5,597,762 Members 36,995 Now Online
XDA Developers Android and Mobile Development Forum

[DEV] Current Progress and Guides: CRACKED UBOOT!!! Roms and Kernels Comming Soon

Tip us?
 
Loglud
Old
(Last edited by Loglud; 10th January 2012 at 05:00 PM.)
#1  
Senior Member - OP
Thanks Meter 441
Posts: 199
Join Date: Jul 2011

 
DONATE TO ME
Default [DEV] Current Progress and Guides: CRACKED UBOOT!!! Roms and Kernels Comming Soon

This thread is designed for representation of the current progress on the Nook Tablet rooting and exploits, the second post will contain how to guides so you can learn to work on it for you self. REMEMBER I DO THIS FOR FUN, please respect the thread as well as others opinions

OLD UPDATES AT THE END OF THIS POST.

First off if you havenít read the wiki yet to know what is currently in the device you should look here.
Also you should look at the http://www.nooktabletdev.orgfor information on the Nook Tablet Development process. - Thanks to dj_segfault


Rooting Scripts
Windows: Root, OTA block, De-bloat, Gapps Thanks to Indirect
Mac/Linux: Rooting script Thanks to t-r-i-c-k
Mac/Linux: Root,OTA Block, Gapps

CURRENT PROGRESS

adb connection: COMPLETE
adb root: COMPLETE
busybox:COMPLETE
permanent root: COMPLETE BY INDIRECT
GApps and Market: COMPLETE BY INDIRECT & Anlog
recovery mode: COMPLETE BY nemith

THANKS TO NEMITH

bootloader: Locked and Signed Irrelevant

uboot: CRACKED BY BAUWKS

THANKS TO BAUWKS
Quote:
Originally Posted by Loglud View Post
bauwks method uses the flashing_boot.img to his advantage, and since it is not checked by security, effectively he has made an insecure uboot. While this is not an unlocked bootloader, it is a way to get around the security, and enable custom recovery and higher level processes to be run.

I have been looking at this line of code for a long time, and as im sure hkvc and bauwks saw it is a large (but 100% necessary) flaw:

distro/u-boot/board/omap4430sdp/mmc.c: 559 : setenv ("bootcmd", "setenv setbootargs setenv bootargs ${sdbootargs}; run setbootargs; mmcinit 0; fatload mmc 0:1 0x81000000 flashing_boot.img; booti 0x81000000");

Without this line of code, it would be impossible for any one but the factory whom could JTAG flash (but since it is secured, most likely they also have to make a flashing_boot.img).
12/9/11:


UBUNTU is here, thanks to ADAMOUTLER

http://www.youtube.com/watch?v=PwUg17pVWBs&hd=1
Keep in mind this is only an overlay verson but it is prof that one day we might be able to push roms and kernels over existing ones, then hijack then (next work) and then use them.


Please PM me or post if you know anything else, and or want to add anything.
Current list of devices:
HTC Rezound
Samsung Infuse 4G
Samsung Galaxy Nexus - CM10 Nightly
Barns & Noble Nook Tablet - CM9
Transformer TF201 - CM10 Nightly

Current projects:
[Dev] [NARS] [Mac & Linux] Nook Automated Rooting System
CASUAL

Quote:
If I have seen further it is only by standing on the shoulders of giants.
-Sir Isaac Newton
The Following 59 Users Say Thank You to Loglud For This Useful Post: [ Click to Expand ]
 
Loglud
Old
(Last edited by Loglud; 10th January 2012 at 06:02 PM.)
#2  
Senior Member - OP
Thanks Meter 441
Posts: 199
Join Date: Jul 2011

 
DONATE TO ME
Default Usefull threads

Usefull threads:

ROOTING:
Full root for Nook Tablet. [11/20/11] [Yes this is a permanent root!] Thanks to indirect
Noot Tablet - Easy root & Market on MAC (1 download, 1 script to run) Thanks to t-r-i-c-k
[Windows/Linux] Unroot and uninstall gApps for the nook tablet [Scripts] Thanks to indirect


MODS to Default Rom:
[Full Mod + Root + OTA block] Snowball-mod: Full Modification Root [1/6/2012] Thanks to cfoesch
[DEV][WIP] Enable init.d scripts and build.prop mods for Nook Tablet! Thanks to [DEV][WIP] Enable init.d scripts and build.prop mods for Nook Tablet! 1 Attachment(s) (Multi-page thread 1 2 3 ... Last Page)
Originally Posted By: diamond_lover


Kernels:
Coming Soon


ROMS:
Coming Soon


Current list of devices:
HTC Rezound
Samsung Infuse 4G
Samsung Galaxy Nexus - CM10 Nightly
Barns & Noble Nook Tablet - CM9
Transformer TF201 - CM10 Nightly

Current projects:
[Dev] [NARS] [Mac & Linux] Nook Automated Rooting System
CASUAL

Quote:
If I have seen further it is only by standing on the shoulders of giants.
-Sir Isaac Newton
The Following 5 Users Say Thank You to Loglud For This Useful Post: [ Click to Expand ]
 
Loglud
Old
(Last edited by Loglud; 10th January 2012 at 06:04 PM.)
#3  
Senior Member - OP
Thanks Meter 441
Posts: 199
Join Date: Jul 2011

 
DONATE TO ME
Default Guides

Table of Contents
  1. Enableing adb Connection (eab1)
  2. Rooting using zergRush (rug2)
  3. Installing busyboxy (ibb3)
  4. Permanent root (pr4) THANKS TO INDIRECT
  5. Installing GApps (aga5) THANKS TO ANLOG
  6. Full system restore/wipe (fsr6) THANKS TO INDIRECT


Enableing adb Connection (eab1)
  1. Install the andriod SDK that is required for your Operating system.

    NOTE: This will requries the SDK, and JDK both of which can be downloaded by clicking the links, downloading and installing it.

  2. Run the andriod SDK Manager and Install "Andriod SDK Platform-tools"
  3. Modify your adb_usb.ini file to read such as the following:

    Code:
    # ANDROID 3RD PARTY USB VENDOR ID LIST -- DO NOT EDIT.
    # USE 'android update adb' TO GENERATE.
    # 1 USB VENDOR ID PER LINE.
    0x2080
    This will be in your /home/{username}/.andriod/ folder for mac and linux
    This will be in your C:/Users/{username}/.andriod folder for Windows.



    ADB is now enabled for your device, however it is not ON your device. YOU MUST DO THIS EVERY TIME YOU WISH TO ADB INTO YOUR DEVICE.


  4. To do this you will need to download any app, and attempt to install it.
    You can use this app if you need.

  5. Click on the Package Installer, and then a prompt will pop up asking if you want change the settings to allow 3rd party apps.

    *DO NOT ENABLE IF YOU WISH TO ACCESS ADB*
    I am working on a way to have it enabled by default.

  6. In the settings page you should see *2* USB Debuggin modes.
  7. Press them both and accept the prompt.
  8. PLUG IN YOUR DEVICE.
    Note* You should see the Android Development icon on the bottom of the screen.

    ADB will now be able to see your device. How ever you will need to restart the server before it sees it.

Rooting using zergRush (rug2)
This is for the poeople whom have access to adb. You will also need this file. Unzip the file.
  1. Type in the following command (while in the folder with the zergRush Binary):
    Code:
    adb push ./zergRush /data/local
  2. Once thats installed run this:
    Code:
    adb shell chmod 777 /data/local/tmp
  3. And lastly:
    Code:
    adb shell /data/local/zergRush
  4. You are now rooted (only for this reboot)

Installing busyboxy (ibb3)
You will need root and the following busybox file.
  1. Type in the following command while in the location where busy box was downloaded to:
    Code:
    adb push ./busybox /data/local
  2. Busybox works by calling binaries from a file outside of /system/bin/. We must make this file by issuing the following command:
    Code:
    adb shell mkdir /data/busybox
  3. Lets make sure we can install busybox without permission probles:
    Code:
    adb shell chmod  777 /data/local/busybox
  4. Next install busybox in the folder:
    Code:
    adb shell /data/local/busybox --install
  5. We now need to take the /system/folder, and mount it as a writeable folder:
    Code:
    adb shell mount -rw -o remount /dev/block/platform/mmci-omap-hs.1/by-name/system /system
  6. Link it into bin:
    Code:
    adb shell ln -s /data/local/busybox /system/bin/busybox
    You now have busybox installed

Permanent root (pr4)
THANKS TO INDIRECT for Files and Scripts

We will need SU and Superuser.apk
  1. First we need to install the Superuser.apk:
    Code:
    adb wait-for-device install Superuser.apk
    adb remount
  2. Next lets go ahead and push the su application up to the /data/local/ folder
    Code:
    adb push su /data/local/
  3. Next we will need to change the permissions and cp su from the /data/local/ folder to the /system/bin/

    Code:
    adb shell chmod 4755 /data/local/su;mount -o remount,rw /dev/block/platform/mmci-omap-hs.1/by-name/system /system;busybox cp /data/local/su /system/bin
Installing GApps (eab1)
THANKS TO ANALOG and INDIRECT for Scripts

  1. First things first we need to download the GAPPS. The most reacent one is this one or get the most recent one here.
  2. Unzip and navigate to the most root folder of that package in your shell.

  3. We need to verify that adb is booting into root. To do this we can issue the command:
    Code:
    adb shell id
    If id doesn't return root then you will need to re-zergRush your device
  4. Now it is time for us to export the apps to the directories.

    Code:
    adb shell mount -o remount,rw /dev/block/platform/mmci-omap-hs.1/by-name/system /system
    adb push system/app/CarHomeGoogle.apk /system/app/
    adb shell chmod 644 /system/app/CarHomeGoogle.apk
    adb push system/app/FOTAKill.apk /system/app/
    adb shell chmod 644 /system/app/FOTAKill.apk
    adb push system/app/GenieWidget.apk /system/app/
    adb shell chmod 644 /system/app/GenieWidget.apk
    adb push system/app/GoogleBackupTransport.apk /system/app/
    adb shell chmod 644 /system/app/GoogleBackupTransport.apk
    adb push system/app/GoogleCalendarSyncAdapter.apk /system/app/
    adb shell chmod 644 /system/app/GoogleCalendarSyncAdapter.apk
    adb push system/app/GoogleContactsSyncAdapter.apk /system/app/
    adb shell chmod 644 /system/app/GoogleContactsSyncAdapter.apk
    adb push system/app/GoogleFeedback.apk /system/app/
    adb shell chmod 644 /system/app/GoogleFeedback.apk
    adb push system/app/GooglePartnerSetup.apk /system/app/
    adb shell chmod 644 /system/app/GooglePartnerSetup.apk
    adb push system/app/GoogleQuickSearchBox.apk /system/app/
    adb shell chmod 644 /system/app/GoogleQuickSearchBox.apk
    adb push system/app/GoogleServicesFramework.apk /system/app/
    adb shell chmod 644 /system/app/GoogleServicesFramework.apk
    adb push system/app/LatinImeTutorial.apk /system/app/
    adb shell chmod 644 /system/app/LatinImeTutorial.apk
    adb push system/app/MarketUpdater.apk /system/app/
    adb shell chmod 644 /system/app/MarketUpdater.apk
    adb push system/app/MediaUploader.apk /system/app/
    adb shell chmod 644 /system/app/MediaUploader.apk
    adb push system/app/NetworkLocation.apk /system/app/
    adb shell chmod 644 /system/app/NetworkLocation.apk
    adb push system/app/OneTimeInitializer.apk /system/app/
    adb shell chmod 644 /system/app/OneTimeInitializer.apk
    adb push system/app/Talk.apk /system/app/
    adb shell chmod 644 /system/app/Talk.apk
    adb push system/app/Vending.apk /system/app/
    adb shell chmod 644 /system/app/CarHomeGoogle.apk
    adb push system/etc/permissions/com.google.android.maps.xml /system/etc/permissions/
    adb push system/etc/permissions/features.xml /system/etc/permissions/
    adb push system/framework/com.google.android.maps.jar /system/framework/
    adb push system/lib/libvoicesearch.so /system/lib/
Now you have GApps installed from Anlog's. All Credits go to him and Indirect

Full system restore/wipe (fsr6)
THANKS TO INDIRECT

WARNING THIS WILL WIPE YOUR ENTIRE FILESYSTEM!!!
  1. Go into adb shell or terminal emulator.
  2. Issue command:
    Code:
    echo -n '0000' > /bootloader/BootCnt
  3. Next reboot your device by conventional methods or issue:
    Code:
    reboot
  4. Your nook will now restart and tell you it is resetting.
  5. You now have a clean slate!
The Following 2 Users Say Thank You to Loglud For This Useful Post: [ Click to Expand ]
 
Drewmungus
Old
#4  
Senior Member
Thanks Meter 55
Posts: 538
Join Date: Apr 2010
Got some links for howto's on the adb connection/root.
Samsung Galaxy Nexus(Prime!)CDMA/LTE:CM9
HTC EVO 3D: CM7
B&N Nook Tablet:Waiting for CM7/9
HTC EVO 4G:CM7
HTC G1:CM7
HTC Hero(CDMA):CM7
 
cgdash
Old
(Last edited by cgdash; 19th November 2011 at 07:48 PM.)
#5  
Member
Thanks Meter 2
Posts: 41
Join Date: May 2009
Yeah - if someone has details on how to adb connect and root, it'd be helpful to include links. I've yet to see specifics for either.
 
MechaGen
Old
#6  
MechaGen's Avatar
Senior Member
Thanks Meter 65
Posts: 259
Join Date: Sep 2008
Location: Fountain Inn, SC
Reserved

Sent from Tapatalk, NOOK Color CM7 Nightly's!
NOOK Color , CM10.1 1.1ghz, Nova Launcher
NOOK HD+, CM11 1/18 UNOFFICIAL
Samsung Galaxy Note; Stock UCMD3 Deodex, with Xposed
Samsung Galaxy Note II; Stock, 4.1.2
 
Loglud
Old
#7  
Senior Member - OP
Thanks Meter 441
Posts: 199
Join Date: Jul 2011

 
DONATE TO ME
I aplogize im still typing them up
 
Indirect
Old
#8  
Recognized Contributor
Thanks Meter 2940
Posts: 2,317
Join Date: Mar 2011
Location: Florida

 
DONATE TO ME
Damn loglud, I ended up beating you to the root lol. Sorry about that! D:



My Google Plus account
My Twitter
Shiftless evo shift developer
Nook Tablet developer-found root (here)

Quote:
Without developers this place would not be called XDA-Developers but something else, e.g Mobile Phone User Support Services For Ungrateful Nerds.
Developed on the following devices: Evo View, Nook Tablet, Evo Shift, Nexus S 4G (private), Evo 4G (private), Mytouch 4g Slide, Evo LTE, HTC One (In Progress), Moto X
 
scsione889
Old
#9  
scsione889's Avatar
Senior Member
Thanks Meter 150
Posts: 110
Join Date: Aug 2010
Location: Chicago-ish

 
DONATE TO ME
The Droid 2 and Droid X had locked bootloaders with the 'e-fuse' and Koush got around them and installed CWM with this...

http://www.koushikdutta.com/2010/08/...-recovery.html

What do you guys think? I don't have a NT yet to try anything (probably won't get one until sometime around x-mas).
HTC Droid Incredible 2
S-OFF, CM7

Nook Tablet
CM7 Alpha 1
 
Loglud
Old
#10  
Senior Member - OP
Thanks Meter 441
Posts: 199
Join Date: Jul 2011

 
DONATE TO ME
l
Quote:
Originally Posted by Indirect View Post
Damn loglud, I ended up beating you to the root lol. Sorry about that! D:
Its no problem at all. Hints why i posted these guides. I was hoping someone wouod figure it out. I found it last night too. It sucked cause im now back at my childhood home trying to get my macbook pro to boot fedora and windows. Im gonna repackage the root with Superoneclick. Thanks so much for your effort. Would you mind if i added that to the guides?

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes