So yes, if you send the command: adb shell am start -n http://com.android .engineeringmode/.qualcomm.DiagEnabled --es "code" "password" with the correct code you can become root!
-
-
-
EngineerMode APK is not the only interesting app left by
@Oneplus. More thread to come :)Show this thread -
Awesome! Thanks to
@insitusec and the@NowSecureMobile team, we have the password! It's now possible to root an@Oneplus device with a simple intentpic.twitter.com/gN0awYijBv
Show this thread -
I will publish an application on the PlayStore to root your
@OnePlus device in the next hoursShow this thread -
Difficulty to install
#SuperSu: 0! Everything is already preinstalled
.
The OnePlus root application is coming soon :)Show this thread -
The best thing in this story is the password. It's angela (see the reference?). This backdoor is here intentionally. When the fiction become a reality. Good luck
@getpeid, you will need a very good explanation. cc@whoismrrobotpic.twitter.com/IJgsu6hCEcShow this thread -
My Twitter at the moment. Thank you all for the impact you give to this story!pic.twitter.com/vcKlSrHwnT
Show this thread -
I'm still waiting more samples to confirm but yes EngineerMode is installed on
@OnePlus 5T. The DiagEnabled activity is here, so the backdoor too :)Show this thread -
Thanks to the awesome
@AdrianoDiLuzio, it's pretty easy to install supersu!pic.twitter.com/TKjcrol6Js
Show this thread -
Write up made by
@AdrianoDiLuzio to root your OnePlus device using the backdoor +#Magisk:https://gist.github.com/aldur/b785257ac26d23bce648cad3ce2f6dc8 …Show this thread
End of conversation
New conversation -
-
-
"It's not normal to have this kind of backdoor in an end user product" < If only that was true... Sadly, it is quiet common
-
Yes I know :/ but maybe we can change that? or at least try
-
Potentially, however the bulk of the change needs to be from within those orgs. We (many sec folks) have been fighting this fight for a long time, OEMs tend to not care
-
Folks need to vote with their wallets if they care about security. If you want to see an OEM who screws up constantly, look at the ADUPs/BLU/Mediatek junk - very similar (if not worse)
End of conversation
New conversation -
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.