GingerBreak released

[danger-rat]

I've been playing around with the manual method, but haven't managed to succeed yet. The Gingerbreak exploit appears to work, and I get a # prompt, so I'm assuming I have a root shell, also. However, I keep getting permission denied errors when installing busybox and su to /system/bin...

I recall reading that Google went to ext4 instead of yaffs2 for Android 2.3, so I may be mounting /system incorrectly?

Any suggestions would be appreciated...

 

[efrant]

don't know if it helps but if you get permission denied with ./GingerBreak change the "2) Type: adb push GingerBreak /data/local/tmp/Gingerbreak" with "2) Type: adb push GingerBreak /data/local/tmp/GingerBreak"

You're correct. That was a typo. It should be GingerBreak.

 

[efrant]

I've been playing around with the manual method, but haven't managed to succeed yet. The Gingerbreak exploit appears to work, and I get a # prompt, so I'm assuming I have a root shell, also. However, I keep getting permission denied errors when installing busybox and su to /system/bin...

I recall reading that Google went to ext4 instead of yaffs2 for Android 2.3, so I may be mounting /system incorrectly?

Any suggestions would be appreciated...

Did you try the instructions in post 9?

You could also try replacing "mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system" with "mount -o remount,rw /dev/block/mtdblock3 /system".

 

[efrant]

I got "permission denied" after attempting ./Gingerbreak. Any help? Everything up to that point worked smoothly...

It needs to be GingerBreak,not Gingerbreak.

 

[jasonlotp]

How long?

I was letting GingerBreak sit there for a long time (30 minutes) and was getting stuff like:
[*] vold: 0897 idx: -1024 fault addr: 0xfffb21f8
over and over and over again.
Any expectation on how long this will take to run? It certainly isn't 30 seconds for me.

 

[danger-rat]

Did you try the instructions in post 9?

You could also try replacing "mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system" with "mount -o remount,rw /dev/block/mtdblock3 /system".

Looking at that now - must've missed it in my frustration earlier...

 

[seven2099]

guys I messed up

First time I did this it worked and I got the # sign..


but i didnt properly install stuff so now I'm unable to get back there..

Now when I run this it simply gives me the first VOLD message and sits there... no extra display messages.

"[*] vold: 1366 GOT start: 0x000142a8 GOT end : 0x000142e8"

and then instead of getting the list of random messages my phone does nothing..
Also, the first time I ran gingerbreak it unmounted my SD, now it doesnt do that...

Could you guys point me in the right direction? No clue as to why it shouldnt work now..

EDIT:

Inserted External SD and it WORKS BABY!!!!!

 

[sarshadd]

same. avgjoemama had the same problem.

something is wrong but idk what it is.

 

[sarshadd]

I'm getting a similar "vold" error where the exploit runs forever and never succeeds on my nexus one when i tried to use the GingerBreak.APK.

I/DEBUG   ( 1235): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
I/DEBUG   ( 1235): Build fingerprint: 'google/passion/passion:2.3.3/GRI40/102588:user/release-keys'
I/DEBUG   ( 1235): pid: 1264, tid: 1265  >>> /system/bin/vold <<<
I/DEBUG   ( 1235): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr fff528ac
I/DEBUG   ( 1235):  r0 fffcf187  r1 00000001  r2 fffcf187  r3 000000b3
I/DEBUG   ( 1235):  r4 00016268  r5 afd17ea1  r6 000153f0  r7 000000b3
I/DEBUG   ( 1235):  r8 00015330  r9 00000004  10 000000b3  fp afd17ea1
I/DEBUG   ( 1235):  ip fffffff6  sp 100ffc60  lr fff52884  pc 0000e5ba  cpsr 20000030
I/DEBUG   ( 1235):  d0  3035323235343331  d1  726f6674616c706c
I/DEBUG   ( 1235):  d2  6966646c6f672f64  d3  302e636d6d5f682f
I/DEBUG   ( 1235):  d4  636d6d2f322e6363  d5  6d6d2f74736f685f
I/DEBUG   ( 1235):  d6  3a31636d6d2f3163  d7  6f6c622f61616161
I/DEBUG   ( 1235):  d8  0000000000000000  d9  0000000000000000
I/DEBUG   ( 1235):  d10 0000000000000000  d11 0000000000000000
I/DEBUG   ( 1235):  d12 0000000000000000  d13 0000000000000000
I/DEBUG   ( 1235):  d14 0000000000000000  d15 0000000000000000
I/DEBUG   ( 1235):  d16 0000000000000000  d17 0000000000000000
I/DEBUG   ( 1235):  d18 0000000000000000  d19 0000000000000000
I/DEBUG   ( 1235):  d20 0000000000000000  d21 0000000000000000
I/DEBUG   ( 1235):  d22 0000000000000000  d23 0000000000000000
I/DEBUG   ( 1235):  d24 0000000000000000  d25 0000000000000000
I/DEBUG   ( 1235):  d26 0000000000000000  d27 0000000000000000
I/DEBUG   ( 1235):  d28 0000000000000000  d29 0000000000000000
I/DEBUG   ( 1235):  d30 0000000000000000  d31 0000000000000000
I/DEBUG   ( 1235):  scr 00000000
I/DEBUG   ( 1235): 
I/DEBUG   ( 1235):          #00  pc 0000e5ba  /system/bin/vold
I/DEBUG   ( 1235):          #01  pc 0000e7ee  /system/bin/vold
I/DEBUG   ( 1235):          #02  pc 0000aad8  /system/bin/vold
I/DEBUG   ( 1235):          #03  pc 0000d214  /system/bin/vold
I/DEBUG   ( 1235):          #04  pc 000025aa  /system/lib/libsysutils.so
I/DEBUG   ( 1235):          #05  pc 00001bf6  /system/lib/libsysutils.so
I/DEBUG   ( 1235):          #06  pc 00001d86  /system/lib/libsysutils.so
I/DEBUG   ( 1235):          #07  pc 000118e4  /system/lib/libc.so
I/DEBUG   ( 1235):          #08  pc 000114b0  /system/lib/libc.so
I/DEBUG   ( 1235): 
I/DEBUG   ( 1235): code around pc:
I/DEBUG   ( 1235): 0000e598 63e0bfc8 d009429f 20034a14 21064b14 
I/DEBUG   ( 1235): 0000e5a8 9600447a f7fa447b e013efb2 0e80eb04 
I/DEBUG   ( 1235): 0000e5b8 f8ce2101 fa115028 f894f200 ea2cc040 
I/DEBUG   ( 1235): 0000e5c8 f8840002 b9280040 2b066863 4620d002 
I/DEBUG   ( 1235): 0000e5d8 f982f7ff 81fce8bd 00003dc6 00003dc0 
I/DEBUG   ( 1235): 
I/DEBUG   ( 1235): code around lr:
I/DEBUG   ( 1235): fff52864 ffffffff ffffffff ffffffff ffffffff 
I/DEBUG   ( 1235): fff52874 ffffffff ffffffff ffffffff ffffffff 
I/DEBUG   ( 1235): fff52884 ffffffff ffffffff ffffffff ffffffff 
I/DEBUG   ( 1235): fff52894 ffffffff ffffffff ffffffff ffffffff 
I/DEBUG   ( 1235): fff528a4 ffffffff ffffffff ffffffff ffffffff 
I/DEBUG   ( 1235): 
I/DEBUG   ( 1235): stack:
I/DEBUG   ( 1235):     100ffc20  00000000  
I/DEBUG   ( 1235):     100ffc24  ffffff8c  
I/DEBUG   ( 1235):     100ffc28  00000000  
I/DEBUG   ( 1235):     100ffc2c  00000000  
I/DEBUG   ( 1235):     100ffc30  00000000  
I/DEBUG   ( 1235):     100ffc34  00016268  
I/DEBUG   ( 1235):     100ffc38  afd17ea1  /system/lib/libc.so
I/DEBUG   ( 1235):     100ffc3c  000153f0  
I/DEBUG   ( 1235):     100ffc40  000000b3  
I/DEBUG   ( 1235):     100ffc44  00015330  
I/DEBUG   ( 1235):     100ffc48  00000004  
I/DEBUG   ( 1235):     100ffc4c  000000b3  
I/DEBUG   ( 1235):     100ffc50  afd17ea1  /system/lib/libc.so
I/DEBUG   ( 1235):     100ffc54  afd1cc73  /system/lib/libc.so
I/DEBUG   ( 1235):     100ffc58  df002777  
I/DEBUG   ( 1235):     100ffc5c  e3a070ad  
I/DEBUG   ( 1235): #00 100ffc60  00016268  
I/DEBUG   ( 1235):     100ffc64  000153f0  
I/DEBUG   ( 1235):     100ffc68  00015330  
I/DEBUG   ( 1235):     100ffc6c  00014344  
I/DEBUG   ( 1235):     100ffc70  00016268  
I/DEBUG   ( 1235):     100ffc74  000153f0  
I/DEBUG   ( 1235):     100ffc78  00000000  
I/DEBUG   ( 1235):     100ffc7c  0000e7f3  /system/bin/vold
I/DEBUG   ( 1235): #01 100ffc80  afd17ea1  /system/lib/libc.so
I/DEBUG   ( 1235):     100ffc84  00000000  
I/DEBUG   ( 1235):     100ffc88  00000000  
I/DEBUG   ( 1235):     100ffc8c  7665642f  
I/DEBUG   ( 1235):     100ffc90  6f6c622f  
I/DEBUG   ( 1235):     100ffc94  762f6b63  
I/DEBUG   ( 1235):     100ffc98  2f646c6f  
I/DEBUG   ( 1235):     100ffc9c  3a393731  
I/DEBUG   ( 1235):     100ffca0  3433312d  
I/DEBUG   ( 1235):     100ffca4  35323235  
I/DEBUG   ( 1235):     100ffca8  00353530  
I/DEBUG   ( 1235):     100ffcac  00000000  
I/DEBUG   ( 1235):     100ffcb0  00000000  
I/DEBUG   ( 1235):     100ffcb4  00000000  
I/DEBUG   ( 1235):     100ffcb8  00000000  
I/DEBUG   ( 1235):     100ffcbc  00000000  
I/DEBUG   ( 1235):     100ffcc0  00000000  
I/DEBUG   ( 1235):     100ffcc4  00000000  
I/DEBUG   ( 1235):     100ffcc8  00000000  
I/DEBUG   ( 1235):     100ffccc  00000000  
I/DEBUG   ( 1235):     100ffcd0  00000000  
I/DEBUG   ( 1235):     100ffcd4  00000000  
I/DEBUG   ( 1235):     100ffcd8  00000000  
I/DEBUG   ( 1235):     100ffcdc  00000000  
I/DEBUG   ( 1235):     100ffce0  00000000  
I/DEBUG   ( 1235):     100ffce4  00000000  
I/DEBUG   ( 1235):     100ffce8  00000000  
I/DEBUG   ( 1235):     100ffcec  00000000  
I/DEBUG   ( 1235):     100ffcf0  00000000  
I/DEBUG   ( 1235):     100ffcf4  00000000  
I/DEBUG   ( 1235):     100ffcf8  00000000  
I/DEBUG   ( 1235):     100ffcfc  00000000  
I/DEBUG   ( 1235):     100ffd00  00000000  
I/DEBUG   ( 1235):     100ffd04  00000000  
I/DEBUG   ( 1235):     100ffd08  00000000  
I/DEBUG   ( 1235):     100ffd0c  00000000  
I/DEBUG   ( 1235):     100ffd10  00000000  
I/DEBUG   ( 1235):     100ffd14  00000000  
I/DEBUG   ( 1235):     100ffd18  00000000  
I/DEBUG   ( 1235):     100ffd1c  00000000  
I/DEBUG   ( 1235):     100ffd20  00000000  
I/DEBUG   ( 1235):     100ffd24  00000000  
I/DEBUG   ( 1235):     100ffd28  00000000  
I/DEBUG   ( 1235):     100ffd2c  00000000  
I/DEBUG   ( 1235):     100ffd30  00000000  
I/DEBUG   ( 1235):     100ffd34  00000000  
I/DEBUG   ( 1235):     100ffd38  00000000  
I/DEBUG   ( 1235):     100ffd3c  00000000  
I/DEBUG   ( 1235):     100ffd40  00000000  
I/DEBUG   ( 1235):     100ffd44  00000000  
I/DEBUG   ( 1235):     100ffd48  00000000  
I/DEBUG   ( 1235):     100ffd4c  00000000  
I/DEBUG   ( 1235):     100ffd50  00000000  
I/DEBUG   ( 1235):     100ffd54  0000000a  
I/DEBUG   ( 1235):     100ffd58  0000001b  
I/DEBUG   ( 1235):     100ffd5c  00015458  
I/DEBUG   ( 1235):     100ffd60  400090a1  
I/DEBUG   ( 1235):     100ffd64  00000000  
I/DEBUG   ( 1235):     100ffd68  aef02fdd  /system/lib/libsysutils.so
I/DEBUG   ( 1235):     100ffd6c  00000004  
I/DEBUG   ( 1235):     100ffd70  aef02fe5  /system/lib/libsysutils.so
I/DEBUG   ( 1235):     100ffd74  afd13ec7  /system/lib/libc.so
I/DEBUG   ( 1235):     100ffd78  400090a1  
I/DEBUG   ( 1235):     100ffd7c  0000000e  
I/DEBUG   ( 1235):     100ffd80  400090a1  
I/DEBUG   ( 1235):     100ffd84  aef02ff7  /system/lib/libsysutils.so
I/DEBUG   ( 1235):     100ffd88  aef02fdd  /system/lib/libsysutils.so
I/DEBUG   ( 1235):     100ffd8c  11ed6402  
I/DEBUG   ( 1235):     100ffd90  00010c9c  /system/bin/vold
I/DEBUG   ( 1235):     100ffd94  00016368  
I/DEBUG   ( 1235):     100ffd98  00015008  
I/DEBUG   ( 1235):     100ffd9c  00015330  
I/DEBUG   ( 1235):     100ffda0  00000080  
I/DEBUG   ( 1235):     100ffda4  aef02d98  /system/lib/libsysutils.so
I/DEBUG   ( 1235):     100ffda8  aef02dd7  /system/lib/libsysutils.so
I/DEBUG   ( 1235):     100ffdac  aef041cc  
I/DEBUG   ( 1235):     100ffdb0  aef02d98  /system/lib/libsysutils.so
I/DEBUG   ( 1235):     100ffdb4  0000aadb  /system/bin/vold

Any suggestions? Thanks!

Update: tried it manually, first got "sendmsg() failed?", unmounted sd card, then got vold forever.

 

[avgjoemomma]

I guess we'll need to wait for a modified version that works with the GRI40 on the Nexus One

 

[baste07]

and for the Desire S aswell

 

[sarshadd]

I can't get my root to stick.

I have SuperUser.APK 2.3.6.1 installed ( my su is apparently out of date the .zip it placed on my SDcard is bad so i can't flash it). Is the out of date su the reason why superuser isn't granting, or asking to grant, things root?

or could su itself not have the right permissions set?

nvm it was the stupid out of date su, i flashed it manually.

 

[Settler]

I also got "permission denied" after attempting ./GingerBreak and also try GingerBreak", not working

 

[baste07]

i hope it can be all done by installing using the apk install way

 

[lolobabes]

I had my N1 rooted when it was still on eclair but my honey wants her N1 rooted as well coz she envies some of my CM7's features but I am not yet ready for this, so techy for me so ill wait for a little while. The gingerbreak.apk version isn't that reliable yet though so am holding unto it. Keep up the good work sirs... ill be waiting patiently, ahihihi


by the way how do you remove this if youre not rooted?

"So if you want to run it again you need to remove these two files first:"
/data/loca/tmp/boomsh
/data/local/tmp/sh


thank you

 

[toflames]

Hello,

For those of you that are stuck with the

sendmsg() failed?

or with the

[*] vold: 1294 idx: -105472 fault addr: 0xfffaf290

stuff going forever, try this :

1) Reboot your phone if you already ran the exploit since it has booted
2) Mount your SD card and copy everything to your hard disk
3) Format/Remove everything on your SD card
4) Reboot
5) Run the manual root method provided in this thread
6) Reboot your phone, copy back on the SD card all your data

That's it!

 

[yxcv99]

I got "permission denied" after attempting ./Gingerbreak. Any help? Everything up to that point worked smoothly...

I got the same error, here's a cap:

 

[yxcv99]

@Azaraith
I got the problm fixed. You should download the GingerBreak.tgz file again. Since yesterday some errors got fixed.

Now I got stuck on the sendmsg() Problem.

/edit:
BAAAMM!!
I did:

1) Reboot your phone if you already ran the exploit since it has booted
2) Mount your SD card and copy everything to your hard disk
3) Format/Remove everything on your SD card
4) Reboot

And now I got '[!] dance forever my only one'

 

[daron19]

did a hard reset after trying with the other method(gingerbreak.apk) on my galaxy ace now i downloaded the new gingerbreak.tgz still hangs at

[*] vold: 0087 GOT start: 0x000153b4 GOT end: 0x000153f4

any ideas?

 

[baste07]

any one tried this for Desire S?