Full Disclosure mailing list archives
Re: debugfs exploit for a number of Android devices
From: Alexander Pruss <arpruss () gmail com>
Date: Sat, 1 Sep 2012 16:33:47 -0500
On Wed, Aug 15, 2012 at 8:10 AM, Dan Rosenberg <dan.j.rosenberg () gmail com> wrote:
The sane way to exploit this is to make /data shell-writable, and create or modify /data/local.prop to contain the string "ro.kernel.qemu=1", which causes ADB to retain root privileges rather than dropping to user "shell" since this property convinces it that the device is the emulator. Using debugfs to modify the filesystem is completely unnecessary and potentially destructive.
Actually, it looks like it's not quite so easy as editing /data/local.prop. My wife just got an Epic 4G Touch with ICS, and it looks like they put ro.kernel.qemu=0 in /system/build.prop, which makes any ro.kernel.qemu=1 setting in /data/local.prop get completely ignored. That's a nice and simple way of getting around many ways of gaining root. I may break down and use debugfs. :-( Alex -- Alexander R. Pruss arpruss () gmail com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: debugfs exploit for a number of Android devices Alexander Pruss (Sep 02)