*Explative* Exploit!

Discussion in 'Android Hacks and Help' started by nateccnn, Apr 2, 2010.

  1. nateccnn

    nateccnn Active Member

    Joined:
    Feb 26, 2010
    Messages:
    865
    Likes Received:
    25
    Trophy Points:
    28
    Ratings:
    +25
    My brain is hurting and I need to see if I got all this root stuff right. Seems like a lot of experts in the field of rooting...except they say so many different and conflicting things. At least one of them has to be a "self proclaimed" expert...if you know what I mean.

    So...a couple weeks ago 2.1 was released to some test users. It immeditaely hit the custom rom market. We quickly had custom roms coming out based on 2.1 ESE53. Then the update gets pulled and we are told it is delayed due to the testers finding a bug. Yeah, right!

    Two weeks later 2.1 ESE53 rolls out as we thought it would 2 weeks ago. 1000 testers...then 9000 testers...then it gets released to the general public. Only now we are not seeing custom roms based on the new 2.1 ESE81.

    Some of the developers have speculated that the only difference between ESE53 and ESE81 is the "Exploit" was plugged. Kind of like on Lost, how Jacob explains to Richard that the wine (evil) is kept in the wine bottle (island) by placing a cork in it. Did Verizon release the "evil" version just to quiet down the rooters that were *****ing about the update taking so long and intentionally released it with the "Cork" removed? Then they release to the general public a "corked" version so the non-techies get some cake but can't screw themselves up too terribly?

    If this is true...all the rooters can stop crying about 'when is the BB or SG or DM coming out based on ESE81?'. If ESE53 has everything ESE81 has except it is "un-corcked" then we have what we want right now.

    So what is the exploit? It's a security flaw that allows malicious code to be run with su access (read up on SDK tools if you don't know what su is) on your phone. It would be in Verizon's best interest to NOT have that flaw on it's phones. But for tech savy folks it's OK because they get what they deserve, right? You wanna play...you suffer the consequences of your 'desires' if someone writes a malicous app and you install it. Just like in Windows when we click on an e-mail we know is not safe. But at least the geenral public has virus software to protect them. We don't have that on Android. So Verizon is protecting them from themselves by patching the exploit for the general release. But without saying so, they pre-released a version with no 'cork' in the wine bottle.

    Do I have that right? Or am I just seeing black helicopters again?

    Nate (who was really bored last night and did some serious google searching and probably should go back to bed now)
     
  2. Se7enLC

    Se7enLC Active Member

    Joined:
    Nov 16, 2009
    Messages:
    1,262
    Likes Received:
    0
    Trophy Points:
    36
    Ratings:
    +0
    No, you don't have it quite right...

    The original release 2.0 and 2.0.1 had a bug in the recovery bootloader that allowed unsigned updates to be applied. This was done by taking a valid update and "piggybacking" another zip file onto it. This bug was almost immediately patched upon discovery (in the android source tree), but didn't immediately get pushed to the phones.

    Once root was achieved, a bootloader was written that doesn't have that signature check (SPRecovery) - thereby keeping that hole open for future updates.

    The various leaked versions of 2.1 *ALL* have that update zip exploit patched. Let me say that again. ALL versions of 2.1 are unrootable at the moment. If you are running 2.1, you cannot root your device.

    Since developers have access to the 2.1 updates and a phone that will install whatever they want, it was a simple matter to take a 2.1 update and add applications that provide root access to it. This is *distinctly different* than being able to "root" a device that is running 2.1.

    So ESE81 is no different than ESE53 as far as security holes are concerned (as far as we know). Neither one was "rootable" in the classic sense of the word, but both have been made available as hacked updates that include root access (available to anybody that ALREADY has a rooted phone).

    If you got the 2.1 update over the air, there is no way (currently) to root the phone. The only known method involves downgrading to 2.0.1 (using RSDLite and the 2.0.1 SBF file), rooting that, and upgrading to a hacked copy of 2.1.

    Hope this clears things up for you.
     
  3. nateccnn

    nateccnn Active Member

    Joined:
    Feb 26, 2010
    Messages:
    865
    Likes Received:
    25
    Trophy Points:
    28
    Ratings:
    +25
    No...that did not clear anything up. You're talking about taking a 2.1 (be it ESE52 oe ESE81) and rooting from that. I'm talking about a 2.1 costom rom based on either of the two versions being available to rooters. I already knew I had to go back to 2.0.1 to acheive the root access and then install a rom based on a 2.1 version.

    I see where the ESE81s are availble with root applied. It looks like the easiest way to get that on your phone is through nandroid recovery. So you are recoverying someone elses backup. But no one was released a version with a 'one button wonder' installer option. Will that be available soon? It only took a few hours before we saw ESE53s hit the "one button wonder" installers. Somethign changed between ESE53 and ESE81.

    To me, I don't care. I have a rooted phone. I have 2.1 ESE53. I have everything I want on my phone. I don't care much for the ESE81. I tried it and it did not impress me.

    Nate
     
  4. Se7enLC

    Se7enLC Active Member

    Joined:
    Nov 16, 2009
    Messages:
    1,262
    Likes Received:
    0
    Trophy Points:
    36
    Ratings:
    +0
    Ok, so we're on the same page, then. The "exploit" only has to do with rooting the phone. ESE53 already had that exploit closed up, so if ESE81 closed something up, it must have been something different and I've yet to see any report of what it is. My guess is that it was other small usability and upgrade bugs that got fixed. Upgrading from 2.0.1 to 2.1 without losing data is not an easy task - note that most(all?) of the custom roms required that you install fresh.

    No, there's a one-button-wonder installer. Pete released one the same day the update.zip was released. Here's a link:

    [ROM] ESE81 Completely Stock With Proper Root, SU, & Baseband

    (Requires SPRecovery to install, since the update.zip is no longer correctly signed after being modified. Meant to install over 2.0.1 stock, so who knows what would happen if you install it over another rom)

    I think I will eventually update to ESE81 - but I'm not really motivated, either - like you said, I don't see ANY list of things that changed between ESE53 and ESE81.
     
  5. theascended

    theascended Member

    Joined:
    Nov 15, 2009
    Messages:
    64
    Likes Received:
    0
    Trophy Points:
    6
    Ratings:
    +0
    For what its worth, it actually took a few days for the .sbf to propagate the forums and these "one button wonders" to be created.

    There is absolutely nothing slowing progress for developers to bring custom ESE81 images to you, you're just impatient. The same day the OTA was released, Pete from alldroid release an update.zip for SPR that installed a rooted version of the OTA (including the baseband). If that isn't fast enough for you, then perhaps you should pickup the Android SDK and pull apart the OTA and make your own image. Just yesterday, less than 72 hours after the OTA was released, alldroid published a fully deodexed version of the update.zip which is going to allow all the custom themes to happen. Again, if that isn't fast enough for your, go do it yourself. Adamz from alldroid is also hard at work rebuilding the .33 kernel from multiple trunks and including patches from Cyanogen, Android, and the true kernel source to make a more efficient kernel that has many drivers built in (including netfilter for wifi-tether and RNIDIS for usb-tether). Again... not fast enough?
     
  6. nateccnn

    nateccnn Active Member

    Joined:
    Feb 26, 2010
    Messages:
    865
    Likes Received:
    25
    Trophy Points:
    28
    Ratings:
    +25
    I tried it. It did not work for me. So I don't consider it to be a "one button wonder". I am going to try pushing it with ADB tonight and see if I can get it working. Just for S&Gs.

    Nate
     
  7. nateccnn

    nateccnn Active Member

    Joined:
    Feb 26, 2010
    Messages:
    865
    Likes Received:
    25
    Trophy Points:
    28
    Ratings:
    +25
    Just to clear things up. I am not impatient. I am not sitting on the edge of my seat waiting for something new to come out. I like to play with things when they get released but I am not impatiently awaiting them.

    Most of the ROMs and Kernels I put on my phone I am using ADB Shell to push and plan to begin tearing into the the ROMS. I've been using VB to write databases for years...so I have a little tech saviness. My post was not meant to be taken as though I want something. I was simply posting some observations I thought noobies could relate to. Might get them to setlle down a bit and enjoy what they have at their disposal right now.

    And I realize everything I wrote is based on speculation. I think I made that clear.

    Nate
     
    #7 nateccnn, Apr 2, 2010
    Last edited: Apr 2, 2010
Search tags for this page
download exploit.bin
,

explative

,

exploit.bin android