Slashdot Mirror
T-Mobile G2 'Permaroot' Achieved
VValdo writes "After over a month of relentless hacking, genius scotty2 has finally smashed the G2's notorious emmc-read-only-on-boot mechanism, which had been incorrectly characterized in the press as a 'rootkit.' The hack involves several steps — first achieving 'temp root' through a fork bomb exploit, then running a specially crafted kernel module that power-resets the read-only emmc to bring it up in read-write mode. Finally, the bootloader is re-flashed, which permanently removes the read-only on subsequent boots. The whole process is expected to be automated by tomorrow."
Security is in order, sure, but should the end user wish to assume direct control then it should be a trivial process that requires the user be in physical contact with the device (such as holding down a button.) Not requiring the user to find a local exploit to grant them shell or terminal access like a 3rd party attacking the system.
But between the carrier and the vendor, you are a 3rd party attacker. This is why I have no respect for most vendors nor for any of the carriers.
and making the device less usable helps security?
I guess in some ways it does. This rock is definitely more secure than my computer, which has root. It suffers slightly in usefulness, however.
Sent from my PDP-11
Why not?
Why, when it only disenfranchises the end user?
This conflicts with the manufacturer being allowed to ship things locked down. I can understand secured with option to disable, but stuff like what Motorola does (and HTC, if they start signing the bootloader) precludes your right to work with your property, and solely for the benefit of the manufacturer.
You know what they say, irc logs are the first draft of history and they're linked from the wiki, so I'll make this brief. Scotty2, whose early successes include hacking the unhackable gsm RAZR, had a plan of attack that went directly for the eMMC chip through a kernel module. Though sidetracked by a month of other avenues, including the traditional radio and bootloader exploits, buffer overflows and the rest while building a war chest of knowledge about kernel modules (try building a kernel module for a kernel without source sometime) and patiently educating me (sometimes too patient), it came back to the same GPIO 88 that had been looked at a month earlier, and the same method. After the "hard reset" attempt of the eMMC module failed it was clear to him that only powering down the chip would allow the write protect to be disabled (or a reset line but that was either/both not connected or disabled in the eMMC's configuration). So the next month was spent trying to find a way to power down this chip. The reality is HTC was really clever and didn't actually use GPIO 88 itself in the traditional way, but instead used it as a pull down against the eMMC's power line (we think) so that changing the GPIO's configuration and not it's level would reset the chip. This is exactly what HTC's bootloader does when it needs to disable the write protect. If you follow the IRC logs from last night you'll see that it was finally looking at what parameters were being passed to the gpio_config (name is guessed) function, which didn't make any sense for just switching the value of the GPIO line. I know, personally, I had fun and hope you can see that from all the source on github.com/tmzt which is scotty2's, mine, and others. It's all there for anyone who needs to get into a locked down kernel (tivoized) on ARM, so you don't have to start from scratch.
Because these are not phones. These are miniature computers that handle phone calls as a subset of their capabilities.
The software that controls my engine/drive-by-wire has a singular purpose, and is basically a bunch of tables with a bit of microcontroller code to flip through them. Smartphones are much, much more and tend to play a greater role in people's day to day activities.
And if you ask Apple and Microsoft, mobile is where the market is going to be moving heavily. Not necessarily to the exclusion of the desktop market, but still heavily. And, frankly, I don't see the mobile space being controlled so heavily by vendors with vested interests in controlling what you do and how as a good thing.
Allows you to run on the G2, non-T-Mobile versions of the Android operating system.
Only in a truly free market.
We've long passed the point where cell service is a true free market, with any real competition.
Oh boy, more nonsense. Is it really a fair contract when it's between you and a multi-billion dollar corporation presenting you a one-sided contract?
Indeed, it would be PUTTING POWER IN YOUR HANDS. They wouldn't be able to strip you of control over your own property (which it does eventually become.) And yet you whine?
We have a network where pretty much everyone runs whatever they want on it. Its called the internet. And yet, oddly enough there aren't any major service disruptions other than a few localized events.
Taxation is legalized theft, no more, no less.
All I have to say is this, as an owner of two android phones, the second only because it physically fell apart from (ab)use and from someone with a love for the platform:
Looks like we still have that 'DON'T USE APPLE BECAUSE IT'S A CLOSED TOTALITARIAN SLAVE PLATFORM!!!! COME TO ANDROID WHERE ITS FREE AND OPEN AND CHAMPAGNE AND PUPPIES!!!!!!' card, right lads? I mean, we're still laughing at the silly iPhone users having to jailbreak their phones so they can run what they want, right chaps? Right?
Now while we're at it, can I can a 'connect phone, run program, press button and you're done' solution for rooting my HTC Wildfire? I'm perfectly happy of course, to run adb and replace my bootloader and all the other things that used to get me wet while I was a student - isn't that the definition of open? - but I get the feeling that we could make it just as easy as those Apple user fellows and not lose any of the openness. Right guys?
Sarcasm away, that dream is gone, guys. The phone networks got to you and Google gave up. If you're going to carry on tooting about the openness of Android to users (they couldn't care less if their developers have to pay to develop or not) then you need some other talking points.
So what then is your suggestion?
Allow me to make a suggestion. Pressure Google. The Google logo is writ large on this HTC/T-Mobile phone. Google is more responsible for the evil lack of respect for the free software this phone is built with than anybody else.
Make it known to any Google representative who will listen (warning: these are few and far between) that you regard the company as hypocritical and cynical, and not worthy of your trust unless the rights of owners of phones running Android/Linux are fully respected.
And yes, I know all about Google and cynical, after all I worked there for three years and had plenty of opportunity to observe Google management up close. Google is in fact just another cynical megacorp, however it is slightly unusual in that its stock will suffer greatly if its users ever become widely aware of this fact. Therefore, Google tends to be slightly more responsive to justifiable criticism than other cynical megacorps.
Have you got your LWN subscription yet?
They wouldn't be able to strip you of control over your own property (which it does eventually become.)
Eventually?!
My phone was mine the instant I bought it. I did, however, acquire it for a sub-retail price by agreeing to be either a customer of the reseller for 24 successive months or to pay them $375, pro-rated monthly after fulfillment of the first 12 months of the prior option have elapsed.
Contract or not, there's no fucking way that the device belongs to anyone other than its owner. The fact that rooting *a computer* that you own is dangerous and sometimes impossible, warranty or not, is egregiously offensive to me as a consumer.
If I buy your shit from you, it's not your shit anymore. It's my shit and you have no damn business telling me what I do with it, and no, I signed no contract stating otherwise.
Don't ever forget that, and don't ever let a retailer tell you differently.
Boot Windows, Linux, and ESX over the network for free.
Nokia N900. Debian Linux ported to ARM with a small-touchscreen-friendly interface. Comes with a terminal app; open that; type "su" and hit Enter. The default root password is publicly available (good idea to change it). People complain that its app store is lacking, and they're right, but they're also missing the point: the thing *runs desktop Linux*!
It has repositories.
sudo apt-get install <foo>
You can even compile from source taballs right on the phone, if you really want to / there's no pre-built binaries.
The browser is Gecko-based, and includes Flash. You can install AdBlock Plus if you want. You can even install mobile Firefox and get the full Firefox experience, with extensions. You can also install other browsers, if you prefer. Nothing is stopping you.
The main downside is that it's a due for a refresh. The hardware runs the OS and apps fine, but it's not terribly impressive by modern smartphone measures.
There's no place I could be, since I've found Serenity...
> All they really need is an indicator that it WAS hacked so they can choose to honor the warranty or not,
For the record, in the United States, a consumer can't be coerced into disclaiming a manufacturer's warranty, and a manufacturer can't disclaim a warranty for mere breach of contractual terms (least of all a contract of adhesion) unless the breach involved non-payment for a service contract or the manufacturer can demonstrate that whatever it is that the consumer did WAS, in fact, the reason for the failure.
It's called the Magnuson-Moss Warranty Act.
Also, a few points that need to be repeated often:
* Few phones truly get "bricked". 99% of the time, someone screws up a reflash, panics when it doesn't reboot, posts a few messages online, hits google, then figures out 1-36 hours later that he needs to take out the battery, wait a minute or so, then power it back up with some nearly impossible combination of button-presses to trigger its REAL "last-chance" bootloader.
* It's almost impossible to truly cause real, honest-to-god permanent hardware damage to a recent-vintage phone by reflashing. Worst-case, it might take a minimum-wage employee at an authorized repair center with a JTAG a few minutes to reflash it.
Corporations have too much power and control information too well for there to be a truly informed consumer base
While I agree that corporations in general (in the USA) have way too much power I disagree that the public wants to be truly informed. The general public in the USA suffers from what I call plug and play syndrome. People don't care if you can get root on a phone and load your own software. They want something that fills a need ( the corporations sold them on) and they want it to work with a minimum of hassle. This is why the Iphone is so popular. Try to talk to a person about tech and use a few terms they are unfamiliar about and you'll see the eyes glaze over. You're right on when you say "corporations deliberately leverage the ignorance of the masses for their own benefit". They get away with it because there are too many sheep in this country who have been bread for ignorance.
"We are just a war away from Amerikastan. When god vs god the undoing of man." Dave Mustaine
He didn't actually say anything negative about android. It's the handset manufacturers that are doing this at the behest of the telephone companies.
All the evil is coming into the pipe _after_ android, down in the boot loaders and the skins.
And Google doesn't actually have the Apple Fanboy features that Apple has. Google knows that they will be held to some account by their fickle fan base if the screw up or let their brand get _too_ tarnished by the handset cartel.
It is a given that "Apple can do no wrong" as far as an Apple Fanboy is concerned. Google has simply not done wrong enough yet to deserve derision as far as Android is concerned.
Not the same thing at all. In fact, there are legions of people waiting to catch Google out to crucify them.
Innocent people shouldn't be forced to pay for inferior software development.
--"Code Complete" Microsoft Press
It sounds like you have a bit of a bone to pick with the big G.
Here's a life lesson kid, don't crap on your past employers in public. It makes it hard for people to hire you in the future. I've worked for some big names (call them the big A) and I could tell stories. And I do, with friends after a few drinks. But I never would do that on a public geek forum like /. because maybe someone that is thinking of hiring me is reading.
-- I have a private email server in my basement.
What does rooting the Android accomplish? Beyond the ability to change your prompt... what is the result of this?
I don't have an Android so if somebody could enlighten me (and I'm sure others as well).
Much appreciated.
AC
Well, I will tell you what. Among a number of interesting things, rooting allows you to run any of a number of third-party operating system ROMs. One guy even got Debian Linux running on a G1 (not too practical, but it shows the power of an open device.) My personal favorite, and by far the most popular, is the Cyanogenmod ROM. Keep in mind that the relatively open nature of the open-source Android operating system has made this a legitimate affair: this is not remotely comparable to what iPhone users suffer under Apple's heavy-handed rule. Frankly, having used Cyanogen's product (generally faster, more stable, and more featureful than the stock firmware) for over a year now, if a particular phone won't let me install it ... well, that's one handset I won't be buying. More interestingly, Cyanogen (aka Steve Kondik) has a close relationship with the lead Android developers at Google, and much of his team's work has been used to improve the mainstream OS, so even those who are running the stock firmware have benefited. Are you listening, T-Mobile? Yeah, and that applies to the rest of you bloodsuckers as well: open is good for your customers, and good for your business.
Here's the deal folks. It was one thing when we were all using not-particularly-smart phones that had a few built-in applications, a camera, and maybe some extra flash to store a few MP3s. That's not what we're talking about here: these are not cellphones, they're personal computers that happen to fit in your pocket. I cannot accept that cell phone carriers (who are, after all, just fat pipes, not gods) have an intrinsic right to determine what operating system and/or applications we can use on our rather powerful pocket computers. I wouldn't accept that treatment from a PC vendor, and I see no reason for society to accept that from corporations who have spent years trying to convince us that they absolutely must limit the potential of these devices in order to "manage their networks", to provide us with a "better user experience." Of course, we all know what it means when a carrier is in control of the user experience. I will decide upon the kind of experience I want, and so far as network management goes, well that's not my problem. I expect to be provided with the service that I pay for, and that includes a hands-off approach to the phone and it's software. It's my pocket computer, not yours. Just deal with that, and stop trying to use it as an alternate revenue source.
The higher the technology, the sharper that two-edged sword.