New phone (RC29) - no console exploit (telnetd)

---

Okay, I had ordered another phone from ebay. The guy had just received it and it was new and unused. It has RC28 on it.
fingerprint= kila-user 1.0 TC4-RC28 114235 ota-rel-keys,release-keys

When I launch /system/bin/telnetd from terminal console I am not getting root. I do not see a process running when I run ps afterwards. Also, I tried typing reboot from the contact, and it is not recycling the phone.

Any chance they have updated the init.rc to close the console bug on an older RC for phones just shipping out from tmobile this past week?

I plan to update to the stock RC29 which I manually updated to on my other phone. I'd really like root before I update to the new RC30 modded, so I can back up my files before overwriting them. [Though, last time I upgraded Google did OTAs right away.]

** Anybody want me to explore the phone for any differences to the standard RC28 to see if the cause for the exploit not working?

-oldsk00lz

Just go ahead and install the official RC29 and you should be able to get root access

Are you sure it's not working? IIRC if you don't connect to telnetd fairly fast, it stops running for some reason. I know that I've had to run it a couple times before I could connect.

As for the root console bug, I've also heard that it closes after some time of the phone being on. Did you try it after a fresh reboot?

Updating to RC28 or RC29, the ones that we mirrored, should activate the console bug again, if they are fixing it.

Yeh, it was not working (telnetd/console exploit) on the RC28 I had. I tried hitting enter to clear any previous commands, tried rebooting, tried back to back calls with telnet right afterwards, telneting locally and from several boxes. Was weird.... Much different than another G1 I had. That's why I was surprised.

Only thing I could think of (besides a tweaked RC28) was that my router could have been acting up.

Anyhow, I moved forward with updating to RC29, getting root, updating to modded RC30, and all is good. Just wanted to throw this out there in case any other recent buyers encountered a similar issue.

SIDENOTE: JesusFreak lived up to his name. I was slightly "freaked" out after the recent upgrade. I went to the System settings and looked to be the standard RC30 fingerprint!!! versus the modded xda one. Thought I may have installed the stock update. :eek: But, everything else is as expected, root, root, and more root. I must have missed a message if he reverted back to the standard fingerprint.

-oldsk00lz

Quote:

Originally Posted by oldsk00lz

SIDENOTE: JesusFreak lived up to his name. I was slightly "freaked" out after the recent upgrade. I went to the System settings and looked to be the standard RC30 fingerprint!!! versus the modded xda one. Thought I may have installed the stock update. :eek: But, everything else is as expected, root, root, and more root. I must have missed a message if he reverted back to the standard fingerprint.

-oldsk00lz

Indeed, I thought the same thing, but it is much, much, much better this way. If JesusFreke left the fingerprint to be the same as the old one, Google would be able to target OTA updates specifically for rooted G1s. This way, if they release an update signed with the test keys, they'd have to have millions of non rooted G1s freak out because they couldn't update.

Quote:

Originally Posted by Gary13579

Indeed, I thought the same thing, but it is much, much, much better this way. If JesusFreke left the fingerprint to be the same as the old one, Google would be able to target OTA updates specifically for rooted G1s. This way, if they release an update signed with the test keys, they'd have to have millions of non rooted G1s freak out because they couldn't update.

Not quite...

First, I don't think Google cares for those of us having root with RC30 moded recovery and keys. They really only care about patching the "average consumers" phone. They have to do it globaly (I mean in the distribution sense) not to get in trouble, or a BIG bug wich is what was patched.

Second, they only have to do the following if they want to put "us" back to stock (if we don't check the update of course AND don't pay attention and apply the update [BIG IF]):

Script the rewrite of recovery.img from their package (before rebooting in the background) to our phones and apply the update.... ... ... that's it.

This will get a bit of the "unaware" people who have root with RC30. But for the more savey of us, no.

Quote:

Originally Posted by quedijo

Script the rewrite of recovery.img from their package (before rebooting in the background) to our phones and apply the update.... ... ... that's it.

This will get a bit of the "unaware" people who have root with RC30. But for the more savey of us, no.

And what good would secretly rewriting recovery.img do? Once JF replaces the recovery.img with the modified one, it doesn't matter how many times they write it to flash, it's still modified.

They don't need to use the update package to take away your root. With modified RC30, any dalvik program that knows and wants to can write directly into /system. If they wanted to get draconian about it, they could push code down from Market to reflash whatever they want in /system.

You said "With modified RC30, any dalvik program that knows and wants to can write directly into /system".

Aren't these apps sandboxed? If they do have access to /system, I assume they would only have access if they ran su, assuming you didn't rename it, and was able to remount system as read/write.

Or am I missing something like a different exploit? root on 'my' phone is great for me, but not good for others.

-oldsk00lz

Quote:

Originally Posted by oldsk00lz

You said "With modified RC30, any dalvik program that knows and wants to can write directly into /system".

Aren't these apps sandboxed? If they do have access to /system, I assume they would only have access if they ran su, assuming you didn't rename it, and was able to remount system as read/write.

Or am I missing something like a different exploit? root on 'my' phone is great for me, but not good for others.

-oldsk00lz

Yeah, by invoking su. Deleting or renaming it is probably the safest bet for now. I doubt any Android devs are actively looking for phones to brick but better safe than sorry.

a new workaround for our very insecure rooted RC30

---

I just read a post here about a better fix for the issue.

This very smart cat, added a password routine to SU and judging by my read of the post it seems to be well implemented, you do have to type some commands and you could pooch your g1 but it seems better than runnin just about as wide open as goog had us...

Without a decent browser getting the link is a pita, if somebody can't find it ill link it when I'm at the desktop

Bhang

*EDIT*
I found the link its just a pain in the arse while typing a message, to all the helpful folks who will want to tell me how to do it, I know how I just think it could be easier

http://forum.xda-developers.com/showthread.php?t=448775