FORUMS
Remove All Ads from XDA

Root tool DirtyCow Apk && adb

109 posts
Thanks Meter: 126
 
By kryz, Senior Member on 24th December 2016, 03:21 PM
Post Reply Email Thread
26th December 2016, 12:10 AM |#11  
OP Senior Member
Thanks Meter: 126
 
More
Quote:
Originally Posted by tnomtlaw

I'm trying to root my boost max+ running 5.1.I tried the check perm option but couldn't remount sdcard,it just froze.Upon reboot it hang at starting apps.Had to remove sdcard to get phone to boot properly.

Sent from my N9521 using Tapatalk

When you mount the sdcard is normal that doesn't mount again, the process hijack fsck_msdos, you have to come back to the application, wait and watch the window log.

It depends on mount will get 1-5 seconds to see the information.

If you see that init is OK, you can proceed with the get root.

Perm logs
26th December 2016, 12:28 AM |#12  
OP Senior Member
Thanks Meter: 126
 
More
Quote:
Originally Posted by jucaroba

Thanks for your answer.

I'm trying to use your exploit to be able to read my /data/misc/vold/expand_*.key file. My wife has a Moto G 2014 mobile with official (non rooted) Android 6 Marshmallow. The bootloader is locked. She has deleted accidentally all the pictures in her SD card, that is configured as adopted card (not portable). I have made a cloned copy of the SD in my linux laptop with dd command, but I can not mount the partitions in the SD because I have to know the encryption key.

I can not unlock the bootloader, because the phone will be reseted to factory and the encryption key will be deleted. And I can not read the key file without being root, because of the permissions of the file. I have tried your run-as-dirtycow trojan in the phone, and I can read files I have no permissions for, such as /init.rc. The only missing piece now is that I don't know the exact name of the key file. I only know that it is of the form "expand_*.key". Can your trojan run-as-dirtycow be modified to be able to read the files with this pattern name in a given directory?

Thanks in advance.

The run-as context can't see /data or even /data/misc folders, anyways i will implement the list of directories in the next update.
The Following User Says Thank You to kryz For This Useful Post: [ View ] Gift kryz Ad-Free
26th December 2016, 12:40 AM |#13  
Member
Thanks Meter: 16
 
More
Quote:
Originally Posted by kryz

The run-as context can see /data or even /data/misc folders, anyways i will implement the list of directories in the next update.

Yes, I know it can see those folders, I only need to know the name of the file I am interested in.

If you implement the "list of directories" functionality it will be fantastic. Thanks for it.

I will also be very grateful to see the full source code of the trojan.

Waiting eagerly for both things.

Thanks in advance.
26th December 2016, 12:44 AM |#14  
OP Senior Member
Thanks Meter: 126
 
More
Quote:
Originally Posted by jucaroba

Yes, I know it can see those folders, I only need to know the name of the file I am interested in.

If you implement the "list of directories" functionality it will be fantastic. Thanks for it.

I will also be very grateful to see the full source code of the trojan.

Waiting eagerly for both things.

Thanks in advance.

Sorry wrong type i wanted to say that run-as context can not see those folders.
I mean ive implemented all ready that function "-d" and run-as can not list those folders:

run-as -d /system/etc

Attached run-as-dirtycow.c
Attached Files
File Type: c run-as-dirtycow.c - [Click for QR Code] (5.2 KB, 798 views)
26th December 2016, 12:54 AM |#15  
Member
Thanks Meter: 16
 
More
Quote:
Originally Posted by kryz

Sorry wrong type i wanted to say that run-as context can not see those folders.
I mean ive implemented all ready that function and run-as can not list those folders.

Mmmm, so the only way to be able to read a file in /data/misc/vold/ is to be root?

If that is the case, then I suppose I have to wait til your exploit can be used to root a Marshmallow phone.

Am I correct?

Thanks.
26th December 2016, 01:04 AM |#16  
OP Senior Member
Thanks Meter: 126
 
More
Quote:
Originally Posted by jucaroba

Mmmm, so the only way to be able to read a file in /data/misc/vold/ is to be root?

If that is the case, then I suppose I have to wait til your exploit can be used to root a Marshmallow phone.

Am I correct?

Thanks.

I think so, i don't have that folder in my devices, but i was trying to read on /data folder and no success in one of its sub folders.
Btw what cpu is your device 32 o 64 bits?
Can you post your init file?
26th December 2016, 01:28 AM |#17  
Member
Thanks Meter: 16
 
More
Quote:
Originally Posted by kryz

I think so, i don't have that folder in my devices, but i was trying to read on /data folder and no success in one of its sub folders.
Btw what cpu is your device 32 o 64 bits?
Can you post your init file?

My CPU is 32 bits. It is a Moto G 2014.

I suppose you don't have the /data/misc/vold folder because you are not looking at a Marshmallow system.

What file are you interested in? The /init.rc file?
26th December 2016, 01:43 AM |#18  
OP Senior Member
Thanks Meter: 126
 
More
Quote:
Originally Posted by jucaroba

My CPU is 32 bits. It is a Moto G 2014.

I suppose you don't have the /data/misc/vold folder because you are not looking at a Marshmallow system.

What file are you interested in? The /init.rc file?

I'm interested in /init file and 32 bits is great
26th December 2016, 02:19 AM |#19  
Member
Thanks Meter: 16
 
More
Quote:
Originally Posted by kryz

I'm interested in /init file and 32 bits is great

No /init file in Marshmallow. At least not in that path.

---------- Post added at 02:19 AM ---------- Previous post was at 01:48 AM ----------

Quote:
Originally Posted by kryz

I'm interested in /init file and 32 bits is great

Sorry, the file exist, but I can not read it. I can not copy it with your trojan run-as (run-as-dirtycow) either.
26th December 2016, 11:42 AM |#20  
Senior Member
Thanks Meter: 27
 
More
Hi kryz,

Please find the /init from 32bit 6.0.1
It is from Xperia Z2 with custom rooted rom (Mx ROM v8.6.0)

How can i copy /init from my boot locked, unrooted, stock 6.0.1 64bit X Performance?
Attached Files
File Type: zip init.zip - [Click for QR Code] (384.1 KB, 376 views)
26th December 2016, 02:23 PM |#21  
OP Senior Member
Thanks Meter: 126
 
More
Quote:
Originally Posted by norberto_

Hi kryz,

Please find the /init from 32bit 6.0.1
It is from Xperia Z2 with custom rooted rom (Mx ROM v8.6.0)

How can i copy /init from my boot locked, unrooted, stock 6.0.1 64bit X Performance?

With run-as-dirticow but i didn't compile for the 64bits, in my Xperia is working this method, but someone with Moto G is reporting no access with the exploit.

Wait im going to compile to 64 bits and just executing:

Code:
/data/local/tmp/run-as-dirtycow /system/bin/run-as /data/local/tmp/run-as-dirticow
run-as /init > /data/local/tmp/init.dmp
Can you tell me the size of the file /system/bin/run-as in 64 bits please?
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes