here is the exploid.c file, the problem is that tha x8 and x10 have different drivers and etc. pls help to rewrite this script to exploid.
the wrong is:
memset(pwd, 0, sizeof(pwd));
readlink("/proc/self/fd/0", pwd, sizeof(pwd));
if (strncmp(pwd, "/dev/pts/", 9) != 0)
in my phone there is not self folder in my proc directory. where is it?
a programmer and android pro can make exploid for x8.
*update:
in fact, i am compiling it to xperia x8. i hope it will woork.
..good info.. please make for x8
What is it trying to exploit?
a-k-t-w said:
What is it trying to exploit?
Click to expand...
Click to collapse
Did you read the title? "help to exploid to root x8 2.1" its to properly root 2.1 i believe...
I uh. I meant, how is it trying to achieve the exploit. Udev exploit?
Edit: How recent is the exploit?
and is it work? i think no
the exploit is for CVE-2009-1185 and it's probably patched. here's the output.
$ cd sqlite_stmt_journals
$ ./exploid
[*] Android local root exploid (C) The Android Exploid Crew
[+] Using basedir=/sqlite_stmt_journals, path=/sqlite_stmt_journals/exploid
[+] opening NETLINK_KOBJECT_UEVENT socket
[-] bind: Address already in use
$ ./exploid
[*] Android local root exploid (C) The Android Exploid Crew
[+] Using basedir=/sqlite_stmt_journals, path=/sqlite_stmt_journals/exploid
[+] opening NETLINK_KOBJECT_UEVENT socket
[+] sending add message ...
[*] Try to invoke hotplug now, clicking at the wireless
[*] settings, plugin USB key etc.
[*] You succeeded if you find /system/bin/rootshell.
[*] GUI might hang/restart meanwhile so be patient.
there is no triggering. the /proc/self/fd/0 is present on my device:
$ ls -l /proc/self/fd
lrwx------ shell shell 2010-12-15 23:22 0 -> /dev/pts/4
i've got it too, but it's didn't work. as say sonty, google patched this hole
Hmm, I figured as much.
thank you.
Thanks for what?
I personally was waiting for this, and now it's released. GingerBreak!
For all who wants to root their Nexus One Gingerbread without unlocking the boot-loader: http://c-skills.blogspot.com/2011/04/yummy-yummy-gingerbreak.html
Mind you, you need to know what you are doing.
Cheers
--edit
I just ran it on my unrooted stock Nexus One and my shell indicator turned to a hash (#), so I think it works. I do get a message in my notification bar that the SD card is ejected and now safe to remove. I rebooted my phone and tried to run GingerBreak again, but it failed because it could not copy two files (they were already there). So if you want to run it again you need to remove these two files first:
/data/loca/tmp/boomsh
/data/local/tmp/sh
Might save someone else the trouble of looking this up in the source code
Step-by-step for Rooting Gingerbread with Locked Bootloader
Here is an attempt at a step-by-step guide for the n00bs.
I take NO credit for this method or any files mention -- all credit goes to the devs. I just tried to dumb them down a bit.
Ok, here goes. This assume that you already have the Android SDK properly installed, which is found here: http://developer.android.com/sdk/index.html
Note: According to the GingerBreak source code: Before using, insert empty formatted sdcard.
First, let's list all the required files:
1) GingerBreak
2) busybox
3) su
4) Superuser.apk
Second, let's get all the files:
1) GingerBreak is available here: http://c-skills.blogspot.com/2011/04/yummy-yummy-gingerbreak.html. Make sure you extract the file from within the archive.
2) su and Superuser.apk are available in the su-2.3.6.1-ef-signed.zip found here: http://forum.xda-developers.com/showthread.php?t=682828
3) busybox is available from many source. Here is one: http://multiupload.com/MVT98F5HBY
4) Place/extract all the files in the same directory as the ADB executable (probably /program files/android/android-sdk-windows/platform-tools). All the files should be in that directory, not in any subfolders.
(Note: The commands you type in are after the colon.)
Now, let's get all the files onto your device:
1) Open a command prompt and navigate to your /android-sdk-windows/platform-tools directory
2) Type: adb push GingerBreak /data/local/tmp/GingerBreak
3) Type: adb push Superuser.apk /data/local/tmp/Superuser.apk
4) Type: adb push su /data/local/tmp/su
5) Type: adb push busybox /data/local/tmp/busybox
Now let's get to the rooting:
1) Open an adb shell: adb shell
2) Change directory to where you pushed the exploit: cd /data/local/tmp
3) Change permissions on the exploit: chmod 700 /data/local/tmp/GingerBreak
4) Change the permissions on busybox: chmod 755 /data/local/tmp/busybox
5) Run the exploit: ./GingerBreak
6) Wait for it to run. It will take a while, and output a bunch of lines that you can ignore.
7) When it's finished, you should see a message saying "dance forever my only one" and you will see the # instead of $.
Now, We need to make the root permanent by installing su:
*Note: if you are having problems with the steps below (steps 3 and onwards), see post 48.
1) Mount the system partition as read/write: mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
2) Change directory to where you pushed su, busybox and superuser.apk: cd /data/local/tmp
3) Run busybox to copy itself to the proper directory: ./busybox cp busybox /system/bin
4) Change the permissions on busybox: chmod 4755 /system/bin/busybox
5) Run busybox to copy Superuser.apk to the proper directory: busybox cp Superuser.apk /system/app
6) Run busybox to copy su to the proper directory: busybox cp su /system/bin
7) Change the permission on su: chmod 4755 /system/bin/su
8) Mount the partition as read-only: mount -o remount,ro -t yaffs2 /dev/block/mtdblock3 /system
9) Exit the root shell: exit
10) You should now see $ instead of #
11) Exit the shell: exit
Now you are back to the commnd prompt. Let's verify that you still have root access:
1) Open a shell: adb shell
2) Type: su
3) At this point, it will hang until you give su permission through the Superuser app on your device, so look on your device and give it permission.
4) If the $ changes to a #, congratulations, you have root access.
Hmmm, I think I need some help here. I don't think everything is as it should be. I have been trying a couple of times now and I can't seem to be able to copy su.
I can run gingerbreak fine, gives me a hash (#) so it looks like I have root access.
I can remount /system fine as well, something I can't do when I don't run gingerbreak.
But when I do "cp su /system/bin" I get "cp: can't create '/system/bin/su': Permission denied".
The "bin" directory looks like this: drwxr-xr-x root shell 2011-02-25 09:54 bin
Also, previously I read that when you do "whoami" you should see "unknown uid 0" but I still see "unknown uid 2000" just like when I'm not root.
This gives me the conclusion that I am not really the root user, but have root impersonated. Which allows me to remount since that does not require file access?!? But not write to certain places?!? Am I right?!? Help?!? What's going on?!?
Any help or suggestions are greatly appreciated.
Cheers
bra1nDeaD said:
Hmmm, I think I need some help here. I don't think everything is as it should be. I have been trying a couple of times now and I can't seem to be able to copy su.
I can run gingerbreak fine, gives me a hash (#) so it looks like I have root access.
I can remount /system fine as well, something I can't do when I don't run gingerbreak.
But when I do "cp su /system/bin" I get "cp: can't create '/system/bin/su': Permission denied".
The "bin" directory looks like this: drwxr-xr-x root shell 2011-02-25 09:54 bin
Also, previously I read that when you do "whoami" you should see "unknown uid 0" but I still see "unknown uid 2000" just like when I'm not root.
This gives me the conclusion that I am not really the root user, but have root impersonated. Which allows me to remount since that does not require file access?!? But not write to certain places?!? Am I right?!? Help?!? What's going on?!?
Any help or suggestions are greatly appreciated.
Cheers
Click to expand...
Click to collapse
If you don't have busybox installed, you can't use cp. Try ./busybox cp su /system/bin
efrant said:
If you don't have busybox installed, you can't use cp. Try ./busybox cp su /system/bin
Click to expand...
Click to collapse
I tried that before as well, just did it again to make sure. Got the same message:
Code:
./busybox cp su /system/bin
cp: can't create '/system/bin/su': Permission denied
I was of the opinion that busybox is just a whole lot of tools bundled into one executable. That would make the busybox cp the same as the stand-alone cp, or am I wrong here?
I am going to try to change the permissions on /system/bin to see if I have access to do that and that might allow me to copy it there. I'll let you know how I get on.
Approximately how long did it take for Gingerbreak to execute? also do we ignore the output saying:
Code:
sendmsg() failed?
avgjoemomma said:
Approximately how long did it take for Gingerbreak to execute? also do we ignore the output saying:
Code:
sendmsg() failed?
Click to expand...
Click to collapse
Ah, I had that as well. First few times I ran GingerBreak it ran perfectly. Takes no longer than 20 seconds. After a while it would not run anymore and was hanging. After some fiddling I got that message as well, a lot. A canceled the execution.
I gave up trying to run it again, but now I'm home from work I tried and it worked great again.
At the moment it's very temperamental. It misuses "vold", which is (if I am correct) the "volume deamon". That is responsible for automatically mounting the SD card when it is inserted and maybe some other things. So I tried fiddling with it: running without SD card, and other things.
I think I had some issue with some apps that were installed on the SD card, or were in process of being installed on the SD card. I am not sure what exactly changed that it works now, but just try some different things. Be careful though, I'm not responsible I also noticed that my internet connection was really crap when it did not work properly, and now at home this is on my home wifi. And since the code uses sockets in the exploit this could affect it as well.
Hope this helps
Hmm, tried rebooting, unmounting the SD card, no joy I'll try this at home, could be a problem with my work computer...Windows XP
Ok, well that did the trick:
Code:
# chmod 777 /system/bin
# chmod 777 /system/bin
# cp su /system/bin
# chmod 755 /system/bin
# chmod 4755 /system/bin/su
# chown root /system/bin/su
Now when I run su I get the message on the screen from Superuser.
I have no clue why it is different on my phone, but I'm happy it works now.
I got "permission denied" after attempting ./Gingerbreak. Any help? Everything up to that point worked smoothly...
hi guys,
i take this log
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\USER\Desktop\New folder>adb shell
$ cd /data/local/tmp
cd /data/local/tmp
$ ./GingerBreak
./GingerBreak
./GingerBreak: not found
$ ./Gingerbreak
./Gingerbreak
[**] Gingerbreak/Honeybomb -- android 2.[2,3], 3.0 softbreak
[**] (C) 2010-2011 The Android Exploid Crew. All rights reserved.
[**] Kudos to jenzi, the #brownpants-party, the Open Source folks,
[**] Zynamics for ARM skills and Onkel Budi
[**] donate to [email protected] if you like
[**] Exploit may take a while!
[+] Plain Gingerbread mode!
[+] Found system: 0x6fd17f09 strcmp: 0x6fd37c89
[+] Found PT_DYNAMIC of size 232 (29 entries)
[+] Found GOT: 0x00014344
[+] Using device /devices/platform/goldfish_mmc.0
[*] vold: 5881 GOT start: 0x00014344 GOT end: 0x00014384
[*] vold: 5881 idx: -3072 fault addr: 0x00013290
[+] fault address in range (0x00013290,idx=-3072)
[+] Calculated idx: -2003
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
It's ok?
lol ok, broke out and decided to try to re-run without rebooting and now I get:
Code:
.
.
.
[*] vold: 1294 idx: -105472 fault addr: 0xfffaf290
[*] vold: 1297 idx: -106496 fault addr: 0xfffae290
[*] vold: 1300 idx: -107520 fault addr: 0xfffad290
[*] vold: 1305 idx: -108544 fault addr: 0xfffac290
[*] vold: 1308 idx: -109568 fault addr: 0xfffab290
[*] vold: 1311 idx: -110592 fault addr: 0xfffaa290
[*] vold: 1314 idx: -111616 fault addr: 0xfffa9290
.
.
.
It's going and going, been a few minutes already. Let's see where this takes us
Azaraith said:
I got "permission denied" after attempting ./Gingerbreak. Any help? Everything up to that point worked smoothly...
Click to expand...
Click to collapse
Not sure, it would help if you copy the output and post it here.
avgjoemomma said:
lol ok, broke out and decided to try to re-run without rebooting and now I get:
Code:
.
.
.
[*] vold: 1294 idx: -105472 fault addr: 0xfffaf290
[*] vold: 1297 idx: -106496 fault addr: 0xfffae290
[*] vold: 1300 idx: -107520 fault addr: 0xfffad290
[*] vold: 1305 idx: -108544 fault addr: 0xfffac290
[*] vold: 1308 idx: -109568 fault addr: 0xfffab290
[*] vold: 1311 idx: -110592 fault addr: 0xfffaa290
[*] vold: 1314 idx: -111616 fault addr: 0xfffa9290
.
.
.
It's going and going, been a few minutes already. Let's see where this takes us
Click to expand...
Click to collapse
That looks much better
Lef.teris said:
hi guys,
i take this log
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\USER\Desktop\New folder>adb shell
$ cd /data/local/tmp
cd /data/local/tmp
$ ./GingerBreak
./GingerBreak
./GingerBreak: not found
$ ./Gingerbreak
./Gingerbreak
[**] Gingerbreak/Honeybomb -- android 2.[2,3], 3.0 softbreak
[**] (C) 2010-2011 The Android Exploid Crew. All rights reserved.
[**] Kudos to jenzi, the #brownpants-party, the Open Source folks,
[**] Zynamics for ARM skills and Onkel Budi
[**] donate to [email protected] if you like
[**] Exploit may take a while!
[+] Plain Gingerbread mode!
[+] Found system: 0x6fd17f09 strcmp: 0x6fd37c89
[+] Found PT_DYNAMIC of size 232 (29 entries)
[+] Found GOT: 0x00014344
[+] Using device /devices/platform/goldfish_mmc.0
[*] vold: 5881 GOT start: 0x00014344 GOT end: 0x00014384
[*] vold: 5881 idx: -3072 fault addr: 0x00013290
[+] fault address in range (0x00013290,idx=-3072)
[+] Calculated idx: -2003
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
It's ok?
Click to expand...
Click to collapse
No, that doesn't look good. It's the same as what avgjoemomma had. See previous post.
bra1nDeaD said:
That looks much better
Click to expand...
Click to collapse
Awesome! I guess I just need to sit here until it's done...might be a few hours at this rate
Epic 4g
Could i use this on my Samsung Epic 4g?
Two hours in, giving up
don't know if it helps but if you get permission denied with ./GingerBreak change the "2) Type: adb push GingerBreak /data/local/tmp/Gingerbreak" with "2) Type: adb push GingerBreak /data/local/tmp/GingerBreak"
Prettymisshope said:
Could i use this on my Samsung Epic 4g?
Click to expand...
Click to collapse
No sir. Or ma'am. Do not attempt and risk your phone. Go to epic forum and you'll see a method for the epic.
Sent from my Nexus One using XDA Premium App
Has anyone tried out this new gingerbread rooting here: http://forum.xda-developers.com/showthread.php?t=1044765
I tried the apk but got an error am out at the moment so can't try it out properly.
Could this be the saviour for my locked bootloader?
Sent from my LT15i using XDA App
Edit: Working!
i'm trying and i get this log
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\USER\Desktop\New folder>adb shell
$ cd /data/local/tmp
cd /data/local/tmp
$ ./GingerBreak
./GingerBreak
./GingerBreak: not found
$ ./Gingerbreak
./Gingerbreak
[**] Gingerbreak/Honeybomb -- android 2.[2,3], 3.0 softbreak
[**] (C) 2010-2011 The Android Exploid Crew. All rights reserved.
[**] Kudos to jenzi, the #brownpants-party, the Open Source folks,
[**] Zynamics for ARM skills and Onkel Budi
[**] donate to [email protected] if you like
[**] Exploit may take a while!
[+] Plain Gingerbread mode!
[+] Found system: 0x6fd17f09 strcmp: 0x6fd37c89
[+] Found PT_DYNAMIC of size 232 (29 entries)
[+] Found GOT: 0x00014344
[+] Using device /devices/platform/goldfish_mmc.0[*] vold: 5881 GOT start: 0x00014344 GOT end: 0x00014384[*] vold: 5881 idx: -3072 fault addr: 0x00013290
[+] fault address in range (0x00013290,idx=-3072)
[+] Calculated idx: -2003
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
[-] sendmsg() failed?
It's ok?
I used the apk...
1. Run adb shell
2. Rm -r /data/local/tmp/
3. Mkdir /data/local/tmp/
4. Unplug phone and run the apk
Sent from my LT15i using XDA App
please help with ginger break issue
d4rkwind said:
I used the apk...
1. Run adb shell
2. Rm -r /data/local/tmp/
3. Mkdir /data/local/tmp/
4. Unplug phone and run the apk
how can i use these commands / help
Click to expand...
Click to collapse
you need to download the Android SDK.. from here... http://developer.android.com/sdk/index.html
you may also need the Java JDK from here...
http://www.oracle.com/technetwork/java/javase/downloads/jdk6-jsp-136632.html
then open a CMD window and run the commands from there.. you will need to run the commands from within the platform-tools folder
download gingerbreak ver 1.10 it works fine
which tool i need to remove systemapps from a rooted device?
i tried File Expert and Adao File Manager... i get access to the system/apps folder but cant remove sysapps.
the app Root Check tells me i have root access.
Spaghetti83 said:
which tool i need to remove systemapps from a rooted device?
i tried File Expert and Adao File Manager... i get access to the system/apps folder but cant remove sysapps.
the app Root Check tells me i have root access.
Click to expand...
Click to collapse
Try Titanium Backup or Uninstaller for Root
d4rkwind said:
Has anyone tried out this new gingerbread rooting here: http://forum.xda-developers.com/showthread.php?t=1044765
I tried the apk but got an error am out at the moment so can't try it out properly.
Could this be the saviour for my locked bootloader?
Sent from my LT15i using XDA App
Edit: Working!
Click to expand...
Click to collapse
Yes, it works just fine
my Kindle Fire is upgraded to 6.2.2, I want to root it for the google anroid market and chinese input method.
I pushed zergRush and busybox to KF, but the busybox mount failed. Now, the 6.2.2 can not be root ? or I make some mistake?
adb push zergRush /data/local/tmp
adb push busybox /data/local/tmp
adb shell
cd /data/local/tmp
chmod 777 *
./zergRush
$ ./zergRush
[**] Zerg rush - Android 2.2/2.3 local root
[**] (C) 2011 Revolutionary. All rights reserved.
[**] Parts of code from Gingerbreak, (C) 2010-2011 The Android Exploid Crew.
[+] Found a GingerBread ! 0x00015118
[*] Scooting ...
[*] Sending 149 zerglings ...
[*] Sending 189 zerglings ...
[-] Hellions with BLUE flames !
$ busybox mount -o remount,rw /system
busybox mount -o remount,rw /system
busybox: permission denied
$
zergrush is'nt working any more - since 6.2.1
use:
http://forum.xda-developers.com/showthread.php?t=1410223
or with kfu:
http://forum.xda-developers.com/showthread.php?t=1458841
Thanks you, b63.
It worked.
glad to help ...
please mark the subject of the topic (edit first post) with [Solved]
Hello there!
My phone is an LG Optimus L3 E400r. I bought it as an unlocked phone, and it has a bunch of useless (to me) Rogers apps on it (Canada?).
Well, I've been through all the rooting threads I could find, even on other forums. All seem pretty good, but pretty much all of them only have dead links on them.
I managed to find:
SuperOneClick versions 2.3 and 1.7
Spectrum Windows
I think at least most if not all of the LG flashing utilities
and what I was hoping would be a useable .kdz ROM, which just crashed the LG flashing utility.
It seems any firmware above V10d isn't rootable on this phone. I've got V11e, which I only found one thread referencing, and it was by mistake.
Well, I'm getting fairly frustrated at this point. I don't mind getting into a terminal emulator and doing stuff by hand, if I knew what to do.
SuperOneClick just freezes at step 7
Spectrum gives me error messages, pointing to it not being able to remount the filesystem as writeable.
And, the LG utilities just crash when I try to load an older firmware. (following this guide: http://forum.xda-developers.com/showthread.php?t=1287236 )
I've disabled Kasperksy (it was false flagging SuperOneClick) and such.
So, not sure where else to go. Nice noob video. Yes, I'm a noob, but hopefully I can be a helpful one.
Alright,
Code:
C:\Users\Daniel\Desktop\s1c\ADB>adb push GingerBreak /data/local/tmp
2739 KB/s (16830 bytes in 0.006s)
C:\Users\Daniel\Desktop\s1c\ADB>adb shell
$ cd /data/local/tmp
cd /data/local/tmp
$ chmod 777 GingerBreak
chmod 777 GingerBreak
$ ./GingerBreak
./GingerBreak
[**] Gingerbreak/Honeybomb -- android 2.[2,3], 3.0 softbreak
[**] (C) 2010-2011 The Android Exploid Crew. All rights reserved.
[**] Kudos to jenzi, the #brownpants-party, the Open Source folks,
[**] Zynamics for ARM skills and Onkel Budi
[**] donate to [email protected] if you like
[**] Exploit may take a while!
[+] Plain Gingerbread mode!
[+] Found system: 0xafd183f9 strcmp: 0xafd38155
[+] Found PT_DYNAMIC of size 232 (29 entries)
[+] Found GOT: 0x00016378
[+] Using device /devices/platform/msm_sdcc.3/mmc_host
[*] vold: 0126 GOT start: 0x00016378 GOT end: 0x000163b8
chmod: not found
So, the last line is "chmod: not found", which seems strange considering I just used chmod.
This post says to get the chmod executable from another rom and install it... where though?