[Q] Rooting - security issues & 'unrevoked' - Desire Q&A, Help & Troubleshooting

Just came across this article while researching how to root my new HTC Desire (sweet phone!) ... is this still true and should I be concerned?
Also - has anyone got thoughts on the 'unrevoked' 'one-click-root'? - is it as safe as doing a more 'manual' method?

Well i have heard of several apps still storing passwords as plain text, so might still be a problem. This is also the case on unrooted phones though. The real problem here regarding root is, that apps, which you have given root access, can access those files which is normally available only to the actual app. So it is more a question of only allowing root to trusted apps, which you should always do anyways, as anything run with full access have the possibility to do major damage.
And regarding unrevoked, it should be as safe as rooting using pauls method, which only supports the old hboot versions by the way. There will always be a risk to it, but if you do everything right, it is very easy. The difference in the rooting methods is more the way they hack the recovery in order to let you flash unsigned or test-signed zip files. So just go with the latest unrevoked and make sure to install the drivers the right way first and you should be fine

Brilliant, thanks so much for the informative background, I will be rooting!
Read the OP too by Cory which has made me less worried - http://forum.androidcentral.com/hacking/35470-aware-clear-text-passwords-database-files.html

No problem I hope it helped you understanding.

Related

[REQUEST] Idiot's Guide

In the N1 General forum there was a great post done - 100% Fool Proof Guide to rooting & ROMs, and I was hoping that we could start a similar thread here.
Please feel free to comment on this post - it is my hope that we can put together a great document for newbs like me in the future. THIS thread is for suggestions on what should be in the guide, not the guide itself. I will reserve the second post for compiling suggestions over the next couple of days.
I just ordered my Desire, and it should be with me in a week or two. I am disturbed by the USB/A2SD issues being encountered by some, and so when I root I want to get it right
imHo, the guide should include:
1) Definitions of Rooting, unlocking, goldcards, generic, kernel, radio and how these relate to future OTA updates. These are concepts which I am familiar with, but feel I know just enough to be dangerous to myself/my device
2) A ballpark comparison of the unique characteristics of ROMs available today (stock-like, minimalist, sense-free, tethering, etc)
3) A step-by-step guide to the most recommended flashing updates people are using today
4) Things to bear in mind if you are a win-x64 user (I understand this is a tripping point for some)
[Reserved for collating ideas]
1) Terminology:
Rooting
Unlocking
Goldcards
Generic
Kernel
Radio
OTA updates, and how they may be affected by flashing your Desire
2) Current ROMs available and their unique characteristics
3) Guide to flashing your desire
4) Win64 users - what to bear in mind
And a big warning that this rooting process can cause unexpected pain on your bank balance if you are unlucky at the minute
I'd say to use the TinyCore method as I had nothing but issues doing it using W7 x64 - there's a guide on MoDaCo that's simple as anything - only a fool would get it wrong!!!
Find it here:
http://android.modaco.com/content/h...inux-download-and-guide-easiest-and-best-way/
And my USB still works fine, not had any issues since rooting and am now happily using an MCRr2 ROM cooked to my liking
I'd have to agree. Tiny Core Linux was so simple to use. I'd never used Linux before and even I could do it!
I did see paul's tweet saying a new safer more reliable method was coming this week hopefully. If that's the case I'll be rooting like mad again!
New, safer, more reliable root method for Legend and Desire coming up next week (all being well). #mcr 7:28 PM May 14th via Tweetie http://twitter.com/PaulOBrien
Only issues I've had was flashing the radio as part of a ROM - wouldn't have it so gonna try it on its own later this evening. Would be nice to get it all in one ROM but meh
EddyOS said:
I'd say to use the TinyCore method as I had nothing but issues doing it using W7 x64 - there's a guide on MoDaCo that's simple as anything - only a fool would get it wrong!!!
Find it here:
http://android.modaco.com/content/h...inux-download-and-guide-easiest-and-best-way/
And my USB still works fine, not had any issues since rooting and am now happily using an MCRr2 ROM cooked to my liking
Click to expand...
Click to collapse
u guys are getting it wrong!!!!!!
me too i was saying the same thing last week when i was reading about the bricks and stuff. i didnt have any problems till 2 days ago. well let me tell you that the unrooting process went out wonderful... nothing wrong. i even flashed all the roms possible and even started cooking and porting some roms for my own use too.
the problem is not whether the method is complex or not. the ''brick'' does not happen while you are rooting the phone. nobody actually knows what triggers the damage. some get it on 1st attempt, some after 5-6 flashes, and some like me after numerous ones.
so in my opinion, i dont think you can say this is a safe method bla bla bla and i try to discourage ppl wanting to root ''for the moment''.
deeren said:
u guys are getting it wrong!!!!!!
me too i was saying the same thing last week when i was reading about the bricks and stuff. i didnt have any problems till 2 days ago. well let me tell you that the unrooting process went out wonderful... nothing wrong. i even flashed all the roms possible and even started cooking and porting some roms for my own use too.
the problem is not whether the method is complex or not. the ''brick'' does not happen while you are rooting the phone. nobody actually knows what triggers the damage. some get it on 1st attempt, some after 5-6 flashes, and some like me after numerous ones.
so in my opinion, i dont think you can say this is a safe method bla bla bla and i try to discourage ppl wanting to root ''for the moment''.
Click to expand...
Click to collapse
I totally agree, I try to at least warn people that there is a fair chance they will brick their device but this thread is about the best and easiest way to root.
At the end of the day if people know the risks and still want to go for it, then they may as well come here for the easiest method
just a quick question guys as im a total noob in android and rooting, does this method also works with the desire and does not require a goldcard?
cez10 said:
just a quick question guys as im a total noob in android and rooting, does this method also works with the desire and does not require a goldcard?
Click to expand...
Click to collapse
This method is for the desire!
If you choose to root, then you will only need a goldcard if your handset was network supplied and branded. If for example you bought it and it came in a plain box, and had no network branding on the software then you can do it without the gold card. I got mine from the Carphone Warehouse so it was unlocked and unbranded. I just rooted with the standard SD card.
The software number on my unbranded device is 1.15.405.4. Hope this helps.
Refer to this
1) Nothing is foolproof. If you're a fool, don't root.
2) Foolproof implies pragmatic. The N1 is designed (basically) to be rooted so there's a universal method for all. The Desire wasn't, so things liks different bootloaders, branded phones and goldcards makes everyone just that little bit different. I mean, the HTC memory protection mean things like Adfree don't work out of the box (causes phone to reboot) - if you create a foolproof method we're just going to get threads about "zomg why wont dis app wrk on my fone" because they expect to be spoonfed everything.

Questions about rooting an EVO

Let me first say I'm a noob to this whole rooting thing and I would like to get some more info on. I tried searching the forums for the answers, but I failed to find what I was looking for.
1) What is this nand people are talking about? RUU? ROM (what's the difference between sense and no sense)?
2) How do I backup my apps, etc before trying to root?
3) Which guide do I use? My Evo came with 2.1, but I did the stock update to Froyo.- I don't wanna end up with a 500 paperweight.
4) If I need to bring my phone in for service how do I return it to stock?
5) I know you can turn your phone into a free wifi hotspot after rooting, what are some other advantages to rooting?
Any help would be greatly appreciated.
ok now let me remind you im not far ahead of you so let me tell you i would wait for a few more posts before taking what i have to say to heart, but i cant leave someone i may be able to help (even a little in need)....
1. the phrase "NAND" refers to the term nandroid backup, which is when you create a backup file. like a system restore point for windows, so when u start doing some different customizations or just try flashing some different roms assuming something goes wrong you will always be just one click away from doing a restore back to a fully functioning rom that you backedup previously. i believe the 2 main programs associated with this is amon_ra and clockwork.....
2. as far as backing up apps i just save the .apks on my pc and reinstall them once i reflash a new rom, but from what im reading you can use a program like titatnium backup, app brain...etc. but then again as far as personal experience goes...none here just what ive gathered from reading.
3. http://forum.xda-developers.com/showthread.php?t=765496
(personally ive rooted with this method and it was very simple just read through the steps before starting and follow them accordingly, dont be discouraged general computer knowledge is needed though) or atleast the ability to move about the computer)
4. returning your phone from the method discribed below is simple as it seems...but again have not done personally only from what ive read: you are rooted (assuming you've used the thread above) with unrevoked3 meaning you have s-off(in laymen terms: the position of the bootloader {ON or OFF} which checks images being flashed to make sure they are signed with the htc security signature),,,you just need to download the unrevoked s-ON file and use that to return the phones security settings and re-download an RUU(RomUpdateUtility) thats official from the htc site and ull be back to unrooted good old-fashion stock evo.
5. and as far as the wifi tethering goes just go to the market place and download a wifi tethering .apk, once rooted of course ....and run it from your evo to connect to your pc wirelessly
*this should help*
http://handheld.softpedia.com/progDownload/Wifi-tether-download-76020.html
and as far as why root, well because when you buy a phone i assume you wanted it to be YOUR phone and with rooting its all about flashing opensource/custom roms to your phone and other things such as kernels to customize the phone to your liking and you cant flash unsigned data to your phone without having su permission, meaning you need ROOT access....
-now again let me disclaimer myself i am also very very new to the whole android community and may be spewing lots of wrong info and am probably quite confused my self but i figure id risk making a fool of my self to help u in the off chance that what im saying makes any sense at all....but yea
If I can root a phone trippin on 28 triple cs you can do it
Boss dextromethorphan.....is no fun, and I dunt suggest rooting ur phone or opperating heavy machinery under the influence of triple c's....
Sent from my PC36100 using XDA App
Bump
Victory for L---S---U

[Q] I need an adroid education

Hey guys... plain and simple, I need help. I'm kind of a noob, but not really. I know a little bit here and there but I want to get good with my Evo, I mean really good! I'm currently browsing XDA in my car (Evolution X) tethered to my Evo 4G. Love Evo's. I'm also on a macbook pro, which makes a lot of the standard rooting options difficult for me, and i'm not running boot camp on my mac, so I don't have windows access.
Anyway, I want a foolproof, safe root. Currently I'm rooted with unrEVOked3. I hear not so great things, especially that full root might not have been attained. I want to confirm this and I don't know how. I don't want to be stuck with a root that might brick me in the future or give me problems down the road. I'm considering unrooting unrevoked and re-rooting with a more solid root method. I know that it doesn't matter the method as long as root is attained in the end but, from what i've read, a lot of people just don't agree with unrevoked method. I'm also concerned about the updates that unrevoked will provide when OTAs come out.
Here are my objectives...
1. Be familiar with the definitions and common terms root users use. For example, I want a clear understanding of recovery mode, HBOOT, bootloader, setcpu, kernels, etc. I know a little bit, but I don't feel comfortable enough to start messing around with flashing roms, changing kernels, etc. I want to be though.
2. I want to be able to flash roms.
3. I want full root and guaranteed SU permissions.
4. Wifi Tether.
5. ability and know how to overclock and underclock depending on the situation i'm in.
I know a lot of you guys will tell me to search and READ READ READ, but i've been doing this since I got me Evo about a month and a half ago. I rooted with unrEVOked3 because on my mac it was a simple download and click.
I downloaded the android-sdk-mac-86 download and I also have ECLIPSE for mac. I know these are app development programs, but will this help me with root and everything from there on?
Does anyone have a link to a site with definitions and explanations or is someone willing to take the time to explain to me these definitions and how they relate to android and effect the phone...
I appreciate you guys helping me. If you're going to tell me to use the search button or read the stickies, please save it, my laptop only has 3 hours of battery and i'm driving cross country and checking the forums while i'm riding shotgun.
Thanks in advance.
my 6th objective is to have all the apps i'll need to monitor and maintain my phone as best as i can.
I know about ROM manager, setcpu (don't have yet), Titanium Backup, and system info.
is there an app that allows me to browse ALL folders on the phone? currently I have ASTRO.
http://www.droidforums.net/forum/re...ide-android-terminoligy-lingo.html#post462728
thank you for the link.

[Q] Questions before Rooting

Hey Guys,
I've been contemplating rooting my DHD for a while and have been looking up information on it for a while.
However, just a few questions before I undergo the journey of rooting my phone
Firstly, I'd just like to confirm the procedure of rooting my phone.
The general procedure for this would be;
a) Downgrading firmware from 1.72 -> 1.32
b) installing Visionary to attain permanent root.
c) Turning S-Off
d) Flash/Install a new rom.
Is that correct?
The main reason I want to attain root is to improve battery life. What is the best rom that achieves this? Also I love minimalistic skins and have a launcher pro skin that I have installed (which Imo looks absolutely beautiful [and made my work colleague jealous because his iPhone can't do that without it jailbreaked].
Question is - taking into account of battery life/eye candy, what would be the best rom to install? (HTC sense optional)
Also - i've been reading the lingo of "radio" s-off. What does this actually entail?
Finally a few more questions;
- How would I be able to backup my apps, settings, contacts, files etc on an unrooted phone?
- How long would this process approximately take? I've been reading that people have bricked their phones... How often does this occur?
(note - for reference, I have installed CFW on my PSP via hard-modding my battery - So I have limited experience in this; but nothing involving this much lingo. -_-)
Cheers,
Thanks in advanced guys!
I found rooting my DHD somewhat confusing. visionary did not work for me so I used the instruction on cyanogenmod wiki and those worked just fine.
I had the asian model and my version was 1.72.405.6 but had no problem with rooting and the fixes were not applied to my image.
backing up from unroot image? the rooting procedure will leave the original image just gives you root. so you can either use titanium backup or the CWD for backing up. no need to worry about that.
as for the process I was confused so it took me 2-3 days of error and trail to get it done. I had one case of reboot loop but got fixed with a proper wipe.
for the rom I am using MODACO. if you pay the support fee you can use their kitchen to customize your image and make it faster if you need. battery life issue had something to do with one of the original images if you use any other rom you should be fine.
Hey guys, just thought I should give you an update on how things went.
I have successfully rooted my phone and installed the Core Droid Rom on it (I'm a sucker for eye candy)
The way I listed was pretty much spot on. I followed the guides from both here at xda and also the cyanogenmod wiki.
General process was;
Down grading from 1.72 -> 1.32 (using psneuter).
Installing Visionary for Temporary into Permanent Root
Flashing the Radio S-Off and t hen Eng S-Off using the 1 click tools provided by the helpful members here.
After that it was just easily enough to install new custom roms via Rom Manager
It wasn't as hard as I thought. hahaha
Also - I backed up all my things using My Backup Pro (which does cost money)

[Q] Major questions before i root for the 1st time

okay, i love my evo
i'm ready to root now so i've come to this point where i need to know...
1. is there a way to save all my apps and email addresses, pretty much just move everything over to the rooted product or have a backup of it i can access. i mainly don't want to lose my emails that aren't gmail cause i dont remember all the passwords.
2. is there a way to come back to stock? and have all my stuff still there?
3. whats the easiest way, i'm currently eyeing Unrevoked3.
4. what are the pros and cons of rooting?
5. i keep hearing about there being no security and i want to know how to keep my phone secure while also being rooted.
thanks in advance, i will be communicating throughout this process
one_mic_only said:
okay, i love my evo
i'm ready to root now so i've come to this point where i need to know...
1. is there a way to save all my apps and email addresses, pretty much just move everything over to the rooted product or have a backup of it i can access. i mainly don't want to lose my emails that aren't gmail cause i dont remember all the passwords.
2. is there a way to come back to stock? and have all my stuff still there?
3. whats the easiest way, i'm currently eyeing Unrevoked3.
4. what are the pros and cons of rooting?
5. i keep hearing about there being no security and i want to know how to keep my phone secure while also being rooted.
thanks in advance, i will be communicating throughout this process
Click to expand...
Click to collapse
1.Once you root [recommend using unrevoked] it won't touch your apps, ect. it'll be the stock rom with root access, so you won't lose any data.
2.Yes, you'd run the unrevoked s-on tool, the a 3.70 ruu to return back to stock, unrooted.
3.Yes, use unrevoked. Just make sure HTC isn't installed, but was prior. You only need the drivers, and install the hboot drivers.
4. Pro: Highly customizable: splash screen, boot animations, multiple roms, themes for roms, increased battery life, you can take it further.
Con: Only real one is you can brick your phone by doing something stupid, like doing a battery pull during a radio update. Quickest way to brick it. More trouble shooting than non rooted phone, but most are easily fixed.
5.There is security. A small amount of people have claimed to got viruses from downloading pirated apps from sketchy sites. If you choose to use them, no problem, put you can't post links to paid apps. If you really want protection, you can install lookout mobile security, nice features. But basically, don't download from sketchy places.
so i will keep all my emails and also what about applanet?
1: using unrevoked, you don't have to. any other method, you can back up apps with titanium backup. contacts with stock contact backup.
2: yes. unrevoked s-on tool (even if you don't use unrevoked, the other methods use the unrevoked radio exploit) and then ruu back to stock.
3: easiest is unrevoked, but then you are pretty clueless afterwards. you can do this if you want, but i'd personally reccomend the method in my signature. not as hard as you think. mostly just copying over commands. teaches you A LOT as well.
4: pro: do anything you want with yoru phone. roms, roms, roms, roms, themes, boot anims, splash screens, free tether, anything you want, updates sooner, other phone's updates on your phone, stock android (not htc), modded stock android (cm7 is sexy), a bunch of other stuff, gets you away from video games, get a bit of tech knowledge.
cons: you can brick by pulling battery during radio update, or by the flash memory corruption like 7 people have reported (but they all got free refurbs, and 7 is like 1/3000000th of rooters anyways). if you are experiancing problems, you need to do more troubleshooting than stock. this is actually good though, because my dad's phone is messed up, and the only thing he can do to fix it is ruu. thats it. i can change roms, diagnose, replace apks, anything. also, you need some time on your hands.
5: the security they are talking about is from you. yes, if you turn off your nand protection (root) then you are more easily succeptible to viruses, but most have rageagainstthecage exploit anyways, which would let them do the same thing. the downside here is all antivirus and moblile security things will say that you have system viruses. ignore that.
edit: just saw your above post
applanet is piracy, and very risky. most malware and viruses come from things liek that.
and for your question there \/. unrevoked is pretty self explanitory. just install and uninstall htc sync, install drivers, and run the program.
also, link me to the easiest walkthrough of unrevoked if u can?
and i downloaded the drivers, i need sync too then uninstall it?
Only my oppinion... Best instructions are posted on the unrevoked site.
Sent from my PC36100 using XDA App
one_mic_only said:
also, link me to the easiest walkthrough of unrevoked if u can?
and i downloaded the drivers, i need sync too then uninstall it?
Click to expand...
Click to collapse
Follow these and you'll be fine.
-Install modified windows hboot drivers
-Install htc sync, immediately uninstall it
-On your phone, enable usb debugging [menu>settings>applications>development]
-Connect your phone in charge only, run unrevoked [will show up as reflash_package on your pc]
Let it run its full course, will take ~5 minutes, and reboot twice.

Categories

Resources