This is starting to turn into a cat-and-mouse game akin to the the back-and-forths we’ve seen between Apple and the iPhone jailbreak underground community. This war has the underground scene always looking for new security exploits that will allow them to gain root access to their handset’s file-system. On the other side, the powers that be are always working to seal whatever security holes were used by the “jailbreak” community.
Google’s most recent move to thwart a nascent Android OS jailbreak uprising by rolling out a new Android OS update (RC30) that aimed to patch the security hole exploited by Android developers. The automatic, over-the-air (OTA) update was expected to essentially kill the Android OS jailbreak movement throughout the T-Mobile G1 fleet.
Today we’re seeing the jailbreak community’s counter-punch to Google’s left-hook. The ever driven developers over at XDA Developers have devised a method that allows G1 users to update their T-Mobile G1 to the latest Android OS RC30 build while still retaining access to the file-system root.
The updated Android jailbreak method mirrors the jailbreak solution currently available for the iPhone OS. By modifying the security checks that the handset performs during a firmware restore, jailbreak developers are able to load modified firmware update files. These modified update files udpate the handset’s firmware to the latest version while retaining particular desired functionality.
In this case, the Android development community has come up with a method that allows them to modify the Android OS’s recovery.img file, which in turn allows them to flash a modified version of Android OS build RC30 to a T-Mobile G1. The modified Android RC30 firmware brings with it all the benefits of the new firmware version while still allowing users to gain root access to the file-system.
If you haven’t yet updated your T-Mobile G1 to the new RC30 update, and you want to preserve root access, you’ll want to follow this G1 jailbreak tutorial.
After the break, that is…
[Update]
This guide has been updated to reflect the latest modified RC30 file – RC30 v1.2.
Please note that this forced update method is to be used only by those that want to preserve the root access exploit. Applying the modified Android OS update file takes time and familiarity with command line. Once applied, you will have to manually update to any future Android OS updates – because of this, it’s not recommended that casual users with no need for root access jailbreak their G1’s.
- First off, you’ll need to download two files to your desktop:
- Modified recovery image (which will become your recovery.img file)
http://fscked.net/%7Ejesusfreke/AndroidMod.zip
- Modified Android OS RC30 update file with root access preserved
http://rapidshare.com/files/165227766/update_TC4-RC30_full_xda-dev_v1.2.zip
- Modified recovery image (which will become your recovery.img file)
- Download and install the Android Telnet Client from the Android Market
- Download and install the Terminal Emulator app from the Android Market
- Turn on WiFi and connect to your WiFi network
- Now, go back to your downloaded files on your desktop
- Decompress the AndroidMod.zip file
- Extract “recovery_testkeys.img” to your desktop
- Rename “recovery_testkeys.img” to “recovery.img”
- Rename the modified Android OS RC30 update file from “update-RC30-fullupdate-modified-testkeys-v1.1.zip” to “update.zip”
- Transfer the newly named “recovery.img” file and the newly named “update.zip” to your microSD card (you can use the microSD card that came with your G1)
- Put microSD card in your G1 (if it’s not already in there)
- Fire up “Terminal Emulator”
- Type “cd system” and hit Enter
- Type “cd bin” and hit Enter
- Type “telnetd” and hit Enter
- Type “netstat” and hit Enter
- The IP address you want is listed on the same line as the word “Established”
- Write down this IP address
- Close Terminal Emulator (hit the “Home” button)
- Fire up “Telnet”
- In the IP address field (it should show “localhost”) enter the IP address you wrote down
- Hit “Connect”
- Now that you have root access, you’ll want to type in the following (hitting “Enter” at the end of each line):
- mount -o rw,remount -t yaffs2 /dev/block/mtdblock2 /system
- cat /sdcard/recovery.img > /data/local/recovery.img
- cd /system
- cat /sdcard/recovery.img > recovery.img
- flash_image recovery recovery.img
- Now turn off your phone
- Restart the handset by holding down the “Power” and “Home” buttons simultaneously
- When you see the triangle logo (you’ll know it when you see it), hold press “Alt” and “L” simultaneously
- Ensure that you see “using test keys” along the top
- Press “Alt” and “S” simultaneously
- Follow the on-screen instructions
- Press “Home” and “Back” buttons simultaneously when you’re done and ready to reboot
- The G1 will reboot as it does its thing – let it do so.
- You have now fully updated your T-Mobile G1 to Android OS RC30 with the root access exploit preserved – get at the root with the Terminal app.
Again, you run a very real possibility of bricking your T-Mobile G1 by updating it yourself. Making sure your battery is fully charged and that you disconnect the G1 from your computer before updating will help ensure a smooth update. Should things go awry, however, you’re on your own. (T-Mobile will likely help you out, but it’s not going to be a fun or speedy process)
[Via: XDA]