RC30 Root Attempts

From Android Wiki

Revision as of 01:49, 2 August 2009 by Tonyb486 (Talk | contribs)
Jump to: navigation, searcha


How to get root on any (current) G1

Downgrading to RC29

That's right, it can be done!

It involves using the HTC bootloader (the red, green, and blue diagnostic screen, which does not check versions) to downgrade to RC29, then exploiting the root shell bug. Full steps, from RC30 stock to JesusFreke's modded RC30 update, are available here: Root For RC30.

More information about the downgrade part of the process (and pictures of the HTC bootloader doing its thing) are here: [1].

List of tried and failed attempts and keeping RC30 from removing root access

Adding setuid shells (sh) to different locations (tested on RC30 patch only)

Once root was obtained, a setuid root version of sh was copied to different locations in an attempt to have one live past the update. Update script seems to have completely changed all permissions in /system to foil this attempt.

This is because update script will recursively remove suid bit and then set it for a few binaries:

$ grep set_perm META-INF/com/google/android/update-script 
set_perm_recursive 0 0 0755 0644 SYSTEM:
set_perm_recursive 0 2000 0755 0755 SYSTEM:bin
set_perm 0 3004 02755 SYSTEM:bin/ping
set_perm 0 3003 02755 SYSTEM:bin/netcfg
set_perm 1002 1002 0440 SYSTEM:etc/dbus.conf
set_perm 0 2000 0550 SYSTEM:etc/init.goldfish.sh
set_perm 1002 1002 0440 SYSTEM:etc/hcid.conf
set_perm 1014 2000 0550 SYSTEM:etc/dhcpcd/dhcpcd-run-hooks

Working root after RC30

A method has been found that lets you install a modifified RC30, provided you haven't yet installed an official RC30.

Personal tools