Firmware Tweak Gives Root Access Back to G1 Owners

Illustration for article titled Firmware Tweak Gives Root Access Back to G1 Owners

That hilarious constant-root-access bug that shipped with the G1's Android wasn't just a security flaw; to some, it was a valuable tool. The guys at XDA have brought it back, if you want it.


The hack requires downgrading your firmware to either the RC27 or RC9 images and connecting to the handset with telnet. The procedure is actually quite simple, especially if you're the kind of person who'll get any utility out of root access on Android. Instructions from XDA:

If you have RC30/RC8 or later, you must FIRST flash your phone to RC29/RC7 or lower to be able to exploit root access using the following steps. RC29 and lower users can skip this section.

1. Format the SD card to FAT32 mode (this is sometimes needed. The image is not always found if other files are on the sd card).
2. Unzip the RC29 or RC7 image file DREAMIMG.nbh to the SD card. (RC29 for US, RC7 is for UK)
3. Turn the device power off and insert SD card.
4. Hold Camera button, and press Power button to entry bootloader mode.
5. Press Power button to start upgrade procedure.
6. After finish, perform the soft reset to reboot.

Follow these steps once you have RC29 or lower:
On your G1, anything you type into your keyboard is also being run in a hidden console with root permissions. More information regarding that at the bottom of this post. But, to get root access, do the following:


1. Restart your phone
2. Type telnetd and press enter - Yes, it will start up a Contact search, do not worry about this, just type telnetd and press enter (the enter button on the keypad).
3. Download an Android Telnet client (I have one on the Market) and connect to localhost.
4. you now have root!

[XDAThanks, Draconis2941]


Jefferson Ray Mosman

what can you do with it?