One click root with impactor now works. Works on <4.3. No need for unlocked bootloader. Does not wipe data.
http://www.saurik.com/id/17
Copy over the superuser.apk and the such binary onto your phone, then use the MV command to move it to /system/app and /system/xbin respectively.
Beamed from my Grouper
Mach3.2 said:
Copy over the superuser.apk and the such binary onto your phone, then use the MV command to move it to /system/app and /system/xbin respectively.
Beamed from my Grouper
Click to expand...
Click to collapse
What should the permissions on each be?
EDIT: Can you alternatively only push the su binary and download superuser from gplay?
krackers said:
What should the permissions on each be?
EDIT: Can you alternatively only push the su binary and download superuser from gplay?
Click to expand...
Click to collapse
If the binary is wrong, the one from play store may not work.
Permission should be rw-r-r(0644) for the su.apk and rwsr-sr-x(0645) for the su binary.
Beamed from my Maguro.
I tried it myself and while it appears that commands do run, they don't appear to work. I think it might have to do with running as system vs running as root. Why else would saurik use an indirect method of gaining root (using ro.kernel.quemu) as opposed to directly pushing the su binaries.
krackers said:
I tried it myself and while it appears that commands do run, they don't appear to work. I think it might have to do with running as system vs running as root. Why else would saurik use an indirect method of gaining root (using ro.kernel.quemu) as opposed to directly pushing the su binaries.
Click to expand...
Click to collapse
This is correct: sometime in the Android 4.1 release cycle, they removed the ability to use /data/local.prop as an attack vector to go from system->root. The signature bug lets you modify the code of any APK, but the most powerful user an app can ever run as is system, not root.
However, in an update to Impactor today, I've added a system->root escalation. This allows one-click rooting, and even though the system->root I'm using has already been patched in AOSP (the idea was not to waste something to go along with a shell->system that is already long burned) it works on my 4.2.2 Nexus 4 (and so I'd imagine will also work fine on a Galaxy Nexus) as Android sucks at getting patches to real devices ;P.
Using Impactor on my Panasonic Eluga dl01 does somehow not work.
(Android 4.0.4)
I get following error message:
/data/local/tmp/impactor-6[3]: /data/local/tmp/impactor-4: Operation not permitted
I also tried and played around with the command line in Impactor.
"adb devices" won't list my phone
But when I use the adb from the current Android SDK I just installed, it will display my phone with "adb devices".
I also downloaded a ICS 4.04 root zip file with a script and adb files inside. When using that adb version, my phone won't be displayed too. Now when I run adb from the android SDK, it will say something like "server is outdated" then something like "kill and restart with new server" --> "adb devices" lists my phone correctly again.
May be the adb version used in Impactor is outdated and responsible for the error message?
I would really appreciate any help with this topic, because the Panasonic Eluga phone was never rooted until now and no known root method is available. I always kinda hoped that someone would use the masterkey thing to make a universal rooting tool
saurik said:
This is correct: sometime in the Android 4.1 release cycle, they removed the ability to use /data/local.prop as an attack vector to go from system->root. The signature bug lets you modify the code of any APK, but the most powerful user an app can ever run as is system, not root.
However, in an update to Impactor today, I've added a system->root escalation. This allows one-click rooting, and even though the system->root I'm using has already been patched in AOSP (the idea was not to waste something to go along with a shell->system that is already long burned) it works on my 4.2.2 Nexus 4 (and so I'd imagine will also work fine on a Galaxy Nexus) as Android sucks at getting patches to real devices ;P.
Click to expand...
Click to collapse
Do you need to have an unlocked bootloader for the root exploit to work? I am hoping to get root without having to wipe the device by unlocking.
To the poster above me: Try using a different computer and if that doesn't work, switch operating systems.
krackers said:
Do you need to have an unlocked bootloader for the root exploit to work? I am hoping to get root without having to wipe the device by unlocking.
Click to expand...
Click to collapse
That's the whole point in securing Android, not that people have easier ways instead of unlocking a device.
Tested and works great. I now have root. Yay!
Does it show any of the problems that chainfire's superSU 1.41 shows?
Sent from my Galaxy Nexus using xda app-developers app
The root exploit only places the su binary and sets the right permissions. You can use any root manager you want (I used clockworkmod's superuser app).
mercuriussan said:
Using Impactor on my Panasonic Eluga dl01 does somehow not work.
(Android 4.0.4)
Click to expand...
Click to collapse
The feature of installing su will not work on every device: a lot of emphasis is put on "rooting" Android devices, but on many devices even root can't do things like modify the files in /system; I'd use the term "jailbreak" as to being what people really want to do with their device, but Android people seem to have that term ;P. What this means is that you really need a kernel exploit, not just a shell->system->root escalation.
mercuriussan said:
I get following error message:
/data/local/tmp/impactor-6[3]: /data/local/tmp/impactor-4: Operation not permitted
Click to expand...
Click to collapse
This error message actually indicates that Impactor succeeded in obtaining root control over your phone. However, when it tried to then, as root, remount /system writable so it could copy the su binary in place, it wasn't allowed to do so. A future version of Impactor will make it easier to drop to a root shell so you can test things out manually, but this means that while you can run code as root, you won't be able to install su.
However, if you have the time to play with it, get a copy of busybox and use adb to push it to /data/local/tmp (this is also something Impactor should help you do, but does not yet). (You will also need to make it executable, don't forget: "chmod 755 /data/local/tmp/busybox".) Then run the suggested Impactor command involving telnetd. Finally, via a shell, run "/data/local/tmp/busybox telnet 127.0.0.1 8899": you are now root.
You can verify that you are root because you will now have a # as a prompt instead of a $. Then run "mount -o remount,rw '' /system" (<- note, that's two single quotation marks as an argument between remount,rw and /system). This is the command that should fail with the "Operation not permitted" message. You are, however, root, so maybe there's something you want to do on the device at that point ;P.
mercuriussan said:
I also tried and played around with the command line in Impactor.
"adb devices" won't list my phone
But when I use the adb from the current Android SDK I just installed, it will display my phone with "adb devices".
Click to expand...
Click to collapse
The "Open Shell" in Impactor connects you to the device via adb: if you run adb on the device and ask for a list of devices attached to the device--something I didn't even realize was possible until you pointed it out here ;P I tested it, though, and wow: that actually is possible--you will get a blank list. However, suffice it to say that if you were able to type that at all, it can see your device.
Thanks for the suggestion, I'll try my luck in finding some exploit I can use...
So since Google patched this in 4.3, does this mean almost all devices before 4.2.2 can be rooted with this method?
bmg1001 said:
So since Google patched this in 4.3, does this mean almost all devices before 4.2.2 can be rooted with this method?
Click to expand...
Click to collapse
Yup - assuming they haven't been patched against the methods used (most haven't been).
Very interesting read. Thanks saurik & OP.
Eluga DL1
Hi there,
this post is in some ways a duplicate but different people seem to follow this thread because it is directly involving sauriks impactor.
Is there anything available that i can throw at Elugas 4.0.4 kernel to get r/w on the system partition?
I will try everything that is suggested to me.
Hi all,
I come with what is probably a silly question after I did not manage to stumble upon someone with the exact same situation while doing some googling around.
I have a Nexus 4, running the older Android 4.2.2 (did not update as I have some custom patches in there).
My phone has also been rooted for quite a while and working perfectly until recently something broke it (did not manage to find out when I broke it).
I have CWM installed and that is working fine.
I have SuperSu installed, now the latest version.
If I boot my phone into Recovery Mode and then I access it with the shell commands:
a) I mount the sdcard partition
b) I run
$ ./adb shell
~ # /system/xbin/su -
[email protected]:/ #
All works fine.
If I boot my phone normally and I run SuperSU, then I get: "no su binary installed" and the app kicks me out.
If I connect with ADB to it .. then I see that the binary is indeed in /system/xbin/su but trying to run it just doesn't do anything.
The process "freezes" and I don't get a command prompt anymore.
I can cancel it with CTRL+C and try to run it again but still ...nothing happens
This is one point where I am missing the Linux strace which I did not think of having here but would have enabled me to at least see what the SU binary is doing when it is not returning control to the command prompt or at least giving an error
Any idea what might be happening ?
Also..why is "su" working fine when called from the bootloader/CWM and why freezing when calling from the normal running system (aside from that funky error that no su binary is installed).
I tried so far flashing also an older version of SuperSU...same result, then went back to v1.94
Sorry if my problem is stupid but I don't seem to get my way around it...
I solved the first part by myself
Seems Xprivacy suddenly lost my preferences and was not allowing the running of su...
Now from the Terminal App on my Android, I can do: /system/xbin/su - and I get root.
But both SuperSU and SuperUser report that there's no SU binary....
Are they searching for it in some other path ?
I don't get it...
How can the binary not exist but if I run it by hand from the terminal app, everything works perfectly and I get to be root.
skyraven83 said:
Hi all,
I come with what is probably a silly question after I did not manage to stumble upon someone with the exact same situation while doing some googling around.
I have a Nexus 4, running the older Android 4.2.2 (did not update as I have some custom patches in there).
My phone has also been rooted for quite a while and working perfectly until recently something broke it (did not manage to find out when I broke it).
I have CWM installed and that is working fine.
I have SuperSu installed, now the latest version.
If I boot my phone into Recovery Mode and then I access it with the shell commands:
a) I mount the sdcard partition
b) I run
$ ./adb shell
~ # /system/xbin/su -
[email protected]:/ #
All works fine.
If I boot my phone normally and I run SuperSU, then I get: "no su binary installed" and the app kicks me out.
If I connect with ADB to it .. then I see that the binary is indeed in /system/xbin/su but trying to run it just doesn't do anything.
The process "freezes" and I don't get a command prompt anymore.
I can cancel it with CTRL+C and try to run it again but still ...nothing happens
This is one point where I am missing the Linux strace which I did not think of having here but would have enabled me to at least see what the SU binary is doing when it is not returning control to the command prompt or at least giving an error
Any idea what might be happening ?
Also..why is "su" working fine when called from the bootloader/CWM and why freezing when calling from the normal running system (aside from that funky error that no su binary is installed).
I tried so far flashing also an older version of SuperSU...same result, then went back to v1.94
Sorry if my problem is stupid but I don't seem to get my way around it...
Click to expand...
Click to collapse
it seems in the end that it was all in xprivacy problem....
solved and now it is functional
skyraven83 said:
I solved the first part by myself
Seems Xprivacy suddenly lost my preferences and was not allowing the running of su...
Now from the Terminal App on my Android, I can do: /system/xbin/su - and I get root.
But both SuperSU and SuperUser report that there's no SU binary....
Are they searching for it in some other path ?
I don't get it...
How can the binary not exist but if I run it by hand from the terminal app, everything works perfectly and I get to be root.
Click to expand...
Click to collapse
Just so you know
The reason you probably did not get responses to this is because you posted it in Galaxy Nexus section and not Nexus 4 forums
FireTV, Fire OS 5.0.5 (537174420) (developer preview)
I have tried every guide, I can push apps and install via adb, and I can access shell via adb, but I can't perform any su commands in the shell, it says su not found, or no permission etc for other commands, so I can't manually upgrade/downgrade or do anything as everything has one of these commands in there at some point, anyone know what I need to do to unlock this? I've currently just reset it to factory defaults for now. Also I've tried kingroot and tr and they both won't root/unlock the device.
Thanks in advance,
para
paradoxiumwind said:
FireTV, Fire OS 5.0.5 (537174420) (developer preview)
I have tried every guide, I can push apps and install via adb, and I can access shell via adb, but I can't perform any su commands in the shell, it says su not found, or no permission etc for other commands, so I can't manually upgrade/downgrade or do anything as everything has one of these commands in there at some point, anyone know what I need to do to unlock this? I've currently just reset it to factory defaults for now. Also I've tried kingroot and tr and they both won't root/unlock the device.
Thanks in advance,
para
Click to expand...
Click to collapse
I just ran into the same issue on both of my boxes the last couple days. Im not sure why I cant get root access either but the good thing is the disabling of the OTA updates sticks after you command it, regardless if you lose root. What I did was just re flash the pre rooted ROM. Kind of a pain but it only takes a couple mintues. After I did that, root access was back!
I managed to get root shell via adb using dirty cow exploit on my unrooted xperia m4 phone running android 6.01, but it can not execute any command I type in (pm disable appName etc), it just shows #root... and does nothing.
Do you know how can I use this root shell to freeze or delete system apps, and also do you know what is the purpose of having this limited root shell on android?
I have Galaxy S22 Ultra un-rooted.
I installed Sgallery app and I enable device admin via ADB in order to use some fuctions like "App Hide".
adb command : adb shell dpm set-device-owner com.hld.anzenbokusu/.receiver.DPMReceiver
How can I reset the device-owner to default so I can uninstall Sgallery?
I need help.
what's the adb command to remove "com.hld.anzenbokusu/.receiver.DPMReceiver" as device-owner?
anyone kind enough to HELP.
It is very time consuming to flash stock firmware and setup all apps all over again.