Load into test mode with Call+Trackpad+Power
If you are having difficultly, I found the easiest way to get into test mode each time is remove usb cable and battery, then replace the battery. hold call+middle button, then just before plugging in the USB, press power. Plug in the usb within half a second of pressing power!
cd /system/bin
cat btld_testmode > ../btld_testmode (this backs up the file)
cat sh >> btld_testmode (we append it first, don't know why, but we cant just overwrite it at first)
cat sh > btld_testmode (overwrite it)
Now, it lost is setuid. but that is fine, the factorytest.rc will restore it. so reboot the phone, reloading test mode.
cd /system/bin
./btld_testmode
Now you are in a root shell, you know what to do
cat sh > su
chmod 4755 su
exit
./su
Now we will put btld_testmode back.
cat ../btld_testmode > btld_testmode
chmod 6777 btld_testmode
Currently the su looses it's setuid on reboot, so it is not permanent.
Still working on that.
Edit: it seems all permissions get reset, then are set up by the init script.
Sadly, we can't overwrite the init script because changes in / do not persist.
All we can use this root access for is flashing, unless we find another way to persist our setuid...
But hey, at least we have a root shell! It is a start :)
cat btld_testmode > ../btld_testmode (this backs up the file)
cat sh >> btld_testmode (we append it first, don't know why, but we cant just overwrite it at first)
cat sh > btld_testmode (overwrite it)
Now, it lost is setuid. but that is fine, the factorytest.rc will restore it. so reboot the phone, reloading test mode.
cd /system/bin
./btld_testmode
Now you are in a root shell, you know what to do
cat sh > su
chmod 4755 su
exit
./su
Now we will put btld_testmode back.
cat ../btld_testmode > btld_testmode
chmod 6777 btld_testmode
Currently the su looses it's setuid on reboot, so it is not permanent.
Still working on that.
Edit: it seems all permissions get reset, then are set up by the init script.
Sadly, we can't overwrite the init script because changes in / do not persist.
All we can use this root access for is flashing, unless we find another way to persist our setuid...
But hey, at least we have a root shell! It is a start :)
No comments:
Post a Comment