Root Access (Finally Achieved!)

load into and use  Shell in
then run the following
cd /system/bin
cat btld_testmode > ../btld_testmode (this backs up the file)
cat sh >> btld_testmode (we append it first, don't know why, but we cant just overwrite it at first)
cat sh > btld_testmode (overwrite it)

Now, it lost is setuid. but that is fine, the factorytest.rc will restore it. so reboot the phone, reloading .

cd /system/bin
./btld_testmode
Now you are in a root shell, you know what to do
cat sh > su
chmod 4755 su
exit
./su

Now we will put btld_testmode back.

cat ../btld_testmode > btld_testmode
chmod 6777 btld_testmode

Currently the su looses it's setuid on reboot, so it is not permanent.
Still working on that.

Edit: it seems all permissions get reset, then are set up by the init script.
Sadly, we can't overwrite the init script because changes in / do not persist.
All we can use this  for is flashing, unless we find another way to persist our setuid...
But hey, at least we have a root shell! It is a start

More here, including a trick to guarantee test mode will activate:
http://midnightchannel.net/blog/255-how-to-root-the-samsung-moment.html

Important Update:
hokansoc warns:


Now personally, mine is still sh, and I have had no problems, however, Decepticrock notes:



Now, I don't use Bluetooth on my phone, so perhaps an important step before rooting is to disable bluetooth?

yeah, I can't get it to persist though. It seems Samsung's RFS erases permissions on reboot, and the init.rc sets them up again everytime you boot.

But we can't edit the init.rc because its on /, and the change won't persist.

But perhaps this can be used to figure out a workaround, or just write a custom rom with the modified init.rc. I don't know, but at least we have root

Can I get a copy of the stock rom? or are you refering to my dabbling in the other thread with the bml

either way, the problem with the Moment is Samsung is using their propritary RFS instead of the yaffs2 the android hackers are used to...

Done! I made a wrapper around the playlogo script, which plays teh carrier logo:


first, while root still in testmode:
cd /system/bin
mv playlogo playlogo_real

Then create this file locally, and name it playlogo:


push it to /system
back in the shell:
chmod 755 /system/playlogo
mv /system/playlogo /system/bin/playlogo

reboot

now it will restore your su root access when the boot logo plays.
cheap hack for now

still it is in beta. i'm trying to use drocap and somehow it is reverting the setuid again.
so hopefully someone more experienced can use the little exploit i did accomplish to make a custom rom that will keep root and work with apps

Sorry, I'm very new to this, but I am an IT auditor so I probably know just enough to get in trouble. While root, couldn't you just create a new user (your own account) and then change its UID to 0? Wouldn't that would give you all root privileges without having to mess with the root account?

-Andy

I'm not sure what btld_testmode is for but I didn't have a problem skipping that step.  Still curious what that program is for.

Nevermind, this appears to be bluetooth related.

didnt work for me either. i spoke with zefie about it already and to make a long story short more work needs to be done in order to save permissions