RootingDevices » History » Version 28
Denis 'GNUtoo' Carikli, 12/25/2020 10:03 PM
Add magisk
| 1 | 1 | Denis 'GNUtoo' Carikli | h1. RootingDevices |
|---|---|---|---|
| 2 | |||
| 3 | h2. About root |
||
| 4 | |||
| 5 | Having root access on your computer empowers you to control your computer. Having users in control of their own computers is not a security vulnerability. |
||
| 6 | If you don't have root access, then you are locked out of your own computer, and this can be a very serious problem as you also have data in it, your data. |
||
| 7 | For instance if you can't copy your data outside and inside of the device, then you're stuck, and dependent on the software that is installed on that computer to use your data. |
||
| 8 | |||
| 9 | 2 | Denis 'GNUtoo' Carikli | In general, root is also required for being able to use any network protocol you wish or want to design as the tun/tap interface or other mechanism to send RAW packets requires root: It really enables you to use net neutrality and Internet design principles in practice. |
| 10 | 3 | Denis 'GNUtoo' Carikli | Some applications like "USB mountr":https://f-droid.org/en/packages/streetwalrus.usbmountr/ that makes use of the hardware features like the USB OTG to expose an USB iso over mass storage over the USB port require root. So it's a good idea to enable users to easily become root in Replicant. |
| 11 | 1 | Denis 'GNUtoo' Carikli | |
| 12 | However it's a good security practice not to give root access to programs that don't need it, or to people that you don't trust, as it could give them full control of the system. |
||
| 13 | And even if you trust programs enough, they could have vulnerabilities which enable an attacker to get root access. |
||
| 14 | So once the user is in control and has root, it's then a good idea not to have any vulnerabilities that could enable attackers to get root once they have code running in your computer. |
||
| 15 | |||
| 16 | h2. Introduction |
||
| 17 | |||
| 18 | 23 | Denis 'GNUtoo' Carikli | Many Android distributions that are shipped on the devices took away the ability for users to become root. |
| 19 | 1 | Denis 'GNUtoo' Carikli | Because of that it's sometime necessary to become root within such distributions. |
| 20 | For instance it can enable you to backup and migrate your data from the stock Android distribution to Replicant, or enable to backup the stock OS, etc. |
||
| 21 | |||
| 22 | 24 | Denis 'GNUtoo' Carikli | While running the stock distribution is not interesting per se if it's not fully free software, it can still be useful to do reverse engineering for instance. |
| 23 | |||
| 24 | 1 | Denis 'GNUtoo' Carikli | h2. Root exploits |
| 25 | |||
| 26 | 15 | Denis 'GNUtoo' Carikli | |_. Vulnerability names |_. CVE |_. Affected software and versions |_. Free software implementation | Status | |
| 27 | 1 | Denis 'GNUtoo' Carikli | | Towelroot | "CVE-2014-3153":https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153 | Linux 3.5 to 3.15 | "GPLv3 version, improved from github":https://git.replicant.us/contrib/GNUtoo/towelroot | Not yet tested | |
| 28 | 15 | Denis 'GNUtoo' Carikli | | * iovyroot |
| 29 | 17 | Denis 'GNUtoo' Carikli | * Pipe-iovec root | "CVE-2015-1805":https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1805 | Linux 2.6x to 3.15 | * None of "the 4 implementations on github":https://github.com/search?q=CVE-2015-1805 were under a free software license | | |
| 30 | 20 | Denis 'GNUtoo' Carikli | | Ping-Pong Root | "CVE-2015-3636":https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3636 | Linux ? to 4.1 | | | |
| 31 | 26 | Denis 'GNUtoo' Carikli | |/3. "Dirty COW":https://dirtycow.ninja/ |/3. "CVE-2016-5195":https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5195 |/3. Linux 2.6.13 to 4.9 | * "List of some free and nonfree implementations":https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs |
| 32 | 19 | Denis 'GNUtoo' Carikli | For the free implementations: |
| 33 | * "GPLv3 (+?) implementation in Go":https://github.com/mengzhuo/dirty-cow-golang |
||
| 34 | 1 | Denis 'GNUtoo' Carikli | * "GPLv3+ implementations in C++ and Go":https://github.com/gbonacini/CVE-2016-5195 |
| 35 | * "MIT implementation in crystal (what is it?)":https://github.com/xlucas/dirtycow.cr | | |
||
| 36 | 26 | Denis 'GNUtoo' Carikli | | * "MIT implementation in C":https://github.com/scumjr/dirtycow-vdso | Uses assembly (x86_64 only at this time) | |
| 37 | 27 | Denis 'GNUtoo' Carikli | | * "LGPLv3(+?) implementation in C":https://github.com/nowsecure/dirtycow | Tried 'cowpy', but it didn't work on I9100G: |
| 38 | 26 | Denis 'GNUtoo' Carikli | * Tried replacing /system/bin/run-as from /system which is ro says "Done" but binary not changed |
| 39 | * Tried replacing /system.prop from / which is probably rw, says "Done" but binary not changed | |
||
| 40 | 9 | Denis 'GNUtoo' Carikli | |
| 41 | 21 | Denis 'GNUtoo' Carikli | h2. Stock OS |
| 42 | |||
| 43 | 22 | Denis 'GNUtoo' Carikli | |_. Device |_. Android version |_. Kernel version | Motivations | |
| 44 | | GT-I9100G_CHN_CHN | 2.3.5 | 2.6.35.7 se.infra@SEI-30#2 | * Making a full backup of the device without relying on nonfree and non-redistributable software | |
||
| 45 | 21 | Denis 'GNUtoo' Carikli | |
| 46 | 9 | Denis 'GNUtoo' Carikli | h2. References |
| 47 | |||
| 48 | * https://github.com/ucam-cl-dtg/android-vulnerabilities/ |
||
| 49 | 28 | Denis 'GNUtoo' Carikli | |
| 50 | h2. See also |
||
| 51 | |||
| 52 | * "Magisk":https://github.com/topjohnwu/Magisk : GPLv3 software that Contains rooting code |