T-Moobile G1 Nand dumped.

Nikropht · 4th December 2008, 03:40 PM

T-Moobile G1 Nand dumped.

Some guys over in the g1-hackers list managed to code a kernel hack that allows you to dump the nand flash.

So here is the nand flash file...

http://www.2shared.com/file/4394944/b791a62e/nand.html

Have Fun!

-Nikropht

ecd · 4th December 2008, 03:47 PM

Thanks for sharing this. You are lightning fast in spreading the word...

The trick was actually simple. The linux kernel on the G1 uses the nand flash as partitioned mtd device. As partitioned device only the separate partitions are readable easily from userland. The "hack" was to double-register the whole device next to the partitions and voila we where able to dump the first pages of the nand containing the boot loader.

In case anything got corrupted on it's way here is another link to the file: http://www.mediafire.com/?akjmuueyiii

Nikropht · 4th December 2008, 03:49 PM

Well I'm eager to facilitate hacking this device.

I'm not totally in love with java and would love to see the G1 run X.

-Nikropht

bhang · 4th December 2008, 03:56 PM

the possible implications of this..?

Im no coder but I do some electronics modding (fones,tivo,consoles,smartcards,hardware hacking) but doesn't this mean that the damn thing is owned/pwned?
So now the bootloader and all the stuff that goog didnt open source is in the wild to be picked apart by the powers that be?

Im just making some assumptions and asking some questions to see just what this does for the g1 and its modding community...

bhang

Nikropht · 4th December 2008, 04:21 PM

Quote:

Originally Posted by bhang

Im no coder but I do some electronics modding (fones,tivo,consoles,smartcards,hardware hacking) but doesn't this mean that the damn thing is owned/pwned?
So now the bootloader and all the stuff that goog didnt open source is in the wild to be picked apart by the powers that be?

Im just making some assumptions and asking some questions to see just what this does for the g1 and its modding community...

bhang

bhang, this is the low level code that runs before the android os launches. What this does is open the door for a hack that will re-root G1's running Rev30.

-Nik

Nikropht · 4th December 2008, 04:22 PM

I noticed something very interesting while looking at the nand dump in my hex editor...
Not only did i see some bits about factory test mode, but at i was scrolling through what seemed to bee all FF's I ran across letters, numbers and symbols made up of the absence of the FF's. This starts at 0x02466B10.

See pic attached.

-Nikropht

sputnik99 · 4th December 2008, 04:48 PM

so again for slowly me...

there is a chance that I got a modded RC30 even if I am on OTA RC30, now?

That are fantastic news.

verbraakje · 4th December 2008, 05:23 PM

can i make a small smile on my face ?

Nikropht · 4th December 2008, 05:34 PM

Quote:

Originally Posted by sputnik99

so again for slowly me...

there is a chance that I got a modded RC30 even if I am on OTA RC30, now?

That are fantastic news.

OK.. we dumped the boot loader for the G1. (The most common linux boot loader is LILO)
This means that after some crazy disassembly, we could write/hack a replacement boot loader.
This would allow us unlimited access to the hardware and then we can run whatever OS the cpu can run.

-Nik