X10 mini E10i ROOT,ROMS,HACKS
- Thread starter pulpoff
- Start date
FOTA:
package name="com.sonyericsson.android.fota" codePath="/system/app/DMClient.apk"
system="true" ts="1274711257000" version="1" sharedUserId="1000"
package name="com.sonyericsson.android.fota" codePath="/system/app/DMClient.apk"
system="true" ts="1274711257000" version="1" sharedUserId="1000"
Last edited:
Maybe all you mini owners should chip in and buy a mini for bin4ry, he is your best hope for root
Sent from my rooted x10a using XDA app
Sent from my rooted x10a using XDA app
Hi,
I will recieve my xperia x10 mini this week. Sounds interesting to hack this phone since it sounds like there are many limitations. I'm not a hacker, at least not linux, but mybe i can help somehow since I'm at least experienced low level coder.
SE anounced an update to android 2.x this quarter. Maybe it is sufficient to just gain root on the persisting system and not risk to kill the device somehow.
Is there a default way to gain root on android? since it is somehow a linux kernel, maybe there are some weak points (which are known and maybe were fixed in later versions of linux) for code injection into the kernel mode.
Just removing some preinstalled crap would be satisfying form me atm.
Android 1.6 -> Linux kernel 2.6.29
Android 2.2 -> Linux kernel 2.6.32
latest Linux kernel -> 2.6.35
maybe it's worth to look in the changelog
I will recieve my xperia x10 mini this week. Sounds interesting to hack this phone since it sounds like there are many limitations. I'm not a hacker, at least not linux, but mybe i can help somehow since I'm at least experienced low level coder.
SE anounced an update to android 2.x this quarter. Maybe it is sufficient to just gain root on the persisting system and not risk to kill the device somehow.
Is there a default way to gain root on android? since it is somehow a linux kernel, maybe there are some weak points (which are known and maybe were fixed in later versions of linux) for code injection into the kernel mode.
Just removing some preinstalled crap would be satisfying form me atm.
Android 1.6 -> Linux kernel 2.6.29
Android 2.2 -> Linux kernel 2.6.32
latest Linux kernel -> 2.6.35
maybe it's worth to look in the changelog
Last edited:
Agreed! Seems like a very reasonable angle of attack. Is it possible to run the X10 Mini software in some sort of emulator or to somehow get a terminal connection from a computer to the phone?
So guys,
i'm back now.
Lets see whats happening in the firm. For now i can only work with the firmware files because i have no devce. But lets see what i can do on this way.
I will test a few tricks that we haved used for very first X10 Root, i have to figure out if the mini/pro acts the same.
Regards
Bin4ry
i'm back now.
Lets see whats happening in the firm. For now i can only work with the firmware files because i have no devce. But lets see what i can do on this way.
I will test a few tricks that we haved used for very first X10 Root, i have to figure out if the mini/pro acts the same.
Regards
Bin4ry
Good luck - if you need anything from device owners or to test anything please ask!
Bin4ry,
I know how difficult it is sometimes to describe the process, but still.
If you could give us some more details on how original X10 was hacked, may be more people will join the efforts to root the mini.
As far as I understand it involves flashing a slightly patched firmware image that has root enabled, or is it ?
What should we try and where can we start, is there some firmware image we should try flashing ?
The debranding process seems to be the right way to begin, no ?
Not exactly. The rooting of the big X10 is no more a secret
It works with the fota application. The Fota App doesnt seem to verfify the signature fine in some areas of the DIFF which is provided in the fota.pkg.
The big deal is that SE has patched the method to start the FOTA Update from SD-Card in X10 R2 Firmwares and as i can see in the X10mini/pro Fota Client it is also disabled in the Release firmwares of those.
So 2 points have to be done to get the "same" method work here:
1.) Find a way to get the FOTA start the update from SD. At this point the FOTA Client copies the fota.pkg to "/cache/recovery/update_package". and reboots to SEMC-Recovery.
IF SEMC-Recovery detects hte "/cache/recovery/update_package" it starts the FOTA-Update automatically. IF not it show the yellow-triangle screen
2.) Get a original FOTA.pkg to alter or build a own one based on the big X10 packages and hope the signature of the updates is the same like on the big X10.
Here i have already done some work on the big one. Hopefully i'm soon able to build a own fota.pkg which makes no real update (only giving sh the su access). If i get it working on X10 i can try to port it to minis.
The big deal is point1! In new firmwares SE disables the system rights which are needed for executing debug_entry . BUT FOTA has still enough system priv's cause it can still reboot to recovery and write in superuser folders.
Thats the deal now.
BTW: I already looked into kernel source and all known vulns posted @ Securityfocus are patched or not compiled into kernel. :/
Regards
Bin4ry
Hey bin4ry, I have suggested in the root bounty thread that they make money available to you upfront so you can buy a mini. People seem pretty keen on the idea. What's your thoughts on the idea.
P. S. Thanks for all your amazing work on the x10
Sent from my rooted x10a using XDA app
P. S. Thanks for all your amazing work on the x10
Sent from my rooted x10a using XDA app
Your choice i'm cool with that idea This would make many things easier.
BUT: I can only give my best, there is no guaranty that i will have success! Just that everybody notice that. The only thing i can guaranty is that i will give my best
I personally like the hardware keyboard of the PRO version.
So if you want to buy one for developing i'm cool with it.
Regards
Bin4ry
This would make many things easier.BUT: I can only give my best, there is no guaranty that i will have success! Just that everybody notice that. The only thing i can guaranty is that i will give my best
I personally like the hardware keyboard of the PRO version.
So if you want to buy one for developing i'm cool with it.
Regards
Bin4ry
Last edited:
For today i found several attack points in the software.
I think there is a big chance of root for both devices!
Regards
Bin4ry
I think there is a big chance of root for both devices!
Regards
Bin4ry
Hi bin4ry,
Thats the best news i heard in days, i hope you find some good things... Keep up the good work... Thx a lot
I'll await news when we can donate to get you the mini pro
Sent from my U20i using XDA App
That's great news!
Do you mind me asking where do you find information like this? Are you doing probes yourself or is there a place where others post their findings?
Many many thanks!
Mini Pro has a removable battery, so might be easier. But I'm sure the Mini's battery can be "Disconnected" right?i think rooting mini is little bit complicated because it needs removing battery
Doing all by myself
Battery is not important. It is only BETTER to remove it to be sure device is REALLY off
But Mini has a hard off button combination (i think it was POWER+HOME for 5 secs ). So there is no need to remove the battery.Regards
Bin4ry
The price difference is not too big, I think it will be better if you do your root discovery on a Mini Pro
Some SEUS files for swisscom-branded E10i
Here's some links to the java-serialized loader config (or whatever it is) and the firmware binaries. Apparently, one or more of: S1 Loader, Boot, FSP and APP-SW.
Need to recheck, maybe there was one more link in SEUS..
hxxp://ma3.extranet.sonyericsson.com/ns/common/1/file/342/277398342_iES6iZzglgA9lIBpb8x9RQp2.bin
hxxp://ma3.extranet.sonyericsson.com/ns/common/1/file/441/277443441_TWY1KE9sfaMArfd6u3Z149J6.bin
hxxp://ma3.extranet.sonyericsson.com/ns/common/1/file/222/277390222_Ii4q9pS2g0v8ecLkgFpPtfxq.bin
hxxp://ma3.extranet.sonyericsson.com/ns/usdoe1/1/script/synch/13150273_277393514_rMH9SGSsq4kAwfZf+o1BBA+p.ser.gz
btw, fwiw, the fota info gleaned from a quick look:
hxxps://prod.dm.sonyericsson.com/dmserver10/fota
client username = zebra1
client password = r2r
server username = dmserver12
Here's some links to the java-serialized loader config (or whatever it is) and the firmware binaries. Apparently, one or more of: S1 Loader, Boot, FSP and APP-SW.
Need to recheck, maybe there was one more link in SEUS..
hxxp://ma3.extranet.sonyericsson.com/ns/common/1/file/342/277398342_iES6iZzglgA9lIBpb8x9RQp2.bin
hxxp://ma3.extranet.sonyericsson.com/ns/common/1/file/441/277443441_TWY1KE9sfaMArfd6u3Z149J6.bin
hxxp://ma3.extranet.sonyericsson.com/ns/common/1/file/222/277390222_Ii4q9pS2g0v8ecLkgFpPtfxq.bin
hxxp://ma3.extranet.sonyericsson.com/ns/usdoe1/1/script/synch/13150273_277393514_rMH9SGSsq4kAwfZf+o1BBA+p.ser.gz
btw, fwiw, the fota info gleaned from a quick look:
hxxps://prod.dm.sonyericsson.com/dmserver10/fota
client username = zebra1
client password = r2r
server username = dmserver12
Statistcs show that the x10 Mini is more popular than the x10 Mini Pro. Google Trends confirms.
I guess I could be biased though, as I too have an x10 Mini, that desperately needs to be rooted.
I guess I could be biased though, as I too have an x10 Mini, that desperately needs to be rooted.