Root Great Engadget article on Android Hacking

[raduray]

For your reading pleasure: Editorial: Firmware, forums, and desperation -- the dark side of Android hacking -- Engadget

 

[Deleted User]

Not a big fan of this article. The dev community is not happy about it either.

 

[irishpride]

I came away with one lesson from that article, if you don't know what your doing, DON'T DO IT!

 

[sund0wn]

Not a big fan of this article. The dev community is not happy about it either.

why is that?

 

[eraursls1984]

why is that?

It's not as bad as the article makes it out to be. It's fine for people who want nothing more than to buy it and do what it does out of the box, theres a few problems here and there for the people who want to make it theirs but the community fixes these problems and they fix them quickly.

 

[sund0wn]

It's not as bad as the article makes it out to be. It's fine for people who want nothing more than to buy it and do what it does out of the box, theres a few problems here and there for the people who want to make it theirs but the community fixes these problems and they fix them quickly.

that totally isnt true. the x has been out for 3 months, and the bootloader still isnt cracked. and with the upgraded bootloader last night, users can no longer sbf to 2.1, and if they try, the phone is bricked, and there is no sbf to even get back to 2.2. this is totally screwed up. the article is bringing light to this, and you're telling me people dont like this?

and, that doesnt answer my question as to why devs dont like the article.

i think you guys are missing the point. the point isnt how many problems the phone has. or how hard it is to modify. they are shedding light on a major issue i have with the manufacturers. they are taking an open source platform, and locking it down darn near as much as apple. heck, if you brick your iPhone, you can push stock firmware back with iTunes for cryin' out loud. motorola is causing problems, and not giving us any way to fix it. i'm just not understanding why people in our community would have a problem of with such a widely read website shedding light on the issue.

the point is that android is an "open" platform, but the manufacturers are starting to stomp on that by locking down their devices. and if they want to continue to promote an open platform environment, they need to provide ways for us users to flash our phones back to stock.

he ended the article with, "Google should insist that every Android manufacturer and carrier release images of their customized firmware for every device as well as tools for easy restoration. It's the only fair way to treat the people who are hacking the platform and giving it the amazing momentum it has, and the only fair way to continue promoting the platform as "open" when in reality the carriers and manufacturers are doing everything they can to lock it down."

my question still remains, why would devs not like this?

 

[mr.gollihue]

I am not a developer, and my intention is not to step on toes, but I can't believe I had to register to say what wasn't being said. The reason devs would most likely not appreciate this article is the author's choice to completely publicize the resources he used to achieve this end, despite the fact that it has been made very clear everywhere, even engadget's site itself, that those found offering the file for use have been being issued C&D notices. The instructions that come with most phone hacking tutorials clearly mention that this MAY brick your device and you do so at your own risk. Anyone attempting this sort of modification should be aware of said risks, and not be salty when things don't go according to plan...this makes those who actually succeed (like myself, who achieved what the author did in less than an hour, including the time taken to download necessary files and programs) seem like an unknown quantity. The last thing that the community needs, in my opinion, is publicity. Particularly not from sites that portray the typical Android hack as needing a wirestripper. The picture suggests this strongly, I think.

 

[dmiller2007]

I agree with sundown. Everyone that has their finger on the pulse of the smartphone community (ppl that would read the article) knows that rooting and hacking is the essence of Android. All this article does is put Motorola in the spotlight for trying to lock down an open source OS. It makes a good point of the issues Motorola is forcing upon their CUSTOMERS. Kind of a cliche, but what happened to the customer is always right? They have no reason to lock stuff down like this except to intentionally shorten the life of their devices by taking the hacking community out of them. They're essentially sabotaging their own products. Making sure their effective life ends when they decide to stop pushing updates. This article does nothing but show ppl who aren't associated with the Android community the type of corporation Motorola is. End rant.

 

[sund0wn]

I am not a developer, and my intention is not to step on toes, but I can't believe I had to register to say what wasn't being said. The reason devs would most likely not appreciate this article is the author's choice to completely publicize the resources he used to achieve this end, despite the fact that it has been made very clear everywhere, even engadget's site itself, that those found offering the file for use have been being issued C&D notices. The instructions that come with most phone hacking tutorials clearly mention that this MAY brick your device and you do so at your own risk. Anyone attempting this sort of modification should be aware of said risks, and not be salty when things don't go according to plan...this makes those who actually succeed (like myself, who achieved what the author did in less than an hour, including the time taken to download necessary files and programs) seem like an unknown quantity. The last thing that the community needs, in my opinion, is publicity. Particularly not from sites that portray the typical Android hack as needing a wirestripper. The picture suggests this strongly, I think.

but that's the point. i get what you're saying. and i agree with a lot of what you're saying. but the author obviously embellished certain issues to point out that our open source OS devices are getting less and less support from the manufacturers.

i think, in short, he was trying to say "if you screw up an iphone, you can just plug it into itunes. if you screw up an open source droid x, you have to scour the internet for a restore file, hope the file is sound, because it is from a source other than the manufacturer, and at the end of the day, you may end up having to strip a usb cable and splice it to your battery."
i think it was meant to be outlandish to point out how absurd it is that the manufacturers arent supporting us.

motorola refused to give those who leaked an upgrade path to the OTA, but they also tried to block the path back to 2.1. if they had their way, there would be a whole ton of people stuck on 2.3.9 forever. thankfully there is an excellent community that doesnt let that happen, but in an open source environment, those who mess up their devices shouldnt have to 100% rely on the dev community. there should be resources from the manufacturers. it would even cost the manufacturers far less money in the end.

 

[mr.gollihue]

I'm not sure I can jibe with that. I'm not sure that Motorola would intentionally block the upgrade path, as I would see no good motive for them to do so. Why deny the user the potential for better future functionality on purpose? Sure they sold the user a phone in the end, but they'd like to get repeat business, I would assume. Do I think that they were maybe not willing to put in the necessary time to ensure that those who installed leaked firmware would be able to upgrade along with those who didn't? Probably. But I don't think it was a point of making extra effort to do so, more of a lack of effort to assist those who have already essentially voided their warranties, technically.

 

[sund0wn]

I agree with sundown. Everyone that has their finger on the pulse of the smartphone community (ppl that would read the article) knows that rooting and hacking is the essence of Android. All this article does is put Motorola in the spotlight for trying to lock down an open source OS. It makes a good point of the issues Motorola is forcing upon their CUSTOMERS. Kind of a cliche, but what happened to the customer is always right? They have no reason to lock stuff down like this except to intentionally shorten the life of their devices by taking the hacking community out of them. They're essentially sabotaging their own products. Making sure their effective life ends when they decide to stop pushing updates. This article does nothing but show ppl who aren't associated with the Android community the type of corporation Motorola is. End rant.

and if they are going to insist on trying to stop hackers from modding the device, it's counter productive to put so much effort into stopping people from flashing the device back to stock. even from a business standpoint, it's not incredibly smart to put so much effort into blocking downloads of the .sbf. even crapple provides a simple way to flash back to stock.

 

[dmiller2007]

I'm not sure I can jibe with that. I'm not sure that Motorola would intentionally block the upgrade path, as I would see no good motive for them to do so. Why deny the user the potential for better future functionality on purpose? Sure they sold the user a phone in the end, but they'd like to get repeat business, I would assume. Do I think that they were maybe not willing to put in the necessary time to ensure that those who installed leaked firmware would be able to upgrade along with those who didn't? Probably. But I don't think it was a point of making extra effort to do so, more of a lack of effort to assist those who have already essentially voided their warranties, technically.

Like changing the ota bootloader to make sure you can't sbf back to 2.1? Locking down their devices means that they choose when support ends for it. Which means they decide when their customers buy new phones. Sure they might lose repeat business but plenty of ppl will buy their new phones and they are throwing a lot of customers back into the market this way.

 

[dmiller2007]

and if they are going to insist on trying to stop hackers from modding the device, it's counter productive to put so much effort into stopping people from flashing the device back to stock. even from a business standpoint, it's not incredibly smart to put so much effort into blocking downloads of the .sbf. even crapple provides a simple way to flash back to stock.

It may not have necessarily been to keep ppl from sbf'ing as their attempt to continually throw hurdles at the hackers to keep them one step behind Motorola. We know that they can't put out updates fast enough to do this, but is it crazy to think they're trying? Or they are preventing the old sbf to scare ppl out of doing things. Like they're saying sure, go ahead and root and theme. It'll brick your phone and we have chosen to not give you the means to fix it.

 

[sund0wn]

I'm not sure I can jibe with that. I'm not sure that Motorola would intentionally block the upgrade path, as I would see no good motive for them to do so. Why deny the user the potential for better future functionality on purpose? Sure they sold the user a phone in the end, but they'd like to get repeat business, I would assume. Do I think that they were maybe not willing to put in the necessary time to ensure that those who installed leaked firmware would be able to upgrade along with those who didn't? Probably. But I don't think it was a point of making extra effort to do so, more of a lack of effort to assist those who have already essentially voided their warranties, technically.

no, and i totally agree with that. i dont hold anything against motorola for not providing an upgrade path from the leaked 2.2 to the OTA. but the fact that they put equal effort into issuing C&Ds to those hosting the sbf is what bugged me. i mean, to not provide a path from the leak to the OTA is one thing, but to not let people go back to 2.1 in order to get the OTA is a whole other animal. and, i think that is the point at the root of the article. not wanting people to install leaks is understandable (not that i agree with it), but they should at least support the need to restore back to factory approved firmware.

it's like the government making heroin illegal (understandable, even though some believe we should be able to do what we like with our own bodies), but then also outlawing rehab, using the logic that it was illegal to get addicted in the first place, so they're gonna refuse to give people a means to correct their mistakes. i know that's a terrible analogy, but it's not too far from what's going on.

 

[alnova1]

Like changing the ota bootloader to make sure you can't sbf back to 2.1? Locking down their devices means that they choose when support ends for it. Which means they decide when their customers buy new phones. Sure they might lose repeat business but plenty of ppl will buy their new phones and they are throwing a lot of customers back into the market this way.

+1

 

[eibook]

Sund0wn, very well put in all of your posts.

What it boils down to is Motorola manufactures great hardware but their corporate greed alienates hardcore Android users and due to that fact they will defiantly loose some handset sales as users go to HTC and Samsung.

 

[OMJ]

Like changing the ota bootloader to make sure you can't sbf back to 2.1? Locking down their devices means that they choose when support ends for it. Which means they decide when their customers buy new phones. Sure they might lose repeat business but plenty of ppl will buy their new phones and they are throwing a lot of customers back into the market this way.

I do not believe the reason they changed the signing keys was to make sure you cant sbf back to 2.1. The only logical reason to change the keys is because they thought the old ones were compromised. In other words they thought someone would leak them.

It makes no sense for motorola to want to brick phones. That just means more returned to them. There was another motive behind this change.


Anyway on to my feelings about the article. I dont particularly like the article. There are parts I agree with though and parts I dont. My biggest gripe is this paragraph.

But hold up: I don't trust this phone at all anymore. I don't know anything about the system software I've installed or where it came from, and I have no idea what the leaked flashing utility actually did to it. I can't rely on a device that I don't trust. If this was my actual phone and not a review unit, I'd be completely screwed -- I need this thing to do my job.

He flashed an sbf file that while it may be leaked its from motorola. Its the official build. I use my phones for business and have flashed leaked sbf files 100s of times. Ive never had an issue. If he didnt trust the leaked software then why in the hell did he install it in the first place when he installed the froyo leak.

That's simply not the case with Android, and it's a problem -- Google can't keep implicitly condoning Android hacking and trading on the enthusiasm of its community unless it requires manufacturers to provide restore tools for every device. Sometimes you just want to go home again.

This I actually like. If manufacturers were required to give a path back to stock they would get less returns and everyone would be happier.

 

[dmiller2007]

Yeah I agree. I didn't mean as much that they want to brick phones, just make it harder to hack. I know that they lose money on returns that way. Lol I'm coming off as a serious Motorola hater here but I'm really not. I just think they are acting to shorten the effective life of their devices. Once its outside the manufacturer warranty then they don't swallow those costs anymore I believe. Everyone knows that an Android devices life is dependent on the hackers. Make things difficult for them and they'll move along eventually.

 

[raduray]

I read with interest the many negative comments in engadget and I think they missed the key point which was an entreaty for the manufacturers to allow hackers a way to get back home. I can see Motorola being OK with that but Verizon resisting it as they want to discourage removal of revenue producing bloatware and abuse of tethering.

 

[VoidedSaint]

I read with interest the many negative comments in engadget and I think they missed the key point which was an entreaty for the manufacturers to allow hackers a way to get back home. I can see Motorola being OK with that but Verizon resisting it as they want to discourage removal of revenue producing bloatware and abuse of tethering.

i have to admitt i did the same thing, i read the entire article, which had no common sense used in writing the garbage, read the first page of all the negative comments towards android, and some defending it, only to have a fanboy defend that nilay guy or whoever he is. It was all insanely ******ed, jeffrey dommer had an iphone and look what he did (all a joke btw) but seriously the kid tried to hack the 2nd incredibly difficult phone to hack, and then when he messed up blame it on google.... where on earth does google say they will let you do whatever you want to your phone, and they will gladly help you restore it if you brick it???? its an open system but open to your own risk of as to what you do to it. and to think motorola or verizon would justify you hacking the device and then saying ok here is a back-up of what you did, sorry that you bricked your phone and we didnt make the back-up for you. i felt like gouging my eyes out with a tooth pick while singing mary had a little lamb.

 

[Deleted User]

Unfortunately, I think a lot was lost in how poorly written the article was and some of the blatantly stupid things that were said, like the paragraph quoted by OMJ above about "not trusting" his phone now that it's been flashed back to stock.

My initial reaction to the article was, "this is garbage." After seriously considering it a little more, though, the point behind it was very solid and important: it is utterly ridiculous for the community to not have tools to restore broken phones. Even Apple, the utterly-against-hacking entity who want nothing more than for their users to forget that what they own is a computing device with its associated problems, provide a bootloader recovery mechanism on their phones.

It'd be so simple. Just provide an easy bootloader recovery tool. Encrypt the crap out of it if you want to protect your software. Make sure that nobody can extract a single thing out of the tool. Just allow users with problems to get back to a safe place, quickly and easily.

 

[OMJ]

It'd be so simple. Just provide an easy bootloader recovery tool. Encrypt the crap out of it if you want to protect your software. Make sure that nobody can extract a single thing out of the tool. Just allow users with problems to get back to a safe place, quickly and easily.

It would be nice if they would actually do this. They could even make users sign something saying their warranty is void.

 

[VoidedSaint]

in all honesty i think that they do offer some recovery tools
and what i mean is and i may be wrong, so correct me if i am, or else im going to think im right

but the 3 leaked versions of 2.2 could be used as sbf.
or the reverting back to 2.1 all these leaked files we get and the rsd lite, which is used to revert back to 2.1 these are all tools, and from my understanding isnt that the real 2.1 or is it a copy and modified version from the original? but in my opinion i think we are givin tools from google or motorola (just without their consent)
but i may be wrong not sure

 

[Deleted User]

It would be nice if they would actually do this. They could even make users sign something saying their warranty is void.

But why should they? The bootloader is a highly reliable way of doing it if they would just allow the stupid phone to charge while it's flashing, which should be a minor software update to the bootloader.

Apple doesn't have any restrictions on it. You just boot into recovery mode, plug your phone in, and iTunes says, "Hey, I see you've attached a phone in recovery mode. What would you like me to do with it? <Recover Only/Recover and Restore Settings/Cancel>"

In any event, it becomes unmanageable if you try to enforce anything on the users. Tracking signatures/approvals, even electronic ones, is difficult and costly. The bootloader is completely stable, and flashing software with it is one of the most fundamental and reliable processes of any computer system. The tools already exist, they just need to put a wrapper around it, encrypt the whole thing to lock the users from separating the tool from the software, and put it up for download.

No mess, fewer returned phones, no security/encryption breach, happier Android community. Wins all around.

 

[OMJ]

But why should they? The bootloader is a highly reliable way of doing it if they would just allow the stupid phone to charge while it's flashing, which should be a minor software update to the bootloader.

Apple doesn't have any restrictions on it. You just boot into recovery mode, plug your phone in, and iTunes says, "Hey, I see you've attached a phone in recovery mode. What would you like me to do with it? <Recover Only/Recover and Restore Settings/Cancel>"

In any event, it becomes unmanageable if you try to enforce anything on the users. Tracking signatures/approvals, even electronic ones, is difficult and costly. The bootloader is completely stable, and flashing software with it is one of the most fundamental and reliable processes of any computer system. The tools already exist, they just need to put a wrapper around it, encrypt the whole thing to lock the users from separating the tool from the software, and put it up for download.

No mess, fewer returned phones, no security/encryption breach, happier Android community. Wins all around.

very true