[WIP] Automated Rooting, feedback needed - Android Software/Hacking General [Developers Only]

Let me start by saying yes I read the forum rules for the Paid Software group and as far as I can tell I'm posting in the correct spot. I don't meet the 100+ post criteria but I also am not selling an application. If this belongs elsewhere please move it, don't delete
Basically what I'm looking for is some constructive critisim and feedback. I'm a software development major wanting to someday make a career of Android development, but as a student am constantly needing to partake in projects. For side work for the last year or so I have been doing Android rooting, flashing and modification via CL. One big issue I immedietly noticed was my scope of work. I could reach a much larger audience if travel wasn't part of the equation. This gave me an idea..
Most root methods are simply a few scripts ran in sequence, with a possible reboot or two in the process. A lot of that can even be handled by writing a single script to run each file in order, with a response wait while rebooting occurs.
I'm considering hosting a website on which users can access my server, and, after selecting their device, root it with a single click. Keep in mind I've successfully rooted over 70 phones, with no failures, and have been tediously keep track of the easiest, least risky exploits and methods. Of course rooting (like always) would be at the users liability.
Any ideas or feedback would be greatly appriciated. Android is, and poised to continue, dominating the smartphone market. I feel that a resource like this would literally be invaluable to the community. If I continue to stick with this it will probably be going on KickStarter soon.

bummmpity bumpage

Evo OTA 4.24.651.1
Have you been able to root the HTC Evo 4G with the 4.24.651.1 update?

Related

Starting to put some pressure on T-mobile...

The real "bad guy" in the whole root thing on the phones is T-mobile. They don't want to let us have root, so google obliges.
I think we need to start applying pressure to help T-mobile realize that allowing a 'developer build' to be released to those who request it would actually help them out.
There are several angles that this makes sense - but the one I am taking now is to try to help people realize that features are missing because they don't let us develop them for them - so that even regular users will get on board for wanting them to have a developers build available.
I started a thread on their official forums asking for this kind of access. It wont get anywhere, but maybe we can start getting the normal users behind the idea.
Here's the thread over at the T-mobile forums
I don't know about the rest of you - but I would like to spend my time doing useful things on the phone rather than playing cat-and-mouse games with them.
What point is having an open source OS if you can't reflash your own builds of it?

Unsafe ROMS?

I've been playing around with all the 6.5 ROMS available on this forum (plus have been lurking for a while so felt like doing some contribution could be appreciated ).
My company is very stringent about enforcing Exchange ActiveSync policies, especially PIN CODE, timeout to lock and remote wipe.
I noticed that on the 230XX series (I have tested up to 23053) posted here, there are two different behaviors, one serie works with my Exchange Active Sync, one does not.
Since the PIN request and lock timeout work fine with them, I have to assume the remote wipe feature has somehow be disabled by this ROM.
I have been able to identify that a ROM will give me this problem even without connecting with my Exchange Server.
in 100% of the case, if I try to import a root certificate on a "hacked" ROM, it will be installed without any warning, just a "Certificate successfully installed, press OK" dialog.
Now, on a ROM that is not "hacked", when you try to import a root certificate, you are warned that this may be an unsafe operation and have actually to confirm.
This is very concerning to me, because the warning being removed means that any bad guy can leverage these ROM to deploy a rogue root certificate to your device and your device can start trusting wrong sites.
I do not intend this to be an exhaustive list, but as of my testing only the following two ROMs work correctly:
- NATF
- RRE
All the others do not. The source of the non-working ones is either the same, or these people have purposedly altered the ROM to change the security settings. But the result is the same, security altered ROMS.
If anyone could confirm they are experiencing the same, I would not feel alone on the planet
UM
I'd just like to reiterate that this is a development community- most of the cooked ROMS you've tried are experimental works in progress. We tend to take our experimenting a bit far here- but as none of our 'products' are really production tested, it's fairly safe to say that all of them are just a bit unsafe.
A stock ROM has the benefit of being tested in a production environment- and while performance on these ROMs may not be optimal, they are composed of a set recipe of components established between the OEM and Microsoft.
Many of our ROMs are conglomerations of various different components- so it's not exactly safe to say that any of them can be held completely accountable for device security- there may be plenty of exploits present behind the scenes that never have been exposed or rectified.
We're small-scale individual developers. Most, if not all of us, do this for fun. Many of our packages deliberately alter the way in which devices handle certificates and signing- because it allows us to expand the boundaries we develop within.
If you're looking for guaranteed security, your best bet is to stick with a completely stock device. If you choose to use another ROM, any insecurity is not on the developer, but you.
Very well said! On top most, actually all of the 6.5 based ROMs have a microsoft beta as a base. Though it may be a save bet that the latest built # may be the closest to the final release at Oct. 9 it's a common practice to reduce/alter some "security" settings an policies for an "easier" way to success. None of these facts is to blame on any ROM chef or developer or however you want to name these creative heads here.
Their work is just incredible and I bet that ms or HTC would be proud to have such guys on board.
Note:
I bet that some individuals of both companies keep a close eye on what's going on here.
Guys,
Don't get me wrong, I know what I'm doing when installing a beta that has been leaked.
First, it's illegal, we are stealing non published source code, infringing intellectual property and probably making ourselves guilty of too many felony counts to be able to get out of jail without a long white beard.
But, joke aside, this was not the point of my post and I am sorry if I didn't explain myself clearly.
There are 23053 builds that work well are 23053 that do not, as was the case with any previous build number and, consistantly, I have had two out of the pack working exactly as expected from a security perspective, and all of the rest not working as expected.
So, since I do not believe MS is deliberately compiling one tree of the code with embedded security and another without, it means that someone in the middle is affecting it.
That was my point.
UM
Hummm...
Wrong approach fellow...
Wrong place, wrong time and wrong people.
Don't expect to be received with an open heart while commenting such things...
Imagine the following scenario:
A priest enters a strip bar and tells the owner of his concerns of moral ground, about the practices that take pace there... LOL
I may understand your point, definitely not your purpose.
If you are lucky enough not the get flamed, you will at least see some frown faces...
Leave it...
As someone suggested before, remember this is a development community...
If what you find doesn't suit your needs simply suggest changes or don't use it at all.
If you concluded, after experimenting, that the only functional ROMs are NATF and RRE ones, allow me the following suggestion:
Choose between 3 options:
1. Use a stock ROM so you don't «steal» form anyone and don't risk having to spend 5 days in a row shaving...
2. Use a NATF ROM
3. Use an RRE ROM
I believe i made my point as gently as I could...
If i may have hurt some feelings, i am deeply sorry for that.
Cheers
Well, 2 points in answer to your post where you obviously did not read mine:
1) Did you miss the sentence that starts with "Joke aside" ??
2) Don't care of being flamed, I provided evidence to people that want to make up their miind, they don't need you to tell them what is safe or not for them
Bottom line is:
- if you do not want to have a phone crashing on you, use a stock ROM (that's actually a good joke... Stock ROMs do not crash less than their beta counterpart).
- if you do not want your passwords, contacts or personal data to end up into some hackers site, be careful about what ROM you install
wearing my flame proof vest.
UM
unlockMe said:
Well, 2 points in answer to your post where you obviously did not read mine:
1) Did you miss the sentence that starts with "Joke aside" ??
2) Don't care of being flamed, I provided evidence to people that want to make up their miind, they don't need you to tell them what is safe or not for them
Bottom line is:
- if you do not want to have a phone crashing on you, use a stock ROM (that's actually a good joke... Stock ROMs do not crash less than their beta counterpart).
- if you do not want your passwords, contacts or personal data to end up into some hackers site, be careful about what ROM you install
wearing my flame proof vest.
UM
Click to expand...
Click to collapse
Dear UM,
I had a good laugh reading your last sentence LOL
I believe that wither you misunderstood me either I was not clear...
1. I am not accusing you of anything.
2. I read you whole message (points 1 and 2 included... They were there, weren't they...?)
3. I am not trying to demote you of you purposes... I was only trying to pass a message but given the fact the message wasn't delivered, I will try to rephrase...:
You are expressing both facts and opinions.
That is, indeed, you right given the fact we are in an open community and we, still, are in a free world (so to speak...).
I do not endorse or condemn none of your previous statements.
Knowing this community for quite some time and specially knowing it's member, active ones, passive ones, contributing ones, parasite ones, etc... I just know for sure that your comment in which you address people in such manner will have one of two possible outcomes:
1. Total ignorance
2. Flaming
Now, after this, do whatever you like Don't get me wrong and sorry if I made myself misunderstood
Nuff said.
Cheers.
This thread is not development related, moved to the appropriate section

Just a Passing Thought on Devs

Just one of my thoughts on developers...
Developers of apps and such have brought us some really useful creations that allow us to personalize our Android devices in almost anyway we desire. They spend countless hours, months, or even years developing these things which they give to us for our use.
While we use these creations, we find a bug or think of a new implementation for it. Now a developer will get new feature requests and choose to not make those changes because they have no time, not enough demand, or there's just no plan for it. On the other hand, we find a bug in it. We bring it to their attention and there's a chance that it will be fixed, maybe soon or in a later update. Maybe it doesn't get fixed but it still runs fairly well.
But what the unresponsive developers who basically make their apps for a quick buck and then the project is dead? Or the ones who don't listen to the supporters of their app at all? I know there's no obligation to listen to thoughts of the consumer but shouldn't the developer at least pay attention and be somewhat responsive?
Any thoughts/comments/disagreements/criticisms/hate on this are welcome.
Jamin13 said:
Just one of my thoughts on developers...
Developers of apps and such have brought us some really useful creations that allow us to personalize our Android devices in almost anyway we desire. They spend countless hours, months, or even years developing these things which they give to us for our use.
While we use these creations, we find a bug or think of a new implementation for it. Now a developer will get new feature requests and choose to not make those changes because they have no time, not enough demand, or there's just no plan for it. On the other hand, we find a bug in it. We bring it to their attention and there's a chance that it will be fixed, maybe soon or in a later update. Maybe it doesn't get fixed but it still runs fairly well.
But what the unresponsive developers who basically make their apps for a quick buck and then the project is dead? Or the ones who don't listen to the supporters of their app at all? I know there's no obligation to listen to thoughts of the consumer but shouldn't the developer at least pay attention and be somewhat responsive?
Any thoughts/comments/disagreements/criticisms/hate on this are welcome.
Click to expand...
Click to collapse
I guess we are lucky in that the majority of Developers in the community are not demanding of donations or the 'quick buck'. Most do it to tinker in their spare time, to prove that it can be done, and to feed their passion. They are then gracious enough to share their works with us, everyday Joes, for nil thought of monetary gain (again, mostly).
It disheartens me greatly that the overwhelming majority of users now make the most ridiculous demands of Developers, expect a full-blown 'retail (bug-less)' experience, then have the gall to call Developers out if they decide to move away from the project, hit a brick wall or even just go to sleep!
Unfortunately I have even seen the odd Developer involved in this sort of behaviour, and it's certainly not limited to Junior members either, not by a long shot
These guys don't get paid, they're (generally) doing the best they can with what they've got, and they share with us out of their own goodwill. We use and try these things at our own risk. It's printed in big red letters at the top of most ROM threads these days, for good reason
With the onset of the 'smartphone revolution', it's amazing to read through a 50-page thread and watch how many people ask for each and every feature in a 'CWM flashable zip' because they can't, or won't, read through a few pages, or even do a search. I'd wager a fair few wouldn't even know what a Command Prompt or Fastboot was. These kids are flashing whatever looks 'cool' to their devices without so much as a clue to what it does (other than OMG an extra 0.1GHz! - example only), then expecting everyone else to pull them out of the **** when it goes pear-shaped ('I need flashable zip for...'), and having a bit of a go if something doesn't work, rather than sitting back and waiting for it to get past version 0.1.
I have great sympathy for Developers today, as they don't have a hope in Hell of keeping on top of this, nor keeping up with the ridiculous demands.
Even if we make a donation, it does not entitle us to any more support than the regular user who just hits the 'Thanks' button, or even just silently downloads and uses. It's called a donation for a reason. This is a community based on goodwill and sharing, although some days it certainly doesn't look that way.
I've bored you long enough Thankyou for asking the question and giving me the opportunity to share my thoughts. Remember, the Developers are the lifeblood of this community, and (thankfully) bad eggs among them are quite rare.
Take care.
juzz86 said:
I guess we are lucky in that the majority of Developers in the community are not demanding of donations or the 'quick buck'. Most do it to tinker in their spare time, to prove that it can be done, and to feed their passion. They are then gracious enough to share their works with us, everyday Joes, for nil thought of monetary gain (again, mostly).
It disheartens me greatly that the overwhelming majority of users now make the most ridiculous demands of Developers, expect a full-blown 'retail (bug-less)' experience, then have the gall to call Developers out if they decide to move away from the project, hit a brick wall or even just go to sleep!
Unfortunately I have even seen the odd Developer involved in this sort of behaviour, and it's certainly not limited to Junior members either, not by a long shot
These guys don't get paid, they're (generally) doing the best they can with what they've got, and they share with us out of their own goodwill. We use and try these things at our own risk. It's printed in big red letters at the top of most ROM threads these days, for good reason
With the onset of the 'smartphone revolution', it's amazing to read through a 50-page thread and watch how many people ask for each and every feature in a 'CWM flashable zip' because they can't, or won't, read through a few pages, or even do a search. I'd wager a fair few wouldn't even know what a Command Prompt or Fastboot was. These kids are flashing whatever looks 'cool' to their devices without so much as a clue to what it does (other than OMG an extra 0.1GHz! - example only), then expecting everyone else to pull them out of the **** when it goes pear-shaped ('I need flashable zip for...'), and having a bit of a go if something doesn't work, rather than sitting back and waiting for it to get past version 0.1.
I have great sympathy for Developers today, as they don't have a hope in Hell of keeping on top of this, nor keeping up with the ridiculous demands.
Even if we make a donation, it does not entitle us to any more support than the regular user who just hits the 'Thanks' button, or even just silently downloads and uses. It's called a donation for a reason. This is a community based on goodwill and sharing, although some days it certainly doesn't look that way.
I've bored you long enough Thankyou for asking the question and giving me the opportunity to share my thoughts. Remember, the Developers are the lifeblood of this community, and (thankfully) bad eggs among them are quite rare.
Take care.
Click to expand...
Click to collapse
No problem, always nice to know others thoughts on an idea.
There are the dedicated devs who do spend vast amounts of time on their work and everyone (most everyone anyway) are quite appreciative of it. I'm more concerned with devs, whether new or old, just maybe responding. Not just toward reasonable (or ludicrous) requests but just a general question. I wouldn't look for them to respond to everyone who does ask something though, they would be there for days.
I'm just trying to port a recovery for my phone and cannot get a response from any of those respected and revered devs that have done all the work on those recoveries. I've done my fair share of Googling and asking around here and still have not been able to make any progress on it. There was one member who has been lending a hand but other than him, I haven't gotten any other responses.
It sounded like the first post was more about app devs and the second was about rom devs...
I was just talking about devs in general, not any specific kind. Could be ROMs, could be Apps, people will still ask for more and more and pester until they get what they want or until the developer gets fed up and: makes the changes, stops responding, or gets run off.

[Q] Using remote access to root a phone and install a rom

I wonder if anyone knows if it is possible to root and install a ROM for someone using remote access of some sort. At least maybe be able to explore the file directory or flash something even on an already rooted phone. I could see why Google may have built in something that would block this from being possible though. The only reason I ask is because there are so many times I try to help a friend on FB or twitter who is having a problem with their phone and I would LOVE to be able to help them! Most of them are somewhat technological idiots and I don't want to lose them to the dark side! We all know every brand and model of phone has it's different quirks and problems and issues Most can be easily solved with a little searching here on XDA. I'd love to be able to help a friend install an OS update or a custom ROM so they can enjoy their phone to it's fullest potential the way it's meant to be enjoyed and they won't get that phone The Borg use( I'm sure most of you will get the Star Trek reference)!
Obviously, the potential would be there for people to make money rooting people's phones remotely. I'm sure there are some people that wouldn't be happy about someone making money off an otherwise mostly free Development community and I understand that completely. I do think it would be a great way for a developer to raise money to continue their efforts and possibly bring in enough to quit their other job to devote themselves full-time or at least add a little to their income. My thoughts on that would be this: For one, at least it would be someone with a hands-on knowledge of the particular phone and various ROMS for that phone. People such as Mike's Recognized Users of his ARHD ROM would be perfect candidates for something like this. It would certainly also cut down on the overly repeated questions we all have to deal with in EVERY forum on this site. When Mike puts out a new rom there are 10+ new pages an hour, mostly repeating the same three questions, and you know what those are. If I haven't checked in a couple of days that could be HUNDREDS of posts! I am actually someone who reads as much as I can before I install anything, even a small update. Would be nice to have one post answering all the questions I would have. Repetitive questions lead to FIVE repetitive answers of "search before you post" followed by "I did" and a two page conversation about searching. Ugh!
Of course, there is also the problem of someone who is not fully adept at doing somethin like this and bricking peoples phones without recourse. For sure, it would be tough to identify a qualified person to do this but it could be possible. Now, unfortunately you would also be opening yourself up to a stranger accessing all your files and information that are on your phone. I'm not a developer by any means but I'm sure there could be an app and program created that would allow you access but block any files containing personal information.
Overall I think there would be some definite postives to something like this, as well as negatives that I'm not thinking about. Would love to hear your opinion.
Oh, and if anyone tries to steal my idea and profit by it I'm reserving all rights to the concept right now!
Someone did it
Halfcab123.com
VNC/RDP and do everything from a command prompt.
tony yayo said:
I wonder if anyone knows if it is possible to root and install a ROM for someone using remote access of some sort. At least maybe be able to explore the file directory or flash something even on an already rooted phone. I could see why Google may have built in something that would block this from being possible though. The only reason I ask is because there are so many times I try to help a friend on FB or twitter who is having a problem with their phone and I would LOVE to be able to help them! Most of them are somewhat technological idiots and I don't want to lose them to the dark side! We all know every brand and model of phone has it's different quirks and problems and issues Most can be easily solved with a little searching here on XDA. I'd love to be able to help a friend install an OS update or a custom ROM so they can enjoy their phone to it's fullest potential the way it's meant to be enjoyed and they won't get that phone The Borg use( I'm sure most of you will get the Star Trek reference)!
Obviously, the potential would be there for people to make money rooting people's phones remotely. I'm sure there are some people that wouldn't be happy about someone making money off an otherwise mostly free Development community and I understand that completely. I do think it would be a great way for a developer to raise money to continue their efforts and possibly bring in enough to quit their other job to devote themselves full-time or at least add a little to their income. My thoughts on that would be this: For one, at least it would be someone with a hands-on knowledge of the particular phone and various ROMS for that phone. People such as Mike's Recognized Users of his ARHD ROM would be perfect candidates for something like this. It would certainly also cut down on the overly repeated questions we all have to deal with in EVERY forum on this site. When Mike puts out a new rom there are 10+ new pages an hour, mostly repeating the same three questions, and you know what those are. If I haven't checked in a couple of days that could be HUNDREDS of posts! I am actually someone who reads as much as I can before I install anything, even a small update. Would be nice to have one post answering all the questions I would have. Repetitive questions lead to FIVE repetitive answers of "search before you post" followed by "I did" and a two page conversation about searching. Ugh!
Of course, there is also the problem of someone who is not fully adept at doing somethin like this and bricking peoples phones without recourse. For sure, it would be tough to identify a qualified person to do this but it could be possible. Now, unfortunately you would also be opening yourself up to a stranger accessing all your files and information that are on your phone. I'm not a developer by any means but I'm sure there could be an app and program created that would allow you access but block any files containing personal information.
Overall I think there would be some definite postives to something like this, as well as negatives that I'm not thinking about. Would love to hear your opinion.
Oh, and if anyone tries to steal my idea and profit by it I'm reserving all rights to the concept right now!
Click to expand...
Click to collapse
Lol been done already
GNeX
AOKP
FRANCOS LATEST KERNEL
& WHATEVER [MOD AT THE TIME]

[REVIVAL] Development of the Droid Razr M & HD

[DISCLAIMER]
I have basic understanding of programming and the android software so I'd like as much help as you can provide.
This includes personally messaging me. IF YOU HAVE QUESTIONS ABOUT THIS THREAD OR MY POSTS PM ME AS I DO NOT WISH TO JUST CRUM UP MY GOALS HERE WITH DISCUSSIONS OF WHY THIS IS A BAD IDEA OR ANYTHING ELSE NOT CONCERNING THE MATTERS AT HAND.
------------------------------------------------------------------------------------
[REASON]
This is my favorite device. I it seems to have long been forgotten and there are a lot of dead links. I understand the OG Devs have seemingly turned their backs on us in search of their own paths in life.
I do not blame them at all and instead I am sad to come upon the realization of how low our economic powers have come to have the ability to turn our own role models against us and their years or dedicated work here on XDA.
I can chat all day about my life and history here, you can message me directly if you must. Just understand my life hasn't been easy.
I was adopted at the age of 7 from another country into an American family that had hard heads and a cut throat attitude to rules they didn't even understand.
From the age of 10 years old I fell in love with technology and software. My efforts were suppressed greatly.
I was denied access to a simple flip phone that had no service and was punished for wanting to learn programming. I started hacking.
I learned all I could to become free of my chains. At 15 I made the money to buy my first Iphone (3GS), I fixed computers for people I knew for free even though I never owned my own. I used those opportunities to learn about jailbreaking and how basic filesystems and programming.
A lot happened during my years growing up I had a few good friends with good families that had androids, iphones, computers and they were glad to show me things and let me use their devices. One of my good friends had a Razr Maxx which he later Traded for an HD through his phone plan. I was in love and I helped him fix it a few times when he needed help. Then one day things didn't go well for me.
At 17 I was thrown away by the abusive family that adopted me and I traded my Jailbroken Iphone for a galaxy prepaid phone which was owned by a homeless drug addict I met at a shelter. The trade opened the world of Android and Linux to me from a hands on personal perspective. I loved it. But the device was small and low spec.
I started rooting. I found XDA. I wanted so badly to be a programmer but my life got in the way due to the simple fact that I had no one left to turn to. All my friends I learned from had went into collage and left or didn't want to be seen with the homeless kid. I was powerless due to reasons you can ask in a PM. I did all I could. I fixed my life over the years. I'm in my late 20's now and I finally got a few of these phones. I've learned a lot about Android, Linux, Unix, etc. At least as much as I could while struggling through managing my time and resources in life. At one point I even had an internship for IT through a school. That internship was ruined due to the recent pandemic that shut down the schools and forced me to move.
------------------------------------------------------------------------------------
[THE INTENT]
This thread is going to be my way of securing a piece of technological history.
The history people such as Geohot and other big names on XDA and the Android rooting community have built to benefit us all. It may be hopeless but I plan to revive it. Even if I have to from scratch.
I then will go as far as saving files that are important on an offline storage and create an open platform for anyone to access for historical and educational purposes.
[THE PLEA]
I have been begging people all my life.
I had to let go of my ego to survive at a young age. And I am here now. Begging anyone who sees this. Help me out.
You can help support these effort by sharing resources I can use to bring us all the freedom of having End-User control of old devices such as these.
And and even better way to support this cause is helping me amongst this capitalist infrastructure by providing currency in the form of donated funds.
I will start a fundraising account soon but for now YOU HAVE THE OPTION to donate by sending funds to:
HERE
[ONWARD]
All our findings are within the spaces of this thread. I start this journey with:​- A job
- A Windows 10 PC dualbooted with Linux and Linux subsystem
- 1 Droid Razr HD on JB 4.1.2 (xt926) with unlocked BL
- 3 Droid Razr Maxx phones on JB 4.1.2 & KK 4.4.2 (xt907) with locked BL
Issues I've come to find since 2022:​- Most links on XDA before 2017 have been shutdown or replaced.
- Towelroot servers are shutdown due to Geohots employment/Integration with the big Goog. This means Hydrogen is only partially usable.
- Kingroot, Kingoroot, and Sunshine have the most effective exploits, regardless of the invasive integration.
I vow to make the best of this.
I will stand up for my work to never be diminished and for the rights of others to own their own hardware and have software they can rely on to the best of my ability.
ONLY WITH YOUR HELP​
I'm gonna clean up my files and share all the most important ones still available.
I managed to find two custom Roms that work with the KKBL (2014)
Along with working TWRP files for the KKBL & JBBL
I located stock Firmware for JB and KK and decided to leave ICS due to it being outdated. It's sad for me because I liked ICS but I'm not here to preserve the OS. I'm here to preserve the phone, it's firmware, and It's potential.
I'm just about done with prepping this device (xt926) for custom development. For now I will turn my attention to the xt907.
I have started development of my own Rom. My first mission is to create a flexible file manager. My overall goal is to have a Rom that blends into my favorite Holo style and can run a clock widget as good as the circles3D on any Rom and ULBL devices.

Categories

Resources