• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

Root Root for Fierce 2?

derpy01 said:
You think this has everything we need? It has a boot.Img.p file
Click to expand...

That's a patch file, like a diff. It's not a complete boot.img.

Dc2500 said:
OK. So is anybody working on root?
Click to expand...

I am, I've just not had much spare time. The exploits I mentioned earlier should work out, it's just doing some work on the system to root exploit to get the right offset.

lexm said:
i have made some progress using emmc download mode but i am still missing some files and is a really risky procedure that can brick the phone. But as soon i have the good news you will all know :p.
Click to expand...

This seems like a really risky path to be researching, at least with the other options atm. Any reason you went this way?

Dc2500 said:
Anybody who has the stock recovery.IMG can you post it I may have a idea
Click to expand...

If we had a stock recovery.img, we could extract the kernel which should be the same as we're booting.
 
Can someone maybe find a software that can extract the recovery.IMG.p from our phone?


Or is that too advanced.
 
..what we need is actually going to be on the firmware? can't find any way to get to it without it being rooted first
 
Last edited:
If there is a recovery img on our phones then wtf would be the use of having it there if we cant even do a recovery without root.. ? So its only a factory resecovery img.. I see
 
Last edited:
derpy01 said:
We have recovery, it's not much use though
Click to expand...
yeah it sure is not much useunless you like going back to factory reset which actually was useful right when I first got the phone but now that I have so much stuff on it , it would just be a giant pain in the ass to try to reset everything the way it is now. yeah this really sucks I would never buy a computer that I was not given admin rights to..lol
 
Blackhawk1969 said:
yeah it sure is not much useunless you like going back to factory reset which actually was useful right when I first got the phone but now that I have so much stuff on it , it would just be a giant pain in the ass to try to reset everything the way it is now. yeah this really sucks I would never buy a computer that I was not given admin rights to..lol
Click to expand...
But sadly phones are different.
 
Dc2500 said:
Any one who has a Backup Phone might want to try this. Its for a LGG3 buts it still 4.4.2.

http://lgg3root.com/lg-g3-root/how-to-root-lg-g3/
Click to expand...
I believe someone said something about our fastboot being broken, but either way, that device isn't very similar to ours and it's a terrible idea to try this on our device.

I haven't had time to do it, but if anyone has too much time on their hands, here's a rough idea of what we really need done. Build this from source, don't worry about building the second exploit yet since we don't have the offsets - the precompiled one will do. Run it on the device and debug it, set a breakpoint somewhere appropriate, and grab the /proc/<pid>/maps file to see if we got a good enough map of kernel addresses.

There's a lot of useful scanning code here, we should be able to get the kernel addresses needed without spending a ton of time. From there, retme7's 4322 PoC should be easily adapted to our device.
 
Make sure you build from source, or you won't be able to properly debug. I've been tied up with other things, but the PoC didn't want to build for me as-is, and I didn't have more than a few mins to spare, so I didn't do any editing. Tomorrow I'm taking a day off from EVERYTHING, since I finally finished the project that has kept me busy (I really hate iOS apps). Starting Monday, I'll take a closer look, if no one else has by then.

The two PoC's handle the hard stuff, it's not like you need to build your ROP chains from scratch.

Alternatively, if anyone has access to one of the various jtag setups (typically used for unlocking and restoring bricks) you could dump the entire nand for me... If I've got no luck with anything else, I'll get the bus pirate and usbjtagnt out and really go to work. That shouldn't be needed though.
 
bakageta said:
Make sure you build from source, or you won't be able to properly debug. I've been tied up with other things, but the PoC didn't want to build for me as-is, and I didn't have more than a few mins to spare, so I didn't do any editing. Tomorrow I'm taking a day off from EVERYTHING, since I finally finished the project that has kept me busy (I really hate iOS apps). Starting Monday, I'll take a closer look, if no one else has by then.

The two PoC's handle the hard stuff, it's not like you need to build your ROP chains from scratch.

Alternatively, if anyone has access to one of the various jtag setups (typically used for unlocking and restoring bricks) you could dump the entire nand for me... If I've got no luck with anything else, I'll get the bus pirate and usbjtagnt out and really go to work. That shouldn't be needed though.
Click to expand...
Ill see what i can do tomorrow.
 
You must log in or register to reply here.
Back
Top Bottom