grinch vulnerability allows a hacker to gain root and do whatever on the system. Linux, including android is apparently vulnerable to this. Is there any way that we could use this to our advantage and root the att and verizon note 4?
As long as it allows us to install root safely, mainly it's a huge security flaw so it should be feasible to abuse it to by pass any software blocks on our phones
Related
Arent the S5 for verizon and the note 4 very similar? Similar software, both with locked bootloaders etc. How is it possible that, the S5 can get root access but we're stuck?
Samsung and Google have long since patched those exploits used to obtain root. Thus, we're waiting for someone to find and use a new exploit or alternative rooting vector.
dilness said:
Arent the S5 for verizon and the note 4 very similar? Similar software, both with locked bootloaders etc. How is it possible that, the S5 can get root access but we're stuck?
Click to expand...
Click to collapse
There was a change in the linux kernel. If you look at the TowerlRoot website, it mentions that the root method should work on all Android devices prior to June 3, 2014. I remember that when towlroot was released, geohot mentioned that a friend of his actually found the linux exploit. This gives me hope as whatever exploits exist that would allow us to root the N4, would/should exist across all recent Android devices. So, if an exploit is found for another device, it'll hopefully work for the N4 as well and vice versa. Time will tell.
From the TR thread:
Read back in the thread a few pages - 1) GeoHot works for Google now. Hired to find and close exploits like the one towelroot used to root devices; 2) towelroot used a specific vulnerability in kernels dated before June 3. If your kernel is dated after June 3, the vulnerability has been patched and there is nothing GeoHot can "fix" to make towelroot work on your device; and related to that 3) either your phone has the vulnerability or it doesn't and towelroot either works to root your device or it doesn't and there is nothing GeoHot can do to fix towelroot to make it work for your device. Plus, like I said before GeoHot works for Google now so he can't create programs or apps that root phones by exploiting vulnerabilities he is supposed to now be fixing. Now that this same question has been answered for the 1,000,000th time in this thread, can we please get it closed?
Click to expand...
Click to collapse
And this is the reason GeoHot will not be updating TR to work with newer phones. Google hired a top notch team to find exploits and notify software makers of the exploit before found by someone with malicious intentions. It's kinda funny, they've probably already found exploits we could use to root our phones. Fortunately, even if they have, patches take awhile.
Fight the system!!!
My brother tends to use my phone alot and i know android supports multiple users but Samsung has disabled it, i want to know is there a way i can enable it without root but if i have to root can i temp root without removing warranty then once its enables remove root? I have the 2017 A5 running 7.0 my model if ir helps is SM-A520F. I need to know as he he does whatever he wants on my phone and i have important info i need to hide, Please
I'm looking at buying an international Exynos N10, and running it on Verizon in the US.
My purposes in doing so are to either use root to make the phone as bulletproof as possible, or flash a rom onto it that focuses on security and privacy. Been rocking iphones for a while (last phone I rooted and rommed was the GS4, then Verizon started locking all the snapdragon bootloaders.
Anyway, there seems to be a wide range of available models to choose from. Is there one I should gravitate towards for my specific purposes?
I seem to see N975F mentioned a lot.
all the US snapdragons have the bootloader locked
the china model snapdragon doesn't
the F model doesn't
the question is can you achieve what you want w/o rooting the phone?
some of the advantages for rooting might be possible to be achieved also w/o root via ADB commands
read and try to get as much info as possible to be able to understand the ups and downs of rooting or not rooting
also consider if you want to sell the phone afterwards - how rooting would affect that sale
also a hint - unlocking the bootloader will "burn" the knox fuse which is irreversible - no more automatic OTA, only manual and a few specific apps will not work
w41ru5 said:
all the US snapdragons have the bootloader locked
the china model snapdragon doesn't
the F model doesn't
the question is can you achieve what you want w/o rooting the phone?
some of the advantages for rooting might be possible to be achieved also w/o root via ADB commands
read and try to get as much info as possible to be able to understand the ups and downs of rooting or not rooting
also consider if you want to sell the phone afterwards - how rooting would affect that sale
also a hint - unlocking the bootloader will "burn" the knox fuse which is irreversible - no more automatic OTA, only manual and a few specific apps will not work
Click to expand...
Click to collapse
also rooting will kill the private folder. Privacy can be achieved with debloating for example and private DNS / VPN
Rotting will seriously damage the resale and future official support as well as the safety net and payments.
Can i modify my g988u from verizon in anyway? And if so how? Im new to this kind of stuff. I know i should probably leave verizon
You might be able to disable some packages with ADB , but beyond that, if your phone has been receiving OTA updates, it's likely hopeless. Substantial customization requires root, and that is precluded by locked bootloaders. There are paid services that can unlock bootloaders in S20s with older software, but my understanding is this isn't an option for devices with newer software
I actually just switched to Verizon, entirely motivated by AT&T's hostiliity towards most unlocked devices (that they don't sell). So, if you leave, who are you going to go to? T-Mobile is the most permissive of the big 3, but tends to lag in infrastructure.
Right didnt even look into that. Probably going to stay with verizon now that ya said that lol. Just curious What do people get out of from rooting their phone? I want to learn how and dont know where to start.
CainD5 said:
Right didnt even look into that. Probably going to stay with verizon now that ya said that lol. Just curious What do people get out of from rooting their phone? I want to learn how and dont know where to start.
Click to expand...
Click to collapse
A lot. Android phones have come a long way in past decade and change that they have been available, but root access, which is typically associated with at least an unlocked bootloader and possibly also a custom ROM, remains the single most powerful customization tool. A short non-exhaustive list of what you can do:
Use Magisk (See Magisk Module Repo for ideas of capabilties).
Use EdXposed or LSPosed (See Xposed Module Repo for ideas of capabilities).
Install a custom kernel (natively mount CIFS/NFS filesystems, overclock your device, and all sorts of other options).
Permanently debloat your ROM (survives hard reset).
Enjoy the best ad blocking experience.
View/backup/edit private application data.
There are also downsides to root, such as tripping the warranty void bit (and disabling Knox-related functionality like Samsung Pay, likely losing filesystem encryption, and greatly increasing your odds of a malware infestation. That said, the XDA site is largely powered by the modding/root access community, so those risks aren't discussed much.
https://www.xda-developers.com/dirty-pipe-root-demo-samsung-galaxy-s22-google-pixel-6-pro/
March 15, 2022 7:40am Comment Skanda Hazarika
PSA: Dirty Pipe, the Linux kernel root vulnerability, can be abused on the Samsung Galaxy S22 and Google Pixel 6 Pro
What happens when a Linux privilege-escalation vulnerability that also affects Android gets disclosed publicly? You got it! Security researchers and Android enthusiasts around the world try to take advantage of the newly found problem to create an exploit, which can be used to gain advanced access to your device (such as root or the ability to flash custom images). On the other hand, device makers and a few determined third-party developers quickly take the responsibility to patch the backdoor as soon as possible.
This is exactly what happened to CVE-2022-0847, a vulnerability dubbed “Dirty Pipe” in Linux kernel version 5.8 and later. We talked about the exploit in detail last week but didn’t explicitly cover the potential abusing scenarios on Android. Now, XDA Member Fire30 has demonstrated an exploit implementation around the kernel flaw that can give the attacker a root shell on the Samsung Galaxy S22 and the Google Pixel 6 Pro.
The key point here is that you don’t need any kind of unlocking or other trickery to make it work – the Dirty Pipe exploit allows the attacker to gain root-level access on the target device through a reverse shell via a specially crafted rogue app. At the time of writing, flagships like the Google Pixel 6 Pro and the Samsung Galaxy S22 are vulnerable to the attack vector even on their latest software releases, which shows the exploit’s potential. Since it can also set SELinux to permissive, there is virtually no hurdle against unauthorized control over the device.
From the perspective of the Android modding scene, Dirty Pipe might be useful to gain temporary root access on otherwise difficult-to-root Android smartphones, e.g., some regional Snapdragon variants of the Samsung Galaxy flagships. However, the window won’t last long as the vulnerability has already been patched in the mainline Linux kernel, and OEMs will probably roll out the fix as part of the upcoming monthly security updates. Nonetheless, stay away from installing apps from random sources for the time being to protect yourself. In the meantime, we expect that Google will push an update to the Play Protect to prevent the vulnerability from being exploited via rogue apps.
Source: Fire30 on Twitter
Via: Mishaal Rahman
Click to expand...
Click to collapse
This isn't necessarily bad news if the exploit is used non-maliciously. Could be beneficial for Verizon customers looking for a way to gain root.
westhaking said:
This isn't necessarily bad news if the exploit is used non-maliciously. Could be beneficial for Verizon customers looking for a way to gain root.
Click to expand...
Click to collapse
Could, yes. I'll remain pessimistic that it'll actually happen, and of course, it'll take someone willing to actually do the work. A very limited time to do it doesn't help unless someone with a spare Verizon device keeps it off the network/internet until something is implemented.
westhaking said:
This isn't necessarily bad news if the exploit is used non-maliciously. Could be beneficial for Verizon customers looking for a way to gain root.
Click to expand...
Click to collapse
I was just reading about this & that exact thought came to mind. The root access gained seems to be temporary, but if you can write to usually read only file system, could you not theoretically write a Magisk boot image (using dd, or in Magisk Manager itself?) or even toggle the OEM unlock switch via a SU shell command unlock the phone?
I'm not very well versed on how the mechanics behind OEM unlock switch in developer settings works & or how Verizon locks these phones down (UK based), but I would assume that it could be useful to help find a exploit for phones running any pre-April 22 update.
Edit: from my limited knowledge, can you not sideload a earlier OTA on Verizon devices? I know you could do so with Pixel 3 and earlier, but I haven't been following it too closely with later devices.
DanielF50 said:
or even toggle the OEM unlock switch via a SU shell command unlock the phone?
Click to expand...
Click to collapse
I've never heard of a shell command that could toggle the OEM unlock. That doesn't mean it hasn't existed, but I doubt it, otherwise, I would think on all the Verizon devices I used to have, and just root threads in general I should remember anyone making the suggestion, even if it required temporary root first.
DanielF50 said:
Edit: from my limited knowledge, can you not sideload a earlier OTA on Verizon devices? I know you could do so with Pixel 3 and earlier, but I haven't been following it too closely with later devices.
Click to expand...
Click to collapse
I was under the impression that all phones with the bootloader locked that you could never, ever downgrade via any method. Also, OTAs generally use deltas/differencing to patch known good files of version A to version B, and B to C, so applying a version B OTA to a device that's on version C would fail because the files on the device are the wrong version.
Like (let version A be represented with the value 1, B with 4, and C with 9):
Device is on version B, so "4".
OTA to go from B to C comes.
OTA says is device file "4"?
Yes! Add 5 to the file, it's now "9".
and then
Device is on version C, so "9".
Try to put the B to C OTA on the device.
OTA says is device file "4"?
No! It's "9", quit OTA process.
This might be simplified, and anyone correct me if I'm wrong, but this has definitely been the case some and I believe almost all, if not all, the time. The OTA files can be smaller that way because they don't contain replacement files. They only contain what the difference is between the old file and the new, which is usually much smaller than the entire file.