Got root access on HTC Desire Z (G2)
Today, scotty2 and tzmt enthusiasts were able to get permanent root access on HTC Desire Z. This means that Desire HD will also get root access as well. it implements the same protection system.
The opinion that Desire Z and HD independently restore their firmware from a saved image when changes are detected is erroneous. In fact, the phone’s hardware has a functional blocking recording on certain areas of the built-in memory. During boot, a command is sent to the controller that prohibits writing to a range of blocks, the ban is held until the power is turned off. The disappearance of the changes is explained by the fact that all the changes were stored only in the cache, an attempt to clear it “on the fly” also leads to the disappearance of the changes.
Removing applications from the internal memory was also not really a deletion. Unwanted applications were listed as non-downloads, and the application manager simply ignored them.
Temporary (before rebooting) root access was implemented almost immediately. Now, full-fledged access that does not disappear after the reboot has been implemented, precisely due to the fact that su, like other changes, is now really saved in the / system section.
Write access so far only remains until reboot, because HBOOT also locks the card at startup. To get write access, you need to perform the procedure again.
The exploit is that the power to the built-in memory is not supplied directly from the battery, but is controlled by the phone controller. Enthusiasts managed to write a kernel module that shuts down and supplies power to the memory again, thereby dumping information about protected memory areas. This is a very serious achievement, because it allows you to optionally overwrite absolutely any memory area without stumbling. For a simple HTC Desire, this level of access has only recently been achieved. In the near future, new HBOOT and recovery will be released, which will allow you to always have full write access and flash custom firmware.
The link contains the log of the IRC channel # G2Root, where today this significant event for the owners of Desire Z and HD happened.
G2oot
The opinion that Desire Z and HD independently restore their firmware from a saved image when changes are detected is erroneous. In fact, the phone’s hardware has a functional blocking recording on certain areas of the built-in memory. During boot, a command is sent to the controller that prohibits writing to a range of blocks, the ban is held until the power is turned off. The disappearance of the changes is explained by the fact that all the changes were stored only in the cache, an attempt to clear it “on the fly” also leads to the disappearance of the changes.
Removing applications from the internal memory was also not really a deletion. Unwanted applications were listed as non-downloads, and the application manager simply ignored them.
Temporary (before rebooting) root access was implemented almost immediately. Now, full-fledged access that does not disappear after the reboot has been implemented, precisely due to the fact that su, like other changes, is now really saved in the / system section.
Write access so far only remains until reboot, because HBOOT also locks the card at startup. To get write access, you need to perform the procedure again.
The exploit is that the power to the built-in memory is not supplied directly from the battery, but is controlled by the phone controller. Enthusiasts managed to write a kernel module that shuts down and supplies power to the memory again, thereby dumping information about protected memory areas. This is a very serious achievement, because it allows you to optionally overwrite absolutely any memory area without stumbling. For a simple HTC Desire, this level of access has only recently been achieved. In the near future, new HBOOT and recovery will be released, which will allow you to always have full write access and flash custom firmware.
The link contains the log of the IRC channel # G2Root, where today this significant event for the owners of Desire Z and HD happened.
G2oot