Jump to content











Photo

Universal Root Exploit [Run Unsigned Code!]

root android rooting exploit

  • Please log in to reply
2 replies to this topic

#1 f0x90

f0x90
  • Members
  • 3 posts
  • Location:EIP
  • Interests:ASM,Reversing,Security,Pentesting,Networking,Music
  •  
    United States

Posted 03 January 2014 - 02:43 PM

Submitted by f0x90 on Thu, 11/28/2013 - 17:26

When Android verifies an apk if there is a duplicate filename the first valid third party apk can be used to pass signature verification but the second file will be installed! Allows for running unsigned code and easy rooting!
http://resources.infosecinstitute.com/android-master-key-vulnerability-poc/

 



#2 Zoso

Zoso

    Silver Member

  • Advanced user
  • 640 posts
  •  
    Isle of Man

Posted 03 January 2014 - 05:02 PM

hi f0x90, welcome to reboot.pro

good to know this but sadly I cant say that I am surprised. the more I look into it (Android) Im finding it to be insecure and seemingly by design.

#3 _deXter_

_deXter_

    Newbie

  • Members
  • 25 posts
  •  
    New Zealand

Posted 25 January 2014 - 09:58 PM

hi f0x90, welcome to reboot.pro

good to know this but sadly I cant say that I am surprised. the more I look into it (Android) Im finding it to be insecure and seemingly by design.

 

Actually, the master-key vunlerability has long been fixed by Google.

 

Android isn't any more insecure than other mobile operating systems. Don't confuse "open" with "insecure".







Also tagged with one or more of these keywords: root, android, rooting, exploit

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users