Thursday, May 26, 2011

Closing recent thread

I will close the GingerBreak post now since most comments
are meanwhile about particular versions or not related to
Android OS at all. It turned out that GingerBreak works
on Froyo, Gingerbread and Honeycomb. For some versions it
needs minor fixes like in the detecting-phase but overall
it is a good and stable softbreak. Thanks to those who
sent patches or test reports.
Smartphone security and Android security in particular seems
to be the new hype (WTF?! HTTP is sending data in
plaintext!?) and therefore it is about time to
fall back to monitor-only mode. If you ever see a # on an
Android device in future, always remember who was pioneer-ing
exploit development on that platform and remember where
all these spin-offs came from.


I have had the choice of writing scientific papers about security
and exploits, or to code exploits. And I chose the latter.

13 comments:

Joel said...

Thanks for your work. You truly are a god among nerds.

Until next time...

sunning.sun said...

thanks man

EverythingTrippy said...

How can I get a hold of you?

I have edited your GingerBreak.c file to suit the needs of my phone, some directory paths were different.

I am stuck there as I have not the first clue how to compile C, I tried using GCC on my linux box but netlink.h and system_properties were missing, I came to the conclusion it had to be compiled in an android environment.

This is the changed version for my model of phone: http://pastebin.com/DER6StyM

Any help would be greatly appreciated!

jkoljo said...

Thanks for the GingerBreak, it works well on most Gingerbread builds. However, on Desire HD's new builds, you get "vold: xxxx GOT start: 0x00014360 GOT end: 0x000143a0", and then it freezes. I am talking about 2.37.xxx.x ROM builds. On WWE 2.36.405.8 it works great.

Justin Case said...

Appropriate timing, thank you for giving us what the manufacturers wouldn't.

Hopefully other carriers will follow in the footsteps of Samsung (and now apparently HTC) and leave a legitimate route for us to gain root.

Injectso4droid PLX said...

Hi C-skills, can you please port injectso to android? or at least point me somewhere where I can read about injecting code into android native code (libxxx.so)
Ty

Anonymous said...

Thanks for taking the time to do this. I think it would be awesome if you would write a tutorial for the exploit, or put very detailed comments in the code as to what you're doing at each stage. I code walk-through of sorts. I know it's time consuming and doesn't really provide you much benefit, but I think it would really help the rest of us learn.

Thanks again.

Sebastian said...

I try to write the code as clear as possible to need as few comments as possible. However, reading exploits
(and writing too) is not that easy
since a lot of magic is involved
which you only know when you
digged deep into the target.
E.g. WTF is he calculating the idx
that way and why is he creating this file of that size here and not there?
I have problems reading other folks
exploits as well if I dont have the time to really zoom into the
target vuln. To learn about exploit
writing I'd recommend the phrack
articles for example.

Mindcrickets said...

The HTC Sensation appears to be un-exploitable if you ever feel the need for a new challenge.

bill.necka@hotmail.com said...

Any word on when there will be a root-able exploit for the 2.3.3 GB for HTC Evo 4G?

Anonymous said...

Many thanks for your work. I'd be grateful if anyone could point me to what should be the indexes and offsets that need to be changed. I do have an Android build system installed and can compile. However most of my programming is old school (fortran) and I now very little of C. My device is a Vizio VTAB 1008 running Gingerbread 2.3.2 build id GRH78C with CPU armeabi-v7a. Supposedly preproduction versions of this device was rooted before launch. However, none of the exploits I have tried so far seem to work. Thanks again.

Sebastian said...

try revolutionary.io
they seem to have a new vold exploit.
getting the right offsets and indexes
can be tricky - thats why
I dont favor memory smashing exploits in particular across a range of
devices and OS versions

Anonymous said...

Icke -- Thanks for the reply and the pointer to the revolutionary.io site.

Are you referring to the new zergRush exploit? I did try that as well but with no luck. So far, every exploit has failed -- rageagainstthecage, gingerbreak, and zergRush. The software devs at Vizio must have really been on top of every exploit and have patched them as soon as possible.