Jump to content

Rooting without changing a single bit on any partition?

Guest johnsmithx

By Guest johnsmithx
in ZTE Blade / Libra ROMs & ROM customisation

 Share

Recommended Posts

Guest johnsmithx

Guest johnsmithx

Posted
Posted

Hi,

is anyone aware of any way how on the untouched Blade with the original ROM (ZTE 2.1 or 2.2) get root privileges (uid 0) without changing a single bit on any of those 9 partitions? And if the answer is no, do you think such a way is possible at all?

Thank you for your answers and opinions.

johnsmithx

Link to comment
Share on other sites
Guest FelixL

Guest FelixL

Posted
Posted (edited)

OneClickRecovery does root your Blade temporarily, safes the original recovery partition to the sd-card and than installs clockwork. So you can make a backup off all parts without any modification.

Should work on Gen1 and Gen2. As mentioned z4root should be able to do the same without installing the recovery.

Edited by FelixL
Link to comment
Share on other sites
Guest johnsmithx

Guest johnsmithx

Posted
Posted (edited)

Thank you for you responses, but unfortunately none of mentioned meets the condition in my question. Those are applications and need to be installed. Installing anything means changing the content of the partitions. When they are executed they change the content even more.

Let me try to rephrase:

Is there a way to get uid 0 (root) without changing a single bit on any partition, ever during the process?

Just consider this scenario: you have a phone with original ZTE ROM and until now this phone has been used only in "ordinary" way. There may be installed applications but none of them is created for breaching anything. Now, from this very second to the second you get uid 0, imagine that all those 9 partitions are write protected, nothing can be written there. Do you know any way how to get root under such conditions? Do you think it is possible?

Edited by johnsmithx
Link to comment
Share on other sites
Guest wbaw

Guest wbaw

Posted
Posted (edited)

You could use fastboot to load a rooted boot.img over usb (on blades with fastboot enabled) - just boot from it over usb without writing anything. Another option could be exploiting an app that runs as root. Otherwise you need to install an app & write to nand to be able to run an exploit, can't execute from the sd card.

Edited by wbaw
Link to comment
Share on other sites
Guest johnsmithx

Guest johnsmithx

Posted
Posted

You could use fastboot to load a rooted boot.img over usb (on blades with fastboot enabled)

That's a good one - preparing modified boot.img with extra setuid binary, booting it and via it booting the original ZTE ROM, then via terminal or another app running the setuid binary ending up with uid 0 without writing into any part of the NAND. Only problem is that it will work only on older phones as the stock GEN2 ones have bootloader disabled <_<

So on stock GEN2 there is no way (without writing into NAND)?

Link to comment
Share on other sites
Guest johnsmithx

Guest johnsmithx

Posted
Posted

Then it may be considered somewhat a big deal if someone would have done such a thing, I guess.

It would be quite useful in some cases, like making a totally authentic backup of the original NAND content. Sure you can make a backup anytime later and then try to "clean it" but it's never the same.

Also, if you could root the phone without any traces then logically no software could detect it, like those movie rentals market features blocked to work on rooted phones etc. Although in that particular case the blocking function may be simply cracked.

Link to comment
Share on other sites
Guest wbaw

Guest wbaw

Posted
Posted (edited)

Thats still writing to NAND though.

No it isn't... http://elinux.org/Android_Fastboot#To_boot_with_a_host-side_kernel_image_.28and_rootfs_image.29

Fastboot can load the kernel & ramdisk over usb without writing the nand. It's a handy feature for testing kernels. If you have a working kernel for your device & rom, have adb that allows the "reboot bootloader" command, or a shortcut button to fastboot as well as an unlocked bootloader (like a blade does) then you can easily root it temporarily without writing anything to the nand.

To boot with a host-side kernel image (and rootfs image)

This command allows you to download a kernel image (and optional root filesystem image) and boot the phone with those, instead of using the kernel and rootfs in the boot flash partition. It is very useful while developing a kernel or modifying the rootfs.

fastboot boot <kernel> [ <ramdisk> ]

Ex: fastboot boot linux-2.6/arch/arm/boot/zImage root-image/recovery.img-ramdisk.cpio.gz

Edited by wbaw
Link to comment
Share on other sites
Guest unrandomsam

Guest unrandomsam

Posted
Posted

No it isn't... http://elinux.org/An...rootfs_image.29

Fastboot can load the kernel & ramdisk over usb without writing the nand. It's a handy feature for testing kernels. If you have a working kernel for your device & rom, have adb that allows the "reboot bootloader" command, or a shortcut button to fastboot as well as an unlocked bootloader (like a blade does) then you can easily root it temporarily without writing anything to the nand.

Very useful.

Thanks

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept