Possible alternative to Root?

This is a discussion on Possible alternative to Root? within the Motorola Backflip Development & Hacking forums, part of the Motorola Backflip category; Right, I thought of that, which is what made me wonder if there might be some other exploit that allowed permissions to write to protected ...

Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: Possible alternative to Root?

  1. #11
    Junior Member maciel310's Avatar
    Join Date
    Jul 2010
    Posts
    11
    Right, I thought of that, which is what made me wonder if there might be some other exploit that allowed permissions to write to protected memory, but didn't quite allow for root access. Realistically if we did get that it would probably be relatively easy to get root access, but just an idea.

    And I am not 100% sure that that was how the HaRET program operated. I think I'll email the developer (their site looks pretty dead, so who knows if I'll get a response) to see if I can get any more information as to how exactly it operated. Maybe there is some ARM specific instruction that allows reinitialization of the boot process, but from a specified memory location?

  2. #12
    Senior Member jmgib's Avatar
    Join Date
    Mar 2010
    Location
    Kentucky
    Posts
    1,350
    More than likely they found some security exploit that allowed them to hijack some process to boot the Linux kernel. That's basically what the guys who are trying to root the Backflip are looking for. Some type of exploit or hole that will allow them to gain root access.

  3. #13
    Member weasel5i2's Avatar
    Join Date
    May 2010
    Location
    Austin, TX
    Posts
    87
    From what I can tell, even HaRET requires system-level access to tell the hardware to enter post-bootloader mode and hook it into whatever (architecture-compatible!) bootable images you're loading with it.

    We're given at least SOME system-level access via the "reboot" command, otherwise we wouldn't be able to reboot the phones from userspace! (note, "reboot" fails from a shell) - I believe there are command-line arguments to the reboot command as well.

    --W5i2

  4. #14
    Member Gomer's Avatar
    Join Date
    Jun 2010
    Location
    Huntington Beach, CA
    Posts
    67
    Quote Originally Posted by jmgib View Post
    Even modern versions of Windows on the desktop don't really allow this. It's the reason that "game trainers" and such disappeared once Windows XP came along with its protected memory. You could no longer just directly modify another applications memory space. It's really a bad idea security wise to allow this (virii and such). I'm surprised you'd be able to do this on your Windows phone.
    TBH i don't have anything relevant to say regarding the subject of this thread, but this post just made me LOL. Game trainers disappeared eh? I call your bull****, game trainers and memory modifiers work just as well on windows XP as they do any other windows. I've been using XP for years and never had a single problem finding game trainers, and even modifying the memory values myself.
    Could you have possibly meant Vista? Or Windows 7? Because if you didn't, well, do more research before posting next time.

  5. #15
    Senior Member jmgib's Avatar
    Join Date
    Mar 2010
    Location
    Kentucky
    Posts
    1,350
    You may be right, but from what I've seen, after WinXP most game cheats turned into save file editors rather than directly modifying the game while it was running.

  6. #16
    Member Gomer's Avatar
    Join Date
    Jun 2010
    Location
    Huntington Beach, CA
    Posts
    67
    Lol, then you don't know where to look. Every PC game I've played has at least 2-3 different "trainers" for it, plus there are tons of applications available for modifying memory values.

  7. #17
    Junior Member odysseus's Avatar
    Join Date
    Jul 2010
    Posts
    5
    Not sure that I want to add to this thread, but...

    A "trainer" will have full access to a process that it has launched itself, unless (in Vista) that process has been flagged by the operating system as a protected program. I'm certain that trainers are possible with XP and likely with Vista (as long as you are doing a game or a "normal" program).

    However, you are still within the permissions of the protection model that the os permits, which I'm certain excludes random overwriting of system memory. I have heard of HaRET and (from pure guesswork) it uses an exploit to break into kernelspace on WinMo phones with a locked-down bootloader.

  8. #18
    Junior Member turnyourbackandrun's Avatar
    Join Date
    May 2010
    Posts
    18
    So... anyway. I was looking through the source for 13.35 and found some test code to generate a buffer overflow exception. This is definitely not my area of expertise, but I know that buffer overflows are the basis for many exploits... does anyone think this might be useful as an alternative?

  9. #19
    Junior Member met3ora's Avatar
    Join Date
    Apr 2010
    Posts
    10
    There's code included in the source to generate a buffer overflow? Could you provide a link or snippet?

  10. #20
    Senior Member Joe Coolcool's Avatar
    Join Date
    Apr 2010
    Posts
    408
    Please?
    Credit goes to ee0r.com for my avatar.

Page 2 of 3 FirstFirst 123 LastLast

Remove Ads

http://www.scramblerducati.org/

Sponsored Links

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Similar Threads

  1. My new fone
    By DF Member in forum HTC Desire
    Replies: 6
    Last Post: 12-28-2010, 06:10 AM

Search tags for this page

android froyo download

,

session hijack without root android

Click on a term to search our sites for related topics.
Android Forum