Motorola Droid 4 - rooting

Yesterday I received the Motorola Droid 4 from my previous article. It came in a reasonable condition with a few scratches in the case (none in the display) and some of the back cover’s clips being broken. First impression: The phone feels a bit more clumpy than the N950, but much less than the N900. The sliding mechanism feels qualitatively worse than Nokia’s and the same goes for the keyboard quality. OTOH the extra keys are very nice, the display is noticeably bigger than the one from N900 and the hardware performs much faster. All in all its a nice phone.

After having a short look at the stock Android 4.x to see if everything works as expected, I started following the Tony’s guide to get mainline running. First step linked to Cyanogenmod page, which is no longer available. Fortunately has the latest version from Dec 2016.

The steps can be summarized as

  1. Update stock rom to (sha1: lscdf4c87701e4b22eaadbf713f602c0f9f453be5c, size: 632M) using flash script
  2. exploit (sha1: fc2c1ee5a93c94b36544fb859f39031719082c2e) device to get root access & ensure permanent root
  3. install SafeStrap (sha1: 5f411c545ea02671febe3d71d96ed6e8102a19c3), which is more or less a kexec based Android bootloader
  4. download or build Cyanogenmod LineageOS and push to /sdcard/
  5. install LineageOS to one of the slots

Afterwards Android 6.x with root access is available on the phone. Later I noticed the LineageOS part is completly optional (only SafeStrap should be needed with Tony’s scripts), but it might turn out useful to have a working system with proper root access.

Next we want to get the mainline kernel’s debug output. A off-the-shelf USB-TTL Adapter with 3.3V signal level can be used together with a MicroUSB connector to access the phone’s UART. I decided to use a standard MicroUSB <-> USB A cable and just combine a USB jack with a cheap chinese USB-TTL adapter. That is space-saving and I can use the same MicroUSB cable to access the device in USB mode :)

I also tried to get Tony’s ddroid stuff working (it generates a .zip file which can be used to install a kexec’d mainline kernel into one of SafeStrap’s bootslots). Unfortunately his prebuilt kexec kernel modules do not seem to work properly with my SafeStrap release. After putting everything together I only received “Help I’m alive” on my serial interface. At least I know the adapter and the uart module work as expected (The string is part of the uart driver).

Ironically the uart module makes it harder to debug the problem, since it detaches the adb shell (for obvious reasons - the USB support is gone, since the pins are used for UART). So I tried to use the “Terminal Command” from SafeStrap instead and went through the steps manuall. Loading arm_kexec.ko resulted in a segmentation fault and some spam in dmesg (the “Terminal Command” feature in SafeStrap is too annoying to do more detailed debugging).

Anyways, it looks like the kernel used by SafeStrap on my phone requires the kernel modules to be either built by a different compiler or from a different tree. For reference I used SafeStrap v3.75, which uses kernel “Linux localhost 3.0.8-gb1fdf10 #1 SMP PREEMPT Sat Jan 31 23:53:31 CET 2015 armv7l GNU/Linux”.