HOME
  Security
   Software
    Hardware
  
FPGA
  CPU
   Android
    Raspberry Pi
  
nLite
  etc.
   ALL
    LINK
  
English Translate 中文翻訳
BACK
 

2013/07/30

DoCoMo F-02E ARROWS Xの root取得方法 DoCoMo F-02E ARROWS Xの root取得方法

(F-02E ARROWS Xで一時root化、LSM解除の方法、V17R48A)

Tags: [Androidスマホ], [Docomo], [富士通], [Root化]





● DoCoMo F-02E ARROWS Xで root取得、LSM解除する方法。

docomo ARROWS X F-02Eの特長

ARROWS X F-02Eの製品アップデート情報

 下記バージョンで確認済み
過去ビルド番号:V16R46A(2013年 2月製造、一時root可)
最新ビルド番号:V17R48A(2013年 8月製造、一時root可)


● F-02E ADB用USBドライバ

FMWORLD(個人) > 携帯電話 > 開発者向けサポート情報 > F-02E USBドライバ > ダウンロード
F-02E ADB用USBドライバ
usb_driver_F-02E_1.0.zip/8,679,201byte
2012年2月22日



● DoCoMo F-02E ARROWS Xで root取得する方法。(一時root)

 run_root_shellを使う。
android-rooting-tools/android_run_root_shell
 これをコンパイルする。
run_root_shell.zip コンパイルしたものを置いておきます。


> adb push run_root_shell /data/local/tmp
1043 KB/s (83492 bytes in 0.078s)

> adb shell

shell@android:/ $ cd /data/local/tmp
cd /data/local/tmp

shell@android:/data/local/tmp $ chmod 755 run_root_shell
chmod 755 run_root_shell

shell@android:/data/local/tmp $ ls -l
ls -l
-rwxr-xr-x shell    shell       83492 2013-08-04 13:46 run_root_shell

shell@android:/data/local/tmp $ ./run_root_shell
./run_root_shell

Device detected: F-02E (V16R46A)

Attempt acdb exploit...
F-02E (V16R46A) is not supported.

Attempt fj_hdcp exploit...

Attempt fb_mem exploit...
shell@android:/data/local/tmp # ← 一時root

shell@android:/data/local/tmp # id
id
uid=0(root) gid=0(root)

※ V17R48Aも同様に可能



● DoCoMo F-02E ARROWS Xで root取得、LSM解除する方法。

 run_root_shellで一時root後に unlock_security_moduleを使う。
fi01/unlock_security_module
 これをコンパイルする。
 Unlock Linux security module such as TOMOYO, MIYABI, FJSEC, KCLSM and so on.

unlock_security_module.zip コンパイルしたものを置いておきます。



> adb push run_root_shell /data/local/tmp
1043 KB/s (83492 bytes in 0.078s)

> adb shell chmod 755 /data/local/tmp/run_root_shell

> adb push unlock_security_module /data/local/tmp/
1105 KB/s (141504 bytes in 0.125s)

> adb shell chmod 755 /data/local/tmp/unlock_security_module

> adb shell

shell@android:/ $ cd /data/local/tmp/
cd /data/local/tmp/

shell@android:/data/local/tmp $ ls -l
ls -l
-rwxr-xr-x shell    shell       83492 2013-08-04 13:46 run_root_shell
-rwxr-xr-x shell    shell      141504 2013-08-05 20:41 unlock_security_module

127|shell@android:/data/local/tmp $ ./run_root_shell
./run_root_shell


Device detected: F-02E (V16R46A)

Attempt acdb exploit...
F-02E (V16R46A) is not supported.

Attempt fj_hdcp exploit...

Attempt fb_mem exploit...

139|shell@android:/data/local/tmp # id
id
uid=0(root) gid=0(root)

shell@android:/data/local/tmp # ./unlock_security_module
./unlock_security_module
Mapping kernel memory...
Detected kernel physical address at 0x80008000 form iomem
Attempt acdb exploit...
F-02E (V16R46A) is not supported.
Attempt perf_swevent exploit...
OK.

Finding kallsyms address in memory...
Checking kallsyms_in_memory working...
OK. Ready to unlock security module.

Essential symbols are:
  prepare_kernel_cred = 0xc00a0cdc
  commit_creds = 0xc00a0660
  remap_pfn_range = 0xc011272c
  vmalloc_exec = 0xc012047c

Checking mmc_protect_part...
Checking ccsecurity...
Checking fjsec LSM...
Found fjsec LSM.
security_ops[3] = 0xc0257f00 <cap_ptrace_access_check>
security_ops[4] = 0xc0260720 <fjsec_ptrace_traceme>
c0bc6878: <fjsec_ptrace_traceme>: fixed <cap_syslog>
security_ops[5] = 0xc0261034 <fjsec_ptrace_request_check>
c0bc687c: <fjsec_ptrace_request_check>: fixed <cap_syslog>
security_ops[6] = 0xc0257fb4 <cap_capget>
security_ops[7] = 0xc0258010 <cap_capset>
security_ops[8] = 0xc0257e0c <cap_capable>
security_ops[9] = 0xc025ac00 <cap_quotactl>
security_ops[10] = 0xc025ac1c <cap_quota_on>
security_ops[11] = 0xc025abe4 <cap_syslog>
security_ops[12] = 0xc0257ed4 <cap_settime>
security_ops[13] = 0xc0258dc8 <cap_vm_enough_memory>
security_ops[14] = 0xc02584ec <cap_bprm_set_creds>
security_ops[15] = 0xc025ac38 <cap_bprm_check_security>
security_ops[16] = 0xc02587b8 <cap_bprm_secureexec>
security_ops[17] = 0xc025ac54 <cap_bprm_committing_creds>
security_ops[18] = 0xc025ac6c <cap_bprm_committed_creds>
security_ops[19] = 0xc025ac84 <cap_sb_alloc_security>
security_ops[20] = 0xc025aca0 <cap_sb_free_security>
security_ops[21] = 0xc025acb8 <cap_sb_copy_data>
security_ops[22] = 0xc025acd4 <cap_sb_remount>
security_ops[23] = 0xc025acf0 <cap_sb_kern_mount>
security_ops[24] = 0xc025ad0c <cap_sb_show_options>
security_ops[25] = 0xc025ad28 <cap_sb_statfs>
security_ops[26] = 0xc02635b8 <fjsec_sb_mount>
c0bc68d0: <fjsec_sb_mount>: fixed <cap_syslog>
security_ops[27] = 0xc0263f5c <fjsec_sb_umount>
c0bc68d4: <fjsec_sb_umount>: fixed <cap_syslog>
security_ops[28] = 0xc0264164 <fjsec_sb_pivotroot>
c0bc68d8: <fjsec_sb_pivotroot>: fixed <cap_syslog>
security_ops[29] = 0xc025b688 <cap_sb_set_mnt_opts>
security_ops[30] = 0xc025ad44 <cap_sb_clone_mnt_opts>
security_ops[31] = 0xc025ad5c <cap_sb_parse_opts_str>
security_ops[32] = 0xc0262e28 <fjsec_path_unlink>
c0bc68e8: <fjsec_path_unlink>: fixed <cap_syslog>
security_ops[33] = 0xc0262434 <fjsec_path_mkdir>
c0bc68ec: <fjsec_path_mkdir>: fixed <cap_syslog>
security_ops[34] = 0xc02623d4 <fjsec_path_rmdir>
c0bc68f0: <fjsec_path_rmdir>: fixed <cap_syslog>
security_ops[35] = 0xc0263cb8 <fjsec_path_mknod>
c0bc68f4: <fjsec_path_mknod>: fixed <cap_syslog>
security_ops[36] = 0xc0262374 <fjsec_path_truncate>
c0bc68f8: <fjsec_path_truncate>: fixed <cap_syslog>
security_ops[37] = 0xc0262be4 <fjsec_path_symlink>
c0bc68fc: <fjsec_path_symlink>: fixed <cap_syslog>
security_ops[38] = 0xc0262860 <fjsec_path_link>
c0bc6900: <fjsec_path_link>: fixed <cap_syslog>
security_ops[39] = 0xc0262494 <fjsec_path_rename>
c0bc6904: <fjsec_path_rename>: fixed <cap_syslog>
security_ops[40] = 0xc0264588 <fjsec_path_chmod>
c0bc6908: <fjsec_path_chmod>: fixed <cap_syslog>
security_ops[41] = 0xc0264834 <fjsec_path_chown>
c0bc690c: <fjsec_path_chown>: fixed <cap_syslog>
security_ops[42] = 0xc0263d68 <fjsec_path_chroot>
c0bc6910: <fjsec_path_chroot>: fixed <cap_syslog>
security_ops[43] = 0xc025ad78 <cap_inode_alloc_security>
security_ops[44] = 0xc025ad94 <cap_inode_free_security>
security_ops[45] = 0xc025adac <cap_inode_init_security>
security_ops[46] = 0xc025adc8 <cap_inode_create>
security_ops[47] = 0xc025ade4 <cap_inode_link>
security_ops[48] = 0xc025ae00 <cap_inode_unlink>
security_ops[49] = 0xc025ae1c <cap_inode_symlink>
security_ops[50] = 0xc025ae38 <cap_inode_mkdir>
security_ops[51] = 0xc025ae54 <cap_inode_rmdir>
security_ops[52] = 0xc025ae70 <cap_inode_mknod>
security_ops[53] = 0xc025ae8c <cap_inode_rename>
security_ops[54] = 0xc025aea8 <cap_inode_readlink>
security_ops[55] = 0xc025aec4 <cap_inode_follow_link>
security_ops[56] = 0xc025aee0 <cap_inode_permission>
security_ops[57] = 0xc025aefc <cap_inode_setattr>
security_ops[58] = 0xc025af18 <cap_inode_getattr>
security_ops[59] = 0xc0258858 <cap_inode_setxattr>
security_ops[60] = 0xc025af34 <cap_inode_post_setxattr>
security_ops[61] = 0xc025af4c <cap_inode_getxattr>
security_ops[62] = 0xc025af68 <cap_inode_listxattr>
security_ops[63] = 0xc02588dc <cap_inode_removexattr>
security_ops[64] = 0xc02581a0 <cap_inode_need_killpriv>
security_ops[65] = 0xc02581f4 <cap_inode_killpriv>
security_ops[66] = 0xc025af84 <cap_inode_getsecurity>
security_ops[67] = 0xc025afa0 <cap_inode_setsecurity>
security_ops[68] = 0xc025afbc <cap_inode_listsecurity>
security_ops[69] = 0xc025afd8 <cap_inode_getsecid>
security_ops[70] = 0xc0263068 <fjsec_file_permission>
c0bc6980: <fjsec_file_permission>: fixed <cap_syslog>
security_ops[71] = 0xc025aff8 <cap_file_alloc_security>
security_ops[72] = 0xc025b014 <cap_file_free_security>
security_ops[73] = 0xc025b02c <cap_file_ioctl>
security_ops[74] = 0xc02633a8 <fjsec_file_mmap>
c0bc6990: <fjsec_file_mmap>: fixed <cap_file_mmap>
security_ops[75] = 0xc025b048 <cap_file_mprotect>
security_ops[76] = 0xc025b064 <cap_file_lock>
security_ops[77] = 0xc025b080 <cap_file_fcntl>
security_ops[78] = 0xc025b09c <cap_file_set_fowner>
security_ops[79] = 0xc025b0b8 <cap_file_send_sigiotask>
security_ops[80] = 0xc025b0d4 <cap_file_receive>
security_ops[81] = 0xc0261cf0 <fjsec_dentry_open>
c0bc69ac: <fjsec_dentry_open>: fixed <cap_syslog>
security_ops[82] = 0xc025b0f0 <cap_task_create>
security_ops[83] = 0xc025b10c <cap_cred_alloc_blank>
security_ops[84] = 0xc025b128 <cap_cred_free>
security_ops[85] = 0xc025b140 <cap_cred_prepare>
security_ops[86] = 0xc025b15c <cap_cred_transfer>
security_ops[87] = 0xc025b174 <cap_kernel_act_as>
security_ops[88] = 0xc025b190 <cap_kernel_create_files_as>
security_ops[89] = 0xc025b1ac <cap_kernel_module_request>
security_ops[90] = 0xc0260a58 <fjsec_kernel_load_module>
c0bc69d0: <fjsec_kernel_load_module>: fixed <cap_syslog>
security_ops[91] = 0xc0258960 <cap_task_fix_setuid>
security_ops[92] = 0xc025b1c8 <cap_task_setpgid>
security_ops[93] = 0xc025b1e4 <cap_task_getpgid>
security_ops[94] = 0xc025b200 <cap_task_getsid>
security_ops[95] = 0xc025b21c <cap_task_getsecid>
security_ops[96] = 0xc0258bb8 <cap_task_setnice>
security_ops[97] = 0xc0258b9c <cap_task_setioprio>
security_ops[98] = 0xc025b23c <cap_task_getioprio>
security_ops[99] = 0xc025b258 <cap_task_setrlimit>
security_ops[100] = 0xc0258b80 <cap_task_setscheduler>
security_ops[101] = 0xc025b274 <cap_task_getscheduler>
security_ops[102] = 0xc025b290 <cap_task_movememory>
security_ops[103] = 0xc025b2c8 <cap_task_kill>
security_ops[104] = 0xc025b2ac <cap_task_wait>
security_ops[105] = 0xc0258bd4 <cap_task_prctl>
security_ops[106] = 0xc025b2e4 <cap_task_to_inode>
security_ops[107] = 0xc025b2fc <cap_ipc_permission>
security_ops[108] = 0xc025b318 <cap_ipc_getsecid>
security_ops[109] = 0xc025b338 <cap_msg_msg_alloc_security>
security_ops[110] = 0xc025b354 <cap_msg_msg_free_security>
security_ops[111] = 0xc025b36c <cap_msg_queue_alloc_security>
security_ops[112] = 0xc025b388 <cap_msg_queue_free_security>
security_ops[113] = 0xc025b3a0 <cap_msg_queue_associate>
security_ops[114] = 0xc025b3bc <cap_msg_queue_msgctl>
security_ops[115] = 0xc025b3d8 <cap_msg_queue_msgsnd>
security_ops[116] = 0xc025b3f4 <cap_msg_queue_msgrcv>
security_ops[117] = 0xc025b410 <cap_shm_alloc_security>
security_ops[118] = 0xc025b42c <cap_shm_free_security>
security_ops[119] = 0xc025b444 <cap_shm_associate>
security_ops[120] = 0xc025b460 <cap_shm_shmctl>
security_ops[121] = 0xc025b47c <cap_shm_shmat>
security_ops[122] = 0xc025b498 <cap_sem_alloc_security>
security_ops[123] = 0xc025b4b4 <cap_sem_free_security>
security_ops[124] = 0xc025b4cc <cap_sem_associate>
security_ops[125] = 0xc025b4e8 <cap_sem_semctl>
security_ops[126] = 0xc025b504 <cap_sem_semop>
security_ops[127] = 0xc0257df0 <cap_netlink_send>
security_ops[128] = 0xc0257d08 <cap_netlink_recv>
security_ops[129] = 0xc025b520 <cap_d_instantiate>
security_ops[130] = 0xc025b538 <cap_getprocattr>
security_ops[131] = 0xc025b554 <cap_setprocattr>
security_ops[132] = 0xc025b570 <cap_secid_to_secctx>
security_ops[133] = 0xc025b58c <cap_secctx_to_secid>
security_ops[134] = 0xc025b5ac <cap_release_secctx>
security_ops[135] = 0xc025b5c4 <cap_inode_notifysecctx>
security_ops[136] = 0xc025b5e0 <cap_inode_setsecctx>
security_ops[137] = 0xc025b5fc <cap_inode_getsecctx>
security_ops[138] = 0xc025b618 <cap_key_alloc>
security_ops[139] = 0xc025b634 <cap_key_free>
security_ops[140] = 0xc025b64c <cap_key_permission>
security_ops[141] = 0xc025b668 <cap_key_getsecurity>
  20 functions are fixed.

Unlocked LSM.
Segmentation fault (core dumped)

※ 必要に応じて端末側で Superuserや SuperSU、bysuboxのインストールをしてください。


shell@android:/data/local/tmp # exit
exit
Segmentation fault

shell@android:/data/local/tmp $ exit
exit

> adb reboot とりあえず再起動

※ V17R48Aも同様に可能





●docomo 2013春モデル NEXTシリーズ ARROWS X F-02E スペック

2013年2月22日発売

OS Android 4.1.2
CPU NVIDIA Tegra3/1.7GHz(クアッドコア)
ROM/RAM 32GB/2GB
ディスプレイ/解像度 約5.0インチ TFT液晶/1080×1920(FHD)
サイズ 約140×69×10.3mm
質量 約157g
色 Black White
連続待受時間(静止時:3G/LTE/GSM) 約 620時間/約 400時間/約 420時間
連続通話時間(3G/GSM) 約 520分/約 690分
カメラ有効画素数(メイン/サブ) 約 1630万画素/約 130万画素
FOMAハイスピード(受信最大/送信最大) 14Mbps/5.7Mbps
Xi(受信最大/送信最大) 100Mbps/37.5Mbps
バッテリー容量 2,420mAh
外部メモリ対応規格(最大容量) microSD(2GB) microSDHC(32GB) microSDXC(64GB)
WiFi IEEE802.11 a/b/g/n

防水・防塵
スマート指紋センサー
赤外線通信・おサイフケータイ・ワンセグ・NOTTV対応




Tags: [Androidスマホ], [Docomo], [富士通], [Root化]


[HOME] | [BACK]
リンクフリー(連絡不要、ただしトップページ以外はweb構成の変更で移動する場合があります)
Copyright (c) 2013 FREE WING,Y.Sakamoto
Powered by 猫屋敷工房 & HTML Generator

http://www.neko.ne.jp/~freewing/android/docomo_f02e_arrows_x_root/