Home > Android Development > Android Root Access Gained Through PTerminal Application
November 5th, 2008 by Chris Moor

Android Root Access Gained Through PTerminal Application

Members of the XDA Developers forum have found a way to gain root access to their Android G1 handsets using a loophole in the PTerminal application.

PTerminal is available for download from the Android Market and can apparently be used to start a telnet connection on your G1 which can then be accessed from your PC - giving you root access to the device.

According to forum member Koush, the instructions are as follows:

  1. Turn on your phone's WiFi. This gives your phone an IP you can reach it at.
  2. Get to a command prompt on your device by using the PTerminal application from the Android Market. (adb shell does not seem to work with these instructions, telnetd does not start up)
  3. cd system
  4. cd bin
  5. telnetd
  6. netstat (get your phones IP)
  7. telnet into your phone's IP from your PC
  8. you now have root!

Whether a new 'over the air' update fixes this potential bug remains to be seen, but it might be a good idea to disable OTA updates if you decide to test this method.

Please be aware this is for advanced users only, root access is hidden for a reason.

[via Link & Link]


Did you enjoy this post? Subscribe to our RSS Feed! or visit the Android Forum!


Posted in Android Development |

Latest Android Forum Discussion

Related Posts

Google Push Update RC30 To Fix Potential Android Jailbreak
How To Root The Motorola DROID Android Phone
A Guide To Getting Root Access On The Google Nexus One
A Guide To Gaining Root Access On The HTC Hero Android Phone
Google Android SDK Update Contains Passwordless Root Account

10 Responses to “Android Root Access Gained Through PTerminal Application”

  1. KunjanNo Gravatar Says:
    November 5th, 2008 at 8:44 am

    The loop hole is not in the Pterminal app. The problem is with telnetd running as root.

    Each app in android has its own user. Telnetd is not a “standard” android aap. but a linux binary that runs outside of android ui.

    telnetd is owned by root, and hence runs as root. but since there is no authentication for the root user, it works as expected.

    I suspect it was left there for debugging, and probably used by the SDK also.

  2. nickNo Gravatar Says:
    November 5th, 2008 at 9:48 am

    Wow, I’m sure this will be ‘corrected’ in the next update… to bad it can be very useful for exploring ones device. just if you turn on telnetd, make sure to turn it off before walking around in public

  3. nickNo Gravatar Says:
    November 5th, 2008 at 9:58 am

    fun tidbit… you can use it to restart your phone with the ‘reboot’ command.

  4. SplasPoodNo Gravatar Says:
    November 5th, 2008 at 10:15 am

    When I first found telnetd and discovered what user it ran as I tried connecting to my phone’s ip over 3g…. alas it seems very filtered

    I posted this to xda originally hoping others will find cool uses for it, at least while it lasts. :) can’t wait!

  5. FnordNo Gravatar Says:
    November 5th, 2008 at 10:53 am

    As of 8am cst telnetd stops running on mine, and busybox’s telnetd will not run either. pTerminal doesn’t show any errors, but when trying a different port, ‘busybox telnet 127.0.0.1 5555′ errored with ’socket: permission denied’.

    Oddly, while I did install today’s OTA update, I was able to use the telnetd trick for a few hours before this happened. I think a stealth update removed pTerminal’s networking privs.

    Should’ve installed an sdcard backdoor instead of messing with an arm cross compiler for dropbear =[

  6. FnordNo Gravatar Says:
    November 5th, 2008 at 11:13 am

    Okay, apparently it still works if you enter ‘telnetd’ 2 or 3 times really fast as suggested elsewhere. Time to backdoor this thing!

    Also, there is an alternate means of getting root that doesn’t require wifi.
    Step 1: Have a server or shell account that allows tunneling.
    Step 2: Download ConnectBot, ssh into step 1.
    Step 3: Make a Remote tunnel, remote port anything (like 12345), local: localhost:25
    Step 4: Spam telnetd really fast as stated above.
    Step 5: Login to shell account and telnet localhost 12345
    Step 6: Enjoy your root.

  7. ZachNo Gravatar Says:
    March 5th, 2009 at 3:07 pm

    I’m such a n00b I don’t understand all this shit I just know that I need “root access” to use the screenshot app I downloaded in the market.

    it shouldn’t be THIS difficult to do it (like I said, I’m a little inept at this), why couldn’t they just install it on the phone?!

  8. RoyNo Gravatar Says:
    April 18th, 2009 at 4:29 pm

    iv got n connection refused msg from telnet.. :(
    what should i do?

  9. AlanNo Gravatar Says:
    May 21st, 2009 at 10:01 pm

    Hi everyone,

    I’ve compiled a set of instructions of rooting which actually worked for me. I hope this helps someone:

    http://ww2.cs.fsu.edu/~lupsha/android/

    Alan

  10. wensterretjeNo Gravatar Says:
    January 22nd, 2010 at 1:58 am

    Werk niet root G1 !!! Ik krijg telnetd permission denied . :( :(

Leave a Reply