[PRJ] Rooting the Droid Eris
- Thread starter Videofolife13
- Start date
-
- Tags
- desire root access
- Status
I doubt that will have much ground to help anyone, besides the site classifies our phone as motorola which brings like 0 credit to most of the members for not even spotting it. I wonder how much HTC is pissed about everyone calling there phone the "Motorola Drois Eris" If anything I would assume this would have a better chance as it is rooting steps not a rom to flash. http://modmymoto.com/forums/showthread.php?t=526469 its for the cliq which is running 1.5 as well and recently rooted, so i would assume the eris might have a chance?
Last edited:
I think the guys already went over that though, the exploit or whatever can't be used for the Eris or something. I dunno.
RSD-Lite is for Motorola phones. You are welcome to try it... but I doubt it will work for an HTC phone.
There's nothing you can do through the "programming" of the phone on the dial pad that will unlock your ROM to be rootable. You can play around with that stuff yourself if you like... you just need the MSL. I think that it's 6 0's on Verizon, but if not, you can look into CDMA Workshop which will either get you the MSL, reprogram it, or both. On Sprint, the easiest way to get it is to go online and do an ESN swap from your phone and back to your phone. Sprint gives you everything you need but tries to downplay the importance of the numbers.
Basically, the only thing that the Verizon guy is able to do with your phone is to change the MSID (not SID) which looks a lot like a phone number. The MSID is a code that the network uses to push PRL's and other radio programming to your phone (in a very brief, very watered down explanation). The Verizon guy can also change things like Access Overload, Slot Cycles, blah blah blah... everything that has to do with your phone's radio communicating with Verizon's network. While changing these variables can give you a better phone experience, none of them will change the underlying linux programming. These programming variables existed before Android, and exist on every CDMA phone (Verizon, Sprint, Other), it's a cross-phone cross-network radio standard.
Sorry to disappoint.
Just a update for anyone joining the thread i relize that this is over a 100 pages but please if you have some time go back and read it, if nothing else you will get some usefull info. But here is were we are at, we are currently looking and or waiting for new exploits. Any thing from milworm is out, if you look back in the thread you will find some websites that were posted otherwise use google. We are looking for Privilage escalation expliots, anything that is DOS-denial of service will not work.
Also we are looking into Super CID'ing the instructions can be found here http://xdaforums.com/showthread.php?t=559806 but do not try this if you dont know what you are doing, as it will boink your phone real good. And the source needs to be modified to work on our phones.
Any current expliot for android does not work, so we must work together as a team to get this rooted.
And make sure you say thanks to those that help, without it we would not be as far as we are now.
Also we are looking into Super CID'ing the instructions can be found here http://xdaforums.com/showthread.php?t=559806 but do not try this if you dont know what you are doing, as it will boink your phone real good. And the source needs to be modified to work on our phones.
Any current expliot for android does not work, so we must work together as a team to get this rooted.
And make sure you say thanks to those that help, without it we would not be as far as we are now.
Wasn't too much of a disappointment, but thanks for taking the time to explain.
I think at this point... anything in fastboot could help. This is like a "secret programming mode" that HTC, Google, and Verizon don't expect the "normal" person to get into. So... it's probably not as locked down as the rest of the OS.
p.s. Sorry for the "quotes", but sometimes it helps me get my "point" across...lol
And i dont use the "quotes" because most of the time i am on my phone and it is just a pain in the but.... lol
but back to the pulseauidio I found a exploit for it but it may need to be modified.
"Put files in /tmp/pulseaudio-exp (or change config.h). Must be on
same fs as the pulseaudio binary."
So you know way more than me on this but can we somhow make this one workable?
also here is a few more variations of the same thing.
http://www.securityfocus.com/bid/35721/exploit
here is the config.h
i think we would need to change the "#define PATH "/tmp/pulseaudio-exp" to /data/local/ and also
we dont have sbin so not sure where to change that one?
*Edit*
Also we need to change "define VULNBIN "/usr/bin/pulseaudio" to wereever pulseaudio is?
Code:
// take a wild guess
#define VULNBIN "/usr/bin/pulseaudio"
// current dir must be on the same fs as VULNBIN. example /var/tmp/bull or /tmp/bull
// without a final slash
#define PATH "/tmp/pulseaudio-exp"
// where we will put shell axx
#define PATHSHELL "/sbin/axx"i think we would need to change the "#define PATH "/tmp/pulseaudio-exp" to /data/local/ and also
Code:
// where we will put shell axx
#define PATHSHELL "/sbin/axx"*Edit*
Also we need to change "define VULNBIN "/usr/bin/pulseaudio" to wereever pulseaudio is?
Last edited:
ok... your homework... find out if pulseaudio is part of Android. If so, where are the executables. The exploit reads that the vulnerability must be in the same file system as pulse audio. If this can be executed from /proc, we could be OK, but if it must be in /system anywhere, it's a losing battle.
To find the executable, use "find -name {the name of the file you're looking for}" from the root (/) directory. If your phone doesn't have find already, go ahead and grab a copy of busybox for Android (I think I've posted the link here before, but I know you can find it in xda someplace), and put busybox in /data/local and make a symbolic link (ln) to it for "find". then /data/local/find -name {whatever}
I'm off to AfterChristmasShop with the love of my life... so I can look at it more later this evening or tomorrow at work.
Can anyone pull these files and we may get somewhere with this, the jackpot most likely is the ls file!!
\system\bin\ls
\system\bin\mkdir
\system\bin\rm
\system\bin\mount
\system\bin\kill
\system\bin\setconsole
I'm pretty sure pulseaudio is part of the Android system. I'll look for the info in the system dump I did. The weird thing is you don't need su to run \system\bin\dumpstate? Why??
*update*
pulseaudio is the audio control for the whole phone. I don't think there would be an exploit linking to the root user with this app, look somewhere else. Can anyone confirm if there is a shell window built in to the phone. Hidden or not, it would so help!
Last edited:
My bad, I posted a link to the wrong site. I meant this one. http://www.androidspin.com/forum/viewtopic.php?f=124&t=132
Hmm I tried pulling the ls file..nothing. Something I'm not doing right?Can anyone pull these files and we may get somewhere with this, the jackpot most likely is the ls file!!
\system\bin\ls
\system\bin\mkdir
\system\bin\rm
\system\bin\mount
\system\bin\kill
\system\bin\setconsole
- Status
Similar threads
