Slashdot Mirror
T-Mobile G2 'Permaroot' Achieved
VValdo writes "After over a month of relentless hacking, genius scotty2 has finally smashed the G2's notorious emmc-read-only-on-boot mechanism, which had been incorrectly characterized in the press as a 'rootkit.' The hack involves several steps — first achieving 'temp root' through a fork bomb exploit, then running a specially crafted kernel module that power-resets the read-only emmc to bring it up in read-write mode. Finally, the bootloader is re-flashed, which permanently removes the read-only on subsequent boots. The whole process is expected to be automated by tomorrow."
Security is in order, sure, but should the end user wish to assume direct control then it should be a trivial process that requires the user be in physical contact with the device (such as holding down a button.) Not requiring the user to find a local exploit to grant them shell or terminal access like a 3rd party attacking the system.
But between the carrier and the vendor, you are a 3rd party attacker. This is why I have no respect for most vendors nor for any of the carriers.
What "security" does this give you though? Its becoming increasingly obvious that many vendors -cough- Motorola -cough- want to lock down phones while not providing updates. When I buy a phone, subsidized or not, I should have the right to use it in the way that I want to. Whether that is jailbreaking, rooting, unlocking, etc. the phone. It is counter-productive for HTC/Motorola/Samsung/etc. to keep locking down their phones because what does it really gain them? A bunch of pissed off customers that their device won't be upgradeable past Android 1.6?
Taxation is legalized theft, no more, no less.
So what then is your suggestion?
Continue to pay for something you can never really own?
Demonstrating that any lock down can be broken does exert pressure for the companies to stop wasting their resources.
Bringing a phone to market has real costs associated with it.
If they know it will be hacked (often before its official release date) why bother trying? Why spend all that money and time dicking around with some cat and mouse game where you are always the mouse, when your competition can get there quicker by avoiding the effort.
All they really need is an indicator that it WAS hacked so they can choose to honor the warranty or not, (Like the Nexus One, which gives you root at the press of a button, but makes it obvious you chose to take it).
Sooner or later we should start pushing for lock downs to be made illegal, and demonstrating that they are ineffective is as good a first step as any.
Sig Battery depleted. Reverting to safe mode.
Donate to scotty2 (for root): walker.scott@gmail.com (PayPal)
Demonstrating that any lock down can be broken does exert pressure for the companies to stop wasting their resources.
Not really. Most, if not every, lock down in the past few decades have been broken. Yet they still persist. They're not going to learn.
Because these are not phones. These are miniature computers that handle phone calls as a subset of their capabilities.
The software that controls my engine/drive-by-wire has a singular purpose, and is basically a bunch of tables with a bit of microcontroller code to flip through them. Smartphones are much, much more and tend to play a greater role in people's day to day activities.
And if you ask Apple and Microsoft, mobile is where the market is going to be moving heavily. Not necessarily to the exclusion of the desktop market, but still heavily. And, frankly, I don't see the mobile space being controlled so heavily by vendors with vested interests in controlling what you do and how as a good thing.
A government who tries to 'help' consumers by limiting what corporations can do can and will just as easily screw customers in favor of corporations. If you don't screw with the balance of power and instead leave governments out of things like this, consumers gain more control.
When you put that control into the government's hands it flip flops back and forth from control from the people to the corporations back to the people then back to corporate control again.
It is a fundamental right for people to be able to sell whatever product they wish so long as its not represented fraudulently and doesn't cause harm when used normally. Similarly, it is a fundamental right to use whatever product you purchased in whatever way doesn't harm others. When kept in balance, both sides balance each other out, sure, HTC can make a locked down phone, but it is a right for consumers to break it. When that balance of power doesn't exist like in copyright, either side demands more and more legislative protection which removes any balance and shifts it on one side or the other.
Indeed, it would be PUTTING POWER IN YOUR HANDS
At the expense of taking the power out of HTC's hands. You don't seem to see the historical precedent set by just about every law which shifts the power, it goes from one side to the other where both sides end up losing.
The FDA was designed to 'protect' consumers but yet it is used for big corporations to squash competition from smaller, localized, farmers. Copyright was designed to protect the artist and the public but yet it doesn't. Patents were designed to not monopolize knowledge but to free it from the grasps of guilds, but yet it is a monopoly. Etc.
The only sustainable way to have freedom is to allow businesses to do what they will and let consumers do what they will. It is only through that, that a sustainable and free equilibrium can be reached.
Taxation is legalized theft, no more, no less.
I don't defend the ability for corporations to leverage their power over people in unfair ways.
How is it unfair?
I go to buy a product, I am informed of the product and reasonably can know its limitations. I buy that product. I am able to use that product as I see fit.
Yes, I do think that phones should have to say on the packaging if they do not allow root/admin/superuser/etc. access. But saying that you can't sell them despite the fact that people were aware of the limitations is as silly as saying we should ban tomatoes because they don't give you the ability to fly.
Except when HTC utilizes their control over the design to ensure that you can't. Sort of like how no one has broken Motorola's lock down of the boot loader or kernel.
Oh yes, I forgot about the fact that I was held up at gunpoint and forced to buy Motorola products! I mean, I was just sleeping and a Motorola representative pointed a 9MM at my head and handed me a Droid and made me use it.
If you don't like it, don't buy it. There are phones sold pre-rooted without a contract. Go buy one of those if you want one.
Nonsense. Corporations have too much power and control information too well for there to be a truly informed consumer base. That and corporations deliberately leverage the ignorance of the masses for their own benefit. Corporations and people are not equal. As it stands they have way more in terms of rights, power, money, and political influence than you and will always use it to disenfranchise you and benefit themselves.
Oh yes, I forgot that everyone everywhere was a corporate shill and that every single review MUST be written by an agent of a corporation. Bullshit. If you truly want to inform yourself you can read support forums, reviews from different sites, listen to what people on /. have to say about it, look at your friend's devices, etc. There can be a truly informed consumer base, the thing is, most people have no desire to be informed. No one wants the -best-, the most reliable, etc. they just want to make a statement with it.
And no, corporations (unlike governments) require the masses to survive. People automatically have leverage over corporations when the government steps out of the way and lets the market work. If people really didn't want phones like these, they would all buy Nexus Ones or similar phones and HTC wouldn't be profitable making locked-down phones and would switch to the more profitable phones or face increased competition from Nokia/Samsung/Motorola/etc. and don't say that the masses "didn't know" about the fact it was locked down, its pretty damn obvious if they were searching for it that it was locked down.
Corporations don't control the information, consumers just don't want to look for the information.
Taxation is legalized theft, no more, no less.
Furthermore, destruction of the lock and use of the unlocked chest does not excuse the seller breaking into your house at night and attaching a newer, stronger padlock to the chest, locking you out of it again (OTA updates anyone?) Also, what about the people that bought outright? Are you going to argue that the device suddenly becomes the property of the telco when the person signs up for service?
Bloody anonymous cowards ...
> These are miniature computers that handle phone calls as a subset of their capabilities.
Actually, it's even deeper than that. With every Android phone I'm aware of, the actual low-level "phone" functions are handled by a separate CPU (or core that's partitioned off as a de-facto second CPU), runs its own firmware, and basically looks a lot like a metaphorical voice modem to the rest of the OS (not entirely a coincidence... the first PalmOS PDA phones were basically cobbled-together agglomerations of a voicemodem chipset with a PDA and a cell phone, tied together by a serial bus. The metaphor stuck, even if the underlying hardware has been massively consolidated into 2 or 3 chips).
It's pretty sad you believe that. For one, if you'd like a phone that lets you reflash the OS you are welcome to buy a Nexus One direct from Google. The nature of open source code means that the phones made entirely by HTC may do things you disagree with. But that's openness for you. Sometimes people will do things you disagree with. It would be fairly pointless to have an open source OS if Google had veto power over every way in which it was used.
I don't know what the potshot at management is about. I've worked here for over four years and have also had plenty of opportunity to observe Google management up close. If they were really as cynical as you believe, they wouldn't have ensured Android was open source and the Nexus One was reflashable out of the box would they? This is something that, what, 0.01% of people purchasing phones probably base a purchasing decision on. If that. Yet here we are, with a phone of highly competitive quality that is also open to operating system developers. I haven't seen any other organization produce such a device, have you?
Brilliant suggestion: buy a Nexus One. Best phone you can get right now. If you buy one of these locked down Android phones and whine about it, it's your own fault, and you are voting with your dollars for carriers to lock phones down. You are now part of the problem. Be part of the solution instead.
My G2 was rooted the day I got it and will soon be permarooted. This time, Google's weak kneed posture with respect to HTC's and T-Mobile's mean spirited abuse of the open source gift they have been given will come to no harm. Next time might be different. All the ISP's, the Android manfacturers, and especially Google, need to be put on notice that their open source rocket may fizzle and fall back to earth if they don't get a clue.
Why not get a Nexus one? It doesn't satisfy my hardware needs.
Have you got your LWN subscription yet?
Enables you to install a kernel with proper support for Bluetooth HID, so you can use a folding keyboard and/or bluetooth gamepad with the phone.
Enables you to create a swapfile and use virtual ram. See, Android has an official mechanism for reclaiming memory used by suspended apps, but it's not instantaneous. If you buy Class-6 (or faster) microSD flash, it's faster to just swap a chunk of ram to the flashcard than it is to wait for the app to shut itself down, save its state, and release its memory so something else can use it. If you use class 4 flash, it'll be roughly the same speed either way. If you use class 2 flash, swapping is slower. As you've probably guessed, the free microSD card that comes with most Android phones is only class 2.
Tether for free. Sprint charges $30/month extra if you want to tether without rooting.
Run the CPU faster. Unlike (Intel) desktop CPUs, phone CPUs don't really have a hard upper speed limit. They just go through a point where your battery life totally goes to hell, then a zone where they're kind of flaky and it crashes a lot, then finally a zone where it's almost impossible to use for more than a few minutes WITHOUT crashing. A rooted G2 can run at 1GHz without breaking a sweat, and I'm pretty sure I read that they're generally stable up to around 1.6GHz. The catch is, your battery will last about an hour at that speed.
You can use Samba to make your /sdcard filesystem accessible over the network as a normal Netbios share.
You can use OpenVPN. Unrooted Android can't use it, not even as a client.
You can install sshd and use SSH to securely connect to a root shell on your phone.
You can install thirdparty SSL root certs.
You can use Tor.
Those are just a few things off the top of my head. There are a lot more.
Who cares if they lock down the next phone. If we go by your idea and not root our current phones, then to the OEM, the phone is fully locked down already
If I go to my local computer store and spend $600 on a small laptop with a built in GSM adapter, would it be right to expect me to not have full access to my computer and do with it what I want? At the end of the day, its a computer, it has GSM access, its still mine and I should have full access to do what I want. Lets look at an android phone. Its a $600 mini computer with a GSM adapter. Or even a full PC with a dial up modem. There is no difference here.
Back when everyone had dial up internet, it was just as easy for a virus to command every PC it had infected to dial up the phones at the same time and DDOS the phone companies.
Yes, keep the RADIO locked down, but the OS, that should be the buyer's choice. Ship with the standard locked down OS and include a note in the box saying "If you feel the need to have full access to your new shiny toy/phone/computer do this... but, you might loose your warranty"
Monopolies have imploded before without regulation, and cartels are notorious for members who break away. "Deadly force" is one of the things not allowed in a free market.
Anyways, I'm not arguing that the free market is perfect or even better than a regulated market. I'm just arguing about the definition. Making up definitions to suit your ideology isn't right.
OC it to 1ghz, and you'll find it to be a match for most any current phone out there.
(Posted from my n900)