That's not true at all. You push the files once. They are there every time. You just execute the run.sh script and root is golden. However, I'm told this root exploit definitively will not work on these builds so it's of no help.
[ROOT/UNLOCK] 4.4.2 182/183.46.10 RAZR HD/M *ONLY*
#21
Posted 03 June 2014 - 10:29 AM
Non potest esse nisi unus
#22
Posted 03 June 2014 - 10:39 AM
That's not true at all. You push the files once. They are there every time. You just execute the run.sh script and root is golden. However, I'm told this root exploit definitively will not work on these builds so it's of no help.
Sorry about that. I must have misread what the OP stated when he posted about this exploit. Okay. Well that would have been better, so you only had to "tether" once, to push the files to the phone.
Gotcha.
Yeah, still too bad it didn't work.
VZW Samsung Galaxy S7 Stock and unrooted running Marshmallow 46A, 32gb Nexus 7 unlocked
#23
Posted 03 June 2014 - 10:42 AM
Sent from my S-Offed One M8
- SamuriHL and RikRong like this
Sig by livinginkaos
Samsung S8+ / Pixel XL 128gb / iPhone 7+ 256gb / iPad Pro 12.9" / Samsung Chromrbook Plus / Pixel C / Nexus 6p 128gb / Nexus 6 / Nexus 6 on Fi / Nexus 9 / Moto 360^2 / Nvidia Shield TV Pro / Nvidia Shield Tablet / HTC EVODesign on FreedomPop / Chromecast / Surface Pro 3 i7 / Samsung Tab Pro 12.2 / Lenovo Win8 Tab / Eee Slate / '13 Nexus 7
#24
Posted 03 June 2014 - 10:45 AM
Sorry about that. I must have misread what the OP stated when he posted about this exploit. Okay. Well that would have been better, so you only had to "tether" once, to push the files to the phone.
Gotcha.
Yeah, still too bad it didn't work.
Technically this is still wrong. If you had the zip file on your phone you could extract it and push the files in place through terminal. No ADB required.
- ibolski likes this
Non potest esse nisi unus
#25
Posted 03 June 2014 - 10:47 AM
Yeah I had jcase on hangouts. We did some digging and the patch that they applied in the coming 4.4.3 builds is present in the 4.4.2 build on the xt907 and xt926.
Sent from my S-Offed One M8
I appreciate the effort from both of you for testing this. I know this is going to get me called "naysayer" and piss off the "dreamers" more, but, given this development root for these devices went from unlikely to REALLY unlikely.
- Thach and RikRong like this
Non potest esse nisi unus
#26
Posted 03 June 2014 - 02:43 PM
Man, it would be nice for those with locked devices to get root. Then we won't get all the "can I root my Kit Kat phone?" questions all the time!
VZW Samsung Galaxy S7 Stock and unrooted running Marshmallow 46A, 32gb Nexus 7 unlocked
#27
Posted 03 June 2014 - 02:57 PM
Man, it would be nice for those with locked devices to get root. Then we won't get all the "can I root my Kit Kat phone?" questions all the time!
Yes we would. We'd just be able to point them to it. Unfortunately, I don't think it's going to happen any time soon if ever.
Non potest esse nisi unus
#28
Posted 05 June 2014 - 10:38 AM
Another possible Linux kernel priv escalation bug. I do not know if Android is impacted by it or whether it's been patched, but, one of the root demi-gods could potentially find a way to exploit this if it's in Android.
Non potest esse nisi unus
#29
Posted 09 June 2014 - 06:35 AM
Another possible Linux kernel priv escalation bug. I do not know if Android is impacted by it or whether it's been patched, but, one of the root demi-gods could potentially find a way to exploit this if it's in Android.
Looking at the released source code for the kernel update, it appears that it is not patched - or at least not patched following the instructions in the bug-reports. The problem is that you must first right the code you want to execute to a memory address, and this bug will then let you execute it. It is accessible via Chrome sandbox on Linux, which means it may be accessible using some sort of custom Android app. I imagine if it was this "easy," someone would have exploited this by now... but I am researching it. I have novice Linux knowledge, but if anything, it will be a good learning experience.
- SamuriHL likes this
Motorola Droid Razr M Unlocked on Some ROM
Archos G9 101 Developer Edition on Cyanogenmod 11 4.4.3 Unofficial/Stable
#30
Posted 09 June 2014 - 06:39 AM
Looking at the released source code for the kernel update, it appears that it is not patched - or at least not patched following the instructions in the bug-reports. The problem is that you must first right the code you want to execute to a memory address, and this bug will then let you execute it. It is accessible via Chrome sandbox on Linux, which means it may be accessible using some sort of custom Android app. I imagine if it was this "easy," someone would have exploited this by now... but I am researching it. I have novice Linux knowledge, but if anything, it will be a good learning experience.
Nice! Good luck with your research. If you get stuck on something, maybe PM JCase and see if you can bounce some ideas off him. He may or may not be open to that I don't know....but it's worth a shot.
Non potest esse nisi unus
#31
Posted 09 June 2014 - 12:37 PM
#32
Posted 11 June 2014 - 03:31 AM
So I've been researching more, but haven't had time to attempt to code anything... but here are my findings.
You can execute kernel commands via an Android application. It is generally used for things like System Tweaker, however, you should be able to access other commands than the init scripts, it's just calling a different file.
You cannot write code to be executed to a physical memory address (directly on the RAM) in Java, which is where this exploit needs to read from. Java uses a Java Virtual Machine (JVM) to manage the memory used within the app, for security reasons. This means that the app cannot be written in Java, which is what I'm most fluent in. I'm researching into language alternatives, as the app doesn't have to do anything but execute a couple of commands, and write a few lines of output.
I'll keep this thread updated with what I figure out this weekend. I'm still considering this just a theory, but it does still seem plausible.
- digdug1, SamuriHL and Playb3yond like this
Motorola Droid Razr M Unlocked on Some ROM
Archos G9 101 Developer Edition on Cyanogenmod 11 4.4.3 Unofficial/Stable
#33
Posted 12 June 2014 - 05:18 AM
I suspect you can do it in C/C++ fairly trivially.
That should get you set up. While I've not done ANY programming on Android at all, I'm fluent in java, c, c++, and a variety of other languages so if you need help with something, hit me up in a PM and I'll see what I can do. Looks like the exploit is alive on the S5, as well.
GeoHot is well known in some circles. He knows his stuff. Maybe you can write it in such a way that it works on all the devices out there. LOL
- xKroniK13x likes this
Non potest esse nisi unus
#34
Posted 12 June 2014 - 02:08 PM
I suspect you can do it in C/C++ fairly trivially.
That should get you set up. While I've not done ANY programming on Android at all, I'm fluent in java, c, c++, and a variety of other languages so if you need help with something, hit me up in a PM and I'll see what I can do. Looks like the exploit is alive on the S5, as well.
GeoHot is well known in some circles. He knows his stuff. Maybe you can write it in such a way that it works on all the devices out there. LOL
Very good reads. I know of Geohot from when he jailbroke the PS3. very cool to see him still active, and very cool to see that a proof of concept has been achieved. I do believe that a well written app could be executed on a variety of phones that have this kernel exploit, which seems to be the bulk of them, since it is so new and listed as a not high priority threat... Time to start experimenting!
Sent from my XT907 using Tapatalk
Motorola Droid Razr M Unlocked on Some ROM
Archos G9 101 Developer Edition on Cyanogenmod 11 4.4.3 Unofficial/Stable
#35
Posted 12 June 2014 - 02:22 PM
Just know that it HAS been patched in 4.4.3. But yea, if a generic exploit were written similar to Saferoot, a LOT of people would be very happy. So, good luck.
Non potest esse nisi unus
#36
Posted 12 June 2014 - 02:23 PM
Motorola Droid Razr Maxx HD
#37
Posted 12 June 2014 - 02:28 PM
Realistically, you may have quite some time to wait. It's also possible that whatever exploit ends up being created for the S5 for whatever reason may not work on these phones. I'd call for cautious optimism on this one.
Non potest esse nisi unus
#38
Posted 12 June 2014 - 03:14 PM
Realistically, you may have quite some time to wait. It's also possible that whatever exploit ends up being created for the S5 for whatever reason may not work on these phones. I'd call for cautious optimism on this one.
I tend to agree 100% with you. I see no reason why this hole in the kernel wouldn't work, but who knows realistically how hard this will be to exploit.
Motorola Droid Razr M Unlocked on Some ROM
Archos G9 101 Developer Edition on Cyanogenmod 11 4.4.3 Unofficial/Stable
#39
Posted 12 June 2014 - 03:16 PM
I tend to agree 100% with you. I see no reason why this hole in the kernel wouldn't work, but who knows realistically how hard this will be to exploit.
That's the trick. I don't know enough about the exploit, but, it seems like there could be complications getting it to be generic. I mean, look at JCase's implementation...works only on the X, Mini, Maxx, and Ultra. So, we have no guarantee that any new implementation is going to work on anything but the phone it was designed for.
Non potest esse nisi unus
#40
Posted 13 June 2014 - 09:35 AM
More news on the Pinkie Pie vulnerability. Looks like someone is going to be looking into it soon. Keep your fingers crossed. LOL
Non potest esse nisi unus
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users