You can open the EngineerMode app like this: 1. Open Dialer app 2. Dial *#*#83781#*#* If you swipe to the "HARDWARETEST" section, you will find the item "root check". Sounds like something interesting, no?pic.twitter.com/QWxdDbmbMO
French security researcher. Worst nightmare of Oneplus, Wiko, UIDAI, Kimbho and others. Not completely schizophrenic. Not related to USANetwork. DMs open.
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Add this Tweet to your website by copying the code below. Learn more
Add this video to your website by copying the code below. Learn more
By embedding Twitter content in your website or app, you are agreeing to the Twitter Developer Agreement and Developer Policy.
| Country | Code | For customers of |
|---|---|---|
| United States | 40404 | (any) |
| Canada | 21212 | (any) |
| United Kingdom | 86444 | Vodafone, Orange, 3, O2 |
| Brazil | 40404 | Nextel, TIM |
| Haiti | 40404 | Digicel, Voila |
| Ireland | 51210 | Vodafone, O2 |
| India | 53000 | Bharti Airtel, Videocon, Reliance |
| Indonesia | 89887 | AXIS, 3, Telkomsel, Indosat, XL Axiata |
| Italy | 4880804 | Wind |
| 3424486444 | Vodafone | |
| » See SMS short codes for other countries | ||
This timeline is where you’ll spend most of your time, getting instant updates about what matters to you.
Hover over the profile pic and click the Following button to unfollow any account.
When you see a Tweet you love, tap the heart — it lets the person who wrote it know you shared the love.
The fastest way to share someone else’s Tweet with your followers is with a Retweet. Tap the icon to send it instantly.
Add your thoughts about any Tweet with a Reply. Find a topic you’re passionate about, and jump right in.
Get instant insight into what people are talking about now.
Follow more accounts to get instant updates about topics you care about.
See the latest conversations about any topic instantly.
Catch up instantly on the best stories happening as they unfold.
You can open the EngineerMode app like this: 1. Open Dialer app 2. Dial *#*#83781#*#* If you swipe to the "HARDWARETEST" section, you will find the item "root check". Sounds like something interesting, no?pic.twitter.com/QWxdDbmbMO
This item is set to "rooted" if the method get_rootflag returns 1. This method is a native method defined in the jni_engineermode lib.pic.twitter.com/wcTpspt2W5
In the strings of libjni_engineermode.so we can find: - /data/misc/rootrecorder - [root_recorder] magic=%d\n - [root_recorder] rootflag=%d\n - [root_recorder] sprd magic verify pass.\n - [root_recorder] sprd magic verify failed.\npic.twitter.com/YlrgCMYykn
By disassembling the method get_rootflag we can see the following flow: 1) Open and read /data/misc/rootrecorder 2) Compare the value with 'ROOT' 3) Returns 1 if equals, otherwise 0pic.twitter.com/IhsyqA9g7R
As I didn't root my device yet, I can't write to /data/misc/rootrecorder
. Moreover, I didn't find any use of this backdoor in the limited part of the firmware I have. I will continue to dig 
How exactly is this a backdoor then?
There 2 possibilities:
- Set this flag will root the device
- This flag is set after a root procedure
As my device is not rooted, I cannot test it for now.
Anyway, it's clearly shows that a root procedure had been implemented by @ARCHOS without the knowledge of the user
You shouldn't call it a backdoor if you haven't tested that. Plus if it already needs root to write to /data, then so what? That process already has root so what would be the importance of this?
A root procedure implemented by the phone maker without the knowledge of the user is a backdoor...
Not sure you really understand the thing here. As said in the tweet this is a partial result but it clearly shows that @ARCHOS has a way to root the device.
The main hypothesis here is that this flag is set by another @ARCHOS system app. I will continue to dig to find how to trigger this procedure
Time to say a prayer for all those all-winner devices running that "rootmydevice" piece of code : https://github.com/allwinner-zh/linux-3.4-sunxi/commit/e8bb679bbb18b90174381bea0e643eb81a92030b … 
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.