爱黑武论坛

 找回密码
 注册

QQ登录

只需一步,快速开始

查看: 1839|回复: 0

[讨论] 尘封大神 可以帮我理解这篇文章吗 ATT V 版4.4.2 好像说是去写保护的

[复制链接]
发表于 2014-8-2 22:17 | 显示全部楼层 |阅读模式

立即注册,加入爱黑武论坛的大家庭!爱黑武,爱上搞机生活!

您需要 登录 才可以下载或查看,没有账号?注册

x
Warning:
I will not be responsible for damage to your device(s) by using this exploit. Antivirus software and Play services will likely detect this as potentially
malicious. It is an exploit, deal with it or don't use it. Do not mirror these applications without my permission!


Change Log:
1.4.3 detects failed su installation (0 size su) and allows reinstallation
1.4.1 adds reliability, and fixes issues for users when improper permissions are applied to su (Preventing updates).



PwnMyMoto is a replacement for my previously released MotoRoot. PwnMyMoto exploits three vulnerabilities, to gain root access, then to gain write to system. This is a traditional root, and doesn't use any 'hackery' to maintain su access unlike MotoRoot.

First we use bug 9695860 (aka second masterkey) to gain system user, then it uses a symlink attack to gain root access. After gaining root we exploit a flaw in the bootloader, allowing us to bypass the write protection applied to system. In the process we remove stock recovery, so OTAs will not be a worry.

Install PwnMyMoto by running:
Quote:
adb install -r PwnMyMoto-<version and model go here>.apk

Then run PwnMyMoto, depending on the current root status of your phone it will reboot 2 or 3 times, after the last reboot it will uninstall it self and su will be installed on the actual system partition. Please install SuperSu from the market after this step is done.

We have two (ok more but were not going into that) boot modes. First is normal, which boots regular Android, and in this case boots with system write protected. Second is recovery mode, normally it boots recovery without write protection. Our exploit will hijack recovery bootmode and boot Android without write protection.

After running this exploit, if you boot normally /system will be write protected. If you boot to "recovery", Android will boot without write protection. If you wish to edit system, you must boot into "recovery" to do so, any changes made will stick and will work in either bootmode. My suggestion is to make your changes in "recovery" and run the device day to day in normal mode, until we are certain "recovery" mode will be 100% stable for day to day use.

The exploit will uninstall itself after successful exploitation.

To see if write protection is applied, you can run:
Quote:
adb shell getprop ro.boot.write_protect

If it returns '1' then write protection is applied to /system, if it returns '0' then no write protection has been applied.

In the future we will have a replacement recovery, but at this time it is still in development. Enjoy.


网站地址是:http://forum.xda-developers.com/moto-x/orig-development/root-write-protection-bypass-motox-t2444957

回复

使用道具 举报

 Hello,黑武的好机友!回复想偷个懒?点这里: 
您需要登录后才可以回帖 登录 | 注册

本版积分规则

关闭

站长推荐上一条 /1 下一条

QQ|小黑屋|Archiver|手机版|爱黑武论坛 ( 京ICP备2023028323号 | 京公网安备11011202000270号 )

GMT+8, 2024-11-5 14:53 , Processed in 0.048967 second(s), 24 queries .

Powered by Discuz! X3.4

Copyright © 2001-2024, ihei5.com

快速回复 返回顶部 返回列表