Source: http://www.androidpolice.com/2012/0...root-the-lg-intuition-and-lg-spectrum-on-ics/
If you find this useful please follow me (jcase) on twitter ( https://twitter.com/teamandirc/ ).
Here you go, root for both the new LG Intuition and the LG Spectrum running ICS. The vulnerability is a simple permission bug allowing us to setup a symlink to local.prop (yes yet again). While the bug is the same, the procedure is slightly different, so I will have the instructions separate.
With the LG Intuition, they did seem to attempt to mitigate this attack. Not by setting correct permissions, but by dropping adbD to the shell user if it runs as root, even if ro.kernel.qemu=1 is set. They failed, they give us enough time to run one command before dropping the root privileges, in our case a script to root the phone.
LG Spectrum ICS Root (for the leaked ICS rom):
Expect this to be patched in the release rom. Leaked ICS rom has locked bootlaoders, ie no recovery at this point.
Files needed:
su ( http://dl.dropbox.com/u/8699733/lgroot/su )
adb shell
$ rm /data/vpnch/vpnc_starter_lock
$ ln -s /data/local.prop /data/vpnch/vpnc_starter_lock
$ exit
adb reboot
adb wait-for-device shell
$ echo 'ro.kernel.qemu=1' > /data/local.prop
$ exit
adb reboot
adb wait-for-device remount
adb push su /system/xbin/su
adb shell
# chown 0.0 /system/xbin/su
# chmod 06755 /system/xbin/su
# rm /data/local.prop
# rm /data/vpnch/vpnc_starter_lock
# reboot
Once rebooted, install Superuser from the market and enjoy.
LG Intuition Root
Files needed:
su ( http://dl.dropbox.com/u/8699733/lgroot/su )
lgroot.sh ( http://dl.dropbox.com/u/8699733/lgroot/lgroot.sh )
adb push su /data/local/tmp/su
adb push lgroot.sh /data/local/tmp/lgroot.sh
adb shell
$ chmod 777 /data/local/tmp/lgroot.sh
$ rm /data/vpnch/vpnc_starter_lock
$ ln -s /data/local.prop /data/vpnch/vpnc_starter_lock
$ exit
adb reboot
You may have to unplug/replug your phone to get some computers to pick it up again after this reboot.
adb wait-for-device shell
$ echo 'ro.kernel.qemu=1' > /data/local.prop
$ exit
Here is the important part, you will have to execute the next to commands one after the other. We want the second command to be fired off as soon as adbD comes up, before it drops root privileges. This may take some a few minutes, and after the second command is complete you may have to unplug/replug you phone to get your computer to see it again.
adb reboot
adb wait-for-device /data/local/tmp/lgroot.sh
(Here is where you may have to unplug/replug, but only after the second command has ran).
adb wait-for-device shell
$ su
# rm /data/local.prop
# rm /data/vpnch/vpnc_starter_lock
# reboot
Once rebooted, install Superuser from the market and enjoy.
If you find this useful please follow me (jcase) on twitter ( https://twitter.com/teamandirc/ ).
Here you go, root for both the new LG Intuition and the LG Spectrum running ICS. The vulnerability is a simple permission bug allowing us to setup a symlink to local.prop (yes yet again). While the bug is the same, the procedure is slightly different, so I will have the instructions separate.
With the LG Intuition, they did seem to attempt to mitigate this attack. Not by setting correct permissions, but by dropping adbD to the shell user if it runs as root, even if ro.kernel.qemu=1 is set. They failed, they give us enough time to run one command before dropping the root privileges, in our case a script to root the phone.
LG Spectrum ICS Root (for the leaked ICS rom):
Expect this to be patched in the release rom. Leaked ICS rom has locked bootlaoders, ie no recovery at this point.
Files needed:
su ( http://dl.dropbox.com/u/8699733/lgroot/su )
adb shell
$ rm /data/vpnch/vpnc_starter_lock
$ ln -s /data/local.prop /data/vpnch/vpnc_starter_lock
$ exit
adb reboot
adb wait-for-device shell
$ echo 'ro.kernel.qemu=1' > /data/local.prop
$ exit
adb reboot
adb wait-for-device remount
adb push su /system/xbin/su
adb shell
# chown 0.0 /system/xbin/su
# chmod 06755 /system/xbin/su
# rm /data/local.prop
# rm /data/vpnch/vpnc_starter_lock
# reboot
Once rebooted, install Superuser from the market and enjoy.
LG Intuition Root
Files needed:
su ( http://dl.dropbox.com/u/8699733/lgroot/su )
lgroot.sh ( http://dl.dropbox.com/u/8699733/lgroot/lgroot.sh )
adb push su /data/local/tmp/su
adb push lgroot.sh /data/local/tmp/lgroot.sh
adb shell
$ chmod 777 /data/local/tmp/lgroot.sh
$ rm /data/vpnch/vpnc_starter_lock
$ ln -s /data/local.prop /data/vpnch/vpnc_starter_lock
$ exit
adb reboot
You may have to unplug/replug your phone to get some computers to pick it up again after this reboot.
adb wait-for-device shell
$ echo 'ro.kernel.qemu=1' > /data/local.prop
$ exit
Here is the important part, you will have to execute the next to commands one after the other. We want the second command to be fired off as soon as adbD comes up, before it drops root privileges. This may take some a few minutes, and after the second command is complete you may have to unplug/replug you phone to get your computer to see it again.
adb reboot
adb wait-for-device /data/local/tmp/lgroot.sh
(Here is where you may have to unplug/replug, but only after the second command has ran).
adb wait-for-device shell
$ su
# rm /data/local.prop
# rm /data/vpnch/vpnc_starter_lock
# reboot
Once rebooted, install Superuser from the market and enjoy.
Last edited: