Hello, my name is WatchersGrim.
I have worked with coding for a little while back in the day and use to root and jailbreak devices for a long time. Going from my old Galaxy J3 from sprint to Galaxy S9, I was excited to finally do root on better hardware. Then came around to finding out that US models with Snapdragon processors don't allow OEM unlock and are not able to be rooted. This started a dilemma in my head. How are we able to fix this and work around it. So one, many of us know that something will probably change a few years down the line with samsung as TWRP recovery has been found to be working on snapdragon processors in different countries. Secondly, without TWRP, is it possible to trip a javascript object(knowing that most of android OS coding is done in javascript) to enable the OEM object to be able to have access.?Possibly could work but may need a different method to do so(I.E. triggering the effect with a custom file that loads on a SDCARD the moment the phone reads it, or creating a program along the line of ODIN to do the same effect.). Thirdly, is it possible to manipulate the hardware itself to allow third party hardware to manipulate the system? If doing so, will it cause a fault in the internal system? I know it would void warrenty but I do not know if it has a security fault that locks the system when dealing with hardware tampering.
I just want to see what you guys think and see if we can brainstorm idea's to help these great dev's!
can you do anything to trick android into running a modifyable file as root?
Related
Hi everyone,
So it has been a year since I have my S9 and still there is no exploit released to the public yet, and I understand that Samsung really locked down the security on their US variants.
On the Samsung S6, what I used to have, had an exploit where you can only have shell root access in terminal by modifying the boot.img and flashing it via odin, and thats using Android Nougat for root.
Could this perform a similar function to the S9? Like at least have an exploit where you can have shell root via ADB?
If not, is there any status on the G960U in terms of rooting?
AndroidFan16 said:
Hi everyone,
So it has been a year since I have my S9 and still there is no exploit released to the public yet, and I understand that Samsung really locked down the security on their US variants.
On the Samsung S6, what I used to have, had an exploit where you can only have shell root access in terminal by modifying the boot.img and flashing it via odin, and thats using Android Nougat for root.
Could this perform a similar function to the S9? Like at least have an exploit where you can have shell root via ADB?
If not, is there any status on the G960U in terms of rooting?
Click to expand...
Click to collapse
modifying the boot.img will cause the signature from sammy to fail as would anything else that isnt stock and properly signed.
No dice man. Still nada on the U devices. You do know that root is becoming less and less necessary, right? What are you looking to get done with root?
youdoofus said:
modifying the boot.img will cause the signature from sammy to fail as would anything else that isnt stock and properly signed.
No dice man. Still nada on the U devices. You do know that root is becoming less and less necessary, right? What are you looking to get done with root?
Click to expand...
Click to collapse
Ohh... Well that's kind of a dud.
I always want root mainly for more control with my device, for example, uninstalling bloatware (this way if I dare to factory reset my device, I dont need to disable the apps I dont want after performing a factory reset, unless if I have to reflash the rom).
Another thing is controlling the CPU's frequency speed (or governor) for either saving battery or pump out more performance, which is technically the #1 thing I want as root.
I also want to disable OEM updates from forcing me to update my phone after 10 defers (I found a bug to bypass this and it's by using the notification draw and click on the setting button).
I also want to configure access of changing the 4G LTE bands (which changing the config file in the /efs partition, which I assume, is locked without su access).
Like I have mentioned, the shell root is basically minimum for me, and I wouldn't mind on that. HOWEVER, if all that I have mentioned can be performed without root and have a similar function of doing these, please let me know.
AndroidFan16 said:
Ohh... Well that's kind of a dud.
I always want root mainly for more control with my device, for example, uninstalling bloatware (this way if I dare to factory reset my device, I dont need to disable the apps I dont want after performing a factory reset, unless if I have to reflash the rom).
Another thing is controlling the CPU's frequency speed (or governor) for either saving battery or pump out more performance, which is technically the #1 thing I want as root.
I also want to disable OEM updates from forcing me to update my phone after 10 defers (I found a bug to bypass this and it's by using the notification draw and click on the setting button).
I also want to configure access of changing the 4G LTE bands (which changing the config file in the /efs partition, which I assume, is locked without su access).
Like I have mentioned, the shell root is basically minimum for me, and I wouldn't mind on that. HOWEVER, if all that I have mentioned can be performed without root and have a similar function of doing these, please let me know.
Click to expand...
Click to collapse
youre not gonna get true debloating with this, but if you flash the U1 firmware with an unknown CSC, it wont install any carrier bloat and is very much akin to a GSI. Nice and stripped down. Over/unclocking, yup, you need root. I never see people talking about clockin the processor anymore tho as the new kernels are so adaptive and are written quite well. Ive also never not wanted to install an OEM update, so im not sure how to stave those off, or if ite even possible. To change the bands your phone is utilizing, you just need access to the special menu from the dialer.
Do you know what's the dialer code to access the service menu on the S9 on Verizon?
I'm pretty sure its locked but it's worth a try.
I'm looking at buying an international Exynos N10, and running it on Verizon in the US.
My purposes in doing so are to either use root to make the phone as bulletproof as possible, or flash a rom onto it that focuses on security and privacy. Been rocking iphones for a while (last phone I rooted and rommed was the GS4, then Verizon started locking all the snapdragon bootloaders.
Anyway, there seems to be a wide range of available models to choose from. Is there one I should gravitate towards for my specific purposes?
I seem to see N975F mentioned a lot.
all the US snapdragons have the bootloader locked
the china model snapdragon doesn't
the F model doesn't
the question is can you achieve what you want w/o rooting the phone?
some of the advantages for rooting might be possible to be achieved also w/o root via ADB commands
read and try to get as much info as possible to be able to understand the ups and downs of rooting or not rooting
also consider if you want to sell the phone afterwards - how rooting would affect that sale
also a hint - unlocking the bootloader will "burn" the knox fuse which is irreversible - no more automatic OTA, only manual and a few specific apps will not work
w41ru5 said:
all the US snapdragons have the bootloader locked
the china model snapdragon doesn't
the F model doesn't
the question is can you achieve what you want w/o rooting the phone?
some of the advantages for rooting might be possible to be achieved also w/o root via ADB commands
read and try to get as much info as possible to be able to understand the ups and downs of rooting or not rooting
also consider if you want to sell the phone afterwards - how rooting would affect that sale
also a hint - unlocking the bootloader will "burn" the knox fuse which is irreversible - no more automatic OTA, only manual and a few specific apps will not work
Click to expand...
Click to collapse
also rooting will kill the private folder. Privacy can be achieved with debloating for example and private DNS / VPN
Rotting will seriously damage the resale and future official support as well as the safety net and payments.
Hi. How r u doing?
I have been rooted the device and remove it and flashing the stock firmware. But, the problem is I cant use the Samsung health or Samsung pay or Samsung pass. I see some solution but it needs to root the device again! and I don't want to root it again.
If anyone has a solution to my problem please help me.
Thanks.
You blew the efuse when you rooted it. The efuse is a micro chipset "fuse" similar to those used in a PROM, it's a one shot deal.
Programmable ROM - Wikipedia
en.m.wikipedia.org
The stock firmware and/or Knox apps sees those flagged apps. The knox based apps are designed to be hard to hack. A modified Samsung Pay could be a security risk even if you could do it.
I don't think you can modify that on a stock rom; it's hard or impossible even on a rooted device.
Find a work around on your rooted device and be happy. If you want stock, replace the mobo.
Someone here might have a better plan for you though as I haven't played with this. There are others here looking for similar solutions, if you find any post them.
Can i modify my g988u from verizon in anyway? And if so how? Im new to this kind of stuff. I know i should probably leave verizon
You might be able to disable some packages with ADB , but beyond that, if your phone has been receiving OTA updates, it's likely hopeless. Substantial customization requires root, and that is precluded by locked bootloaders. There are paid services that can unlock bootloaders in S20s with older software, but my understanding is this isn't an option for devices with newer software
I actually just switched to Verizon, entirely motivated by AT&T's hostiliity towards most unlocked devices (that they don't sell). So, if you leave, who are you going to go to? T-Mobile is the most permissive of the big 3, but tends to lag in infrastructure.
Right didnt even look into that. Probably going to stay with verizon now that ya said that lol. Just curious What do people get out of from rooting their phone? I want to learn how and dont know where to start.
CainD5 said:
Right didnt even look into that. Probably going to stay with verizon now that ya said that lol. Just curious What do people get out of from rooting their phone? I want to learn how and dont know where to start.
Click to expand...
Click to collapse
A lot. Android phones have come a long way in past decade and change that they have been available, but root access, which is typically associated with at least an unlocked bootloader and possibly also a custom ROM, remains the single most powerful customization tool. A short non-exhaustive list of what you can do:
Use Magisk (See Magisk Module Repo for ideas of capabilties).
Use EdXposed or LSPosed (See Xposed Module Repo for ideas of capabilities).
Install a custom kernel (natively mount CIFS/NFS filesystems, overclock your device, and all sorts of other options).
Permanently debloat your ROM (survives hard reset).
Enjoy the best ad blocking experience.
View/backup/edit private application data.
There are also downsides to root, such as tripping the warranty void bit (and disabling Knox-related functionality like Samsung Pay, likely losing filesystem encryption, and greatly increasing your odds of a malware infestation. That said, the XDA site is largely powered by the modding/root access community, so those risks aren't discussed much.
https://www.xda-developers.com/dirty-pipe-root-demo-samsung-galaxy-s22-google-pixel-6-pro/
March 15, 2022 7:40am Comment Skanda Hazarika
PSA: Dirty Pipe, the Linux kernel root vulnerability, can be abused on the Samsung Galaxy S22 and Google Pixel 6 Pro
What happens when a Linux privilege-escalation vulnerability that also affects Android gets disclosed publicly? You got it! Security researchers and Android enthusiasts around the world try to take advantage of the newly found problem to create an exploit, which can be used to gain advanced access to your device (such as root or the ability to flash custom images). On the other hand, device makers and a few determined third-party developers quickly take the responsibility to patch the backdoor as soon as possible.
This is exactly what happened to CVE-2022-0847, a vulnerability dubbed “Dirty Pipe” in Linux kernel version 5.8 and later. We talked about the exploit in detail last week but didn’t explicitly cover the potential abusing scenarios on Android. Now, XDA Member Fire30 has demonstrated an exploit implementation around the kernel flaw that can give the attacker a root shell on the Samsung Galaxy S22 and the Google Pixel 6 Pro.
The key point here is that you don’t need any kind of unlocking or other trickery to make it work – the Dirty Pipe exploit allows the attacker to gain root-level access on the target device through a reverse shell via a specially crafted rogue app. At the time of writing, flagships like the Google Pixel 6 Pro and the Samsung Galaxy S22 are vulnerable to the attack vector even on their latest software releases, which shows the exploit’s potential. Since it can also set SELinux to permissive, there is virtually no hurdle against unauthorized control over the device.
From the perspective of the Android modding scene, Dirty Pipe might be useful to gain temporary root access on otherwise difficult-to-root Android smartphones, e.g., some regional Snapdragon variants of the Samsung Galaxy flagships. However, the window won’t last long as the vulnerability has already been patched in the mainline Linux kernel, and OEMs will probably roll out the fix as part of the upcoming monthly security updates. Nonetheless, stay away from installing apps from random sources for the time being to protect yourself. In the meantime, we expect that Google will push an update to the Play Protect to prevent the vulnerability from being exploited via rogue apps.
Source: Fire30 on Twitter
Via: Mishaal Rahman
Click to expand...
Click to collapse
This isn't necessarily bad news if the exploit is used non-maliciously. Could be beneficial for Verizon customers looking for a way to gain root.
westhaking said:
This isn't necessarily bad news if the exploit is used non-maliciously. Could be beneficial for Verizon customers looking for a way to gain root.
Click to expand...
Click to collapse
Could, yes. I'll remain pessimistic that it'll actually happen, and of course, it'll take someone willing to actually do the work. A very limited time to do it doesn't help unless someone with a spare Verizon device keeps it off the network/internet until something is implemented.
westhaking said:
This isn't necessarily bad news if the exploit is used non-maliciously. Could be beneficial for Verizon customers looking for a way to gain root.
Click to expand...
Click to collapse
I was just reading about this & that exact thought came to mind. The root access gained seems to be temporary, but if you can write to usually read only file system, could you not theoretically write a Magisk boot image (using dd, or in Magisk Manager itself?) or even toggle the OEM unlock switch via a SU shell command unlock the phone?
I'm not very well versed on how the mechanics behind OEM unlock switch in developer settings works & or how Verizon locks these phones down (UK based), but I would assume that it could be useful to help find a exploit for phones running any pre-April 22 update.
Edit: from my limited knowledge, can you not sideload a earlier OTA on Verizon devices? I know you could do so with Pixel 3 and earlier, but I haven't been following it too closely with later devices.
DanielF50 said:
or even toggle the OEM unlock switch via a SU shell command unlock the phone?
Click to expand...
Click to collapse
I've never heard of a shell command that could toggle the OEM unlock. That doesn't mean it hasn't existed, but I doubt it, otherwise, I would think on all the Verizon devices I used to have, and just root threads in general I should remember anyone making the suggestion, even if it required temporary root first.
DanielF50 said:
Edit: from my limited knowledge, can you not sideload a earlier OTA on Verizon devices? I know you could do so with Pixel 3 and earlier, but I haven't been following it too closely with later devices.
Click to expand...
Click to collapse
I was under the impression that all phones with the bootloader locked that you could never, ever downgrade via any method. Also, OTAs generally use deltas/differencing to patch known good files of version A to version B, and B to C, so applying a version B OTA to a device that's on version C would fail because the files on the device are the wrong version.
Like (let version A be represented with the value 1, B with 4, and C with 9):
Device is on version B, so "4".
OTA to go from B to C comes.
OTA says is device file "4"?
Yes! Add 5 to the file, it's now "9".
and then
Device is on version C, so "9".
Try to put the B to C OTA on the device.
OTA says is device file "4"?
No! It's "9", quit OTA process.
This might be simplified, and anyone correct me if I'm wrong, but this has definitely been the case some and I believe almost all, if not all, the time. The OTA files can be smaller that way because they don't contain replacement files. They only contain what the difference is between the old file and the new, which is usually much smaller than the entire file.