[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] debugfs exploit for a number of Android devices

To: Dan Rosenberg <dan.j.rosenberg@xxxxxxxxx>
Subject: Re: [Full-disclosure] debugfs exploit for a number of Android devices
From: Alexander Pruss <arpruss@xxxxxxxxx>
Date: Sat, 1 Sep 2012 16:33:47 -0500

On Wed, Aug 15, 2012 at 8:10 AM, Dan Rosenberg
<dan.j.rosenberg@xxxxxxxxx> wrote:
> The sane way to exploit this is to make /data shell-writable, and create or
> modify /data/local.prop to contain the string "ro.kernel.qemu=1", which
> causes ADB to retain root privileges rather than dropping to user "shell"
> since this property convinces it that the device is the emulator.  Using
> debugfs to modify the filesystem is completely unnecessary and potentially
> destructive.

Actually, it looks like it's not quite so easy as editing
/data/local.prop.  My wife just got an Epic 4G Touch with ICS, and it
looks like they put ro.kernel.qemu=0 in /system/build.prop, which
makes any ro.kernel.qemu=1 setting in /data/local.prop get completely
ignored.  That's a nice and simple way of getting around many ways of
gaining root.  I may break down and use debugfs. :-(

Alex

-- 
Alexander R. Pruss
arpruss@xxxxxxxxx

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] nullcon Delhi 2012 Final List of Speakers and Events
Next by Date: [Full-disclosure] Alice Telecom Italia AGPF ADSL router CSRF reconfiguration
Previous by thread: [Full-disclosure] nullcon Delhi 2012 Final List of Speakers and Events
Next by thread: [Full-disclosure] Alice Telecom Italia AGPF ADSL router CSRF reconfiguration
Index(es):
- Date
- Thread