[RyeBrye] has been trying to get multitouch working on the Android based T-Mobile G1. He hacked the Synaptics touchscreen driver so that it would dump raw event info to a character device. The demo above is using example code from Google for a fingerpaint program. Polling the device is not the fastest method, but [RyeBrye] just wanted to get a demo out there to prove it could be done.
Google has been trickling out info about what they’re actually fixing in the G1 firmware updates. Before RC29, users were able to bypass the phone lock using safe mode. RC29 also brought WebKit up to date, presumably patching the bug [Charlie Miller] found. RC30 takes care of root console problem. Unfortunately there are very few details as to what or how particular items were broken. This release method leaves much to be desired; having the official Android Security Announcements group be the absolute last place to get security news is asinine.
[Jay Freeman] has a rather exhaustive tutorial on how to set up a Debian environment on your T-Mobile G1. The first major issue with this is that getting root level access through telnetd is being patched. It certainly is a security issue that needs to be fixed, but a user shouldn’t have to root their own phone to begin with. While the G1 comes with some Linux tools, they’re limited. [Jay]‘s goal was to create a familiar Debian environment on the phone. It takes a few tricks, but if you’re familiar with the command line, you shouldn’t have any problems. Debian already has ARM EABI support, so creating a working image isn’t a problem. The image file is stored on the SD card and mounted using the loopback device. The G1’s kernel has module support turned on, so [Jay] created an ext2 and unionfs kernel modules. [Benno Leslie]‘s Android version of busybox is used to perform the actual mounting. Once mounted, you just need to chroot into the environment to start playing with native Linux apps. [Jay] takes this a step further by using unionfs to make the Android and Debian environments share the same root. This is really a great how-to and it’s nice to know that modules can be added to the kernel.
The G1 ‘execute every command you type‘ bug naturally spawned ‘rm -rf /’ jokes. rm is the Linux command for deleting files. The -r and -f flags will cause it to remove files recursively and ignore confirmation. Executed as root it will annihilate the entire filesystem. Won’t it? [Jon Hohle] decided to test exactly how destructive the command was to *nix systems. How functional would the system be afterwards? He tested it side by side with the Windows equivalent, both ‘format c:’ and ‘del /F /S /Q’. He wanted to see what protections were available and what would be left working. Linux ended up completely broken while Windows, thanks to file locking, actually shutdown cleanly… and never came back. Some OSes, like Solaris, refuse to run the command ‘rm -rf /’ to prevent accidents.
This is one of the more bizarre bugs we’ve ever heard. The T-Mobile G1 has an open root shell that interprets everything you type as a command. It was discovered when a user just happened to type the word ‘reboot’ in a conversation and the phone immediately rebooted. A patch has already been rolled out to fix this issue. It also buttons up the earlier telnetd SUID problem.
T-Mobile’s G1 was released last week and there has been at least one Android vulnerability announced already. The New York Times reported on research done by [Charlie Miller], who also helped find one of the first iPhone bugs, so we think the report is fairly credible. Last year, we saw him deliver a seminar on real world fuzzing at ToorCon 9. It covered exactly how they found the iPhone bug.
If you just want to use a G1 without service, you can activate it with any T-Mobile SIM card.
The iphone-dev team published a video today showing access to the iPhone’s baseband processor. They connect to the device over ssh and then use minicom to issue AT commands. They’re writing custom AT commands for full control.
Google has officially released the Android source code. While the T-Mobile G1 is being released tomorrow—some already have it—it is just one Android device. The availability of the source means that the platform could be port to almost any device. It’s a complete embedded Linux package and we’ve already seen it running on the N810. We can’t wait to see what hacks come out of this.