script-only roots for Nokia 8110 (tested up to firmware v13)

630 views
Skip to first unread message

speeduploop

unread,
Feb 1, 2019, 2:30:01 AM2/1/19
to comp.mobile.nokia.8110
Now that Luxferre showed where the security problems of the phone are I created two 'script-only' roots.
-- no zip needed
-- no server needed
---> just scripts to start on the phone.

Both scripts work nearly the same way - difference is the 'backdoor':
-- 'tnroot'   ---> this script enables a 'telnet-backdoor' with root permissions
-- 'adbroot'   ---> this script replaces the adb-server on the phone with an insecure/root version

Both scripts enable root only until reboot - for permanent root you have to replace recovery or modify the system-partition.
(but with this temporary root it's possible to do exactly this...)

Cool thing: if you use this temporary root only to read or to modify the /data-partition you won't lose fota-update!

How does it work:

--- tnroot ---> telnet-backdoor
adb push tnroot /data/local/tmp
adb shell
cd /data/local/tmp
chmod +x tnroot
./tnroot

- now open following url in phone's browser --> http://localhost:8080
- click the button
- now 
busybox telnet localhost
in your adb-shell will give you a root-shell. This is enabled until reboot.

-----------------------------------------------------------------------------------------------------------------------------------------

--- adbroot ---> adb-root shell
adb push adbroot /data/local/tmp
adb shell
cd /data/local/tmp
chmod +x adbroot
./adbroot

- now open following url in phone's browser --> http://localhost:8080
- click the button (this will end your adb-shell!)
- now
adb shell
will give you a root-shell. This is enabled until reboot.


The scripts will guide you after start ;)
If the script ends before you click the button in browser - please restart the script.
(this can happen if the browser requests something like the icon - because it's in your browser history...)

BTW: No - you don't need both scripts - one should be enough.

I only wrote both because the different approaches...
-- the telnet-version is smaller but in some situations a bit limiting (file transfers are more complicated)
-- the adb-version is simpler to use -- but the script is quite big because I embedded the whole patched adbd-binary into the script...
(I myself use mostly telnet-backdoor but I thought the idea of doing the adb-version is funny)

Have Fun!


tnroot
adbroot

Zieff Harisz bin Muhamad Zalimin

unread,
Feb 4, 2019, 6:36:12 AM2/4/19
to comp.mobile.nokia.8110
Nice! It works! Now, how to push this OmniJB? can we do it via adb push? Do we really need the microsd card?

speeduploop

unread,
Feb 4, 2019, 9:48:03 AM2/4/19
to comp.mobile.nokia.8110
I don't know... I use root for other things ;)
(backup/restore partitions, flash recovery, ...)

But with root permissions we can modify /data/local/webapps -- so it should be possible to install an app manually...

There should even be a way without root: one of the ways to install OmniJB uses XPCShell remotely from a PC -- but there is also a XPCShell directly on the phone.
So it could be possible to push a package to the phone over adb and then install it with the local XPCShell...
(never tested)
Message has been deleted
Message has been deleted

Ivan

unread,
Feb 5, 2019, 3:41:53 PM2/5/19
to banana...@googlegroups.com
You could try in this way, but I'm not sure if it works:
 
Download the OMNISD-FINAL.zip and extract from it the files from "omnijb-distribution" folder (application.zip and manifest.webapp). Put them on your SD card.

Enable the debug-mode, you must have the /data/local/webapps/webapps.json file first (I think). From the terminal:

adb shell
busybox telnet localhost
mount -o remount,rw /data
cp /data/local/webapps/webapps.json /sdcard

unmount the phone and remount it. Now you can see the webapps.json file on your sd card.
Edit the file manually adding this (just copy/paste all on a "},"):

  },
    "origin": "app://omnisd.831337.xyz",
    "installOrigin": "app://omnisd.831337.xyz",
    "receipt": null,
    "installTime": 1530672640806,
    "updateTime": 1530672640806,
    "manifestURL": "app://omnisd.831337.xyz/manifest.webapp",
    "appStatus": 3,
    "localId": 1055,
    "removable": false,
    "manifestHash": "67a83100d96061897150dbd884a9f9ba",
    "basePath": "/data/local/webapps",
    "id": "omnisd.831337.xyz",
    "kind": "packaged",
    "enabled": true,
    "name": "OmniSD",
    "csp": "",
    "role": "",
    "widgetPages": [],
    "redirects": null,
    "additionalLanguages": {},
    "installerAppId": 0,
    "installerIsBrowser": false,
    "installState": "installed",
    "storeId": "",
    "storeVersion": 0,
    "blockedStatus": 0,
    "downloading": false,
    "readyToApplyDownload": false
  },

If you aren't sure use this site to see if your webapps.json file is valid https://jsonlint.com/

Now you must put them all in the right place. Crate the folder for omnisd first:

mkdir /data/local/webapps/omnisd.831337.xyz
cp /sdcard/webapps.json /data/local/webapps
cp /sdcard/application.zip /data/local/webapps/omnisd.831337.xyz
cp /sdcard/manifest.webapp /data/local/webapps/omnisd.831337.xyz
exit
exit
adb reboot

After the reboot omnisd should be installed.

Someone that tests this? I've already omnisd.

Subhajit Seth

unread,
Feb 6, 2019, 12:00:52 PM2/6/19
to comp.mobile.nokia.8110

IMG_20190206_222828.jpg

sorry sir your name speeduploop..... ummm in JB its speeeuploop

speeduploop

unread,
Feb 6, 2019, 1:24:04 PM2/6/19
to comp.mobile.nokia.8110
I would guess it's just miss-typed... don't know.
--- I'm not connected to any of the stores...
Reply all
Reply to author
Forward
0 new messages