Getting Custom Kernels Running on the Droid X

[KHeeney5]

Do you have any ideas, alias?

Has he been able to root the 2.3 X?





Sent from my DROIDX

Unfortunately no. Moto implemented some new method of blocking root access, and he nor I or anyone else have been able to even figure out how moto is blocking it, let alone how to hack it. Its only a matter of time though, we'll have root eventually

Actually its the new Linux kernel. It fixes the security flaws that we used to elevate to root.

Sent from my DROIDX

 

[aliasxerog]

Well, I've been doing some pentesting on it, and I could get myself in using a security flaw with adb and metasploit. I'm looking into a better method, though, because that route bricked my phone (god I do that so often). I'm looking into a good ol' buffer overflow, but I haven't had time to write it yet.

 

[currentweb]

Well, I've been doing some pentesting on it, and I could get myself in using a security flaw with adb and metasploit. I'm looking into a better method, though, because that route bricked my phone (god I do that so often). I'm looking into a good ol' buffer overflow, but I haven't had time to write it yet.

When you say 'get in', do you mean you actually loaded a custom kernal or did you just get past the bootloader? Oh, and good luck with the buffer overflow, that actually might work AND be easy to do for most people

 

[Jordan8]

Well, I've been doing some pentesting on it, and I could get myself in using a security flaw with adb and metasploit. I'm looking into a better method, though, because that route bricked my phone (god I do that so often). I'm looking into a good ol' buffer overflow, but I haven't had time to write it yet.

When you say 'get in', do you mean you actually loaded a custom kernal or did you just get past the bootloader? Oh, and good luck with the buffer overflow, that actually might work AND be easy to do for most people

Pretty sure he's referring to the kinda root access we have now on the DX, but on 2.3

 

[black68gtx]

I've been a linux kernel developer for years and recently got a Droid X. The first thing I did was root it and install a pretty unraped froyo ROM I found these forums. I really, really want to install cyanogenmod on the phone because it would be pretty sweet. My idea consists of booting up in to the standard kernel and having a custom init to use kexec(8) to bootstrap the custom kernel. This would completely bypass the whole locked-crazy-omg-efuse-killer thing. Even if the standard kernel doesn't have kexec(8) enabled you can still execute a linux kernel because it is a relocatable elf on most systems. The whole setup isn't ideal but it could get custom kernels running until there is a better solution.

EDIT: If the are any android devs that know the system inside and out I would absolutely love your help.

I loaded wireless tether for rooted and got a messae about the Linus Kernal. I went to their FAQ site and found this:
If the feature "CONFIG_NETFILTER_XT_MATCH_MAC" is missing the "access control"-feature will not work correctly (you will see a "failed"-status in "Show log" for "Enabling access control"). To detect if all kernel-option were enabled in your current kernel the following kernel-options should be enabled: CONFIG_PROC_FS, CONFIG_IKCONFIG, and CONFIG_IKCONFIG_PRO. This dumps the current kernel-config to /proc/config.gz.
Should I be concerned?

 

[mrksbrd]

Just an idea, but can the same process be implemented as hacking the gaming consoles to play backup games? Basically they implement code prior to actual boot process that tricks the system to show it is a original game, but allows you to boot backups/homebrew apps & games.

 

[teh_g]

Just an idea, but can the same process be implemented as hacking the gaming consoles to play backup games? Basically they implement code prior to actual boot process that tricks the system to show it is a original game, but allows you to boot backups/homebrew apps & games.

No. None of the game consoles are Linux-y enough to run the kexec. The Wii has software mods you can use already. PS3 is basically soft-modded.

 

[yurdle]

Just an idea, but can the same process be implemented as hacking the gaming consoles to play backup games? Basically they implement code prior to actual boot process that tricks the system to show it is a original game, but allows you to boot backups/homebrew apps & games.

No. None of the game consoles are Linux-y enough to run the kexec. The Wii has software mods you can use already. PS3 is basically soft-modded.

I may be wrong but I think he meant can we use the meathod the game consoles use to make the bootloader on the Droid X think its booting official software...
either way I still believe the answer is no as we don't know any of the security keys we would need to know.

Sent from my DROIDX using DroidForums App

 

[furbearingmammal]

A guy who got Ubuntu running on his Droid 2 had an idea of modding the bootstrapper to force boot something -- but that's as far as his musing went. I might be able to dig up the thread and put you in contact with him if he hasn't contacted you yet.

 

[mrksbrd]

Just an idea, but can the same process be implemented as hacking the gaming consoles to play backup games? Basically they implement code prior to actual boot process that tricks the system to show it is a original game, but allows you to boot backups/homebrew apps & games.

No. None of the game consoles are Linux-y enough to run the kexec. The Wii has software mods you can use already. PS3 is basically soft-modded.

I may be wrong but I think he meant can we use the meathod the game consoles use to make the bootloader on the Droid X think its booting official software...
either way I still believe the answer is no as we don't know any of the security keys we would need to know.

Sent from my DROIDX using DroidForums App

Yes...sorry I wasn't exactly clear enough. I had just been up for about 23 hours when I wrote the idea..lol. I guess the encryption has alot to do with it since gaming consoles don't need to be all that secure like phones do. But I do like to think as an optimist

 

[Jaxidian]

The ps3 has a similar setup (in concept) to what we're working with here. It was hacked by somebody discovering the private key. If we had that, we wouldn't be discussing this.

Sent from my DROIDX using DroidForums App

 

[kicker22004]

Has he been able to root the 2.3 X?





Sent from my DROIDX

Unfortunately no. Moto implemented some new method of blocking root access, and he nor I or anyone else have been able to even figure out how moto is blocking it, let alone how to hack it. Its only a matter of time though, we'll have root eventually

Actually its the new Linux kernel. It fixes the security flaws that we used to elevate to root.

would the same method root the new Kernel that rooted the 3.4.2 version that p3droid put out? i know it was Froyo but he couldn't root it and thought that it could help us root Gingi. Anyways if so that 3.4.2 version has been rooted.

 

[sephtin]

Well, I've been doing some pentesting on it, and I could get myself in using a security flaw with adb and metasploit. I'm looking into a better method, though, because that route bricked my phone (god I do that so often). I'm looking into a good ol' buffer overflow, but I haven't had time to write it yet.

When you say 'get in', do you mean you actually loaded a custom kernal or did you just get past the bootloader? Oh, and good luck with the buffer overflow, that actually might work AND be easy to do for most people

Finally happened, and THIS is why they patched it to take away any easy method of getting root in the first place... (to those that are/were upset that Google/Moto would do such a horrible thing as patch their security flaws...

The Mother Of All Android Malware Has Arrived: Stolen Apps Released To The Market That Root Your Phone, Steal Your Data, And Open Backdoor | Android News, Reviews, Apps, Games, Phones, Tablets, Tips, Mods, Videos, Tutorials - Android Police

 

[Jaxidian]

Finally happened, and THIS is why they patched it to take away any easy method of getting root in the first place... (to those that are/were upset that Google/Moto would do such a horrible thing as patch their security flaws...

The Mother Of All Android Malware Has Arrived: Stolen Apps Released To The Market That Root Your Phone, Steal Your Data, And Open Backdoor | Android News, Reviews, Apps, Games, Phones, Tablets, Tips, Mods, Videos, Tutorials - Android Police

Yeah, I hate those !@%$ people that ruin the party for all the rest of us...

So this means that Google now needs to add an official way to root Android safely and securely, right?

 

[luigi90210]

Just an idea, but can the same process be implemented as hacking the gaming consoles to play backup games? Basically they implement code prior to actual boot process that tricks the system to show it is a original game, but allows you to boot backups/homebrew apps & games.

im an old xbox hacker so i can probably explain this to you and i can possible explain why it wont work on the droid x

well pretty much the dvd drive has its own programming that the console software references when trying to see if a game is legit or not
so pretty much when team xecuter and C4Eva rewrote the dvd drive firmware they added code they knew you could add to the game's .iso file(IE ssv1,ssv2, and ssv3)
so pretty much the xbox dvd drives custom firmware looks for the original security files found on retail copies or the newly added ones(ssv1,ssv2,ssv3) to give the xbox the response its looking for to allow you to play the games

C4Eva and team xecuter can rewrite the dvd drive firmware because the dvd drive isnt locked down like our bootloaders are on the droid x plus the bootloader is the only way to load new firmware onto the device(kind of like how the xbox software relies on the dvd drives response to play the game or not)

hope this explains a bit
luigi90210


EDIT:
this just dawned on me but if we can find an exploit like the jtag exploit on the xbox 360 we might be able to run custom firmware without much hackery involved
pretty much what the jtag exploit is getting the device into engineering mode and rewriting the bootloader to not check for signatures
im pretty sure that this has been tried on this phone and older phones locked down like this(IE milestone) but its worth a shot(although i think this method has a better outcome)