Related
As far as I know, we can get the root permission when using "adb remount" in donut for the ADP1. But permission is denied when using "adb remount" in donut for the google i/o device.
After flashing the boot image and system image (userdata and cache erased before flashing), the ADP1 rom gets 86.11M available space in the internal storage, while the i/o rom gets 66.2M available space in the internal storage.
Actually, when using "adb remount" for the ADP1 images of Donut, you get the same limitations. In order to do allow "adb remount" to work, you have to unpack the boot.img, edit the ramdisk init.rc, then repack the images and reflash them.
Also, the ADP1 images of 1.6 (Donut) do not allow downloads of protected apps from the Market. So, you cannot download programs such as Pandora. Those that are not marked as "protected" are fine to download, though.
rpcameron said:
Actually, when using "adb remount" for the ADP1 images of Donut, you get the same limitations. In order to do allow "adb remount" to work, you have to unpack the boot.img, edit the ramdisk init.rc, then repack the images and reflash them.
Also, the ADP1 images of 1.6 (Donut) do not allow downloads of protected apps from the Market. So, you cannot download programs such as Pandora. Those that are not marked as "protected" are fine to download, though.
Click to expand...
Click to collapse
Can we download programs marked as "protected" when using the i/o image?
When using ADP1 image of 1.6, we can remount successfully using "adb root" before "adb remount".
actually, you set ro.secure to 0 in default.prop, but yeah, that's what you do
jubeh said:
actually, you set ro.secure to 0 in default.prop, but yeah, that's what you do
Click to expand...
Click to collapse
I see, thank you.
donut for ION doesn't have xbin/ (and "su" binary), but it have ODEX for all apps and framework.
donut for ADP1 have xbin/ (and "su binary) but it doesn't have ODEX!
nk02 said:
donut for ION doesn't have xbin/ (and "su" binary), but it have ODEX for all apps and framework.
donut for ADP1 have xbin/ (and "su binary) but it doesn't have ODEX!
Click to expand...
Click to collapse
The su in /system/xbin only works in adb. If you want root access on the device you need su in /system/bin. The easiest way is:
Code:
dd if=/system/bin/sh of=/system/bin/su
chmod 4755 /system/bin/su
Also, to answer the other question, the ADP version of Donut does not support protected apps from the Market. You can download unprotected apps (including those for purchase), but apps that have the protected property set (i.e., those that install themselves in /data/app-private) cannot be downloaded—the download begins and seems to complete, but the Market app puts up a notification saying the application cannot be downloaded.
rpcameron said:
The su in /system/xbin only works in adb. If you want root access on the device you need su in /system/bin. The easiest way is:
Code:
dd if=/system/bin/sh of=/system/bin/su
chmod 4755 /system/bin/su
Click to expand...
Click to collapse
i know
Also, to answer the other question, the ADP version of Donut does not support protected apps from the Market. You can download unprotected apps (including those for purchase), but apps that have the protected property set (i.e., those that install themselves in /data/app-private) cannot be downloaded—the download begins and seems to complete, but the Market app puts up a notification saying the application cannot be downloaded.
Click to expand...
Click to collapse
also the ion version have this problem
if you change ro.build.fingerprint in build.prop and for example write "ro.build.fingerprint=tmobile/opal/sapphire/sapphire:1.5/COC10/150449:user/ota-rel-keys,release-keys", the market works
nk02 said:
donut for ION doesn't have xbin/ (and "su" binary), but it have ODEX for all apps and framework.
donut for ADP1 have xbin/ (and "su binary) but it doesn't have ODEX!
Click to expand...
Click to collapse
Another question
Why there is less available space in internal storage of the ion version than that of the ADP1 version?
And there seems to be a bug that when typing symbol with the hard keyboard I got the wrong symbols. For example, when pressing "alt" and "," it displays ";" instead of "?".
Start asking your questions in the right sub-forum (Q&A) (Theme) or even in (General), or simply search.......Final result will be a ban for you up too 3 days.
Thanks
ROOT Status of RUU_Hero_C_Sprint_2.27.651.5_R_signed_release : YES
Update: Regaw finally made it for us all! More info here http://forum.xda-developers.com/showthread.php?t=694572
======================================================
I noticed that someone has mixed up the TEST RUU and the RELEASE RUU. However they are different. The test RUU has su file built inside, other than the release RUU!
I flashed RUU_Hero_C_Sprint_2.27.651.5_R_signed_release.exe and i love it very much.
This update is very great, except that I lose my root access. And I tried every method to get root back again but failed.
1. Using asroot2 to root - Failed
I followed the Sticky GUIDE "How to Root the Sprint CDMA Hero", but failed when running
Code:
/data/local/asroot2 /system/bin/sh
The process was killed.
I know the linux kernel changed to 2.6.29 with the update. Maybe that is the reason why asroot2 does not work.
2. Using flashrec to flash a custom recovery image and then get root - Failed
I installed FlashRec 1.1.3 from zenthought's website, but failed when I tried backingup my recovery image.
3.Using adb to push the su file into the phone - Failed
I dump the su file from damageless's rom and flipz's Fresh 2.1.1 rom. Then using adb to push it into /data/local/ and chmod it to 4777, but running failed. It just said "Permission Denied". However, i push a busybox file into /data/local/ and chmod it to 4777, the busybox command runs ok.
KeithKris pointed that Su doesn't work on /data because that directory is mounted nosuid.
4.Using fastboot to flash a custom recovery image and then get root - Failed
I reboot my phone into fastboot, then connect it to PC using USB. I tried this command "fastboot boot recovery-RA-heroc-v1.6.2.img" but faild, it said "downloading 'boot.img'... FAILED (remote: not allow)".
5.Trying to flash back to RUU_Hero_C_Sprint_2.20.651.1_signed_test.exe - Failed
It said "Error 140: BOOTLOADER Version Error!".
Although regaw_leinad has pointed that the md5s on both(release version and test version) hboots are the EXACT same.
b819083aa9fe456c5a5fbde4917980e2
and
b819083aa9fe456c5a5fbde4917980e2
Click to expand...
Click to collapse
Thanks regaw_leinad for your kind help.
Update: 6. the Volex method - Failed
this volex method is revealed here. Already tested by regaw that 2.1 patched it. It doesn't work.
======================================================
After all these failures, there seems to be at least two ways to get the root back. And regaw_leinad and other guys are working hard on them.
1. Try to make a new asroot2 to exploit the linux 2.6.29/android 2.1 on our cdma hero. Here is the source code of our asroot2 -- heroc 1.5 exploit tool.
2. Try to hack the RUU file (actually we mean the rom.zip in the RUU.exe) and make sure it will pass the Bootloader check and signature check(maybe md5?). Then we could flash a RUU with su built inside and get the root back.
If anyone knows something about how to pass the signature check(maybe md5?) or linux kernel exploit, please share your wisdom. Thank you.
This post will be updated every day until the way to root comes out.
Update: Thanks to the donators in this thread! I believe the devs will find the exploit method soon with your support!
======================================================
BTW: Never ever flash the official 2.1 release RUU.exe unless you know what you are doing. You won't get root access until the exploit method has been found. If you do love the official update, you may flash this damageless's rom dump from the official 2.1 release. And the radio dump from the official 2.1 release is here1 and here2 (thanks to damageless and flipz, and remember flashing radio at your own risk). The only difference between damageless's dump and official RUU's system part is that it has root and busybox and it removed some useless apks.
would it be more like fastboot boot /sdcard/recovery-RA-.........img?
justinisyoung said:
would it be more like fastboot boot /sdcard/recovery-RA-.........img?
Click to expand...
Click to collapse
I tried /sdcard/recovery....img again, faild. Because in this command the image file should be on the PC not on the phone.
1. Make sure you have the Android SDK installed. Read HERE for more info.
2. Download 4shared.com - online file sharing and storage - download flash_image.zip
3. Download 4shared.com - online file sharing and storage - download recovery-RA-heroc-v1.5.2.img
4. Unzip the first file, and place both in your Android SDK/tools folder.
5. Make sure USB debugging is ON
6. Connect your phone to the PC
7. Open the command window and navigate to the Android-sdk/tools folder on your computer.
8. At the prompt enter the following, one line at a time followed by enter
Code:
adb shell
su
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
exit
exit
adb push flash_image /system/bin
adb push recovery-RA-heroc-v1.5.2.img /sdcard
adb shell
chmod 0755 /system/bin/flash_image
reboot
9. Your phone will reboot. When it is finished, back at your command window, once again enter
Code:
adb shell
su
cd /sdcard
flash_image recovery recovery-RA-heroc-v1.5.2.img
reboot recovery
10. With any luck, you'll have the recovery image back and can load custom 2.1 based ROMS again.
__________________
elhead17 said:
1. Make sure you have the Android SDK installed. Read HERE for more info.
2. Download 4shared.com - online file sharing and storage - download flash_image.zip
3. Download 4shared.com - online file sharing and storage - download recovery-RA-heroc-v1.5.2.img
4. Unzip the first file, and place both in your Android SDK/tools folder.
5. Make sure USB debugging is ON
6. Connect your phone to the PC
7. Open the command window and navigate to the Android-sdk/tools folder on your computer.
8. At the prompt enter the following, one line at a time followed by enter
Code:
adb shell
su
mount -o remount,rw -t yaffs2 /dev/block/mtdblock3 /system
exit
exit
adb push flash_image /system/bin
adb push recovery-RA-heroc-v1.5.2.img /sdcard
adb shell
chmod 0755 /system/bin/flash_image
reboot
9. Your phone will reboot. When it is finished, back at your command window, once again enter
Code:
adb shell
su
cd /sdcard
flash_image recovery recovery-RA-heroc-v1.5.2.img
reboot recovery
10. With any luck, you'll have the recovery image back and can load custom 2.1 based ROMS again.
__________________
Click to expand...
Click to collapse
Sorry dude, there is NO su file in this released version of RUU.
So you won't run su after adb shell
just a question but can you successfully run the testkeys release RUU on your phone?
I thought with new 2.1 update root access was removed and there was no way workaround to get root access. I might be wrong here.
You might want to try RUU back to 1.56 version and try to gain ROOT access and just flash ROM release by the dev's here which still give us ROOT access.
I'm not sure if it even possible to go back from 2.1 to 1.5 RUU. Maybe some with more knowleadge of RUU can chip in here.
In addition the RUU you flash is same one release by Devs here on their modify ROMs.
i dont think it is possible to ruu back to 1.5. i think a dev said something about hboot being updated so it needs a new way for root.
kashb91 said:
i dont think it is possible to ruu back to 1.5. i think a dev said something about hboot being updated so it needs a new way for root.
Click to expand...
Click to collapse
You are correct sir. There's no way to downgrade hboot (without root), just like why you can't run the 1.29 RUU if you ran the 1.56, or yours came with 1.56 on it.
F.A.I.L.
10chars
aside from people who "accidentally" installed RUU, The push to quickly root this release is probably low priority, first of all this phone is probably end of life, so the chances of it coming out of the factory with 2.1 on it are slim.
2nd I imagine when the Evo gets released this forum will become a ghost town as far as new development is concerned
gunnyman said:
aside from people who "accidentally" installed RUU, The push to quickly root this release is probably low priority, first of all this phone is probably end of life, so the chances of it coming out of the factory with 2.1 on it are slim.
2nd I imagine when the Evo gets released this forum will become a ghost town as far as new development is concerned
Click to expand...
Click to collapse
well, I'll be around here unless someone buys me an EVO &
It is actually possible to go back to 1.5 even if you used the RUU (well I should say the test RUU). I just did it yesterday so I could take my phone in for service. I'll post how I did it when I'm not mobile. Basically I created an update package to flash the old hboot then used a combination of the 2 main unroot threads. Ended up being able to use the sdcard method after flashing the misc.ing from the other method. I know probably doesn't make sense but I've got it all documented at home.
eme82 said:
It is actually possible to go back to 1.5 even if you used the RUU (well I should say the test RUU). I just did it yesterday so I could take my phone in for service. I'll post how I did it when I'm not mobile. Basically I created an update package to flash the old hboot then used a combination of the 2 main unroot threads. Ended up being able to use the sdcard method after flashing the misc.ing from the other method. I know probably doesn't make sense but I've got it all documented at home.
Click to expand...
Click to collapse
I can't WAIT to read how you did this! I have been dying to get back to original HBoot since I ran the first test RUU back in April.
gunnyman said:
aside from people who "accidentally" installed RUU, The push to quickly root this release is probably low priority, first of all this phone is probably end of life, so the chances of it coming out of the factory with 2.1 on it are slim.
2nd I imagine when the Evo gets released this forum will become a ghost town as far as new development is concerned
Click to expand...
Click to collapse
Well, if we are able to root this Sense 2.1 then theoretically the same root method may work on the Evo, thereby cutting down our wait for a rooted Evo. Just a thought.
chuckhriczko said:
Well, if we are able to root this Sense 2.1 then theoretically the same root method may work on the Evo, thereby cutting down our wait for a rooted Evo. Just a thought.
Click to expand...
Click to collapse
Very very good point I'm not getting an evo till its rooted anyway
chuckhriczko said:
Well, if we are able to root this Sense 2.1 then theoretically the same root method may work on the Evo, thereby cutting down our wait for a rooted Evo. Just a thought.
Click to expand...
Click to collapse
Possible, but I doubt it.
Chances are it's an entirely different kernel. My guess is the EVO gets a 2.6.30+ Kernel - It's hardware is completely different from ours. QUALCOM doesn't even make our chipset any more.
I updated to 2.1 using damage sprintupdate2.zip. I want to use wifi-tether now. Where can I find the version I need for this particular build? I looked on wifi-tether website, but it says the 2.1 compatible version is for Nexus One. Is there even a version for Eclair for the Hero?
Would build wireless_tether_2_0_2-pre9.apk for the N1 work?
zemerick said:
I updated to 2.1 using damage sprintupdate2.zip. I want to use wifi-tether now. Where can I find the version I need for this particular build? I looked on wifi-tether website, but it says the 2.1 compatible version is for Nexus One. Is there even a version for Eclair for the Hero?
Would build wireless_tether_2_0_2-pre9.apk for the N1 work?
Click to expand...
Click to collapse
I'm still using pre6 seems to be the one for the Hero.
zemerick said:
I updated to 2.1 using damage sprintupdate2.zip. I want to use wifi-tether now. Where can I find the version I need for this particular build? I looked on wifi-tether website, but it says the 2.1 compatible version is for Nexus One. Is there even a version for Eclair for the Hero?
Would build wireless_tether_2_0_2-pre9.apk for the N1 work?
Click to expand...
Click to collapse
Here's the link: http://code.google.com/p/android-wi...ireless_tether_1_60_htc.apk&can=2&q=HTC+Donut
If anyone has any idea how to accomplish this please PM me
PS
http://forum.xda-developers.com/showthread.php?t=452316&page=45
This stickied post needs to be modified with correct instructions as to how(or removed from saying it can)
Now, copy a busybox binary to /data/local/busybox with adb push, and then connect to your phone with adb shell, and give the busybox binary execute permissions (i.e. chmod 755 /data/local/busybox)
busybox has a telnet applet, so you can do:
busybox telnet 127.0.0.1
to get a telnet session with root access.
DOESNT WORK
Ps I Attempted to mod my old G1 to do PSfreedom which then bugged the recovery. to fix i flashed the nbh file and attempted to reroot. Not realizing that it required a simcard (which i have). But my G1 has a busted simcard reader so Balz
Bump for SUPPORT
The original thread has MANY unanswered requests
Hi,
Today I've unlocked, flashed Paul's CWM recovery, and then rooted my HTC One S.
I've installed SU and Busybox but Titanium Backup still says it couldn't get root privileges. What am I doing wrong?
reupugi
try to update the binarys in SU
if that fails re flash the root.zip file
happened to me yesterday
Thanx for the quick answer.
When I try to update the su binarys it fails saying it "failed to find currently installed su binery...
What does that mean?
uninstall and reinstall the SU app
or reflash the root file as this is supposed to install SU on your device
Well, last night I spent hours trying to uninstall and reinstall su. I've also flashed Paul's root twice but still no luck.. I've tried to install busybox with two different apps but still no luck... Is there any way to roll back everything and start over?
you need to flash the su through cwm. then you can update the app's. You can not just download a app and think that it will root the phone. Look at step 3.
http://forum.xda-developers.com/showpost.php?p=24478083&postcount=1
So I encountered a similar problem (https://github.com/ChainsDD/Superuser/issues/46).
Edit: Of-course it'd make more sense to confirm if this could be the problem first...
Code:
$ adb pull /system/framework/framework.odex
$ strings framework.odex | grep HtcIntentFlag
@test_code: getHtcIntentFlag:
@test_code: setHtcIntentFlag:
addHtcIntentFlag
getHtcIntentFlag
setHtcIntentFlag
I patched the su binary in accordance with the change I observed in the framework and that works for me.
Could the OP please try the following su binary:-
* http://revolutionary.io/one-s/su (md5sum: 83fdeaef210225d7361e6c8eb63bae96)
This will need to pushed from recovery, something like (after ensuring /system is mounted):-
Code:
$ adb push su /system/bin/su
$ adb shell chown root /system/bin/su
$ adb shell chgrp root /system/bin/su
$ adb shell chmod 6755 /system/bin/su
(You can obviously push to xbin/ if you have the appropriate symlink set-up in bin/, etc...etc...)
zylith said:
you need to flash the su through cwm. then you can update the app's. You can not just download a app and think that it will root the phone. Look at step 3.
http://forum.xda-developers.com/showpost.php?p=24478083&postcount=1
Click to expand...
Click to collapse
I've flashed su through Paul's cwm, following steps 1,2 and 3. I did have a problem entering bootloader through shutting sown - power+vol down. For some reason that didn't work, numerous times, so I got into the bootloader through terminal (mac) and command prompt (win 7).
########################################################################
EDIT ::: First Non-Alpha Release.
#>>Download LINK <<#
http://www.mediafire.com/file/rhmimk5dojt492b/DirtyCow + Double SuperSu Injection.zip
########################################################################
######Screenshot's######
PROOF.SH <<--- Click-able --- <<<
Kernel + SEpolicy Informations <<--- Click-able --- <<<
Succesfully Granted Termux Root <<--- Click-able --- <<<
SuperSu is at Lastest V2.82 <<--- Click-able --- <<<
######PROOFS######
But Technicly this works on ANY Android , Tested on 5.1.1, 6.0.1, 7.0,
SM-G920V
My Bootloader is Locked/ Doesnt Exist?
I use FLashFire, which will be installed using this method, but i also used Official TWRP to understand how the S6 Bootloader IS Picky I will only Accept STOCK.
I SUCCESFULLY Booted in TWRP with FISHY... I was working on TEMP Recovery and i thought...(Useless because you cant MODIFY THE OS -_- else Bootloader trigger)
But how about Booting a ROM instead of TWRP?! So i am working on this right now, Currently have a WORKING METHOD For Lg G4 h812 and succefully Booted Custom ROM)
This(Dirty-Cow Exploit) also Worked for my LG G4 But with Different Security Disabling Methods(OEM UNLOCK), Bluestack, Ubuntu 16, My raspberry PIE.... Pretty much... ARM32/64... but there is one for EVERY arch anyway.
I wish you guys a GOOD root.... Not to Exploit the exploit.
Scan.rar :Note: IF This is INFECTED"... well i had no clue, i want to Declare that i have NOT inject any Virus, i just Found the files on a XDA and Slighty modified a Root-Tool and Merged it with another, Writed .bat to make it Function at least with VERIZON and ROGERS.
::::::::::::::::::::::::::::::::::::::::::::::I want also to Declare that IF IT IS INFECTED , PLEASE REPORT BECAUSE... i am RUNNING THIS on my phone.*facepalm*::::::::::::::::::::::::
https://www.virustotal.com/fr/file/...19598dfec975f6511e20ed70/analysis/1519884568/
6 / 58
Antivirus Résultat Mise à jour
Antiy-AVL Trojan/Linux.TSGeneric 20180301
Avast ELF:CVE-2016-5195-T [Expl] 20180301
AVG ELF:CVE-2016-5195-T [Expl] 20180301
CAT-QuickHeal Exploit.dirtycow.A18c7 20180228
ESET-NOD32 a variant of Android/Exploit.CVE-2016-5195.A 20180301
Ikarus Trojan.AndroidOS.Exploit 20180228
Download Link ::
http://www.mediafire.com/file/n2r3obszwkxf31n/Arm32-DirtyCow-MixSploit.rar
What's going on here? No input is being accepted.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Wasted time, no root....
Anyway of making linux version? and maybe another option for dirtycow app_process32
EDIT --
YOU MUST disabled KNOX - Find My Device - Reactivation LOCK.
You must run DIsable Samsung Securities.. it might bug on Lockscreen or Knox. But CTRL + X/C ; would you like to terminate bat (y/n?) = N , just skips the stuck steps(most of the time)
But i really recommend doing all commands 1 by 1.
i figured much about android since using DIrtyCow and other Rootkits
Think about your / (root path) as an Standart UBUNTU/Linux, whitout YET the SUDO(which is added using BUSYBOX to your System/bin)
I also want to add that With ANY ANDROID.. or almost, in this case my Sm-g920V 5.1.1:: I succefully Flashed NETHunter for Arm64, still trying to compile it for ANdroid 7.0... Might as well just install CyanogenMod if i can Get Root and TWRP Working again.
FISH script is USING DIrtyCow. so should GET YOU ROOT. if you dont have it already.
Try running the .bat commands 1 by 1
the Run_for_arm.bat is to get a shell, then if you copy dirtycow.sh to the /system/usr/tmp (something like that) you can do with the SHell that run_for_arm.bat has open something similar to this :
--This Runs a Shell with Dirtycow(modified sh Function to allow Root) + My-run-as(which Elevates to Root)
*****************Run a Dirtycow(elevated) Shell ADB ************************
adb shell
/data/local/tmp/dirtycow /system/bin/run-as /data/local/tmp/my-run-as
#OR#
adb shell "/data/local/tmp/dirtycow /system/bin/run-as /data/local/tmp/my-run-as"
-- You can after that Operate Root Commands from this shell. EXEMPLE :::
Code:
*******Remove Old DirtyCow**********
files\adb shell rm /data/local/tmp/dirtycow
files\adb shell rm /data/local/tmp/my-run-as
files\adb shell rm /data/local/tmp/init
files\adb shell rm /data/local/tmp/init_patched
files\adb shell rm /data/local/tmp/sh
files\adb shell rm /data/local/tmp/a.out
files\adb shell rm /data/local/tmp/sepolicy
*******PUsh DIrty Cow Via ADB **********
files\adb push files/armeabi-v7a/dirtycow /data/local/tmp/dirtycow
files\adb push files/armeabi-v7a/my-run-as /data/local/tmp/my-run-as
files\adb push init_patched /data/local/tmp/init
files\adb push a.out /data/local/tmp/a.out
files\adb push sh /data/local/tmp/sh
files\adb push sepolicy /data/local/tmp/sepolicy
*******Change the Permission of the FIles inside /tmp/ and attemp to unrestrict the tmp folder itself **********
files\adb shell chmod 0777 /data/local/tmp/
files\adb shell chmod 0777 /data/local/tmp/*
files\adb shell chmod 0777 /data/local/tmp/dirtycow
files\adb shell chmod 0777 /data/local/tmp/my-run-as
files\adb shell chmod 0777 /data/local/tmp/init
files\adb shell chmod 0777 /data/local/tmp/init_patched
files\adb shell chmod 0777 /data/local/tmp/a.out
files\adb shell chmod 0755 /data/local/tmp/sh
files\adb shell chmod 0777 /data/local/tmp/sepolicy
*****************Remount /system as Read/write ************************
adb shell "/data/local/tmp/dirtycow /data/local/tmp/my-run-as mount -o rw,remount /system"
adb shell mount -o rw,remount /system
adb push push_system /system
adb shell mount -o rw,remount /system
adb shell mount -o rw,remount rootfs /
**************Install SuperSU APK and FlashFIRE********************
adb install -r SuperSU-v2.82.apk
adb install -r FlashFire.apk
**********Push The SuperSu Binary(Flashed .zip to an Empty Android Partition Format)**********************
adb push SuperSU-v2.82.img /data/su.img
adb push launch_daemonsu.sh /system/etc/launch_daemonsu.sh
adb push init.sec.boot.sh /system/etc/init.sec.boot.sh
adb shell < supersu.cmds
adb shell < supersu1.cmds
-- The Trick is to try and open a Terminal emulator with My-run-as
Like so
I'l try to make it simpler... sorry I'm a noob as well. BUT I CAN TELL YOU
THAT I Succefully ROOTED once... now i reflashed stock, I'l try to do it again and make a Working, .bat script. sorry for inconviniente..
I Was so drunk.
########################################################################
EDIT ::: First Non-Alpha Release.
http://www.mediafire.com/file/rhmimk5dojt492b/DirtyCow + Double SuperSu Injection.zip
########################################################################
after Running Security Disabler AND Disabling Reactivation LOCK:::
Samsung/Security Disabler.Bat
1) Here it is, Copy and paste this new Run_for_arm(complete).bat
Just run that root.bat in this .zip file
And then Run This one.
Warrior1988 said:
Anyway of making linux version? and maybe another option for dirtycow app_process32
Click to expand...
Click to collapse
Took me an week to Find DirtyCow.Exploit
Took me an 3 Days to Figure out how it works(still not quite shure)
Took me a Whole day to install Kali-Linux, but EVERYTIME i finish install. Password changes?
I have now Ubuntu 17.01 , and it is My First time.
You can Probably rename <root.bat >---> root.sh>
Since Most Commands are "echo"(Unix-Basic) and "adb"(Downloadable Library) which can be performed on both environement almost natively.
In Fact , If you have an: ROOTED-Arm64-Android-Device(Exemple : "LG G4 H812" ) ++ OTG CABLE
(((NOTE :: If you Have an ROOTED-Arm32-Android-Device INSTEAD:;
1) :: EITHER ::
---Modifie the STEP 2 script (Which is SUPOSED to work for EITHER ARM32 or ARM64)
((( TO instead use the "/Step 2/push_system/lib" :: INSTEAD OF :: "/Step 2/Push_system/lib64" )))
2) :: EITHER ::
---Copy the "/Step 2/push_system/lib" Folder FILES to "/Step 2/Push_system/lib64"
0); you can EASILY ROOT your NON Rooted Arm64-device :
(1) Plug your UNIX USB_Debugable_-_arm64.-device : to : OTG_Cable-Usb3_ >> _-_Rooted Android Device;
(2) install ADB from terminal or Github to your Rooted Android Device;
(3) Extract DirtyCow + Double SuperSu Injection.zip >> /storage/emulated/0/WORKFOLDER
(4) Extract /Step 0 / Step 1 / Step 1.5 / Step 2.0 / (No worryes They have Folders Named Accordingly in Every .zip)
(5) For Every "Step X" folder, Find and rename Root.bat >> Root.sh
(6) Execute the RENAMED root.bat >-> Root.sh ; FROM Android Terminal Emulator(Requires Root, or does it?)
#OR#
run the ADB's Manually, which links to supersu.cmds, WHICH runs .sh Scripts.....
Anyone actually get this to work other than the OP? I have a 920v sitting here rotting i would rather use since my note5 will never have root
Icetech3 said:
Anyone actually get this to work other than the OP? I have a 920v sitting here rotting i would rather use since my note5 will never have root
Click to expand...
Click to collapse
op is a noob
there is no root on devices with dm-verity enabled
you can't make any changes to /system making this useless
What i thought. no idea why i have any hope on these things thanks.
Legitsu said:
op is a noob
there is no root on devices with dm-verity enabled
you can't make any changes to /system making this useless
Click to expand...
Click to collapse
its not workble j3119 ,but device have RL, i already disable all knox pakgs,
is thery any method which can give us temporally root access for all androids ,samsung lg etc
I have been trying to figure out how to make the github source code to work.
Hello. Did this end up not working? I have a Samsung galaxy s6 att SMG920A. It's been impossible to root it seems. It has a locked bootloader from what I've been told but it's not locked to The service provider . That being said I've rooted successfully s5, j7, LG k7, LG 330, and a few others I can't recall . I'm as new as it gets but I'm learning fast. I rooted the s5 by flashing old versions of the s5 stock rom, bricking it and reflashing. I was told back then that it was impossible especially since it was from T-Mobile. I have been told the s6 7.0 att is impossible but I think impossible means lazy sometimes. It's still up and running and not bricked and I have flashed with Odin every stock rom I came across and a few twrp that claimed they would work. I thrown noencryptnoencrptverity files and every super su u app on play store, modded play store and the free store at it. I've tried using lucky patcher, Apk editor and every flasher app i could. I recently decrypted one of the recorded recovery and found that dirty cow is being used on this phone and because I'm a noobe and don't know what I'm looking at; I think this phone is or was possibly rooted; but I doubt it root checker says it's not. Then again I rooted and flashed my wife's j7 with custom note 8 rom and root checker also says it's stock and not rooted. How does that work? I have three Alcatel 5041c and they have custom builds from the factory? Anyways I'm head strong to figure out how to make this dirty cow work and hopefully be universal because I have a bunch of cheap phones id like to see the full potential on and all the Obama phones everyone is selling for dirty cheap. I would also like to add I tried kingroot, kingoroot, drfone toolkit, drfone root, superoneclick every adb command I could find and even the sites offering paid roots can't touch it. Recovery mode has an option to boot to bootloader but it only just starts the phone. I'm confused on that. Fastboot commands don't work on Samsung so what would booting to the bootloader be used for with a Samsung? I'm honestly surprised this phone doesn't have more info on it or people working on it together. It's an octacore with 64 gigs of space. It walks faster than my rooted LG runs AND would take both the rooted jay7 and LG combined in a speed test and has and it's stock I've also used a usb hub and and otg cable and was able to add 184 gigs of external with no problems. Last I would like to add I have the internal parts of another s6 that was damaged and is running an older version I had a backup that I can't seem to find anywhere.
does it work running G920VVRU4DRE1 ? I know that was the major concern and problem with all the other methods. I just was to verify so I dont brick my phone.
so glad i posted this couples years ago. btw i was 16 years old.
it still work tho for my sw900w8:armv7
idk why but the boot image in step 1.5 gives me root (in ADB, not SuperSU). DirtyCOW seems to be patched (I wrote my own exploit and it didn't work either). Where'd you get the boot image?????
Superseani2 said:
########################################################################
EDIT ::: First Non-Alpha Release.
#>>Download LINK <<#
http://www.mediafire.com/file/rhmimk5dojt492b/DirtyCow + Double SuperSu Injection.zip
########################################################################
######Screenshot's######
PROOF.SH <<--- Click-able --- <<<
Kernel + SEpolicy Informations <<--- Click-able --- <<<
Succesfully Granted Termux Root <<--- Click-able --- <<<
SuperSu is at Lastest V2.82 <<--- Click-able --- <<<
######PROOFS######
But Technicly this works on ANY Android , Tested on 5.1.1, 6.0.1, 7.0,
SM-G920V
My Bootloader is Locked/ Doesnt Exist?
I use FLashFire, which will be installed using this method, but i also used Official TWRP to understand how the S6 Bootloader IS Picky I will only Accept STOCK.
I SUCCESFULLY Booted in TWRP with FISHY... I was working on TEMP Recovery and i thought...(Useless because you cant MODIFY THE OS -_- else Bootloader trigger)
But how about Booting a ROM instead of TWRP?! So i am working on this right now, Currently have a WORKING METHOD For Lg G4 h812 and succefully Booted Custom ROM)
This(Dirty-Cow Exploit) also Worked for my LG G4 But with Different Security Disabling Methods(OEM UNLOCK), Bluestack, Ubuntu 16, My raspberry PIE.... Pretty much... ARM32/64... but there is one for EVERY arch anyway.
I wish you guys a GOOD root.... Not to Exploit the exploit.
Scan.rar :Note: IF This is INFECTED"... well i had no clue, i want to Declare that i have NOT inject any Virus, i just Found the files on a XDA and Slighty modified a Root-Tool and Merged it with another, Writed .bat to make it Function at least with VERIZON and ROGERS.
::::::::::::::::::::::::::::::::::::::::::::::I want also to Declare that IF IT IS INFECTED , PLEASE REPORT BECAUSE... i am RUNNING THIS on my phone.*facepalm*::::::::::::::::::::::::
https://www.virustotal.com/fr/file/...19598dfec975f6511e20ed70/analysis/1519884568/
6 / 58
Antivirus Résultat Mise à jour
Antiy-AVL Trojan/Linux.TSGeneric 20180301
Avast ELF:CVE-2016-5195-T [Expl] 20180301
AVG ELF:CVE-2016-5195-T [Expl] 20180301
CAT-QuickHeal Exploit.dirtycow.A18c7 20180228
ESET-NOD32 a variant of Android/Exploit.CVE-2016-5195.A 20180301
Ikarus Trojan.AndroidOS.Exploit 20180228
Download Link ::
http://www.mediafire.com/file/n2r3obszwkxf31n/Arm32-DirtyCow-MixSploit.rar
Click to expand...
Click to collapse
Modifying recovery to boot ROM go anywhere?