Thread Closed

Can this Root Droid 3?

3rd August 2011, 07:03 PM   |  #171  
psouza4's Avatar
Recognized Developer
Flag Meridian, ID
Thanks Meter: 169
 
270 posts
Join Date:Joined: Feb 2009
Donate to Me
More
Quote:
Originally Posted by effinay

I've been checking in on this thread for several days now and just wanted to give a huge THANK YOU to everyone who is working on rooting the D3!

I'm almost ready to renew my contract and am looking for an upgrade for my trusty rooted Eris and the D3 seems right up my alley.

KEEP UP THE GOOD WORK!!!!! Communities like these are the reason I'm sticking with Android.

I agree wholeheartedly. Hundreds others are probably lurking and anxiously waiting too -- we all greatly appreciate any and all efforts here. Go team!
3rd August 2011, 07:24 PM   |  #172  
PWn3R's Avatar
Senior Member
Flag Flagstaff
Thanks Meter: 40
 
169 posts
Join Date:Joined: Dec 2010
Donate to Me
More
Quote:
Originally Posted by pplude

And in true form I keep poking around. adb exists, access is denied.

I loved "/system/bin/fsck_msdos" in /system/bin/vold
-------------------------------------------
Still going, I'll edit this post if I find anythign interesting here
-----------------------------
hey, I fount the encryption method in vold

"/dev/block/dm-%u crypt twofish %s 0 %s 0"
-----------------------------------------------
output of an export probe:

Code:
ANDROID_ASSETS
ANDROID_BOOTLOGO
ANDROID_DATA
ANDROID_PROPERTY_WORKSPACE
ANDROID_ROOT
ASEC_MOUNTPOINT
BOOTCLASSPATH
EXTERNAL_ALT_STORAGE
EXTERNAL_STORAGE
HOSTNAME
LD_LIBRARY_PATH
LOOP_MOUNTPOINT
PATH
PWD
---------------------------------
also, /tmp has write permissions. can someone PLEASE PLEASE PLEASE just copy a su binary from an X2 or Atrix?


Can we use the set to set the root directory to another location (say the SDCARD with a copy of the root FS long enough to execute an SU binary and then copy the required files into the real system directory running as root?
3rd August 2011, 07:54 PM   |  #173  
Senior Member
Throop
Thanks Meter: 78
 
486 posts
Join Date:Joined: Aug 2008
More
Quote:
Originally Posted by PWn3R

Can we use the set to set the root directory to another location (say the SDCARD with a copy of the root FS long enough to execute an SU binary and then copy the required files into the real system directory running as root?

We would probably need chroot for this. Also the sdcard it mounted with noexec.
3rd August 2011, 08:12 PM   |  #174  
Senior Member
Flag Southbury, CT
Thanks Meter: 10
 
103 posts
Join Date:Joined: Jul 2011
Donate to Me
More
Im thinking the /temp folder is probably our best bet for excecuting an exploit, as it has 777 permissions

Sent from my DROID3 using XDA App
3rd August 2011, 08:12 PM   |  #175  
PWn3R's Avatar
Senior Member
Flag Flagstaff
Thanks Meter: 40
 
169 posts
Join Date:Joined: Dec 2010
Donate to Me
More
but if we tell it to mount the sdcard as root in / wouldn't it use the standard permissions for the / directory instead of those already assigned to sdcard?
3rd August 2011, 08:19 PM   |  #176  
Senior Member
Flag Oregon
Thanks Meter: 28
 
362 posts
Join Date:Joined: Nov 2010
More
Newb question but why can't we sign a file as a "vender" and flash it in the vender flash mode? Or is that a dumb question?

Sent from my DROID3 using Tapatalk
3rd August 2011, 08:22 PM   |  #177  
Senior Member
Thanks Meter: 68
 
164 posts
Join Date:Joined: Jul 2010
Quote:
Originally Posted by PWn3R

but if we tell it to mount the sdcard as root in / wouldn't it use the standard permissions for the / directory instead of those already assigned to sdcard?

You need root in order to do that.

I believe it is safe to say that there are no legitimate ways to load and elevate an executable. This leaves exploits. I looked through most of the exploits on cvedetails.com for the 2.6.35.7 kernel and none of them look promising as they either require modules that we don't have loaded, or they've been out long enough to have already been patched by Motorola when they built the kernel. The search continues...
3rd August 2011, 08:26 PM   |  #178  
Member
Thanks Meter: 4
 
60 posts
Join Date:Joined: Apr 2010
So webtop does start just in its own sandbox?

Sent from my DROID3 using XDA App
3rd August 2011, 08:29 PM   |  #179  
Member
Thanks Meter: 16
 
83 posts
Join Date:Joined: Jul 2011
If I were a Moto/dev, I would love to be watching you guys zero in on this. You guys are geniouses.
3rd August 2011, 08:48 PM   |  #180  
sparkyman216's Avatar
Senior Member
Thanks Meter: 7
 
154 posts
Join Date:Joined: Nov 2010
What about the dbug file sits on sdcardex in transmits to Motorola. It called dbug.

Sent from my DROID3 using Tapatalk

Thread Closed Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes