giefroot - rooting tool (CVE-2014-4322)

zxz0O0 · Jan 24, 2015

giefroot
A tool to root your device using CVE-2014-7911 (by Keen Team) and CVE-2014-4322 (by zxz0O0).
System rw access & SuperSU installation.

Requirements

USB debugging enabled
Settings => About phone => Click 7 times on Android Build to unlock developer options
Allow mock locations
Settings => Developer Settings
adb drivers installed
Firmware < October 2014 (kernel and system)

How to use

Download the tool (latest version) and extract it
Start your device and plug it to your computer
Put your device in air plane mode
Run install.bat and follow the instructions on screen
Congratulations! You should now be rooted. If you get an error "Device not rooted", try running the tool a second time.
Don't forget to make a donation
If you are not rooted, see post #3 for possible solutions!

What can you do next

Make a donation to the people involved
Backup TA partition / DRM keys
http://xdaforums.com/showthread.php?t=2292598
Install dualrecovery by [NUT]
Download Z??-lockeddualrecovery2.X.XXX-BETA.installer.zip from http://nut.xperia-files.com/, run install.bat and select Option #1
Note if you have problems after installing recovery, this thread is not the place to ask for help!

Download v3.1

Thanks to
Big thanks to Keen Team for developing the CVE-2014-7911 exploit.
Original thread: http://xdaforums.com/mate-7/general/wip-mate-7-root-bl-unlock-t2995086/post57991147

Code:

88      a8P   88888888888  88888888888  888b      88  
88    ,88'    88           88           8888b     88  
88  ,88"      88           88           88 `8b    88  
88,d88'       88aaaaa      88aaaaa      88  `8b   88  
8888"88,      88"""""      88"""""      88   `8b  88  
88P   Y8b     88           88           88    `8b 88  
88     "88,   88           88           88     `8888  
88       Y8b  88888888888  88888888888  88      `888  

Huawei Ascend Mate 7 root utility
                                                      
Present by Keen Team:
      Liang Chen, flanker017 - CVE-2014-7911 exploit
      idl3r - Kernel vulnerability and exploit

Special thanks to:
      Yaron Lavi and Nadav Markus from Palo Alto Networks for "Mock Location" trick
      Chainfire for SuperSU
      KingRoot (www.kingroot.net) for testing devices

Tested on MT7-TL10 and MT7-CL00 China Domestic edition with B122 SP06 (2014/12/30)
May or may not work on international editions

Additionally, thanks to:

Chainfire: SuperSU developer
MohammadAG: Disable RIC kernel module (Link)
idler1984: Trick for stopping system_server
RHBH, squabbi, minijaws, Desperanto86: Testing & debugging

Changelog

XDA:DevDB Information
giefroot - rooting tool, Tool/Utility for the OEM Cross Device Development

Contributors
zxz0O0

Version Information
Status: Beta

Created 2015-01-24
Last Updated 2015-05-03

zxz0O0 · Jan 24, 2015

Reserved

Help: My device is not supported

The tool uses static kernel addresses. To support a device, I need the following information from someone with stock kernel (supported firmware) and root:

Code:

cat /proc/version
su
echo 0 > /proc/sys/kernel/kptr_restrict
cat /proc/kallsyms > /data/local/tmp/kallsyms
chmod 777 /data/local/tmp/kallsyms

Upload kallsyms and show output of version command.

Currently as in v1 only Z3 Compact and Z3 is supported.

zxz0O0 · Jan 24, 2015

Reserved

I have supported firmware / kernel but still not rooted!

Solution 1:

Run the tool a few times

Solution 2:

Put your phone into safe mode and run the tool. To get the device into safe mode:

pkobier said:

Hold power button and than hold "Turn off". You will see prompt message to reboot phone in safe mode.

Click to expand...

Click to collapse

Solution 3:

Try running the tool on another computer

No solution works:
To speed up the support process you can provide the following output / information:

Device model / firmware version
Kernel version (cat /proc/version)
adb shell "ls -l /data/local/tmp/"
adb shell "cat /data/local/tmp/giefrootlog"
adb shell "cat /proc/last_kmsg"

iFlasher · Jan 24, 2015

The wait worth a lot... Thanks man, you are awesome!

mo3553 · Jan 24, 2015

can i use it on D6603?

thienbrand · Jan 24, 2015

@zxz0O0 : I have done everything but at the end, it's say "Error: device not rooted"?

zxz0O0 · Jan 24, 2015

thienbrand said:
@zxz0O0 : I have done everything but at the end, it's say "Error: device not rooted"?

Post this information: http://xdaforums.com/showpost.php?p=58391697&postcount=3
and output of install.bat

graffixnyc · Jan 24, 2015

Nice

thienbrand · Jan 24, 2015

zxz0O0 said:
I have supported firmware / kernel but still not rooted!

To speed up the support process you can provide the following output / information:

Device model / firmware version

Kernel version (cat /proc/version)

adb shell "ls -l /data/local/tmp/"

adb shell "cat /data/local/tmp/giefrootlog"

Device model / firmware version : D6603 / 23.0.A.2.93 Generic Global
Kernel version (cat /proc/version): 3.4.0-perf-g0961 cdf BuildUser@BuildHost #1 Tue-Aug 19 19:48:36 2014
adb shell "ls -l /data/local/tmp/":

adb shell "cat /data/local/tmp/giefrootlog":

output of bat:

LeonidasTurk · Jan 24, 2015

Hey, after root, can i update my device to latest firmware?

serajr · Jan 24, 2015

Thank so much my friend...
My small contribution: 8TJ698456J713772F

darwusch · Jan 24, 2015

No success on my device:
Edit: after second attempt it did work

D5803
23.0.A.2.93
Kernel
3.4.0-perf-g0961cdf
BuildUser@BuildHost #1
Tue Aug 19 19:48:36 2014

Output of install.bat:

Code:

==============================================
=                                            =
=                giefroot v1                 =
=            created by zxz0O0               =
=                                            =
=       Many thanks to:                      =
=       - [NUT]                              =
=       - MohammadAG                         =
=       - Keen Team                          =
=                                            =
==============================================

* daemon not running. starting it now on port 5037 *
* daemon started successfully *
=============================================
Waiting for Device, connect USB cable now...

Make sure that you authorize the connection
if you get any message on the phone
=============================================
Device found

=============================================
Sending files
=============================================
9 KB/s (152 bytes in 0.015s)
1109 KB/s (17892 bytes in 0.015s)
0 KB/s (143 bytes in 1.000s)
3799 KB/s (60799 bytes in 0.015s)
13 KB/s (13592 bytes in 1.000s)
96 KB/s (1544 bytes in 0.015s)
2154 KB/s (34473 bytes in 0.015s)
3985 KB/s (4016989 bytes in 0.984s)
4567 KB/s (657704 bytes in 0.140s)
0 KB/s (752 bytes in 1.000s)
2767 KB/s (44259 bytes in 0.015s)
        pkg: /data/local/tmp/exploitServiceApp.apk
Success

=============================================
Running exploit
=============================================
Please wait 70 seconds to let the device reboot
Error: device not rooted
Press any key to continue . . .

Output of
adb shell "ls -l /data/local/tmp/"

Code:

-rw-rw-rw- shell    shell     4016989 2015-01-24 00:00 SuperSU.zip
-rwxrwxrwx shell    shell         152 2015-01-24 11:50 a
-rwxrwxrwx shell    shell      657704 2014-02-07 00:39 busybox
-rwxrwxrwx shell    shell       17892 2015-01-24 14:13 getroot
-rwxrwxrwx shell    shell         143 2015-01-23 23:06 giefroot
-rwxrwxrwx shell    shell         752 2015-01-24 03:08 installsupersu.sh
-rwxrwxrwx shell    shell       60799 2015-01-07 06:40 main
-rwxrwxrwx shell    shell           0 2015-01-24 14:37 memfile
-rwxrwxrwx shell    shell       13592 2014-07-20 17:10 modulecrcpatch
-rwxrwxrwx shell    shell        1544 2015-01-24 04:13 systemrw.sh
-rwxrwxrwx shell    shell       34473 2014-07-09 23:02 wp_mod.ko

Output of
adb shell "cat /data/local/tmp/giefrootlog"

Code:

/system/bin/sh: cat: /data/local/tmp/giefrootlog: No such file or directory

Edit:
After the second time, it did work.
Here is the output of the install.bat after second attempt:

Code:

Done. You can now unplug your device.
Enjoy root
=============================================

What to do next?
- Donate to the people involved
- Install dualrecovery by [NUT]
- Backup TA partition

Press any key to continue . . .

RHBH · Jan 24, 2015

It didn't worked with my device.

Device model / firmware version:

Code:

D6643 / 23.0.A.2.93

Kernel version (cat /proc/version):

Code:

shell@D6643:/ $ cat /proc/version
cat /proc/version
Linux version 3.4.0-perf-g18c6f85 (BuildUser@BuildHost) (gcc version 4.7 (GCC) )
 #1 SMP PREEMPT Thu Sep 11 12:05:53 2014
shell@D6643:/ $

adb shell "ls -l /data/local/tmp/":

Code:

shell@D6643:/ $ ls -l /data/local/tmp
ls -l /data/local/tmp
-rw-rw-rw- shell    shell     4016989 2015-01-23 21:00 SuperSU.zip
-rwxrwxrwx shell    shell         152 2015-01-24 08:50 a
-rwxrwxrwx shell    shell      657704 2014-02-06 21:39 busybox
-rw-r--r-- root     root        30184 2014-07-15 06:10 flatland
-rwxrwxrwx shell    shell       17892 2015-01-24 11:13 getroot
-rwxrwxrwx shell    shell         143 2015-01-23 20:06 giefroot
-rwxrwxrwx system   system          0 2015-01-24 11:44 giefrootlog
-rw------- system   graphics     2654 2015-01-24 11:45 glsl_shader_log.txt
-rwxrwxrwx shell    shell         752 2015-01-24 00:08 installsupersu.sh
-rwxrwxrwx shell    shell       60799 2015-01-07 03:40 main
-rwxrwxrwx shell    shell           0 2015-01-24 11:43 memfile
-rwxrwxrwx shell    shell       13592 2014-07-20 15:10 modulecrcpatch
-rwxrwxrwx shell    shell        1544 2015-01-24 01:13 systemrw.sh
-rwxrwxrwx shell    shell       34473 2014-07-09 21:02 wp_mod.ko
shell@D6643:/ $

adb shell "cat /data/local/tmp/giefrootlog":

Code:

shell@D6643:/ $ cat /data/local/tmp/giefrootlog
cat /data/local/tmp/giefrootlog
shell@D6643:/ $

As far I saw the system escalation was successful, so the 1st exploit worked, the problem was achieving root with system user.

H117 · Jan 24, 2015

At first it didn't work, the batch would report "Error: device not rooted", but I suspect that's because I declined the Google pop up to perform app checks. After I rebooted and accepted, it worked just fine.
So thank you very much. I will be making a small contribution shortly.

xanathar · Jan 24, 2015

I'm also getting the "device not rooted" error.

Model: D6603
Firmware: 23.0.A.2.93 (1282-2729_23.0.A.2.93 GENERIC - user)
Kernel: Linux version 3.4.0-perf-g0961cdf (BuildUser@BuildHost) (gcc version 4.7 (GCC) ) #1 SMP PREEMPT Tue Aug 19 19:48:36 2014

/data/local/tmp/

Code:

-rw-rw-rw- shell    shell     4016989 2015-01-24 00:00 SuperSU.zip
-rwxrwxrwx shell    shell         152 2015-01-24 11:50 a
-rwxrwxrwx shell    shell      657704 2014-02-07 00:39 busybox
-rwxrwxrwx shell    shell       17892 2015-01-24 14:13 getroot
-rwxrwxrwx shell    shell         143 2015-01-23 23:06 giefroot
-rw------- system   graphics    11058 2015-01-24 14:53 glsl_shader_log.txt
-rwxrwxrwx shell    shell         752 2015-01-24 03:08 installsupersu.sh
-rwxrwxrwx shell    shell       60799 2015-01-07 06:40 main
-rwxrwxrwx shell    shell           0 2015-01-24 14:52 memfile
-rwxrwxrwx shell    shell       13592 2014-07-20 18:10 modulecrcpatch
-rwxrwxrwx shell    shell        1544 2015-01-24 04:13 systemrw.sh
-rwxrwxrwx shell    shell       34473 2014-07-10 00:02 wp_mod.ko

giefrootlog is not there.

install.bat output:

Code:

==============================================
=                                            =
=                giefroot v1                 =
=            created by zxz0O0               =
=                                            =
=       Many thanks to:                      =
=       - [NUT]                              =
=       - MohammadAG                         =
=       - Keen Team                          =
=                                            =
==============================================

* daemon not running. starting it now on port 5037 *
* daemon started successfully *
=============================================
Waiting for Device, connect USB cable now...

Make sure that you authorize the connection
if you get any message on the phone
=============================================
Device found

=============================================
Sending files
=============================================
0 KB/s (152 bytes in 1.000s)
1118 KB/s (17892 bytes in 0.015s)
0 KB/s (143 bytes in 1.000s)
3799 KB/s (60799 bytes in 0.015s)
13 KB/s (13592 bytes in 1.000s)
96 KB/s (1544 bytes in 0.015s)
2156 KB/s (34473 bytes in 0.015s)
3528 KB/s (4016989 bytes in 1.111s)
3957 KB/s (657704 bytes in 0.162s)
0 KB/s (752 bytes in 1.000s)
2770 KB/s (44259 bytes in 0.015s)
        pkg: /data/local/tmp/exploitServiceApp.apk
Success

=============================================
Running exploit
=============================================
Please wait 70 seconds to let the device reboot
Error: device not rooted
Press any key to continue . . .

zxz0O0 · Jan 24, 2015

RHBH said:
It didn't worked with my device.
[..]

Please pm me your gmail address for google hangout.

H117 said:
At first it didn't work, the batch would report "Error: device not rooted", but I suspect that's because I declined the Google pop up to perform app checks. After I rebooted and accepted, it worked just fine.
So thank you very much. I will be making a small contribution shortly.

Thanks for confirming. What is your device / version? So we can collect which are working.

tribemac · Jan 24, 2015

H117 said:
At first it didn't work, the batch would report "Error: device not rooted", but I suspect that's because I declined the Google pop up to perform app checks. After I rebooted and accepted, it worked just fine.
So thank you very much. I will be making a small contribution shortly.

Also had problem at first to get root , didnt even see the popup but on my 5th try i did see it and all went fine . So people give it a few tries .

D5803 running 23.0.A.2.93

H117 · Jan 24, 2015

zxz0O0 said:
Please pm me your gmail address for google hangout.

Thanks for confirming. What is your device / version? So we can collect which are working.

Sure.

Device model / firmware version - D5803/23.0.A.2.93
Kernel version - 3.4.0-perf-g0961cdf

2mal16 · Jan 24, 2015

zxz0O0 said:
Please pm me your gmail address for google hangout.

Thanks for confirming. What is your device / version? So we can collect which are working.

D5803
23.0.A.2.93
Kernel
3.4.0-perf-g0961cdf

First time: exact same output as @darwusch, did not get the SU prompt after reboot
Second time: This time i waited for the command window to connect my phone, and i waited a bit after reboot before touching the phone. After unluck i got SU prompt , confirmed it and i got root.
Thanks for all!!

SONiX-GERMANY · Jan 24, 2015

thienbrand said:
Device model / firmware version : D6603 / 23.0.A.2.93 Generic Global
Kernel version (cat /proc/version): 3.4.0-perf-g0961 cdf BuildUser@BuildHost #1 Tue-Aug 19 19:48:36 2014
adb shell "ls -l /data/local/tmp/":

C:\adb>adb shell "ls -l /data/local/tmp/"
* daemon not running. starting it now on port 5037 *
* daemon started successfully *
-rw-rw-rw- shell shell 4016989 2015-01-24 06:00 SuperSU.zip
-rwxrwxrwx shell shell 152 2015-01-24 17:50 a
-rwxrwxrwx shell shell 657704 2014-02-07 06:39 busybox
-rw-r--r-- root root 30184 2014-07-15 15:10 flatland
-rwxrwxrwx shell shell 17892 2015-01-24 20:13 getroot
-rwxrwxrwx shell shell 143 2015-01-24 05:06 giefroot
-rwxrwxrwx system system 181 2015-01-24 20:31 giefrootlog
-rw------- u0_a33 u0_a33 3774 2015-01-24 20:39 glsl_shader_log.txt
-rwxrwxrwx shell shell 752 2015-01-24 09:08 installsupersu.sh
-rwxrwxrwx shell shell 60799 2015-01-07 12:40 main
-rwxrwxrwx shell shell 0 2015-01-24 20:38 memfile
-rwxrwxrwx shell shell 13592 2014-07-20 23:10 modulecrcpatch
-rwxrwxrwx shell shell 1544 2015-01-24 10:13 systemrw.sh
-rwxrwxrwx shell shell 34473 2014-07-10 05:02 wp_mod.ko

adb shell "cat /data/local/tmp/giefrootlog":

C:\adb>adb shell "cat /data/local/tmp/giefrootlog"
giefroot (c) zxz0O0
query failed. trying another app...
getting ptr
getting offset
Error: Could not allocate memory for exploit code
getting root...
getuid: 1000
Error getting root

output of bat:

==============================================
= =
= giefroot v1 =
= created by zxz0O0 =
= =
= Many thanks to: =
= - [NUT] =
= - MohammadAG =
= - Keen Team =
= =
==============================================

* daemon not running. starting it now on port 5037 *
* daemon started successfully *
=============================================
Waiting for Device, connect USB cable now...

Make sure that you authorize the connection
if you get any message on the phone
=============================================
Device found

=============================================
Sending files
=============================================
9 KB/s (152 bytes in 0.015s)
1118 KB/s (17892 bytes in 0.015s)
25 KB/s (143 bytes in 0.005s)
1899 KB/s (60799 bytes in 0.031s)
13 KB/s (13592 bytes in 1.000s)
1 KB/s (1544 bytes in 1.000s)
2144 KB/s (34473 bytes in 0.015s)
2666 KB/s (4016989 bytes in 1.471s)
2417 KB/s (657704 bytes in 0.265s)
0 KB/s (752 bytes in 1.000s)
2766 KB/s (44259 bytes in 0.015s)
pkg: /data/local/tmp/exploitServiceApp.apk
Success

=============================================
Running exploit
=============================================
Please wait 70 seconds to let the device reboot
Error: device not rooted
Press any key to continue . . .

Have EXACTLY the same, except i'm on .98 fw. Will try in about 30 minutes.

atm: Z, Z3, Arc S, Play, S3, S3 Mini

giefroot - rooting tool (CVE-2014-4322)

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Senior Member

Retired Forum Mod / Inactive Recognized Developer

Senior Member

Senior Member

Recognized Developer / Recognized Themer

Senior Member

Senior Member

Member

Member

Senior Member

Senior Member

Member

Senior Member

Senior Member

Similar threads

Top Liked Posts