[ROOT EXPLOIT+PATCH][2012.12.17] ExynosAbuse APK v1.20
This is an APK that uses the ExynosAbuse exploit (by alephzain) to gain root privileges and install SuperSU (v0.99) on your Exynos4 based device.
Since v1.10, it also allows you to disable the exploit (which may break camera), re-enable the exploit (if you need the camera) and to disable the exploit at boot (before any Android app runs). These options do require root (SuperSU or Superuser) to be installed as well. While this will help protect you, these are work-arounds, not actual fixes.
My method vs Supercurio, RyanZA
Quote:
At the moment, Supercurio's method relies on Android starting it at boot, using the same method any Android app uses to launch at boot. There is no guaranteed order of these apps being launched, and as such, a malicious app could be executing malicious code before the exploit is disabled.
RyanZA's method relies on the same mechanism as well and as such is still vulnerable. Furthermore, unlike Supercurio's and my own patch, RyanZA's patch chmod's to 0600 while ours chmod to 0400 or 0000. With 0600, system user can still run the exploit, so chaining a half-exploit that only gives system user followed by ExynosAbuse may still grant an attacker root access.
My method requires proper root and modifies /system, and disabling the exploit is done before any normal Android app (like those installed from the Play store) have a chance to execute their code. As long as you tell my app to disable the exploit at boot before you install a malicious app, and providing you do not grant a malicious app root (through SuperSU), this should protect against any exploit. Also note that after enabling applying the patch at boot, you can unroot in SuperSU again (SuperSU --> Settings --> Full Unroot) and the patch will keep working, but you'll be unrooted again (if you don't want root). On some devices it takes a reboot for SuperSU to truly disappear after that, by the way.
With my patch, I do advise testing the exploit was disabled after a reboot by running ExynosAbuse again, and verifying both checkboxes next to "Disable exploit" and "Disable exploit on boot" are enabled. These auto-detect the current state, and if the patch on boot was succesful both will be checked.
Exploit
For more details on the exploit itself, see this thread: http://forum.xda-developers.com/show....php?t=2048511 . The exploit is used by this APK in unmodified form. You should be very afraid of this exploit - any app can use it to gain root without asking and without any permissions on a vulnerable device. Let's hope for some fixes ASAP !
Compatibility:
Samsung Galaxy S2 GT-I9100
Samsung Galaxy S3 GT-I9300
Samsung Galaxy S3 LTE GT-I9305
Samsung Galaxy Note GT-N7000
Samsung Galaxy Note 2 GT-N7100
Samsung Galaxy Note 2 LTE GT-N7105
AT&T Galaxy Note 2 SGH-I317
Verizon Galaxy Note 2 SCH-I605 both locked and unlocked bootloaders work
Samsung Galaxy Tab Plus GT-P6210
Samsung Galaxy Note 10.1 GT-N8000, GT-N8010, GT-N8013, GT-N8020
Google Nexus 10 not compatible, Exynos5
Post in this thread if you have a device to add.
Notes
I'm not sure if this APK will work right on Android 2.x devices (not tested yet), doesn't mean the exploit doesn't work. So if you're on Android 2.x and this APK doesn't work for you, try doing the exploit manually.
Download
Please do not redistribute, link to this thread instead
niestety nie potrafię przetłumaczyć ale generalnie chodzi o to że kernele samsunga mają jakąś lukę która pozwala na rózne dostępy między innymi do właśnie roota.