Possible root method.
- Thread starter BigiD16
- Start date
If its possible to do on other phones that run the un-patched kernel I suppose it can be done on the Spring G5. If so that would be the luckiest break ever lol.
Not sure if its really going to be a root method and let super user work because the owner of the repo said "I put 'root' in quotes, because technically, it isn't rooting. However, it creates a binary called 'run-as' that can execute packages as root.".
He also he mentioned it has'sent been tested on 64-bit
Not sure if its really going to be a root method and let super user work because the owner of the repo said "I put 'root' in quotes, because technically, it isn't rooting. However, it creates a binary called 'run-as' that can execute packages as root.".
He also he mentioned it has'sent been tested on 64-bit
Last edited:
I'm working on trying to understand how exactly the bug works, and to see if it can be replicated. In theory, it should work because even 64-bit desktop kernels are affected. Additionally, the bug still exists in the kernel upstream, so all Android devices should be affected.
Update on this. The exploit does work on the LG Stylo 2, which is running very similar software to the LG G5, but I am having issues installing su, but I do have root...temp root at least.
this will not root your phone to let you run titanium backup or Xposed APIs. If you lucky you can maybe make changes to build.prop and only if the system partition is not signed like the kernel is. So I would not bet on this.
with temp root can you mount system as rw and make changes? if not it's completly pointless
can you provide binary, so we do not have to compile. I would try it as well
with temp root can you mount system as rw and make changes? if not it's completly pointless
can you provide binary, so we do not have to compile. I would try it as well
Last edited:
I have the exploit running on my Stylo 2, but I can't do anything. SELinux is set to enforcing, but I do have a root shell.
Code:
λ adb -d shell
[email protected]:/ $ run-as exec whoami
Warning: setcon transition to 'u:r:init:s0' failed (is SELinux Enforcing?)
root
[email protected]:/ $ run-as exec dd if=/dev/block/bootdevice/by-name/boot of=/sdcard/boot.img
Warning: setcon transition to 'u:r:init:s0' failed (is SELinux Enforcing?)
dd: /dev/block/bootdevice/by-name/boot: Permission denied
1|[email protected]:/ $
Last edited:
We can use the Dirtycow exploit to replace any file in the system memory with a file of the same size, but All files will revert once rebooted thanks to SELinux as mentioned, it enforces whatever file you replaced with same security. Escalated privileges doesn't seem possible while SELinux is enforcing. There is a thread dedicated for more discussion from others with more knowledge below:
http://forum.xda-developers.com/general/security/dirty-cow-t3484879
Believe me many people are working for this to be our Savior.
http://forum.xda-developers.com/general/security/dirty-cow-t3484879
Believe me many people are working for this to be our Savior.
Couldn't we use this method, modify the update file to be rooted, then let the 7.0 install itself?