GSOC jailbreak - mdubinko/gsoc-contrib GitHub Wiki

Official firmware updates are distributed as an image for a bootable SD card that repartitions and reinstalls everything on the internal storage. (See GSOC boot sequence)

Obtaining shell access is a matter of modifying this image to boot to a shell instead of the update script. This does not require opening the case or making permanent changes to the device. I can't guarantee anything, but it looks like if this process fails, you can always go simply boot from a factory firmware SD to restore things.

Ignoring the 2 DOS partitions (boot, and the one with rootfs.tar) modify the ext4 partition. If you have a Linux machine or VM with direct SD access, you can do this directly on a SD card prepared for the update. Otherwise, you can mount a filesystem into the img file (see https://github.com/mdubinko/gsoc-contrib/wiki/GSOC-official-firmware for instructions) and make changes there, then burn the modified img file to the SD card as usual.

The default tty for GSOC goes over the serial UART (which is not externally exposed on the device) so we need to set things up on the LCD.

Modify /usr/local/autologin/auto_login

Comment out:

#/usr/local/emmc_sources/emmc_install.sh | tee /dev/tty0

Uncomment latter 2 lines here:

# #######################
# put a tty on LCD
/bin/login -f root
clear

Modify /etc/inittab

Uncomment last line here

# Put a shell on the LCD
# tty0::askfirst:-/bin/sh
tty0::respawn:-/bin/sh  # without ask

Then get this on a SD card following standard firmware update instructions, insert into GSOC, and power on. You will land on a root prompt.

To access main storage:

mkdir /mnt/emmc_p2
mount /dev/mmcblk1p2  /mnt/emmc_p2

Modify /mnt/emmc_p2/etc/inittab for persistent terminal access

Add the following under "#Put a getty on the serial port"

tty2::respawn:/sbin/getty -L tty2 0 vt100
tty3::respawn:/sbin/getty -L tty3 0 vt100
tty4::respawn:/sbin/getty -L tty4 0 vt100
tty5::respawn:/sbin/getty -L tty5 0 vt100

This will allow you to access the shell by pressing ctrl+alt+f2, f3, through f5. Ctrl+alt+f1 will switch back to the regular GSOC gui.

Change the root password

You will need to change the root password in order to log in. You can do that with the following commands:

chroot /mnt/emmc_p2
passwd root

Enter a strong root password.