Related
Does anyone know the mechanics of the exploits used on the Transformer? They tend to come as .exe files without source code. If we can figure out what they used to break HC on another device, it'd be our first step for the same on the TPT.
I ask this because the prior exploits not working on HC seems to indicate that many of the normal vectors were patched out of HC.
I'm pretty sure I've read somewhere that it uses Asus' backup app.
But it seems like that Lenovo's Mobility Manager has root-privileges to set up the device remotely. I think there could be an exploit for our tablets.
Or somebody finds an exploit inside the Honeycomb source code and provides an universal root mechanism.
Sadly I'm no dev, so chances are high that the text above is just bullsh*t
Hmmm, that's an interesting idea...I haven't paid much attention to the mobility manager. Also, there are a lot of Lenovo tools that would need root(their configuration manager when you activate it)....I wonder if it has any exposed undocumented interfaces...
won't have time for the next few days(holiday hectic period), but I'll do some decompiling on the lenovo apps to see what I can find expose in those goodies. Hopefully, I'll get the accursed Windows OS to recognize debug mode properly(or give up an VM linux).
Yes they use the backup tool.
All the preinstalled apk's reside in /mnt/pia, which itself is on an own partition: /dev/block/mmcblk0p6
realyst2k said:
Hmmm, that's an interesting idea...I haven't paid much attention to the mobility manager. Also, there are a lot of Lenovo tools that would need root(their configuration manager when you activate it)....I wonder if it has any exposed undocumented interfaces...
Click to expand...
Click to collapse
I don't think the mobility manager has any privileges beyond standard android permissions like android.permission.CHANGE_NETWORK_STATE or android.permission.CHANGE_WIFI_STATE.
There is also the McAfee Enterprise Mobility Management; I don't know exactly what it does but it seems like not much. You can shell over what is presumably a lot of $$$ so McAffee's app gives you a button to show the apps that you have to install yourself
Of course Lenovo saved itself the trouble of providing a backup solution, so there is no backup. In the strange Lenovo parallel universe, this is apparently acceptable for a business device.
Moved to general
I did not move this straight away because i thought it might become a development thread. Its not gone that way.
So because it is a question, i will move it to general.
Take it easy
O_G
Honeycomb exploit u
Yes I know the the Honeycomb exploit used on the Transformer . you contact me from the contact information or visit our website mobiloitte.com.
Anybody else upset that you cannot root the device and install common linux shell utilities on it such as ssh, curl, etc? I created a petition for google to create a set of shell utilities for all android owners, regardless as root. Even without root, there is no reason we can't use ssh. This is common on most linux hosts. Please have a look and consider signing the petition, or give me feedback.
https://www.change.org/p/google-inc...utm_source=share_petition&utm_medium=copylink
nothing stops you from making this yourself, or using one of the existing ways to run a ssh server
Terminal IDE provides lots of GNU utilities, but hasn't been updated for 5.0 compatibility https://play.google.com/store/apps/details?id=com.spartacusrex.spartacuside&hl=en
SSHDroid provides a SSH server https://play.google.com/store/apps/details?id=berserker.android.apps.sshdroid&hl=en
Hi #Sual, while you are correct, SSHDroid provides an SSHd server, However it does not provide a native ssh client, I could run through the connected device. I have tried many things suggested by users, but none of them offer a set of shell utilities I can run from the android host shell itself. Did you have a chance to read through the petition and fully understand what I'm requesting. Similar functionality would come from dan drowns android ports, or lil debi, or busybox, but all require root. Finally the fact things aren't updated for 5.0 compatibility, underscores that There is a reason that people desire this functionality on the device itself. Thanks for your feedback.
Saul Goodman said:
nothing stops you from making this yourself, or using one of the existing ways to run a ssh server
Terminal IDE provides lots of GNU utilities, but hasn't been updated for 5.0 compatibility https://play.google.com/store/apps/details?id=com.spartacusrex.spartacuside&hl=en
SSHDroid provides a SSH server https://play.google.com/store/apps/details?id=berserker.android.apps.sshdroid&hl=en
Click to expand...
Click to collapse
There are ways to run Busybox without root. Here's an app that makes it dead simple: https://play.google.com/store/apps/details?id=burrows.apps.busybox. I've used it on my XT1528 (Verizon Moto E) with great success.
There are also ways to run Debian without root, like KBOX: http://kevinboone.net/kbox3.html
I couldn't read your petition because the link is bad.
But I don't know why this is something you feel is owed to you by Google. I agree that it'd be useful, but it's totally not something I'd expect to be part of a mobile platform at all. It's clearly something you could make on your own. If existing solutions require root, it's in part because that makes it easier or because their creators assume that everyone has root.
ecaslak said:
There are ways to run Busybox without root. Here's an app that makes it dead simple: https://play.google.com/store/apps/details?id=burrows.apps.busybox. I've used it on my XT1528 (Verizon Moto E) with great success.
There are also ways to run Debian without root, like KBOX: http://kevinboone.net/kbox3.html
Click to expand...
Click to collapse
Hi @ecaslak ,
I will try your suggestions. Most recently I've tried GNURoot Debian, which uses proot. However I was unable to use the open ssh server I installed on it. However, I will still stand by my petition.
A significant portion of the Android community spends great effort trying to root their devices, many with only the desire for common functionality that we have from any core linux distribution. While having root itself on a device would be great, it should be expected that google provide all device owners with basic functionality found in most core linux distributions for the last 20+ years. Not including an option for basic user utilities ( ssh / wget or curl / most of what is included in busybox, a fairly powerful common shell such as bash or similar ) , that most non-root accounts have on practically all systems, limits the freedom of expression and ability to create that users have come to expect from a GNU Linux distribution.
While root can be enjoyed on many devices, this is often only available to a small segment of the population who either pays a significant amount more for a unlocked device with a free bootloader, or spends a significant amount of time trying to root their device. Android does seem to provide a small set of simple userland utilities such as ls, cat, but not much beyond that. This is a request to provide a set of utilities similar to what is found on most any common Linux distribution.
While their is some concern for manufacturers or communication companies to lock their users devices down, there should be no concern allowing basic utilities on all android devices. To be specific, what harm does allowing somebody to download a file through a terminal using wget or curl, or to ssh into a host , or the phone itself? Similar functionality to these kind of operations are provided to developers in the form of the Android SDK, and or libraries and programs that can be installed on all android platforms. However having simple system shell utilities is quite different that writing an application. Then there should be no harm in making them more accessible to the Android community, in said form. Finally the communications companies will benefit from increased usage, and therefore data billings from providing these features.
This petition requests that Google compile / create / maintain / distribute a set of common linux shell utilities to be included with the device, or provided through the play store for all Android versions moving forward. The people who are signing this petition believe that any owner should be able to use common *nixy functionality on any personally owned android device, regardless of device manufacturer or communication company.
Furthermore, we believe that by creating a standard distribution for these tools will reduce the effort of many people doing the same thing in their own time. That a standard will improve the tools themselves, and improve the Android experience to the community at large.
Google Android has stood on the back of giants, and taken the Linux kernel and wrapped a nice system and SDK around it, with the exception of removing some of the core functionality included in most any Linux system. Thus Android is significantly limiting the freedom of users. This is a proposal for the middle ground, which will allow a better system for everyone, even people who have no root or unlocked device.
Finally I Had a look at the kbox project, I think this sentence from their site underscores the challenge users face:
"Android is not Linux, as Google repeatedly tells us — and getting ordinary Linux desktop utilities to work in Android can be a chore, to say the least."
Hi @sual, I believe change.org is having some issues with their servers the past few days. Sorry for the dead link. I re-posted above and found it working. I also pasted the petition arguments above. It is my belief that if enough people desire a feature, then it is reasonable to ask Google to provide such a feature. I think it's reasonable to create a petition for something you believe in. Finally I appreciate your feedback, and have considered your point of view.
Saul Goodman said:
I couldn't read your petition because the link is bad.
But I don't know why this is something you feel is owed to you by Google. I agree that it'd be useful, but it's totally not something I'd expect to be part of a mobile platform at all. It's clearly something you could make on your own. If existing solutions require root, it's in part because that makes it easier or because their creators assume that everyone has root.
Click to expand...
Click to collapse
Finally, another link in case the copy link from the change.org platform is broken.
https://www.change.org/p/google-inc...-linux-shell-comands-for-the-android-platform
Incredibly few Android users root. And Android is not a traditional Linux distribution; it's a mobile OS that happens to use the Linux kernel. GNU/Linux distributions contain all these common tools because large essential portions of them are written in scripting languages and because they are needed for operation of the system. These things are simply superfluous in Android.
Google hasn't removed any functionality from a Linux distribution in the building of Android. They build a totally different system using Linux as the kernel. and have no need to include other separate components that comprise a standard Unixlike environment Just like all kinds of other embedded devices do. In this sense, Linux is a commodity OS kernel that competes with other open-source and proprietary ones. Furthermore, Android in particular depends on non-POSIX mechanisms like wakelocks and SELinux and uses an unPOSIXlike approach to isolate different apps (different uid per app).
I suggest you start writing code or organize a project and recruit developers to build this.
@sual Developers have already built plenty of Android binaries. I can build em. Look here: http://dan.drown.org/android/ . There are busybox sets all over the play store. The problem remains that they are usually crippled if installed without root. Crippled beyond the point of what you can do with a user account in most Linux environments. I thought the desire for this would be greater, but maybe I'm just an odd fish. I should save up and look for a platform that meets my wants and needs.
If tools running as a non-root user on Android seem more crippled than a non-root user on a typical Linux distribution, it's because Android uses a different UID per app for isolation purposes. Which is a good thing. Hence the existence of the "system" user on Android, accessible via adb, which has many more permissions than available to any particular app. Making even this set of permissions more widely available to apps would be a security nightmare, there's a reason you have to deliberately turn on developer mode then again enable ADB, and a reason why you (afaik) have to have root if you want to enable ADB over wifi on the device itself.
With that said, you should be able to package your own tools and run them via the adb user on any Android device, no?
I just got a Shield TV, and I love it. I'm probably going to root it tonight to tinker further.
One issue I have with it is how annoying it is to configure, side-load apps, upload files to, etc. I'd love to have a web console for it, and I'm willing to do most/all of the heavy lifting for the front-end and server-side web development perspective. I'm going to need help on other fronts, however.
I'm a full-stack web developer. Most of what I've done professionally is PHP, but I'm not married to that. I'm also pretty good at configuring apache/nginx/ha-proxy/etc. Though once upon a time, I wrote front-end applications in Java and C++, that's ancient history, and I don't really have time to re-learn those skills and the Android SDK. Also, I'm not much of a designer, so unless I'm just using a pretty stock framework like Bootstrap, I'll need someone else to provide the art.
What I'm envisioning is an app that we can have in the play store that has a very simple UI to:
- install an SSH server
- install bash
- install web server/app server
- install DDNS client
- launch server on boot
- check server for new versions of the software it installed
Stuff I want the web interface to do:
- install/uninstall apps (file submission, URLs, etc.)
- 1-click installs of common things people want (Kodi, Amazon Prime Video, etc.)
- start/stop sshd
- manage mounting/unmounting NFS/AFS/CIFS/etc. shares (is this even possible on Android?)
- restart the device
- configure most settings on the device, including some hidden stuff
- file management
So, what I can do:
- script the download/install/upgrade of stuff on already rooted box in bash
- write back-end web code in PHP, Python, or Go
- write HTML/CSS/JS for front-end
What I need help with:
- writing the Android TV app to trigger the install script
- some help understanding/bootstrapping the process (what's installed by default on Android? What's the minimum we can get away with? Do we need Python?)
- someone to design the app (honestly, this can wait until we've got a baseline functionality if we like)
Anyone interested in joining me?
I'm leaning towards Go for the web app, because the binary can (in theory) be deployed standalone, and can be its own web server, obviating the need for apache or nginx or whatever. Also, performance and memory utilization -- PHP and Python are fairly expensive to run, and this is a really minor background thing.
This would be open source on Github.
While I unfortunately don't have a machine to helpwith code, nor the time for the code, I thought I'd give you a dev/modders look on the possibility/dificulty of things. Please don't think that I am discredditing this idea, in fact, I like it. Just want to passibly help you consider dev order and dificulty oy each item as listed, and hopefully add my own as others may have interest.
- install/uninstall apps (file submission, URLs, etc.) <-- Would be pretty easy. Users should provide apks, or you'll need a site that stores a lot of them.
- 1-click installs of common things people want (Kodi, Amazon Prime Video, etc.) <-- Similar to last point. You'll have to have a mirror of updated apks, weather you or another host provides it. You'll probably need a web scraper if going to an external host.
- start/stop sshd <-- I suggest dropbear, even if it's not my cup of tea. It can be easily found in other apps and should find code in open source ones to get you started.
- manage mounting/unmounting NFS/AFS/CIFS/etc. shares (is this even possible on Android?) <-- can be done. Check Kodi or other open source apps for code, though there are usually caviats to each approach. Luckly Android has fuse in most kernels these days.
- restart the device <-- Very easy
- configure most settings on the device, including some hidden stuff <-- Gonna be a long process, but you can probably reverse engeneer the apks and parse the XML files for a shortcut.
- file management <-- Super easy. Use the ssh server, or adb connection.
Over all, I think a lot of this is possible. Luckly these machines have the beef for a web server, and several are ported last I checked, though they may be out of date. Even still, check their codebase for a massive head start as they are mostly required to keep open source by licence (Apache excluded, though some still are). I would also suggest these features as they would be somewhat easy to imprement once the base file management is started, and would broaden the scope to bring in more users, support and interest, and hopefully devs.
-Rom Manager for emulators.
Mass File Renamer based on Filebot (Both are java, so should not be TOO hard to port) as many buy this box for Kodi.
I'll think of more.
I'm not an app dev, though I do rom modding and sometimes porting, and I can offer insite to things, so if you have questions on specifics, please pm me. If I get some free time, and a dev machine, I'll let you know antd get things going in the right direction. May also want to, once this idea is flushed out, post something in a more general android TV/ App Development thread for cleanness and to get devs on board (don't post in dev till there is code to show on github though please.
Something like remix os would be nice, this x1 has a lots of power
Sent from my trltetmo using Tapatalk
This is a great idea. This device is in serious need of developer attention. Im not a dev at all but Ive gotten pretty familiar with this device and Android OS in general, especially after spending so much time digging around trying to make android things happen that apparently were not indended for Android TV. I will be more than happy to be a tester and keep up so as to offer any ideas and some of the ways Ive found to do stuff.
@kdb424 - Thanks for the info. I'm working on a prototype right now. First build is going to list a bunch of stuff from the setting status, and allow you to reboot the device. I'll post the Github repo when I have that.
Great ideas!
There is a tool sorta in development already that does a lot of this (I've mentioned it on the Shield Zone a couple of times)
https://sites.google.com/site/nvidiashieldtvutilityapp/home/
My main needs (personally) is a means to move files to and from and my current solution is a free FTP server that works even when the Shield TV is sleeping.
https://play.google.com/store/apps/details?id=com.theolivetree.ftpserver
... works very well despite having to side load, has a terrible interface, etc. Set and forget. What's great is, I can use my file-manager-on-steroids Directory Opus to manage files since it is a standard FTP connection.
@darkuni - Yeah, I saw that, but I've got no Windows PC's in the house -- 2 Macs, a Chromebook, a Linux server, phones and tablets. I'm an old-school UNIX guy, and Windows doesn't strike my fancy. Plus, it seems like the sort of thing a web app is best for. No need for a fat client.
darkuni said:
Great ideas!
My main needs (personally) is a means to move files to and from and my current solution is a free FTP server that works even when the Shield TV is sleeping.
https://play.google.com/store/apps/details?id=com.theolivetree.ftpserver
... works very well despite having to side load, has a terrible interface, etc. Set and forget. What's great is, I can use my file-manager-on-steroids Directory Opus to manage files since it is a standard FTP connection.
Click to expand...
Click to collapse
Thanks for that I'll give it a go. I use ES file manager currently but it closes the server when you exit the app. Will also try this on a couple of FireTV Sticks I have dotted around the house as Kodi boxes :good:
WARNING: This is not a place for you to come to say how great you think Chainfire is. I'm not calling his character into question, only his methodologies and the character of the outfit he sold out to (and I don't question the act of selling out, that's business, pays the bills, and puts kids through college). The debates about what people prefer and why are as old as the first software. And of course, I will not tell you what to do, no matter how much I disagree with you. If you UNDERSTAND what I have to say, then THIS software is for you. If you don't, you are probably better off with binaries.
The root situation on Android 5.x left a lot to be desired. There was basically just one distributor of a functional substitute user command (su), and it was binary. Recently, ownership of that binary and all of its history has become the property of a previously unknown legal entity called "Coding Code Mobile Technology LLC". While it was presented as a positive thing that that entity has a great involvement with android root control, this is actually a VERY frightening development.
The people at CCMT are no strangers to the root community. They have invested in, or own, a number of popular root apps (though I am not at liberty to disclose which ones) - chances are, you are running one of them right now. I believe SuperSU has found a good home there, and trust time will not prove me wrong.
Click to expand...
Click to collapse
There are precisely two motives I can imagine for buying up all the root control software for Android;
1) monetizing it, which is contrary to the user's best interests,
2) something very frightening and dangerous involving the potential exploitation of everybody's devices.
You don't know the owners, and they are distributing a binary, so who the heck knows WHAT is going on.
Now a few important considerations with respect to your security and privacy;
1) Obfuscated binary cannot be sanely audited.
2) Function of this binary depends on the ability to manipulate selinux policies on the fly, including RELOADING the policy altogether and replacing it with something possibly completely different. Frankly, I've never heard a single reason why this should be necessary.
3) While a root control application may give you nice audits over other software that is using its service, it can *EASILY* lie about what it is doing itself. It can delete logs, it can share root with other applications that they have made deals with, it can directly sell you out to spammers, etc.
That is WAY too dangerous, and not worth the risk.
Frankly, you are safer if you disable selinux AND nosuid, and just run the old style of root where you set a copy of sh as 6755. And that is FRIGHTENINGLY dangerous.
So not satisfied with this state of root, and especially now with a new unknown entity trying to control the world, we bring you the rebirth of the ORIGINAL Superuser:
https://github.com/phhusson/Superuser
https://github.com/lbdroid/AOSP-SU-PATCH (this one is mine)
From the history of THAT Superuser:
http://www.koushikdutta.com/2008/11/fixing-su-security-hole-on-modified.html
Yes, look at the Superuser repo above and see whose space it was forked from.
Note: This is a work in progress, but working VERY well.
Use my patch against AOSP to generate a new boot.img, which includes the su binary.
Features:
1) selinux ENFORCING,
2) sepolicy can NOT be reloaded.
3) It is NOT necessary (or recommended) to modify your system partition. You can run this with dm-verity!
The source code is all open for you to audit. We have a lot of plans for this, and welcome suggestions, bug reports, and patches.
UPDATE NOVEMBER 19: We have a new github organization to... "organize" contributions to all of the related projects. It is available at https://github.com/seSuperuser
UPDATE2 NOVEMBER 19: We have relicensed the code. All future contributions will now be protected under GPLv3.
*** Regarding the license change; according to both the FSF and the Apache Foundation, GPLv3 (but not GPLv2) is forward compatible with the Apache License 2.0, which is the license we are coming from. http://www.apache.org/licenses/GPL-compatibility.html . What this means, is that it is *ILLEGAL* for anyone to take any portion of the code that is contributed from this point onward, and use it in a closed source project. We do this in order to guarantee that this VITAL piece of software will remain available for EVERYONE in perpetuity.
Added binaries to my the repo at https://github.com/lbdroid/AOSP-SU-PATCH/tree/master/bin https://github.com/seSuperuser/AOSP-SU-PATCH/tree/master/bin
These are *TEST* binaries ONLY. Its pretty solid. If you're going to root, this is definitely the best way to do so.
The boot.img has dm-verity and forced crypto OFF.
The idea is NOT to use as daily driver, while I can make no warranties at all regarding the integrity of the software, I use it myself, as do others, and its pretty good.
What I would like, is to have a few lots of people try it out and report on whether things WORK, or NOT.
IF NOT, as many details as possible about what happened, in particular, the kernel audit "adb shell dmesg | grep audit". On non-*nix host platforms that lack the grep command, you'll probably have to have to add quotes like this in order to use android's grep: "adb shell 'dmesg | grep audit'".
How to try:
0) Starting with a CLEAN system.img, get rid of supersu and all of its tentacles if you have it installed, if it was there, it will invalidate the tests.
1) Install the Superuser.apk. Its just a regular untrusted android application. Yes, there is a security hole here, since we aren't (yet) authenticating the communications between the android application and the binaries, or validating the application by signature, or anything else that would prevent someone from writing a bad Superuser.apk. This is on the list of things to do.
2) fastboot flash boot shamu-6.0-boot.img
3) test everything you can think of to see if it works as expected.
Note: there are some significant visual glitches in the android application, but nothing that makes it unusable.[/quote] @craigacgomez has been working on fixing up the UI. Its really paying off!!!
How you can reproduce this YOURSELF, which we RECOMMEND if you feel like daily driving it (in addition, make sure that you UNDERSTAND everything it does before you decide to do that, you are responsible for yourself;
You can build it any way you like, but I do my android userspace work in eclipse, so that is what I'm going to reference. Import the project from phhusson's git, including SUBMODULES. Right click the Superuser project --> Android Tools --> add native support. The library name you choose is irrelevant, since it won't actually build that library. Right click project again --> Build configurations --> Build all. This will produce two binaries under "libs", placeholder (which we won't be using), and su. You need the su binary. Then right click project again --> run as --> android application. This will build Superuser.apk, install it, and launch it.
Next:
repo init -u https://android.googlesource.com/platform/manifest -b android-6.0.0_r1
repo sync
Then apply su.patch from my git repo.
UNFORTUNATELY, the repo command isn't smart enough to apply a patch that it created itself. That means that you are going to have to split up the patch into the individual projects and apply them separately to the different repositories. This isn't that hard of a step though, since there are only FOUR repositories I've modified... build/ (this just makes it possible to build with a recent linux distro that doesn't have an old enough version of openjdk by using oraclejdk1.7. The boot.img doesn't actually need the jdk to install anyway -- its just part of the checking stage, so its up to you.), device/moto/shamu/, external/sepolicy/, system/core/.
After applying the patches, copy the su binary you generated with eclipse into device/moto/shamu/
Then ". build/envsetup.sh; lunch aosp_shamu-userdebug; make bootimage". That should take a minute or two to complete and you will have a boot.img built from source in out/target/product/shamu/
NEW UPDATE!!!!
While I haven't yet gotten around to running a complete cleanup (very important family stuff takes priority), I *HAVE* managed to find a half hour to get on with the Android-N program. If anybody takes a peek at the AOSP-SU-PATCH repository on the AOSP-N branch, you should find some interesting things there.
One warning first though... I updated the patches to apply against the N source code, and then updated some more to actually compile, and compiled it all. BUT HAVE NOT HAD THE OPPORTUNITY TO TEST IT YET.
Nice thing you came up. Sounds awesome.
We should have an alternate to all LLC thing, no matter how much respect (I owe you Chainfire thing) we got for the man who created CF Root (since Galaxy S days) and SupeeSU.
wow, tyvm for this! Will definitely test for ya and let you know.
I already applied your patch, built my own binaries and the boot.img but won't have a chance to test anything until tomorrow. Would love to get this %100 working fine and yeah, will use this from here on out instead of supersu.
Thanks again and yeah, will post when I have something ^^
I will be following progress closely, as should others. Without something like this, many in the community may naively let a corporate entity control root access on their devices. This is extremely frightening, it may not happen right away but if you believe the an entity will not monetize or exploit the current situation I believe you are sadly mistaken.
I could be wrong, however, it's not a risk I will take lightly and no one else should either.
Thanks for this.
Nice work!! Will be following this thread closely.
Time for me to learn eclipse. And do a heck of a lot more reading.
Larzzzz82 said:
Time for me to learn eclipse. And do a heck of a lot more reading.
Click to expand...
Click to collapse
Just note that I use eclipse because I'm used to it. Its become the "old" way for android dev.
i just paid for superSU is this the same people?
TheLoverMan said:
i just paid for superSU is this the same people?
Click to expand...
Click to collapse
I'm not sure what you are asking... are you asking if I am in any way affiliated with supersu, then you probably failed to read the first post in this thread altogether.
Charging money for a binary blob to use root on your device is borderline criminal, and unquestionably immoral. I'm sorry to hear that they got something out of you.
This is pretty great. I'll be watching this as well.
Perhaps this is not the place to take the tangent but why does root behave as it does and not more similar to a standard linux distro? It seems like it would be much more secure to have a sudo function as opposed to an all encompassing root. I'll admit I'm not that familiar with the inner working of the android OS but off hand I can't think of any program that absolutely needs to be automatically granted root every time it wants to run (I'm sure there are but even in this case the power user could chown it to standard root).
Wouldn't it be much more secure if you had to go in to developer options (which are already hidden by default) and turn on the option for sudo. This would then require a sudo-user password (perhaps even different than the standard lock screen password). Need to run a adblock update? Enter the password. Need to run Titanium backup? Enter the password... etc. Much more secure than a push of "accept".
Sorry for off topic but it's always made me wonder and seems like it would be root done right (see how I tied that back to the topic ) If elevating programs/tasks to a superuser was more secure perhaps it would not need to be such an issue...
^ Some root functionality is just too common for a Linux like sudo password to be usable at all. I'll give 2 examples:
1. Since Lollipop Google disabled access to mobile network settings for third party apps. Now it's only possible with root. I have an app that together with Tasker automates my network changing. That network app needs root access EVERY time there is any changes to the connected network and when it wants to change the settings.
Phone connects to a different cell tower? Root needed to detect this and determine the mobile network status.
You can figure how many times this is required per day.
2. I use Greenify to force some misbehaving apps to sleep after the screen goes off. It needs to request root every time it wants to sleep one of those apps. In other words every time I use them, after my screen goes off and I turn it back on I'd be facing both my secure lockscreen and the sudo password.
There's are plenty of other apps that need to request root access on a regular basis. These were just a few examples. If you only need root for TiBu then a sudo password type of security measure would work. In my case all I'd be doing with my phone would be typing that password again and again.
Beyond what is said above, to my understanding... What "root" is is just a way to install the "su" binary to your phone, with a nice GUI to make it more friendly for phone/tablet use.
Being rooted, if memory serves, is being able to access and change any file in your root directory, at least that's a simplified way to see it. The SU app is a GUI that is mostly used to control the ability of apps to access and change the root directory.
Sent from my Nexus 6 using Tapatalk
Interesting thread. Thanks for your work....subscribed
doitright said:
There are precisely two motives I can imagine for buying up all the root control software for Android;
1) monetizing it, which is contrary to the user's best interests,
2) something very frightening and dangerous involving the potential exploitation of everybody's devices.
Click to expand...
Click to collapse
I would suggest that there is a third potential motive here - that having control over the "only" way of rooting Android devices might be attractive to Google.
I've read a few articles suggesting that they would prefer to prevent people from rooting their phones (partially so that they can monetise Android Pay - which requires a Trusted Computer Base, which means unrooted - as well as controlling Ad Blockers, which affect a revenue stream). I also suspect that only a tiny minority of Android users - and most of them are probably on here - actually root their devices.
Regardless of the motives, having a technological monoculture is never a good thing, especially when it is delivered as a binary owned by an unknown organisation.
(No disrespect to Chainfire - I have had many years of root access to my devices thanks to his efforts.)
scryan said:
Beyond what is said above, to my understanding... What "root" is is just a way to install the "su" binary to your phone, with a nice GUI to make it more friendly for phone/tablet use.
Click to expand...
Click to collapse
Not quite.
"root" is the *name* of a privileged user, with user id of 0.
The "su" command (short for substitute user), is used to substitute your current user for another user, but most particularly root.
Every application and many subsystems in Android are granted each their own user, which are very restrictive, hence the need to escalate to root to obtain necessary privileges.
Philip said:
I would suggest that there is a third potential motive here - that having control over the "only" way of rooting Android devices might be attractive to Google.
Click to expand...
Click to collapse
What does that have to do with the third party? I doubt very much that Google would appreciate the security of their users being compromised by a 3rd party.
urrgevo said:
Being rooted, if memory serves, is being able to access and change any file in your root directory, at least that's a simplified way to see it. The SU app is a GUI that is mostly used to control the ability of apps to access and change the root directory.
Click to expand...
Click to collapse
Nope. The root directory can be setup to be accessible by specific users just by applying the appropriate permissions to the files.
The root directory and root user are not specifically related.
doitright said:
What does that have to do with the third party? I doubt very much that Google would appreciate the security of their users being compromised by a 3rd party.
Click to expand...
Click to collapse
Because the "third party" might actually be Google (or an organisation funded by them).
---------- Post added at 15:05 ---------- Previous post was at 15:02 ----------
doitright said:
Every application and many subsystems in Android are granted each their own user, which are very restrictive, hence the need to escalate to root to obtain necessary privileges.
Click to expand...
Click to collapse
Shouldn't need to su to root to do this - that's what setuid and setgid are for.
Yesterday, I noticed my Dynalink 4K Box struggling with 4K video. After running "top" in "adb shell", I found a strange process named "askey_tr", running as root (!), occasionally pegging the CPU at 100-200%.
I decided to dig around and in the end was so spooked (and annoyed with the performance drop) that I ended up rooting my device and removing this binary with a DIY Magisk module. Here's what I found by running "strings" on the binary.
It seems to include help strings for common unix tools like ping and traceroute:
Code:
Modern traceroute for Linux, version 2.1
Copyright (c) 2016 Dmitry Butskoy, License: GPL v2 or any later
You do not have enough privileges to use this traceroute method.
ping: can't set multicast time-to-live
This would've almost fooled me (maybe "tr" in askey_tr stands for traceroute, right?), however, it gets more interesting after you look more. There are references to something called TR069:
Code:
external/tr069/source/atomic.c
external/tr069/source/sd.c
external/tr069/source/ft.c
Googling revealed that TR069 is a protocol for remote management of consumer devices, including set-top boxes. That would make some sense. There is even a paper describing use of TR069 for Android devices. However, the unknown extent of this type of "management" scares me. Wouldn't Android's standard update mechanisms be enough?
There are also some strings that look like metrics about the device:
Code:
Device.DeviceInfo.ProcessorNumberOfEntries
Device.DeviceInfo.SupportedDataModel.1.URN
Device.DeviceInfo.ProcessStatus.ProcessNumberOfEntries
Device.ManagementServer.ConnectionRequestUsername
Device.ManagementServer.STUNUsername
Device.ManagementServer.StandbyPolicy.NetworkAwarenessCapable
Device.UserInterface.PasswordRequired
Device.UserInterface.ISPName
Device.UserInterface.RemoteAccess.X_Charter_AllowedIpRanges
Device.Ethernet.RMONStats.template.DropEvents
Device.Ethernet.Interface.2.Enable
Device.Ethernet.Interface.2.Stats.BytesReceived
Device.Ethernet.Interface.1.Enable
Device.Ethernet.Interface.template.LowerLayers
Device.Ethernet.Interface.template.Stats.BytesReceived
Device.Ethernet.Link.2.Stats.DiscardPacketsSent
Device.Ethernet.Link.1.Stats.UnicastPacketsSent
Device.Ethernet.Link.template.Stats.BroadcastPacketsSent
Device.Ethernet.Link.template.Stats.BroadcastPacketsReceived
Device.Ethernet.VLANTermination.template.Stats.BroadcastPacketsReceived
Device.SoftwareModules.ExecutionUnit.template.Status
Device.SoftwareModules.ExecutionUnit.template.References
Things related to XMPP protocol:
Code:
ctrl_send_sig ctrl_sig_xmpp_status_changed
jabber:client
xmpp_load_pem_cert
And some other things that give us clues: HTTP request templates, symbols from OpenSSL, etc.
I also tried to drop this executable into Ghidra, but felt way out of my depth as I'm not experienced in reverse engineering. Perhaps this will pique the interest of someone more skilled.
So in conclusion, this may be something as benign as a software for delivering OTA updates, or a full-on backdoor. The troubling part is it running automatically as "root" and the fact that its nature is not documented anywhere.
I'm attaching the binary and a zip of the contents of /data/tr069 where the executable seems to store its data.
sus
looked through the string table
found RAND_seed, Device.Users.User.2.Password, GetSSIDFromTR069ManagerServer
TR-069 is a remote management protocol standard. It's likely been put in that box for remote command and set up. I've been working with one Android TV OEM to include it in a set top for monitoring and basic config/maintenance stuff. In a way it would be a kind of backdoor to change config info or diagnostics. It was likely built in by the manufacturer for that purpose though and not some nefarious 3rd party (assuming the manufacturer's intentions are noble). I think it boils down to if you trust the box maker or not. TR-369 is the newer variation of it. This doc goes into some more detail on what it can be used for.