Update (5/18/2019)
Since the first tool was released, HappyZ has improved many features so I think I can just refer to
* HappyZ's rooting guide: https://github.com/HappyZ/dpt-tools/wiki/The-Ultimate-Rooting-Guide
- The only thing I want to add as Windows user is (because the guide is for Mac/Linux users) it gets much easier if you use Linux terminal like cygwin, and the port name should be something like COM# where # can be found in Device Manager by comparing before/after you attach the device.
* HappyZ's upgrade guide: https://github.com/HappyZ/dpt-tools/wiki/The-Upgrade-Guide (Recommend to read this before/after you update the new firmware.)
You may donate a cup of coffee to him there Thanks to all others who contributed a lot.
--
Update (12/02/2018) -- These are outdated.
Finally we manage to root the device! Many thanks to all of your efforts.
Just refer to HappyZ's well written guide: https://github.com/HappyZ/dpt-tools
For whom have never used python like me (and probably using Windows):
(1) Install Python 3 and add it to PATH.
(2) Install MINGW64 and run scripts here instead of Powershell due to xxd issue if you are on Windows.
(2) pip httpsig pyserial on bash.
(3) Download HappyZ's dpt-tools and unzip.
(4* this issue is fixed by HappZ)
(5) Follow HappyZ's guide. You should execute dpt-tools.py in the folder you unzipped to use get-su-bin because of how the script is written.
Some suggestions after rooting (let me know if you have better ideas):
Here is my setup: install "E-ink Launcher" and "Multi action home button" using adb install.
Use adb shell am start -a android.intent.action.MAIN to change the main launcher to your launcher.
Then change the setting of Multi Action Home button (say, the height should be large to be visible in the bottom) and assign its function to be Home for click and Back for double-click.
Whenever you want to use Sony's apps (these are good for pdf markup), just push the home button to open the pop-up menu.
Otherwise, touch the Multi Action Home Button to access to other Android apps. So far I've never experience any crash.
Yet more tips:
Some complain fonts are too small after installing generic apps.
adb shell wm density 320 changes your DPI by 2 times (160 is a default value.) EDIT: I found 200 is quite enough that does not distort Sony apps too much.
My application is using "Tasker" to execute the above code when specific apps are open and execute wm density reset when the apps are closed.
The reason why we cannot change the global DPI is sadly because it makes the default apps by Sony so awkward.
Alternatively, I could successfully install Xposed to try App Settings but this app crashed.
You can also install Gboard (but it has no hide button, so prepare with virtual back button) if you need another keyboard.
Enjoy your DPT devices
--
Sony recently released a new digital paper device DPT-RP1, apparently using their own linux firmware but underlying on Android 5.1.1. Few weeks ago, some Chinese successfully hacked it to jailbreak for third-party apps (without changing the original firmware), but they don't share any information to sell those hacked devices. I'm willing to pay for it, but it is too risky to send my device to China so I'm trying to root it by myself.
I don't know much about this world, but I found some information that might be helpful. It uses Marvell A140 IoT Processor a.k.a. PXA1908. There are two Android smartphones (as the same version 5.1.1) with this chip - Samsung Xcover 3 and Samsung Galaxy Grand Prime. Fortunately, they have been both rooted in the past here.
Is this information really helpful to root my device? If so, is there any way to apply the previous methods to easily jailbreak DPT-RP1? I think the problem here is that it does not look like Android at all, so has no setting menu or developer tools. And not sure how to enter to the recovery mode since it only has two buttons - power/menu.
I'd appreciate any help or advice. Thanks!
And here you can find source codes.
oss.sony.net/Products/Linux/dp/DPT-RP1.html
sartrism said:
Sony recently released a new digital paper device DPT-RP1, apparently using their own linux firmware but underlying on Android 5.1.1. Few weeks ago, some Chinese successfully hacked it to jailbreak for third-party apps (without changing the original firmware), but they don't share any information to sell those hacked devices. I'm willing to pay for it, but it is too risky to send my device to China so I'm trying to root it by myself.
I don't know much about this world, but I found some information that might be helpful. It uses Marvell A140 IoT Processor a.k.a. PXA1908. There are two Android smartphones (as the same version 5.1.1) with this chip - Samsung Xcover 3 and Samsung Galaxy Grand Prime. Fortunately, they have been both rooted in the past here.
Is this information really helpful to root my device? If so, is there any way to apply the previous methods to easily jailbreak DPT-RP1? I think the problem here is that it does not look like Android at all, so has no setting menu or developer tools. And not sure how to enter to the recovery mode since it only has two buttons - power/menu.
I'd appreciate any help or advice. Thanks!
Click to expand...
Click to collapse
You must be an iPhone user that isn't familiar with android. Jailbreak in is an Apple thing, not an android thing.
In android it's called "rooting" and it isn't quite the same thing as jailbreaking an Apple device.
This device does not at all seem to be worth the price, especially considering the limitations it has. What a waste of hardware.
I would assume that you could port something from one of those other devices to work on yours but it really depends on how your hardware is designed compared to those devices.
Does your device have a typical bootloader like other android devices?
Is the bootloader unlocked?
If it is locked, can it be unlocked?
Does the device use fastboot or does it have a flash mode that is used with a specific PC flashtool?
If it is unlocked or if you can unlock it and it has a flash mode that can actually be used, you might be able to port a custom recovery from one of the devices you named then use that recovery to somehow root the device. If the device can't install android apps then it would probably involve using adb to root the device.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Droidriven said:
You must be an iPhone user that isn't familiar with android. Jailbreak in is an Apple thing, not an android thing.
In android it's called "rooting" and it isn't quite the same thing as jailbreaking an Apple device.
This device does not at all seem to be worth the price, especially considering the limitations it has. What a waste of hardware.
I would assume that you could port something from one of those other devices to work on yours but it really depends on how your hardware is designed compared to those devices.
Does your device have a typical bootloader like other android devices?
Is the bootloader unlocked?
If it is locked, can it be unlocked?
Does the device use fastboot or does it have a flash mode that is used with a specific PC flashtool?
If it is unlocked or if you can unlock it and it has a flash mode that can actually be used, you might be able to port a custom recovery from one of the devices you named then use that recovery to somehow root the device. If the device can't install android apps then it would probably involve using adb to root the device.
Click to expand...
Click to collapse
Thanks for suggesting a general principle! I just use the word jailbreaking not because I'm an iPhone user. What I actually want to do as the first step is not rooting an android system, but revealing it from the current customized linux system. Rooting is the next step if necessary. If the word choice is still not accurate and bothers you, I apologize.
It has apparently no typical bootloader, and neither PC nor adb recognize it as an android device. In fact, direct USB file transfer is blocked so I need to use Sony's designated software. But an android system surely coexists according to the hacker who already rooted it.
sartrism said:
Thanks for suggesting a general principle! I just use the word jailbreaking not because I'm an iPhone user. What I actually want to do as the first step is not rooting an android system, but revealing it from the current customized linux system. Rooting is the next step if necessary. If the word choice is still not accurate and bothers you, I apologize.
It has apparently no typical bootloader, and neither PC nor adb recognize it as an android device. In fact, direct USB file transfer is blocked so I need to use Sony's designated software. But an android system surely coexists according to the hacker who already rooted it.
Click to expand...
Click to collapse
Without some kind of way to flash or interface with the device there isn't much you can do.
I have a kindle fire HD that didn't come with a typical android system but does have a typical bootloader. The Amazon OS was removed and now it's full blown android but it required a "second" bootloader. You don't have a bootloader so I'm not sure what your options are with that device.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Droidriven said:
You must be an iPhone user that isn't familiar with android. Jailbreak in is an Apple thing, not an android thing.
In android it's called "rooting" and it isn't quite the same thing as jailbreaking an Apple device.
This device does not at all seem to be worth the price, especially considering the limitations it has. What a waste of hardware.
I would assume that you could port something from one of those other devices to work on yours but it really depends on how your hardware is designed compared to those devices.
Does your device have a typical bootloader like other android devices?
Is the bootloader unlocked?
If it is locked, can it be unlocked?
Does the device use fastboot or does it have a flash mode that is used with a specific PC flashtool?
If it is unlocked or if you can unlock it and it has a flash mode that can actually be used, you might be able to port a custom recovery from one of the devices you named then use that recovery to somehow root the device. If the device can't install android apps then it would probably involve using adb to root the device.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Click to expand...
Click to collapse
Jailbreaking is the process of modifying any electronic device in order to remove restrictions imposed by a manufacturer (Apple) or operator (to allow the installation of unauthorized software).
Rooting is the act of gaining access to the root account of a device (such as a smartphone or computer).
There is a huge difference between the two. You can't just say that rooting is Android's version of jailbreaking. Not accurate in the least.
https://www.androidpit.com/jailbreak-android
Sent from my SM-G928T using Tapatalk
MarkBell said:
Jailbreaking is the process of modifying any electronic device in order to remove restrictions imposed by a manufacturer (Apple) or operator (to allow the installation of unauthorized software).
Rooting is the act of gaining access to the root account of a device (such as a smartphone or computer).
There is a huge difference between the two. You can't just say that rooting is Android's version of jailbreaking. Not accurate in the least.
https://www.androidpit.com/jailbreak-android
Sent from my SM-G928T using Tapatalk
Click to expand...
Click to collapse
You're reading too much into what I said.
Basically, what I said was that jailbreaking isn't an android thing, it's an Apple thing(didn't say it was exclusively an Apple thing, just NOT an android thing). It applies to more than just Apple devices but on this website dedicated to mobile platforms, I'm only referring to its application in the mobile device world. For the mobile world it's pretty much only an Apple thing(still not exclusively but mostly so).
Then I said that in the android world it's called rooting(not exclusively an android thing, just NOT an Apple thing). And that jailbreaking and rooting aren't the same thing(this does not say that rooting is android's version of jailbreaking, that would imply that they are the same thing, I'm saying they aren't the same thing)
Basically, explaining what they "aren't", you explained what they "are".
I understand the difference, but thank you.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Droidriven said:
You're reading too much into what I said.
Basically, what I said was that jailbreaking isn't an android thing, it's an Apple thing(didn't say it was exclusively an Apple thing, just NOT an android thing). It applies to more than just Apple devices but on this website dedicated to mobile platforms, I'm only referring to its application in the mobile device world. For the mobile world it's pretty much only an Apple thing(still not exclusively but mostly so).
Then I said that in the android world it's called rooting(not exclusively an android thing, just NOT an Apple thing). And that jailbreaking and rooting aren't the same thing(this does not say that rooting is android's version of jailbreaking, that would imply that they are the same thing, I'm saying they aren't the same thing)
Basically, explaining what they "aren't", you explained what they "are".
I understand the difference, but thank you.
I DO NOT PROVIDE HELP IN PM, KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Click to expand...
Click to collapse
I tend to read too deeply into everything. It's the way I am. Lol.
Sent from my SM-G928T using Tapatalk
Could you please post some information about usb device? Just like PID & VID.
Do it like:
Connect DPT-RP1 to Linux, and then type this command 'lsusb'
P.S. Under Windows or MacOS system, you can find the information from system settings...
happy to help with simple things
thisvip said:
Could you please post some information about usb device? Just like PID & VID.
Do it like:
Connect DPT-RP1 to Linux, and then type this command 'lsusb'
P.S. Under Windows or MacOS system, you can find the information from system settings...
Click to expand...
Click to collapse
Bus 001 Device 008: ID 054c:0be5 Sony Corp.
It is good to see some people have been interested in this thread.
So far, I realized that the hacker used a hardware hacking method. I actually obtained the hacked system apps from one of his customer. I guess he did sometihng like directly modifying eMMC to root and put "USBDeviceSwitcher.apk" to allow an usual USB connection. Since I don't want to take such risk, I decided to wait until the first firmware to see if there could be an indirect way to penetrate the system files. But if you want to analyze the hacked system, contact me.
sartrism said:
It is good to see some people have been interested in this thread.
So far, I realized that the hacker used a hardware hacking method. I actually obtained the hacked system apps from one of his customer. I guess he did sometihng like directly modifying eMMC to root and put "USBDeviceSwitcher.apk" to allow an usual USB connection. Since I don't want to take such risk, I decided to wait until the first firmware to see if there could be an indirect way to penetrate the system files. But if you want to analyze the hacked system, contact me.
Click to expand...
Click to collapse
Does it have a web browser? Maybe you can utilize for example the Stagefright Exploit + DirtyC0W to get root.
I have found out some interesting stuff about the device with the help of the Digital Paper App.
The app is built using electron and there is a file: /Applications/Digital\ Paper\ App.app/Contents/Resources/app.asar
This file contains the electron javascript files, which handle all the communication with the device.
It can be extracted with: sudo asar extract app.asar output
(github_com/electron/asar)
This also requires node to be installed: with e.g. brew install node (changelog_com/posts/install-node-js-with-homebrew-on-os-x)
The app communicates with the device via Restlet-Framework/2.3.7 on port 8443 with tcp (no matter if it is the bluetooth, wifi or usb connection).
This is the only port that is open.
In the file: /Applications/Digital\ Paper\ App.app/Contents/Resources/output/node_modules/mw-error/lib/codeparams.js you can find all the relative paths, which are getting called during e.g. file transfer, firmware update and stuff.
Running the app and placing breakpoints reveals that before you can transfer files and stuff:
'/auth'
'/auth/nonce/'
are called in order to authenticate, which looks e.g. like url digitalpaper.local:8443/auth/nonce/1e9ee24d-6613-433a-9770-76b04333ac95
the last part of the call is the "client_id": "1e9ee24d-6613-433a-9770-76b04333ac95", which is retrieved via the url digitalpaper.local:8443/auth call.
digitalpaper.local:8443/auth/
Important:
In /Applications/Digital\ Paper\ App.app/Contents/Resources/output/lib/config.js
change the line
config.DEVBUILD = false;
to
config.DEVBUILD = true;
After you finished your modifications you have pack the output folder again:
sudo asar pack output app.asar
I did not have time to continue, but the following relative urls look promising (especially recovery_mode):
'/testmode/auth/nonce',
'/testmode/auth',
'/testmode/launch',
'/testmode/recovery_mode',
'/testmode/assets/{}',
mcplectrum said:
I have found out some interesting stuff about the device with the help of the Digital Paper App.
The app is built using electron and there is a file: /Applications/Digital\ Paper\ App.app/Contents/Resources/app.asar
This file contains the electron javascript files, which handle all the communication with the device.
It can be extracted with: sudo asar extract app.asar output
(github_com/electron/asar)
This also requires node to be installed: with e.g. brew install node (changelog_com/posts/install-node-js-with-homebrew-on-os-x)
The app communicates with the device via Restlet-Framework/2.3.7 on port 8443 with tcp (no matter if it is the bluetooth, wifi or usb connection).
This is the only port that is open.
In the file: /Applications/Digital\ Paper\ App.app/Contents/Resources/output/node_modules/mw-error/lib/codeparams.js you can find all the relative paths, which are getting called during e.g. file transfer, firmware update and stuff.
Running the app and placing breakpoints reveals that before you can transfer files and stuff:
'/auth'
'/auth/nonce/'
are called in order to authenticate, which looks e.g. like url digitalpaper.local:8443/auth/nonce/1e9ee24d-6613-433a-9770-76b04333ac95
the last part of the call is the "client_id": "1e9ee24d-6613-433a-9770-76b04333ac95", which is retrieved via the url digitalpaper.local:8443/auth call.
digitalpaper.local:8443/auth/
Important:
In /Applications/Digital\ Paper\ App.app/Contents/Resources/output/lib/config.js
change the line
config.DEVBUILD = false;
to
config.DEVBUILD = true;
After you finished your modifications you have pack the output folder again:
sudo asar pack output app.asar
I did not have time to continue, but the following relative urls look promising (especially recovery_mode):
'/testmode/auth/nonce',
'/testmode/auth',
'/testmode/launch',
'/testmode/recovery_mode',
'/testmode/assets/{}',
Click to expand...
Click to collapse
Hope you get some result from wifi side. I also realized they use the port 8443 but couldn't get further as you.
For whom trying to hack it, here is the link for the already 'hacked' system apps (including the original files) - that of the famous hacked RP1 video. Inside the subfolder S1, there are also the hacked system apps for DPT-S1 just in case.
https://www.dropbox.com/sh/dvtvokdzrgwjc83/AACXOJA-E56nUpUfiWUOzrM3a?dl=0
George Malas said:
Does it have a web browser? Maybe you can utilize for example the Stagefright Exploit + DirtyC0W to get root.
Click to expand...
Click to collapse
The stock device has no web browser, no sd-card, no usb connection, and no typical system. I think SONY was haunted by some security issues maybe because they thought the major users are lawyers or very important people? lol
Any chance to create a buffer overflow PDF to attack RP1's pdf reader?
I am unable to help, but wanted to let you know I am definitely interested in and supportive of this. If this device can be unlocked as suggested in that one youtube video then I would buy it, despite the steep price.
jess91 said:
I am unable to help, but wanted to let you know I am definitely interested in and supportive of this. If this device can be unlocked as suggested in that one youtube video then I would buy it, despite the steep price.
Click to expand...
Click to collapse
If you're interested and supportive of this then go buy one anyway and apply yourself to going forward figuring out how to get it done. Other than that, you're not supportive, you're just hopeful that someone figures it out and then you'll probably go get one.
DO NOT CONTACT ME VIA PM TO RECEIVE HELP, YOU WILL BE IGNORED. KEEP IT IN THE THREADS WHERE EVERYONE CAN SHARE
Hey guys,
I also recently got the RP1 and am also looking for ways to mod it. Big kudos and thanks to all of you for posting this! This alread is amazing. @sartrism: can you maybe give me a hint how to load the files on the rp1? Sorry if this might be a stupid question but I'm new to adroid and that stuff.
Paderico said:
Hey guys,
I also recently got the RP1 and am also looking for ways to mod it. Big kudos and thanks to all of you for posting this! This alread is amazing. @sartrism: can you maybe give me a hint how to load the files on the rp1? Sorry if this might be a stupid question but I'm new to adroid and that stuff.
Click to expand...
Click to collapse
Just a little update from my side. I'm currently tryng to recreate the steps @mcplectrum was using. It seems that my RP1 also uses other ports. I tried to wireshark the USB and WiFi connection. By that I saw that often GET /registration/information is called for Host: localhost:58052. Moreover the first call is GET /register/serial_number also on port 5808. This was via USB.
Trying to trigger the /auth/ call via Telnet returns nothing unfortunately. But also the 8080 port is open. Trying to call digitalpaper.local:8443/auth/ returns nothing on firefox.
@mcplectrum: how did you get the client_id and what would one need that for?
I also tried to change the config.DEVBUILD to true but that seemed to change nothing at all.
So to sum up what we know:
The device is using some kind of android structure, the source code seems to use the uboot bootloader, all communication is done by a rest restlet framework. So actually there should be some kind of way to use the restlet framework to PUT or POST the modified files.
The other option would be directly flash the eMMC right? I would take the risk and just load it on my device and see what happens. Any hints on how to do that?
Related
First of all this isn't a "what is root!??!!??" nor a "OMG I BRICKED MY PHONE SOMEONE HALP!" type of question.
This is more of a "I want to understand what's going on under the hood" type of question.
I'm asking this because I haven't seen the answer anywhere and it'd probably take me several days putting together a bunch of tidbits of information about this to understand it.
What does getting root on an Android device involve? I've used 1-click tools, flashed kernels that include root (CF-Root, for example), used adb and nvflash. What goes on at the OS level?
Thanks in advance to any helpful soul that replies!
pretty much its granting sysadmin rights to your phone.
It gives you admin level access to the operating system. You can customize apps, looks, performance and a good host of other things including backups, flashing ROMs etc..
Thanks guys, but like I said, I know what rooting is and what it's for. I have both of my android devices rooted (Galaxy S and Asus Tablet).
What I want to know is, when you root a device, what's modified, what does rooting actually involve, under the hood.
Root is a Linux term. In Linux based operating systems there is a predefined user account called root. When a device I shipped to you, the manufacturer has prevented you from being able to be root user for safety, and to prevent you to add, remove or modify things at a system level. When you perform the procedure of rooting your device, you change the su binary in the system directory, usually through a security exploit, to remove these restrictions that the manufacturer has bestowed upon your device, and now you have full access to anything on your phone
Hope this is helpful, and I case you do not read my awesome signature, please hit the thanks button to show your appreciation if this helped
Root is a Linux term. In Linux based operating systems there is a predefined user account called root. When a device I shipped to you, the manufacturer has prevented you from being able to be root user for safety, and to prevent you to add, remove or modify things at a system level. When you perform the procedure of rooting your device, you add su binary in the system/bin directory, usually through a security exploit, to remove these restrictions that the manufacturer has bestowed upon your device, and now you have full access to anything on your phone
Hope this is helpful, and in case you do not read my awesome signature, please hit the thanks button to show your appreciation if this helped
Thanks again but, again that's not what I'm asking. OK here goes again:
- I know what rooting is
- I know what root is for
- Both my phone and my eePad are rooted
- I know what su is. I've used Linux and UNIX
What I want to know is, what is actually modified on the android OS when rooting the phone!
Is the kernel modified?
are permissions modified?
Is it an API thing?
Sent from my Transformer TF101 using Tapatalk
Rooting usually consists of 2 parts, the vector and payload:
All those rooting apps use various exploits to insert the payload. On devices that can install custom recoveries without rooting (ie unlocked bootloaders) they can merely use the recovery to directly install the payload.
There's dozens of vectors including making a 'superboot' kernal which include the payload and installs it on the first boot (i think?)
The payload is minimally the SU binary and the superuser app. Both are made by the same guy.
On the Dell Streak (which has an unlocked bootloader) rooting is just flashing an update.zip containing the SU binary and superuser app. A simple copy to /system. Newer rooting apps also include patches to plug up the exploit that they used themselves. Gingerbreak includes a dummy /system/bin/profile that plugs up the exploit used to install itself(?)
If the kernel is modified it's prob at runtime and not a hard patch, if it modifies it at all (i dont know), my assumption is that the linux kernal in android retains hooks that SU uses to link up with the system and normally it's simply not enabled by not including a SU binary. The superuser app of course just more or less a front end to SU (settings and logging)
Unlocked bootloader devices are likely the most reliable to root since they dont depend on exploit vectors, as updates plug them up they have to find a new vector or modify them, which means that there are open vectors that actual malware can use. Using a custom recovery to flash is the intended purpose of having an unlocked bootloader.
I'm very new to this so please forgive this old man. I'm 60 years old and bought a brand new Viewsonic G Tablet. Then after getting it I searched the internet on how to make it better. Seems everything depends upon "rooting" the device. I spent the day and now it's 11pm searching the net, watching youtube videos and reading about but no one actually gives you a step by step answer. I'm hoping one of you fine people help me out, please.
I guess I was wrong. Not one person has stepped forward to help me. Thank you so very much. I know what rooting is but what I don't know is how to root my Viewsonic G Tablet 2.2. You'd think I was asking for the code to a Swiss Bank Account. LOL With PC's I'm a wiz, or was until I reached 55 or so and then things were just going so fast and over my head. But when it comes to this, I'm like a brand new student trying to learn Japanese. All I need is for someone to please give me a step by step instruction on how to do it. If you'd like, I'll Paypal you some money for helping me.
Thank you
Philip Bock CSM US Army (Retired)
Thanks Manil! That's what I was looking for! It seems that most devices have a locked bootloader, and now I understand why it takes a bit longer (more than a few hours) to root each new device,
Sent from my Transformer TF101 using Tapatalk
pabock said:
I'm very new to this so please forgive this old man. I'm 60 years old and bought a brand new Viewsonic G Tablet. Then after getting it I searched the internet on how to make it better. Seems everything depends upon "rooting" the device. I spent the day and now it's 11pm searching the net, watching youtube videos and reading about but no one actually gives you a step by step answer. I'm hoping one of you fine people help me out, please.
I guess I was wrong. Not one person has stepped forward to help me. Thank you so very much. I know what rooting is but what I don't know is how to root my Viewsonic G Tablet 2.2. You'd think I was asking for the code to a Swiss Bank Account. LOL With PC's I'm a wiz, or was until I reached 55 or so and then things were just going so fast and over my head. But when it comes to this, I'm like a brand new student trying to learn Japanese. All I need is for someone to please give me a step by step instruction on how to do it. If you'd like, I'll Paypal you some money for helping me.
Thank you
Philip Bock CSM US Army (Retired)
Click to expand...
Click to collapse
I searched for "Viewsonic G Tablet 2.2 root" and found this http://droidpirate.com/2010/11/27/how-to-root-your-viewsonic-g-tablet/
Looks promising, no garantees though.
PenTesters_Paradise
Code:
[b][center]DISCLAMER[/center][/b]
I can not be held responsible for how you use this package.
I am also not to be held responsible if flashing this package
damages your device in anyway. This package is for
educational use only and should not be taken lightly. This is
the exact package that I use for my 2nd job, and is not meant
to just be played with willy nilly. Ask permission before doing
anything in public OR private.
PenTesters_ParadiseThis package was originally supposed to be a custom ROM, but I wanted to give everyone an equal opportunity to enjoy this package, so I converted it to something everyone can use! This package isn't for the faint of heart. This is for those of you curious about Pen Testing and for those who basically want to feel like they're bringing Watch_Dogs to the real world. Below I will explain the package, and what each item can actually do. I will also have YouTube videos (when I get the time to record them) explaining each app and package. I also have some custom content coming, some that will be shown off and not released as well. Please enjoy and remember to play it safe and always ask permission first before using any of these packages or tweaks.
What's A Pen Tester?If you're asking yourself this question, this package MIGHT NOT be for you. A Pen Tester is either a White Hat or Grey Hat hacker that gets hired by individuals or companies to basically purposely hack their products, networks, or any other sorts of electronically based applications. Pen Testers are becoming a big deal especially in the Gaming world. Dev companies are starting to get smart and are realizing that they honestly can't BEAT the hackers with out TRUE HACKERS of their own. This is slowly becoming a big money life style and more and more people want into it. This is basically your "License to Kill" when it comes to a product/project/ect. when the company or individual gives you the green light to crack in and have at it.
Package Includes
Screen Shots will be added to the 3rd post of this thread, tutorials for each app and the change log to the 2nd
AnDOSid
This app is an Android-based DOS attacker. Basically, this app allows you to simulate a DOS attack (Denial of Service) as a HTTP POST flood attack on either another person or a web server.
NetSpoofer
Network Spoofer lets you change websites on other people’s computers from an Android phone. Simply log onto a Wifi network, choose a spoof to use and press start. This can be a lot of fun, but always ask first.
AndroidVNC
please see this thread for all the info about this
http://forum.xda-developers.com/showthread.php?t=497187
aWPScan
This app lets you scan wordpress based sites for exploitable entrances to the sites admin panel. Fairly simple to use and can sometimes come in handy when working for a client and building them a WP based site.
DroidSheep and FaceNiff
These apps were popular for a very short time but are very powerful. They both kind of have the same functions as they work as a MITM (Man In The Middle) attacker service. Basically, login to any WiFi hot spot, and you will start capturing web traffic. You can manipulate the web traffic to do as you want from here.
DroidSheep Guard
This app guards you from anyone else using Droid Sheep. I'm not entirely sure if it will guard against FaceNiff as well.
DriveDroid
This app turns your device basically into a disc image mounting device. Basically, you can take an ISO or IMG file, mount it with this app, and install full operating systems to another PC. Read below on how to work it with the Galaxy S5 Specifically, as there's 1 special step you need to know
1.) Run the app and go through the setup.
2.) When you get to the selection about selecting a driver, select the 3rd item, which should be a "Legacy USB Driver"
3.) When you get to the point abut TESTING it and restarting your PC, this is where the trick lies.
3a.) As your PC boots up, boot directly to your BIOS (for HP and ASUS its either Escape or F2. not sure about others off the top of my head)
4.) From here, make sure your phone as connected successfully in MTP mode.
4a.) Go into Drive Droid (After MTP has been set), and select the IMG or ISO you wish to emulate from your device.
4b.) In the BIOS, Save Settings and restart (I know you didn't change anything, hear me out)
5.) From here, you need to test...
5a.) You'll either (after the bios loading screen) boot directly to the ISO or IMG, or into your standard OS.
6.) If you boot directly to your standard OS, reattempt from step 3 onwards, but at step 5, go to 6a
6a.) When the PC restarts, bring up your Boot Menu of options (F12 I believe on ASUS and HP)
6b.) From here, select the Samsung device listed, and it should boot!
dSploit
dSploit is a package of all sorts of tools ranging from MITM attacks to DOS attacks, and other testing abilities. Plenty of videos around on how to use this app.
HackAppData
This is for any app on your device. This app lets you modify the AppData of any application installed on your device.
Hackers Keyboard
Just a highly customizable keyboard.
Network Mapper
This app simply maps out the WiFi Network you are currently connected to, showing you every device connected.
Shark
Basically WireShark for Android. Lets you see incoming and outgoing data packets from your device and other things on the network.
Penetrate Pro
No this isn't a dirty joke (couldn't resist), This app works with decoding WiFi connections to allow you to connect to locked and private connections.
SQLMap
SQLMap is one of the most highly used tools around for SQL Injection attacks as its basically the best automated tool for it. There's tons of tutorials out there about it and soon I'll post one of my own.
LockScreen Widgets Tweak
Created by BigBot96, this tweak lets you apply Widgets to your lock screen. PLEASE Make sure you download the correct file. Currently, only the NE9 builds are supported with this tweak, but I'll have an option available for you to not have to worry about this.
Coming Soon...
Future Additions will be coming around soon for this, so keep checking the thread!
Kali Linux NetHunter Features.
So far, only supported by the Nexus devices, I'm attempting to port over the apps and data for this to the S5 as the first non-Nexus device to have support for Kali Linux control. Below will be the list of what will be included.
KaliLauncher
This is the heart of the NetHunter features. This controls everything, and launches all the different exploits available through Kali Linux. To learn more, keep reading
BadUSB
BadUSB is a form of undetectable Malware that is applied to specific USB devices that match the exploit. Basically, this hijacks your USB plug while your device is connected to a computer (windows based), and lets you install a faulty driver to it that houses your malware files. You could use this to transfer things like BotNets, Trojans, and many other forms of malware to a users system and they'd never even know.
DNSSpoofer
Basically, this tool just spoofs the DNS connection you're using or the other person/s are using and lets you reroute people. DNS Attacks are few and far between, but they're slowly getting easier.
PowerSploit
I'll admit, I haven't read up on this yet, but when I have, I'll edit this lol.
NoUpStream
This stops any up stream data entirely.
Other Future Additions
Basically, I'd like to convert this to something like a "Mini-ROM" that gives you a Launcher, themed Gapps, themed system apps, and much more, but for now, this is the temp solution. Next Update should have at least a custom boot animation.
How-To Install1.) Transfer the Zip file that matches your device to your SD card or Internal Storage
2.) Boot up into recovery mode and Flash the ZIP
3.) Done!
Special thanks to the creators of all these apps, scripts and tweaks that are being applied to this package. The ZIP packages below simply just need to be flashed to your Android device via SafeStrap (only method I can test). If someone could test a standard TWRP on a Dev Edition or another unlocked device, that'd be awesome.
Download Links Below
UPLOADING NEW ONES AFTER THE NEXT FLASH Test.
Thought it was ready, and realized it wasn't.
All apps are force closing -_- I'll fix it when I wake up. I've been at it for 12 hours now
Planning on updating this/adding a download?
Nice waiting anxiously for this
Waiting like wagging dog.... I went to source and got working nice..like to wait for add ons.
http://forum.xda-developers.com/showthread.php?p=3518324
Subscribed.
Sent from my SM-G900V using Tapatalk
lol he posted this weeks ago.. he respondin in his rom thread also saying he was working on a new rom which isnt out yet and said a week or two ago that his tmo budfy got 5.0 lollipop which was false lol so not sure if and when this will actually be uploaded.. its been here for weeks with no zip or apks at all in the themes n apps section..
most of these apks are stuff you can manually install if you dont want to wait :-/
Reinventing the wheel
Kali nethunter had been out for a while for the S5 variants, it's like having a VM copy of Kali on your galaxy S5 the instructions/apps/kernel are all available
http://forum.xda-developers.com/galaxy-s5/unified-development/kali-nethunter-galaxy-s5-t3298477 all the other apps he's taking about are available just search on Google or download a app called bugdroid pro from the app store it provides downloads and installs for all of these.
Faceniff
Droid sheep
I don't think those function anymore on anything.. on pretty sure those security holes they exploit have been patched..
dmayniak said:
Kali nethunter had been out for a while for the S5 variants, it's like having a VM copy of Kali on your galaxy S5 the instructions/apps/kernel are all available
http://forum.xda-developers.com/galaxy-s5/unified-development/kali-nethunter-galaxy-s5-t3298477 all the other apps he's taking about are available just search on Google or download a app called bugdroid pro from the app store it provides downloads and installs for all of these.
Faceniff
Droid sheep
I don't think those function anymore on anything.. on pretty sure those security holes they exploit have been patched..
Click to expand...
Click to collapse
lol the last comment was me about 2 years ago
elliwigy said:
lol the last comment was me about 2 years ago
Click to expand...
Click to collapse
i know right? lol i gave up on this because at the time i sucked at making flashable zip's
Vortell said:
It would be cool if you started it back up!
Click to expand...
Click to collapse
The reason I haven't is because Kali Linux has an official release for this phone as long as your bootloader is unlocked and you're on CM
I have built a simple app using app inventor (I'm not a programmer), and I wonder if there is a way to use it also on IOS device. By converting it, or maybe by opening through a kind of android emulator.
I have seen that many question have been asked concerning the other way around (Ipa → Apk), and that no tool has been invented to do that). I wonder if there is a way (through Windows 7)
it could be possible
according to an answer of this question* on stack overflow : "Excepting time/effort/money and litigations (!), there is nothing inherently preventing an Android implementation on Apple hardware, however."
The answer provides some interesting solution, such as hosting your apk file on a website you could access with any device, or dual boot, or emulation.
Did anyone tried one of them?
*Is it possible to run .APK/Android apps on iPad/iPhone devices?
didedsq said:
according to an answer of this question* on stack overflow : "Excepting time/effort/money and litigations (!), there is nothing inherently preventing an Android implementation on Apple hardware, however."
The answer provides some interesting solution, such as hosting you apk file on a website you could access with any device, or dual boot, or emulation.
Did anyone tried on of them?
*Is it possible to run .APK/Android apps on iPad/iPhone devices?
Click to expand...
Click to collapse
More than likely no. Even if you change the file format the apps are not interchangeable between systems
Sent from my Nexus 5
ShapesBlue said:
More than likely no. Even if you change the file format the apps are not interchangeable between systems
Sent from my Nexus 5
Click to expand...
Click to collapse
Thanks for this. I was hoping for a solution, too bad
See, android works on xml and java
On the other side the ios apps use obj-c or swift... So it is not possible, you could learn obj-c or swift and essentially just make anotger app for ios, you made the app right, it wud b easy for u to make it again, just diff syntax right?
Thank me if i helped ?
I was curious if there are any Android manufacturers out there that sell phones that let you access root via something like SuperSU being pre-installed and part of the devices software.
In that case, the device would be just like any PC that is sold to consumers that have this function built-in like PCs with Ubuntu for example that have su and sudo available to access root, PCs with Windows have UAC for Administrator Access and Macs with OS X have something similar to su from what I've read (I don't use OS X so I don't know for sure).
It would easier than finding a way to root an existing device and more secure because root access would be built-in to the software and one would not need a security vulnerability in the software to obtain root access.
This would also allow user to upgrade the software on the device without worrying about losing root because the updated software would already include root access.
No,you will not get any manufacturer selling rooted devices.Rooting helps the device to do any sort of tweaks which can even change the main software components of a device. Moreover most of the companies void the device's warranty to reduce the number of people rooting their devices.
Take an example of imei no.: you can change it after rooting and none company would allow it.
Also samsung devices come with pre loaded play music app and you cant uninstall it you can only disable it or remove updated imagine if they would give you root access the you can do any thing......
So,you have got your answer with the reason
Regards milkyway3
milkyway3 said:
No,you will not get any manufacturer selling rooted devices.Rooting helps the device to do any sort of tweaks which can even change the main software components of a device. Moreover most of the companies void the device's warranty to reduce the number of people rooting their devices.
Take an example of imei no.: you can change it after rooting and none company would allow it.
Also samsung devices come with pre loaded play music app and you cant uninstall it you can only disable it or remove updated imagine if they would give you root access the you can do any thing......
So,you have got your answer with the reason
Regards milkyway3
Click to expand...
Click to collapse
Actually, there are exceptions but they are rare, this for example.
https://www.oneclickroot.com/root-a...tablet-comes-pre-rooted-for-your-convenience/
jd2066 said:
I was curious if there are any Android manufacturers out there that sell phones that let you access root via something like SuperSU being pre-installed and part of the devices software.
In that case, the device would be just like any PC that is sold to consumers that have this function built-in like PCs with Ubuntu for example that have su and sudo available to access root, PCs with Windows have UAC for Administrator Access and Macs with OS X have something similar to su from what I've read (I don't use OS X so I don't know for sure).
It would easier than finding a way to root an existing device and more secure because root access would be built-in to the software and one would not need a security vulnerability in the software to obtain root access.
This would also allow user to upgrade the software on the device without worrying about losing root because the updated software would already include root access.
Click to expand...
Click to collapse
Sent from my SCH-I535 using Tapatalk
Its not worth spending your money on this
First of all it's features are not so good
The company is not popular and we don't even know weather it is a official license company or not
Even if your device fails to work you may not know where to go for service or maybe the service center could be too far from what you thought.
If this company is not licensed there may be chances of not getting your warranty properly authorized. Also you may not get the device's parts if your device doesn't works after few months......
There are many drawbacks and I prefer you to never believe in such kind of advertisements.....:angel::angel:
Regards milkyway3
milkyway3 said:
No,you will not get any manufacturer selling rooted devices
Click to expand...
Click to collapse
Well, 'rooted' usually refers to getting root on a device where it wasn't allowed and of course no company would sell a device where the software was hacked.
However, if a company made a device that already had root access via including the SuperSU app for example then the device is not hacked and it's secure when it's sent out.
It's then the responsibility of the user to only give root access to apps that are trusted, in which case there is no problem.
This is how all Desktop and Laptop Operating Systems are designed.
Of course, this allows users to install untrusted software on their computers which can be designed for malicious purposes like messing up the computer, showing ads, stealing personal information, etc. but if you install only trusted software then you should be fine.
The same would be true for mobile OSes that allow root access but thus far few if any Phone/Tablet manufacturer using a mobile OS has decided to allow this.
milkyway3 said:
Rooting helps the device to do any sort of tweaks which can even change the main software components of a device.
Click to expand...
Click to collapse
Right, that is the main point of rooting a device.
milkyway3 said:
Moreover most of the companies void the device's warranty to reduce the number of people rooting their devices.
Click to expand...
Click to collapse
Yes, companies that sell a device where they don't intend for the user to root the device will list it as something that will void the warranty.
However, if a company were to make a phone that came with root access as an included feature, then that would not be the case as the warranty would not be void for a feature built-in to the device.
It would make things more complicated as root software could change settings like the CPU clock rate/cooling functions in a way that causes the hardware to fail but it could be done.
milkyway3 said:
Take an example of imei no.: you can change it after rooting and none company would allow it.
Click to expand...
Click to collapse
An IMEI number is like a MAC Address, it is fixed in the hardware and cannot be changed.
In theory you may be able change the software so it doesn't use that IMEI number but the device's built-in IMEI number will not have changed.
milkyway3 said:
Also samsung devices come with pre loaded play music app and you cant uninstall it you can only disable it or remove updated imagine if they would give you root access the you can do any thing......
Click to expand...
Click to collapse
Yes, many manufacturers put in software that can't be removed.
In a device with root access, this would be pointless and could cause a device that comes with root access to be more expensive as manufacturers and carriers could end up with less money when the built-in apps can be removed.
milkyway3 said:
So,you have got your answer with the reason
Click to expand...
Click to collapse
The are the reasons that many if not all Phone/Tablet manufacturers currently do not allow root access but none of them are reasons that prevent this from happening.
A Phone/Tablet manufacturer could sell a phone with root access if they wanted to.
Droidriven said:
Actually, there are exceptions but they are rare, this for example.
https://www.oneclickroot.com/root-a...tablet-comes-pre-rooted-for-your-convenience/
Click to expand...
Click to collapse
It appears the 'Root 101' tablet is more of an idea then an an actual device.
The people behind it, started an IndieGoGo Campaign that failed to reach it's goal so it appears that device never actually got made.
milkyway3 said:
Its not worth spending your money on this
First of all it's features are not so good
The company is not popular and we don't even know weather it is a official license company or not
Even if your device fails to work you may not know where to go for service or maybe the service center could be too far from what you thought.
If this company is not licensed there may be chances of not getting your warranty properly authorized. Also you may not get the device's parts if your device doesn't works after few months......
There are many drawbacks and I prefer you to never believe in such kind of advertisements.....:angel::angel:
Regards milkyway3
Click to expand...
Click to collapse
I never said anything about actually getting the device. I posted it as just ONE example that there are devices that are manufactured with pre installed root, as I said, it may be rare but there are IN FACT devices that come with root. You just missed my point because you were trying to defend your original response. Try paying attention to what someone's response is actually saying.
Sent from my SCH-I535 using Tapatalk
Droidriven said:
I never said anything about actually getting the device. I posted it as just ONE example that there are devices that are manufactured with pre installed root, as I said, it may be rare but there are IN FACT devices that come with root. You just missed my point because you were trying to defend your original response. Try paying attention to what someone's response is actually saying.
Click to expand...
Click to collapse
I m sorry in this matter
But atleast my points were not useless
Regards milkyway3
jd2066 said:
This would also allow user to upgrade the software on the device without worrying about losing root because the updated software would already include root access.
Click to expand...
Click to collapse
If this is your main concern, another option to look at is systemless root.
Droidriven said:
Actually, there are exceptions but they are rare, this for example.
https://www.oneclickroot.com/root-a...tablet-comes-pre-rooted-for-your-convenience/
Click to expand...
Click to collapse
Some Xiaomi devices where pre rooted...
jd2066 said:
I was curious if there are any Android manufacturers out there that sell phones that let you access root via something like SuperSU being pre-installed and part of the devices software.
In that case, the device would be just like any PC that is sold to consumers that have this function built-in like PCs with Ubuntu for example that have su and sudo available to access root, PCs with Windows have UAC for Administrator Access and Macs with OS X have something similar to su from what I've read (I don't use OS X so I don't know for sure).
It would easier than finding a way to root an existing device and more secure because root access would be built-in to the software and one would not need a security vulnerability in the software to obtain root access.
This would also allow user to upgrade the software on the device without worrying about losing root because the updated software would already include root access.
Click to expand...
Click to collapse
Manufactures produced devices but operating system provided by Google. Google not allow stock root for several security reasons.
Hi,
I would like to flash few android devices with very basic operating system and one app only - like vPos system.
What will be ideal is:
Replace starting screen of the oem device with my own graphics.
Start my own app when the device is fully booted.
Have ability to change wifi network within the app.
Use 3g/4g connection within the app.
I know about locking device for one app only (kiosk mode), but this is now what I'm asking for here.
I will really appreciate any kind of help.
Many thanks...
FlexRoad
If u want to replace OS of ur phone with another one, you may try miracle box.
Run One App or Few Selected Apps with ease!
Absolutely, all that you have mentioned under the "ideal" part can be done easily with a kiosk lockdown software that needs no technical skills to set the device with one app or few selected apps from a web-based dashboard using a laptop or a desktop.
flexroad said:
Hi,
I would like to flash few android devices with very basic operating system and one app only - like vPos system.
What will be ideal is:
Replace starting screen of the oem device with my own graphics.
Start my own app when the device is fully booted.
Have ability to change wifi network within the app.
Use 3g/4g connection within the app.
I know about locking device for one app only (kiosk mode), but this is now what I'm asking for here.
I will really appreciate any kind of help.
Many thanks...
FlexRoad
Click to expand...
Click to collapse
This is a pretty common thing to do, actually.
What I would recommend you do is start with an AOSP build for the devices you want use, either by building one yourself (as in this tutorial, which has a similar goal), or by finding a pre-built AOSP-based rom around on these forums. (AOSP is kind of the closest one gets "just installing the OS"). After that, you could consider tweaking the build or modifying the image, but another alternative is just to use some type of MDM (mobile device management) solution for deploying your app, customizing the available options, locking things down, etc. (There are other MDM vendors beside Google as well.) This might be a good idea for something like a vPOS, because it inherently also gives you some amount of traceability and a "paper trail".
---------- Post added at 12:13 AM ---------- Previous post was at 12:08 AM ----------
geoff-codes said:
This is a pretty common thing to do, actually.
What I would recommend you do is start with an AOSP build for the devices you want use, either by building one yourself (as in this tutorial, which has a similar goal), or by finding a pre-built AOSP-based rom around on these forums. (AOSP is kind of the closest one gets "just installing the OS"). After that, you could consider tweaking the build or modifying the image, but another alternative is just to use some type of MDM (mobile device management) solution for deploying your app, customizing the available options, locking things down, etc. (There are other MDM vendors beside Google as well.) This might be a good idea for something like a vPOS, because it inherently also gives you some amount of traceability and a "paper trail".
Click to expand...
Click to collapse
This was going to be a much more helpful response, but apparently I can't link outside this site. So maybe Google search:
"intellectsoft blog build and run android from aosp source code to a nexus 7", "g suite manage your organization's mobile devices", and "G Suite Compare mobile management features"