Image
WARNING: You can completely brick your shiny new BTC miner with this if you aren't careful. Standard disclaimers apply - I take no responsibility if you blow up your device.
I don't remember if we were promised root access to the Prospero's Android subsystem but I noticed some unnecessary and/or potentially dangerous system apps installed and I wanted them gone. This is how I eventually managed to hack root out. All files mentioned are available for download at the bottom of the page.
Break into the Android Subsystem
We do have SSH access to the boxes. Once they've grabbed an IP from DHCP, you can SSH to that IP:
User: ba Password: ba
I'm sure the first thing you'll want to do is change this rather unsafe password.
We also have root-level access to the Debian system running alongside Android via sudo. (And under the same kernel no less - major geek points to whomever rigged that up!) After a bit of digging, I found that Android has primary control of the filesystem and we're running in a chroot jail under it. Well, chroot jails are pretty trivial to break out of so that's where the 1st attached file comes in - breakout.c. First scp it over to ba's home directory and then:
sudo -i gcc -o breakout /home/ba/breakout.c ./breakout
If anyone happens to know who originally wrote this I would gladly give them credit - I grabbed it a long time ago and have modified it heavily for my own little toolbox.
It should look something like this:
[user@mycomputer ~/root_prospero]$ scp * ba@192.168.0.41: ba@192.168.0.41's password: breakout.c 100% 1924 1.9KB/s 00:00 ClockWorkModSuperuser.apk 100% 1562KB 1.5MB/s 00:00 su.bin 100% 358KB 358.4KB/s 00:00 [user@mycomputer ~/root_prospero]$ ssh ba@192.168.0.41 ba@192.168.0.41's password: Linux localhost 3.0.36+ #94 SMP PREEMPT Fri Mar 28 00:47:45 CST 2014 armv7l The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Mon Aug 25 00:18:14 2014 from compy386 For cgminer: screen -r ba@localhost:~$ sudo -i For cgminer: login as user ba root@localhost:~$ gcc -o breakout /home/ba/breakout.c root@localhost:~$ ./breakout root@android:/ #
You should see the prompt change and the host name switch to 'android'.
Root the Android Instance
Standard Superuser 3.1.3 doesn't appear to work on these but ClockWorkMod's Superuser does so we'll use it. Both it and the su binary from inside of it are available for download below. scp both to ba's home directory and then:
root@android:/ # export PATH=/data/local/bin:/system/bin:/system/xbin root@android:/ # mount -o remount,rw / root@android:/ # mount -o remount,rw /system root@android:/ # cp /linux/home/ba/ClockWorkModSuperuser.apk /system/app/ root@android:/ # cp /linux/home/ba/su.bin /system/bin/su root@android:/ # chmod 6755 /system/bin/su root@android:/ # cp -a /system/xbin/su /root/su.bak root@android:/ # rm /system/xbin/su root@android:/ # ln /system/bin/su /system/xbin/su root@android:/ # mount -o remount,ro / root@android:/ # mount -o remount,ro /system
Congratulations - your Prospero X1 is now rooted and ready to clean out.
Attached Files