Congratulations to Cicadaman & co. for getting Froyo running on the Nook Color! Visit the nook Color portal!
See Rooting new hardware FIRST if you have a nook original with a 1003* serial# or above.

Rooting 1.5 on any hardware

From nookDevs

Jump to: navigation, search
  • Warning: nookDevs.com is not liable if you screw up during the root process. kthxbai
  • Warning: This will probably (probably = actually) void your warranty, nookDevs.com is not liable for that either in any way shape or form.
  • Warning: What you are about to do should only be undertaken by a competent person, not your pet monkey Guenter, even if he has a small hat (Futurama)
  • Warning: Make sure you read the FULL page BEFORE starting anything to confirm you know what you are getting into!
  • Warning: By following the instructions below you release nookDevs and all related parties from any and all liability and damages as a result of this process. We can help you if you run into problems but we help at OUR discretion.

To start the rooting process please scroll down...


e-ink Nook Rooting Navigation
For Nooks with serial numbers less than 10030:

Softroot | deprecated Hard root

For Nooks with serial numbers greater than 10030 Software versions 1.4.1 or higher:

Router based version for 1.4 | Alternative No Router method
With firmware 1.5 or higher | Russian version of rooting process

Rooting 1.5 on any hardware

This method of rooting works for software v1.5, on the newest nook hardware revision. It is also known to work on 1.4 and some older hardware revisions. Unlike the other rooting methods, this one involves an element of luck -- it takes advantage of a memory-corrupting bug in the web browser, and its success depends on the current contents of the memory which depends on more variables than we can control. As such, the method requires a little bit of patience.

Contents

Preparation

You will need to install the official Android platform tools to get the adb Android remote-control software. You don't have to install any of the other SDK components, only the latest revision of the platform tools.

Your nook needs to be connected to a wireless access point, and the PC that you installed adb on must have direct (non-firewalled) access to the nook's IP address in order to make an adb connection. Find out what your nook's current IP address is by going into the Wi-fi configuration and selecting the wireless network you're currently connected to. You will need this IP address for the next step.

Enabling adbd

This is the part that requires some persistence. Open the nook's web site and navigate to the web site http://goonies.be/~neilk/adbd.html. (You can also download this HTML file, save it on your SD card, and navigate to file://system/media/sdcard/adbd.html.)

When you load this web page, the browser will crash. (It may automatically reload itself a few times first.) When it crashes, it 'might' enable adbd. Try to make a connection, by running the following command on your PC (from a command shell -- adb has no GUI at the moment):

adb connect 

One of two things will happen:

  1. You will get the message 'unable to connect to :5555'. In this case, restart your web browser and load the web page again (from the history). You may have to do this a dozen times or more, so keep at it!
  2. You will get the message 'connected to :5555'. Success!

Getting root access

You got the web browser to launch adbd and now you have a higher level of access to your nook; but you only have the privilege level of the web browser's user, system. To install software and to to start adbd when the nook reboots, you'll need to get root access. I

You can download just what you need here on the wiki: File:Rageagainstthecage.zip. This zip file contains a file called ratc.bin. According to the author's instructions, this is how you use it:

adb push ratc.bin /sqlite_stmt_journals
adb shell
$ cd /sqlite_stmt_journals
$ /system/bin/chmod 0777 ./ratc.bin
$ ./ratc.bin

(several lines of output follow -- don't do anything, a few seconds later adb will disconnect you)

adb kill-server
adb connect 
adb shell
#

If you see the '#' prompt after the last adb shell command, that means it worked. Proceed quickly to the next step, since this exploit has been known to crash the device shortly after use, and now that you have root, you want to configure your nook to start up with adbd running.

If that didn't work

Sometimes, this exploit fails -- either the adb connect command will fail or the adb shell command will give a '$' prompt instead of a '#'. In the second case you can try starting over from the ./ratc_bin step; in the first, the only choice is to start over from the beginning. In both of these cases I have found it necessary to do a hard reboot of the nook (hold down the power button for 4 seconds, until the e-ink screen goes blank to shutdown, then hold it down again to boot) since the exploit leaves the system in an unstable condition, especially if it fails.

If your nook becomes unstable too quickly, the following procedure may work more reliably (it worked for me). Once you get the non-root shell:

adb pull /init.rc
(edit the file as per "keeping root access" below)
adb push ratc.bin /sqlite_stmt_journals
adb shell
$ cd /sqlite_stmt_journals
$ /system/bin/chmod 0777 ./ratc.bin
$ ./ratc.bin

(several lines of output follow -- don't do anything, a few seconds later adb will disconnect you)

adb connect 
adb push init.rc /


RageAgainstTheCage was made by c-skills and Android Exploid Crew, credit where due. The source can be found at: [1]

Keeping root access

Now that you have root access, the first thing you should do is edit the /init.rc file to reconfigure your nook to start adbd with root access on every reboot. Download the file with:

adb pull /init.rc

Edit this file with a plain text editor and make a change around line 432. It says:

service adbd /sbin/adbd
    disabled

Change 'disabled' to 'enabled,' save, and push this version to your nook:

adb push init.rc /

You're set! You may want to reboot your nook now because the exploit in the previous step can leave the system in a precarious state which is likely to use the battery up quickly.

FAQ

This is too hard! Can you help me?

Somebody else who understands this stuff should be able to make it easier, and I do hope they help and comment. Neilk 09:51, 27 February 2011 (PST)

I tried the website like 10 times and it didn't work

Be patient! I was about to give up myself. I probably ran it 20-30 times before I got the adb connection. I recommend making a bookmark for the site instead of using the history, it seemed faster. You'll want to first bookmark http://goonies.be/~neilk/ and then edit the bookmark to http://goonies.be/~neilk/adbd.html - if you try to bookmark the site directly it will crash the webbrowser and not save the bookmark.

I tried this and my nook doesn't work at all! What do I do now?

This has not happened so far and I don't expect it to, but if it does, don't fear--you can always do a restore to stock firmware.

Views
Personal tools
  • Log in / create account
Navigation
nookDevs Team
miscellaneous