Root tool DirtyCow Apk && adb

Search This thread
Tried the adb method and getting the below error. Can someone please help?
Apk method is asking to unmount the system which I cannot do as I don't have root access yet.

# Device:ganesa

-Getting uid 0->Ok.
-Checking permissive run-as.->No
-Dump policy->Ok
(Android M policy compatibility mode)
(Android M policy compatibility mode)
(Android M policy compatibility mode)
(Android M policy compatibility mode)
(Android M policy compatibility mode)
-Dump initreadelf: Error: /data/local/tmp/init.dump: Failed to read file's magic number
printf: 0x: invalid number
Getting this error while trying to using dirty cow exploit using adb. Can someone please help.

C:\platform-tools_r33.0.3-windows\platform-tools>adb shell /data/local/tmp/dcow /data/local/tmp/run-as /system/bin/run-as
/system/bin/sh: /data/local/tmp/dcow: can't execute: Permission denied

Top Liked Posts

  • There are no posts matching your filters.
  • 47
    I have developed a tool to exploit the dirtycow vulnerability and get TEMPORAL ROOT
    It bypass the selinux in lollipop 32bits system only, we are working now in a 64bits and Marshmallow version and will be soon, have a lot of work to do it universal.
    Im bringing 2 tools, one apk (no computer required) and one rar for adb and linux.
    With this tool we will access to those partitions and start the attack there, but in the actual state if you have locked your bootloader a good choice is to have root even temporal one.

    Required: SDCARD
    The apk exploits this vuln in the vold context so, is necessary to have a sdcard and mount or extract it, when the app requires, one time per session.
    This tool has some utilities for flash boot and system partition, also for backup and 2 methods of root:
    ·Attack init process (lollipop 32 bits only)
    ·Attack app_process.(all devices, not really good)

    ·Get root
    Uninstall any supersu manager before root.
    The way to use this app is first click in check perms(optional) and you will see if you have permissions to /init file.
    If you have permisisons and lollipop 32 you can use the first method to get root.
    Also in check permissions you will see if you have rights to backup/flash boot and system partition.
    The process takes until 2 minutes to finish so wait please and watch the log window.
    # ISSUES #
    If you get reboot after get root you can:
    -Clean init (restore init process sometimes crash the device, but is safe)
    -Install selinux permissive (Set permanent the new selinux policy, not tested)
    The first option is safe you just can get a reboot.
    The second option is just tested in 3 devices(oppo,xperia,Moto E), so test it with a recovery system working, can break some selinux rule..

    The adb rar contains some utilities to get root via run-as and init and is only working in Lollipop 32bits.
    To execute it:

    -Pass rar:"nox"
    -Extract the rar in /data/local/tmp/

    chmod 755 /data/local/tmp/
    cd /data/local/tmp/

    This process take some time 1-2 minutes but you will see the progress in the console, please wait,
    After will ask to turn off bluetooth do even sometimes is not required, it can accelerate the process.
    It will ask to install selinux permissive, if you don't have reboot problems, don't install it, otherwise be sure you have a recovery system working and a stock rom ready to flash, this feature is stable but need more testing.
    if all is ok you will see this:

    #Type run-as -s1 to get a shell"
    #Type run-as -s2 to execute su daemon"

    The run-as -s1 give you a shell with init context but some restrictions because selinux autotransfer domain to run-as
    The run-as -s2 will execute su dameon and a su init context with no restrictions.
    # ISSUES #
    If you get reboot after get root you can:
    ·mount system partition with flag abort:
    mount -o remount,abort /system
    You won't able to mount system in write mode.

    This app is in BETA BETA state for now, just 7/9 devices passed not bad at all ;)
    I'll add more devices in the list soon ;)

    List of rooted devices:
    Moto G 5.1 lollipop
    Xperia 5.1 lollipop
    Oppo 5.1 lollipop
    Emulator 5.1 lollipop
    XT1528 (MOTO E Verizon prepaid) 5.0.2 lollipop(reboot issues)
    Asus Zenfone Go ZB452KG Lollipop(5.1.1)
    Smartfren Andromax A / Haier a16c3h (Lollipop 5.1 Firmware 12.2)

    Implemented selinux pemissive after reboot.(adb,apk)
    Enforce mode working.(adb,apk)

    Version: 0.3
    Fixed bug creating bl instruction.

    Version: 0.2
    -Fix bug in apk for some devices

    Version: 0.1
    -More compatible adb with lollipop 32 bits
    -Fixed bug in the shellcode.
    -64 bits version of run-as-dirtycow.

    -Working in Marshmallow 32 bits.
    -Apk some fix.

    Thanks to n0x for his great help debugging the shellcode issue in Moto G
    Can we have access to the run-as-dirtycow source code?

    Is very simple just have the dirtycow exploit original and some code to copy files read and puts.

    Anyways soon ill post here, has no many secrets lol, just copy file or execute sh, the main problem now is the patcher, to make it working in Marshamallow and 64bits, i don't have any device with 64bits, yes one xperiaZ that i can install a custom rom with Marshmallow.

    But i think the first is to check if the patcher is working in lollipop32 bits well, even ive tested 2 devices and reversed some other inits is not enough to be completely sure that all is ok.
    ADB Links worked for me but still waiting on getting the dirtycow apk.

    There is some places that has it. Here is one.
    (Haven't tried it. Don't know version or anything. Found from )

    Just in case uploaded the other file as well. BTW, there seems to be
    some versions after the OP was last modified. Is this the last one?

    ok heres the pulled files from data/local/tmp

    zip below

    Ok, the exploit adb is fixed now you will get root, i've updated the rar in the main thread.

    Delete all the old content from /data/local/tmp/

    rm /data/local/tmp/*

    The bug was a binary(init-patch) not updated in the rar package, your device was fixed 1 week ago but not updated the rar :laugh:

    Btw i hope this will work for you because i will be out for a 3 weeks, im in Nepal and leaving in 3 days i have a travel to other countries and i will restart the work is some place with a nice beach :cool:

    Best regards ;)
    taking a break from it for the rest of the day. frustrated lol. but not giving up.

    Thank you for all the test, your device is rooted, just we need to install su in daemon.

    Ill go to rest as well tomorrow i have the flight.

    Best regards