Please check the thread I've started on sony xperia xz1 compact forum discussing vulnerabilities that could be used to implement temp root exploit.
Currently the most promising seems to be the CVE-2017-7533: race between inotify_handle_event() and vfs_rename() - which is hw independent bug in linux kernel that could be used for any device having a kernel with that bug - may be very useful for oreo android to get temp root (without use of official vendor unlock).
The thread is here:
[DEVONLY][XZ1c] exploits for temp root to backup drm keys
There are also other vulnerabilities considered that were checked as not fixed in a very early xz1 oreo firmware to which the device can be downgraded.
Got some progress with the inotify/rename vulnerability exploit - please see this post.
I would appreciate any comments, particularly from anybody with knowledge of linux kernel internals.
Thanks.
Just not to have the previous question open here, the problem asked about had been solved already.
A temp root for xperia xz1c via inotify/rename vulnerability shall be available soon in the linked xz1c thread.
I have finished my implementation of inotify/rename kernel exploit which achieves temp root on android oreo of sony xperia XZ1 Compact with compatibility for variants of XZ1 and XZ Premium.
It allows TA partition (drm keys) backup before bootloader unlock and restore of it after unlock, making camera fully functional on unmodified stock firmware with unlocked bootloader.
You may check the [XZ1c/XZ1/XZp] temp root exploit to backup drm keys implemented thread for more details.
Hello @j4nn does your Oreo vulnerability work on HTC U11 (running Android 8.0.0 Kernel 4.4 security patch December 2017) by any chance or is there a universal Oreo vulnerability out there ? I need to backup some files which are inaccessible to the user off my HTC U11 before I can unlock the bootloader which in turn will erase all my data... Thanks!
Sadly I made the huge mistake of not unlocking the bootloader as soon as purchasing the device
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Related
I'm just wondering, is it expected that there will be some root method that supports 5.1.1 without tripping knox in the future?
I mean knox is not something new, do the older devices have something of that sort?
Or "ping-pong root" was just one exploit that only supported 5.0 and that's it?
It pisses me off that I'll lose my warranty if I'll root the phone, I don't understand why does unlocking the software of my device has to do with manufacture hardware defects, mainly because the stock firmware and kernel by Samsung suck as always.
I meant to post this in the Q&A forum, can a mod please move it?
There was a exploit found in the ping sockets in 5.0 kernel before March 5th. No body has found one for 5.1.1 yet. Without a exploit to get around the SElinux enforcing on our stock kernels you'd have to flash a recovery or custom kernel, both tripping Knox
Sent from my SM-G925R4 using Tapatalk
cpfeifer said:
There was a exploit found in the ping sockets in 5.0 kernel before March 5th. No body has found one for 5.1.1 yet. Without a exploit to get around the SElinux enforcing on our stock kernels you'd have to flash a recovery or custom kernel, both tripping Knox
Sent from my SM-G925R4 using Tapatalk
Click to expand...
Click to collapse
So the s5 and the s4 devices which afaik also have KNOX, what you said applies to them as well?
This is annoying.
You never know but from experience someone always manages to bypass the security eventually, how long will it take? Could be tomorrow or next year....
Dunams said:
I meant to post this in the Q&A forum, can a mod please move it?
Click to expand...
Click to collapse
The mods don't read every post or even every thread. If you want to get their attention, hit the report button (
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
) and let them know in the form.
With Google releasing monthly patches (which I believe is a good thing!), it's become a bit of a chore to install updates, especially so if, like me, you have a modified device stopping you installing OTA updates.
I wanted to do something to make it a bit quicker, so I made Nexus Flash! I guess you can think of it as minimal ADB & Fastboot packaged with a GUI.
I've decided I don't like the GUI layout, and I'm pretty sure most will agree, so I've already started working a new layout, bug fixes, and adding some extra features which I'm sure some may find helpful like an update manager (so you don't have to go to Github every time there's a new version), another example is a way to boot an image file too, for instance, Chainfire's CF-Auto-Root.
Currently, there isn't much validation of user input, so please only use it as intended for now. It shouldn't break your device if you don't use it correctly since ADB has built in measures to validate files to some degree at least.
However, I have to say, this program is provided without ANY warranty or guarantee. Using this program is at your own risk. I have tested this on my own Nexus 5X and it works perfectly.
The source code is released under the GNU GPL (General Public Licence) and can be found on Github.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Prerequisites for Windows:
You'll need the .Net framework 4.5.2 installed (Windows 10 already has this).
Prerequisites for Android device:
Your device must have an unlocked bootloader.
You must have USB debugging enabled.
You'll also need the Android ADB USB drivers installed too.
Guides can be easily found by searching for them, there's plenty of them around!
Links:
Binary - Github releases
Source code - Github
Issues or feature suggestions - please direct them to Github (preferred). Or simply create a comment on this thread.
Release notes
Version 1.0.0
Initial release!
I've had to delay writing the new update for this (because life gets in the way), but I promise I will get an update out ASAP!
Hey there!
My name is Thomas and I'm new to this forum. I have a cheap Chinese phone: the UMIDIGI One Pro. It's a really good smartphone provided with stock Android 8.1.
It's been a few weeks since Android 9 came out and I think it's a very good version. I currently use Pear Launcher and Power Shade to have a close interface (I'm a fan of Pie one).
I like hacking and I had a little fun yesterday by rooting my phone with Magisk and installing the God's favorite language with Termux (RUBY <3). Just looking at examples of what I could do with Termux I saw that I could see if my phone supported Treble, and contrary to what I thought ... it is!
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
I am a newbie so correct me if I say nonsense but I think it would allow me to update to android 9, right? I watched some tutorials but they use TWRP (and I have not found a version compatible with my phone because it is really little known and recent).
I am currently able to use:
- ADB & Fastboot
- Termux
- Magisk
- SP Flash Tools (I used it in order to install Magisk)
- The ROM folder downloaded from the website of my phone: [link blocked as I'm a new user]
But I'm not able to:
- Unlock bootloader (when I restart on fastboot and perform the command "fastboot oem unlock", it asks me to press volume up to confirm because it could void the warranty and then it says "unlock failed"
- Install TWRP (as I don't found any supported version)
Do you think I can update it to android 9? If yes, how?
Thank you very much for taking the time to read me. Sorry if my English is not very good (I'm french).
Thomas!
I found a compatible TWRP version here : [Link blocked because I don't have 10 posts]
So I installed it with SP Flash Tools. :good:
I also found a TWRP for the ONE PRO, but I have the ONE, you think it will work ?
And from what source did you get the boot.img to install Magisk ?
I have the One Pro it's the same phone except you have a bigger battery and I have wireless charging capabilities...... keep me posted because I might want to do the same
Hi everyone, I have some questions about rooted Pixel 3, right now I'm deciding whether to root Pixel 3 as I am trying to do some debugging with apps with proxies, but so far I haven't done it yet as I'm afraid of losing Widevine L1 certification, and has anyone rooted the Pixel 3 here atm? Have you been able to retain Widevine L1 certification or do you lose it and you just default to L3?
chocointed said:
Hi everyone, I have some questions about rooted Pixel 3, right now I'm deciding whether to root Pixel 3 as I am trying to do some debugging with apps with proxies, but so far I haven't done it yet as I'm afraid of losing Widevine L1 certification, and has anyone rooted the Pixel 3 here atm? Have you been able to retain Widevine L1 certification or do you lose it and you just default to L3?
Click to expand...
Click to collapse
Surprisingly, looks like it does maintain L1. Don't have netflix etc so can't test if it will pass their other checks but...
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
AsItLies said:
Surprisingly, looks like it does maintain L1. Don't have netflix etc so can't test if it will pass their other checks but...
View attachment 5374809
View attachment 5374811
Click to expand...
Click to collapse
Are you using the Android 11 rote method to root yours?
chocointed said:
Are you using the Android 11 rote method to root yours?
Click to expand...
Click to collapse
I'm not sure what the 'Android 11 root method' is? I have magisk patched boot image (I patched the recovery image with magisk apk), and flashed it to boot partition.
But just found out a better way to accomplish it, and do some additional stuff. Take the magisk apk and change the extension to zip. Then with LOS recovery, do adb sideload of the newly named zip. Not only does that patch the boot image it also adds some needed scripts to addon.d (in system). The added magisk script makes it possible to do an OTA update and keep magisk etc.
cheers
Should have clarified, if the output above isn't obvious, I'm on Lineage 18.1.
Good day all,
I'm currently running the latest firmware update for the SM-S908W model One UI 5.1 Feb 2023.
The notification icon pallet is driving me nuts and I know there are work arounds, but I am interested in downgrading from One UI 5.1 to One UI 5.0.
Is simply flashing the stock firmware in Odin capable of accomplishing this task or is there a possibility of bricking or other unforeseen issues?
If it is possible, can someone direct me to a guide?
Please and thank you!
You can usually use Odin to downgrade, provided your bootloader is unlocked. Keep in mind that certain bootloader versions will not permit downgrading.
V0latyle said:
You can usually use Odin to downgrade, provided your bootloader is unlocked. Keep in mind that certain bootloader versions will not permit downgrading.
Click to expand...
Click to collapse
Thank you!
I used this video as a guide. I can confirm I have successfully downgraded to One UI 5.0!
Make sure you download the latest Samsung USB Drivers (https://developer.samsung.com/android-usb-driver) so your device is recognized by Odin.
Cheers
Cthulhus said:
Good day all,
I'm currently running the latest firmware update for the SM-S908W model One UI 5.1 Feb 2023.
The notification icon pallet is driving me nuts and I know there are work arounds, but I am interested in downgrading from One UI 5.1 to One UI 5.0.
Is simply flashing the stock firmware in Odin capable of accomplishing this task or is there a possibility of bricking or other unforeseen issues?
If it is possible, can someone direct me to a guide?
Please and thank you!
Click to expand...
Click to collapse
You can downgrade as long as the binary is the same.
You don't need to unlock the bootloader
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}