One Click Root Based on Defcon Android Exploit

[benzilla]

Anyone know anything about this?:

Kanru's

[ATTDroids]

[Emcee]

I don't know, but I think the Backflip is too different from other Androids for a "one size fits all" program to hack.

[thavidu]

Its the same 'exploid' hack thats mentioned in the other thread, the guy in the link you posted just wrapped it into an apk you can install instead.
Doesn't work on backflip as we don't have /etc/firmware, but i think other people are looking into finding other places in android to use the same -sort-of- exploit

[gir489]

Code:

C:\android-sdk-windows\tools>adb.exe install  RootDroid-release.apk
* daemon not running. starting it now *
* daemon started successfully *
1108 KB/s (45400 bytes in 0.040s)
        pkg: /data/local/tmp/RootDroid-release.apk
Failure [INSTALL_FAILED_OLDER_SDK]

C:\android-sdk-windows\tools>

1.5 nonsense.

[Dbagjones]

Just curious if maybe some sort of exploit can be done using an app that already has some kind of root priviliges. Maybe something along the lines of the PDF exploit that was used to jailbreak the iPhone? Is there an inherent vulnerability we can make use of?

Just a thought...

[Karl Marx]

Is there an inherent vulnerability we can make use of?

Unlikely...

I don't know too much about IPhones, but an exploit through the pdf reader either means that the pdf reader had root access as mentioned (never going to happen in android), or it was simply a vector to get their code running, to then activate a further kernel exploit.

I believe the second is far more likely; and doesn't help us as 1: we can already run our own programs, without having to hijack the existing ones, and 2: we still need a kernel exploit.

If anyone wants to try this route though, you'll need a list of android apps/ native binaries with root access, and you'll need to download their source and start studying them. You'll need to find some way to pass the running app data, and then find some way to structure that data in a way to hijack the process, i.e. classic buffer overflow, etc.

[Kid Zew]

Doomsday scenerio by Kid Zew

H'okay, so like there are these motorola spies, and they are lurking through our forums as we speak (hypothetical of course) and they are getting tired of everyone asking for root, motorola and android and att are like, "OMG f-ing n00bs, get over yourselves and root, we are never giving it to you, so we takes away your roots. Now all your roots are belong to us, bwahahaha." and they stop over the air updates to all motorola backflips, and they stay in 1.5 forever!!!! D:

*Knocks on wood*

I also don't think rooting the backflip will be as easy as *Click* but I am certain that it will happen, the things we build can't be smarter than we are, so it's only a matter of time before someone is smarter the people that made it. :]

[Joe Coolcool]

Doomsday scenerio by Kid Zew

H'okay, so like there are these motorola spies, and they are lurking through our forums as we speak (hypothetical of course) and they are getting tired of everyone asking for root, motorola and android and att are like, "OMG f-ing n00bs, get over yourselves and root, we are never giving it to you, so we takes away your roots. Now all your roots are belong to us, bwahahaha." and they stop over the air updates to all motorola backflips, and they stay in 1.5 forever!!!! D:

This is most likely what's happening as we speak...

[gir489]

The Chinese backflip got rooted and it is the same exact phone with Android 1.5.

http://modmymobile.com/forums/406-mo...-backflip.html

[iTylerA]

I don't se how the chinese basilio getting rooted holds any significance for us. As far as I know, it uses different firmware. But I am interested in this one click method because the droid x had one and it came out after the backflip. One would think that it would have been HARDER to root not easier.

(Realizes how much he loves swype)

Sent from my MB300 using Tapatalk