$ ./mempodroid 0xd7f4 0xad4b mount -o remount,rw '' /system
$ ./mempodroid 0xd7f4 0xad4b sh
Galaxy Nexus 4.0.2: 0xd7f4 0xad4b
Does anyone know how to obtain this parameters for the galaxy tab 2 ???
Using this post:
Saurik's mempodroid exploit needs offsets of "exit" and "setresuid" fuctions calls in order to work.
Here's a tool that may find this two offsets while running on your ICS device and give you the mempodroid command line to run for gaining a temporary root shell.
This tool doesn't add any capability to Saurik's exploit.
Please let me know if you have any idea for improvement.
Feel free to use this tool, at your own risks.
1- download and unzip
2- push the two binaries to /data/local/tmp with adb
3- chmod 755
4- run n95-offsets
5- copy / paste the command line given by the tool
If the trick works, you will see the $ prompt change to a # one.
Hope it will help.
n95-offsets by Nesquick95
Gets requiered offsets for mempodroid exploit
./mempodroid 0xd904 0xae5f sh
C:\Program Files (x86)\Android\android-sdk\platform-tools>adb push su /system/bin
failed to copy 'su' to '/system/bin/su': Read-only file system