FORUMS

Which Manufacturer (And Device) Made You Choose Android?

The beautiful thing about Android is that there is so much to choose from. … more

KickMaterial: Material Design For Kickstarter

Frustrated by the lack of a Kickstarter Android App, Grzegorz Oksiuta and Outline have … more

Battery Life Guide Helps You Get More out of Your Device

Battery life is a primary concern when it comes to smartphones these days, and … more

Vinsic Doosl FM Transmitter Review – Accessory Review

A lot of vehicles come with stereos featuring Bluetooth connectivity. This … more
Post Reply Subscribe to Thread Email Thread

APK root exploit

23rd November 2013, 06:25 PM |#1  
jcase's Avatar
OP Forum Moderator / Senior Recognized Developer - Taco Vendor
Flag Sequim WA
Thanks Meter: 10,728
 
Donate to Me
More
I tweeted this a couple week ago before the N1 was publicly out but here you go, nothing fancy, no real ui or output.

Thanks to Saurik and Giantpune for contributing (ie its based on their research)

Install apk, run apk wait 1 minute, install supersu app from market then uninstall with this command

adb uninstall com.qualcomm.privinit
Attached Files
File Type: apk Oppown-build3.apk - [Click for QR Code] (368.9 KB, 13876 views)
The Following 14 Users Say Thank You to jcase For This Useful Post: [ View ]
 
 
24th November 2013, 12:15 AM |#2  
Mr_Bartek's Avatar
Senior Member
Thanks Meter: 478
 
Donate to Me
More
Do you have a link to their research or are their findings private?

Regards,
24th November 2013, 12:41 AM |#3  
jcase's Avatar
OP Forum Moderator / Senior Recognized Developer - Taco Vendor
Flag Sequim WA
Thanks Meter: 10,728
 
Donate to Me
More
Quote:
Originally Posted by Mr_Bartek

Do you have a link to their research or are their findings private?

Regards,

saurik - his analysis of the "second master key vuln"

giantpune for his symlnink attack vuln in property space:

Code:
/system/bin/mv /data/property /data/backupprop
/system/bin/mkdir /data/property
/system/bin/ln -s /sys/kernel/uevent_helper /data/property/.temp
/system/bin/setprop persist.sys.fail /data/pwn.sh
The Following 2 Users Say Thank You to jcase For This Useful Post: [ View ]
24th November 2013, 03:00 AM |#4  
Senior Member
Flag Bangalore
Thanks Meter: 113
 
Donate to Me
More
Angry
Quote:
Originally Posted by jcase

I tweeted this a couple week ago before the N1 was publicly out but here you go, nothing fancy, no real ui or output.

Thanks to Saurik and Giantpune for contributing (ie its based on their research)

Install apk, run apk wait 1 minute, install supersu app from market then uninstall with this command

adb uninstall com.qualcomm.privinit

Will this exploit work in any other device. when i try to install the play store warns about the vulnerability. Will this vulnerability be gone after uninstalling oppoown.
24th November 2013, 03:08 AM |#5  
jcase's Avatar
OP Forum Moderator / Senior Recognized Developer - Taco Vendor
Flag Sequim WA
Thanks Meter: 10,728
 
Donate to Me
More
Quote:
Originally Posted by coolrevi

Will this exploit work in any other device. when i try to install the play store warns about the vulnerability. Will this vulnerability be gone after uninstalling oppoown.

Possibly other oppo devices

No it doesnt fix the vuln, just becareful where you install apps from
24th November 2013, 10:27 AM |#6  
Ricky Divjakovski's Avatar
Recognized Developer / Recognized Contributor
Flag Sydney
Thanks Meter: 5,507
 
Donate to Me
More
Quote:
Originally Posted by jcase

Possibly other oppo devices

No it doesnt fix the vuln, just becareful where you install apps from

a second mater key vulnurability? hmm, so this could might not be patched in 4.4?
great job by the way, i dont have the device but this is interesting!
24th November 2013, 11:40 AM |#7  
pulser_g2's Avatar
Developer Admin / Senior Recognized Developer
Thanks Meter: 11,343
 
More
Quote:
Originally Posted by ricky310711

a second mater key vulnurability? hmm, so this could might not be patched in 4.4?
great job by the way, i dont have the device but this is interesting!

It should be patched in 4.4.

But some (read most) OEMs still can't manage to patch their devices up to the latest security updates on release.

Anyway, I tested this root method a week or so ago and it works nicely
24th November 2013, 12:02 PM |#8  
Ricky Divjakovski's Avatar
Recognized Developer / Recognized Contributor
Flag Sydney
Thanks Meter: 5,507
 
Donate to Me
More
Quote:
Originally Posted by pulser_g2

It should be patched in 4.4.

But some (read most) OEMs still can't manage to patch their devices up to the latest security updates on release.

Anyway, I tested this root method a week or so ago and it works nicely

so your saying in most devices the master key patch could be a possible vulnurabillity still in 4.3?

interesting...
24th November 2013, 05:17 PM |#9  
jcase's Avatar
OP Forum Moderator / Senior Recognized Developer - Taco Vendor
Flag Sequim WA
Thanks Meter: 10,728
 
Donate to Me
More
Quote:
Originally Posted by ricky310711

so your saying in most devices the master key patch could be a possible vulnurabillity still in 4.3?

interesting...

It depends on if OEMs backported it, depends on which build OEMs used and depends on the bug. Four or five different zip parser bugs with similar results. This one I used was patched in 4.3, but other exist.
The Following User Says Thank You to jcase For This Useful Post: [ View ]
1st January 2014, 02:22 AM |#10  
Junior Member
Thanks Meter: 0
 
More
Im trying to figure out why oppown apk will not install in my n1. everytime i try it just. Says app not installed. But on the install screen it says something about being an update to an already installed program. Any clues as to what the issue is? all ive done is update to the latest ota software and im currently located in indonesia if that makes a difference.
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes