Here's how to get root (untried)

**mknewman** · 07-16-2011 05:09 PM

We need to use applypatch, which is what the OS uses to apply the OTA patches, which obviously does unlock the ROM and write to the protected memory. I've searched but can't find anything more than the help page which you will see if you run it in a terminal windows.

It looks like it needs an apk or some sort of signed file. I think this is our answer folks.

**Ads** · 07-16-2011 05:09 PM

**Natolx** · 07-16-2011 05:16 PM

Does the app not reboot you into recovery to install the file(automatically) when you hit install?

I forget.

Anyway if someone could find a way to piggyback Superuser into the OTA update that would be nice. Sadly, the update has a "whole file manifest" that checks and makes sure everything is as it should be. It even notices if you change an ascii character within a file.

Maybe someone with experience could modify all the manifest files etc. in an appropriate manner to allow us a piggyback.

Edit: An example of the signed file is most definitely in the OTA update I posted
http://www.mediafire.com/?239uts3rdubddds

**_dennis_** · 07-16-2011 05:59 PM

Originally Posted by Tribute

Does the app not reboot you into recovery to install the file(automatically) when you hit install?

I forget.

Anyway if someone could find a way to piggyback Superuser into the OTA update that would be nice. Sadly, the update has a "whole file manifest" that checks and makes sure everything is as it should be. It even notices if you change an ascii character within a file.

Maybe someone with experience could modify all the manifest files etc. in an appropriate manner to allow us a piggyback.

Edit: An example of the signed file is most definitely in the OTA update I posted
Thrive_update_from_5.0018_to_5.0022.zip

Well I tried to use Auto-sign.zip from [HOW TO] Manuals for creating a theme - xda-developers and when using the signed zip it fails the verification immediately for a signature. So I then tried to swap out the Manifest.mf file in the original update.zip (the one I put the superuser.apk and the su bin file in) and it still does the fail for full file check.

I think we need the private keys Toshiba used, or to find out how they made the patch files (the ones that end in .p).

I am really stumped. Crazy idea though, can we use the system dumps we have, make them into a .img file and fastboot push them? We may need to pull a few of the files that it wont let us pull from ADB but I wonder if they all are common files?

**batfish** · 07-16-2011 06:10 PM

Originally Posted by _dennis_

Well I tried to use Auto-sign.zip from [HOW TO] Manuals for creating a theme - xda-developers and when using the signed zip it fails the verification immediately for a signature. So I then tried to swap out the Manifest.mf file in the original update.zip (the one I put the superuser.apk and the su bin file in) and it still does the fail for full file check.

I think we need the private keys Toshiba used, or to find out how they made the patch files (the ones that end in .p).

I am really stumped. Crazy idea though, can we use the system dumps we have, make them into a .img file and fastboot push them? We may need to pull a few of the files that it wont let us pull from ADB but I wonder if they all are common files?

how about some of theses
Signapktic: Sign .apk’s and .zip’s on your Android Device | xda-developers
Tool To Auto-Sign Multiple APKs And ZIPs | xda-developers

**mknewman** · 07-16-2011 06:16 PM

Are the certs in /etc/security/otacerts? If so, then we may be in a bind since we don't have their private key to encrypt with.

I do notice though that the sha-1 checksums for applypatch appear to be optional (in [ ] ) so can we actually use it to load an unsigned zip?

**_dennis_** · 07-16-2011 06:28 PM

The signing tools don't work. I think we really need Toshiba's certs to completely resign the update.zip.

I have no idea how to use the otacerts file to sign things.....someone with some crypto knowledge will have to figure it out I think.

**Natolx** · 07-16-2011 06:30 PM

Well there's no way we're gonna get the private keys or how they made the patch files.

Actually that idea about adding files to the system dump then reforming a .img to push via fastboot sounds like an awesome idea. Sadly, if the files aren't in the system dump we simply cannot get them through ADB. Getting anything that didn't come out of the system dump requires SU

Do we really need any other files?

Edit: I figure all we have to do is put su in /bin in the system dump and superuser.apk in the /app folder then recompress it into a .img.

Is that really all it takes?

Originally Posted by _dennis_

Well I tried to use Auto-sign.zip from [HOW TO] Manuals for creating a theme - xda-developers and when using the signed zip it fails the verification immediately for a signature. So I then tried to swap out the Manifest.mf file in the original update.zip (the one I put the superuser.apk and the su bin file in) and it still does the fail for full file check.

I think we need the private keys Toshiba used, or to find out how they made the patch files (the ones that end in .p).

I am really stumped. Crazy idea though, can we use the system dumps we have, make them into a .img file and fastboot push them? We may need to pull a few of the files that it wont let us pull from ADB but I wonder if they all are common files?

**_dennis_** · 07-16-2011 06:41 PM

I think it would be it. I am not 100% sure and I don't know how to make an img file. If you make it I am willing to try it. it may brick my device but I hope not

**Natolx** · 07-16-2011 06:47 PM

Well I'm wondering whether our system pull really got everything. isn't there a /dev/ folder or something that I don't see there?

**mknewman** · 07-16-2011 07:09 PM

/dev is a different filesystem.

Welcome to the Toshiba Thrive Forum.

Thread: Here's how to get root (untried)

LinkBack

Thread Tools

Search Thread

Display