Android TV Launcher Pushed to Google Play

Over the past decade, the tech universe has seen two drastic and widely contrasting changes with … more

Cyngn, OnePlus, Micromax – The Legal Battle

Recently, a battle has been waging in India over the rights to distribute the commercial … more

Lean Mean Battery Power Saving App Review

We talk a lot about battery topics here at XDA TV. We talk about everything from Power Banks to USB … more

Android 5.1 Possibly Coming February 2015

Google released Android 5.0 just over a month ago, and since then Lollipop has been trying to … more

Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

[Q] NEC Medias W N-05E root? (dual screen phone)

OP bohemianRhapsody

12th January 2014, 04:23 PM   |  #1  
OP Junior Member
Thanks Meter: 0
 
3 posts
Join Date:Joined: Jan 2014
Hi!

Is there a root available or in the works for the dual-screen NEC Medias W N-05E?

The question has been asked (no answer so far) at the end of a thread under the N-05D but that's a quite different model.
I'd like to create a separate thread for this model to give it more visibility. Hope that's ok!

Thanks in advance!
12th January 2014, 05:22 PM   |  #2  
OP Junior Member
Thanks Meter: 0
 
3 posts
Join Date:Joined: Jan 2014
Talking
Quote:
Originally Posted by bohemianRhapsody

Hi!

Is there a root available or in the works for the dual-screen NEC Medias W N-05E?

The question has been asked (no answer so far) at the end of a thread under the N-05D but that's a quite different model.
I'd like to create a separate thread for this model to give it more visibility. Hope that's ok!

Thanks in advance!

OK! I've made some progress on this: the japanese blogger "dupondroid" appears to say that run_root_shell (hosted at github)
successfully gives temp root. At least, that's my necessarily blurry understanding via google translate. Would any japanese readers here be able to post a better translation?

And a thread at r-2ch dot com links to the github commit in run_root_shell which made that possible: it's commit ID 811be8639aed64c158798a72a1d520a4d21e8b8b "Support N-05E"

Code:
+  { "N-05E",  "A1000311",    0xc0094430, 0xc0093ebc }
So it definitely seems temp root is possible.
Sorry for the lack of links but I'm a new user so can't add them for now.
13th January 2014, 02:53 PM   |  #3  
Junior Member
Thanks Meter: 1
 
3 posts
Join Date:Joined: Jan 2014
root is easy
Quote:
Originally Posted by bohemianRhapsody

OK! I've made some progress on this: the japanese blogger "dupondroid" appears to say that run_root_shell (hosted at github)
successfully gives temp root. At least, that's my necessarily blurry understanding via google translate. Would any japanese readers here be able to post a better translation?

And a thread at r-2ch dot com links to the github commit in run_root_shell which made that possible: it's commit ID 811be8639aed64c158798a72a1d520a4d21e8b8b "Support N-05E"

Code:
+  { "N-05E",  "A1000311",    0xc0094430, 0xc0093ebc }
So it definitely seems temp root is possible.
Sorry for the lack of links but I'm a new user so can't add them for now.

root is easy via a tool called impactor.

however it's only temporary, I couldn't get /system mounted for rw. so I made a new recovery image to push.
that didn't work either, although I cannot write to recovery there is no error. recoverybkp was successful.

Also I found that the code to enter in recovery mode is based on your imei.
If I remember correctly digit 2,12,13,14 of your imei.

So possible attack vectors are:
1) kernel module to unlock partitions
2) figure out how update.dat files are constructed.
3) write to recovery partition
24th November 2014, 04:06 PM   |  #4  
Junior Member
Thanks Meter: 0
 
5 posts
Join Date:Joined: Jun 2013
More
Quote:
Originally Posted by it0

root is easy via a tool called impactor.

however it's only temporary, I couldn't get /system mounted for rw. so I made a new recovery image to push.
that didn't work either, although I cannot write to recovery there is no error. recoverybkp was successful.

Also I found that the code to enter in recovery mode is based on your imei.
If I remember correctly digit 2,12,13,14 of your imei.

So possible attack vectors are:
1) kernel module to unlock partitions
2) figure out how update.dat files are constructed.
3) write to recovery partition

I can't seem to get anything to work i'v tried Impactor did not work just gave me errors also tried run_root_shell but had to have some device.db file with I didn't really figured out, could some one please help?
24th November 2014, 05:36 PM   |  #5  
Junior Member
Thanks Meter: 1
 
3 posts
Join Date:Joined: Jan 2014
Quote:
Originally Posted by Lukas_a_1996

I can't seem to get anything to work i'v tried Impactor did not work just gave me errors also tried run_root_shell but had to have some device.db file with I didn't really figured out, could some one please help?

I used impactor 0.9.14, you just hook up the phone using microusb and put the phone in usb debugging mode under development options. then selecct "# start telnetd as root on port 22" from the pulldown and click start.

Then using a tool like putty ,telnet to your phone on port 22 (make sure it's connected to you wifi network when you do).

What android version are you running ? 4.1.2 is vulnarable for this attack.
The Following User Says Thank You to it0 For This Useful Post: [ View ]
24th November 2014, 11:45 PM   |  #6  
Junior Member
Thanks Meter: 0
 
5 posts
Join Date:Joined: Jun 2013
More
Quote:
Originally Posted by it0

I used impactor 0.9.14, you just hook up the phone using microusb and put the phone in usb debugging mode under development options. then selecct "# start telnetd as root on port 22" from the pulldown and click start.

Then using a tool like putty ,telnet to your phone on port 22 (make sure it's connected to you wifi network when you do).

What android version are you running ? 4.1.2 is vulnarable for this attack.

Thanks for the reply . I tried to run the command in impactor but whatever i do i get "Signature bugs unavailable" could it be that i have the wrong ADB drivers installed or is my Impactor setup wrong?

Edit: yeah im running 4.1.2 Build A1001231
25th November 2014, 07:25 PM   |  #7  
Junior Member
Thanks Meter: 1
 
3 posts
Join Date:Joined: Jan 2014
You could try if you can just get an adb connection working.

with commands like

adb devices
adb shell

If that works then the rest should work as well.
26th November 2014, 03:22 PM   |  #8  
Junior Member
Thanks Meter: 0
 
5 posts
Join Date:Joined: Jun 2013
More
Quote:
Originally Posted by it0

You could try if you can just get an adb connection working.

with commands like

adb devices
adb shell

If that works then the rest should work as well.

All the adb commands basically work but nothing works with impactor i just get error
30th November 2014, 09:46 PM   |  #9  
Junior Member
Thanks Meter: 0
 
5 posts
Join Date:Joined: Jun 2013
More
Quote:
Originally Posted by it0

You could try if you can just get an adb connection working.

with commands like

adb devices
adb shell

If that works then the rest should work as well.

Bump!

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes