Jump to content


Photo

The San Diego hacking topic - root progress etc.

* * * * * 9 votes

  • Please log in to reply
1678 replies to this topic

#1
PaulOBrien

PaulOBrien

    It's My Party

  • Founder
  • PipPipPipPipPipPip
  • 36,345 posts
  • Gender:Male
  • Location:Norwich, UK
  • Devices:All the Nexus!
  • Twitter:@paulobrien
OK folks, so here's a round up of my findings on hacking the San Diego so far (with a view to getting root and perhaps ICS).

If you have anything to add, please post below!


Updated By Ricky Wyatt 31/07/2012
  • We have now found the intel MEDFIELD flasher and drivers but cant be used untill we find the right GT Flag
  • The flasher and drivers can be found here http://www.mediafire...67cezkql2z4j4jc
  • We can now flash the Xolo x900 Gingerbread 2.3..7 so debranding San Diego found here http://www.modaco.co...ireless-screen/
  • We still cant get root
  • We Found out that the chinese intel K800 uses a different boot.bin radio.bin recovery and modem
Not so grim reading.... :mellow:

----------------------------------------------------------------------------------------------------------------------------

  • Bootloader can be accessed via 'adb reboot bootloader', which is then accessible using 'fastboot -i 0x8087' and the appropriate command
  • Recovery can be accessed via 'adb reboot recovery'
  • Powering on with volume down and power held also works for the above
  • Recovery will only flash valid signed zips
  • ADB is not available in recovery
  • There seem to be different signatures for Intel's own devices, the Lava devices and the San Diego
  • Test builds of Gingerbread and ICS are signed with test keys and will not flash on retail recovery images
  • We have a build of ICS - but we can't flash it for the above reason
  • 'fastboot boot' does not work on the device - it seems to push but does not boot
  • 'fastboot flash' appears to complete - I flashed a recovery image - but it bricked the device
  • Fastboot flash of the boot image is untested for obvious reasons
  • We have access to engineering test Gingerbread and ICS images for research
  • The boot and recovery binaries can be extracted by trimming to the second gzip header and using cpio
  • As of yet we have found no usable vulnerabilities in init files
  • As of yet we have no usable kernel exploits
  • Turning the device on with the camera button pressed seems to access a special mode (displaying 'MEDFIELD' in USB settings), maybe for Intel's own flash tools? (a-la-nvflash)
  • The software update client can be launched with 'adb shell am start -n com.softwareupdate/com.softwareupdate.SoftwareUpdateSettings'
  • The software update client can be configured to use the test server with 'adb shell am start -n com.softwareupdate/com.softwareupdate.ServerSetActivity'
Grim reading... :(

  • 7

You can follow me on Twitter - http://twitter.com/paulobrien / Follow MoDaCo on Twitter - http://twitter.com/modaco

Want to donate? MoDaCo is raising money for the Multiple Sclerosis society.

Posted Image


#2
kartouche

kartouche

    Newbie

  • Members
  • Pip
  • 17 posts
  • Gender:Male
  • Location:France
  • Devices:HTC One S
  • Twitter:@Alex_Apln
Hmmm ... not a lot of good news here ... but I still believe in it !

  • 0

#3
spences10

spences10

    Diehard

  • Members
  • PipPipPipPip
  • 347 posts
  • Location:London UK
  • Devices:DELL Streak, ZTE Blade
  • Twitter:@spences10
Pretty much nothing else to add, apart from this seems to be one of the only areas looking into this subject, I have made post on other forums xda, rootz with no response

The community as a whole seem to be ignoring it :(

Good job flashing the recovery I wasn't quite there with the flash and like you say boot doesnt really work, possibly because of some sort of low level signing

  • 0
I have ORD

Samsung Galaxy Nexus
ROM: CM9 Skankwich
ClockworkMod recovery [of course]

Circle Me
Follow Me

#4
Frankish

Frankish

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 3,536 posts
  • Gender:Male
  • Devices:iPhone 4S Xiaocai X9 THL W200
Doesn't look great for now...such a shame but in sure someone will find a little something...

  • 0

#5
PaulOBrien

PaulOBrien

    It's My Party

  • Founder
  • PipPipPipPipPipPip
  • 36,345 posts
  • Gender:Male
  • Location:Norwich, UK
  • Devices:All the Nexus!
  • Twitter:@paulobrien
Added:
  • The software update client can be launched with 'adb shell am start -n com.softwareupdate/com.softwareupdate.SoftwareUpdateSettings'
  • The software update client can be configured to use the test server with 'adb shell am start -n com.softwareupdate/com.softwareupdate.ServerSetActivity'
P

  • 0

You can follow me on Twitter - http://twitter.com/paulobrien / Follow MoDaCo on Twitter - http://twitter.com/modaco

Want to donate? MoDaCo is raising money for the Multiple Sclerosis society.

Posted Image


#6
PaulOBrien

PaulOBrien

    It's My Party

  • Founder
  • PipPipPipPipPipPip
  • 36,345 posts
  • Gender:Male
  • Location:Norwich, UK
  • Devices:All the Nexus!
  • Twitter:@paulobrien
I've approached Orange PR for an official line on 'is the bootloader locked'?

P

  • 0

You can follow me on Twitter - http://twitter.com/paulobrien / Follow MoDaCo on Twitter - http://twitter.com/modaco

Want to donate? MoDaCo is raising money for the Multiple Sclerosis society.

Posted Image


#7
fraxos

fraxos

    Regular

  • MoDaCo Silver
  • PipPip
  • 96 posts
  • Devices:ZTE Blade (San Francisco)
Perhaps it is worth reaching out to Intel and/or Orange highlighting the issues that their lockdown creates and how it could drive off a lot of people? It is worth a punt, especially given how successful the dev community, including Paul, were in persuading HTC to change their policy after the backlash they received.

Edited by fraxos, 13 June 2012 - 04:49 PM.

  • 0

#8
Frankish

Frankish

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 3,536 posts
  • Gender:Male
  • Devices:iPhone 4S Xiaocai X9 THL W200
But it fails to update

  • 0

#9
darkvicious

darkvicious

    Newbie

  • Members
  • Pip
  • 36 posts
hello did you try to contact Eric Adams is one of Intel engineer behind the development of san diego can be it can help, because orange they are not very cooperative

Edited by darkvicious, 13 June 2012 - 05:03 PM.

  • 0

#10
PaulOBrien

PaulOBrien

    It's My Party

  • Founder
  • PipPipPipPipPipPip
  • 36,345 posts
  • Gender:Male
  • Location:Norwich, UK
  • Devices:All the Nexus!
  • Twitter:@paulobrien

Perhaps it is worth reaching out to Intel and/or Orange highlighting the issues that their lockdown creates and how it could drive off a lot of people? It is worth a punt, especially given how successful the dev community, including Paul, were in persuading HTC to change their policy after the backlash they received.

The PR team have confirmed they are getting an official response for me, so let's see where this goes with them first!

P

  • 0

You can follow me on Twitter - http://twitter.com/paulobrien / Follow MoDaCo on Twitter - http://twitter.com/modaco

Want to donate? MoDaCo is raising money for the Multiple Sclerosis society.

Posted Image


#11
Rem1x

Rem1x

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,254 posts
  • Gender:Male
  • Location:Aberdeenshire
  • Devices:Nexus 5 // Hudl // One X
  • Twitter:@__foy
Oh dear, I don't want to get rid of this phone :/

  • 0
Posted Image
Posted Image

#12
PaulOBrien

PaulOBrien

    It's My Party

  • Founder
  • PipPipPipPipPipPip
  • 36,345 posts
  • Gender:Male
  • Location:Norwich, UK
  • Devices:All the Nexus!
  • Twitter:@paulobrien
Likewise, great potential, if we can realise it! :(

P

  • 0

You can follow me on Twitter - http://twitter.com/paulobrien / Follow MoDaCo on Twitter - http://twitter.com/modaco

Want to donate? MoDaCo is raising money for the Multiple Sclerosis society.

Posted Image


#13
Rem1x

Rem1x

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,254 posts
  • Gender:Male
  • Location:Aberdeenshire
  • Devices:Nexus 5 // Hudl // One X
  • Twitter:@__foy

Likewise, great potential, if we can realise it! :(

P

I buy my phones as bits of hardware, rather than a hardware/software combo. I've been having great fun with the 10 photo exposure bracketing (really shows off the speed!), and the phone just feels so nice in the hand!

  • 0
Posted Image
Posted Image

#14
fraxos

fraxos

    Regular

  • MoDaCo Silver
  • PipPip
  • 96 posts
  • Devices:ZTE Blade (San Francisco)

The PR team have confirmed they are getting an official response for me, so let's see where this goes with them first!

P


Fingers crossed they come back with the right answer although this being Orange I doubt it...

  • 0

#15
fradleyp

fradleyp

    Enthusiast

  • MoDaCo Silver
  • PipPipPip
  • 261 posts
  • Location:Manchester
  • Devices:ZTE Blade
I'm so thankful you have one Paul.

Can't believe you're the only kernel dev who likes a challenge. Hidden micro SD slot, potential for overclocking, new processor etc Surely that should ecite others

  • 0
ZTE Blade OLED
Clockwork recovery
CM7
Converted Gen2

#16
spences10

spences10

    Diehard

  • Members
  • PipPipPipPip
  • 347 posts
  • Location:London UK
  • Devices:DELL Streak, ZTE Blade
  • Twitter:@spences10

I'm so thankful you have one Paul.

Can't believe you're the only kernel dev who likes a challenge. Hidden micro SD slot, potential for overclocking, new processor etc Surely that should ecite others


Sadly that doesn't seem the case :(

  • 0
I have ORD

Samsung Galaxy Nexus
ROM: CM9 Skankwich
ClockworkMod recovery [of course]

Circle Me
Follow Me

#17
Shuflie

Shuflie

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,294 posts
  • Gender:Male
  • Location:Belfast
  • Devices:HTC One X
  • Twitter:@Shuflie
Perhaps the hidden MicroSD slot is a way for flashing, if I remember right that was the way the OrangeSPV was hacked.

  • 2
Posted Image

#18
Rem1x

Rem1x

    Hardcore

  • Members
  • PipPipPipPipPipPip
  • 1,254 posts
  • Gender:Male
  • Location:Aberdeenshire
  • Devices:Nexus 5 // Hudl // One X
  • Twitter:@__foy

Perhaps the hidden MicroSD slot is a way for flashing, if I remember right that was the way the OrangeSPV was hacked.

Nice thinking!

  • 0
Posted Image
Posted Image

#19
spences10

spences10

    Diehard

  • Members
  • PipPipPipPip
  • 347 posts
  • Location:London UK
  • Devices:DELL Streak, ZTE Blade
  • Twitter:@spences10

Added:

  • The software update client can be launched with 'adb shell am start -n com.softwareupdate/com.softwareupdate.SoftwareUpdateSettings'
  • The software update client can be configured to use the test server with 'adb shell am start -n com.softwareupdate/com.softwareupdate.ServerSetActivity'
P


So when you do this, do you get teh option to check for update? I have just checked for an update and it said there wasnt one but i could download the current system

Have you took a look at the package? I'm downloading it now, but maybe we could use this as our stock image, downloading from 50.18.182.85 as user-120112191046.zip

Edited by spences10, 13 June 2012 - 08:16 PM.

  • 0
I have ORD

Samsung Galaxy Nexus
ROM: CM9 Skankwich
ClockworkMod recovery [of course]

Circle Me
Follow Me

#20
PaulOBrien

PaulOBrien

    It's My Party

  • Founder
  • PipPipPipPipPipPip
  • 36,345 posts
  • Gender:Male
  • Location:Norwich, UK
  • Devices:All the Nexus!
  • Twitter:@paulobrien

So when you do this, do you get teh option to check for update? I have just checked for an update and it said there wasnt one but i could download the current system

Have you took a look at the package? I'm downloading it now, but maybe we could use this as our stock image, downloading from 50.18.182.85

It's an extremely old package that doesn't flash.

P

  • 0

You can follow me on Twitter - http://twitter.com/paulobrien / Follow MoDaCo on Twitter - http://twitter.com/modaco

Want to donate? MoDaCo is raising money for the Multiple Sclerosis society.

Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users