Hello everyone!
So today something that could potentially let users flash/unbrick their phones using the current MSM Download tool came to my mind.
I'm also very sorry if this is the wrong place for this, i'm new to xda.
So as you might know for Realme phones there are people who have authorized account out there and once you pay them they will connect to yoprur computer and then start flashing ocess, online with no verification. I even tried getting my phone flashed but due to them not flashing twice if one package doesn't work my device was bricked (I have A.xx variant and i tried getting B.xx flashed) and i had to send to service center to wait for unbricking process which took over a month, yes you heard it right! They couldn't even repair it with software flashing so they had to replace the whole motherboard.... At least i'm grateful i didn't have to pay for motherboard replacement and it was considered in-warranty.
So yes, again let's go back to our topic and my idea.
What came to my mind is, what happens if i create a virtual machine using VMWare, get an authorized account to login to the application then cut connection of that TeamViewer connection and immediately "Save current state of VM" after someone logs in. Would that account be still logged in? This VM can also be shared with it's own folder as far as I know too! Is there a verification after you login to the app? As far as i know there's only a verification while you login to the app and there isn't anything afterwards which i think is also illogical to do so.
I know and i'm aware Realme can patch this possible "vulnerability" overnight because on the server side, literally everything depends on them (I really hope they don't) but thanks to their habit of not caring about development, releasing broken kernel sources and not even providing official bootloader unlock (even after nearly a year in my case) has come to a point where it's irresistably annoying for me so i decided to think of possible ways to maybe bypass the verification part of the application so that they can flash a firmware as their liking.
It's Android! It had to be free! It had to be allowed to do these type of stuffs to your Android phone! Why? Why? Why Realme?!
So today something that could potentially let users flash/unbrick their phones using the current MSM Download tool came to my mind.
I'm also very sorry if this is the wrong place for this, i'm new to xda.
So as you might know for Realme phones there are people who have authorized account out there and once you pay them they will connect to yoprur computer and then start flashing ocess, online with no verification. I even tried getting my phone flashed but due to them not flashing twice if one package doesn't work my device was bricked (I have A.xx variant and i tried getting B.xx flashed) and i had to send to service center to wait for unbricking process which took over a month, yes you heard it right! They couldn't even repair it with software flashing so they had to replace the whole motherboard.... At least i'm grateful i didn't have to pay for motherboard replacement and it was considered in-warranty.
So yes, again let's go back to our topic and my idea.
What came to my mind is, what happens if i create a virtual machine using VMWare, get an authorized account to login to the application then cut connection of that TeamViewer connection and immediately "Save current state of VM" after someone logs in. Would that account be still logged in? This VM can also be shared with it's own folder as far as I know too! Is there a verification after you login to the app? As far as i know there's only a verification while you login to the app and there isn't anything afterwards which i think is also illogical to do so.
I know and i'm aware Realme can patch this possible "vulnerability" overnight because on the server side, literally everything depends on them (I really hope they don't) but thanks to their habit of not caring about development, releasing broken kernel sources and not even providing official bootloader unlock (even after nearly a year in my case) has come to a point where it's irresistably annoying for me so i decided to think of possible ways to maybe bypass the verification part of the application so that they can flash a firmware as their liking.
It's Android! It had to be free! It had to be allowed to do these type of stuffs to your Android phone! Why? Why? Why Realme?!
