View Single Post
Old July 17th, 2013, 05:30 AM   #1 (permalink)
Senior Member
Thread Author (OP)
ironass's Avatar
Join Date: Aug 2010
Location: Cotswolds, England
Gender: Male
Posts: 8,020
Device(s): SGS4 GT-i9505. Rooted. GE KitKat 4.4.2 Danvdh ROM. Baseband: NC9. Kernel: ktoonsez+PhilZ
Carrier: Vodafone

Thanks: 1,088
Thanked 3,617 Times in 2,398 Posts
Default Master Key, Bluebox, root fix

(UPDATE See post #3)

Earlier last month, RFP from BlueBox published a sneak preview of his upcoming BlackHat talk, detailing a vulnerability in the Android platform that affects nearly all Android devices. Soon after, a vulnerability of similar nature and impact was published on Chinese forum. Both of these "Master Key" vulnerabilities allow an attacker to modify the code of an Android package without affecting the signature of the package as verified by the package manager, which has serious implications when considering system-signed packages. From an end user perspective, the vulnerabilities allow an attacker to take full control of a user's device.

Google will be issuing a fix for this in their newer releases of Android firmware. However, these fixes will take time to filter down the food chain from Google to carriers to users... if indeed, a firmware update is even issued for older devices that are now past End of Life, since this vulnerability affects 99% of all Android devices going back to Android 1.6, Donut.

Not wishing to take a chance, I have installed an app, free from the Play Store, which is the result of a research collaboration between Duo Security, a cloud-based two-factor authentication and mobile security company, and Northeastern University's System Security Lab (NEU SecLab) and patches the, "Master Key", vulnerabilities on rooted devices.

The patch is not phone, device or firmware specific... you can whack it on any Android device that is rooted. Once activated it patches the device but should you flash a different firmware you will need to patch it again.

The app is ReKey and can be downloaded from the Play Store



Did you know that hitting the Thanks button is quicker than typing it and the Search button is your friend.

Dummies Guides Rooting Galaxy S4 * Know Your S4 * Update Problems * Knox Security * Bloatware * GPS
ironass is online now  
Last edited by ironass; August 16th, 2013 at 01:34 AM. Reason: image added
Reply With Quote
The Following 5 Users Say Thank You to ironass For This Useful Post:
Atma (July 17th, 2013), lotus49 (July 19th, 2013), silentwitness (August 13th, 2013), sntaylor (July 17th, 2013), Sydney99 (July 17th, 2013)