EvilZone
Hacking and Security => Mobile Hacking => Android => : iTpHo3NiX June 16, 2014, 01:29:57 AM
-
***[WARNING]***
Please know that this is detected as: Andr.Exploit.Ratc by some virus scanners. This is an exploit based off of Pinkie Pie's CVE-2014-3153 Linux kernel futex local privilege escalation. This is a linux system wide vulnerability. This can be used by other applications for malicious purposes, so please understand this
***[DISCLAIMER]***
Please know that I am not responsible for any damage this may cause your device
Rooting your android device has never been easier. This root method will work on most devices with a Kernel Build Date before June 03, 2014.
1. Please be sure to have USB Debugging enabled and Unknown Sources checked
-Go to developer options, if developer options not available (4.2+) you need to go into "About Phone" and keep clicking on Build Number (about 7 times) and Developer Options will be enabled. Unknown sources will be under "Security" in your devices options.
2. Download and Install towelroot
***UPDATE***
Geohot has updated towelroot to v3 which should root ALL android phones
-Visit towelroot.com or follow the link below
Download:
http://towelroot.com/tr.apk
3. Run towelroot and click on the symbol. In about 15 seconds your device will reboot. be rooted.
***UPDATE***
towelroot no longer requires a reboot, just run and then install supersu. Also you can now use SuperSU from the play store without issues.
the play store supersu has now been updated so it is recommended to install supersu through the play store
4. Before you download any root options, you need to download SuperSU from chainfire, the playstore version is outdated and will not update the binaries, please be sure to use the following link
Download:
http://download.chainfire.eu/447/SuperSU/UPDATE-SuperSU-v1.99r4.zip
https://play.google.com/store/apps/details?id=eu.chainfire.supersu&hl=en
5. After extracting SuperSU (I prefer ES File Explorer from the[/b][/color] Play Store (https://play.google.com/store/apps/details?id=com.estrongs.android.pop)) the SuperSU apk is in the "common" folder. Click on the SuperSU.apk to install. Run it and then reboot your phone.
6. (Optional) For root verification, install Root Checker from the Play Store (https://play.google.com/store/apps/details?id=com.joeykrim.rootcheck)
You are now rooted with the latest SuperUser binaries. Have fun.
Please note that this *WILL NOT* unlock your bootloader.
Confirmed Working Devices List:
- AT&T GS5
- Verizon GS5
- GS4 Active
- Nexus 5
- Verizon GS4
- AT&T Note 3
- Verizon Note 3
- Moto G
- Galaxy S3
Not Working Devices List:
- Newest Moto and HTC don't currently work because /system is write protected.
NOTE:
If you successfully use this Application, please post your Android Model, Version, and Kernel to help compile a larger working/non working list. If it did not work, a logcat (via abd) can be helpful in debugging why it didn't work. Please post that here, so I can update this post.
Geohot's Release Thread at XDA:
http://forum.xda-developers.com/showthread.php?t=2783157
Towelroot didn't root my device, what can I do?
Modstrings!
== Introducing modstrings! ==
Modstrings are a way to modify the exploit parameters for your obscure phone.
This is only if your device can't be towelrooted.
Click "welcome to towelroot v3" 3 times and enter text.
1337 method(0-3), align(0-1), limit_offset(0-8191), hit_iov(0-7), temp_root(0-1)
method: which syscall is used in the blocking thread, try them all
align: which alignment to use for the iovs, try them all
limit_offset: 0 is probably the right value here, otherwise close to the samsung value and a multiple of 4
hit_iov: which iov to overwrite to cause block
temp_root: do a temp root putting su and daemonsu in /sbin, good for HTC and Motorola, doesn't fix exploit
To fix, align and method are probably your best bet(4*2=8 values), hit_iov maybe, limit_offset if you are desperate.
== Examples ==
Most phones: "1337 0 1 0 4 0"
New Samsung: "1337 0 1 7380 4 0"
Temp root: "1337 0 1 0 4 1"
Updated on 6/27/14
-
Damn son, this works in like 5 seconds. Got root in about 10 seconds. Great work geohot, and thanks for the link DC.
-
Damn son, this works in like 5 seconds. Got root in about 10 seconds. Great work geohot, and thanks for the link DC.
Be sure to install the latest chainfire SuperSU so root apps can run around all willy nilly
http://download.chainfire.eu/447/SuperSU/UPDATE-SuperSU-v1.99r4.zip
Also this doesn't trip KNOX on Samsung devices and works like a charm. Currently running stock TouchWiz VZW klte (Galaxy S5) with Xposed Framework + XPrivacy + Pandora Patcher
I used ROM Toolbox PRO (JRummy Apps, actually paid for back in the day) and froze all the bloatcrap. I didn't want to freeze S Health, but for some reason it didn't play nice with their latest update...
*If you guys use this root method, put down your phone and kernel version and build date*
*If this doesn't work for you, post a logcat via adb so it can be debugged*
-
Ah cool, though doesn't your phone restore the su bin's at reboot?
-
Nope, I will post pics of proof of my root, and build etc.
I had it rooted before but it says something different now, and also shows more privileges. The binary is different than the previous root obviously but it takes priority, so my Root Checker and SuperUser apps both show the new su binary.
Also, 'id' is now correct, id=0 gid=0 etc etc.
-
Nope I use Xposed and su isn't going anywhere with my reboots
-
Too bad it didn't work for me. Tried on GalaxyS2 and some LG phone.
-
Too bad it didn't work for me. Tried on GalaxyS2 and some LG phone.
Logcat? Kernel version/build date?
-
This is the first time something has actually worked for my Moto G, thank you so much!
-
This is the first time something has actually worked for my Moto G, thank you so much!
Kernel Version and build date?
-
Hey man Thanks for sharing this!
I've being waiting for a quick rooting method like this :)
DeepCopy I'm only interested in running apps as root right now, but, what are the benefits of having manual access to the Android bootloader?
+1 for the the share :D
EDIT: sorry, build date and Kernel version will be posted once I get around to rooting
-
Hey man Thanks for sharing this!
I've being waiting for a quick rooting method like this :)
DeepCopy I'm only interested in running apps as root right now, but, what are the benefits of having manual access to the Android bootloader?
+1 for the the share :D
EDIT: sorry, build date and Kernel version will be posted once I get around to rooting
An unlocked bootloader gives you access to the bootloader, you can change boot animations, install a custom recovery and flash roms, etc. This can also be done if a safestrap is available for your phone if the bootloader is locked.
I can look into more info if you let me know the carrier and phone model to give you specific device files that would come in handy (like restore files, roms, safestrap/custom recovery)
-
DEVICE: GALAXY SAMSUNG S3
I just rooted my device in one-click, it didn't seem like a reboot with necessary for that step. When attempting to install Super SU my phone rebooted into a recovery mode menu and told me that the SuperSU installation failed, and then I chose to reboot it from the menu and it appears to be installed/working! Thanks Deep :D
-
Samsung Galaxy Tab 3 did not work. I haven't tried root the old way either, via an xda post. I seen the towel root has made it to reddit, so I'm sure patches are either soon or in the near future.
Kernel: 3.4.5
Android: 4.1.2
Galaxy Tab 3 model: SM T210R
-
Samsung Galaxy Tab 3 did not work. I haven't tried root the old way either, via an xda post. I seen the towel root has made it to reddit, so I'm sure patches are either soon or in the near future.
Kernel: 3.4.5
Android: 4.1.2
Galaxy Tab 3 model: SM T210R
CF Auto Root should work. It's chainfire's (recognized developer)
Do you have USB Debugging enabled? Did you use Root Checker to see if you have root? What's your kernels build date? WiFi or 3G model?
-
USB debugging is on.
Rootchecker said no root, also SuperSU says no binary is installed and that it can't install it.
Kernel: 3.4.5
SMP PREEMPT Tue Nov 5 13:27:47 KST 2013
Build number: JZO54K.T210RUEAMK1
WiFI model:
http://www.amazon.com/Samsung-Galaxy-7-Inch-Gold-Brown-Model/dp/B00D02AG7C/ref=sr_1_9?ie=UTF8&qid=1403400522&sr=8-9&keywords=galaxy+tab+3
-
I have the Moto G but I'm not ready to root it yet.. I see the Galaxy s3 is compatible, so should I assume that the Galaxy s2 would be too?
Actually, I'll just try it myself right now.
[EDIT] I just saw someone comment saying it didn't work on the s2.. I really should start reading into things more first
-
too bad it doesn't support no models of HTC as yet ...
-
USB debugging is on.
Rootchecker said no root, also SuperSU says no binary is installed and that it can't install it.
Kernel: 3.4.5
SMP PREEMPT Tue Nov 5 13:27:47 KST 2013
Build number: JZO54K.T210RUEAMK1
WiFI model:
http://www.amazon.com/Samsung-Galaxy-7-Inch-Gold-Brown-Model/dp/B00D02AG7C/ref=sr_1_9?ie=UTF8&qid=1403400522&sr=8-9&keywords=galaxy+tab+3
http://forum.xda-developers.com/showthread.php?s=93dd44c950f3afe5989361ff0c70a1b1&t=2437219
-Odin flash custom recovery
-Flash root to device via custom recover
;)
----------------------
BUMP
----------------------
Updated OP with new info
Changes:
*Towelroot no longer reboots
*Towelroot updated to v3 (I never posted v2)
*SuperSU can now be successfully installed from the play store without issues
*Towelroots latest update has modstring option to improve root across ALL android devices with a kernel build date before the vulnerability was patched (June 3rd, 2014)
So for those who have had it fail, try again, still fails, try other mod strings ;)
-
successfully rooted a friend's nexus 5..android ver 4.4.4..
-
http://forum.xda-developers.com/showthread.php?s=93dd44c950f3afe5989361ff0c70a1b1&t=2437219
-Odin flash custom recovery
-Flash root to device via custom recover
;)
----------------------
BUMP
----------------------
Updated OP with new info
Changes:
*Towelroot no longer reboots
*Towelroot updated to v3 (I never posted v2)
*SuperSU can now be successfully installed from the play store without issues
*Towelroots latest update has modstring option to improve root across ALL android devices with a kernel build date before the vulnerability was patched (June 3rd, 2014)
So for those who have had it fail, try again, still fails, try other mod strings ;)
Will try this in the next few days. I have a lot of other crap to tend to though. I'll be glad to rid it of Samsungs "preinstalled" apps though.
Fucking buy an 8GB device and have 4GB to work with cause of bloat... I don't even care about roms, I just want the space I paid for.
-
My device Fujitsu Arrows A201F does not work
build.id=V37R15J
release=4.1.2
kernel 3.4.0
-
My device Fujitsu Arrows A201F does not work
build.id=V37R15J
release=4.1.2
kernel 3.4.0
Read about the modstrings that I posted about it will work on every android before June 3 build date
-
Confirmed working on LG G2 LS980
Build ID/number: KOT49I.LS980ZVC/D
Release: 4.4.2
Kernel: 3.4.0
Happy happy rooting.
EDIT: new firmware update doesn't block root from tr.apk
-
Will try this in the next few days. I have a lot of other crap to tend to though. I'll be glad to rid it of Samsungs "preinstalled" apps though.
Fucking buy an 8GB device and have 4GB to work with cause of bloat... I don't even care about roms, I just want the space I paid for.
Update:
I didn't use odin per-say, since I use arch I used Heimdall (http://glassechidna.com.au/heimdall/) and ClockWorkMod.
TowelRoot didn't work and hasn't since they updated it. But Heimdall was painless enough.
-
Update:
I didn't use odin per-say, since I use arch I used Heimdall (http://glassechidna.com.au/heimdall/) and ClockWorkMod.
TowelRoot didn't work and hasn't since they updated it. But Heimdall was painless enough.
What model phone and firmware?
-
What model phone and firmware?
All of that info is in a previous comment in this thread.
-
All of that info is in a previous comment in this thread.
Ahh I forgot to check if you posted firmware in the thread. But it looks like maybe an update to your phone has blocked tr.apk from working. They inserted a nice bit of code that blocks the specific application from getting root. But if you have a older version the code is different, if you'd like to try that. Other than that, it looks like you have root anyway so it should't matter.
Happy rootin', Tex.
-
Ahh I forgot to check if you posted firmware in the thread. But it looks like maybe an update to your phone has blocked tr.apk from working. They inserted a nice bit of code that blocks the specific application from getting root. But if you have a older version the code is different, if you'd like to try that. Other than that, it looks like you have root anyway so it should't matter.
Happy rootin', Tex.
Yeah, no need for it anymore since Heimdall worked. I'm not really into mods or anything I just needed root so I could use my PS3 controller with it. Also dsploit is fun as shit.
-
dSploit is great for WiFi; I use it all the time, everywhere I go. I mostly rooted my device for the Hardening your Device guide on Torproject. Another reason was for ricing purposes which I think turned out pretty awesome.
-
Worked on a Telus Samsung Note SGH-I717D
- Android version: 4.1.2
- Kernel version: 3.0.31-1112295 se.infra@sep-116#1 SMP PREEMPT Thu Apr 4 15:51:05 KST 2013
- Build number: JZO54K.I717DTLMD1
with a modstring of: 1337 0 0 0 4 0
-
Ive seen one click root apk's for every version of Android right up to 4.1/4.2 but i cant find one for my i9300 international on jb 4.3, and as ive never rooted a phone before i wanted an apk rather than going the pc way, if i'd known beforehand i'd never of used the ota update to 4.3, i've tried everything from rootmaster to framaroot to poot, kingo, towelroot RSroot,to update-zip but none of them work, does anyone know any others that might root an i9300 international on jb 4.3 ?, suggestions would be appreciated.
-
Ive seen one click root apk's for every version of Android right up to 4.1/4.2 but i cant find one for my i9300 international on jb 4.3, and as ive never rooted a phone before i wanted an apk rather than going the pc way, if i'd known beforehand i'd never of used the ota update to 4.3, i've tried everything from rootmaster to framaroot to poot, kingo, towelroot RSroot,to update-zip but none of them work, does anyone know any others that might root an i9300 international on jb 4.3 ?, suggestions would be appreciated.
http://www.technobezz.com/how-to-root-samsung-galaxy-s3-i9300-on-android-4-3-jelly-bean/
CF Auto Root
-
Doesn't work on ZTE blade G. Android 4.1.2
-
Doesn't work on ZTE blade G. Android 4.1.2
Kernel build date? Have you tried alternate modstrings? The default is Samsung and may need to use alternate mod strings if the kernel hasn't been patched
-
Hey guys I'm having an issue rooting my Galaxy Discover--don't ask lol. Towelroot worked back when I had an S3 but it says that it isn't supported for SGH-S730M and my AV keeps flagging all of the files in the guides I found on google, any suggestions?
Thanks in advance :)
-
Hey guys I'm having an issue rooting my Galaxy Discover--don't ask lol. Towelroot worked back when I had an S3 but it says that it isn't supported for SGH-S730M and my AV keeps flagging all of the files in the guides I found on google, any suggestions?
Thanks in advance :)
XDA son
http://forum.xda-developers.com/showthread.php?p=50199236#post50199236
-
I was able to resolve the issue last night with some help from Factionwars, but thanks for posting nonetheless. I found that Kingo root is the only thing that worked-- and wasn't a trojan.
-
https://github.com/timwr/CVE-2014-3153
Here is some work on towelroot by my good friend Tim.
I could contact him with any questions you guys have about it, he knows his shit about this vuln.
He is working on getting it into metasploit:
https://github.com/rapid7/metasploit-framework/pull/4287
-
Re: lsD which version of S3 have you got ? I've got an I9300 international i used the ota to 4.3 jb (big mistake) and not only does towelroot not work but nor does the other 5 or 6 others ive tried, i've never rooted before so im not confident enough to go flashing roms etc im trying to find a "one click" rooting app for my I9300 4.3 jb but have had no luck at all up to now.
-
Try using the newly landed metasploit module for it:
exploit/android/local/futex_requeue
https://github.com/rapid7/metasploit-framework/commit/af405eeb7dcd555cd6ef31cd8dbc225780c72a40
https://github.com/rapid7/metasploit-framework/pull/4287
If your phone is vulnerable, it will work.
-
Jim, you could try what I did when I found towelroot is useless. http://forum.xda-developers.com/verizon-lg-g3/general/root-easiest-to-root-lg-g3-t2883089