Subscribe to:
Post Comments (Atom)
skip to main |
skip to sidebar
Where ya from
Posts
Like c-skills' projects?
Links/Rechts
- this
- my github
- follow me on twitter
- MTU Ninja blog
- Geoff Hustons network blog
- bits please
- my aimful life
- GDR crypto archive
- communists computers
- Top Level Telcos
- Kees' codeblog
- jeffrey carr on cyberwar
- Nion's blog
- packet foo
- grugq's hacker opsec
- c++ blog
- frama-C blog
- lcamtuf's
- Harld Welte's blog
- openbts chronicles
- google security blog
- nerdling sapple
- home.regit.org
- root labs rdist
- xorl %eax, %eax
- Trail of Bits
- Julien's blog
- ithilgore's blog
- Openwall Project
- trapkit
- pagetable.com
- grsecurity
- recurity lablog
- Halvars blog
- OSS Security Wiki
- Modern C++ stories
- C++ Core Guidelines
- phoronix news
- coindesk
- distrowatch
- Fefe's blog
Blog Archive
About Me
- Sebastian
- Disclaimer: This is my personal and private weblog. The views expressed on this website/weblog are mine alone and do not necessarily reflect the views of my employer.
14 comments:
It works on G1, Milestone. Thanks for the PoC.
Saw this recently used to root the DroidX, kudos!
In a related vein, it looks like the Motorola Backflip has the same vulnerability, however it does not have /etc/firmware.
Looking at the code (which I only partially follow, admittedly) I'm unsure why /etc/firmware is required. (I am assuming it's how one would use the firmware subsystem as the vector for attack.)
Could you give an explanation/some pointers on what I might try to exploit this on the Backflip? (What about using /dev/ashmem instead of the firmware subsystem?)
Thanks!
--Morgul
Fantastic.
Hi. Looks like this worked on the Droid X but does not seem to work on the Backflip because of the lack of /etc/firmware. Any ideas?
After testing on Milestone, several conditions could be reduced/relaxed:
1. /tmp can be used instead of /sqlite_stmt_jourals. They are both world writable.
2. Changing for(;;); to exit(...) works. Perhaps the code was borrowed from other exploit?
3. The exploid rootshell will be triggered by hotplug event after it has been setup properly. Thus sleep(3) can be removed.
This also works on the Devour.
will this work on the devour and any more info on the backflip
Does this work on the X10? (not mini or mini pro)
Works also on HTC Hero (1.5). Thanks !
Hi,
I've been trying, with little success, to get this working on the Wildfire.
I've changed the block device for system remount to /dev/mtdblock3, but still have no luck with actually copying self to /system/bin/rootshell
Furthermore, once the exploit has been run, certain hotplug actions cause an instant reboot and, obviously, abd disconnection. Any help would be gratefully received.
Cheers,
Martin
The root does not work on my motorola I1.. I keep on getting permission denied when I run
./exploid
Please help !
Thank you.
Khalil Ladjevardi
Los Angeles
The root for Motorola does not seem to work
I tried running ./exploid but end up with permission denied.
Please help !!
Thanks !
Thank you!!! You often have interesting posts! They put me in good spirits )
Hi - I am really delighted to discover this. great job!
Post a Comment