FORUMS

AOSP 5.1 Lollipop for Nexus Q

Google Nexus Q is an intriguing device released with Android 4.0 Ice Cream Sandwich. It was abandoned by … more

XDA Picks: Best Apps of the Week (Apr 17 – 24)

Apps are at the front and center of any smartphone experience, and with over a … more

Glimpse Notifications: Easier Lockscreen Notifications

Lollipop brought a revamp to the lockscreen, taking away custom widgets but … more

What Are the Best Looking Apps on Android?

As more developers are updating their apps with Material Design elements, we’re … more
Thread Closed Subscribe to Thread Email Thread

Can this Root Droid 3?

3rd August 2011, 07:03 PM |#171  
psouza4's Avatar
Recognized Developer
Flag Meridian, ID
Thanks Meter: 176
 
Donate to Me
More
Quote:
Originally Posted by effinay

I've been checking in on this thread for several days now and just wanted to give a huge THANK YOU to everyone who is working on rooting the D3!

I'm almost ready to renew my contract and am looking for an upgrade for my trusty rooted Eris and the D3 seems right up my alley.

KEEP UP THE GOOD WORK!!!!! Communities like these are the reason I'm sticking with Android.

I agree wholeheartedly. Hundreds others are probably lurking and anxiously waiting too -- we all greatly appreciate any and all efforts here. Go team!
 
 
3rd August 2011, 07:24 PM |#172  
PWn3R's Avatar
Senior Member
Flag Flagstaff
Thanks Meter: 182
 
Donate to Me
More
Quote:
Originally Posted by pplude

And in true form I keep poking around. adb exists, access is denied.

I loved "/system/bin/fsck_msdos" in /system/bin/vold
-------------------------------------------
Still going, I'll edit this post if I find anythign interesting here
-----------------------------
hey, I fount the encryption method in vold

"/dev/block/dm-%u crypt twofish %s 0 %s 0"
-----------------------------------------------
output of an export probe:

Code:
ANDROID_ASSETS
ANDROID_BOOTLOGO
ANDROID_DATA
ANDROID_PROPERTY_WORKSPACE
ANDROID_ROOT
ASEC_MOUNTPOINT
BOOTCLASSPATH
EXTERNAL_ALT_STORAGE
EXTERNAL_STORAGE
HOSTNAME
LD_LIBRARY_PATH
LOOP_MOUNTPOINT
PATH
PWD
---------------------------------
also, /tmp has write permissions. can someone PLEASE PLEASE PLEASE just copy a su binary from an X2 or Atrix?


Can we use the set to set the root directory to another location (say the SDCARD with a copy of the root FS long enough to execute an SU binary and then copy the required files into the real system directory running as root?
3rd August 2011, 07:54 PM |#173  
Senior Member
Throop
Thanks Meter: 78
 
More
Quote:
Originally Posted by PWn3R

Can we use the set to set the root directory to another location (say the SDCARD with a copy of the root FS long enough to execute an SU binary and then copy the required files into the real system directory running as root?

We would probably need chroot for this. Also the sdcard it mounted with noexec.
3rd August 2011, 08:12 PM |#174  
Senior Member
Flag Southbury, CT
Thanks Meter: 10
 
Donate to Me
More
Im thinking the /temp folder is probably our best bet for excecuting an exploit, as it has 777 permissions

Sent from my DROID3 using XDA App
3rd August 2011, 08:12 PM |#175  
PWn3R's Avatar
Senior Member
Flag Flagstaff
Thanks Meter: 182
 
Donate to Me
More
but if we tell it to mount the sdcard as root in / wouldn't it use the standard permissions for the / directory instead of those already assigned to sdcard?
3rd August 2011, 08:19 PM |#176  
Senior Member
Flag Oregon
Thanks Meter: 29
 
More
Newb question but why can't we sign a file as a "vender" and flash it in the vender flash mode? Or is that a dumb question?

Sent from my DROID3 using Tapatalk
3rd August 2011, 08:22 PM |#177  
Senior Member
Thanks Meter: 68
 
More
Quote:
Originally Posted by PWn3R

but if we tell it to mount the sdcard as root in / wouldn't it use the standard permissions for the / directory instead of those already assigned to sdcard?

You need root in order to do that.

I believe it is safe to say that there are no legitimate ways to load and elevate an executable. This leaves exploits. I looked through most of the exploits on cvedetails.com for the 2.6.35.7 kernel and none of them look promising as they either require modules that we don't have loaded, or they've been out long enough to have already been patched by Motorola when they built the kernel. The search continues...
3rd August 2011, 08:26 PM |#178  
Member
Thanks Meter: 4
 
More
So webtop does start just in its own sandbox?

Sent from my DROID3 using XDA App
3rd August 2011, 08:29 PM |#179  
Member
Thanks Meter: 16
 
More
If I were a Moto/dev, I would love to be watching you guys zero in on this. You guys are geniouses.
3rd August 2011, 08:48 PM |#180  
sparkyman216's Avatar
Senior Member
Thanks Meter: 7
 
More
What about the dbug file sits on sdcardex in transmits to Motorola. It called dbug.

Sent from my DROID3 using Tapatalk
Thread Closed Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes