Rooting non-standard Android

199 posts
Thanks Meter: 12
By crzyruski, Senior Member on 28th September 2009, 01:31 AM
Thread Closed Subscribe to Thread Email Thread
Model number: GM_DSTL1
Firmware version: 1.5
Baseband version: 20/05/09,st32,x2a.m1
Kernel version: 2.6.28-svn1368
Build number: CUPCAKE.eng.long.20090720.210535.r1368

Trying to figure out how this could be rooted because I can't seem to use traditional methods like downgrading and 1-click rooting.

If I understand correctly this is possible for me due to CVE-2009-2692

In an effort to try and cover my butt I have backed up all that "adb shell" permission would let me.

Zinx's "Recovery partition flasher for Android" has not been helpful.

Getting my device to use FastBoot seems to be my first step.

Constructive comments?
6th October 2009, 01:02 AM |#2  
crzyruski's Avatar
OP Senior Member
Thanks Meter: 12
Unhappy still no luck
Ruled out the telnetd hack, bummer:
I run telnetd in terminal and it gives me no errors but a port scan doesn't return anything besides port 110(pop3), 25(smtp), and 21(ftp) - none of which have proved useful thus far. Must have been patched with cupcake... or something I'm missing.

Also ran cat /proc/cpuinfo for fun
Processor : XScale-V3 based processor rev 2 (v5l)
BogoMIPS : 103.58
Features : swp half thumb fastmult edsp iwmmxt
CPU implementer : 0x69
CPU architecture: 5TE
CPU variant : 0x0
CPU part : 0x689
CPU revision : 2

Hardware : yuhua X2_V4 on Marvell (Littleton)
Revision : 0004
Serial : 0000000000000000

103.58 is weak sauce... but apparently that is the minimum for the Marvell PXA310 RISC Microprocessor

I wonder if anyone else on this board is bumpin the DSTL1? I may be the lone fish out here
8th October 2009, 03:55 AM |#3  
crzyruski's Avatar
OP Senior Member
Thanks Meter: 12
Thumbs down
Following this guide to get Fastboot aka Engineering Bootloader
I skipped flashing the radio because I figured it had to do with the OTA stuff which doesn't affect my model...

So I downloaded and renamed it to, placed it on my sdcard in the folder "update" (these instructions are specific to my model). In recovery mode I tried to update it but it FAIL.
Last edited by crzyruski; 27th October 2009 at 10:05 AM.
8th October 2009, 04:07 AM |#4  
crzyruski's Avatar
OP Senior Member
Thanks Meter: 12
Post update.log from failed update
Starting recovery on Thu Oct 8 01:22:51 2009
framebuffer: fd 4 (240 x 400)
I:text_cols 24 text_rows 22
E:Can't open /cache/recovery/command
Command: "/sbin/recovery"
persist.service.adb.enable=1 05.r1322 105.r1322 Jul 10 19:15:42 CST 2009,test-keys
ro.board.platform= 1.5 CUPCAKE eng.long.20090710.190105.r1322 ota-rel-keys,test-keys
rild.libargs=-d /dev/ttyp1

RecVer:Fri Jul 10 19:15:42 CST 2009

Recovery tools:
HOME: Sd-card update
CALL: Board test
BACK: Factory reset
POWER: Reboot system

I:Key 102 pressed, alt 0
Search /sdcard/update/*
I:Find file . in /sdcard/update/
I:Find file .. in /sdcard/update/
I:Find file update.log in /sdcard/update/
I:Find file in /sdcard/update/
Find, Home to update
I:Update package /sdcard/update/
Installing /sdcard/update/
Installation failed.
Last edited by crzyruski; 27th October 2009 at 10:06 AM.
8th October 2009, 04:37 AM |#5  
crzyruski's Avatar
OP Senior Member
Thanks Meter: 12
Angry Another Fastboot attempt

Downloaded, renamed it to, placed it on my sdcard in the folder "update" (these instructions are specific to my model). In recovery mode I tried to update it but it FAIL... again.

From the log files it seems this stock recovery system SUCKS...
Last edited by crzyruski; 27th October 2009 at 10:10 AM.
8th October 2009, 05:56 AM |#6  
crzyruski's Avatar
OP Senior Member
Thanks Meter: 12
Another FAIL

Revisiting from my earlier post (#3). Tried to do the Radio Update... Downloaded and renamed it to yada yada yada, you know the rest.
Last edited by crzyruski; 27th October 2009 at 10:10 AM.
8th October 2009, 12:41 PM |#7  
Junior Member
Thanks Meter: 0
Visit "", and you can find how the update system work(it is not a G1). Also take some time to see the install package and hack it.

1. Unzip the package.

2. Copy some missed property app( get from adp1.5) to /system/app/ after diff it with the ADP image.

3. zip the new package.
zip -ry system boot.img

4. update package and wait it bootup.
9th October 2009, 10:48 PM |#8  
crzyruski's Avatar
OP Senior Member
Thanks Meter: 12
Thumbs up Very cool!

That was very cool! Finally some progress

So I was not too off from that path, I had already downloaded the update from General Mobile and had been inspecting the zip file they were trying to shove in my face as a quick fix to their buggy ROM. I was asking the support some very hard questions, which is probably why it has taken them more than their 48 hours to reply to me. (its been 5 days now)

General Mobile's update is
containing the following particularly interesting (to me) files:


Attempt 1
Here I tried to zip up their unmodified package with the suggested -ry arguments and hope that stock recovery takes it and runs with it.


I reviewed wineleven's suggestions noticed he omitted the file update-validate-script

This was probably my problem

Attempt 2
Here I omitted update-validate-script


Attempt 3
Spirits high I go for the gusto:
I downloaded from this forum and embedded it in the location /system/app

Flash SUCCESS, functionality FAIL

I got too excited and put Superuser.apk and su both in the same directory... silly mistake

Attempt 4
This time I put Superuser.apk in /system/app and su in /system/bin

Flash SUCCESS, functionality FAIL

running su in terminal gave me "permission denied" with the following carriage return:


obviously I'm missing something here... but have made progress and feel more confident about this.

More attempts to come. Suggestions and advice is welcome!

Question to those knowledgeable
Why are certain files in the /system/bin included as "links" and not actual files? save space in zip?

Can boot.img be modified? Replaced with a better (more useful) one?

Any ideas on obtaining root?
9th October 2009, 11:38 PM |#9  
crzyruski's Avatar
OP Senior Member
Thanks Meter: 12
Lightbulb Root idea and shortcommings
After reviewing

I may have bin (lol) too hasty with slapping su in /system/bin
But logic tells me it shouldn't matter... bin or xbin

And I feel like permissions are my real issue because my current su (residing in /system/bin)

ls -l /system/bin/su

-rwxr-xr-x root shell 34612 2008-08-01 08:00 su

chmod 6755 /system/bin/su

Unable to chmod su: Read-only file system

^--- in hindsight I see that as a DUH, because I can't remount the /system partition as read/write

More questions
I have always understood chmod to use three digits, why are there four digits now?
Also, what is 's' in terms of permission... is that to see? like hidden files?
Last edited by crzyruski; 9th October 2009 at 11:40 PM. Reason: laughing at my own typos
10th October 2009, 05:45 AM |#10  
crzyruski's Avatar
OP Senior Member
Thanks Meter: 12
Main task accomplished!
After reviewing Cyanogen's experimental ROM I can see where and how he sets permission for su

Trying to emulate his method for myself has been plenty of trial and error, but I have finally done it.

system-update-post-script was the key file that set permissions.
One MUST keep the carriage return at the end of the file - I have a neatfreak habit of cleaning them up.

Also, using the su and Superuser.apk in Cyanogen's latest build kept restarting my device, must be because his kernel is newer than mine.

RapidShare is hosting for 90 days - NEW BUILD HERE
PM me if not avail.

I am not responsible for your new paper-weight mode...
This has worked fine on my device, but I guarantee nothing for yours...
My device is General Mobile's DSTL1 - details in post #1

What you get:
Root access via su and Superuser.apk - procured from XDA forums:

To use:
Your sdcard must contain "update" folder, this is where you will place the zip file after you have renamed it to ""

Happy ROOT

My next task will be to get Cyanogen's ROM to work on my device... seeing as how Cyanogen codes for the popular HTC models, I am left out - and I don't like being left out.

Side quests will be to play with the boot.img, flash the SPL, and maybe get a nice recovery
Particularly I would love to try out nandroid.

@wineleven THANK YOU for the nudge in the right direction!

Thank you:
  • Google for the open source Android OS - without the free SDK wouldn't have been possible for me
  • General Mobile for the nifty device
  • Remote Exploit for BackTrack3/4 - I did most of my work on this Live CD distro
  • XDA-Developers Forum for info and resources: superuser files and Cyanogen's ROM for info
Last edited by crzyruski; 31st October 2009 at 03:19 PM. Reason: new build
10th October 2009, 02:10 PM |#11  
Junior Member
Thanks Meter: 0
congratulation to you.

Some notice:
As this devices is deeply modified based on Android open source and hardware different to G1. So you can not rebuild any system framework APK from open source unless you can get the DSTL1 source code. As i now, one thing we can do is to add some external APK file (API compatible to device, now SDK 1.5) to system. Like the Superuser.apk you do.

Read More
Thread Closed Subscribe to Thread

android, dstl1, dual sim, n21, root, sciphone n21
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes