[DISCUSSION][SOLVED] ROOTING G2 Vision T-mobile

Status
Not open for further replies.
Search This thread

uta8111

Senior Member
Jul 10, 2006
88
25
Upon minor reflection, it would appear that temporary root will likely be useless in the long run unless permanent root is achieved. Without permanent root, there's presumably no way to prevent standard OTA upgrades, one of which is bound to close the temporary root access method at some stage. Correct?
 

damnoregonian

Senior Member
Jun 28, 2007
110
13
Seattle
The chip is enabled to make sections permanently read only, I think it's write protection that is not permanently enabled, but it enabled as soon as the device powers up.

It doesn't give anything other than context, but from the data sheet for the eMMC:

sooo... we have dumps of the running csd and ext_csd registers :)
tell me if we're working with power-on or temporary enabled after power-on wp mr. perl binary decoder man :)
 

sino8r

Senior Member
Sep 7, 2006
3,551
735
Birmingham, Alabama
The chip is enabled to make sections permanently read only, I think it's write protection that is not permanently enabled, but it enabled as soon as the device powers up.

It doesn't give anything other than context, but from the data sheet for the eMMC:

All that means to me is that stuff will have to be written and changed in recovery, right? Well, once we figured out how to enable writing, period.
 

damnoregonian

Senior Member
Jun 28, 2007
110
13
Seattle
Upon minor reflection, it would appear that temporary root will likely be useless in the long run unless permanent root is achieved. Without permanent root, there's presumably no way to prevent standard OTA upgrades, one of which is bound to close the temporary root access method at some stage. Correct?

bingo.... well, short of remembering to wipe your /cache before ever powering down or rebooting your phone, lol.
 

sino8r

Senior Member
Sep 7, 2006
3,551
735
Birmingham, Alabama
Upon minor reflection, it would appear that temporary root will likely be useless in the long run unless permanent root is achieved. Without permanent root, there's presumably no way to prevent standard OTA upgrades, one of which is bound to close the temporary root access method at some stage. Correct?

That's just silly...

Oppsy... nevermind. I see what you saying now. That won't be an issue though.
 
Last edited:

craisis

Member
Dec 3, 2009
15
0
Boulder
Will it root?

Sooooo..... what are the odds this thing will get rooted?

Sent from my T-Mobile G2 using XDA App

I have no doubt it my mind it will be rooted at some point. It might not be easy, but it is definitely doable.

Now I'm not willing to make any actual bets... but I won't return my G2 (when I get one... contract up for renewal in 6 more days...) even if it doesn't look like a root exploit will be right away... But we're still in the infancy of searching for a root exploit.
 

damnoregonian

Senior Member
Jun 28, 2007
110
13
Seattle
All that means to me is that stuff will have to be written and changed in recovery, right? Well, once we figured out how to enable writing, period.

until we get the kernel source and make the damn thing remove wp at boot, ya, assuming we can remove wp *period*, changes to system will have to happen in recovery - or after an elaborate setup.

it's utterly unsafe to make changes to /system from within android, even after wp has been removed.

toggling off wp without a flushed cache could leave you with a fubar'd /system.
the only safe way to do it is to remount /system ro, flush cache (removing modifications), insmod our un-wp modules, re-root, remount rw, then make changes.
 

sino8r

Senior Member
Sep 7, 2006
3,551
735
Birmingham, Alabama
until we get the kernel source and make the damn thing remove wp at boot, ya, assuming we can remove wp *period*, changes to system will have to happen in recovery - or after an elaborate setup.

it's utterly unsafe to make changes to /system from within android, even after wp has been removed.

toggling off wp without a flushed cache could leave you with a fubar'd /system.
the only safe way to do it is to remount /system ro, flush cache (removing modifications), insmod our un-wp modules, re-root, remount rw, then make changes.

Yeah... yeah... we used to be able to do such things. They were safe if you knew what you were doing and a back up or a rom to flash and fix it with. Those days are over, I gues..
 

damnoregonian

Senior Member
Jun 28, 2007
110
13
Seattle
Yeah... yeah... we used to be able to do such things. They were safe if you knew what you were doing and a back up or a rom to flash and fix it with. Those days are over, I gues..

ya - that's why i really really wish we had a stock rom we could flash from hboot.
i'm a little scared to go forward even if i can turn off the wp groups.
filesystems really don't like it when what's on disk doesn't jive with what they think they have written, and i really don't feel like rendering my phone incapable of booting, stuck with a brick until someone releases an ota update on the net.
 

sino8r

Senior Member
Sep 7, 2006
3,551
735
Birmingham, Alabama
ya - that's why i really really wish we had a stock rom we could flash from hboot.
i'm a little scared to go forward even if i can turn off the wp groups.
filesystems really don't like it when what's on disk doesn't jive with what they think they have written, and i really don't feel like rendering my phone incapable of booting, stuck with a brick until someone releases an ota update on the net.

I'm not too worried. I've bricked a phone or two and have sent them back no problem. Of course, they were truely bricked. Bad spl, etc. Won't turn on so they couldn't prove crap. Hehehehe! Tmobile don't check them for bricked unless its obvious... in that case it wasn't bricked anyways. They just check for water damage and physical damage, mainly.
 

techdaring

Member
Oct 8, 2010
16
0
So, it's mean we can't rooted the T-Mobile G2 at all. I see the news from Engadget that tell it will automatic install the original ROM after you install a 3rd ROM into it.
 

vi5in

Member
Oct 6, 2010
29
0
Actually it means we can:


But it also means that when the command to disable writes is issued it is not permanently applied.



But most importantly, it means we do have a bit that if we can find how to set it will disable all write protection:

Strange. From the flowchart it seemed like if it was 0, it wouldn't let you set permanent write-protection.
 

slayerdork

New member
May 2, 2010
4
0
So, it's mean we can't rooted the T-Mobile G2 at all. I see the news from Engadget that tell it will automatic install the original ROM after you install a 3rd ROM into it.

No, it means root is only temporary for now. Work continues on obtaining permanent root. You currently can only obtain root, loading a custom ROM is not possible at this time.
 
Last edited:

damnoregonian

Senior Member
Jun 28, 2007
110
13
Seattle
Code:
# insmod /sdcard/wpthis.ko
# dmesg | grep wpthis
<4>[  630.323364] wpthis - init
<4>[  630.323516] sys_init_module: 'wpthis'->init suspiciously returned 32, it should follow 0/-E convention

getting closer.
 

craisis

Member
Dec 3, 2009
15
0
Boulder
Write Protect info

Ok, so I need more info before I can come back with more data. What I do know is that write protection mode is not power-on and is not permanent, leading me to believe it is temporary. However, it also appears that the bit in he CSD that enables write protection by groups (no the entire card) is disabled. It might just be because it's late and I'm tired, so I'll take another look in the morning. I've attached my notes below along with a request:

If anyone who has the phone now has a way to run the SEND_STATUS (CMD13) command, it would be very helpful.

My notes are below:
## CSD
size of erase unit = 512 (ERASE_GRP_SIZE * ERASE_GRP_MULTI)
ERASE_GRP_SIZE = 32 (0d31 + 1) (CSD 42:46; 11111)
ERASE_GRP_MULTI = 16 (0d15 + 1) (CSD 41:37; 01111)
WP_GRP_SIZE = 32 (0d31 + 1) erase groups can be write protected (CSD 36:32; 11111)
WP_GRP_ENABLE = 0d1 (CSD 31)


### Extended CSD
HC_ERASE_GRP_SIZE = 4096 KByte (512Kbyte * HC_ERASE_GRP_SIZE(8)) (EXT_CSD byte 224; 0000100)
HC_WC_GRP_SIZE = 32768 KByte (8 * 4096 (HC_WC_GRP_SIZE * HC_ERASE_GRP_SIZE)) (EXT_CSD byte 221; 0000100)
PARTITION_CONFIG = 00000000 # Device not boot enabled & No access to boot partition & No boot acknowledge sent
BOOT_CONFIG = 00000000 #
## PERM_BOOT_CONFIG_PROT is disabled
## PWR_BOOT_CONFIG_PROT is disabled
ERASE_GRP_DEF = 00000000
## Use old erase group size and write protect group size definition
BOOT_WP = 00000000
## Master is permitted to set B_PWR_WP_EN
## Master is permitted to set B_PERM_WP_EN
## Boot region is not permanently write protected
## Boot region is not power-on write protected
USER_WP = 00000000
## Password protection features are enabled
## Host is permitted to set PERM_WP_PROTECT
## Permanent write protection can be applied to write protection groups
## Power-on write protection can be applied to write protection groups
## Permanent write protection is not applied when CMD28 is issued
## Power-on write protection is not applied when CMD28 is issued

# Password is stored in 128 bit PWD and 8 bit PWD_LEN registers.

# TODO: Get status register contents
# This is accomplished by CMD13 (SEND_STATUS)
 

craisis

Member
Dec 3, 2009
15
0
Boulder
Code:
# insmod /sdcard/wpthis.ko
# dmesg | grep wpthis
<4>[  630.323364] wpthis - init
<4>[  630.323516] sys_init_module: 'wpthis'->init suspiciously returned 32, it should follow 0/-E convention

getting closer.

Not sure if this will relate to us or not, but the card appears to have a way to password protect itself, one of the reasons I want the status register is to check if it's locked. If it is we need to find the password before we can even issue almost any other command.
 

damnoregonian

Senior Member
Jun 28, 2007
110
13
Seattle
Not sure if this will relate to us or not, but the card appears to have a way to password protect itself, one of the reasons I want the status register is to check if it's locked. If it is we need to find the password before we can even issue almost any other command.

status register:
00000900


i am a little worried that wp groups aren't enabled.... that seems like the only way they could be protecting only part of the card, and the fastboot commands seem to reflect that there are groups.
 
Status
Not open for further replies.

Top Liked Posts

  • There are no posts matching your filters.
  • 1
    Has anyone considered the possibility of a system.img that's being unpacked on boot? The root filesystem on our phones is unpacked from boot.img every time the phone is booted which is why there's trouble with the SGS and people rooting it by placing the su binary in /sbin...

    Back on topic, the root filesystem can be changed at runtime, but reboot, and it all goes away. That's what sounds like is going on with the G2, but I don't have one to mess with.
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone