We need to perform 3 steps:
1. Get Android system partition image
2. Edit image to enable root access
3. Put the image back
WARNING: Don't try it at home unless you know what you are doing - you can brick your device!
Step 1: Get Android system partion image
Long story short: you need to have Linux installed or able to boot Linux from the card in order to capture Android system partition. It is partition #6 for SmartQ V5 and V7. Boot your Linux on the device and go to card:
cd /media/disk
sudo dd if=/dev/ndda of=andr06 bs=512 count=312576 skip=2971968
sudo dd if=/dev/ndda of=andr06 bs=512 count=312576 skip=2971968
/dev/ndda - our nand flash drive
andr06 - image file name to save to
512 - block size in bytes
312576 - the size of the partition in 512 byte blocks (160Mb android partition)
2971968 - block offset of the partition (it is partition #6 for SmartQ V5 and V7)
You need to verify the values above with fdisk -l -u /dev/ndda (it will show the size of the partitions 1K block by default, just multiple 6th partition x2 to get count value).
Step 2: Edit image to enable root access
Take out your flash card and copy andr06 as andr06n to some 3rd-party Linux box.
Now we need to do root-enabling magic (for example in Ubuntu):
sudo -s
mkdir /mnt/android
mount /home/user/smartq/andr06n -t auto -o loop /mnt/android
mkdir /mnt/android
mount /home/user/smartq/andr06n -t auto -o loop /mnt/android
Here goes the fun part downlowd Q5 Root Enabler and unpack it to /home/user
cat /mnt/android/system/bin/sh > /mnt/android/system/bin/su
chmod 4755 /mnt/android/system/bin/su
mv /mnt/android/system/xbin/su /mnt/android/system/xbin/osu
cp /home/user/smartq/res/raw/nsu /mnt/android/system/xbin/su
chmod 4755 /mnt/android/system/bin/su
mv /mnt/android/system/xbin/su /mnt/android/system/xbin/osu
cp /home/user/smartq/res/raw/nsu /mnt/android/system/xbin/su
chown root.root /mnt/android/system/xbin/su
chmod 6755 /mnt/android/system/xbin/su
# Now we can unmount our android partition.
umount /mnt/android
What we did basically is to copy shell as a su command and giv it set owner's id bit, so we will become root when running this shell (named "su"). We had old "su" in xbin, that does not allow the access, so we renamed it and put a special binary from Q5 Root Enabler and fixed it to set owner's id and gid bits.
Step 3: Put the image back
This step is dangerous. Keep your original image on card, so you can put it back, if your edit one is not working. Put the andr06n to the flsh card and write image back:
cd /media/disk
sudo dd of=/dev/ndda if=andr06n bs=512 count=312576 seek=2971968
sudo dd of=/dev/ndda if=andr06n bs=512 count=312576 seek=2971968
Familiar parameters from the Step 1 above:
/dev/ndda - our nand flash drive
andr06n - image file name to load from
512 - block size in bytes
312576 - the size of the partition in 512 byte blocks (160Mb android partition)
2971968 - block offset of the partition (it is partition #6 for SmartQ V5 and V7)
Note if and of switched places(naturally) and to write at offset we specified "seek"
Now you can boot up Android and do "su" at the terminal.
You should get the "#" prompt indicating that you are root.
So, why so much pervertion?
It is fun & wanted to enable USB-OTG in SmartQ V5 android to connect keyboard (and I did not want to install SDK and setup adb connection to V5 which has issues with it as well):
0 comments:
Post a Comment