Rough Book

random musings of just another computer nerd

Category: C

Rooting the G2

As some of you may already be aware, it appears that the G2 has some sort of “magic restore” (it’s not a rootkit) function that causes all changes to /system to be reverted. This means that you cannot remove any bundled bloatware. Even more troubling, it looks like the phone will perform the restore while it is running (i.e, you don’t need a reset). I haven’t turned on my G2, so this is what I’ve heard from people at XDA Developers. You can get temporary root on the devices, but after a little while (some people say minutes, others say hours; experiences seem to vary) root is lost. So it is possible that something is performing the restore while the phone is running.

Helpful folks on XDA Developers have posted the datasheet to the eMMC and another kind soul (damnoregonian) was able to get the value of the CSD register (the register that seems to control the behavior of the MMC): d00f00320f5903fffffffdff924040c8.

WP_GRP_SIZE[36:32] and WP_GRP_ENABLE[31:31] seem to be the bits that control the write-protect (per the datasheet). Currently these seem to be set to the default values per the data sheet (11111b and 1b). Clearing the bits should (theoretically) turn off the write protection. The value to do that would be d00f00320f5903fffffffde0124040c8. The CSD node is R/O and so you cannot echo to it directly. The only way to do it would be to write a kernel module/driver that writes to the register. Apparently the kernel exports a function called mmc_send_csd, and so one should be able to write to this register.

I’m tempted to write a kernel module that does just that. But since working at Intel I haven’t written any kernel drivers. Also while I did write drivers at Intel, I pretty much made modifications to what others before me had written, and so I never wrote one from scratch. I’m going to see if I can start on something this weekend… wish I was still in college… I had a lot more time then!

If this works (and that’s a big if), there’s still the issue of restores being done while the phone is in operation. That could cause a lot of inconsistency. So this might be a partial solution.

Either way, I’m sure someone will come up with a way to root the phone. But if there’s nothing by next Friday, I’m going to return the phone.

UPDATE

Someone posted updated specs. It looks like those bits are read-only. Bummer. Also, this from T-Mobile’s website:

Bellevue, Wash. — Oct. 7, 2010

As pioneers in Android-powered mobile devices, T-Mobile and HTC strive to support innovation. The T-Mobile G2 is a powerful and highly customizable Android-powered smartphone, which customers can personalize and make their own, from the look of their home screen to adding their favorite applications and more.

The HTC software implementation on the G2 stores some components in read-only memory as a security measure to prevent key operating system software from becoming corrupted and rendering the device inoperable. There is a small subset of highly technical users who may want to modify and re-engineer their devices at the code level, known as “rooting,” but a side effect of HTC’s security measure is that these modifications are temporary and cannot be saved to permanent memory. As a result the original code is restored.

Well, T-Mobile. How about you provide us technical users a way to root our devices? What you’re doing is stupid. You’re going against everything Android stands for. If I can’t root it, I think I will return my phone and get a Vibrant instead. I would have expected this from Apple or Verizon. But not from you. Very disappointing.

All original content on these pages is fingerprinted and certified by Digiprove
%d bloggers like this: