What's new
DroidForums.net | Android Forum & News

This is a sample guest message. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

Getting Custom Kernels Running on the Droid X

Do you have any ideas, alias?

aliasxerog said:
currentweb said:
KHeeney5 said:
Has he been able to root the 2.3 X?





Sent from my DROIDX
Click to expand...

Unfortunately no. Moto implemented some new method of blocking root access, and he nor I or anyone else have been able to even figure out how moto is blocking it, let alone how to hack it. Its only a matter of time though, we'll have root eventually :)
Click to expand...

Actually its the new Linux kernel. It fixes the security flaws that we used to elevate to root.
Click to expand...



Sent from my DROIDX
 
Well, I've been doing some pentesting on it, and I could get myself in using a security flaw with adb and metasploit. I'm looking into a better method, though, because that route bricked my phone (god I do that so often). I'm looking into a good ol' buffer overflow, but I haven't had time to write it yet.
 
aliasxerog said:
Well, I've been doing some pentesting on it, and I could get myself in using a security flaw with adb and metasploit. I'm looking into a better method, though, because that route bricked my phone (god I do that so often). I'm looking into a good ol' buffer overflow, but I haven't had time to write it yet.
Click to expand...

When you say 'get in', do you mean you actually loaded a custom kernal or did you just get past the bootloader? Oh, and good luck with the buffer overflow, that actually might work AND be easy to do for most people :)
 
currentweb said:
aliasxerog said:
Well, I've been doing some pentesting on it, and I could get myself in using a security flaw with adb and metasploit. I'm looking into a better method, though, because that route bricked my phone (god I do that so often). I'm looking into a good ol' buffer overflow, but I haven't had time to write it yet.
Click to expand...

When you say 'get in', do you mean you actually loaded a custom kernal or did you just get past the bootloader? Oh, and good luck with the buffer overflow, that actually might work AND be easy to do for most people :)
Click to expand...

Pretty sure he's referring to the kinda root access we have now on the DX, but on 2.3
 
aliasxerog said:
I've been a linux kernel developer for years and recently got a Droid X. The first thing I did was root it and install a pretty unraped froyo ROM I found these forums. I really, really want to install cyanogenmod on the phone because it would be pretty sweet. My idea consists of booting up in to the standard kernel and having a custom init to use kexec(8) to bootstrap the custom kernel. This would completely bypass the whole locked-crazy-omg-efuse-killer thing. Even if the standard kernel doesn't have kexec(8) enabled you can still execute a linux kernel because it is a relocatable elf on most systems. The whole setup isn't ideal but it could get custom kernels running until there is a better solution.

EDIT: If the are any android devs that know the system inside and out I would absolutely love your help.
Click to expand...

I loaded wireless tether for rooted and got a messae about the Linus Kernal. I went to their FAQ site and found this:
If the feature "CONFIG_NETFILTER_XT_MATCH_MAC" is missing the "access control"-feature will not work correctly (you will see a "failed"-status in "Show log" for "Enabling access control"). To detect if all kernel-option were enabled in your current kernel the following kernel-options should be enabled: CONFIG_PROC_FS, CONFIG_IKCONFIG, and CONFIG_IKCONFIG_PRO. This dumps the current kernel-config to /proc/config.gz.
Should I be concerned?
 
Just an idea, but can the same process be implemented as hacking the gaming consoles to play backup games? Basically they implement code prior to actual boot process that tricks the system to show it is a original game, but allows you to boot backups/homebrew apps & games.
 
mrksbrd said:
Just an idea, but can the same process be implemented as hacking the gaming consoles to play backup games? Basically they implement code prior to actual boot process that tricks the system to show it is a original game, but allows you to boot backups/homebrew apps & games.
Click to expand...

No. None of the game consoles are Linux-y enough to run the kexec. The Wii has software mods you can use already. PS3 is basically soft-modded.
 
teh_g said:
mrksbrd said:
Just an idea, but can the same process be implemented as hacking the gaming consoles to play backup games? Basically they implement code prior to actual boot process that tricks the system to show it is a original game, but allows you to boot backups/homebrew apps & games.
Click to expand...

No. None of the game consoles are Linux-y enough to run the kexec. The Wii has software mods you can use already. PS3 is basically soft-modded.
Click to expand...

I may be wrong but I think he meant can we use the meathod the game consoles use to make the bootloader on the Droid X think its booting official software...
either way I still believe the answer is no as we don't know any of the security keys we would need to know.

Sent from my DROIDX using DroidForums App
 
A guy who got Ubuntu running on his Droid 2 had an idea of modding the bootstrapper to force boot something -- but that's as far as his musing went. I might be able to dig up the thread and put you in contact with him if he hasn't contacted you yet.
 
yurdle said:
teh_g said:
mrksbrd said:
Just an idea, but can the same process be implemented as hacking the gaming consoles to play backup games? Basically they implement code prior to actual boot process that tricks the system to show it is a original game, but allows you to boot backups/homebrew apps & games.
Click to expand...

No. None of the game consoles are Linux-y enough to run the kexec. The Wii has software mods you can use already. PS3 is basically soft-modded.
Click to expand...

I may be wrong but I think he meant can we use the meathod the game consoles use to make the bootloader on the Droid X think its booting official software...
either way I still believe the answer is no as we don't know any of the security keys we would need to know.

Sent from my DROIDX using DroidForums App
Click to expand...

Yes...sorry I wasn't exactly clear enough. I had just been up for about 23 hours when I wrote the idea..lol. I guess the encryption has alot to do with it since gaming consoles don't need to be all that secure like phones do. But I do like to think as an optimist
 
The ps3 has a similar setup (in concept) to what we're working with here. It was hacked by somebody discovering the private key. If we had that, we wouldn't be discussing this.

Sent from my DROIDX using DroidForums App
 
aliasxerog said:
currentweb said:
KHeeney5 said:
Has he been able to root the 2.3 X?





Sent from my DROIDX
Click to expand...

Unfortunately no. Moto implemented some new method of blocking root access, and he nor I or anyone else have been able to even figure out how moto is blocking it, let alone how to hack it. Its only a matter of time though, we'll have root eventually :)
Click to expand...

Actually its the new Linux kernel. It fixes the security flaws that we used to elevate to root.
Click to expand...


would the same method root the new Kernel that rooted the 3.4.2 version that p3droid put out? i know it was Froyo but he couldn't root it and thought that it could help us root Gingi. Anyways if so that 3.4.2 version has been rooted.
 
currentweb said:
aliasxerog said:
Well, I've been doing some pentesting on it, and I could get myself in using a security flaw with adb and metasploit. I'm looking into a better method, though, because that route bricked my phone (god I do that so often). I'm looking into a good ol' buffer overflow, but I haven't had time to write it yet.
Click to expand...

When you say 'get in', do you mean you actually loaded a custom kernal or did you just get past the bootloader? Oh, and good luck with the buffer overflow, that actually might work AND be easy to do for most people :)
Click to expand...

Finally happened, and THIS is why they patched it to take away any easy method of getting root in the first place... (to those that are/were upset that Google/Moto would do such a horrible thing as patch their security flaws... :P

The Mother Of All Android Malware Has Arrived: Stolen Apps Released To The Market That Root Your Phone, Steal Your Data, And Open Backdoor | Android News, Reviews, Apps, Games, Phones, Tablets, Tips, Mods, Videos, Tutorials - Android Police
 
sephtin said:
Finally happened, and THIS is why they patched it to take away any easy method of getting root in the first place... (to those that are/were upset that Google/Moto would do such a horrible thing as patch their security flaws... :P

The Mother Of All Android Malware Has Arrived: Stolen Apps Released To The Market That Root Your Phone, Steal Your Data, And Open Backdoor | Android News, Reviews, Apps, Games, Phones, Tablets, Tips, Mods, Videos, Tutorials - Android Police
Click to expand...

Yeah, I hate those !@%$ people that ruin the party for all the rest of us...

So this means that Google now needs to add an official way to root Android safely and securely, right?
 
mrksbrd said:
Just an idea, but can the same process be implemented as hacking the gaming consoles to play backup games? Basically they implement code prior to actual boot process that tricks the system to show it is a original game, but allows you to boot backups/homebrew apps & games.
Click to expand...
im an old xbox hacker so i can probably explain this to you and i can possible explain why it wont work on the droid x

well pretty much the dvd drive has its own programming that the console software references when trying to see if a game is legit or not
so pretty much when team xecuter and C4Eva rewrote the dvd drive firmware they added code they knew you could add to the game's .iso file(IE ssv1,ssv2, and ssv3)
so pretty much the xbox dvd drives custom firmware looks for the original security files found on retail copies or the newly added ones(ssv1,ssv2,ssv3) to give the xbox the response its looking for to allow you to play the games

C4Eva and team xecuter can rewrite the dvd drive firmware because the dvd drive isnt locked down like our bootloaders are on the droid x plus the bootloader is the only way to load new firmware onto the device(kind of like how the xbox software relies on the dvd drives response to play the game or not)

hope this explains a bit
luigi90210


EDIT:
this just dawned on me but if we can find an exploit like the jtag exploit on the xbox 360 we might be able to run custom firmware without much hackery involved
pretty much what the jtag exploit is getting the device into engineering mode and rewriting the bootloader to not check for signatures
im pretty sure that this has been tried on this phone and older phones locked down like this(IE milestone) but its worth a shot(although i think this method has a better outcome)
 
Last edited:
You must log in or register to reply here.

Similar threads

O
Kexec Progress = Custom Kernels and Fully Functional CM/AOSP ROMs
Replies
8
Views
6K
JKingDev
J
D
Custom Kernels Are Here For Droid Razr Via Kexec!
Replies
9
Views
8K
welsalex
W
A
Phone not charging after flashing custom kernel.
Replies
3
Views
2K
ggrant3876
ggrant3876
M
[HOW TO] BE READY to FLASH GB/2nd-INIT ROMs
Replies
8
Views
9K
macpro88
M
M
Custom Kernel for Droid X????
Replies
3
Views
6K
mmead1143
M
Back
Top