Android rooting status

Ok, so I haven’t updated on this in a while and figured I should. The exploit I was going after apparently didn’t exist, I missed the check which rendered that attack useless. The next attack is the fastboot vector mentions elsewhere on the web the last several days. However so far I don’t see where he got his data from about that being exloitable. I can’t find sourcecode to anything but the client/pc side app. And those obviously can’t tell us what the phone side does. Provided he’s right we’d need to modify the pc app to send more then the safe limit and figure out where our code dumps to and how many bytes we have to work with.

There is also the potential to bruteforce the RSA signing key with a distributed attack via boinc. I haven’t looked too far into what keysize they used but if it’s within reason, that could be a good solution as well.

This entry was written by shadowmite , posted on Thursday May 13 2010at 09:05 pm , filed under News and tagged , , , , . Bookmark the permalink . Post a comment below or leave a trackback: Trackback URL.

4 Responses to “Android rooting status”