If you have an OnePlus device, I'm pretty sure you have this app pre-installed. To check open Settings -> Apps -> Menu -> Show system apps and search EngineerMode in the app list to check
-
Show this thread
-
With telephony secret code you can access to manual tests like GPS test, root status test as stated in this article https://www.xda-developers.com/oneplus-hardware-diagnostic-tests … pointed by
@AleGrechi . But can do better...pic.twitter.com/7gTaZ848Gp
1 reply 16 retweets 50 likesShow this thread -
You can access to the "main" activity by sending this command: adb shell am start http://com.android .engineeringmode/.EngineeringMode You will have access to everything, not just the manual test.pic.twitter.com/UkwXPPmPDV
1 reply 17 retweets 56 likesShow this thread -
Having access to all these functions is a real issue. Combined with this attack, http://researchcenter.paloaltonetworks.com/2017/09/unit42-android-toast-overlay-attack-cloak-and-dagger-with-no-permissions …, a malicious app can do a lot of thing.
1 reply 13 retweets 40 likesShow this thread -
I will find time to make a POC. But it's not the biggest issue with this app.
1 reply 1 retweet 21 likesShow this thread -
The DiagEnabled, which is a
@Qualcomm made activity, is the best class in this EngineerMode APK. Check the methods in this activity: escalatedUp(boolean, string) sounds like a cool thing no
?pic.twitter.com/iQFfam6eg6
1 reply 4 retweets 38 likesShow this thread -
In the onCreate method if the intent is not null the escalatedUp method is called with the parameter enable=true and password=getIntent().getStringExtra("code"). Do you see where I'm going?pic.twitter.com/oa1i1NdlpU
1 reply 2 retweets 33 likesShow this thread -
The escalatedUp method is calling Privilege.escalate(password) and if the result is true, it set the system property persist.sys.adbroot and oem.selinux.reload_policy to 1pic.twitter.com/92LeBfDPAv
4 replies 16 retweets 43 likesShow this thread -
So yes, if you send the command: adb shell am start -n http://com.android .engineeringmode/.qualcomm.DiagEnabled --es "code" "password" with the correct code you can become root!
5 replies 28 retweets 75 likesShow this thread -
Replying to @fs0c131y @virqdroid and
Same in Lenovo ...pic.twitter.com/gK4JMVcGU2
1 reply 0 retweets 1 like
Yes, I think this app is in all @Qualcomm devices. Can you check if you have the libdoor.so in /system/lib/libdoor.so?
-
-
Replying to @fs0c131y @virqdroid and
Nope don’t have this filepic.twitter.com/o1r0TqwC3m
1 reply 0 retweets 1 like -
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.