search

android-rooting-tools / android_run_root_shell

567 stars 260 forks source link

huawei G700 fail #18

Open zllfdd opened 10 years ago

zllfdd commented 10 years ago

Device detected: HUAWEI G700-T00 (G700-T00 V100R001CHNC01B138)

Try to find address in memory... Attempt msm_cameraconfig exploit... Detected kernel physical address at 0x80008000 form iomem

Attempt fb_mem exploit... Detected kernel physical address at 0x80008000 form iomem Segmentation fault

nothize commented 10 years ago

Could you post the panic log?

On 21 November 2013 14:02, zll notifications@github.com wrote:

Device detected: HUAWEI G700-T00 (G700-T00 V100R001CHNC01B138)

Try to find address in memory... Attempt msm_cameraconfig exploit... Detected kernel physical address at 0x80008000 form iomem

Attempt fb_mem exploit... Detected kernel physical address at 0x80008000 form iomem Segmentation fault

— Reply to this email directly or view it on GitHubhttps://github.com/android-rooting-tools/android_run_root_shell/issues/18 .

Regards, Nothize

zllfdd commented 10 years ago

Did you mean kernel panic log? nothing happened but segmentation fault and the phone still works well.

/proc/version: Linux version 3.4.5 (jenkins@sp-linux015-desktop) (gcc version 4.6.x-google 20120106 (prerelease) (GCC) ) #1 SMP PREEMPT Wed Sep 25 12:04:03 HKT 2013

garyhouston commented 8 years ago

Same on Huawei Y330, it crashes in the mmap call in libexploit/libfb_mem_exploit/fb_mem_mmap.c. If I change the first argument from MAPPED_BASE to NULL it doesn't crash, but I suppose that value is there for a reason. It still doesn't do anything useful:

Device detected: HUAWEI Y330-U01 (Y330-U01 V100R001C00B124)

Try to find address in memory... Attempt msm_cameraconfig exploit... Detected kernel physical address at 0x80108000 from iomem

Attempt fb_mem exploit... Detected kernel physical address at 0x80108000 from iomem You need to manage to get remap_pfn_range address.

Try copying kernel memory... It will take a long time. Attempt pingpong exploit... No icmp socket available Attempt futex exploit... failed to exploit... Attempt get_user exploit... connect(): failed Attempt get_user exploit... (it hangs at this point)

TirelessMan commented 8 years ago

Hi garyhouston, I attemed to run pingpong exploit but I got No icmp socket available Error too!!!

Did you resolve that? Can you help me I resolve that please? Thanks in advance

garyhouston commented 8 years ago

It's trying to create a socket using: socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP); and it fails with "Permission denied". So this feature is disabled in the kernel.

TirelessMan commented 8 years ago

Thanks garyhouston , So how can I resolve the problem? I mean how can I enable this feature in the kernel?

Thanks in advance

garyhouston commented 8 years ago

Well, not without having root.

TirelessMan commented 8 years ago

Actually not having root! I want to get root access using a vulnerability, and I think at the first I don't have any root access.