Battery Charged in 30 Seconds? Maybe in 2016

Phones and tablets are getting more and more power hungry with each passing generation. Their … more

ZArchive Manages Your File Archives

Today smartphones are quite powerful devices that can handle multiple processes at once. In fact, some of … more

Regain Double Tap to Wake Functionality on the Nexus 6

A few months ago, Google announced its newest flagship device, the Nexus 6, alongside … more

Clean Your Recent Apps – XDA Xposed Tuesday

In this day and age, you have quite a few apps installed and running on your Android … more

Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

[Q] NEC Medias W N-05E root? (dual screen phone)

OP bohemianRhapsody

12th January 2014, 04:23 PM   |  #1  
OP Junior Member
Thanks Meter: 0
 
3 posts
Join Date:Joined: Jan 2014
Hi!

Is there a root available or in the works for the dual-screen NEC Medias W N-05E?

The question has been asked (no answer so far) at the end of a thread under the N-05D but that's a quite different model.
I'd like to create a separate thread for this model to give it more visibility. Hope that's ok!

Thanks in advance!
12th January 2014, 05:22 PM   |  #2  
OP Junior Member
Thanks Meter: 0
 
3 posts
Join Date:Joined: Jan 2014
Talking
Quote:
Originally Posted by bohemianRhapsody

Hi!

Is there a root available or in the works for the dual-screen NEC Medias W N-05E?

The question has been asked (no answer so far) at the end of a thread under the N-05D but that's a quite different model.
I'd like to create a separate thread for this model to give it more visibility. Hope that's ok!

Thanks in advance!

OK! I've made some progress on this: the japanese blogger "dupondroid" appears to say that run_root_shell (hosted at github)
successfully gives temp root. At least, that's my necessarily blurry understanding via google translate. Would any japanese readers here be able to post a better translation?

And a thread at r-2ch dot com links to the github commit in run_root_shell which made that possible: it's commit ID 811be8639aed64c158798a72a1d520a4d21e8b8b "Support N-05E"

Code:
+  { "N-05E",  "A1000311",    0xc0094430, 0xc0093ebc }
So it definitely seems temp root is possible.
Sorry for the lack of links but I'm a new user so can't add them for now.
13th January 2014, 02:53 PM   |  #3  
Junior Member
Thanks Meter: 1
 
3 posts
Join Date:Joined: Jan 2014
root is easy
Quote:
Originally Posted by bohemianRhapsody

OK! I've made some progress on this: the japanese blogger "dupondroid" appears to say that run_root_shell (hosted at github)
successfully gives temp root. At least, that's my necessarily blurry understanding via google translate. Would any japanese readers here be able to post a better translation?

And a thread at r-2ch dot com links to the github commit in run_root_shell which made that possible: it's commit ID 811be8639aed64c158798a72a1d520a4d21e8b8b "Support N-05E"

Code:
+  { "N-05E",  "A1000311",    0xc0094430, 0xc0093ebc }
So it definitely seems temp root is possible.
Sorry for the lack of links but I'm a new user so can't add them for now.

root is easy via a tool called impactor.

however it's only temporary, I couldn't get /system mounted for rw. so I made a new recovery image to push.
that didn't work either, although I cannot write to recovery there is no error. recoverybkp was successful.

Also I found that the code to enter in recovery mode is based on your imei.
If I remember correctly digit 2,12,13,14 of your imei.

So possible attack vectors are:
1) kernel module to unlock partitions
2) figure out how update.dat files are constructed.
3) write to recovery partition
24th November 2014, 04:06 PM   |  #4  
Junior Member
Thanks Meter: 0
 
3 posts
Join Date:Joined: Jun 2013
More
Quote:
Originally Posted by it0

root is easy via a tool called impactor.

however it's only temporary, I couldn't get /system mounted for rw. so I made a new recovery image to push.
that didn't work either, although I cannot write to recovery there is no error. recoverybkp was successful.

Also I found that the code to enter in recovery mode is based on your imei.
If I remember correctly digit 2,12,13,14 of your imei.

So possible attack vectors are:
1) kernel module to unlock partitions
2) figure out how update.dat files are constructed.
3) write to recovery partition

I can't seem to get anything to work i'v tried Impactor did not work just gave me errors also tried run_root_shell but had to have some device.db file with I didn't really figured out, could some one please help?
24th November 2014, 05:36 PM   |  #5  
Junior Member
Thanks Meter: 1
 
3 posts
Join Date:Joined: Jan 2014
Quote:
Originally Posted by Lukas_a_1996

I can't seem to get anything to work i'v tried Impactor did not work just gave me errors also tried run_root_shell but had to have some device.db file with I didn't really figured out, could some one please help?

I used impactor 0.9.14, you just hook up the phone using microusb and put the phone in usb debugging mode under development options. then selecct "# start telnetd as root on port 22" from the pulldown and click start.

Then using a tool like putty ,telnet to your phone on port 22 (make sure it's connected to you wifi network when you do).

What android version are you running ? 4.1.2 is vulnarable for this attack.
The Following User Says Thank You to it0 For This Useful Post: [ View ]
24th November 2014, 11:45 PM   |  #6  
Junior Member
Thanks Meter: 0
 
3 posts
Join Date:Joined: Jun 2013
More
Quote:
Originally Posted by it0

I used impactor 0.9.14, you just hook up the phone using microusb and put the phone in usb debugging mode under development options. then selecct "# start telnetd as root on port 22" from the pulldown and click start.

Then using a tool like putty ,telnet to your phone on port 22 (make sure it's connected to you wifi network when you do).

What android version are you running ? 4.1.2 is vulnarable for this attack.

Thanks for the reply . I tried to run the command in impactor but whatever i do i get "Signature bugs unavailable" could it be that i have the wrong ADB drivers installed or is my Impactor setup wrong?

Edit: yeah im running 4.1.2 Build A1001231
Yesterday, 07:25 PM   |  #7  
Junior Member
Thanks Meter: 1
 
3 posts
Join Date:Joined: Jan 2014
You could try if you can just get an adb connection working.

with commands like

adb devices
adb shell

If that works then the rest should work as well.

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes