Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

[DEV] ICS rooting for kernel 10 users

OP Nesquick95

22nd April 2012, 09:39 AM   |  #1  
OP Member
Thanks Meter: 46
 
82 posts
Join Date:Joined: Jan 2009
I finally did it...

http://forum.xda-developers.com/show...6#post25157446

Now let's wait for ICS and hope that Sony's one will be built on a "good" kernel.
The Following 6 Users Say Thank You to Nesquick95 For This Useful Post: [ View ]
22nd April 2012, 11:25 AM   |  #2  
Senior Member
Thanks Meter: 897
 
684 posts
Join Date:Joined: Feb 2007
Donate to Me
looks very promising, great work Nesquick
maybe in a week (or little more..) we could test it in practice!
keep up the good work

br
condi
The Following 2 Users Say Thank You to condi For This Useful Post: [ View ]
23rd April 2012, 12:25 AM   |  #3  
ssojyeti2's Avatar
Recognized Themer
Flag North Miami Beach
Thanks Meter: 2,686
 
3,104 posts
Join Date:Joined: Jan 2011
Donate to Me
More
Not exactly sure what this does, but it seems important so good job
23rd April 2012, 02:25 AM   |  #4  
blambo's Avatar
Member
Thanks Meter: 26
 
72 posts
Join Date:Joined: Jul 2010
This should be very interesting. Thanks for continuing to stay with it.

Sent from my Sony Tablet S using xda premium
27th April 2012, 01:57 PM   |  #5  
Senior Member
Flag San Jose
Thanks Meter: 52
 
655 posts
Join Date:Joined: May 2009
More
Quote:
Originally Posted by Nesquick95

I finally did it...

http://forum.xda-developers.com/show...6#post25157446

Now let's wait for ICS and hope that Sony's one will be built on a "good" kernel.

But it seems we are unable to chmod without root. So this would require one of our rooted ICS friends to give us the offsets?

chmod not needed in recovery, but it doesn't get root:

Quote:

/sdcard/n95-offsets

n95-offsets by Nesquick95
Gets requiered offsets for mempodroid exploit

./mempodroid 0xd9ec 0xaf47 sh

1|@android:/system/bin $ /sdcard/mempodroid 0xd9ec 0xaf47 sh
/sdcard/mempodroid 0xd9ec 0xaf47 sh
1|@android:/system/bin $

Last edited by OCedHrt; 27th April 2012 at 02:21 PM.
27th April 2012, 05:51 PM   |  #6  
OP Member
Thanks Meter: 46
 
82 posts
Join Date:Joined: Jan 2009
Too bad...
Well... That's the copy of a successful session, taken from my Galaxy Nexus (see image attached).
Too bad if the exploit doesn't root our ICS release.
Can you please post your run-as (/system/bin/run-as) binary ? I'll try to get the offsets another way.
Attached Thumbnails
Click image for larger version

Name:	n95-offsets.jpg
Views:	443
Size:	36.3 KB
ID:	1027552  
27th April 2012, 07:54 PM   |  #7  
Senior Member
Thanks Meter: 897
 
684 posts
Join Date:Joined: Feb 2007
Donate to Me
Quote:
Originally Posted by Nesquick95

Well... That's the copy of a successful session, taken from my Galaxy Nexus (see image attached).
Too bad if the exploit doesn't root our ICS release.
Can you please post your run-as (/system/bin/run-as) binary ? I'll try to get the offsets another way.

I've managed to run your bin, got offsets, but still no root...:

Code:
n95-offsets by Nesquick95
Gets requiered offsets for mempodroid exploit

./mempodroid 0xd9ec 0xaf47 sh

and then:

Code:
shell@android:/ $ /data/local/tmp/mempodroid 0xd9ec 0xaf47 sh
/data/local/tmp/mempodroid 0xd9ec 0xaf47 sh
1|shell@android:/ $
The Following User Says Thank You to condi For This Useful Post: [ View ]
27th April 2012, 08:37 PM   |  #8  
OP Member
Thanks Meter: 46
 
82 posts
Join Date:Joined: Jan 2009
Really too bad
Sony's ICS is built on kernel 2.6.39, normally rootable by this exploit... Maybe they have patched it...
Need a copy of /system/bin/run-as binary to try finding offsets another way, as a last chance. My tablet hasn't got the update (unrootable kernel 10 - French region)
The Following User Says Thank You to Nesquick95 For This Useful Post: [ View ]
27th April 2012, 08:45 PM   |  #9  
Senior Member
Flag San Jose
Thanks Meter: 52
 
655 posts
Join Date:Joined: May 2009
More
Binary attached.

Since we're unable to chmod under normal boot (operation not permitted), the only way is to run under recovery. Is it possible that mempodroid doesn't work under recovery?
Attached Files
File Type: zip run-as.zip - [Click for QR Code] (42.0 KB, 70 views)
The Following 3 Users Say Thank You to OCedHrt For This Useful Post: [ View ]
27th April 2012, 11:23 PM   |  #10  
OP Member
Thanks Meter: 46
 
82 posts
Join Date:Joined: Jan 2009
The worst thing that could happend
I don't know if running in recovery can make mempodroid fail... It probably doesn't. But as you can see, Condi has run n95-offsets in "regular" /data/local/tmp without success.

I have verified the offsets in the run-as binary posted with IDA disassembler, the offsets returned by n95-offsets are the good ones.

I think Sony's 2.6.39 kernel is patched, the exploit won't work...



(Maybe) we will find an other one (some day)...
Last edited by Nesquick95; 28th April 2012 at 12:35 AM.

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes