exploit

I've been browsing your forum for years and I thought it might be time I actually registered and contributed a bit. Currently I'm fiddling with a Moto E 2020 bought last year for like 90€ after using a NGM DR3C since 2014 (ironically paid almost twice). The NGM isn't compatible with latest phone...

I have some idea about unlocking the bootloader OEM unlock menu but i don't know if we are able to. The new system shell exploit allows us to set properties, if we can set read only system properties by using an ARM binary compiled with the ndk we might be able to unlock the oem unlock menu...

SMT Shell v2.0 GitHub: https://github.com/BLuFeNiX/SMTShell Hi everyone! After seeing the recent controversy over a similar tool, I have decided to maintain my own version of the Samsung system shell exploit, targeting CVE-2019-16253. Original CVE: CVE-2019-16253 What does it do? This tool...

***MODERATOR ANNOUNCEMENT: THREAD CLOSED*** @K0mraid3 you are hereby required to provide proper credit in your OP as follows: Link the assigned CVE for this exploit as it mentions the author's blog and GitHub, OR Link the original research repo as provided by @flanker017 Further, while you...

I was just wondering if there is a method or exploit for rooting this specific device? I don't understand how RootChecker says the device is rootable but there's no guide to one. I have already asked the user afaneh92 who does the UNSAMLOCK service and apparently my BootLoader version is at 7...

In what ways does having an unlocked bootloader make it easier for governments and (other) criminals to get into your device or data? Lots of people say "naaaaa it's not less secure, unlock your bootloader man... the data is ENCRYPTED" I know back in the day someone could just flash TWRP and...

In what ways does having an unlocked bootloader make it easier for governments and (other) criminals to get into your device or data? Lots of people say "naaaaa it's not less secure, unlock your bootloader man... the data is ENCRYPTED" I know back in the day someone could just flash TWRP and...

Is there any one click rooting tools that work with Android 9 - 11? Preferably 10 - 11. I want to root my droid (I have an AT&T LG G8 Thinq) and I don't want to unlock my bootloader. Please don't say "C'mon dude just unlock your bootloader", I'm looking for an actual answer(s) here. Spyware or...

Is there any one click rooting tools that work with Android 9 - 11? Preferably 10 - 11. I want to root my droid (I have an AT&T LG G8 Thinq) and I don't want to unlock my bootloader. Please don't say "C'mon dude just unlock your bootloader", I'm looking for an actual answer(s) here. Spyware or...

Can someone please post, or is there a way I can find out what kernel version comes with each update on the a71?? Only certain kernel versions work with the exploit (5.10). So, I'm thinking to update my a71 to current updates... IF the current updates come with newer kernel? theres a new...

Devices & Linux Versions I or other Testers have Successfully Gained Root on: (Likely All) MTK CPU Based Android devices UP TO 11 (Maybe 12? I haven't tested) (I.e LG, Sony, Select Samsung devices) Android Devices with LINUX KERNEL VERSIONS - 5.8 - 4.14 - Maybe More? (Needs Testing) -THIS GUIDE...

Hi, I am using msfvenom, on Kali, to embed a payload in an app. When the app launches it starts the backdoor reverse_tcp service which connects to my session. Once I have a meterpreter session I try to run a shell script, in the background, to constantly try and reconnect when/if the app...

Introduction: This is an exploit chain intended to allow one to run a custom OS/unsigned code on the Chromecast with Google TV (CCwGTV). This uses a bootROM bug in the SoC by security researcher Frederic Basse (frederic). Frederic also did a great amount of work to temporarily boot a custom...

Thanks to: chaosmaster / k4y0z: GitHub / XDA xyzz / xyz`: GitHub / XDA Dinolek: GitHub / XDA How to install: 1. Download the attached file: VD171_MTK-bypass.zip. 2. Extract the file and open the folder. 3. Run and install python: python-3.9.1-amd64.exe. Keep atention: You need to select...

Thanks to: chaosmaster / k4y0z: GitHub / XDA xyzz / xyz`: GitHub / XDA Dinolek: GitHub / XDA How to install: 1. Download the attached file: VD171_MTK-bypass.zip. 2. Extract the file and open the folder. 3. Run and install python: python-3.9.1-amd64.exe. Keep atention: You need to select...

/* * I'm not responsible for bricked devices, dead SD cards, thermonuclear war, or you getting fired because the alarm app failed (like it did for me...). * Please do some research if you have any concerns about features included in the products you find here before flashing it! * YOU are...

Can we use CVE-2019-2215 exploit to gain root? The bug: https://bugs.chromium.org/p/project-zero/issues/detail?id=1942 POC code (probably could be used for root at least? I think unlocking is writing out a bit to a partition...so...)...

It seems like everyone is writing off unlocking the bootloader by means of an exploit rather than an official code. Why is that? Is there anybody working on the bootloader now? I remember back in the day the it was basically a given that there would be an exploit developed for a high end...

Basically, there has been an app ported to Android that allows even unrooted(stock) devices to deliver a bootrom exploit to the Nintendo Switch via USB-OTG and a USB cable (or C-to-C). USB 3.0 (xHCI) devices have no issues and deliver the exploit just fine. Apparently it is not even a USB 2.0...

With a lot of work scrounging around, I've found all the pieces that fit making a jail-broken OS boot-ready Surface RT. As of Now like 5 or 6 years after it's release, there still doesn't seem to be a OS prepared to run on the Surface RT, but maybe if this thread gets enough popularity someone...

My professor at University said that he and his friend found exploit on s8 iris scanner that lets anyone unlock phone. Simple explanation he gave us is that they managed to bypass whole process of comparing and at that it will when iris scanner starts process it will always result in match. So...

I was wondering if anyone can explain to me where the charging history and battery history are stored? Obviously it is something separate from the system partition because it keeps its history through upgrades and off charging. That is my first question. My second is if anyone is aware of...

Because I never rooted my H918 and the replacement from T-Mobile insurance for bootloop issue came with H91810Q already installed, I have been looking for a way to possibly gain root access. Because an exploit will be needed for now, though there is some interesting looking work with modifying...

Well, I need to find some user-ready exploit which's able to remove PXN (Privilege Execute-Never) and give me temp root access. I think it should be based on one of these vulnerabilities: CVE-2015-0570 (stack overflow vulnerability in Qualcomm WEXT) CVE-2015-3636 (vulnerability in ping_unhash...

Hi all, As you already know, in the last quarter of 2016 bug/vulnerability was explored called "DirtyCow" which was in Linux Kernel for 9 years Google fixed the vulnerability in upstream devices with latest security bulletins but the vulnerability is still affecting billions of devices (from...

I wanted to get into development for an HTC device, but S-OFF is not available. How does he whole S-OFF/ON thing work? Is it a setting in a write-protected config file? A setting in a hash-verified file? A setting in a firmware file? Not a file? Thanks for your help guys!

Recently, an exploit to the Linux kernel called "dirty cow" was released. If I understand correctly, it does not allow for temp root because SELinux blocks access to some system resources, even if the shell is running as root. However, would the root shell be privileged enough to grab a copy...

Hi there. After much fuss all around the internet I decided to ask here - what about this phone, will it work, what about Knox? Found this https://www.reddit.com/r/Android/comments/591dim/using_rowhammer_bitflips_to_root_android_phones/d9565xf/ on Moto forum, anyone tried it?

Is it possible root Galaxy A5 (2016) without triggering knox flag if exploit like Dirty Cow is used? If yes, so how?

Looking through the June security bulletin and found this https://www.exploit-db.com/exploits/39921/. I downloaded it from the source, and it cam with a compiled PoC. I ran it and it seemed to work, but I don't know exactly what it is doing. Here is a log of what the code gives me after being...

I can't find anything that says this was patched, here's the original thread http://forum.xda-developers.com/showthread.php?t=2338327 The only problem I can find is that the hidden menu doesn't display the WLAN Test to get this to work. Can someone please help?

Hey guys. Me and a couple of other users have started a google hangouts chat, but none of us have any true experience with java/hex/kernel coding/looking for exploits. If you are someone who has any experience in java/hex/kernel coding/looking for exploits, PLEASE respond to this with your...

This root tool is uses the CVE-2015-1805 vulnerability Originally developed by zxz0O0 for Sony Xperia Devices, to Backup TA partition before unlock bootloader Original Thread: http://forum.xda-developers.com/crossdevice-dev/sony/iovyroot-temp-root-tool-t3349597/ Tested, and working on: *...

So the bootloader unlock exploit has been released today, link to the PDF detailing it here, and the Galaxy S5 on Verizon was bootloader unlocked. The paper describes that any phone with Samsung eMMC is vulnerable to the exploit, so that extends to the Note 3, however it is detailed that only...

Yes, I was about to start working on a new Root method I am hoping works now only on the latest version of android the S5 runs on which is 5.1.1? but also any version before that. I have already generated a PoC and had it work on a few of my other phones but I am going to compile the...

For a long time Android had a number of “tapjacking” vulnerabilities. They were supposed to be fixed in Marshmallow but they didn’t. Instead users got some awkward permission dialog which can be easily bypassed. Tapjacking got especially dangerous in Marshmallow with introduction of runtime...

I want to try this root on h34510e : http://androidforums.com/threads/leon-one-click-root-works-on-10d-10e-ms345-h345-no-kingroot.938062/

I know there are a million threads of this going on, but I believe my friend captured the MMS, but thankfully did not download it after I had told him about this exploit a few days prior. He's on a stock LG G4, screenshot attached, notice the phone number '1'. IDK if it is ATT / Amber Alert...

Simple question about the Stagefright Attack that was disclosed today: Are the current 5.x/M ROMs out there patched to prevent this?

Hi Guys, I am looking for methods to get root on my Linux smart tv. Anyone have any ideas? I ran metasploit against it and had no luck, it did find some open ports for upnp and something called twonkymedia but I was not able to get anywhere with that. I have a Hisense LTDN50K220GWUS...

I'm a major in network security at the moment, and as I've been studying ROM development and the ways that OTAs work, I've come across a method of forcing an OTA that I don't believe I've heard done before. That is, spoofing a web location on a network, and placing a system image in the...

Hi all, has anyone found a way to root Honor 6 without changing the recovery ? With an exploit ? Thanks in advance, Stefano

I have been researching the AT&T Galaxy Alpha sm-g850a variant in order to gain root access and, as you might know, have found absolutely nothing out there. All other international variants have been rooted Except the A model...which is what I am stuck with. I found a recently released CVE that...

I haven't posted on XDA for a while, but recently my friend purchased a Verizon Motorola G for himself and couldn't find a way to unlock the bootloader. Being *that* kind of friend and all, I did a bit of research and discovered this...

All. I'm running DeedWar's excellent ParanoidAndroid ROM on my Xperia S and I've just been informed by my Security App (CM Security) that my Xperia S is 'vulnerable' to BroadAnywhere. The only references I can find to this stem from Cleanmaster's blog article here...

Okay, time for some reverse engineering. So you know how on Android you use a root exploit to gain 'administrator' (or SU) access to the phone? Why hasn't anybody tried this with Windows or Mac? I would assume that it would work for Mac because it's a UNIX environment. But seriously? Why hasn't...

Hey guys, I have a question, and have no idea where to post the thread. Please relocate if needed. A friend of mine installed CM Security on his new (completely stock) Galaxy S5 (SM-G900F) with 4.4.2. When he scanned his phone, CM Security gave a message saying the he had a security leak. This...

Hi! I found this now on reddit, there is LG G2 on the list, can we use it?! It's the documentation by djrbliss (Dan Rosenberg, XDA Recognized Developer) http://imgur.com/TXKDpOI Reddit link: http://pl.reddit.com/r/Android/comments/2csyiq/looks_like_many_android_phones_are_getting_a/ Please...

Winsploit is a little thing I made for an "educational experience". Very simple little collection of tools to create a flash drive you boot from and a few clicks and letters later, you can activate the built-in admin account, with a password of your choice. Very n00b, I know. But, I learned a...

Samsung Galaxy S5 All credit, and a personal thanks goes out to open1your1eyes0 for the use of his S4 Bounty template here. I put priority on getting this up quickly - so pretty directly used his format to get the bounty thread up and running. Bounty Details Total Pledges - $18,470.00...