Tim

I haven't played with this on x86 yet unfortunately, although it's definitely exploitable. I believe @clevcode or @nativeflow might be able to provide you with a working example.

I tried @geekben's towelroot code but couldn't get it to work in a kali and ubuntu precise vm :(

https://github.com/hyln9/VIKIROOT but it requires a vdso region.

What version of Android? I've bricked a phone or two from this but never >= 6.0. Sometimes you can re-flash them :)

Even without SELinux you can't execute /system/bin/run-as if you're not shell (2000) or root: `-rwxr-x--- 1 root shell u:object_r:runas_exec:s0 17944 2009-01-01 03:00 /system/bin/run-as` APKs have a uid > 10000 but...

The exploit works fine within termux but this repository is designed to work via adb. The `run-as` binary is not accessible within termux.

Try vikiroot. I'm interested to know how you get on. https://github.com/hyln9/VIKIROOT

?

Add the ndk directory to your PATH

Can you try use armeabi version of run-as? Everything else should be armeabi-v7a