Well, I need to find some user-ready exploit which's able to remove PXN (Privilege Execute-Never) and give me temp root access. I think it should be based on one of these vulnerabilities:
CVE-2015-0570 (stack overflow vulnerability in Qualcomm WEXT)
CVE-2015-3636 (vulnerability in ping_unhash function)
CVE-2015-1805 (vulnerability in pipe_read and pipe_write implementations)
Maybe, there are the others. It seems, my solution should be related to JOP (jump oriented programming) somehow.
I have already tested iovyroot (CVE-2015-3636) but due to my arm arch it doesn't work. There's a bunch of articles on the internet with theory of defeating PXN (e.g., those on BlackHat or this one). This info is designed for very experienced Android programmers. It mentions some mysterious tools like Yet Another Root Tool but I can't find it anywhere.
So, maybe you know any "cooked" rootkits for PXN bypass?..
P.S.: My device is Docomo Fujitsu Arrows NX F-01F with latest upgrades (Android Kitkat 4.4.2, kernel version 3.4.0 [Jan 7 2015], build number V10R22A). It's got ARMv7 processor (armeabi-v7a, armv7l, 4 cores).
Bro I don't have the answer for your question but I want o ask you a question can you please answer? I hope I'm not bothering
Related
We, kernel 10 users, will get ICS one day but only by regular OTA update since we can't use Condi's tool to build and flash some pre-rooted ROM.
Therefore we will need a kernel exploit to gain root and the good new is that there's one around here, discovered by Linux supermen Jüri Aedla and Jason A. Donenfeld then given to simple mortals by developer Saurik. I've tried the thing successfully on my newly bought Galaxy Nexus running ICS 4.0.2. In fact, the exploit runs on every 3.6.39 kernel based distrib.
The bad new is that the exploit needs offsets of setresuid and exit functions calls, taken from the statically (dynamically would be too easy) linked run-as binary if i've understood the trick. The right offsets were given by Saurik for the Gnex, that's why I've met success in rooting my new phone. We need to learn how to get them from the run-as binary embedded in the upcoming Sony tablet's ICS to break the no-root spell thrown by Honeycomb kernel 10...
I actually try to find a way but must admit it's a bit too rough for a total noob in ARM assembly stuff. So ladies and gentlemen, help is needed!
PS:
I have NDK's cross-platform gcc compiler working, run-as C source code (don't know wich version), run-as binaries (3.2.1, 4.0.2, 4.0.3) for testing purpose
You obviously know what you're doing more than I, but there might be a bit of a hurdle when it comes to that kernel exploit...
Apparently (and this is only alleged), Sony are sticking with the older 2.6 kernel for their 4.0.3 update (didn't even realise they were compatible), which would make that exploit a bit tricky.
According to what I've read here and in other places, the exploit works on kernel 2.6.39 wich is "under" Acer's and Samsung's (maybe others too) ICS 4.0.2 and 4.0.3 releases. It doesn't for earlier kernels like the 2.6.36 (our HC 3.2.1) and newer ones where the vulnerability is patched.
So let's hope that Sony will neither use the old 2.6.36 nor be at the top of kernels versions when releasing their ICS and that someone will find the two magic offsets required for the exploit...Sony tablet S is not a best seller and I'm afraid devs will not take much care of it.
Wait and see and in the meantime, maybe someone will find something about getting the offset's value while surfing the Web or ear someone talking about it or meet a super developer in a bar or get a revelation while sleeping or... find an easier exploit!
I rooted my Xperia - L successfully using the RootKit method. But, I am not happy with myself in the sense that just by going through the code, I did not really understand how the developer exploited CVE 2013-6282 bug to achieve root. I don't have any prior experience in Linux kernel development. As a side note, I could set up NDK and recompile the exploit successfully for ARM platform. Please guide me with appropriate pointers so that I can understand the code completely. What information do I need to have? Where should I start? Do I need to have driver development on *NIX?
I know it's not as simple as it looks, otherwise everybody could do it, but at least can someone point me in a vague direction?
Just out of interest, how do you upgrade a device tree to support newer Android versions? Anything in particular which might prevent Android from functioning correctly?
I've acknowledged SELinux as a problem already.
I'm new to running device trees and kernels but I do know my way around Linux (I know how toolchains works, and I can build Android and kernels, for example) and I know C++, C and Java.
I've 'Google-d' the matter, but to no avail – there appears no clear way to do it.
+1 this question
i want its answer too:good:
Hello All
Just asking around, wondering if there is a unified thread or devs working with MTK socs, or Teclast based devices. I am aware of Riley Rom, and that a lot of the dev may be Asian or Chinese based from the Baidu released with Teclast based firmware/ROM.
I have a Teclast P98 4g (A8H6), I've been able to root, but trying to install a custom based ROM or CM or AOSP rom..... first I would need to get a functioning TWRP/CM recovery to work on this device.... let alone drivers for adb....which I am able to get the tablet into adb. It's just been a headache reading through all these different sites and forums for other devices, trying to find a way and tools to get it to work for my device.
I see some support for Cube T7 and T9, and Teclast T98 4g (which is almost the same exact device, different camera and clock speed) and some other similar devices with a similar SoC/chipset as this one. Just wondering if there are eyes or ears anywhere that may have more information or a dedicated thread. I've come across some German Dev sites, for Cube T9, but wondering if any know Devs here in XDA or other links with similar work that we may be able to reference.
I've also commented on this one link for the Review of my device but seems there isnt much feedback there.... not a dev thread.
link: http://forum.xda-developers.com/android/general/teclast-p98-4g-updated-mtk8752-octa-t3065247
Req. Dedicated Mtk/Teclast Threads/Subforum ..... maybe possible to centralize all the info based on these Tablets , phones and chipsets and have a unified dev or tool set....
Updated thread for SP Flashtool or other similar tools for flashing/root....
to Admin and Dev..... not trying to spam or request anything otherworldly. Just asking the forum for tips, pointers.... maybe someone has answers or solutions I am looking for.... please move to where appropriate.
Hello to everyone.
I would like to understand how to emulate a recent version of Android on my jetson nano with qemu / kvm. I already have some experience with linux,with the jetson nano and with the arm64 platform,but a very little one with Android. But I have already asked some crucial informations about the most important requisites that Android should have to run with qemu-kvm. Basically these :
An Android image with Mesa DRM/KMS support.
Android kernel with the appropriate Virtio-gpu modules enabled.
Modified Jetson nano kernel to add support for KVM
compiled Virgilrender and qemu with virgilrender support
I have already configured point 3 and 4. Point 1 and 2 are missing 'cause I have a little Android knowledge. Someone said to me "It needs to be one targeted for Qemu with virtio-gpu support enabled. There are images around with it configured but don’t have ones that I can share". Ok. for me its better to understand how to configure Android from the beginning like it should be,but I'm pragmatic,so I don't say no if someone wants to give me a recent Android image already configured . In any case,since I don't know where to start,I would like to get some detailed documentation from you,because I want to learn the workflow. Thanks in advance.
no one wants to help here ?