(No progress yet)Root dev for Galaxy S9 Plus SM-G965U (Snapdragon)

[joeldf]

Not sure, maybe he is referring to this https://www.bleepingcomputer.com/ne...roid-zero-day-impacts-google-samsung-devices/

That does appear to be a possibility.

 

[petiolarissean]

thought this make your day

 

[Heathmcdonald]

@partcyborg it's called Qualpwn I don't remember the cve number or whatever but either way the August update is the patch, they pushed it hard so most people probably took the update.

---------- Post added at 07:56 PM ---------- Previous post was at 07:55 PM ----------

Tencent blade found it. As far as what I would do, I would write a script or at least a write up on xda about how to gain root with this exploit. Sorry I was not clear but it was an ongoing dialog between myself and whoever it was.

 

[ve6ay]

Unfortunately my phone didn't let me postpone the August or September updates beyond about 4 days, and did it automatically while I was asleep. So I'm stuck on September 24 patch here Telus in Canada. That's why I'm hoping one of those two might help.

 

[partcyborg]

@partcyborg it's called Qualpwn I don't remember the cve number or whatever but either way the August update is the patch, they pushed it hard so most people probably took the update.

---------- Post added at 07:56 PM ---------- Previous post was at 07:55 PM ----------

Tencent blade found it. As far as what I would do, I would write a script or at least a write up on xda about how to gain root with this exploit. Sorry I was not clear but it was an ongoing dialog between myself and whoever it was.

The most you could possibly get from something like this is a temporary root shell that would cause your phone to kernel panic the moment you did anything remotely interesting with it. Just getting a root shell is not "game over" like it used to be, there are numerous layers of security both in and above the kernel that are specifically designed to prevent ill-gotten ring 0 access from being able to fully compromise the device.



Would it be impossible given arbitrary memory access to disable those systems? Most definitely not, but it would be an exercise beyond my abilities. Even for someone capable of doing so, we would likely be talking about weeks-months of work to have something stable enough for daily use, not the kind of thing you can just ask someone to do as a favor.

 

[Heathmcdonald]

The most you could possibly get from something like this is a temporary root shell that would cause your phone to kernel panic the moment you did anything remotely interesting with it. Just getting a root shell is not "game over" like it used to be, there are numerous layers of security both in and above the kernel that are specifically designed to prevent ill-gotten ring 0 access from being able to fully compromise the device.



Would it be impossible given arbitrary memory access to disable those systems? Most definitely not, but it would be an exercise beyond my abilities. Even for someone capable of doing so, we would likely be talking about weeks-months of work to have something stable enough for daily use, not the kind of thing you can just ask someone to do as a favor.

OK, if you say it's above your ability then I give. the stuff you pulled off with s8 was much more complicated than anything else I've ever seen so I'm just going back to s8, I have a really good condition s9 if anyone is interested lol