10 comments

[ 3.1 ms ] story [ 26.0 ms ] thread
In Geohot fashion this has an accompanying domain: http://towelroot.com/

Towelroot uses the Futex vuln disclosed June 2, 2014. There's been a running bet on who would be the first to roll this bug into a one-click root for Android

Right, I was just going to post that -- it's CVE-2014-3153, why is the article claiming "Towelroot is based on an hardware exploit, so it could not be fixed with a software update."?

Edit: this looks like a pretty bad vulnerability for samsung owners (or all android devices with an unpatched kernel) - any app could silently root your phone?

Confirmed it to be mostly working on a Nexus 4 running 4.4.3. Only issue I'm having is that it won't let me update the supersu binary properly but other than that it works. I just got back App Ops with it.
Why do you even need to root a Nexus 4? It just lets you unlock / root it out of the box with no more effort than plugging in a usb cable and installing fastboot/adb.
You get to keep all your data since unlocking bootloader will wipe everything.
That's what `adb backup -apk -shared -all` is for. Rootless data and app backup that can be restored after a wipe
Didn't restore most stuff for me (especially SMSs and calls) last time I tried it on my N4.
You don't need root to backup restore either of those -- but both are system apps, that's why their data isn't in an adb backup.
Yep that's also why I did it this way. That way someone can't get in via the bootloader to grab any data if the phone is stolen.