You are here

Vulnerable recovery for Motorola Milestone - root any known firmware version

A SBF file that contains only the vulnerable recovery (CG47) from SHOLS_U2_01.14.0.
Allows to root any known Milestone firmware version. It will not change anything in the phone system etc., only the recovery partition will be reflashed.
Flash the SBF using RSD Lite 4.6 (Windows) or sbf_flash (Linux).
After you flash this SBF, you will be able to use the conventional update.zip method to install the su and Superuser.apk (aka root).

Made with SBF Recalc and hexedit.

Possible issues you may encounter:
1. If the RSD lite does not activate the Start button after you open the SBF file, you need to rename the SBF file to some simple short name, eg. recovery.sbf, and to put it to some simple short path, e.g C:\recovery.sbf (known Windows Vista / 7 issue).
2. "E:EOCD marker occurs after start of EOCD E:signature verification failed" error after you apply the update.zip in recovery means that you do not have the vulnerable recovery on your phone.
If you applied an OTA update before, there is a script run at every system boot that checks and re-flashes the recovery when its checksum doesn't match. In such case, you have to avoid booting to android after the vulnerable recovery flash. Boot directly to recovery when RSD Lite restarts the phone (hold camera button) and from there remove the /system/etc/install-recovery.sh file.
rm -f /system/etc/install-recovery.sh
A script for OpenRecovery is attached (install OpenRecovery and put the script to /sdcard/OpenRecovery/scripts before you flash the vulnerable recovery). Later in OpenRecovery, the first thing you should do is to run this script from the Run Script menu.

The latest version (w. RAMDLD 90.78): http://www.mediafire.com/?jzzjmmrvwkz
works on any phone with 90.72, 90.73, 90.74 and 90.78 bootloader

For reference only - older version (w. RAMDLD 90.74): http://www.mediafire.com/?0mlannzemzz
works only on phones with 90.72, 90.73 and 90.74 bootloader

AttachmentSize
Package icon Disable_recovery_check_by_OTA.zip212 bytes