Features for non-rooters:
- Securely patch the exploit
Features for rooters:
- Root the device (SuperSU v0.99)
- Enable/disable the exploit at will
- Enable/disable patching the exploit at boot
- Unroot and cleanup (optionally leaving the exploit patch at boot in place)
Please note that patching the exploit may break camera functionality, depending on device and firmware. Also note that if use the patch method without rooting, or keep patching the exploit at boot enabled when unrooting, you need an alternate method to re-root the device to disable this feature (like CF-Auto-Root) - you cannot use ExynosAbuse to do this since it patched the exploit. Unlike other patch authors, I do not believe in keeping an invisible rooted process running in the background while pretending you aren't rooted, to be able to unpatch this way.
While the exploit patches work (aside from possibly disabling your camera), these are more work-around than actual fixes. A proper patch would be a kernel fix, either from a third party or Samsung themselves (hopefully one day...)
My method vs Supercurio, RyanZA
Mine is the only one that is secure. Both Supercurio's and RyanZA's method leave you with easily exploitable holes any serious malware author will abuse. More details http://forum.xda-developers.com/show....php?t=2053824
For more details on the exploit itself, see this thread: http://forum.xda-developers.com/show....php?t=2048511. The exploit is used by this APK in unmodified form. You should be very afraid of this exploit - any app can use it to gain root without asking and without any permissions on a vulnerable device. Let's hope for some fixes ASAP !
If your camera keeps working depends on your device/firmware combination. Affected are mostly the SGS3, but there is good news too, there is a potential fix here: http://forum.xda-developers.com/show....php?t=2052675 SGS3 I9300 ONLY. It seems to work for a number of people. It replaces some system libraries with libraries from a different firmware version that does not rely on /dev/exynos-mem. Do not attempt this unless your camera actually breaks due to the exploit, and beware it may cause you to have to reflash your firmware. Also beware that even though this change will not prevent OTAs from downloading, it can possibly prevent OTAs from flashing succesfully.
Using this patch may turn your device status into modified. There's not really a proper solution to that at the moment, but you can restore status by removing the patch (and SuperSU) again and rebooting your phone. This will however leave you unprotected again. Doing all sorts of weird stuff (like for example wiping data) to get rid of this modified status while you're still have the patch applied at boot or keep SuperSU around, is an exercise in futility. If you want to go ahead and do that, that is fine, but do not litter my thread with your comments. Because eventually, the modified status is likely to return
(If your device isn't listed it could still be both compatible with the exploit as well as this fix !)
Samsung Galaxy S2 GT-I9100
Samsung Galaxy S3 GT-I9300
Samsung Galaxy S3 LTE GT-I9305
Samsung Galaxy Note GT-N7000
Samsung Galaxy Note 2 GT-N7100
Samsung Galaxy Note 2 LTE GT-N7105
AT&T Galaxy Note 2 SGH-I317
Verizon Galaxy Note 2 SCH-I605 both locked and unlocked bootloaders work
Samsung Galaxy Camera EK-GC100
Samsung Galaxy Tab Plus GT-P6210
Samsung Galaxy Note 10.1 GT-N8000, GT-N8010, GT-N8013, GT-N8020
Google Nexus 10 not compatible, Exynos5
Post in this thread if you have a device to add.
I'm not sure if this APK will work right on Android 2.x devices (not tested yet), doesn't mean the exploit doesn't work. So if you're on Android 2.x and this APK doesn't work for you, try doing the exploit manually.
Please do not redistribute, link to this thread instead
(v1.00: 3786; v1.10: 6397; v1.20: 12004; v1.30: 14480)