Rooting non-standard Android

crzyruski · Sep 28, 2009

Model number: GM_DSTL1
Firmware version: 1.5
Baseband version: 20/05/09,st32,x2a.m1
Kernel version: 2.6.28-svn1368
Build number: CUPCAKE.eng.long.20090720.210535.r1368

Trying to figure out how this could be rooted because I can't seem to use traditional methods like downgrading and 1-click rooting.

If I understand correctly this is possible for me due to CVE-2009-2692

In an effort to try and cover my butt I have backed up all that "adb shell" permission would let me.

Zinx's "Recovery partition flasher for Android" has not been helpful.

Getting my device to use FastBoot seems to be my first step.

Constructive comments?

crzyruski · Oct 6, 2009

still no luck

Ruled out the telnetd hack, bummer:
I run telnetd in terminal and it gives me no errors but a port scan doesn't return anything besides port 110(pop3), 25(smtp), and 21(ftp) - none of which have proved useful thus far. Must have been patched with cupcake... or something I'm missing.

Also ran cat /proc/cpuinfo for fun
--------------------------------
Processor : XScale-V3 based processor rev 2 (v5l)
BogoMIPS : 103.58
Features : swp half thumb fastmult edsp iwmmxt
CPU implementer : 0x69
CPU architecture: 5TE
CPU variant : 0x0
CPU part : 0x689
CPU revision : 2

Hardware : yuhua X2_V4 on Marvell (Littleton)
Revision : 0004
Serial : 0000000000000000
-----------------------------------------------------

103.58 is weak sauce... but apparently that is the minimum for the Marvell PXA310 RISC Microprocessor

I wonder if anyone else on this board is bumpin the DSTL1? I may be the lone fish out here

crzyruski · Oct 8, 2009

Following this guide to get Fastboot aka Engineering Bootloader
I skipped flashing the radio because I figured it had to do with the OTA stuff which doesn't affect my model...

So I downloaded spl-signed.zip and renamed it to update.zip, placed it on my sdcard in the folder "update" (these instructions are specific to my model). In recovery mode I tried to update it but it FAIL.

crzyruski · Oct 8, 2009

update.log from failed update

Starting recovery on Thu Oct 8 01:22:51 2009
framebuffer: fd 4 (240 x 400)
I:text_cols 24 text_rows 22
E:Can't open /cache/recovery/command
Command: "/sbin/recovery"

ro.secure=1
ro.allow.mock.location=0
ro.debuggable=0
persist.service.adb.enable=1
ro.build.id=CUPCAKE
ro.build.display.id=CUPCAKE.eng.long.20090710.190105.r1322
ro.build.version.incremental=eng.long.20090710.190105.r1322
ro.build.version.sdk=3
ro.build.version.release=1.5
ro.build.date=Fri Jul 10 19:15:42 CST 2009
ro.build.date.utc=1247224542
ro.build.type=user
ro.build.user=long
ro.build.host=long-desktop
ro.build.tags=ota-rel-keys,test-keys
ro.product.model=GM_DSTL1
ro.product.brand=generic
ro.product.name=gm_x2
ro.product.device=x2
ro.product.board=x2a_v4
ro.product.manufacturer=yh
ro.product.locale.language=en
ro.product.locale.region=US
ro.board.platform=
ro.build.product=x2
ro.build.description=gm_x2-user 1.5 CUPCAKE eng.long.20090710.190105.r1322 ota-rel-keys,test-keys
rild.libpath=/system/lib/libyh-ril.so
rild.libargs=-d /dev/ttyp1
persist.gsm.dual.mode.phone=1
persist.gsm.sim.active.phone=GSM1
sms.supports.national.lang=1
wifi.interface=eth0
ro.config.sm_notification_snd=notf_gm_02.ogg
ro.config.sm_notification_snd_2=notf_gm_02.ogg
ro.config.notification_sound=F1_New_SMS.ogg
ro.config.ringtone=GM_01.ogg
ro.config.ringtone_2=GM_01.ogg
ro.config.sync=yes
net.bt.name=Android
net.change=net.bt.name
dalvik.vm.stack-trace-file=/data/anr/traces.txt
ro.factorytest=0
ro.serialno=
ro.bootmode=unknown
ro.baseband=unknown
ro.carrier=unknown
ro.bootloader=unknown
ro.hardware=yuhua
ro.revision=4
init.svc.recovery=running
init.svc.adbd=running
init.svc.yuhua-board-init=stopped
ro.kernel.android.qemud=0
ro.radio.use-ppp=no
ro.com.google.locationfeatures=1

RecVer:Fri Jul 10 19:15:42 CST 2009

Recovery tools:
HOME: Sd-card update
CALL: Board test
BACK: Factory reset
POWER: Reboot system

I:Key 102 pressed, alt 0
Search /sdcard/update/*
I:Find file . in /sdcard/update/
I:Find file .. in /sdcard/update/
I:Find file update.log in /sdcard/update/
I:Find file update.zip in /sdcard/update/
Find update.zip, Home to update
I:Update package /sdcard/update/update.zip
Installing /sdcard/update/update.zip
Installation failed.

crzyruski · Oct 8, 2009

Another Fastboot attempt

http://android-dls.com/wiki/index.php?title=Engineering_Bootloader

Downloaded update.xxx, renamed it to update.zip, placed it on my sdcard in the folder "update" (these instructions are specific to my model). In recovery mode I tried to update it but it FAIL... again.

From the log files it seems this stock recovery system SUCKS...

crzyruski · Oct 8, 2009

Another FAIL

Revisiting http://xdaforums.com/showthread.php?t=532719 from my earlier post (#3). Tried to do the Radio Update... Downloaded ota-radio-2_22_19_26I.zip and renamed it to update.zip... yada yada yada, you know the rest.

wineleven · Oct 8, 2009

Visit "http://www.generalmobile.com/index.asp?action=Android_Phones/DSTL1_support", and you can find how the update system work(it is not a G1

). Also take some time to see the install package and hack it.

1. Unzip the package.
unzip Android_20090826_r1502.zip

2. Copy some missed property app(http://www.sendspace.com/file/dii80c get from adp1.5) to /system/app/ after diff it with the ADP image.

3. zip the new package.
zip Android_20090826_r1502_hack.zip -ry system boot.img

4. update package and wait it bootup.

crzyruski · Oct 9, 2009

Very cool!

@wineleven
THANKS!

That was very cool! Finally some progress

So I was not too off from that path, I had already downloaded the update from General Mobile and had been inspecting the zip file they were trying to shove in my face as a quick fix to their buggy ROM. I was asking the support some very hard questions, which is probably why it has taken them more than their 48 hours to reply to me. (its been 5 days now)

General Mobile's update is Android_20090826_r1502.zip
containing the following particularly interesting (to me) files:

/system/build.prop
/system/system-update-post-script
/boot.img
/update-validate-script

Attempt 1
Here I tried to zip up their unmodified package with the suggested -ry arguments and hope that stock recovery takes it and runs with it.

FAIL

I reviewed wineleven's suggestions noticed he omitted the file update-validate-script

This was probably my problem

Attempt 2
Here I omitted update-validate-script

SUCCESS!

Attempt 3
Spirits high I go for the gusto:
I downloaded superuser.zip from this forum and embedded it in the location /system/app

Flash SUCCESS, functionality FAIL

I got too excited and put Superuser.apk and su both in the same directory... silly mistake

Attempt 4
This time I put Superuser.apk in /system/app and su in /system/bin

Flash SUCCESS, functionality FAIL

running su in terminal gave me "permission denied" with the following carriage return:

here1here2here3here4$

obviously I'm missing something here... but have made progress and feel more confident about this.

More attempts to come. Suggestions and advice is welcome!

Question to those knowledgeable
Why are certain files in the /system/bin included as "links" and not actual files? save space in zip?

Can boot.img be modified? Replaced with a better (more useful) one?

Any ideas on obtaining root?

crzyruski · Oct 9, 2009

Root idea and shortcommings

After reviewing http://android-dls.com/wiki/index.php?title=Magic_Root_Access

I may have bin (lol) too hasty with slapping su in /system/bin
But logic tells me it shouldn't matter... bin or xbin

And I feel like permissions are my real issue because my current su (residing in /system/bin)

command
ls -l /system/bin/su

returns
-rwxr-xr-x root shell 34612 2008-08-01 08:00 su

command
chmod 6755 /system/bin/su

returns
Unable to chmod su: Read-only file system

^--- in hindsight I see that as a DUH, because I can't remount the /system partition as read/write

More questions
I have always understood chmod to use three digits, why are there four digits now?
Also, what is 's' in terms of permission... is that to see? like hidden files?

crzyruski · Oct 10, 2009

Main task accomplished!

After reviewing Cyanogen's experimental ROM I can see where and how he sets permission for su

Trying to emulate his method for myself has been plenty of trial and error, but I have finally done it.

system-update-post-script was the key file that set permissions.
One MUST keep the carriage return at the end of the file - I have a neatfreak habit of cleaning them up.

Also, using the su and Superuser.apk in Cyanogen's latest build kept restarting my device, must be because his kernel is newer than mine.

RapidShare is hosting for 90 days Android_20090826_r1502_rooted.zip - NEW BUILD HERE
MD5: F1DE9A270CDDF01ADEE708B6660B7AFA
PM me if not avail.

NOTE:
I am not responsible for your new paper-weight mode...
This has worked fine on my device, but I guarantee nothing for yours...
My device is General Mobile's DSTL1 - details in post #1

What you get:
Root access via su and Superuser.apk - procured from XDA forums: http://xdaforums.com/attachment.php?attachmentid=211569&d=1249225060

To use:
Your sdcard must contain "update" folder, this is where you will place the zip file after you have renamed it to "update.zip"

Happy ROOT

------------------------------------------
My next task will be to get Cyanogen's ROM to work on my device... seeing as how Cyanogen codes for the popular HTC models, I am left out - and I don't like being left out.

Side quests will be to play with the boot.img, flash the SPL, and maybe get a nice recovery

Particularly I would love to try out nandroid.

@wineleven THANK YOU for the nudge in the right direction!

Thank you:

Google for the open source Android OS - without the free SDK wouldn't have been possible for me
General Mobile for the nifty device
Remote Exploit for BackTrack3/4 - I did most of my work on this Live CD distro
XDA-Developers Forum for info and resources: superuser files and Cyanogen's ROM for info

wineleven · Oct 10, 2009

congratulation to you.

Some notice:
As this devices is deeply modified based on Android open source and hardware different to G1. So you can not rebuild any system framework APK from open source unless you can get the DSTL1 source code. As i now, one thing we can do is to add some external APK file (API compatible to device, now SDK 1.5) to system. Like the Superuser.apk you do

.

jlcd · Oct 23, 2009

crzyruski said:
After reviewing Cyanogen's experimental ROM I can see where and how he sets permission for su

Trying to emulate his method for myself has been plenty of trial and error, but I have finally done it.

system-update-post-script was the key file that set permissions.
One MUST keep the carriage return at the end of the file - I have a neatfreak habit of cleaning them up.

Also, using the su and Superuser.apk in Cyanogen's latest build kept restarting my device, must be because his kernel is newer than mine.

RapidShare is hosting for 90 days Android_20090826_r1502_rooted.zip
MD5: C3C13F6DC75BF6F86E5C9E41D7FB4C59
PM me if not avail.

NOTE:
I am not responsible for your new paper-weight mode...
This has worked fine on my device, but I guarantee nothing for yours...
My device is General Mobile's DSTL1 - details in post #1

What you get:
Root access via su and Superuser.apk - procured from XDA forums: http://xdaforums.com/attachment.php?attachmentid=211569&d=1249225060

To use:
Your sdcard must contain "update" folder, this is where you will place the zip file after you have renamed it to "update.zip"

Happy ROOT

------------------------------------------
My next task will be to get Cyanogen's ROM to work on my device... seeing as how Cyanogen codes for the popular HTC models, I am left out - and I don't like being left out.

Side quests will be to play with the boot.img, flash the SPL, and maybe get a nice recovery
Particularly I would love to try out nandroid.

Hi crzyruski

I'm a new android and DSTL1 user and this information is cool

it's easy to do for a newbie as I?

crzyruski · Oct 23, 2009

What do you mean easy? What would you like to do?

I took General Mobile's only update: http://www.generalmobile.com/index.asp?action=Android_Phones/DSTL1_support and gave it ROOT. If this is all you want to do, I have compiled the package already for you in my post above. If you want to do it manually then read the whole thread to see how I did it.

If you want to use my compiled package, it is easy.

Then again, I don't know if anyone else has tried it. It worked for me.

You are only the second individual to inquire about it, I am not sure if the other fellow had any luck - he hasn't replied to me.

Hope this helps.

Keep in touch!

jlcd · Oct 23, 2009

I only have 3 days with Android, but I think that I want to get root access. The only thing I have to do is a second "update" with your package, isn't it?

I'm going to look for a backup system program first...

Can I have problems to update from General Mobile support web in a future? (i.e Android 2.0)

crzyruski · Oct 23, 2009

It does not need to be second. That is your choice. You can use it in any order. This is not a patch so order is no relevant.

My package is basically the original General Mobile update + 2 files.

These two files are su and Superuser.apk - nothing special (except that you will obtain root access on demand)

I currently only utilize root access to run Advanced Task Manager.
And in the future I want to overclock because I feel the DSTL1 is greatly underclocked though it should max out at ~600Mhz.

Good luck with a backup program as I have not found any free versions and NAndroid is ideal but not not yet possible as you have to flash the SPL and I am not aware how to do this for DSTL1 though I am sure it is possible.

Please let me know what you end up using to backup, if you do.

I would like to note that I am not all knowing and if something goes wrong I am sorry, but can't take responsibility.
There is no reason you should not be able to update from my package to another like: original 1.5 or new 1.6 or future 2.0 (whenever it comes out).
Hopefully when those come out I will be able to modify them similarly and make them available.

But you mentioned you will only have the device for 3 days, do you suppose 2.0 will be released within this time?

-crzyruski

jlcd · Oct 24, 2009

crzyruski said:
Please let me know what you end up using to backup, if you do.

But you mentioned you will only have the device for 3 days, do you suppose 2.0 will be released within this time?

-crzyruski

I'm going to try with My Backup Pro

And about 2.0 this all I know...

http://www.boygeniusreport.com/2009/10/16/android-2-0-screenshot-walkthrough/

crzyruski · Oct 24, 2009

Good luck to you.

I think I may begin working on some more DSTL1 hacks.
Please keep me updated with your progress

jlcd · Oct 25, 2009

I only have to do ALL this process with your zip, isn't it?

How to Install the Product Update:
Create a folder at the top-level of your memory card called 'update' , and copy file '*.zip' into your phone's memory card.

Make sure your phone is off, and press the Home key together with the Power & End key to enter the recovery mode, do the operations following the UI indication:
1- Press the Home key to search the zip file from your memory card, and press the Home key again to update the software.
2- Press the Call key to do board test.
3- Press the Back key to restore the factory settings.
4- Press the Power & End key to reboot your phone after update finishes.

crzyruski · Oct 26, 2009

Looks correct to me. Tell me how it works out.

jlcd · Oct 26, 2009

crzyruski said:
Looks correct to me. Tell me how it works out.

I've done it! and all seems to be ok...

Thank you crzyruski.

I'll be waitng for your future DSTL1 hacks.

Rooting non-standard Android

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Member

Senior Member

Senior Member

Senior Member

Member

Member

Senior Member

Member

Senior Member

Member

Senior Member

Member

Senior Member

Member

Similar threads