-============================================[ START ]===-

The laser printer here at my office just had a series of jams, one of which tripped the “Call a service Tech” flag on the darned thing. Rather than calling the tech to reset it (I managed to clear the paper problem myself), you can simply enter this code on the control panel:

P*C*14

Then Press Execute, then Tap Yes, then hit the B/W Copy button, then hit the reset button.

P = Program (#)
C = Clear

Problem solved, no maintenance fees!

initrd

-=============================================[ END ]===-
-============================================[ START ]===-

Sorry about the delay in updating, I have been busy at work lately.

Firstly, make sure you have downloaded and installed the android sdk from google: http://dl.google.com/android/installer_r11-windows.exe

Second, download the following file: rootkit_is03_0430

Once those are downloaded and installed, you will need to drop to a command line.

The android SDK should be located somewhere like c:\android-sdk-windows\

The first time you run the android sdk, it should ask you about updating.  Let it do that since it will download the tools required (specifically adb, the android debugger).

Run the command:

adb devices

You should see your phone listed.  If you don’t see anything, make sure your phone is plugged in via usb and you have debugging enabled on the phone. (see my previous posts for how to do that).

Run the following commands:

adb push data_local /data/local
adb shell chmod 755 /data/local/is03break
adb shell chmod 755 /data/local/autoexec.sh
adb shell chmod 755 /data/local/busybox
adb install jackpal.androidterm.apk
adb install Superuser.apk
adb shell /data/local/is03break

You should see something like the following:

[**] Gingerbreak/Honeybomb — android 2.[2,3], 3.0 softbreak
[**] (C) 2010-2011 The Android Exploid Crew. All rights reserved.
[**] Kudos to jenzi, the #brownpants-party, the Open Source folks,
[**] Zynamics for ARM skills and Onkel Budi

[**] donate to 7-4-3-C@web.de if you like
[**] Exploit may take a while!

[**] Modified for IS03/IS05 by goroh.kun@gmail.com
[+] Detected Froyo!
[+] Found system: 0xafd138bd strcmp: 0xafd1cb7d
[+] Found PT_DYNAMIC of size 280 (35 entries)
[+] Found GOT: 0x000152b8
[+] Using device /devices/virtual/block/stheno
[*] vold: 0094 GOT start: 0x000152b8 GOT end: 0×00015538
[*] vold: 0325 idx: -0002078

[!] dance forever my only one
———————————-

adb shell
$ /data/local/tmp/sh
#

If you see the #, then you have root.   once you are at the root prompt, do the following:

# cd /data/local
# cat local.prop > /data/local.prop
# reboot

After this, any time you need root, you should be able to drop to a shell and type /dev/su and you will have root.

Now, this root does not allow just anything to run.  Due to restrictions in place on the IS03, you will lose some functionality on the phone (ezweb mail, etc…) if your phone is rooted.  There is an app that allows you to switch root access on and off when needed.

Here is the zip file containing the Root Switcher mentioned above.

Also included is a modified version of the Barnacle Wi-Fi tethering app.  It has been modified to work with the new su binary location.  Make sure you run the root switcher first!

initrd

-=============================================[ END ]===-
-============================================[ START ]===-

Recently had an issue where I had a package that I needed to install under debian but which wouldn’t install because of a dependancy problem.  So, dpkg –force-all package.deb worked and got it installed.  Program works and everything is fine.

Then, I needed to install openvpn and apt started complaining about the “broken” package.  It would not let me install or update anything else unless I removed the broken package.  Only problem is.. the package is not broken.

How to get around this?  Essentially you need to “lie” to apt and remove the dependancy.

#  vi /var/lib/dpkg/status

Opening the dpkg status file, you will see all kinds of stuff in there about the current status of every package which is installed.

For example, let’s say the name of your “broken” package is test_package.

Do a search in vi (/test_package <enter>) and it will take you to an entry which looks like this:

Package: test_package
Status: install ok installed
Priority: optional
Section: applications
Installed-Size: 24084
Maintainer: init
Architecture: i386
Source: init.sh
Version: 1.0.0-1
Depends: package1, package2, package3
Description: Performs cool tests

Now the package named “package3″ is the dependancy which is causing the problems.

The solution?  Simply go down to the Depends line and erase package3.  The entry now looks like this:

Package: test_package
Status: install ok installed
Priority: optional
Section: applications
Installed-Size: 24084
Maintainer: init
Architecture: i386
Source: init.sh
Version: 1.0.0-1
Depends: package1, package2
Description: Performs cool tests

Problem solved.  Now back to the prompt and a quick “apt-get install openvpn” works fine now.

initrd

-=============================================[ END ]===-
-============================================[ START ]===-

This post is just for mirroring a file that was found in this nuigroup post.

From the post:

Hey,
I developed my first Android Applictation that sends TUIO data via Wifi to a receiver.
You can define your receiver easily by changing IP and Port.

It should work under Android 2.1.
It is in a beta stadium, a really good blob tracking is not implemented yet.

The file was linked via rapidshare and now the link and file is gone so I am mirroring it here.

Click here to download TuioAndroid_v05

The file is an apk, so just copy it to your phone.  If I can get ahold of the source, I will update this post with it.

Here is a qrcode if you want to download it directly from your android phone:

qrcode for TuioAndroid_v05.apk

initrd

-=============================================[ END ]===-
-============================================[ START ]===-

This morning,
Sony started sending out the following emails:

Notice: Unauthorized circumvention devices for the PlayStation(R)3 system have been recently released by hackers for the PlayStation(R)3 system. These devices permit the use of unauthorized or pirated software.
Use of such devices or software violates the terms of your “System Software License Agreement for the PlayStation(R)3 System” and the “Terms of Services
and User Agreement” for the PlayStation(R)Network/Qriocity(TM) and its  Community Code of Conduct provisions.
In addition, copying or playing pirated software is a violation of International Copyright Laws.
A circumvention device and/or unauthorized or pirated software currently resides on your PlayStation(R)3 system. Immediately cease use and remove all circumvention devices and delete all unauthorized or pirated software from your PlayStation(R)3 system. Failure to do so will result in termination of your access to the PlayStation(R)Network and access to Qriocity(TM) services through your PlayStation(R)3 system.

Somehow they are able to detect if you have jailbroken your PS3. Might be a good idea to keep your Playstation unplugged from the network until a workaround can be found.

-=============================================[ END ]===-
-============================================[ START ]===-

Well, some good news and some bad news.

As some of you may have noticed, there was an over the air (OTA) update for the IS03.  If you install that update, the method described in the previous posts will no longer work.  The following method however, will work on both pre and post update (as of 2011-02-10)

I have since re-attained root access via adb shell which was not available before.

I am using linux for this but the steps should be the same under windows:

  1. Download the exploit here: IS03root and extract it.
  2. > adb push IS03root /data/local/tmp (or you can use /sqlite_stmt_journals/)
  3. > adb shell
  4. $ cd /data/local/tmp
  5. $ chmod 777 ./IS03root
  6. $ ./IS03root
    killing adbd. (it should restart in a few seconds) It will kill your shell session, simply issue the commands below
  7. > adb remount (this remounts the filesystem rw)
  8. > adb shell
  9. #  (that’s your root prompt)

Please note that this root access is only available via the adb shell command, and will persist until you reboot the phone.

From here, we are back where we started. Unfortunately, the NAND protection stops us from actually modifying the system.

Also, issuing “adb reboot recovery” brings up a picture of an android with an explanation mark inside of a triangle. (It always did this)  It seems like the phone is looking for something on the system. Perhaps a rom image?

At this time, you can fully browse the system, make more rom dumps using dd, etc.. but you cannot push anything into the /system directory.

I will post again once I have found out more.

-=============================================[ END ]===-
-============================================[ START ]===-

Doing the following will give you root via the terminal emulator.

First, launch the Google Market app and download and install a terminal emulator.

Download AndroidRoot.  It contains the tools you will need for the next few steps.

Download and install the android SDK from google.

Once installed, you will need the adb drivers from Step 1.

Plug in your IS03 via USB and enable USB Debugging on the phone (Settings > Applications > Development)  Check the USB debugging box.  When prompted for drivers, install the drivers from the Sharp website.  Once the drivers are installed, you should be able to query your phone from the command line:

c:\android-sdk-windows\platform-tools> adb devices
List of devices attached
SSHEK209505

c:\android-sdk-windows\platform-tools>

At this point, we are ready to start.

First, we need to push the required files to the phone:

adb push rageagainstthecage /data/local/tmp/
adb push su /sdcard/
adb push Superuser.apk /sdcard/

Now attach to the shell on the phone:

adb shell
$  cd /data/local/tmp
$ chmod 777 ./rageagainstthecage

Launch the terminal emulator on the phone and run the following commands:

$ cd /data/local/tmp
$ ./rageagainstthecage

It should show some output on the screen.  When it says “Forked Childs ####” it should toss you back to a $ prompt.

From here, close the terminal emulator.  Re-open the terminal emulator app and you should get an error telling you that you need to force-quit the app.  Go ahead and force quit it and relaunch the terminal emulator again.

At this point, you should see a # in the emulator window.

Congratulations.  You have a temporary root shell on your IS03.

Up next, we will explore the phone with our new found access and dump some firmware images.

initrd

-=============================================[ END ]===-
-============================================[ START ]===-

Starting this post now and I will keep it up to date with any additional information I find.

I will be picking up my first au IS03 tomorrow and will start probing this phone to see about obtaining root access on it.

After extensive googling about the phone, the only real information I can find is on the sharp website itself:

https://sh-dev.sharp.co.jp/android/modules/driver/

This is for the usb ADB driver to debug android in place on the phone via the android sdk.

The IS03 is running an au customized version of android 2.1 and my ultimate goal in this endevour is to create a custom image for the phone using either android 2.2 or 2.3 with enough backwards support to run the bundled au apps (seifu keitai, 1seg, lismo, etc..)

Stay tuned to the android category on this site for progress updates.

initrd

-=============================================[ END ]===-
-============================================[ START ]===-

Well, Finally got the chance to try my hand at jailbreaking my PS3.

What you will need to pull this off:

1.  Playstation Original or Slim at firmware version 3.41
2. Arduino Duemilanove with an ATMEGA 128  chip on it.
3. Small breadboard (a-j, 1-30, 2 power rails)
4. 7 Jumper wires
5.  2 68 ohm resistors
6.  2 470 ohm resistors
7.  1 USB Cable
8.  1 Green LED
9.  1 Red LED
10. 1 3.6v .5w zener diode
11.  PS3 Backup Manager 2
12.  ATMEGA port of PSGroove

Got all that?  Good.  Let’s get started.  First, here is the pin lineup for where everything plugs in:

(A = Arduino, D = Digital, B=Breadboard)
Arduino Pin -> Breadboard Pin

A D9 -> B G20
A D8 -> B G14
A D5 -> B b2
A D4 ->  B b12
A D2 -> B b4
A 5v -> B +
A GND -> B -

Ok, now the rest is  breadboard only:

Part – Breadboard Pin -> Breadboard Pin

R1 (68 ohm) – c4 -> g4
R2 (470 ohm) – d2 -> h4
R3 (68 ohm) – d12 -> g12
R4 (470 ohm) – j18 -> -
Z1 (3.6v zener diode) – i7 -> + (this side has the black stripe)
LED1 (GRN LED) – i14(+) -> h18(-)
LED2 (RED LED) – i20(+) -> i18(-)
USB VCC (RED) -> f7
USB data+(GRN) -> f12
USB data-(WHITE) -> f4
USB GND (black) -> -

That’s the hardware side.  I will update tomorrow with the software side.

-=============================================[ END ]===-
-============================================[ START ]===-

Just wanted to upload this picture(s) I took.

It is a series of 20 images, 3 exposures each (-2, 0, +2), on the seawall near my house during sunset.  HDR’d and tonemapped, then combined into the panorama and cropped to produce the image below:

You’ll want to click that to see the full size picture, but be patient, it’s a nearly 48 megapixel image!

initrd

-=============================================[ END ]===-
Next Page »