I have about two weeks experience with Android OS and as a software developer I will be interested to know the technical details behind the Android OS.
I have already noticed this is possible to upgrade applications ported with the handset's ROM i.e. the Market app. This raised the question to me why can't I uninstall applications from the ROM without rooting or risking my handset's warranty to achieve this?
Is my expectation as a user of computers for 20 years unreasonable to think in 2010 with all software development and technological advances the uninstall feature should have been in Android OS from day one?
This is not exactly like Google is the first company in the world developed an OS to just the lack of experience with what users would want. From what I have seen so far in world of Android is that, the first thing users would want to know how to root their handset to remove packages that they have no use for.
My guess is that Google doesn't want users removing Systems apps. I'm assuming that they think that these applications are core and thus don't want you removing them. Remove the market, no more apps... or way to get it back etc.
Applications installed by you can be uninstalled, I'm just thinking it is the same as in windows, you can't uninstall the task manager etc (Bad example but meh =P)
Very simple - to prevent lay users from removing critical components.
Can you imagine the service costs involved in reparing devices that that have been damaged by people trying to remove bloatware?
They still give you the option to restore.
OK DISREGUARD THIS AS I MISSED THE PART ABOUT NEEDING TO ROOT!
They can be removed but its not recommended to do so without know EXACTLY what your removing and weather is vital to your phones operating system.
BUT in order to do so your phone needs root access, and root explorer installed. There are several forums on just about all android support sites that explain how to root, install the manager, and which apps/files NOT to remove.
J_HaX said:
They can be removed but its not recommended to do so without know EXACTLY what your removing and weather is vital to your phones operating system.
BUT in order to do so your phone needs root access, and root explorer installed. There are several forums on just about all android support sites that explain how to root, install the manager, and which apps/files NOT to remove.
Click to expand...
Click to collapse
Ye u can remove almost every stock app but this may affect the stability of your phone, modifying your phone always comes with the option restoring it back to default. If something goes wrong with moding (something really hard and extraordinary rare ) u can restore it. Browsing through Xda might solve many questions, we all didn't wanted stock rom (not because it was bad, because we can have s omething better. This community has VERY VERY good developers.
Androids own!!!
One thing I still don't get is...
How can Google upgrade Market app without the su privilage but the rest of the world has to root their phones to remove bloatware such as 'amazon mp3'?
@ftgg99: How much bloatware in Windows cost Microsoft or PC manufacturers? None in fact they get paid to include them with your hardware. However, I see an issue with mobile devices. You have already paid for the ROM storage, the bigger ROM size is the more expensive your handset would be, then the manufacturer uses your already paid ROM to make even more money by installing bloatware. I would be a fool to think manufacturers would pass on a percentage of the bloatware earnings by reducing the cost of their products to the consumers in this model.
The way I see it, the burden has been put on the communities such as xda. Users wouldn't ask the manufacturers how to root their handsets and this is left to the dedicated individuals to overcome the mess compnies normally leave us with. I'm not going to say the mess is a cost saving measure by companies.
The thing is that there are a lot more people buy and use phones than computers. After someone buys a smart phone with intention to use for calls, text, web and to use some apps, they realize the possibilities of the smart phone, they start digging in to the files, therefore Google blocked the root folder from modifying, otherwise Google would have to repair warrantied phones that didn't have to end up there just because people didn't know or care what they did. But if you got passed ROOTING, you must know what you are doing and from this point you can modify files and apps, but now ROOTING becomes too easy.
Basically just because too many juveniles got their hands on the equipment.
CSharpHeaven said:
One thing I still don't get is...
How can Google upgrade Market app without the su privilage but the rest of the world has to root their phones to remove bloatware such as 'amazon mp3'?
Click to expand...
Click to collapse
I'm also very interested to read the answer for this one!
CSharpHeaven said:
One thing I still don't get is...
How can Google upgrade Market app without the su privilage but the rest of the world has to root their phones to remove bloatware such as 'amazon mp3'?
Click to expand...
Click to collapse
RAMMANN said:
I'm also very interested to read the answer for this one!
Click to expand...
Click to collapse
The answer, from my point of view, is quite simple: they just upgrade the application on /data/app ON TOP of the /system/app default Market version. So, you can always go back to your "default" version just by "uninstalling updates".
Summary: they do not upgrade the Market form ROM, just install the new version on top.
CSharpHeaven said:
I have about two weeks experience with Android OS and as a software developer I will be interested to know the technical details behind the Android OS.
I have already noticed this is possible to upgrade applications ported with the handset's ROM i.e. the Market app. This raised the question to me why can't I uninstall applications from the ROM without rooting or risking my handset's warranty to achieve this?
Is my expectation as a user of computers for 20 years unreasonable to think in 2010 with all software development and technological advances the uninstall feature should have been in Android OS from day one?
This is not exactly like Google is the first company in the world developed an OS to just the lack of experience with what users would want. From what I have seen so far in world of Android is that, the first thing users would want to know how to root their handset to remove packages that they have no use for.
Click to expand...
Click to collapse
Have you tried to work with iPhone(don't know about iPhone 4)? They build fortress around their system and even the apps you install cannot be uninstalled until you gailbrake it and use 3rd party installer to uninstall. And not talking about the "MONOPLY" they run with AT&T.
I don't want to know how to root, I can find my answer for that on Google, however what I don't get is what it does...
I know it unlocks the device somehow, but can't I simply access everything in the system if I compile android from source and install it on the device?
I have downloaded the android source and I believe I can access every possible thing, so why is rooting needed?
If I install an app as a system app, won't it automatically have the permissions to do what I need it to do?
AFAIK rooting is for the people you'd call the end user/consumer or whatever.
If you have a new phone and want to install one of the many custom ROMs around, you simply need a rooted phone.
A custom ROM is in easy terms a custom made User Interface for the phone.
There is lot more complicated stuff going on under the hood, but in general you change the look and feel of you phone's UI.
The phone has to be rooted, because the manufacturers and net providers around pack a lot of useless crap called "bloatware" (like Samsung Shop and Samsung Play and Samsung Sing and Dance and Music and whatnot) on your phone, which often makes it slower than it can be without it.
But naturally the big corps don't want you to be able to get rid of that **** too easily, which is why you don't have access to the system folders as a normal user.
I guess in your case it's possible that you (if you compiled android from source and installed it on your device) so to say have an already rooted phone, since Android itself is rooted by default. Like I said, the manufacturers are the ones to unroot Android in order to dictate which apps their customers might or might not use.
But I'm a noob and am not sure how you would install Android on your phone if it's new (and unrooted by default?) if you haven't rooted it before?
meh, hope that helped a bit at least...
root- you would love to do it after reading this..
Root? what is it?
it is what i call full access to our phone, flash new roms, have dual boot (example- you can have to os like ics and JB), can access the evasive /data folder which holdes the apk/setups of apps installed from playstore and many other things..
If you are concerned about warranty you can unroot your phone and give in your phone for warranty. i have given my phone for warranty like this.
The most important thing i like about root is that i can fix my phone myself (if it is a software problem). any other question please ask, and i will answer it.
Thanks if helped!
I don't have the time for development anymore. I used to play with stuff like that years ago, but life has taken me away from it. I'd still like to be able to access everything on my phone and play with custom roms, and root lets me do that. The end consumer comment is a good one.
As for to root or not root, I tell most people who ask me to root for them what they use their phone for and explain what they would get out of rooting, and explain the risks involved. Seems that people who understand what rooting does are able to do it themselves, and the ones that ask you to do it for them usually decide against it after hearing "there is a tiny chance that your phone could get bricked" lol
If you just want to play emulators etc, how would you benefit from rooting?
IMO rooting is very useful if you want to keep touching system things in a stock rom, optimizing and debloating it, installing other people ROMs, etc... I believe that if you compile your own flavour of android and find no restriction doing whatever you want, you don't need to.
Android phone without root is nothing
McFex said:
AFAIK rooting is for the people you'd call the end user/consumer or whatever.
Click to expand...
Click to collapse
:good:
McFex said:
But I'm a noob and am not sure how you would install Android on your phone if it's new (and unrooted by default?) if you haven't rooted it before?
Click to expand...
Click to collapse
Some phones can just be flashed (for example via usb) which gives you full control, others can be cracked.
Hi,
I'm currently programming an app for a hospital as a bachelorsproject. Now I've discussed with my mentor about the fact we want the devices to be used only as pupose for the app I'm making, apps we preinstall and future apps that are made for the personel thats using them.
Currently I'm working with a Galaxy Tab A 10.1 (2016) running android 6.0.1 without it being rooted.
So what do you guys suggest with this I've done some reading along how to root whats possible and seen some guides for my device on how to root it.
What I want to do is actually have like a stock android so no samsung bloatware and microsoft apps etc, even chrome doesn't need to be installed as they don't need acces to browsing. And then pre install specific apps like my app, the one from the hospital itself, future apps and others we specifically need.
Also I'm new to android in general so can I create like a nurse user, and a IT-desk user so the IT desk user can log on the tablet and install an app, while the nurse doesn't even have acces to settings maybe.
Would love to hear what you guys think along what to do, and maybe some general steps like root it, flash a stock rom, create your (2)users, and install apps.
Tommyboy500 said:
Hi,
I'm currently programming an app for a hospital as a bachelorsproject. Now I've discussed with my mentor about the fact we want the devices to be used only as pupose for the app I'm making, apps we preinstall and future apps that are made for the personel thats using them.
Currently I'm working with a Galaxy Tab A 10.1 (2016) running android 6.0.1 without it being rooted.
So what do you guys suggest with this I've done some reading along how to root whats possible and seen some guides for my device on how to root it.
What I want to do is actually have like a stock android so no samsung bloatware and microsoft apps etc, even chrome doesn't need to be installed as they don't need acces to browsing. And then pre install specific apps like my app, the one from the hospital itself, future apps and others we specifically need.
Also I'm new to android in general so can I create like a nurse user, and a IT-desk user so the IT desk user can log on the tablet and install an app, while the nurse doesn't even have acces to settings maybe.
Would love to hear what you guys think along what to do, and maybe some general steps like root it, flash a stock rom, create your (2)users, and install apps.
Click to expand...
Click to collapse
You could build an AOSP ROM for that model number with only the apps and features you choose, it would require AOSP source code and your stock source code.
Then, yes, android natively supports setting up user profiles, with root access you can set it so that the "nurse user" profile can only use the device and an "admin user" would have exclusive permissions to make whatever changes are needed. You can set it so that the "nurse user" would not be able to install new apps, wouldn't be able to browse the web or even set it so they could browse if needed but would be limited in what they can access on the web, and you'd be able to set it so they would be locked out of all settings.
What you want is very possible, the most difficult part would be compiling the ROM if you go that route, you may not need or want to though because with root, you can strip down the existing stock firmware to remove the extras you don't want or need.
Mind you, there would be some details and specifics to deal with that would require trial and error along the way, obviously.
Update (5/18/2019)
Since the first tool was released, HappyZ has improved many features so I think I can just refer to
* HappyZ's rooting guide: https://github.com/HappyZ/dpt-tools/wiki/The-Ultimate-Rooting-Guide
- The only thing I want to add as Windows user is (because the guide is for Mac/Linux users) it gets much easier if you use Linux terminal like cygwin, and the port name should be something like COM# where # can be found in Device Manager by comparing before/after you attach the device.
* HappyZ's upgrade guide: https://github.com/HappyZ/dpt-tools/wiki/The-Upgrade-Guide (Recommend to read this before/after you update the new firmware.)
You may donate a cup of coffee to him there Thanks to all others who contributed a lot.
--
Update (12/02/2018) -- These are outdated.
Finally we manage to root the device! Many thanks to all of your efforts.
Just refer to HappyZ's well written guide: https://github.com/HappyZ/dpt-tools
For whom have never used python like me (and probably using Windows):
(1) Install Python 3 and add it to PATH.
(2) Install MINGW64 and run scripts here instead of Powershell due to xxd issue if you are on Windows.
(2) pip httpsig pyserial on bash.
(3) Download HappyZ's dpt-tools and unzip.
(4* this issue is fixed by HappZ)
(5) Follow HappyZ's guide. You should execute dpt-tools.py in the folder you unzipped to use get-su-bin because of how the script is written.
Some suggestions after rooting (let me know if you have better ideas):
Here is my setup: install "E-ink Launcher" and "Multi action home button" using adb install.
Use adb shell am start -a android.intent.action.MAIN to change the main launcher to your launcher.
Then change the setting of Multi Action Home button (say, the height should be large to be visible in the bottom) and assign its function to be Home for click and Back for double-click.
Whenever you want to use Sony's apps (these are good for pdf markup), just push the home button to open the pop-up menu.
Otherwise, touch the Multi Action Home Button to access to other Android apps. So far I've never experience any crash.
Yet more tips:
Some complain fonts are too small after installing generic apps.
adb shell wm density 320 changes your DPI by 2 times (160 is a default value.) EDIT: I found 200 is quite enough that does not distort Sony apps too much.
My application is using "Tasker" to execute the above code when specific apps are open and execute wm density reset when the apps are closed.
The reason why we cannot change the global DPI is sadly because it makes the default apps by Sony so awkward.
Alternatively, I could successfully install Xposed to try App Settings but this app crashed.
You can also install Gboard (but it has no hide button, so prepare with virtual back button) if you need another keyboard.
Enjoy your DPT devices
--
Sony recently released a new digital paper device DPT-RP1, apparently using their own linux firmware but underlying on Android 5.1.1. Few weeks ago, some Chinese successfully hacked it to jailbreak for third-party apps (without changing the original firmware), but they don't share any information to sell those hacked devices. I'm willing to pay for it, but it is too risky to send my device to China so I'm trying to root it by myself.
I don't know much about this world, but I found some information that might be helpful. It uses Marvell A140 IoT Processor a.k.a. PXA1908. There are two Android smartphones (as the same version 5.1.1) with this chip - Samsung Xcover 3 and Samsung Galaxy Grand Prime. Fortunately, they have been both rooted in the past here.
Is this information really helpful to root my device? If so, is there any way to apply the previous methods to easily jailbreak DPT-RP1? I think the problem here is that it does not look like Android at all, so has no setting menu or developer tools. And not sure how to enter to the recovery mode since it only has two buttons - power/menu.
I'd appreciate any help or advice. Thanks!
And here you can find source codes.
oss.sony.net/Products/Linux/dp/DPT-RP1.html
sartrism said:
Sony recently released a new digital paper device DPT-RP1, apparently using their own linux firmware but underlying on Android 5.1.1. Few weeks ago, some Chinese successfully hacked it to jailbreak for third-party apps (without changing the original firmware), but they don't share any information to sell those hacked devices. I'm willing to pay for it, but it is too risky to send my device to China so I'm trying to root it by myself.
I don't know much about this world, but I found some information that might be helpful. It uses Marvell A140 IoT Processor a.k.a. PXA1908. There are two Android smartphones (as the same version 5.1.1) with this chip - Samsung Xcover 3 and Samsung Galaxy Grand Prime. Fortunately, they have been both rooted in the past here.
Is this information really helpful to root my device? If so, is there any way to apply the previous methods to easily jailbreak DPT-RP1? I think the problem here is that it does not look like Android at all, so has no setting menu or developer tools. And not sure how to enter to the recovery mode since it only has two buttons - power/menu.
I'd appreciate any help or advice. Thanks!
Click to expand...
Click to collapse
You must be an iPhone user that isn't familiar with android. Jailbreak in is an Apple thing, not an android thing.
In android it's called "rooting" and it isn't quite the same thing as jailbreaking an Apple device.
This device does not at all seem to be worth the price, especially considering the limitations it has. What a waste of hardware.
I would assume that you could port something from one of those other devices to work on yours but it really depends on how your hardware is designed compared to those devices.
Does your device have a typical bootloader like other android devices?
Is the bootloader unlocked?
If it is locked, can it be unlocked?
Does the device use fastboot or does it have a flash mode that is used with a specific PC flashtool?
If it is unlocked or if you can unlock it and it has a flash mode that can actually be used, you might be able to port a custom recovery from one of the devices you named then use that recovery to somehow root the device. If the device can't install android apps then it would probably involve using adb to root the device.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Droidriven said:
You must be an iPhone user that isn't familiar with android. Jailbreak in is an Apple thing, not an android thing.
In android it's called "rooting" and it isn't quite the same thing as jailbreaking an Apple device.
This device does not at all seem to be worth the price, especially considering the limitations it has. What a waste of hardware.
I would assume that you could port something from one of those other devices to work on yours but it really depends on how your hardware is designed compared to those devices.
Does your device have a typical bootloader like other android devices?
Is the bootloader unlocked?
If it is locked, can it be unlocked?
Does the device use fastboot or does it have a flash mode that is used with a specific PC flashtool?
If it is unlocked or if you can unlock it and it has a flash mode that can actually be used, you might be able to port a custom recovery from one of the devices you named then use that recovery to somehow root the device. If the device can't install android apps then it would probably involve using adb to root the device.
Click to expand...
Click to collapse
Thanks for suggesting a general principle! I just use the word jailbreaking not because I'm an iPhone user. What I actually want to do as the first step is not rooting an android system, but revealing it from the current customized linux system. Rooting is the next step if necessary. If the word choice is still not accurate and bothers you, I apologize.
It has apparently no typical bootloader, and neither PC nor adb recognize it as an android device. In fact, direct USB file transfer is blocked so I need to use Sony's designated software. But an android system surely coexists according to the hacker who already rooted it.
sartrism said:
Thanks for suggesting a general principle! I just use the word jailbreaking not because I'm an iPhone user. What I actually want to do as the first step is not rooting an android system, but revealing it from the current customized linux system. Rooting is the next step if necessary. If the word choice is still not accurate and bothers you, I apologize.
It has apparently no typical bootloader, and neither PC nor adb recognize it as an android device. In fact, direct USB file transfer is blocked so I need to use Sony's designated software. But an android system surely coexists according to the hacker who already rooted it.
Click to expand...
Click to collapse
Without some kind of way to flash or interface with the device there isn't much you can do.
I have a kindle fire HD that didn't come with a typical android system but does have a typical bootloader. The Amazon OS was removed and now it's full blown android but it required a "second" bootloader. You don't have a bootloader so I'm not sure what your options are with that device.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Droidriven said:
You must be an iPhone user that isn't familiar with android. Jailbreak in is an Apple thing, not an android thing.
In android it's called "rooting" and it isn't quite the same thing as jailbreaking an Apple device.
This device does not at all seem to be worth the price, especially considering the limitations it has. What a waste of hardware.
I would assume that you could port something from one of those other devices to work on yours but it really depends on how your hardware is designed compared to those devices.
Does your device have a typical bootloader like other android devices?
Is the bootloader unlocked?
If it is locked, can it be unlocked?
Does the device use fastboot or does it have a flash mode that is used with a specific PC flashtool?
If it is unlocked or if you can unlock it and it has a flash mode that can actually be used, you might be able to port a custom recovery from one of the devices you named then use that recovery to somehow root the device. If the device can't install android apps then it would probably involve using adb to root the device.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Click to expand...
Click to collapse
Jailbreaking is the process of modifying any electronic device in order to remove restrictions imposed by a manufacturer (Apple) or operator (to allow the installation of unauthorized software).
Rooting is the act of gaining access to the root account of a device (such as a smartphone or computer).
There is a huge difference between the two. You can't just say that rooting is Android's version of jailbreaking. Not accurate in the least.
https://www.androidpit.com/jailbreak-android
Sent from my SM-G928T using Tapatalk
MarkBell said:
Jailbreaking is the process of modifying any electronic device in order to remove restrictions imposed by a manufacturer (Apple) or operator (to allow the installation of unauthorized software).
Rooting is the act of gaining access to the root account of a device (such as a smartphone or computer).
There is a huge difference between the two. You can't just say that rooting is Android's version of jailbreaking. Not accurate in the least.
https://www.androidpit.com/jailbreak-android
Sent from my SM-G928T using Tapatalk
Click to expand...
Click to collapse
You're reading too much into what I said.
Basically, what I said was that jailbreaking isn't an android thing, it's an Apple thing(didn't say it was exclusively an Apple thing, just NOT an android thing). It applies to more than just Apple devices but on this website dedicated to mobile platforms, I'm only referring to its application in the mobile device world. For the mobile world it's pretty much only an Apple thing(still not exclusively but mostly so).
Then I said that in the android world it's called rooting(not exclusively an android thing, just NOT an Apple thing). And that jailbreaking and rooting aren't the same thing(this does not say that rooting is android's version of jailbreaking, that would imply that they are the same thing, I'm saying they aren't the same thing)
Basically, explaining what they "aren't", you explained what they "are".
I understand the difference, but thank you.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Droidriven said:
You're reading too much into what I said.
Basically, what I said was that jailbreaking isn't an android thing, it's an Apple thing(didn't say it was exclusively an Apple thing, just NOT an android thing). It applies to more than just Apple devices but on this website dedicated to mobile platforms, I'm only referring to its application in the mobile device world. For the mobile world it's pretty much only an Apple thing(still not exclusively but mostly so).
Then I said that in the android world it's called rooting(not exclusively an android thing, just NOT an Apple thing). And that jailbreaking and rooting aren't the same thing(this does not say that rooting is android's version of jailbreaking, that would imply that they are the same thing, I'm saying they aren't the same thing)
Basically, explaining what they "aren't", you explained what they "are".
I understand the difference, but thank you.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Click to expand...
Click to collapse
I tend to read too deeply into everything. It's the way I am. Lol.
Sent from my SM-G928T using Tapatalk
Could you please post some information about usb device? Just like PID & VID.
Do it like:
Connect DPT-RP1 to Linux, and then type this command 'lsusb'
P.S. Under Windows or MacOS system, you can find the information from system settings...
happy to help with simple things
thisvip said:
Could you please post some information about usb device? Just like PID & VID.
Do it like:
Connect DPT-RP1 to Linux, and then type this command 'lsusb'
P.S. Under Windows or MacOS system, you can find the information from system settings...
Click to expand...
Click to collapse
Bus 001 Device 008: ID 054c:0be5 Sony Corp.
It is good to see some people have been interested in this thread.
So far, I realized that the hacker used a hardware hacking method. I actually obtained the hacked system apps from one of his customer. I guess he did sometihng like directly modifying eMMC to root and put "USBDeviceSwitcher.apk" to allow an usual USB connection. Since I don't want to take such risk, I decided to wait until the first firmware to see if there could be an indirect way to penetrate the system files. But if you want to analyze the hacked system, contact me.
sartrism said:
It is good to see some people have been interested in this thread.
So far, I realized that the hacker used a hardware hacking method. I actually obtained the hacked system apps from one of his customer. I guess he did sometihng like directly modifying eMMC to root and put "USBDeviceSwitcher.apk" to allow an usual USB connection. Since I don't want to take such risk, I decided to wait until the first firmware to see if there could be an indirect way to penetrate the system files. But if you want to analyze the hacked system, contact me.
Click to expand...
Click to collapse
Does it have a web browser? Maybe you can utilize for example the Stagefright Exploit + DirtyC0W to get root.
I have found out some interesting stuff about the device with the help of the Digital Paper App.
The app is built using electron and there is a file: /Applications/Digital\ Paper\ App.app/Contents/Resources/app.asar
This file contains the electron javascript files, which handle all the communication with the device.
It can be extracted with: sudo asar extract app.asar output
(github_com/electron/asar)
This also requires node to be installed: with e.g. brew install node (changelog_com/posts/install-node-js-with-homebrew-on-os-x)
The app communicates with the device via Restlet-Framework/2.3.7 on port 8443 with tcp (no matter if it is the bluetooth, wifi or usb connection).
This is the only port that is open.
In the file: /Applications/Digital\ Paper\ App.app/Contents/Resources/output/node_modules/mw-error/lib/codeparams.js you can find all the relative paths, which are getting called during e.g. file transfer, firmware update and stuff.
Running the app and placing breakpoints reveals that before you can transfer files and stuff:
'/auth'
'/auth/nonce/'
are called in order to authenticate, which looks e.g. like url digitalpaper.local:8443/auth/nonce/1e9ee24d-6613-433a-9770-76b04333ac95
the last part of the call is the "client_id": "1e9ee24d-6613-433a-9770-76b04333ac95", which is retrieved via the url digitalpaper.local:8443/auth call.
digitalpaper.local:8443/auth/
Important:
In /Applications/Digital\ Paper\ App.app/Contents/Resources/output/lib/config.js
change the line
config.DEVBUILD = false;
to
config.DEVBUILD = true;
After you finished your modifications you have pack the output folder again:
sudo asar pack output app.asar
I did not have time to continue, but the following relative urls look promising (especially recovery_mode):
'/testmode/auth/nonce',
'/testmode/auth',
'/testmode/launch',
'/testmode/recovery_mode',
'/testmode/assets/{}',
mcplectrum said:
I have found out some interesting stuff about the device with the help of the Digital Paper App.
The app is built using electron and there is a file: /Applications/Digital\ Paper\ App.app/Contents/Resources/app.asar
This file contains the electron javascript files, which handle all the communication with the device.
It can be extracted with: sudo asar extract app.asar output
(github_com/electron/asar)
This also requires node to be installed: with e.g. brew install node (changelog_com/posts/install-node-js-with-homebrew-on-os-x)
The app communicates with the device via Restlet-Framework/2.3.7 on port 8443 with tcp (no matter if it is the bluetooth, wifi or usb connection).
This is the only port that is open.
In the file: /Applications/Digital\ Paper\ App.app/Contents/Resources/output/node_modules/mw-error/lib/codeparams.js you can find all the relative paths, which are getting called during e.g. file transfer, firmware update and stuff.
Running the app and placing breakpoints reveals that before you can transfer files and stuff:
'/auth'
'/auth/nonce/'
are called in order to authenticate, which looks e.g. like url digitalpaper.local:8443/auth/nonce/1e9ee24d-6613-433a-9770-76b04333ac95
the last part of the call is the "client_id": "1e9ee24d-6613-433a-9770-76b04333ac95", which is retrieved via the url digitalpaper.local:8443/auth call.
digitalpaper.local:8443/auth/
Important:
In /Applications/Digital\ Paper\ App.app/Contents/Resources/output/lib/config.js
change the line
config.DEVBUILD = false;
to
config.DEVBUILD = true;
After you finished your modifications you have pack the output folder again:
sudo asar pack output app.asar
I did not have time to continue, but the following relative urls look promising (especially recovery_mode):
'/testmode/auth/nonce',
'/testmode/auth',
'/testmode/launch',
'/testmode/recovery_mode',
'/testmode/assets/{}',
Click to expand...
Click to collapse
Hope you get some result from wifi side. I also realized they use the port 8443 but couldn't get further as you.
For whom trying to hack it, here is the link for the already 'hacked' system apps (including the original files) - that of the famous hacked RP1 video. Inside the subfolder S1, there are also the hacked system apps for DPT-S1 just in case.
https://www.dropbox.com/sh/dvtvokdzrgwjc83/AACXOJA-E56nUpUfiWUOzrM3a?dl=0
George Malas said:
Does it have a web browser? Maybe you can utilize for example the Stagefright Exploit + DirtyC0W to get root.
Click to expand...
Click to collapse
The stock device has no web browser, no sd-card, no usb connection, and no typical system. I think SONY was haunted by some security issues maybe because they thought the major users are lawyers or very important people? lol
Any chance to create a buffer overflow PDF to attack RP1's pdf reader?
I am unable to help, but wanted to let you know I am definitely interested in and supportive of this. If this device can be unlocked as suggested in that one youtube video then I would buy it, despite the steep price.
jess91 said:
I am unable to help, but wanted to let you know I am definitely interested in and supportive of this. If this device can be unlocked as suggested in that one youtube video then I would buy it, despite the steep price.
Click to expand...
Click to collapse
If you're interested and supportive of this then go buy one anyway and apply yourself to going forward figuring out how to get it done. Other than that, you're not supportive, you're just hopeful that someone figures it out and then you'll probably go get one.
DO NOT CONTACT ME VIA PM TO RECEIVE HELP, YOU WILL BE IGNORED. KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Hey guys,
I also recently got the RP1 and am also looking for ways to mod it. Big kudos and thanks to all of you for posting this! This alread is amazing. @sartrism: can you maybe give me a hint how to load the files on the rp1? Sorry if this might be a stupid question but I'm new to adroid and that stuff.
Paderico said:
Hey guys,
I also recently got the RP1 and am also looking for ways to mod it. Big kudos and thanks to all of you for posting this! This alread is amazing. @sartrism: can you maybe give me a hint how to load the files on the rp1? Sorry if this might be a stupid question but I'm new to adroid and that stuff.
Click to expand...
Click to collapse
Just a little update from my side. I'm currently tryng to recreate the steps @mcplectrum was using. It seems that my RP1 also uses other ports. I tried to wireshark the USB and WiFi connection. By that I saw that often GET /registration/information is called for Host: localhost:58052. Moreover the first call is GET /register/serial_number also on port 5808. This was via USB.
Trying to trigger the /auth/ call via Telnet returns nothing unfortunately. But also the 8080 port is open. Trying to call digitalpaper.local:8443/auth/ returns nothing on firefox.
@mcplectrum: how did you get the client_id and what would one need that for?
I also tried to change the config.DEVBUILD to true but that seemed to change nothing at all.
So to sum up what we know:
The device is using some kind of android structure, the source code seems to use the uboot bootloader, all communication is done by a rest restlet framework. So actually there should be some kind of way to use the restlet framework to PUT or POST the modified files.
The other option would be directly flash the eMMC right? I would take the risk and just load it on my device and see what happens. Any hints on how to do that?