.gif)
Sent from my Nexus 7 using Tapatalk 2
[ROOT] Motoshare 2: Old Bug, New Exploit
Started by
djrbliss
, Apr 22 2013 01:25 PM
985 replies to this topic
#241
DrJay
-
- Members
-
- 63 posts
Member
- Google+:jconawayiii@gmail.com
- LocationRancho Cucamonga California
Posted 23 April 2013 - 07:14 AM
Exploit worked perfectly. I have never run linux on a desktop/laptop that worked. Last time i tried was about 15 yrs ago with redhat and a live cd of Ubuntu 12.01 32bit worked flawlessly. A little more work than a windows exploit but i must admit that it was fun working with a command line again (the way we had to 30 years ago). The more things change the more they stay the same...)
Sent from my Nexus 7 using Tapatalk 2
Sent from my Nexus 7 using Tapatalk 2
- SamuriHL and livinginkaos like this
Sent from my ICS Bionic using my fingers
#242
pjcpke
-
- Members
-
- 5 posts
n00b
Posted 23 April 2013 - 07:19 AM
Yes, show us the output of it running so we can actually SEE what's going on and help you.
Here's a total copy-paste of my terminal output for the whole affair. Just to confirm, I had the device in MTP, it is an XT910 running 4.1.2 and I was using the 32-bit distro.
Basically, I go through this but each time I try a root-check I get the same results.
ubuntu@ubuntu:~$ mkdir /tmp/share
ubuntu@ubuntu:~$ sudo apt-get install samba
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
tdb-tools
Suggested packages:
openbsd-inetd inet-superserver smbldap-tools ldb-tools
The following NEW packages will be installed:
samba tdb-tools
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 4,130 kB of archives.
After this operation, 23.0 MB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1
Get:2 quantal/main tdb-tools i386 1.2.10-2 [22.8 kB]
Fetched 4,130 kB in 9s (440 kB/s)
Preconfiguring packages ...
Selecting previously unselected package samba.
(Reading database ... 161209 files and directories currently installed.)
Unpacking samba (from .../samba_2%3a3.6.6-3ubuntu5_i386.deb) ...
Selecting previously unselected package tdb-tools.
Unpacking tdb-tools (from .../tdb-tools_1.2.10-2_i386.deb) ...
Processing triggers for ureadahead ...
Processing triggers for ufw ...
Processing triggers for man-db ...
Setting up samba (2:3.6.6-3ubuntu5) ...
Generating /etc/default/samba...
update-alternatives: using /usr/bin/smbstatus.samba3 to provide /usr/bin/smbstatus (smbstatus) in auto mode
smbd start/running, process 7673
nmbd start/running, process 7709
Setting up tdb-tools (1.2.10-2) ...
update-alternatives: using /usr/bin/tdbbackup.tdbtools to provide /usr/bin/tdbbackup (tdbbackup) in auto mode
Processing triggers for ureadahead ...
Processing triggers for ufw ...
ubuntu@ubuntu:~$ sudo gedit /etc/samba/smb.conf
ubuntu@ubuntu:~$ sudo useradd guest -m -G users
ubuntu@ubuntu:~$ sudo passwd guest
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
ubuntu@ubuntu:~$ sudo smbpasswd -a guest
New SMB password:
Retype new SMB password:
Added user guest.
ubuntu@ubuntu:~$ sudo restart smbd
smbd start/running, process 7840
ubuntu@ubuntu:~$ cd /tmp/share
ubuntu@ubuntu:/tmp/share$ wget
--2013-04-23 15:38:36--
Resolving vulnfactory.org (vulnfactory.org)... 199.188.204.9
Connecting to vulnfactory.org (vulnfactory.org)|199.188.204.9|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3304852 (3.2M) [application/x-tar]
Saving to: `motoshare2.tgz'
100%[======================================>] 3,304,852 137K/s in 25s
2013-04-23 15:39:02 (130 KB/s) - `motoshare2.tgz' saved [3304852/3304852]
ubuntu@ubuntu:/tmp/share$ tar xvf motoshare2.tgz
adb.linux
adb.osx
busybox
pwn
run.sh
su
Superuser.apk
ubuntu@ubuntu:/tmp/share$ sudo chmod 755 run.sh
ubuntu@ubuntu:/tmp/share$ ifconfig
eth0 Link encap:Ethernet HWaddr e0:cb:4e:01:68:f3
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0
TX bytes:0 (0.0 eth1 Link encap:Ethernet HWaddr e0:cb:4e:01:64:a7
inet addr:192.168.1.102 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::e2cb:4eff:fe01:64a7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5795 errors:0 dropped:0 overruns:0 frame:0
TX packets:3967 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:8178004 (8.1 MB) TX bytes:293487 (293.4 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:124 errors:0 dropped:0 overruns:0 frame:0
TX packets:124 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:17185 (17.1 KB) TX bytes:17185 (17.1 KB)
ubuntu@ubuntu:/tmp/share$ cd /tmp/share/
ubuntu@ubuntu:/tmp/share$ sudo ./run.sh
[+] Waiting for device...
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
[+] Device found.
[+] Pushing exploit...
4088 KB/s (366952 bytes in 0.087s)
4805 KB/s (1867568 bytes in 0.379s)
1575 KB/s (64391 bytes in 0.039s)
5071 KB/s (1578585 bytes in 0.303s)
pkg: /data/local/tmp/Superuser.apk
Success
[+] Rooting phone...
[+] Your phone may appear to reboot. Please ignore this and continue with the exploit.
[+]
[+] Motoshare 2: Motorola 4.1.2 root exploit
[+] Copyright 2013 Dan Rosenberg (@djrbliss)
[+]
[+] Tested on Droid Bionic, Droid Razr (XT910)
[+]
[+] Getting root...
[+] Please press any hardware button on your phone.
[+] Don't worry if the phone is unresponsive at this time.
[+] Press enter to continue once you have pressed a hardware button.
[*] Cleaning up...
[*] Exploit complete. Press enter to reboot and exit.
#243
rlewis312010
-
- Members
-
- 111 posts
Member
Posted 23 April 2013 - 07:24 AM
Same thing:-(Here's a total copy-paste of my terminal output for the whole affair. Just to confirm, I had the device in MTP, it is an XT910 running 4.1.2 and I was using the 32-bit distro. Basically, I go through this but each time I try a root-check I get the same results. ubuntu@ubuntu:~$ mkdir /tmp/share
quantal/main samba i386 2:3.6.6-3ubuntu5 [4,107 kB]
ubuntu@ubuntu:~$ sudo apt-get install samba
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
tdb-tools
Suggested packages:
openbsd-inetd inet-superserver smbldap-tools ldb-tools
The following NEW packages will be installed:
samba tdb-tools
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 4,130 kB of archives.
After this operation, 23.0 MB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1
Get:2 quantal/main tdb-tools i386 1.2.10-2 [22.8 kB]
Fetched 4,130 kB in 9s (440 kB/s)
Preconfiguring packages ...
Selecting previously unselected package samba.
(Reading database ... 161209 files and directories currently installed.)
Unpacking samba (from .../samba_2%3a3.6.6-3ubuntu5_i386.deb) ...
Selecting previously unselected package tdb-tools.
Unpacking tdb-tools (from .../tdb-tools_1.2.10-2_i386.deb) ...
Processing triggers for ureadahead ...
Processing triggers for ufw ...
Processing triggers for man-db ...
Setting up samba (2:3.6.6-3ubuntu5) ...
Generating /etc/default/samba...
update-alternatives: using /usr/bin/smbstatus.samba3 to provide /usr/bin/smbstatus (smbstatus) in auto mode
smbd start/running, process 7673
nmbd start/running, process 7709
Setting up tdb-tools (1.2.10-2) ...
update-alternatives: using /usr/bin/tdbbackup.tdbtools to provide /usr/bin/tdbbackup (tdbbackup) in auto mode
Processing triggers for ureadahead ...
Processing triggers for ufw ...
ubuntu@ubuntu:~$ sudo gedit /etc/samba/smb.conf
ubuntu@ubuntu:~$ sudo useradd guest -m -G users
ubuntu@ubuntu:~$ sudo passwd guest
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
ubuntu@ubuntu:~$ sudo smbpasswd -a guest
New SMB password:
Retype new SMB password:
Added user guest.
ubuntu@ubuntu:~$ sudo restart smbd
smbd start/running, process 7840
ubuntu@ubuntu:~$ cd /tmp/share
ubuntu@ubuntu:/tmp/share$ wget
--2013-04-23 15:38:36--
Resolving vulnfactory.org (vulnfactory.org)... 199.188.204.9
Connecting to vulnfactory.org (vulnfactory.org)|199.188.204.9|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3304852 (3.2M) [application/x-tar]
Saving to: `motoshare2.tgz'
100%[======================================>] 3,304,852 137K/s in 25s
2013-04-23 15:39:02 (130 KB/s) - `motoshare2.tgz' saved [3304852/3304852]
ubuntu@ubuntu:/tmp/share$ tar xvf motoshare2.tgz
adb.linux
adb.osx
busybox
pwn
run.sh
su
Superuser.apk
ubuntu@ubuntu:/tmp/share$ sudo chmod 755 run.sh
ubuntu@ubuntu:/tmp/share$ ifconfig
eth0 Link encap:Ethernet HWaddr e0:cb:4e:01:68:f3
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0
eth1 Link encap:Ethernet HWaddr e0:cb:4e:01:64:a7
inet addr:192.168.1.102 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::e2cb:4eff:fe01:64a7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5795 errors:0 dropped:0 overruns:0 frame:0
TX packets:3967 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:8178004 (8.1 MB) TX bytes:293487 (293.4 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:124 errors:0 dropped:0 overruns:0 frame:0
TX packets:124 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:17185 (17.1 KB) TX bytes:17185 (17.1 KB)
ubuntu@ubuntu:/tmp/share$ cd /tmp/share/
ubuntu@ubuntu:/tmp/share$ sudo ./run.sh
[+] Waiting for device...
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
[+] Device found.
[+] Pushing exploit...
4088 KB/s (366952 bytes in 0.087s)
4805 KB/s (1867568 bytes in 0.379s)
1575 KB/s (64391 bytes in 0.039s)
5071 KB/s (1578585 bytes in 0.303s)
pkg: /data/local/tmp/Superuser.apk
Success
[+] Rooting phone...
[+] Your phone may appear to reboot. Please ignore this and continue with the exploit.
[+]
[+] Motoshare 2: Motorola 4.1.2 root exploit
[+] Copyright 2013 Dan Rosenberg (@djrbliss)
[+]
[+] Tested on Droid Bionic, Droid Razr (XT910)
[+]
[+] Getting root...
[+] Please press any hardware button on your phone.
[+] Don't worry if the phone is unresponsive at this time.
[+] Press enter to continue once you have pressed a hardware button.
[*] Cleaning up...
[*] Exploit complete. Press enter to reboot and exit.
#244
SamuriHL
-
- Smod
-
- 44,111 posts
Android Warrior
- Current Device(s):S21 Ultra, Pixel 6
Posted 23 April 2013 - 07:26 AM
Here's a total copy-paste of my terminal output for the whole affair. Just to confirm, I had the device in MTP, it is an XT910 running 4.1.2 and I was using the 32-bit distro.
Basically, I go through this but each time I try a root-check I get the same results.
ubuntu@ubuntu:~$ mkdir /tmp/share
quantal/main samba i386 2:3.6.6-3ubuntu5 [4,107 kB]
ubuntu@ubuntu:~$ sudo apt-get install samba
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
tdb-tools
Suggested packages:
openbsd-inetd inet-superserver smbldap-tools ldb-tools
The following NEW packages will be installed:
samba tdb-tools
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 4,130 kB of archives.
After this operation, 23.0 MB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get:1
Get:2 quantal/main tdb-tools i386 1.2.10-2 [22.8 kB]
Fetched 4,130 kB in 9s (440 kB/s)
Preconfiguring packages ...
Selecting previously unselected package samba.
(Reading database ... 161209 files and directories currently installed.)
Unpacking samba (from .../samba_2%3a3.6.6-3ubuntu5_i386.deb) ...
Selecting previously unselected package tdb-tools.
Unpacking tdb-tools (from .../tdb-tools_1.2.10-2_i386.deb) ...
Processing triggers for ureadahead ...
Processing triggers for ufw ...
Processing triggers for man-db ...
Setting up samba (2:3.6.6-3ubuntu5) ...
Generating /etc/default/samba...
update-alternatives: using /usr/bin/smbstatus.samba3 to provide /usr/bin/smbstatus (smbstatus) in auto mode
smbd start/running, process 7673
nmbd start/running, process 7709
Setting up tdb-tools (1.2.10-2) ...
update-alternatives: using /usr/bin/tdbbackup.tdbtools to provide /usr/bin/tdbbackup (tdbbackup) in auto mode
Processing triggers for ureadahead ...
Processing triggers for ufw ...
ubuntu@ubuntu:~$ sudo gedit /etc/samba/smb.conf
ubuntu@ubuntu:~$ sudo useradd guest -m -G users
ubuntu@ubuntu:~$ sudo passwd guest
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
ubuntu@ubuntu:~$ sudo smbpasswd -a guest
New SMB password:
Retype new SMB password:
Added user guest.
ubuntu@ubuntu:~$ sudo restart smbd
smbd start/running, process 7840
ubuntu@ubuntu:~$ cd /tmp/share
ubuntu@ubuntu:/tmp/share$ wget
--2013-04-23 15:38:36--
Resolving vulnfactory.org (vulnfactory.org)... 199.188.204.9
Connecting to vulnfactory.org (vulnfactory.org)|199.188.204.9|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3304852 (3.2M) [application/x-tar]
Saving to: `motoshare2.tgz'
100%[======================================>] 3,304,852 137K/s in 25s
2013-04-23 15:39:02 (130 KB/s) - `motoshare2.tgz' saved [3304852/3304852]
ubuntu@ubuntu:/tmp/share$ tar xvf motoshare2.tgz
adb.linux
adb.osx
busybox
pwn
run.sh
su
Superuser.apk
ubuntu@ubuntu:/tmp/share$ sudo chmod 755 run.sh
ubuntu@ubuntu:/tmp/share$ ifconfig
eth0 Link encap:Ethernet HWaddr e0:cb:4e:01:68:f3
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0
eth1 Link encap:Ethernet HWaddr e0:cb:4e:01:64:a7
inet addr:192.168.1.102 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::e2cb:4eff:fe01:64a7/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5795 errors:0 dropped:0 overruns:0 frame:0
TX packets:3967 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:8178004 (8.1 MB) TX bytes:293487 (293.4 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:124 errors:0 dropped:0 overruns:0 frame:0
TX packets:124 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:17185 (17.1 KB) TX bytes:17185 (17.1 KB)
ubuntu@ubuntu:/tmp/share$ cd /tmp/share/
ubuntu@ubuntu:/tmp/share$ sudo ./run.sh
[+] Waiting for device...
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
[+] Device found.
[+] Pushing exploit...
4088 KB/s (366952 bytes in 0.087s)
4805 KB/s (1867568 bytes in 0.379s)
1575 KB/s (64391 bytes in 0.039s)
5071 KB/s (1578585 bytes in 0.303s)
pkg: /data/local/tmp/Superuser.apk
Success
[+] Rooting phone...
[+] Your phone may appear to reboot. Please ignore this and continue with the exploit.
[+]
[+] Motoshare 2: Motorola 4.1.2 root exploit
[+] Copyright 2013 Dan Rosenberg (@djrbliss)
[+]
[+] Tested on Droid Bionic, Droid Razr (XT910)
[+]
[+] Getting root...
[+] Please press any hardware button on your phone.
[+] Don't worry if the phone is unresponsive at this time.
[+] Press enter to continue once you have pressed a hardware button.
[*] Cleaning up...
[*] Exploit complete. Press enter to reboot and exit.
Uhh, hmm. That does look like it worked. You pressed a hardware button when it told you to?
sudo ./adb.linux shell ls -l /system/xbin/su*
sudo ./adb.linux shell ls -l /system/bin/su*
Please run those two commands and give me the output.
Non potest esse nisi unus
#245
pjcpke
-
- Members
-
- 5 posts
n00b
Posted 23 April 2013 - 07:31 AM
Uhh, hmm. That does look like it worked. You pressed a hardware button when it told you to?
sudo ./adb.linux shell ls -l /system/xbin/su*
sudo ./adb.linux shell ls -l /system/bin/su*
Please run those two commands and give me the output.
Yeah, I used the volume-up key the first time around and since then I've alternated between all three of my available keys.
This is my output:
ubuntu@ubuntu:/tmp/share$ sudo ./adb.linux shell ls -l /system/xbin/su*
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
lrwxrwxrwx root root 2013-04-24 01:41 sulogin -> /system/xbin/busybox
lrwxrwxrwx root root 2013-04-24 01:41 sum -> /system/xbin/busybox
ubuntu@ubuntu:/tmp/share$ sudo ./adb.linux shell ls -l /system/bin/su*
lrwxrwxrwx root root 2013-04-24 01:41 su -> /system/xbin/su
-rwxr-xr-x root shell 5352 2013-04-21 21:53 surfaceflinger
ubuntu@ubuntu:/tmp/share$
#246
SamuriHL
-
- Smod
-
- 44,111 posts
Android Warrior
- Current Device(s):S21 Ultra, Pixel 6
Posted 23 April 2013 - 07:38 AM
Yeah, I used the volume-up key the first time around and since then I've alternated between all three of my available keys.
This is my output:
ubuntu@ubuntu:/tmp/share$ sudo ./adb.linux shell ls -l /system/xbin/su*
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
lrwxrwxrwx root root 2013-04-24 01:41 sulogin -> /system/xbin/busybox
lrwxrwxrwx root root 2013-04-24 01:41 sum -> /system/xbin/busybox
ubuntu@ubuntu:/tmp/share$ sudo ./adb.linux shell ls -l /system/bin/su*
lrwxrwxrwx root root 2013-04-24 01:41 su -> /system/xbin/su
-rwxr-xr-x root shell 5352 2013-04-21 21:53 surfaceflinger
ubuntu@ubuntu:/tmp/share$
WTF? Um, that's odd. Try this:
sudo ./adb.linux shell
su
Do you get a # prompt??
Non potest esse nisi unus
#247
pjcpke
-
- Members
-
- 5 posts
n00b
Posted 23 April 2013 - 07:44 AM
WTF? Um, that's odd. Try this:
sudo ./adb.linux shell
su
Do you get a # prompt??
Afraid all I get back is:
-rwxr-xr-x root shell 5352 2013-04-21 21:53 surfaceflinger
ubuntu@ubuntu:/tmp/share$ sudo ./adb.linux shell
shell@umts_spyder:/ $ su
/system/bin/sh: su: not found
#248
SamuriHL
-
- Smod
-
- 44,111 posts
Android Warrior
- Current Device(s):S21 Ultra, Pixel 6
Posted 23 April 2013 - 07:48 AM
Afraid all I get back is:
-rwxr-xr-x root shell 5352 2013-04-21 21:53 surfaceflinger
ubuntu@ubuntu:/tmp/share$ sudo ./adb.linux shell
shell@umts_spyder:/ $ su
/system/bin/sh: su: not found
I think you're on a Bionic yes? If so, you're going to probably need to flash the system.img from the 98.72.22 FXZ (JUST the system.img) and trying this again.
Non potest esse nisi unus
#249
rlewis312010
-
- Members
-
- 111 posts
Member
Posted 23 April 2013 - 07:50 AM
Sam, will go over it all today. Noting it all though.
#250
Int_Rnd_Pooka
-
- Members
-
- 284 posts
Member
- Current Device(s):Bionic
Posted 23 April 2013 - 07:53 AM
Wow, 7 pages of a thread to read while I've been away fixing computers.
Good news - I had an impromptu interview yesterday afternoon.
Bad news - I'm working my way through 2 different computers afflicted with the MBAM fiasco from last Monday (Boston day).
I've already got the plans on how to get this working with a much smaller Live CD, but it's going to take some time *and* testing - and I am my own first guinea pig. So, please be patient.
Dan - thanks for your blessings, and thanks for taking the time and modifying the exploit to work on our phones - you rock!
Sam, thanks for being there for the community again, as you always are.
King Howie - thanks for donating in my name
Everyone else - thanks for being the awesome people that you are!
A mostly automated livecd with HoB and the root exploit would be a nice tool for the people who are having trouble
- livinginkaos likes this
#251
pjcpke
-
- Members
-
- 5 posts
n00b
Posted 23 April 2013 - 07:58 AM
I think you're on a Bionic yes? If so, you're going to probably need to flash the system.img from the 98.72.22 FXZ (JUST the system.img) and trying this again.
Afraid I'm on the XT910 Razr.
Are there any more options to try, or should I just give up on my phone being rooted?
#252
livinginkaos
-
- Administrator
-
- 15,282 posts
I don't know what I'm doing anymore.....
- Google+:Hangouts - livinginkaos@gmail.com
- LocationOregon
- Current Device(s):Samsung S8+ / Pixel XL 128gb / iPhone 7+ 256gb / iPad Pro 12.9" / Samsung Chromrbook Plus / Pixel C / Nexus 6p 128gb / Nexus 6 / Nexus 6 on Fi / Nexus 9 / Moto 360^2 / Nvidia Shield TV Pro / Nvidia Shield Tablet / HTC EVODesign on FreedomPop / Chromecast / Surface Pro 3 i7 / Samsung Tab Pro 12.2 / Lenovo Win8 Tab / Eee Slate / '13 Nexus 7
Posted 23 April 2013 - 08:02 AM
The XT910 was proven to work with this method, so if you can get the system image for your build and do what he is asking, that would be the way to go.
Sig by livinginkaos
Samsung S8+ / Pixel XL 128gb / iPhone 7+ 256gb / iPad Pro 12.9" / Samsung Chromrbook Plus / Pixel C / Nexus 6p 128gb / Nexus 6 / Nexus 6 on Fi / Nexus 9 / Moto 360^2 / Nvidia Shield TV Pro / Nvidia Shield Tablet / HTC EVODesign on FreedomPop / Chromecast / Surface Pro 3 i7 / Samsung Tab Pro 12.2 / Lenovo Win8 Tab / Eee Slate / '13 Nexus 7
#253
bigtex52
-
- Members
-
- 13 posts
n00b
- Twitter:@STM8TR
- LocationDallas
Posted 23 April 2013 - 08:05 AM
DOH! 
#254
bigtex52
-
- Members
-
- 13 posts
n00b
- Twitter:@STM8TR
- LocationDallas
Posted 23 April 2013 - 08:10 AM
This is my output:
ubuntu@ubuntu:~$ mkdir /tmp/share
ubuntu@ubuntu:~$ sudo apt-get install samba
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
tdb-tools
Suggested packages:
openbsd-inetd inet-superserver smbldap-tools ldb-tools
The following NEW packages will be installed:
samba tdb-tools
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 4,130 kB of archives.
After this operation, 23.0 MB of additional disk space will be used.
Do you want to continue [Y/n]? Y
Get:1
Get:2 quantal/main tdb-tools i386 1.2.10-2 [22.8 kB]
Fetched 4,130 kB in 5s (784 kB/s)
Preconfiguring packages ...
Selecting previously unselected package samba.
(Reading database ... 161209 files and directories currently installed.)
Unpacking samba (from .../samba_2%3a3.6.6-3ubuntu5_i386.deb) ...
Selecting previously unselected package tdb-tools.
Unpacking tdb-tools (from .../tdb-tools_1.2.10-2_i386.deb) ...
Processing triggers for ureadahead ...
Processing triggers for ufw ...
WARN: / is world writable!
WARN: / is group writable!
Processing triggers for man-db ...
Setting up samba (2:3.6.6-3ubuntu5) ...
Generating /etc/default/samba...
update-alternatives: using /usr/bin/smbstatus.samba3 to provide /usr/bin/smbstatus (smbstatus) in auto mode
smbd start/running, process 9314
nmbd start/running, process 9350
Setting up tdb-tools (1.2.10-2) ...
update-alternatives: using /usr/bin/tdbbackup.tdbtools to provide /usr/bin/tdbbackup (tdbbackup) in auto mode
Processing triggers for ureadahead ...
Processing triggers for ufw ...
WARN: / is world writable!
WARN: / is group writable!
ubuntu@ubuntu:~$ sudo gedit /etc/samba/smb.conf
ubuntu@ubuntu:~$ sudo useradd guest -m -G users
ubuntu@ubuntu:~$ sudo passwd guest
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
ubuntu@ubuntu:~$ sudo smbpasswd -a guest
New SMB password:
Retype new SMB password:
Added user guest.
ubuntu@ubuntu:~$ sudo restart smbd
smbd start/running, process 9469
ubuntu@ubuntu:~$ cd /tmp/share
ubuntu@ubuntu:/tmp/share$ wget
--2013-04-23 16:12:59--
Resolving vulnfactory.org (vulnfactory.org)... 199.188.204.9
Connecting to vulnfactory.org (vulnfactory.org)|199.188.204.9|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3304852 (3.2M) [application/x-tar]
Saving to: `motoshare2.tgz'
100%[======================================>] 3,304,852 34.4K/s in 1m 59s
2013-04-23 16:14:59 (27.2 KB/s) - `motoshare2.tgz' saved [3304852/3304852]
ubuntu@ubuntu:/tmp/share$ tar xvf motoshare2.tgz
adb.linux
adb.osx
busybox
pwn
run.sh
su
Superuser.apk
ubuntu@ubuntu:/tmp/share$ sudo chmod 755 run.sh
ubuntu@ubuntu:/tmp/share$ cd /tmp/share/
ubuntu@ubuntu:/tmp/share$ sudo ./run.sh
[+] Waiting for device...
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
[+] Device found.
[+] Pushing exploit...
4331 KB/s (366952 bytes in 0.082s)
5024 KB/s (1867568 bytes in 0.362s)
1607 KB/s (64391 bytes in 0.039s)
4592 KB/s (1578585 bytes in 0.335s)
pkg: /data/local/tmp/Superuser.apk
Success
[+] Rooting phone...
[+] Your phone may appear to reboot. Please ignore this and continue with the exploit.
[+]
[+] Motoshare 2: Motorola 4.1.2 root exploit
[+] Copyright 2013 Dan Rosenberg (@djrbliss)
[+]
[+] Tested on Droid Bionic, Droid Razr (XT910)
[+]
[+] Getting root...
[+] Please press any hardware button on your phone.
[+] Don't worry if the phone is unresponsive at this time.
[+] Press enter to continue once you have pressed a hardware button.
[*] Cleaning up...
[*] Exploit complete. Press enter to reboot and exit.
Looks ok but Rootchecker says "Root not installed properly" 
#255
livinginkaos
-
- Administrator
-
- 15,282 posts
I don't know what I'm doing anymore.....
- Google+:Hangouts - livinginkaos@gmail.com
- LocationOregon
- Current Device(s):Samsung S8+ / Pixel XL 128gb / iPhone 7+ 256gb / iPad Pro 12.9" / Samsung Chromrbook Plus / Pixel C / Nexus 6p 128gb / Nexus 6 / Nexus 6 on Fi / Nexus 9 / Moto 360^2 / Nvidia Shield TV Pro / Nvidia Shield Tablet / HTC EVODesign on FreedomPop / Chromecast / Surface Pro 3 i7 / Samsung Tab Pro 12.2 / Lenovo Win8 Tab / Eee Slate / '13 Nexus 7
Posted 23 April 2013 - 08:14 AM
This is my output:
ubuntu@ubuntu:~$ mkdir /tmp/share
quantal/main samba i386 2:3.6.6-3ubuntu5 [4,107 kB]
ubuntu@ubuntu:~$ sudo apt-get install samba
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
tdb-tools
Suggested packages:
openbsd-inetd inet-superserver smbldap-tools ldb-tools
The following NEW packages will be installed:
samba tdb-tools
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 4,130 kB of archives.
After this operation, 23.0 MB of additional disk space will be used.
Do you want to continue [Y/n]? Y
Get:1
Get:2 quantal/main tdb-tools i386 1.2.10-2 [22.8 kB]
Fetched 4,130 kB in 5s (784 kB/s)
Preconfiguring packages ...
Selecting previously unselected package samba.
(Reading database ... 161209 files and directories currently installed.)
Unpacking samba (from .../samba_2%3a3.6.6-3ubuntu5_i386.deb) ...
Selecting previously unselected package tdb-tools.
Unpacking tdb-tools (from .../tdb-tools_1.2.10-2_i386.deb) ...
Processing triggers for ureadahead ...
Processing triggers for ufw ...
WARN: / is world writable!
WARN: / is group writable!
Processing triggers for man-db ...
Setting up samba (2:3.6.6-3ubuntu5) ...
Generating /etc/default/samba...
update-alternatives: using /usr/bin/smbstatus.samba3 to provide /usr/bin/smbstatus (smbstatus) in auto mode
smbd start/running, process 9314
nmbd start/running, process 9350
Setting up tdb-tools (1.2.10-2) ...
update-alternatives: using /usr/bin/tdbbackup.tdbtools to provide /usr/bin/tdbbackup (tdbbackup) in auto mode
Processing triggers for ureadahead ...
Processing triggers for ufw ...
WARN: / is world writable!
WARN: / is group writable!
ubuntu@ubuntu:~$ sudo gedit /etc/samba/smb.conf
ubuntu@ubuntu:~$ sudo useradd guest -m -G users
ubuntu@ubuntu:~$ sudo passwd guest
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
ubuntu@ubuntu:~$ sudo smbpasswd -a guest
New SMB password:
Retype new SMB password:
Added user guest.
ubuntu@ubuntu:~$ sudo restart smbd
smbd start/running, process 9469
ubuntu@ubuntu:~$ cd /tmp/share
ubuntu@ubuntu:/tmp/share$ wget
--2013-04-23 16:12:59--
Resolving vulnfactory.org (vulnfactory.org)... 199.188.204.9
Connecting to vulnfactory.org (vulnfactory.org)|199.188.204.9|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3304852 (3.2M) [application/x-tar]
Saving to: `motoshare2.tgz'
100%[======================================>] 3,304,852 34.4K/s in 1m 59s
2013-04-23 16:14:59 (27.2 KB/s) - `motoshare2.tgz' saved [3304852/3304852]
ubuntu@ubuntu:/tmp/share$ tar xvf motoshare2.tgz
adb.linux
adb.osx
busybox
pwn
run.sh
su
Superuser.apk
ubuntu@ubuntu:/tmp/share$ sudo chmod 755 run.sh
ubuntu@ubuntu:/tmp/share$ cd /tmp/share/
ubuntu@ubuntu:/tmp/share$ sudo ./run.sh
[+] Waiting for device...
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
[+] Device found.
[+] Pushing exploit...
4331 KB/s (366952 bytes in 0.082s)
5024 KB/s (1867568 bytes in 0.362s)
1607 KB/s (64391 bytes in 0.039s)
4592 KB/s (1578585 bytes in 0.335s)
pkg: /data/local/tmp/Superuser.apk
Success
[+] Rooting phone...
[+] Your phone may appear to reboot. Please ignore this and continue with the exploit.
[+]
[+] Motoshare 2: Motorola 4.1.2 root exploit
[+] Copyright 2013 Dan Rosenberg (@djrbliss)
[+]
[+] Tested on Droid Bionic, Droid Razr (XT910)
[+]
[+] Getting root...
[+] Please press any hardware button on your phone.
[+] Don't worry if the phone is unresponsive at this time.
[+] Press enter to continue once you have pressed a hardware button.
[*] Cleaning up...
[*] Exploit complete. Press enter to reboot and exit.
Looks ok but Rootchecker says "Root not installed properly"
If you go into superuser, update binaries, what do you get?
Sig by livinginkaos
Samsung S8+ / Pixel XL 128gb / iPhone 7+ 256gb / iPad Pro 12.9" / Samsung Chromrbook Plus / Pixel C / Nexus 6p 128gb / Nexus 6 / Nexus 6 on Fi / Nexus 9 / Moto 360^2 / Nvidia Shield TV Pro / Nvidia Shield Tablet / HTC EVODesign on FreedomPop / Chromecast / Surface Pro 3 i7 / Samsung Tab Pro 12.2 / Lenovo Win8 Tab / Eee Slate / '13 Nexus 7
#256
bigtex52
-
- Members
-
- 13 posts
n00b
- Twitter:@STM8TR
- LocationDallas
Posted 23 April 2013 - 08:21 AM
There is an old super user and a new one. I can't uninstall the old one, only uninstall updates. The new one says binaries need updating but when I click install, it says error installing Superuser. Send log to developer.
#257
SamuriHL
-
- Smod
-
- 44,111 posts
Android Warrior
- Current Device(s):S21 Ultra, Pixel 6
Posted 23 April 2013 - 08:21 AM
Afraid I'm on the XT910 Razr.
Are there any more options to try, or should I just give up on my phone being rooted?
Same concept, different FXZ. Grab the latest FXZ for your phone (I don't have a link handy at the moment but make sure it corresponds to what's installed on there for a version) and flash the system.img. That should clean it up and allow you to redo the root exploit again.
- Int_Rnd_Pooka likes this
Non potest esse nisi unus
#258
SamuriHL
-
- Smod
-
- 44,111 posts
Android Warrior
- Current Device(s):S21 Ultra, Pixel 6
Posted 23 April 2013 - 08:24 AM
This is my output:
ubuntu@ubuntu:~$ mkdir /tmp/share
quantal/main samba i386 2:3.6.6-3ubuntu5 [4,107 kB]
ubuntu@ubuntu:~$ sudo apt-get install samba
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
tdb-tools
Suggested packages:
openbsd-inetd inet-superserver smbldap-tools ldb-tools
The following NEW packages will be installed:
samba tdb-tools
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 4,130 kB of archives.
After this operation, 23.0 MB of additional disk space will be used.
Do you want to continue [Y/n]? Y
Get:1
Get:2 quantal/main tdb-tools i386 1.2.10-2 [22.8 kB]
Fetched 4,130 kB in 5s (784 kB/s)
Preconfiguring packages ...
Selecting previously unselected package samba.
(Reading database ... 161209 files and directories currently installed.)
Unpacking samba (from .../samba_2%3a3.6.6-3ubuntu5_i386.deb) ...
Selecting previously unselected package tdb-tools.
Unpacking tdb-tools (from .../tdb-tools_1.2.10-2_i386.deb) ...
Processing triggers for ureadahead ...
Processing triggers for ufw ...
WARN: / is world writable!
WARN: / is group writable!
Processing triggers for man-db ...
Setting up samba (2:3.6.6-3ubuntu5) ...
Generating /etc/default/samba...
update-alternatives: using /usr/bin/smbstatus.samba3 to provide /usr/bin/smbstatus (smbstatus) in auto mode
smbd start/running, process 9314
nmbd start/running, process 9350
Setting up tdb-tools (1.2.10-2) ...
update-alternatives: using /usr/bin/tdbbackup.tdbtools to provide /usr/bin/tdbbackup (tdbbackup) in auto mode
Processing triggers for ureadahead ...
Processing triggers for ufw ...
WARN: / is world writable!
WARN: / is group writable!
ubuntu@ubuntu:~$ sudo gedit /etc/samba/smb.conf
ubuntu@ubuntu:~$ sudo useradd guest -m -G users
ubuntu@ubuntu:~$ sudo passwd guest
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
ubuntu@ubuntu:~$ sudo smbpasswd -a guest
New SMB password:
Retype new SMB password:
Added user guest.
ubuntu@ubuntu:~$ sudo restart smbd
smbd start/running, process 9469
ubuntu@ubuntu:~$ cd /tmp/share
ubuntu@ubuntu:/tmp/share$ wget
--2013-04-23 16:12:59--
Resolving vulnfactory.org (vulnfactory.org)... 199.188.204.9
Connecting to vulnfactory.org (vulnfactory.org)|199.188.204.9|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3304852 (3.2M) [application/x-tar]
Saving to: `motoshare2.tgz'
100%[======================================>] 3,304,852 34.4K/s in 1m 59s
2013-04-23 16:14:59 (27.2 KB/s) - `motoshare2.tgz' saved [3304852/3304852]
ubuntu@ubuntu:/tmp/share$ tar xvf motoshare2.tgz
adb.linux
adb.osx
busybox
pwn
run.sh
su
Superuser.apk
ubuntu@ubuntu:/tmp/share$ sudo chmod 755 run.sh
ubuntu@ubuntu:/tmp/share$ cd /tmp/share/
ubuntu@ubuntu:/tmp/share$ sudo ./run.sh
[+] Waiting for device...
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
[+] Device found.
[+] Pushing exploit...
4331 KB/s (366952 bytes in 0.082s)
5024 KB/s (1867568 bytes in 0.362s)
1607 KB/s (64391 bytes in 0.039s)
4592 KB/s (1578585 bytes in 0.335s)
pkg: /data/local/tmp/Superuser.apk
Success
[+] Rooting phone...
[+] Your phone may appear to reboot. Please ignore this and continue with the exploit.
[+]
[+] Motoshare 2: Motorola 4.1.2 root exploit
[+] Copyright 2013 Dan Rosenberg (@djrbliss)
[+]
[+] Tested on Droid Bionic, Droid Razr (XT910)
[+]
[+] Getting root...
[+] Please press any hardware button on your phone.
[+] Don't worry if the phone is unresponsive at this time.
[+] Press enter to continue once you have pressed a hardware button.
[*] Cleaning up...
[*] Exploit complete. Press enter to reboot and exit.
Looks ok but Rootchecker says "Root not installed properly"
Please do what I've been telling everyone in your situation to do. Run the following and give me the output:
sudo ./adb.linux shell ls -l /system/bin/su*
sudo ./adb.linux shell ls -l /system/xbin/su*
I need to see the output from each one of those.
Non potest esse nisi unus
#259
SamuriHL
-
- Smod
-
- 44,111 posts
Android Warrior
- Current Device(s):S21 Ultra, Pixel 6
Posted 23 April 2013 - 08:25 AM
There is an old super user and a new one. I can't uninstall the old one, only uninstall updates. The new one says binaries need updating but when I click install, it says error installing Superuser. Send log to developer.
Remnants from the old republic. That's why I want to see the output from those two commands. I suspect you'll be doing a system.img flash shortly, as well.
Non potest esse nisi unus
#260
djrbliss
-
- Root Exploit God
-
- 21 posts
Security Exploit Specialist
Posted 23 April 2013 - 08:28 AM
It seems some people are having problems with the part requiring pressing a hardware button.
I've uploaded a new version of the exploit that will cause the phone to vibrate when that stage has competed successfully. As the instructions now state, don't press enter to continue with the exploit until your device has vibrated. That will hopefully fix all the problems.
The updated exploit also uninstalls old versions of Superuser.apk if it was previously installed on the system partition instead of as a normal app.
- SamuriHL, Int_Rnd_Pooka, matjmonk and 5 others like this
8 user(s) are reading this topic
0 members, 8 guests, 0 anonymous users
