Which exploit does EasyRoot use?


Last Updated:

  1. Nexeo

    Nexeo Active Member This Topic's Starter

    Joined:
    Jul 25, 2009
    Messages:
    35
    Likes Received:
    4
    Does anyone know what exploit the one-touch apps like EasyRoot and DMUpdater use? They certainly can't be flashing a new .sbf, right?
     

    Advertisement
  2. OMJ

    OMJ Bazinga VIP Member

    Joined:
    Nov 27, 2009
    Messages:
    3,288
    Likes Received:
    825
  3. vincentp

    vincentp Well-Known Member

    Joined:
    Nov 11, 2009
    Messages:
    1,640
    Likes Received:
    59
    No, it definitely can't flash an SBF. IIRC someone said the only access it requests is to Bluetooth, so maybe there's some sort of BT exploit that allows root access. I don't know for sure though.
     
  4. VIO

    VIO Well-Known Member

    Joined:
    May 12, 2010
    Messages:
    263
    Likes Received:
    62
    As an aside, it's it a bit frightening that an app could, for these devices, secretly root a phone and sit in the system doing what ever the hell it wants downloading apps secretly, uploading information, etc.

    all the user would ever see is something masking itself as a Bluetooth toggle widget, complete with all and only the appropriate permission for that type of app. Prudence or paranoia anent gonna save you in that case, just no way of knowing unless you are at a console or already rooted (unless it checks for the "real" su app and hides if it finds it)

    Honestly its so fricken foolproof, that if I was evil i'd be all about it
     
  5. OMJ

    OMJ Bazinga VIP Member

    Joined:
    Nov 27, 2009
    Messages:
    3,288
    Likes Received:
    825
    I agree completely. I really hope they get this hole patched soon and start pushing out said patch to all phones. Although we all know how quickly OTAs come out
     
  6. supersaki

    supersaki Well-Known Member

    Joined:
    Dec 3, 2009
    Messages:
    386
    Likes Received:
    36
    Supposedly patched in CM nightlies :)
     
  7. VIO

    VIO Well-Known Member

    Joined:
    May 12, 2010
    Messages:
    263
    Likes Received:
    62
    yeah as much I am all about "freeing the phone" I'm also all about having my identity/money/life left intact. These are gaping security holes that we are exploiting and then publishing the code for all over the internet.

    Viva la open source, but lets just stick to the exploits that at least require human contact and a computer/adb, or at the very least propose a fix and offer it up for review to AOSP to source code commitment a long with releasing to us to use.
     
  8. OMJ

    OMJ Bazinga VIP Member

    Joined:
    Nov 27, 2009
    Messages:
    3,288
    Likes Received:
    825
    huh didnt know that but doesnt surprise me. CM is always ahead of the curve. Makes me glad Im on a CM Nightly :D
     
  9. patch

    patch Well-Known Member

    Joined:
    Feb 14, 2010
    Messages:
    108
    Likes Received:
    11
    Thanks for link to source OMJ :)

    Before I got as far to see that they include the an "exploid" binary and the easyroot.apk includes the symbolic link to the hotplug device -- and they're trigging the hotplug in the kernel using a Bluetooth API. Brilliant IMHO.

    So vincent not an exploit of bluetooth per se, but the hotplug feature in the Linux kernel, they're just activating it using Bluetooth.

    To those that "wish these didn't happen" you wouldn't have your fancy "custom roms" today if were not for these exploits so really you should check yourself before you wreck yourself :p
     
  10. VIO

    VIO Well-Known Member

    Joined:
    May 12, 2010
    Messages:
    263
    Likes Received:
    62
    True, but there are always new exploits we "legitimate" rooters can use. I just prefer the ones that aren't really susceptible to an app stealing me blind :p
     
  11. OMJ

    OMJ Bazinga VIP Member

    Joined:
    Nov 27, 2009
    Messages:
    3,288
    Likes Received:
    825
    I agree with that to an extent but something like this that effects every android device and can easily be done by an app is something to be concerned about.

    Thats actually part of the reason that I like the SPRecovery root method because its not something that can be done without the users knowledge unless you give someone your phone.
     
  12. patch

    patch Well-Known Member

    Joined:
    Feb 14, 2010
    Messages:
    108
    Likes Received:
    11
    Yeah, it's a double edged sword -- we probally wouldn't be able to unlock our devices to their full potential, but at the same time it could be used for very malicious purposes.

    I think the fact they are in the public knowledge and widespread is better than only 1 person knowing about it, since the more public it is yes people could take advantage, but it also allows Google to fix the holes and perhaps rethink certain aspects of the OS overall which maybe could prevent these type of exploits in the future across perhaps other vulnerable areas.
     

Share This Page

Loading...