DirtyCow Test

YassGo · Nov 4, 2016 at 11:31 AM

Did you read all the answers or just the OP ?

michaelagaudio · Jan 30, 2014 20 2 0

I just read through it again. I was getting overly excited and skimming a lot.

I figured out what I needed to figure out on my own. Offer rescinded, I guess. I had an RS988 that was being mucked up by rent-a-center lock. I used Debloater to disable *right* after removing from phone admins...deleted some files/folders with permissions admin(partially cool program), .........I had been wanting to delete the persistant folders, etc.

nalf3in · Nov 6, 2016 at 4:06 AM

Also interested

If there's still any dev looking to root the g5, I also volunteer to try with my device ( h831)

oranget · Nov 12, 2016 at 4:05 PM

Looks like a dead issue now...

ExtraDan · Nov 12, 2016 at 5:43 PM

rest in spaghetti, we tried, well at least they.

henryjumbo · Nov 2, 2014 38 13 0

Guys please don't give up.... we must:

ExtraDan · Nov 18, 2016 at 3:36 PM

Warboy · Nov 20, 2016 at 9:56 PM

On the Sprint G5, couldn't we use this to pull the Android 7.0 update file, modify it, replace it and then let it install since it wouldn't be able to revert?

SilverZero · Nov 21, 2016 at 1:01 AM

Warboy said:
On the Sprint G5, couldn't we use this to pull the Android 7.0 update file, modify it, replace it and then let it install since it wouldn't be able to revert?

Seems to me it wouldn't flash in the first place because as soon as you modify it you break the signature. If it was going to be that easy somebody would have done it with a previous OTA.

Warboy · Nov 21, 2016 at 1:35 AM

SilverZero said:
Seems to me it wouldn't flash in the first place because as soon as you modify it you break the signature. If it was going to be that easy somebody would have done it with a previous OTA.

we couldn't do it with previous OTAs because it required root permissions to write the file to my knowledge since it's not stored in the user partition.

The OTA file should have less security on it than a TOT file.

SilverZero · Nov 21, 2016 at 1:38 AM

Warboy said:
On the Sprint G5, couldn't we use this to pull the Android 7.0 update file, modify it, replace it and then let it install since it wouldn't be able to revert?

Warboy said:
we couldn't do it with previous OTAs because it required root permissions to write the file to my knowledge since it's not stored in the user partition.

The OTA file should have less security on it than a TOT file.

Isn't the file still signed? And wouldn't modifying it at all break the signature? And isn't the big issue at hand that the bootloader won't flash an unsigned image?

Warboy · Nov 21, 2016 at 1:51 AM

SilverZero said:
Isn't the file still signed? And wouldn't modifying it at all break the signature? And isn't the big issue at hand that the bootloader won't flash an unsigned image?

Well, A update would trigger a refresh of all signatures wouldn't? especially a major version update. So if we can modify the update enough to force our signatures?

SilverZero · Nov 21, 2016 at 1:52 AM

Warboy said:
Well, A update would trigger a refresh of all signatures wouldn't? especially a major version update. So if we can modify the update enough to force our signatures?

Ah, well now you're over my head, so... maybe?

henryjumbo · Nov 22, 2016

Do you mean like some type of "man-in-the-middle" method? I would guess that the device is set to retrieve a signed update and if a modified or unsigned update is created the lock bootloader would cease to load the suspected update.

I wonder if it would be possible to use DirtyCow exploit to unlock the bootloader with some kind of Loki hack?

Top Devices

New Devices

Topics

Search

DirtyCow Test

YassGo

Senior Member

michaelagaudio

Member

nalf3in

Member

oranget

Senior Member

ExtraDan

Senior Member

henryjumbo

Member

ExtraDan

Senior Member

Warboy

Senior Member

SilverZero

Senior Member

Warboy

Senior Member

SilverZero

Senior Member

Warboy

Senior Member

SilverZero

Senior Member

henryjumbo

Member

New posts