How to manually root almost any Android device
The easiest method is to use a one-click application solution like unrEVOked, but it only supports certain devices. SuperOneClick is a similar application that supports almost any device, but I cannot always get it to work with my computer.
In my experience, I have found that the most reliable root method is to simply run the commands yourself. It may be a little more difficult than the one-click solutions, but it is practically guaranteed to work.
Even so, you should still read through the directions before you begin, and if you are not comfortable with any of the steps, then you should probably not attempt to root. This is a fairly advanced tutorial, so make sure you're prepared for some bumps, even though there shouldn't be any.
Rooting gives you valuable experience with ADB, knowledge of root methods, and in general a better ability to solve problems with your device as well. Still, you do not need to do this if one-click solutions have worked for you, or if you do not feel comfortable with the process. If you do want to learn more about Android by manually rooting your device, just keep in mind that you root at your own risk, and any damage to your device is your fault.
Prerequisites
There are a few things that you need to have before you start rooting. Obviously, you will need an Android device with Android 1.5 or higher and a USB cable to connect it to your computer. You will also need to have some files from this SuperOneClick .zip and the Android SDK/ADB up and running on your computer. If you are unfamiliar with ADB, our sister site GoodAndEvo has an awesome ADB tutorial that should get you up to speed.
First, we need to move some files around to make running commands a bit easier.
Unzip the SuperOneClick .zip and pull out the su-v3, busybox, Superuser.apk, psneuter, and GingerBreak files. Rename su-v3 to su, and place the files in your ADB Platform-tools directory, which is contained in the Android SDK folder on your computer.
If you are on Windows, you will also need to have proper drivers for your phone installed. These can usually be found by going either to the manufacturer website or searching for the name of your phone and the word "drivers." Once you find drivers, download and install them like any other application.
Rooting your device
Now that you have ADB setup and the proper exploit files, you are finally ready to root. Still, before you start running commands, you need to put your phone in USB debugging mode (settings > applications > development > enable USB debugging) and connect it to your computer.
With that out of the way, you can finally open command prompt to run some commands.
To open the command prompt in Windows, just click on Start, then Run, and type cmd.exe. In Linux, open whichever terminal emulator suits you. Once you have a command prompt, you need to enter your platform-tools folder, also called a directory. You can use the "cd" or change directory command to accomplish this. If your sdk folder is called "android-sdk" the command should look like this: cd android-sdk_r11-windows/platform-tools.
This command will leave you with a shell prompt in the platform-tools directory. From here, you can run the commands that will actually root your phone. Be sure to run these commands exactly as they are written. The commands with an "$" or "#" will only run after the "adb shell" command.
First, here are the commands that run the psneuter exploit and gain a root shell.
- adb devices
- adb push psneuter /data/local/tmp
- adb shell
- $ cd /data/local/tmp
- $ chmod 777 psneuter
- $ ./psneuter
At this point, the exploit will run and close the shell. You will need to run these commands to restart the ADB server.
- adb kill-server
- adb devices
Now comes the moment of truth. Use the
- adb shell
command to open a shell. If you see a "#" sign, you have root access, so go ahead and continue to the next part of this tutorial. If not, you can go back and try the previous steps again, or ask for help in the comments.
We now need to make this root permanent. From the root shell you just opened, type the following commands.
- # mount -o remount,rw -t rfs /dev/block/st19 /system
- # exit
- adb push busybox /system/bin
- adb push su /system/bin
- adb install Superuser.apk
- adb shell
- # chmod 4755 /system/bin/busybox
- # chmod 4755 /system/bin/su
- # mount -o remount,ro -t rfs /dev/block/st19 /system
- # exit
- adb reboot
At this point, your device should reboot. You can check for the Superuser icon in the app drawer, and then try a root only app like Titanium Backup. If that works, congratulations. You have successfully rooted your Android device. Prepare to enjoy all the benefits of root.
If you are having trouble with this tutorial or want to offer others a tip, please leave a comment and I will do my best to respond.
About the Author
Aaron Orquia is an associate editor at Pocketables. He has been using Android and Linux since he bought his first computer years ago, and his interest in technology and tweaking it to work just right has only grown stronger since then. His current gadgets include a GSM Galaxy Nexus, Nexus S, Kindle Fire, and the ASUS MeMo just as soon as ASUS and Google finally get around to releasing it.
Twitter | Google+ | More posts by Aaron | Subscribe to Aaron's posts
54 Comments
-
cybernevets June 29, 2011 at 3:04 pm - ReplyVery nice. Thank you. Having first used PCs when there were no real GUIs, I’m comfortable with the command line and appreciate having these steps as a “foolproof” method to root most any android device.
-
Meganess July 2, 2011 at 6:42 am - ReplyI don’t get it… So is this a viable way to root any new phone like my evo 4g and 3d?
Why wouldn’t people just learn how to do this real quick instead of waiting for someone to make a one-click method? -
Moaster Davis July 3, 2011 at 6:30 am - Reply
Help it says ‘The system cannot find the file path specified.’ when I typed in the 4th step: ‘cd /data/local/tmp’ after successfully completing the steps before it???
-
Aaron Orquia July 5, 2011 at 3:40 am - Reply
Make sure you are in the ADB shell, you should have a $ command prompt.
-
Aaron Orquia July 5, 2011 at 3:41 am - Reply
Devices like the EVO 3D and newer phones have locked bootloaders, and sometimes other security measures in place that have to be broken on a phone by phone basis. But for some devices, especially those released with an older version of Android, you can simply root them with this method.
-
Dre July 25, 2011 at 6:42 pm - ReplyPlease explain these commands? thank you very much…
# mount -o remount,rw -t rfs /dev/block/st19 /system
-
Vance September 4, 2011 at 6:59 am - ReplyThank you. Thie worked when ALL else failed on my Galaxy tab
-
Aaron Orquia September 4, 2011 at 8:47 am - Reply
Glad to help, this has been my go to root for Samsung devices when superoneclick wont work.
-
eplewis September 22, 2011 at 12:02 pm - ReplyThis worked perfectly for my Droid X running froyo 2.2.1, I’m trying to prep my phone for 2.3, so thanks!
-
Bob October 5, 2011 at 2:37 am - ReplyMy device (Pantech Breakout) is not showing up at the “adb devices” stage. I do have USB debugging on. Any ideas?
-
Albert October 5, 2011 at 4:15 pm - ReplyTried this on my Samsung Galaxy S i9000M running 2.3.3
Running psneuter results in:$ ./psneuter
./psneuter
Failed to set prot mask (Inappropriate ioctl for device)Googling around led me to try running GingerBreak:
$ ./GingerBreak
./GingerBreak[**] Gingerbreak/Honeybomb — android 2.[2,3], 3.0 softbreak
…
[*] vold: 0000 GOT start: 0×00024404 GOT end: 0×00024444but it never completes. Killing the server, and starting a new shell shows that root access has not been achieved.
Any ideas?
-
yummyPa October 8, 2011 at 4:49 am - Replymount -o remount, rw -t rfs /dev/block/st19/system
Usage: mount [-r] [-w] [-o options] [-t type] device directoryaparantely for me this command it doesn’t work.
did you mean
# mount -o remount, -r -w -t rfs /dev/block/st19/system
? -
Aaron Orquia October 9, 2011 at 3:09 pm - Reply
Make sure you are running the command as admin on Windows or root on Linux, if you were already doing that they you can try following the instructions here: http://www.farside.org.uk/200906/adb_no_devices_found
-
Aaron Orquia October 9, 2011 at 3:09 pm - Reply
Make sure you are running the command as admin on Windows or root on Linux, if you were already doing that they you can try following the instructions here: http://www.farside.org.uk/200906/adb_no_devices_found
-
Aaron Orquia October 9, 2011 at 3:16 pm - Reply
I am fairly sure that it should be rw or at least -rw for read/write, as I used these instructions to root one of my devices, but does the other work for you?
-
Aaron Orquia October 9, 2011 at 3:18 pm - Reply
I need to update the tutorial and instruct people to use GingerBreak for devices above 2.2, but I am not sure why the exploit is not working on your device. Basically, Googling is the best I can do until I have another Gingerbread device to root myself.
-
jimweda October 29, 2011 at 12:23 pm - ReplyThe reason people are waiting for one-click type methods is because of posts after yours. I haven’t even gone that far yet but I guarantee that there are people who get stuck, confused or can’t go beyond certain steps. In theory rooting your phone manually sounds easy until you actually do it and can’t get beyond a certain step or the phone fails to root.
The best one-click style app I’ve seen has been the z4Root. Load it to your phone, click the “Root” button and you are rooted. Want to unroot your phone? Click the “Unroot” button and you are unrooted. It doesn’t get much simpler than that and if it didn’t work you didn’t have to worry about messing up your phone. Unfortunately the developer of that app decided not to keep updating the app since Froyo gave him so much trouble. I’m no programmer so I have no idea who hard it is to make a true one-click rooting app but I wish someone with the talent would build one so the hundreds if not thousands who are too afraid to do it manually or do not want to learn the technical skills of rooting by computer manually.
Everyone’s experience varies. You could follow these directions and say “What a piece of cake” while there are many others who end up giving up or get stuck on a certain step and never get rooted. It seems to be that there is no consistency in the hardware, (Phones). Seriously, if you think about it, if it really was that easy and foolproof why would the forums be filled with questions and cries for help rooting their phones. Even experiences rooters run into problems but they don’t freak out because they know eventually someone will tweak the apps so they can use different ROMS or try other methods. Manually rooting is a little more than I would prefer to work with. I drive a car but I don’t have to know how to repair one. I’m hoping someone will be the mechanic for those who do not want to deal with the headaches.
I have nothing but respect for the developers who spend days/weeks/months putting apps together. Its just a matter of finding the right method for you and your phone. I haven’t found my savior yet but I”m still looking.
-
mostro November 10, 2011 at 11:34 pm - ReplyThere should be a spece between /dev/block/st19 and /system, like this:
mount -o remount, rw -t rfs /dev/block/st19 /system -
Ken December 4, 2011 at 6:44 am - ReplyDoes this work with Samsung Galaxy S2?
I understand that there is a need to flash an insecure kernel first prior to executing SuperOneClick, as the stock bootloader will prevent write access to all partitions except /cache and /data.
From your guide, it seems that we can just push (write) to the /system partition without modifying the bootloader. Am I missing anything here?
Thanks
-
Aaron Orquia December 4, 2011 at 6:47 am - Reply
You will need to run the gingerbreak exploit before you can push to /system, but I don’t believe you need to modify the bootloader first.
-
Ken December 6, 2011 at 5:26 am - Reply
Must I use exploit like Gingerbreak, can I not just boot into debugging mode, and execute the commands to push in the necessary files?
-
Aaron Orquia December 6, 2011 at 11:56 am - Reply
Pushing can be done without root to most folders, yes.
-
Jimmy December 25, 2011 at 7:53 pm - Replywhen i start enter command got error “adb: permission denied”
what i do ?
-
Jordan January 20, 2012 at 9:29 am - ReplyI ./psneuter, and it says restarting adb, should restart in a few seconds, but nothings happening… What am I doing wrong?
-
Aaron Orquia January 20, 2012 at 9:40 am - Reply
Its a problem with psneuter, try downloading gingerbreak and running it instead
-
Jordan January 20, 2012 at 9:41 am - Reply
I have gotten to the point where I have temp root access indicated by the #, however my phone restarts itself anytime I try to do something. Help?
-
Jordan January 20, 2012 at 9:53 am - Reply
Ok so now anytime I type in mount -o remount,rw -t rfs /dev/block/st19 /system my phone freezes then I have to pull the battery to turn it on. Sorry to keep bugging you, I just have no idea whats wrong…
-
Metro January 20, 2012 at 10:05 am - ReplyI’m having the same problem as jordan. When I get partial root access and i type that code in the phone shuts off. what to do?Q???Q?!?
-
Bjorn Calluy January 20, 2012 at 12:10 pm - Reply
Hi mate.. first of all, greate guide!
But I’m afraid I need to bump the thread here.. I’m stuck just after Jordan’s command.
I get following error message: failed to copy ‘busybox’ to ‘/system/bin/busybox’: Out of memory -
mike March 13, 2012 at 9:41 pm - Replyhey man great job. I do have one question in regards to the gingerbreak. Where do I place the gingerbreak file to run the command in DOS? Hope I’m making sense
-
Aaron Orquia March 14, 2012 at 2:28 am - Reply
You need to actually push it to the phone, and then use ADB shell to run it .
-
mateu March 14, 2012 at 3:31 am - Replyhello I have a problem when root
in this line:
mount-o remount, rw-t RFS / dev/block/st19 / system failed: invalid argumentcan you help me please
-
mateu March 14, 2012 at 3:32 am - Reply
hello I have a problem when root
in this line:
mount-o remount, rw-t RFS / dev/block/st19 / system failed: invalid argumentcan you help me please
-
A.P. April 21, 2012 at 10:00 pm - ReplyThis was the only I could manage to root a Vodafone smart. Thanks.
-
Aaron Orquia April 22, 2012 at 7:26 am - Reply
Glad it helped.
-
quannv May 3, 2012 at 2:27 am - Replyi can not push busybox to /system/bin , out of memory problem, how can i fix?
-
D_Saint May 16, 2012 at 5:03 am - ReplyI was willing to test this on a desire s (hboot 2.00.0002, android vs 2.3.5), with a small variation…
I can get shell root acess “#” using unlockroot 2.3.1 tool, the thing is that this soft does not manage to install superuser.zpa, su and busybox on the phone, when i reboot, i loose shel root.Can you tell me please if i run unlockroot 2.3.1 to get “#” and then run the commands:
# mount -o remount,rw -t rfs /dev/block/st19 /system
# exit
adb push busybox /system/bin
adb push su /system/bin
adb install Superuser.apk
adb shell
# chmod 4755 /system/bin/busybox
# chmod 4755 /system/bin/su
# mount -o remount,ro -t rfs /dev/block/st19 /system
# exit
adb rebootI can get the root?
or do you think the desire s (HBOOT 2.00.0002, android 2.3.5) cam brick after this?Thx for all the help.
-
louis June 25, 2012 at 12:20 am - Replyi have android 2.3.6 both psneuter and gingerbreak don’t work. gingerbreak stops executing or perhaps hangs after this line:
[*] vold: 0000 GOT start: 0×00024404 GOT end:
0×00024444 -
Paul Leadbeater June 26, 2012 at 1:09 pm - ReplyAs for Albert and Lois, ./psneuter does not work – “Failed to set prot mask (Inappropriate ioctl for device)”.
I am running Android 2.3.4 on a Kobo Vox eReader (Yes!) which used to run OK as a rooted tablet under 2.3.3. The forced upgrade seems to have added folder lockdowns (as mentioned above), preventing our programs writing to them.
Anyone worked out a way to unlock things yet? Preferably without very long-winded processes! -
Carl July 10, 2012 at 4:35 am - ReplyThis method doesn’t work on LG p940 4.04
-
efrenjr July 23, 2012 at 8:10 pm - Replyin my first attempt my tablet is android 2.3.3 m7206. it work out but it can’t install su, busybox in system it said system is read only. so it is temporary and when i reboot it the $ sign was back.
my second attempt boomsh unable to install when intalling zergRush, or psneuter and unable to root even for just temporary.
Please help how to renew or return it to new removing all tmp files?
and then is there a way to just copy paste the su, and busybox like an application when i rooted it for temporary and then download this application to browse in tmp and copy paste it to system files. what application can do this? please answer in my email. -
Chrisie August 3, 2012 at 5:47 am - ReplyI tried rooting my phone with this. I only reached this point. never moved after this.
$ ./gingerbreak
[**] Gingerbreak/Honeybomb — android 2.[2,3], 3.0 softbreak
…
[*] vold: 0085 GOT start: 0×00014374 GOT end: 0x000143b4It stopped moving after this. What do I do? I tried a lot of different ways to root my phone. I’m using Alcatel Glory OT 918n.
Thanks.
-
pcdinh August 11, 2012 at 4:24 am - ReplyThis method does not work on Motorola Milestones XT720 (Android 2.1)
-
pcdinh August 11, 2012 at 4:35 am - Reply
After I reboot the device (adb reboot), I found that the sign $ comes back. Not see the sign #
-
fuj1tsu September 7, 2012 at 11:33 am - Replyi try your way on buildroid for virtualbox ( http://www.buildroid.org/ )
but it’s not work i try to access root from
ES Explorer but it can’t
and i installed root checker and told me
the devices is rooted -
Dale September 19, 2012 at 4:29 pm - ReplyIm not even sure how to get this started. Ive got the directory i need but when i type the first command i get
‘adb’ is not recognized as an internal or external command,
operable program or batch file. -
apt September 21, 2012 at 2:04 pm - Replythis tutorial seems to be one of the best ive come across. my phone is china mt6516 engine, market name is GIONEE, model A10, running android 2.3.4. Tried different ways to root but to no avail. i believe manual tweaking might be the best option for now since others have failed even super1click. even if this fails, at least i will have advanced in my programming capabilities. im gonna give it a try. i dont think i will give up until my phone is rooted. thanks aaron
-
karthik September 22, 2012 at 8:55 am - ReplyI am having following errors as well as mu device (Bsnl Penta IS701C) gets hang
uid=0 gid=0@android :/ # $ cd /data/local/tmp
$ cd /data/local/tmp
/system/bin/sh: $: not found
127|uid=0 gid=0@android :/ # $ chmod 777 psneuter
$ chmod 777 psneuter
/system/bin/sh: $: not found
127|uid=0 gid=0@android :/ # $ ./psneuter
$ ./psneuter
/system/bin/sh: $: not found
127|uid=0 gid=0@android :/ # adb kill-server
adb kill-server
uid=0 gid=0@android :/ # adb devices
adb devices
* daemon not running. starting it now on port 5038 *
* daemon started successfully *
adb shell
#
D:\Android\android-sdk-windows\platform-tools> -
Scar October 3, 2012 at 10:29 am - ReplyThank you man. I did In a Samsung I5500 and It work first try.
Very good, Thank you again and again.
Is really necessary to Unroot? the SuperOneClick is blocking when I try it.
I can see in the screen on the right side that it block after trying the command:
chmod 775 /data/local/tmp/busyboxThank you again.
-
Freddy Kasprzykowski October 8, 2012 at 11:13 pm - ReplyPretty good!
Other exploits did not work on my Motorola DEFY MD525.
For the version of Android that i was running i had to modify the procedure:
1- after “adb kill-server”, it is required an “adb remount” command before “adb devices”
2- different syntax of mount commands
mount -rw -o remount -t rfs /dev/block/st19 /system
mount -r -o remount -t rfs /dev/block/st19 /system -
punit November 9, 2012 at 4:37 am - Reply$ ./gingerbreak
[**] Gingerbreak/Honeybomb — android 2.[2,3], 3.0 softbreak
…
[*] vold: 0085 GOT start: 0×00014374 GOT end: 0x000143b4It stopped moving after this. What do I do?.i am using
micromax a44 gingerbread 2.3.6 -
Liliana November 23, 2012 at 3:53 pm - Replyafter three consecutive days trying everything including installing linux OS. this tutorial was the only one that works in my tablet (Storex eZee tab7c).
Thank very much (my brains also thank’s)
-
Abdl November 28, 2012 at 5:15 am - Reply@apt…. am glad to see someone with the same type of my phone(gionee a10) ,I have tried almost all possible methods but still to no avail. How did yours go?? were you able to root your device???
-
javier December 6, 2012 at 6:05 pm - Reply$ ./pneuter doesn’t work what do I do???