A Patch For Us

---

alright guy's i have an idea and its going to take some of you super Dev's
now that we have gotten ROOT on our devices, is it possible for us(you guys)
to patch that loop hole, wile accessing it if we really have the need for it? putting our own password(each is custom)to protect the device though telnet? rather then goolge's plan to fix it(put the G1 on fort knocks lock down)
just thinking out loud... because i can see that this could be come a big security issues

EDIT: not now I'm not rushing (you guys are still working out the kinks) just wanna know if it possible?

Yeah, google's updater code is open source. The fix is basically:

• Replace their current updater with an updater that does not do a cert check.
• Open the new update.zip file they send over the air and replace their new updater in the ZIP with an updater that ALSO does not do a cert check.
• Update your phone with the tweaked update.

Alternatively, it may be possible to simply leave a suroot command lying around to guarantee root access. From what I've gathered, Google's update process of the /system directory does not wipe the system.img and start anew, it modifies it. I'll need to look into the code to verify this.

It's basically impossible for Google to close their root hole now, unless they forcibly apply updates.
I'll be working on this as soon as I can get my hands on the 30 patch.

Ah, I just realized since we have root access, we can simply delete the TMobile/Google cert so they don't have permission to apply patches to our phones, even forcibly.

Thank you for the reply. just wanted to see if that was out in the atmosphere