How to root a Motorola Atrix 4G on 2.3.4

Dominic White

 

How to root a Motorola Atrix 4G on 2.3.4

Thanks to Simon Dingle, I'm going to be getting into the world of Android. One of the things that shocked me over the first few days, was the large number of applications that came bundled with the phone that could not be uninstalled, and had persistent background processes. In the "direct consequences" camp, the Motorola News and Gallery application simultaneously chewed my bandwidth and flattened by battery, in the more worrying "shady unknown consequences" camp, an app call "Arabware [1]" offered to "localize" my services, and  also could not be uninstalled or stopped. I decided it was time I got root.

The official guides for how to root a Motorola Atrix 4G on the latest update (2.3.4 at the time of writing) are laughably naive. In 5 minutes I could easily find 50 sites all parroting the same process involving complex and dangerous flashing of firmware. The first bit of mis-information that needs clarification, is that despite the Motorola 2.3.3 developer preview having an unlocked bootloader, the official 2.3.4 Gingerbread update from Motorola DOES NOT HAVE AN UNLOCKED BOOTLOADER. No problem they say, just flash this firmware in this ZIP file, supposedly extracted from a Chinese leaked version of 2.3.3. What?! You want me to flash fimware passed around as a zip file from random locations? Not a chance. To make it worse, after a quick squiz at the .sbf file, I found this comment embedded in it:

"The2dCour, known troll in your phone."
Awesome. Not a chance I'm touching that.
Here's a much safer, simpler way to root your device, which involves no warranty-voiding, security-spine-chilling hoop jumping.

All I wanted was root. I'm familiar enough with Linux to make my way after that. If you're "non-technical" then move along :) The steps are:

  1. Put your phone into USB debugging mode.
  2. Download and install the Android Debugging tool from the Android SDK.
    • You'll need to run the SDK executable (android) and install the "Platform Tools" to get ADB these days.
  3. Plug your phone into your computer.
  4. Run "adb devices". You should see the serial number of your phone appear.
  5. Download the binary zergRush exploit from it's developers. The source code is also available for you to examine (or compile).
  6. Upload it to your device with "adb push zergRush /data/local/tmp".
  7. Connect to your device with "adb shell"
  8. In the shell, switch to the temp dir and run zergRush "cd /data/local/tmp/; ./zergRush"
  9. You should see the following (the image below has been partially redacted):
  10. If you get the "Killing ADB and restarting as root" line, then it's worked. Exit your adb shell and reconnect. You'll see a "#" as your prompt indicating you're root.

And that's it. On the one hand, I'm happy there's a "safer" easy way to get root on my own device, on the other hand, I'm uncomfortable with the fact that one of Motorola's flagship phones can be 0nwed so easily, with no update forthcoming.

[1] Yes, I know Arabware is a localisation service for the Arabic alphabet. I'm not saying it's shady, just that I see no reason why it should be a mandatory app in South Africa.

Monday, January 16. 2012
Posted by Dominic White in Security
Comments (4) | Trackbacks (0)

 

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

#1 Craig Swan (Reply)
Posted on Monday, January 16. 2012
Love all the stracraft references :)
 
#2 Allen Baranov wrote (Link) (Reply)
Posted on Monday, January 23. 2012
How is your 9 step process including downloading an SDK and connecting the phone to a PC while the phone is in debug mode be termed "0nwed so easily" ? There are a lot of hoops that have to be jumped through to get the phone rooted. And even so, this doesn't mean that the phone is available to an attacker. It just means that the phone is no longer hobbled.
 
#2.1 Dominic White wrote (Link) (Reply)
Posted on Friday, January 27. 2012
Granted, it's not easy to the common person. If someone finds grabbing the SDK hard, then they're probably not going to be writing malware for the platform. I meant "technically easy". This is the sort of thing that could get bundled into a malicious app, that with the right permissions could win. Read up on IOS jailbreaks, and you'll see the difference: https://trailofbits.files.wordpress.com/2011/08/ios-security-evaluation.pdf https://media.blackhat.com/bh-us-11/Esser/BH_US_11_Esser_Exploiting_The_iOS_Kernel_Slides.pdf http://pod2g-ios.blogspot.com/2012/01/details-on-corona.html https://github.com/comex/datautils0/blob/master/make_kernel_patchfile.c Compare that to say: https://media.blackhat.com/bh-ad-11/Oi/bh-ad-11-Oi-Android_Rootkit-Slides.pdf If you have root in Android you can do significantly more than in IOS. Also, getting root is harder in IOS.
 
#2.2 Shashi wrote (Link) (Reply)
Posted on Sunday, October 28. 2012
Hi, I have two questions for you . I have just roeotd my phone and it seems like my photos have been deleted and one of my game app won't run (Application is not installed on your phone) . Is there a solution to this ? second I really have no idea what i did and i really don't know what rooting a phone actually means. I just want free internet without paying monthly data fees and free paid apps . Is this possible through rooting a phone ?
 

Add Comment