TacoRoot

TacoRoot is a root exploit for HTC phones by Justin Case/jcase.

The 'vulnerability' was discovered independently by Justin Case, and Dan Rosenberg in 2011, with Rosenberg finding it first.

How It Works HTC left the recovery log world writeable, so all we have todo is delete it, symlink it to the non existant file /data/local.prop and reboot to recovery. Recovery will write a new log, allowing us to set ro.kernel.qemu=1 and reboot. This will make the phone believe it's an emulator, and run adbD as root. While the phone will be highly unstable, and may not fully boot, you will have a root shell with adb. This gives you the ability to patch misc, and downgrade your phone.

Patching MISC I have always patched by taking an image of the partition, and taking a hex editor to it. Due to sdcards not liking to mount on boot with tacoroot, you will either need to go the hex editor route or use a modified version of misc_version.

These misc_versions below are for EMMC devices only!!!!!

Sensation Version: 21:20 <@hyuh> jcase, done...uploading sensation version now.../data/local/tmp 21:22 <@hyuh> http://www.multiupload.com/9G8Q08R4P0 - cd8f1cbaddb8d74b0479d9e24b615745

"Universal misc_version" 01:06 <@hyuh> Well here's a side disk for the other taco: https://github.com/hyuh/misc_version_universal/downloads