Slashdot Mirror
T-Mobile G2 'Permaroot' Achieved
VValdo writes "After over a month of relentless hacking, genius scotty2 has finally smashed the G2's notorious emmc-read-only-on-boot mechanism, which had been incorrectly characterized in the press as a 'rootkit.' The hack involves several steps — first achieving 'temp root' through a fork bomb exploit, then running a specially crafted kernel module that power-resets the read-only emmc to bring it up in read-write mode. Finally, the bootloader is re-flashed, which permanently removes the read-only on subsequent boots. The whole process is expected to be automated by tomorrow."
"Buying" a device that doesn't become yours and then going through extreme measures to make it yours doesn't help anything. It hurts everybody in the end, because (a) it makes the next round of devices even MORE locked down to since they learned from last time, and (b) it doesn't exert economic pressure against this sort of lock down to begin with.
while i am against total lockdowns that cripple a phone(think VZW) I do think that some security is in order.
Donate to scotty2 (for root): walker.scott@gmail.com (PayPal)
You know what they say, irc logs are the first draft of history and they're linked from the wiki, so I'll make this brief. Scotty2, whose early successes include hacking the unhackable gsm RAZR, had a plan of attack that went directly for the eMMC chip through a kernel module. Though sidetracked by a month of other avenues, including the traditional radio and bootloader exploits, buffer overflows and the rest while building a war chest of knowledge about kernel modules (try building a kernel module for a kernel without source sometime) and patiently educating me (sometimes too patient), it came back to the same GPIO 88 that had been looked at a month earlier, and the same method. After the "hard reset" attempt of the eMMC module failed it was clear to him that only powering down the chip would allow the write protect to be disabled (or a reset line but that was either/both not connected or disabled in the eMMC's configuration). So the next month was spent trying to find a way to power down this chip. The reality is HTC was really clever and didn't actually use GPIO 88 itself in the traditional way, but instead used it as a pull down against the eMMC's power line (we think) so that changing the GPIO's configuration and not it's level would reset the chip. This is exactly what HTC's bootloader does when it needs to disable the write protect. If you follow the IRC logs from last night you'll see that it was finally looking at what parameters were being passed to the gpio_config (name is guessed) function, which didn't make any sense for just switching the value of the GPIO line. I know, personally, I had fun and hope you can see that from all the source on github.com/tmzt which is scotty2's, mine, and others. It's all there for anyone who needs to get into a locked down kernel (tivoized) on ARM, so you don't have to start from scratch.
Because these are not phones. These are miniature computers that handle phone calls as a subset of their capabilities.
The software that controls my engine/drive-by-wire has a singular purpose, and is basically a bunch of tables with a bit of microcontroller code to flip through them. Smartphones are much, much more and tend to play a greater role in people's day to day activities.
And if you ask Apple and Microsoft, mobile is where the market is going to be moving heavily. Not necessarily to the exclusion of the desktop market, but still heavily. And, frankly, I don't see the mobile space being controlled so heavily by vendors with vested interests in controlling what you do and how as a good thing.
Allows you to run on the G2, non-T-Mobile versions of the Android operating system.
All I have to say is this, as an owner of two android phones, the second only because it physically fell apart from (ab)use and from someone with a love for the platform:
Looks like we still have that 'DON'T USE APPLE BECAUSE IT'S A CLOSED TOTALITARIAN SLAVE PLATFORM!!!! COME TO ANDROID WHERE ITS FREE AND OPEN AND CHAMPAGNE AND PUPPIES!!!!!!' card, right lads? I mean, we're still laughing at the silly iPhone users having to jailbreak their phones so they can run what they want, right chaps? Right?
Now while we're at it, can I can a 'connect phone, run program, press button and you're done' solution for rooting my HTC Wildfire? I'm perfectly happy of course, to run adb and replace my bootloader and all the other things that used to get me wet while I was a student - isn't that the definition of open? - but I get the feeling that we could make it just as easy as those Apple user fellows and not lose any of the openness. Right guys?
Sarcasm away, that dream is gone, guys. The phone networks got to you and Google gave up. If you're going to carry on tooting about the openness of Android to users (they couldn't care less if their developers have to pay to develop or not) then you need some other talking points.
What does rooting the Android accomplish?
Maybe fixing some of the crappy base functionality that come with the phone and can't be replaced by normal apps? For example, the alarm clock that wouldn't stop ringing until I pulled the battery. And countless other major warts that Google is not doubt horribly embarrassed about, but not so embarrassed as to fix or take patches for.
Have you got your LWN subscription yet?
Nokia N900. Debian Linux ported to ARM with a small-touchscreen-friendly interface. Comes with a terminal app; open that; type "su" and hit Enter. The default root password is publicly available (good idea to change it). People complain that its app store is lacking, and they're right, but they're also missing the point: the thing *runs desktop Linux*!
It has repositories.
sudo apt-get install <foo>
You can even compile from source taballs right on the phone, if you really want to / there's no pre-built binaries.
The browser is Gecko-based, and includes Flash. You can install AdBlock Plus if you want. You can even install mobile Firefox and get the full Firefox experience, with extensions. You can also install other browsers, if you prefer. Nothing is stopping you.
The main downside is that it's a due for a refresh. The hardware runs the OS and apps fine, but it's not terribly impressive by modern smartphone measures.
There's no place I could be, since I've found Serenity...
He didn't actually say anything negative about android. It's the handset manufacturers that are doing this at the behest of the telephone companies.
All the evil is coming into the pipe _after_ android, down in the boot loaders and the skins.
And Google doesn't actually have the Apple Fanboy features that Apple has. Google knows that they will be held to some account by their fickle fan base if the screw up or let their brand get _too_ tarnished by the handset cartel.
It is a given that "Apple can do no wrong" as far as an Apple Fanboy is concerned. Google has simply not done wrong enough yet to deserve derision as far as Android is concerned.
Not the same thing at all. In fact, there are legions of people waiting to catch Google out to crucify them.
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
What does rooting the Android accomplish? Beyond the ability to change your prompt... what is the result of this?
I don't have an Android so if somebody could enlighten me (and I'm sure others as well).
Much appreciated.
AC
Well, I will tell you what. Among a number of interesting things, rooting allows you to run any of a number of third-party operating system ROMs. One guy even got Debian Linux running on a G1 (not too practical, but it shows the power of an open device.) My personal favorite, and by far the most popular, is the Cyanogenmod ROM. Keep in mind that the relatively open nature of the open-source Android operating system has made this a legitimate affair: this is not remotely comparable to what iPhone users suffer under Apple's heavy-handed rule. Frankly, having used Cyanogen's product (generally faster, more stable, and more featureful than the stock firmware) for over a year now, if a particular phone won't let me install it ... well, that's one handset I won't be buying. More interestingly, Cyanogen (aka Steve Kondik) has a close relationship with the lead Android developers at Google, and much of his team's work has been used to improve the mainstream OS, so even those who are running the stock firmware have benefited. Are you listening, T-Mobile? Yeah, and that applies to the rest of you bloodsuckers as well: open is good for your customers, and good for your business.
Here's the deal folks. It was one thing when we were all using not-particularly-smart phones that had a few built-in applications, a camera, and maybe some extra flash to store a few MP3s. That's not what we're talking about here: these are not cellphones, they're personal computers that happen to fit in your pocket. I cannot accept that cell phone carriers (who are, after all, just fat pipes, not gods) have an intrinsic right to determine what operating system and/or applications we can use on our rather powerful pocket computers. I wouldn't accept that treatment from a PC vendor, and I see no reason for society to accept that from corporations who have spent years trying to convince us that they absolutely must limit the potential of these devices in order to "manage their networks", to provide us with a "better user experience." Of course, we all know what it means when a carrier is in control of the user experience. I will decide upon the kind of experience I want, and so far as network management goes, well that's not my problem. I expect to be provided with the service that I pay for, and that includes a hands-off approach to the phone and it's software. It's my pocket computer, not yours. Just deal with that, and stop trying to use it as an alternate revenue source.
The higher the technology, the sharper that two-edged sword.
Enables you to install a kernel with proper support for Bluetooth HID, so you can use a folding keyboard and/or bluetooth gamepad with the phone.
Enables you to create a swapfile and use virtual ram. See, Android has an official mechanism for reclaiming memory used by suspended apps, but it's not instantaneous. If you buy Class-6 (or faster) microSD flash, it's faster to just swap a chunk of ram to the flashcard than it is to wait for the app to shut itself down, save its state, and release its memory so something else can use it. If you use class 4 flash, it'll be roughly the same speed either way. If you use class 2 flash, swapping is slower. As you've probably guessed, the free microSD card that comes with most Android phones is only class 2.
Tether for free. Sprint charges $30/month extra if you want to tether without rooting.
Run the CPU faster. Unlike (Intel) desktop CPUs, phone CPUs don't really have a hard upper speed limit. They just go through a point where your battery life totally goes to hell, then a zone where they're kind of flaky and it crashes a lot, then finally a zone where it's almost impossible to use for more than a few minutes WITHOUT crashing. A rooted G2 can run at 1GHz without breaking a sweat, and I'm pretty sure I read that they're generally stable up to around 1.6GHz. The catch is, your battery will last about an hour at that speed.
You can use Samba to make your /sdcard filesystem accessible over the network as a normal Netbios share.
You can use OpenVPN. Unrooted Android can't use it, not even as a client.
You can install sshd and use SSH to securely connect to a root shell on your phone.
You can install thirdparty SSL root certs.
You can use Tor.
Those are just a few things off the top of my head. There are a lot more.
Make it known to any Google representative who will listen (warning: these are few and far between) that you regard the company as hypocritical and cynical, and not worthy of your trust unless the rights of owners of phones running Android/Linux are fully respected.
Right. Look: google doesn't even give a shit about the fact that people have been complaining for YEARS about the lack of group support in Android's contact manager and poor company name support (for example, it is impossible to search for your contact at Widgetco. That's a BIG problem for someone with a couple hundred business contacts, like a salesperson.)
Something my Siemens phone could do back in the early 2000's (bluetooth sync my contacts with the Macintosh Address Book, complete with groups), something my original iPhone did since day 1...Android can't. Well, it sort of does- but it made an utter fucking mess of things when I enabled syncing.
There's all sorts of half-assed-ness throughout Google products and in particular Android. For example, you can use groups in Google Voice to manage call handling behavior per-group, but only by using the Gmail Contacts interface- not your phone. You can't add a calendar to Google Calendar from your phone. Google Voice doesn't accept mp3 voicemail announcement uploads, something Youmail has supported since day 1.
The music syncing sucks (doubletwist can bite my shiny iPhone), the music player sucks (both stock and free alternatives, though at least the free alternatives have lockscreen systems), and there's all sorts of annoying 'holes'- like not being able to add a calendar from your phone.
Please help metamoderate.
The G2 keyboard is pretty nice, but Goog totally dropped the ball on handling special symbols. You simply cannot enter the special symbols with the keyboard and the cursor control is way broken. These are software issues. Just one of a huge list of little warts marring a decent product.
If the Android project were truly open such issues would be well on their way to being fixed by now. But it is not truly open and satisfactory solutions will therefore not come from Google, they will come from people who like to fix things for the love it, not just to pull down a paycheck. And that in a nutshell is why root access and community built roms are essential to the continued success of Android.
Have you got your LWN subscription yet?