5,597,871 Members 38,788 Now Online
XDA Developers Android and Mobile Development Forum

[Root/Write Protection Bypass] Droid Ultra/Maxx/Mini

Tip us?
 
jcase
Old
(Last edited by jcase; 18th September 2013 at 03:36 PM.)
#1  
jcase's Avatar
Forum Moderator / Senior Recognized Developer - Taco Vendor - OP
Thanks Meter 5442
Posts: 3,077
Join Date: Feb 2010
Location: Sequim WA

 
DONATE TO ME
Default [Root/Write Protection Bypass] Droid Ultra/Maxx/Mini

Warning:
I will not be responsible for damage to your device(s) by using this exploit. Antivirus software and Play services will likely detect this as potentially malicious. It is an exploit, deal with it or don't use it. Do not mirror these applications without my permission!


PwnMyMoto is a replacement for my previously released MotoRoot. PwnMyMoto exploits three vulnerabilities, to gain root access, then to gain write to system. This is a traditional root, and doesn't use any 'hackery' to maintain su access unlike MotoRoot.

First we use bug 9695860 (aka second masterkey) to gain system user, then it uses a symlink attack to gain root access. After gaining root we exploit a flaw in the bootloader, allowing us to bypass the write protection applied to system. In the process we remove stock recovery, so OTAs will not be a worry.

Install PwnMyMoto by running:
Quote:
adb install -r PwnMyMoto-<version and model go here>.apk
Then run PwnMyMoto, depending on the current root status of your phone it will reboot 2 or 3 times, after the last reboot it will uninstall it self and su will be installed on the actual system partition. Please install SuperSu from the market after this step is done.

We have two (ok more but were not going into that) boot modes. First is normal, which boots regular Android, and in this case boots with system write protected. Second is recovery mode, normally it boots recovery without write protection. Our exploit will hijack recovery bootmode and boot Android without write protection.

After running this exploit, if you boot normally /system will be write protected. If you boot to "recovery", Android will boot without write protection. If you wish to edit system, you must boot into "recovery" to do so, any changes made will stick and will work in either bootmode. My suggestion is to make your changes in "recovery" and run the device day to day in normal mode, until we are certain "recovery" mode will be 100% stable for day to day use.

The exploit will uninstall itself after successful exploitation.

To see if write protection is applied, you can run:
Quote:
adb shell getprop ro.boot.write_protect
If it returns '1' then write protection is applied to /system, if it returns '0' then no write protection has been applied.

In the future we will have a replacement recovery, but at this time it is still in development. Enjoy.

Change Log:

1.4.3 allows detection of failed su installation (0 size su) and reinstallation)

1.4.1 adds reliability, and fixes issues for users when improper permissions are applied to su (Preventing updates).

1.2 - Bug fix for devices which had recieved OTAs.

If you used 1.1 and have a problem with recovery coming back, run the following command:
Quote:
adb shell su -c "dd if=/dev/block/platform/msm_sdcc.1/by-name/boot of=/dev/block/platform/msm_sdcc.1/by-name/recovery"
1.1 - initial release
Attached Files
File Type: apk PwnMyMoto-1.4.3-Droid.apk - [Click for QR Code] (309.2 KB, 15214 views)
Do NOT email me asking for help rooting your device.

Something important?
Email: jcase@cunninglogic.com

Like Android security topics? Join our G+ community -> https://plus.google.com/communities/...07618051049043
My Bitcoin address : 1Newifz6yETTmbziCsZZstmHHPH6ejNr75
The Following 40 Users Say Thank You to jcase For This Useful Post: [ Click to Expand ]
 
redpipe
Old
#2  
Member
Thanks Meter 14
Posts: 47
Join Date: Aug 2012
Location: Lexington Park
Thanks!
 
Indirect
Old
#3  
Recognized Contributor
Thanks Meter 2940
Posts: 2,317
Join Date: Mar 2011
Location: Florida

 
DONATE TO ME
Figure I should add that this does not allow usage of custom kernels at this time because everything is still signature checked.



My Google Plus account
My Twitter
Shiftless evo shift developer
Nook Tablet developer-found root (here)

Quote:
Without developers this place would not be called XDA-Developers but something else, e.g Mobile Phone User Support Services For Ungrateful Nerds.
Developed on the following devices: Evo View, Nook Tablet, Evo Shift, Nexus S 4G (private), Evo 4G (private), Mytouch 4g Slide, Evo LTE, HTC One (In Progress), Moto X
The Following User Says Thank You to Indirect For This Useful Post: [ Click to Expand ]
 
alee
Old
#4  
Senior Member
Thanks Meter 104
Posts: 252
Join Date: Jan 2007
Location: New York, NY
Is there an unroot process?
 
phositadc
Old
#5  
Senior Member
Thanks Meter 314
Posts: 1,838
Join Date: May 2010
Quote:
Originally Posted by alee View Post
Is there an unroot process?
I'd assume you could boot into the recovery mode and just delete superuser, su, and busybox, but someone more knowledgeable should confirm.

Sent from my Nexus 7
 
Dr. Carpenter
Old
#6  
Member
Thanks Meter 9
Posts: 30
Join Date: Mar 2011
Just an FYI, since I panicked a little, when the little Andy is shown lying on his back and it says "No command", just wait it out
The Following 2 Users Say Thank You to Dr. Carpenter For This Useful Post: [ Click to Expand ]
 
mbh87
Old
#7  
mbh87's Avatar
Senior Member
Thanks Meter 1535
Posts: 6,468
Join Date: Jun 2010
Location: Idaho

 
DONATE TO ME
Quote:
Originally Posted by Dr. Carpenter View Post
Just an FYI, since I panicked a little, when the little Andy is shown lying on his back and it says "No command", just wait it out
It probably didn't work for you then. I was having the same problem earlier and again now.
 
Dr. Carpenter
Old
#8  
Member
Thanks Meter 9
Posts: 30
Join Date: Mar 2011
I still have root. It did the same thing when booting to recovery. Guess I'll reinstall and give it another go.

Sent from my XT1080 using Tapatalk 4
The Following 2 Users Say Thank You to Dr. Carpenter For This Useful Post: [ Click to Expand ]
 
mbh87
Old
#9  
mbh87's Avatar
Senior Member
Thanks Meter 1535
Posts: 6,468
Join Date: Jun 2010
Location: Idaho

 
DONATE TO ME
Quote:
Originally Posted by Dr. Carpenter View Post
I still have root. It did the same thing when booting to recovery. Guess I'll reinstall and give it another go.

Sent from my XT1080 using Tapatalk 4
It shouldn't boot to recovery since it is being replaced.
 
Dr. Carpenter
Old
#10  
Member
Thanks Meter 9
Posts: 30
Join Date: Mar 2011
Sorry, meant when booting to "recovery". It went to the no command screen for a minute then rebooted to Android.

Sent from my XT1080 using Tapatalk 4

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes