Jump to content


Photo

[ROOT/UNLOCK] 4.4.2 182/183.46.10 RAZR HD/M *ONLY*


  • This topic is locked This topic is locked
615 replies to this topic

#21 SamuriHL

SamuriHL

    Android Warrior

  • Smod
  • 39,321 posts
  • Current Device(s):Pixel XL

Posted 03 June 2014 - 10:29 AM

That's not true at all.  You push the files once.  They are there every time.  You just execute the run.sh script and root is golden.  However, I'm told this root exploit definitively will not work on these builds so it's of no help.


5uWEQs7.jpg

 

Non potest esse nisi unus

 


#22 ibolski

ibolski

    Droid Master

  • Dedicated Supporter
  • PipPipPip
  • 535 posts
  • Twitter:iBolski
  • Google+:Ivan Samuelson
  • LocationColumbus, Ohio
  • Current Device(s):Samsung Galaxy S7

Posted 03 June 2014 - 10:39 AM

That's not true at all.  You push the files once.  They are there every time.  You just execute the run.sh script and root is golden.  However, I'm told this root exploit definitively will not work on these builds so it's of no help.

Sorry about that. I must have misread what the OP stated when he posted about this exploit. Okay. Well that would have been better, so you only had to "tether" once, to push the files to the phone.

 

Gotcha.

 

Yeah, still too bad it didn't work.


VZW Samsung Galaxy S7 Stock and unrooted running Marshmallow 46A, 32gb Nexus 7 unlocked
2cqd4t2.png


#23 livinginkaos

livinginkaos

    I don't know what I'm doing anymore.....

  • Administrator
  • 15,115 posts
  • Google+:Hangouts - livinginkaos@gmail.com
  • LocationOregon
  • Current Device(s):Samsung S8+ / Pixel XL 128gb / iPhone 7+ 256gb / iPad Pro 12.9" / Samsung Chromrbook Plus / Pixel C / Nexus 6p 128gb / Nexus 6 / Nexus 6 on Fi / Nexus 9 / Moto 360^2 / Nvidia Shield TV Pro / Nvidia Shield Tablet / HTC EVODesign on FreedomPop / Chromecast / Surface Pro 3 i7 / Samsung Tab Pro 12.2 / Lenovo Win8 Tab / Eee Slate / '13 Nexus 7

Posted 03 June 2014 - 10:42 AM

Yeah I had jcase on hangouts. We did some digging and the patch that they applied in the coming 4.4.3 builds is present in the 4.4.2 build on the xt907 and xt926.

Sent from my S-Offed One M8


  • SamuriHL and RikRong like this

b2wvCBn.png

Sig by livinginkaos
Samsung S8+ / Pixel XL 128gb / iPhone 7+ 256gb / iPad Pro 12.9" / Samsung Chromrbook Plus / Pixel C / Nexus 6p 128gb / Nexus 6 / Nexus 6 on Fi / Nexus 9 / Moto 360^2 / Nvidia Shield TV Pro / Nvidia Shield Tablet / HTC EVODesign on FreedomPop / Chromecast / Surface Pro 3 i7 / Samsung Tab Pro 12.2 / Lenovo Win8 Tab / Eee Slate / '13 Nexus 7


#24 SamuriHL

SamuriHL

    Android Warrior

  • Smod
  • 39,321 posts
  • Current Device(s):Pixel XL

Posted 03 June 2014 - 10:45 AM

Sorry about that. I must have misread what the OP stated when he posted about this exploit. Okay. Well that would have been better, so you only had to "tether" once, to push the files to the phone.

 

Gotcha.

 

Yeah, still too bad it didn't work.

 

Technically this is still wrong.  :p  If you had the zip file on your phone you could extract it and push the files in place through terminal.  No ADB required.  :)


  • ibolski likes this

5uWEQs7.jpg

 

Non potest esse nisi unus

 


#25 SamuriHL

SamuriHL

    Android Warrior

  • Smod
  • 39,321 posts
  • Current Device(s):Pixel XL

Posted 03 June 2014 - 10:47 AM

Yeah I had jcase on hangouts. We did some digging and the patch that they applied in the coming 4.4.3 builds is present in the 4.4.2 build on the xt907 and xt926.

Sent from my S-Offed One M8

 

I appreciate the effort from both of you for testing this.  I know this is going to get me called "naysayer" and piss off the "dreamers" more, but, given this development root for these devices went from unlikely to REALLY unlikely.


  • Thach and RikRong like this

5uWEQs7.jpg

 

Non potest esse nisi unus

 


#26 ibolski

ibolski

    Droid Master

  • Dedicated Supporter
  • PipPipPip
  • 535 posts
  • Twitter:iBolski
  • Google+:Ivan Samuelson
  • LocationColumbus, Ohio
  • Current Device(s):Samsung Galaxy S7

Posted 03 June 2014 - 02:43 PM

Man, it would be nice for those with locked devices to get root. Then we won't get all the "can I root my Kit Kat phone?" questions all the time!  :D


VZW Samsung Galaxy S7 Stock and unrooted running Marshmallow 46A, 32gb Nexus 7 unlocked
2cqd4t2.png


#27 SamuriHL

SamuriHL

    Android Warrior

  • Smod
  • 39,321 posts
  • Current Device(s):Pixel XL

Posted 03 June 2014 - 02:57 PM

Man, it would be nice for those with locked devices to get root. Then we won't get all the "can I root my Kit Kat phone?" questions all the time!  :D

 

Yes we would.  We'd just be able to point them to it.  Unfortunately, I don't think it's going to happen any time soon if ever.  


5uWEQs7.jpg

 

Non potest esse nisi unus

 


#28 SamuriHL

SamuriHL

    Android Warrior

  • Smod
  • 39,321 posts
  • Current Device(s):Pixel XL

Posted 05 June 2014 - 10:38 AM

Please Login or Register to see this Hidden Content

 

Another possible Linux kernel priv escalation bug.  I do not know if Android is impacted by it or whether it's been patched, but, one of the root demi-gods could potentially find a way to exploit this if it's in Android.


5uWEQs7.jpg

 

Non potest esse nisi unus

 


#29 xKroniK13x

xKroniK13x

    Member

  • Superuser
  • 284 posts
  • LocationAtlanta, GA
  • Current Device(s):Moto X 2014 Pure Edition || Motorola DROID RAZR M || Archos G9 101 || Microsoft Surface Pro 2 || Chromecast

Posted 09 June 2014 - 06:35 AM

Please Login or Register to see this Hidden Content

 

Another possible Linux kernel priv escalation bug.  I do not know if Android is impacted by it or whether it's been patched, but, one of the root demi-gods could potentially find a way to exploit this if it's in Android.

 

Looking at the released source code for the kernel update, it appears that it is not patched - or at least not patched following the instructions in the bug-reports. The problem is that you must first right the code you want to execute to a memory address, and this bug will then let you execute it. It is accessible via Chrome sandbox on Linux, which means it may be accessible using some sort of custom Android app. I imagine if it was this "easy," someone would have exploited this by now... but I am researching it. I have novice Linux knowledge, but if anything, it will be a good learning experience.


  • SamuriHL likes this
Moto X 2014 Pure Edition Unlocked on Pure Rooted 5.1
Motorola Droid Razr M Unlocked on Some ROM
Archos G9 101 Developer Edition on Cyanogenmod 11 4.4.3 Unofficial/Stable

#30 SamuriHL

SamuriHL

    Android Warrior

  • Smod
  • 39,321 posts
  • Current Device(s):Pixel XL

Posted 09 June 2014 - 06:39 AM

Looking at the released source code for the kernel update, it appears that it is not patched - or at least not patched following the instructions in the bug-reports. The problem is that you must first right the code you want to execute to a memory address, and this bug will then let you execute it. It is accessible via Chrome sandbox on Linux, which means it may be accessible using some sort of custom Android app. I imagine if it was this "easy," someone would have exploited this by now... but I am researching it. I have novice Linux knowledge, but if anything, it will be a good learning experience.

 

Nice!  Good luck with your research.  If you get stuck on something, maybe PM JCase and see if you can bounce some ideas off him.  He may or may not be open to that I don't know....but it's worth a shot.


5uWEQs7.jpg

 

Non potest esse nisi unus

 


#31 digdug1

digdug1

    Member

  • Members
  • PipPip
  • 89 posts

Posted 09 June 2014 - 12:37 PM

Good luck!

#32 xKroniK13x

xKroniK13x

    Member

  • Superuser
  • 284 posts
  • LocationAtlanta, GA
  • Current Device(s):Moto X 2014 Pure Edition || Motorola DROID RAZR M || Archos G9 101 || Microsoft Surface Pro 2 || Chromecast

Posted 11 June 2014 - 03:31 AM

So I've been researching more, but haven't had time to attempt to code anything... but here are my findings.

 

You can execute kernel commands via an Android application. It is generally used for things like System Tweaker, however, you should be able to access other commands than the init scripts, it's just calling a different file.

 

You cannot write code to be executed to a physical memory address (directly on the RAM) in Java, which is where this exploit needs to read from. Java uses a Java Virtual Machine (JVM) to manage the memory used within the app, for security reasons. This means that the app cannot be written in Java, which is what I'm most fluent in. I'm researching into language alternatives, as the app doesn't have to do anything but execute a couple of commands, and write a few lines of output.

 

I'll keep this thread updated with what I figure out this weekend. I'm still considering this just a theory, but it does still seem plausible.


  • digdug1, SamuriHL and Playb3yond like this
Moto X 2014 Pure Edition Unlocked on Pure Rooted 5.1
Motorola Droid Razr M Unlocked on Some ROM
Archos G9 101 Developer Edition on Cyanogenmod 11 4.4.3 Unofficial/Stable

#33 SamuriHL

SamuriHL

    Android Warrior

  • Smod
  • 39,321 posts
  • Current Device(s):Pixel XL

Posted 12 June 2014 - 05:18 AM

I suspect you can do it in C/C++ fairly trivially.

 

Please Login or Register to see this Hidden Content

 

That should get you set up.  While I've not done ANY programming on Android at all, I'm fluent in java, c, c++, and a variety of other languages so if you need help with something, hit me up in a PM and I'll see what I can do.  Looks like the exploit is alive on the S5, as well.

 

Please Login or Register to see this Hidden Content

 

GeoHot is well known in some circles.  He knows his stuff.  Maybe you can write it in such a way that it works on all the devices out there.  LOL :)


  • xKroniK13x likes this

5uWEQs7.jpg

 

Non potest esse nisi unus

 


#34 xKroniK13x

xKroniK13x

    Member

  • Superuser
  • 284 posts
  • LocationAtlanta, GA
  • Current Device(s):Moto X 2014 Pure Edition || Motorola DROID RAZR M || Archos G9 101 || Microsoft Surface Pro 2 || Chromecast

Posted 12 June 2014 - 02:08 PM

I suspect you can do it in C/C++ fairly trivially.

Please Login or Register to see this Hidden Content



That should get you set up. While I've not done ANY programming on Android at all, I'm fluent in java, c, c++, and a variety of other languages so if you need help with something, hit me up in a PM and I'll see what I can do. Looks like the exploit is alive on the S5, as well.

Please Login or Register to see this Hidden Content



GeoHot is well known in some circles. He knows his stuff. Maybe you can write it in such a way that it works on all the devices out there. LOL :)


Very good reads. I know of Geohot from when he jailbroke the PS3. very cool to see him still active, and very cool to see that a proof of concept has been achieved. I do believe that a well written app could be executed on a variety of phones that have this kernel exploit, which seems to be the bulk of them, since it is so new and listed as a not high priority threat... Time to start experimenting!

Sent from my XT907 using Tapatalk


Moto X 2014 Pure Edition Unlocked on Pure Rooted 5.1
Motorola Droid Razr M Unlocked on Some ROM
Archos G9 101 Developer Edition on Cyanogenmod 11 4.4.3 Unofficial/Stable

#35 SamuriHL

SamuriHL

    Android Warrior

  • Smod
  • 39,321 posts
  • Current Device(s):Pixel XL

Posted 12 June 2014 - 02:22 PM

Just know that it HAS been patched in 4.4.3.  But yea, if a generic exploit were written similar to Saferoot, a LOT of people would be very happy.  So, good luck.  :)


5uWEQs7.jpg

 

Non potest esse nisi unus

 


#36 Playb3yond

Playb3yond

    Member

  • Dedicated Supporter
  • PipPip
  • 75 posts
  • Current Device(s):Droid Razr Maxx HD

Posted 12 June 2014 - 02:23 PM

Patiently waits

Motorola Droid Razr Maxx HD



#37 SamuriHL

SamuriHL

    Android Warrior

  • Smod
  • 39,321 posts
  • Current Device(s):Pixel XL

Posted 12 June 2014 - 02:28 PM

Realistically, you may have quite some time to wait.  It's also possible that whatever exploit ends up being created for the S5 for whatever reason may not work on these phones.  I'd call for cautious optimism on this one.


5uWEQs7.jpg

 

Non potest esse nisi unus

 


#38 xKroniK13x

xKroniK13x

    Member

  • Superuser
  • 284 posts
  • LocationAtlanta, GA
  • Current Device(s):Moto X 2014 Pure Edition || Motorola DROID RAZR M || Archos G9 101 || Microsoft Surface Pro 2 || Chromecast

Posted 12 June 2014 - 03:14 PM

Realistically, you may have quite some time to wait.  It's also possible that whatever exploit ends up being created for the S5 for whatever reason may not work on these phones.  I'd call for cautious optimism on this one.

 

I tend to agree 100% with you. I see no reason why this hole in the kernel wouldn't work, but who knows realistically how hard this will be to exploit.


Moto X 2014 Pure Edition Unlocked on Pure Rooted 5.1
Motorola Droid Razr M Unlocked on Some ROM
Archos G9 101 Developer Edition on Cyanogenmod 11 4.4.3 Unofficial/Stable

#39 SamuriHL

SamuriHL

    Android Warrior

  • Smod
  • 39,321 posts
  • Current Device(s):Pixel XL

Posted 12 June 2014 - 03:16 PM

I tend to agree 100% with you. I see no reason why this hole in the kernel wouldn't work, but who knows realistically how hard this will be to exploit.

 

That's the trick.  I don't know enough about the exploit, but, it seems like there could be complications getting it to be generic.  I mean, look at JCase's implementation...works only on the X, Mini, Maxx, and Ultra.  So, we have no guarantee that any new implementation is going to work on anything but the phone it was designed for.


5uWEQs7.jpg

 

Non potest esse nisi unus

 


#40 SamuriHL

SamuriHL

    Android Warrior

  • Smod
  • 39,321 posts
  • Current Device(s):Pixel XL

Posted 13 June 2014 - 09:35 AM

Please Login or Register to see this Hidden Content

 

More news on the Pinkie Pie vulnerability.  Looks like someone is going to be looking into it soon.  Keep your fingers crossed.  LOL :)


5uWEQs7.jpg

 

Non potest esse nisi unus

 



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users