Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

zergRush not functioning on android 2.3.6 #2

Open
Conti opened this issue Apr 29, 2012 · 6 comments
Open

zergRush not functioning on android 2.3.6 #2

Conti opened this issue Apr 29, 2012 · 6 comments

Comments

@Conti
Copy link

Conti commented Apr 29, 2012

Samsung Galaxy Player 70 Plus (YP-GB70D) Running Android 2.3.6

Kernel version: 2.6.35.7 - se.infra@SEP-73 #2
Build number - GINGERBREAD.KRLD2

Here is the output from the adb shell:

$ /data/local/tmp/zergRush
/data/local/tmp/zergRush

[**] Zerg rush - Android 2.2/2.3 local root
** 2011 Revolutionary. All rights reserved.

[**] Parts of code from Gingerbreak, (C) 2010-2011 The Android Exploid Crew.

[+] Found a GingerBread ! 0x00000118
[+] Found a Samsung, running Samsung mode
[] Scooting ...
[] Sleeping a bit (~40s)...
[] Waking !
[] Sending 149 zerglings ...
[] Sleeping a bit (~40s)...
[] Waking !
[*] Sending 189 zerglings ...
[-] Hellions with BLUE flames !
$

Any chance this could be fixed?
@petemyron
Copy link

Might be because of line 137, "void *dlh = dlopen("/system/libc/libc.so", RTLD_NOW);". At least on my Galaxy s2, that file is at "/system/lib/libc.so"...

@niknah
Copy link

niknah commented Jul 19, 2012

Not working for me either. Android 2.3.6, ascend g300.

If it failed to open libc on that line it should print...
[-] dlopen

But I changed the binary to /system/lib/libc.so and it didn't work.

It should say "[+] Zerglings found a way to enter !..." if it worked. Looks like it's trying to send something to 'vold' to attempt to crash it. 'vold' is the mount tool so they suggest you unmount any sdcards first, but it still didn't work for me.

@schivmeister
Copy link

I don't think it has anything to do with 2.3.6 per se. It works on my 2.3.6 MTK device. It is possible that there is a specific update that patches this vulnerability or there must be something that can be done with the buffer size.

@idhyt
Copy link

idhyt commented Feb 15, 2016

hi, how to build this c code...i build it with ndk, but error:

$ ndk-build
[armeabi] Compile thumb  : zergRush <= zergRush.c
[armeabi] SharedLibrary  : libzergRush.so
jni/zergRush.c:241: error: undefined reference to 'socket_local_client'
jni/zergRush.c:503: error: undefined reference to 'property_set'
jni/zergRush.c:634: error: undefined reference to 'property_get'
collect2: error: ld returned 1 exit status
make: *** [obj/local/armeabi/libzergRush.so] Error 1

Look forward to your reply.

@dash17291
Copy link

https://wiki.mozilla.org/Mobile/Fennec/Android/Rooting/adb#Using_zergRush_exploit_to_restart_adbd_as_root

@idhyt
Copy link

idhyt commented Feb 27, 2016

@dash17291 thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@petemyron @niknah @schivmeister @dash17291 @Conti @idhyt and others