/data/log/dumpState_app_native.log by root, with world-writable permissions.This file’s parent directory is world-writable, so by placing a symbolic link at this location and causing a program to crash, it’s possible to create a world-writable file anywhere on disk.
The Samsung Admire conveniently doesn’t have an existing
/data/local.prop, the properties file I leveraged with Droid 3 to get root, allowing us to create our own.The Motorola-specific property I used to prevent ADB from dropping privileges on Droid 3 obviously won’t work here, but the
ro.kernel.qemu property will accomplish the same thing.You can download a one-click root script for Linux and OS X here. I’ll mirror a Windows version as soon as someone ports it. Feel free to e-mail me if you find this exploit works on other Samsung phones, and I’ll update this post.
Update: this exploit is also confirmed to work on the Samsung Galaxy Prevail.
No comments:
Post a Comment