root on locked bootloader KITKAT ? ? :( - Droid RAZR M Q&A, Help & Troubleshooting

im curious if there is any way to push "su" to the the system?
i mean cmon there are pleanty of KITKAT 4.4.2 fastboot files.
i have tried pushing "su" maually with "pwn" exploit.
tried with following exploits
-psneuter
-pwn
but no luck there.
any one pleaseeeee...im dieing here..
our system details.
- LOCKED BOOTLOADER ( )
- KIT KAT 4.4.2
- Blur_Version.183.46.10.XT907.Verizon.en.US ( KDA20.62-10.1 )
what i tried is
Code:
adb devices
adb push pwn /data/local/tmp
adb shell
$ cd /data/local/tmp
$ chmod 777 pwn
$ ./pwn
( NO LUCK GETTING PERMISSION AFTER $ ./pwn )
At this point, the exploit will run and close the shell. You will need to run these commands to restart the ADB server.
adb kill-server
adb devices
Now comes the moment of truth. Use the
adb shell
command to open a shell. If you see a "#" sign, you have root access, so go ahead and continue to the next part.
If not, you can go back and try the previous steps again
We now need to make this root permanent. From the root shell you just opened, type the following commands.
# mount -o remount,rw -t rfs /dev/block/st19 /system
# exit
adb push busybox /system/bin
adb push su /system/bin
adb install Superuser.apk
adb shell
# chmod 4755 /system/bin/busybox
# chmod 4755 /system/bin/su
# mount -o remount,ro -t rfs /dev/block/st19 /system
# exit
adb reboot
gys lets make this happen any how.....lets roll...

even this wont work
http://www.kingoapp.com/

Every root method I've ever found for KK requires an unlocked bootloader, and I'm talking about looking outside the box at all different brands/models of phones too. I guess Google finally figured how to lock things up as well as Apple. I've read XDA user "jcase" had discovered a KK exploit that works on some Motorolas, but he's keeping it secret for some mysterious reason and will be presenting it at a Black Hat conference. Why anyone would rather help companies than consumers is beyond my comprehension, but it is what it is.

GnatGoSplat said:
Every root method I've ever found for KK requires an unlocked bootloader, and I'm talking about looking outside the box at all different brands/models of phones too. I guess Google finally figured how to lock things up as well as Apple. I've read XDA user "jcase" had discovered a KK exploit that works on some Motorolas, but he's keeping it secret for some mysterious reason and will be presenting it at a Black Hat conference. Why anyone would rather help companies than consumers is beyond my comprehension, but it is what it is.
Click to expand...
Click to collapse
Every exploit has two sides to it: it can be used more or less legitimately by users to obtain root privileges, but it can be also abused by rogue apps to gain control over someone else's device.
When you find an exploit, the sooner you publish it, the sooner it will be patched in a firmware update, making it unusable any more for gaining root privileges. And since you've published it, the bad guys can make their use of it as well.
Patching existing vulnerabilities by companies is natural and essentially made in favour of user's safety.
The specific timing of releasing details about some found vulnerability can be part of a tactic - you can give users a window for gaining root just after a specific expected firmware release for some device. If an exploit is published too soon, it will be patched in an upcoming firmware update and no one will be able to use it for rooting...

means that there is a possible way of course but the thing is will it could be found by or not......
of course for good reasons.......

Related

[Q] Rooting Epic 4G for Noobs on a Mac?

Hi, I'm pretty geeky for a non IT person, but I have had a Blackberry up until now, so I am totally new to this Android set up. I have the Epic on Sprint; am frustrated with battery life, and would like to try and root the phone for 2.2 froyo. however most of the tutorials blow through the lingo (adb, huh?) in a way that is not explanatory for people who are new to this. Is their either a visual step-by-step guide for people or a more basic explanation of what is what and what to do somewhere? And, so far all I've seen is for Windows people. I have a Mac running snow leopard?
Help!
tromano said:
Hi, I'm pretty geeky for a non IT person, but I have had a Blackberry up until now, so I am totally new to this Android set up. I have the Epic on Sprint; am frustrated with battery life, and would like to try and root the phone for 2.2 froyo. however most of the tutorials blow through the lingo (adb, huh?) in a way that is not explanatory for people who are new to this. Is their either a visual step-by-step guide for people or a more basic explanation of what is what and what to do somewhere? And, so far all I've seen is for Windows people. I have a Mac running snow leopard?
Help!
Click to expand...
Click to collapse
I'm thinking of writing a script for Mac users, i don't have an epic but my xo-worker does and i rooted his today on my Mac, not as simple as the one click root but is doable.
that would be awesome; i guess the main things are 1. if you root it, can you upgrade to 2.2? 2. if you root it and upgrade, can you undo everything to factory?
Id be interested in this also
Sent from my SPH-D700 using Tapatalk
tromano said:
that would be awesome; i guess the main things are 1. if you root it, can you upgrade to 2.2? 2. if you root it and upgrade, can you undo everything to factory?
Click to expand...
Click to collapse
1. Rooting doesn't instantly make you 2.2 Upgradeable. 2.2 Froyo comes in different flavors for different manufactures. They lock the phone down with their systems so they phone cannot be unlocked, etc. Right now we are a bit far behind in getting 2.2 on the Epic. I think Sprint might even get it faster.
2. If you root you can ALWAYS go back to stock. They is a guide right here for returning to stock 2.1 and undo everything to factory.
It's kind of crude, but I wrote this for someone over at SDX-Developers to try. I think they were successful.
I don't use Macs much, but here's Joey's Permanent Root Method process I used to get it working under linux. The same method can be done through a Mac's Terminal if you're not intimidated by using command line.
First download Android-SDK for OSX.
http://developer.android.com/sdk/index.html
Once downloaded extract it and save to the root of your Mac's hard drive. Then rename the folder "android-sdk"
Next download the following files and save them to the /android-sdk/tools folder.
http://www.joeyconway.com/epic/root/joeykrim-root.sh
http://www.joeyconway.com/epic/root/jk-su
http://www.joeyconway.com/epic/root/rageagainstthecage-arm5.bin
http://www.joeyconway.com/epic/root/playlogo
Next open a terminal window. (command key + space then type terminal)
At the prompt, type "cd /android-sdk/tools"
If you save the files where I told you to, you shoud be able to copy and paste the commands into your terminal window. Do one line at a time and press enter after each pasting.
./adb push rageagainstthecage-arm5.bin /data/local/tmp/rageagainstthecage-arm5.bin
./adb push joeykrim-root.sh /sdcard/joeykrim-root.sh
./adb push jk-su /sdcard/jk-su
./adb push playlogo /sdcard/playlogo
./adb shell
chmod 755 /data/local/tmp/rageagainstthecage-arm5.bin
cd /data/local/tmp
rageagainstthecage-arm5.bin
exit
./adb shell
mount -t rfs -o remount,rw /dev/block/stl9 /system
cat /sdcard/joeykrim-root.sh > /system/bin/joeykrim-root.sh
cat /sdcard/jk-su > /system/bin/jk-su
mv /system/bin/playlogo /system/bin/playlogo-orig
cat /sdcard/playlogo > /system/bin/playlogo
chmod 755 /system/bin/playlogo
chmod 755 /system/bin/joeykrim-root.sh
exit
Click to expand...
Click to collapse
Issue for operation not permitted
I got all the way to the last paragraph of ./adb shell but cannot get the mount line to work....it says operatino not permitted. I put everything in the mac's root section just inside mac hd.
HELP!! I put hte phone in debug mode....did I need ot install any drivers from samsung....help!!!
-J
jayhover85 said:
I got all the way to the last paragraph of ./adb shell but cannot get the mount line to work....it says operatino not permitted. I put everything in the mac's root section just inside mac hd.
HELP!! I put hte phone in debug mode....did I need ot install any drivers from samsung....help!!!
-J
Click to expand...
Click to collapse
Were you able to get this working?
Root
No, I was not.
Check out this snippet of the instructions (I'll number them for ease):
<snip>
1.) cd /data/local/tmp
2.) rageagainstthecage-arm5.bin
3.) exit
4.) ./adb shell
5.) mount -t rfs -o remount,rw /dev/block/stl9 /system
</snip>
When you ran step 2, what happened? You may have to run the command this way with a dot and slash in front instead:
./rageagainstthecage-arm5.bin
When you ran step 4, did you get a $ or a #? If you got a #, step 5 should work properly. If you got a $, you'll need to do re-run the ./rageagainstthecage-arm5.bin step again. Re-running this step doesn't hurt anything. Good luck.
ss4rob said:
Check out this snippet of the instructions (I'll number them for ease):
<snip>
1.) cd /data/local/tmp
2.) rageagainstthecage-arm5.bin
3.) exit
4.) ./adb shell
5.) mount -t rfs -o remount,rw /dev/block/stl9 /system
</snip>
When you ran step 2, what happened? You may have to run the command this way with a dot and slash in front instead:
./rageagainstthecage-arm5.bin
When you ran step 4, did you get a $ or a #? If you got a #, step 5 should work properly. If you got a $, you'll need to do re-run the ./rageagainstthecage-arm5.bin step again. Re-running this step doesn't hurt anything. Good luck.
Click to expand...
Click to collapse
i'm stuck. i just got my epic and i'm trying to root it. i get to step 2 (using "./" before rage...cage) and terminal looks like it's running something. i type in "exit" when it finishes and it's as if my terminal logs me out. i can't reach step 4 and the screen on my epic has gone black by now. frozen up. i need to remove the battery to reboot and unfreeze my device. what am i doing wrong? am i missing a step somewhere? also, the "playlogo" file saves as ".sh" at the end, so in the terminal i manually enter that at the end of the file name just so that it can be read. "playlogo" without the ".sh" at the end cannot be found. is this what's causing it? any help would be greatly appreciated. i'm trying not to brick my phone!

[DEV] Insecure ADB for iconia

with insecure adb you don't have to su everytime you use adb shell and you can adb remount (to remount rw your system).
You can't use the original zip (or apk) created by Paul for the ARC or SG2 because that adbd doesn't run on our device. I managed to patch the original iconia's adbd so it allows to run insecure even when our default.prop value is ro.secure=1.
Credits go to Paul O'Brien for the original hack.
Unpack the zip: http://xda.richardtrip.org/Acer/adbd/r1-insecure-iconia-a500.zip
Code:
adb push adbd /data/local/
adb push busybox /data/local/
adb push install-recovery.sh /data/local/
adb shell
su
mount -o remount,rw /dev/block/mmcblk0p3 /system
cat /data/local/busybox>/system/xbin/busybox
chmod 4755 /system/xbin/busybox
busybox --install -s /system/xbin/
mkdir /system/mcr/
cp /data/local/adbd /system/mcr/
cp /data/local/install-recovery.sh /system/etc/
chmod 4755 /system/etc/install-recovery.sh
chmod 4755 /system/mcr/adbd
rm /data/local/adbd
rm /data/local/busybox
rm /data/local/install-recovery.sh
mount -o remount,ro /dev/block/mmcblk0p3 /system
reboot
im kinda new to android. can you more detailed discribe what i should do with that. I need to remount /system to rw and i think with using this il can do it
richardtrip said:
with insecure adb you don't have to su everytime you use adb shell and you can adb remount (to remount rw your system).
You can't use the original zip (or apk) created by Paul for the ARC or SG2 because that adbd doesn't run on our device. I managed to patch the original iconia's adbd so it allows to run insecure even when our default.prop value is ro.secure=1.
Credits go to Paul O'Brien for the original hack.
Unpack the zip: http://xda.richardtrip.org/Acer/adbd/r1-insecure-iconia-a500.zip
Click to expand...
Click to collapse
Thank you so much!! =D
Worth mentioning that if you have already installed busybox (such as when initially rooting the device) you can skip those parts. Great job, and nice instructions - very detailed - should avoid too many silly questions. This will make things much easier to manage via the PC.
You should make huge red letters that tell everyone that this will finally allow them to use Droid Explorer and have full access to their internal & external storage from the PC now. This is the best thing that has happened for this device since getting root!!!
Glebaka said:
im kinda new to android. can you more detailed discribe what i should do with that. I need to remount /system to rw and i think with using this il can do it
Click to expand...
Click to collapse
Others may disagree with me, and I'm not really trying to sound rude but... if you have to ask you probably shouldn't be using this. Get more familiar with Android architecture and adb before doing it.
If for no other reason than the "INSECURE" part of it. That has ramifications and adds risk that users should be aware of when they do it. Probably minor risk, but being in security as I am, any risk is something to be mitigated.
cybermage1 said:
Others may disagree with me, and I'm not really trying to sound rude but... if you have to ask you probably shouldn't be using this. Get more familiar with Android architecture and adb before doing it.
If for no other reason than the "INSECURE" part of it. That has ramifications and adds risk that users should be aware of when they do it. Probably minor risk, but being in security as I am, any risk is something to be mitigated.
Click to expand...
Click to collapse
Yeah, the risk is that with this changed you now have root access from adb shells, without having to enter su. The tablet still needs to be physically connected to the pc to be vulnerable, and if you are in security you should know that there is no risk greater than allowing your devices to enter other people's hands. All this really does is make it easier to do things that you can already do via the pc/adb shell.
The only thing I used to regret for getting Iconia A500 was that there weren't many patches/fixes around. Now I am glad as you have given us more and more valuable things. Thanks Richard.
Can this be applied to 3.1, or is an update required?
+1 on that would be great if there was a flashable zip for 3.1
It's a trivial matter now, since Vache released a build with insecure boot, I suppose if you wanted to use another ROM you might be able to get his boot.img (or ask him to provide a zImage of the kernel to be injected in the boot.img of the rom of your choosing). I'm happy with his rom, so I don't need this right now.

[HOWTO]: Rooting the Huawei S7 Android 2.2.2 stock

Well this was a bit of a mess!
Firstly updating:
http://forum.xda-developers.com/showthread.php?t=1043349
http://phonedock.net/huawei-ideos-s7-froyo-2-2-2-update.html I followed this nice writeup. Be sure to delete the log file in dload for the second round of the upgrade as your device might, like mine, just blink on and off for a while trying to flash what it thinks it finds is already flashed but what just gives an error!
http://www.androidtablets.net/forum...uawei-ideos-s7-official-firmware-2-2-2-a.html Links to 2.2.2 Brazil which is the best for the 101 apparently, some tests done in that post on which rom work best for which model.
Now,
REMOVE YOUR SDCARD IF ANY! AND REBOOT THE DEVICE ! THIS HACK RELIES HEAVILY ON HIGH STRANGENESS AND SPOOKY ACTION AT A DISTANCE!
Originally i though modifying an ol doroot.sh script to using the psneuter exploit from SuperOneClick i would manage to root the device. Not without some fuzz, no. Firstly i discovered "cp" and many basic fileutils im used to in the world of *nix was missing from the 2.2.2 image kindly provided by Huawei ( The Norwegian Telenor image i might add that the camera on a model 101 will not work with!) so i found an easier way! push push push!
Here's what i did, for convenience ill try making it a script, but be prepared to copy these commands manually instead! For windows simply remove the ./ and add .exe .
Now, to make this work, simply get SuperOneClick from http://shortfuse.org/?page_id=2 and unzip, i used the adb from the google android sdk, but i guess the adb binary that comes with SOC is a simpler route if your just in for a quick root fix. Simply rename the appropriate adb for your system and use this method.
The simplest thing to do i guess is to copy Exploits/psneuter or gingerbreak to the ADB folder (in SuperOneClick's folder) and go on from there, also copy su-v3 (rename it to su) and Superuser.apk from "Root/" to the folder (ADB), or if you choose to, rewrite this "script" with the appropriate paths. Im unsure if the following script will work in every case, so you might want to do it manually, but most should get the drift, if you are not comfortable with this procedure you probably have no business or reason rooting the device in the first place. Disclaimer; if this bricks your device don't blame me, this is a fact of "it worked for me", your results may differ.
Be sure to set your USB mode to "Developer" mode
AND BE ROOT ON YOUR MACHINE!
Code:
#/bin/bash
echo "The BackAsswardsRootScript!\n\n"
echo "Lets start the adb server.\n\n"
./adb kill-server
./adb start-server
echo "Pushing the exploit psneuter onto the device.\n\n"
./adb push psneuter /data/local/tmp/psneuter
./adb shell "chmod 0755 /data/local/tmp/psneuter"
./adb push busybox /data/local/tmp/busybox
./adb shell "chmod 4755 /data/local/tmp/busybox"
echo "Now we run the root exploit.\n\n"
./adb shell "./data/local/tmp/psneuter"
echo "We should be root now, making sure.\n\n"
./adb root
echo "Remointing the FS as RW!\n\n"
./adb shell " /data/local/tmp/busybox mount -o rw,remount /system"
echo "Pushing the system files in place\n"
./adb shell "/data/local/tmp/busybox cp /data/local/tmp/busybox /system/bin/busybox"
./adb push su /system/bin/su
./adb push Superuser.apk /system/app/Superuser.apk
echo "Correct permissions might be nice.\n"
./adb shell "chmod 4755 /system/bin/busybox"
./adb shell "chmod 4755 /system/bin/su"
./adb shell "chmod 755 /system/app/Superuser.apk"
# Lets go back to read only, just for kicks!
echo "Remounting the filesystem as Read-Only\n\n"
./adb shell "busybox mount -o ro,remount -t /system"
echo "You should now be rooted my friend.\n Enjoy!\n"
Please help feed my Linux addiction! Go to http://threader.zapto.org and click Donate!
Rooting S7 using Gingerbreak
Just too inform you. I've just succesfully rooted the Indonesian 2.2.2 running on a
S7-105 using Chainfire's Gingerbreak v1.2.
Cool, theres a gingerbreak exploit in the superoneclick package also, i tried that after i though psneuter didnt work, just a matter of replacing psneuter with gingerbreak. Did you use this method though or did you find some other way?
I didn't change or replace anything. My terminal skills are not on a level to have the guts anyway.
I simply updated from S7V100R001C43B010 to S7v100R001C98B021.
Then ran the Gingerbreak 1.2 exploit.
Interesting, yeah the gingerbreak exploit will work, when i wrote the fist post i used the gingerbreak exploit instead of the psneuter one thinking psneuter didnt work, turns out it did though and i went back to that one as its designed for 2.2.2, didnt know of this wrapper though, thanks!
Just granted su superuser permissions on the Australian s7
Great work. Just noticed a missing final quotation mark:
threader said:
./adb shell "chmod 0755 /data/local/tmp/psneuter
Click to expand...
Click to collapse
Probably works because of the end of line but should be:
./adb shell "chmod 0755 /data/local/tmp/psneuter"
threader said:
Well this was a bit of a mess!
Firstly updating:
http://forum.xda-developers.com/showthread.php?t=1043349
http://phonedock.net/huawei-ideos-s7-froyo-2-2-2-update.html I followed this nice writeup. Be sure to delete the log file in dload for the second round of the upgrade as your device might like mine just blink on and off for a while trying to flash what it finds is already flashed but what just gives an error. !
http://www.androidtablets.net/forum...uawei-ideos-s7-official-firmware-2-2-2-a.html Links to 2.2.2 Brazil which is the best for the 101 apparently, some tests there on which roms work best for which models also.
Now,
REMOVE YOUR SDCARD IF ANY! AND REBOOT THE DEVICE ! THIS HACK RELIES HEAVILY ON HIGH STRANGENESS AND SPOOKY ACTION AT A DISTANCE!
Originally i though modifying an ol doroot.sh script to using the psneuter exploit from SuperOneClick i would manage to root the device. Not without some fuzz, no. Firstly i discovered "cp" and many basic fileutils was missing from the 2.2.2 image kindly provided by Huawei (Norwegian Telenor image, that i might add, the camera on a model 101 will not work with!) soo i found an easier way! push push push!
Heres what i did, for convenience ill try making it a script, but im making it as i type this post so this is untested as a script(!) Be prepared to copy these commands instead!
Now, to make this work, simply get SuperOneClick from http://shortfuse.org/?page_id=2 and unzip, i used the adb from the google android sdk, but i guess the adblinux binary that comes with SOC will work just as well, simply rename it to adb and use this method. The simplest thing to do i guess is copy Exploits/psneuter to the ADB folder (in SuperOneClick's folder) and go from there, also copy su-v3 (and rename it to su) and Superuser.apk from Root to the folder (ADB), or rewrite this "script"/collection of commands i used" with the appropriate paths. Im unsure if the following script will work as is as i said, so you might want to do it manually, but most should get the drift, if not you probably have no business or reason rooting the device in the first place. Disclaimer; if this bricks your device don't blame me, this is a fact of "it worked for me", your results may differ.
Be sure to set your usb mode to Developer mode
BE ROOT!
#/bin/bash
echo "The backasswardsrootscript!\n\n"
echo "Lets start the adb\n\n"
./adb kill-server
./adb start-server
./adb push psneuter /data/local/tmp/psneuter
./adb shell "chmod 0755 /data/local/tmp/psneuter
echo "Now we run the root exploit.\n\n"
./adb shell "./data/local/tmp/psneuter"
echo "Should say we are already root now.\n\n"
./adb root
echo "Remointing the FS as RW!\n\n"
# This really should be /dev/block/mmcblk0p1, i have no idea why this works.
./adb shell "mount -o rw,remount -t ext3 /dev/block/mmcblk1p1 /system"
# Now instead of copying using cp or moving with mv, considering "cp" was missing
# and mv just didnt work for some reason...! I found just pushing the files straight to the
# system after remounting worked just fine
echo "Pushing the system files in place\n"
./adb push su /system/bin/su
./adb push Superuser.apk /system/app/Superuser.apk
./adb push busybox /system/bin/busybox
echo "Correct permissions might be nice.\n"
./adb shell "chmod 4755 /system/bin/busybox
./adb shell "chmod 4755 /system/bin/su"
./adb shell "chmod 755 /system/app/Superuser.apk"
# Lets go back to read only just for kicks!
echo "Remounting the filesystem as Read-Only\n"
./adb shell "mount -o ro,remount -t ext3 /dev/block/mmcblk1p1 /system"
echo "You should be rooted my friend\n Enjoy!\n BE SURE TO DONATE TO SUPERONECLICK!!!"
# One of the main strangenesses i found was the block device was logically enough placed on
# partioton 1, of block1 which really should have been block 0 part 1, but that doesnt work.
# So it boils down to that this shouldnt work but does for no apparent reason(!).
# even /etc/mtab says that mmcblk0p1 is mounted to a non existent /mnt/dcard
# as an EXT4 partition which isnt supposed to be supported until 2.3.x
Click to expand...
Click to collapse
Dear S7 users,I am using the ideos s7 by Teltra supllier and i did unlock sim by norwegian rom.I read a lot of document but i didnt find out an easy way to run clockwork that i can run cook rom,can u help me how to run it in easy way.Thanks and appreciate that.
http://www.androidtablets.net/forum...wegian-2-2-2-s7v100r001c57b111.html#post82863
PuZZleDucK said:
Just granted su superuser permissions on the Australian s7
Great work. Just noticed a missing final quotation mark:
Probably works because of the end of line but should be:
./adb shell "chmod 0755 /data/local/tmp/psneuter"
Click to expand...
Click to collapse
Great! Thanks! Ops, yeah missed that, fixed now, thank you for pointing that out. I haven't spent much more time on this. the pad has pretty much been untouched since i moved house. I would like to make this easier for less technical inclined here but its just a matter of replacing ./adb with adb.exe if your on windows. Besides, i don't want to be at fault for bricking someone. And maybe i could write some simple application for installing Gnu/Linux as well, ( http://forum.xda-developers.com/showthread.php?t=1109730 ) but that will have to wait until someone bribes me or hits me over the head i guess.
tell me how you did it. i have a s7 - 105 too. please tell me the full tutorial, beginning to the end. cause i'm new to this android stuff. please..
---------- Post added at 08:53 PM ---------- Previous post was at 08:51 PM ----------
Maniacnl said:
Just too inform you. I've just succesfully rooted the Indonesian 2.2.2 running on a
S7-105 using Chainfire's Gingerbreak v1.2.
Click to expand...
Click to collapse
tell me how you did it. i have a s7 - 105 too. please tell me the full tutorial, beginning to the end. cause i'm new to this android stuff. please..

Automated script for enabling Wifi Hotspot on AT&T Atrix

I can't post this on the original thread because of The Rules about new users being blocked from developer forums(feh), but I wanted to share the script I used to automatically update the telephony database instead of buying the Root Explorer and SQLite Editor apps. Tested on my AT&T Atrix with stock builds 1.8.3 (Android 2.2.2 Froyo) and 4.5.91 (Android 2.3.4 Gingerbread).
Install the Android SDK and the Android Debug Bridge if you haven't already.
Get a copy of the sqlite3 binary for Android (I found one in the SuperOneClick zip file)
Root your phone (one method is here). The important part is to be able to su to root in an ADB shell.
Download the attached shell script, chmod it +x (and change the extension to .sh if you fee like it)
Push the sqlite3 binary and the shell script to a temp dir on the device:
Code:
$ adb push sqlite3 /data/local/tmp
$ adb push telephony.sh /data/local/tmp
Shell into the phone (make sure USB debugging is enabled):
Code:
$ adb shell
su to root:
Code:
$ su root
cd to /data/local/tmp:
Code:
# cd /data/local/tmp
make sure the script is executable:
Code:
# chmod 755 telephony.sh
run it:
Code:
# ./telephony.sh
Select AT&T Tether APN from list (Settings->Wireless & networking->Mobile Networks->Access point names)
Reboot device
Enable WiFi Hotspot
(Optional) Raise your fist in the air as you triumph over bloodsucking corporate greed.
If things get fouled for any reason, the script makes a backup of the files it modifies in the same directory with a "_backup" extension. You can restore the original databases by running the following commands in a root shell on the phone:
Code:
# cp -p /data/data/com.android.providers.telephony/databases/telephony.db_backup /data/data/com.android.providers.telephony/databases/telephony.db
# cp -p /data/data/com.motorola.android.providers.settings/databases/settings.db_backup /data/data/com.motorola.android.providers.settings/databases/settings.db
Make sure to include the -p switch, otherwise the file permissions won't be correct. It doesn't seem to be possible to set file permissions/ownership manually ("chgrp radio" gives an error).
Okay I need help......... I've rooted and I've completely lost the ability to have free wifi tethering.!!! I've been trying to do this procedure all day long and when I try and run the script from a cmd prompt (just like this........ ./telephony.sh) it tell me I do not have permission to do that even though I've already CHMOD'd the file to give SU permission........ GRRRRRRrrrrrrrrrrrrrrrrrrr please help.
Changing the permissions on the script with chmod is just the first step.
Make sure you've shelled into the phone ('adb shell'), and then logged in as root ('su root'). The command prompt should change from a '$' to a '#' when you're logged in as root.
If you're having problems getting the script to work for you, try this method for Wifi/tether enabling, it worked perfect for me on Stock 2.3.4, as well as Ninja Speed Freak
http://forum.xda-developers.com/showthread.php?t=1160452
yes sir
Malibee said:
Changing the permissions on the script with chmod is just the first step.
Make sure you've shelled into the phone ('adb shell'), and then logged in as root ('su root'). The command prompt should change from a '$' to a '#' when you're logged in as root.
Click to expand...
Click to collapse
Iam ssomewhat familiar with linux redhat enterprise. I will try the thread below.
BRILLIANT
Brilliant now that was easy as hell thank very much! I'm posting on the newly enabled Atrix hotspot using my Xoom! THANK YOU AL!
Awesome!
Agreed, worked perfect. Immediately. Now, I'm just having trouble getting my Xoom to connect. Everything else can, except the Xoom.

[DirtyCow][Linux]Vulnerability Test Suite

Hi guys,
i made a small test suite to test vulnerability to CVE-2016-5195 on Linux-based systems.
This is 99.9% the work of the author of the exploit, i just made some minor changes to transform this into a test suite.
Download: DirtyCow Test-Suite
Important: Activate USB-Debugging to get adb-shell running!
How-to-test:
Code:
Download the test suite from above server
Unpack the .zip
Attach your device via USB to your PC
./testvuln.sh
If vulnerable, you should see this:
Code:
202 KB/s (10000 bytes in 0.048s)
131 KB/s (5904 bytes in 0.043s)
Running exploit, may take some time
UID=0(root), your device is vulnerable!
Otherwise if not vulnerable something like this:
Code:
140 KB/s (10000 bytes in 0.069s)
133 KB/s (5904 bytes in 0.043s)
Running exploit, may take some time
run-as: Usage:
run-as <package-name> [--user <uid>] <command> [<args>]
Source (You can build it yourself via ndk):
https://www.androidfilehost.com/?fid=457095661767106997
Hint: Should work on all ARMv8 devices!
As I understand this would give a root adb shell and therefore I could root my Z5 Compact and install supersu? I only want to remove some garbage apps without unlocking the Boatloader.
tavoc said:
As I understand this would give a root adb shell and therefore I could root my Z5 Compact and install supersu? I only want to remove some garbage apps without unlocking the Boatloader.
Click to expand...
Click to collapse
This elevates privileges of a process. If you want a root shell you must do some modifications to the code, but this can potentially root all DirtyCow affected devices.
Thanks, I will have a look at your code. Maybe a github account would be nice for Pull request etc.
tavoc said:
Thanks, I will have a look at your code. Maybe a github account would be nice for Pull request etc.
Click to expand...
Click to collapse
Best thing you can do is fork this, i made some changes which contradict your desire of a root tool.
So this script is not working under Windows, ist that right?
So we can get root shell? but I don't think we can change the system partition without kernel changing right?
Or we can?
My question is can we root the device with this method?
DannyWilde said:
So this script is not working under Windows, ist that right?
Click to expand...
Click to collapse
For windows,download adb tools, copy all binary to adb folder and enter following in a terminal:
Code:
adb push dirtycow /data/local/tmp/dirtycow
adb push run-as /data/local/tmp/run-as
adb shell 'chmod 777 /data/local/tmp/run-as'
adb shell '/data/local/tmp/dirtycow /system/bin/run-as /data/local/tmp/run-as'
adb shell /system/bin/run-as
sijav said:
So we can get root shell? but I don't think we can change the system partition without kernel changing right?
Or we can?
My question is can we root the device with this method?
Click to expand...
Click to collapse
1. Yes
2. Yes
3. Yes, potentially
Tommy-Geenexus said:
For windows,download adb tools, copy all binary to adb folder and enter following in a terminal:
Code:
adb push dirtycow /data/local/tmp/dirtycow
adb push run-as /data/local/tmp/run-as
adb shell 'chmod 777 /data/local/tmp/run-as'
adb shell '/data/local/tmp/dirtycow /system/bin/run-as /data/local/tmp/run-as'
adb shell /system/bin/run-as
Click to expand...
Click to collapse
on
adb shell 'chmod 777 /data/local/tmp/run-as'
adb shell '/data/local/tmp/dirtycow /system/bin/run-as /data/local/tmp/run-as'
i get "not found"
on
adb shell /system/bin/run-as
i get "run-as: Usage:
run-as <package-name> [--user <uid>] <command> [<args>]"
run-as process has only 2 capabilities(setuid/setgid), also with selinux restriction, it cannot exec any shell even get elevated privilege ...
super_apache said:
run-as process has only 2 capabilities(setuid/setgid), also with selinux restriction, it cannot exec any shell even get elevated privilege ...
Click to expand...
Click to collapse
I know. This is not a root tool, this is just to test vulnerability.
Edit: Not sure if this was directed at me or the guy asking the root q, anyway this answers the root q.
Would be nice to have a working root exploit for Marshmallow. Keep us updated please'
To those asking about root (SuperSu) you must remember that with a locked bootloader you can't edit kernel or system partition.
As said elsewhere, there s no way to "root" without unlocking bl
ninestarkoko said:
Would be nice to have a working root exploit for Marshmallow. Keep us updated please'
To those asking about root (SuperSu) you must remember that with a locked bootloader you can't edit kernel or system partition.
As said elsewhere, there s no way to "root" without unlocking bl
Click to expand...
Click to collapse
This is the wrong thread then. I definitly do not have enough knowledge to get any kind of exploit working.
Best ping your favorite hacker and try to convince him to write an exploit.
ninestarkoko said:
Would be nice to have a working root exploit for Marshmallow. Keep us updated please'
To those asking about root (SuperSu) you must remember that with a locked bootloader you can't edit kernel or system partition.
As said elsewhere, there s no way to "root" without unlocking bl
Click to expand...
Click to collapse
Have a look at this thread. They managed to root the BLU R1 HD v6
http://forum.xda-developers.com/r1-hd/how-to/blu-r1-hd-v6-6-dirtycowed-f-amazon-root-t3490882/
Tommy-Geenexus said:
This is the wrong thread then. I definitly do not have enough knowledge to get any kind of exploit working.
Best ping your favorite hacker and try to convince him to write an exploit.
Click to expand...
Click to collapse
Sorry i misunderstood too. I thought you was planning to use it practically to create an exploit for MM.
I don't think it's necessary as we already have an exploit for LP, though it would be nice.
YuriRM said:
Have a look at this thread. They managed to root the BLU R1 HD v6
http://forum.xda-developers.com/r1-hd/how-to/blu-r1-hd-v6-6-dirtycowed-f-amazon-root-t3490882/
Click to expand...
Click to collapse
"WARNING UNLOCKING YOUR BOOTLOADER WILL WIPE DATA AND FACTORY RESET THE DEVICE"
they unlock the bootloader using fastboot command
How's everything going here? After reading various threads and Googling for hours, this seems to be the best chance to be able to permanently root the Z5 Compact with a locked bootloader.
Really hope you're onto something and are well rested after Christmas
wessok said:
How's everything going here? After reading various threads and Googling for hours, this seems to be the best chance to be able to permanently root the Z5 Compact with a locked bootloader.
Really hope you're onto something and are well rested after Christmas
Click to expand...
Click to collapse
Googleing for hours and didn't understand a simple sentence (in my post above) or the technical reasons behind that (in many threads) ? Stop your search now, unlock it and live happily.

Categories

Resources