Permalink
Find file
Fetching contributors…
Cannot retrieve contributors at this time
123 lines (97 sloc) 4.84 KB

You can read here a theoretical explanation on how this phone is exploited and used terms.


Exploit mandatory pre-requisits

Phone

You need a NEC Terrain phone.

USB Debugging

The option USB Debugging found in Settings->Developer options must be enabled.

Desktop/laptop with adb and a USB cable

You must have adb installed on your pc and have a USB cable to connect your phone with your pc.

In linux NO driver needed.

If unfortunately you use windows you must arrange also drivers. Driver (working in win7pro_x64) and adb.exe can be found in system/ folder in this repository.

Stock GPT. THE MOST CRUCIAL PART

It is extremely crucial for the scripts to work as expected that your stock GPT table is EXACTLY like that

Number  Start (sector)    End (sector)  Size       Code  Name
   1           32768          294911   128.0 MiB   0700  modem
   2          294912          425983   64.0 MiB    FFFF  flashbackup
   3          425984          557055   64.0 MiB    FFFF  fatallog
   4          589824          590335   256.0 KiB   FFFF  sbl1
   5          590336          590847   256.0 KiB   FFFF  sbl2
   6          590848          594943   2.0 MiB     FFFF  sbl3
   7          594944          595967   512.0 KiB   FFFF  aboot
   8          595968          596991   512.0 KiB   FFFF  rpm
   9          596992          617471   10.0 MiB    FFFF  boot
  10          617472          618495   512.0 KiB   FFFF  tz
  11          618496          638975   10.0 MiB    FFFF  recovery
  12          638976         2801663   1.0 GiB     8300  system
  13         2818048         4456447   800.0 MiB   8300  userdata
  14         4456448        13565951   4.3 GiB     FFFF  GROW
  15        13565952        13582335   8.0 MiB     8300  persist
  16        13582336        14319615   360.0 MiB   8300  cache
  17        14319616        14462975   70.0 MiB    8300  tombstones
  18        14462976        14465023   1024.0 KiB  FFFF  misc
  19        14465024        14465025   1024 bytes  FFFF  pad
  20        14465026        14465041   8.0 KiB     FFFF  ssd
  21        14465042        14471185   3.0 MiB     FFFF  modemst1
  22        14471186        14477329   3.0 MiB     FFFF  modemst2
  23        14477330        14483473   3.0 MiB     FFFF  fsg
  24        14483474        14483985   256.0 KiB   FFFF  sbl2_bkp
  25        14483986        14488081   2.0 MiB     FFFF  sbl3_bkp
  26        14488082        14489105   512.0 KiB   FFFF  aboot_bkp
  27        14489106        14490129   512.0 KiB   FFFF  rpm_bkp
  28        14490130        14491153   512.0 KiB   FFFF  tz_bkp
  29        14491154        14511633   10.0 MiB    FFFF  recovery_bkp
  30        14511634        14532113   10.0 MiB    FFFF  fota_config
  31        14532114        14990865   224.0 MiB   FFFF  MM

The point of MAIN CONCERN is the gap between partitions 3 and 4. It must be there and the end of partition 3 and the beginning of partition 4 must be EXACTLY as above.

"Stock" means the configuration before any possible use of the scripts from here or before using the terroot program or before any other means of altering.

The script in recovery/ directory here named adbtestgpt.sh (adbtestgpt.bat for windows) gets the GPT table from the phone and shows it for you.

To use the script download from the recovery/ folder here into one local directory

  • run_root_shell
  • sgdisk
  • adbtestgpt.sh (adbtestgpt.bat for windows)

In linux check that adbtestgpt.sh has permissions 755. To be sure just issue on your pc inside the directory where all the stuff has been saved

chmod 755 adbtestgpt.sh

and run the script

./adbtestgpt.sh
(adbtestgpt.bat [for windows])

The script does not take decisions. It is you, who compares and decides what to do!

micro-SD card

For the task of flashing new boot image and for the backup during the repartitioning you need a micro-SD card in the phone. It should have 12MiB free for the boot image, up to 5.2GiB free for the data backup (this is the maximum of partitions userdata (number 13) and GROW (number 14) together) and 500MiB free for a possible system backup.

The card should be formatted as an mbr with a partition.

In linux this means that the card is seen as

/dev/mmcblk0

and its partition as

/dev/mmcblk0p1

In simpler words, if you examine your SD card in disks utility on your pc you should see:

Partitioning: Master Boot Record
Device: /dev/mmcblk0p1
Contents: vfat

In windows this means that when you see the inserted sd-card and analyse its properties the corresponding window in the tab Volumes says

Partition style MBR

and shows one volume.

The partition (volume) must be formatted as vfat

Set? Ready? GO!


You should proceed here for the main exercise: new recovery.