Post Reply

[DEV] Current Progress and Guides: CRACKED UBOOT!!! Roms and Kernels Comming Soon

OP Loglud

19th November 2011, 06:09 PM   |  #1  
OP Senior Member
Thanks Meter: 443
 
202 posts
Join Date:Joined: Jul 2011
Donate to Me
More
This thread is designed for representation of the current progress on the Nook Tablet rooting and exploits, the second post will contain how to guides so you can learn to work on it for you self. REMEMBER I DO THIS FOR FUN, please respect the thread as well as others opinions

OLD UPDATES AT THE END OF THIS POST.

First off if you havenít read the wiki yet to know what is currently in the device you should look here.
Also you should look at the http://www.nooktabletdev.orgfor information on the Nook Tablet Development process. - Thanks to dj_segfault


Rooting Scripts
Windows: Root, OTA block, De-bloat, Gapps Thanks to Indirect
Mac/Linux: Rooting script Thanks to t-r-i-c-k
Mac/Linux: Root,OTA Block, Gapps

CURRENT PROGRESS

adb connection: COMPLETE
adb root: COMPLETE
busybox:COMPLETE
permanent root: COMPLETE BY INDIRECT
GApps and Market: COMPLETE BY INDIRECT & Anlog
recovery mode: COMPLETE BY nemith

THANKS TO NEMITH

bootloader: Locked and Signed Irrelevant

uboot: CRACKED BY BAUWKS

THANKS TO BAUWKS
Quote:
Originally Posted by Loglud

bauwks method uses the flashing_boot.img to his advantage, and since it is not checked by security, effectively he has made an insecure uboot. While this is not an unlocked bootloader, it is a way to get around the security, and enable custom recovery and higher level processes to be run.

I have been looking at this line of code for a long time, and as im sure hkvc and bauwks saw it is a large (but 100% necessary) flaw:

distro/u-boot/board/omap4430sdp/mmc.c: 559 : setenv ("bootcmd", "setenv setbootargs setenv bootargs ${sdbootargs}; run setbootargs; mmcinit 0; fatload mmc 0:1 0x81000000 flashing_boot.img; booti 0x81000000");

Without this line of code, it would be impossible for any one but the factory whom could JTAG flash (but since it is secured, most likely they also have to make a flashing_boot.img).

12/9/11:


UBUNTU is here, thanks to ADAMOUTLER

http://www.youtube.com/watch?v=PwUg17pVWBs&hd=1
Keep in mind this is only an overlay verson but it is prof that one day we might be able to push roms and kernels over existing ones, then hijack then (next work) and then use them.


Please PM me or post if you know anything else, and or want to add anything.
Last edited by Loglud; 10th January 2012 at 05:00 PM.
The Following 59 Users Say Thank You to Loglud For This Useful Post: [ View ]
19th November 2011, 06:10 PM   |  #2  
OP Senior Member
Thanks Meter: 443
 
202 posts
Join Date:Joined: Jul 2011
Donate to Me
More
Usefull threads
Usefull threads:

ROOTING:
Full root for Nook Tablet. [11/20/11] [Yes this is a permanent root!] Thanks to indirect
Noot Tablet - Easy root & Market on MAC (1 download, 1 script to run) Thanks to t-r-i-c-k
[Windows/Linux] Unroot and uninstall gApps for the nook tablet [Scripts] Thanks to indirect


MODS to Default Rom:
[Full Mod + Root + OTA block] Snowball-mod: Full Modification Root [1/6/2012] Thanks to cfoesch
[DEV][WIP] Enable init.d scripts and build.prop mods for Nook Tablet! Thanks to [DEV][WIP] Enable init.d scripts and build.prop mods for Nook Tablet! 1 Attachment(s) (Multi-page thread 1 2 3 ... Last Page)
Originally Posted By: diamond_lover


Kernels:
Coming Soon


ROMS:
Coming Soon


Last edited by Loglud; 10th January 2012 at 06:02 PM.
The Following 5 Users Say Thank You to Loglud For This Useful Post: [ View ]
19th November 2011, 06:10 PM   |  #3  
OP Senior Member
Thanks Meter: 443
 
202 posts
Join Date:Joined: Jul 2011
Donate to Me
More
Guides
Table of Contents
  1. Enableing adb Connection (eab1)
  2. Rooting using zergRush (rug2)
  3. Installing busyboxy (ibb3)
  4. Permanent root (pr4) THANKS TO INDIRECT
  5. Installing GApps (aga5) THANKS TO ANLOG
  6. Full system restore/wipe (fsr6) THANKS TO INDIRECT


Enableing adb Connection (eab1)
  1. Install the andriod SDK that is required for your Operating system.

    NOTE: This will requries the SDK, and JDK both of which can be downloaded by clicking the links, downloading and installing it.

  2. Run the andriod SDK Manager and Install "Andriod SDK Platform-tools"
  3. Modify your adb_usb.ini file to read such as the following:

    Code:
    # ANDROID 3RD PARTY USB VENDOR ID LIST -- DO NOT EDIT.
    # USE 'android update adb' TO GENERATE.
    # 1 USB VENDOR ID PER LINE.
    0x2080
    This will be in your /home/{username}/.andriod/ folder for mac and linux
    This will be in your C:/Users/{username}/.andriod folder for Windows.



    ADB is now enabled for your device, however it is not ON your device. YOU MUST DO THIS EVERY TIME YOU WISH TO ADB INTO YOUR DEVICE.


  4. To do this you will need to download any app, and attempt to install it.
    You can use this app if you need.

  5. Click on the Package Installer, and then a prompt will pop up asking if you want change the settings to allow 3rd party apps.

    *DO NOT ENABLE IF YOU WISH TO ACCESS ADB*
    I am working on a way to have it enabled by default.

  6. In the settings page you should see *2* USB Debuggin modes.
  7. Press them both and accept the prompt.
  8. PLUG IN YOUR DEVICE.
    Note* You should see the Android Development icon on the bottom of the screen.

    ADB will now be able to see your device. How ever you will need to restart the server before it sees it.

Rooting using zergRush (rug2)
This is for the poeople whom have access to adb. You will also need this file. Unzip the file.
  1. Type in the following command (while in the folder with the zergRush Binary):
    Code:
    adb push ./zergRush /data/local
  2. Once thats installed run this:
    Code:
    adb shell chmod 777 /data/local/tmp
  3. And lastly:
    Code:
    adb shell /data/local/zergRush
  4. You are now rooted (only for this reboot)

Installing busyboxy (ibb3)
You will need root and the following busybox file.
  1. Type in the following command while in the location where busy box was downloaded to:
    Code:
    adb push ./busybox /data/local
  2. Busybox works by calling binaries from a file outside of /system/bin/. We must make this file by issuing the following command:
    Code:
    adb shell mkdir /data/busybox
  3. Lets make sure we can install busybox without permission probles:
    Code:
    adb shell chmod  777 /data/local/busybox
  4. Next install busybox in the folder:
    Code:
    adb shell /data/local/busybox --install
  5. We now need to take the /system/folder, and mount it as a writeable folder:
    Code:
    adb shell mount -rw -o remount /dev/block/platform/mmci-omap-hs.1/by-name/system /system
  6. Link it into bin:
    Code:
    adb shell ln -s /data/local/busybox /system/bin/busybox
    You now have busybox installed

Permanent root (pr4)
THANKS TO INDIRECT for Files and Scripts

We will need SU and Superuser.apk
  1. First we need to install the Superuser.apk:
    Code:
    adb wait-for-device install Superuser.apk
    adb remount
  2. Next lets go ahead and push the su application up to the /data/local/ folder
    Code:
    adb push su /data/local/
  3. Next we will need to change the permissions and cp su from the /data/local/ folder to the /system/bin/

    Code:
    adb shell chmod 4755 /data/local/su;mount -o remount,rw /dev/block/platform/mmci-omap-hs.1/by-name/system /system;busybox cp /data/local/su /system/bin
Installing GApps (eab1)
THANKS TO ANALOG and INDIRECT for Scripts

  1. First things first we need to download the GAPPS. The most reacent one is this one or get the most recent one here.
  2. Unzip and navigate to the most root folder of that package in your shell.

  3. We need to verify that adb is booting into root. To do this we can issue the command:
    Code:
    adb shell id
    If id doesn't return root then you will need to re-zergRush your device
  4. Now it is time for us to export the apps to the directories.

    Code:
    adb shell mount -o remount,rw /dev/block/platform/mmci-omap-hs.1/by-name/system /system
    adb push system/app/CarHomeGoogle.apk /system/app/
    adb shell chmod 644 /system/app/CarHomeGoogle.apk
    adb push system/app/FOTAKill.apk /system/app/
    adb shell chmod 644 /system/app/FOTAKill.apk
    adb push system/app/GenieWidget.apk /system/app/
    adb shell chmod 644 /system/app/GenieWidget.apk
    adb push system/app/GoogleBackupTransport.apk /system/app/
    adb shell chmod 644 /system/app/GoogleBackupTransport.apk
    adb push system/app/GoogleCalendarSyncAdapter.apk /system/app/
    adb shell chmod 644 /system/app/GoogleCalendarSyncAdapter.apk
    adb push system/app/GoogleContactsSyncAdapter.apk /system/app/
    adb shell chmod 644 /system/app/GoogleContactsSyncAdapter.apk
    adb push system/app/GoogleFeedback.apk /system/app/
    adb shell chmod 644 /system/app/GoogleFeedback.apk
    adb push system/app/GooglePartnerSetup.apk /system/app/
    adb shell chmod 644 /system/app/GooglePartnerSetup.apk
    adb push system/app/GoogleQuickSearchBox.apk /system/app/
    adb shell chmod 644 /system/app/GoogleQuickSearchBox.apk
    adb push system/app/GoogleServicesFramework.apk /system/app/
    adb shell chmod 644 /system/app/GoogleServicesFramework.apk
    adb push system/app/LatinImeTutorial.apk /system/app/
    adb shell chmod 644 /system/app/LatinImeTutorial.apk
    adb push system/app/MarketUpdater.apk /system/app/
    adb shell chmod 644 /system/app/MarketUpdater.apk
    adb push system/app/MediaUploader.apk /system/app/
    adb shell chmod 644 /system/app/MediaUploader.apk
    adb push system/app/NetworkLocation.apk /system/app/
    adb shell chmod 644 /system/app/NetworkLocation.apk
    adb push system/app/OneTimeInitializer.apk /system/app/
    adb shell chmod 644 /system/app/OneTimeInitializer.apk
    adb push system/app/Talk.apk /system/app/
    adb shell chmod 644 /system/app/Talk.apk
    adb push system/app/Vending.apk /system/app/
    adb shell chmod 644 /system/app/CarHomeGoogle.apk
    adb push system/etc/permissions/com.google.android.maps.xml /system/etc/permissions/
    adb push system/etc/permissions/features.xml /system/etc/permissions/
    adb push system/framework/com.google.android.maps.jar /system/framework/
    adb push system/lib/libvoicesearch.so /system/lib/
Now you have GApps installed from Anlog's. All Credits go to him and Indirect

Full system restore/wipe (fsr6)
THANKS TO INDIRECT

WARNING THIS WILL WIPE YOUR ENTIRE FILESYSTEM!!!
  1. Go into adb shell or terminal emulator.
  2. Issue command:
    Code:
    echo -n '0000' > /bootloader/BootCnt
  3. Next reboot your device by conventional methods or issue:
    Code:
    reboot
  4. Your nook will now restart and tell you it is resetting.
  5. You now have a clean slate!
Last edited by Loglud; 10th January 2012 at 06:04 PM.
The Following 2 Users Say Thank You to Loglud For This Useful Post: [ View ]
19th November 2011, 06:25 PM   |  #4  
Senior Member
Thanks Meter: 55
 
538 posts
Join Date:Joined: Apr 2010
More
Got some links for howto's on the adb connection/root.
19th November 2011, 07:44 PM   |  #5  
Member
Thanks Meter: 2
 
41 posts
Join Date:Joined: May 2009
Yeah - if someone has details on how to adb connect and root, it'd be helpful to include links. I've yet to see specifics for either.
Last edited by cgdash; 19th November 2011 at 07:48 PM.
19th November 2011, 09:30 PM   |  #6  
MechaGen's Avatar
Senior Member
Flag Fountain Inn, SC
Thanks Meter: 66
 
262 posts
Join Date:Joined: Sep 2008
More
Reserved

Sent from Tapatalk, NOOK Color CM7 Nightly's!
19th November 2011, 09:43 PM   |  #7  
OP Senior Member
Thanks Meter: 443
 
202 posts
Join Date:Joined: Jul 2011
Donate to Me
More
I aplogize im still typing them up
20th November 2011, 10:01 AM   |  #8  
Recognized Contributor
Flag Florida
Thanks Meter: 2,958
 
2,323 posts
Join Date:Joined: Mar 2011
Donate to Me
More
Damn loglud, I ended up beating you to the root lol. Sorry about that! D:
20th November 2011, 03:47 PM   |  #9  
scsione889's Avatar
Senior Member
Chicago-ish
Thanks Meter: 150
 
110 posts
Join Date:Joined: Aug 2010
Donate to Me
The Droid 2 and Droid X had locked bootloaders with the 'e-fuse' and Koush got around them and installed CWM with this...

http://www.koushikdutta.com/2010/08/...-recovery.html

What do you guys think? I don't have a NT yet to try anything (probably won't get one until sometime around x-mas).
20th November 2011, 08:54 PM   |  #10  
OP Senior Member
Thanks Meter: 443
 
202 posts
Join Date:Joined: Jul 2011
Donate to Me
More
Arrow
l
Quote:
Originally Posted by Indirect

Damn loglud, I ended up beating you to the root lol. Sorry about that! D:

Its no problem at all. Hints why i posted these guides. I was hoping someone wouod figure it out. I found it last night too. It sucked cause im now back at my childhood home trying to get my macbook pro to boot fedora and windows. Im gonna repackage the root with Superoneclick. Thanks so much for your effort. Would you mind if i added that to the guides?

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes