08-26-2012, 10:24 AM | #1 |
Sir Penguin of Edinburgh
Posts: 12,375
Karma: 23555235
Join Date: Apr 2007
Location: DC Metro area
Device: Shake a stick plus 1
|
Hacking the T2
Has anyone started hacking the T2 to free up the Android OS underneath?
|
09-03-2012, 12:49 PM | #2 |
Zealot
Posts: 136
Karma: 493152
Join Date: Mar 2012
Location: Spain
Device: Kindle Oasis 2
|
Silence....
|
Advert | |
|
09-03-2012, 12:51 PM | #3 |
Resident Curmudgeon
Posts: 75,986
Karma: 134368292
Join Date: Nov 2006
Location: Roslindale, Massachusetts
Device: Kobo Libra 2, Kobo Aura H2O, PRS-650, PRS-T1, nook STR, PW3
|
Check that Russian forum that hacked the T1.
|
09-03-2012, 03:54 PM | #4 |
Zealot
Posts: 136
Karma: 493152
Join Date: Mar 2012
Location: Spain
Device: Kindle Oasis 2
|
I'm doing it but Russian forum is very quiet.... talking about T2
|
09-05-2012, 03:09 PM | #5 |
reader
Posts: 89
Karma: 1245680
Join Date: Jul 2008
Device: PRS-650
|
The PRS-T2 goes officially on sale in the next few days in Germany. I guess it's the same in Russia too...
|
Advert | |
|
09-10-2012, 12:57 PM | #6 |
Zealot
Posts: 136
Karma: 493152
Join Date: Mar 2012
Location: Spain
Device: Kindle Oasis 2
|
If you have a quick look at Russian forum at:
http://www.the-ebook.org/forum/viewtopic.php?t=25032 you realize Boroda doesn't feel like to root the T2. They are discussing about doing it. It makes me to feel quite sad.... |
09-10-2012, 12:59 PM | #7 |
Resident Curmudgeon
Posts: 75,986
Karma: 134368292
Join Date: Nov 2006
Location: Roslindale, Massachusetts
Device: Kobo Libra 2, Kobo Aura H2O, PRS-650, PRS-T1, nook STR, PW3
|
Last edited by JSWolf; 09-10-2012 at 01:02 PM. |
09-14-2012, 05:57 PM | #8 |
reader
Posts: 89
Karma: 1245680
Join Date: Jul 2008
Device: PRS-650
|
Since the PRS-T2 is pretty identical to the PRS-T1 I crossed my fingers and tried to use the PRS-T1 minimal root package with an official "PRS-T2 Updater.package" file (changed the readers name accordingly inside the .bat file). The script runs just fine (with no errors), the reader restarts and is updating, but I guess the magic happens within the original "PRS-T1 Updater.package" from the root package, because after it's done restarting, everything is as it was before.
|
09-14-2012, 05:59 PM | #9 | |
Sir Penguin of Edinburgh
Posts: 12,375
Karma: 23555235
Join Date: Apr 2007
Location: DC Metro area
Device: Shake a stick plus 1
|
Quote:
|
|
09-15-2012, 12:42 PM | #10 | |
Zealot
Posts: 101
Karma: 34554
Join Date: Aug 2012
Device: none
|
Quote:
The "PRS-T1 Updater.package" from the root package looks like (i.e. actually is) a regular firmware update package to the reader, but doesn't contain any updates, but only the update script that is part of all these firmware update packages. And this (root package) script does then it's magic, because as a trusted updater script it has full access to the device. Unfortunately, these updater packages are encrypted with a key specific to the reader model, so unless we don't know the key for the T2 (for which it would be necessary to have root access to the device), there won't be a root package. |
|
09-15-2012, 02:12 PM | #11 |
Zealot
Posts: 102
Karma: 38810
Join Date: Apr 2011
Device: Sony PRS-T1
|
I ws wondering if there is some JTAG or similar low-level interface to access the memory.
|
09-15-2012, 07:24 PM | #12 |
Zealot
Posts: 101
Karma: 34554
Join Date: Aug 2012
Device: none
|
Well, I was hoping that the Android Debug Bridge would do us the favour, because Sony was nice enough to not change the method of entering the test mode - it's the same procedure as for the T1.
But when selecting "Switch ADB" I get "Sorry, this funtion is not available". So either there is something different with the T2 or the Wiki entry is wrong or at least misleading, and it isn't possible to start the Android Debug Bridge Daemon on an unmodified device. Could anyone check and confirm with an unmodified T1, please? I suppose that it might be necessary to run porkupan's enable-adb first to make "Switch ADB" work which - again - isn't possible without root access - chicken-and-egg problem. EDIT: Yes, this thread seems to prove it. A pitty. Last edited by ebmr; 09-15-2012 at 07:28 PM. |
09-16-2012, 03:17 AM | #13 |
Zealot
Posts: 101
Karma: 34554
Join Date: Aug 2012
Device: none
|
There might be one method left to get root access and retrieve necessary information: Booting into recovery mode with either the update.img from rupor-rescue.7z or figonet's update.img which are simple filesystem images that only give root access to the device via usb serial.
With this kind of access it should be possible to retrieve the necessary information from /proc/mtd and to dump the appropriate /dev/mtdblock which contains the keys needed to create packages to free the device. Who dares? |
09-16-2012, 06:23 AM | #14 |
Zealot
Posts: 102
Karma: 38810
Join Date: Apr 2011
Device: Sony PRS-T1
|
AFAIK both usb-serial driver and ADB are not enable in stock T1 and T2, so it's not possible
|
09-16-2012, 06:44 AM | #15 | |
Zealot
Posts: 101
Karma: 34554
Join Date: Aug 2012
Device: none
|
Quote:
With ADB you're right. |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
[Q] Can't get to settings after hacking | holgalee | Kindle Developer's Corner | 11 | 05-26-2012 07:52 AM |
K3 screen hacking | arikfunke | Kindle Developer's Corner | 8 | 04-28-2012 10:43 AM |
hacking in? | omro | Astak EZReader | 5 | 12-09-2009 05:59 PM |
Hacking like we had for the 500? | TadW | Sony Reader Dev Corner | 2 | 04-03-2008 05:46 AM |