¦bºô¤W¬Ý¨ì¤£¤Öroot¾÷»Ýnunlock bootloader¡A·|§Ë¦Ü¥¢¥h«O¾i¡CÁöµM¦³¨Ç¤H¤£©È³â¡A¦]¬°¦¤w¥Î¹L¤F¤@¦~¡A¦ýÁÙ¬O·|¦³¤H¶W°Q¹½¨ºÓÁàÁ઺ÂêÀY¡]¹³§Ú¡^¡C
¾A¥Î©ó¥u¥Î¹L¤@ÁäROOT¾÷ªºFRG83¤S¤£·Q¥¢¥h«O¾iªºNEXUS ONE¾÷¥D¡C
©Ò¥H§Úºî¦X¤F§Ú¤§«eªºroot¾÷§÷®Æ, ©ñ¥X§Úroot NEXUS ONE ªº¹Lµ{, ¦Ó¥B§Ú¤]¥u¬O©ñ¥X¹Lµ{, ¤£«OÃÒ¯à¦b©Ò¦³ANDROID ¾÷¤W¨Ï¥Î¡Cþ¦ì¤H¥S¥Î¤F¦b¨ä¥L¹q¸Ü¤W¦Óµoı¥i¦æªº¸Ü¨º´N¯dÓ¨¥§a¡C
¥i±¤ªº¬O¤å³¹µ´¹ï¤£¬O¡@DUMMY FRIENDLY, ¤£ª¾¹D¤°»ò¬OCMD ªºªB¤ÍÌÁÙ¬O¦n¦nªº¥Îì¼t¦n¤F (´N¬O¨ºÓ¶Â©³¥Õ¦rªºªFªF, ¥´DOS µ{¦¡±M¥Îªº)
§Úªº nexus one root ¥u¥Î¨Ó¶}©ñsuperuser ¥\¯à
Åý§A¥i¥H¦w¸Ë»Ýnroot ¾÷ªº¤u¨ã
¤£¯àÅý§A§â¹q¸ÜÂà¥Îhtc sense UI, nÂ઺ªB¤Í½Ð¦Û¦æ§ä¤å³¹¶}bootloader ¦A flash ROM, §Ú¤£¦b¦¹¸Ôz
§Ú¤â¤WªºNEXUS ONE ¬O¥Î^¤å, ©Ò¥H¹q¸ÜÅã¥Ü§Ú³£¥Î^¤å, ³Â·Ð¦U¦ì¤j¤j¦p¦³¤£©ú¥Õªº¸Ü½Ð¦Û¦æÂର^¤å¤¶±¤~¶}©l
·Ç³Æ¶}©l...
1. ¦w¸Ë ANDROID SDK ¤Î USB DRIVER
«Øij§âSDK¸Ë¦Ü¥ô¦ó¤@ÓµwºÐªº³Ì¤W¼h, ¤£n©ñ¦Ü¥ô¦óÀɮק¨¸Ì
¤S©Î¦w¸ËUSB DRIVER«á
«ö³o¸Ì¤U¸üÀÉ®×
, ¦Aª½±µ¸ÑÀ£¦Ü¥ô¦óµwºÐ¤º
¨Ò¦p D:\adb\
µM«á§ä¨ì¤º¸ÌÀ³¸Ón¬Ý¨ì¦³ADB.EXE
2. ¦A¨Ó´N¶}µÛ§Aªº¹q¸Ü, ¦b SETTING > APPLICATIONS > DEVELOPMENT ¸Ì¤Ä¿ï USB DEBUGGING, ¤Î STAY AWAKE
±µ¤W USB §â¹q¸Ü³s±µ¦Ü¹q¸£, ¬Ý¨ì§Úµe±¥ª¤W¨¤¦³°¦¤pÂζÜ?¦³ªº¸Ü´NOK¤F... ±µ¤U¨Ó´N¨ìµ{¦¡³¡¤À¤F
·Ç³Æ§¹²¦
¶}±Ò¼ÒÀÀ¾¹
3. ¦b¥´µ{¦¡½X®É¯d·NªÅ®æ¤Î¤j¤p¶¥°ÝÃD, §Oº|¥´
«ö"¶}©l" > "°õ¦æ"
µM«á¥´¤J
CMD
¶}±ÒDOS Àô¹Ò
¥H§Úªº¦w¸Ë¸ô®| D:\adb\ ¬°¨Ò, ¦A¥´¤J
§A±µµÛ·|¬Ý¨ì
µM«á§A¸Ó¥i¦b " > " ²Å¸¹«á¦AÄ~Äò¥´¤J¨ä¥LªºªF¦è
¦A¥´¤J«ü¥O¨ÓÀˬd§Aªº¾÷¾¹¯à§_³s¤W¹q¸£, ©Ò¨£¦p¤U
²Ä¤@¦¸¥Î³oÓ«ü¥O§A¸Ó·|¬Ý¨ì¦p¤UªºªF¦è¥X²{
* daemon not running. starting it now *
* daemon started successfully *
List of devices attached
xxxxxxxxxxxx devices
D:\adb> xxxxxxxxxxxx ¬O§Aªº¾÷¾¹¸¹½X, ¦pªG¨S¦³³o¦æ´Nª½±µ¨ìªÅ¥Õ¦æ¦A¦^¨ì D:\adb> ªº¸Ü¥Nªí§A²Ä2. ¥X°ÝÃD
xxxxxxxxxxxx device ¦³¥X²{´N¥Nªí§Aªº android ¹q¸Ü¦¨¥\¶i¤Jusb °£ÂμҦ¡¨Ã±µ¤W¹q¸£¤F
¶}±Ò¼ÒÀÀ¾¹§¹²¦
µ{¦¡³¡¤À¤@
²{¦b¦bD:\adb>«á¥´¤J«ü¥O¦p¤U
freenexus
³o¬O¤@Ӧ۰ʧ妸°õ¦æªºµ{¦¡, ·|§âroot¾÷®Én¥Î¨ìªºÀɮשñ¨ì¹q¸Ü¤¤
·|¬Ý¨ì¥H¤U´X¦æµ{¦¡¦Û°Ê¸õ¥X¨Ó
D:\adb>adb push freenexus /data/local/tmp/freenexus
372 KB/s (11917 bytes in 0.031s)
D:\adb>adb push Superuser.apk /data/local/tmp/Superuser.apk
682 KB/s (196521 bytes in 0.281s)
D:\adb>adb push su /data/local/tmp/su
410 KB/s (26264 bytes in 0.062s)
D:\adb>adb push busybox /data/local/tmp/busybox
1169 KB/s (1926944 bytes in 1.609s)
D:\adb>adb shell chmod 755 /data/local/tmp/freenexus
D:\adb>adb shell chmod 755 /data/local/tmp/busybox
¦A¦b§¹¦¨«á¥´¤J
D:\adb>adb push rageagainstthecage-arm5.bin /data/local/tmp/rageagainstthecage
·|¬Ý¨ì xxx KB/s (5392 bytes in x.xxxs)
KB ¼Æ¤Î s «eªº¼Æ¦r·|°£¨C¤Hªº¹q¸£¤£¦P¦ÓÅܪº
bytes «eªº¼Æ¦r¤£¯à¬° 0 , §_«h¥Nªí§A¼g¤JÀÉ®×¥¢±Ñ, «·s¶}©l§a
²{¦b¦A¦b D:\adb> «á¥´¤Jקï rageagainstthecage Àɮתº«ü¥O, ©Ò¨£¦p¤U
D:\adb>adb shell chmod 700 /data/local/tmp/rageagainstthecage ¦b¤@¦æªÅ¥Õ«á¦A¥´¤J adb shell ¦p¤U
±µµÛ·|¦b¤U¤@¦æ¥X²{ " $ "
¦b $ «á¥´¤J cd /data/local/tmp §ó§ï¹q¸Ü¸Ìªº¤u§@¸ê®Æ§¨¦p¤U
§A·|¨£¨ì¦p¤U¨â¦æ
¦A¦b $ ¤§«á¥´¤J ./rageagainstthecage ¦p¤U
±µµÛ·|¬Ý¨ì¦p¤U´X¦æ
./rageagainstthecage
CVE-2010-EASY Android local root exploit (C) 2010 by 743C
checking NPROC limit ...
[+] RLIMIT_NPROC={3084, 3084}
Searching for adb ...
[+] Found adb as PID 65
Spawning children. Dont type anything and wait for reset!
If you like what we are doing you can send us PayPal money to
[email protected] so we can compensate time, effort and HW costs.
If you are a company and feel like you profit from our work,
we also accept donations > 1000 USD!
adb connection will be reset. restart adb server on desktop and re-login.
$
D:\adb> µM«á´N¥i¥H¥Î«ü¥O exit Ãö³¬¹q¸Üªº¼ÒÀÀÀô¹Ò, ¨Ã¦A¦¸°õ¦æ¹q¸£¤ºªº«ü¥OºNÀÀ¾¹, ©Ò¨£¦p¤U
³o®ÉªºDOSµ¡¤f«K·|Ãö³¬±¼
µ{¦¡³¡¤À ¤@ §¹²¦
|
