The following will show how to get a root shell on the device. I have not attempted to obtain permanent root.
Requirements:
- Android SDK [1]
- psneuter (via Super One Click) [2]
Install the SDK on your machine. Note that Eclipse is not needed because all we need is the adb command line interface.
Extract the Super One Click zip file.
You may need to restart the adb server on your machine with root privileges:
pmarquis@chastity:$ sudo adb kill-server
pmarquis@chastity:$ sudo adb start-server
Push the psneuter file from Super One Click onto the phone and make it executable:
pmarquis@chastity:$ adb push psneuter /data/local/
pmarquis@chastity:$ adb shell chmod 777 /data/local/psneuter
We will now run a shell on the phone:
pmarquis@chastity:$ adb shell
It should show "$," indicating that you have user-level privileges on the phone. We will now run the psneuter exploit:
$ /data/local/psneuter
It will kick you out of the adb shell and restart the adbd on the phone with root privileges. When we re-run the adb shell, we will have root access. First we need to remount the phone's file system with read/write permissions (it is read-only by default). Then re-run the shell:
pmarquis@chastity:$ adb remount
pmarquis@chastity:$ adb shell
It should show "#," indicating that you have root-level privileges.
We can now modify the file system to deal with the crapware. We can remove the apk's entirely or simply make them unreadable. This is more- and less-invasive, respectively. For example, we can remove the music app:
# rm /system/app/Music.apk
or, change its permissions:
# chmod 600 /system/app/Music.apk
The stock music app should be gone now, even after reboot.
At this point you could push an su binary to /system/xbin/ and grab Superuser.apk from the Market to gain permanent root. But I have read that these changes are undone upon reboot. Haven't tried it myself.
Links:
No comments:
Post a Comment