Zerg rush


# adb start-server
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
# adb push zergRush /data/local/tmp/
3468 KB/s (84559 bytes in 0.023s)
# adb shell
$ id
uid=2000(shell) gid=2000(shell) groups=1003(graphics),1004(input),1007(log),1009(mount),1011(adb),1015(sdcard_rw),3001(net_bt_admin),3002(net_bt),3003(inet)


$ ps
USER PID PPID VSIZE RSS WCHAN PC NAME
root 1 0 392 252 ffffffff 00000000 S /init
root 2 0 0 0 ffffffff 00000000 S kthreadd
root 3 2 0 0 ffffffff 00000000 S ksoftirqd/0
root 4 2 0 0 ffffffff 00000000 S events/0
root 5 2 0 0 ffffffff 00000000 S khelper
root 6 2 0 0 ffffffff 00000000 S async/mgr
root 7 2 0 0 ffffffff 00000000 S suspend
root 8 2 0 0 ffffffff 00000000 S sync_system_wor
root 9 2 0 0 ffffffff 00000000 S irq/155-pm8058-
root 10 2 0 0 ffffffff 00000000 S sync_supers
root 11 2 0 0 ffffffff 00000000 S bdi-default
root 12 2 0 0 ffffffff 00000000 S kblockd/0
root 13 2 0 0 ffffffff 00000000 S khubd
root 14 2 0 0 ffffffff 00000000 S kmmcd
root 15 2 0 0 ffffffff 00000000 S rpciod/0
root 16 2 0 0 ffffffff 00000000 S modem_notifier
root 17 2 0 0 ffffffff 00000000 S qmi
root 18 2 0 0 ffffffff 00000000 S nmea
root 19 2 0 0 ffffffff 00000000 S rpcrouter
root 20 2 0 0 ffffffff 00000000 D rpcrotuer_smd_x
root 21 2 0 0 ffffffff 00000000 S dalrpc_rcv_DAL0
root 22 2 0 0 ffffffff 00000000 S krpcserversd
root 23 2 0 0 ffffffff 00000000 D krmt_storagecln
root 24 2 0 0 ffffffff 00000000 D krmt_storagecln
root 25 2 0 0 ffffffff 00000000 S kswapd0
root 26 2 0 0 ffffffff 00000000 S aio/0
root 27 2 0 0 ffffffff 00000000 S nfsiod
root 28 2 0 0 ffffffff 00000000 S crypto/0
root 39 2 0 0 ffffffff 00000000 S mdp_dma_wq
root 40 2 0 0 ffffffff 00000000 S mdp_vsync_wq
root 41 2 0 0 ffffffff 00000000 S mdp_pipe_ctrl_w
root 42 2 0 0 ffffffff 00000000 S mdp_cursor_ctrl
root 43 2 0 0 ffffffff 00000000 S vidc_worker_que
root 44 2 0 0 ffffffff 00000000 S vidc_timer_wq
root 45 2 0 0 ffffffff 00000000 S irq/154-sec_hea
root 46 2 0 0 ffffffff 00000000 S irq/172-sec_hea
root 47 2 0 0 ffffffff 00000000 S Si4709_wq
root 48 2 0 0 ffffffff 00000000 S irq/270-MICROUS
root 49 2 0 0 ffffffff 00000000 S scsi_tgtd/0
root 56 2 0 0 ffffffff 00000000 S k_otg
root 57 2 0 0 ffffffff 00000000 S k_gserial
root 58 2 0 0 ffffffff 00000000 S file-storage
root 59 2 0 0 ffffffff 00000000 S diag_wq
root 60 2 0 0 ffffffff 00000000 S irq/179-keypad_
root 61 2 0 0 ffffffff 00000000 S qt602240_wq
root 62 2 0 0 ffffffff 00000000 S irq/246-proximi
root 63 2 0 0 ffffffff 00000000 D klightsensorcln
root 64 2 0 0 ffffffff 00000000 D klightsensorcln
root 65 2 0 0 ffffffff 00000000 D krtcclntd
root 66 2 0 0 ffffffff 00000000 D krtcclntcbd
root 67 2 0 0 ffffffff 00000000 S msm_battery
root 68 2 0 0 ffffffff 00000000 D kbatteryclntd
root 69 2 0 0 ffffffff 00000000 D kbatteryclntcbd
root 70 2 0 0 ffffffff 00000000 S irq/238-ALARM_I
root 71 2 0 0 ffffffff 00000000 S kstriped
root 72 2 0 0 ffffffff 00000000 S kmpathd/0
root 73 2 0 0 ffffffff 00000000 S kmpath_handlerd
root 74 2 0 0 ffffffff 00000000 S ksnapd
root 75 2 0 0 ffffffff 00000000 S kondemand/0
root 76 2 0 0 ffffffff 00000000 S kconservative/0
root 77 2 0 0 ffffffff 00000000 S irq/244-msm-sdc
root 78 2 0 0 ffffffff 00000000 S usbhid_resumer
root 79 2 0 0 ffffffff 00000000 S binder
root 80 2 0 0 ffffffff 00000000 S gaf-proc
root 81 2 0 0 ffffffff 00000000 S l2cap
root 82 2 0 0 ffffffff 00000000 S krfcommd
root 83 2 0 0 ffffffff 00000000 D voice
root 84 2 0 0 ffffffff 00000000 S acdb_cb_thread
root 85 2 0 0 ffffffff 00000000 D khsclntd
root 86 2 0 0 ffffffff 00000000 S kgsl-3d0/0
root 87 2 0 0 ffffffff 00000000 S kgsl-2d0/0
root 88 2 0 0 ffffffff 00000000 S irq/212-melfas_
root 89 2 0 0 ffffffff 00000000 S melfas_touchkey
root 90 2 0 0 ffffffff 00000000 S multipdp_work_q
root 91 1 300 156 ffffffff 00000000 S /sbin/ueventd
root 92 2 0 0 ffffffff 00000000 S multipdp
root 93 2 0 0 ffffffff 00000000 S mmcqd
root 94 2 0 0 ffffffff 00000000 S jbd2/mmcblk0p15
root 95 2 0 0 ffffffff 00000000 S ext4-dio-unwrit
root 96 2 0 0 ffffffff 00000000 S jbd2/mmcblk0p17
root 97 2 0 0 ffffffff 00000000 S ext4-dio-unwrit
root 98 2 0 0 ffffffff 00000000 S jbd2/mmcblk0p12
root 99 2 0 0 ffffffff 00000000 S ext4-dio-unwrit
root 100 2 0 0 ffffffff 00000000 S jbd2/mmcblk0p16
root 101 2 0 0 ffffffff 00000000 S ext4-dio-unwrit
root 102 2 0 0 ffffffff 00000000 S ext4-dio-unwrit
root 104 2 0 0 ffffffff 00000000 S mmcqd
system 106 1 856 260 ffffffff 00000000 S /system/bin/servicemanager
root 107 1 3920 612 ffffffff 00000000 S /system/bin/vold
root 108 1 3900 568 ffffffff 00000000 S /system/bin/netd
root 109 1 720 272 ffffffff 00000000 S /system/bin/debuggerd
radio 110 1 9560 1936 ffffffff 00000000 S /system/bin/rild
system 111 1 8008 848 ffffffff 00000000 S /system/bin/drexe
system 112 1 1064 336 ffffffff 00000000 S /system/bin/npsmobex
system 113 1 5792 700 ffffffff 00000000 S /system/bin/gpsd
root 114 1 131292 32308 ffffffff 00000000 S zygote
media 115 1 61308 9912 ffffffff 00000000 S /system/bin/mediaserver
root 116 1 860 336 ffffffff 00000000 S /system/bin/installd
keystore 117 1 1788 432 ffffffff 00000000 S /system/bin/keystore
bluetooth 119 1 1300 708 ffffffff 00000000 S /system/bin/dbus-daemon
compass 120 1 2900 316 ffffffff 00000000 S /system/bin/orientationd
compass 121 1 864 316 ffffffff 00000000 S /system/bin/geomagneticd
system 122 1 13848 3424 ffffffff 00000000 S /system/bin/tvoutserver
radio 123 1 2420 600 ffffffff 00000000 S /system/bin/cnd
radio 124 1 936 344 ffffffff 00000000 S /system/bin/qmuxd
radio 125 1 4356 564 ffffffff 00000000 S /system/bin/netmgrd
nobody 128 1 9036 320 ffffffff 00000000 S /system/bin/rmt_storage
system 129 1 5200 996 ffffffff 00000000 S /system/bin/hdmid
shell 130 1 768 316 c01567d4 afd0c60c S /system/bin/immvibed
root 165 2 0 0 ffffffff 00000000 S flush-179:0
root 166 2 0 0 ffffffff 00000000 S flush-179:32
system 167 114 268316 54824 ffffffff 00000000 S system_server
system 302 114 166508 25560 ffffffff 00000000 S com.android.systemui
app_79 311 114 156608 27708 ffffffff 00000000 S com.sec.android.inputmethod.axt9
radio 315 114 166728 26968 ffffffff 00000000 S com.android.phone
app_48 316 114 142212 21716 ffffffff 00000000 S android.process.media
bluetooth 319 114 139900 17008 ffffffff 00000000 S com.broadcom.bt.app.system
app_39 382 114 192192 23928 ffffffff 00000000 S com.google.process.gapps
system 405 113 4536 424 ffffffff 00000000 S /system/bin/gpsd
app_17 419 114 176252 33688 ffffffff 00000000 S android.process.acore
system 491 114 143656 20544 ffffffff 00000000 S com.wssyncmldm
app_27 532 114 142444 17920 ffffffff 00000000 S com.sec.android.app.sns
system 540 114 142144 17744 ffffffff 00000000 S com.sec.android.providers.drm
app_21 674 114 141664 18972 ffffffff 00000000 S com.android.providers.calendar
system 683 114 140180 16644 ffffffff 00000000 S com.android.MtpApplication
app_74 690 114 176400 19976 ffffffff 00000000 S com.android.browser
app_11 716 114 154912 21148 ffffffff 00000000 S com.google.android.voicesearch
app_46 742 114 140880 17284 ffffffff 00000000 S com.sec.android.app.memo
app_17 759 114 186540 20556 ffffffff 00000000 S com.sec.android.widgetapp.infoalarm
app_13 770 114 140056 16148 ffffffff 00000000 S com.android.voicedialer
system 777 114 140840 16960 ffffffff 00000000 S com.sec.android.app.controlpanel
app_44 796 114 149184 22132 ffffffff 00000000 S com.android.mms
system 821 114 148956 26096 ffffffff 00000000 S com.android.settings
app_17 838 114 157256 31608 ffffffff 00000000 S com.sec.android.app.twlauncher
app_57 847 114 157984 18840 ffffffff 00000000 S com.google.android.googlequicksearchbox
app_78 857 114 141048 16956 ffffffff 00000000 S com.sec.android.provider.badge
app_61 870 114 160444 19912 ffffffff 00000000 S com.cooliris.media
shell 915 1 3440 184 ffffffff 00000000 S /sbin/adbd
app_32 919 114 140764 18172 ffffffff 00000000 S com.sec.android.app.samsungapps.una
app_50 926 114 165208 23108 ffffffff 00000000 S com.google.android.apps.maps
shell 958 915 784 356 c00d7318 afd0c41c S /system/bin/sh
shell 962 958 936 324 00000000 afd0b49c R ps
$ cd /data/local/tmp/
$ ./zergRush

[**] Zerg rush - Android 2.2/2.3 local root
[**] (C) 2011 Revolutionary. All rights reserved.

[**] Parts of code from Gingerbreak, (C) 2010-2011 The Android Exploid Crew.

[+] Found a GingerBread ! 0x00000118
[+] Found a Samsung, running Samsung mode
[*] Scooting ...
[*] Sleeping a bit (~40s)...
[*] Waking !
[*] Sending 149 zerglings ...
[+] Zerglings found a way to enter ! 0x10
[+] Overseer found a path ! 0x000181e0
[*] Sleeping a bit (~40s)...
[*] Waking !
[*] Sending 149 zerglings ...
[+] Zerglings caused crash (good news): 0x40121cd4 0x0054
[*] Researching Metabolic Boost ...
[+] Speedlings on the go ! 0xafd19413 0xafd390ff
[*] Sleeping a bit (~40s)...
[*] Waking !
[*] Popping 24 more zerglings
[*] Sending 173 zerglings ...

[+] Rush did it ! It's a GG, man !
[+] Killing ADB and restarting as root... enjoy!
# adb shell ps | grep adbd
root 1090 1 3440 184 ffffffff 00008294 S /sbin/adbd
# adb remount
remount succeeded
# adb shell mount
rootfs / rootfs ro,relatime 0 0
tmpfs /dev tmpfs rw,relatime,mode=755 0 0
devpts /dev/pts devpts rw,relatime,mode=600 0 0
proc /proc proc rw,relatime 0 0
sysfs /sys sysfs rw,relatime 0 0
none /acct cgroup rw,relatime,cpuacct 0 0
tmpfs /mnt/asec tmpfs rw,relatime,mode=755,gid=1000 0 0
tmpfs /mnt/obb tmpfs rw,relatime,mode=755,gid=1000 0 0
none /dev/cpuctl cgroup rw,relatime,cpu 0 0
/dev/block/mmcblk0p15 /system ext4 rw,relatime,barrier=1,data=ordered 0 0
/dev/block/mmcblk0p17 /data ext4 rw,relatime,errors=continue,barrier=1,data=ordered 0 0
/dev/block/mmcblk0p12 /persist ext4 rw,nosuid,nodev,relatime,barrier=0,data=ordered 0 0
/dev/block/mmcblk0p16 /cache ext4 rw,nosuid,nodev,noatime,errors=continue,barrier=1,data=ordered 0 0
/dev/block/mmcblk0p27 /efs ext4 rw,nosuid,nodev,relatime,barrier=0,data=writeback 0 0
/dev/block/vold/179:28 /mnt/sdcard vfat rw,dirsync,nosuid,nodev,noexec,noatime,nodiratime,uid=1000,gid=1015,fmask=0002,dmask=0002,allow_utime=0020,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro 0 0
/dev/block/vold/179:33 /mnt/sdcard/external_sd vfat rw,dirsync,nosuid,nodev,noexec,noatime,nodiratime,uid=1000,gid=1015,fmask=0002,dmask=0002,allow_utime=0020,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro 0 0
/dev/block/vold/179:33 /mnt/sdcard/external_sd vfat rw,dirsync,nosuid,nodev,noexec,noatime,nodiratime,uid=1000,gid=1015,fmask=0002,dmask=0002,allow_utime=0020,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro 0 0
/dev/block/vold/179:33 /mnt/secure/asec vfat rw,dirsync,nosuid,nodev,noexec,noatime,nodiratime,uid=1000,gid=1015,fmask=0002,dmask=0002,allow_utime=0020,codepage=cp437,iocharset=iso8859-1,shortname=mixed,utf8,errors=remount-ro 0 0
tmpfs /mnt/sdcard/external_sd/.android_secure tmpfs ro,relatime,size=0k,mode=000 0 0
# adb push out/target/product/generic/system/xbin/su /system/xbin/
3244 KB/s (64196 bytes in 0.019s)
# adb shell
# id
uid=0(root) gid=0(root) groups=1003(graphics),1004(input),1007(log),1009(mount),1011(adb),1015(sdcard_rw),3001(net_bt_admin),3002(net_bt),3003(inet)
# chown 0:0 /system/xbin/su
# chmod 6755 /system/xbin/su
# ls -l /system/xbin/su
-rwsr-sr-x root root 64196 2016-02-27 21:27 su
# ln -s /system/xbin/su /system/bin/su
# cd /data/local/tmp
# rm zergRush boomsh sh
# mount -o remount,ro /dev/block/mmcblk0p15 /system
# exit
# adb kill-server
-- phone restart --
# adb start-server
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
# adb shell
$ su
# id
uid=0(root) gid=0(root) groups=1003(graphics),1004(input),1007(log),1009(mount),1011(adb),1015(sdcard_rw),3001(net_bt_admin),3002(net_bt),3003(inet)
# cat /proc/partitions
major minor #blocks name

179 0 7552000 mmcblk0
179 1 106495 mmcblk0p1
179 2 500 mmcblk0p2
179 3 3596 mmcblk0p3
179 4 1 mmcblk0p4
179 5 5120 mmcblk0p5
179 6 20000 mmcblk0p6
179 7 3072 mmcblk0p7
179 8 5120 mmcblk0p8
179 9 7000 mmcblk0p9
179 10 3072 mmcblk0p10
179 11 3072 mmcblk0p11
179 12 8192 mmcblk0p12
179 13 7680 mmcblk0p13
179 14 5120 mmcblk0p14
179 15 532480 mmcblk0p15
179 16 102400 mmcblk0p16
179 17 1413120 mmcblk0p17
179 18 204800 mmcblk0p18
179 19 500 mmcblk0p19
179 20 3596 mmcblk0p20
179 21 5120 mmcblk0p21
179 22 20000 mmcblk0p22
179 23 5120 mmcblk0p23
179 24 7000 mmcblk0p24
179 25 5120 mmcblk0p25
179 26 5120 mmcblk0p26
179 27 5120 mmcblk0p27
179 28 5024768 mmcblk0p28
179 32 30657536 mmcblk1
179 33 30656512 mmcblk1p1
# df
Filesystem Size Used Free Blksize
/dev 178M 64K 178M 4096
/mnt/asec 178M 0K 178M 4096
/mnt/obb 178M 0K 178M 4096
/system 442M 311M 131M 4096
/data 1G 59M 1G 4096
/persist 4M 4M 796K 4096
/cache 98M 4M 94M 4096
/efs 4M 72K 4M 4096
/mnt/sdcard 4G 832K 4G 32768
/mnt/sdcard/external_sd 29G 429M 28G 32768
/mnt/secure/asec 29G 429M 28G 32768
# exit
$ exit
# adb kill-server

https://wiki.mozilla.org/Mobile/Fennec/Android/Rooting/adb

( valacska | 2016. 03. 04., p – 21:17 )

Zerg rush - Android 2.2/2.3 local root

régi darab. a mai kerneleknél már nem mennek az ilyen
temporary rootok. az utolsó talán a towel volt.

( wachag | 2016. 03. 04., p – 22:16 )

Csak úgy tudsz blogbejegyzést küldeni, hogy szétvacakold a /blog oldalt? :-(

Egyrészt tök jogos, hogy a drupal is lehetne okosabb, berakhatna automatikusan breakpointot, és lezárhatná a lezáratlan tageket. Utóbbit talán még bugnak is nevezném.

De veled is egyetértek, ott az előnézet gomb, szerintem nagyon kevesen veszik a fáradtságot, hogy használják is... Pedig...