magxjb version 0.9 is out

[jonwil]

The first release of my new tool called magxjb (short for magx jailbreak) is out. Like the jailbreak tools for the iPhone, this tool will do the business of freeing your phone (telnet, ftp, shell scripts etc).
Well it will eventually. Right now, you still need to do the edits to CG43 and CG52 yourself but magxjb will handle the rest including reading the data from your phone, uncompressing the squashfs filesystems, making new squashfs filesystems and writing the data back to the phone (the actual automation of the telnet, ftp etc will come later)

The tool (or rather, collection of tools and scripts) can be downloaded from http://users.tpg.com.au/jfwfreo/magxjb.tar.gz

To use it you need root access on a linux machine with the following software installed (in addition to gcc, binutils and the other stuff usually installed on a linux machine)
squashfs-tools
ifconfig
netcat
libusb

plus the following kernel items selected (as built-ins or as modules that will automatically load when the phone switches into the relavent mode. I have them as built-ins, if anything extra is needed to make the scripts work when the drivers are installed as modules, please let me know what and I can add it to the next release)
squashfs squashed file system support
USB Modem (CDC ACM) support
Sharp Zaurus support

My kernel is a 2.6.24 Gentoo kernel, it may be that other drivers are needed for modem mode (i.e. AT commands) or USB network mode, if so, load those instead.

Once you have this linux system, unpack magxjb.tar.gz to a location somewhere. Then run jbinstall.sh which will install the tools needed (the reading and flashing tool which is based on flash-tools 0.4.1, the tool to send the special commands for usb networking mode which is installed as motousbnet, the tool to fix up the ramdownloader so it erases the correct memory spots which is installed as ramdld-fix and the correct version of mksquashfs which gets installed as mksquashfs-old)

Once this is done, you can run any of the other 4 scripts as follows:
jbread.sh reads the cg43 and cg52 from the phone and unpacks them into a location you can then edit. jbread.sh also creates a backup of the just-read codegroups that you can flash back to the phone with jbrestore.sh if you want to.
jbwrite.sh takes the edited files, creates new cg43 and cg52 and flashes them to the phone.
jbrestore.sh takes one parameter, the backup number to restore. It then restores that backup if it exists.
jbnet.sh switches the phone into usb networking mode (all without needing to touch anything on the phone itself)

This tool has only been tested on a z6 with bootloader a3.c9. The included z6 ramdownloader is an a3.cc ramdownloader. It should work on the v8 and u9 if you modify the scripts and use the right ramdownloader and profile. (patches appreciated)

Please provide any feedback, bug reports, ideas etc you may have about this tool.
Everything in the .tar.gz file is released under the GNU General Public License unless otherwise specified. (obviously the z6.ldr file is (C) Motorola)

I will be making some further posts soon detailing specific hacks you can do (e.g. how to enable telnet, how to enable ftp, how to enable shell scripts in browser and file manager, how to remove noexec from mmc and ezxlocal and other usefull hacks) as well as a way to get the various hacks 100% working WITHOUT the need to do a complete reset of the phone (and loose all your settings)

[swifty]

good work, jonwil!
good name