Related
There are a few of these guides around, but I thought to write my own. Hope it will be helpful! I'll keep the most up-to-date version on my site.
Rooting Android: What Is it?
If you've heard about "rooting" your Android phone, and are confused by what exactly it does, or don't understand the instructions you found on an obscure forum or blog post somewhere, this guide might help you make sense of things.
What Is "Root"?
"Root" is the name of the default administrative user in Unix. The user named "root" can do absolutely anything: edit or delete any file, start or stop any system service, and also add, remove or change the privileges of other users, so that they, too, could perform the same operation.
So, user "root" can actually bestow administrative privileges on any Android user, including the default one you use normally on the phone.
When you buy an Android phone, it normally does not let you login as user "root".
What Can User "Root" Do?
Your phone is really a general-purpose hand-held computer. People have written apps for it that can do the things like this:
Turn it into a wireless internet router, connecting to your 3G/4G network on one end, and broadcasting a wifi hotspot on another. You can thus connect your laptop to the internet from anywhere. "Tethering," but without cables!
Lets you overwrite any of the Android system files, customizing it to your heart's content. This lets you customize the built-in fonts, colors, keyboards, etc.
Lets you install newer versions of Android, beyond what your phone's vendor has provided.
Why stop at standard Android? Because Android is an open source operating system, people have been able to modify it to add features far and beyond what Google has put in it, as well as offering better performance in some situations. With administrative privileges, you can just flash an entire new Android ROM to your phone. A very popular one is CynaogenMod, which is based on Android 2.3.
Install various networking servers and clients, such as QuickSSHd to allow logging in to your phone over the internet, or CifsManager, which lets you access Windows shared drives from your phone.
Who knows? People might think of new users for these hand-held computers, uses that would require full access to all features of the phone.
Why Won't My Phone Normally Let Me Login As "Root"?
First, for reliability -- as far as you're concerned.
Imagine if your phone automatically gave you administrative access. This means that any app you install can do anything it wants to it. Obviously, unacceptable.
An alternate solution is available in newer versions of Windows and other desktop operating systems, which require you to enter a special administrative password whenever a program is trying to access secure parts of your computer. This is annoying enough on a desktop computer: on a phone, it would again be unacceptable.
So, it makes sense -- for your sake -- to disallow any administrative privileges.
Second, for reliability -- as far the phone vendor is concerned.
A smartphone, unlike a PC, is an expensive consumer device with an explicit support contract. People normally and frequently return phones to the shop if they stop working properly, or call customer support to get assistance. There's a huge cost for the vendor to maintain this support network.
Think for a minute what would happen if any phone user could login as "root" and delete any system file: you would have broken phones everywhere, frustrated consumers, and clogged support networks. Indeed, "rooting" a phone pretty much voids your warranty as far the vendor is concerned.
I Understand the Risks and Am Willing to Void the Warranty, So Why Can't I Login As "Root"? It's My Phone!
Even if logging in as "root" were an advanced feature, hidden away somewhere in the menus with thousands of warnings about possible dangers, you can bet that many non-advanced users would find it. When their phone breaks, you bet they will be angry, and will not care that the warnings were there. As far as they would be concerned, this "root" thing is a feature of their phone, and if it can break the phone then it shouldn't even be there.
And there's a third party who has a business interest in denying you "root": the telecommunication carriers. Their business model is designed around typical consumer uses of the phone, and they do not want it to be too powerful. For example, a "rooted" phone can let you tether it to a laptop, so that your laptop gets its internet access. But, carriers typically sell special "laptop sticks" for that purpose specifically, and these usually are more expensive than phone plans, because they take into account the much heavier bandwidth that laptop users tend to use. If everybody could "root" their phone and tether it, this product -- and source of revenue -- would be irrelevant.
So, Phones Don't Come with a "Root" User?
Android is based on the Linux operating system, which requires the "root" user to function. It's there. However, the vendor has tried to hide all the normal ways to access it. The "root" user is there, it's just "locked."
What Is "Rooting"?
In the context of Android phone, rooting means more than just letting you log in as the "root" user: it means installing a set of tools so that any of your programs can access "root" when then need to and you allow them.
The result is that "rooted" phone works just like Windows, in that it will ask you for permission (but not a password) whenever an app is trying to get administrative privileges.
Fortunately, once you gain access to the "root" user, it's very easily to install a set of standard apps that let you implement this feature, specifically the Superuser app.
How Do I Root My Phone?
Nothing in software can be truly locked down, and hackers have found ways to get "root" access on any Android phone on the market. There are quite a few holes.
But, these methods vary a lot and are different per phone. It's easier on some phones than others. It's often risky, too, because a misstep could potentially "brick" your phone -- making it so that you cannot boot into Android. "Unbricking" is possible in some cases, but not in others. Take care!
Search the internet, and you will likely find various blog and forums posts with instructions for rooting your particular phone model.
This is not a guide for rooting your particular phone model. Instead, it is a general description of what rooting is and how it works. It can help you understand the rooting instructions you find.
Any Downsides?
Well, first of all, there is the risk of bricking your phone. You might want to make sure that someone you know with the same model phone as you have has used the method before. Or, read about it in the internet forums, and make sure that lots of other people have used this method successfully.
Also, you may void your warranty: of course, this would only happen if customer support looks closely at your phone and notices that it has been rooted. It's a good idea to look at these rooting guides to see if there is an easy way to un-root the phone, or at least return it to factory settings.
Finally, there's the issue of "firmware updates" coming from your carrier. Sometimes they will work fine with rooted phones (as long as custom Android ROM has not been installed on them), but depending on the rooting method it may mean that won't work fine anymore. "Not working fine" can mean that the upgrades simply won't run, but it can also mean that the upgrades would fail terribly and brick your phone. Generally, if you have rooted your phone and are getting an "Update Available, Do you want to download?" message from your carrier, don't just say "yes," instead check the forums to see the experience of other people with rooted phones with this update. Generally this problem seems rare, a result of a very poor upgrade package from the vendor -- the usual case is that the upgrade simply won't work.
Don't worry too much: with a rooted phone (and a good Recovery program, see below) you will likely be able to install the upgrade yourself, and possibly better upgrades to more advanced versions of Android than your vendor provides.
How Rooting Works
First, let's understand how the locking down happens.
Your phone actually has more than just Android installed on it. There are, at minimum, three and usually four "partitions" in which entirely different programs are installed. Android is just one of them.
The Boot Loader
The first partition has the boot loader, the very first program see when you turn on the phone normally. The boot loader's main job is simply to boot other partitions, and by default it just boots the Android partition, commonly called the ROM (described below). So, you don't really see the boot loader for very long.
However, all phones allow for a special way of turning them on -- for example, holding the volume up button while pressing the power on button -- that shows the boot loader menu.
When you're there, you can actually choose if you want to boot into the Android partition, or you can boot into the Recovery partition (described in detail below).
The interesting thing about the boot loader is that it is very, very simple. It has no mechanism for users and privileges. One way to look at it is that it always is "root," and in fact can't be anything else.
Sounds like a good place from which to unlock your phone! Unfortunately, most boot loaders are too simple.
One exception is the boot loader found in Google's Nexus phones, and in a few other developer-friendly phones. These boot loaders can actually communicate with a PC over USB, and support writing data to partitions ("flashing" them), as well as booting from them. With this feature, you can flash an unlocked Android ROM to the Android partition, and you're done! Well, the challenge is just to find such a ROM that works well with your phone...
Most phones don't have such a flexible boot loader. However, getting into the boot loader menu is important, because it lets you boot into the Recovery partition, detailed next.
The Recovery Partition
As its name can tell you, this partition is mostly for customer support: the Recovery program can be used to return the Android partition to its factory settings, which can solve a lot of problems with faulty phones, or phones that were infected by bad apps. It can also format the SD card partition.
Some Recovery programs can also install special phone upgrades from the SD card, that write directly to ("flash") the Android ROM partition. Obviously, free access for anyone would allow rooting, so vendors make sure that Recovery would only accept official upgrades. But, one way to root a phone would be for hackers to find a way to create such an "upgrade" that the Recovery program would accept.
There's quite a lot of variation in Recovery programs out there: every vendor has their own idea of which recovery features would be useful for their customer support team. Boot into yours and take a look! It's harmless, unless you actually choose one of the recovery options...
Like the boot loader, the Recovery program is always in "root". A hacked Recovery program could let you flash an unlocked Android ROM, or run any "upgrade" you like. So, in addition to just "recovering" an unusable phone, it can help you "recover" the "root" user that has been locked from you!
A good Recovery program is very useful for customizing your phone, beyond just rooting it. By far the most popular Recovery program is Clockwork Recovery, also called ClockworkMod.
Some rooting methods begin by finding a way to flash ClockworkMod to your Recovery partition, from which you can then run an "upgrade" that roots your phone. Other rooting method find another way in, but still recommend you flash ClockwordMod as soon as possible, because it's just so useful for customizers.
You will not find a homepage or an "official" way to download ClockwordMod: carriers obviously do not want you get have easy access to it. But, search around, and you will find one appropriate for your phone. The ROM Manager app can also flash it for you, assuming you are already rooted.
The SD Card
This is another partition, entirely for you. It is not protected in any way, and you have full access to reading and writing files on it.
For many phones, this partition does not exist unless you physically install an SD card. Some phones have a built-in SD card.
The Android ROM
Finally, the most important partition on your phone! When the boot loader starts the Linux operating system (the "kernel") that sits underneath Android, one of the first subsystems to come up is the security system. From then on, the "root" user will be used to start various user-level subsystems required for the phone to function.
Eventually, the default user will be started, and that will be used to run your apps: the status and notification bar that appears on the top of the screen, the settings manager, the virtual keyboards, etc. Finally you get the home launcher, from which you can launch all the other apps on your phone. None of these programs run as "root", so you are effectively locked from administrative privileges.
The Linux operating system can set security permissions per file. So, indeed large parts of this partition are restricted to be read-only by any user except "root". So, if you boot into Android, none of the apps you run will be able to change these system files. The rest of the partition is readable-and-writeable, and generally functions just like the SD card partition, though it's usually much smaller.
Of course, if you boot into Recovery instead, you will be able to write to these files, because you are "root" there. That's why ClockworkMod is so useful for rooting your phone!
Most Android apps run on yet another layer, a virtual machine called Dalvik, which is a heavily modified version of the Java virtual machine found on previous generations of cell phones, as well as on desktop computers, servers, and many other devices. Definitely, everything you install from an app store will run on Dalvik. Dalvik is a tightly controlled environment in which privileges are carefully controlled per program, beyond what the Linux operating system provides. Not only do apps not have administrative access to the phone, but they can be limited in access to wifi, cellular access, and your data.
Except... that Android does provide a way for apps to request administrative privileges. In locked phones, this is automatically and silently denied. However, the Superuser app can hook into these requests and let any app switch to the "root" user, from which they have full administrative access. A friendly dialog box will pop up, asking you if you want to give the app full permissions. Say yes, and there you go!
A phone in which the Superuser app is running properly is rooted.
Summary: Rooting Methods
The rooting instructions you find will likely be one of these, or a combination of these steps:
Phones with boot loaders that can be unlocked (such as Google's Nexus) will let you flash other partitions. You can flash a whole Android ROM that is already rooted, such as CynaogenMod, and you're done! Or, if you don't want to replace your entire Android ROM, you can flash ClockworkMod into the Recovery partition, and move from there to the next method.
Some rooting methods start with a hacked way to flash ClockworkMod into the Recovery partition. With ClockworkMod, you can run your own special "upgrade" from the SD card. This "upgrade" will vary a lot per phone model, but at the minimum it will involve installing the Superuser app. For some phones, it will modify a few Linux configuration settings to make sure that Superuser app can login as "root." Other, more heavily locked-down phone models might require replacing certain locked parts of Linux and the Android system, sometimes much of the Linux "kernel" itself.
Other rooting methods use the phone's existing Recovery program, but the hackers found a way to create an "upgrade" that can fool the Recovery program into believing it's official. From there on, it's identical to the previous step.
Some rooting methods start straight from Android. Hackers found a way to login as root while Android is running. Of course, logging in as root is not the same rooting, but once you are logged in as root you can run a similar "upgrade" as is used in the previous steps.
Need More Help?
Don't ask me, please! Seriously, I spent a lot of time writing this long article specifically so I would not have to keep answering questions about the process. There are many internet forums and bloggers that welcome questions from noobs. I've generally found the Android hacker community to be extremely generous and welcoming.
Happy rooting!
Nice - but clarification requested
I like the article as it answers some questions.
One thing I'm curious about - you seem to use the terms Recovery Partition and Recovery Program interchangeably. Is that your intent? I'm not trying to split hairs - I just want to understand. I would have expected booting into the recovery partition loads the recovery program.
Also, you talk about how vendors choose features of their recovery program. CWM is then a replacement for the vendor supplied recovery program, correct? If you root then install CWM, are you in effect replacing the recovery program after rooting (as opposed to forcing CWM to overwrite the existing recovery program via flash)?
Thx
Thanks!
A very useful guide for android beginners like me!
Sorry for the bump . This post deserves a thanks and a bump
Thanks! A very useful guide for beginner. I've forwarded this to my colleague who just switched from Windows to Android phone.
Much appreciation!
Thank you so much. I have just purchased a rooted phone & have a ton of questions. Have spent hours here tonight searching for basic info. Finally found this & it really helped this total "noob".
Thank you again.
thanks (very2 usefull) from iphone4 user
Good work..
Sent from my Galaxy Mini using xda-premium
Thanks. It helped very much
how to root sony xperia u
How to root sony xperia U..?
please give me detailed and simple procedure to follow...
i would also happy to know should i have pc drivers to run this rooting process..?
thanks
Thx for taking the time to write the article helped me understand a lot of things
Hello!
I have a question regarding WhatsApp. Is there a possibility to save WhatsApp conversations/history? Through any homebrew-App?
I searched through Google and XDA, didn't find anything useful, unfortunately.
Thanks in advance.
Greetings,
Crash1k
You need to copy out the Isolated Storage for the app. There are a few tools that can do this, including any filesystem browser (such as WP7 Root Tools). An easy way to get the file(s) from your phone to the PC would be my Root Webserver app; find the App GUID of WhatsApp and go to http://<PHONE_IP>/FileSystem/Applications/Data/<APP_GUID>/Data on the PC while the phone runs the webserver app.
Thanks for your fast answer.
Since I'm pretty new to this homebrew-and-phoneHacking thing I don't have much of a clue how to work with those programs. I have downloaded "HtcRootWebServer_231.zip" and the ".xap" file, but I don't know how to get started. Are there any instructions online, perhaps on your homepage, if you have one?
Thanks again.
Oh boy... okay, I assumed you'd already be familiar with dev-unlock at least, so this is going to be a bit complicated. First of all, what phone do you have? On some phones, you won't even be able to run the app because of restrictions that we don't know how to get past.
The summary:
To install an app to the phone from a XAP file, your phone needs to be developer-unlocked. There are a few ways to do this, including an official one from Microsoft (though that costs money unless you're a student). To deploy the apps, you'll probably want to download the Windows Phone SDK from Microsoft as it has all the tools.
To use high-privilege apps, you'll need your phone to be "interop-unlocked" which you can read about on XDA-Devs. Not all phones can currently be interop-unlocked, though many can.
Once your phone is IUed, install the webserver and also WP7 Root Tools v0.9. Use the Root Tools to mark the Webserver app as "Trusted"; this will give it the permissions it needs (it has its own permission elevation code, but I'm almost sure your phone isn't compatible).
if your phone is unlocked:
install wmdc by ultrashot, then, connect it to wmdc, then browse <YOUR WP NAME>\\Applications\Data\218A0EBB-1585-4C7E-A9EC-054CF4569A79 then copy everything from it
GoodDayToDie said:
Oh boy... okay, I assumed you'd already be familiar with dev-unlock at least, so this is going to be a bit complicated. First of all, what phone do you have? On some phones, you won't even be able to run the app because of restrictions that we don't know how to get past.
The summary:
To install an app to the phone from a XAP file, your phone needs to be developer-unlocked. There are a few ways to do this, including an official one from Microsoft (though that costs money unless you're a student). To deploy the apps, you'll probably want to download the Windows Phone SDK from Microsoft as it has all the tools.
To use high-privilege apps, you'll need your phone to be "interop-unlocked" which you can read about on XDA-Devs. Not all phones can currently be interop-unlocked, though many can.
Once your phone is IUed, install the webserver and also WP7 Root Tools v0.9. Use the Root Tools to mark the Webserver app as "Trusted"; this will give it the permissions it needs (it has its own permission elevation code, but I'm almost sure your phone isn't compatible).
Click to expand...
Click to collapse
Thanks a lot for your help, and I'm sorry you had to write this much. I already know how to deploy .xap's and these things, but I have no clue when it comes to the Webserver and how to find the conversations with that. I'll try this for now. I appreciate your help and effort.
aramadsanar said:
if your phone is unlocked:
install wmdc by ultrashot, then, connect it to wmdc, then browse <YOUR WP NAME>\\Applications\Data\218A0EBB-1585-4C7E-A9EC-054CF4569A79 then copy everything from it
Click to expand...
Click to collapse
Is this the same method as the one GoodDayToDie explained?
Thanks for your answer!
//Edit:
I tried it like you, GoodDayToDie, told me. I downloaded your HtcRootWebServer_231.xap and HtcRootWebServer_231.zip. (even though I have a Samsung Omnia 7 with windowbreak unlock (I think that's interop unlock, don't know for sure though)). Then I deployed the .xap, opened the App in the phone but didn't know what to do with the numbers and text fields (like what kind of Admin name and password I should fill in...). After I gave up on the phone-part, I tried to work with the .zip file, but I don't know what to do next. There are 2 folders, one is called "Homebrew" the other "WebServer", I tried to open the programs which are placed in the subfolders (I opened both with Microsoft Visual Studio Solution) but I only get an error and it won't show anything.
Do you know where the problem is? (aside from my lack of knowledge of course :/ )
Thanks for your help.
Crash1k said:
Thanks a lot for your help, and I'm sorry you had to write this much. I already know how to deploy .xap's and these things, but I have no clue when it comes to the Webserver and how to find the conversations with that. I'll try this for now. I appreciate your help and effort.
Is this the same method as the one GoodDayToDie explained?
Thanks for your answer!
//Edit:
I tried it like you, GoodDayToDie, told me. I downloaded your HtcRootWebServer_231.xap and HtcRootWebServer_231.zip. (even though I have a Samsung Omnia 7 with windowbreak unlock (I think that's interop unlock, don't know for sure though)). Then I deployed the .xap, opened the App in the phone but didn't know what to do with the numbers and text fields (like what kind of Admin name and password I should fill in...). After I gave up on the phone-part, I tried to work with the .zip file, but I don't know what to do next. There are 2 folders, one is called "Homebrew" the other "WebServer", I tried to open the programs which are placed in the subfolders (I opened both with Microsoft Visual Studio Solution) but I only get an error and it won't show anything.
Do you know where the problem is? (aside from my lack of knowledge of course :/ )
Thanks for your help.
Click to expand...
Click to collapse
yes, it goes to one objective, but in a simpler method
Eh, WebServer doesn't require installing anything on the PC, WPDM doesn't (directly) require installing anything on the phone. In both cases, you'll need to have WP7 Root Tools installed.
For WPDM + TouchXperience:
Install Windows Phone Device Manager from TouchXperience.com.
Start Zune and connect your phone.
Start WPDM and wait for it to install the TouchXperience app on the phone.
Open WP7 Root Tools v0.9 and go to the Policy pivot.
Mark TouchXperience as "Trusted" and exit Root Tools.
Open TouchXperience (and WPDM on the PC, if you closed it) and connect them.
Either do what @aramadsanar suggested, or use the Installed Apps feature of WPDM to make a backup.
For Root Webserver:
Install Root Webserver (the XAP; the ZIP file is the source code); you already did this.
Open WP7 Root Tools v0.9 and go to the Policy pivot.
Mark "Webserver (HtcRoot)" as Trusted and close Root Tools.
Connect the phone to WiFi (on the same network as your PC) and launch the webserver app.
Set a username and password you can remember ("admin" and "root" for example, though that's insecure).
On the PC, open a web browser and go to the phone's IP address, then drill down into the FileSystem like I said (aramadsanar gave you the app's GUID).
Download the files from the Isolated Storage to your PC, and save them somewhere.
Thanks a LOT for those great instructions, GoodDayToDie! That's really nice, thanks for your effort.
I tried the WebServer method since I didn't want to install Windows Phone SDK 7.1, but I didn't manage to get into my phone through the browser (by typing the I.P. of the phone, which is listed on the Webserver App, just as you said), that's why I was forced to use the other way. Well, who cares, it worked! I have my messages file, but the next problem shows up. I can open the file with the Editor, but it shows weird symbols and you can't read the messages actually. I tried many other programs but none work. Do you guys know how to open those files? The ending is ".sdf". I google'd it for nearly two hours, couldn't find anything useful.
Thanks for the help so far.
You used the WiFi address of the phone, right? The WWAN (cellular) connection is almost certainly firewalled. For example, on my home network the router usually gives my phone IP address 192.168.0.73 on WiFi, so I type in "http://192.168.0.73" into the browser on my PC. It'll ask for username and password; give it what you put on the phone.
As for the file contents, I can't help there. They might be encrypted, in which case the crypto key is somewhere but might be hard to find. Or they might be compressed, in which case you need to find a decoder for that compression. Either one would produce files that appear to be meaningless binary to a casual glance.
One thing you could try for the compressed file possibility is tell 7-Zip to open the file. It's usually very good at recognizing compressed formats. If it's encrypted, you'll probably need to decompile WhatsApp to figure out how. If WhatsApp is obfuscated, you're going to be in a tough spot.
By the way, I assume you downloaded the messages file directly, rather than using the data backup function of WPDM, right?
Hmm... what do you need these files for? If it's just for backup, what you have is *probably* sufficient, so long as you grabbed *all* the files from the IsolatedStorage.
Yeah, I used the WiFi address which is listed on the WebServer App, and I typed that IP Address just like you said into my browser, with "http://" etc., but it still didn't work. It doesn't even ask me for any password or username.
I don't think they are compressed, because I already tried to open/extract them with 7zip, all I got was an error because of the incompatibility. The other thing is, that when I open the files with the "Editor", I can see my messages there, but there are many many other symbols there, which makes it impossible to read the messages. They are too wide spread and you can't tell which messages belong together etc.
Even though I have no idea how to "decompile" WhatsApp, I won't ask you to tell me, since it sounds pretty complicated. I hope there is another way to solve this problem.
Yes, I simply saved the file on my Desktop, didn't use the BackUp function.
That's right, they're "just" for backup, and I didn't grab just the IsolatedStorage folder, I took the whole "Data" folder, just like aramadsanar told me to.
Thanks again for your fast and detailed answer.
If the wifi address didn't work, either your phone was not on WiFi (did the address start with 169.254.?) or your PC was not on WiFi or even connected to the same WiFi network. You can (in theory; I've never tried) also connect to the phone over wired Ethernet by plugging in the phone to the PC with its USB cable, and running Zune on the PC. That will add an ethernet entry to the phone IP list, but I don't know if it can be used for server ports from the PC.
There are a number of free apps for decompiling managed (.NET) code. The latest version of .NET RAIN, distributed right here on XDA-Devs, can do it, for example. Decompiling turns the intermediate-language binary code in a managed DLL or EXE file into C# or VB.NET or whatever. It's not a perfect reversal; the decompiler has to guess what the original source code looked like, and of course comments are missing. It's good enough to read pretty easily, though.
It sounds like what you have is probably a database file of some kind. There are only a few database formats available for WP7 apps (a few more can be accessed using native code).
1.Does we have any free unlock?
2.Can i edit rom by myself?
3.What program can extract&repack "Boot.img" and "boot.img.cert" ?
4.What program can repack or edit "*.xap" file ?
sorry for my bad English.
1. Custom ROMs come fully-unlocked, meaning that you can run any app, can install an arbitrary number of apps, all apps run with full permissions, and you can run native apps (required for things like Opera or BlueTooth File Transfer). They also come pre-configured with an app that will install XAP files you open in the phone's browser or email attachments (like my XapHandler app, but a built-in native app).
2. Yes, ROMs are very editable. This isn't my area of expertise, but there are plenty of resources for "chefs" (people who "cook up" ROMs) including guides and tool downloads. It's generally recommended to start from an existing custom ROM that is close to what you want.
3. I don't know for sure. It may depend on what kind of phone you're making custom ROMs for (HtcRIE is for HTC phones only, I think?) but I'm sure somebody has posted similar questions before so some searching may tell you what you need to know. As for certs, they're probably in a standard format for a cryptographic certificate (Windows can open them, although usually not edit them; there's a tool that ships with Visual Studio that can create them though).
4. .XAP files are just ZIP archives. You can open and edit and re-pack them with pretty much any tool that understands the ZIP format (I like 7-Zip, but there's many options). Marketplace (or in-ROM) XAPs may have a signature embedded in them too that isn't part of the archive contents, but I'm not sure how that works. A custom ROM probably wouldn't care.
Your English is a lot better than my Thai; you did just fine.
GoodDayToDie said:
1. Custom ROMs come fully-unlocked, meaning that you can run any app, can install an arbitrary number of apps, all apps run with full permissions, and you can run native apps (required for things like Opera or BlueTooth File Transfer). They also come pre-configured with an app that will install XAP files you open in the phone's browser or email attachments (like my XapHandler app, but a built-in native app).
2. Yes, ROMs are very editable. This isn't my area of expertise, but there are plenty of resources for "chefs" (people who "cook up" ROMs) including guides and tool downloads. It's generally recommended to start from an existing custom ROM that is close to what you want.
3. I don't know for sure. It may depend on what kind of phone you're making custom ROMs for (HtcRIE is for HTC phones only, I think?) but I'm sure somebody has posted similar questions before so some searching may tell you what you need to know. As for certs, they're probably in a standard format for a cryptographic certificate (Windows can open them, although usually not edit them; there's a tool that ships with Visual Studio that can create them though).
4. .XAP files are just ZIP archives. You can open and edit and re-pack them with pretty much any tool that understands the ZIP format (I like 7-Zip, but there's many options). Marketplace (or in-ROM) XAPs may have a signature embedded in them too that isn't part of the archive contents, but I'm not sure how that works. A custom ROM probably wouldn't care.
Your English is a lot better than my Thai; you did just fine.
Click to expand...
Click to collapse
OK Thanks.
I have original firmware of lumia 900.
and I extract "RM808_12w08_4_prod_attus.esco" by winrar.
After I extract I got two file name "boot.img" and "boot.img.cert".
I can't find any program can edit them. Dose you have any program to edit them.
Ah... for a Lumia 900, I don't think it's possible to unlock the bootloader right now, so you wouldn't be able to install a modified ROM anyhow. Sorry; I though you were talking about one of the phones that is already supported for custom ROMs.
I don't have a Nokia, nor do I have any experience with hacking on them. There's a lot of buzz around unlocking the Lumia 710 and 800, but so far as I know nobody has managed the 900 yet. You should start with the thread about the unlock for the 800 (it's on the Lumia 800 part of the forum) and maybe see if there's anything similar being worked on for the 900. Also, if that ROM image isn't posted on XDA-Devs yet, I'm sure lots of people in the Lumia forums would like to see it, and some of them will be able to work with you much more than I can.
GoodDayToDie said:
Ah... for a Lumia 900, I don't think it's possible to unlock the bootloader right now, so you wouldn't be able to install a modified ROM anyhow. Sorry; I though you were talking about one of the phones that is already supported for custom ROMs.
I don't have a Nokia, nor do I have any experience with hacking on them. There's a lot of buzz around unlocking the Lumia 710 and 800, but so far as I know nobody has managed the 900 yet. You should start with the thread about the unlock for the 800 (it's on the Lumia 800 part of the forum) and maybe see if there's anything similar being worked on for the 900. Also, if that ROM image isn't posted on XDA-Devs yet, I'm sure lots of people in the Lumia forums would like to see it, and some of them will be able to work with you much more than I can.
Click to expand...
Click to collapse
Ok Thank for answer.
OSBuilder is pretty much the only thing you need to edit/cook ROM's nowadays. It will dump that ROM you have. However since, like GDTD said, the Lumia 900 has a locked bootloader so it will do you no good. The best you can do right now with the 900 is dev unlock your phone.
Good day,
I am new to the forum so please forgive me if this is not the right place to ask.
I have been reading through some of the threads on the forum and is curious to know if there is a way to load custom kernel libraries or device drivers onto the phone.
If there is a way, is there a correct procedure? For example to load a custom device driver / kernel library, do I also have to have an entry in the registry? Does the dll file have to be in /Windows?
Thanks in advance.
Good questions. There's been only a little research on this so far. I can tell you waht I've found, though:
For a stock ROM, nobody has managed it yet, but it might be possible. You'll need to have your DLL signed, and the certificate added to the Code Integrity store on the phone (just mailing yourself the .cer is insufficient! That will put it in the wrong store). You'll probalby want the DLL to be in \Windows, although I'm not sure it's needed. You almost certainly will need to add registry entries; the current drivers seem to have them.
Good day,
thanks for your reply. And thanks for all the good research you have done.
So at the moment, the software approach is not working but for custom roms, is it possible to include custom device drivers / kernel libraries in them?
Thank you.
mousefish321 said:
Good day,
thanks for your reply. And thanks for all the good research you have done.
So at the moment, the software approach is not working but for custom roms, is it possible to include custom device drivers / kernel libraries in them?
Thank you.
Click to expand...
Click to collapse
Well, it's possible. The HD2 Multitouch driver is an example that its somehow possible. Should be the same for the other devices (espacially HTC first gens)...
But don't know what you're getting at? Why would you need a custom driver?
Good day,
well, I just think that having a driver that acts like HTCUtility would make things convenient.
As for file operations, besides the application that Heathcliff has created (WP7RootTool), are there other applications that can do write operations to the /Windows folder?
What are the things that needs to be done before we can write to that folder?
Thank you.
Any app with Elevated or TCB privileges can write to \Windows, I think. Using HtcRoot project or WP7 Root Tools works (both elevate apps to TCB permissions, though using different methods). Also, using an OEM driver, such as HtcProvisionDrv or HtcFileUtility, works (although those two particular drivers were crippled in the 4.x firmware).
Good day,
thanks for the information. I tried the HtcRoot tool and it works. Thanks for the tool and the source that allows me to know how it works.
Can I assume that I would be able to have write access to the Certificate and Code Integrity store also?
I am also curious as to the workings of HTCFileUtility. A quick search on this turns up little information on its workings.
Furthermore, is there a guide to inserting custom certificates to the root Certificate and Code Integrity store? I have tried downloading the Certificates.zip file in http://forum.xda-developers.com/showthread.php?t=1236027 and test rom files in http://forum.xda-developers.com/showthread.php?t=1248799 hoping that they will shed some light but is unable to download them.
Any help is appreciated. Thank you.
Yes, installing your own cert into Code Integrity is possible (in several ways, actually, but I did it using HtcRoot just as an exercise). The certificates are actually stored in the registry, so any tool that can write to HKLM can add them. I believe that WP7 Root Tools will also let you choose the store for adding a certificate if you "open" the cert from the Root Tools filebrowser.
Although I don't know exactly how HtcFileUtility works, here's the basics. It's a software driver that exposes an interface - probably an IOCTL - which apps can use to perform filesystem operations. Since it runs with TCB permissions (it's probably kernel mode, though I haven't actually checked, but it's definitely in TCB) it can perform any operation that the filesystem supports. Of course, that doesn't mean that it exposes all those operations through the IOCTL... but it exposes enough of them for a pretty solid filebrowser implementation (that's how TouchXplorer and Advanced Explorer worked, although they used an OEM COM DLL that called into the driver rather than doing the IOCTL themselves).
The new version of it has very limited operations permitted; it will only list files in a few folders and so forth. It does still "work" within those limitations - Connection Setup, for example, uses it to check the folder that we use for interop-unlock on HTC - but it isn't useful for a general-purpose browser anymore.
It would be great to even figure out how to roll back the OEM drivers to earlier versions. For example, I've got WP7 Root Tools installed on my HD7, but I don't want to install HTC updates because they'll break my drivers such that if something ever goes wrong I won't be able to re-install Root Tools, or if a new hack is found (or developed; I'm working on some stuff with HtcRoot still) I won't be able to run it on my phone. Being able to use the advantages of the new firmware (Internet Sharing, compass in managed apps, hopefully an end to the damn music player freezing between songs...) while still having hackable OEM drivers would be reallllly nice...
Good day,
thanks for the information.
I noticed in the HTCRoot project thread where you mentioned that "It is not a true handle (no handle table, no handle data) but everything that checks for tokens also checks for this const value, and appears to pretty much skip all remaining permissions checks if it finds it".
Would you mind sharing some of the function names so that I could take a look at the code where the checking occurs?
Thanks.
i want to sync pdf files to my phone..i am a medical student..my ebooks are as large as 200-250mb..so i cant email them to myself and redownload..i tried Tappin, remote drive and other apps from marketplace..but nothing seem to work out..please help me..i am not too much into hacking unless its absolutely necessary..now i think its necessary..i read this thread: http://forum.xda-developers.com/showthread.php?t=917423
and came to know that i need to deploy touchXplorer to my device but could not do that without unlocks..
I wanted to know:
1.how to unlock my omnia w with these details:
OS version:7.10.8773.98
Firmware revision number:2424.12.04.3
Hardware revision number:23.15.0.8
Radio software version:0424.12.3.1
Radio hardware version:0.0.0.900
Bootloader version:6.4.25.0
Chip SOC version:0.74.2.1
(I think this much details are enough)
2.If at all I unlock it does it void my warranty??
3.If yes, is there any way to relock my phone so that i can get back my warranty??
4.If at all I brick my phone in the middle of some unlocking process, is there any way to restore it completely to factory defaults??
I read that there are currantly no methods to sync pdfs over usb connection without any unlocks..if i am wrong and if anyone of you know how it can be done, please teach me..i really don't want to go through all these tedious unlocking procedures(unless its necessary)..
Thanks in advance
The easiest way to unlock a Samsung WP7 device is WindowBreak, which is easy, free, and far from tedious... except that your firmware version is too new to use it (you would need to be on *.11.11.04 or earlier, I think... KK4 worked, but KK7 didn't, and your current version definitely won't). If you've had your phone since last year, you could try just restoring to a backup made prior to installing an update on you phone - you'd lose changes to the phone since then, but if it's old enough you'd get WindowBreak-compatible firmware back.
The second easiest way is to use the official developer unlock. This doesn't allow you to install high-privilege apps, though.
However, in your case, I think that neither approach is the right one (and TouchXplorer wouldn't run on your phone anyhow; it's HTC-only. There are other file browsers like WP7 Root Tools that you would use instead). First of all, I'm not at all sure that the PDF Reader app on WP7 can open a 200MB file; that's 40% of the RAM in most of these phones, and I've seen the app chug badly on much smaller files. However, if you're determined to give it a try, here's one option that may work:
First, upload the file to SkyDrive (Microsoft's "cloud" storage). I don't know what the limit on individual file sizes is, but the storage cap is something like 7GB so that should be fine.
Second, install the SkyDrive app on your phone (it's free), or just browse to the SkyDrive site using the phone's browser.
Third, open the PDF. It will take a long time to download (make sure you're on WiFi) but the browser will definitely open it in Adobe Reader directly, and I think the SkyDrive app will too.
Alternatively, upload the file to any other web site that you can, and download it from there using the phone's web browser.
Many PDF ebooks have DRM on them. I can't promise that the Adobe Reader app for WP7 is even capable of opening those, regardless of size...
GoodDayToDie said:
The easiest way to unlock a Samsung WP7 device is WindowBreak, which is easy, free, and far from tedious... except that your firmware version is too new to use it (you would need to be on *.11.11.04 or earlier, I think... KK4 worked, but KK7 didn't, and your current version definitely won't). If you've had your phone since last year, you could try just restoring to a backup made prior to installing an update on you phone - you'd lose changes to the phone since then, but if it's old enough you'd get WindowBreak-compatible firmware back.
The second easiest way is to use the official developer unlock. This doesn't allow you to install high-privilege apps, though.
However, in your case, I think that neither approach is the right one (and TouchXplorer wouldn't run on your phone anyhow; it's HTC-only. There are other file browsers like WP7 Root Tools that you would use instead). First of all, I'm not at all sure that the PDF Reader app on WP7 can open a 200MB file; that's 40% of the RAM in most of these phones, and I've seen the app chug badly on much smaller files. However, if you're determined to give it a try, here's one option that may work:
First, upload the file to SkyDrive (Microsoft's "cloud" storage). I don't know what the limit on individual file sizes is, but the storage cap is something like 7GB so that should be fine.
Second, install the SkyDrive app on your phone (it's free), or just browse to the SkyDrive site using the phone's browser.
Third, open the PDF. It will take a long time to download (make sure you're on WiFi) but the browser will definitely open it in Adobe Reader directly, and I think the SkyDrive app will too.
Alternatively, upload the file to any other web site that you can, and download it from there using the phone's web browser.
Many PDF ebooks have DRM on them. I can't promise that the Adobe Reader app for WP7 is even capable of opening those, regardless of size...
Click to expand...
Click to collapse
i tried to upload to skydrive and redownload it on my phone..but didnt download completely a 140mb pdf..got stuck somewhere at 85 MiB..and good news is that i came to know about http file server..its an awesome 600kb program that i downloaded on my pc..i kept my 150mb pdf(another one) open, ready to upload and tried to download it from my phone..the speeds did hit something like 2055KiB/s which is jawdropping on my slow internet connection..i hardly used to get 100kB/s.found a new way to get files onto my phone..forget mass storage now!!!serve files on http file server to my phone..and uc browser succesfully downloaded a 150mb pdf and a 200mb pdf..but u know these files will be dowloaded to ucbrowser's isolated storage..so adobe reader couldnt access them due to privilege deficiency.i just wanted to share my good experience with u and xda guys...thanks to bruce li, a wp7 app developer from whom i got the knowledge about http file server..
guys take a look at this
http://forum.xda-developers.com/showthread.php?t=919217
this is a file explorer that can set maxunsignedapp value in registry..dev unlocked phone is enough..so if u get a student license somehow, u can sideload it to ur omnia w and set maxunsignedapp value to more than 300..boom u r interop unlocked(cuz thats what heathcliff74 has said in his website http://www.wp7roottools.com/ that if u have maxunsigned app value more than 300 u r interop unlocked)
just try u dev-unlocked omnia-ed dudes!!!
prahladvarda said:
guys take a look at this
http://forum.xda-developers.com/showthread.php?t=919217
this is a file explorer that can set maxunsignedapp value in registry..dev unlocked phone is enough..so if u get a student license somehow, u can sideload it to ur omnia w and set maxunsignedapp value to more than 300..boom u r interop unlocked(cuz thats what heathcliff74 has said in his website http://www.wp7roottools.com/ that if u have maxunsigned app value more than 300 u r interop unlocked)
just try u dev-unlocked omnia-ed dudes!!!
Click to expand...
Click to collapse
except to edit the reg on post mango devices requires interop unlock...