The background
I promised a few people a blog entry about rooting my T-Mobile / Android G1. I don't think anyone should enter into a firmware update for any device without considering the risk of brickage. The first thing I did was a fair bit of reading on the process and options. I stumbled upon an article on Lifehacker about why I might want to consider doing this to my extremely useful smartphone. That lead to another article on AndroidAndMe.com about how to actually gain root access to the phone (and more). This got me to the point where I was pretty sure that I wanted to root my phone and install firmware (or a ROM or image) that would improve it's operation but I still had some holes in my understanding of how it would all happen. And since I was risking the phone I've come to depend on daily, I wanted to understand things from end to end.Still need a bit more info..
It turns out there are quite a few options for new firmware for your Android phone. Some are more suitable for a daily-use phone than others, but that's the beauty of Android being open source. Lots of people grab the source and bend it to scratch whatever itch they have. I kept hearing about one guy's work who goes by the name of Cyanogen on the site xda-developers.com. (Phandroid did an interview with Cyanogen that gives a little more background about him and his work.) xda-developers.com turns out to be a thriving phone modding community with huge threads of discussion specifically about alternate G1 firmware(s). Reading through some of the thread about Cyanogen's latest stable build - 4.0.4 at this writing - helped to fill in more gaps to the point where I finally understood all the steps and software required to get me there. I posted a summary of how I thought it would go and asked for confirmation of my thinking. After an hour or so I got a couple of positive responses and knew I was finally ready to go with Cyanogen's 4.0.4 image.Assembling the new parts
Software required- One touch root app - flashrec
- Cyanogen's 1.4 recovery image
- Latest radio firmware (optional) - 2.22.19.26i
- Cyanogen's 4.0.4 alternate firmware - 4.0.4
- 4G or bigger Micro SDHC card - preferably a Class 6 card
- Backup, export, copy phone data to some place safe
- Backup existing SD card
- Create 3 partitions on the SD card in exactly the following order:
- Partition 1: format - FAT32, size - whatever is left over after subtracting partitions 2 & 3
- Partition 2: format - ext2/3/4, size - 512M (this is where most of your apps will live)
- Partition 3: format - linux swap, size - 32M (this is optional)
- Copy the stuff above to the FAT32 partition
- Install flashrec on the phone
- Run flashrec, backup current recovery image and install the 1.4 recovery image
- Reboot the phone into the recovery image mode
- Backup current T-Mobile cupcake firmware using nandroid
- Install 4.0.4 firmware
- Reboot (and wait for the first boot since lots of stuff is happening)
Ok, I tried it with my daughter's snapshot camera and Mr. Blurrycam appeared. I'm too tired / have a headache / am being lazy /whatever to try some other device now. No sense having a video of how things work when you can't see the phone screen anyway. So here's a link to a video that someone else did which shows them running flashrec to exploit the vulnerability and install the recovery image. NOTE! In the video below they show the complete process including wiping the existing phone, but they skip the process of backing up the current firmware using the nandroid backup menu item. I don't advise doing this (obviously)!
I'll try to get a video of my phone in action because I think that's what truly helps to make the determination if it's worth the (minor) risk.
Some stuff I learned along the way..
Once the phone is rooted, it does all the things the stock firmware did but more. That means that voicemail, the market, updates, etc. all work just as before. Only now you can run things like Wifi / Bluetooth tethering so that your phone can be a hotspot for your laptop when there aren't any other options. And the browser supports multi-touch. And so on. But you won't be getting any OTA updates from T-Mobile any longer, not that you need them.
The 1 touch root application exploits a known issue in the Android Cupcake (and earlier) bluetooth stack. This allows you to install a different recovery image (there is one included in the stock firmware too) that then allows you to install different, unlocked / rooted firmware. If you run the flashrec program and install the 1.4 recovery image and then just restart the phone without doing anything else, the stock firmware will overwrite the 1.4 recovery image with it's own. This confused me at first - so you could think of the flashrec program as a 1 time root access program. Of course you can just run it again and have another shot at gaining access to a recovery image that will allow you to install what you want. At some point Google / T-Mobile will close this exploit. In fact, the modified firmware that I'm running - 4.0.4 - has already fixed it. But 4.0.4, unlike the stock firmware, doesn't overwrite the recovery image when it starts, so you still have access to whatever recovery image you install to flash 4.0.4 in the first place.
The 4.0.4 firmware has something called App2SD turned on by default and it makes use of the 2nd partition on your SD card if it finds it formatted in any of ext2/3/4. Applications are stored on the card as is the dalvik VM cache. Application data remains on the internal memory of the phone. This was done to lessen the impact of writes to the SD card. It's also why you want to use the fastest SD card you can.
The 4.0.4 firmware uses something called CompCache to create a RAM based swap file for the phone while it's running. This is another reason that the 4.0.4 firmware is more responsive than the native firmware. It might also contribute to lower battery life, but for me, the jury is still out on how well the phone does w.r.t. power consumption. I hear that the 4.1 stuff that Cyanogen is working on (based largely on Android Donut branch) will greatly improve the battery life of the phone. Looking forward to that.
A rooted Android phone is not the same thing as an unlocked phone. If you want your T-Mobile phone unlocked as well you need to contact T-Mobile and ask them to give you the unlock code.
The nandroid backups that the recovery image makes can also be restored by the recovery image. However, the recovery image restore menu item will only restore the latest backup. So if you want to restore something earlier, you need to remove any newer image backups from the nandroid folder on the phone's SD card. The restore is very slick. I managed to forget to export some data from a couple of apps that I've been using since my first days with the phone so I really needed to go back and get it. No worries. First I booted into the recovery console and made a backup of my newly installed 4.0.4 firmware. Then I powered off the phone and put the phone's SD card into my laptop and moved the 4.0.4 backup off the card. Then I booted back into the recovery console and hit restore and after another reboot my phone was back to it's Cupcake original firmware complete with all the apps and their data.
