First my source:https://www.phonearena.com/news/Android-vulnerability-allowed-PNG-images-execute-malware_id113525
Now my question:
Has anyone any idea how this works and would there be a way to use this as a new root method?
As the article only mentions execution of malware I can only assume this would be a root execution.. but the article is kinda vague. I was curious if enough information is known to even make a root method yet for/with this vulnerability.
Related
Hello XDA-Forum users,
I ask you a question: How does Android Root works ?
I mean, for example, How does it works in Nexus One ?
This would be an understanding question to know more about how I get root from my Phone (Nexus One, for example) from scratch, from sources.
upupupupupup
Rooting basics:
http://lifehacker.com/5342237/five-great-reasons-to-root-your-android-phone
For details on how to do it on your device, Google or use the forum search. Lots of rooting information that is device dependent out there.
It basically gives your phone permission to do almost anything. It is similar to giving a user in Windows Administrator rights. It is called super user. You can do many things such as removing unwanted apps and overclocking.
This is not what I mean, I asks for an explaining in which the question is "How the root is possible? What active the root ?" Probably a kernel exploit, or stuff like that, to understand the underground passage to take it, from an hack view.
So, How works a root utility (such SuperOneClick) to set gid to 0 ?
Valid question, I am also interested in learning this.
In other words, if I were to perform the rooting manually, where can I find such info?
And some of the question is why su must be in some diredctories, and can't be run from /data/local/tmp for example?
Someone can enlighten us?
diego.stamigni said:
Someone can enlighten us?
Click to expand...
Click to collapse
The general approach is taking advantage of bugs in the android OS
The process works something like this
User crafts some special data that contains a "payload" (the script/executable that we want to run)
User runs a system process that has root privileges and gets it to open the special data
The bug causes the system process to get confused by the data, and ends up running the embedded script
The embedded script runs with the same privileges as the system process, and thus can stuff that normal users aren't allowed to do (e.g. installs the SU app)
Commonly, things such as buffer overflows are used
So after gaining root access, which apps can run as root?
Or the user becomes root(as in desktop), and can run all types of apps?
Can root app(run as root) access everything?? Or app permission still applies?
Is it that system exploit is always used to run root apps?
can someone explain in technical details? not how to root.
are rooting programs open source??
What is the root procedure
Bayint Naung said:
So after gaining root access, which apps can run as root?
Or the user becomes root(as in desktop), and can run all types of apps?
Can root app(run as root) access everything?? Or app permission still applies?
Is it that system exploit is always used to run root apps?
can someone explain in technical details? not how to root.
are rooting programs open source??
Click to expand...
Click to collapse
Hi guys!
I have the same question and after searching and asking find this!
it is good!!
hope it works!
http://stackoverflow.com/questions/...hat-are-the-pre-requisites-for-it-to-work-wha
also look at the suggestedpages at the right of this page!
Hi, I would like to have root access to my phone, but not necessarily with a custom ROM. I would also prefer to not change my bootloader.
What exactly is rooting? Is it replacing the whole system image with an image that gives the user root access? Or is it just like enabling sudo for the user? Or is a smaller part replaced? (I am somewhat familiar with electronics, computers and Linux, but I find the Android hacking a bit confusing )
Also, is it possible to run stock Android, only with root access? Will the access be lost when upgrading?
c3c0l0n said:
Hi, I would like to have root access to my phone, but not necessarily with a custom ROM.
DEV section rooting post /
What exactly is rooting?
root is the user account in Linux with all privileges. The root user can edit anything on the system. For safety reasons, users do not have all those privileges. When you root your phone, you will gain write access to areas of the phone you couldn't previously access and are allowed to run more commands in the terminal. Because applications do not get a lot of privileges, some of them require you to root the device in order for them to function properly (or fully).
Also, is it possible to run stock Android, only with root access?
Yes and Yes lost root on upgrade usually .
jje
Click to expand...
Click to collapse
Thank you. How is the rooting performed? Is only an ACL modified, or is a more fundamental part of the system changed (like the kernel, bootloader etc)?
I know that a custom ROM might be unstable/experimental, but does the same apply for rooting, or is the modification so small that one could expect the exact same stability as in the stock ROM?
c3c0l0n said:
Thank you. How is the rooting performed? Is only an ACL modified, or is a more fundamental part of the system changed (like the kernel, bootloader etc)?
I know that a custom ROM might be unstable/experimental, but does the same apply for rooting, or is the modification so small that one could expect the exact same stability as in the stock ROM?
Click to expand...
Click to collapse
All your questions are explained in detail in the Development section
Sorry, I did not find it. However, I read this without getting smarter. This video suggests that rooting is a process that does something with your phone without replacing everything. An exact list of what the rooting tools do would be perfect
Not all tools do the same thing. To get a specific answer, you will have to ask the person that came up with whatever rooting tool you are referring to. Some phones take more to root than others.
Hi everybody,
Good evening!
I recently came across a post about almost 50% android devices being vulnerable. Duo securities has made this finding using an app 'X-Ray'. They mention following 8 types of vulnerabilities: 1. Ashmem 2. Exploid 3. Gingerbreak 4. Levitator 5. Mempodroid 6. Wunderbar 7. Zergrush, and 8. Zimperlich. Please see this link for details: http://www.xray.io/#vulnerabilitieshttp://www.xray.io/#vulnerabilities
I downloaded the app 'X-Ray' and did a X-ray of my Desire Z. It came out clean for all but one vulnerability, Mempodroid. I've a rooted and S-off desire z and am using Jelly Bean rom (andromadus Test Build, .85). The website gives following details for the Mempodroid:
"Inherited from the upstream Linux kernel, a vulnerability in the /proc/pid/mem interface allows for writing arbitrary memory in the address space of a setuid process. It's about as complicated as it sounds, but attackers are smart like that."
I cross checked the same X-ray with a different rom, this time GenY (Sense 4 based ICS Rom). The results were similar. I don't know much about these vulnerabilities so thought of putting this question in this learned forum. Please clear my following doubts:
1. Is this Mempodroid is a serious problem?
2. Since this is surfacing in different roms, it should not be a ROM-specific issue but a device-specific one. Is there anything that I can do to remove this vulnerability.
3. What possible harm can it do to me?
Thanks,
dcpathak
HTC Desire Z (Rooted & S-Off)
Those sound like root methods, or at least the few I recognize. Basically it would be possible for a malicious app to have a root exploit built it so that it could get su permissions and potentially do some real damage. Even if your device was already rooted with Superuser installed the root exploit would bypass the superuser prompt since it doesn't need root to get su. As long as you download apps straight from Google Play and check the reviews first to make sure its legit, you'll be fine. These malicious apps are turning up on sites that distribute pirated software.
If you've used one of the root methods listed to root your device, don't worry. Any root method is technically a security vulnerability.
Thanks, I also remembered that some of these vulnerabilities are names of root methods, for instance, Gingerbreak, Zergrush etc. Further, I think Mempodroid may have something to do with the processor speed management (just a wild guess).
dcpathak
Just don't install apps from dubious sources and your fine.
While those loop holes could be exploited, you will need to have downloaded an app that does this in the first place.
Hi, I’m new to Android. After rooting, I would like to password-protect access to root on as low a level as possible. No /etc/passwd mechanism is available on Android. Does anyone know if this (or similar) can be installed, preferably without unlocking the bootloader? Can I rebuild the kernel to include this? (although not ideal) SuperUser Elite and SuperSU Pro claim to be able to PIN-protect root. Does anyone know how robust (secure) this is?
There seems to be a lack of extensive, well-written documentation on anything related to Android hacking so I would be grateful if anyone could provide a clear, detailed and technical answer to this.
Many thanks in advance
I found a tutorial on exploiting the most recently released android vulnerability which affects the Google TV platform. This process uses a tool called Cydia Impactor by Saurik which allows execution of commands as the "system" user. On some devices this can easily be leveraged for root and on others there is not a known public privilege escalation available.
Saurik's Analysis of the Bug: http://www.saurik.com/id/17
Exploiting Key Signing Tutorial: http://gtvhacker.com/index.php/Exploiting_Key_Signing_for_Root
This bug is separate from anything we plan to release at DEF CON. If your device is not currently exploitable check back in a few weeks
This thread will be used to help users troubleshoot the exploit process, for updates needing to be made to the wiki in the tutorial, and for anything else relevant to this bug.
_
It's pretty dead there so I'm trying to get help here, until I get my issue solved, then maybe once I get my issue solved I'll be able to take what I've learned and help others to go through the same process if need be....
My Issue Is This
Does the root stick after a reboot?
I'm on a logitech revue, like mentioned before...
I think I got it connected but I get a error "more than one device" message, when I try to run any scripts.
What do I do to resolve this connection error, or whatever it is?