Log in

No account? Create an account
OTA Rootkeeper - A Pint of Blood, A Pound of Flesh, and Thou — LiveJournal [entries|archive|friends|userinfo]

[ website | My Website ]
[ userinfo | livejournal userinfo ]
[ archive | journal archive ]

OTA Rootkeeper [Jul. 12th, 2012|10:58 am]
I finally ended up rooting my phone when I had to get a replacement phone and I discovered that the built-in backup/restore functionality doesn't do much. It'll keep your contacts or something, nothing else, and in fact I can't even get that much to work anymore because it claims my PIN is wrong. I suppose it's possible that I wrote it down wrong, but whatever.

Anyway, the official word is that to get back everything else (like apps and wallpaper), I'd need to go to the Google Play store and select each and every app to be reinstalled.

This did not sound like fun.

So I trawled the underbelly of the web, and found out that the preferred way seems to be to (1) root your phone and then (2) use Titanium Backup, which actually backs stuff up. (What an idea!)

Everything was fine until my phone got an update, I foolishly accepted it, and it undid my root. $#@$!!!!

I wouldn't have cared, but my phone had been running out of space, and I wanted to make a backup before starting to pitch stuff overboard. Only I couldn't. And I couldn't restore my previous backup, because that requires root access too.

So after more web searching, I found that the trick was to revert back to the previous version, re-root, install "Voodoo OTA Rootkeeper", upgrade, and run the rootkeeper thing. But I'd lose all my data in the process.

I avoided this for a while, because although I had my old backup lying around still, I was a little nervous about whether it would actually work or not. (And I couldn't test it, because I had no root.)

At least my photos and videos were safe. I don't keep anything else truly important on the phone.

Anyway, I did it. (With a long delay before doing the upgrade again, because I didn't trust this magic rootkeeping stuff.) It worked, and didn't even nuke any data. Yay!

Except the rootkeeping part didn't. It said I had a saved root available, and gave a big friendly "Restore Root" button, and pressing it produced a friendly popup saying everything worked.

Only it didn't. No root.

I hooked up to the phone over adb and then looked online to try to figure out where it stashes the root backup. (I already knew it kept a copy of the setuid su binary somewhere that the upgrade wouldn't touch.) Nobody seemed to talk about it, though.

Fortunately, with a little wandering around the filesystem (cd /system; find . -name 'su*'), I found it. I think it was in /system/usr/we-need-root/su-backup. Running that gave me root access. I tried copying it back to /system/xbin/su (which is where I found a dead symlink pointing), but /system is mounted read-only. That turned out to not be a problem, since it was fine with me remounting it read/write (mount -w -o remount /device/path /system).

Anyway, final steps on my Droid X2 were:

1. discover that the last update killed root access. Curse.
2. Downgrade to the previous version with a known flaw allowing root access. I forget how this went; I found it online. You're basically doing a factory restore.
3. Root your phone. Instructions available online.
4. Install OTA Rootkeeper. Run it. Back up your root access.
5. Accept the next upgrade.
6. Online instructions say reinstall OTA Rootkeeper, but like I said, all my apps were still present so I didn't need to do this. Maybe this is why it failed, too?
7. Run OTA Rootkeeper. Push the big friendly "Restore Root" button. If this works for you, then you're done. Yay.
8. Settings/Applications/Developer/enable USB debugging
9. sudo adb start-server
10. adb shell
11. cd /system; find . -name 'su*'
12. ./usr/we-need-root/su-backup
13. mount # to see device of /system
14. mount -w -o remount (device) /system
15. cp usr/we-need-root/su-backup xbin/su
16. mount -r -o remount (device) /system

Now unplug and try running something that needs root access again, like Titanium Backup.

I think I'll make another copy of su somewhere, in case Motorola or somebody goes after OTA Rootkeeper's current location. It kind of sticks out, being setuid, but hopefully blowing away any setuid binary would break other things so they won't do it.