here is the exploid.c file, the problem is that tha x8 and x10 have different drivers and etc. pls help to rewrite this script to exploid.
the wrong is:
memset(pwd, 0, sizeof(pwd));
readlink("/proc/self/fd/0", pwd, sizeof(pwd));
if (strncmp(pwd, "/dev/pts/", 9) != 0)
in my phone there is not self folder in my proc directory. where is it?
a programmer and android pro can make exploid for x8.
*update:
in fact, i am compiling it to xperia x8. i hope it will woork.
..good info.. please make for x8
What is it trying to exploit?
a-k-t-w said:
What is it trying to exploit?
Click to expand...
Click to collapse
Did you read the title? "help to exploid to root x8 2.1" its to properly root 2.1 i believe...
I uh. I meant, how is it trying to achieve the exploit. Udev exploit?
Edit: How recent is the exploit?
and is it work? i think no
the exploit is for CVE-2009-1185 and it's probably patched. here's the output.
$ cd sqlite_stmt_journals
$ ./exploid
[*] Android local root exploid (C) The Android Exploid Crew
[+] Using basedir=/sqlite_stmt_journals, path=/sqlite_stmt_journals/exploid
[+] opening NETLINK_KOBJECT_UEVENT socket
[-] bind: Address already in use
$ ./exploid
[*] Android local root exploid (C) The Android Exploid Crew
[+] Using basedir=/sqlite_stmt_journals, path=/sqlite_stmt_journals/exploid
[+] opening NETLINK_KOBJECT_UEVENT socket
[+] sending add message ...
[*] Try to invoke hotplug now, clicking at the wireless
[*] settings, plugin USB key etc.
[*] You succeeded if you find /system/bin/rootshell.
[*] GUI might hang/restart meanwhile so be patient.
there is no triggering. the /proc/self/fd/0 is present on my device:
$ ls -l /proc/self/fd
lrwx------ shell shell 2010-12-15 23:22 0 -> /dev/pts/4
i've got it too, but it's didn't work. as say sonty, google patched this hole
Hmm, I figured as much.
thank you.
Thanks for what?
Related
I personally was waiting for this, and now it's released. GingerBreak!
For all who wants to root their Nexus One Gingerbread without unlocking the boot-loader: http://c-skills.blogspot.com/2011/04/yummy-yummy-gingerbreak.html
Mind you, you need to know what you are doing.
Cheers
--edit
I just ran it on my unrooted stock Nexus One and my shell indicator turned to a hash (#), so I think it works. I do get a message in my notification bar that the SD card is ejected and now safe to remove. I rebooted my phone and tried to run GingerBreak again, but it failed because it could not copy two files (they were already there). So if you want to run it again you need to remove these two files first:
/data/loca/tmp/boomsh
/data/local/tmp/sh
Might save someone else the trouble of looking this up in the source code
Step-by-step for Rooting Gingerbread with Locked Bootloader
Here is an attempt at a step-by-step guide for the n00bs.
I take NO credit for this method or any files mention -- all credit goes to the devs. I just tried to dumb them down a bit.
Ok, here goes. This assume that you already have the Android SDK properly installed, which is found here: http://developer.android.com/sdk/index.html
Note: According to the GingerBreak source code: Before using, insert empty formatted sdcard.
First, let's list all the required files:
1) GingerBreak
2) busybox
3) su
4) Superuser.apk
Second, let's get all the files:
1) GingerBreak is available here: http://c-skills.blogspot.com/2011/04/yummy-yummy-gingerbreak.html. Make sure you extract the file from within the archive.
2) su and Superuser.apk are available in the su-2.3.6.1-ef-signed.zip found here: http://forum.xda-developers.com/showthread.php?t=682828
3) busybox is available from many source. Here is one: http://multiupload.com/MVT98F5HBY
4) Place/extract all the files in the same directory as the ADB executable (probably /program files/android/android-sdk-windows/platform-tools). All the files should be in that directory, not in any subfolders.
(Note: The commands you type in are after the colon.)
Now, let's get all the files onto your device:
1) Open a command prompt and navigate to your /android-sdk-windows/platform-tools directory
2) Type: adb push GingerBreak /data/local/tmp/GingerBreak
3) Type: adb push Superuser.apk /data/local/tmp/Superuser.apk
4) Type: adb push su /data/local/tmp/su
5) Type: adb push busybox /data/local/tmp/busybox
Now let's get to the rooting:
1) Open an adb shell: adb shell
2) Change directory to where you pushed the exploit: cd /data/local/tmp
3) Change permissions on the exploit: chmod 700 /data/local/tmp/GingerBreak
4) Change the permissions on busybox: chmod 755 /data/local/tmp/busybox
5) Run the exploit: ./GingerBreak
6) Wait for it to run. It will take a while, and output a bunch of lines that you can ignore.
7) When it's finished, you should see a message saying "dance forever my only one" and you will see the # instead of $.
Now, We need to make the root permanent by installing su:
*Note: if you are having problems with the steps below (steps 3 and onwards), see post 48.
1) Mount the system partition as read/write: mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
2) Change directory to where you pushed su, busybox and superuser.apk: cd /data/local/tmp
3) Run busybox to copy itself to the proper directory: ./busybox cp busybox /system/bin
4) Change the permissions on busybox: chmod 4755 /system/bin/busybox
5) Run busybox to copy Superuser.apk to the proper directory: busybox cp Superuser.apk /system/app
6) Run busybox to copy su to the proper directory: busybox cp su /system/bin
7) Change the permission on su: chmod 4755 /system/bin/su
8) Mount the partition as read-only: mount -o remount,ro -t yaffs2 /dev/block/mtdblock3 /system
9) Exit the root shell: exit
10) You should now see $ instead of #
11) Exit the shell: exit
Now you are back to the commnd prompt. Let's verify that you still have root access:
1) Open a shell: adb shell
2) Type: su
3) At this point, it will hang until you give su permission through the Superuser app on your device, so look on your device and give it permission.
4) If the $ changes to a #, congratulations, you have root access.
Hmmm, I think I need some help here. I don't think everything is as it should be. I have been trying a couple of times now and I can't seem to be able to copy su.
I can run gingerbreak fine, gives me a hash (#) so it looks like I have root access.
I can remount /system fine as well, something I can't do when I don't run gingerbreak.
But when I do "cp su /system/bin" I get "cp: can't create '/system/bin/su': Permission denied".
The "bin" directory looks like this: drwxr-xr-x root shell 2011-02-25 09:54 bin
Also, previously I read that when you do "whoami" you should see "unknown uid 0" but I still see "unknown uid 2000" just like when I'm not root.
This gives me the conclusion that I am not really the root user, but have root impersonated. Which allows me to remount since that does not require file access?!? But not write to certain places?!? Am I right?!? Help?!? What's going on?!?
Any help or suggestions are greatly appreciated.
Cheers
bra1nDeaD said:
Hmmm, I think I need some help here. I don't think everything is as it should be. I have been trying a couple of times now and I can't seem to be able to copy su.
I can run gingerbreak fine, gives me a hash (#) so it looks like I have root access.
I can remount /system fine as well, something I can't do when I don't run gingerbreak.
But when I do "cp su /system/bin" I get "cp: can't create '/system/bin/su': Permission denied".
The "bin" directory looks like this: drwxr-xr-x root shell 2011-02-25 09:54 bin
Also, previously I read that when you do "whoami" you should see "unknown uid 0" but I still see "unknown uid 2000" just like when I'm not root.
This gives me the conclusion that I am not really the root user, but have root impersonated. Which allows me to remount since that does not require file access?!? But not write to certain places?!? Am I right?!? Help?!? What's going on?!?
Any help or suggestions are greatly appreciated.
Cheers
Click to expand...
Click to collapse
If you don't have busybox installed, you can't use cp. Try ./busybox cp su /system/bin
efrant said:
If you don't have busybox installed, you can't use cp. Try ./busybox cp su /system/bin
Click to expand...
Click to collapse
I tried that before as well, just did it again to make sure. Got the same message:
Code:
./busybox cp su /system/bin
cp: can't create '/system/bin/su': Permission denied
I was of the opinion that busybox is just a whole lot of tools bundled into one executable. That would make the busybox cp the same as the stand-alone cp, or am I wrong here?
I am going to try to change the permissions on /system/bin to see if I have access to do that and that might allow me to copy it there. I'll let you know how I get on.
Approximately how long did it take for Gingerbreak to execute? also do we ignore the output saying:
Code:
sendmsg() failed?
avgjoemomma said:
Approximately how long did it take for Gingerbreak to execute? also do we ignore the output saying:
Code:
sendmsg() failed?
Click to expand...
Click to collapse
Ah, I had that as well. First few times I ran GingerBreak it ran perfectly. Takes no longer than 20 seconds. After a while it would not run anymore and was hanging. After some fiddling I got that message as well, a lot. A canceled the execution.
I gave up trying to run it again, but now I'm home from work I tried and it worked great again.
At the moment it's very temperamental. It misuses "vold", which is (if I am correct) the "volume deamon". That is responsible for automatically mounting the SD card when it is inserted and maybe some other things. So I tried fiddling with it: running without SD card, and other things.
I think I had some issue with some apps that were installed on the SD card, or were in process of being installed on the SD card. I am not sure what exactly changed that it works now, but just try some different things. Be careful though, I'm not responsible I also noticed that my internet connection was really crap when it did not work properly, and now at home this is on my home wifi. And since the code uses sockets in the exploit this could affect it as well.
Hope this helps
Hmm, tried rebooting, unmounting the SD card, no joy I'll try this at home, could be a problem with my work computer...Windows XP
Ok, well that did the trick:
Code:
# chmod 777 /system/bin
# chmod 777 /system/bin
# cp su /system/bin
# chmod 755 /system/bin
# chmod 4755 /system/bin/su
# chown root /system/bin/su
Now when I run su I get the message on the screen from Superuser.
I have no clue why it is different on my phone, but I'm happy it works now.
I got "permission denied" after attempting ./Gingerbreak. Any help? Everything up to that point worked smoothly...
hi guys,
i take this log
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\USER\Desktop\New folder>adb shell
$ cd /data/local/tmp
cd /data/local/tmp
$ ./GingerBreak
./GingerBreak
./GingerBreak: not found
$ ./Gingerbreak
./Gingerbreak
[**] Gingerbreak/Honeybomb -- android 2.[2,3], 3.0 softbreak
[**] (C) 2010-2011 The Android Exploid Crew. All rights reserved.
[**] Kudos to jenzi, the #brownpants-party, the Open Source folks,
[**] Zynamics for ARM skills and Onkel Budi
[**] donate to [email protected] if you like
[**] Exploit may take a while!
[+] Plain Gingerbread mode!
[+] Found system: 0x6fd17f09 strcmp: 0x6fd37c89
[+] Found PT_DYNAMIC of size 232 (29 entries)
[+] Found GOT: 0x00014344
[+] Using device /devices/platform/goldfish_mmc.0
[*] vold: 5881 GOT start: 0x00014344 GOT end: 0x00014384
[*] vold: 5881 idx: -3072 fault addr: 0x00013290
[+] fault address in range (0x00013290,idx=-3072)
[+] Calculated idx: -2003
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
It's ok?
lol ok, broke out and decided to try to re-run without rebooting and now I get:
Code:
.
.
.
[*] vold: 1294 idx: -105472 fault addr: 0xfffaf290
[*] vold: 1297 idx: -106496 fault addr: 0xfffae290
[*] vold: 1300 idx: -107520 fault addr: 0xfffad290
[*] vold: 1305 idx: -108544 fault addr: 0xfffac290
[*] vold: 1308 idx: -109568 fault addr: 0xfffab290
[*] vold: 1311 idx: -110592 fault addr: 0xfffaa290
[*] vold: 1314 idx: -111616 fault addr: 0xfffa9290
.
.
.
It's going and going, been a few minutes already. Let's see where this takes us
Azaraith said:
I got "permission denied" after attempting ./Gingerbreak. Any help? Everything up to that point worked smoothly...
Click to expand...
Click to collapse
Not sure, it would help if you copy the output and post it here.
avgjoemomma said:
lol ok, broke out and decided to try to re-run without rebooting and now I get:
Code:
.
.
.
[*] vold: 1294 idx: -105472 fault addr: 0xfffaf290
[*] vold: 1297 idx: -106496 fault addr: 0xfffae290
[*] vold: 1300 idx: -107520 fault addr: 0xfffad290
[*] vold: 1305 idx: -108544 fault addr: 0xfffac290
[*] vold: 1308 idx: -109568 fault addr: 0xfffab290
[*] vold: 1311 idx: -110592 fault addr: 0xfffaa290
[*] vold: 1314 idx: -111616 fault addr: 0xfffa9290
.
.
.
It's going and going, been a few minutes already. Let's see where this takes us
Click to expand...
Click to collapse
That looks much better
Lef.teris said:
hi guys,
i take this log
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\USER\Desktop\New folder>adb shell
$ cd /data/local/tmp
cd /data/local/tmp
$ ./GingerBreak
./GingerBreak
./GingerBreak: not found
$ ./Gingerbreak
./Gingerbreak
[**] Gingerbreak/Honeybomb -- android 2.[2,3], 3.0 softbreak
[**] (C) 2010-2011 The Android Exploid Crew. All rights reserved.
[**] Kudos to jenzi, the #brownpants-party, the Open Source folks,
[**] Zynamics for ARM skills and Onkel Budi
[**] donate to [email protected] if you like
[**] Exploit may take a while!
[+] Plain Gingerbread mode!
[+] Found system: 0x6fd17f09 strcmp: 0x6fd37c89
[+] Found PT_DYNAMIC of size 232 (29 entries)
[+] Found GOT: 0x00014344
[+] Using device /devices/platform/goldfish_mmc.0
[*] vold: 5881 GOT start: 0x00014344 GOT end: 0x00014384
[*] vold: 5881 idx: -3072 fault addr: 0x00013290
[+] fault address in range (0x00013290,idx=-3072)
[+] Calculated idx: -2003
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
It's ok?
Click to expand...
Click to collapse
No, that doesn't look good. It's the same as what avgjoemomma had. See previous post.
bra1nDeaD said:
That looks much better
Click to expand...
Click to collapse
Awesome! I guess I just need to sit here until it's done...might be a few hours at this rate
Epic 4g
Could i use this on my Samsung Epic 4g?
Two hours in, giving up
don't know if it helps but if you get permission denied with ./GingerBreak change the "2) Type: adb push GingerBreak /data/local/tmp/Gingerbreak" with "2) Type: adb push GingerBreak /data/local/tmp/GingerBreak"
Prettymisshope said:
Could i use this on my Samsung Epic 4g?
Click to expand...
Click to collapse
No sir. Or ma'am. Do not attempt and risk your phone. Go to epic forum and you'll see a method for the epic.
Sent from my Nexus One using XDA Premium App
I have once again tried rooting my transformer with no success. However this time I did get much further. The last time I couldn't even get my computer to see my Transformer as a thumb drive to explore file.
I tried the method below & followed the video.
http://androidroot.mobi/technical/asus-eee-pad-transformer-tf101-root-cwm-recovery/
In the instruction it tells you that if it fails reboot & continue with step #4 which I did. What I get is below. I never had any volds scrolling down the screen. I didn't get the message "dance forever my only one or the # sign.
Does anyone have any thoughts or suggestions?
C:\>cd android 2
C:\Android 2>cd platform-tools
C:\Android 2\platform-tools>adb shell
$ ./data/local/gingerbreakBB
./data/local/gingerbreakBB
[**] Gingerbreak/Honeybomb -- android 2.[2,3], 3.0 softbreak
[**] (C) 2010-2011 The Android Exploid Crew. All rights reserved.
[**] Kudos to jenzi, the #brownpants-party, the Open Source folks,
[**] Zynamics for ARM skills and Onkel Budi
[**] donate to [email protected] if you like
[**] Exploit may take a while!
[+] Detected honeycomb! Starting honeybomb mode (scale=10).
[+] Found PT_DYNAMIC of size 240 (30 entries)
[+] Found GOT: 0x00017364
[+] Using device /devices/platform/sdhci-tegra.2/mmc_host/mmc1
[*] vold: 0000 GOT start: 0x00017364 GOT end: 0x000175e4
jadesse said:
I have once again tried rooting my transformer with no success. However this time I did get much further. The last time I couldn't even get my computer to see my Transformer as a thumb drive to explore file.
I tried the method below & followed the video.
http://androidroot.mobi/technical/asus-eee-pad-transformer-tf101-root-cwm-recovery/
In the instruction it tells you that if it fails reboot & continue with step #4 which I did. What I get is below. I never had any volds scrolling down the screen. I didn't get the message "dance forever my only one or the # sign.
Does anyone have any thoughts or suggestions?
C:\>cd android 2
C:\Android 2>cd platform-tools
C:\Android 2\platform-tools>adb shell
$ ./data/local/gingerbreakBB
./data/local/gingerbreakBB
[**] Gingerbreak/Honeybomb -- android 2.[2,3], 3.0 softbreak
[**] (C) 2010-2011 The Android Exploid Crew. All rights reserved.
[**] Kudos to jenzi, the #brownpants-party, the Open Source folks,
[**] Zynamics for ARM skills and Onkel Budi
[**] donate to [email protected] if you like
[**] Exploit may take a while!
[+] Detected honeycomb! Starting honeybomb mode (scale=10).
[+] Found PT_DYNAMIC of size 240 (30 entries)
[+] Found GOT: 0x00017364
[+] Using device /devices/platform/sdhci-tegra.2/mmc_host/mmc1
[*] vold: 0000 GOT start: 0x00017364 GOT end: 0x000175e4
Click to expand...
Click to collapse
I think that only worked for Honeycomb 3.0 - i.e. NOT 3.1, 3.2, 3.2.1
jadesse said:
I have once again tried rooting my transformer with no success. However this time I did get much further. The last time I couldn't even get my computer to see my Transformer as a thumb drive to explore file.
Click to expand...
Click to collapse
Have you thought about using the root kit? http://forum.xda-developers.com/showthread.php?t=1185104
apd said:
Have you thought about using the root kit? http://forum.xda-developers.com/showthread.php?t=1185104
Click to expand...
Click to collapse
I did fumble my way through BRK's Root-Tool Kit. The instruction were not crystal clear but I do have the Super User app installed so it must have worked. Now that I have done it the process is super quick & easy.
Can anyone help me with rooting U8800pro running the official 2.3.5 ?
I tried all the methods I was using for the U8800 but all of them doesn’t work... Any advice ?
i have the same problem, how to root???
linomaniac said:
i have the same problem, how to root???
Click to expand...
Click to collapse
i'm searching everywhere for 3 days now with nothing usefull
If automatic ways failed try this:
http://forum.xda-developers.com/showthread.php?t=1423422
dancer_69 said:
If automatic ways failed try this:
http://forum.xda-developers.com/showthread.php?t=1423422
Click to expand...
Click to collapse
i think its not that easy to me to do it manual
but thanks anyway for trying to help
Of course automatic ways are easier, but it' s not that difficult, just need a little more time and attention.
The other way is to find a prerooted boot.img and put it to .cust_backup/image folder(replacing the original). I haven't pro model, so my boot.img will not work
dancer_69 said:
Of course automatic ways are easier, but it' s not that difficult, just need a little more time and attention.
The other way is to find a prerooted boot.img and put it to .cust_backup/image folder(replacing the original). I haven't pro model, so my boot.img will not work
Click to expand...
Click to collapse
i tried this way but it didn't work too.. i found a prerooted boot.img.. replaced the original one but it didnt work
To just say didn't work doesn't help. Write where you get an error and which is. Then maybe I can help you(or someone with more knowledge).
dancer_69 said:
To just say didn't work doesn't help. Write where you get an error and which is. Then maybe I can help you(or someone with more knowledge).
Click to expand...
Click to collapse
i got the prerooted boot.img file for the U8800pro... replaced it with the original one.. But the phone is not booting.. It stuck on the huawie logo (the 1st logo before the one with the animation) so i had to put back the original one to make it work
I mean the error on manual rooting.
As fro prerooted boot.img file, are you sure that is compatible with ther rom you have? If is from a custom rom will not work. You need the boot.img of a phone with the same rom as yours, just rooted.
well, maybe it wasn't compatible with my stock rom.. do you have anywhere where i can find some prerooted imgs ?
and about the manual root.. i didnt got any errors coz i didnt know how to wirte those codes :s
Sorry I' don't know because I haven't a pro model and I don't know if there is a rooted boot.img uploaded fro pro mode. Maybe a member with pro read your thread and upload his img file.
-About manual rooting, you need to open DOS command prompt window. It' s in all progarms -> accessories
If you put the DoomLordRoot program in the root directory of your C drive and rename this folder to DoomLordRoot.v3(if have another name), you need to just put the commands one by one as given on the link I posted.
You just need to put first the command:
cd \DoomLordRoot.v3\files
to go to directory in which adb.exe is.
You can check if you are in the right path if you enter the command:
dir
afterwards. If you are in correct folder you'll see the files which are in c:\DoomLordRoot.v3\files directrory listed.
After that just start to follow the directions of the link. Just hit enter after every command you put. If you don' t see errors after every command you're ok. If you get an error on a command, write it here, for farther help. I don' t think that you' ll get an error, because I've done this proccess about 5 times and never get an error. But if you do, just put it here to see if we can help.
Thanks alot bro for the help.
well, i followed what u said but i think i got confused somewhere.. i'll type what i got.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\User>cd\
C:\>cd DoomLordRoot.v3
C:\DoomLordRoot.v3>cd files
C:\DoomLordRoot.v3\files>adb shell
$ chmod 777 /data/local/tmp/zergRush
chmod 777 /data/local/tmp/zergRush
$
$ ./data/local/tmp/zergRush
./data/local/tmp/zergRush
[**] Zerg rush - Android 2.2/2.3 local root
[**] (C) 2011 Revolutionary. All rights reserved.
[**] Parts of code from Gingerbreak, (C) 2010-2011 The Android Exploid Crew.
[+] Found a GingerBread ! 0x00000118
[*] Scooting ...
bugreport dir[/data/local/tmp] exist.
[*] Sending 149 zerglings ...
bugreport dir[/data/local/tmp] exist.
[*] Sending 189 zerglings ...
[-] Hellions with BLUE flames !
$
$ ^C
C:\DoomLordRoot.v3\files>adb shell
$ chmod 755 /data/local/tmp/busybox
chmod 755 /data/local/tmp/busybox
$
$ /data/local/tmp/busybox mount -o remount,rw /system
/data/local/tmp/busybox mount -o remount,rw /system
mount: permission denied (are you root?)
$
$ dd if=/data/local/tmp/busybox of=/system/xbin/busybox
dd if=/data/local/tmp/busybox of=/system/xbin/busybox
/system/xbin/busybox: cannot open for write: Read-only file system
$
VaMpYMaSTeR said:
Thanks alot bro for the help.
well, i followed what u said but i think i got confused somewhere.. i'll type what i got.
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\User>cd\
C:\>cd DoomLordRoot.v3
C:\DoomLordRoot.v3>cd files
C:\DoomLordRoot.v3\files>adb shell
$ chmod 777 /data/local/tmp/zergRush
chmod 777 /data/local/tmp/zergRush
$
$ ./data/local/tmp/zergRush
./data/local/tmp/zergRush
[**] Zerg rush - Android 2.2/2.3 local root
[**] (C) 2011 Revolutionary. All rights reserved.
[**] Parts of code from Gingerbreak, (C) 2010-2011 The Android Exploid Crew.
[+] Found a GingerBread ! 0x00000118
[*] Scooting ...
bugreport dir[/data/local/tmp] exist.
[*] Sending 149 zerglings ...
bugreport dir[/data/local/tmp] exist.
[*] Sending 189 zerglings ...
[-] Hellions with BLUE flames !
$
$ ^C
C:\DoomLordRoot.v3\files>adb shell
$ chmod 755 /data/local/tmp/busybox
chmod 755 /data/local/tmp/busybox
$
$ /data/local/tmp/busybox mount -o remount,rw /system
/data/local/tmp/busybox mount -o remount,rw /system
mount: permission denied (are you root?)
$
$ dd if=/data/local/tmp/busybox of=/system/xbin/busybox
dd if=/data/local/tmp/busybox of=/system/xbin/busybox
/system/xbin/busybox: cannot open for write: Read-only file system
$
Click to expand...
Click to collapse
Put su or sudo before command. like this "su /data/local/tmp/busybox mount -o remount,rw /system"
Yes, seems that you didn' t give the su command before(I think I've include command su, on my tutorial but I' m not sure. I'll check it).
If you see the symbol $ this means that you haven't get root rights yet.
Seems that zergrush succeed, so everytime after adb shell command, first you need to give the command:
su
If device is rooted, you'll see that the symbol changes to #
I think that you' re in good way though.
when i put SU in the begining it give me this :
su: permission denied
if you rebooted the phone you must run zergrush again.
Zergrush is the hack that unlocks the root account temporary. If you didn' t success to put su program on the right place, rooting access loosed after rebooted. su makes root permanent, busybox is an advanced shell and superuser is the app which used to give or denied root rights to apps which asking for this.
First be sure that zergrush is copied to data/local/tmp and you give to it the right permissions(all commands are in tutorial)
These messages mean that zergrush running
[+] Found a GingerBread ! 0x00000118[*] Scooting ...
bugreport dir[/data/local/tmp] exist.[*] Sending 149 zerglings ...
bugreport dir[/data/local/tmp] exist.[*] Sending 189 zerglings ...
[-] Hellions with BLUE flames !
Click to expand...
Click to collapse
after that check if root succeed by input su command. If you get the # sign you're good to go to continue(exit shell etc)
i'm so sorry, but what do you mean with "If you didn' t success to put su program on the right place" ???? what where is the right palce ?
Some of the commands on tutorial handle the su program.
Push it to /system/bin(this is the right place), change its ownership, permissions etc.
For these commands to succeed(and also the commands for busybox and superuser), first need to enter to root account, by command su:
adb shell (press enter)
su (press enter)
these give the # sign which means that you are root.
If you don' t do this all commands will fail with errors as:
permission denied or cannot write to...
now i'm getting this:
C:\DoomLordRoot.v3\files>adb shell
* daemon not running. starting it now *
* daemon started successfully *
$ chmod 777 /data/local/tmp/zergRush
chmod 777 /data/local/tmp/zergRush
Unable to chmod /data/local/tmp/zergRush: No such file or directory
$
i think i will give up
my Kindle Fire is upgraded to 6.2.2, I want to root it for the google anroid market and chinese input method.
I pushed zergRush and busybox to KF, but the busybox mount failed. Now, the 6.2.2 can not be root ? or I make some mistake?
adb push zergRush /data/local/tmp
adb push busybox /data/local/tmp
adb shell
cd /data/local/tmp
chmod 777 *
./zergRush
$ ./zergRush
[**] Zerg rush - Android 2.2/2.3 local root
[**] (C) 2011 Revolutionary. All rights reserved.
[**] Parts of code from Gingerbreak, (C) 2010-2011 The Android Exploid Crew.
[+] Found a GingerBread ! 0x00015118
[*] Scooting ...
[*] Sending 149 zerglings ...
[*] Sending 189 zerglings ...
[-] Hellions with BLUE flames !
$ busybox mount -o remount,rw /system
busybox mount -o remount,rw /system
busybox: permission denied
$
zergrush is'nt working any more - since 6.2.1
use:
http://forum.xda-developers.com/showthread.php?t=1410223
or with kfu:
http://forum.xda-developers.com/showthread.php?t=1458841
Thanks you, b63.
It worked.
glad to help ...
please mark the subject of the topic (edit first post) with [Solved]
Hello there!
My phone is an LG Optimus L3 E400r. I bought it as an unlocked phone, and it has a bunch of useless (to me) Rogers apps on it (Canada?).
Well, I've been through all the rooting threads I could find, even on other forums. All seem pretty good, but pretty much all of them only have dead links on them.
I managed to find:
SuperOneClick versions 2.3 and 1.7
Spectrum Windows
I think at least most if not all of the LG flashing utilities
and what I was hoping would be a useable .kdz ROM, which just crashed the LG flashing utility.
It seems any firmware above V10d isn't rootable on this phone. I've got V11e, which I only found one thread referencing, and it was by mistake.
Well, I'm getting fairly frustrated at this point. I don't mind getting into a terminal emulator and doing stuff by hand, if I knew what to do.
SuperOneClick just freezes at step 7
Spectrum gives me error messages, pointing to it not being able to remount the filesystem as writeable.
And, the LG utilities just crash when I try to load an older firmware. (following this guide: http://forum.xda-developers.com/showthread.php?t=1287236 )
I've disabled Kasperksy (it was false flagging SuperOneClick) and such.
So, not sure where else to go. Nice noob video. Yes, I'm a noob, but hopefully I can be a helpful one.
Alright,
Code:
C:\Users\Daniel\Desktop\s1c\ADB>adb push GingerBreak /data/local/tmp
2739 KB/s (16830 bytes in 0.006s)
C:\Users\Daniel\Desktop\s1c\ADB>adb shell
$ cd /data/local/tmp
cd /data/local/tmp
$ chmod 777 GingerBreak
chmod 777 GingerBreak
$ ./GingerBreak
./GingerBreak
[**] Gingerbreak/Honeybomb -- android 2.[2,3], 3.0 softbreak
[**] (C) 2010-2011 The Android Exploid Crew. All rights reserved.
[**] Kudos to jenzi, the #brownpants-party, the Open Source folks,
[**] Zynamics for ARM skills and Onkel Budi
[**] donate to [email protected] if you like
[**] Exploit may take a while!
[+] Plain Gingerbread mode!
[+] Found system: 0xafd183f9 strcmp: 0xafd38155
[+] Found PT_DYNAMIC of size 232 (29 entries)
[+] Found GOT: 0x00016378
[+] Using device /devices/platform/msm_sdcc.3/mmc_host
[*] vold: 0126 GOT start: 0x00016378 GOT end: 0x000163b8
chmod: not found
So, the last line is "chmod: not found", which seems strange considering I just used chmod.
This post says to get the chmod executable from another rom and install it... where though?