Hi,
I am new to Android development but not new to Linux. I am looking for a little introduction on how to root a device initially (suppose nobody had rooted it yet).
Can any devs chime in with the details as to what they are doing? If you take the HTC Evo for example, everybody starts out by flashing a modified PC36IMG.zip -- specifically, what did the the dev do to that image? Decompile and modify source? Modify code in a hex editor? Use an exploit?
Thanks
Related
Does anyone know what type of a file a .nbh is and how to make it veiwable/modifiable. If there was a way that we can mod the NBH file that I believe would be the successful way of rooting the MyTouch 3G. I will be getting one of the production devices in a week or so anyone want to have anything dumped let me know.
the nbh is a ROM and you can't flash it without a modified SPL. i'm not even sure the SPL used for android even supports the file type but any kitchen from winmo can decompile it
Not really so much an android thing but is a hardware thing of HTC. The Dream and Sappihre support these files. There is a NBH file which will take you all the way back to RC29 and also flashes back the original SPL as well. So it is my belief that if we can make a compatible NBH for the sapphire it will accomplish the end result.
Of course it will... That's what NBH files are made for. I don't think you can make one since it's signed (or something) with a key we don't have.
Ehh, i have an idea:
Some has to decompile .nbh and modify it to work on mytouch 3g.
Than you have to create a goldcard.. not sure about if viperbjk is putting sapphire into qmat..
Yeh I have tried to decode with hex editor and have not had any real luck with it at all. Looks coded. Just wondering if anyone knows how to decode would be greatly appreciated. I have tried to use some of the old Windows mobile kitchen tools.
There are lots of tools to extract NBH files, they should work if HTC hasn't changed anything...look for other devices kitchens and you'll find the tools.
Also there's a project which tries to achieve the same result under linux http://code.google.com/p/htc-flasher/.
where did you guys get an android nbh? this is odd because android is updated by placing and update.zip on the root of the sd card (among other ways) which is handled by the SPL. why wouldn't HTC just stick with nbh then?
sammypwns said:
where did you guys get an android nbh? this is odd because android is updated by placing and update.zip on the root of the sd card (among other ways) which is handled by the SPL. why wouldn't HTC just stick with nbh then?
Click to expand...
Click to collapse
android is updated by .zip but NBH is an all in one image type file that flashes htc phones to factory defaults. its usually used by the support techs to restore phones.
android/google=zip
htc =nbh
tripledes said:
There are lots of tools to extract NBH files, they should work if HTC hasn't changed anything...look for other devices kitchens and you'll find the tools.
Also there's a project which tries to achieve the same result under linux http://code.google.com/p/htc-flasher/.
Click to expand...
Click to collapse
this looks promising...i wonder if we can figure out how to resign it....
Hi,
I have just tested the HTC-Flasher and unfortunately it does not work with the DREAIMG.nbh
So i someone know how to extract and re-flash the dream NBH please help.
Bye
Herc. 8)
I am a linux user...
Anyone can share the howto or if there are any guides?
+1 bumping this thread
Second that...
http://www.koushikdutta.com/2009/08/build-configuration-for-t-mobile.html#links
He seems to have a script to compile the Kernel...
I don't know to what extent this would help us but it is a start. I dont quite know how the apps are installed on a new ROM....
It would be nice if someone can explain what is needed and what is optional in the kernel and some of the mods that other people are doing and how they integrate in the OS.
I see a lot of improvements in the new ROM's but no how-to on doing it your self. I thought that was the point of having open source OS.
I would quite like this as well =o)
Have made a bit of a start by following this:
http://source.android.com/download
Shows you how to get all the code and do a build.
I believe the next thing would be to pick the required files from the output folder of the build, dump the boot.img and replace the kernel with 32B or 32A one, add the Magic model config file (to ramdisk) and recreate the boot.img
Replace/Add any modules required like maybe wifi or bluetooth, then need to change the build.prop file and put it all in to update.zip and sign the file.
Haven't had time to test this out but seems kind of logical...maybe?
Hello!
I'm following the android.com tutorial, but I want to ask: how can I download the donut branch? There's no mention in the entire site about it... Also, the cyanomod's multitouch and so on, where does it come from? Is it made by himself or it's somewhere in the net?
Thanks
Learn how to use GIT to get the donut branch from here: http://android.git.kernel.org/
Proble is that it doesn't specify the donut project path
Is there a command to list all project paths? I can't seem to find it
L10nH34Rt said:
Proble is that it doesn't specify the donut project path
Is there a command to list all project paths? I can't seem to find it
Click to expand...
Click to collapse
Code:
git branch -a
in any local git directory
Ok, then so far I've downloaded the donut branch, and compiled too. What now?
1. how to create a ROM from the made files?
2. how to compile the kernel / how to replace the one created with the make command with the one I'm running on?
3. is there any option I can configure to fit my phone? (HTC Magic 32A)
4. how can I root my ROM?
thanks
there is this guide that i have found:
http://www.koushikdutta.com/2009/08/build-configuration-for-t-mobile.html
'make' finished with success but i can't find how to transform it into 'update.zip' file...
anyone?
It says that in the link you have posted yourself.
how to do this? coz, i'm sure there are a lot of hd2 owners that loves one custom rom but still want to edit it.
danxtian said:
how to do this? coz, i'm sure there are a lot of hd2 owners that loves one custom rom but still want to edit it.
Click to expand...
Click to collapse
Search the main forum for "Chef Central" You should find what you need there, what you are going to need is a "Kitchen" ...
As previously stated, you will need an HD2-compatible kitchen to decompile the NBH into the raw files contained within. However, most modern kitchens default to using a build method that prevents someone from easily decompiling NBH files, so you will most likely not be able to do it.
I am in the process of gathering source from cm7 devices and piecing them together into a full source tree for cm7 on the doubleshot. I am currently using the extract-files.sh script to pull proprietary files from the stock rom of the doubleshot. This script uses the proprietary-files.txt file to pull the appropriate files from the /system folder in the rom.
My question is how do I know which files to pull from the rom? Since there is no source code available for the doubleshot, I am starting with the source of the closest device (htc pyramid) which is now in the cyanogenmod source tree.
I'm using the proprietary-files.txt from here but the problem with that is that it was intended for cm9. There is no source code available for the pyramid in cm7.
Assuming that there are no differences between the proprietary files for ics and gingerbread (highly unlikely), there are still differences between the pyramid and doubleshot. So if anyone knows what to do please let me know(I would think anyone with this knowledge would have already passed this point in development, i.e. kornyone, but it never hurts to ask right??)
Thanks in advance xda community
well a good start is replacing the entire folder entire system.bin and xbin, system.lib.hardware, system.lib.modules, boot.img, libhardwarelegacy.so, libsensorservice, libhtcril, libril, and thats all i could think of off my head. also next time post in general beccause it is still a question
Hello!
Device: i535PP
Kernel version: 3.4
Build date: July 22(futex(towelroot) patched)
So, I am trying to get the symbol table or whatever the heck it is.
I do not have root access, that is what I need the symbol table for > read about that here
So I can't do this the easy way of just open /proc/kallsyms
I have the zImage from boot.img.
I have kept reading on google ect that the most common type of compression used by Android kernels is gzip.
I have looked for the gzip magic numbers in a hex editor and also using hexdump/grep and dd.
I tried using binwalk zImage | head and it didn't see any gzip headers in the file, it found lzo and "pcrypt" or something like that but. I found the magic numbers for gzip... I did some googling and. I belive the whole "pcrypt" is because I had my device encrypted, and I had the OTA flash able rom on my and did all the extracting and Shia on my phone. I have since then decrypted the device and reextract everything.
I believe I am supposed to be after piggy.gz...
When I get the offset and use dd to skip to the beginning of the gzip header and save, I do gunzip piggy.gz and it says that it's corrupted. When I use a hex editor it's also corrupted...
Anyone who has done this before, mind helping me out?
I'll upload the zImage if needed.
Just don't go get the addresses yourself and post them here, I want to get some of the experience out of this
I will be more than happy to add to the list of thankyous/credits when it's all done and I test then make a release. I would also be able to port the exploit to other devices too.
I think I know why....
Probably messed it up when I tried going it on a pc I moved it back and forth via ftp... I didnt have a usb cable at the time.
If anyone wants to take a shot at this, please do. I will love you forever.
No clue what you're trying to do, but my ArchiKitchen should be able to split kernel into zImage and ramdisk, and also unpack the ramdisk, allow you to make changes, and repack it back. You can also replace zImage only if you wish... However, beware, invalid zImage may lead to brick.
You're interested in barebones project. Then you put boot.img in proper folder, restart kitchen, and unpack boot.img.
And if you're interested in decompressing zImage, then sorry, but you're doing it wrong, zImage is compressed binary, and you can't unpack the binary, even if you manage to decompress it.
@JustArchi
Well, thanks for getting me some info about that. But if I understand correctly, zImage is the kernel yes? From what I have read on boot it decompresses itself and copies it into memory. I am not really trying to modify anything, trying to get to the kernel symbols for a device that currently has not working rooting method I am aware of(i535pp on latest build...). Locked boot loader, signature verification of system.img.ext4 so no adding su binary and done. Futex is a no go, kernel compiled July 22. I am trying to port cve 4322 to the device from poc code by retme7 to get a root shell and go from there. If you know how I can go about doing that or point me to a tut, would be great.
Would this help? http://opensource.samsung.com/reception/receptionSub.do?method=sub&sub=F&searchValue=I535pp
OpenSourcererSweg said:
@JustArchi
Well, thanks for getting me some info about that. But if I understand correctly, zImage is the kernel yes? From what I have read on boot it decompresses itself and copies it into memory. I am not really trying to modify anything, trying to get to the kernel symbols for a device that currently has not working rooting method I am aware of(i535pp on latest build...). Locked boot loader, signature verification of system.img.ext4 so no adding su binary and done. Futex is a no go, kernel compiled July 22. I am trying to port cve 4322 to the device from poc code by retme7 to get a root shell and go from there. If you know how I can go about doing that or point me to a tut, would be great.
Would this help? http://opensource.samsung.com/reception/receptionSub.do?method=sub&sub=F&searchValue=I535pp
Click to expand...
Click to collapse
If device has locked bootloader, you won't be able to flash custom kernel you made anyway.
Otherwise, you just compile kernel from sources, get zImage, and combine it with the ramdisk through my kitchen.
JustArchi said:
If device has locked bootloader, you won't be able to flash custom kernel you made anyway.
Otherwise, you just compile kernel from sources, get zImage, and combine it with the ramdisk through my kitchen.
Click to expand...
Click to collapse
I am not trying to make a custom kernel. I am trying to extract information from the kernel required for exploitation. I am not even sure I am going about this correctly. I need to symbol table. I believe I ptmx_fops and perhaps a few other things... I have the src, anything valuable?
OpenSourcererSweg said:
I am not trying to make a custom kernel. I am trying to extract information from the kernel required for exploitation. I am not even sure I am going about this correctly. I need to symbol table. I believe I ptmx_fops and perhaps a few other things...
Click to expand...
Click to collapse
Stop it, you're talking nonsense. You won't achieve the thing you want in that way.
JustArchi said:
Stop it, you're talking nonsense. You won't achieve the thing you want in that way.
Click to expand...
Click to collapse
How do I go about making cve 2014 4322 work on my device?
I have been looking and looking...
You dont understand what not having root does to me....