If you have an OnePlus device, I'm pretty sure you have this app pre-installed. To check open Settings -> Apps -> Menu -> Show system apps and search EngineerMode in the app list to check
-
-
This is the interesting strings of the lib. After a first read we can see that libcrypto is used and the key and the password are backup in /data/backup/fpwd and /data/backup/fkeypic.twitter.com/Y0JbAk3Fp7
Show this thread -
This is the code responsible of the password verification. 1st it check the length, calculate the hash and compare it to the correct one.pic.twitter.com/efldDJO0Qu
Show this thread -
Unfortunately, I didn't find the password, so if some you are skilled in reversing native lib, your help is very welcome!
Show this thread -
If the verification is passed the password hash is stored in /data/backup/fpwdpic.twitter.com/lkcWlr7Wfb
Show this thread -
and the key is made from different build properties like http://ro.build .type, http://ro.build .user,... and stored in /data/backup/fkeypic.twitter.com/NMto5BY7zp
Show this thread -
Using
@fridadotre and the script attached, I managed to bypass the escalate and isEscalated methods and become rootpic.twitter.com/oXGGEIqFad
Show this thread -
Here the source code of the EngineerMode apk: https://github.com/fs0c131y/EngineerMode …. Feel free to dig on your own and share your findings!
Show this thread -
cc
@AndroidAuth@AndroidPolice@androidandme@Androidheadline@AndroidPolice@xdadevelopers@AndroidSPIN@Gadgets360@TheHackersNews you have a subject here to write an article. It's not normal to have this kind of backdoor in an end user product...Show this thread -
-
EngineerMode APK is not the only interesting app left by
@Oneplus. More thread to come :)Show this thread -
Awesome! Thanks to
@insitusec and the@NowSecureMobile team, we have the password! It's now possible to root an@Oneplus device with a simple intentpic.twitter.com/gN0awYijBv
Show this thread -
I will publish an application on the PlayStore to root your
@OnePlus device in the next hoursShow this thread -
Difficulty to install
#SuperSu: 0! Everything is already preinstalled
.
The OnePlus root application is coming soon :)Show this thread -
The best thing in this story is the password. It's angela (see the reference?). This backdoor is here intentionally. When the fiction become a reality. Good luck
@getpeid, you will need a very good explanation. cc@whoismrrobotpic.twitter.com/IJgsu6hCEcShow this thread -
My Twitter at the moment. Thank you all for the impact you give to this story!pic.twitter.com/vcKlSrHwnT
Show this thread -
I'm still waiting more samples to confirm but yes EngineerMode is installed on
@OnePlus 5T. The DiagEnabled activity is here, so the backdoor too :)Show this thread -
Thanks to the awesome
@AdrianoDiLuzio, it's pretty easy to install supersu!pic.twitter.com/TKjcrol6Js
Show this thread -
Write up made by
@AdrianoDiLuzio to root your OnePlus device using the backdoor +#Magisk:https://gist.github.com/aldur/b785257ac26d23bce648cad3ce2f6dc8 …Show this thread
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
?