom\Downloads\Droid4\Droid4Utility0.3>adb push files\mempodroid /sdcard/
failed to copy 'files\mempodroid' to '/sdcard//mempodroid': Permission denied
C:\Users\Tom\Downloads\Droid4\Droid4Utility0.3>

Hopefully one of you android gurus knows a way to gain root in a shell. The only other way I can think of is to use RSD Lite to flash a zip file.

 

[nowell29]

I have been suffering from this problem for a while now

It is a bad su binary (not bad, just not ICS compatible if I understand correctly) and so we have to wait for a root method for ICS. Won't be long now I believe.

I have tried other things as well, but alas, as *nix is designed, you need root perms to do root work.

Patiently waiting.....

Sent from my DROID4 using Tapatalk

 

[siggma]

I have been suffering from this problem for a while now

It is a bad su binary (not bad, just not ICS compatible if I understand correctly)

From what I understand, yes. This version apparently calls a stdio libc function that is not in the ICS libc library. I found someone who git-got the source and rewrote it to use "mktemp" system call instead of "_mktemp" library function but I'm nervous that I won't be able to overwrite the broken su since I can't run su to gain root. There has to be a way, RSD Lite was able to overwrite the entire system partition using an .img file so it's got to be possible. If I knew how to create the correct files for RSD Lite it would be easy but it stores the entire partition as an image (.img) file and I haven't seen any documentation on it's format. So far it appears to be a proprietary format, its not recognized as an archive or a a tar file so ...

 

[siggma]

Editing YAFFS2 system partition image file

[UPDATED/SOLVED]

Is there a developer or someone familiar with the android file systems and Fastboot that might be able to help me a little.

I flashed my D4 with the ICS leak and no longer have root because the su binary saved by Rootkeeper is the wrong version for ICS. I get an "_mktemp", "unable to link executable" error when I run the saved SuperUser binary. Since I can't gain root using SU, I can't user ADB to push a new copy or even mount RW, even if I could push a copy.

If I do the following, will I trash my phone or will it probably work:

1. From a Linux Box run "ADB PULL system /home/user/yaffs/part/system"
2. Edit the "/home/user/yaffs/part/system tree to remove the offending su-backup and current su binary
3. Replace the old su and su-backup with a recompiled version that uses "mktemp" rather than "_mktemp"
   (See [FIX] Superuser for Honeycomb [2011-02-13] - xda-developers)
4. Run "mkyaffs2image /home/user/yaffs/part/system /home/user/yaffs/system.img"
5. Boot Phone to Fastboot mode and "Fastboot flash system /home/user/yaffs/system.img"
6. Reboot phone

Does this sound like it will work?
My concern are permissions. If I pull to an NTFS or FAT partition I don't think the file descriptors will be saved correctly and fastbooting the image back to the phone will probably result in a brick, or at least an unusable but recoverable phone.

Comments?


UPDATE:

The .img files are stored as ext3 or ext4 file system partitions. I can successfully mount system.img and have read that the other files in both the updates as well as the archives with an XML are all ext3 or ext4 file systems. The .bin files are either bootloader files (first stage=mbmloader.bin, second stage=mbm.bin) or cdt.bin=certificate data table (hardware security for bootloader and other system files). So, I answered my own question. There are several groups working on untangling the NAND chip eFuse security so the bootloader security checks can be bypassed. It's been successful in part on the Droid RAZR(See HERE) so it won't be long before we can install custom kernels on the D4 as well since they both use the same TI NAND chip, HOPEFULLY.

 

[nowell29]

I didn't try the last suggestion but I did the suggestion before last week. It doesn't work because the phone will not install a zip that is not signed by motorola encryption. Once you unzip it, you lose the "signed" from moto. I like the img idea, but I don't think it will work since we are still restricted by a locked bootloader. Oh how I love motorola... love the hardware, but still waiting on them to unlock the bootloader.

Maybe since google owns, they might make that happen sooner. Maybe.. might be the bottom of their priority list.

Sent from my DROID4 using Tapatalk

 

[siggma]

I like the img idea, but I don't think it will work since we are still restricted by a locked bootloader. Oh how I love motorola... love the hardware, but still waiting on them to unlock the bootloader.
Sent from my DROID4 using Tapatalk

What do you mean "locked bootloader"?
Is that a hardware lock or simply a lack of root to remount the system?

Ok, after a little research the term "Locked Bootloader" does not specifically apply to this or any other phone. In the case of the Moto D4 it refers to eFuse technology built in to the chip(s) used in the Phone. I think it's a TI OMAP 4 chip running at 1.2Ghz. This chip is apparently built with embedded eFuse. I haven't read details but it's safe to assume that there is some kind of checksum or other code that is generated by Moto or a developer when a new version of the OS or even just the userland portion (ROM) is released. The updated software must have the correct signature or eFuse will simply refuse to flash or execute it, similar to the no execute bit on all Intel and AMD chips. This does not mean you can't flash new software, it means you have to follow the correct procedures and generate the correct signatures when creating and installing them. If you open the Leaked ICS archive you'll see an .XML file. In this file are the commands to flash the various system partitions along with their MD5 codes. This may or may not be the codes referred to as a "locked" bootloader. In any case I agree with the technology. It successfully prevents anyone who is not in possession of the actual phone from installing and running software upon it. A phone typically has some of the most personal information a person generates so it must be secure. If you were charged with protecting people's data and there were possible looming lawsuits if you failed, wouldn't you be a bit anal about security?

More specifically it prevents overwriting the kernel and/or system utilities either accidentally or maliciously without possession of the device and valid signatures. Requiring a physical (USB) connection to flash a ROM (and it's the contents of the EPROM that's being flashed) is nothing new. Neither is it new or odd to boot the system binary partitions as read only. I have no doubt there is a correct procedure for rooting this phone, even under ICS. While I doubt moto is going to publish the procedure in a public document, with a little common sense, a MotoDev account and some good social skills its only a matter of time before a user friendly way to root this phone is either discovered or provided by Moto or one of it's devs.

I've read that if you try to go backwards from ICS it will "brick" your phone. I don't think that's true. Normally the code that executes when you press those buttons is actually ROM as-in Read Only Memory and probably can't be overwritten. It may require manual intervention to reflash the original kernel and system but as long as you can hold down power and volume keys and you get a bootloader menu the phone is not "bricked'. I've bricked routers before (some have unlocked boot code) so I know what a bricked device looks like. According to Moto if you successfully install a valid OS on the phone it will function correctly once again. What it means is that you can't simply flash an older UPDATE of a previous OS and expect it to work, most likely because the update does not contain the old kernel. You can probably manually fastboot the original kernel and update partitions and successfully reboot the phone on Gingerbread. I need my phone or I'd try it. If I had a few hundred to spare I'd buy another D4 just to play with.

Lastly, the term ROM is grossly incorrect. What you're flashing is an EPROM chip or other Erasable Programmable Read Only Memory device. Original EPROMS required one to sit them under a UV lamp or out in the sunshine to clear them. Nowadays it's a bit easier but the concept is the same. The term ROM really refers to the intended contents of the chip, not Read Only Memory or a device.

Anyway... sooner would be nice and I'd be happy to help if I knew what to do.

 

[nowell29]

You are correct in most everything you have stated. My reply was put in layman's terms using community lingo. I've been flashing "roms" on multiple phones for about four years now.

A root method for ICS on D4 apparently does exist, but its release is being held back until motorola releases it officially, so that before then they don't fix the root method. And so I wait patiently...

Sent from my DROID4 using Tapatalk

 

[siggma]

You are correct in most everything you have stated. My reply was put in layman's terms using community lingo. I've been flashing "roms" on multiple phones for about four years now.

Yea, sorry I got so verbose. I was excited to have discovered what locked means. I tried to flash an updated "system.img" with a working su on it via Fastboot but it failed and taught me a little more about how the NAND hardware prevents hacking or unapproved files. Apparently there are some "pre-flash" files that have to be loaded before you can successfully flash anything to the NAND chip. One of them is cdt.bin or something similar. Either this or some other pre-boot loaded file contains "unlock" or md5 data for what's apparently to come. That's why the phone reboots twice when flashing with RSD Lite. If the cdt data doesn't match the image you flash you get either a flash error (not too severe, system will still run) or a boot failure (fatal, looks like a brick, sits like a brick, smells like a brick). I was able to recover by re-flashing the original system.img to correct the cdt data error but It just hung with no errors. Thankfully I was then able to get into the bootloader "recover" option and a re-"flash from sdcard" fixed the whole thing. Now I have a working phone again but it formatted the entire root file system in the process, something it didn't do when I updated before. So, I now have first-hand experience with a locked bootloader. The other part of the rooting/flashing issue is that this phone only has 110k of RAM for boot code so booting is a multi-step process. That's why there are so many partitions and files being flashed. Essentially the only way I can see to root this phone is to have a copy of the utility(ies) that generate the pre-boot data files to match the system and boot images you intend to flash. The really good news is that I no longer have an non-working copy of su or su-backup in my root directory because of the root file system re-creating so the root procedure, when it does come out, will work.

A root method for ICS on D4 apparently does exist, but its release is being held back until motorola releases it officially, so that before then they don't fix the root method. And so I wait patiently...

Sent from my DROID4 using Tapatalk

Where are you hearing this scuttlebutt?
XDA-Developers?
Motodev?
Tom

 

[tcrews]

Dan Rosenberg[FONT=Helvetica Neue, Arial, sans-serif] ‏ [/FONT]@djrbliss who has found all the Motorola leaks as of late (Droid 3/Bionic/Razr/Droid 4) has a root for the leaked ICS already. He is not releasing it until Motorola releases ICS officially for these devices so that they do not have the opportunity to close the hole before they release it. At least that is the rumored reason....... Root though, on ICS is not a rumor.