I will find time to make a POC. But it's not the biggest issue with this app.
-
Show this thread
-
The DiagEnabled, which is a
@Qualcomm made activity, is the best class in this EngineerMode APK. Check the methods in this activity: escalatedUp(boolean, string) sounds like a cool thing no
?pic.twitter.com/iQFfam6eg6
1 reply 4 retweets 38 likesShow this thread -
In the onCreate method if the intent is not null the escalatedUp method is called with the parameter enable=true and password=getIntent().getStringExtra("code"). Do you see where I'm going?pic.twitter.com/oa1i1NdlpU
1 reply 2 retweets 33 likesShow this thread -
The escalatedUp method is calling Privilege.escalate(password) and if the result is true, it set the system property persist.sys.adbroot and oem.selinux.reload_policy to 1pic.twitter.com/92LeBfDPAv
4 replies 16 retweets 43 likesShow this thread -
So yes, if you send the command: adb shell am start -n http://com.android .engineeringmode/.qualcomm.DiagEnabled --es "code" "password" with the correct code you can become root!
5 replies 28 retweets 75 likesShow this thread -
If I want to use that root shell to do some changes (e.g remove a system apk), then can I disable root shell and maintain the changes I did? It will leave any root trace in the system? Should I unset some sys property?
1 reply 0 retweets 0 likes -
Replying to @andQlimax @oneplus and
yes you can just use adb shell setprop persist.sys.adbroot 0 and reboot
1 reply 0 retweets 2 likes -
Cool thanks. You really replying to everyone! What a day for you!
1 reply 0 retweets 1 like -
-
Replying to @fs0c131y @andQlimax and
Hey do you respond to DM I have a question regarding this root method that you've discovered
1 reply 0 retweets 1 like
I try to do my best!
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.