Exploit on Jelly Bean - Root with locked Bootloader

Xulthir

Member
Oct 11, 2012
13
1
0
Brisbane
Re: Exploit on Jelly Bean - Root without locked Bootloader

Yeah tried it on my Telstra Australia ROM got the read only file system error some of the other people are getting.

Could be something I'm doing wrong. Haven't had another go yet.

Sent from my Nexus 7 using XDA Premium HD app
 

onmomo

Member
Jul 12, 2011
16
4
0
Well, i tried it several times, no luck. Got also the read only filesystem error. I am in contact with the dev, will report the findings here.

Sent from my XT925 using xda app-developers app
 
  • Like
Reactions: Xulthir

IDroidThere4Iam

Senior Member
Sep 25, 2010
94
12
0
I tried...

Well, I tried this on my VZW Razr Maxx HD. There was one issue for me, this phone's File Manager app does not allow you to mount a remote location like a Samba share. Instead it only has backup assistant as an option with all the local storage. Unless I just missed that option.

With that said, I did try some third party File Managers (Astro and ESstrongs). You need to do it with the Motorola File Manager though. It looks like the Motorola File Manager will mount the share as /storage/rfs0/ or something similar. The other file managers do not do this. When it comes to the "sudo /tmp/share/adb shell /storage/rfs0/pwn" part of the instructions no rfs0 exists on my phone to work that way. I couldn't find it under a different folder name either.

Lenny
 

bgumble

Senior Member
Dec 27, 2008
556
97
58
oneplus.net
...When it comes to the "sudo /tmp/share/adb shell /storage/rfs0/pwn" part of the instructions no rfs0 exists on my phone to work that way. I couldn't find it under a different folder name either.

Lenny
but when it comes to this point of the instructions you already worked with the samba folder. you downloaded motoshare.gz, extracted it, gave permissions etc.. so this folder must have exist.

maybe it's
Code:
sudo /tmp/share/adb kill-server
what's happening if you skip this part of the instructions?
 

ynk3

Member
Aug 21, 2012
12
1
0
Well, i tried it several times, no luck. Got also the read only filesystem error. I am in contact with the dev, will report the findings here.

Sent from my XT925 using xda app-developers app
Hey, Yeah I tried it too kept getting the same error. And I've been going at it for days. Just have to hope and wait for an exploit that'll work properly for us. Also yes please do keep us updated. Very very much appreciated.

Also To Lenny Someone else has had that problem too I'm not sure if it was you who posted. But someone did send a link for the file manager apk so you can find that and try again i guess.
 

IDroidThere4Iam

Senior Member
Sep 25, 2010
94
12
0
but when it comes to this point of the instructions you already worked with the samba folder. you downloaded motoshare.gz, extracted it, gave permissions etc.. so this folder must have exist.

maybe it's
Code:
sudo /tmp/share/adb kill-server
what's happening if you skip this part of the instructions?
Hey bgumble,

You're right, I did download to the samba share, but that was all on the host PC running Ubuntu, not on my phone. This folder existed on my host as /tmp/share. I successfully downloaded motoshare.gz there and extracted the files, changed permissions, etc.

I'm not sure what would happen if I skipped those parts of the instructions, I don't recall an error when I ran it. I believe the way this exploit works is when File Manager mounts the samba share on your phone it does so as /storage/rfs0/. That's why you can then run /storage/rfs0/pwn as if it were being executed locally on your phone. My error at this point was that /storage/rfs0/pwn could not be found.

Since the VZW version of the File Manager doesn't allow you to mount network shares and third party apps don't mount shares as /storage/rfs0 (I don't know where they mount them), I couldn't get this to work.

There is a chance I'm not understanding how this works, but I'm pretty sure this is it.

Thanks,
Lenny

---------- Post added at 08:34 PM ---------- Previous post was at 08:32 PM ----------

Hey, Yeah I tried it too kept getting the same error. And I've been going at it for days. Just have to hope and wait for an exploit that'll work properly for us. Also yes please do keep us updated. Very very much appreciated.

Also To Lenny Someone else has had that problem too I'm not sure if it was you who posted. But someone did send a link for the file manager apk so you can find that and try again i guess.
Yeah, good heads up on the File Manager. I did download it and try to install it, but I get an error saying it could not be installed, I think because it tries to install as a system app.

On a side note, after unsuccessfully trying to install it, my real File Manager disappeared. I'm not heart broken, but its kinda weird.

Thanks,
Lenny
 

onmomo

Member
Jul 12, 2011
16
4
0
Didn't get an answer from the dev yet.

The ones without the stock filemanager app could try with a different file manager. Once the samba "share" folder is mounted on the device, you could type "adb shell mount" on the host machine or just "mount" on the device in an terminal emulator. This will give you a list with all mounted file systems, The "mount list" should output the mount path of the "share" folder on the host machine.
Now replace the path "/storage/rfs0/" with the path you could find in the "mount list". For example "sudo /tmp/share/adb shell [your-mount-path]/pwn".

Please note that this exploit will never work with a third party filemanager if the hack is based on a stock filemanager vulnerability...
 

lesdense

Senior Member
Mar 27, 2011
300
78
58
Is there a generally accepted way to do that downgrade (JB to ICS on a Verizon XT926)? Something that's relatively simple for the noob-ish? I have a Razr Maxx running ICS and a Razr Maxx HD running JB (both rooted) and I'd like to try running ICS on the Maxx HD for a bit.
 

tech_head

Senior Member
Nov 22, 2007
3,725
1,225
243
California
Is there a generally accepted way to do that downgrade (JB to ICS on a Verizon XT926)? Something that's relatively simple for the noob-ish? I have a Razr Maxx running ICS and a Razr Maxx HD running JB (both rooted) and I'd like to try running ICS on the Maxx HD for a bit.
Razr HD Utility. Is the method. You'll need to google it.
 

bwanamarko

Member
Aug 28, 2011
11
1
0
breakingbytes.blogspot.com
can't use atrix root exploit on vzw droid razr hd, can't unlock bootloader either

Same read only issue here, decided to give up waiting and unlocked bootloader :)
+1 *2

I get to the same step, `adb /storage/rfs0`
but if I run `adb mount` there is no rfs0
I can't add remote storage to my droid razr
I have the atrix filemanager.apk, but I can't install it
I can't unlock my bootloader (and that's not what I want anyway, not ready yet for cm10, still happy with moto) bc not vzw dev model

sigh

I can wait

---------- Post added at 01:50 AM ---------- Previous post was at 01:22 AM ----------

Trying to install atrix file manager.apk also removed my files app (or at least I can't see it anymore) for me too.

Sent from my DROID RAZR HD using xda app-developers app

---------- Post added at 01:57 AM ---------- Previous post was at 01:50 AM ----------

Same situation for me

Sent from my DROID RAZR HD using xda app-developers app
 

bwanamarko

Member
Aug 28, 2011
11
1
0
breakingbytes.blogspot.com
I talked with dev (@djrbliss) and the exploit absolutely does depend on the Motorola stock FileManager app that can mount network shares as rfs0. So droid RAZR HD/MAXX HD users are out of luck.

There is no writable executable place to manually mount a network share ala `mount -t smbfs -o blah blah` so you can't manually use this exploit either on RAZR HD.

Finally, the FileManager application is a system app so you **can't** install this app. In fact trying to will make your original droid RAZR HD File app disappear along with access to vzw cloud storage.

I really appreciate Dan's work on this - it's nothing short of amazing - but the sad truth for RAZR HD users is that there is no way to use this exploit. It's a catch22 - you need root to use it.


Sent from my DROID RAZR HD using xda app-developers app
 

grant2

Senior Member
Oct 14, 2012
122
79
0
Sounds like the dev doesn't realize there is a difference between xt926 and xt925

Those of us with xt925 are not on verizon, and DO have the stock filemanager app on our phone.

Now if the RazrHD filemanager app is somehow different than the Atrix's, that's a different story.
 

bwanamarko

Member
Aug 28, 2011
11
1
0
breakingbytes.blogspot.com
And that's the rub - @djrbliss says the exploit absolutely does depend on the stock FileManager app.

Also - 3rd party apps do not (can not) mount remote storage using libc.mount() because that requires root which no app has. Again catch-22 - can't use matrix HD exploit on RAZR HD. Sorry.

Sent from my DROID RAZR HD using xda app-developers app

---------- Post added at 08:05 PM ---------- Previous post was at 07:58 PM ----------

Telstra can root using Motorola's boot loader unlock code here:
https://motorola-global-portal.custhelp.com/app/answers/detail/a_id/87215
Then download Koush's clockworkmod recovery and fast boot. Then in recovery install clockworkmod su. See this xda post:
http://forum.xda-developers.com/showthread.php?p=39167385#post39167385

Sent from my DROID RAZR HD using xda app-developers app
 

grant2

Senior Member
Oct 14, 2012
122
79
0
And that's the rub - @djrbliss says the exploit absolutely does depend on the stock FileManager app.
Sorry I don't see what the "rub" is?

RAZR HD (xt925) has stock FileManager app.

Is someone saying that the RAZR HD FileManager app is different than the one on Atrix? If so, why would the dev say this should work on RAZR HD? There's some confusion here...