Possible alternative to Root?

This is a discussion on Possible alternative to Root? within the Motorola Backflip Development & Hacking forums, part of the Motorola Backflip category; So, I was thinking, and I have an idea that might bypass the need for hacking a root all together. A little back story: I've ...

Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Possible alternative to Root?

  1. #1
    Junior Member maciel310's Avatar
    Join Date
    Jul 2010
    Posts
    11

    Possible alternative to Root?

    So, I was thinking, and I have an idea that might bypass the need for hacking a root all together. A little back story: I've been an android fan for a while now, long before I got my hands on the Backflip. Before I got this device, I had an AT&T Tilt, with Android running from an SD card. This was accomplished by a nifty little program called HaRET, which basically allowed one to "reboot" the phone into a linux Kernel, without touching the local system files. It would look for various image files on the SD card, and use that as the OS for the phone, at least until the phone was power cycled. Now, I'm not sure exactly how this program works, but it appears that it probably tweaks with the devices memory in such a way that breaks out of Windows Mobile, and replaces the currently running OS directly. From the looks of it, it doesn't even cleanly shut down Windows Mobile, just over writes it in memory, in a sense (if anyone has any better insight into how HaRET works, please enlighten me/us).

    So, with that in mind, might it be possible to do the same thing from an Android starting point? So basically it would turn the version of Android already into the device into one very large, very slow BIOS, responsible only for being a launching point into the new OS, which would have full permissions to do whatever we pleased. This would be made all the easier, since we should be able to pull whatever drivers and system files straight from the existing Android install, and not even have to reverse engineer anything like they did for the Tilt.

    I can almost guarantee that the Java SDK wouldn't give anywhere near the access level needed to accomplish this, and even the NDK might not. The irony is we might need some exploit in order to access the memory locations in question (assuming my earlier assumptions were correct) depending on the system's protections, but there's probably no real way to know until someone tries.

    Let me know your thoughts, who knows, we might end up with a (near) universal, though not optimal, root method!

  2. Android.net is the premier Android Forum. Registered users do not see these ads. .

  3. #2
    Sam
    Sam is offline
    Android Lurker Sam's Avatar
    Join Date
    Jul 2010
    Posts
    0
    Wonder if there is a way to use this method to get around a signed bootloader on other devices.. hmmm.. interesting!

  4. #3
    Senior Member Joe Coolcool's Avatar
    Join Date
    Apr 2010
    Posts
    408
    Hmmmm? Anyone know more about this?

  5. #4
    Junior Member Skrilax_CZ's Avatar
    Join Date
    Mar 2010
    Posts
    7
    You need root for that and similar method is being developed on the Milestone.

  6. #5
    Senior Member Lendal's Avatar
    Join Date
    Apr 2010
    Posts
    186
    Skrilax is right.

    In order for the backflip to follow any boot path other than the stock boot process it currently goes through, it will have to be rooted.

    In fact, that's pretty much the actual definition of 'rooting' a phone.

  7. #6
    Junior Member maciel310's Avatar
    Join Date
    Jul 2010
    Posts
    11
    Skrilax_CZ - Can you provide more details or a link to some information about what they are attempting? Thanks.

    Lendal - Well, the beauty of this is it isn't really modifying the boot process at all. It is merely supplementing it, after the normal boot process completes. It would be more akin to loading up a virtual machine from within Windows after it is fully booted, rather than rebooting the whole computer into a different OS. Now, it isn't quite like the virtual machine analogy, since the host OS wouldn't be running anymore, but that's the closes analogy I could come up with.

    Now, I'm not dismissing that it might well indeed require some higher permissions to do, more just throwing the idea out there for everyone to consider. Also, even if it requires access to an area of RAM that we cannot access by default, might it be possible to get access to that RAM location easier than achieving full blown root? Possibly through an exploit that wouldn't work for root, but would get us the ability to write to arbitrary RAM locations?

  8. #7
    Senior Member jmgib's Avatar
    Join Date
    Mar 2010
    Location
    Kentucky
    Posts
    1,350
    Quote Originally Posted by maciel310 View Post
    Skrilax_CZ - Can you provide more details or a link to some information about what they are attempting? Thanks.

    Lendal - Well, the beauty of this is it isn't really modifying the boot process at all. It is merely supplementing it, after the normal boot process completes. It would be more akin to loading up a virtual machine from within Windows after it is fully booted, rather than rebooting the whole computer into a different OS. Now, it isn't quite like the virtual machine analogy, since the host OS wouldn't be running anymore, but that's the closes analogy I could come up with.

    Now, I'm not dismissing that it might well indeed require some higher permissions to do, more just throwing the idea out there for everyone to consider. Also, even if it requires access to an area of RAM that we cannot access by default, might it be possible to get access to that RAM location easier than achieving full blown root? Possibly through an exploit that wouldn't work for root, but would get us the ability to write to arbitrary RAM locations?
    As others have said, due to the way that the bootloader on the Backflip works, this method will not work unless you have root access, meaning that this method can't be used to first gain that access.

  9. #8
    Junior Member maciel310's Avatar
    Join Date
    Jul 2010
    Posts
    11
    Alright. Maybe I'm just not understanding something, but what role would the bootloader have in this scenario? Now, I don't know much about the architecture of ARM processors, so that may be the difference, but in x86-type architectures, RAM is RAM. Any piece of information can be loaded into any part of RAM, and it doesn't really care what that piece of information is. So, shouldn't that mean you could then load an entire OS into memory and basically hijack the current OS session? We wouldn't be overwriting the internal OS, nor would we be requesting that the bootloader loads this particular image. We would just be taking over after the built in bootloader and essentially writing our own software bootloader that runs straight from Android, apk file and all.

    Now, if ARM has separate RAM address spaces for different things such as the OS or Application vs Data space then that might be a problem. Sorry if I sound stubborn, I'm just trying to get more information and would really like to have root... haha.

  10. #9
    Junior Member techfury90's Avatar
    Join Date
    Mar 2010
    Posts
    28
    Doesn't matter. Any modern virtual memory implementation protects RAM reserved for the OS. You cannot just kick the OS out... if you tried, the OS would just terminate your program, since you accessed protected RAM.

  11. #10
    Senior Member jmgib's Avatar
    Join Date
    Mar 2010
    Location
    Kentucky
    Posts
    1,350
    Even modern versions of Windows on the desktop don't really allow this. It's the reason that "game trainers" and such disappeared once Windows XP came along with its protected memory. You could no longer just directly modify another applications memory space. It's really a bad idea security wise to allow this (virii and such). I'm surprised you'd be able to do this on your Windows phone.

Page 1 of 3 123 LastLast

Remove Ads

http://www.scramblerducati.org/

Sponsored Links

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Similar Threads

  1. My new fone
    By DF Member in forum HTC Desire
    Replies: 6
    Last Post: 12-28-2010, 06:10 AM

Search tags for this page

android froyo download

,

session hijack without root android

Click on a term to search our sites for related topics.
Android Forum