Author Topic: How To Root And Unroot The ThinkPad Tablet (Read 58864 times)

ChadH42 · « **Reply #15 on:** January 23, 2012, 10:28:39 AM »

No PINs or passwords here.
My Tablet displays the Login screen for Configuration Server when the Exploit starts and the tablet stays there.

S.Prime · « **Reply #16 on:** January 23, 2012, 11:33:17 AM »

Make sure Android Phone shows in Device Manager and not just TPT under Portable Devices. If the TPT is only shown as a Portable Device in Device Manager, then delete it under Portable Devices and then scan for hardware changes and reinstall the ADB driver from Lenove and Android Phone should show up with the Thinkpad Tablet listed under it as well as the TPT listed under Portable Devices. After the Android Phone shows up in Device Manager, you should be able to complete the root exploit.

ChadH42 · « **Reply #17 on:** January 23, 2012, 12:03:18 PM »

ADB is working fine. I have accessed the tablet from my windows 7 machine with ADB and the driver isn't the issue.

S.Prime · « **Reply #18 on:** January 23, 2012, 12:44:50 PM »

Do you have the option of running the exploit on a different computer? If not I would suggest contacting the developer.

IT Service Professional, I Just Want a Device to Be Productive

GodfatherIP · « **Reply #19 on:** January 23, 2012, 01:09:42 PM »

ChadH42, you could try doing it manually if you are somewhat comfortable with ADB. StefanLohmaier posted the commands that you must enter here: http://pastebin.com/fxAATnEM

One advantage of this is that you might be able to see where it fails and get more help with specific troubleshooting. Also I think you will need to place all of the necessary files (thinkpwn, superuser.apk, su, busybox) into your current directory (i.e. C:\Users\[Your Username]\) when you do it manually.

ChadH42 · « **Reply #20 on:** January 23, 2012, 01:16:52 PM »

Thanks all. I have tried the manual process and the exploit fails in the thinkpwn code. I need to work with the developer.

I'll let you know how it goes :-)

obscure.detour · « **Reply #21 on:** January 23, 2012, 01:33:58 PM »

I have since tried the exploit on my gf's laptop. Unfortunately, the exploit still fails after rebooting and it attempts to install root tools and my TPT reboots again and the process fails.

djrbliss figured out why it was continually rebooting and I've successfully applied the same changes to get my TPT out of a bootloop. (simply using adb push to copy a blank local.prop to /data) -> this fixes the bootloop.

I have lockscreen disabled and ADW installed.

Will be trying it manually soon.

Daniel · « **Reply #22 on:** January 23, 2012, 01:58:52 PM »

Beat me to it! I've been recently playing around with a little setuid bug in the kernel but in honour to protect exploits from Lenovo, not going to be released.

Anyway, I'll send $10 over to your PayPal, I've also created a Mac One-Click-Root version of your exploit for Mac OS X called PadCrack.

http://www.landofdaniel.com/PadCrack.zip

I'll also make a Linux version if one isn't out in a few days,

(If my app keeps saying Waiting for Device when first ran and you have your device plugged in, just unplug it and plug it back in again)

ron2k_1 · « **Reply #23 on:** January 23, 2012, 02:47:02 PM »

Quote from: S. Prime on January 23, 2012, 11:33:17 AM

Make sure Android Phone shows in Device Manager and not just TPT under Portable Devices. If the TPT is only shown as a Portable Device in Device Manager, then delete it under Portable Devices and then scan for hardware changes and reinstall the ADB driver from Lenove and Android Phone should show up with the Thinkpad Tablet listed under it as well as the TPT listed under Portable Devices. After the Android Phone shows up in Device Manager, you should be able to complete the root exploit.

So, just to confirm; you're saying that the TPT will show up both as an Android Phone AND as Portable Device on Device Manager? On my win7 SP2 32 bit laptop shows as either one depending on my selection when the tablet prompts me what to do as soon as I connect the micro USB. Look at my previous post for more detail.

Kindly confirm to us whether it should show under both locations. And whether you'll still be able to browse folders under My Computer, because when the Android Phone shows up on my computer, it only shows as "Removable Drive" on "My Computer" but I can't go into it to browse any folder.

Thanks

Sent from my iPhone using Tapatalk

S.Prime · « **Reply #24 on:** January 23, 2012, 03:13:37 PM »

On my office system, Windows 7 Ultimate 64 bit it shows both in Device Manager, I will check it on my laptop when I have a chance and see if it shows the same.

IT Service Professional, I Just Want a Device to Be Productive

ron2k_1 · « **Reply #25 on:** January 23, 2012, 03:44:27 PM »

Quote from: S. Prime on January 23, 2012, 03:13:37 PM

On my office system, Windows 7 Ultimate 64 bit it shows both in Device Manager, I will check it on my laptop when I have a chance and see if it shows the same.

IT Service Professional, I Just Want a Device to Be Productive

And it still shows up on your My Computer section? Cause on mines if I select MTP as soon as I connect the USB cable it shows as a portable media player on my computer and I can see a whole array of folders in there, but then I wouldn't see the TpT under Android Phone, but under Portable Device.

Ron

Sent from my iPhone using Tapatalk

obscure.detour · « **Reply #26 on:** January 23, 2012, 07:36:38 PM »

Ron,

I honestly don't know what to tell you. I've tried it on multiple computers and here is what I'll recommend.

Disable Lock screen. It is is Settings > Location & security > Lock screen > switch to off.
Leave USB settings alone. Settings > USB settings > Ask on connection

You should still have adb access even if you have it on "ask on connection." I would personally hit cancel, leave it, or select low-charge-only. Don't select MTP.

I've backed up my important files. Went ahead and did a factory reset on my device, it is indeed running 0075_US. After first boot, tested adb shell access and attempted the root exploit again. Unfortunately, it failed again in the same spot as before. Once the option to reboot is given, the TPT reboots, script attempts to install root tools and it fails due to the device rebooting again. (At this point the tablet is in a constant bootloop upon OS boot it waits a few seconds and reboots).

I've booted to recovery and did a adb push of a blank local.prop to populate upon next boot and everything is fine now. That is device isn't in a state of bootloop, but I am not rooted

Just an update. Cheers.

Blaze9 · « **Reply #27 on:** January 23, 2012, 09:14:16 PM »

Quote from: obscure.detour on January 23, 2012, 07:36:38 PM

Ron,

I honestly don't know what to tell you. I've tried it on multiple computers and here is what I'll recommend.

Disable Lock screen. It is is Settings > Location & security > Lock screen > switch to off.
Leave USB settings alone. Settings > USB settings > Ask on connection
You should still have adb access even if you have it on "ask on connection." I would personally hit cancel, leave it, or select low-charge-only. Don't select MTP.

I've backed up my important files. Went ahead and did a factory reset on my device, it is indeed running 0075_US. After first boot, tested adb shell access and attempted the root exploit again. Unfortunately, it failed again in the same spot as before. Once the option to reboot is given, the TPT reboots, script attempts to install root tools and it fails due to the device rebooting again. (At this point the tablet is in a constant bootloop upon OS boot it waits a few seconds and reboots).

I've booted to recovery and did a adb push of a blank local.prop to populate upon next boot and everything is fine now. That is device isn't in a state of bootloop, but I am not rooted

Just an update. Cheers.

Hey Obscure,

I have the same issue as you. As soon as I wait for the first reboot, the tablet reboots again, and gets stuck in a boot-loop. I tried issuing the commands manually and this is my result

Code: [Select]

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Blaze>adb kill-server

C:\Users\Blaze>adb wait-for-device
* daemon not running. starting it now on port 5037 *
* daemon started successfully *

C:\Users\Blaze>
C:\Users\Blaze>adb push thinkpwn /data/local/tmp/thinkpwn
cannot stat 'thinkpwn': No such file or directory

C:\Users\Blaze>adb push X:\Users\Blaze\Downloads\Compressed\Thinkpad_Root_Window
s\Thinkpad_Root_Windows\thinkpwn /data/local/tmp/thinkpwn
325 KB/s (5993 bytes in 0.018s)

C:\Users\Blaze>adb shell "chmod 755 /data/local/tmp/thinkpwn"

C:\Users\Blaze>adb shell "/data/local/tmp/thinkpwn"
[*] Thinkpad Tablet Root Exploit
[*] Copyright (c) 2012 Dan Rosenberg (@djrbliss)
[1]   Segmentation fault      /data/local/tmp/...

C:\Users\Blaze>adb shell "rm /data/local/tmp/thinkpwn"

C:\Users\Blaze>adb reboot

C:\Users\Blaze>adb wait-for-device

C:\Users\Blaze>adb wait-for-device

C:\Users\Blaze>adb remount
error: protocol fault (no status)

At this point it still stuck on a reboot loop. Have to restore the tablet or rebuild the prop as you said earlier.

Phish · « **Reply #28 on:** January 23, 2012, 11:08:30 PM »

I just wanted to add that I always clicked the MTP option when the menu popped up. I got the ADB driver thing working fine and rooted my tablet without any issues. I'm on Windows 7 64 bit by the way.

Phish

Blaze9 · « **Reply #29 on:** January 23, 2012, 11:19:40 PM »

Quote from: Phish on January 23, 2012, 11:08:30 PM

I just wanted to add that I always clicked the MTP option when the menu popped up. I got the ADB driver thing working fine and rooted my tablet without any issues. I'm on Windows 7 64 bit by the way.

Phish

I also wanted to add to my post that I rooted 3 other tablets using the same exact computer, port, and even wire (all within 10 minutes). No idea why mine isn't rooting.

How To Root And Unroot The ThinkPad Tablet

Sponsors

Hot Topics

Facebook Like

Sponsors

Board Stats