SBF to root and to unroot

[MotoCache1]

OK, so getting around this new "recovery integrity protection" (RIP) feature [my name for it] was about as trivially simple as it could possibly be. When I did it the first time (around 7pm yesterday) I did it by simply flashing the FRG01B SBF. That worked so it told me it was possible. Once I got back home I took a look to see how it could be disabled without resorting to such extreme measures as a full flash. I think it took me about 7 minutes to come up with it.

This RIP feature does however make applying the custom recovery just a little trickier the first time because if you don't do it just right, and you miss catching a reboot, you get to do it over again. I'm going to put together an update.zip that will handle rooting and disabling the RIP, etc. as otherwise you need ADB and such and that's just too much for a lot of folks. You should see something later on in the day today unless I get tied up.

The good news is that it is not necessary to back out the 2C.7C boot loader (although I did figure out how to do that in case it were necessary), and it is simple to disable the RIP.

More later.

 

[0chilly]

OK, so getting around this new "recovery integrity protection" (RIP) feature [my name for it] was about as trivially simple as it could possibly be. It does however make applying the custom recovery just a little trickier the first time because if you don't do it just right, and you miss catching a reboot, you get to do it over again.

I'm going to put together an update.zip that will handle rooting and disabling the RIP, etc. as otherwise you need ADB and such and that's just too much for a lot of folks. You should see something later on in the day today unless I get tied up.

The good news is that it is not necessary to back out the 2C.7C boot loader (although I did figure out how to do that in case it were necessary), and it is simple to disable the RIP.

More later.

Excellent! I'm glad it was easy to do!
:yr1:

 

[TizzMahNizz]

flashed my system with the latest recovery only sprecovery sbf file..it wont work. i reboot into recovery mode and it is the default recovery. What should I do? i did a full back up of my apps..have wiped my data a few times trying to load a few roms...If i could get a couple suggestions it would help..i gotta leave but I'll be back later tonite any help would be amazing

Went back and flashed back to 2.0 then did sprecovery. I had the order of how to do it fouled up but now I'm back up running liquid 1.41 and I want to thank all of you! you have no idea how grateful I am for all the work and advice you guys have/do. thank you
-Timmah!!

 

[zakany]

If it helps, I did catch the reboot when installing SPR (got the PASS, etc.) and SPR did fire up the first time (for the obligatory nandroid backup). Subsequent boots to recovery presents me the stock recovery.

If you want to ac]ually see the menu...

I had forgotten the button presses. Only used the stock recovery once. But yeah, I get the menu when I do that, so extra weirdness.

I'm going to put together an update.zip that will handle rooting and disabling the RIP, etc. as otherwise you need ADB and such and that's just too much for a lot of folks.

Do tell. I have no qualms about using the Android Debug Bridge. (in fact, while writing this I just dl'd the SDK and fired up ADB, just because I could) Even if you do package everything into an update.zip, I'd like to know what you did.

 

[MotoCache1]

I'm going to put together an update.zip that will handle rooting and disabling the RIP, etc. as otherwise you need ADB and such and that's just too much for a lot of folks.

Do tell. I have no qualms about using the Android Debug Bridge. (in fact, while writing this I just dl'd the SDK and fired up ADB, just because I could) Even if you do package everything into an update.zip, I'd like to know what you did.

Here are just my raw notes to myself after finalizing the process. Please, anybody that wants to try this, that's cool, but I don't want to put effort into support questions about it (I'd rather spend the time automating it). The instructions are just for those who don't want to wait for an update.zip that does it all for you, and already have the tools and know-how to do it.

In the below, when I say Superuser.zip I mean my file here.

1. Pre-stage the Superuser.zip on the SD card
2. Flash "SPRecovery only" SBF onto phone and properly catch reboot at end to 
   go back into bootloader and let SBF finish to "PASS".
   [if you fail to catch it, the system will boot and recovery will get 
   flashed back during the boot]
3. Reboot into recovery (should be SPRecovery).
4. Mount system.
5. ADB shell into the phone
6. cd /system
8. mv recovery-from-boot.p recovery-from-boot.p.not
9. Umount system.
10. Apply the update.zip (to root phone)

 

[ShowTime]

I'll wait patiently until you get everything packaged up nicely, and then I think I've decided it's time to hop in the root pool. :unsure:
Thanks for all the work and making it so easy and painless for us.

 

[cjmiranda]

back to stock and it feels so good

even had to reprogram my phone *226 style but all good thanks alot i was running 2.2 but rather have a vzw version with flash and i missed the droid eye. much thanks

 

[zakany]

The instructions are just for those who don't want to wait for an update.zip that does it all for you, and already have the tools and know-how to do it

.

Thanks for the explanation. I just like learning. So, in essence, you're renaming install-recovery.sh and recovery-from-boot.p so they aren't called. I also assume that you rename Superuser-2.3.2.3-ef-signed-MotoCache1.zip to update.zip and use SPR to apply it (I'm new at this, obviously).

Did you check to see what would happen if you booted the phone up a couple times normally then attempt to boot into recovery without rooting? Is there another image of install-recovery hidden somewhere? Does it choke because it can't find install-recovery? I ask because the one-SPR-boot behavior might mean that the user needs to root before doing anything else (like a nandroid backup).

Obviously, that's not a concern if you handle the file moves and superuser application in an update.zip.

 

[furbearingmammal]

MotoCache, you are awesome, and you're whipping this thing like a jockey riding a stallion in the Kentucky Derby. I'm looking forward to seeing the final product with baited breath. On behalf of myself and everyone who will use it, you have my thanks and gratitude!

 

[homer_atl]

hey guys. sorry i didnt go thru the 45 pages, but is this new update.zip file going to work on my OTA 2.2 unrooted?

thanks.

 

[0chilly]

hey guys. sorry i didnt go thru the 45 pages, but is this new update.zip file going to work on my OTA 2.2 unrooted?

thanks.

not yet, the Box Option 02 in the first post needs to be updated. the sprecovery listed is not working right at the moment. read back 2-3 pages from here if you want to see what it's doing MotoCache1 is working on the fix though! woohoo

 

[MotoCache1]

hey guys. sorry i didnt go thru the 45 pages, but is this new update.zip file going to work on my OTA 2.2 unrooted?

thanks.

Working on it right now. In the not too distant future I'll be doing a post of how to root your OTA 2.2 without destroying it. It was just too nice out today and the motorcycle had to get some love and sunshine instead of hacking. But it's dark now, and who needs sleep...

 

[MotoCache1]

OK, it's done. What I have now is a process that will root pretty much any Droid 1 phone, regardless of what version of Android is running on it, and regardless of how that version got there.

This process has a particularly helpful feature in it for those that are running "FRG01B OTA" (either by actually getting it over the air, or by installing the OTA update.zip manually). The FRG01B OTA had a little bonus feature in it that I don't think anybody has noticed yet -- every time you boot your phone the recovery partition has its sha1 sum checked, and if it has been modified, it gets flashed back to stock. So, you can flash on a custom recovery, but it will only stay there until the next boot of the OS. Then it's gone. My package kills that "feature". I call the "feature" "Flash Recovery Service", so when you see my update.zip say "Disabling Flash Recovery Service (if found)...", that's what it's talking about.

My process is two steps:

1. Use RSD Lite to flash my special SPRecovery SBF to the recovery partition. Just the recovery partition is included in the SBF, so it won't trash your kernel, etc. like ESE81_SPRecovery would (if you're running any version other than ESE81 -- or running a custom kernel on ESE81).
2. Run my update.zip that disables Flash Recovery Service, installs su and Superuser.apk, and installs busybox -- a complete root.

That's it.

I released the SBF file for Step 1 of the process a few days ago and it seems to be completely happy at this point. The only people who had trouble (that I'm aware of) are those that either have the 2.2 OTA that keeps removing SPRecovery, or people who can't flash anything successfully -- my SBF or otherwise.

The update.zip for Step 2 however is brand spankin' new. I just gave it the final test run about 45 minutes ago. Rather than just tossing it out there, I'm going to give it (and full instructions) to a few volunteers first. I blew away my test phone and loaded it up to the point of being at a clean OTA 2.2 and then ran this process and it works flawlessly for me. I expect it will be the same for everyone else, but I'd still rather give it to a couple volunteers first.

I'm probably going to be up for a little longer yet (maybe 45 minutes) because I have a couple things I want to look at in the ESE81 kernel (for something unrelated), so I'll try to keep an eye out for PMs until I hit the sack. After that I'll just have to respond whenever I get up.

I think this is great news. Up until now, the only thing that would let you "get root" on every OS version was EasyRoot. I've not used EasyRoot, but I know many people either don't want to pay for it or just don't want to use it, and so for certain OS versions, there wasn't a way to root them without downgrading or doing something that would trash your kernel (installing ESE81_Sprecovery.sbf on a 2.2 phone). Now we can root any Droid 1 we want, without having to trash anything.

Once our volunteers give feedback on whether the instructions need any tweaking, etc., I'm going to make a whole new topic for this procedure. I'm guessing it will be in the "Droid Hacks" section since the description says that's where "unofficial" hacks go.

 

[jbwiden]

:icon_ banana:


I was going to root a few days ago but I am very thankful for your findings and work on the problem...


I will be rooting soon now that you have done this.


Thanks.

 

[zakany]

I expect it will be the same for everyone else, but I'd still rather give it to a couple volunteers first.

Very prudent. Will you post links here to those files (or to the thread that contains them)?

I've not used EasyRoot, but I know many people either don't want to pay for it or just don't want to use it...

For me, it's not the nominal cost. It's not knowing how it works. With your packaged update.zip, I have a good idea what it does and why.

With your method, if I wanted to unroot would it be as simple as the following?

adb shell
cd \system
mv recovery-from-boot.p.not recovery-from-boot.p
exit

Reboot phone.

Or would that leave you rooted, but with the recovery image back to stock?