List Of Backflip System Files

This is a discussion on List Of Backflip System Files within the Motorola Backflip Development & Hacking forums, part of the Motorola Backflip category; Hello, I'm attaching a list of system files from my Backflip. It was collected by issuing the command "ls -R -l / >/sdcard/allfiles.txt" via adb ...

Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: List Of Backflip System Files

  1. #1
    Member weasel5i2's Avatar
    Join Date
    May 2010
    Location
    Austin, TX
    Posts
    87

    Talking List Of Backflip System Files

    Hello,

    I'm attaching a list of system files from my Backflip. It was collected by issuing the command "ls -R -l / >/sdcard/allfiles.txt" via adb shell.

    Hopefully this will give some insight as to which files/binaries/libs may be exploitable through some kind of suid hole. If anyone notices any possibilities in this file listing, please follow up here.

    I am still hacking around the filesystem in the hopes that I can find some kind of r00table exploit which I can leverage.

    Regards,
    Weasel5i2
    Attached Files Attached Files

  2. # ADS
    Ads
    Google Advertisement
    Join Date
    Always
    Location
    Advertising world
    Posts
    Many
    Android.net is the premier Android Forum on the internet.


  3. #2
    Senior Member Joe Coolcool's Avatar
    Join Date
    Apr 2010
    Posts
    408
    Quote Originally Posted by weasel5i2 View Post
    Hello,

    I'm attaching a list of system files from my Backflip. It was collected by issuing the command "ls -R -l / >/sdcard/allfiles.txt" via adb shell.

    Hopefully this will give some insight as to which files/binaries/libs may be exploitable through some kind of suid hole. If anyone notices any possibilities in this file listing, please follow up here.

    I am still hacking around the filesystem in the hopes that I can find some kind of r00table exploit which I can leverage.

    Regards,
    Weasel5i2
    Good luck!

  4. #3
    Junior Member Fetch's Avatar
    Join Date
    May 2010
    Posts
    2
    I checked out suid files previously, and didn't find any with reasonably exploitable holes (the phone is very light on suid files). You can find a link in this forum somewhere to the source code to most stuff on the Backflip, from Motorola.

    I didn't see any root-run processes likely to be broken, except maybe zygote, qmuxd, or the installer daemon (installd). On another post, you mentioned that tcmd being run as root, but on my phone it's under user 1000.

    Another avenue might be kernel exploits. The backflip is using the 2.6.27 linux kernel, which has several exploits available for it. The problem for me has been converting those exploits to work under the backflip's ARM architecture, but if someone else might have better luck, check out stuff like the pipe.c linux vuln.

  5. #4
    Senior Member Joe Coolcool's Avatar
    Join Date
    Apr 2010
    Posts
    408
    Quote Originally Posted by Fetch View Post
    I checked out suid files previously, and didn't find any with reasonably exploitable holes (the phone is very light on suid files). You can find a link in this forum somewhere to the source code to most stuff on the Backflip, from Motorola.

    I didn't see any root-run processes likely to be broken, except maybe zygote, qmuxd, or the installer daemon (installd). On another post, you mentioned that tcmd being run as root, but on my phone it's under user 1000.

    Another avenue might be kernel exploits. The backflip is using the 2.6.27 linux kernel, which has several exploits available for it. The problem for me has been converting those exploits to work under the backflip's ARM architecture, but if someone else might have better luck, check out stuff like the pipe.c linux vuln.
    Root talk.

    Cannot compute.

  6. #5
    Moderator SSeymour's Avatar
    Join Date
    Mar 2010
    Posts
    97
    Quote Originally Posted by Fetch View Post
    I checked out suid files previously, and didn't find any with reasonably exploitable holes (the phone is very light on suid files). You can find a link in this forum somewhere to the source code to most stuff on the Backflip, from Motorola.

    I didn't see any root-run processes likely to be broken, except maybe zygote, qmuxd, or the installer daemon (installd). On another post, you mentioned that tcmd being run as root, but on my phone it's under user 1000.

    Another avenue might be kernel exploits. The backflip is using the 2.6.27 linux kernel, which has several exploits available for it. The problem for me has been converting those exploits to work under the backflip's ARM architecture, but if someone else might have better luck, check out stuff like the pipe.c linux vuln.
    What you are talking about is the same way the CDMA Hero was rooted.Do a search for "asroot2".I believe someone has tried it and it didnt work but i will give it a go later on tonight.

  7. #6
    Moderator SSeymour's Avatar
    Join Date
    Mar 2010
    Posts
    97
    Ok this seems to have been fixed.I can push the files (asroot2,su) to /data/local/ on the phone but when i try to run asroot2 the phone kills it before it even starts.So then i tried to make the "su" file executable and run it and i get a dialogue that looks like this
    Code:
    here1here2here3#
    and anything i can think to run in it i get permission denied.Will keep playing with it but whatever motorola did they did it good lol.

  8. #7
    Member weasel5i2's Avatar
    Join Date
    May 2010
    Location
    Austin, TX
    Posts
    87

    You are correct, Fetch, I was mistaken when I posted that (I was hacking around in the phone's shell at work, then posted that after I'd gotten home for the day, running purely on what I could remember from earlier) - tcmd_engine actually runs as system:system.

    SSeymour, where did you find the asroot2 files you tried, I'm VERY interested in that prompt "su" gave you. I tried asroot2 and, as you said, it was killed immediately every time!

    I also haven't been able to successfully get a "su" to run without giving me an error about "must be suid to work properly", so I'd like to try the one you mention above, if it is different from the three I have tried (the stock and rooted/Cyanogen "su" binaries from my G1 as well as the "cracked" one from magicandroidapps.com fail with the above error message on my phone)

    Regards,
    Weasel5i2

  9. #8
    Member weasel5i2's Avatar
    Join Date
    May 2010
    Location
    Austin, TX
    Posts
    87
    Also, I am working on setting up my Debian based netbook with the ARM toolchain so I can cross-compile for the phone on it, then I'll see what I can do to get some kernel-r00ting code to run on the phone.

    A good repository I've found for precompiled Debian (Lenny, I believe) armel binaries which run on ARM is Index of /debian

    Regards,
    Weasel5i2

  10. #9
    Member weasel5i2's Avatar
    Join Date
    May 2010
    Location
    Austin, TX
    Posts
    87
    OK, tried the "su" and "asroot2" mentioned on the first Google result (sadevil.org) and when I tried "su" I got the prompt you mentioned, but it's a non-root "$" prompt, how did you get the "#" root prompt from that "su"? Or was that just a typo?

    here1here2here3$
    Regards,
    Weasel5i2

  11. #10
    Moderator SSeymour's Avatar
    Join Date
    Mar 2010
    Posts
    97
    Quote Originally Posted by weasel5i2 View Post
    OK, tried the "su" and "asroot2" mentioned on the first Google result (sadevil.org) and when I tried "su" I got the prompt you mentioned, but it's a non-root "$" prompt, how did you get the "#" root prompt from that "su"? Or was that just a typo?



    Regards,
    Weasel5i2
    My appologies was a typo.

Page 1 of 2 12 LastLast

Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Similar Threads

  1. Show off your Epic 4G Case!
    By Epic Forums User in forum Samsung Epic 4G
    Replies: 0
    Last Post: 08-31-2010, 11:11 AM

Search tags for this page

adb must suid work properly
,
asroot2 similar motorola
,

backflip list

,
backflips list
,
different list of backflips
,
hacking forum list
,
how to backflip a list
,
list of backflip
,
list of backflip codes
,

list of backflips

,
list system file on android?
,
motorola backflip file system
,
qmuxd on htc
,
zygote on motrola
Click on a term to search our sites for related topics.
Android Forum