Quote:
Originally Posted by neil_swann80
I'm curious as to why it's not working on the InkPad Color 3 (pb743).
From how I understand the jailbreak to function it first unpacks the binaries "jailbreak" and "su" to /var/tmp, then uses the jailbreak binary (some weird voodoo exploit by sending a buffer to an IPC queue) to change permissions on /mnt/secure, then copies the su binary to this location (making further permissions to this newly situated su binary).
The most obvious failure point would be in setting permissions for /mnt/secure.
I've added a few lines to the jailbreak.app file to provide a simple dialog message that tests for the presence of the files and the required permissions. Could someone experiencing the failure try running it and report back? (They should only show if the root process fails)
|
Thanks for your suggestions.
On my Inkpad Color 2 (not Color 3) the checks for /mnt/secure are failing.
Quoting from the script...
Code:
/tmp/jailbreak "/bin/chattr -i /mnt/secure;/bin/chmod 755 /mnt/secure;cp -f /tmp/su /mnt/secure/su;/bin/chown 0:0 /mnt/secure/su;/bin/chmod 4755 /mnt/secure/su;/bin/chattr +i /mnt/secure/su;/bin/sync;/sbin/reboot"
... it seems that the very first command fails, because:
Code:
ls -l /bin/chattr
ls: /bin/chattr: No such file or directory
So I wanted to copy the chattr-binary from another Pocketbook device, but there it's just a symlink to /bin/busybox. So I tried to also just make a symlink on the Color 2, but it seems that the busybox version is built without it.
Code:
ln -s /bin/busybox /tmp/chattr
/tmp/chattr -i
chattr: applet not found
Code:
busybox --list
[
[[
arp
ash
awk
base64
basename
bunzip2
bzcat
bzip2
cat
catv
chgrp
chmod
chown
chroot
cksum
clear
conspy
cp
cut
date
...
So I copied the busybox-binary from the other device, but still no luck:
Code:
/var/tmp/su /tmp/chattr -i /mnt/secure
chattr: reading flags on /mnt/secure: Permission denied
Maybe I'll find time to try again later