Shadowmite.com Blog

Android rooting status

Ok, so I haven’t updated on this in a while and figured I should. The exploit I was going after apparently didn’t exist, I missed the check which rendered that attack useless. The next attack is the fastboot vector mentions elsewhere on the web the last several days. However so far I don’t see where he got his data from about that being exloitable. I can’t find sourcecode to anything but the client/pc side app. And those obviously can’t tell us what the phone side does. Provided he’s right we’d need to modify the pc app to send more then the safe limit and figure out where our code dumps to and how many bytes we have to work with.

There is also the potential to bruteforce the RSA signing key with a distributed attack via boinc. I haven’t looked too far into what keysize they used but if it’s within reason, that could be a good solution as well.

This entry was written by shadowmite , posted on Thursday May 13 2010at 09:05 pm , filed under News and tagged android, exploit, hack, incredible, root . Bookmark the permalink . Post a comment below or leave a trackback: Trackback URL.

4 Responses to “Android rooting status”

angel12 says:

May 15, 2010 at 7:04 am

i believe the RSA key used to sign the updates are 2048, i might be wrong on that though
Hetal Patel says:

May 15, 2010 at 2:19 pm

Any key size beyond 56bit will take years to brut force.
Shadowmite says:

May 16, 2010 at 9:08 am

Wrong, up to 512 bits is really fast now. Htc appears to be using 1024bits however.
mike says:

May 18, 2010 at 7:03 am

Any more updates on this?

Android rooting status

4 Responses to “Android rooting status”

Polls

Links

Recent Posts

Meta

Shadowmite.com Blog

Android rooting status

4 Responses to “Android rooting status”

Polls

Links

Recent Posts

Meta

Tags