Related
I'm looking for beta testers for a new App2SD implementation that does not require your MicroSD card to be partitioned which is potentially unsafe and can result in a loss of your data. If you'd like to test this new implementation before it's release here on XDA shoot me an email at [email protected] with what firmware and version you're using.
More information will be released after I get a few positive beta tests out of the way.
loopback device, eh?
I tried that a while back but never could get the loopback driver to load early enough in the boot process reliably.
Hope you have better luck than I did.
As [email protected] pointed out to me a while ago, this is not a good idea for security reasons. If your loopback file sits on the FAT partition, it is accessible by all of the apps, it can be read, overwritten and deleted by a rogue app bypassing the entire android security model. If this is what you intend to do, it's probably not "safer".
Hey, shot you an email. Ready to try it out. But only for beta.
Hit me up, I have no apps to lose.
But security? Idk just let me know whats up.
what happens when you mount the SD card to your computer?
I'd like to try it, but i don't yet have a class6 sd card. Is that necessary?
i'd be willing to give this a shot. I have no data to lose as well.
southsko said:
what happens when you mount the SD card to your computer?
Click to expand...
Click to collapse
That's true. Won't all your apps disappear when you mount the SD?
This smells fishy not many app developers with 1 post can this be someone testing their new exploit/virus?No offense to original poster im just sayin....???
Edit:Sorry to OP clearly not a virus,and good luck on getting it stable I will gladly donate to your cause partitioning is a pain!
don't be a jackass, many people have had great ideas and decided to come to XDA to share them. just because you are a complete idiot who can't program does not mean that the OP is too.
@@OP
you are playing with fire my dear friend. i don't think that mounting your apps on the FAT32 partition is a good idea at all. not only because it would allow any program to access and write without asking android permission first, but because it would allow people to mount the SDcard and steal paid apps even easier. i beg of you please rethink your idea
I imagine the phone would be crashing when the phone is mounted to the computer. lol. just kidding. =]
tubaking182 said:
don't be a jackass, many people have had great ideas and decided to come to XDA to share them. just because you are a complete idiot who can't program does not mean that the OP is too.
Click to expand...
Click to collapse
WTF?Just came back to edit my post and put that its for real cause like I should have done first I found this http://noderat.com/loop2sd/.But as for your insults who the hell are you?How the f**k do you know what I can or can not do?I was posting in the first place to start trying be more active in the forums no reason for you to be a **** anyways,I was tryin to help people not get what I thought may have been a virus was that really that bad?
i'm not sure that is 100% true. when i mount my phone(apps2sd) my phone decides to mount the ext2 partion and the FAT32 partition, i am using ubuntu so my computer is able to read the partition, but my phone doesn't crash(i've yet to try running an app while mounted though)
Android can acces the sdcard while mounted.
Try terminal emulator.
crotalusfreak said:
This smells fishy not many app developers with 1 post can this be someone testing their new exploit/virus?No offense to original poster im just sayin....???
Click to expand...
Click to collapse
Well, take it from someone who has many posts and 15 years of unix experience, it is a bad idea.
Most of the devs here had this same idea, but as I mention in my previous post, this is opening yourself up to many bad security issues. To all those who answer, "I have no data to lose", that's fine as a beta tester. But what's the point in beta testing something that cannot be safely used by anyone who does have data (or apps) to lose?
I should point out to those who perhaps do not realize some the consequences of my original post, that it is not just a potential data loss problem, but a potential arbitrary code execution vulnerability. If an application manages to replace the loopback file with a new loopback file, it could inject altered common applications. If this succeeds, it means that previously trusted applications which have been granted privileges (or root using the various su apps) at install time, could be replaced with trojan versions which can have complete control over your system... steal your passwords... reflash your bootloader and literally install a permanent trojan... brick your phone... <insert other scary things besides data loss here>.
It's your phone, do what you want. I just figured that I would re-post that this not a new idea, but one that has been rejected by those of us with unix experience who realize the consequences. If you are just messing around, go ahead, it's not likely to hurt your phone. But, as a general method to build upon and be depended on, this should not have a future. If this becomes common practice, it is highly likely that exploits will be written to take advantage of this vulnerability.
So, if you are asking yourself if something is fishy, yes something is: it's a logical idea which seems great on the surface, but it has an unfortunate flaw.
Note: I am not suggesting malicious intent on the OP's part, just that they may not have thought of the consequences of suggesting this as a common method to do apps2sd. And if the OP (or someone else) is able to point out a method to avoid the things I warn against I will happily retract my statements (if I agree that this method would indeed work) since this method has some obvious benefits. However sadly, I think that is highly unlikely.
maxisma said:
Android can acces the sdcard while mounted.
Try terminal emulator.
Click to expand...
Click to collapse
No it can't. It can only access the empty mountpoint.
If you want to do this, there IS a way to make it work SAFELY....
Find the functions that control sdcard mounting and unmounting and FIX it so that it will mount an ext2 first partition. Then forget about the whole loopback thing as thats not going to do anyone any good... If you do it like this, then unionfs it, then unmounting the sdcard should safely vanish the apps that are stored on the card (leaving the internally stored apps), might crash the launcher, but that'll restart immediately and won't even error out.
A second step in the right direction would be to find the place where programs are detected from, which currently looks in /data/app, /data/app-private, /system/app, so it can clearly handle loading software from multiple locations -- add in a new path. Or maybe link app-private to /sdcard... A little more challenging would be to allow it look in multiple locations for thing that are ALL currently in /data/data and /data/dalvik-cache.
And then when its done, submit a patch for the source.
Wow what a response. Here's a few key bulletpoints:
I'm not a forum poster, not the kinda person for it but I have been on XDA Dream since I got my pre-launch G1 as a CSR.
There are potential security flaws with the current ext2 method of a2sd, and bypassing root to mount the ext2 partition is possible.
a2sd is not stable in any format, so it's a use at your own risk until android improves kinda deal.
I'm not cool enough to write a virus, but thank you for the ego boost
Anybody using a third-party firmware is not safe nor secure. If you're reading this forum you're not safe nor secure. The idea of homebrew roms is to add extra features that are not in Android to begin with and with that comes security risks. No ROM is ever perfect but I'd trust a Google or T-Mobile rom with my security before any homebrew-anything.So yes it's use at your own risk
This has the same results for mounting on a PC as MarcusMaximus's a2sd.sh
This doesn't really make it any easier to steal paid apps, it's always been easy and always will be but this doesn't change it.
If you guys have other questions shoot me an email, like I said I don't really do much forum-posting (never had much of anything to say, maybe this'll change all that)
[email protected]
JakeEv said:
I'd like to try it, but i don't yet have a class6 sd card. Is that necessary?
Click to expand...
Click to collapse
The faster the better but I've done it with the stock card that came in the G1 as well as a Class 6.
id try it since i can not get apps2sd to work.
[email protected]
using JF 1.51
I am working on a mobile application that is subject to certain regulatory requirements. Because of this, I'm a required to detect on start-up of my application if there is any possibility that the phone has been rooted. If so, I must completely disable the application and not allow it to start up at all.
I've seen many methods to detect a rooted phone, however none seems very definitive especially if you were trying to hide that you had rooted it.
I do have the ability to store the approved devices (and possibly associated IDs) in some external database and retrieve it at application startup.
Are there any systems properties that can't be "spoofed" with a rooted device or possibly some other method to definitively determine if a device has been rooted that are at least nearly "unhackable"?
As I understand it, the semi-definitive definition of a rooted phone is one with su.exe available. But, this would be very easy to hack.
The closest I can think of would be to calculate the md5sum of files in /system. Perhaps the md5sum of *all* files in /system or the md5sum of the whole filesystem. Then, compare this to a list of known-good values for the OS version and device.
This would require all "official" versions of the OS for *all* supported devices to be pre-calculated and stored somewhere. And further require that the storage of those values couldn't be faked. If they were on the phone, they could be swapped-out by a malicious user.
This could still be hacked, but it would be a whole level of magnitude harder than most approaches.
To be honest, such a requirement sounds like an app who's security needs are high enough that you might not want to allow it to be installed on generic hardware.
Would you have a similar requirement if the app were deployed on Windows? I don't think it's a solvable problem there at all.
Actually you're suggestion is probably very sound. Because of the regulatory concerns, we have to know exactly what devices we're supporting and we can store the MD5 sums on a server or actually we could store it inside our application and MD5 sum that as well (that would pretty much ensure they couldn't change it). Even if it was possible to install the app on a new device, we need to make sure it's approved.
Do you have any idea how we could run an MD5 sum on a non-rooted Android device on the /system folder programmatically?
We're not planning on supporting any Windows devices at any point in the near future, so that's not really a concern.
I haven't had a non-rooted Android phone since a couple days after buying my G1. But, I suspect the md5sum executable is there. Although, for your need, you would need to verify that the md5sum executable itself was unmodified.
You could probably use dd to stream the raw filesystem through md5sum. It's been too long since I played around at that level to give you detailed directions. I'd look into dd and md5sum via google.
Like I said, you'd still need to confirm those two executables were unmodified. Maybe do one of a: bundle your own copy of them or b: implement the md5sum algorithm in your app.
I cracked the img format for Garminfones... started out by looking at the format of the file and it turns out the only difference is the loader addresses.
Took the stock recovery and disabled security, which worked. Then modified the boot.img to disable security and had the filesystems mount rw by default and flashed it to the recovery partition. Booted into recovery mode and viola... security disabled. Now it is time to flash it to the boot partition and cross fingers.
Now I just need to figure out how to compile a working recovery mode... preferrably one that can be activated by keypress. Not sure how to do that part. I can only get to recovery and bootloader mode after booting into the os.
I should have a working mkbooting soon so I don't have to hex edit the generated img files.
Well done!
I look forward to any progress reports that you make.
Are you using the official or leaked version of the 2.1 Eclair?
The official and leaked versions are equal.
And I did find out that we do have fastboot It's the blue screen that you get when you hold UP+POWER, or do adb reboot bootloader... two different messages on the screen. I can get fastboot to accept a reboot-bootloader command, but I'm having some issues actually getting any information out of it or flashing something like a boot image.
To get it to respond, you do:
fastboot -i 0x091E <command>
the -i makes it specify the Vendor ID, since fastboot only accepts a few vendors by default.
I also found out that I don't have to rebuild the mkbootimg program... if you add --base 0x1AC00000, then the load addresses match up in the resulting img file.
If someone is willing to host it, I can share the modified boot.img that sets ro.secure=0 and mounts the filesystems RW by default.
Hey, just joined to reply to this thread. Is it possible for you to upload to a file-sharing site such as megaupload, fileserve, etc.
I'm just getting into this whole rooting/modifying stuff. I used z4root to root my A50 and have installed superuser. I have deleted some of the carrier .apks but am thinking I should have made a back-up before doing so. I also bought setcpu from the market before finding out the Qualcomm chip does not allow overclocking.
Can I ask what the point of modifying the boot image is? Is this the first step in being able to install custom roms to the phone?
Anyway, appreciate the effort you guys have put in to modifying the phone.
You get a higher level of access, along with things like being able to customize parts of the phone, in my case enabling read/write by default. I also am planning on playing a bit, like remapping partitions... the instructions are in the init.rc file.
Always take a dump_image (or remount all mtd partitions as read only and just use cat to dump the mtd partitions). Also tar up each of the root folders (and files) in case you need quick access to any files you may have deleted. If you need a system app back and you don't have a backup, you have to reflash 2.1 again. Very important... if you care about the Garmin map software, make sure to get the /storage folder, including the one in it named .System... you can recover the maps, vehicles, etc by using two different Garmin web update windows programs-- one for the system stuff and one for the maps. Better safe than sorry.
any news on this
What would we need to be able to overclock?
I spent a good portion of the day yesterday rooting and installing CyanogenMod on my fiance's MyTouch Slide, and I have to say, it was amazing. It's a lot more than just a throwing around some custom default apps, cleaning up bloatware, even adding some kernel modules... I can do all of that on my rooted Garminfone just fine. It also had the Android 2.3 base, and it has polish and refinements that just can't be done without a custom built ROM.
I bought my Garminfone on purpose, even knowing that it shipped with Android 1.6, even knowing that the interface was awful, even knowing that the device wasn't going to sell as well as I wished it would. I bought it for it's offline maps, and for it's fantastic GPS. Things have improved since I bought my device... Android 2.1 was released, an improved user interface arrived, I gained root access and was able to clean up some stuff, etc. etc. But none of that prevented me from being jealous yesterday after seeing CyanogenMod. Further, Cyanogen has experience with preserving apps through the process of installing his mod for the first time; He did it when Google first sent him the Cease and Desist letter barring him from packaging CyanogenMod with Google Apps. I'm not sure HOW he did it, and I don't care, but I do think that it's very possible for him to do just that again with our Garmin Maps and the associated apps.
For these reasons, I suggest that we could have our cake, and we could eat it too: Have a modern OS (Based on Android 2.3), have a clean, unified interface, with no bloatware AND our maps... Cyanogen is not known for making his mod for phones he doesnt own. Further, as we all know, ours was possibly the worst selling and least popular android device ever released to market. While I consider myself versed in the ways of Linux, I am not a developer. I run Gentoo, and have the associated skills, and I will contribute in any way I know how, but hacking is not my forte. I can't expect brilliant minds to work for any project for nothing. Therefore, I am putting my money where my mouth is... I'm going to take all the money from my weekly paycheck that I can afford, and I'm going to donate it to that project. It won't be much... I am a starving college kid, after all... but it will be generous within my means. I am also going to post a reference to this thread everywhere I know how... My contribution might be small, but the community might be able to get something together that is mighty.
Visit topic 5864-garminfone on their forums to add your support.
(Edit: They moved my post, I have corrected this with the correct forum topic)
There are a few of these guides around, but I thought to write my own. Hope it will be helpful! I'll keep the most up-to-date version on my site.
Rooting Android: What Is it?
If you've heard about "rooting" your Android phone, and are confused by what exactly it does, or don't understand the instructions you found on an obscure forum or blog post somewhere, this guide might help you make sense of things.
What Is "Root"?
"Root" is the name of the default administrative user in Unix. The user named "root" can do absolutely anything: edit or delete any file, start or stop any system service, and also add, remove or change the privileges of other users, so that they, too, could perform the same operation.
So, user "root" can actually bestow administrative privileges on any Android user, including the default one you use normally on the phone.
When you buy an Android phone, it normally does not let you login as user "root".
What Can User "Root" Do?
Your phone is really a general-purpose hand-held computer. People have written apps for it that can do the things like this:
Turn it into a wireless internet router, connecting to your 3G/4G network on one end, and broadcasting a wifi hotspot on another. You can thus connect your laptop to the internet from anywhere. "Tethering," but without cables!
Lets you overwrite any of the Android system files, customizing it to your heart's content. This lets you customize the built-in fonts, colors, keyboards, etc.
Lets you install newer versions of Android, beyond what your phone's vendor has provided.
Why stop at standard Android? Because Android is an open source operating system, people have been able to modify it to add features far and beyond what Google has put in it, as well as offering better performance in some situations. With administrative privileges, you can just flash an entire new Android ROM to your phone. A very popular one is CynaogenMod, which is based on Android 2.3.
Install various networking servers and clients, such as QuickSSHd to allow logging in to your phone over the internet, or CifsManager, which lets you access Windows shared drives from your phone.
Who knows? People might think of new users for these hand-held computers, uses that would require full access to all features of the phone.
Why Won't My Phone Normally Let Me Login As "Root"?
First, for reliability -- as far as you're concerned.
Imagine if your phone automatically gave you administrative access. This means that any app you install can do anything it wants to it. Obviously, unacceptable.
An alternate solution is available in newer versions of Windows and other desktop operating systems, which require you to enter a special administrative password whenever a program is trying to access secure parts of your computer. This is annoying enough on a desktop computer: on a phone, it would again be unacceptable.
So, it makes sense -- for your sake -- to disallow any administrative privileges.
Second, for reliability -- as far the phone vendor is concerned.
A smartphone, unlike a PC, is an expensive consumer device with an explicit support contract. People normally and frequently return phones to the shop if they stop working properly, or call customer support to get assistance. There's a huge cost for the vendor to maintain this support network.
Think for a minute what would happen if any phone user could login as "root" and delete any system file: you would have broken phones everywhere, frustrated consumers, and clogged support networks. Indeed, "rooting" a phone pretty much voids your warranty as far the vendor is concerned.
I Understand the Risks and Am Willing to Void the Warranty, So Why Can't I Login As "Root"? It's My Phone!
Even if logging in as "root" were an advanced feature, hidden away somewhere in the menus with thousands of warnings about possible dangers, you can bet that many non-advanced users would find it. When their phone breaks, you bet they will be angry, and will not care that the warnings were there. As far as they would be concerned, this "root" thing is a feature of their phone, and if it can break the phone then it shouldn't even be there.
And there's a third party who has a business interest in denying you "root": the telecommunication carriers. Their business model is designed around typical consumer uses of the phone, and they do not want it to be too powerful. For example, a "rooted" phone can let you tether it to a laptop, so that your laptop gets its internet access. But, carriers typically sell special "laptop sticks" for that purpose specifically, and these usually are more expensive than phone plans, because they take into account the much heavier bandwidth that laptop users tend to use. If everybody could "root" their phone and tether it, this product -- and source of revenue -- would be irrelevant.
So, Phones Don't Come with a "Root" User?
Android is based on the Linux operating system, which requires the "root" user to function. It's there. However, the vendor has tried to hide all the normal ways to access it. The "root" user is there, it's just "locked."
What Is "Rooting"?
In the context of Android phone, rooting means more than just letting you log in as the "root" user: it means installing a set of tools so that any of your programs can access "root" when then need to and you allow them.
The result is that "rooted" phone works just like Windows, in that it will ask you for permission (but not a password) whenever an app is trying to get administrative privileges.
Fortunately, once you gain access to the "root" user, it's very easily to install a set of standard apps that let you implement this feature, specifically the Superuser app.
How Do I Root My Phone?
Nothing in software can be truly locked down, and hackers have found ways to get "root" access on any Android phone on the market. There are quite a few holes.
But, these methods vary a lot and are different per phone. It's easier on some phones than others. It's often risky, too, because a misstep could potentially "brick" your phone -- making it so that you cannot boot into Android. "Unbricking" is possible in some cases, but not in others. Take care!
Search the internet, and you will likely find various blog and forums posts with instructions for rooting your particular phone model.
This is not a guide for rooting your particular phone model. Instead, it is a general description of what rooting is and how it works. It can help you understand the rooting instructions you find.
Any Downsides?
Well, first of all, there is the risk of bricking your phone. You might want to make sure that someone you know with the same model phone as you have has used the method before. Or, read about it in the internet forums, and make sure that lots of other people have used this method successfully.
Also, you may void your warranty: of course, this would only happen if customer support looks closely at your phone and notices that it has been rooted. It's a good idea to look at these rooting guides to see if there is an easy way to un-root the phone, or at least return it to factory settings.
Finally, there's the issue of "firmware updates" coming from your carrier. Sometimes they will work fine with rooted phones (as long as custom Android ROM has not been installed on them), but depending on the rooting method it may mean that won't work fine anymore. "Not working fine" can mean that the upgrades simply won't run, but it can also mean that the upgrades would fail terribly and brick your phone. Generally, if you have rooted your phone and are getting an "Update Available, Do you want to download?" message from your carrier, don't just say "yes," instead check the forums to see the experience of other people with rooted phones with this update. Generally this problem seems rare, a result of a very poor upgrade package from the vendor -- the usual case is that the upgrade simply won't work.
Don't worry too much: with a rooted phone (and a good Recovery program, see below) you will likely be able to install the upgrade yourself, and possibly better upgrades to more advanced versions of Android than your vendor provides.
How Rooting Works
First, let's understand how the locking down happens.
Your phone actually has more than just Android installed on it. There are, at minimum, three and usually four "partitions" in which entirely different programs are installed. Android is just one of them.
The Boot Loader
The first partition has the boot loader, the very first program see when you turn on the phone normally. The boot loader's main job is simply to boot other partitions, and by default it just boots the Android partition, commonly called the ROM (described below). So, you don't really see the boot loader for very long.
However, all phones allow for a special way of turning them on -- for example, holding the volume up button while pressing the power on button -- that shows the boot loader menu.
When you're there, you can actually choose if you want to boot into the Android partition, or you can boot into the Recovery partition (described in detail below).
The interesting thing about the boot loader is that it is very, very simple. It has no mechanism for users and privileges. One way to look at it is that it always is "root," and in fact can't be anything else.
Sounds like a good place from which to unlock your phone! Unfortunately, most boot loaders are too simple.
One exception is the boot loader found in Google's Nexus phones, and in a few other developer-friendly phones. These boot loaders can actually communicate with a PC over USB, and support writing data to partitions ("flashing" them), as well as booting from them. With this feature, you can flash an unlocked Android ROM to the Android partition, and you're done! Well, the challenge is just to find such a ROM that works well with your phone...
Most phones don't have such a flexible boot loader. However, getting into the boot loader menu is important, because it lets you boot into the Recovery partition, detailed next.
The Recovery Partition
As its name can tell you, this partition is mostly for customer support: the Recovery program can be used to return the Android partition to its factory settings, which can solve a lot of problems with faulty phones, or phones that were infected by bad apps. It can also format the SD card partition.
Some Recovery programs can also install special phone upgrades from the SD card, that write directly to ("flash") the Android ROM partition. Obviously, free access for anyone would allow rooting, so vendors make sure that Recovery would only accept official upgrades. But, one way to root a phone would be for hackers to find a way to create such an "upgrade" that the Recovery program would accept.
There's quite a lot of variation in Recovery programs out there: every vendor has their own idea of which recovery features would be useful for their customer support team. Boot into yours and take a look! It's harmless, unless you actually choose one of the recovery options...
Like the boot loader, the Recovery program is always in "root". A hacked Recovery program could let you flash an unlocked Android ROM, or run any "upgrade" you like. So, in addition to just "recovering" an unusable phone, it can help you "recover" the "root" user that has been locked from you!
A good Recovery program is very useful for customizing your phone, beyond just rooting it. By far the most popular Recovery program is Clockwork Recovery, also called ClockworkMod.
Some rooting methods begin by finding a way to flash ClockworkMod to your Recovery partition, from which you can then run an "upgrade" that roots your phone. Other rooting method find another way in, but still recommend you flash ClockwordMod as soon as possible, because it's just so useful for customizers.
You will not find a homepage or an "official" way to download ClockwordMod: carriers obviously do not want you get have easy access to it. But, search around, and you will find one appropriate for your phone. The ROM Manager app can also flash it for you, assuming you are already rooted.
The SD Card
This is another partition, entirely for you. It is not protected in any way, and you have full access to reading and writing files on it.
For many phones, this partition does not exist unless you physically install an SD card. Some phones have a built-in SD card.
The Android ROM
Finally, the most important partition on your phone! When the boot loader starts the Linux operating system (the "kernel") that sits underneath Android, one of the first subsystems to come up is the security system. From then on, the "root" user will be used to start various user-level subsystems required for the phone to function.
Eventually, the default user will be started, and that will be used to run your apps: the status and notification bar that appears on the top of the screen, the settings manager, the virtual keyboards, etc. Finally you get the home launcher, from which you can launch all the other apps on your phone. None of these programs run as "root", so you are effectively locked from administrative privileges.
The Linux operating system can set security permissions per file. So, indeed large parts of this partition are restricted to be read-only by any user except "root". So, if you boot into Android, none of the apps you run will be able to change these system files. The rest of the partition is readable-and-writeable, and generally functions just like the SD card partition, though it's usually much smaller.
Of course, if you boot into Recovery instead, you will be able to write to these files, because you are "root" there. That's why ClockworkMod is so useful for rooting your phone!
Most Android apps run on yet another layer, a virtual machine called Dalvik, which is a heavily modified version of the Java virtual machine found on previous generations of cell phones, as well as on desktop computers, servers, and many other devices. Definitely, everything you install from an app store will run on Dalvik. Dalvik is a tightly controlled environment in which privileges are carefully controlled per program, beyond what the Linux operating system provides. Not only do apps not have administrative access to the phone, but they can be limited in access to wifi, cellular access, and your data.
Except... that Android does provide a way for apps to request administrative privileges. In locked phones, this is automatically and silently denied. However, the Superuser app can hook into these requests and let any app switch to the "root" user, from which they have full administrative access. A friendly dialog box will pop up, asking you if you want to give the app full permissions. Say yes, and there you go!
A phone in which the Superuser app is running properly is rooted.
Summary: Rooting Methods
The rooting instructions you find will likely be one of these, or a combination of these steps:
Phones with boot loaders that can be unlocked (such as Google's Nexus) will let you flash other partitions. You can flash a whole Android ROM that is already rooted, such as CynaogenMod, and you're done! Or, if you don't want to replace your entire Android ROM, you can flash ClockworkMod into the Recovery partition, and move from there to the next method.
Some rooting methods start with a hacked way to flash ClockworkMod into the Recovery partition. With ClockworkMod, you can run your own special "upgrade" from the SD card. This "upgrade" will vary a lot per phone model, but at the minimum it will involve installing the Superuser app. For some phones, it will modify a few Linux configuration settings to make sure that Superuser app can login as "root." Other, more heavily locked-down phone models might require replacing certain locked parts of Linux and the Android system, sometimes much of the Linux "kernel" itself.
Other rooting methods use the phone's existing Recovery program, but the hackers found a way to create an "upgrade" that can fool the Recovery program into believing it's official. From there on, it's identical to the previous step.
Some rooting methods start straight from Android. Hackers found a way to login as root while Android is running. Of course, logging in as root is not the same rooting, but once you are logged in as root you can run a similar "upgrade" as is used in the previous steps.
Need More Help?
Don't ask me, please! Seriously, I spent a lot of time writing this long article specifically so I would not have to keep answering questions about the process. There are many internet forums and bloggers that welcome questions from noobs. I've generally found the Android hacker community to be extremely generous and welcoming.
Happy rooting!
Nice - but clarification requested
I like the article as it answers some questions.
One thing I'm curious about - you seem to use the terms Recovery Partition and Recovery Program interchangeably. Is that your intent? I'm not trying to split hairs - I just want to understand. I would have expected booting into the recovery partition loads the recovery program.
Also, you talk about how vendors choose features of their recovery program. CWM is then a replacement for the vendor supplied recovery program, correct? If you root then install CWM, are you in effect replacing the recovery program after rooting (as opposed to forcing CWM to overwrite the existing recovery program via flash)?
Thx
Thanks!
A very useful guide for android beginners like me!
Sorry for the bump . This post deserves a thanks and a bump
Thanks! A very useful guide for beginner. I've forwarded this to my colleague who just switched from Windows to Android phone.
Much appreciation!
Thank you so much. I have just purchased a rooted phone & have a ton of questions. Have spent hours here tonight searching for basic info. Finally found this & it really helped this total "noob".
Thank you again.
thanks (very2 usefull) from iphone4 user
Good work..
Sent from my Galaxy Mini using xda-premium
Thanks. It helped very much
how to root sony xperia u
How to root sony xperia U..?
please give me detailed and simple procedure to follow...
i would also happy to know should i have pc drivers to run this rooting process..?
thanks
Thx for taking the time to write the article helped me understand a lot of things
Good day,
I am new to the forum so please forgive me if this is not the right place to ask.
I have been reading through some of the threads on the forum and is curious to know if there is a way to load custom kernel libraries or device drivers onto the phone.
If there is a way, is there a correct procedure? For example to load a custom device driver / kernel library, do I also have to have an entry in the registry? Does the dll file have to be in /Windows?
Thanks in advance.
Good questions. There's been only a little research on this so far. I can tell you waht I've found, though:
For a stock ROM, nobody has managed it yet, but it might be possible. You'll need to have your DLL signed, and the certificate added to the Code Integrity store on the phone (just mailing yourself the .cer is insufficient! That will put it in the wrong store). You'll probalby want the DLL to be in \Windows, although I'm not sure it's needed. You almost certainly will need to add registry entries; the current drivers seem to have them.
Good day,
thanks for your reply. And thanks for all the good research you have done.
So at the moment, the software approach is not working but for custom roms, is it possible to include custom device drivers / kernel libraries in them?
Thank you.
mousefish321 said:
Good day,
thanks for your reply. And thanks for all the good research you have done.
So at the moment, the software approach is not working but for custom roms, is it possible to include custom device drivers / kernel libraries in them?
Thank you.
Click to expand...
Click to collapse
Well, it's possible. The HD2 Multitouch driver is an example that its somehow possible. Should be the same for the other devices (espacially HTC first gens)...
But don't know what you're getting at? Why would you need a custom driver?
Good day,
well, I just think that having a driver that acts like HTCUtility would make things convenient.
As for file operations, besides the application that Heathcliff has created (WP7RootTool), are there other applications that can do write operations to the /Windows folder?
What are the things that needs to be done before we can write to that folder?
Thank you.
Any app with Elevated or TCB privileges can write to \Windows, I think. Using HtcRoot project or WP7 Root Tools works (both elevate apps to TCB permissions, though using different methods). Also, using an OEM driver, such as HtcProvisionDrv or HtcFileUtility, works (although those two particular drivers were crippled in the 4.x firmware).
Good day,
thanks for the information. I tried the HtcRoot tool and it works. Thanks for the tool and the source that allows me to know how it works.
Can I assume that I would be able to have write access to the Certificate and Code Integrity store also?
I am also curious as to the workings of HTCFileUtility. A quick search on this turns up little information on its workings.
Furthermore, is there a guide to inserting custom certificates to the root Certificate and Code Integrity store? I have tried downloading the Certificates.zip file in http://forum.xda-developers.com/showthread.php?t=1236027 and test rom files in http://forum.xda-developers.com/showthread.php?t=1248799 hoping that they will shed some light but is unable to download them.
Any help is appreciated. Thank you.
Yes, installing your own cert into Code Integrity is possible (in several ways, actually, but I did it using HtcRoot just as an exercise). The certificates are actually stored in the registry, so any tool that can write to HKLM can add them. I believe that WP7 Root Tools will also let you choose the store for adding a certificate if you "open" the cert from the Root Tools filebrowser.
Although I don't know exactly how HtcFileUtility works, here's the basics. It's a software driver that exposes an interface - probably an IOCTL - which apps can use to perform filesystem operations. Since it runs with TCB permissions (it's probably kernel mode, though I haven't actually checked, but it's definitely in TCB) it can perform any operation that the filesystem supports. Of course, that doesn't mean that it exposes all those operations through the IOCTL... but it exposes enough of them for a pretty solid filebrowser implementation (that's how TouchXplorer and Advanced Explorer worked, although they used an OEM COM DLL that called into the driver rather than doing the IOCTL themselves).
The new version of it has very limited operations permitted; it will only list files in a few folders and so forth. It does still "work" within those limitations - Connection Setup, for example, uses it to check the folder that we use for interop-unlock on HTC - but it isn't useful for a general-purpose browser anymore.
It would be great to even figure out how to roll back the OEM drivers to earlier versions. For example, I've got WP7 Root Tools installed on my HD7, but I don't want to install HTC updates because they'll break my drivers such that if something ever goes wrong I won't be able to re-install Root Tools, or if a new hack is found (or developed; I'm working on some stuff with HtcRoot still) I won't be able to run it on my phone. Being able to use the advantages of the new firmware (Internet Sharing, compass in managed apps, hopefully an end to the damn music player freezing between songs...) while still having hackable OEM drivers would be reallllly nice...
Good day,
thanks for the information.
I noticed in the HTCRoot project thread where you mentioned that "It is not a true handle (no handle table, no handle data) but everything that checks for tokens also checks for this const value, and appears to pretty much skip all remaining permissions checks if it finds it".
Would you mind sharing some of the function names so that I could take a look at the code where the checking occurs?
Thanks.