Hi devs,
Are you aware of any work (for other Android phones, for instance), where an altered mtd kernel driver was used to allow (raw) root access anyplace within flash memory? (For example, maybe a raw pseudo-partition which overlaps all the other partitions?) The stock mtd driver creates devices in the kernel device tree only for specific partition slices (boot, system, recovery, data, cache) - for obvious safety and security reasons.
After all these months, I stumbled across this tonight
I had never seen references in the Eris forums to the misc3, mfg, sp1, misc2, or mfg2 partitions - I suppose one or more are for boot images. Maybe interesting to boot a kernel image that had access to them, and have a peek at them?
bftb0
Are you aware of any work (for other Android phones, for instance), where an altered mtd kernel driver was used to allow (raw) root access anyplace within flash memory? (For example, maybe a raw pseudo-partition which overlaps all the other partitions?) The stock mtd driver creates devices in the kernel device tree only for specific partition slices (boot, system, recovery, data, cache) - for obvious safety and security reasons.
After all these months, I stumbled across this tonight
Code:
C:\foo>fastboot oem listpartition
...
INFO[radio]:(OTHER) block start=0, size=332 (42496 KB)
INFO[hboot]:(RAW) block start=333, size=6 (768 KB)
INFO[misc3]:(RAW) block start=339, size=2 (256 KB)
INFO[mfg]:(RAW) block start=341, size=2 (256 KB)
INFO[sp1]:(RAW) block start=343, size=6 (768 KB)
INFO[misc2]:(RAW) block start=349, size=3 (384 KB)
INFO[mfg2]:(RAW) block start=352, size=3 (384 KB)
INFO[recovery]:(RAW) block start=355, size=40 (5120 KB)
INFO[boot]:(RAW) block start=395, size=20 (2560 KB)
INFO[system]:(YAFFS) block start=415, size=1360 (179520 KB)
INFO[cache]:(YAFFS) block start=1775, size=1040 (137280 KB)
INFO[userdata]:(YAFFS) block start=2815, size=1276 (168432 KB)
INFO[misc]:(RAW) block start=4091, size=5 (640 KB)
INFO[microp]:(OTHER) block start=0, size=0 (0 KB)
INFO[nv]:(OTHER) block start=0, size=0 (0 KB)
INFO[tp-melfas]:(OTHER) block start=0, size=0 (0 KB)
OKAY [ 0.071s]
finished. total time: 0.071s
I had never seen references in the Eris forums to the misc3, mfg, sp1, misc2, or mfg2 partitions - I suppose one or more are for boot images. Maybe interesting to boot a kernel image that had access to them, and have a peek at them?
bftb0