How to root a samsung moment

[maxdamage2122]

Bump. Any new information on rooting or possible exploits?

[zoeman]

ive been with android since the G1...im a real android fan...i see the most potential ive ever seen in an OS in the android...and i rooted my g1 and flashed a custom rom 2 it...i flahed a regular 1.6 rom to it with all da good stuff...tether, apps2sd and more...and the phone ran like it had a hemi engine in it or a 800 mhz processor in it...it wus super fast...but with out it being rooted it would freeze, force close, crash, just be really buggy...after i rooted it the phone never gave a single problem again...the OS is beautiful but the hardware is never up to par...when the moment came out i thought to my self "this is perfect" da specs were beautiful...so i gave my rooted G1 to my girlfriend and got the moment...and note women are not the most patient people so if i didnt root that G1 she might have broken it the same day...excited about the moment at 1st but soon noticing that 2 of the most important things on the phone was not woking and that was the location finding and gps...i thought my phone didnt work so i brought it back and got a new 1...still didnt work...i would love to root this phone...i want nothing more but i really want a firmware update to fix this issue because like 10 of my apps used my location but not n e more...hero jus got an update so why cant we...i dnt even think sprint is aware of these problems...root access would make this phone the sickest android may b even phone period out rite now...im not a techy or not too smart on these types of things im actually a newb...but i know a good phone when i see it...i cant wait till people to really focus on the moment and i think this might be the place...

[ydoucare]

I just got a Moment, and haven't had any trouble with GPS that other people have mentioned. The first thing I did though was make sure "Use Wireless Networks" was turned off under the location settings.

[zoeman]

so u can get da exact location from ur moment using the gps on google maps???

[ydoucare]

Yes. Drove 50 miles to get home last night and tested the GPS with google maps the entire way. Worked perfect.

[dth4310]

keep to topic folks plz still sitting patiently waiting for a brain to figure out how to root this puppy. daily googlings and still nothin yet.

[zefie]

Quote:

Originally Posted by maxdamage2122

We already know about the diagnostics menu. What we are trying to find/get is fastboot

Well, we can write to /system (but not /system/bin or any other subdir) if you adb shell in Self Test mode.

There is a oneshot script in the init.rc to flash /system/recovery.img to the recovery partition. We can write /system/recovery.img but it didnt flash. I'm guessing we'd have to factory reset, which I'd rather not do.

I doubt that image wille ven work since its a different processor. I wouldn't try it, instead, we should try to find a way to make our su file on /system while we have write access.

Again, load up Self Test/Diag mode, and connect to adb shell and /system is chmod'd 0777.

Make sure 12. USB is set to "PDA". Setting it to "Phone" will disable ADP, but will allow QPST.

We can setuid on /system, but the problem I'm facing is the fact that everything I create is owned by "shell"

[zefie]

Ok we have ROOT!

As above, load into Test Mode and use ADB Shell
then run the following
cd /system/bin
cat btld_testmode > ../btld_testmode (this backs up the file)
cat sh >> btld_testmode (we append it first, don't know why, but we cant just overwrite it at first)
cat sh > btld_testmode (overwrite it)

Now, it lost is setuid. but that is fine, the factorytest.rc will restore it. so reboot the phone, reloading test mode.

cd /system/bin
./btld_testmode
Now you are in a root shell, you know what to do
cat sh > su
chmod 4755 su
exit
./su

Now we will put btld_testmode back.

cat ../btld_testmode > btld_testmode
chmod 6777 btld_testmode

Currently the su looses it's setuid on reboot, so it is not permanent.
Still working on that.

Edit: it seems all permissions get reset, then are set up by the init script.
Sadly, we can't overwrite the init script because changes in / do not persist.
All we can use this root access for is flashing, unless we find another way to persist our setuid...
But hey, at least we have a root shell! It is a start

EDIT: here is a cheap hack that will restore root when the splash logo is played:

Done! I made a wrapper around the playlogo script, which plays teh carrier logo:


first, while root still in testmode:
cd /system/bin
mv playlogo playlogo_real

Then create this file locally, and name it playlogo:

Code:

#!/system/bin/sh
/system/bin/mount -o remount,rw,codepage=utf8,vfat,fcache\(blks\)=128,xattr,check=no /dev/stl5 /system
/system/bin/chmod 4755 /system/bin/su
/system/bin/chmod 0755 /system/bin/playlogo_real
/system/bin/mount -o remount,ro,codepage=utf8,vfat,fcache\(blks\)=128,xattr,check=no /dev/stl5 /system
/system/bin/playlogo_real

push it to /system
back in the shell:
chmod 755 /system/playlogo
mv /system/playlogo /system/bin/playlogo

reboot

now it will restore your su root access when the boot logo plays.
cheap hack for now

More here, including a trick to guarantee test mode will activate:
http://midnightchannel.net/blog/255-...ng-moment.html

[clockcycle]

@ zefie Still have to absorb and figure what you have done here, but thanks has been clocked.. Looks like nice work.

[maxdamage2122]

trying it now. let you know how it goes.

update:
I performed the 1st steps
cd /system/bin
cat btld_testmode > ../btld_testmode (this backs up the file)
cat sh >> btld_testmode (we append it first, don't know why, but we cant just overwrite it at first)
cat sh > btld_testmode (overwrite it)

hit save and reboot at the bottom of the menu
now my phone wont be turn on (not even into diag mode)

UPDATE 2: For some reason I had to pull the battery before it would reboot.