Attend XDA's Second Annual Developer Conference, XDA:DevCon 2014!
5,768,635 Members 52,740 Now Online
XDA Developers Android and Mobile Development Forum

APK root exploit

Tip us?
 
jcase
Old
#1  
jcase's Avatar
Forum Moderator / Senior Recognized Developer - Taco Vendor - OP
Thanks Meter 7124
Posts: 3,615
Join Date: Feb 2010
Location: Sequim WA

 
DONATE TO ME
Default APK root exploit

I tweeted this a couple week ago before the N1 was publicly out but here you go, nothing fancy, no real ui or output.

Thanks to Saurik and Giantpune for contributing (ie its based on their research)

Install apk, run apk wait 1 minute, install supersu app from market then uninstall with this command

adb uninstall com.qualcomm.privinit
Attached Files
File Type: apk Oppown-build3.apk - [Click for QR Code] (368.9 KB, 6535 views)
I'm taking a break of an undetermined length. Please don't contact me about exploits

Something important? jcase@cunninglogic.com
Like Android security topics? Join our G+ community -> https://plus.google.com/communities/...07618051049043
My Bitcoin address : 1Newifz6yETTmbziCsZZstmHHPH6ejNr75
The Following 13 Users Say Thank You to jcase For This Useful Post: [ Click to Expand ]
 
Mr_Bartek
Old
#2  
Mr_Bartek's Avatar
Senior Member
Thanks Meter 390
Posts: 1,166
Join Date: Jun 2009

 
DONATE TO ME
Do you have a link to their research or are their findings private?

Regards,
Phone: HTC One M8_UL HBOOT: 3.18.0.0000 Security: OFF
 
jcase
Old
#3  
jcase's Avatar
Forum Moderator / Senior Recognized Developer - Taco Vendor - OP
Thanks Meter 7124
Posts: 3,615
Join Date: Feb 2010
Location: Sequim WA

 
DONATE TO ME
Quote:
Originally Posted by Mr_Bartek View Post
Do you have a link to their research or are their findings private?

Regards,
saurik - his analysis of the "second master key vuln"

giantpune for his symlnink attack vuln in property space:

Code:
/system/bin/mv /data/property /data/backupprop
/system/bin/mkdir /data/property
/system/bin/ln -s /sys/kernel/uevent_helper /data/property/.temp
/system/bin/setprop persist.sys.fail /data/pwn.sh
I'm taking a break of an undetermined length. Please don't contact me about exploits

Something important? jcase@cunninglogic.com
Like Android security topics? Join our G+ community -> https://plus.google.com/communities/...07618051049043
My Bitcoin address : 1Newifz6yETTmbziCsZZstmHHPH6ejNr75
The Following 2 Users Say Thank You to jcase For This Useful Post: [ Click to Expand ]
 
coolrevi
Old
#4  
Senior Member
Thanks Meter 96
Posts: 448
Join Date: Jun 2012
Location: Bangalore
Quote:
Originally Posted by jcase View Post
I tweeted this a couple week ago before the N1 was publicly out but here you go, nothing fancy, no real ui or output.

Thanks to Saurik and Giantpune for contributing (ie its based on their research)

Install apk, run apk wait 1 minute, install supersu app from market then uninstall with this command

adb uninstall com.qualcomm.privinit
Will this exploit work in any other device. when i try to install the play store warns about the vulnerability. Will this vulnerability be gone after uninstalling oppoown.
 
jcase
Old
#5  
jcase's Avatar
Forum Moderator / Senior Recognized Developer - Taco Vendor - OP
Thanks Meter 7124
Posts: 3,615
Join Date: Feb 2010
Location: Sequim WA

 
DONATE TO ME
Quote:
Originally Posted by coolrevi View Post
Will this exploit work in any other device. when i try to install the play store warns about the vulnerability. Will this vulnerability be gone after uninstalling oppoown.
Possibly other oppo devices

No it doesnt fix the vuln, just becareful where you install apps from
I'm taking a break of an undetermined length. Please don't contact me about exploits

Something important? jcase@cunninglogic.com
Like Android security topics? Join our G+ community -> https://plus.google.com/communities/...07618051049043
My Bitcoin address : 1Newifz6yETTmbziCsZZstmHHPH6ejNr75
 
Ricky Divjakovski
Old
#6  
Ricky Divjakovski's Avatar
Recognized Contributor
Thanks Meter 5248
Posts: 3,591
Join Date: Feb 2013
Location: Sydney

 
DONATE TO ME
Quote:
Originally Posted by jcase View Post
Possibly other oppo devices

No it doesnt fix the vuln, just becareful where you install apps from
a second mater key vulnurability? hmm, so this could might not be patched in 4.4?
great job by the way, i dont have the device but this is interesting!
Like my blog on facebook, add me to your circles, follow me on twitter or donate to me with paypal
 
pulser_g2
Old
#7  
pulser_g2's Avatar
Developer Admin / Senior Recognized Developer
Thanks Meter 10712
Posts: 19,248
Join Date: Nov 2009
Quote:
Originally Posted by ricky310711 View Post
a second mater key vulnurability? hmm, so this could might not be patched in 4.4?
great job by the way, i dont have the device but this is interesting!
It should be patched in 4.4.

But some (read most) OEMs still can't manage to patch their devices up to the latest security updates on release.

Anyway, I tested this root method a week or so ago and it works nicely


Having trouble getting an answer? | What is XDA about? | How to ask for help?

if [ $PM.incoming.type = $type.question.ROM.how_to_use ] || [ $PM.incoming.type = $type.question.ROM.silly_question ]; then mv $PM.incoming /.trash; PM.response($responsetype.ignore); $PM.sender.ignore_in_future=true; init.sequence($boy_who_cried_wolf); fi;

BTC: 1K2fpDsRHkirWmk3PKiqtzhVHKUJCWPWnN
PGP: 0x260F4FDEF258E3C4
 
Ricky Divjakovski
Old
#8  
Ricky Divjakovski's Avatar
Recognized Contributor
Thanks Meter 5248
Posts: 3,591
Join Date: Feb 2013
Location: Sydney

 
DONATE TO ME
Quote:
Originally Posted by pulser_g2 View Post
It should be patched in 4.4.

But some (read most) OEMs still can't manage to patch their devices up to the latest security updates on release.

Anyway, I tested this root method a week or so ago and it works nicely
so your saying in most devices the master key patch could be a possible vulnurabillity still in 4.3?

interesting...
Like my blog on facebook, add me to your circles, follow me on twitter or donate to me with paypal
 
jcase
Old
#9  
jcase's Avatar
Forum Moderator / Senior Recognized Developer - Taco Vendor - OP
Thanks Meter 7124
Posts: 3,615
Join Date: Feb 2010
Location: Sequim WA

 
DONATE TO ME
Quote:
Originally Posted by ricky310711 View Post
so your saying in most devices the master key patch could be a possible vulnurabillity still in 4.3?

interesting...
It depends on if OEMs backported it, depends on which build OEMs used and depends on the bug. Four or five different zip parser bugs with similar results. This one I used was patched in 4.3, but other exist.
I'm taking a break of an undetermined length. Please don't contact me about exploits

Something important? jcase@cunninglogic.com
Like Android security topics? Join our G+ community -> https://plus.google.com/communities/...07618051049043
My Bitcoin address : 1Newifz6yETTmbziCsZZstmHHPH6ejNr75
The Following User Says Thank You to jcase For This Useful Post: [ Click to Expand ]
 
trickraca
Old
#10  
Junior Member
Thanks Meter 0
Posts: 2
Join Date: Dec 2006
Im trying to figure out why oppown apk will not install in my n1. everytime i try it just. Says app not installed. But on the install screen it says something about being an update to an already installed program. Any clues as to what the issue is? all ive done is update to the latest ota software and im currently located in indonesia if that makes a difference.

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes