5,604,443 Members 48,606 Now Online
XDA Developers Android and Mobile Development Forum

PSA: The new OTA (build 12840) patches the bootloader exploit used to obtain root

Tip us?
 
cammykool
Old
#41  
cammykool's Avatar
Senior Member
Thanks Meter 301
Posts: 1,021
Join Date: Sep 2011
Location: Aurora Colorado
so my goddamn chromecast pdated while i was flashing the new xploit...


Quote:
Originally Posted by cyanogen View Post
I mean this with the utmost respect: go eat a bowl of dicks.
Current Phone: Verizon Samsung Galaxy S3

Current Tablet: Hisense Sero 7 Pro

Current MP3 Player:  Apple iPod Touch 3rd Generation 32gb

Current BS Devices:
FreedomPop HTC Evo 4G (no perminant rom as of now)

LG Optimus S (Purple) (CM11 KitKat)

Previous Devices:
LG Optimus V (tvall CM9)
VZW Moto DROID (Kfazz CM10)

 
ddggttff3
Old
#42  
ddggttff3's Avatar
Recognized Contributor / Recognized Developer
Thanks Meter 760
Posts: 593
Join Date: Dec 2009
Location: Twin Cities, MN

 
DONATE TO ME
Quote:
Originally Posted by cammykool View Post
so my goddamn chromecast pdated while i was flashing the new xploit...
Sucks Man :/

Every reflash, first thing I do is kill the update_engine service, delete /cache/temp-ota.zip, then edit /data/updater/prefs/preveous-version to say 12840. I think this is tricking it, because every time I do this, it does not create a new temp-ota.zip, which means it is no longer trying to update. We will see though.
Devices:
Nexus 5
Nexus 7 2013
Samsung Note 10.1
Nexus Q
Too Many Chromecasts

Retired:
GS3, Droid Bionic, N7 2012, Droid X, HTC Vogue
 
tvall
Old
#43  
tvall's Avatar
Senior Member
Thanks Meter 795
Posts: 2,183
Join Date: Oct 2010
Location: Springfield
well... its too late to save cammys chromecast, but i made a new image without update_engine. I'm working on the recovery, but its not an android boot image. I'll do my best on it, but not sure what it is exactly.

no idea if update_engine is vital to anything except updating. and im not entirely sure its vital to updating.

give me a hour or so and i'll post a couple of different images that kill updating in a few different ways.
my work
optimus v:
iho magpie

dream/sapphire:
DREAMTeam Froyo, United ICS, and tvall's cm7

misc:
the first chromecast system image without bootloader updates or auto updating - obsolete

If you'd like to donate to me, i accept bitcoins and electronics
BTC - 1titsVyrUw8pGEDF6Jqdh56cZjBRYAQjQ
 
ddggttff3
Old
#44  
ddggttff3's Avatar
Recognized Contributor / Recognized Developer
Thanks Meter 760
Posts: 593
Join Date: Dec 2009
Location: Twin Cities, MN

 
DONATE TO ME
Quote:
Originally Posted by tvall View Post
well... its too late to save cammys chromecast, but i made a new image without update_engine. I'm working on the recovery, but its not an android boot image. I'll do my best on it, but not sure what it is exactly.

no idea if update_engine is vital to anything except updating. and im not entirely sure its vital to updating.

give me a hour or so and i'll post a couple of different images that kill updating in a few different ways.
when killed in logcat, it shows this:

Code:
I/logwrapper( 1473): /chrome/update_engine terminated by signal 15
I/update_engine( 1491): [0801/190057:INFO:main.cc(77)] Eureka Update Engine starting
I/update_engine( 1491): [0801/190057:INFO:update_check_scheduler.cc(64)] Next update check in 2700 seconds
I/update_engine( 1491): [0801/190057:INFO:string_based_ipc_server.cc(59)] Start IPC server: updater
I/update_engine( 1491): [0801/190057:INFO:unix_stream_server_socket.cc(59)] Unix server socket is created: updater
so it seems to only be for updating
Devices:
Nexus 5
Nexus 7 2013
Samsung Note 10.1
Nexus Q
Too Many Chromecasts

Retired:
GS3, Droid Bionic, N7 2012, Droid X, HTC Vogue
 
tvall
Old
(Last edited by tvall; 2nd August 2013 at 01:57 AM.)
#45  
tvall's Avatar
Senior Member
Thanks Meter 795
Posts: 2,183
Join Date: Oct 2010
Location: Springfield
looking at the recovery, it appears to create a wifi network with the name eureka_recovery, and starts dnsmasq. there is also adb, but apparently it doesnt have a usb interface for it.

there is a flash_bootloader binary. I'm assuming it flashes the bootloader. so i guess if i remove it, it can't flash the bootloader.

edit: so this recovery seem to have a menu, just like any android recovery. if only we had input and stuff..

edit 2: my chromebooks battery is low, and its update_engine_client is informing me there is an update. I'm going to let it charge and relax for a bit. maybe I'll have more ideas when i get back on.

edit 3: check the permissions on the kernel partition. it may be something a simple chmod could fix

edit 4: the recovery will attempt to install a file called ota.zip from a usb drive if there is no ota on /cache. someone should try it

edit 5: going to go cuddle with the fiancee and let the chromebook update and charge. may be back on later. good luck everyone. I'll post something by midnight
my work
optimus v:
iho magpie

dream/sapphire:
DREAMTeam Froyo, United ICS, and tvall's cm7

misc:
the first chromecast system image without bootloader updates or auto updating - obsolete

If you'd like to donate to me, i accept bitcoins and electronics
BTC - 1titsVyrUw8pGEDF6Jqdh56cZjBRYAQjQ
 
ddggttff3
Old
(Last edited by ddggttff3; 2nd August 2013 at 01:54 AM.)
#46  
ddggttff3's Avatar
Recognized Contributor / Recognized Developer
Thanks Meter 760
Posts: 593
Join Date: Dec 2009
Location: Twin Cities, MN

 
DONATE TO ME
Quote:
Originally Posted by tvall View Post
looking at the recovery, it appears to create a wifi network with the name eureka_recovery, and starts dnsmasq. there is also adb, but apparently it doesnt have a usb interface for it.

there is a flash_bootloader binary. I'm assuming it flashes the bootloader. so i guess if i remove it, it can't flash the bootloader.

edit: so this recovery seem to have a menu, just like any android recovery. if only we had input and stuff..

edit 2: my chromebooks battery is low, and its update_engine_client is informing me there is an update. I'm going to let it charge and relax for a bit. maybe I'll have more ideas when i get back on.
For an idea, dont delete flash_bootloader as that would cause the update zip to fail. Maybe try setting ro.factorytest=0 to ro.factorytest=1 in the build.prop in recovery? for all we know, that may disable signature verification!

EDIT: Nevermind, ignore my stupidity. Let me know what you come up with!

EDIT2: Permissions seem fine
Quote:
brw------- root root 31, 0 2009-02-13 17:31 mtdblock0
brw------- root root 31, 1 2009-02-13 17:31 mtdblock1
brw------- root root 31, 10 2009-02-13 17:31 mtdblock10
brw------- root root 31, 11 2009-02-13 17:31 mtdblock11
brw------- root root 31, 2 2009-02-13 17:31 mtdblock2
brw------- root root 31, 3 2009-02-13 17:31 mtdblock3
brw------- root root 31, 4 2009-02-13 17:31 mtdblock4
brw------- root root 31, 5 2009-02-13 17:31 mtdblock5
brw------- root root 31, 6 2009-02-13 17:31 mtdblock6
brw------- root root 31, 7 2009-02-13 17:31 mtdblock7
brw------- root root 31, 8 2009-02-13 17:31 mtdblock8
Devices:
Nexus 5
Nexus 7 2013
Samsung Note 10.1
Nexus Q
Too Many Chromecasts

Retired:
GS3, Droid Bionic, N7 2012, Droid X, HTC Vogue
 
itmustbejj
Old
#47  
itmustbejj's Avatar
Senior Member
Thanks Meter 38
Posts: 812
Join Date: Jun 2010
Location: Indianapolis

 
DONATE TO ME
Quote:
Originally Posted by ddggttff3 View Post
Sucks Man :/

Every reflash, first thing I do is kill the update_engine service, delete /cache/temp-ota.zip, then edit /data/updater/prefs/preveous-version to say 12840. I think this is tricking it, because every time I do this, it does not create a new temp-ota.zip, which means it is no longer trying to update. We will see though.
In the interim, is this still an effective way to keep it from updating? I unplugged mine this morning before I went to work and I'm heading home. Just trying to figure out a way to still be able to use it without it updating.
 
ddggttff3
Old
#48  
ddggttff3's Avatar
Recognized Contributor / Recognized Developer
Thanks Meter 760
Posts: 593
Join Date: Dec 2009
Location: Twin Cities, MN

 
DONATE TO ME
Quote:
Originally Posted by itmustbejj View Post
In the interim, is this still an effective way to keep it from updating? I unplugged mine this morning before I went to work and I'm heading home. Just trying to figure out a way to still be able to use it without it updating.
Just checked again, it still trys to download an OTA.zip file so best thing is to either not use it, or keep an eye on it :/
Devices:
Nexus 5
Nexus 7 2013
Samsung Note 10.1
Nexus Q
Too Many Chromecasts

Retired:
GS3, Droid Bionic, N7 2012, Droid X, HTC Vogue
 
tvall
Old
#49  
tvall's Avatar
Senior Member
Thanks Meter 795
Posts: 2,183
Join Date: Oct 2010
Location: Springfield
Quote:
Originally Posted by itmustbejj View Post
In the interim, is this still an effective way to keep it from updating? I unplugged mine this morning before I went to work and I'm heading home. Just trying to figure out a way to still be able to use it without it updating.
Quote:
Originally Posted by ddggttff3 View Post
Just checked again, it still trys to download an OTA.zip file so best thing is to either not use it, or keep an eye on it :/
i'll go ahead and upload the image thats lacking update_engine

later i'll upload a build with a modified recovery image. fiancee is missing me. I've spent too much time on this for now.

---------- Post added at 08:45 PM ---------- Previous post was at 08:11 PM ----------

https://dl.dropboxusercontent.com/u/...omecast.bin.gz

this has update_engine replaced by a dummy script. this should kill ota updates, but it might not. again, provided as-is, no warranty, your problem if it breaks, yada yada.

I'll work on this crap more tomorrow.
my work
optimus v:
iho magpie

dream/sapphire:
DREAMTeam Froyo, United ICS, and tvall's cm7

misc:
the first chromecast system image without bootloader updates or auto updating - obsolete

If you'd like to donate to me, i accept bitcoins and electronics
BTC - 1titsVyrUw8pGEDF6Jqdh56cZjBRYAQjQ
The Following 5 Users Say Thank You to tvall For This Useful Post: [ Click to Expand ]
 
ddggttff3
Old
#50  
ddggttff3's Avatar
Recognized Contributor / Recognized Developer
Thanks Meter 760
Posts: 593
Join Date: Dec 2009
Location: Twin Cities, MN

 
DONATE TO ME
Quote:
Originally Posted by tvall View Post
i'll go ahead and upload the image thats lacking update_engine

later i'll upload a build with a modified recovery image. fiancee is missing me. I've spent too much time on this for now.

---------- Post added at 08:45 PM ---------- Previous post was at 08:11 PM ----------

https://dl.dropboxusercontent.com/u/...omecast.bin.gz

this has update_engine replaced by a dummy script. this should kill ota updates, but it might not. again, provided as-is, no warranty, your problem if it breaks, yada yada.

I'll work on this crap more tomorrow.
Works great here! Now, all I see in the logcat is this

Code:
I/update_engine( 1146): no updates for you!
Devices:
Nexus 5
Nexus 7 2013
Samsung Note 10.1
Nexus Q
Too Many Chromecasts

Retired:
GS3, Droid Bionic, N7 2012, Droid X, HTC Vogue

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes