Rooting DroidX with Android 2.3.3 (Verizon)


After Verizon released Gingerbread for the DroidX terminals, the only method known to root your terminal was downgrading to Froyo (Android 2.2), root your phone, download a rooted image of Gingerbread and updating your system with such image. More information here.

But there wasn’t any method that easily could root your phone, even using the well known GingerBreak.

Today a new method to gain root access to the Motorola devices has been released. Although the exploit claim to be for the Droid 3, in the same post we can also read: I identified a vulnerability specific to Motorola devices… Cool! My DroidX is a Motorola device as well, so let’s give it a try.

Before starting with the rooting process, I will say the same thing you have already read if you ever try to root a device or try to hack anything: This is for educational purposes blah blah blah… In other words if you brick or mess up your device is your problem.

The first thing you need to do is connect to your device (if you don’t know how to do that, please refer to the documentation):

adb shell
Now from the prompt (you should see a dollar sign there):
mv /data/local/12m /data/local/12m.bak
ln -s /data /data/local/12m
Now we have to reboot the phone. Turn it off and the on. After you have done that, we connect again to the device again and run the following commands:
rm /data/local/12m
mv /data/local/12m.bak /data/local/12m
mv /data/local.prop /data/local.prop.bak
echo “ro.sys.atvc_allow_netmon_usb=0” > /data/local.prop
echo “ro.sys.atvc_allow_netmon_ih=0” >> /data/local.prop
echo “ro.sys.atvc_allow_res_core=0” >> /data/local.prop
echo “ro.sys.atvc_allow_res_panic=0” >> /data/local.prop
echo “ro.sys.atvc_allow_all_adb=1” >> /data/local.prop
echo “ro.sys.atvc_allow_all_core=0” >> /data/local.prop
echo “ro.sys.atvc_allow_efem=0” >> /data/local.prop
echo “ro.sys.atvc_allow_bp_log=0” >> /data/local.prop
echo “ro.sys.atvc_allow_ap_mot_log=0” >> /data/local.prop
echo “ro.sys.atvc_allow_gki_log=0” >> /data/local.prop
Reboot your device one more time and connect again.
adb shell
Now your prompt should be # instead of $. At this point if you type id you should see something like:
# id
uid=0(root) gid=0(root)
You are root right now, but we want to be able to run certain applications with root permission.

You are going to need 3 files: su, busybox and Superuser.apk. I had these files already in my system from my previous adventures :p, I downloaded them from here, but you may want to find newer versions. Once you get and extract them, you need to copy them over your phone.

adb push Superuser.apk /sdcard/Superuser.apk
adb push su /sdcard/su
adb push busybox /sdcard/busybox
Now we connect back to the phone and copy these files in the system:
adb shell
mount -o rw,remount -t ext3 /dev/block/mmcblk1p21 /system
cp /sdcard/Superuser.apk /system/app/Superuser.apk
cp /sdcard/su /system/bin/su
cp /sdcard/busybox /system/bin/busybox
chmod 4755 /system/bin/su
chmod 4755 /system/bin/busybox
mount -o ro,remount -t ext3 /dev/block/mmcblk1p21 /system
If you completed all the steps successfully, now you should have your phone rooted.

All the credits here are for Dan Rosenberg, since he found the way to gain root access in our system. The rest of the process is just copy few files into the system.

Keep in mind I did achieved this on a Motorola Droid X from Verizon with last OTA update, but it should work on any Motorola device.

Happy rooting!