By Joe Levi | August 26, 2011 4:49 PM
The Motorola Droid 3 has been rooted! What’s even more impressive was that it was done without the developer ever having touched a Droid 3. While that is impressive, the process itself is even more so!
After performing an audit of the platform, it was discovered that the contents of /data/local are group “shell” and group-writable. That means the contents of the directory can be modified using ADB. In Linux (and Android, by extension), you can replace a directory with a “symbolic link” (or “symlink”), essentially, a pointer to another location. Additionally, when you reboot the device, it will change the ownership of the symlink target to group “shell”, which can be used to edit property files and achieve root.
Here’s what to do:
0. Assume the risks of potentially harming your device
1. Enable USB debugging on your smartphone
2. Connect your smartphone to your computer via USB
3. Open a command prompt and navigate to the Android SDK tools folder (which contains the ADB files)
4. Type adb shell (enter)
5. Type mv /data/local/12m /data/local/12m.bak (enter)
6. Type ln -s /data /data/local/12m (enter)
7. Press the power button to physically reboot the phone
8. When it has rebooted, connect using adb shell again
9. Type rm /data/local/12m (enter)
10. Type mv /data/local/12m.bak /data/local/12m (enter)
11. mv /data/local.prop /data/local.prop.bak (enter)
12. echo “ro.sys.atvc_allow_netmon_usb=0″ > /data/local.prop (enter)
13. echo “ro.sys.atvc_allow_netmon_ih=0″ >> /data/local.prop (enter)
14. echo “ro.sys.atvc_allow_res_core=0″ >> /data/local.prop (enter)
15. echo “ro.sys.atvc_allow_res_panic=0″ >> /data/local.prop (enter)
16. echo “ro.sys.atvc_allow_all_adb=1″ >> /data/local.prop (enter)
17. echo “ro.sys.atvc_allow_all_core=0″ >> /data/local.prop (enter)
18. echo “ro.sys.atvc_allow_efem=0″ >> /data/local.prop (enter)
19. echo “ro.sys.atvc_allow_bp_log=0″ >> /data/local.prop (enter)
20. echo “ro.sys.atvc_allow_ap_mot_log=0″ >> /data/local.prop (enter)
21. echo “ro.sys.atvc_allow_gki_log=0″ >> /data/local.prop (enter)
22. Press the power button to physically reboot the phone
Just in case you were wondering, ro.sys.atvc_allow_all_adb is a Motorola-specific property that prevents ADB from dropping its root privileges.
Congratulations! You should now have root!