On request of the Samsung Admire community, I decided to root another Android phone.
Update: this exploit is also confirmed to work on the Samsung Galaxy Prevail.
The bug I ended up using is humorously similar to the one I used on the Droid 3. I found that whenever an application crashes (via segmentation fault, etc.) a dump file is created at
/data/log/dumpState_app_native.log by root, with world-writable permissions. This file’s parent directory is world-writable, so by placing a symbolic link at this location and causing a program to crash, it’s possible to create a world-writable file anywhere on disk.The Samsung Admire conveniently doesn’t have an existing
/data/local.prop, the properties file I leveraged with Droid 3 to get root, allowing us to create our own. The Motorola-specific property I used to prevent ADB from dropping privileges on Droid 3 obviously won’t work here, but the ro.kernel.qemuproperty will accomplish the same thing.You can download a one-click root script for Linux and OS X here. Feel free to e-mail me if you find this exploit works on other Samsung phones, and I’ll update this post.
Update: thanks to k0nane, a Windows version is available here.
No comments:
Post a Comment