Got root access on HTC Desire Z (G2)
Today, scotty2 and tzmt enthusiasts were able to get permanent root access on HTC Desire Z. This means that Desire HD will also get root access too soon, since It has the same security system.
The opinion that Desire Z and HD independently restore their firmware from a saved image when changes are detected is erroneous. In fact, in the hardware of the phone, a functionality is implemented that blocks the recording on certain areas of the built-in memory. At boot time, a command is sent to the controller that prohibits writing to a range of blocks; the ban is held until the power is turned off. The disappearance of changes is explained by the fact that all changes were stored only in the cache, an attempt to clear it “on the fly” also leads to the disappearance of changes.
')
Deleting applications from the internal memory was also not really a deletion. Unwanted applications were added to the non-download list, and the application manager simply ignored them.
Temporary (before reboot) root access was implemented almost immediately. Now, a full-fledged access that does not disappear after a reboot has been implemented, precisely due to the fact that su, like other changes, is now really stored in the / system section.
Access to the record is still stored only until the reboot, because HBOOT still locks the card on startup. To gain access to the recording is required to perform the procedure again.
The exploit is that the power to the internal memory is not supplied directly from the battery, but is controlled by the handset controller. Enthusiasts managed to write a kernel module that disables and re-energizes memory, thereby resetting information about protected areas of memory. This is a very serious achievement, because it allows you to optionally overwrite any memory area without stumbling. For a simple HTC Desire, this access level was only recently achieved. In the near future, new HBOOT and recovery will be released, which will allow you to always have full write access and flash custom firmware.
The link is the log of the IRC channel # G2Root, where today this significant event occurred for the owners of Desire Z and HD events.
G2root
The opinion that Desire Z and HD independently restore their firmware from a saved image when changes are detected is erroneous. In fact, in the hardware of the phone, a functionality is implemented that blocks the recording on certain areas of the built-in memory. At boot time, a command is sent to the controller that prohibits writing to a range of blocks; the ban is held until the power is turned off. The disappearance of changes is explained by the fact that all changes were stored only in the cache, an attempt to clear it “on the fly” also leads to the disappearance of changes.
')
Deleting applications from the internal memory was also not really a deletion. Unwanted applications were added to the non-download list, and the application manager simply ignored them.
Temporary (before reboot) root access was implemented almost immediately. Now, a full-fledged access that does not disappear after a reboot has been implemented, precisely due to the fact that su, like other changes, is now really stored in the / system section.
Access to the record is still stored only until the reboot, because HBOOT still locks the card on startup. To gain access to the recording is required to perform the procedure again.
The exploit is that the power to the internal memory is not supplied directly from the battery, but is controlled by the handset controller. Enthusiasts managed to write a kernel module that disables and re-energizes memory, thereby resetting information about protected areas of memory. This is a very serious achievement, because it allows you to optionally overwrite any memory area without stumbling. For a simple HTC Desire, this access level was only recently achieved. In the near future, new HBOOT and recovery will be released, which will allow you to always have full write access and flash custom firmware.
The link is the log of the IRC channel # G2Root, where today this significant event occurred for the owners of Desire Z and HD events.
G2root
Source: https://habr.com/ru/post/107811/
All Articles