Jump to content

The San Diego hacking topic - root progress etc.

Guest PaulOBrien

By Guest PaulOBrien
in Orange San Diego Development

 Share

Recommended Posts

Guest PaulOBrien

Guest PaulOBrien

Posted
Posted

OK folks, so here's a round up of my findings on hacking the San Diego so far (with a view to getting root and perhaps ICS).

If you have anything to add, please post below!

Updated By Ricky Wyatt 31/07/2012

  • We have now found the intel MEDFIELD flasher and drivers but cant be used untill we find the right GT Flag
  • The flasher and drivers can be found here http://www.mediafire...67cezkql2z4j4jc
  • We can now flash the Xolo x900 Gingerbread 2.3..7 so debranding San Diego found here http://www.modaco.co...ireless-screen/
  • We still cant get root
  • We Found out that the chinese intel K800 uses a different boot.bin radio.bin recovery and modem

    Not so grim reading.... :mellow:

    ----------------------------------------------------------------------------------------------------------------------------

    • Bootloader can be accessed via 'adb reboot bootloader', which is then accessible using 'fastboot -i 0x8087' and the appropriate command
    • Recovery can be accessed via 'adb reboot recovery'
    • Powering on with volume down and power held also works for the above
    • Recovery will only flash valid signed zips
    • ADB is not available in recovery
    • There seem to be different signatures for Intel's own devices, the Lava devices and the San Diego
    • Test builds of Gingerbread and ICS are signed with test keys and will not flash on retail recovery images
    • We have a build of ICS - but we can't flash it for the above reason
    • 'fastboot boot' does not work on the device - it seems to push but does not boot
    • 'fastboot flash' appears to complete - I flashed a recovery image - but it bricked the device
    • Fastboot flash of the boot image is untested for obvious reasons
    • We have access to engineering test Gingerbread and ICS images for research
    • The boot and recovery binaries can be extracted by trimming to the second gzip header and using cpio
    • As of yet we have found no usable vulnerabilities in init files
    • As of yet we have no usable kernel exploits
    • Turning the device on with the camera button pressed seems to access a special mode (displaying 'MEDFIELD' in USB settings), maybe for Intel's own flash tools? (a-la-nvflash)
    • The software update client can be launched with 'adb shell am start -n com.softwareupdate/com.softwareupdate.SoftwareUpdateSettings'
    • The software update client can be configured to use the test server with 'adb shell am start -n com.softwareupdate/com.softwareupdate.ServerSetActivity'

      • Grim reading... :(

Link to comment
Share on other sites
  • Replies 1.7k
  • Created
  • Last Reply

Popular Days

Popular Days

Popular Posts

Guest PaulOBrien
Guest PaulOBrien

OK folks, so here's a round up of my findings on hacking the San Diego so far (with a view to getting root and perhaps ICS). If you have anything to add, please post below! Updated By Ricky Wy

Guest Rem1x
Guest Rem1x

Oh, it'll run ICS impressively. But don't take getting VID/PID as getting close, that's just like reading the back of your orange juice and finding out the oranges were made in Florida :P

Guest glossywhite
Guest glossywhite

Is that ORANGE part supposed to rub our faces in it? haha! :D

Posted Images

Guest spences10

Guest spences10

Posted
Posted

Pretty much nothing else to add, apart from this seems to be one of the only areas looking into this subject, I have made post on other forums xda, rootz with no response

The community as a whole seem to be ignoring it :(

Good job flashing the recovery I wasn't quite there with the flash and like you say boot doesnt really work, possibly because of some sort of low level signing

Link to comment
Share on other sites
Guest PaulOBrien

Guest PaulOBrien

Posted
Posted

Added:

  • The software update client can be launched with 'adb shell am start -n com.softwareupdate/com.softwareupdate.SoftwareUpdateSettings'
  • The software update client can be configured to use the test server with 'adb shell am start -n com.softwareupdate/com.softwareupdate.ServerSetActivity'

P

Link to comment
Share on other sites
Guest fraxos

Guest fraxos

Posted
Posted (edited)

Perhaps it is worth reaching out to Intel and/or Orange highlighting the issues that their lockdown creates and how it could drive off a lot of people? It is worth a punt, especially given how successful the dev community, including Paul, were in persuading HTC to change their policy after the backlash they received.

Edited by fraxos
Link to comment
Share on other sites
Guest darkvicious

Guest darkvicious

Posted
Posted (edited)

hello did you try to contact Eric Adams is one of Intel engineer behind the development of san diego can be it can help, because orange they are not very cooperative

Edited by darkvicious
Link to comment
Share on other sites
Guest PaulOBrien

Guest PaulOBrien

Posted
Posted

Perhaps it is worth reaching out to Intel and/or Orange highlighting the issues that their lockdown creates and how it could drive off a lot of people? It is worth a punt, especially given how successful the dev community, including Paul, were in persuading HTC to change their policy after the backlash they received.

The PR team have confirmed they are getting an official response for me, so let's see where this goes with them first!

P

Link to comment
Share on other sites
Guest Rem1x

Guest Rem1x

Posted
Posted

Likewise, great potential, if we can realise it! :(

P

I buy my phones as bits of hardware, rather than a hardware/software combo. I've been having great fun with the 10 photo exposure bracketing (really shows off the speed!), and the phone just feels so nice in the hand!

Link to comment
Share on other sites
Guest fraxos

Guest fraxos

Posted
Posted

The PR team have confirmed they are getting an official response for me, so let's see where this goes with them first!

P

Fingers crossed they come back with the right answer although this being Orange I doubt it...

Link to comment
Share on other sites
Guest fradleyp

Guest fradleyp

Posted
Posted

I'm so thankful you have one Paul.

Can't believe you're the only kernel dev who likes a challenge. Hidden micro SD slot, potential for overclocking, new processor etc Surely that should ecite others

Link to comment
Share on other sites
Guest spences10

Guest spences10

Posted
Posted

I'm so thankful you have one Paul.

Can't believe you're the only kernel dev who likes a challenge. Hidden micro SD slot, potential for overclocking, new processor etc Surely that should ecite others

Sadly that doesn't seem the case :(

Link to comment
Share on other sites
Guest Rem1x

Guest Rem1x

Posted
Posted

Perhaps the hidden MicroSD slot is a way for flashing, if I remember right that was the way the OrangeSPV was hacked.

Nice thinking!

Link to comment
Share on other sites
Guest spences10

Guest spences10

Posted
Posted (edited)

Added:

  • The software update client can be launched with 'adb shell am start -n com.softwareupdate/com.softwareupdate.SoftwareUpdateSettings'
  • The software update client can be configured to use the test server with 'adb shell am start -n com.softwareupdate/com.softwareupdate.ServerSetActivity'

P

So when you do this, do you get teh option to check for update? I have just checked for an update and it said there wasnt one but i could download the current system

Have you took a look at the package? I'm downloading it now, but maybe we could use this as our stock image, downloading from 50.18.182.85 as user-120112191046.zip

Edited by spences10
Link to comment
Share on other sites
Guest PaulOBrien

Guest PaulOBrien

Posted
Posted

So when you do this, do you get teh option to check for update? I have just checked for an update and it said there wasnt one but i could download the current system

Have you took a look at the package? I'm downloading it now, but maybe we could use this as our stock image, downloading from 50.18.182.85

It's an extremely old package that doesn't flash.

P

Link to comment
Share on other sites
Guest gwebb

Guest gwebb

Posted
Posted

Intel badly need some developer support for x86 Android, and what do we get? Locked down phones running Gingerbread.

From everything I've read it sounds like a decent phone, the price is right, but they've dropped the ball on the software side.

Hardware wise this could be THE phone for hacking right now; a fast CPU, NFC, state-of-the-art image processor, HDMI, good screen, lots of RAM, and potentially very interesting x86 Linux/Android software (Intel has done a lot of Linux work).

Anyway, good luck to those of you working to prize it open.

Link to comment
Share on other sites
Guest .thalamus

Guest .thalamus

Posted
Posted

Hmmm, the first post is grim reading. I was going to buy one of these last week, but something told me to hold off, and I'm glad I did.

I also found that they use an obscure format for the boot / recovery / fastboot images which are probably created by some obscure proprietary Intel tool, so that'll cause problems I imagine. I might be wrong though.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept