Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

T-Mobile G2 'Permaroot' Achieved

timothy posted more than 3 years ago | from the proud-we-are-of-all-of-them dept.

Cellphones 262

VValdo writes "After over a month of relentless hacking, genius scotty2 has finally smashed the G2's notorious emmc-read-only-on-boot mechanism, which had been incorrectly characterized in the press as a 'rootkit.' The hack involves several steps — first achieving 'temp root' through a fork bomb exploit, then running a specially crafted kernel module that power-resets the read-only emmc to bring it up in read-write mode. Finally, the bootloader is re-flashed, which permanently removes the read-only on subsequent boots. The whole process is expected to be automated by tomorrow."

cancel ×

262 comments

Now if they could only add another rows of keys (1)

leighklotz (192300) | more than 3 years ago | (#34181356)

Now if they could only add another rows of keys I could type my password...

this just encourages them (3, Insightful)

Anonymous Coward | more than 3 years ago | (#34181370)

"Buying" a device that doesn't become yours and then going through extreme measures to make it yours doesn't help anything. It hurts everybody in the end, because (a) it makes the next round of devices even MORE locked down to since they learned from last time, and (b) it doesn't exert economic pressure against this sort of lock down to begin with.

Re:this just encourages them (0)

Lazareth (1756336) | more than 3 years ago | (#34181394)

But it does train us for the future. Sometime after 2020 everybody will be able to permaroot their house in their sleep (which might be a necessity).

Re:this just encourages them (3, Interesting)

icebike (68054) | more than 3 years ago | (#34181460)

So what then is your suggestion?

Continue to pay for something you can never really own?

Demonstrating that any lock down can be broken does exert pressure for the companies to stop wasting their resources.

Bringing a phone to market has real costs associated with it.

If they know it will be hacked (often before its official release date) why bother trying? Why spend all that money and time dicking around with some cat and mouse game where you are always the mouse, when your competition can get there quicker by avoiding the effort.

All they really need is an indicator that it WAS hacked so they can choose to honor the warranty or not, (Like the Nexus One, which gives you root at the press of a button, but makes it obvious you chose to take it).

Sooner or later we should start pushing for lock downs to be made illegal, and demonstrating that they are ineffective is as good a first step as any.

Re:this just encourages them (2, Insightful)

Darkness404 (1287218) | more than 3 years ago | (#34181496)

Sooner or later we should start pushing for lock downs to be made illegal, and demonstrating that they are ineffective is as good a first step as any.

No, lock downs shouldn't be illegal, it should, however, on the packaging and in the contract say to what extent things are locked down.

It should be the manufacturer's right to lock down whatever in the product they send out, it isn't the manufacturer's right to send feature destroying firmware updates out with the intent to disrupt people who chose to use their devices in other ways just like it isn't within my rights to mail every Windows user I know a virus intending to cause harm and because it is fraud to sell a product then release something that makes the product inoperative.

On the other hand, it should be perfectly within anyone's rights to modify and use their legitimately purchased items in whatever way they want (assuming it doesn't cause harm to others).

Re:this just encourages them (4, Insightful)

Microlith (54737) | more than 3 years ago | (#34181526)

lock downs shouldn't be illegal

Why not?

It should be the manufacturer's right to lock down whatever in the product they send out

Why, when it only disenfranchises the end user?

On the other hand, it should be perfectly within anyone's rights to modify and use their legitimately purchased items in whatever way they want (assuming it doesn't cause harm to others).

This conflicts with the manufacturer being allowed to ship things locked down. I can understand secured with option to disable, but stuff like what Motorola does (and HTC, if they start signing the bootloader) precludes your right to work with your property, and solely for the benefit of the manufacturer.

Re:this just encourages them (1)

Man On Pink Corner (1089867) | more than 3 years ago | (#34181558)

Why, when it only disenfranchises the end user?

And legislative interference with the end user's right to enter into a contract -- regardless of your personal opinion about the terms of that contract -- isn't "disenfranchising"?

Re:this just encourages them (4, Insightful)

Entropius (188861) | more than 3 years ago | (#34181600)

Only in a truly free market.

We've long passed the point where cell service is a true free market, with any real competition.

Re:this just encourages them (4, Insightful)

Microlith (54737) | more than 3 years ago | (#34181606)

legislative interference with the end user's right to enter into a contract

Oh boy, more nonsense. Is it really a fair contract when it's between you and a multi-billion dollar corporation presenting you a one-sided contract?

Indeed, it would be PUTTING POWER IN YOUR HANDS. They wouldn't be able to strip you of control over your own property (which it does eventually become.) And yet you whine?

Re:this just encourages them (2, Interesting)

Darkness404 (1287218) | more than 3 years ago | (#34181728)

You don't seem to understand the point.

A government who tries to 'help' consumers by limiting what corporations can do can and will just as easily screw customers in favor of corporations. If you don't screw with the balance of power and instead leave governments out of things like this, consumers gain more control.

When you put that control into the government's hands it flip flops back and forth from control from the people to the corporations back to the people then back to corporate control again.

It is a fundamental right for people to be able to sell whatever product they wish so long as its not represented fraudulently and doesn't cause harm when used normally. Similarly, it is a fundamental right to use whatever product you purchased in whatever way doesn't harm others. When kept in balance, both sides balance each other out, sure, HTC can make a locked down phone, but it is a right for consumers to break it. When that balance of power doesn't exist like in copyright, either side demands more and more legislative protection which removes any balance and shifts it on one side or the other.

Indeed, it would be PUTTING POWER IN YOUR HANDS

At the expense of taking the power out of HTC's hands. You don't seem to see the historical precedent set by just about every law which shifts the power, it goes from one side to the other where both sides end up losing.

The FDA was designed to 'protect' consumers but yet it is used for big corporations to squash competition from smaller, localized, farmers. Copyright was designed to protect the artist and the public but yet it doesn't. Patents were designed to not monopolize knowledge but to free it from the grasps of guilds, but yet it is a monopoly. Etc.

The only sustainable way to have freedom is to allow businesses to do what they will and let consumers do what they will. It is only through that, that a sustainable and free equilibrium can be reached.

Re:this just encourages them (1)

Microlith (54737) | more than 3 years ago | (#34181796)

You don't seem to understand the point.

I don't defend the ability for corporations to leverage their power over people in unfair ways.

It is a fundamental right for people

People. The biggest failure of the Supreme Court was for them to declare corporations as legal persons, despite being complete legal fictions.

HTC can make a locked down phone, but it is a right for consumers to break it

Except when HTC utilizes their control over the design to ensure that you can't. Sort of like how no one has broken Motorola's lock down of the boot loader or kernel.

The only sustainable way to have freedom is to allow businesses to do what they will and let consumers do what they will. It is only through that, that a sustainable and free equilibrium can be reached.

Nonsense. Corporations have too much power and control information too well for there to be a truly informed consumer base. That and corporations deliberately leverage the ignorance of the masses for their own benefit. Corporations and people are not equal. As it stands they have way more in terms of rights, power, money, and political influence than you and will always use it to disenfranchise you and benefit themselves.

But go ahead, believe in the "Free Market." Like I said on Ars the other day, like God, I don't believe it exists.

Re:this just encourages them (1)

Microlith (54737) | more than 3 years ago | (#34181816)

#%@#$

Forgot a closing blockquote in there, right before "People" :(

Re:this just encourages them (2, Interesting)

Darkness404 (1287218) | more than 3 years ago | (#34181916)

I don't defend the ability for corporations to leverage their power over people in unfair ways.

How is it unfair?

I go to buy a product, I am informed of the product and reasonably can know its limitations. I buy that product. I am able to use that product as I see fit.

Yes, I do think that phones should have to say on the packaging if they do not allow root/admin/superuser/etc. access. But saying that you can't sell them despite the fact that people were aware of the limitations is as silly as saying we should ban tomatoes because they don't give you the ability to fly.

Except when HTC utilizes their control over the design to ensure that you can't. Sort of like how no one has broken Motorola's lock down of the boot loader or kernel.

Oh yes, I forgot about the fact that I was held up at gunpoint and forced to buy Motorola products! I mean, I was just sleeping and a Motorola representative pointed a 9MM at my head and handed me a Droid and made me use it.

If you don't like it, don't buy it. There are phones sold pre-rooted without a contract. Go buy one of those if you want one.

Nonsense. Corporations have too much power and control information too well for there to be a truly informed consumer base. That and corporations deliberately leverage the ignorance of the masses for their own benefit. Corporations and people are not equal. As it stands they have way more in terms of rights, power, money, and political influence than you and will always use it to disenfranchise you and benefit themselves.

Oh yes, I forgot that everyone everywhere was a corporate shill and that every single review MUST be written by an agent of a corporation. Bullshit. If you truly want to inform yourself you can read support forums, reviews from different sites, listen to what people on /. have to say about it, look at your friend's devices, etc. There can be a truly informed consumer base, the thing is, most people have no desire to be informed. No one wants the -best-, the most reliable, etc. they just want to make a statement with it.

And no, corporations (unlike governments) require the masses to survive. People automatically have leverage over corporations when the government steps out of the way and lets the market work. If people really didn't want phones like these, they would all buy Nexus Ones or similar phones and HTC wouldn't be profitable making locked-down phones and would switch to the more profitable phones or face increased competition from Nokia/Samsung/Motorola/etc. and don't say that the masses "didn't know" about the fact it was locked down, its pretty damn obvious if they were searching for it that it was locked down.

Corporations don't control the information, consumers just don't want to look for the information.

Re:this just encourages them (4, Insightful)

shoehornjob (1632387) | more than 3 years ago | (#34182246)

Corporations have too much power and control information too well for there to be a truly informed consumer base

While I agree that corporations in general (in the USA) have way too much power I disagree that the public wants to be truly informed. The general public in the USA suffers from what I call plug and play syndrome. People don't care if you can get root on a phone and load your own software. They want something that fills a need ( the corporations sold them on) and they want it to work with a minimum of hassle. This is why the Iphone is so popular. Try to talk to a person about tech and use a few terms they are unfamiliar about and you'll see the eyes glaze over. You're right on when you say "corporations deliberately leverage the ignorance of the masses for their own benefit". They get away with it because there are too many sheep in this country who have been bread for ignorance.

Re:this just encourages them (3, Insightful)

arth1 (260657) | more than 3 years ago | (#34182152)

Is this why the monthly price is cheaper and the coverage higher in countries where consumer protection prevents the mobile phone companies from locking phones (or for locking them for more than a couple of months after purchase)?

When legislation serves to increase competition instead of allowing de-facto oligopolies to strongarm the consumers, it isn't trampling people's rights; it's securing them.

Re:this just encourages them (0)

Anonymous Coward | more than 3 years ago | (#34181738)

Indeed, it would be PUTTING POWER IN YOUR HANDS.

At the cost of taking it from someone else's.

All well and good, until it's your hands that the power is being removed from.

Re:this just encourages them (1)

Microlith (54737) | more than 3 years ago | (#34181762)

At the cost of taking it from someone else's.

From a corporation, whom otherwise has way, way more power than you. I don't consider that a problem.

Re:this just encourages them (1)

Jah-Wren Ryel (80510) | more than 3 years ago | (#34182040)

Oh boy, more nonsense. Is it really a fair contract when it's between you and a multi-billion dollar corporation presenting you a one-sided contract?

And just to pile on here, note that its a multi-billion dollar corp that is dependent on government granted monopolies on otherwise public airspace. I'm sure the corps would argue that they bought those monopolies free and clear at the FCC spectrum auctions, but given that the entire reason for such monopolies is justified as public benefit it's not congruous with then limiting device functionality at the expense of the public.

Re:this just encourages them (4, Insightful)

RulerOf (975607) | more than 3 years ago | (#34182052)

They wouldn't be able to strip you of control over your own property (which it does eventually become.)

Eventually?!

My phone was mine the instant I bought it. I did, however, acquire it for a sub-retail price by agreeing to be either a customer of the reseller for 24 successive months or to pay them $375, pro-rated monthly after fulfillment of the first 12 months of the prior option have elapsed.

Contract or not, there's no fucking way that the device belongs to anyone other than its owner. The fact that rooting *a computer* that you own is dangerous and sometimes impossible, warranty or not, is egregiously offensive to me as a consumer.

If I buy your shit from you, it's not your shit anymore. It's my shit and you have no damn business telling me what I do with it, and no, I signed no contract stating otherwise.

Don't ever forget that, and don't ever let a retailer tell you differently.

Re:this just encourages them (1)

Darkness404 (1287218) | more than 3 years ago | (#34181778)

This conflicts with the manufacturer being allowed to ship things locked down. I can understand secured with option to disable, but stuff like what Motorola does (and HTC, if they start signing the bootloader) precludes your right to work with your property, and solely for the benefit of the manufacturer.

No it doesn't. Consider someone buying a locked chest. It should be within someone's rights to sell a locked chest so long as the person who buys it knows that it is locked. It should be well within that person's rights that when they take it home, they decide to either pick the lock, cut off the lock, or smash open the chest. There is no conflict there. Now, that person shouldn't be able to force the seller of the locked chest to help him glue back the pieces of the chest he smashed open because he took that risk when he took a hammer to it, but there still is no conflict, it was a fair deal: the person got what he paid for knowing it would be a locked chest and the person selling it got the money from what they were selling.

It is only when you involve government that there can be conflicts. It is only with government control that you can get into pointless 'rental' disputes about how you never actually owned the things you paid for.

Re:this just encourages them (2, Interesting)

DavidRawling (864446) | more than 3 years ago | (#34182186)

Furthermore, destruction of the lock and use of the unlocked chest does not excuse the seller breaking into your house at night and attaching a newer, stronger padlock to the chest, locking you out of it again (OTA updates anyone?) Also, what about the people that bought outright? Are you going to argue that the device suddenly becomes the property of the telco when the person signs up for service?

Bloody anonymous cowards ...

Re:this just encourages them (1)

Ihmhi (1206036) | more than 3 years ago | (#34182120)

IMO if you want to use someone's service, you have to use it their way. Certain Apple Apps would require a certain firmware that may have not been jailbroken yet. However, it should still be someone's choice to do what they want with a physical device they purchase.

Re:this just encourages them (1)

geekoid (135745) | more than 3 years ago | (#34181574)

And it is, but it may void your warranty; which it should. And lets not forget the fact that with a connected device, whatever you do may impact others.

For example, if you 'jail break' a phone to exceeds some internal limit on down load, then you are impacting everyone else who is also using the bandwidth.

That example was used to make a point, I have no idea if anyone is doing that.

Re:this just encourages them (1)

Microlith (54737) | more than 3 years ago | (#34181618)

if you 'jail break' a phone to exceeds some internal limit on down load

Then someone is doing it very, very wrong.

Re:this just encourages them (1)

Lazareth (1756336) | more than 3 years ago | (#34181638)

So in short, the 'security' of the lockdown is to cover their ass because of bad design? To continue on your example, who the hell would think it a good idea to locally define how much or how fast one may download? That should be controlled by the "server" or in this case carrier, not the client. Don't trust the client with server-critical settings!

There's no legit reason to lock down a device in such a way, other than the 'legit' reason of not wanting the user to be able to upgrade the OS without shelling out more $$$.

Hypothetical questions of how the user can use the tampered device to cause harm is bollocks. The signals are transported through the air. Use other means than locking down the device to prevent "harmful" operation, such as actually designing the server-client interface to behave intelligently.

Re:this just encourages them (1)

a_nonamiss (743253) | more than 3 years ago | (#34181880)

I mostly agree with your point, but I can think of a few examples where a user could unlock a phone and cause harm to others. For example, they could increase the signal strength to something beyond the approved FCC limit for mobile devices. This would harm anyone in the competing spectrum, and isn't something you could regulate on a server end.

If course, when I'm talking about "unlocked" here, I'm also referring to things you could do the hardware as well as the firmware. (i.e. open the device up and replace the fancy electric stuff and whatnot.)

Re:this just encourages them (0)

Anonymous Coward | more than 3 years ago | (#34182086)

Er, yeah, except that the radio is kept completely seperate from the main phone OS so there is zero chance for jailbreak or root to facilitate jacking up the power to the radio. Come back when you actually know what you're talking about, son.

Re:this just encourages them (1)

MichaelSmith (789609) | more than 3 years ago | (#34182094)

they could increase the signal strength to something beyond the approved FCC limit for mobile devices.)

Doesn't seem to happen on the open moko and other free phones. The GSM module has its own processor and firmware. Rooting the processor which coordinates the system can't force the GSM module to do anything dangerous.

Re:this just encourages them (1)

wampus (1932) | more than 3 years ago | (#34182192)

And you can't modify the radio software. Why is that ok?

Re:this just encourages them (1)

MichaelSmith (789609) | more than 3 years ago | (#34182234)

As long as the radio is a simple embedded appliance I am not too fussed about it. I give it my bits and bytes and the radio sends them on. From linux on the moko I can flash the GSM module, but I feed it a binary blob. There is nothing to stop me coding up my own binary, there just isn't much reason to do it beyond improving factors such as power management.

Re:this just encourages them (5, Insightful)

Darkness404 (1287218) | more than 3 years ago | (#34181640)

We have a network where pretty much everyone runs whatever they want on it. Its called the internet. And yet, oddly enough there aren't any major service disruptions other than a few localized events.

Re:this just encourages them (2, Informative)

badboy_tw2002 (524611) | more than 3 years ago | (#34181766)

The GP post was pretty stupid (those limits would be on the tower/host side of things), but bandwidth isn't free in the cell world. Its the same as everyone trying to use the same wifi hotspot when you're at a conference or something - you are sharing with other people on the network. What _should_ be contractual is the amount of bandwidth you're to expect, and the provider should have to honor that by expanding service in heavy use areas.

Re:this just encourages them (1)

Darkness404 (1287218) | more than 3 years ago | (#34181790)

But that has nothing to do with jailbreaking. I can just as well use that much bandwidth streaming Pandora all day on a non-jailbroken iPhone or non-rooted G2 and the idea that jailbreaking somehow is going to add to bandwidth problems is rather silly at best.

Re:this just encourages them (1)

null etc. (524767) | more than 3 years ago | (#34181868)

It's funny to read this comment after seeing an ad from the BSA on Slashdot's homepage. Unfortunately, that means that this will be my last post here. I'm off to inhabit other virtual locales that don't cater to the strong-arm tactics of the BSA.

Re:this just encourages them (0)

Anonymous Coward | more than 3 years ago | (#34182180)

its whatever the ad provider shows in rotation you blithering idiot.

Re:this just encourages them (0)

Anonymous Coward | more than 3 years ago | (#34182144)

I'll give you that the carrier may need to shut down your connection IF your phone is behaving badly on their voice network or control band. They already have ability to deal with "past limit" on their data plans.

How about we stipulate that if you've overclocked / under volted it acts just like the water sensor has gone off: no warranty. But for software that didn't overclock as long as you flash it back to standard before asking for repair there should be no reason that you have no warranty. You want software support? Fine, for the standard load only. I really don't get why it has to be harder than that and why the manufacturers and carriers want to make it harder than that. (Well, I can understand the greed aspect with the carriers often wanting to charge you to use something that is actually built into the software - but we should not tolerate that.)

Re:this just encourages them (2, Interesting)

sqlrob (173498) | more than 3 years ago | (#34181532)

Demonstrating that any lock down can be broken does exert pressure for the companies to stop wasting their resources.

Not really. Most, if not every, lock down in the past few decades have been broken. Yet they still persist. They're not going to learn.

Re:this just encourages them (1)

Lemmy Caution (8378) | more than 3 years ago | (#34181732)

When it comes to this sort of thing, they don't need to learn. Most of their user base will not jailbreak or unlock anything; they don't get a lot of benefit from policing the few who do. In fact, if it becomes too easy, then there's a problem: if a critical number of people start tethering unlocked phones, the carrier will then need to meter bandwidth. As long as only a techie few are doing it, they can generally be left alone.

Re:this just encourages them (1)

wampus (1932) | more than 3 years ago | (#34182222)

Tethering isn't a terribly compelling reason to root the G2, considering you just have to check a box in the network settings. The only reason I even installed VISIONary is to add some shit to my hosts file to make my Angry Birds experience better.

Re:this just encourages them (1)

cromar (1103585) | more than 3 years ago | (#34181716)

I agree, but I wonder if it is true no device can be irreversibly locked down. No one has done it yet, but I fear it may one day be possible to do so completely. I would love to be proven wrong.

Re:this just encourages them (1)

Microlith (54737) | more than 3 years ago | (#34181840)

I wonder if it is true no device can be irreversibly locked down

Technically it is. The catch is that to unlock, say, a Motorola device you'd need to desolder the SoC stack and install a new OMAP3 chip in its place. This is a nontrivial, highly risky operation even when done with specialized equipment.

So while it is technically defeatable, effectively it is not.

Re:this just encourages them (4, Insightful)

Daniel Phillips (238627) | more than 3 years ago | (#34181854)

So what then is your suggestion?

Allow me to make a suggestion. Pressure Google. The Google logo is writ large on this HTC/T-Mobile phone. Google is more responsible for the evil lack of respect for the free software this phone is built with than anybody else.

Make it known to any Google representative who will listen (warning: these are few and far between) that you regard the company as hypocritical and cynical, and not worthy of your trust unless the rights of owners of phones running Android/Linux are fully respected.

And yes, I know all about Google and cynical, after all I worked there for three years and had plenty of opportunity to observe Google management up close. Google is in fact just another cynical megacorp, however it is slightly unusual in that its stock will suffer greatly if its users ever become widely aware of this fact. Therefore, Google tends to be slightly more responsive to justifiable criticism than other cynical megacorps.

Re:this just encourages them (3, Insightful)

Anachragnome (1008495) | more than 3 years ago | (#34182164)

"So what then is your suggestion?"

Stop giving the manufacturers of such locked-down devices your money?

Trust me on this one--they will stop making something that doesn't make them money.

Re:this just encourages them (1)

wampus (1932) | more than 3 years ago | (#34182238)

They already did stop selling things that don't make money- the hobbyist phones.

Re:this just encourages them (4, Informative)

Miamicanes (730264) | more than 3 years ago | (#34182198)

> All they really need is an indicator that it WAS hacked so they can choose to honor the warranty or not,

For the record, in the United States, a consumer can't be coerced into disclaiming a manufacturer's warranty, and a manufacturer can't disclaim a warranty for mere breach of contractual terms (least of all a contract of adhesion) unless the breach involved non-payment for a service contract or the manufacturer can demonstrate that whatever it is that the consumer did WAS, in fact, the reason for the failure.

It's called the Magnuson-Moss Warranty Act.

Also, a few points that need to be repeated often:

* Few phones truly get "bricked". 99% of the time, someone screws up a reflash, panics when it doesn't reboot, posts a few messages online, hits google, then figures out 1-36 hours later that he needs to take out the battery, wait a minute or so, then power it back up with some nearly impossible combination of button-presses to trigger its REAL "last-chance" bootloader.

* It's almost impossible to truly cause real, honest-to-god permanent hardware damage to a recent-vintage phone by reflashing. Worst-case, it might take a minimum-wage employee at an authorized repair center with a JTAG a few minutes to reflash it.

Re:this just encourages them (1)

slinches (1540051) | more than 3 years ago | (#34182224)

My suggestion would be to buy an unlocked phone. They are readily available Here [newegg.com] and can be used on any compatible network. The only drawback is that there only seems to be one carrier (T-Mobile) offering reduced pricing on service for a non-subsidized phone.

Re:this just encourages them (1)

slinches (1540051) | more than 3 years ago | (#34182242)

Replying to my own post, but I should clarify.

T-Mobile is the only US carrier that has lower pricing for plans without a subsidized phone. I think there are more options in other parts of the world.

Evidence? (1)

jbn-o (555068) | more than 3 years ago | (#34181774)

Extraordinary claims require extraordinary evidence. Where is your evidence that treating your devices as though you own them "makes the next round of devices even MORE locked down"? How are we to know that it would not matter whether buyers did this, proprietors are going to continue to pursue ways to exclude users from being free to treat their computers as they wish?

on the fence (3, Insightful)

metalmaster (1005171) | more than 3 years ago | (#34181396)

while i am against total lockdowns that cripple a phone(think VZW) I do think that some security is in order.

Re:on the fence (4, Interesting)

Microlith (54737) | more than 3 years ago | (#34181428)

Security is in order, sure, but should the end user wish to assume direct control then it should be a trivial process that requires the user be in physical contact with the device (such as holding down a button.) Not requiring the user to find a local exploit to grant them shell or terminal access like a 3rd party attacking the system.

But between the carrier and the vendor, you are a 3rd party attacker. This is why I have no respect for most vendors nor for any of the carriers.

Re:on the fence (1)

metalmaster (1005171) | more than 3 years ago | (#34181570)

Pushing a button might not require physical access though. Someone just has to publish an app with mal-intent. Make it look pretty so joe and julie numbskull download it. Run the app to root the phone. You can reek plenty of havoc. Leave security to the users and it will always be defeated by stupidity. Vendors and Carriers alike fear this scenario. Locks are put in place so someone's shiny new toy doesnt become a slave to someone else's bidding. I have to agree with this. Pool enough zombie phones and you can bring phone infrastructure to its knees.(DDoS of local towers?) IMO, that happens enough already. There's no need to have it become the whim of a botmaster.

Userland services shouldnt be at the mercy of a carrier though. We pay enough for voice and data, so we shouldnt be restricted to carrier-based addon services(411, GPS, Email clients, ringers ect...)

Re:on the fence (1)

Microlith (54737) | more than 3 years ago | (#34181584)

Someone just has to publish an app with mal-intent.

Err, if a button has to be pressed when you power the device on to trigger a security unlock, it'll be a heck of a lot harder to do it with an "app" all on its lonesome.

Leave security to the users and it will always be defeated by stupidity.

I have no problem with security by default. But let me turn it off if I want to.

Userland services shouldnt be at the mercy of a carrier though.

Kernel space is nothing special on these devices. And everything you described can be done in userland.

Re:on the fence (1)

a_nonamiss (743253) | more than 3 years ago | (#34181898)

I could write an app that displays on the screen "Hold down the red button on the side for 10 seconds, then press this button, then do this, and your app will give you free pr0n!"

It sounds stupid, but it would be trivial to socially engineer thousands of people to do something to hardware, if that were my end goal. Granted, not smart users, but then, that's not really who these guys are after. Plenty of low hanging fruit on the shallow end of the gene pool.

Re:on the fence (1)

Microlith (54737) | more than 3 years ago | (#34181930)

By hold a button I mean "power the device off, hold this button, turn the power on, agree to the terms displayed that explicitly say you're reducing security and voiding your warranty unless you reflash to stock" not something in the runtime user interface.

Sorta like how the Nexus One does it. Or maybe like how my N900 does it, where you have to enable a repository and explicitly install a package. That alone would throw warning flags off for most people.

Re:on the fence (0)

Anonymous Coward | more than 3 years ago | (#34182026)

And so the phone displays a dire warning (as does the nexus one) explaining what you're doing if you do it. If users are illiterate they have no business owning a smartphone.

Re:on the fence (2, Interesting)

Darkness404 (1287218) | more than 3 years ago | (#34181442)

What "security" does this give you though? Its becoming increasingly obvious that many vendors -cough- Motorola -cough- want to lock down phones while not providing updates. When I buy a phone, subsidized or not, I should have the right to use it in the way that I want to. Whether that is jailbreaking, rooting, unlocking, etc. the phone. It is counter-productive for HTC/Motorola/Samsung/etc. to keep locking down their phones because what does it really gain them? A bunch of pissed off customers that their device won't be upgradeable past Android 1.6?

Re:on the fence (4, Insightful)

mirix (1649853) | more than 3 years ago | (#34181458)

and making the device less usable helps security?

I guess in some ways it does. This rock is definitely more secure than my computer, which has root. It suffers slightly in usefulness, however.

Re:on the fence (1)

JazzyMusicMan (1012801) | more than 3 years ago | (#34182208)

Sir, I think your post is slightly insulting to rocks. They have tons of uses!

1) Beat someone up with it
2) Break stuff with it
3) Throw it at something you don't like
4) Turned into concrete
...
100) Crushed to a powder and used to sandblast paint off things

Next time, use a more sensible example, such as ... bureaucrat

Re:on the fence (1)

Totenglocke (1291680) | more than 3 years ago | (#34181952)

while i am against total lockdowns that cripple a phone(think VZW) I do think that some security is in order.

"In order to ensure the security and continuing stability, the Republic will be reorganized into the first Galactic Empire, for a safe and secure society."

Re:on the fence (0)

Anonymous Coward | more than 3 years ago | (#34182064)

VZW is only strict if the phone has been reported as lost/stolen, which is why those phones are flashed to cricket or other companies that allow flashed phones. Sprint is the strict one, every phone has a different spc code and so it's really hard to flash. one of the reasons to get a sim card phone unlocked is to use it on another phone network that uses sim cards.

Re:on the fence (1)

Gothmolly (148874) | more than 3 years ago | (#34182102)

So you trade freedom for security?

Locking is a good thing (0)

Anonymous Coward | more than 3 years ago | (#34181422)

Since this was obviously quite a lot of fun.

I hope the next level of this game is even more challenging! Maybe a phone which explodes if it detects tampering?

Re:Locking is a good thing (1)

MrEricSir (398214) | more than 3 years ago | (#34181498)

Great! And we can program it in Intolerant. [esolangs.org]

Description makes the guy sound like a magician (1, Insightful)

Stregano (1285764) | more than 3 years ago | (#34181436)

This is not off topic as it is awesome that he was able to do that, but come on, no need for the magician introduction on him, "Now introducing, the wonderful, spectaculor, super genius the Amazing Houdini". What ever happened to just giving us the facts and letting us determine how awesome it is?

Re:Description makes the guy sound like a magician (1)

The End Of Days (1243248) | more than 3 years ago | (#34181528)

Clearly you have memories of Slashdot from before its very existence.

Re:Description makes the guy sound like a magician (4, Informative)

tmzt (1793440) | more than 3 years ago | (#34181530)

You know what they say, irc logs are the first draft of history and they're linked from the wiki, so I'll make this brief. Scotty2, whose early successes include hacking the unhackable gsm RAZR, had a plan of attack that went directly for the eMMC chip through a kernel module. Though sidetracked by a month of other avenues, including the traditional radio and bootloader exploits, buffer overflows and the rest while building a war chest of knowledge about kernel modules (try building a kernel module for a kernel without source sometime) and patiently educating me (sometimes too patient), it came back to the same GPIO 88 that had been looked at a month earlier, and the same method. After the "hard reset" attempt of the eMMC module failed it was clear to him that only powering down the chip would allow the write protect to be disabled (or a reset line but that was either/both not connected or disabled in the eMMC's configuration). So the next month was spent trying to find a way to power down this chip. The reality is HTC was really clever and didn't actually use GPIO 88 itself in the traditional way, but instead used it as a pull down against the eMMC's power line (we think) so that changing the GPIO's configuration and not it's level would reset the chip. This is exactly what HTC's bootloader does when it needs to disable the write protect. If you follow the IRC logs from last night you'll see that it was finally looking at what parameters were being passed to the gpio_config (name is guessed) function, which didn't make any sense for just switching the value of the GPIO line. I know, personally, I had fun and hope you can see that from all the source on github.com/tmzt which is scotty2's, mine, and others. It's all there for anyone who needs to get into a locked down kernel (tivoized) on ARM, so you don't have to start from scratch.

Re:Description makes the guy sound like a magician (2, Insightful)

Anonymous Coward | more than 3 years ago | (#34182122)

Only one word was used as a qualifier: "genius". You admit that it is supported by the article. The rest of the summary is a description of the hack -- the facts -- and says nothing about how clever it is. It seems to me that you are inventing something to be upset about.

Forgive my ignorance... (0)

Anonymous Coward | more than 3 years ago | (#34181464)

What does rooting the Android accomplish? Beyond the ability to change your prompt... what is the result of this?

  I don't have an Android so if somebody could enlighten me (and I'm sure others as well).

Much appreciated.

AC

Re:Forgive my ignorance... (2, Funny)

kyhwana (18093) | more than 3 years ago | (#34181514)

Gives you write access to /system/ ? (Inc /etc, so on)

Re:Forgive my ignorance... (4, Informative)

colinnwn (677715) | more than 3 years ago | (#34181576)

Allows you to run on the G2, non-T-Mobile versions of the Android operating system.

Re:Forgive my ignorance... (3, Informative)

Daniel Phillips (238627) | more than 3 years ago | (#34181934)

What does rooting the Android accomplish?

Maybe fixing some of the crappy base functionality that come with the phone and can't be replaced by normal apps? For example, the alarm clock that wouldn't stop ringing until I pulled the battery. And countless other major warts that Google is not doubt horribly embarrassed about, but not so embarrassed as to fix or take patches for.

Re:Forgive my ignorance... (1)

JazzyMusicMan (1012801) | more than 3 years ago | (#34182226)

Don't forget tethering, and the up and coming new favorite annoyance of the wireless industrial machine, bloatware! yes, exactly like the crap that is shipped on pc's! only you can't remove it, at all, ever, unless you root the device

Re:Forgive my ignorance... (1)

a_nonamiss (743253) | more than 3 years ago | (#34181946)

There are many answers, but realistically, it enables you to use it as a "free" wi-fi hotspot. (as in, no extra charge from the carrier.) Some other cool stuff, too. Useful stuff, not just changing your background.

Donate to the Genius! (3, Interesting)

Anonymous Coward | more than 3 years ago | (#34181476)

Donate to scotty2 (for root): walker.scott@gmail.com (PayPal)

Why are phones special? (2, Funny)

by (1706743) (1706744) | more than 3 years ago | (#34181502)

It seems that people rarely complain about the proprietary engine/drive-by-wire/etc. management software in their car, unless it breaks (think the Toyota debacle of late). Is it just that phones that run *NIX "feel" like they should be open, as we (the greater /. community) know *NIX (Jurassic Park reference intentional...)? Granted, there are legitimate safety concerns for cars, but I imagine there are less drastic examples of this apathy towards device X, but the demand for openness on device Y (phone, game console, etc.).

That said, I have a clamshell VZW phone, and it does irk me that it's useless for anything except the basics.

Re:Why are phones special? (5, Interesting)

Microlith (54737) | more than 3 years ago | (#34181566)

Because these are not phones. These are miniature computers that handle phone calls as a subset of their capabilities.

The software that controls my engine/drive-by-wire has a singular purpose, and is basically a bunch of tables with a bit of microcontroller code to flip through them. Smartphones are much, much more and tend to play a greater role in people's day to day activities.

And if you ask Apple and Microsoft, mobile is where the market is going to be moving heavily. Not necessarily to the exclusion of the desktop market, but still heavily. And, frankly, I don't see the mobile space being controlled so heavily by vendors with vested interests in controlling what you do and how as a good thing.

Re:Why are phones special? (1)

by (1706743) (1706744) | more than 3 years ago | (#34181630)

I guess my point is more that if you buy a four-function calculator, you're not going to be upset when you figure out that there's no sin() button -- even though the processor in the calculator may be capable of doing that. Analogously, when you buy a phone, people get rather upset that they can't run arbitrary code on it. Sure, the company is controlling what you run -- but you bought it that way. I agree with what's been said before -- companies need to offer this, in which case the geek money will go with the most open phone 9 times out of 10.

Now, as to there being legal repercussions against hacking a phone, that's stupid -- the phone should be yours once you buy it.

Re:Why are phones special? (1)

Microlith (54737) | more than 3 years ago | (#34181730)

you're not going to be upset when you figure out that there's no sin() button -- even though the processor in the calculator may be capable of doing that.

Probably not, but then there's a wide gulf between a basic calculator and more powerful devices like these. Witness the consternation over the TI calculators and cracking their signing key. Capability draws attention, and a desire to exploit it.

Analogously, when you buy a phone, people get rather upset that they can't run arbitrary code on it.

People used to not care, of course. But they didn't care because the devices were very much single-purpose, they handled phone calls. Now they can run arbitrary code, manage your contacts and calendar, send e-mail and browse the web. There's capability there that hasn't been there before. These are not simply phones.

Sure, the company is controlling what you run -- but you bought it that way.

And what happens when they're ALL selling them that way and no other way? We're pretty damn close to that now. The only reason they control it, and provide no means of undoing it without a battle, is because they have a vested interest in ensuring your phone channels you to whatever means of making money from you they've set up, or to ensure your phone atrophies feature wise and you decide to buy a new one.

Motorola is doing this constantly, go look at Engadget to see people relieved that Motorola finally found it in themselves to bless Cliq users with Android 2.1. Were the bootloader and kernel not locked down, people could have put 2.1 on their devices MONTHS ago.

Re:Why are phones special? (0)

Anonymous Coward | more than 3 years ago | (#34181596)

People do in fact complain about proprietary engine management software all the time. There is a significant industry centered around reprogramming ECUs and there is typically a few years of frustration after the release of a new model to successfully gain access to and reprogram the ECU. Personally, I remember being frustrated that my ECU had two sets of timing maps that it chose between the two based on dynamic and not entirely predictable conditions. It made it very difficult to 'tune' the car.

There are community efforts to reprogram automotive ECUs: http://www.openecu.org/

Re:Why are phones special? (1)

confused one (671304) | more than 3 years ago | (#34181604)

It's difficult to improve on a modern car's management software in most cases. Having said that, you're not running around in the right circles if you think there are no aftermarket automotive computers or software hacks for reflashing the existing computer(s).

In fact, right now I'm designing a replacement for the Honda TCU in my 20 year old Accord because it has a "design flaw" we've all seen affect PC's -- electrolytic caps. After 20 years the caps finally failed and fried the TCU in the process. (can't be fixed, the parts are unobtanium) Sure, Honda has NOS TCU's available; but, why not try to improve on it?

Re:Why are phones special? (1)

by (1706743) (1706744) | more than 3 years ago | (#34181850)

Having said that, you're not running around in the right circles if you think there are no aftermarket automotive computers or software hacks for reflashing the existing computer(s).

Yeah, I'm running around in the circles where the timing's controlled by vacuum/centrifugal advance ;)

Re:Why are phones special? (1)

colinnwn (677715) | more than 3 years ago | (#34181632)

I'd say you are being generous. I complain about the fact car companies don't give access to certain features in code or data on the CAN bus of cars. I'm on email lists of DIY enthusiasts who complain about similar.

Car mfgrs are also terrible about not following specs, or creating proprietary specs and charging a lot for access, where they should be encouraging open industry standards to develop for new features. The argument about safety is used to justify this, but it is not terribly germane, as there are ways they could secure the engine/transmission/brake code while still giving third party access to other features. Another reason is proprietary secrets, though I don't think software should be patentable, so that one is out.

And really I feel like all car code should be available to 3rd parties, regardless of the safety implications, and if you'd like to run 3rd party code on your car, you sign a contract with the mfgr acknowledging you waiving warranty and liability claims, and you get a physical dongle for a low cost that basically gives you root access to your car. The dongle is less about the method of delivery for access, than about the act of inserting it is willful acknowledgement of what you are doing.

Re:Why are phones special? (1)

vlueboy (1799360) | more than 3 years ago | (#34181688)

Cell Phones have existed for a very short time. Technically we have watched them evolve from huge analog call-making units to something beyond even our home computers in functionality.

Anti-establishment people are making the statement that our PC's won't easily head in that direction anytime soon. With cars, well... they've existed for a whole century, and it's too late to stop the lockout. But we look at the suddenly-hardening mindset in the videogame/smartphone industry and see a chance of throwing wrenches to slow down the painful escape of our former liberties.

Re:Why are phones special? (0)

Anonymous Coward | more than 3 years ago | (#34181870)

Then again, the magical open-source anyone-can-build-and-use implementation exists for cars: https://secure.wikimedia.org/wikipedia/en/wiki/MegaSquirt .

Re:Why are phones special? (1)

do0b (1617057) | more than 3 years ago | (#34181928)

Phones aren't special.
Cars ECU are also hacked on a regular basis.
Unitronic does it for VAG. Cobb tuning uses the OBD port to allow modification to the fuel maps.

Re:Why are phones special? (1)

djdavetrouble (442175) | more than 3 years ago | (#34181964)

I call Bullshit. What "people" are you talking about? The people around here are concerned with
all proprietary and closed computers.

href="http://slashdot.org/article.pl?sid=03/01/10/0120249"/a

As a matter of fact this was a popular topic around here a few years ago.
It turns out, there ARE people that want access to the computers in their car, they
believe they can do a better job, and that mods are a good thing. Smart phones are
the big fad these days, so you read about unlocking and rooting frequently.

Those responsible (0)

Anonymous Coward | more than 3 years ago | (#34181516)

Those responsible can be found here, if you wish to thank them!

irc.freenode.net
#g2root

Nice and open platform... right? (5, Insightful)

vinehair (1937606) | more than 3 years ago | (#34181744)

All I have to say is this, as an owner of two android phones, the second only because it physically fell apart from (ab)use and from someone with a love for the platform:

Looks like we still have that 'DON'T USE APPLE BECAUSE IT'S A CLOSED TOTALITARIAN SLAVE PLATFORM!!!! COME TO ANDROID WHERE ITS FREE AND OPEN AND CHAMPAGNE AND PUPPIES!!!!!!' card, right lads? I mean, we're still laughing at the silly iPhone users having to jailbreak their phones so they can run what they want, right chaps? Right?

Now while we're at it, can I can a 'connect phone, run program, press button and you're done' solution for rooting my HTC Wildfire? I'm perfectly happy of course, to run adb and replace my bootloader and all the other things that used to get me wet while I was a student - isn't that the definition of open? - but I get the feeling that we could make it just as easy as those Apple user fellows and not lose any of the openness. Right guys?

Sarcasm away, that dream is gone, guys. The phone networks got to you and Google gave up. If you're going to carry on tooting about the openness of Android to users (they couldn't care less if their developers have to pay to develop or not) then you need some other talking points.

Re:Nice and open platform... right? (1)

blahbooboo (839709) | more than 3 years ago | (#34181846)

All I have to say is this, as an owner of two android phones, the second only because it physically fell apart from (ab)use and from someone with a love for the platform:

Looks like we still have that 'DON'T USE APPLE BECAUSE IT'S A CLOSED TOTALITARIAN SLAVE PLATFORM!!!! COME TO ANDROID WHERE ITS FREE AND OPEN AND CHAMPAGNE AND PUPPIES!!!!!!' card, right lads? I mean, we're still laughing at the silly iPhone users having to jailbreak their phones so they can run what they want, right chaps? Right?

Now while we're at it, can I can a 'connect phone, run program, press button and you're done' solution for rooting my HTC Wildfire? I'm perfectly happy of course, to run adb and replace my bootloader and all the other things that used to get me wet while I was a student - isn't that the definition of open? - but I get the feeling that we could make it just as easy as those Apple user fellows and not lose any of the openness. Right guys?

Sarcasm away, that dream is gone, guys. The phone networks got to you and Google gave up. If you're going to carry on tooting about the openness of Android to users (they couldn't care less if their developers have to pay to develop or not) then you need some other talking points.

You are so going to be voted down for saying anything negative about android. p.s. BTW, you're 100% correct.

Why would you want this, again? (2, Insightful)

rastoboy29 (807168) | more than 3 years ago | (#34181806)

I am only interested in a phone that doesn't have to be hacked by some genius to get root access.

It's fine if it voids the warranty or whatever, but I'm not going to pay for something if I have to fight it to get full control over it.

Frankly, I might not even take full advantage of that--but I still demand the ability.

One word (0)

Anonymous Coward | more than 3 years ago | (#34181974)

Nokia

Re:Why would you want this, again? (5, Informative)

cbhacking (979169) | more than 3 years ago | (#34182138)

Nokia N900. Debian Linux ported to ARM with a small-touchscreen-friendly interface. Comes with a terminal app; open that; type "su" and hit Enter. The default root password is publicly available (good idea to change it). People complain that its app store is lacking, and they're right, but they're also missing the point: the thing *runs desktop Linux*!
It has repositories.
sudo apt-get install <foo>
You can even compile from source taballs right on the phone, if you really want to / there's no pre-built binaries.

The browser is Gecko-based, and includes Flash. You can install AdBlock Plus if you want. You can even install mobile Firefox and get the full Firefox experience, with extensions. You can also install other browsers, if you prefer. Nothing is stopping you.

The main downside is that it's a due for a refresh. The hardware runs the OS and apps fine, but it's not terribly impressive by modern smartphone measures.

Simple phones :( (1)

cosm (1072588) | more than 3 years ago | (#34181894)

I sometimes miss the days by I had a phone that simply made phone calls. Although you can still get simpler phones, it seems like the industry is pushing me to larger, more complicated devices. I enjoy evolving technology, but I just a want a simple phone. The old rubber hardened nextels that you could punt across a football field and then subsequently use without any damage to the phone whatsoever were absolutely awesome.

I am not pining for the days of yore, but some of us want a simple, quality phone. It seems these are the current options:
1 - Smartphone X, slam packed with features, takes awhile to boot, too many menus to do anything
2 - Crappily manufactured with terrible interface cheap-phone Y 3 - There is no option 3.

Does anybody know of any phones that are simple, elegantly designed, work-as-advertised, and constructed with quality, and they aren't made for Barbie or Ken? RAZRs? Mattels?

Re:Simple phones :( (1)

MichaelSmith (789609) | more than 3 years ago | (#34182036)

it seems like the industry is pushing me to larger, more complicated devices.

Its a free market. You can buy whatever you like. I don't know where you live but department and variety stores in Australia will sell you a samsung phone for less than 50 AUD, no contract. You can get the same phone for less locked to a carrier with a prepaid SIM. Just calls and SMS. Nothing fancy.

But OTH I just signed up for an LG Optimus. 20 AUD per month for two years, zero up front. No additional cost to me. It runs android 1.6 and has lot of pre-loaded software. So far its a very nice phone and I plan to start porting my openmoko apps to android.

Re:Simple phones :( (2, Informative)

Fnord666 (889225) | more than 3 years ago | (#34182042)

Does anybody know of any phones that are simple, elegantly designed, work-as-advertised, and constructed with quality, and they aren't made for Barbie or Ken? RAZRs? Mattels?

For a simple phone I like the motorola razr v3.
My reasons are:

  1. Basic phone functionality works well
  2. Decent case
  3. Bluetooth
  4. Easy to repair if needed
  5. Parts are readily available
  6. Inexpensive replacement/spare batteries

Re:Simple phones :( (2, Informative)

Freedom Bug (86180) | more than 3 years ago | (#34182156)

It's hard to beat the Motofone F3 for "simple, elegantly designed, work-as-advertised, and constructed with quality". It's indestructible, the battery lasts forever and it's dirt cheap. It was designed to be used by people who can't read, so it uses a really annoying icon menu system. And it really sucks for text messages. But you just want a phone, right? Engadget calls it the "zombie apocalypse survival phone" (mostly because of it's 2 week+ battery life).

iPod Classic (1)

kevinmenzel (1403457) | more than 3 years ago | (#34182046)

Where were all these genius hackers when all I wanted to do was install Rockbox on my iPod Classic?

Why? (0)

alexmin (938677) | more than 3 years ago | (#34182070)

Why would anyone bother cracking the crippled phone (ok, jailbraking, whatever) when there is a better, competitively priced ($400) and completely open alternative (N900)? T-mobile does charge lower monthly fee and does not lock you into 2 year contract if you bring your own device. So again, why do you want to waste your time with any of the G-stuff that also spies on your keystrokes?

Re:Why? (1)

schnikies79 (788746) | more than 3 years ago | (#34182162)

Because I'm not going to pay full cash price for a cell phone.

I've been with the same cell company for 11 years, so a 2 year contract isn't a big deal.

doesnt matter to me (1)

jonwil (467024) | more than 3 years ago | (#34182184)

I intend to buy a device that lets you replace the phone software out of the box without the need to exploit it (most likely a Nokia N900)

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...