Rooting Android

From Android Wiki

(Difference between revisions)
Jump to: navigation, searcha
(Start and connect to telnetd)
(Start and connect to telnetd)
Line 3: Line 3:
#Restart your phone
#Restart your phone
-
 
#Type telnetd and press enter - Yes, it will start up a Contact search, do not worry about this, just type telnetd and press enter (the enter button on the keypad).
#Type telnetd and press enter - Yes, it will start up a Contact search, do not worry about this, just type telnetd and press enter (the enter button on the keypad).
-
 
#Download an [http://android-dls.com/files/apps/Telnet.apk Android Telnet client] and connect to localhost.
#Download an [http://android-dls.com/files/apps/Telnet.apk Android Telnet client] and connect to localhost.
-
 
#you now have root!
#you now have root!

Revision as of 21:01, 20 November 2008

Start and connect to telnetd

This has been tested and is known to work on RC19 and RC29 on the G1. Google has already promised to patch this so check your version.

  1. Restart your phone
  2. Type telnetd and press enter - Yes, it will start up a Contact search, do not worry about this, just type telnetd and press enter (the enter button on the keypad).
  3. Download an Android Telnet client and connect to localhost.
  4. you now have root!


This gives you a root shell (basically, but not technically.... its confusing, dont ask) which you can use to gain more power.

Alternatively, you can use adb to forward a local port on your linux host to a port on the phone. This avoids the need to install a terminal on the phone:

# Type "telnetd\r" ON THE PHONE KEYBOARD, then:
adb forward tcp:9988 tcp:23
telnet localhost 9988

Add busybox

1: download busybox by tapping and holding (long pressing) this file and choosing save link to your sd card (using android browser)
2: remount system as read-write

mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system

3: copy and rename busybox.xxx to /system/bin/busybox

dd if=/sdcard/download/busybox.xxx of=/system/bin/busybox

4: make it executable

chmod 4755 /system/bin/busybox

5: go there

cd /system/bin/

6: this gives you cp (great for making more symlinks)

busybox cp -s busybox cp

7: start sh (on emulator enables up/down command memory)

busybox sh

8: to make more symlinks (busybox has hundreds of commands that are missing on G1) you do:

cp -s busybox <command>

for example, "cp -s busybox tar" will give you tar command :)

I would recommend you DO NOT OVERWRITE ANY EXISTING SYMLINKS!!! G1 has toolbox for most commands and the syntax is different. If you change the syntax, updates or scripts (like init.rc) could stop working.

P.S. if you want it all at once so you can paste it in one chunk, here you go:

mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
dd if=/sdcard/download/busybox.xxx of=/system/bin/busybox
chmod 4755 /system/bin/busybox
cd /system/bin/
busybox cp -s busybox cp
busybox sh

Protect your root

New updates from google are geared at taking all of this away from you. There are some things you can do to block OTA updates and even to keep root after you update. It is recommended that you do not merely block updates and stay at your current version because some bugs (especially the root bug) can pose a serious risk to security and privacy if left un-patched.

Personal tools