Thursday, December 30, 2010

Zygote trickery -- 743C 27C3 release

The Gingerbread source has recently been released and
a root vulnerability has been fixed inside the
zygote/dalvik framework (if you dont know what it is,
call it a framework). I hoped that this exploit would
still work on Gingerbread, but since the bug is too
similar to the adb issue it has been fixed as well.
Thus, this only affects android phones < 2.3 but
it also works without debugging being enabled e.g.
from inside an evil app.

As always: the code is AS IS.
If you use it, it may crash your
device and makes it totally useless, SO YOU USE IT AT YOUR OWN RISK! THERE IS NO GUARANTEE

If you dont know what jailbreaking is about, dont do it anyways.
Once executed it should create a /system/bin/rootshell or
+s /system/bin/sh.

The apk can be found here. Nevermind the simple GUI,
it was pasted together from various sample/demo programs
just to make it easier to have an activity to start
for zygote.

And fear my publishing skillz! :D


Anonymous said...

Zip file seems to be truncated.

Sebastian said...

thx for noticing. fixed by renaming
to .zip

Unknown said...

hi there,

tried this out on my archos 101 running 2.2.1, but wasn't able to get it to work.
is there a place to provide further info, or will you be releasing the source? to further work out what the problem is.

Sebastian said...

What is logcat saying?
Is there a libjailbreak process
running as root after the
crash? Dump /proc/mounts.
/system/bin/rootshell can only be called by adb user.

Anonymous said...

Is it possible to get the source code for this?