T-Mobile G2 'Permaroot' Achieved

VValdo writes "After over a month of relentless hacking, genius scotty2 has finally smashed the G2's notorious emmc-read-only-on-boot mechanism, which had been incorrectly characterized in the press as a 'rootkit.' The hack involves several steps — first achieving 'temp root' through a fork bomb exploit, then running a specially crafted kernel module that power-resets the read-only emmc to bring it up in read-write mode. Finally, the bootloader is re-flashed, which permanently removes the read-only on subsequent boots. The whole process is expected to be automated by tomorrow."

Re:Description makes the guy sound like a magician

[tmzt]

You know what they say, irc logs are the first draft of history and they're linked from the wiki, so I'll make this brief. Scotty2, whose early successes include hacking the unhackable gsm RAZR, had a plan of attack that went directly for the eMMC chip through a kernel module. Though sidetracked by a month of other avenues, including the traditional radio and bootloader exploits, buffer overflows and the rest while building a war chest of knowledge about kernel modules (try building a kernel module for a kernel without source sometime) and patiently educating me (sometimes too patient), it came back to the same GPIO 88 that had been looked at a month earlier, and the same method. After the "hard reset" attempt of the eMMC module failed it was clear to him that only powering down the chip would allow the write protect to be disabled (or a reset line but that was either/both not connected or disabled in the eMMC's configuration). So the next month was spent trying to find a way to power down this chip. The reality is HTC was really clever and didn't actually use GPIO 88 itself in the traditional way, but instead used it as a pull down against the eMMC's power line (we think) so that changing the GPIO's configuration and not it's level would reset the chip. This is exactly what HTC's bootloader does when it needs to disable the write protect. If you follow the IRC logs from last night you'll see that it was finally looking at what parameters were being passed to the gpio_config (name is guessed) function, which didn't make any sense for just switching the value of the GPIO line. I know, personally, I had fun and hope you can see that from all the source on github.com/tmzt which is scotty2's, mine, and others. It's all there for anyone who needs to get into a locked down kernel (tivoized) on ARM, so you don't have to start from scratch.

Re:Forgive my ignorance...

[colinnwn]

Allows you to run on the G2, non-T-Mobile versions of the Android operating system.

Re:this just encourages them

[badboy_tw2002]

The GP post was pretty stupid (those limits would be on the tower/host side of things), but bandwidth isn't free in the cell world. Its the same as everyone trying to use the same wifi hotspot when you're at a conference or something - you are sharing with other people on the network. What _should_ be contractual is the amount of bandwidth you're to expect, and the provider should have to honor that by expanding service in heavy use areas.

Re:Forgive my ignorance...

[Daniel Phillips]

What does rooting the Android accomplish?

Maybe fixing some of the crappy base functionality that come with the phone and can't be replaced by normal apps? For example, the alarm clock that wouldn't stop ringing until I pulled the battery. And countless other major warts that Google is not doubt horribly embarrassed about, but not so embarrassed as to fix or take patches for.

Re:Simple phones :(

[Fnord666]

Does anybody know of any phones that are simple, elegantly designed, work-as-advertised, and constructed with quality, and they aren't made for Barbie or Ken? RAZRs? Mattels?

For a simple phone I like the motorola razr v3.
My reasons are:

1. Basic phone functionality works well
2. Decent case
3. Bluetooth
4. Easy to repair if needed
5. Parts are readily available
6. Inexpensive replacement/spare batteries

Re:Why would you want this, again?

[cbhacking]

Nokia N900. Debian Linux ported to ARM with a small-touchscreen-friendly interface. Comes with a terminal app; open that; type "su" and hit Enter. The default root password is publicly available (good idea to change it). People complain that its app store is lacking, and they're right, but they're also missing the point: the thing *runs desktop Linux*!
It has repositories.
sudo apt-get install <foo>
You can even compile from source taballs right on the phone, if you really want to / there's no pre-built binaries.

The browser is Gecko-based, and includes Flash. You can install AdBlock Plus if you want. You can even install mobile Firefox and get the full Firefox experience, with extensions. You can also install other browsers, if you prefer. Nothing is stopping you.

The main downside is that it's a due for a refresh. The hardware runs the OS and apps fine, but it's not terribly impressive by modern smartphone measures.

Re:Simple phones :(

[Freedom Bug]

It's hard to beat the Motofone F3 for "simple, elegantly designed, work-as-advertised, and constructed with quality". It's indestructible, the battery lasts forever and it's dirt cheap. It was designed to be used by people who can't read, so it uses a really annoying icon menu system. And it really sucks for text messages. But you just want a phone, right? Engadget calls it the "zombie apocalypse survival phone" (mostly because of it's 2 week+ battery life).

Re:this just encourages them

[Miamicanes]

> All they really need is an indicator that it WAS hacked so they can choose to honor the warranty or not,

For the record, in the United States, a consumer can't be coerced into disclaiming a manufacturer's warranty, and a manufacturer can't disclaim a warranty for mere breach of contractual terms (least of all a contract of adhesion) unless the breach involved non-payment for a service contract or the manufacturer can demonstrate that whatever it is that the consumer did WAS, in fact, the reason for the failure.

It's called the Magnuson-Moss Warranty Act.

Also, a few points that need to be repeated often:

* Few phones truly get "bricked". 99% of the time, someone screws up a reflash, panics when it doesn't reboot, posts a few messages online, hits google, then figures out 1-36 hours later that he needs to take out the battery, wait a minute or so, then power it back up with some nearly impossible combination of button-presses to trigger its REAL "last-chance" bootloader.

* It's almost impossible to truly cause real, honest-to-god permanent hardware damage to a recent-vintage phone by reflashing. Worst-case, it might take a minimum-wage employee at an authorized repair center with a JTAG a few minutes to reflash it.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:this just encourages them

[jonwil]

Buy phones that dont require exploits or "jailbreaking" in order to use them.
Nokia N900
OpenMoko Freerunner
Nexus One
Palm Pre (last I heard the Pre doesnt require any hacks in order to replace the kernel or system files but I dont know if the new Palm Pre 2 is different in this respect)
Samsung Galaxy S (again, this one aparently doesnt require hacks)

Re:this just encourages them

[RyuuzakiTetsuya]

I couldn't agree more.

Google's flogging "OPEN OPEN OPEN!"

Well, no. It's not open to the endusers. Rooting is a mess.

Google screwed the pooch, big, with their licensing terms.

Yes, I am an iOS fanboy, but Steve Jobs and other Apple employees aren't tweeting about rebuilding iOS from source. They've set my expectations correctly.

please, they don't care about the basics

[SuperBanana]

Make it known to any Google representative who will listen (warning: these are few and far between) that you regard the company as hypocritical and cynical, and not worthy of your trust unless the rights of owners of phones running Android/Linux are fully respected.

Right. Look: google doesn't even give a shit about the fact that people have been complaining for YEARS about the lack of group support in Android's contact manager and poor company name support (for example, it is impossible to search for your contact at Widgetco. That's a BIG problem for someone with a couple hundred business contacts, like a salesperson.)

Something my Siemens phone could do back in the early 2000's (bluetooth sync my contacts with the Macintosh Address Book, complete with groups), something my original iPhone did since day 1...Android can't. Well, it sort of does- but it made an utter fucking mess of things when I enabled syncing.

There's all sorts of half-assed-ness throughout Google products and in particular Android. For example, you can use groups in Google Voice to manage call handling behavior per-group, but only by using the Gmail Contacts interface- not your phone. You can't add a calendar to Google Calendar from your phone. Google Voice doesn't accept mp3 voicemail announcement uploads, something Youmail has supported since day 1.

The music syncing sucks (doubletwist can bite my shiny iPhone), the music player sucks (both stock and free alternatives, though at least the free alternatives have lockscreen systems), and there's all sorts of annoying 'holes'- like not being able to add a calendar from your phone.

The N900 is as open as you ask for

[jonaskoelker]

Now while we're at it, can I can a 'connect phone, run program, press button and you're done' solution for rooting my HTC Wildfire?

8 steps to root on the N900:

(1-5) main menu -- App manager -- Category:All -- gainroot -- install
(6-8) main menu -- xterm -- "sudo gainroot"

Works fine. You can also install custom Linux kernels from the package manager to get wifi-tethering (which I have done, and it works fine).

Re:this just encourages them

[Raenex]

http://education.yahoo.com/reference/dictionary/entry/free%20market [yahoo.com]

"An economic market in which supply and demand are not regulated or are regulated with only minor restrictions."

http://en.wikipedia.org/wiki/Free_market [wikipedia.org]

"A free market is a market in which there is no economic intervention and regulation by the state, except to enforce private contracts and the ownership of property."

Re:this just encourages them

[sonicmerlin]

Uh, no. A free market is a hypothetical concept proposed by Adam Smith, that involves zero barrier to entry, perfect information among consumers and suppliers, and perfect competition. Why don't you read the *whole* wikipedia entry, not just the one that serves your twisted version of reality?