The kernel is a not-yet-open(?) linux kernel:
Linux version 4.19.191-g9f720735273f
Which from what i gather it mtk's last 4.19 release for 6765. Should be pretty easy to rewrite the kernel, but it could take some time to redo ms35774 and och1970 from data sheets.
Linux version 4.19.191-g9f720735273f
Which from what i gather it mtk's last 4.19 release for 6765. Should be pretty easy to rewrite the kernel, but it could take some time to redo ms35774 and och1970 from data sheets.
Adding google services inevitably makes GMS yell at me from every single Google app it has in its arsenal on the device, I'll bother with this later too
https://github.com/RabbitHoleEscapeR1/r1_escape
Here's a (hopefully) all in one script that should automate the unlocking and flashing process on both linux and windows. If someone can help me get mtkclient working on macOS, I'd be happy to add macOS support too.
Here's a (hopefully) all in one script that should automate the unlocking and flashing process on both linux and windows. If someone can help me get mtkclient working on macOS, I'd be happy to add macOS support too.
I did make a few changes to mtkclient to have it work directly with the serial port without usbdk (doesn't work at all on latest W11 for me); serial mode on linux and macos doesn't work for me either. libusb works perfectly on linux, and only works in brom on macOS. Preloader connection just stalls with some weirdo "kernel driver unimplemented" error on macOS.:
https://github.com/bkerler/mtkclient/commit/9e54803fb5b6cb34842bcf95aaeb5d4a2e7df5ea
https://github.com/bkerler/mtkclient/commit/c3eb4b1183c9ca3698994f5fb3b27b4cb9705ab7
https://github.com/bkerler/mtkclient/commit/9e54803fb5b6cb34842bcf95aaeb5d4a2e7df5ea
https://github.com/bkerler/mtkclient/commit/c3eb4b1183c9ca3698994f5fb3b27b4cb9705ab7
GitHub
mtk_class: Use serial_handshake if serialportname provided Β· bkerler/mtkclient@9e54803
- Fixes:
EP_OUT = self.cdc.EP_OUT.write
^^^^^^^^^^^^^^^
AttributeError: 'serial_class' object has no attribute 'EP_OUT'
EP_OUT = self.cdc.EP_OUT.write
^^^^^^^^^^^^^^^
AttributeError: 'serial_class' object has no attribute 'EP_OUT'
https://ota.transactional.pub/qa/rabbit_OS_v0.8.83_20240509120550.json
Rabbit OTA server URL to latest update, seems to be an incr
Rabbit OTA server URL to latest update, seems to be an incr
After some smali patching, RabbitLauncher (kind of) works on my AOSP GSI build. I can link it to my account, but it understandably fails when trying to open a socket via it's wss classes. It seems to pass its build fingerprint and a key that comes from some jni. Should be easy to fix, but again I haven't had much time on the same.
π₯1
https://github.com/RabbitHoleEscapeR1/
All (or most?) of my work can be found here. Let's hope someone can pressure rabbit into releasing their linux sources ;-;
All (or most?) of my work can be found here. Let's hope someone can pressure rabbit into releasing their linux sources ;-;
GitHub
RabbitHoleEscapeR1
RabbitHoleEscapeR1 has 5 repositories available. Follow their code on GitHub.
π₯1
I have not uploaded any modified launcher/judy/updater apks, nor have I uploaded the full dump. If rabbit is gonna make it so hard to use adb, I'm sure they have DMCA requests waiting. Nothing in these repos have anything "rabbit proprietary". Its all AOSP, Google, and MediaTek.
π₯2
π₯3
I had a crap ton more findings, but I'll share them as I remember; hopefully this should keep you occupied for now lol
oh also, in my testing, OTG only works one way. I don't think the USB-C port is wired correctly or my unit is just funky
Mandatory tweet for a rant this ranty:
https://x.com/agent_fabulous/status/1799076537553268921?s=46&t=E93hDnOjXHkUOtbVB5gRGQ
https://x.com/agent_fabulous/status/1799076537553268921?s=46&t=E93hDnOjXHkUOtbVB5gRGQ
X (formerly Twitter)
Kshitij Gupta (@Agent_Fabulous) on X
Iβve spent the last 2 weeks getting android to run sanely on the Rabbit R1.
All instructions and code are open now.
https://t.co/yh4tIXvnKm
All instructions and code are open now.
https://t.co/yh4tIXvnKm
SystemUI is weirdly stripped down on the stock firmware. Navbar can be re-enabled by doing:
They could just do this using the overlay and emulator hwkeys prop but ok lol
persist.sysui.isNavBarRemoved=falseThey could just do this using the overlay and emulator hwkeys prop but ok lol
π1π€£1
A lot of StatusBar code is outright removed, but quick settings still exists on stock
π€¨4
just to clarify: this isnβt mtkclient, but is heavily derived from its code and its outputs. Itβs all dart
π4