
Freeing my tablet: Android hacking, software and hardware - jscholes
https://www.thanassis.space/android.html
======
voltagex_
Impressive work on the rooting procedure, but...

>For the TL;DR crowd: I wanted to run a Debian chroot in my tablet;

I'm sad that there aren't more people looking to run a mainline kernel + Linux
distro on their tablets. It's definitely possible but a lot more difficult.

~~~
rahimnathwani
Not quite the same, but this guy describes a way to install Debian as the main
OS (but using the kernel from the original firmware) and then running the
_Android_ system as a chroot within Debian:

[http://whiteboard.ping.se/Android/Debian](http://whiteboard.ping.se/Android/Debian)

~~~
grp
Thank you so much! Your link and this article are just what I needed to take
back control of my sony compact camera. I will try it soon now.

~~~
DanBC
_Please_ blog and document the process. I'd love to read it.

~~~
grp
With pleasure but only if it's a success.. I want to be very careful so it may
takes time.

There is work in progress for sony camera on android (mine is too old):
[http://www.personal-view.com/faqs/sony-hack/hack-
development](http://www.personal-view.com/faqs/sony-hack/hack-development)

------
morsch
I just got a Mi5, and I had to jump through Xiaomi's unlocking hoops. What an
ordeal.

You have to register for a Mi account and a Miui forum account and then
request unlocking privileges for it. This is apparently a manual process:
approval can take anywhere from two days to several weeks. Having more
internet points on their forum[1] may or may not speed up the process.
Approved Mi accounts can unlock 1 device per 30 days.

Once you've got the unlocking privs, you can download a Windows (and only
Windows) executable that performs the unlocking process (it comes bundled with
the fastboot/adb executables). It checks that your phone is logged into the
same Mi account as one part of a completely opaque validation.

The official documentation, as it were, says you need their "global
development" OS running on the phone, but I'm pretty sure it worked with the
non-development version, which is good because updating to development failed
with a non-descript error.

Once I unlocked the phone -- using a friend's Mi account which had unlocking
privs, unbeknownst to him since he never got the notification -- I had to
install TWRP (the most popular alternate recovery image). The official
versions did not work (either crashing or nonfunctional). After about a dozen
recovery images from various file hosters -- exactly where I want to acquire
core system software -- I stumbled on one that worked, albeit defaulting to
Chinese.

I suppose the fact that I did not brick the device speaks to the robustness of
Android's bootloader/recovery/system separation.

[1] A forum which goes to ridiculous lengths to feature these points. Points
for replying, points for getting replies, bounties, etc etc. Users posting
useful files restrict the link visibility to people who have answered in the
thread, which leads to threads with hundreds or thousands of one-word "Thanks"
posts, each taking up 200px of vertical space due to the amount of "badges"
the forum has. It's insane. Is that a Chinese thing? Or just how the kids do
it these days?

------
sedachv
It has been over a decade since Torvalds rejected GPLv3 licensing for Linux
([https://lkml.org/lkml/2006/1/25/273](https://lkml.org/lkml/2006/1/25/273))
and it turns out that Stallman was right.

~~~
sadfsdfsadfsd
Right about what? The Linux Kernel has gained tons of work back by vendors
using it for products that would be replaced with functionally identical non-
GPL3 components.

Torvalds' decision was extremely practical and has lead to huge gains for
Linux users even if (ahem) not every company gives back.

~~~
pjmlp
Hence why Google is happily replacing every GPL component left in Android with
MIT BSD ones in each Android release, GCC has already been shown the door.

In Fuchsia, they are even replacing Linux by their own micro-kernel, BSD
licensed.

How much contributions has Sony given back to BSD from their PS4 BSD
distribution?

~~~
sadfsdfsadfsd
They've made a handful of contributions back. Arguably, a lot of the changes
they've made they couldn't share anyways (AMD licensing agreements) or were
built on top of it as applications.

FWIW: I, for sure, appreciate the GPL3 and copy-left licenses.

------
shmerl
_> Golly gee, Mr Google, that's a lot of partitions_

More like Qualcomm. They like this mess of partitions, not Google.

 _> I am NOT a bad guy!... I just want to remain in full control of my OWN
hardware..._

Yeah, they don't want to respect that. And if you care about that, your
choices of hardware become pretty limited. Let alone if you want to have open
drivers for key components like GPU and the rest. In practice, Google's Nexus
devices tend to be one of the best choices (i.e. such as Nexus 5 and Nexus 7).
Not sure what the situation with Pixels is.

~~~
sangnoir
>> _I am NOT a bad guy!... I just want to remain in full control of my OWN
hardware..._

>Yeah, they don't want to respect that.

Honest question: if you were responsible for platform security, how would you
tell apart the bad guys from the legitimate owner asserting control over their
hardware? My imagination might be failing me, but I can't see a scenario where
making it easy for the owner to get root doesn't also make it easier for
malicious third parties to subversively add rootkits.

The only workable solution I could think of is to sell factory-rooted models
for the advanced users and a locked-down version for everyone else, but I
suspect the market is not large enough to support an additional SKU.

edit: _fastboot oem unlock_ is also fairly reasonable compromise, when
available, but I don't think many users would know what a unlocked padlock
icon when booting means in any case, and would happily use the device

~~~
schiffern
> _The only workable solution I could think of is to sell factory-rooted
> models for the advanced users and a locked-down version for everyone else_

How about Google's hardware "dev switch?" Originally they hid it inside the
Kensington lock, but now it's purely a software switch.

[https://www.chromium.org/chromium-os/developer-
information-f...](https://www.chromium.org/chromium-os/developer-information-
for-chrome-os-devices/samsung-sandy-bridge#TOC-Entering)

When the switch is on it also displays a scary warning for 30 seconds when the
computer boots that "this software cannot be trusted."

------
TheAceOfHearts
> I started looking at the various offerings, and being a nerd of a frugal
> nature, decided to only look at the best HW bang for the buck, completely
> ignoring the SW aspects.

I think this is a very important point that people tend to overlook. One that
I've definitely stated to appreciate in recent years.

For a similar example, sometimes people talk about the cost of ownership of a
PC. Whenever you bring that up, someone will mention how it's really cheap to
build your own PC. And although they're technically correct, since it's really
cheap to build your own PC, it usually means you're left on your own for
maintaining it as well.

I can't shake the feeling that this case is similar. Although I certainly
enjoy tinkering with stuff, I think there's a strong argument to be made for
things that "just work", or things that can be easily hacked. I have a hard
time imagining that the real cost of ownership of this device for the owner
ended up being higher than if they had purchased a more open device.

With all of that being said, I found this to be a very interesting read, and
I'm thankful that the author took the time to write up their experience.

------
rocky1138
Is there a phone or tablet you can buy which comes fully unlocked and rooted
by default?

Something I can install KDE Neon to?

~~~
NeutronBoy
Nexus devices are the closest you'll get - can be unlocked by a vendor
supported, fully reversible ADB command.

~~~
e12e
From what I've read and seen, nexus devices are in general best supported for
development (ie: custom software). I've had some success running custom roms
on an old HTC phone, various Samsung devices (the original i9000 Galaxy, a
Note2 and 3).

After looking for a while into various phones, I ended up getting a Sony Z3+
-- as it combines many things I want (water proof, memory card slot) with a
pretty strong commitment from Sony:

[http://developer.sonymobile.com/open-
devices/](http://developer.sonymobile.com/open-devices/)

Ironically, I've yet to actually experiment with different roms and other
software on my Sony phone, but there it is.

~~~
voltagex_
What happens when one day
[http://developer.sonymobile.com/unlockbootloader/](http://developer.sonymobile.com/unlockbootloader/)
isn't available any more? (see also similar pages for Xiaomi and Motorola)

The code "protecting" the bootloader is good enough that it could be very,
very difficult to unlock your bootloader without official support.

~~~
e12e
I'm not particularly happy with Android as a platform in general - it is way
too "open on paper, closed in practice" \- and I agree abandonware is a real
concern. However, if you just bought a device, it seems a bit less likely the
unlock page will disappear before you manage to unlock your device. And once
unlocked, it'll stay unlocked?

I feel this is a little bit different from the "zune drm hole" where you "buy"
(rent) content, but might loose all access once the provider goes under/closes
shop. (See also: the case of Amazon recalling copies of "1984" it had sold as
an e-book without a proper license).

~~~
voltagex_
> However, if you just bought a device, it seems a bit less likely the unlock
> page will disappear before you manage to unlock your device. And once
> unlocked, it'll stay unlocked?

What if I buy it from eBay 5 years later?

~~~
e12e
I agree that it leads to a new kind of "planned obsolescence", and would
prefer something more open.

------
lucaspiller
Has anyone tried GNURoot? As I understand it's a Linux chroot without needing
your device to be rooted:

[https://play.google.com/store/apps/details?id=com.gnuroot.de...](https://play.google.com/store/apps/details?id=com.gnuroot.debian)

~~~
NoGravitas
I've used it. It's a reasonable solution for a subset of the things you'd want
to use a Debian chroot for.

------
bobajeff
What would be the feasibility of making a Snapdragon based phone and running
mainline Linux + freedreno on it?

~~~
colejohnson66
Not profitable at the least. You need to think like the average consumer: "Why
should I pay $800 for this ugly 'open source' phone (whatever that means) when
this nice, attractive looking Samsung phone is only $50 plus $20 a month?"

~~~
bobajeff
Sorry, I wasn't clear enough. I wasn't asking about selling the thing. Just
building it.

------
philtar
This is why I still come to HN

~~~
rational_mostly
+1. Fantastic read.

------
mark_l_watson
Great write up, thanks for that.

I like having small devices, and I like Linux. My solution was to buy a small
HP stream 11, and just put Linux on it. Not impressive technically, like the
author's work on his tablet, but an easy way to get Linux on a $190 small
device. I like to travel with my Linux stream: fully capable for work, using
the web, and cheap enough that I don't worry about losing it.

------
ahYeex
Good article. I'm also in the process of getting control of my tablet, by
building a custom ROM for it. However, it's not possible to unlock the
bootloader as described in the article as Lenovo has decided that it should
not be that easy, so I need to take care of that first.

It would have been fantastic if the tablet in the article had a locked
bootloader, because I really want to learn how to unlock these bootloaders
from scratch. I'm just not comfortable by downloading random binaries from
questionable filelockers and loading them on my tablet, I want to know how
they are produced so I can do it myself.

I'm reading everything I can find, but the information on this subject is very
limited and consists most of "flash these files" and absolutely no informtion
how they were created.

Does anyone have good resources on the process of unlocking bootloaders from
scratch?

------
imtringued
Is there some kind of authentication for the serial port in the headphone
jack? It sounds like a security risk to me.

~~~
gardarh
Generally speaking, if you have physical access to device, all bets are off.
Which when you think about it is the point of the whole article.

~~~
pjc50
People are a bit more squeamish about applying this logic to mobile devices.
After all, iPhones remain attack-resistant with physical access.

"Secure against physical access by all but extremely determined attackers" is
worth aiming for. Even if it's just a measure against the resale of stolen
devices.

------
luxpir
Just as an aside: I have a Ubuntu chroot running on the Ubuntu Touch/Phone.
It's running mutt, taskwarrior, vim, git, ledger and a few other bits nicely.
Still a work in progress, but it's nice to be able to do that instead of make
the whole device writable. That's the other option and it breaks OTA updates
and potentially more.

------
cheiVia0
Some more resources for Debian on mobile devices:

[https://wiki.debian.org/ChrootOnAndroid](https://wiki.debian.org/ChrootOnAndroid)
[https://wiki.debian.org/Mobile](https://wiki.debian.org/Mobile)

------
dagiuth
mobile wise when they started doing that i quit there was no point in using
android. there is always sec testing but it is not as modular as it was. there
is security and then there is economic security.

------
dmitrygr
Most of author's difficulties simply stemmed from not understanding how modern
android works and boots. Easily fixable by reading more about it.

And no, nobody hates guys like you. Problem is that what you want to do is
very similar to what malware might want to, and since malware is more common
than guys like you, choices are made that way.

~~~
rational_mostly
Read the Conclusion section of the article. He uses Chromebooks as an example,
to argue - quite convincingly - that we could have both security and freedom
to tinker.

