Root Access on the TMobile G1 and why it works

In my previous post, I received a comment that included a link explaining why this all works.

To translate: anything the user types on the keyboard is actually being fed into a console shell and potentially executed. So the easiest way to get root on your phone is to simply reboot it, and when it finishes rebooting, type "telnetd" and press enter. Your phone will start doing a contact lookup in your UI, but at the same time it is typing into a root shell.

This is basically a huge oops on Google's part! Looks like some debug related settings that they never took out.

So really, pTerminal is not necessary at all in this hack, but it it accidentally exposed it!

Note:

There is an easier way to do it: press enter (this runs/clears whatever may be pending on the console), type telnetd, press enter. Although this may not work if the console is blocked by another operation. That's why a reboot is recommended: to forcibly exit the pending process.

0 comments: