Archos 101 one-click-root for firmware 2.0.71 using Archangel

Search This thread
By:
Advanced…
L

laurent2o1o

Member
Jan 30, 2011
12
3
Grenoble
wdl1908 said:
I can confirm this is probably a debug message in appslib.

I downloaded a fresh copy of appslib and the text is there in the dex file. So this is harmless.
Click to expand...
Click to collapse

Thanks for your confirmation :)

I'm not a binary object wizard, but I don't have a good feeling about the 'ls' binary. As I mentionned, I think it's somewhat obfuscated. It should definitely have more hardcoded strings (the Archangel share name that appears sometimes is an example) but a careful inspection reveals only junk strings...

What is it trying to hide ?
 
wdl1908

wdl1908

Senior Member
Dec 18, 2010
380
156
IAI7 - Nomral debug message in appslib the text is found in the dex file of appslib.
IAI10 - see http://en.androidwiki.com/wiki/Using_the_Android_SDK_tools#Problems

+ Woops I thought the Access Point was not connected to internet : shouldn’t return HTTP_OK. Strange.

I'v seen a google page appear even when there was no wifi connection. It seems the http stack does a lot of caching. So if DaosCheckUpdate uses the same http stack as the browser it coudl be that the request is returned from cache.

The " - DAOS signature verification disabled (DAOS_SKIP_SIGN)" could be a problem except that just before the aos file is used in the recovery process it is checked again. That may explain why some people having problems upgrading via OTA The file seems to download ok but then when the flash process starts in when the recovery is booted it fails to validate the aos file.

Very good analysis but I don't see anything that can not be explained.
 
wdl1908

wdl1908

Senior Member
Dec 18, 2010
380
156
laurent2o1o said:
Thanks for your confirmation :)

I'm not a binary object wizard, but I don't have a good feeling about the 'ls' binary. As I mentioned, I think it's somewhat obfuscated. It should definitely have more hard-coded strings (the Archangel share name that appears sometimes is an example) but a careful inspection reveals only junk strings...

What is it trying to hide ?
Click to expand...
Click to collapse

I also wondered about that and the binary is probably Encrypted/Compressed and uncompressed when it's executed.

The reason for this is probably to make it harder to identify the exploit that is used to get root so it does not get patched. I suspect with the next firmware update from archos the hole will be patched and we'll be without a simple root solution. And they will make sure you can't install a previous firmware to get around it.
 
Last edited:
L

laurent2o1o

Member
Jan 30, 2011
12
3
Grenoble
wdl1908 said:
IAI7 - Nomral debug message in appslib the text is found in the dex file of appslib.
IAI10 - see (link removed)

+ Woops I thought the Access Point was not connected to internet : shouldn’t return HTTP_OK. Strange.

I'v seen a google page appear even when there was no wifi connection. It seems the http stack does a lot of caching. So if DaosCheckUpdate uses the same http stack as the browser it coudl be that the request is returned from cache.
Click to expand...
Click to collapse
Thanks for your insight on those.
wdl1908 said:
The " - DAOS signature verification disabled (DAOS_SKIP_SIGN)" could be a problem except that just before the aos file is used in the recovery process it is checked again. That may explain why some people having problems upgrading via OTA The file seems to download ok but then when the flash process starts in when the recovery is booted it fails to validate the aos file.
Click to expand...
Click to collapse
On that one, I just fear that daos_daemon has some sort of administrative privilege over our tablets (i.e. it's not just checking for updates but has the ability to adapt its behaviour based on what it downloads from archos there).
This could open some kind of backdoor if an app gets the ability to spoof archos server address (I thought maybe archangel did monitor this behaviour using sniffer during his last update) hence the risk to process some unsigned data.

Okay this is Sci-Fi :D
 
wdl1908

wdl1908

Senior Member
Dec 18, 2010
380
156
laurent2o1o said:
Thanks for your insight on those.

On that one, I just fear that daos_daemon has some sort of administrative privilege over our tablets (i.e. it's not just checking for updates but has the ability to adapt its behaviour based on what it downloads from archos there).
This could open some kind of backdoor if an app gets the ability to spoof archos server address (I thought maybe archangel did monitor this behaviour using sniffer during his last update) hence the risk to process some unsigned data.

Okay this is Sci-Fi :D
Click to expand...
Click to collapse

Yep that is Sci-Fi and very good thriller kind of Sci-Fi but it fizzles in the end. (Just kidding)

I've analyzed the binaries on the stock firmware and the stock boot loader and they lack the ability to flash new or updated kernels. It's all in the recovery and before that boots it's signature is verified so even tampering with the recovery is a big no no as it would take away the ability to flash new version.

Archos did a very good job in protecting the system against such events well they did a too good of a job that we need soft like Archangel to get around it.

I've seen phones that get rooted by a sneeze. or where there is no protection to even overwrite the bootloader but the archos.......it's very difficult without the SDE.
 
C

chrulri

Senior Member
Dec 7, 2010
895
275
wdl1908 said:
I've seen phones that get rooted by a sneeze. or where there is no protection to even overwrite the bootloader but the archos.......it's very difficult without the SDE.
Click to expand...
Click to collapse

Thus we got the SDE ;)
Don't worry, you will lose warranty by rooting on purpose anyway, SDE or Archangel, doesn't matter. There's no difference to jailbreaking on iOS.
But of course you can lie to Archos when they ask if you had used Archangel ;)
 
S

ske714

Senior Member
Jan 1, 2011
99
12
chulri said:
Thus we got the SDE ;)
Don't worry, you will lose warranty by rooting on purpose anyway, SDE or Archangel, doesn't matter. There's no difference to jailbreaking on iOS.
But of course you can lie to Archos when they ask if you had used Archangel ;)
Click to expand...
Click to collapse

Assuming you're able to uninstall it from your broken tablet before you send it back :)
 
L

louis chan

Member
May 8, 2006
22
0
franketto10 said:
Is it possible to use the wifi ad-hoc with this Archangel root?
Click to expand...
Click to collapse

Yes. That's what I am doing. And I use this to access 3G network via another 2.1 android phone with tethering thru ad-hoc wifi.


1. refer to http://xdaforums.com/showthread.php?t=904291
2. here is what the change in “wpa_supplicant.conf” with basic wep encryption

ctrl_interface=tiwlan0
update_config=0

ap_scan=2
network={
ssid="yr_ssid"
key_mgmt=NONE
wep_key0="wepkey_ifany"
priority=1
mode=1
}

3. remember to backup files like wpa_supplicant.conf and tiwlan.ini
4. use of gscript to switch configs.
 
blazingwolf

blazingwolf

Senior Member
Nov 11, 2006
2,127
405
Sorry to those that asked if I knew what exploit was used. I'm not sure and have not really looked in to it.

I do know that I have been using it on my 101 with no issues what so ever. No unknown charges or funky emails or anything of the like. So, I'm not worried about this app.

So far, there has been no concrete facts shown to think anything ill of this root program.
 
S

ske714

Senior Member
Jan 1, 2011
99
12
I switch back and forth between 3 wifi configurations-home, work, and tethered to my cell phone. At first, it worked without a hitch. 2.1.3, 2.1.4 and Archangel all came within a short period of time, after which my wifi didn't work so good. I would have to turn it off and on, and sometimes reboot to switch from one to the other. Sometimes it wouldn't connect at all, or just drop and not come back. I would have to forget and re-add a connection. Also, about the same time my battery consumption while on wifi went through the roof. I got the battery working better by wiping and reloading 2.1.3, but the wifi still gave me fits. I switched to the other root method and uninstalled Archangel, but flashed everything without wiping. Still the wifi troubles. This morning I did a hard wipe and reloaded everything, being careful not to restore wifi access points with TB, and everything is ticking like clockwork. I've been switching back and forth just to admire how fast it switches networks. Now, I'm not saying my troubles had anything to do with the archangel WIFI EXPLOIT root method, but I'm glad to have had another option.
 
Last edited:
agp64

agp64

Senior Member
Mar 18, 2010
152
6
Thailand
When I tried to root with Archangel it screwed my wifi connection. I had to Fully reinitialize my 70 to get it working again.

Then I tried to re root several times using Archangel but have had no luck. I tried version one and two on 2.1.4 and it still dose not work, So I think I will go down the SDE path and not worry about the warranty.
 
K

kamilzierke

New member
Apr 26, 2009
2
0
Gdynia
Ok. I've just rooted my 70 IT 8GB with newest firmware 2.1.4 (Android 2.2.1) using Archangel. Everything seems to be working perfectly, no unusual behavior.

The thing is - I don't know what are you people scare of? When installing this app it was asking only for this permissions:

Memory
-modyfing/deleting content on SD card

System tools
-changing Wi-Fi state
-automaticly running up at device booting

Net connections
-displaying(showing) Wi-Fi state

(I'm using other language than english, so translation may be inacurate.) I mean - what harm can be done with displaying or changing state of wi-fi? And other permissions are resonable (I guess)? It's not sending/geting feedback from internet, just changing state of signal transmiter.

Or I'm missing something?
 
macemoneta

macemoneta

Senior Member
Dec 4, 2010
55
13
NJ
www.twitter.com
kamilzierke said:
I mean - what harm can be done with displaying or changing state of wi-fi? And other permissions are resonable (I guess)? It's not sending/geting feedback from internet, just changing state of signal transmiter.

Or I'm missing something?
Click to expand...
Click to collapse

Yes; once root access is obtained, the software can do anything. It no longer needs authorization from you. You can run it for months with no harmful effect. Then one day it decides to download a file from a remote site and execute it. As simple as that, you've given complete unlimited access to any information on your device to a third party. It can infect you with a virus that waits until you are on a corporate LAN, and jumps. Anything, really.
 
  • Like
Reactions: kamilzierke
P

pki101

Senior Member
Jan 8, 2011
77
5
I have been using Archangel v2 in my Archos 101 16GB firmware 2.1.4 (Android 2.2.1) + 16GB memorycard now from day 1 of publishing and have some problems with SetCPU.

If SetCPU in use (no matter what speeds configured) system hangs 1-10 sec randomly, mostly when turning desktop screen or changing desktops.
Have tested with simple (default) background pictures and default live backgrounds, same behavior with all of them.
Made full reset and formatted everything, restored apps with TitaniumBackup and problem is still here.
Removed SetCPU and installed OverclockWidget.. works better, but still hangs time-to-time.

Even if no CPU-software at all, system feels unstable and sometimes desktop don't responce at all.. but works after ~5sec wait again.

Maybe next I'll just move to SDK. :confused:
 
L

laurent2o1o

Member
Jan 30, 2011
12
3
Grenoble
laurent2o1o said:
I couldn't disassemble the ls binary. Neither with objdump, nor gdb disassemble... Maybe because of this odd conformation.
As an illustration, the entry point 0x11314 determined above is beyond the end of file...

After some digging, I think that the binary has been obfuscated in order to prevent its reverse engineering (the string command and hexeditor inspection reveals odd string constructions, for example a '/system/bin' path appears as '/system/ûbin', many other strings are almost recognizable but are mixed with binary chars... )

maybe the strange "0x62c7a315 0x260de680" argument of ls is the key to decrypt the obfuscated binary ?
I'll keep on analyzing...
Click to expand...
Click to collapse

I wanted to use native code remote debugger feature on the android emulator (SDK tools) to execute archangel's 'ls' on a secure environment. The point was to observe the code execution to understand how the executable is unscrambled and executed and finally get more insight of what it's really doing.

Alas, my fully working Eclipse/ADT environment suddenly failed to launch. I updated the sdk tools to release 9 but it now fails to launch because of glibc version requirements. I'm not root, so I'm stuck for now :-(

Maybe I'll try again at home but I need to re-install a recent distro of linux.
 
wdl1908

wdl1908

Senior Member
Dec 18, 2010
380
156
pki101 said:
I have been using Archangel v2 in my Archos 101 16GB firmware 2.1.4 (Android 2.2.1) + 16GB memorycard now from day 1 of publishing and have some problems with SetCPU.

If SetCPU in use (no matter what speeds configured) system hangs 1-10 sec randomly, mostly when turning desktop screen or changing desktops.
Have tested with simple (default) background pictures and default live backgrounds, same behavior with all of them.
Made full reset and formatted everything, restored apps with TitaniumBackup and problem is still here.
Removed SetCPU and installed OverclockWidget.. works better, but still hangs time-to-time.

Even if no CPU-software at all, system feels unstable and sometimes desktop don't responce at all.. but works after ~5sec wait again.

Maybe next I'll just move to SDK. :confused:
Click to expand...
Click to collapse

I doubt this is a result of you using archangel. I suspect it's the 2.1.4 firmware there seems to be a lot of problems with that version.
 
K

kamilzierke

New member
Apr 26, 2009
2
0
Gdynia
macemoneta said:
Yes; once root access is obtained, the software can do anything. It no longer needs authorization from you. You can run it for months with no harmful effect. Then one day it decides to download a file from a remote site and execute it. As simple as that, you've given complete unlimited access to any information on your device to a third party. It can infect you with a virus that waits until you are on a corporate LAN, and jumps. Anything, really.
Click to expand...
Click to collapse

Ooooh, I see now. Thank you for replay. I'm using Android for about a month, so still it's pretty new thing for me :(
So I guess using Archangel without confirmation who really did it and how's it working is just messing with fire? Would antivirus or firewall make a difference
or it can just bypass them?
 
You must log in or register to reply here.

Similar threads

C
[ROOT] Howto root easily your Gen8 device [fw 2.0.71 - 2.4.83] + R/W FILESYSTEM
Replies
815
Views
489K
S
shanreecodr
L
Honeycomb on Archos gen8 [development thread] [early stage]
Replies
106
Views
98K
P
pen25
Quinny899
[GUIDE] ADB Driver Install for Dummies
Replies
37
Views
112K
J
JoseTMart
wdl1908
  • Sticky
[INFO] What is root? How do I root my gen8 device? What can I do when I have root?
Replies
54
Views
71K
N
Normanjhicks
minxwin
Archos 101 upgrade to Gingerbread and Higher.
Replies
22
Views
23K
Peelp5090
Peelp5090

Top Liked Posts

24 Hours All time
  • There are no posts matching your filters.
  • 15
    A
    archaism1
    Download rar file with apk:

    dump.ru/file/5037798
    or
    depositfiles.com/files/7sh8g638s

    rar password: cea69e0419

    sha1sum of apk: 80ff2925e12b8d3f2e9c0cabd5b294e6556b2e3f


    Archangel one-click-root from the Archaism Team

    This will give you temporary or permanent root on your Archos 101 - firmware 2.0.71

    Archos are kind enough to provide a SDE firmware which can allow root access,
    but involves some significant changes to the system and they say that they will
    invalidate your warranty if you install it. This is a bit frightening for new owners.

    Archangel solves this with a painless one-click-root which you can uninstall at any time.
    It does not use the SDE developer firmware.

    This was specifically designed for the Archos 101 with firmware 2.0.71 - it may work on
    other Archos devices or firmwares, but has not been tested and is not recommended for them.

    If you find this application useful, please donate to those great forums who have given
    the android root community so much. Encourage them to keep up their great work. We are
    fans of C-Skills Blog, XDA Developers and Modaco Forum.

    When installed, this app will use approx 10mb of storage space. Don't run it if you don't
    have that much spare.

    Usage Instructions:

    1) Make sure you have 10mb of space available on the internal storage
    2) Make sure you are connected on Wifi
    3) Run the Archangel app
    4) Click to install SuperUser application
    5) Click to get root!
    6) Check everything is working correctly, try an app which needs root
    7) Once you have root you can tick the "Permanent" root option to always have root.
    8) Party Hard!

    To turn off root, either just reboot, or turn off permanent root and reboot if you had
    enabled it.

    To uninstall, just uninstall like any other app. You may also want to use the menu item
    to clean up before you uninstall.

    You can create a script in /sdcard/sdcard/extraroot.sh and this will be executed as root
    whenver you reboot, so you can use this to do any additional root functions you want.

    Enjoy!
    View
    4
    wdl1908
    wdl1908
    Ok People I give up.

    There are a lot of people who tried to analyze the exploit to see if it's safe.

    Then you get people who start discussing network infrastructure and think they know how a network works.

    Then there is one that thinks a wifi connection is the same as a connection to the internet.

    I tried to explain these things and in general tried to help out. BUT nobody seems to appreciate the help so I give up.

    I you want to use it. Use it.
    If you don't want to use it then don't use it.

    I don't care anymore.
    View
    3
    A
    archaism1
    dump.ru/file/5041494
    or
    depositfiles.com/files/247x6gbwp

    rar password: b223844a132

    sha1sum of apk: 6a6cb89aa093a1d4671f5142fe156bcfc6535db4


    Achaism Team bring you a quick update of Archangel, we added some extra info
    about working devices and firmwares which have been reported.

    We also added some more options for the extraroot feature (see readme.txt)
    for advanced users.

    This version has a few tweaks which may make it take a bit longer but should
    make it a little more reliable.

    It also patches the vulnerability which it exploits and seals the system after.
    View
    2
    J
    jsperri
    You'll probably be happy to hear that this method still works (well, at least for me) on 2.1.2 ;)
    Tested on Archos 70 IT.

    hurrpancakes said:
    I hope this eventually works with 2.1.02. They finally put in wifi n connectivity with the newest firmware, and I would love to have root on that firmware
    Click to expand...
    Click to collapse
    View
    2
    A
    archaism1
    There is not much time for Q&A but here are some answers for some questions:


    Someone said that they couldn't use archangel to block ads... Here is an example extraroot.sh script to do that:


    make an extraroot.sh in linux text format (not dos/windows) like so:

    --- cut here ---
    cat <<EOF >/tmp/hosts
    127.0.0.1 localhost
    127.0.0.1 pagead2.googlesyndication.com pagead.l.google.com googleads.g.doubleclick.net
    127.0.0.1 api.admob.com mm.admob.com r.admob.com mob.adwhirl.com cus.adwhirl.com met.adwhirl.com
    EOF
    mount --bind /tmp/hosts /etc/hosts
    --- cut here ---

    There are many good mods which can safely be done in ways like this above. Nice forum people can post their recipes maybe?



    Someone else asked about when they reboot their device and there is no wireless and they need root:

    In this case perhaps use the deep sleep option instead of power off, if it is a huge problem for you to do this there are other more serious rooting methods like the SDE methods good people have worked on.



    Someone else asked about the new patch/seal in archangel version 2:

    This only applies until after reboot as archangel makes no changes which can not be reversed for the safety of your archos



    A question from archaism:

    Does this still work with firmware 2.1.03 ? Can anyone answer this? don't risk yourself to find the answer, but it would be nice to know.


    There may be more updates in the future but do not get unhappy if there are not or questions remain not answered
    View

New posts