With the new OTA, what still works to root?[RS/helpers]

Discussion in 'Android Hacks and Help' started by teddyearp, Dec 9, 2010.

  1. teddyearp
    Offline

    teddyearp Active Member

    Joined:
    Jan 13, 2010
    Messages:
    1,800
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Randle, WA
    Hey RS (and other) guys, just wanted to get something going here with the new 2.2.1/FRG22D update. We all know that any OTA breaks root. And so far we know that MC1's method still works to root 2.2.1. And I have read that z4root no longer works.

    What I would like input here on is since z4root uses the rageagainstthecage method, is it just something in z4root, or has the loophole opened by the rage file been closed now?

    I am at work now, but will be disecting at the actual FRG22d to FRG83D update file (thanks NetNathan) when I get home to get some ideas myself.
  2. furbearingmammal
    Offline

    furbearingmammal DF Super Moderator

    Joined:
    Jun 16, 2010
    Messages:
    10,354
    Likes Received:
    6
    Trophy Points:
    0
    Location:
    So far north in NY I smell maple syrup when the wi
    The version of 2.2.1 that hit the Nexus 1 was specifically designed to block the Unrevoked exploid. I have no idea how that worked, or what they did to block it, but that might give you an idea on where to start looking. Wish I was a bit more technically adept at digging into these things so I could be more help.
  3. teddyearp
    Offline

    teddyearp Active Member

    Joined:
    Jan 13, 2010
    Messages:
    1,800
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Randle, WA
    Well, I took a look at the new FRG83D OTA update file and I did see the script and files to replace the recovery image, I too, am not tech savvy enough to see where the other holes are closed.

    I mainly started this thread so we could have a central place to post, "Ok, I hear/read this is working, or not, etc". This way we can all try to stay on the same page.

    For example, guidot has posted in MC1's root any thread the he's got it from a few users that MC1's method still works with this update.

    Thanks folks.
  4. Railrider
    Offline

    Railrider New Member

    Joined:
    Jan 30, 2010
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    0
    Please Hurry...

    I unooted to get the update and now I can't get root access...this pisses me off!! I want my root back!!!:p
  5. teddyearp
    Offline

    teddyearp Active Member

    Joined:
    Jan 13, 2010
    Messages:
    1,800
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Randle, WA
    I understand your frustration, but this is not the intent of this thread. I am hoping for a collaboration of the methods that WORK with the new update, not questions for help in rooting after the update.

    good luck

    p.s., I just checked your profile and think you're already browsing the area as of the time of this post you need to fix yourself.
  6. teddyearp
    Offline

    teddyearp Active Member

    Joined:
    Jan 13, 2010
    Messages:
    1,800
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Randle, WA
    Well, I just read a very informative post in the Root any OS Thread by log. It doesn't involve how to root with the new update, but it does outline how to keep it by changing a couple of things. Note, this still has to be applied via a custom recovery image and only really works if you haven't removed a bunch opf your stock apps:

    Last edited: Dec 11, 2010
  7. log
    Offline

    log New Member

    Joined:
    Aug 26, 2010
    Messages:
    51
    Likes Received:
    0
    Trophy Points:
    0
    Teddy, I'm not sure about what exploit rageagainstthecage uses -- but one of the first applications I'm aware of that did something similar was "EasyRoot" and they used a hotplug/bluetooth exploit to get root access -- if you saw the OTA update that fixed the exploit (I think 2.1-> 2.2 FRG01B?) you can see they supply a new version of bluetooth/hotplug modules included.

    I would suggest first finding out what type of exploit does rageagainstthecage/z4 etc use, and they try to see if you can correlate with all the patches you see in end of the FRG83D updater-script, most likely in /system/lib/modules/*.so (these are shared "system" libraries that might have an OS level exploit that the tools take advantage of).

    Overall though, I would suggest that you do not attempt to disable these OS level patches since it really is a big security risk on your device if an application on the market can get root access (without your permission). Instead, try to preserve/get proper root access with known methods, and keep your system patched with latest updates so you can get the best of both worlds, a more secure device, with full access only for yourself :)
  8. furbearingmammal
    Offline

    furbearingmammal DF Super Moderator

    Joined:
    Jun 16, 2010
    Messages:
    10,354
    Likes Received:
    6
    Trophy Points:
    0
    Location:
    So far north in NY I smell maple syrup when the wi
    log, that's why DroidMod Updater 1.2 wasn't updated to include phone rooting. The implications for the Android community was incredible.

    teddy, I'm hearing reports that SuperOneClick or whatever the heck it's called still works to root after the 83D update.
  9. teddyearp
    Offline

    teddyearp Active Member

    Joined:
    Jan 13, 2010
    Messages:
    1,800
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Randle, WA
    log: Thanks for your info. The way I understood the 'EasyRoot' exploid was that it used some sort of hole in the sql. As furman said it _was_ going to be in a version of the now defunct DroidMod updater, and in fact was released/leaked very early on via the DM teams irc. However that hole was closed with the update from FRG01B to FRG22D (sorry furman, the letter at the end of the build # has nothing to do with a phone model ;)). I was suspecting that I needed to look closer at the *.so files as you suggest. The rage* attack needs to have usb debugging enabled on the target phone so that it can start all kinds of child threads until adb gives up and grants a (very temporary) rw access to /system. I don't even know exactly what I'm talking about, I'm just repeating what I _think_ I've read about how it works.

    Finally I am not looking for a way to keep root after the update. No. Everytime an OTA update rolls out, this forum is flooded with "how do I unroot" and then "how do I root" threads and then the multitudes of failures, thread, posts, cross posts, etc., of each as the information to do both usually also changes with every OTA update.

    @furman: Thanks, now I'm off to see what SuperOneRoot entails/uses. As a final note real quick, I know for a fact that z4root used the rage.

    I really hope this thread becomes usefull to all the mods, rs, and others like me who try to give our time here.

    p.s. a tiny bit of my info source:

    http://c-skills.blogspot.com/search?updated-max=2010-08-28T04%3A18%3A00-07%3A00&max-results=10
  10. furbearingmammal
    Offline

    furbearingmammal DF Super Moderator

    Joined:
    Jun 16, 2010
    Messages:
    10,354
    Likes Received:
    6
    Trophy Points:
    0
    Location:
    So far north in NY I smell maple syrup when the wi
    Not that this is probably really news, but installing the 22D master file from recovery will put you back at 22D, thereby allowing you to use z4root. But that kind of defeats the purpose of accepting the update in the first place...
  11. teddyearp
    Offline

    teddyearp Active Member

    Joined:
    Jan 13, 2010
    Messages:
    1,800
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Randle, WA
    Thanks for the info furman. But even better still thanks for the lead to SuperOneRoot as well. I found that SuperOneRoot uses the rageagainstthecage (RATC) adb attack by Sebastian Kramer as well. Check the OP. It has these letters in it: RATC. And if you 'google' that 'app' you will find the thread over at xda-developers. And there you will find mixed results for folks with a A855 Droid 1, more successes than failures. So what does that mean for us here?

    What we've known for a long time. One click root programs are usually a one hit wonder. Every update will usually break it somehow. However, in this instance if you go ahead and use the manual method of rooting with the RATC <sic> or MC1's method, we are still owning root.

    So to clarify, AFAIK here's the list of apps and programs that used the RATC attack:

    Soup or root. z4root. SuperOneRoot.

    Anyone else with more info is welcome to post.
  12. furbearingmammal
    Offline

    furbearingmammal DF Super Moderator

    Joined:
    Jun 16, 2010
    Messages:
    10,354
    Likes Received:
    6
    Trophy Points:
    0
    Location:
    So far north in NY I smell maple syrup when the wi
    Good work, teddy. I hesitate to recommend soup or root because I've seen several phones screwed up after using and and at least one user said it was locked onto his phone so tight he couldn't pry it off even with Chuck Norris helping (Titanium Backup). However, SuperOneClick seems to be a good alternative to z4root at the moment. Too bad it doesn't install recovery at the same time. Still, I have a workaround for that. :)
  13. teddyearp
    Offline

    teddyearp Active Member

    Joined:
    Jan 13, 2010
    Messages:
    1,800
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Randle, WA
    Yes, soup or root and super one root are programs that folks wrote for windows (well there's a linux v for super one root) that basically just automate the terminal/command prompt commands of using the RATC. And as such are subject to the same 'pickyness' as using RSD Lite IMHO.

    I would _think_ that z4root shoudl still work as it's right on the phone, however there's some talk about it either being pulled from the market, or not showing for FRG83D as this info is 'seen' by the market via the build.prop file.

    In any event, I don't give a rat's butt if I never find z4root in the market, as I (and anyone else who knows my secret hiding place) will have it forever if I want to. Not that I'd use it though . . .