Originally Posted by GRZLA
I found a universal root method that may be able to help us, but I am no developer. This appears to work on a number of phones and tablets.
Tu use mempodroid you need the exit and call "offsets", this is the usage command for the Galaxy Nexus:
$ ./mempodroid 0xd7f4 0xad4b mount -o remount,rw '' /system
$ ./mempodroid 0xd7f4 0xad4b sh
Galaxy Nexus 4.0.2: 0xd7f4 0xad4b
Does anyone know how to obtain this parameters for the galaxy tab 2 ???
Using this post:
Originally Posted by Nesquick95
Saurik's mempodroid exploit needs offsets of "exit" and "setresuid" fuctions calls in order to work.
Here's a tool that may find this two offsets while running on your ICS device and give you the mempodroid command line to run for gaining a temporary root shell.
This tool doesn't add any capability to Saurik's exploit.
Please let me know if you have any idea for improvement.
Feel free to use this tool, at your own risks.
1- download and unzip
2- push the two binaries to /data/local/tmp with adb
3- chmod 755
4- run n95-offsets
5- copy / paste the command line given by the tool
If the trick works, you will see the $ prompt change to a # one.
Hope it will help.
I got this offsets for mempodroid:
n95-offsets by Nesquick95
Gets requiered offsets for mempodroid exploit
./mempodroid 0xd904 0xae5f sh
But when i try to copy the "su binary" file it still displays error
C:\Program Files (x86)\Android\android-sdk\platform-tools>adb push su /system/bin
failed to copy 'su' to '/system/bin/su': Read-only file system
Any clues... anyone ??