Code: adb push debugfs /data/local/ adb push su /data/local/ adb shell

Code: $ cd /data/local/ $ mv tmp tmp.back

FOR TRANSFORMER (TF101 TF201 TF300T TF700T) ONLY:

Code: $ ln -s /dev/block/mmcblk0 p1 tmp $ exit

FOR PADFONE ONLY:

Code: $ ln -s /dev/block/mmcblk0 p21 tmp $ exit

FOR SAMSUNG GALAXY SII ONLY:

Code: $ ln -s /dev/block/mmcblk0 p9 tmp $ exit

FOR SAMSUNG GALAXY TAB 2 7" ONLY: (see http://forum.xda-developers.com/show....php?t=1791193 thx to Nesquick95)

Code: $ ln -s /dev/block/platform/omap/omap_hsmmc.1/by-name/FACTORYFS tmp $ exit

Code: adb reboot adb shell

Code: $ cd /data/local

Code: $ toolbox chmod 755 /data/local/debugfs $ /data/local/debugfs -w /data/local/tmp debugfs: cd xbin debugfs: rm su NOTE: if this is your first attempt, you should see an error message here, simply ignore it debugfs: write /data/local/su su debugfs: set_inode_field su mode 0106755 debugfs: set_inode_field su uid 0 debugfs: set_inode_field su gid 0 debugfs: quit $ rm /data/local/tmp $ mv /data/local/tmp.back /data/local/tmp $ exit

Code: adb reboot adb shell $ /system/xbin/su # id id=0(root) gid=0(root) .... # exit

Code: $ rm /data/local/su $ rm /data/local/debugfs $ exit

Next step is to install ASAP the superuser app from the market, since my version of su is home-made, and was not designed with security in mind.



check for an update

Quote: Originally Posted by sparkym3 Originally Posted by I have created an automated tool using this root method and am looking for confirmation that it works on a Transformer 300.



http://forum.xda-developers.com/show....php?t=1706588

Hello,I managed to root my TF300 this week-end.Since the method of downgrading to .17, getting root, then waiting for Asus to update it again OTA to .29... was not really satisfying to me, I found a simpler (and hopefully safer) way to do it.Story short: instead of getting write access to mmcblk0p4 to write a blob (as in method #2 of http://forum.xda-developers.com/show....php?t=1622628 ), I'm getting write access to mmcblk0p1 to write a single file, with suid perms.Here is the full guide, and the link to the binaries at the end.Please be sure to read it until the end, and to understand every line of it. I thus encourage you to read the debugfs manpage here: http://linux.die.net/man/8/debugfs Of course, there is no garantee for this to work or to not brick your device, especially if you don't understand what you type, so RTFM twice.Here is now the full guide:Rooting the Asus Transformer TF300T===================================: first, use known method to get write access to the /system partition: some cleanup first: and now, let's do the dirty work: done, let's reboot and get root !: cleanup remaining filesAfter installation, or if you previously installed, open it and, there should be one available. This will replace the non-securised su binary with the one provided by superuser. Reboot when asked to, and you're done.And now here is the link for the binaries:The source code of su is given, and debugfs was compiled natively from a gentoo chroot inside my Transformer (the first version was cross-compiled but segfaulted now and then).Please let me know how it goes for you.Credits: wolf849 for the symlink exploitEDIT0: sparkym3 created a tool integrating this procedure. Although it seems to work only on Windows, a "few" users could make use of itHere is the URL:EDIT1: Here are the devices successfully rooted so far:ASUS TF300T .26 .29 .30ASUS TF201 .21 .28ASUS TF101 S/N B70* .24ASUS PadFone IML74K.CHT_PadFone-9.18.8.41_CHT_9.1.15-0ASUS TF700TSAMSUNG Galaxy II ICS 4.0.3SAMSUNG Galaxy Tab 2 7"milo