This lib is located in /system/lib/libdoor.so or /system/lib64/libdoor.so. You can find the sample here: https://www.virustotal.com/#/file/3e6df251ad4fe115563b51b302fec2d7836e14dd28ae06e8b41c1939d4bca33d …
-
Show this thread
-
This is the interesting strings of the lib. After a first read we can see that libcrypto is used and the key and the password are backup in /data/backup/fpwd and /data/backup/fkeypic.twitter.com/Y0JbAk3Fp7
1 reply 3 retweets 25 likesShow this thread -
This is the code responsible of the password verification. 1st it check the length, calculate the hash and compare it to the correct one.pic.twitter.com/efldDJO0Qu
2 replies 4 retweets 26 likesShow this thread -
Unfortunately, I didn't find the password, so if some you are skilled in reversing native lib, your help is very welcome!
2 replies 2 retweets 27 likesShow this thread -
If the verification is passed the password hash is stored in /data/backup/fpwdpic.twitter.com/lkcWlr7Wfb
1 reply 3 retweets 19 likesShow this thread -
and the key is made from different build properties like http://ro.build .type, http://ro.build .user,... and stored in /data/backup/fkeypic.twitter.com/NMto5BY7zp
1 reply 2 retweets 21 likesShow this thread -
Using
@fridadotre and the script attached, I managed to bypass the escalate and isEscalated methods and become rootpic.twitter.com/oXGGEIqFad
5 replies 12 retweets 60 likesShow this thread -
Here the source code of the EngineerMode apk: https://github.com/fs0c131y/EngineerMode …. Feel free to dig on your own and share your findings!
3 replies 24 retweets 79 likesShow this thread -
cc
@AndroidAuth@AndroidPolice@androidandme@Androidheadline@AndroidPolice@xdadevelopers@AndroidSPIN@Gadgets360@TheHackersNews you have a subject here to write an article. It's not normal to have this kind of backdoor in an end user product...4 replies 12 retweets 66 likesShow this thread -
"It's not normal to have this kind of backdoor in an end user product" < If only that was true... Sadly, it is quiet common
1 reply 2 retweets 7 likes
Yes I know :/ but maybe we can change that? or at least try
-
-
Potentially, however the bulk of the change needs to be from within those orgs. We (many sec folks) have been fighting this fight for a long time, OEMs tend to not care
1 reply 1 retweet 1 like -
Replying to @timstrazz @fs0c131y and
Folks need to vote with their wallets if they care about security. If you want to see an OEM who screws up constantly, look at the ADUPs/BLU/Mediatek junk - very similar (if not worse)
0 replies 0 retweets 0 likes
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.