Related
Download rar file with apk:
dump.ru/file/5037798
or
depositfiles.com/files/7sh8g638s
rar password: cea69e0419
sha1sum of apk: 80ff2925e12b8d3f2e9c0cabd5b294e6556b2e3f
Archangel one-click-root from the Archaism Team
This will give you temporary or permanent root on your Archos 101 - firmware 2.0.71
Archos are kind enough to provide a SDE firmware which can allow root access,
but involves some significant changes to the system and they say that they will
invalidate your warranty if you install it. This is a bit frightening for new owners.
Archangel solves this with a painless one-click-root which you can uninstall at any time.
It does not use the SDE developer firmware.
This was specifically designed for the Archos 101 with firmware 2.0.71 - it may work on
other Archos devices or firmwares, but has not been tested and is not recommended for them.
If you find this application useful, please donate to those great forums who have given
the android root community so much. Encourage them to keep up their great work. We are
fans of C-Skills Blog, XDA Developers and Modaco Forum.
When installed, this app will use approx 10mb of storage space. Don't run it if you don't
have that much spare.
Usage Instructions:
1) Make sure you have 10mb of space available on the internal storage
2) Make sure you are connected on Wifi
3) Run the Archangel app
4) Click to install SuperUser application
5) Click to get root!
6) Check everything is working correctly, try an app which needs root
7) Once you have root you can tick the "Permanent" root option to always have root.
8) Party Hard!
To turn off root, either just reboot, or turn off permanent root and reboot if you had
enabled it.
To uninstall, just uninstall like any other app. You may also want to use the menu item
to clean up before you uninstall.
You can create a script in /sdcard/sdcard/extraroot.sh and this will be executed as root
whenver you reboot, so you can use this to do any additional root functions you want.
Enjoy!
does this work?
anyone try yet?
I have A70 so i'm not sure if this will work for me
ohh a video demo would be nice
I think this is a scam "Permanent" root is not possible because the filesystem is a read-only filesystem. But I can be wrong.
I'll download this and try to inspect it.
I hope this works, I really want to get Titanium Backup working.
Well I haven't tried yet, but did a quick analysis on the APK:
Permissions on the APK does not seem to be too fishy:
Storage: modify/delete SD card contents
System tools: view and change WIFI state
and automatically start at boot
APK contains superuser, su and ls binaries.
It Works
jsperri: I saw the same as you when I looked at it.
I did install it and it seems to be working. I was able to go su from the terminal and backup an app with Titanium Backup.
I can also confirm that if permanent root is checked this will still work after reboot. When I was looking at the app it looked like it plugged into the launcher process. So perhaps it is just starting just after android is loaded.
Although I have not verified, I suspect that /system is still read only because of squashfs.
What bothers me is first the dates within the apk are 29/2/2008 for all files.
Then the binaries su is a gzipped binary superuser is a gzipped superuser.apk BUT ls is not compressed.
Why do they need ls the ls of the ROM should work fine. I suspect a trojan but i'm not sure. I could be paranoid but a rar with passwords come on......
xdaAlan said:
jsperri: I saw the same as you when I looked at it.
I did install it and it seems to be working. I was able to go su from the terminal and backup an app with Titanium Backup.
I can also confirm that if permanent root is checked this will still work after reboot. When I was looking at the app it looked like it plugged into the launcher process. So perhaps it is just starting just after android is loaded.
Although I have not verified, I suspect that /system is still read only because of squashfs.
Click to expand...
Click to collapse
So xdaAlan your first post and you claim it works and what proof you can give us? screenshots maybe.....
I agree with extreme caution on files coming from the "wild" (my apologies to archaism1).
Permissions on the APK seems to be reasonably OK.
Like wdl1908 I was also puzzled about the files dates and the presence of ls binary.
Well, I'll run this Archangel beast on a resetted tablet and report here the results with proofs
The ls binary is definitely fishy I reexamined the rar file and the file dates for the readme.txt and the apk are 18/8/2009 whats up with that.......
jsperri said:
I agree with extreme caution on files coming from the "wild" (my apologies to archaism1).
Permissions on the APK seems to be reasonably OK.
Like wdl1908 I was also puzzled about the files dates and the presence of ls binary.
Well, I'll run this Archangel beast on a resetted tablet and report here the results with proofs
Click to expand...
Click to collapse
Thxs jsperri I don't have a spare unit and don't really want to reset my unit.
Does not seem to be doing much on my A32 test machine.
Just tested on my 70H, no root either ;(
What the application does is:
- install superuser apk
- does something while it says "please wait"
(ps on adb shell shows a
Code:
/tmp/ls 0x62c7a315 0x260de680
so ls may well be part of the exploit)
There is a checkbox "Permanent root" that probably just starts Archangel program on boot
(this is just my guess, based on the APK permission, and the fact there is little chance that the squashfs gets written)
Well, I'm pausing my investigation here, waiting for others feedback, hopefully positive.
There is a screenshot of the application here along with a comment from a user saying it worked on an Archos 70 IT.
hi,
i haven't been very careful about trojan risks, but i installed it on my 70it and it works!
how can i know if a trojan is instaled?
toutiwai said:
hi,
i haven't been very careful about trojan risks, but i installed it on my 70it and it works!
how can i know if a trojan is instaled?
Click to expand...
Click to collapse
Was WIFI enabled ?
How long does it take after the button says "Please wait" ?
What's next step on screen ?
Regarding the trojan risk, it's hard to say, you'd eventually want to run tcpdump to log for internet traffic on the tablet when the program is running. Also check if there are programs left (appart from Superuser) after uninstalling Archangel.
note: after install, i didn't asked to be "permanent root", but it launches "archangel" at startup anyway (but no root if i don't ask for)
wifi enabled: yes, enabled AND connected, if not it can't get "root"
how long? if wifi connected, say... 15-25 sec...
next step: nothing, the button "install root" changes in "i'm root" or something like this...
note: i had "superuser" already installed (but not rooted) before installing archangel, so it didn't asked me to install superuser
i'll try to be more precise next time if important...
archaism1,
Can you please give us some details on Archangel program, how the exploit works, why is Wifi necessary ? It would be great to trust this new tool, but it's difficult without having more details on a program coming from a dump archive and not a very well know author...
archaism1 said:
....
Archangel one-click-root from the Archaism Team
This will give you temporary or permanent root on your Archos 101 - firmware 2.0.71
Archos are kind enough to provide a SDE firmware which can allow root access,
but involves some significant changes to the system and they say that they will
invalidate your warranty if you install it. This is a bit frightening for new owners.
Archangel solves this with a painless one-click-root which you can uninstall at any time. It does not use the SDE developer firmware.
...
Click to expand...
Click to collapse
Will this work on my archos 43 Internet tablet ? Anyone brave to test and report.
http://www.appbrain.com/app/root-checker/com.joeykrim.rootcheck
anyone tried root-checker after trying this "1-click-root"? to check that it does what it claims?
I'd love to believe this, but i'm naturally sceptical.
i just tried (archos 70IT), and "rootchek" says it's ok
well at least that is promising , thanks
Here's my problem,
I had the Droid 2 with stock ROM rooted and all was well. My phone installed the Gingerbread ROM (4.5.601) when Verizon pushed it out a few days ago. Thankfully, this did not totally jack up my phone. However, I no longer have root access.
I have tried three different 1 click root methods for the Gingerbread ROM but none of them worked. I tried un-rooting and re-rooting with one clicks and that's not working. I tried manually removing the Superuser app and rooting, no joy.
The one clicks are connecting with the phone but the phone does not seem to want to allow access to change files.
Before anyone asks, YES I have the drivers installed and the connection with the PC is good. I have attempted to run the 1 click roots in "charge only" AND "PC Mode". Debugging is on and I am set to allow non-market applications.
Suggestions?
Thanks,
Tracker
Update: in trying to manually remove old superuser file with adb shell, I just can't seem to get the # prompt to execute the commands even after running Pete Souza's exploits.
suggestions?
Hope somebody comes up with an answer - same thing happened to me.
did you use the d3 root method? thats the only one that works 100% on gingerbread.
Yes. I used the "Pete's Motorola Root Tools.exe" program on Win7:
psouza4.com/droid3/#root
I also followed the "Droid X Notes" section at the bottom even though I have the D2 and I'm not able to get the "adb shell" ending with #.
SOS!!
Thank you for such a clear, concise post! I am in the same boat with no luck. I used the one click root for D3 which says it will work for a number of Android phones, including the D2 Global, but is NOT working with my D2. I have run the application two times and both times it went through the entire process, rebooted my phone three times and said success but...no success... I am sooo bummed as the only way I get internet at home is via Wireless Tether which I can no longer use because I do not have Root access!
Desperate in Cool (the name of the town I live in), I need help!!
Thanks in advance,
Jeni
Yeah, still no joy here. I've retried everything that I mentioned in the OP and still can't get the # so I can execute an un-root and/or re-root as described on Pete's website.
I've tried it on both a Win XP and a Win 7 machine.
Anyone have any suggestions? It appears the D2 Gingerbread firmware doesn't want to allow permissions to modify certain portions that were allowed before.
Success
I didn't so much fix the problem as hit it with a bat until it shattered, then rebuilt it.
My fix was to SFB the phone back to Froyo with factory defaults, activate it with Verizon (at this point I have no software added or accounts set up on it so obviously no root), apply the OTA update to GB, perform the 1-click Root which worked this time, then setup my google accounts and install Titanium Backup which I had previously used, and restored all my data from it.
At this point I'm getting some force-close errors which I'm sure are related to the Titanium restore but I was able to ADB Shell in and SU so I know I have rooted it properly and at the very least I will do another clean wipe and restore individual applications one at a time so I know which aren't working right and go from there.
Good luck everyone!
My fix was to SFB the phone back to Froyo with factory defaults, activate it with Verizon (at this point I have no software added or accounts set up on it so obviously no root), apply the OTA update to GB, perform the 1-click Root which worked this time, then setup my google accounts and install Titanium Backup which I had previously used, and restored all my data from it.
Click to expand...
Click to collapse
I kinda figured that this would work. I'm trying to avoid a full nuke of the phone, but so far it appears that this is the only work around.
Anyone else got a plan?
Only option I was going to provide was SBF to 2.3.2 with RSDlite and re-flash the OTA, then run the Droid3 exploit.
I have a D2G and I had the exact same problem. I did an OTA upgrade without un-rooting (I was earlier rooted using z4root). I had a long discussion with Pete Souza, the guy who created 1-Click root. And he agreed to help me out. He did a remote to my computer and rooted my D2G. I am going to try to reproduce all the steps here.
Situation: Was rooted using z4root. Had Superuser and su binary both on my phone but root was not recognized by titanium Backup, SetCPU, etc.
Resolution:
Run Psouza's 1-cick root http://www.psouza4.com/droid3 (ensure u have motorola drivers)
First try the Root, and if that does not work only then continue with the following steps. I got an error after step 3 which said the phone cannot be rooted (or something like that). The first two steps were a success.
Now that the root is not working, run the Temp ADB Root from the same app. In my case even that failed - but Pete said that ignore the failure message.
Now, I need to delete the su and busybox which are leftovers from the earlier root.
Open a command prompt in the support_files folder where adb is located.
Get into the shell by typing: "adb shell"
type "/system/xbin/su"
This will pop-up a prompt on your phone to allow Superuser access - just click Okay.
The $ sign will change to #
Now type "busybox mount -o remount,rw /dev/block/mtdblock3 /system"
now type "cd /system/bin" This is where your su and busybox are.
Type "rm su"
Type "rm busybox"
After this just exit out of everything and run the 1-click root again. It should work now.
======================
All credits to psouza www.psouza4.com
======================
drumster said:
I have a D2G and I had the exact same problem. I did an OTA upgrade without un-rooting (I was earlier rooted using z4root). I had a long discussion with Pete Souza, the guy who created 1-Click root. And he agreed to help me out. He did a remote to my computer and rooted my D2G. I am going to try to reproduce all the steps here.
Situation: Was rooted using z4root. Had Superuser and su binary both on my phone but root was not recognized by titanium Backup, SetCPU, etc.
Resolution:
Run Psouza's 1-cick root http://www.psouza4.com/droid3 (ensure u have motorola drivers)
First try the Root, and if that does not work only then continue with the following steps. I got an error after step 3 which said the phone cannot be rooted (or something like that). The first two steps were a success.
Now that the root is not working, run the Temp ADB Root from the same app. In my case even that failed - but Pete said that ignore the failure message.
Now, I need to delete the su and busybox which are leftovers from the earlier root.
Open a command prompt in the support_files folder where adb is located.
Get into the shell by typing: "adb shell"
type "/system/xbin/su"
This will pop-up a prompt on your phone to allow Superuser access - just click Okay.
The $ sign will change to #
Now type "busybox mount -o remount,rw /dev/block/mtdblock3 /system"
now type "cd /system/bin" This is where your su and busybox are.
Type "rm su"
Type "rm busybox"
After this just exit out of everything and run the 1-click root again. It should work now.
======================
All credits to psouza www.psouza4.com
======================
Click to expand...
Click to collapse
IMO this instruction should be stickied.
This worked perfectly on my wife's D2G. Rooted Gingerbread = a good start to the day!
Awesome! Thanks!
Just wanted to say I think i love you...this worked for me after two tries on my Droid 2.
First time I was able to remove su and busybox...then when I applied the one click root again, it said there were a bunch of errors but still succeeded. After the reboot I didn't get superuser access yet so I went through deleting su and busybox again (but busybox wasn't found)
The second time i decided to restart my phone before running the script again and when attempting to verify if su was still installed by going into adb shell...it said my phone was already rooted.
Thanks!!
Awesome!
Thanks! This worked for me as well! (after additional reboot)
Good Info but one problem for me
Since I did the OTA Gingerbread, I cannot get into debugging mode. I have uninstalled the Moto drivers & reinstalled using my administrator profile on Windows 7. I have also sbf my phone. Wipe cache. Factory reset. Activate service (NOT download or sync w/ google). OTA Gingerbread. This is on a regualr D2. Anyone have any ideas on how I can get into debugging mode. Otherwise I can't do anything.
Thank you!
I am so glad I found this post and the directions posted by drumster. I had previously used z4root and had not unrooted before allowing the Gingerbread upgrade. Pete's application fixed my Droid 2 on the first attempt; no other steps were needed.
Thanks again,
Andrew
awesome
psouzas 1 click worked for me. Droid 2. previously had rooted with deroot method until it updated by itself to gingerbread which broke root.
enabled usb debugging
in pc mode, clicked on souza's link and followed instructions
i have win 7 64 bit computer
It works
I just got it to work. I was on rooted froyo. Sbf'd back to stock froyo. Downloaded and installed OTA G bread. Then I had to run the D3 one click root method twice but the 2nd time it worked fine.
I want to root my A7+ WITHOUT installing someone elses custom rom. I just want it rooted long enough that I can push GAPPS onto it. Is there any special trick with Elocity A7+ ??
Will I only be able to do this with earlier versions from Elocity?
The reason I want to do it this way is twofold.
1) I want EVERTHING to keep working.
2) I don't want Superuser snoops.
I can work with ./adb shell on this Linux or it would be even better for someone to show me how to COMPILE the newly released source from Elocity.
Thank you all !!
Dan
as shown in this thread http://forum.xda-developers.com/showthread.php?t=1431967 you could use Z4root.apk
It allows for temporary root
Cheers !
Yes Thanks . I did Z4Root PERMANENT. Did my thing and then turned off root .
I remembered just before coming back to post here. I never used ./adb shell push this time. Couldn't get RW with ./adb so I just copied from GAPPS folder to /system/app/ using Root Explorer.
First time I copied TOO MUCH AND IT WAS IN ENDLESS LOOP.
I repaired and then copied the important stuff...Installed Gmail and then rebooted.
All is well after reboot. But I had to go through Wizard again. Now running everything !!
Dan
another thing that i find funny about this new setup is that bluetooth and foursquare only run when while im rooted????
if i turn off root they dont work
So as I said in my last post, BLUETOOTH only works while rooted. (after having rooted once) So, I wanted to use BLUETOOTH with a new keyboard. I removed Z4root, but left Superuser running in the background. Well , once again, everything seemed to run great for a week, but then things went south. I was getting a reboot loop type thing, about 5 times before it would finally boot up.
I'm not sure, but is suspect this leaves you wide open to a virus or other malicious garbage. So now I'm back to factory with no Gmail or Youtube but I'm finding workarounds.
Dan
So I have rooted my N910H using cf autoroot. Never used adb or anything else on it, but, suddenly earlier today out of nowhere I got a permission request for "ADB Shell UID" and as soon as I granted the permission I got lots of notifications telling me what adb shell uid was doing because of that permission...
So I kinda scared and decided to deny it. As soon as I denied it, I got all the notifications about how adb shell uid couldn't perform different tasks because of the denial.
I tried to google but I found nothing about it.
Now does anyone know what that was about and if I should grant permission again or should I keep it denied..? If it's not a good thing how am I supposed to get rid of it?
Yeh I am getting exactly the same thing, didn't use CF AutoRoot though
probably spyware payload unpacking itself. once your rooted you have no protections. cant do anything about it.
Thanks to @kryz who managed to generalize the Dirty Cow exploit, XT1528 now has a way to get temporary root : link Notice that the /system will still be read-only, but at least full access to /data is available. Given the state of XT1528, this looks like a pretty good progress!
Steps to get temp root (in Lollipop):
0) uninstall SuperSu apk if you have it installed, see thisfor the reason to uninstall
1) install Croowt.apk, use the 2nd option in the menu : "Get root"
2) install SuperSu apk from the playstore (don't update the binary)
3) install RootChecker apk from the playstore
4) enjoy temporary root (until hard reboot)
I've tested this on 5.0.2, but should probably work on 5.1.1 as well (as long as it was not patched since the end of Oct). Here is the output of Root Checker (where everything looks nice and green !) :
Device: XT1528 (MOTO E Verizon prepaid)
Android Version: 5.0.2
Additional - SELinux
Status: NOT enforcing
Status stored in /sys/fs/selinux/enforce
SuperSu works (untill hard reboot) !!!
@9acca9, @dreyeth, @Whoareyou, @bendrexl, @docna, @caspar347, @Dishe, @hp79
This is great!
Thank you @kryz
I achieved the same with AT&T variant, but very unstable though. Reboots etc.. after so long
jcpowell said:
I achieved the same with AT&T variant, but very unstable though. Reboots etc.. after so long
Click to expand...
Click to collapse
This looks like the old Kingroot behavior - temp root which is highly unstable. Once after a Kingroot attempt I had to factory reset the device due to the "junk" left behind, at least here it's all nice and clean ! I wonder if forcing a soft reboot right after root may help to make it more stable ... Or perhaps something else is going on ?
No idea if anyone is looking into unlocking this phone's bootloader still but hopefully this leads to it. Happened with my Droid Turbo. The initial process was use Kingroot for temp root and sunshine to unlock.
Tried sunshine and after second test it gives an error. Won't even try
jcpowell said:
Tried sunshine and after second test it gives an error. Won't even try
Click to expand...
Click to collapse
The root is very clean - after a hard reboot there won't be a single trace of anything (ha-ha, not so good if one wants a permanent solution!) So reboot, and repeat the process, see what Sunshine does. Kingroot was nasty, leaving tons of trash behind.
Perhaps, you just delete Sunshine data, and launch it again?
I've reported the issue to the developer of the rooting method, perhaps there could be tweaks to make the root more stable : link
bibikalka said:
The root is very clean - after a hard reboot there won't be a single trace of anything (ha-ha, not so good if one wants a permanent solution!) So reboot, and repeat the process, see what Sunshine does. Kingroot was nasty, leaving tons of trash behind.
Perhaps, you just delete Sunshine data, and launch it again?
I've reported the issue to the developer of the rooting method, perhaps there could be tweaks to make the root more stable : link
Click to expand...
Click to collapse
There is a bug if you have SuperSU is installed before get the root, the restore init function will not work properly.
So the instructions in this post should be changed, and clarify that is required uninstall it.
Also ive fixed another bug related to clean the state of the system, the apk is updated in the main post.
Really after the restore clean the phone should be in a clean state, but if supersu is installed i don't know why is denying the access to the app.
Can you check this issue please?
@kryz I'm actually finding it more unstable with the updated app.
I am also having the reboot issue just after root.
Just tried the newest apk, and no reboot, but phone is laggy and unresponsive.
Uninstalled SuperSU,
Phone: XT1528, 5.1
Android Security Patch level: 2016-04-01
System Version: 23.201.2.surnia_verizon.verizon.en.US.vzw
I just attempted again, and I forgot to mention that just after I reinsert the sdcard, i get a warning that CRooWt is not responding with a Wait or Close prompt. Wait just caused another reboot.
Great work @kryz, i know you will get it sorted out. Please let me know how I can help.
Idk, as soon as I attempt to use my phone after root it freezes and reboots. If I let it sit it'll last an hour at least, lol
jcpowell said:
@kryz I'm actually finding it more unstable with the updated app.
Click to expand...
Click to collapse
Let's see what's going on
-Are you using the apk or adb script?
-If you use the apk and don't restore init what happens?
-If you restore init is laggy or reboot?
-Can you try the adb script and tell me if you also get a reboot?
-Finally if you can attach these files:
/sdcard/init.dmp
/sdcard/init.patch
Regards,
---------- Post added at 01:33 AM ---------- Previous post was at 01:16 AM ----------
fenlon said:
I am also having the reboot issue just after root.
Just tried the newest apk, and no reboot, but phone is laggy and unresponsive.
Uninstalled SuperSU,
Phone: XT1528, 5.1
Android Security Patch level: 2016-04-01
System Version: 23.201.2.surnia_verizon.verizon.en.US.vzw
I just attempted again, and I forgot to mention that just after I reinsert the sdcard, i get a warning that CRooWt is not responding with a Wait or Close prompt. Wait just caused another reboot.
Great work @kryz, i know you will get it sorted out. Please let me know how I can help.
Click to expand...
Click to collapse
First about the sdcard, i will look after that bug that i know what's happening,please don't remove/mount/umount for now.
Do you have a computer to do some checks?
You say that with the new version there is not reboot but laggy, can you check if there is some process eating the cpu with top:
Code:
/data/local/tmp/busybox top
I suspect there is the last process restauring init that is eating the cpu, check for this or ;
Code:
ps | grep dirtycow
If that is the case kill it and we will know if is the responsible of that lag.
In other hand can you attach these files:
/sdcard/init.dmp
/sdcard/init.patch
Guessing that you are using the apk, what happen if you don't restore init?
Is laggy or just unstable, don't start wifi/bluetooth you can't change settings are like locked.
Have you tried the script adb version, can you try and tell me if you have the same issue?
Best regards,
Let's see what's going on
-Are you using the apk or adb script?
Apk
-If you use the apk and don't restore init what happens?
It freezes and reboots
-If you restore init is laggy or reboot?
Laggy before freezing then ultimately reboots
-Can you try the adb script and tell me if you also get a reboot?
I'm give it a shot in a bit. Was a bit unsure on how.
-Finally if you can attach these files:
/sdcard/init.dmp
/sdcard/init.patch
Here are the files
https://drive.google.com/folderview?id=0B26uDxbLACN6V2IzM1VvOTlnNk0
@kryz
jcpowell said:
Let's see what's going on
-Are you using the apk or adb script?
Apk
-If you use the apk and don't restore init what happens?
It freezes and reboots
-If you restore init is laggy or reboot?
Laggy before freezing then ultimately reboots
-Can you try the adb script and tell me if you also get a reboot?
I'm give it a shot in a bit. Was a bit unsure on how.
-Finally if you can attach these files:
/sdcard/init.dmp
/sdcard/init.patch
Here are the files
https://drive.google.com/folderview?id=0B26uDxbLACN6V2IzM1VvOTlnNk0
@kryz
Click to expand...
Click to collapse
You told me before, that you got root little bit unstable but you got with the first version?
I attach a new version with some changes reverted and i think will work, tell me if you get root.
In this version doesn't ask for restore when is finish but you can do it after in tools/restore init.
kryz said:
You told me before, that you got root little bit unstable but you got with the first version?
I attach a new version with some changes reverted and i think will work, tell me if you get root.
In this version doesn't ask for restore when is finish but you can do it after in tools/restore init.
Click to expand...
Click to collapse
Got root, but still lags a bit and reboots within minutes if I attempt to open apps etc.. unless I clean init afterwards. Then I get a bit more stability, but still reboots.
jcpowell said:
Got root, but still lags a bit and reboots within minutes if I attempt to open apps etc.. unless I clean init afterwards. Then I get a bit more stability, but still reboots.
Click to expand...
Click to collapse
The last check i think is try the adb script because is not using the same method.
In the apk im hijacking fsck_msdos and i don't release it, is possible that the phone detected to much time in the process and reboot it?
Have you try only check permissions, not get root, and just work with the phone to see if you get rebooted anyways, if you get rebooted i need to clean the fsck_msdos process (the sdcard check).
Thank you for testing
kryz said:
The last check i think is try the adb script because is not using the same method.
In the apk im hijacking fsck_msdos and i don't release it, is possible that the phone detected to much time in the process and reboot it?
Have you try only check permissions, not get root, and just work with the phone to see if you get rebooted anyways, if you get rebooted i need to clean the fsck_msdos process (the sdcard check).
Thank you for testing
Click to expand...
Click to collapse
Yea it reboots in the check as well.
---------- Post added at 04:36 AM ---------- Previous post was at 04:05 AM ----------
I'm a little confused on the ADB. Where exactly am I extracting the rar? Onto my device internal SD?
jcpowell said:
Yea it reboots in the check as well.
---------- Post added at 04:36 AM ---------- Previous post was at 04:05 AM ----------
I'm a little confused on the ADB. Where exactly am I extracting the rar? Onto my device internal SD?
Click to expand...
Click to collapse
If it reboots just checking permissions the problem is the fsck_msdos process not the shellcode in init, i saw in the files that you attach all is ok.
I've updated the apk in the main post, now it will release the sdcard, please check that version in the same way, first before get root, click "check perm" wait to see the results and work with the phone to see if reboots again for a while.
If all is working with "check perm" and you don't get reboot, try get root, is very probably that now doesn't reboot.
I think with the adb script will work because it overwrites run-as, anyways ive updated the apk for release the sdcard check process and it'll return ok status.
The instructions for the rar and adb.
First you need adb installation in your computer, i mean connectivity with the device via adb.exe.
When you have adb working you need to put all the content of the rar in the path /data/local/tmp/.
So extract the rar in your computer in a folder and with adb push copy all the files to that folder:
(in the folder of the rar contents)
Code:
adb push * /data/local/tmp/
Then get a shell with adb:
Code:
adb shell
Execute the script to exploit it:
Code:
cd /data/local/tmp
./exploit.sh
Wait the logs and if all is ok execute:
Code:
run-as -s2
Wait 5 seconds and:
Code:
su
If all is ok you will have a root shell, this method is more stable even doesn't clean the init you can do it in the app, but test all before.
That last apk causes me immediate reboot. Maybe it was not the fsck_msdos cause I was able to do a check and not get a reboot with the debug apk you gave me. I am trying the adb method but I think I am messing up some steps. Will let you know when I get through it.
@kryz I should have some time tomorrow to test the shell commands. Thank you again for taking your time to do this.