Rooting without changing a single bit on any partition?

[Guest johnsmithx]

Hi,

is anyone aware of any way how on the untouched Blade with the original ROM (ZTE 2.1 or 2.2) get root privileges (uid 0) without changing a single bit on any of those 9 partitions? And if the answer is no, do you think such a way is possible at all?

Thank you for your answers and opinions.

johnsmithx

[Guest wbaw]

z4root & other similar exploits can do that.

[Guest FelixL]

OneClickRecovery does root your Blade temporarily, safes the original recovery partition to the sd-card and than installs clockwork. So you can make a backup off all parts without any modification.

Should work on Gen1 and Gen2. As mentioned z4root should be able to do the same without installing the recovery.

Edited August 9, 2011 by FelixL

[Guest johnsmithx]

Thank you for you responses, but unfortunately none of mentioned meets the condition in my question. Those are applications and need to be installed. Installing anything means changing the content of the partitions. When they are executed they change the content even more.

Let me try to rephrase:

Is there a way to get uid 0 (root) without changing a single bit on any partition, ever during the process?

Just consider this scenario: you have a phone with original ZTE ROM and until now this phone has been used only in "ordinary" way. There may be installed applications but none of them is created for breaching anything. Now, from this very second to the second you get uid 0, imagine that all those 9 partitions are write protected, nothing can be written there. Do you know any way how to get root under such conditions? Do you think it is possible?

Edited August 9, 2011 by johnsmithx

[Guest Pondlife]

no

[Guest wbaw]

You could use fastboot to load a rooted boot.img over usb (on blades with fastboot enabled) - just boot from it over usb without writing anything. Another option could be exploiting an app that runs as root. Otherwise you need to install an app & write to nand to be able to run an exploit, can't execute from the sd card.

Edited August 9, 2011 by wbaw

[Guest johnsmithx]

You could use fastboot to load a rooted boot.img over usb (on blades with fastboot enabled)

That's a good one - preparing modified boot.img with extra setuid binary, booting it and via it booting the original ZTE ROM, then via terminal or another app running the setuid binary ending up with uid 0 without writing into any part of the NAND. Only problem is that it will work only on older phones as the stock GEN2 ones have bootloader disabled <_<

So on stock GEN2 there is no way (without writing into NAND)?

[Guest wbaw]

Unless you could remotely exploit an app that runs as root.

[Guest johnsmithx]

Then it may be considered somewhat a big deal if someone would have done such a thing, I guess.

It would be quite useful in some cases, like making a totally authentic backup of the original NAND content. Sure you can make a backup anytime later and then try to "clean it" but it's never the same.

Also, if you could root the phone without any traces then logically no software could detect it, like those movie rentals market features blocked to work on rooted phones etc. Although in that particular case the blocking function may be simply cracked.

[Guest unrandomsam]

What was written here was incorrect (Hence removed).

Edited August 15, 2011 by unrandomsam

[Guest wbaw]

Thats still writing to NAND though.

No it isn't... http://elinux.org/Android_Fastboot#To_boot_with_a_host-side_kernel_image_.28and_rootfs_image.29

Fastboot can load the kernel & ramdisk over usb without writing the nand. It's a handy feature for testing kernels. If you have a working kernel for your device & rom, have adb that allows the "reboot bootloader" command, or a shortcut button to fastboot as well as an unlocked bootloader (like a blade does) then you can easily root it temporarily without writing anything to the nand.

To boot with a host-side kernel image (and rootfs image)

This command allows you to download a kernel image (and optional root filesystem image) and boot the phone with those, instead of using the kernel and rootfs in the boot flash partition. It is very useful while developing a kernel or modifying the rootfs.

fastboot boot <kernel> [ <ramdisk> ]

Ex: fastboot boot linux-2.6/arch/arm/boot/zImage root-image/recovery.img-ramdisk.cpio.gz

Edited August 15, 2011 by wbaw

[Guest unrandomsam]

No it isn't... http://elinux.org/An...rootfs_image.29

Fastboot can load the kernel & ramdisk over usb without writing the nand. It's a handy feature for testing kernels. If you have a working kernel for your device & rom, have adb that allows the "reboot bootloader" command, or a shortcut button to fastboot as well as an unlocked bootloader (like a blade does) then you can easily root it temporarily without writing anything to the nand.

Very useful.

Thanks