Or Continue to Thread: [HOW-TO] Root FRGxx builds wit…
Find Your Device:
5th October 2010, 02:47 AM   |  #88  
Account currently disabled
Thanks Meter: 0
 
241 posts
Join Date:Joined: Jun 2010
1) Get rageagainstthecage-arm5.bin
http://stealth.openwall.net/xSports/...nstTheCage.tgz

2) Get Superuser.apk, busybox,su
http://dl.dropbox.com/u/1327667/freenexus.zip

3) Get the Android SDK (ADB)
http://dl.google.com/android/android...07-windows.zip

4a) Unzip android SDK (e.g. so that the tools folder is F:\ADB\)

4b) connect Nexus One with with "applications=>development=>USB debug enabled" (and install USB driver if necessary)

5) Unzip/unrar files within RageAgainstTheCage.tgz to F:\ADB\

6) Unzip/unrar files within freenexus.zip to F:\ADB\

7) Open command prompt go to F:\ADB

[7b) Verify that your nexus one is connected and responding - type "adb devices" it should list your N1

8) Now within the command prompt do the following (commands in bold - the rest gives you an indication of the results)

(Note: if you get $ instead of #, just go back and repeat the instructions from where it says $ ./rageagainstthecage. Worked like a charm on the second try for me.)


Quote:

F:\ADB>adb push rageagainstthecage-arm5.bin /data/local/tmp/rageagainstthecage
263 KB/s (5392 bytes in 0.020s)

F:\ADB>adb push Superuser.apk /data/local/tmp/Superuser.apk
263 KB/s (5392 bytes in 0.020s)

F:\ADB>adb push su /data/local/tmp/su
263 KB/s (5392 bytes in 0.020s)

F:\ADB>adb push busybox /data/local/tmp/busybox
263 KB/s (5392 bytes in 0.020s)

F:\ADB>adb shell chmod 700 /data/local/tmp/rageagainstthecage

F:\ADB>adb shell
$
$ cd /data/local/tmp
cd /data/local/tmp
$ ./rageagainstthecage
./rageagainstthecage[*] CVE-2010-EASY Android local root exploit (C) 2010 by 743C[*] checking NPROC limit ...
[+] RLIMIT_NPROC={3084, 3084}[*] Searching for adb ...
[+] Found adb as PID 64[*] Spawning children. Dont type anything and wait for reset![*][*] If you like what we are doing you can send us PayPal money to[*] 7-4-3-C[at]web.de so we can compensate time, effort and HW costs.[*] If you are a company and feel like you profit from our work,[*] we also accept donations > 1000 USD![*][*] adb connection will be reset. restart adb server on desktop and re-login.
$
F:\ADB>adb kill-server

F:\ADB>adb start-server
* daemon not running. starting it now *
* daemon started successfully *

F:\ADB>adb shell chmod 755 /data/local/tmp/busybox

F:\ADB>adb shell
#mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system

mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
# cd /data/local/tmp
cd /data/local/tmp
# ./busybox cp busybox /system/bin
./busybox cp busybox /system/bin
# chmod 4755 /system/bin/busybox
chmod 4755 /system/bin/busybox
# busybox cp Superuser.apk /system/app
busybox cp Superuser.apk /system/app
# busybox cp su /system/bin
busybox cp su /system/bin
# chmod 4755 /system/bin/su
chmod 4755 /system/bin/su
# exit

F:\ADB>adb shell
# su
su
#mount -o remount,ro -t yaffs2 /dev/block/mtdblock3 /system
mount -o remount,ro -t yaffs2 /dev/block/mtdblock3 /system
# exit
F:\ADB>exit

Last edited by nexusdue; 5th October 2010 at 06:17 PM.