Hello!
Device: i535PP
Kernel version: 3.4
Build date: July 22(futex(towelroot) patched)
So, I am trying to get the symbol table or whatever the heck it is.
I do not have root access, that is what I need the symbol table for >
read about that here
So I can't do this the easy way of just open /proc/kallsyms
I have the zImage from boot.img.
I have kept reading on google ect that the most common type of compression used by Android kernels is gzip.
I have looked for the gzip magic numbers in a hex editor and also using hexdump/grep and dd.
I tried using binwalk zImage | head and it didn't see any gzip headers in the file, it found lzo and "pcrypt" or something like that but. I found the magic numbers for gzip... I did some googling and. I belive the whole "pcrypt" is because I had my device encrypted, and I had the OTA flash able rom on my and did all the extracting and Shia on my phone. I have since then decrypted the device and reextract everything.
I believe I am supposed to be after piggy.gz...
When I get the offset and use dd to skip to the beginning of the gzip header and save, I do gunzip piggy.gz and it says that it's corrupted. When I use a hex editor it's also corrupted...
Anyone who has done this before, mind helping me out?
I'll upload the zImage if needed.
Just don't go get the addresses yourself and post them here, I want to get some of the experience out of this
I will be more than happy to add to the list of thankyous/credits when it's all done and I test then make a release. I would also be able to port the exploit to other devices too.
Device: i535PP
Kernel version: 3.4
Build date: July 22(futex(towelroot) patched)
So, I am trying to get the symbol table or whatever the heck it is.
I do not have root access, that is what I need the symbol table for >
read about that hereSo I can't do this the easy way of just open /proc/kallsyms
I have the zImage from boot.img.
I have kept reading on google ect that the most common type of compression used by Android kernels is gzip.
I have looked for the gzip magic numbers in a hex editor and also using hexdump/grep and dd.
I tried using binwalk zImage | head and it didn't see any gzip headers in the file, it found lzo and "pcrypt" or something like that but. I found the magic numbers for gzip... I did some googling and. I belive the whole "pcrypt" is because I had my device encrypted, and I had the OTA flash able rom on my and did all the extracting and Shia on my phone. I have since then decrypted the device and reextract everything.
I believe I am supposed to be after piggy.gz...
When I get the offset and use dd to skip to the beginning of the gzip header and save, I do gunzip piggy.gz and it says that it's corrupted. When I use a hex editor it's also corrupted...
Anyone who has done this before, mind helping me out?
I'll upload the zImage if needed.
Just don't go get the addresses yourself and post them here, I want to get some of the experience out of this
I will be more than happy to add to the list of thankyous/credits when it's all done and I test then make a release. I would also be able to port the exploit to other devices too.
Last edited:
