What did I want for Easter this year? A Linux watch.. But that was too much to ask for so I settled for rooting an Android watch (Yes I'm one of those guys). Even though the boot loader isn't locked it was a little tricky. Motorola doesn't provide stock images. I went about reversing their upgrade soap code and managed to perform a man in the middle attack on their firmware upgrade and dump out the firmware locations. The download site requires an auth cookie to be sent by the app to be able to download the firmware but it wasn't that hard to reverse. After obtaining the firmware I looked through all the firmwares only to find binary diffs but no stock image. I was lucky enough to find one older image that had a full boot.img in it. This was all i needed for the root.
Specs for the Motorola Actv
- CPU: omap3 (3630) - 600Mhz
- Ram: 256MB
- Nand: 8GB
- Wifi: 802.11n
- BlueTooth: Yes
- Fm Radio: Yes
- GPS: Yes
- LCD: 1.6" QCIF+
Start by making sure your on the Motorola firmware version 4.55.78. Download the patched boot.img I made here.
Turn off the device and hold the power key and the start key for 3 seconds then release. You should see it now in fastboot mode like this.
Once in Fastboot mode plug usb into your computer and run the following fastboot commands.
- fastboot flash boot boot.img
- fastboot reboot
Once the system has rebooted you should be able to establish a connection using adb. I was able to root it via adb using the zergRush exploit. For the general user it's likely easiest if you use a tool such as SuperOneClick.
Once you have rooted make a backup image of your system partition as there is no stock image available. You can do this by running the following command as root on adb shell.
- dd if=/dev/block/mmcblk1p18 of=/sdcard/system.img bs=1024 count=159616
Then exit adb and type
- adb pull /sdcard/system.img system.img
If for any reason you corrupt your system partition you can reflash it via fastboot by using the following command.
- fastboot flash system system.img
Grab the system.img and save it some where safe. Now you can load a launcher using the adb install command. You can also remove the default launcher by remounting the file system and saving the launcher to the sdcard partition. Only do this after you have a launcher installed. I used the Honeycomb launcher 1.8.
- mount -t ext3 -o remount,rw /dev/block/mmcblk1p18 /system
- cp /system/app/Launcher2.apk /sdcard
- rm /system/app/Launcher2.apk
To get the default google apps like Market Place and Maps. Grab from Cyanogenmod
To reenable mass storage and sync with the Motorola tools run the command stop adbd on an adb shell.
Rooted pics:
Tear Down Pics:
Motorola SoC OMAP chip? - itai8 d9lbz
8GB Toshiba flash - thgbm2g6d2fbaie
SoC (power management?) - CPCAP 3.2 (big blurry black chip)
Wifi/BT/FM - TI WL1271 (blurry blue chip at bottom)
Specs for the Motorola Actv
- CPU: omap3 (3630) - 600Mhz
- Ram: 256MB
- Nand: 8GB
- Wifi: 802.11n
- BlueTooth: Yes
- Fm Radio: Yes
- GPS: Yes
- LCD: 1.6" QCIF+
How to root the Motorola Actv
NOTE: this will only currently work with the 8GB model. I haven't made patches for the 16GB modelStart by making sure your on the Motorola firmware version 4.55.78. Download the patched boot.img I made here.
Turn off the device and hold the power key and the start key for 3 seconds then release. You should see it now in fastboot mode like this.
Once in Fastboot mode plug usb into your computer and run the following fastboot commands.
- fastboot flash boot boot.img
- fastboot reboot
Once the system has rebooted you should be able to establish a connection using adb. I was able to root it via adb using the zergRush exploit. For the general user it's likely easiest if you use a tool such as SuperOneClick.
Once you have rooted make a backup image of your system partition as there is no stock image available. You can do this by running the following command as root on adb shell.
- dd if=/dev/block/mmcblk1p18 of=/sdcard/system.img bs=1024 count=159616
Then exit adb and type
- adb pull /sdcard/system.img system.img
If for any reason you corrupt your system partition you can reflash it via fastboot by using the following command.
- fastboot flash system system.img
Grab the system.img and save it some where safe. Now you can load a launcher using the adb install command. You can also remove the default launcher by remounting the file system and saving the launcher to the sdcard partition. Only do this after you have a launcher installed. I used the Honeycomb launcher 1.8.
- mount -t ext3 -o remount,rw /dev/block/mmcblk1p18 /system
- cp /system/app/Launcher2.apk /sdcard
- rm /system/app/Launcher2.apk
To get the default google apps like Market Place and Maps. Grab from Cyanogenmod
To reenable mass storage and sync with the Motorola tools run the command stop adbd on an adb shell.
Rooted pics:
Tear Down Pics:
Motorola SoC OMAP chip? - itai8 d9lbz
8GB Toshiba flash - thgbm2g6d2fbaie
SoC (power management?) - CPCAP 3.2 (big blurry black chip)
Wifi/BT/FM - TI WL1271 (blurry blue chip at bottom)
No comments:
Post a Comment