5,597,762 Members 36,439 Now Online
XDA Developers Android and Mobile Development Forum

[Root & Bootloader Unlock] Docomo Optimus G

Tip us?
 
jcase
Old
(Last edited by jcase; 22nd January 2013 at 03:56 AM.) Reason: Posting guide
#1  
jcase's Avatar
Forum Moderator / Senior Recognized Developer - Taco Vendor - OP
Thanks Meter 5441
Posts: 3,077
Join Date: Feb 2010
Location: Sequim WA

 
DONATE TO ME
Default [Root & Bootloader Unlock] Docomo Optimus G

Original source: http://www.androidpolice.com/2013/01...-lg-optimus-g/

Credits:
adb backdoor: giantpune
Duct tape guru: jcase
bootloader: Team Codefire http://forum.xda-developers.com/show....php?t=2001655
Testers: Shados and germes81m

Donations:
For giantpune : Paypal to giantpune@gmail.com
For jcase : http://forum.xda-developers.com/dona....php?u=2376614

Download: http://d-h.st/d6p

Files: (Verify the MD5s before proceeding)
MD5 (boot.img) = 175c1bdaabbbbcbd7a4b69a315057e5b
MD5 (hotplug) = 9fbef20822281a2dd546b3e43d8c30dd
MD5 (lk.img) = bc54a6a730658550713a0779b30bf6b7
MD5 (unlock.sh) = 3871c2dde3d6b1d99d27ffa4021c81d3


Fastboot Drivers (needed for windows):
http://forum.xda-developers.com/show....php?t=1996051

Notice:
This is an at your own risk kind of thing, if your phone becomes damaged or data lost, your
fault not mine. This does install a unsecured (ro.secure=0) boot image in the process, this
does potentially open your device to security risks (as do most customized firmwares.)


Story:
The Docomo Optimus G ships with a mandatory access control system, that prevents
remounting system, reading boot, executing some things as root, etc general pain in the butt.

We are using a backdoor found by giantpune (and later by Juggie). The backdoor is partially
broken on this device due to the MAC, so it does not yield a root shell for us. However we
can still use it with a couple extra steps to unlock the bootloader\s. We are also going to
install a modified boot img, that removes some of the phone's security features, and allows
us to actually have root access.

Notes:
Graphic glitches will occur while in the bootloader, you will have to use the bootloader 'blind'


Follow directions exactly.

Directions:


Code:
adb push lk.img /data/local/tmp/lk.img

adb push unlock.sh /data/local/tmp/unlock.sh

adb shell chmod 755 /data/local/tmp/unlock.sh

adb shell touch /sdcard/g_security
Disable USB Debugging, then enable usb debugging

Code:
adb shell id
Should recieve an error about not executing /system/bin/sh, this is what we want. If you
don't have the error, start over.

Code:
adb push hotplug /proc/sys/kernel/hotplug
Now toggle bluetooth once, and wait for your phone to display a garbaled screen (the bootloader).
If it displays a blank screen instead of a garbled screen, pull battery, reboot and run 'adb reboot bootloader'

Code:
fastboot devices
If you see your device listed, continue. If not then find the proper drivers, and then
continue.

Code:
fastboot flash boot boot.img
fastboot reboot
adb shell /sbin/rootme.sh
If your phone does not reconnect to your mobile network, try rebooting it serveral times.
If it does not still, then reflash stock firmware.

We are using supersu, and the app https://play.google.com/store/apps/d...infire.supersu
is needed.
Do NOT email me asking for help rooting your device.

Something important?
Email: jcase@cunninglogic.com

Like Android security topics? Join our G+ community -> https://plus.google.com/communities/...07618051049043
My Bitcoin address : 1Newifz6yETTmbziCsZZstmHHPH6ejNr75
The Following 14 Users Say Thank You to jcase For This Useful Post: [ Click to Expand ]
 
wangzhiqiang
Old
#2  
Member
Thanks Meter 6
Posts: 64
Join Date: Jan 2013
could you please make a tool to root 4.1.2?thanks!until now i can't find a way to root it.
 
jcase
Old
#3  
jcase's Avatar
Forum Moderator / Senior Recognized Developer - Taco Vendor - OP
Thanks Meter 5441
Posts: 3,077
Join Date: Feb 2010
Location: Sequim WA

 
DONATE TO ME
Quote:
Originally Posted by wangzhiqiang View Post
could you please make a tool to root 4.1.2?thanks!until now i can't find a way to root it.
Wrong place to ask
Do NOT email me asking for help rooting your device.

Something important?
Email: jcase@cunninglogic.com

Like Android security topics? Join our G+ community -> https://plus.google.com/communities/...07618051049043
My Bitcoin address : 1Newifz6yETTmbziCsZZstmHHPH6ejNr75
 
xonar_
Old
#4  
Senior Member
Thanks Meter 601
Posts: 806
Join Date: Jun 2012
Location: Between here and there
Quote:
Originally Posted by jcase View Post




I ran out of time, and without the device it is a PITA. I believe something in the kernel is protecting system, possible SEAndroid or something with similar protections.

Will be going back at this later this week, any ideas?
I don't have a Optimus G or a varient therof. I'm just helping a guy extracting the *.tot file and I came accross this.

and looking at the ls output

Quote:
-rwsr-s-r-x root root su
Its wrong. Setuid bit is not set for other and it won't allow for increasing permissions when run.
LG Bin Firmware Extractor

Moto G has arrived.

A programmer's only limit is his imagination - and time. Time being the only practical limiting factor.

Old, but not forgotten : LG Optimus Black
 
khengvantha
Old
#5  
Member
Thanks Meter 0
Posts: 33
Join Date: Feb 2005
Location: Phnom Penh
Quote:
Originally Posted by xonar_ View Post
I don't have a Optimus G or a varient therof. I'm just helping a guy extracting the *.tot file and I came accross this.

and looking at the ls output



Its wrong. Setuid bit is not set for other and it won't allow for increasing permissions when run.
There are too many seperate partitions in tot file, any idea to combine ?
 
xonar_
Old
#6  
Senior Member
Thanks Meter 601
Posts: 806
Join Date: Jun 2012
Location: Between here and there
Quote:
Originally Posted by khengvantha View Post
There are too many seperate partitions in tot file, any idea to combine ?
Yes. I'll be able to work on it more on Sunday. I'm going to be busy till then. (Or maybe I can sneak in an hour somewhere before then)

And it's a bit OT here. Not much to do with rooting Docomo Optimus G .
LG Bin Firmware Extractor

Moto G has arrived.

A programmer's only limit is his imagination - and time. Time being the only practical limiting factor.

Old, but not forgotten : LG Optimus Black
 
jcase
Old
#7  
jcase's Avatar
Forum Moderator / Senior Recognized Developer - Taco Vendor - OP
Thanks Meter 5441
Posts: 3,077
Join Date: Feb 2010
Location: Sequim WA

 
DONATE TO ME
Yes this wasn't the issue.

Quote:
Originally Posted by xonar_ View Post
I don't have a Optimus G or a varient therof. I'm just helping a guy extracting the *.tot file and I came accross this.

and looking at the ls output



Its wrong. Setuid bit is not set for other and it won't allow for increasing permissions when run.
Do NOT email me asking for help rooting your device.

Something important?
Email: jcase@cunninglogic.com

Like Android security topics? Join our G+ community -> https://plus.google.com/communities/...07618051049043
My Bitcoin address : 1Newifz6yETTmbziCsZZstmHHPH6ejNr75
 
xonar_
Old
(Last edited by xonar_; 19th January 2013 at 08:28 PM.) Reason: fix typo
#8  
Senior Member
Thanks Meter 601
Posts: 806
Join Date: Jun 2012
Location: Between here and there
Quote:
Originally Posted by jcase View Post
Yes this wasn't the issue.
What does logcat say?

Try creating a minimalistic binary

Code:
#include <sys/types.h>
#include <unistd.h>
#include <stdio.h>
#include <errno.h>
#include <string.h>

int main()
{
  if(setuid(0)==-1)
  {
    printf("Failed Setting Root UID : %s",strerror(errno));
  }
  else
  {
    printf("Success!\nCurrent UID : %d",getuid());
  }

  return 0;
}
LG Bin Firmware Extractor

Moto G has arrived.

A programmer's only limit is his imagination - and time. Time being the only practical limiting factor.

Old, but not forgotten : LG Optimus Black
 
jcase
Old
#9  
jcase's Avatar
Forum Moderator / Senior Recognized Developer - Taco Vendor - OP
Thanks Meter 5441
Posts: 3,077
Join Date: Feb 2010
Location: Sequim WA

 
DONATE TO ME
It failed, Docomo used a MAC (ccs-init/ccs-audit). We got the bootloader unlocked yesterday, so we can removed the access control. I'll post details in the morning.

Quote:
Originally Posted by xonar_ View Post
What does logcat say?

Try creating a minimalistic binary

Code:
#include <sys/types.h>
#include <unistd.h>
#include <stdio.h>
#include <errno.h>
#include <string.h>

int main()
{
  if(setuid(0)==-1)
  {
    printf("Failed Setting Root UID : %s",strerror(errno));
  }
  else
  {
    printf("Success!\nCurrent UID : %d",getuid());
  }

  return 0;
}
Do NOT email me asking for help rooting your device.

Something important?
Email: jcase@cunninglogic.com

Like Android security topics? Join our G+ community -> https://plus.google.com/communities/...07618051049043
My Bitcoin address : 1Newifz6yETTmbziCsZZstmHHPH6ejNr75
The Following 3 Users Say Thank You to jcase For This Useful Post: [ Click to Expand ]
 
chacho_2me
Old
(Last edited by chacho_2me; 21st January 2013 at 11:34 PM.)
#10  
Senior Member
Thanks Meter 54
Posts: 487
Join Date: Aug 2011
DOCOMO LG OPTIMUS G user here..how can I help sir Jcase?

EDITTEDT: you know how to flash stock firmware if there would be any issues?
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes