Root for Gingerbread

[aliasxerog]

Try this. Segfaulted for me, but someone else might be able to get it. thanks to @mjsalinger on twitter and |daver| on irc.

Full Disclosure: Linux kernel exploit

It will give you a temp root. From there anything is possible.

 

[currentweb]

I understand half of this, but what I do understand seems promising! Temp root is always the first step, and often the toughest part of getting a permanent one.
Good work, you never cease to amaze

 

[luigi90210]

if we had temp root couldnt we move the proper file needed to obtain root into the /system directory and set the proper permissions to them so we do have perm. root?

 

[milan616]

I don't have any ability to test this (and am not installing GB anyway), but this comment might help you alias.

Temporary workaround (for all distributions, not just openSUSE): echo 1 > /proc/sys/kernel/panic_on_oops This will now panic the machine instead of making it exploitable.
Maybe on our phones this value is set? Then again can we even make changes to /proc without root?

 

[Strikeir13]

Try this. Segfaulted for me, but someone else might be able to get it. thanks to @mjsalinger on twitter and |daver| on irc.

Full Disclosure: Linux kernel exploit

It will give you a temp root. From there anything is possible.

I'm willing to try, but I need a little more guidance...

Do I create a file with this text, name it 'full-nelson' and try executing it from adb shell?

Like I said, more than willing to try but some further instruction is necessary :/

 

[aliasxerog]

I don't have any ability to test this (and am not installing GB anyway), but this comment might help you alias.

Temporary workaround (for all distributions, not just openSUSE): echo 1 > /proc/sys/kernel/panic_on_oops This will now panic the machine instead of making it exploitable.
Maybe on our phones this value is set? Then again can we even make changes to /proc without root?

The value is set, but the exploit worked on my gentoo box with that set.

 

[WugFresh]

@aliasxerog
You the man, thanks for all your hard work on this!

{{ WugFresh }}

 

[Jaxidian]

Awesome! Hope this pans out!

 

[milan616]

Well I guess the only other comments I can make are from other things in the email chain. Is Econet compiled into our kernels? Seems that is the main requirement of this attack.

 

[DJxPanda]

Holy balls this is cool! Yes agreed that further guidance in this would be very cool. Id also be very down tp try this. Now. The question here is this. When does this root become not in effect? Is it when the device powers off? And when that happens would you be able to just run the exploit again to get rooted again? Also what kind of capabilities can we speculate about this? Rom flashes?

Sent from my DROIDX using DroidForums App

 

[aliasxerog]

Well I guess the only other comments I can make are from other things in the email chain. Is Econet compiled into our kernels? Seems that is the main requirement of this attack.

No idea, thats why we need to try it. I'm having issues compiling it though. (recent update borked my cross setup)

 

[patrykbaumbach]

Not sure if this will work.. Doesn't compile for me with arm-eabi- and if you look at the code it seems pretty x86 specific..

On my Debian box it compiles with gcc but fails on execution to gain root - but the comments state that it is patched on Debian and Ubuntu.

Anyone have luck compiling it for ARM?

 

[drewlamo1]

guy who made rageagainstcage exploit says in his adbtrickery #2 thread that he has completed the gingerbreak exploit but is waiting for more devices to be out in the wild before he release it.

maybe someone can get ahold of this guy somehow?

here is the link

C skills

its like 5 or 6 down in the jan posting

 

[aliasxerog]

**** like that pisses me off so goddamn much. If you made it stop waiving it in front of our faces and release the damn thing.

 

[drewlamo1]

next to the posted by and comments is a email icon, give it a try !

maybe he will email it to you and!