5,606,588 Members 36,146 Now Online
XDA Developers Android and Mobile Development Forum

Rooting non-standard Android

Tip us?
 
crzyruski
Old
#1  
crzyruski's Avatar
Senior Member - OP
Thanks Meter 12
Posts: 199
Join Date: Sep 2009
Question Rooting non-standard Android

Model number: GM_DSTL1
Firmware version: 1.5
Baseband version: 20/05/09,st32,x2a.m1
Kernel version: 2.6.28-svn1368
Build number: CUPCAKE.eng.long.20090720.210535.r1368

Trying to figure out how this could be rooted because I can't seem to use traditional methods like downgrading and 1-click rooting.

If I understand correctly this is possible for me due to CVE-2009-2692

In an effort to try and cover my butt I have backed up all that "adb shell" permission would let me.

Zinx's "Recovery partition flasher for Android" has not been helpful.

Getting my device to use FastBoot seems to be my first step.

Constructive comments?
 
crzyruski
Old
#2  
crzyruski's Avatar
Senior Member - OP
Thanks Meter 12
Posts: 199
Join Date: Sep 2009
Unhappy still no luck

Ruled out the telnetd hack, bummer:
I run telnetd in terminal and it gives me no errors but a port scan doesn't return anything besides port 110(pop3), 25(smtp), and 21(ftp) - none of which have proved useful thus far. Must have been patched with cupcake... or something I'm missing.

Also ran cat /proc/cpuinfo for fun
--------------------------------
Processor : XScale-V3 based processor rev 2 (v5l)
BogoMIPS : 103.58
Features : swp half thumb fastmult edsp iwmmxt
CPU implementer : 0x69
CPU architecture: 5TE
CPU variant : 0x0
CPU part : 0x689
CPU revision : 2

Hardware : yuhua X2_V4 on Marvell (Littleton)
Revision : 0004
Serial : 0000000000000000
-----------------------------------------------------

103.58 is weak sauce... but apparently that is the minimum for the Marvell PXA310 RISC Microprocessor

I wonder if anyone else on this board is bumpin the DSTL1? I may be the lone fish out here
 
crzyruski
Old
(Last edited by crzyruski; 27th October 2009 at 09:05 AM.)
#3  
crzyruski's Avatar
Senior Member - OP
Thanks Meter 12
Posts: 199
Join Date: Sep 2009
Following this guide to get Fastboot aka Engineering Bootloader
I skipped flashing the radio because I figured it had to do with the OTA stuff which doesn't affect my model...

So I downloaded spl-signed.zip and renamed it to update.zip, placed it on my sdcard in the folder "update" (these instructions are specific to my model). In recovery mode I tried to update it but it FAIL.
 
crzyruski
Old
(Last edited by crzyruski; 27th October 2009 at 09:06 AM.)
#4  
crzyruski's Avatar
Senior Member - OP
Thanks Meter 12
Posts: 199
Join Date: Sep 2009
Post update.log from failed update

Starting recovery on Thu Oct 8 01:22:51 2009
framebuffer: fd 4 (240 x 400)
I:text_cols 24 text_rows 22
E:Can't open /cache/recovery/command
Command: "/sbin/recovery"

ro.secure=1
ro.allow.mock.location=0
ro.debuggable=0
persist.service.adb.enable=1
ro.build.id=CUPCAKE
ro.build.display.id=CUPCAKE.eng.long.20090710.1901 05.r1322
ro.build.version.incremental=eng.long.20090710.190 105.r1322
ro.build.version.sdk=3
ro.build.version.release=1.5
ro.build.date=Fri Jul 10 19:15:42 CST 2009
ro.build.date.utc=1247224542
ro.build.type=user
ro.build.user=long
ro.build.host=long-desktop
ro.build.tags=ota-rel-keys,test-keys
ro.product.model=GM_DSTL1
ro.product.brand=generic
ro.product.name=gm_x2
ro.product.device=x2
ro.product.board=x2a_v4
ro.product.manufacturer=yh
ro.product.locale.language=en
ro.product.locale.region=US
ro.board.platform=
ro.build.product=x2
ro.build.description=gm_x2-user 1.5 CUPCAKE eng.long.20090710.190105.r1322 ota-rel-keys,test-keys
rild.libpath=/system/lib/libyh-ril.so
rild.libargs=-d /dev/ttyp1
persist.gsm.dual.mode.phone=1
persist.gsm.sim.active.phone=GSM1
sms.supports.national.lang=1
wifi.interface=eth0
ro.config.sm_notification_snd=notf_gm_02.ogg
ro.config.sm_notification_snd_2=notf_gm_02.ogg
ro.config.notification_sound=F1_New_SMS.ogg
ro.config.ringtone=GM_01.ogg
ro.config.ringtone_2=GM_01.ogg
ro.config.sync=yes
net.bt.name=Android
net.change=net.bt.name
dalvik.vm.stack-trace-file=/data/anr/traces.txt
ro.factorytest=0
ro.serialno=
ro.bootmode=unknown
ro.baseband=unknown
ro.carrier=unknown
ro.bootloader=unknown
ro.hardware=yuhua
ro.revision=4
init.svc.recovery=running
init.svc.adbd=running
init.svc.yuhua-board-init=stopped
ro.kernel.android.qemud=0
ro.radio.use-ppp=no
ro.com.google.locationfeatures=1

RecVer:Fri Jul 10 19:15:42 CST 2009

Recovery tools:
HOME: Sd-card update
CALL: Board test
BACK: Factory reset
POWER: Reboot system

I:Key 102 pressed, alt 0
Search /sdcard/update/*
I:Find file . in /sdcard/update/
I:Find file .. in /sdcard/update/
I:Find file update.log in /sdcard/update/
I:Find file update.zip in /sdcard/update/
Find update.zip, Home to update
I:Update package /sdcard/update/update.zip
Installing /sdcard/update/update.zip
Installation failed.
 
crzyruski
Old
(Last edited by crzyruski; 27th October 2009 at 09:10 AM.)
#5  
crzyruski's Avatar
Senior Member - OP
Thanks Meter 12
Posts: 199
Join Date: Sep 2009
Angry Another Fastboot attempt

http://android-dls.com/wiki/index.ph...ing_Bootloader

Downloaded update.xxx, renamed it to update.zip, placed it on my sdcard in the folder "update" (these instructions are specific to my model). In recovery mode I tried to update it but it FAIL... again.

From the log files it seems this stock recovery system SUCKS...
 
crzyruski
Old
(Last edited by crzyruski; 27th October 2009 at 09:10 AM.)
#6  
crzyruski's Avatar
Senior Member - OP
Thanks Meter 12
Posts: 199
Join Date: Sep 2009
Another FAIL

Revisiting http://forum.xda-developers.com/showthread.php?t=532719 from my earlier post (#3). Tried to do the Radio Update... Downloaded ota-radio-2_22_19_26I.zip and renamed it to update.zip... yada yada yada, you know the rest.
 
wineleven
Old
#7  
Junior Member
Thanks Meter 0
Posts: 9
Join Date: Jun 2009
Visit "http://www.generalmobile.com/index.asp?action=Android_Phones/DSTL1_support", and you can find how the update system work(it is not a G1). Also take some time to see the install package and hack it.

1. Unzip the package.
unzip Android_20090826_r1502.zip

2. Copy some missed property app(http://www.sendspace.com/file/dii80c get from adp1.5) to /system/app/ after diff it with the ADP image.

3. zip the new package.
zip Android_20090826_r1502_hack.zip -ry system boot.img

4. update package and wait it bootup.
 
crzyruski
Old
#8  
crzyruski's Avatar
Senior Member - OP
Thanks Meter 12
Posts: 199
Join Date: Sep 2009
Thumbs up Very cool!

@wineleven
THANKS!

That was very cool! Finally some progress

So I was not too off from that path, I had already downloaded the update from General Mobile and had been inspecting the zip file they were trying to shove in my face as a quick fix to their buggy ROM. I was asking the support some very hard questions, which is probably why it has taken them more than their 48 hours to reply to me. (its been 5 days now)

General Mobile's update is Android_20090826_r1502.zip
containing the following particularly interesting (to me) files:

/system/build.prop
/system/system-update-post-script
/boot.img
/update-validate-script


Attempt 1
Here I tried to zip up their unmodified package with the suggested -ry arguments and hope that stock recovery takes it and runs with it.

FAIL

I reviewed wineleven's suggestions noticed he omitted the file update-validate-script

This was probably my problem

Attempt 2
Here I omitted update-validate-script

SUCCESS!

Attempt 3
Spirits high I go for the gusto:
I downloaded superuser.zip from this forum and embedded it in the location /system/app

Flash SUCCESS, functionality FAIL

I got too excited and put Superuser.apk and su both in the same directory... silly mistake

Attempt 4
This time I put Superuser.apk in /system/app and su in /system/bin

Flash SUCCESS, functionality FAIL

running su in terminal gave me "permission denied" with the following carriage return:

here1here2here3here4$

obviously I'm missing something here... but have made progress and feel more confident about this.

More attempts to come. Suggestions and advice is welcome!

Question to those knowledgeable
Why are certain files in the /system/bin included as "links" and not actual files? save space in zip?

Can boot.img be modified? Replaced with a better (more useful) one?

Any ideas on obtaining root?
 
crzyruski
Old
(Last edited by crzyruski; 9th October 2009 at 10:40 PM.) Reason: laughing at my own typos
#9  
crzyruski's Avatar
Senior Member - OP
Thanks Meter 12
Posts: 199
Join Date: Sep 2009
Lightbulb Root idea and shortcommings

After reviewing http://android-dls.com/wiki/index.ph...ic_Root_Access

I may have bin (lol) too hasty with slapping su in /system/bin
But logic tells me it shouldn't matter... bin or xbin

And I feel like permissions are my real issue because my current su (residing in /system/bin)

command
ls -l /system/bin/su

returns
-rwxr-xr-x root shell 34612 2008-08-01 08:00 su

command
chmod 6755 /system/bin/su

returns
Unable to chmod su: Read-only file system

^--- in hindsight I see that as a DUH, because I can't remount the /system partition as read/write


More questions
I have always understood chmod to use three digits, why are there four digits now?
Also, what is 's' in terms of permission... is that to see? like hidden files?
 
crzyruski
Old
(Last edited by crzyruski; 31st October 2009 at 02:19 PM.) Reason: new build
#10  
crzyruski's Avatar
Senior Member - OP
Thanks Meter 12
Posts: 199
Join Date: Sep 2009
Default Main task accomplished!

After reviewing Cyanogen's experimental ROM I can see where and how he sets permission for su

Trying to emulate his method for myself has been plenty of trial and error, but I have finally done it.

system-update-post-script was the key file that set permissions.
One MUST keep the carriage return at the end of the file - I have a neatfreak habit of cleaning them up.

Also, using the su and Superuser.apk in Cyanogen's latest build kept restarting my device, must be because his kernel is newer than mine.

RapidShare is hosting for 90 days Android_20090826_r1502_rooted.zip - NEW BUILD HERE
MD5: F1DE9A270CDDF01ADEE708B6660B7AFA
PM me if not avail.

NOTE:
I am not responsible for your new paper-weight mode...
This has worked fine on my device, but I guarantee nothing for yours...
My device is General Mobile's DSTL1 - details in post #1

What you get:
Root access via su and Superuser.apk - procured from XDA forums: http://forum.xda-developers.com/atta...9&d=1249225060

To use:
Your sdcard must contain "update" folder, this is where you will place the zip file after you have renamed it to "update.zip"

Happy ROOT

------------------------------------------
My next task will be to get Cyanogen's ROM to work on my device... seeing as how Cyanogen codes for the popular HTC models, I am left out - and I don't like being left out.

Side quests will be to play with the boot.img, flash the SPL, and maybe get a nice recovery
Particularly I would love to try out nandroid.

@wineleven THANK YOU for the nudge in the right direction!

Thank you:
  • Google for the open source Android OS - without the free SDK wouldn't have been possible for me
  • General Mobile for the nifty device
  • Remote Exploit for BackTrack3/4 - I did most of my work on this Live CD distro
  • XDA-Developers Forum for info and resources: superuser files and Cyanogen's ROM for info

Tags
android, dstl1, dual sim, n21, root, sciphone n21
THREAD CLOSED
Subscribe
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


XDA PORTAL POSTS

Speed up the ROM or Kernel Build Process

Creating a kernel, ROM, or any other development projectrequires knowledge and tools. While … more

Google Glass Now Open to Anyone… with $1500 to Spend (Update: Not Anymore)

Google Glass, which recently received its official update … more

Android 4.4.2 OTA Now Available for the Verizon Droid DNA

A couple of days ago, we talked about how the Android 4.4.2 upgrade for the HTC … more