HOW TO: Root ANY Xoom Family Edition - Up to date as of May 2012

[inf3rno1]

So this forum, and any of the info regarding rooting the FE, is starting to get outdated and confusing. If you have an FE with the 06 software, you can still root it, thanks to Dan Rosenberg, and ofcourse evil_devnull even though he has since moved on to other devices (please come back and continue development!)

You can use OSX, Windows and Linux. I found it extremely easy to do on OSX, and didn't even need to install any drivers or anything SDK related. I did have a much harder time using my Windows partition, though that could have been because its Windows 8 CP.

Go to Security Research by Dan Rosenberg and download the corresponding software package. OR just use the links below.

After confirming that cmdclient is installed setuid root, I pulled up IDA and took a look at what it does. What I saw was so broken it was hard to believe.

The first few arguments cmdclient supports are “ec_recovery”, “ec_btmac”, “ec_snid”, “ec_skunumber”, and “ec_imeiwithbarcode”. Each of these commands builds a command string using the second argument (such as “echo [arg] > /sys//EcControl/RecoveryMode”) and executes it using system(). These are all trivial command injection vulnerabilities: something like “cmdclient ec_skunumber ‘; [my cmd];’” works fine to execute arbitrary commands as root. Ok, device rooted, that was easy.
But one of the other cmdclient options was so ridiculous that it’s hard to believe it isn’t a deliberate backdoor. “cmdclient sys_open” will perform a “chmod 777 /data” and “chmod 777 /cache”, among a few other things, which obviously cripples the security of the device and allows gaining root yet again. They might as well rename the application “own_my_device_now”.

If you’re a Xoom FE owner, you can download a Windows root script here or a Linux/OSX version here. Install the appropriate Motorola drivers, connect your device via USB, extract the appropriate zip, and execute “run.bat” (on Windows) or “run.sh” from a terminal (on Linux/OSX). Enjoy.

Enjoy!

[Ads]

[hotpants]

Thanks for the post. I did, however, have problems with rooting from my Mac. The files I downloaded from the links above did not have the adb file. This is required in order to root the device. I ended up downloading the android SDK and installing the platform-tools package. (Instructions on downloading and installing SDK and platform-tools: Installing the SDK | Android Developers) Then after installing the SDK and platform-tools copy adb over to the extact same folder you extracted the root script into. if you're using MAC be sure to change the file extension to ".osx" otherwise you will see the following error: "./run.sh: line 55: ./adb.osx: No such file or directory". You should have no problems rooting after that.

[ggrant3876]

Thanks for the post. I did, however, have problems with rooting from my Mac. The files I downloaded from the links above did not have the adb file. This is required in order to root the device. I ended up downloading the android SDK and installing the platform-tools package. (Instructions on downloading and installing SDK and platform-tools: Installing the SDK | Android Developers) Then after installing the SDK and platform-tools copy adb over to the extact same folder you extracted the root script into. if you're using MAC be sure to change the file extension to ".osx" otherwise you will see the following error: "./run.sh: line 55: ./adb.osx: No such file or directory". You should have no problems rooting after that.

Welcome to the forum. Glad you decided to join us. We had a dev working here on the FE but he sold it and moved along.

Motorola Xoom Family Edition Development

[zippy76543]

if you want jellybean for the xoom fe sign this petition https://www.change.org/petitions/mot...-to-jelly-bean

[ggrant3876]

if you want jellybean for the xoom fe sign this petition https://www.change.org/petitions/mot...-to-jelly-bean

Welcome to the forum. Glad you decided to join us.

[SirLoin]

So has any rooky/non-developer type tried this with success on a Xoom FE with the Build number Moto_MZ505_1.0006.01_Wifi_Gen (aka "6")? Should I first follow other steps listed under the Rooky/Rooting thread [HOW] Rookie Rooting, Flashing And UnRooting Under One Roof to create a backup or something? After reading all about Rooting an "FE" and figuring out that it can't be done and then finding this post that says O Hell yeah it can, I am leary to jump at it. I'm the kind of guy who reads the reviews on stuff and when 100 people say whoopie it works, I buy it. There is very little feedback on this instant back door, which I find odd at 3AM but maybe I shouldn't have had a Monster for a night cap. Hotpants replied with the need for the OSX file extension ( I have no idea what that refers to). But I don't see any non-expert Xoom FE users claiming victory. Rosenberg sure sounds brilliant and speaks more fluently in tech jargen than the people who coined the word Noob on Halo, but is the simple solution that easy?

Xoom Rox

[trter10]

So has any rooky/non-developer type tried this with success on a Xoom FE with the Build number Moto_MZ505_1.0006.01_Wifi_Gen (aka "6")? Should I first follow other steps listed under the Rooky/Rooting thread [HOW] Rookie Rooting, Flashing And UnRooting Under One Roof to create a backup or something? After reading all about Rooting an "FE" and figuring out that it can't be done and then finding this post that says O Hell yeah it can, I am leary to jump at it. I'm the kind of guy who reads the reviews on stuff and when 100 people say whoopie it works, I buy it. There is very little feedback on this instant back door, which I find odd at 3AM but maybe I shouldn't have had a Monster for a night cap. Hotpants replied with the need for the OSX file extension ( I have no idea what that refers to). But I don't see any non-expert Xoom FE users claiming victory. Rosenberg sure sounds brilliant and speaks more fluently in tech jargen than the people who coined the word Noob on Halo, but is the simple solution that easy?

Xoom Rox

You can't use that post you linked because you can't flash a recovery on this device. So nor can you unbrick or flash roms/kernels.

You can root it with this post but you can't do much more.

[SirLoin]

Now that I'm not dealing with caffine psycsosis... After I root it, do I follow the other posts to upload different Roms? If not, then rooting still offers more control of the device so it's still worth considering.

Xoom Rox

[ggrant3876]

Now that I'm not dealing with caffine psycsosis... After I root it, do I follow the other posts to upload different Roms? If not, then rooting still offers more control of the device so it's still worth considering.

Xoom Rox

AFAIK there are no roms for the FE.

[SirLoin]

This is very easy to do. Thank you.
Root-Complete.jpg