If the verification is passed the password hash is stored in /data/backup/fpwdpic.twitter.com/lkcWlr7Wfb
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
The best thing in this story is the password. It's angela (see the reference?). This backdoor is here intentionally. When the fiction become a reality. Good luck @getpeid, you will need a very good explanation.
cc @whoismrrobotpic.twitter.com/IJgsu6hCEc
My Twitter at the moment. Thank you all for the impact you give to this story!pic.twitter.com/vcKlSrHwnT
I'm still waiting more samples to confirm but yes EngineerMode is installed on @OnePlus 5T. The DiagEnabled activity is here, so the backdoor too :)
Thanks to the awesome @AdrianoDiLuzio, it's pretty easy to install supersu!pic.twitter.com/TKjcrol6Js
Write up made by @AdrianoDiLuzio to root your OnePlus device using the backdoor + #Magisk:https://gist.github.com/aldur/b785257ac26d23bce648cad3ce2f6dc8 …
Hey, just to clarify: the @AndroidPolice article states that apps can easily exploit this to grant root access. However, from what I can tell only the ADB shell process is given root so apps can't do anything with this.
Yes you're right. SuperSu is needed to give root access to apps
So that means this wording is incorrect? "This also means that it's possible for any Android app to achieve root using this method, which opens up OP devices to massive security issues."
Yes. An app can use this attack for example https://researchcenter.paloaltonetworks.com/2017/09/unit42-android-toast-overlay-attack-cloak-and-dagger-with-no-permissions …, send the "magic" intent and so allow adb root. From now, that's all
But granting ADB root still means that the exploiter needs ADB access in the first place, right? So it's not like a random app can exploit this then wreck havoc with root access—only someone with physical ADB access.
Yes you're right. However there are other implications. When the "magic intent" is executed it set the system property oem.selinux.reload_policy to 1. There is also an "engineer mode" which correspond to persist.sys.adb.engineermode
So for now, it too early to speak about a random app getting root access but we are on the good tracks
Is the rooting app still on the roadmap?
Definitively
Whoa!!
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.