1/22/11

Rooting the Verizon Motorola Citrus

This will walk you through rooting the Motorola Citrus that is currently being distributed on Verizon. I didn't find any definitive guides so I decided to post this up for the people who are stuck with this phone :)

Requirements
The instructions below are current and will work if you are on Linux. If you aren't and you are reading this I assume you can figure out the setup on your platform or ask in the comments.This also assumes you have adb (From the Android SDK) in your path.
Compiling psneuter
All commands below will assume you are doing your work in /tmp but it doesn't reallly matter your choice.

Download both psneuter.zip and misc_version_01.zip from the above links and put them in /tmp

Go into your /tmp directory.

Unzip both packages from above
unzip psnetuer.zip
unzip misc_version_01.zip

Download the compiler
wget http://www.codesourcery.com/sgpp/lite/arm/portal/package7851/public/arm-none-linux-gnueabi/arm-2010.09-50-arm-none-linux-gnueabi-i686-pc-linux-gnu.tar.bz2

Untar the package
tar jxfv arm-2010.09-50-arm-none-linux-gnueabi-i686-pc-linux-gnu.tar.bz2

Compile psneuter
arm-2010.09/bin/arm-none-linux-gnueabi-gcc -o psneuter -static psneuter.c

Push the new psneuter binary as well as the misc_version binary:
adb push psneuter /data/local/tmp
adb push misc_version /data/local/tmp

Start an adb shell and set the permissions for both psneuter and misc_version
adb shell
cd /data/local/tmp
chmod 755 psneuter
chmod 755 misc_version

In the adb shell run psneuter and restart your adb shell for root access
This is in the adb shell.
$ ./psneuter
property service neutered.
killing adbd. (should restart in a second or two)

Restart your adb shell connection
adb shell
#

That's it you have root. If you reboot now it will disappear and you will need to repeat the steps above. The next step should be to install Superuser/su

Ok I have root now what?
Do not reboot your phone before doing this otherwise you will have to repeat the steps above. 

Download Superuser.apk

Unzip the file
unzip su-2.3.6.1-ef-signed.zip

When you unzip this you will have two files we are interested in
system/app/Superuser.apk
system/bin/su

Push both of those to /data/local/tmp
adb push system/app/Superuser.apk /data/local/tmp
adb push system/bin/su

Log in to your root shell and
adb shell
#

Change the owner of su to root and set the SETUID bit
# chown root.root /data/local/tmp/su
# chmod 4755 /data/local/tmp/su

Mount /system with rw permissions
# mount -o remount,rw -t yaffs2 /dev/block/mtdblock6 /system 

Copy su and Superuser.apk to the appropriate system locations
# cp /data/local/tmp/su /system/bin
# cp /data/local/tmp/Superuser.apk /system/apps

Reboot look on the android market for apps that require root and have fun. 

A good place to start is Titanium Backup. 

Thanks to everyone on irc://irc.freenode.org/#xda-dev that helped with suggestions. 

Exploits I found for android
RageAgainstTheCage "frontend" Super One Click Root: http://forum.xda-developers.com/showthread.php?t=803682

No comments:

Post a Comment