[Root 4.4.X] Pie for Motorola devices

Search This thread

jcase

Retired Forum Moderator / Senior Recognized Develo
Feb 20, 2010
6,331
15,768
Sequim WA
Changelog
1.1 - doh
fixes a bug where exploit only works once.


Pie is a root for motorola devices, should work up to and including 4.4.2.

I had hoped to save this until August however the bug was outed with 4.4.3, and detailed publicly by several people. It now has no value for my purposes. Sucks for me, great for you.

Vulnerability details:
http://blog.cassidiancybersecurity.com/post/2014/06/Android-4.4.3,-or-fixing-an-old-local-root

This is a tethered root (think tethered jailbreak), meaning you have to run it each time you reboot in order to have root access. You do not get system write access, you do get root and busybox.

Usage:
Code:
adb push pie.jar /data/local/atvc

adb push root.sh /data/local/atvc

adb shell chmod 755 /data/local/atvc/root.sh

adb shell /data/local/atvc/root.sh

Expected output:
Code:
Retina:package jcase$ adb push pie.jar /data/local/atvc
5288 KB/s (1538203 bytes in 0.284s)
Retina:package jcase$ adb push root.sh /data/local/atvc
81 KB/s (137 bytes in 0.001s)
Retina:package jcase$ adb shell chmod 755 /data/local/atvc/root.sh
Retina:package jcase$ adb shell /data/local/atvc/root.sh
pie by jcase
want to buy me pie? paypal-> [email protected]
Retina:package jcase$ adb shell
[email protected]:/ $ su
[email protected]:/ # id
uid=0(root) gid=0(root) context=u:r:kernel:s0

Busybox license -> http://www.busybox.net/license.html
BusyBox v1.20.2-Stericson (2012-07-04 21:33:31 CDT) multi-call binary.
If busybox source is needed please ask me, while it is petty since you can get it from the obvious places, I will gladly package it on floppy disks and mail it media mail at your cost.

FAQ:
Where is source?
On my computer

Will it work on LG G3, Samsung <model>, Nexus 5?
No

Will you root X?
No, don't ask me.

You suck!
Not really a question, but I get this a lot. This is the 5th exploit I have released for MotoX, bite me.

This doesn't work, will you help me?
No, ask the community for support

Will you make this work on X?
No, this exploit, as it is, will only work on motorola phones, and only some.

Will you do this for me?
No

This doesn't work!
Then you are probably running firmware that has been patched, you should have bought a dev edition.

Will you X?
No

What is your favorite pie?
I like apple pie with vanilla ice cream, and Boston cream pie.
 

Attachments

  • package1.1.zip
    1.4 MB · Views: 46,846
Last edited:

marcviado

Senior Member
Aug 7, 2010
621
93
Las Vegas
Awesome! @jcase is the man :) but being a tethered root does this mean we can't flash a custom recovery and or ROM? Since the root access will not stick and as it says on op you have to run it every time you boot the phone? Nonetheless great work man
 
  • Like
Reactions: jdiff

cestdiego

Member
May 16, 2013
22
1
Just what I was hoping for!!! :) will we be able to use xmodule? Or does it require write permission as well? :( I want root for that specific reason

Sent from my XT1058 using Tapatalk
 

abuttino

Senior Member
Sep 12, 2006
2,222
411
Getting this:

Code:
adb shell /data/local/atvc/root.sh
mkdir failed for /data/local/atvc/dalvik-cache, File exists
pie by jcase
want to buy me pie? paypal-> [email protected]cunninglogic.com

su fails because it can't find it.
 

abuttino

Senior Member
Sep 12, 2006
2,222
411
What device, and firmware build?

urysaqy4.jpg


Moto X
 

megapinky

Senior Member
Dec 11, 2007
282
38
Morelos
What device, and firmware build?

Hi Jcase, for me works the first time, after reboot and try to re root, show the same issue

Code:
C:\Program Files (x86)\stillthisguy\Moto X Toolkit>adb shell chmod 755 /data/loc
al/atvc/root.sh

C:\Program Files (x86)\stillthisguy\Moto X Toolkit>adb shell /data/local/atvc/ro
ot.sh
mkdir failed for /data/local/atvc/dalvik-cache, File exists
pie by jcase
want to buy me pie? paypal-> [email protected]

C:\Program Files (x86)\stillthisguy\Moto X Toolkit>adb shell
[email protected]:/ $ su
su
/system/bin/sh: su: not found
127|[email protected]:/ $

thanks
 

jcase

Retired Forum Moderator / Senior Recognized Develo
Feb 20, 2010
6,331
15,768
Sequim WA
Yeah i see the issue, i didnt clean up my mess, fixing

Hi Jcase, for me works the first time, after reboot and try to re root, show the same issue

Code:
C:\Program Files (x86)\stillthisguy\Moto X Toolkit>adb shell chmod 755 /data/loc
al/atvc/root.sh

C:\Program Files (x86)\stillthisguy\Moto X Toolkit>adb shell /data/local/atvc/ro
ot.sh
mkdir failed for /data/local/atvc/dalvik-cache, File exists
pie by jcase
want to buy me pie? paypal-> [email protected]

C:\Program Files (x86)\stillthisguy\Moto X Toolkit>adb shell
[email protected]:/ $ su
su
/system/bin/sh: su: not found
127|[email protected]:/ $

thanks
 

jcase

Retired Forum Moderator / Senior Recognized Develo
Feb 20, 2010
6,331
15,768
Sequim WA
Fixed, download package1.1.zip and try that

Hi Jcase, for me works the first time, after reboot and try to re root, show the same issue

Code:
C:\Program Files (x86)\stillthisguy\Moto X Toolkit>adb shell chmod 755 /data/loc
al/atvc/root.sh

C:\Program Files (x86)\stillthisguy\Moto X Toolkit>adb shell /data/local/atvc/ro
ot.sh
mkdir failed for /data/local/atvc/dalvik-cache, File exists
pie by jcase
want to buy me pie? paypal-> [email protected]

C:\Program Files (x86)\stillthisguy\Moto X Toolkit>adb shell
[email protected]:/ $ su
su
/system/bin/sh: su: not found
127|[email protected]:/ $

thanks

This is where I get the failure.

Code:
[email protected]:/ $ su
su
/system/bin/sh: su: not found
 

Top Liked Posts

  • There are no posts matching your filters.
  • 145
    Changelog
    1.1 - doh
    fixes a bug where exploit only works once.


    Pie is a root for motorola devices, should work up to and including 4.4.2.

    I had hoped to save this until August however the bug was outed with 4.4.3, and detailed publicly by several people. It now has no value for my purposes. Sucks for me, great for you.

    Vulnerability details:
    http://blog.cassidiancybersecurity.com/post/2014/06/Android-4.4.3,-or-fixing-an-old-local-root

    This is a tethered root (think tethered jailbreak), meaning you have to run it each time you reboot in order to have root access. You do not get system write access, you do get root and busybox.

    Usage:
    Code:
    adb push pie.jar /data/local/atvc
    
    adb push root.sh /data/local/atvc
    
    adb shell chmod 755 /data/local/atvc/root.sh
    
    adb shell /data/local/atvc/root.sh

    Expected output:
    Code:
    Retina:package jcase$ adb push pie.jar /data/local/atvc
    5288 KB/s (1538203 bytes in 0.284s)
    Retina:package jcase$ adb push root.sh /data/local/atvc
    81 KB/s (137 bytes in 0.001s)
    Retina:package jcase$ adb shell chmod 755 /data/local/atvc/root.sh
    Retina:package jcase$ adb shell /data/local/atvc/root.sh
    pie by jcase
    want to buy me pie? paypal-> [email protected]
    Retina:package jcase$ adb shell
    [email protected]:/ $ su
    [email protected]:/ # id
    uid=0(root) gid=0(root) context=u:r:kernel:s0

    Busybox license -> http://www.busybox.net/license.html
    BusyBox v1.20.2-Stericson (2012-07-04 21:33:31 CDT) multi-call binary.
    If busybox source is needed please ask me, while it is petty since you can get it from the obvious places, I will gladly package it on floppy disks and mail it media mail at your cost.

    FAQ:
    Where is source?
    On my computer

    Will it work on LG G3, Samsung <model>, Nexus 5?
    No

    Will you root X?
    No, don't ask me.

    You suck!
    Not really a question, but I get this a lot. This is the 5th exploit I have released for MotoX, bite me.

    This doesn't work, will you help me?
    No, ask the community for support

    Will you make this work on X?
    No, this exploit, as it is, will only work on motorola phones, and only some.

    Will you do this for me?
    No

    This doesn't work!
    Then you are probably running firmware that has been patched, you should have bought a dev edition.

    Will you X?
    No

    What is your favorite pie?
    I like apple pie with vanilla ice cream, and Boston cream pie.
    9
    Fixed, download package1.1.zip and try that

    Hi Jcase, for me works the first time, after reboot and try to re root, show the same issue

    Code:
    C:\Program Files (x86)\stillthisguy\Moto X Toolkit>adb shell chmod 755 /data/loc
    al/atvc/root.sh
    
    C:\Program Files (x86)\stillthisguy\Moto X Toolkit>adb shell /data/local/atvc/ro
    ot.sh
    mkdir failed for /data/local/atvc/dalvik-cache, File exists
    pie by jcase
    want to buy me pie? paypal-> [email protected]
    
    C:\Program Files (x86)\stillthisguy\Moto X Toolkit>adb shell
    [email protected]:/ $ su
    su
    /system/bin/sh: su: not found
    127|[email protected]:/ $

    thanks

    This is where I get the failure.

    Code:
    [email protected]:/ $ su
    su
    /system/bin/sh: su: not found
    4

    Here is a full step by step tutorial for anyone confused by the rooting instructions. If you like a visual aid here it is.
    4
    Nice job, man. Even though I don't own a Moto device anymore, I thank you for working on exploits. Tough, and time consuming game, and your work is appreciated.
    4
    So I keep getting random reboots and sometimes after being rooted for a couple hours all my apps start force closing and I have to do a normal reboot (since Xposed force closes and I can't do the apps soft reboot). The only apps that require root I have installed are Xposed with Gravity Box, ES File Explorer with Root Explorer enabled, Wifi Tether, Super Su, and Root Checker. When I redo adb commands I get the following messages but still get root.

    These are almost certainly due to xposed. The exploit mounts a new ext4 image over /system/xbin, allowing su to actually exist somewhere other than just in memory. However, with write protection, when you push a file to anywhere else on system, it is not actually written. More than likely "Xposed" is disappearing mid usage, and it's modified apps_process with it. Thus boom, reboot.
Our Apps
Get our official app!
The best way to access XDA on your phone
Nav Gestures
Add swipe gestures to any Android
One Handed Mode
Eases uses one hand with your phone