Is there any updates regarding A5Pro CC rooting? I am following this process with great interest
TL;DR I've tried a few different methods, slowly getting closer to root by process of elimination.
Also, if anyone wants to help, go to the
Android Security Bulletin and check for any vulnerabilities with "High" severity, and a type of "EoP" that were posted later than June 5, 2020. If it doesn't say EoP, copy the vulnerability name ("CVE-XXXX-XXXXX") and search for it online. If it mentions privilege escalation, memory access, use-after-free, arbitrary code execution, or something similar, post it here
So far, not much. However I'll write about exactly what I'm trying to use to achieve root so more people can help. Firstly, the latest update for the phone that I know about uses the Android security patch for June 5, 2020. So, I've been looking for any privilege escalation exploits in the Android Security Bulletin that were posted later than that, meaning they're not patched on our phones.
After some research, I stumbled upon CVE-2021-28663, a security vulnerability on Mali GPUs that allows for full read-write memory access. The problem though is that the memory is read-only from the CPU, so only programs running on the GPU have full write access. There is a proof-of-concept script
here, which seems to work on this phone, telling me that the phone is in fact vulnerable. A translation of the original white paper that describes the vulnerability (originally in Chinese) can be found
here, and it has tons of useful information, especially the fact that the author said he gained root privileges using the exploit. The hard part is having a program execute on the GPU.
The author used OpenCL, however it turns out that the Hisense A5 Pro does not support it, and while looking for alternatives I found OpenGL and Vulkan. OpenGL doesn't have any way to write arbitrarily to memory, so I looked at Vulkan instead, which turned out to have an extension,
VK_EXT_buffer_device_address
, that let's us do just that. To my dismay, after spending many hours trying to get a Vulkan program to exploit this vulnerability, I learned that our phone doesn't support the
VK_EXT_buffer_device_address
extension, and thus Vulkan wouldn't work.
Now I'm trying to find another way to have our code execute on the GPU, and I've been reading through the Mali driver source code (available here) to find a way to do so. I plan to try to message the author of the original exploit, as well as some developers here on XDA that have successfully gained root via similar exploits.
In the mean time, if you can help with the programming and kernel-related stuff that would be awesome, otherwise, if you can find, or know of any other exploits that can be used, please let me know. The best way is to go to the
Android Security Bulletin and check for any vulnerabilities with "High" severity, and a type of "EoP" that were posted later than June 5, 2020. If it doesn't say EoP, copy the vulnerability name ("CVE-XXXX-XXXXX") and search for it online. If it mentions privilege escalation, memory access, use-after-free, arbitrary code execution, or something similar, post it here!