Related
Anyone have or know where I can download the telnetd binary for Android? I think I might have a way to get root privileges on the Samsung Moment...and if it works, I see no reason why it wouldn't work on the Hero.
Just need that darn telnetd binary and any of the support files so I can install it into my phone (as long as the root exploit works.) It's running Android 1.5 btw if that makes a difference.
Why not ssh?
Download dropbear
telnet is an open invitation to get hacked, since the connection is not encrypted.
I know telnet is not encrypted...that's why I'll turn off the radio and enable wifi when I do this.
I was on the IRC (#android-root on freenode) and was pointed in the direction of JesusFreke's build environment, in which (s)he has built a veritable ****-ton of ARM binaries that are *extremely* useful.
http://jf.andblogs.net/2009/05/24/jfv151-images-are-out/
I found JFV1.51 CRB43 US BuildEnvironment (1324) to be particularly useful. Once extracted, I found binaries for a very full busybox, and a few dozen other useful goodies, including telnetd.
From the extracted tar, the binaries are under 'Build/System/ModifiedFiles/xbin'. adb push them to /data/local on the device, then call them via adb shell.
Example:
With device connected, and with the Android SDK installed and in your PATH:
Code:
# tar xvf JFv1.51_CRB43-US_BuildEnvironment.tar.gz
# cd Build/System/ModifiedFiles/xbin
# adb push <program of your choice> /data/local
# adb shell
# /data/local/<program of your choice>
Just out of curiosity...what is your hunch for getting root on the Moment?
@gargarxp - Thanks for the info!
gargarxp said:
Just out of curiosity...what is your hunch for getting root on the Moment?
Click to expand...
Click to collapse
I was looking through all of the recent kernel privilege level escalation reports, and ran across this one:
http://seclists.org/fulldisclosure/2009/Nov/105
It works on kernels up to 2.6.31...which the Moment runs 2.6.27. My plan is to use an Android app to execute this exploit contained in a native executable (which I have confirmed I can execute native code), which will then trigger a shell script I will write to copy the telnetd files into the proper places and start the service as root. From there, I'll telnet in...see if the root user has a password...and go from there.
Actually, if you get this to execute as root, the procedure from there is fairly simple.
From my understanding, the other root exploits have a singular goal: to gain a root shell for the purpose of creating a suid su for the system to use to gain root in the future. From the CDMA Hero process, once a root shell is gained:
Code:
# mount -o remount,rw -t rfs [COLOR="Red"]/dev/stl5[/COLOR] /system
# cd /system/bin
# cat sh > su
# chmod 4775 su
They:
Remount the /system fs as read-write
Go to the /system/bin directory
Copy sh to (a new) su
Set the permissions on that to 4 (SetUID) 775 (User-Group: RWX, Other: RX)
* The bit in red is what I observed the device mounted to /system to be on my Moment. I obtained this information by running adb shell mount and seeing what /dev device was next to /system. Should be the same for every Moment, but the procedure is useful for any Android (or Linux for that matter) device.
Once this is done, any user executing this su will do so as the user/group that the owns executable, which in this case is root:shell.
So, via this method, if you can manage to get a root shell on *any* Android device, bada bing bada boom: rooted.
...At least that is my understanding of it all.
Well...the problem is I can't get my Moment connected to my computer to run adb. I'm on Windows 7 64-bit...and the drivers won't load...and Samsung's PC Studio won't install properly. So, I found source code online for executing native code via an Android app...which should work to execute the native exploit.
And you'll have to excuse me...I've been using Linux for the past 10 years...programmed some projects on the platform...but this is pretty much my first time developing on Android.
Oh no problem at all. Frankly, I'm being overtly descriptive so as to make this post useful to the community in general and not be Moment-specific. I don't wish to encouter the ire of the XDA mods Just trying to do a public service.
So, do you have an ARM binary of the exploit built already (ImpelDown.c)? And if so, could you post a link to download it? I've never cross-compiled before and am currently going 10 rounds with gcc and the android-2.6.27 source tree.
Thank you! I know...it's kinda risky for me posting stuff about the Moment in an XDA forum...but I figure this could help the Hero efforts as well...and XDA was so good to me back when I was using my DIAM500...I wanted to contribute something back.
I'm still trying to get my cross-compiler built. I initially started out with Cygwin and a tool for building a cross-compiler...but that went horribly wrong...tons of compiler errors. I attempted to use Scratchbox on OpenSuse 11.2...but Scratchbox wants to run on a Debian system...ugh...haha.
And as I was typing my response to you...I decided to Google for "arm compiler windows" and found http://www.gnuarm.com/
But rest assured...once there's a working binary...I'll upload it here.
From the Gnash project's dev wiki....
http://wiki.gnashdev.org/Building_for_Android
They raise some issues with using a standard cross-compiler (GNUARM uses Newlib, which isn't the Android libc implementation Bionic...which is apparently a problem)
I grabbed the toolchain they link to on the page and am trying that.
Yeah...I found that out as well after I installed gnuarm...
I also just loaded the native toolkit.
Well gargarxp...I compiled it...ran it...didn't work. I'm going to try another one tomorrow.
I updated busybox in /system/xbin but still see the old busybox revision when I type busy box at the ADB shell prompt, I found:
/sbin # ls -l busybox
lrwxrwxrwx 1 root root 8 Aug 17 01:35 busybox -> recovery
looks to be a link to busybox in recovery, I cannot get to recovery..
Any ideas if that actually belongs there?
Files from /sbin are not in the path for Android, just in recovery.
That particular recovery is a different version.
If you just type busybox from a terminal, it should give a correct version.
If not, check /system/xbin or /system/bin, because you have an old version somewhere...or never updated like you thought.
adrynalyne said:
Files from /sbin are not in the path for Android, just in recovery.
That particular recovery is a different version.
If you just type busybox from a terminal, it should give a correct version.
If not, check /system/xbin or /system/bin, because you have an old version somewhere...or never updated like you thought.
Click to expand...
Click to collapse
Now that our NAND is (relatively) unprotected, can I use Stericson's busybox installer to place a copy that will be accessible anytime I use ash via adb or terminal, or do I (can I) simply push busybox to /system/bin to make it a native part of android's command path? OR, do I have to use ~/xbin like the OP? It seems until we got S-OFF, busybox commands rarely pointed back to busybox automatically, I always had to spell-out "busybox" as a prefix, unlike my G1, where all ROMs after a while had busybox installed natively, from /system/bin, I assume.
thanks for advice in advance
Yep, you can use his installer on the market just fine.
adrynalyne said:
Files from /sbin are not in the path for Android, just in recovery.
That particular recovery is a different version.
If you just type busybox from a terminal, it should give a correct version.
If not, check /system/xbin or /system/bin, because you have an old version somewhere...or never updated like you thought.
Click to expand...
Click to collapse
Thank you, everything is working busybox 1.15.3 is loaded, for an added measure I ran permissions.
can someone please post DETAILED isntructions to put froyo or gingerbread youtube app thing on samsung epic 4g. ive tried so many time and cant do it. and i delted the stock youtube app with titanium but cant install the other app and i dont wanna pay for root explorer cuz idk if its gonna help at all. i tried using the cmd promt but it says permission denied everytime and it also says adb is not recognized as an internal storage.. PLEASE SOMEONE HELP MEEE I DONT HAVE A YOUTUBE AP AT ALL NOW!!!!!
betterment66 said:
can someone please post DETAILED isntructions to put froyo or gingerbread youtube app thing on samsung epic 4g. ive tried so many time and cant do it. and i delted the stock youtube app with titanium but cant install the other app and i dont wanna pay for root explorer cuz idk if its gonna help at all. i tried using the cmd promt but it says permission denied everytime and it also says adb is not recognized as an internal storage.. PLEASE SOMEONE HELP MEEE I DONT HAVE A YOUTUBE AP AT ALL NOW!!!!!
Click to expand...
Click to collapse
The new YouTube.apk just needs to be placed in '/system/app'. What I did was remove the original YouTube.apk and put the new one in its place and voila. Here is the method adapted for Windows (I think it's all right for Windows). This is also assuming you rooted with a one click root that included the remount script and that you have adb on your computer (the one click rooter should have adb included with it).
1. in the cmd prompt, go to the folder where you have adb and type:
Code:
adb.exe shell
2. inside shell:
Code:
$ su
# remount rw
# mkdir /sdcard/backup
# cp /system/app/YouTube.apk /sdcard/backup
# rm /system/app/YouTube.apk
# exit
$ exit
3. now in the cmd prompt again:
Code:
adb.exe push \path\to\YouTube.apk /system/app
4. Reboot the phone.
gremlyn1 said:
The new YouTube.apk just needs to be placed in '/system/app'. What I did was remove the original YouTube.apk and put the new one in its place and voila. Here is the method adapted for Windows (I think it's all right for Windows). This is also assuming you rooted with a one click root that included the remount script and that you have adb on your computer (the one click rooter should have adb included with it).
1. in the cmd prompt, go to the folder where you have adb and type:
Code:
adb.exe shell
2. inside shell:
Code:
$ su
# remount rw
# mkdir /sdcard/backup
# cp /system/app/YouTube.apk /sdcard/backup
# rm /system/app/YouTube.apk
# exit
$ exit
3. now in the cmd prompt again:
Code:
adb.exe push \path\to\YouTube.apk /system/app
4. Reboot the phone.
Click to expand...
Click to collapse
ok i get to remount rw but the when i type in the nect code it says
mkdir falied for /sdcard/backup read-only filesystem
I install it using terminal emulator.
All I do is type
Su
#rm /system/app/YouTube.apk
#cp /sdcard/DirectoryWithTheYoutubeApp/YouTube.apk /
system/app
Or after you rm, just use the "My Files" app and go on your sdcard and click YouTube.apk and it'll install and work fine. But remember to sign out of youtube before you close it by going to your page and clicking sign out or else it'll keep force closing after you start it up.
I hope I helped...
Sent from my SPH-D700 using XDA App
you guys are gonna freaking kill me. ALL THE TROUBLE I WAS HAVING WAS BECAUSE I HAD MY SDCARD MOUNTED THE WHOLE TIME I WAS TRYING TO DO THIS THE MINUTE I TRIED IT WITHOUT IT BEING MOUNTED IT WORKED...IM SO DUMB!!!!! LOL BUT THANKS FOR THE HELP ALL OF U!!!!!! U GUYS ROCK!!!! N SO DOES THE NEW UTUBE APP .....BTW I UNDERSTAND UR NOT SUPPOSED TO SIGN IN TO IT RIGHT???
I just uninstalled the original, put the modded youtube.apk in the SDX backup folder and installed (restored) it with SDX stock app remover. Simple, fast and no typing required.
Glad you got it worked out though.
me 2!!! this app rocks
Glad it's working! Having the SD card mounted while trying to adb is a common mistake and always a good first troubleshooting check.
THIS GUIDE NO LONGER WORKS BECAUSE ANDROID ISN'T WHAT IT USED TO BE BACK IN 2013-14.
PLEASE STOP WASTING TIME TO FOLLOW THIS OBSOLETE METHOD 1. PLEASE REFER ONLY TO METHOD 3
The Ultimate Guide to Rooting any Android Device Manually !!!!
Wanting to ROOT Your Phone but can't do Because Of No rooting Guides or want to learn to root any device ? Then , This Guide Is For YOU
OK So lets start....
**What You Need**
1.Your Unrooted Android Device.
2.ADB Drivers Installed On Your PC. If you Don't Have Download From Here :
Code:
adbdriver.com/
3. The Most Inportant Root Kit Made By Me (N'ayam Amarsh'e) - Download From The Attachment.
4.Strength And Courage 'Coz Rooting Voids Your Warranty... If You have a samsung device then Don't Worry Your warranty is gone forever... But if you own any other, maybe you can void it or maybe......
I've Written Android Device as ADV to make it more easy....
**Steps**
So you have the adb drivers installed let's go....
1. Open The root kit by Extracting The Rootkit with WinRAR....
2.Turn 'USB DEBUGGING' 'ON' in your ADV...
3. Connect your ADV to Your PC...
4.In the root kit Open Cmd.exe File ... [ IF YOU CAN'T OPEN CMD, GOTO C:/WINDOWS/SYSTEM32/ COPY CMD .EXE TO YOUR ROOTKIT FOLDER]
5. In CMD window Type the following command...
Code:
->adb devices *Your device will get listed in the window if it doesn't check your adb drivers or if you have followed the steps properly...
->adb push busybox /data/local/tmp
->adb push su /data/local/tmp
->adb push Superuser.apk /data/local/tmp
If you Succeed Move On ...
6.Then You need Root Shell Type :
Code:
adb shell
Note that you see a "$" sign in the command prompt. That means you are not in 'su' shell.
7.Next run the following commands in the shell to change permissions and get some limited privileges for the Superuser files:
Code:
->chmod 6755 /data/local/tmp/su
->chmod 755 /data/local/tmp/busybox
->chmod 644 /data/local/tmp/Superuser.apk
{Note}The names of the files are case sensitive!
8.Done ? Now You need to open a copy of linux which has nautilus... So enter your linux (I recommend using ubuntu 11.4) and type in the terminal (ctrl+alt+T)
Code:
->sudo nautilus
this will open nautilus with root privileges...
You can just boot it from USB so no hassle of installing it... http://www.cyberciti.biz/tips/download-ubuntu-linux-11-04-iso-cd-dvd-images-natty-narwhal.html
Having your ADV connected with USB to PC switch it off and put it in download/recovery mode...
superlouro said:
DEVICE OFFLINE?
! SOLUTION ! (click me)
Click to expand...
Click to collapse
9.In The Exploring Window navigate to
Code:
/data/local/tmp
and move/cut 'su' and 'busybox' to
Code:
/system/bin
...
10.From the tmp Folder you went earlier Move/cut 'Superuser.apk' to
Code:
/system/app
11.Now Reboot You ADV ... Congrats ! You're now ROOTED !
Many Users Are Having Problem with This Method, If you can't do the method 1. Try Method 2.
METHOD 2
PLEASE DON'T ASK ME ABOUT THIS METHOD, THIS IS JUST FOR A TRY, MY BROTHER FOUND THIS METHOD TO BE WORKING, I HAVEN'T TRIED IT YET!
This is linux based method, It's quite easy if you follow every step correctly...
You need to download psneuter, https://github.com/tmzt/g2root-kmod/tree/master/scotty2/psneuter
When you have it execute the following...
Code:
adb devices
Code:
adb push psneuter /data/local/tmp
This will copy the file to your device and now we'll execute it..
Code:
adb shell
cd /data/local/tmp
chmod 777 psneuter
./psneuter
Now You'll see
Code:
adb kill-server
adb devices
adb shell
now # will appear in place of $, or after typing $su.
Code:
# mount -o remount,rw -t rfs /dev/block/st19/system
# exit
$ adb push busybox /system/bin
$ adb push su /system/bin
$ adb install Superuser.apk
$ adb shell
# chmod 4755 /system/bin/busybox
# chmod 4755 /system/bin/su
# mount -o remount,ro -t rfs /dev/block/st19/system
# exit
$ adb reboot
Now your device will reboot and you can see SuperUser App in your app drawer...
----------------------------------------------------------------------
METHOD 3
There is no chance of the phone not getting rooted with my method but If you don't want to do the above methods, Try these, I'm pretty sure they will root your device with ease...
1. Framroot App [Not On Google Play]-http://forum.xda-developers.com/apps/framaroot/root-framaroot-one-click-apk-to-root-t2130276
2.KingoRoot App - www.kingoapp.com
3.One Click Root Free/Pro (My Favorite app, roots many devices with No-Brick Guarantee) - www.oneclickroot.com
4.Root Master App - forum.xda-developers.com/showthread.php?t=2672150
5.z4root App - http://forum.xda-developers.com/showthread.php?t=833953
6.Easy rooting toolkit App-http://forum.xda-developers.com/showthread.php?t=1321582
7.Vroot Software - http://vrootdownload.info/ or http://www.mgyun.com/en/getvroot
8.SRSRoot Software - http://www.srsroot.com
9.Unlock Root Software - http://www.unlockroot.com/download.html
10.Universal Androot App - forum.xda-developers.com/attachment.php?attachmentid=391774
ONLY FOR MTK DEVICES- MTK DROID TOOLS- http://forum.gsmhosting.com/vbb/f60...3-2014-imei-repair-rooting-tool-more-1780568/
HOPE THESE WILL DO....
Press Thanks To appreciate me to Work On Other Guides And Roms....
Your Appreciation Is Needed...
And This GUIDE IS Originally By N'ayam Amarsh'e
I have any error. Device is offline.
---------- Post added at 09:13 AM ---------- Previous post was at 09:02 AM ----------
uukasz92 said:
I have any error. Device is offline.
Click to expand...
Click to collapse
Problem solved i download another adb drivers and work fine
In /UserData/local/tmp i only have one file "directory" and nothing else. It's look like something block the data folder.
uukasz92 said:
In /UserData/local/tmp i only have one file "directory" and nothing else. It's look like something block the data folder.
Click to expand...
Click to collapse
that means you have not properly pushed the files into the directory.... Try installing adb drivers again and do the same steps...Good luck
When you open cmd just type ' adb devices' if your device gets listed then you can start if it doesn't check your drivers...
After uinstall all adb drivers and phone drivers comand prompt shows me a device code and status ofline. At the begining i install atached to therad package of adb drivers. But lately some where in Internet I find some update package of adb drivers. And there was the same sort of files like in your package. I put them there and replace and after that adb shows the device is working and status is online but your guide still does not work. Question is where is real problem ? I checked and Debug Mod is on, drivers are installed.
Try this , download android commander and try to copy the busybox , su and superuser to data/local/tmp
N'ayam Amarsh'e said:
Try this , download android commander and try to copy the busybox , su and superuser to data/local/tmp
Sent from my Mi-492 using xda app-developers app
Click to expand...
Click to collapse
I used the same files in android commander because program can't finde my device to.
Which phone you have.... Try to download its original drivers this might help...
I using Samsung Galaxy Grand Neo (GT-I9060) Jelly Bean 4.2.2
Now is working. But how to move "su" and busybox into system/bin ? Android commander says " You need root to do this." when i try to copy does files into system/bin. Folders are protected and I dont have premission to do anything with them.
uukasz92 said:
I using Samsung Galaxy Grand Neo (GT-I9060) Jelly Bean 4.2.2
Now is working. But how to move "su" and busybox into system/bin ? Android commander says " You need root to do this." when i try to copy does files into system/bin. Folders are protected and I dont have premission to do anything with them.
Click to expand...
Click to collapse
Sorry I forgot that Android Commander works only for rooted phones... Silly Me...
OK you will need to do it with Droid Explorer
OR
linux and in the linux you'll have to type 'sudo nautilus' it'll open it with root privilages...
N'ayam Amarsh'e said:
Sorry I forgot that Android Commander works only for rooted phones... Silly Me...
OK you will need to do it with Droid Explorer
OR
linux and in the linux you'll have to type 'sudo nautilus' it'll open it with root privilages...
Click to expand...
Click to collapse
And in your guide need little correct. In step 9 should be /data/local/tmp not /UserData/local/tmp. Does are two diffrent folders. And before I think I do something wrong when all files be already on right place
Droid Explorer cant change folders premission too. Command prompt says : Read-only drirectory. I don't know what to do now.
uukasz92 said:
And in your guide need little correct. In step 9 should be /data/local/tmp not /UserData/local/tmp. Does are two diffrent folders. And before I think I do something wrong when all files be already on right place
Click to expand...
Click to collapse
thanks.... Guide is updated now
Good 1 helped alot
harmeet singh said:
Good 1 helped alot
Click to expand...
Click to collapse
I am happy that I helped....
Hi! First thank you for that guide. I rooted several devices but with a noname(10.1" A10 dual core) china tablet I have some problems so I hope your solution works.
I have some problems/questions:
1. Step 5: Are you sure it's:
Code:
adb push su /data/local/tmp
instead of
adb push su /data/local/tmp[B][SIZE="5"]/[/SIZE][/B]
I'm currently not able to look at the data folder but if I change the directions e.g to /test/local/tmp it just creates a "tmp" file and overwrites the file with every push command.
2. Step 6: If it's a $ it's not rootet, what should be there if it's rooted? I have a # there. Rootchecker says it's rooted since the beginning, but I cant access with superuser/supersu etc.
3. Step 8 doesn't work. I use a virtual box with ubuntu 13.10(Stinson: new is always better?) for the first time. With "sudo nautilus" I get the message that root access is not granted(failed to register client). I used "gksudo nautilus" instead... does that matter?
4. I can't connect my device to the virtual box. I tried to add the usb device but didn't work. USB Developer Android[0223] is in virtual box connected. However, I dont know where to find it in ubuntu. I'm a ubuntu noob sorry :/
5. Is there another way to get rw permissions?
Thanks in advance :good:
thankyou for information i think is hard for me
Very nice, ty
Humbel said:
Hi! First thank you for that guide. I rooted several devices but with a noname(10.1" A10 dual core) china tablet I have some problems so I hope your solution works.
I have some problems/questions:
1. Step 5: Are you sure it's:
Code:
adb push su /data/local/tmp
instead of
adb push su /data/local/tmp[B][SIZE="5"]/[/SIZE][/B]
I'm currently not able to look at the data folder but if I change the directions e.g to /test/local/tmp it just creates a "tmp" file and overwrites the file with every push command.
2. Step 6: If it's a $ it's not rootet, what should be there if it's rooted? I have a # there. Rootchecker says it's rooted since the beginning, but I cant access with superuser/supersu etc.
3. Step 8 doesn't work. I use a virtual box with ubuntu 13.10(Stinson: new is always better?) for the first time. With "sudo nautilus" I get the message that root access is not granted(failed to register client). I used "gksudo nautilus" instead... does that matter?
4. I can't connect my device to the virtual box. I tried to add the usb device but didn't work. USB Developer Android[0223] is in virtual box connected. However, I dont know where to find it in ubuntu. I'm a ubuntu noob sorry :/
5. Is there another way to get rw permissions?
Thanks in advance :good:
Click to expand...
Click to collapse
For Your First Answer You Need not to worry /tmp and /tmp/ are the same...
2.Have you tried typing 'adb shell' then ' su ' if yes there's your solution.... If not then you have problem with su binary or busybox....
3.You have an Ubuntu 11.4 .iso file so burn it to a blank disk and boot your live disk .... It should be all right then...
4.Answer in 3....
5.Answer in 3....
6.Press Thanks if I helped...
bro im confused wt to do exactly in that sudo ... step pls give a brief explaination
Hi all
I have read many threads with similar issue, then this my way how to fix it.
Ie: Folder mount app, which make reboot the phone after we mount a folder.
Just add this line to this file : /system/etc/install-recovery-2.sh
If the file is missing, just create it.
Requirement:
on JB 4.3
superSU atleast v200 installed
busybox installed, got it from Playstore, ie: Busybox X,
Code:
#!/system/bin/sh
pkill -f /sbin/ric; mount -o remount,rw /; chmod 644 /sbin/ric
#just to make sure ric is killed
pkill -f /sbin/ric
How to:
You better know than me. but here my way.
if your phone reboot after you touch mount rw in root explorer then adb or terminal emulator is your friend
remount rw system, make the file, then push/copy to target directory, and set correct permission , chmod 755 install-recovery-2.sh
done.
.
This thread lacks a lot of info. You just forgot to cite you must have busybox installed and that this line should be put in install-recovery-2.sh if running Android 4.3 firmware to avoid conflicts with daemonsu...
conclusion:
You didn't search enough
mbc07 said:
This thread lacks a lot of info. You just forgot to cite you must have busybox installed and that this line should be put in install-recovery-2.sh if running Android 4.3 firmware to avoid conflicts with daemonsu...
conclusion:
You didn't search enough
Click to expand...
Click to collapse
Hi mbc07,
i have put the line in that file and of course is work. never get reboot again. i have read the note by superSU in that file too.
but iam forgot to cite the busybox, and i have busybox installed.
but hey thanks, i edited the OP.