HACK The Android RC30 t-mobile G1, get root access, and unlock!

Can I jailbreak my rc 30 updated g1

Yeah you can jailbreak it following this tutorial, if I ever have the time, I’ll try to put soemthing easier together…

Hi All,

What I know is that you can’t run processes that listen to ports below 1024 with an unprivileged user.

The case.

After firing the terminal emulator application I discovered that the working user is “app_57″

and by navigating to /system/bin then type telnetd

it returned no errors but the return code is 255

like so:
$ cd system
$ cd bin
$ telnetd
$echo $?
255

I can’t start the telnet daemon like that.

Please advice.

@Khaled –>
quote#jesusfreke:

Here is a zip file containing a modified recovery and boot image, as well as a few other things:
http://rapidshare.com/files/166164961/AndroidMod.zip
http://jf.nyquil.org/AndroidMod.zip
http://android-dls.com/forum/index.p…rb_v=viewtopic (see post for actual link to file)

The recovery image (recovery_testkeys.img) uses the test keys that are distributed with the android platform source. This means that an OTA update or an update.zip update must be signed with the test key in order for it to install. In other words, it will no longer install OTA updates from t-mobile. You don’t want them stealing back root access from you now do you? .

I’ve also included the test keys and the SignApk.jar tool, so you can sign your own update scripts (for use only with the modified recovery image). You can resign any image, even if it has been signed before. So for example, if you needed to install an “official” t-mobile update, you must re-sign it with the test keys first.

Another bonus in this recovery image is that ADB is enabled while in recovery mode. You can’t adb into a shell (no sh binary), but you can at least use it to push and pull files from the device. For example, you could push an update.zip file to the sdcard.

The boot image (boot_nosecure.img) has been modified so that adb has root access by default. So when you do an adb shell, you automatically get a root shell. You can remount the system image using adb, and then push files directly to the system partition.

Finally, the “update – Restore Original RC29 Boot Image.zip” file is an update.zip file signed with the test keys, which will restore your boot partition back to the stock RC29 image. Useful if you accidentally hose your boot partition..

To install the recovery image onto your phone:

=========================================================
D:\Android\AndroidMod>adb push recovery_testkeys.img /data/local/recovery.img
912 KB/s (0 bytes in 1767424.001s)

D:\Android\AndroidMod>adb shell
$ su
su
# mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
mount -o rw,remount -t yaffs2 /dev/block/mtdblock3 /system
# cd /system
cd /system
# cat /data/local/recovery.img > recovery.img
cat /data/local/recovery.img > recovery.img
# flash_image recovery recovery.img
flash_image recovery recovery.img
#
=========================================================

Note: You must place the recovery image at /system/recovery.img. the init.rc boot script automatically flashes the recovery partition with that file every time you boot up the phone.

At this point, it’s probably a good idea to reboot the phone into recovery mode, and make sure it loads OK. If the recovery image is corrupt somehow, it will throw you back into SPL mode (the multi-color bootloader screen). If that happens, just boot the phone normally, and reflash recovery image.

Once it boots into recovery mode, press alt+L, and the next to top line of text should say something like “using test keys.”. If it doesn’t, then you’re still using the original recovery image.

Note: If you are planning on installing the modified RC30 update, you can ignore the following – there is no need to install the boot image. The update already has a newer, modified boot image.

Now that you know you have the modified recovery image loaded, you can install the boot image:

=========================================================
D:\Android\AndroidMod>adb push boot_nosecure.img /data/local/boot.img
939 KB/s (0 bytes in 1533952.001s)

D:\Android\AndroidMod>adb shell
$ su
su
# flash_image boot /data/local/boot.img
flash_image boot /data/local/boot.img
# rm /data/local/boot.img
rm /data/local/boot.img
#
=========================================================

Now reboot the phone and let it boot normally. If the boot image was corrupted, it will boot into recovery mode instead. You can use the included update zip file to reload the original RC29 boot image.

Otherwise, if it boots up normally, open a command prompt however you like (telnet, adb, terminal emulator app, etc.) and type “getprop ro.secure”. If it says 0, then you’re running the modified boot image. Otherwise, if it says 1, you’re still running the original boot image.

from: http://forum.xda-developers.com/showthread.php?t=443041

can you make a video showing all this; it would be a hell of a lot easier )

I would but my brother long sold his g1. He didn’t like it in the end, it’s not the software Android. He just didn’t like the hardware.

Hi

I want the unlock code via software iam using blackberry 6220 & i got the mobile-unlocker can anybody help me

I have done this as soon as the hacker posted the files. I highly recommend you do this. I have 1 question. How can I get the myfaves back without restoring the g1?

how come anytime I open terminal,til the point type in telnetd i got message in my phone said permission fail,can u help me with that

[...] ronald a. richardson » HACK The Android RC30 t-mobile G1, get rootRonald Richardson stats, photos, and news on ESPN.com. … Ronald Richardson #15 WR… [...]

[...] now this is weird. I used a differing rooting method and now it seems that it rooted except I'm still having problems such as in ADB. First problem, [...]