Rooting the Verizon Motorola Citrus

This will walk you through rooting the Motorola Citrus that is currently being distributed on Verizon. I didn't find any definitive guides so I decided to post this up for the people who are stuck with this phone :)

Requirements
The instructions below are current and will work if you are on Linux. If you aren't and you are reading this I assume you can figure out the setup on your platform or ask in the comments.This also assumes you have adb (From the Android SDK) in your path.

• Android vendor source: http://developer.android.com/sdk/index.html
• *psneuter
• *misc_version
• You can grab both at: http://wiki.cyanogenmod.com/index.php?title=Template:Psneuter_downgrade
• Arm Compiler: http://www.codesourcery.com/sgpp/lite/arm
• I downloaded and used this arm compiler because the binaries that came with psneuter did not work

Compiling psneuter
All commands below will assume you are doing your work in /tmp but it doesn't reallly matter your choice.

Download both psneuter.zip and misc_version_01.zip from the above links and put them in /tmp

Go into your /tmp directory.

Unzip both packages from above
unzip psnetuer.zip
unzip misc_version_01.zip

Download the compiler
wget http://www.codesourcery.com/sgpp/lite/arm/portal/package7851/public/arm-none-linux-gnueabi/arm-2010.09-50-arm-none-linux-gnueabi-i686-pc-linux-gnu.tar.bz2

Untar the package
tar jxfv arm-2010.09-50-arm-none-linux-gnueabi-i686-pc-linux-gnu.tar.bz2

Compile psneuter
arm-2010.09/bin/arm-none-linux-gnueabi-gcc -o psneuter -static psneuter.c

Push the new psneuter binary as well as the misc_version binary:

adb push psneuter /data/local/tmp

adb push misc_version /data/local/tmp

Start an adb shell and set the permissions for both psneuter and misc_version

adb shell

cd /data/local/tmp

chmod 755 psneuter

chmod 755 misc_version

In the adb shell run psneuter and restart your adb shell for root access

This is in the adb shell.

$ ./psneuter

property service neutered.

killing adbd. (should restart in a second or two)

Restart your adb shell connection

adb shell

#

That's it you have root. If you reboot now it will disappear and you will need to repeat the steps above. The next step should be to install Superuser/su

Ok I have root now what?

Do not reboot your phone before doing this otherwise you will have to repeat the steps above. 

Download Superuser.apk

http://forum.xda-developers.com/showthread.php?t=682828

Unzip the file

unzip su-2.3.6.1-ef-signed.zip

When you unzip this you will have two files we are interested in

system/app/Superuser.apk

system/bin/su

Push both of those to /data/local/tmp

adb push system/app/Superuser.apk /data/local/tmp

adb push system/bin/su

Log in to your root shell and

adb shell

#

Change the owner of su to root and set the SETUID bit

# chown root.root /data/local/tmp/su

# chmod 4755 /data/local/tmp/su

Mount /system with rw permissions

# mount -o remount,rw -t yaffs2 /dev/block/mtdblock6 /system 

Copy su and Superuser.apk to the appropriate system locations

# cp /data/local/tmp/su /system/bin

# cp /data/local/tmp/Superuser.apk /system/apps

Reboot look on the android market for apps that require root and have fun. 

A good place to start is Titanium Backup. 

Thanks to everyone on irc://irc.freenode.org/#xda-dev that helped with suggestions. 

Exploits I found for android

RageAgainstTheCage: http://forum.xda-developers.com/showpost.php?p=9301680&postcount=3

RageAgainstTheCage "frontend" Super One Click Root: http://forum.xda-developers.com/showthread.php?t=803682

PSNeuter: http://wiki.cyanogenmod.com/index.php?title=Template:Psneuter_downgrade