This is the code responsible of the password verification. 1st it check the length, calculate the hash and compare it to the correct one.pic.twitter.com/efldDJO0Qu
French security researcher. Worst nightmare of Oneplus, Wiko, UIDAI, Kimbho and others. Not completely schizophrenic. Not related to USANetwork. DMs open.
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Add this Tweet to your website by copying the code below. Learn more
Add this video to your website by copying the code below. Learn more
By embedding Twitter content in your website or app, you are agreeing to the Twitter Developer Agreement and Developer Policy.
| Country | Code | For customers of |
|---|---|---|
| United States | 40404 | (any) |
| Canada | 21212 | (any) |
| United Kingdom | 86444 | Vodafone, Orange, 3, O2 |
| Brazil | 40404 | Nextel, TIM |
| Haiti | 40404 | Digicel, Voila |
| Ireland | 51210 | Vodafone, O2 |
| India | 53000 | Bharti Airtel, Videocon, Reliance |
| Indonesia | 89887 | AXIS, 3, Telkomsel, Indosat, XL Axiata |
| Italy | 4880804 | Wind |
| 3424486444 | Vodafone | |
| » See SMS short codes for other countries | ||
This timeline is where you’ll spend most of your time, getting instant updates about what matters to you.
Hover over the profile pic and click the Following button to unfollow any account.
When you see a Tweet you love, tap the heart — it lets the person who wrote it know you shared the love.
The fastest way to share someone else’s Tweet with your followers is with a Retweet. Tap the icon to send it instantly.
Add your thoughts about any Tweet with a Reply. Find a topic you’re passionate about, and jump right in.
Get instant insight into what people are talking about now.
Follow more accounts to get instant updates about topics you care about.
See the latest conversations about any topic instantly.
Catch up instantly on the best stories happening as they unfold.
This is the code responsible of the password verification. 1st it check the length, calculate the hash and compare it to the correct one.pic.twitter.com/efldDJO0Qu
Unfortunately, I didn't find the password, so if some you are skilled in reversing native lib, your help is very welcome!
If the verification is passed the password hash is stored in /data/backup/fpwdpic.twitter.com/lkcWlr7Wfb
and the key is made from different build properties like http://ro.build .type, http://ro.build .user,... and stored in /data/backup/fkeypic.twitter.com/NMto5BY7zp
Using @fridadotre and the script attached, I managed to bypass the escalate and isEscalated methods and become rootpic.twitter.com/oXGGEIqFad
Here the source code of the EngineerMode apk: https://github.com/fs0c131y/EngineerMode …. Feel free to dig on your own and share your findings!
cc @AndroidAuth @AndroidPolice @androidandme @Androidheadline @AndroidPolice @xdadevelopers @AndroidSPIN @Gadgets360 @TheHackersNews you have a subject here to write an article. It's not normal to have this kind of backdoor in an end user product...
Thanks for the heads up, we're looking into it.
You guys should give him a payment for finding this exploit
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.