T-Mobile G2 'Permaroot' Achieved

VValdo writes "After over a month of relentless hacking, genius scotty2 has finally smashed the G2's notorious emmc-read-only-on-boot mechanism, which had been incorrectly characterized in the press as a 'rootkit.' The hack involves several steps — first achieving 'temp root' through a fork bomb exploit, then running a specially crafted kernel module that power-resets the read-only emmc to bring it up in read-write mode. Finally, the bootloader is re-flashed, which permanently removes the read-only on subsequent boots. The whole process is expected to be automated by tomorrow."

Now if they could only add another rows of keys

[leighklotz]

Now if they could only add another rows of keys I could type my password...

Re:Now if they could only add another rows of keys

[Daniel Phillips]

The G2 keyboard is pretty nice, but Goog totally dropped the ball on handling special symbols. You simply cannot enter the special symbols with the keyboard and the cursor control is way broken. These are software issues. Just one of a huge list of little warts marring a decent product.

If the Android project were truly open such issues would be well on their way to being fixed by now. But it is not truly open and satisfactory solutions will therefore not come from Google, they will come from people who like to fix things for the love it, not just to pull down a paycheck. And that in a nutshell is why root access and community built roms are essential to the continued success of Android.

this just encourages them

[Anonymous Coward]

"Buying" a device that doesn't become yours and then going through extreme measures to make it yours doesn't help anything. It hurts everybody in the end, because (a) it makes the next round of devices even MORE locked down to since they learned from last time, and (b) it doesn't exert economic pressure against this sort of lock down to begin with.

Re:this just encourages them

[icebike]

So what then is your suggestion?

Continue to pay for something you can never really own?

Demonstrating that any lock down can be broken does exert pressure for the companies to stop wasting their resources.

Bringing a phone to market has real costs associated with it.

If they know it will be hacked (often before its official release date) why bother trying? Why spend all that money and time dicking around with some cat and mouse game where you are always the mouse, when your competition can get there quicker by avoiding the effort.

All they really need is an indicator that it WAS hacked so they can choose to honor the warranty or not, (Like the Nexus One, which gives you root at the press of a button, but makes it obvious you chose to take it).

Sooner or later we should start pushing for lock downs to be made illegal, and demonstrating that they are ineffective is as good a first step as any.

Re:

[Darkness404]

Sooner or later we should start pushing for lock downs to be made illegal, and demonstrating that they are ineffective is as good a first step as any.

No, lock downs shouldn't be illegal, it should, however, on the packaging and in the contract say to what extent things are locked down.

It should be the manufacturer's right to lock down whatever in the product they send out, it isn't the manufacturer's right to send feature destroying firmware updates out with the intent to disrupt people who chose to use their devices in other ways just like it isn't within my rights to mail every Windows user I know a virus intending to cause harm and because it is

Re:this just encourages them

[Microlith]

lock downs shouldn't be illegal

Why not?

It should be the manufacturer's right to lock down whatever in the product they send out

Why, when it only disenfranchises the end user?

On the other hand, it should be perfectly within anyone's rights to modify and use their legitimately purchased items in whatever way they want (assuming it doesn't cause harm to others).

This conflicts with the manufacturer being allowed to ship things locked down. I can understand secured with option to disable, but stuff like what Motorola does (and HTC, if they start signing the bootloader) precludes your right to work with your property, and solely for the benefit of the manufacturer.

Re:

[Man On Pink Corner]

Why, when it only disenfranchises the end user?

And legislative interference with the end user's right to enter into a contract -- regardless of your personal opinion about the terms of that contract -- isn't "disenfranchising"?

Re:this just encourages them

[Entropius]

Only in a truly free market.

We've long passed the point where cell service is a true free market, with any real competition.

Re:

[mcvos]

I think you're misusing the term "free market". A (truly) free market is a market without regulation.

No. A completely unregulated market will be owned by the big players on that market, and not be free at all. You need the right kind of regulation in order to free a market.

Re:

[Raenex]

http://education.yahoo.com/reference/dictionary/entry/free%20market [yahoo.com]

"An economic market in which supply and demand are not regulated or are regulated with only minor restrictions."

http://en.wikipedia.org/wiki/Free_market [wikipedia.org]

"A free market is a market in which there is no economic intervention and regulation by the state, except to enforce private contracts and the ownership of property."

Re:

[mcvos]

What you're forgetting is that monopolies and cartels can also regulate supply and demand. There is a difference between a "free market" that's completely unregulated by anyone other than the big players in that market, and a market that is really free.

Re:

[Raenex]

Monopolies have imploded before without regulation, and cartels are notorious for members who break away. "Deadly force" is one of the things not allowed in a free market.

Anyways, I'm not arguing that the free market is perfect or even better than a regulated market. I'm just arguing about the definition. Making up definitions to suit your ideology isn't right.

Re:this just encourages them

[sonicmerlin]

Uh, no. A free market is a hypothetical concept proposed by Adam Smith, that involves zero barrier to entry, perfect information among consumers and suppliers, and perfect competition. Why don't you read the *whole* wikipedia entry, not just the one that serves your twisted version of reality?

Re:this just encourages them

[Microlith]

legislative interference with the end user's right to enter into a contract

Oh boy, more nonsense. Is it really a fair contract when it's between you and a multi-billion dollar corporation presenting you a one-sided contract?

Indeed, it would be PUTTING POWER IN YOUR HANDS. They wouldn't be able to strip you of control over your own property (which it does eventually become.) And yet you whine?

Re:

[Darkness404]

You don't seem to understand the point.

A government who tries to 'help' consumers by limiting what corporations can do can and will just as easily screw customers in favor of corporations. If you don't screw with the balance of power and instead leave governments out of things like this, consumers gain more control.

When you put that control into the government's hands it flip flops back and forth from control from the people to the corporations back to the people then back to corporate control again

Re:

[Microlith]

You don't seem to understand the point.

I don't defend the ability for corporations to leverage their power over people in unfair ways.

It is a fundamental right for people

People. The biggest failure of the Supreme Court was for them to declare corporations as legal persons, despite being complete legal fictions.

HTC can make a locked down phone, but it is a right for consumers to break it

Except when HTC utilizes their control over the design to ensure that you can't. Sort of like how no one has broken Motoro

Re:

[Microlith]

#%@#$

Forgot a closing blockquote in there, right before "People" :(

Re:

[Darkness404]

I don't defend the ability for corporations to leverage their power over people in unfair ways.

How is it unfair?

I go to buy a product, I am informed of the product and reasonably can know its limitations. I buy that product. I am able to use that product as I see fit.

Yes, I do think that phones should have to say on the packaging if they do not allow root/admin/superuser/etc. access. But saying that you can't sell them despite the fact that people were aware of the limitations is as silly as saying we should ban tomatoes because they don't give you the ability to fly.

Except when HTC utilizes their control over the design to ensure that you can't. Sort of like how no one has broken Motorola's lock down of the boot loader or kernel.

Oh yes, I forgot abou

Re:this just encourages them

[shoehornjob]

Corporations have too much power and control information too well for there to be a truly informed consumer base

While I agree that corporations in general (in the USA) have way too much power I disagree that the public wants to be truly informed. The general public in the USA suffers from what I call plug and play syndrome. People don't care if you can get root on a phone and load your own software. They want something that fills a need ( the corporations sold them on) and they want it to work with a minimum of hassle. This is why the Iphone is so popular. Try to talk to a person about tech and use a few terms they are unfamiliar about and you'll see the eyes glaze over. You're right on when you say "corporations deliberately leverage the ignorance of the masses for their own benefit". They get away with it because there are too many sheep in this country who have been bread for ignorance.

Re:this just encourages them

[arth1]

Is this why the monthly price is cheaper and the coverage higher in countries where consumer protection prevents the mobile phone companies from locking phones (or for locking them for more than a couple of months after purchase)?

When legislation serves to increase competition instead of allowing de-facto oligopolies to strongarm the consumers, it isn't trampling people's rights; it's securing them.

Re:

[Jah-Wren Ryel]

Oh boy, more nonsense. Is it really a fair contract when it's between you and a multi-billion dollar corporation presenting you a one-sided contract?

And just to pile on here, note that its a multi-billion dollar corp that is dependent on government granted monopolies on otherwise public airspace. I'm sure the corps would argue that they bought those monopolies free and clear at the FCC spectrum auctions, but given that the entire reason for such monopolies is justified as public benefit it's not congruous with then limiting device functionality at the expense of the public.

Re:this just encourages them

[RulerOf]

They wouldn't be able to strip you of control over your own property (which it does eventually become.)

Eventually?!

My phone was mine the instant I bought it. I did, however, acquire it for a sub-retail price by agreeing to be either a customer of the reseller for 24 successive months or to pay them $375, pro-rated monthly after fulfillment of the first 12 months of the prior option have elapsed.

Contract or not, there's no fucking way that the device belongs to anyone other than its owner. The fact that rooting *a computer* that you own is dangerous and sometimes impossible, warranty or not, is egregiously offensive to me as a consumer.

If I buy your shit from you, it's not your shit anymore. It's my shit and you have no damn business telling me what I do with it, and no, I signed no contract stating otherwise.

Don't ever forget that, and don't ever let a retailer tell you differently.

Re:

[Microlith]

At the cost of taking it from someone else's.

From a corporation, whom otherwise has way, way more power than you. I don't consider that a problem.

Re:

[Darkness404]

This conflicts with the manufacturer being allowed to ship things locked down. I can understand secured with option to disable, but stuff like what Motorola does (and HTC, if they start signing the bootloader) precludes your right to work with your property, and solely for the benefit of the manufacturer.

No it doesn't. Consider someone buying a locked chest. It should be within someone's rights to sell a locked chest so long as the person who buys it knows that it is locked. It should be well within that person's rights that when they take it home, they decide to either pick the lock, cut off the lock, or smash open the chest. There is no conflict there. Now, that person shouldn't be able to force the seller of the locked chest to help him glue back the pieces of the chest he smashed open because he took

Re:

[DavidRawling]

Furthermore, destruction of the lock and use of the unlocked chest does not excuse the seller breaking into your house at night and attaching a newer, stronger padlock to the chest, locking you out of it again (OTA updates anyone?) Also, what about the people that bought outright? Are you going to argue that the device suddenly becomes the property of the telco when the person signs up for service?

Bloody anonymous cowards ...

Re:

[Ihmhi]

IMO if you want to use someone's service, you have to use it their way. Certain Apple Apps would require a certain firmware that may have not been jailbroken yet. However, it should still be someone's choice to do what they want with a physical device they purchase.

Re:

[geekoid]

And it is, but it may void your warranty; which it should. And lets not forget the fact that with a connected device, whatever you do may impact others.

For example, if you 'jail break' a phone to exceeds some internal limit on down load, then you are impacting everyone else who is also using the bandwidth.

That example was used to make a point, I have no idea if anyone is doing that.

Re:

[Microlith]

if you 'jail break' a phone to exceeds some internal limit on down load

Then someone is doing it very, very wrong.

Re:this just encourages them

[Darkness404]

We have a network where pretty much everyone runs whatever they want on it. Its called the internet. And yet, oddly enough there aren't any major service disruptions other than a few localized events.

Re:

[badboy_tw2002]

The GP post was pretty stupid (those limits would be on the tower/host side of things), but bandwidth isn't free in the cell world. Its the same as everyone trying to use the same wifi hotspot when you're at a conference or something - you are sharing with other people on the network. What _should_ be contractual is the amount of bandwidth you're to expect, and the provider should have to honor that by expanding service in heavy use areas.

Re:

[Darkness404]

But that has nothing to do with jailbreaking. I can just as well use that much bandwidth streaming Pandora all day on a non-jailbroken iPhone or non-rooted G2 and the idea that jailbreaking somehow is going to add to bandwidth problems is rather silly at best.

Re:

[null etc.]

It's funny to read this comment after seeing an ad from the BSA on Slashdot's homepage. Unfortunately, that means that this will be my last post here. I'm off to inhabit other virtual locales that don't cater to the strong-arm tactics of the BSA.

Re:

[ScrewMaster]

And it is, but it may void your warranty; which it should.

Why? Does it it void your warranty if you install Windows XP on a computer that used to have Windows 98 on it? The only reason there's any risk whatsoever of damaging a phone while installing a third-party operating system is because the phone manufacturers have made it that way. Now, I had a G1 (rooted, running Cyanogenmod) and with a decent recovery partition installed and Nandroid backups it was damn near impossible to brick it. Not impossible, just very difficult ... and it wouldn't have been hard for H

Re:

[a_nonamiss]

I mostly agree with your point, but I can think of a few examples where a user could unlock a phone and cause harm to others. For example, they could increase the signal strength to something beyond the approved FCC limit for mobile devices. This would harm anyone in the competing spectrum, and isn't something you could regulate on a server end.

If course, when I'm talking about "unlocked" here, I'm also referring to things you could do the hardware as well as the firmware. (i.e. open the device up and re

Re:

[MichaelSmith]

they could increase the signal strength to something beyond the approved FCC limit for mobile devices.)

Doesn't seem to happen on the open moko and other free phones. The GSM module has its own processor and firmware. Rooting the processor which coordinates the system can't force the GSM module to do anything dangerous.

Re:

[wampus]

And you can't modify the radio software. Why is that ok?

Re:

[MichaelSmith]

As long as the radio is a simple embedded appliance I am not too fussed about it. I give it my bits and bytes and the radio sends them on. From linux on the moko I can flash the GSM module, but I feed it a binary blob. There is nothing to stop me coding up my own binary, there just isn't much reason to do it beyond improving factors such as power management.

Re:

[sqlrob]

Demonstrating that any lock down can be broken does exert pressure for the companies to stop wasting their resources.

Not really. Most, if not every, lock down in the past few decades have been broken. Yet they still persist. They're not going to learn.

Re:

[Lemmy Caution]

When it comes to this sort of thing, they don't need to learn. Most of their user base will not jailbreak or unlock anything; they don't get a lot of benefit from policing the few who do. In fact, if it becomes too easy, then there's a problem: if a critical number of people start tethering unlocked phones, the carrier will then need to meter bandwidth. As long as only a techie few are doing it, they can generally be left alone.

Re:

[wampus]

Tethering isn't a terribly compelling reason to root the G2, considering you just have to check a box in the network settings. The only reason I even installed VISIONary is to add some shit to my hosts file to make my Angry Birds experience better.

Re:

[cromar]

I agree, but I wonder if it is true no device can be irreversibly locked down. No one has done it yet, but I fear it may one day be possible to do so completely. I would love to be proven wrong.

Re:

[Microlith]

I wonder if it is true no device can be irreversibly locked down

Technically it is. The catch is that to unlock, say, a Motorola device you'd need to desolder the SoC stack and install a new OMAP3 chip in its place. This is a nontrivial, highly risky operation even when done with specialized equipment.

So while it is technically defeatable, effectively it is not.

Re:this just encourages them

[Daniel Phillips]

So what then is your suggestion?

Allow me to make a suggestion. Pressure Google. The Google logo is writ large on this HTC/T-Mobile phone. Google is more responsible for the evil lack of respect for the free software this phone is built with than anybody else.

Make it known to any Google representative who will listen (warning: these are few and far between) that you regard the company as hypocritical and cynical, and not worthy of your trust unless the rights of owners of phones running Android/Linux are fully respected.

And yes, I know all about Google and cynical, after all I worked there for three years and had plenty of opportunity to observe Google management up close. Google is in fact just another cynical megacorp, however it is slightly unusual in that its stock will suffer greatly if its users ever become widely aware of this fact. Therefore, Google tends to be slightly more responsive to justifiable criticism than other cynical megacorps.

Re:

[Fnkmaster]

Brilliant suggestion: buy a Nexus One. Best phone you can get right now. If you buy one of these locked down Android phones and whine about it, it's your own fault, and you are voting with your dollars for carriers to lock phones down. You are now part of the problem. Be part of the solution instead.

Re:this just encourages them

[Daniel Phillips]

Brilliant suggestion: buy a Nexus One. Best phone you can get right now. If you buy one of these locked down Android phones and whine about it, it's your own fault, and you are voting with your dollars for carriers to lock phones down. You are now part of the problem. Be part of the solution instead.

My G2 was rooted the day I got it and will soon be permarooted. This time, Google's weak kneed posture with respect to HTC's and T-Mobile's mean spirited abuse of the open source gift they have been given will come to no harm. Next time might be different. All the ISP's, the Android manfacturers, and especially Google, need to be put on notice that their open source rocket may fizzle and fall back to earth if they don't get a clue.

Why not get a Nexus one? It doesn't satisfy my hardware needs.

Re:this just encourages them

[Nethead]

It sounds like you have a bit of a bone to pick with the big G.

Here's a life lesson kid, don't crap on your past employers in public. It makes it hard for people to hire you in the future. I've worked for some big names (call them the big A) and I could tell stories. And I do, with friends after a few drinks. But I never would do that on a public geek forum like /. because maybe someone that is thinking of hiring me is reading.

Re:

[Daniel Phillips]

Let's be clear. I still think Google is a great company and I still have not sold a single one of my respectable stack of Google shares. Stayed with it through thick and thin, and now thankfully we're back to the thick and I'm still not selling. However... Google is a great disappointment compared to what it could if it actually walked the walk that it talks, and compared to what it still could be. This saddens me greatly and I criticize in the hope that some good can come of it.

Certainly, nothing good

Re:

[Daniel Phillips]

The difference is that I didn't tell the stories on /. and everyone has stories from past employers. The making the stories public was the point.

The above stories are all public. I have plenty of private stories about Google, none of which you are going to hear whether good or bad. BTW, don't be shy about using your real name. Some people will hate you for speaking your mind, and my life advice to you is: never work for one of those, it's not worth it.

please, they don't care about the basics

[SuperBanana]

Make it known to any Google representative who will listen (warning: these are few and far between) that you regard the company as hypocritical and cynical, and not worthy of your trust unless the rights of owners of phones running Android/Linux are fully respected.

Right. Look: google doesn't even give a shit about the fact that people have been complaining for YEARS about the lack of group support in Android's contact manager and poor company name support (for example, it is impossible to search for your contact at Widgetco. That's a BIG problem for someone with a couple hundred business contacts, like a salesperson.)

Something my Siemens phone could do back in the early 2000's (bluetooth sync my contacts with the Macintosh Address Book, complete with groups), something my original iPhone did since day 1...Android can't. Well, it sort of does- but it made an utter fucking mess of things when I enabled syncing.

There's all sorts of half-assed-ness throughout Google products and in particular Android. For example, you can use groups in Google Voice to manage call handling behavior per-group, but only by using the Gmail Contacts interface- not your phone. You can't add a calendar to Google Calendar from your phone. Google Voice doesn't accept mp3 voicemail announcement uploads, something Youmail has supported since day 1.

The music syncing sucks (doubletwist can bite my shiny iPhone), the music player sucks (both stock and free alternatives, though at least the free alternatives have lockscreen systems), and there's all sorts of annoying 'holes'- like not being able to add a calendar from your phone.

Re:this just encourages them

[Daniel Phillips]

It's pretty sad you believe that. For one, if you'd like a phone that lets you reflash the OS you are welcome to buy a Nexus One [blogspot.com] direct from Google. The nature of open source code means that the phones made entirely by HTC may do things you disagree with. But that's openness for you. Sometimes people will do things you disagree with. It would be fairly pointless to have an open source OS if Google had veto power over every way in which it was used.

I believe you missed the part where the Google trademark is stamped all over the T-Mobile G2. If you do not think that gives Google veto power over evil additional restrictions on the distribution of GPL software, you did not think very hard.

If they were really as cynical as you believe, they wouldn't have ensured Android was open source and the Nexus One was reflashable out of the box would they?

Eric and Larray are plenty [huffingtonpost.com] cynical [sfgate.com] by any objective measure. Sorry if you're too tanked up on koolaid to see it. Want another one? How about the posturing on carbon credits in context with their 767 pleasure buggy parked across the street at the air base? How about the blatant nepotism? [markevanstech.com]

I don't really know a lot about Sergy, but I had plenty of occasion to note that Larry and Eric are both pretty "flexible" when it comes to morals versus money versus power. Sad, it certainly did not have to be that way. That said, Google is nowhere near as far gone as Microsoft, or Oracle say. And EMG certainly does recognize the value of getting the open source community to do their heavy lifting for them. It's not like full time Googler's actually have the stomache for hard work any more.

Re:this just encourages them

[Anachragnome]

"So what then is your suggestion?"

Stop giving the manufacturers of such locked-down devices your money?

Trust me on this one--they will stop making something that doesn't make them money.

Re:this just encourages them

[Miamicanes]

> All they really need is an indicator that it WAS hacked so they can choose to honor the warranty or not,

For the record, in the United States, a consumer can't be coerced into disclaiming a manufacturer's warranty, and a manufacturer can't disclaim a warranty for mere breach of contractual terms (least of all a contract of adhesion) unless the breach involved non-payment for a service contract or the manufacturer can demonstrate that whatever it is that the consumer did WAS, in fact, the reason for the failure.

It's called the Magnuson-Moss Warranty Act.

Also, a few points that need to be repeated often:

* Few phones truly get "bricked". 99% of the time, someone screws up a reflash, panics when it doesn't reboot, posts a few messages online, hits google, then figures out 1-36 hours later that he needs to take out the battery, wait a minute or so, then power it back up with some nearly impossible combination of button-presses to trigger its REAL "last-chance" bootloader.

* It's almost impossible to truly cause real, honest-to-god permanent hardware damage to a recent-vintage phone by reflashing. Worst-case, it might take a minimum-wage employee at an authorized repair center with a JTAG a few minutes to reflash it.

Re:

[slinches]

My suggestion would be to buy an unlocked phone. They are readily available Here [newegg.com] and can be used on any compatible network. The only drawback is that there only seems to be one carrier (T-Mobile) offering reduced pricing on service for a non-subsidized phone.

Re:this just encourages them

[jonwil]

Buy phones that dont require exploits or "jailbreaking" in order to use them.
Nokia N900
OpenMoko Freerunner
Nexus One
Palm Pre (last I heard the Pre doesnt require any hacks in order to replace the kernel or system files but I dont know if the new Palm Pre 2 is different in this respect)
Samsung Galaxy S (again, this one aparently doesnt require hacks)

Evidence?

[jbn-o]

Extraordinary claims require extraordinary evidence. Where is your evidence that treating your devices as though you own them "makes the next round of devices even MORE locked down"? How are we to know that it would not matter whether buyers did this, proprietors are going to continue to pursue ways to exclude users from being free to treat their computers as they wish?

on the fence

[metalmaster]

while i am against total lockdowns that cripple a phone(think VZW) I do think that some security is in order.

Re:on the fence

[Microlith]

Security is in order, sure, but should the end user wish to assume direct control then it should be a trivial process that requires the user be in physical contact with the device (such as holding down a button.) Not requiring the user to find a local exploit to grant them shell or terminal access like a 3rd party attacking the system.

But between the carrier and the vendor, you are a 3rd party attacker. This is why I have no respect for most vendors nor for any of the carriers.

Re:

[metalmaster]

Pushing a button might not require physical access though. Someone just has to publish an app with mal-intent. Make it look pretty so joe and julie numbskull download it. Run the app to root the phone. You can reek plenty of havoc. Leave security to the users and it will always be defeated by stupidity. Vendors and Carriers alike fear this scenario. Locks are put in place so someone's shiny new toy doesnt become a slave to someone else's bidding. I have to agree with this. Pool enough zombie phones and you

Re:

[Microlith]

Someone just has to publish an app with mal-intent.

Err, if a button has to be pressed when you power the device on to trigger a security unlock, it'll be a heck of a lot harder to do it with an "app" all on its lonesome.

Leave security to the users and it will always be defeated by stupidity.

I have no problem with security by default. But let me turn it off if I want to.

Userland services shouldnt be at the mercy of a carrier though.

Kernel space is nothing special on these devices. And everything you describe

Re:

[a_nonamiss]

I could write an app that displays on the screen "Hold down the red button on the side for 10 seconds, then press this button, then do this, and your app will give you free pr0n!"

It sounds stupid, but it would be trivial to socially engineer thousands of people to do something to hardware, if that were my end goal. Granted, not smart users, but then, that's not really who these guys are after. Plenty of low hanging fruit on the shallow end of the gene pool.

Re:

[Microlith]

By hold a button I mean "power the device off, hold this button, turn the power on, agree to the terms displayed that explicitly say you're reducing security and voiding your warranty unless you reflash to stock" not something in the runtime user interface.

Sorta like how the Nexus One does it. Or maybe like how my N900 does it, where you have to enable a repository and explicitly install a package. That alone would throw warning flags off for most people.

Re:

[Belial6]

On the contrary. Exactly the opposite. All it takes is a button press that will reload the factory install, and no one will brick their phone. If the only read-only part of the phone was code that would load whatever the phone owner wanted, you wouldn't see the things hacked. I guarantee more phones get bricked now with these lockouts in place than you would see if people were allowed to load whatever they wanted.

Re:

[gl4ss]

making it hard and trying to make it impossible are not the same thing. they are trying to keep it impossible, but chickened out on hw design to back it up. simlocks and appstore security(piracy) is what it boils down to, nothing else. the operators really, really don't like it when device manufacturers simlocks turn out to be worthless(it's bad for the business model of giving out "free" crack*erm* phones that can only be used on their network).

Re:

[Darkness404]

What "security" does this give you though? Its becoming increasingly obvious that many vendors -cough- Motorola -cough- want to lock down phones while not providing updates. When I buy a phone, subsidized or not, I should have the right to use it in the way that I want to. Whether that is jailbreaking, rooting, unlocking, etc. the phone. It is counter-productive for HTC/Motorola/Samsung/etc. to keep locking down their phones because what does it really gain them? A bunch of pissed off customers that their d

Re:on the fence

[mirix]

and making the device less usable helps security?

I guess in some ways it does. This rock is definitely more secure than my computer, which has root. It suffers slightly in usefulness, however.

Re:

[Gothmolly]

So you trade freedom for security?

Description makes the guy sound like a magician

[Stregano]

This is not off topic as it is awesome that he was able to do that, but come on, no need for the magician introduction on him, "Now introducing, the wonderful, spectaculor, super genius the Amazing Houdini". What ever happened to just giving us the facts and letting us determine how awesome it is?

Re:Description makes the guy sound like a magician

[tmzt]

You know what they say, irc logs are the first draft of history and they're linked from the wiki, so I'll make this brief. Scotty2, whose early successes include hacking the unhackable gsm RAZR, had a plan of attack that went directly for the eMMC chip through a kernel module. Though sidetracked by a month of other avenues, including the traditional radio and bootloader exploits, buffer overflows and the rest while building a war chest of knowledge about kernel modules (try building a kernel module for a kernel without source sometime) and patiently educating me (sometimes too patient), it came back to the same GPIO 88 that had been looked at a month earlier, and the same method. After the "hard reset" attempt of the eMMC module failed it was clear to him that only powering down the chip would allow the write protect to be disabled (or a reset line but that was either/both not connected or disabled in the eMMC's configuration). So the next month was spent trying to find a way to power down this chip. The reality is HTC was really clever and didn't actually use GPIO 88 itself in the traditional way, but instead used it as a pull down against the eMMC's power line (we think) so that changing the GPIO's configuration and not it's level would reset the chip. This is exactly what HTC's bootloader does when it needs to disable the write protect. If you follow the IRC logs from last night you'll see that it was finally looking at what parameters were being passed to the gpio_config (name is guessed) function, which didn't make any sense for just switching the value of the GPIO line. I know, personally, I had fun and hope you can see that from all the source on github.com/tmzt which is scotty2's, mine, and others. It's all there for anyone who needs to get into a locked down kernel (tivoized) on ARM, so you don't have to start from scratch.

Re:

[Anonymous Coward]

Only one word was used as a qualifier: "genius". You admit that it is supported by the article. The rest of the summary is a description of the hack -- the facts -- and says nothing about how clever it is. It seems to me that you are inventing something to be upset about.

Donate to the Genius!

[Anonymous Coward]

Donate to scotty2 (for root): walker.scott@gmail.com (PayPal)

Why are phones special?

[by (1706743)]

It seems that people rarely complain about the proprietary engine/drive-by-wire/etc. management software in their car, unless it breaks (think the Toyota debacle of late). Is it just that phones that run *NIX "feel" like they should be open, as we (the greater /. community) know *NIX (Jurassic Park reference intentional...)? Granted, there are legitimate safety concerns for cars, but I imagine there are less drastic examples of this apathy towards device X, but the demand for openness on device Y (phone, game console, etc.).

That said, I have a clamshell VZW phone, and it does irk me that it's useless for anything except the basics.

Re:Why are phones special?

[Microlith]

Because these are not phones. These are miniature computers that handle phone calls as a subset of their capabilities.

The software that controls my engine/drive-by-wire has a singular purpose, and is basically a bunch of tables with a bit of microcontroller code to flip through them. Smartphones are much, much more and tend to play a greater role in people's day to day activities.

And if you ask Apple and Microsoft, mobile is where the market is going to be moving heavily. Not necessarily to the exclusion of the desktop market, but still heavily. And, frankly, I don't see the mobile space being controlled so heavily by vendors with vested interests in controlling what you do and how as a good thing.

Re:

[by (1706743)]

I guess my point is more that if you buy a four-function calculator, you're not going to be upset when you figure out that there's no sin() button -- even though the processor in the calculator may be capable of doing that. Analogously, when you buy a phone, people get rather upset that they can't run arbitrary code on it. Sure, the company is controlling what you run -- but you bought it that way. I agree with what's been said before -- companies need to offer this, in which case the geek money will go wit

Re:

[Microlith]

you're not going to be upset when you figure out that there's no sin() button -- even though the processor in the calculator may be capable of doing that.

Probably not, but then there's a wide gulf between a basic calculator and more powerful devices like these. Witness the consternation over the TI calculators and cracking their signing key. Capability draws attention, and a desire to exploit it.

Analogously, when you buy a phone, people get rather upset that they can't run arbitrary code on it.

People used

Re:

[Miamicanes]

> These are miniature computers that handle phone calls as a subset of their capabilities.

Actually, it's even deeper than that. With every Android phone I'm aware of, the actual low-level "phone" functions are handled by a separate CPU (or core that's partitioned off as a de-facto second CPU), runs its own firmware, and basically looks a lot like a metaphorical voice modem to the rest of the OS (not entirely a coincidence... the first PalmOS PDA phones were basically cobbled-together agglomerations of a

Re:

[confused one]

It's difficult to improve on a modern car's management software in most cases. Having said that, you're not running around in the right circles if you think there are no aftermarket automotive computers or software hacks for reflashing the existing computer(s).

In fact, right now I'm designing a replacement for the Honda TCU in my 20 year old Accord because it has a "design flaw" we've all seen affect PC's -- electrolytic caps. After 20 years the caps finally failed and fried the TCU in the process. (can

Re:

[by (1706743)]

Having said that, you're not running around in the right circles if you think there are no aftermarket automotive computers or software hacks for reflashing the existing computer(s).

Yeah, I'm running around in the circles where the timing's controlled by vacuum/centrifugal advance ;)

Re:

[colinnwn]

I'd say you are being generous. I complain about the fact car companies don't give access to certain features in code or data on the CAN bus of cars. I'm on email lists of DIY enthusiasts who complain about similar.

Car mfgrs are also terrible about not following specs, or creating proprietary specs and charging a lot for access, where they should be encouraging open industry standards to develop for new features. The argument about safety is used to justify this, but it is not terribly germane, as there

Re:

[vlueboy]

Cell Phones have existed for a very short time. Technically we have watched them evolve from huge analog call-making units to something beyond even our home computers in functionality.

Anti-establishment people are making the statement that our PC's won't easily head in that direction anytime soon. With cars, well... they've existed for a whole century, and it's too late to stop the lockout. But we look at the suddenly-hardening mindset in the videogame/smartphone industry and see a chance of throwing wrench

Re:

[djdavetrouble]

I call Bullshit. What "people" are you talking about? The people around here are concerned with
all proprietary and closed computers.

href="http://slashdot.org/article.pl?sid=03/01/10/0120249"/a

As a matter of fact this was a popular topic around here a few years ago.
It turns out, there ARE people that want access to the computers in their car, they
believe they can do a better job, and that mods are a good thing. Smart phones are
the big fad these days, so you read about unlocking and rooting frequently.

Nice and open platform... right?

[vinehair]

All I have to say is this, as an owner of two android phones, the second only because it physically fell apart from (ab)use and from someone with a love for the platform:

Looks like we still have that 'DON'T USE APPLE BECAUSE IT'S A CLOSED TOTALITARIAN SLAVE PLATFORM!!!! COME TO ANDROID WHERE ITS FREE AND OPEN AND CHAMPAGNE AND PUPPIES!!!!!!' card, right lads? I mean, we're still laughing at the silly iPhone users having to jailbreak their phones so they can run what they want, right chaps? Right?

Now while we're at it, can I can a 'connect phone, run program, press button and you're done' solution for rooting my HTC Wildfire? I'm perfectly happy of course, to run adb and replace my bootloader and all the other things that used to get me wet while I was a student - isn't that the definition of open? - but I get the feeling that we could make it just as easy as those Apple user fellows and not lose any of the openness. Right guys?

Sarcasm away, that dream is gone, guys. The phone networks got to you and Google gave up. If you're going to carry on tooting about the openness of Android to users (they couldn't care less if their developers have to pay to develop or not) then you need some other talking points.

Re:

[blahbooboo]

All I have to say is this, as an owner of two android phones, the second only because it physically fell apart from (ab)use and from someone with a love for the platform:

Looks like we still have that 'DON'T USE APPLE BECAUSE IT'S A CLOSED TOTALITARIAN SLAVE PLATFORM!!!! COME TO ANDROID WHERE ITS FREE AND OPEN AND CHAMPAGNE AND PUPPIES!!!!!!' card, right lads? I mean, we're still laughing at the silly iPhone users having to jailbreak their phones so they can run what they want, right chaps? Right?

Now while we're at it, can I can a 'connect phone, run program, press button and you're done' solution for rooting my HTC Wildfire? I'm perfectly happy of course, to run adb and replace my bootloader and all the other things that used to get me wet while I was a student - isn't that the definition of open? - but I get the feeling that we could make it just as easy as those Apple user fellows and not lose any of the openness. Right guys?

Sarcasm away, that dream is gone, guys. The phone networks got to you and Google gave up. If you're going to carry on tooting about the openness of Android to users (they couldn't care less if their developers have to pay to develop or not) then you need some other talking points.

You are so going to be voted down for saying anything negative about android. p.s. BTW, you're 100% correct.

one quick point.

[IBitOBear]

He didn't actually say anything negative about android. It's the handset manufacturers that are doing this at the behest of the telephone companies.

All the evil is coming into the pipe _after_ android, down in the boot loaders and the skins.

And Google doesn't actually have the Apple Fanboy features that Apple has. Google knows that they will be held to some account by their fickle fan base if the screw up or let their brand get _too_ tarnished by the handset cartel.

It is a given that "Apple can do no wrong" as far as an Apple Fanboy is concerned. Google has simply not done wrong enough yet to deserve derision as far as Android is concerned.

Not the same thing at all. In fact, there are legions of people waiting to catch Google out to crucify them.

The N900 is as open as you ask for

[jonaskoelker]

Now while we're at it, can I can a 'connect phone, run program, press button and you're done' solution for rooting my HTC Wildfire?

8 steps to root on the N900:

(1-5) main menu -- App manager -- Category:All -- gainroot -- install
(6-8) main menu -- xterm -- "sudo gainroot"

Works fine. You can also install custom Linux kernels from the package manager to get wifi-tethering (which I have done, and it works fine).

Why would you want this, again?

[rastoboy29]

I am only interested in a phone that doesn't have to be hacked by some genius to get root access.

It's fine if it voids the warranty or whatever, but I'm not going to pay for something if I have to fight it to get full control over it.

Frankly, I might not even take full advantage of that--but I still demand the ability.

Re:Why would you want this, again?

[cbhacking]

Nokia N900. Debian Linux ported to ARM with a small-touchscreen-friendly interface. Comes with a terminal app; open that; type "su" and hit Enter. The default root password is publicly available (good idea to change it). People complain that its app store is lacking, and they're right, but they're also missing the point: the thing *runs desktop Linux*!
It has repositories.
sudo apt-get install <foo>
You can even compile from source taballs right on the phone, if you really want to / there's no pre-built binaries.

The browser is Gecko-based, and includes Flash. You can install AdBlock Plus if you want. You can even install mobile Firefox and get the full Firefox experience, with extensions. You can also install other browsers, if you prefer. Nothing is stopping you.

The main downside is that it's a due for a refresh. The hardware runs the OS and apps fine, but it's not terribly impressive by modern smartphone measures.

Simple phones :(

[cosm]

I sometimes miss the days by I had a phone that simply made phone calls. Although you can still get simpler phones, it seems like the industry is pushing me to larger, more complicated devices. I enjoy evolving technology, but I just a want a simple phone. The old rubber hardened nextels that you could punt across a football field and then subsequently use without any damage to the phone whatsoever were absolutely awesome.

I am not pining for the days of yore, but some of us want a simple, quality phone.

Re:

[MichaelSmith]

it seems like the industry is pushing me to larger, more complicated devices.

Its a free market. You can buy whatever you like. I don't know where you live but department and variety stores in Australia will sell you a samsung phone for less than 50 AUD, no contract. You can get the same phone for less locked to a carrier with a prepaid SIM. Just calls and SMS. Nothing fancy.

But OTH I just signed up for an LG Optimus. 20 AUD per month for two years, zero up front. No additional cost to me. It runs android 1.6 and has lot of pre-loaded software. So far its a very nice phone and I plan

Re:

[Fnord666]

Does anybody know of any phones that are simple, elegantly designed, work-as-advertised, and constructed with quality, and they aren't made for Barbie or Ken? RAZRs? Mattels?

For a simple phone I like the motorola razr v3.
My reasons are:

1. Basic phone functionality works well
2. Decent case
3. Bluetooth
4. Easy to repair if needed
5. Parts are readily available
6. Inexpensive replacement/spare batteries

Re:

[Freedom Bug]

It's hard to beat the Motofone F3 for "simple, elegantly designed, work-as-advertised, and constructed with quality". It's indestructible, the battery lasts forever and it's dirt cheap. It was designed to be used by people who can't read, so it uses a really annoying icon menu system. And it really sucks for text messages. But you just want a phone, right? Engadget calls it the "zombie apocalypse survival phone" (mostly because of it's 2 week+ battery life).

Re:

[account_deleted]

Comment removed based on user account deletion

doesnt matter to me

[jonwil]

I intend to buy a device that lets you replace the phone software out of the box without the need to exploit it (most likely a Nokia N900)

Re:

[MrEricSir]

Great! And we can program it in Intolerant. [esolangs.org]

Re:

[kyhwana]

Gives you write access to /system/ ? (Inc /etc, so on)

Re:Forgive my ignorance...

[colinnwn]

Allows you to run on the G2, non-T-Mobile versions of the Android operating system.

Re:Forgive my ignorance...

[Daniel Phillips]

What does rooting the Android accomplish?

Maybe fixing some of the crappy base functionality that come with the phone and can't be replaced by normal apps? For example, the alarm clock that wouldn't stop ringing until I pulled the battery. And countless other major warts that Google is not doubt horribly embarrassed about, but not so embarrassed as to fix or take patches for.

Re:

[a_nonamiss]

There are many answers, but realistically, it enables you to use it as a "free" wi-fi hotspot. (as in, no extra charge from the carrier.) Some other cool stuff, too. Useful stuff, not just changing your background.

Re:Forgive my ignorance...

[ScrewMaster]

What does rooting the Android accomplish? Beyond the ability to change your prompt... what is the result of this?

I don't have an Android so if somebody could enlighten me (and I'm sure others as well).

Much appreciated.

AC

Well, I will tell you what. Among a number of interesting things, rooting allows you to run any of a number of third-party operating system ROMs. One guy even got Debian Linux running on a G1 (not too practical, but it shows the power of an open device.) My personal favorite, and by far the most popular, is the Cyanogenmod ROM. Keep in mind that the relatively open nature of the open-source Android operating system has made this a legitimate affair: this is not remotely comparable to what iPhone users suffer under Apple's heavy-handed rule. Frankly, having used Cyanogen's product (generally faster, more stable, and more featureful than the stock firmware) for over a year now, if a particular phone won't let me install it ... well, that's one handset I won't be buying. More interestingly, Cyanogen (aka Steve Kondik) has a close relationship with the lead Android developers at Google, and much of his team's work has been used to improve the mainstream OS, so even those who are running the stock firmware have benefited. Are you listening, T-Mobile? Yeah, and that applies to the rest of you bloodsuckers as well: open is good for your customers, and good for your business.

Here's the deal folks. It was one thing when we were all using not-particularly-smart phones that had a few built-in applications, a camera, and maybe some extra flash to store a few MP3s. That's not what we're talking about here: these are not cellphones, they're personal computers that happen to fit in your pocket. I cannot accept that cell phone carriers (who are, after all, just fat pipes, not gods) have an intrinsic right to determine what operating system and/or applications we can use on our rather powerful pocket computers. I wouldn't accept that treatment from a PC vendor, and I see no reason for society to accept that from corporations who have spent years trying to convince us that they absolutely must limit the potential of these devices in order to "manage their networks", to provide us with a "better user experience." Of course, we all know what it means when a carrier is in control of the user experience. I will decide upon the kind of experience I want, and so far as network management goes, well that's not my problem. I expect to be provided with the service that I pay for, and that includes a hands-off approach to the phone and it's software. It's my pocket computer, not yours. Just deal with that, and stop trying to use it as an alternate revenue source.

Re:Forgive my ignorance...

[Miamicanes]

Enables you to install a kernel with proper support for Bluetooth HID, so you can use a folding keyboard and/or bluetooth gamepad with the phone.

Enables you to create a swapfile and use virtual ram. See, Android has an official mechanism for reclaiming memory used by suspended apps, but it's not instantaneous. If you buy Class-6 (or faster) microSD flash, it's faster to just swap a chunk of ram to the flashcard than it is to wait for the app to shut itself down, save its state, and release its memory so something else can use it. If you use class 4 flash, it'll be roughly the same speed either way. If you use class 2 flash, swapping is slower. As you've probably guessed, the free microSD card that comes with most Android phones is only class 2.

Tether for free. Sprint charges $30/month extra if you want to tether without rooting.

Run the CPU faster. Unlike (Intel) desktop CPUs, phone CPUs don't really have a hard upper speed limit. They just go through a point where your battery life totally goes to hell, then a zone where they're kind of flaky and it crashes a lot, then finally a zone where it's almost impossible to use for more than a few minutes WITHOUT crashing. A rooted G2 can run at 1GHz without breaking a sweat, and I'm pretty sure I read that they're generally stable up to around 1.6GHz. The catch is, your battery will last about an hour at that speed.

You can use Samba to make your /sdcard filesystem accessible over the network as a normal Netbios share.

You can use OpenVPN. Unrooted Android can't use it, not even as a client.

You can install sshd and use SSH to securely connect to a root shell on your phone.

You can install thirdparty SSL root certs.

You can use Tor.

Those are just a few things off the top of my head. There are a lot more.

Re:

[schnikies79]

Because I'm not going to pay full cash price for a cell phone.

I've been with the same cell company for 11 years, so a 2 year contract isn't a big deal.