We can't use hardware hacks similar to this to force loading official kit Kat with root? http://xdaforums.com/showthread.php?t=2690033
Sent from my SM-N900V using XDA Free mobile app
Sent from my SM-N900V using XDA Free mobile app
Ideas for rooting our phones
- Thread starter eragon5779
- Start date
- Status
http://www.androidpolice.com/2014/0...-patches-7-more-vulnerabilities-some-serious/
Sent from my SM-G900V using XDA Premium 4 mobile app
Sent from my SM-G900V using XDA Premium 4 mobile app
We've discussed this already. Heartbleed has no path to privilege elevation, it can only be used to steal your personal data.
I understand that its been talked about but maybe something new can come out of this considering they just found 7 more vulnerabilities.. maybe you should actually take a look at the link instead of shooting me down. Ignorance is bliss, smh
Sent from my SM-G900V using XDA Premium 4 mobile app
Obviously you're taking the ignorance is bliss concept to the next level. Before you start getting all butthurt maybe you should do some research. Heartbleed is a meant to steal sensitive information. None of the discovered vulnerabilities have anything to do with privilege escalation. The one described in the article is a man-in-the-middle. Nothing to do with gaining root, everything to do with intercepting large amounts of data. Here's their description- "OpenSSL’s ChangeCipherSpec processing has a serious vulnerability. This vulnerability allows malicious intermediate nodes to intercept encrypted data and decrypt them while forcing SSL clients to use weak keys which are exposed to the malicious nodes.
There are risks of tampering with and exploits on contents and authentication information over encrypted communication via web browsing, E-mail and VPN, when the software uses the affected version of OpenSSL."
Make sense? Heartbleed just isn't for exploiting an OS in the way we need. That's why this isn't worth persuing.
AND that whole thing is referring to openssl which has nothing to do with us.
Sent from my SM-G900V using Tapatalk
Last edited:
Everybody, please stop arguing and bashing each other. We won't get anywhere this way. It's the reason this thread got closed last time.
Sent from my white SM G900V on XDA Premium 4
Sent from my white SM G900V on XDA Premium 4
Last edited:
This thread was never closed, but I agree about the bashing part. Blah, it's just getting to a sad point where people are extremely frustrated with not having root while the HTC trolls brag about switching (which ew, I'm never switching regardless of root). There are people out there working on this, again they're silent. Then there's the extreme negativity since we're coming up on the 2 month mark of the phone being released and people saying it'll never get done. Ugh, either contribute to possible exploits (read through forums first to see if it has been asked because it IS annoying seeing 5 people post the same link) or just sit here patiently waiting like most of us have been and being respectful to each other.
:thumbup:Sent from my SM-G900V using XDA Free mobile app
I think the thing is everyone see the word "vulnerability" and all of a sudden gets over excited without reading into what it actually is. I'll admit it, i've done it before but i've learned to just read and keep my mouth shut unless something flat out says "this will work for xyz"
A lot of articles don't say "this will work for xyz". Also a lot of people(like me) don't know what to look for, so we are at least trying to help by maybe finding something useful.
On the other note... I sell cell phones where I work, I had a Samsung rep come in and I asked him why they locked the GS5 down from being able to root.
I could tell he legitimately didn't know the answer, but after I told him about the bounty and what not he told me he knows a few guys higher up and he'll relay any info he can get to me, hope it will be something useful.
Also if I may ask, when we do a recovery on our phone(to wipe all data) does it reinstall any apps as far as something with escalated privileges?
On the other note... I sell cell phones where I work, I had a Samsung rep come in and I asked him why they locked the GS5 down from being able to root.
I could tell he legitimately didn't know the answer, but after I told him about the bounty and what not he told me he knows a few guys higher up and he'll relay any info he can get to me, hope it will be something useful.
Also if I may ask, when we do a recovery on our phone(to wipe all data) does it reinstall any apps as far as something with escalated privileges?
Last edited:
Tell him if he gets you the keys or something that achieves the root, and you get to collect the bounty, he can have some of it.
By xyz i meant specific device not like kernel version. It's a tough nut to crack regardless.
Now by recovery you mean a wipe data/factory reset? If yes, then the answer is no, nothing is reinstalled. it would be as if it was fresh out the box.
Lol he's probably going to tell his higher ups about it to see our 'progress' and keep any eye up for patches
Sent from my SM-G900V using XDA Free mobile app
If we don't update our phone how will the "patches" effect us? On top of that I didn't tell him where the bounty was coming from.
Heartbleed could technically unlock the bootloader, see the last posts in this thread: http://xdaforums.com/showthread.php?t=2500826
Using heartbleed to hypothetically hack Samsung for the keys is not the same as using it to unlock the bootloader. Here's one quote from the link you provided that talks about this.
Yes but It would allow you to make signed unlocked bootloader
Sent from my SCH-I545 using Tapatalk
I'm no dev but I think it would allow us to flash a developer s5 bootloader by changing the required aboot fuse number.
The problem is that there is no key exchange over the wire to intercept. The public keys and cert is local, and the private key along with its passphrase is never sent to the phone. At least that's my understanding of the protocol, and how its used for signing things. Without the private key and associated passphrase I think your out of luck. I do believe that parts related to heartbleed could help, if the pc generating the private key was affected that could make guessing/brute forcing take alot less time. But I'm sure by any calculation, given the info available, will still take longer than anybody wants to dedicate a high power cpu(or multiple cpus and/or gpus) for. It doesn't take a dev to brute force, or do the math, so if you have the hardware you have just as much a chance at brute forcing as anyone. Honestly most developers I know don't really know too much about SSL, they rely on sysadmins to setup SSL offloading and just hope everything works right, unless its something they specialize in.
Sent from my SM-G900P using XDA Free mobile app
- Status
Similar threads
Top Liked Posts
-
There are no posts matching your filters.
-
8General Info on Rooting
Since there seems to be a lot of confusion about what rooting Android takes, I thought I'd answer a few FAQs.
Rooting is all about breaking a chain of trust. The tablet is designed to never run any code as root that does not have a digital signature by Samsung (or an authorized partner). When installing or upgrading Android on the tablet, it checks that it was digitally signed by Samsung before installing it. (This is the "locked bootloader". Unlocked bootloaders may warn you, but will let you install unsigned code.)
Programs that run as root are started from scripts that you have to have root to modify. Programs that transition from a non-root user to a root user (SUID [set user id] root) are designed to not allow you to do anything that would enable you to get root permanently.
Updates to system apps (like the Play store) have to have the correct digital signature, or they'll be rejected.
You can't fake the signature. Maybe the NSA can, but you can't. You can't modify any signed file without breaking the signature -- that's the whole point. If you actually have found a way around it, you're going to be very famous.
Rooting relies on oversights. For example, my old Droid X had a program that would copy files as root but could be run by any user. You just used it to replace some system files and you're done. The newer exploits are much more sophisticated, but the general principle is to get an existing root program to run one of yours, or get it to do something on your behalf that lets you run your own root program.
Once you have obtained root by some method, you install Superuser or Super SU. They provide a program called "su" (super user) that lets you or apps get root privileges. This creates a problem because you don't want any random app to just run su and take over your phone. These SU apps only grant SU after presenting you the option to reject it. This is just a security measure. You could create a SUID program that wouldn't ask, but it would let anything on your phone do anything.
You have to have root before installing Super SU because setting the SUID root flag requires root -- catch 22. Super SU is just to provide persistent root access and to manage it.
Any other questions or corrections are welcome.5Dude we've already got a thread for all things root/recovery/bootloader
http://xdaforums.com/showthread.php?t=27141405
If it was that easy we all would be rooted and unlocked and there would never of been a bounty. Not trying to be rude, but next time try and read through the forums first. You asked the question here and in the Bounty thread and while its perfectly fine. it's been stated more times then i have fingers and toes. At this point i think the only way we will get this is to let exploits be found by top end security experts and let them try. Any and all work that is being done is on a "shhhhh" basis at the moment. Just be patient and read the threads daily for updates. You'll learn a lot more.
Again not trying to be rude, just helpful4
I posted the System.map a few posts above.
Also I have the start addresses, sizes, signiture locations/size/address and type info for the signed bootloaders if youd like to add them to the partition info page.
Sent from my SCH-I545 using XDA Premium 4 mobile app
New posts
-
Development [ROM][14.0_r30][venus][OFFICIAL] Evolution X [04/16/24]- Latest: LostAndDead
-
-
-