FORUMS

Sony’s Emergence in The Middle: Is The Price Right?

Sony’s Electronics Division is not in its best days, and its smartphone … more

HTC Delivering Ads Straight to Sense Home

HTC’s 2015 has been a year marked by a desperate search for revenue.The HTC One M9 … more

Galaxy S6 & Edge get €100 Price Cut—New Models Incoming

Samsung has dropped the price of both the Galaxy S6 and S6 Edge by … more

How To Port Fully Featured Sony Xperia Z4 Camera

Xperia Z4’s hardware may not impress, but its software is definitely … more

Can this Root Droid 3?

133 posts
Thanks Meter: 20
 
By Deodexed, Senior Member on 30th July 2011, 11:35 PM
Thread Closed Subscribe to Thread Email Thread
3rd August 2011, 07:03 PM |#171  
psouza4's Avatar
Recognized Developer
Flag Meridian, ID
Thanks Meter: 179
 
Donate to Me
More
Quote:
Originally Posted by effinay

I've been checking in on this thread for several days now and just wanted to give a huge THANK YOU to everyone who is working on rooting the D3!

I'm almost ready to renew my contract and am looking for an upgrade for my trusty rooted Eris and the D3 seems right up my alley.

KEEP UP THE GOOD WORK!!!!! Communities like these are the reason I'm sticking with Android.

I agree wholeheartedly. Hundreds others are probably lurking and anxiously waiting too -- we all greatly appreciate any and all efforts here. Go team!
 
 
3rd August 2011, 07:24 PM |#172  
PWn3R's Avatar
Senior Member
Flag Flagstaff
Thanks Meter: 190
 
Donate to Me
More
Quote:
Originally Posted by pplude

And in true form I keep poking around. adb exists, access is denied.

I loved "/system/bin/fsck_msdos" in /system/bin/vold
-------------------------------------------
Still going, I'll edit this post if I find anythign interesting here
-----------------------------
hey, I fount the encryption method in vold

"/dev/block/dm-%u crypt twofish %s 0 %s 0"
-----------------------------------------------
output of an export probe:

Code:
ANDROID_ASSETS
ANDROID_BOOTLOGO
ANDROID_DATA
ANDROID_PROPERTY_WORKSPACE
ANDROID_ROOT
ASEC_MOUNTPOINT
BOOTCLASSPATH
EXTERNAL_ALT_STORAGE
EXTERNAL_STORAGE
HOSTNAME
LD_LIBRARY_PATH
LOOP_MOUNTPOINT
PATH
PWD
---------------------------------
also, /tmp has write permissions. can someone PLEASE PLEASE PLEASE just copy a su binary from an X2 or Atrix?


Can we use the set to set the root directory to another location (say the SDCARD with a copy of the root FS long enough to execute an SU binary and then copy the required files into the real system directory running as root?
3rd August 2011, 07:54 PM |#173  
Senior Member
Throop
Thanks Meter: 78
 
More
Quote:
Originally Posted by PWn3R

Can we use the set to set the root directory to another location (say the SDCARD with a copy of the root FS long enough to execute an SU binary and then copy the required files into the real system directory running as root?

We would probably need chroot for this. Also the sdcard it mounted with noexec.
3rd August 2011, 08:12 PM |#174  
Senior Member
Flag Southbury, CT
Thanks Meter: 10
 
Donate to Me
More
Im thinking the /temp folder is probably our best bet for excecuting an exploit, as it has 777 permissions

Sent from my DROID3 using XDA App
3rd August 2011, 08:12 PM |#175  
PWn3R's Avatar
Senior Member
Flag Flagstaff
Thanks Meter: 190
 
Donate to Me
More
but if we tell it to mount the sdcard as root in / wouldn't it use the standard permissions for the / directory instead of those already assigned to sdcard?
3rd August 2011, 08:19 PM |#176  
Senior Member
Flag Oregon
Thanks Meter: 62
 
More
Newb question but why can't we sign a file as a "vender" and flash it in the vender flash mode? Or is that a dumb question?

Sent from my DROID3 using Tapatalk
3rd August 2011, 08:22 PM |#177  
Senior Member
Thanks Meter: 68
 
More
Quote:
Originally Posted by PWn3R

but if we tell it to mount the sdcard as root in / wouldn't it use the standard permissions for the / directory instead of those already assigned to sdcard?

You need root in order to do that.

I believe it is safe to say that there are no legitimate ways to load and elevate an executable. This leaves exploits. I looked through most of the exploits on cvedetails.com for the 2.6.35.7 kernel and none of them look promising as they either require modules that we don't have loaded, or they've been out long enough to have already been patched by Motorola when they built the kernel. The search continues...
3rd August 2011, 08:26 PM |#178  
Member
Thanks Meter: 4
 
More
So webtop does start just in its own sandbox?

Sent from my DROID3 using XDA App
3rd August 2011, 08:29 PM |#179  
Member
Thanks Meter: 16
 
More
If I were a Moto/dev, I would love to be watching you guys zero in on this. You guys are geniouses.
3rd August 2011, 08:48 PM |#180  
sparkyman216's Avatar
Senior Member
Thanks Meter: 7
 
More
What about the dbug file sits on sdcardex in transmits to Motorola. It called dbug.

Sent from my DROID3 using Tapatalk
3rd August 2011, 08:49 PM |#181  
Senior Member
Thanks Meter: 130
 
Donate to Me
More
Quote:
Originally Posted by Adam.h.ogle

I believe it is safe to say that there are no legitimate ways to load and elevate an executable. This leaves exploits. I looked through most of the exploits on cvedetails.com for the 2.6.35.7 kernel and none of them look promising as they either require modules that we don't have loaded, or they've been out long enough to have already been patched by Motorola when they built the kernel. The search continues...

Trying to break root on the Xperia for the last few months, I came across this exploit: http://www.cvedetails.com/cve/CVE-2011-1495/

I havn't had time to program anything for it yet, but I know that the file in reference in the AOSP hasnt been touched in over a year. I think that this exploit might gain some ground if someone has time to work up a quick executable.

Read More
Thread Closed Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes