Slashdot Mirror

← Back to Stories (view on slashdot.org)

How I Freed My Android Tablet: A Journey in Reverse Engineering (www.thanassis.space)

Posted by EditorDavid on from the longing-for-Linux dept.

Slashdot reader ttsiod is an embedded software engineer at the European Space Agency, and shares this story about his quest to "dominate" his new tablet: Just like it's predecessor, I wanted to run a Debian chroot inside it -- that would allow me to apt-get install and run things like Privoxy, SSH SOCKS/VPN tunnels, Flask mini-servers, etc; and in general allow me to stay in control. But there was no open-source way to do this... and I could never trust "one-click roots" that communicate with servers in China... It took me weeks to reverse engineer my tablet -- and finally succeed in becoming root. The journey was quite interesting, and included both hardware and software tinkering. I learned a lot while doing it -- and wanted to share the experience with my fellow Slashdotters...
He writes that "I trust Debian. Far more than I trust the Android ecosystem," and describes everything from how he probed the boot process and created his own boot image to hunting for a way "to tell SELinux to get off my lawn".

12 of 79 comments (clear)

  1. you think it won't get worse? by Anonymous Coward · · Score: 5, Insightful

    At one point in time every kind of personal computer you could buy would be yours.

    Then people started buying locked down devices, which became a bigger and bigger part of the market. Because why not? People buy them, and it's better for the selling company to maintain control of the device so they can exfiltrate your data, lock you into their software store to reap a cut off the top, or disable the device remotely.

    But, generally, you could still get past against-the-owner security in various ways. But companies are learning from the holes, and each generation is more difficult to bypass. Even whitebox PCs are moving in this direction.

    The ownership-era for general purpose computing devices is drawing to a close. Step back to 1970's someone playing with their Apple II or C= Pet and try to explain to them that someday, their computer will take orders from someone else in preference to theirs. They might not even understand how such a thing would be possible, but a million tiny steps have led us to our cages. The next million tiny steps will throw away the key. At each step, people get to argue, "THAT step didn't cause the problem. Why are you complaining so much??"

    Thus ends the potential freedom brought about by the computing revolution.

    1. Re:you think it won't get worse? by spire3661 · · Score: 5, Informative

      You do realize Stallman has been saying this stuff since the 70s right? Its been a known problem for a VERY long time and we fought the good fight for as long as we could, but pocket computers killed it.

      --
      Good-bye
    2. Re:you think it won't get worse? by Kjella · · Score: 3, Interesting

      You do realize Stallman has been saying this stuff since the 70s right? Its been a known problem for a VERY long time and we fought the good fight for as long as we could, but pocket computers killed it.

      Well I think it swings both ways, it's more and more obvious that you don't really control any closed source operating system, you pretty much must have security patches and everything else comes along for the ride and increasingly it can't be configured or disabled. That's the way of iOS, Android, Win10, they're trying to push that model on Win7/8, I'm not sure about OS X but they're probably not far behind. If you want control, you want Linux (or some other open source OS). That said, most people don't felt they were in control at all. By making Apple/Google/Microsoft the gatekeeper, they trust just one source instead of any random exe from the Internet. Same way most people want the CA system instead of messing with peer-to-peer trust. Because when they don't understand - and they won't understand, no matter how much you try to teach them - they end up trusting something or someone.

      That said, what I'm mostly disappointed with is how the world has ended up revolving around a few, huge centralized services. Newsgroups, IRC, Email, blogs and really any kind of service that runs on a network or you could run from your own server is toiling in obscurity, you need to be on Facebook and Twitter and YouTube playing by their rules and if they want to wield the ban hammer there's very little you can do. Personally I'm far more concerned about how we've lost control of the human interaction rather than control over the local machine. And for the most part we don't own things in the digital world anymore we license or stream them, it's all permissions that can be revoked or services that can be shut down. That said, it works surprisingly well until one day it doesn't.

      --
      Live today, because you never know what tomorrow brings
    3. Re:you think it won't get worse? by nnull · · Score: 3, Insightful

      What I find amazing is to what extent these manufacturers go to stop people from doing anything useful with these locked down devices. Seems to much time and effort is being put into obfuscation (Using even opensource software to do it) than actually making a useful product. My question is, why? Just seems silly and creates a lot more waste. There's so many of these devices out there right now, that doing this is completely pointless and doesn't even guarantee the customer is going to buy your product again.

    4. Re: you think it won't get worse? by Anonymous Coward · · Score: 2, Insightful

      Don't confuse illiteracy with complacency. Thereeven are plenty of capable people out there.
      NOBODY CARES.
      Why should they?

    5. Re:you think it won't get worse? by guacamole · · Score: 3, Insightful

      Because 99% of consumers do not even know the difference between locked and unlocked device, and most won't even care, sadly.

    6. Re:you think it won't get worse? by ShakaUVM · · Score: 3, Insightful

      >Well I think it swings both ways, it's more and more obvious that you don't really control any closed source operating system, you pretty much must have security patches and everything else comes along for the ride and increasingly it can't be configured or disabled. That's the way of iOS, Android, Win10, they're trying to push that model on Win7/8, I'm not sure about OS X but they're probably not far behind. If you want control, you want Linux (or some other open source OS). That said, most people don't felt they were in control at all. By making Apple/Google/Microsoft the gatekeeper, they trust just one source instead of any random exe from the Internet. Same way most people want the CA system instead of messing with peer-to-peer trust. Because when they don't understand - and they won't understand, no matter how much you try to teach them - they end up trusting something or someone.

      True. But there's no connection between getting signed patches from Apple/Microsoft/Google and it being FOSS. You can have both. The only reason to lock down a platform so that users can't mess with it *if they want to* is control and money. Taking control away from users and putting it in the hands of A/M/G instead. On cell phones this was justified by the subsidies that cell phone carriers would pay - a carrier wouldn't want someone to buy a subsidized cell phone from them and then switch carriers (notwithstanding that this could just be enforced by ETFs and the like), so cell phones were locked down to remove root access to them. And because cell phones were, tablets have followed along, since tablets are just cell phones with larger screens.

      Google does the minimum to be compliant to the GPL, and Apple and Microsoft barely even pretend. Windows 10 is a disaster for many reasons, but the biggest one to me is that it has finally removed the notion that the owner of a computer is, you know, the owner. Who can modify it to fit his needs as he wishes. Now you're just a user, and even with administrative privileges there are things you will not be allowed to do inside the OS. It's the biggest piece of shit move from the FOSS perspective that the world has ever seen.

      The saddest thing that can ever be said is that Stallman was right again.

  2. Well done by kanweg · · Score: 2

    Very very impressive. But of course, now we know you can do this, landing some more expensive stuff than a tablet on Mars without breaking it should be on your To Do list...

    Bert
    (You probably saw that one coming, didn't you?)

  3. Excellent by Virtucon · · Score: 2

    Great read.

    --
    Harrison's Postulate - "For every action there is an equal and opposite criticism"
  4. Impressive by JustAnotherOldGuy · · Score: 4, Insightful

    Gotta give this guy credit for doing some serious detective and reverse-engineering work. Good job.

    --
    Just cruising through this digital world at 33 1/3 rpm...
  5. Wow. A true hacker. Great job! by Qbertino · · Score: 3, Insightful

    The tenacity is noteworthy. This guy did a very good job at getting to the bottom of things and enabling total control over his tablet.
    Well done!

    --
    We suffer more in our imagination than in reality. - Seneca
  6. Re:Wow... by MrKaos · · Score: 2

    Thank you ttsoid! Suddenly all my old knowledge about serial became relevant again. Seeing you blog about serial ports, stty, was really nostalgic, I didn't realize it would be useful in the android domain. I'd say the tablet has a lot more computing power than those old machines had.

    Coincidentally this article came when I am upgrading phone and tablet, which is also an asus, so I am set up to try some of the hacks you have described. I'm keen to see if the serial ports are on the headphone ports of the phone also. Perhaps they're used as a diagnostic port in the factory? I think that behind the battery of the smartphone the pads you can sometimes see are serial ports. I only ever considered them to be used as a way to access the AT command set to use features of the phone like a modem. But a serial console, of course, it's been mocking me the whole time.

    I was also considering your predicament from the SELinux perspective and hierarchy of privileges. Busybox includes getty. Back in the day this was used to spawn a login on serial ports for serial terminals. It was common practice to spawn them from init, using inittab. I noticed you could get logins appearing before the rc process was finished. It also controlled where root could log in from and whilst generally restricted to the console, you could allow it on a serial port.

    Obviously, this depends on if the SELinux policy allows init to read an /etc/inittab file - but there is only one way to find out. If it does, you maybe able to get the same privileges in the hierarchy as rc by simply bypassing it. This also leads to considering spawning the telnetd (or even sshd) directly from inittab, however I suspect that the SELinux policy might react in a different way to them than getty spawning the shell.

    Frankly, I've only just got interested in android and your submission could not have been more timely. You triggered a cascade of memories and a bunch of stuff I want to try on the gear I have for the same motivation, I want all of the functionality of the device I own. I also see it's time to stop ignoring SELinux and get better at manipulating policies.

    Thank you once again.

    --
    My ism, it's full of beliefs.