User:Chipmunk: Difference between revisions
From Somewhat Obscure Computing
Jump to navigationJump to search
the phone also checks for a value derived from the steady partition, which appears to be signed |
No edit summary |
||
| Line 8: | Line 8: | ||
* Port [https://github.com/oscardagrach/galaxy_s5_dev_tree_appended_bug galaxy_s5_dev_tree_appended_bug] to my AT&T Galaxy S5 (currently borrowed), and AT&T Samsung Gear S (vulnerability is questionable due to the different boot image format). | * Port [https://github.com/oscardagrach/galaxy_s5_dev_tree_appended_bug galaxy_s5_dev_tree_appended_bug] to my AT&T Galaxy S5 (currently borrowed), and AT&T Samsung Gear S (vulnerability is questionable due to the different boot image format). | ||
* Reverse engineer Samsung's reactivation lock (<code>libterrier.so</code>?) and document it (that's where the 'obscure' in 'Somewhat Obscure Computing' comes from - I doubt this feature is well documented!). | * Reverse engineer Samsung's reactivation lock (<code>libterrier.so</code>?) and document it (that's where the 'obscure' in 'Somewhat Obscure Computing' comes from - I doubt this feature is well documented!). | ||
* Use [https://i.blackhat.com/USA-20/Wednesday/us-20-Chao-Breaking-Samsungs-Root-Of-Trust-Exploiting-Samsung-Secure-Boot.pdf an exploit] to tethered unlock my Galaxy J3 Prime and/or my Galaxy J3 Orbit (if possible) (also document the <code>steady</code> partition on the wiki). | * Use [https://i.blackhat.com/USA-20/Wednesday/us-20-Chao-Breaking-Samsungs-Root-Of-Trust-Exploiting-Samsung-Secure-Boot.pdf an exploit] to tethered unlock my Galaxy J3 Prime, Galaxy J7 Prime and/or my Galaxy J3 Orbit (if possible) (also document the <code>steady</code> partition on the wiki). | ||
* Port an EFI implementation to an x86 phone (Asus Z00D). | * Port an EFI implementation to an x86 phone (Asus Z00D). | ||
* Write a tool to ''reliably'' exploit [[wikipedia:Dirty Cow|Dirty Cow]], preferably ''without'' touching <code>/system</code> and escalating to the ''init'' context (for legacy devices of course) (also, can I easily write process memory? I suppose I will find out...). | |||
* Look into unlock methods for various phones... (I own too many). | * Look into unlock methods for various phones... (I own too many). | ||
Revision as of 04:46, 30 June 2025
Hello.
I created this wiki, originally as a place for me to document useful information I find about various hardware. This was actually going to be a personal wiki originally, however I realized the wiki would potentially be much more useful if others could add information. Who knows, maybe someday, it might document high amounts of devices.
Also, I am actually fairly new to the Android device hacking scene. I began looking into it in 2024, and have since learned many things. I am also still quite new to low-level programming and reverse engineering.
Some things I aim to do eventually:
- Port galaxy_s5_dev_tree_appended_bug to my AT&T Galaxy S5 (currently borrowed), and AT&T Samsung Gear S (vulnerability is questionable due to the different boot image format).
- Reverse engineer Samsung's reactivation lock (
libterrier.so?) and document it (that's where the 'obscure' in 'Somewhat Obscure Computing' comes from - I doubt this feature is well documented!). - Use an exploit to tethered unlock my Galaxy J3 Prime, Galaxy J7 Prime and/or my Galaxy J3 Orbit (if possible) (also document the
steadypartition on the wiki). - Port an EFI implementation to an x86 phone (Asus Z00D).
- Write a tool to reliably exploit Dirty Cow, preferably without touching
/systemand escalating to the init context (for legacy devices of course) (also, can I easily write process memory? I suppose I will find out...). - Look into unlock methods for various phones... (I own too many).
