Hi!

I finally have a smartphone! Got my HTC desire yesterday, of course I couldn’t wait to play with it a bit. It’s pretty dazzling to think that it has a 1Ghz CPU and 576MB of RAM, crazy specs for a phone.

It’s pretty straightforward to use, but there still is a lot of apps to have on it I guess : nmap, aircrack-ng, metasploit, maltego like, scapy, etc. I was happy as hell to have it but got disappointed very fast to see that most of these tools weren’t there or couldn’t be launched because of some missing dependencies (ruby, python etc).

For Ruby, there was the Ruboto IRB shell, which seems to be a JRuby port (yeah java isn’t that multiplateform afterall), but it doesn’t seem to manage folders.

So I searched for another one and stumbled upon ASE - Android Scripting Environment, haven’t tried it yet, gotta have to, more on this later.

With smartphone, mean communicating device, and the problem with the phone rates is that having all ports unlocked is expensive as hell, it’s 10€ more compared to only having web (80, 443) and mail port (pop or imap? or maybe both dunno). It means that we would just need to have some kind of tunneling server to bypass the restriction and go anywhere we want to go. Lucky i have WiFi where i am.

Since i’m kind of interested in security and like having a hackable device, I was asking myself if we could play with network routes, modules, etc … we just can’t … or maybe we can ;) .

I found frustrating to not really own the phone, yeah we aren’t root, just normal users. So I looked a bit at the different steps needed to completely own the phone. There are like tons of tutorials as how to do it … but all the same programs, we don’t know that much about the root hack image itself (Superboot thingy).

Anyway, I found some cool work about it, the steps looks something like this :

  • unlock bootloader
  • put the rooted boot.img on sd card
  • launch in bootloader mode
  • choose fastboot
  • rooted

I didn’t have to unlock my phone since it already was. The only manipulation to do to unlock are these :

  • Connect your phone in USB Debugging mode
  • user@computer$ fastboot oem unlock

That’s it, you unlocked the bootloader.

There was an elevation privilege exploit some months ago but it got fixed but now it seems. The root hack is now about flashing the bootloader.

The recovery image hack isn’t necessary but useful if you wanna make a backup of your rom and play a bit more with custom roms. The last thing to note is that the HTC Desire is pretty similar to the Nexus One so it shouldn’t be too different for rooting it either.

For now it’s only my theory I extrapolated from the doc’ i read. So the goal would be to make a rooted boot.img and we’ll have the key to the kingdom.

Anyway, I was thinking of building some kernel and stuffs from source but I didn’t managed it yet. Got to look if it isn’t some sort of cross compilation problem.

More over, when the phone is rooted, my guess would that it might be easier to hook stuffs in the system to better analyze it.

For now, I’m searching for an original HTC Desire firmware before I work more on a root hack for it.

That’s all for today.

m_101

Resources