• Introducing XDA Computing: Discussion zones for Hardware, Software, and more!    Check it out!

Xperia X10 Rooting and Custom ROM Development

Search This thread

kakekeke

Senior Member
Feb 9, 2008
76
6
Espoo
Well, i got my doubt's... Acording to the manual, it seems to work bit like VAG immobilizer softing... You log in to the manufacture's main computer, and the data needed comes straight from there over the line... Donno if there's any possibility to "stab" the SEUS update file inorder to get the needed result... :/
 

biktor_gj

Senior Member
Jan 25, 2008
1,408
7,005
I'd love to get a developer firmware... ;)

thats nice. do you think we care? Leave this forum open for root discussion.

Funny given the fact it was my idea to open this thread in the first place... :)
By the way, I said that because it would make it easier to be able to root the device and have a chance of getting a bootloader with less restrictions, but hey, if you don't care...perfectly fine for me, I really don't care what you do think either. (yes, sorry, I know what you always say, don't feed the trolls... I just couldn't resist myself)

Back on topic, all htc phones used to have the serial port shared with the handsfree/usb plug, does anybody know where is the serial port for this phone is? I'd need a full dmesg and check what the bootloader says through serial when it starts... That's how haykuro found a hole for 32A Magic..

I know part of the main board is designed by htc, so unless SE removed it from the final design it should be there somewhere... maybe on the audio jack?
-------------------------------------
Sent via the XDA Tapatalk App
 
Last edited:

ardf69

Senior Member
Sep 25, 2009
191
8
Como
Samsung Galaxy Watch 4
...
Back on topic, all htc phones used to have the serial port shared with the handsfree/usb plug, does anybody know where is the serial port for this phone is? I'd need a full dmesg and check what the bootloader says through serial when it starts... That's how haykuro found a hole for 32A Magic..
...

Do dmsg via adb shell... it works.

Ciao Angelo
 

net_vampire32

Member
Mar 2, 2008
26
4
sorry :) rough day

Funny given the fact it was my idea to open this thread in the first place... :)
By the way, I said that because it would make it easier to be able to root the device and have a chance of getting a bootloader with less restrictions, but hey, if you don't care...perfectly fine for me, I really don't care what you do think either.
-------------------------------------
Sent via the XDA Tapatalk App
 

sim-value

Senior Member
Sep 27, 2009
185
5
I know nothing when it comes to rooting, but I do know Android is linux, and the X10 runs kernel 2.6.29, I found an exploit for this kernel but I don't know if it's possible to use on our Android OS??

Here's the link, hope it helps in some way......
http://www.milw0rm.com/exploits/8369
(Update)
Here's one more:
http://www.milw0rm.com/exploits/8678

Hi,

the first one will surely not work (a needed configuration option is not set) the other one looks promising.
 

edude03

Senior Member
Aug 16, 2007
87
10
From balsat -

I'm messing around with a 2.6.29 exploit for the HTC tattoo, it might work on the X10 if they haven't closed the hole.
Root exploit
I uploaded the m7 file to /data/local/bin with "adb push m7 /data/local/bin/m7" opened a shell on the phone with "adb shell" changed the permissions with "adb chmod 755 /data/local/bin/m7" and started the exploit with "cd /data/local/bin" "while `true` ; do /data/local/bin/m7; done" after a while i got this output :

usage: reboot [-n] [-p] [rebootcommand]
exit!
reroc/8446/cmdline[ WIN! 8446
EIP: 70000484 Instruction executed: e01858cd
Wrote shellcode e0400000 line 0
Wrote shellcode e3a07023 line 1
Wrote shellcode ef000000 line 2
Wrote shellcode e0400000 line 3
Wrote shellcode e3a07017 line 4
Wrote shellcode ef000000 line 5
Wrote shellcode e0433003 line 6
Wrote shellcode e28f0014 line 7
Wrote shellcode e50d0008 line 8
Wrote shellcode e50d3004 line 9
Wrote shellcode e24d1008 line 10
Wrote shellcode e24d2004 line 11
Wrote shellcode e3a0700b line 12
Wrote shellcode ef000000 line 13
Wrote shellcode 7379732f line 14
Wrote shellcode 2f6d6574 line 15
Wrote shellcode 2f6e6962 line 16
Wrote shellcode 6873 line 17
Wrote shellcode 0 line 18
[ Overwritten 0x70000484

But i still got NO root, id tell me :
$ /system/bin/id
uid=2000(shell) gid=2000(shell) groups=1003(graphics),1004(input),1007(log),1011(a db),1015(sdcard_rw),3001(net_bt_admin),3002(net_bt ),3003(inet)

And it somehow ****s with the PATH :
$ ls
ls: not found
$ Cannot set process group (Operation not permitted) at 225

Maybe a hardcore coder can change the program so it will work!?

I tried the code this came from myself (before seeing this) and it seems to do something, however I've yet to figure out what the code actually does.

I think since this code works on the tattoo,if someone who know what result we are trying to obtain (other than root I mean) explains it, someone (maybe even myself) could probably get it to work on the SE X10.
 

biktor_gj

Senior Member
Jan 25, 2008
1,408
7,005
Hi, that exploit had to be run inside of a while (don't ask me why, that's what it says in the original exploit @milw0rm and on the post on tattoo forum). It goes over and over, I think until it makes a buffer overflow, then dump you into a root shell.

I didn't get it to work, my theroy is SE patched it (that's why I said on my first post on this thread to notice the build date of the kernel). The real problem we're facing is kernel version 2.6.29 is one year old, and what a lot of android phones have, but the compilation date is March 2010, so they might have patched all the holes people have found until then, so the m7 won't work.

Though maybe it just needs some little modification and I'm completely wrong... wich is absolutely possible too ;)

I just bought some 3.5" 4pin jacks to see if we have a shared serial port on the audio jack... will post if I found something in there!

EDIT: be careful guys,this phone is quite delicate,first try and battery calibration went nuts.. fixed already,but thought you should know...
@net_vampire32: no worries, we all have them sometimes.. ;)
 

nbk1986

Member
Apr 10, 2008
16
0
Berlin
How do you compile the shoryuken.c exploit on Windows? Otherwise also on Linux? I would like to try it on my X10.

Till now I haven't got my account for Emma. So I'm still waiting....
 

Bin4ry

Inactive Recognized Developer
Nov 14, 2008
2,007
5,906
Berlin
For compilig use the Android-NDK (NOT SDK!). Create an Android.mk and Application.mk
If you need an example Android.mk and Application.mk write an PN.

-Bin4ry
 

mimok

Member
May 11, 2010
21
0
This exploit cannot be used because the X10 linux kernel is patched.
I downloaded the X10 kernel sources from the SE web site and I checked the ptrace.c file in the kernel folder. Unfortunately, it is patched.

However, because SE provides the X10 kernel source code, we can easily check if an exploit can be used or not.
 

nbk1986

Member
Apr 10, 2008
16
0
Berlin
This exploit cannot be used because the X10 linux kernel is patched.
I downloaded the X10 kernel sources from the SE web site and I checked the ptrace.c file in the kernel folder. Unfortunately, it is patched.

However, because SE provides the X10 kernel source code, we can easily check if an exploit can be used or not.

Hmmm... I ran the m7 exploit twice in two shells. Both quits with an error like @edude03 posted before. So you got no chance to type in commands like id, ls -l , cat.... But if you have got busybox you can excute some more options. So I typed in /data/local/busybox vi /default.prop

My Bash opened it with no problems, but if I'd like to edit via vi, I get errors. On Linux sometime vi sucks also, too. In that cases it's becaus of wrong interpreting the input devices, like keyboard...

Can someone please checkout?

@ardf69

How it can be patched? The exploit works on that kernel -> Linux matthew-desktop 2.6.29-020629-generic #020629 SMP Tue Mar 24 12:03:21 UTC 2009 i686 GNU/Linux

And my X10 Kernel is from -> Linux localhost 2.6.29-rel #2 PREEMPT Wed Mar 10 16:53:36 JST 2010 armv7l GNU/Linux

Please comapre these two dates! Or am I wrong?