CVE-2014-8609 settings pendingintent - Galaxy S6 Active

So with the new MM update, using the app Trustable by Bluebox shows that CVE-2014-8609 is still a vulnerability somehow. Since the bootloader cannot be unlocked, I don't think this can be utilized, but I just wanted to point it out to everyone. I don't believe this vulnerability was there in 5.1.1.

Related

[Q] 5.0 and rooting on locked device

Hey,
So as mentioned in the large "How to root" thread, any update after 4.4.3 will essentially make your device unrootable (or unwritable).
I have the xt1058, which is one of the devices with a locked bootloader. This device is also compatible with Android 5.0, so I was wondering if I flash a captured OTA of 5.0 for the xt1058, will that lock out my bootloader and ensure that I can never root again?
Thanks!
5.0 > 4.4.3 so logic would lead me to say yes, you're stuck running stock.
If you are locked, you will not be able to Root on 5.0 for now, or for awhile.... If ever.
---------- Post added at 10:26 AM ---------- Previous post was at 10:26 AM ----------
Once it comes out of course.
---------- Post added at 10:27 AM ---------- Previous post was at 10:26 AM ----------
if you really want to Root.... Best to not update, as they may figure out how to Root kit Kat and not Lollipop. Usually how it goes.
themsftcpu said:
Hey,
So as mentioned in the large "How to root" thread, any update after 4.4.3 will essentially make your device unrootable (or unwritable).
I have the xt1058, which is one of the devices with a locked bootloader. This device is also compatible with Android 5.0, so I was wondering if I flash a captured OTA of 5.0 for the xt1058, will that lock out my bootloader and ensure that I can never root again?
Thanks!
Click to expand...
Click to collapse
Not sure what you mean by "flash a captured OTA" but with a locked bootloader all you can flash is a ROM or OTA which is digitally signed by Moto and meant for your phone and its CID value. In other words, you can't capture an OTA zip file, modify, repack it and flash it to include Root, if you have a locked bootloader.
If you want usable root on the X you need two parts 1. Root Exploit, and 2. An Exploit that allows for disabling Write Protection.
If you have a locked bootloader you need someone to find these exploits and create a repeatable process to use them to gain root and disabling write protection. You basically need to find and exploit a flaw or vulnerability in the phone, or its software. i.e. Hack It.
When Write Protection is enabled (the phone's default state with locked bootloader, or the state you are in after you install 4.4.2), any changes made to /system, or the like, (including, but not limited to, App installs, file modifications, deletions, renames, etc) are not permanent and are lost at power off/on.
On a locked bootloader you are relying on someone finding vulnerabilities in the phone or its software to both root and disable write protection. Period. No way around that.
As it stands right now, no one has released info on any vulnerabilities which could gain root on a locked bootloader 2013 X which have been upgraded to 4.4.4. So there is no process for rooting those locked bootloader phones.
While JCASE's Sunshine tool can exploit a vulnerability to unlock the bootloader (disabling write protection), it needs to be able to ROOT, or Temp Root, the phone first, which leaves out phones on 4.4.4 (unless I've missed a change recently). (and before you ask, no, you can NOT safely downgrade from 4.4.4 to 4.4.2 or lower, nor can you get to a state where Sunshine will work once you have 4.4.4 on your phone.)
With further security enhancements as android evolves, its only going to get more difficult finding vulnerabilities to exploit and creating repeatable processes for those with locked bootloaders. In other words while there might be a chance someone comes up with something for locked bootloader 2013 X's on Lollipop, I wouldn't count on it happening, nor would I "bet the farm" that it will ever happen.
KidJoe said:
Not sure what you mean by "flash a captured OTA" but with a locked bootloader all you can flash is a ROM or OTA which is digitally signed by Moto and meant for your phone and its CID value. In other words, you can't capture an OTA zip file, modify, repack it and flash it to include Root, if you have a locked bootloader.
If you want usable root on the X you need two parts 1. Root Exploit, and 2. An Exploit that allows for disabling Write Protection.
If you have a locked bootloader you need someone to find these exploits and create a repeatable process to use them to gain root and disabling write protection. You basically need to find and exploit a flaw or vulnerability in the phone, or its software. i.e. Hack It.
When Write Protection is enabled (the phone's default state with locked bootloader, or the state you are in after you install 4.4.2), any changes made to /system, or the like, (including, but not limited to, App installs, file modifications, deletions, renames, etc) are not permanent and are lost at power off/on.
On a locked bootloader you are relying on someone finding vulnerabilities in the phone or its software to both root and disable write protection. Period. No way around that.
As it stands right now, no one has released info on any vulnerabilities which could gain root on a locked bootloader 2013 X which have been upgraded to 4.4.4. So there is no process for rooting those locked bootloader phones.
While JCASE's Sunshine tool can exploit a vulnerability to unlock the bootloader (disabling write protection), it needs to be able to ROOT, or Temp Root, the phone first, which leaves out phones on 4.4.4 (unless I've missed a change recently). (and before you ask, no, you can NOT safely downgrade from 4.4.4 to 4.4.2 or lower, nor can you get to a state where Sunshine will work once you have 4.4.4 on your phone.)
With further security enhancements as android evolves, its only going to get more difficult finding vulnerabilities to exploit and creating repeatable processes for those with locked bootloaders. In other words while there might be a chance someone comes up with something for locked bootloader 2013 X's on Lollipop, I wouldn't count on it happening, nor would I "bet the farm" that it will ever happen.
Click to expand...
Click to collapse
What about using safestrap? I also own a locked moto x and am currently running a rooted 4.4.4 ROM via safestrap.
Would this be possible to do with lollipop while retaining root?
frenchie007 said:
What about using safestrap? I also own a locked moto x and am currently running a rooted 4.4.4 ROM via safestrap.
Would this be possible to do with lollipop while retaining root?
Click to expand...
Click to collapse
You'll likely still need to find a software vulnerability to exploit to gain root. And if Lillipop uses a new Kernel (which is does) it may not be compatible with the current Safestrap. And Hash stopped developing Safestrap.
That being said.. Safe strap requires the host phone/os be rooted with write protection disabled. So if you are running Safestrap on a 2013 X, you likely have Android 4.4 or lower as your host OS and have used something like SlapMyMoto/RockMyMoto along with MotoWpNoMo to root and disable write protection on your host OS. If this is the case, use Sunshine to unlock your bootloader. It will be much easier.
KidJoe said:
You'll likely still need to find a software vulnerability to exploit to gain root. And if Lillipop uses a new Kernel (which is does) it may not be compatible with the current Safestrap. And Hash stopped developing Safestrap.
That being said.. Safe strap requires the host phone/os be rooted with write protection disabled. So if you are running Safestrap on a 2013 X, you likely have Android 4.4 or lower as your host OS and have used something like SlapMyMoto/RockMyMoto along with MotoWpNoMo to root and disable write protection on your host OS. If this is the case, use Sunshine to unlock your bootloader. It will be much easier.
Click to expand...
Click to collapse
Yep, I was holding out on unlocking with sunshine but seems like its necessary to keep root for lollipop. Thanks!
frenchie007 said:
Yep, I was holding out on unlocking with sunshine but seems like its necessary to keep root for lollipop. Thanks!
Click to expand...
Click to collapse
Why would you ever wait to unlock your bootloader if you're able to? You wouldn't have to worry about any of this with an unlocked bootloader.
nhizzat said:
Why would you ever wait to unlock your bootloader if you're able to? You wouldn't have to worry about any of this with an unlocked bootloader.
Click to expand...
Click to collapse
My only guess would be.... he is still under warranty and isn't in a hurry to void it?
nhizzat said:
Why would you ever wait to unlock your bootloader if you're able to? You wouldn't have to worry about any of this with an unlocked bootloader.
Click to expand...
Click to collapse
KidJoe said:
My only guess would be.... he is still under warranty and isn't in a hurry to void it?
Click to expand...
Click to collapse
Because sunshine costs money and yes, I'm in no hurry to unlock it (until lollipop comes along that is)
frenchie007 said:
Because sunshine costs money and yes, I'm in no hurry to unlock it (until lollipop comes along that is)
Click to expand...
Click to collapse
Just keep in mind.... As soon as you update to 4.4.4 or Lollipop, There's no guarantee you'll ever be able to unlock with Sunshine.
You likely know this... But just checking. ?
Darth said:
Just keep in mind.... As soon as you update to 4.4.4 or Lollipop, There's no guarantee you'll ever be able to unlock with Sunshine.
You likely know this... But just checking. ��
Click to expand...
Click to collapse
using safestrap to flash only parts of 4.4.4 (excluding bootloader if I'm not mistaken) allows me to retain full root even on 4.4.4 even with a locked bootloader. however from what I understand you're right this won't be possible for lollipop :/
frenchie007 said:
using safestrap to flash only parts of 4.4.4 (excluding bootloader if I'm not mistaken) allows me to retain full root even on 4.4.4. however from what I understand you're right this won't be possible for lollipop
Click to expand...
Click to collapse
Maybe it could..... But based on the issues I've seen in the N5 section, likely not. Lollipop probably won't play well with anything kit Kat or earlier.
Pretty hard to test too... Who knows what would happen if you tried. Also, who knows when or if SBF files will turn up.
---------- Post added at 05:15 PM ---------- Previous post was at 05:13 PM ----------
Off topic.... But I will feel bad for anyone who has Lollipop complaints and tries downgrading. Could be the end of their device.
Unless moto changes that quirk with their bootloader.

[Q] XT1060 unlock bootloader and APN question

Hello, i have bought a vz xt1060 phone and i will use it in another carrier, it is not the dev version.
1) I would like to unlock it using sunshine sw and i would like to know what happens if i unlock the bootloader with android 4.2 and then i update to android 4.4.4 or 5.1, do i lose the unlocker bootloader?
2) I read some posts that said that is bootloader is locked, then APN configurations wont survive a power off/on, is it true? Is there a solution to that?
Thank you
1) Unlocking the bootloader with Sunshine appears to survive updating from 4.4.2 to 4.4.4. Since 5.x isn't officially released (at least in the Americas where we have locked bootloaders on ATT, Verizon and Republic Wireless), so I can't say for sure.
Remember, for a Verizon XT1060, Sunshine requires your phone to never have been updated past 4.4.2. I'm surprised to see an XT1060 that still has 4.2.2. Then again, if its never been on Verizon's network, maybe it didn't get the OTA's to take it to 4.4.4.
2) Let me quote what I typed in # 8 of this post -> http://forum.xda-developers.com/moto-x/general/info-warning-risks-downgrading-impacts-t3058202 to explain write protection...
By default on the Moto X, write protection is enabled. When its enabled, any changes made to "protected" folders/files on the phone (like anything in /system or the like) will not survive power off/on. Its meant to ensure your phone does not get messed up. Consider it a security measure. MotoWpNoMo was a way for users with locked bootloaders to disable write protection. Initially said to be permanent, the 4.4.2 update/rom patched the exploit used and so write protection gets turned back on once 4.4.2 is installed on the phone. NOTE: If you have a phone with an unlockable bootloader, the process of unlocking the bootloader and rooting disables write protection, and MotoWpNoMo is not needed.
Click to expand...
Click to collapse
Yes, with write protection enabled, the APN settings do not appear to survive power off/on, or "hard rebooting."
Well i dont know for sure if the phone is 4.4.2 or no because i bought it in ebay and it hasnt arrived yet, but according to the pictures in the ad, it seems to have KXA20.16-1.25.2 software version which is 4.4.2. (http://www.ebay.com/itm/13150434743...arms=gh1g=I131504347432.N19.S2.M-10306.R2.TR3).
Thank you for the response!!
Today i received the phone, it is actually 4.4.4 version so i wont be able to unlock the bootloader.
I tried setting the APN and powering off/on and it did not dissapear, anyone know why? i am using in a carrier of Uruguay.

[Q] Unlock bootloader vs root

Hi,
I'm about to jump on the wagon and get a Z3 Compact to replace my Nexus S. My Nexus S is long overdue and the Z3C would be a significant upgrade.
My Nexus S is rooted and the bootloader is unlocked. Of course, I have found the appropriate rooting procedures and unlocking bootloader topics for the Z3C. I would like to at least root the device to get Titanium Backup and the Xposed Framework. I have some questions however :
Are there any issue to just root the Z3C without unlocking the bootloader ?
I understand the unlocking the bootloader will cause issues to some functions due to DRMs security keys. Is rooting causing any issue on the Z3C ?
Is it possible to still receive Sony's firmwares updates OTA after rooting ?
Thanks
Neo.
spookyneo said:
Hi,
I'm about to jump on the wagon and get a Z3 Compact to replace my Nexus S. My Nexus S is long overdue and the Z3C would be a significant upgrade.
My Nexus S is rooted and the bootloader is unlocked. Of course, I have found the appropriate rooting procedures and unlocking bootloader topics for the Z3C. I would like to at least root the device to get Titanium Backup and the Xposed Framework. I have some questions however :
Are there any issue to just root the Z3C without unlocking the bootloader ?
I understand the unlocking the bootloader will cause issues to some functions due to DRMs security keys. Is rooting causing any issue on the Z3C ?
Is it possible to still receive Sony's firmwares updates OTA after rooting ?
Thanks
Neo.
Click to expand...
Click to collapse
Are there any issue to just root the Z3C without unlocking the bootloader ?
Nope.
I understand the unlocking the bootloader will cause issues to some functions due to DRMs security keys. Is rooting causing any issue on the Z3C ?
Nope. There is a way to root Z3 compact without losing DRM keys.
Is it possible to still receive Sony's firmwares updates OTA after rooting ?
Yes. You will still get the updates. However if you have a custom recovery installed or something modified in the system folder, the update verification will fail. Thus, rendering the update function useless.
rradix said:
Are there any issue to just root the Z3C without unlocking the bootloader ?
Nope.
I understand the unlocking the bootloader will cause issues to some functions due to DRMs security keys. Is rooting causing any issue on the Z3C ?
Nope. There is a way to root Z3 compact without losing DRM keys.
Is it possible to still receive Sony's firmwares updates OTA after rooting ?
Yes. You will still get the updates. However if you have a custom recovery installed or something modified in the system folder, the update verification will fail. Thus, rendering the update function useless.
Click to expand...
Click to collapse
Thank you sir. I have unlocked my bootloader on my Nexus S, however I am installing custom ROMs on it in order to have KitKat. But I don't see any benefit into unlocking the bootloader of the Z3C at the moment, since it should be supported for some time. Unlocking the bootloader just gives the ability to install custom roms, correct ?
Could something like Xposed Framework (which does not require bootloader unlocked, but requires root) cause an Android update to fail ? I do think it is modifying stuff in the system folder, however I don't have a lot of knowledge into the Android architecture. I guess I could just revert every Xposed plugins, upgrade and put them back (if supported by latest firmware).
Again, thank you
spookyneo said:
Thank you sir. I have unlocked my bootloader on my Nexus S, however I am installing custom ROMs on it in order to have KitKat. But I don't see any benefit into unlocking the bootloader of the Z3C at the moment, since it should be supported for some time. Unlocking the bootloader just gives the ability to install custom roms, correct ?
Click to expand...
Click to collapse
Yes.
Could something like Xposed Framework (which does not require bootloader unlocked, but requires root) cause an Android update to fail ? I do think it is modifying stuff in the system folder, however I don't have a lot of knowledge into the Android architecture. I guess I could just revert every Xposed plugins, upgrade and put them back (if supported by latest firmware).
Click to expand...
Click to collapse
Yes. It could also be the reason why. I am not 100% sure on the technical details but based on my reading, OTA performs integrity checks (could be hash checks) on the system files before applying the update. Meaning if one system file fails to match an item, the OTA will not install itself. Also, I read that custom recoveries are one of the causes for failed OTA installation. In my experience, after I downgraded to KitKat and root it using Giefroot, I successfully installed OTA for the .77 firmware. However, during this case, I still don't have Xposed and custom recovery installed.

[Q] XT1058 (AT&T) lollipop root

I haven't seen any root methods listed here for 5.0.
I'm still on 4.4 because I didn't want to lose system write or root. Has anyone been able to successfully root 5.0 with system write ability? What method did you use?
I've seen mentions of using Chain Fire but the articles are usually poorly written, so I don't trust them.
d3athsd00r said:
I haven't seen any root methods listed here for 5.0.
I'm still on 4.4 because I didn't want to lose system write or root. Has anyone been able to successfully root 5.0 with system write ability? What method did you use?
I've seen mentions of using Chain Fire but the articles are usually poorly written, so I don't trust them.
Click to expand...
Click to collapse
Twrp has the option to root.
When you reboot from it.
That's how I rooted twrp
I'm on AT&T, so my bootloader is still locked. Unless someone has figured out how to unlock without paying $25.
d3athsd00r said:
I'm on AT&T, so my bootloader is still locked. Unless someone has figured out how to unlock without paying $25.
Click to expand...
Click to collapse
If you have a locked bootloader you need someone to find a in the phone, or its software. Then a repeatable process must be created to use the exploit to gain root. i.e. Hack It.
Root is only part. There is also Write Protection to worry about.. When Write Protection is enabled (the phone's default state with locked bootloader, any changes made to /system, or the like, (including, but not limited to, App installs, file modifications, deletions, renames, etc) are not permanent and are lost at power off/on. Starting with 4.4.2, on a locked bootloader we can't disable write protection. No Vulnerabilities have been found/posted. However, Unlocking the bootloader disables write protection.
So if you have a locked bootloader, and want to root 5.02, you first need 5.02 to come out, then vulnerability found, tested, and a process created. When 5.1 comes out, it needs to be tested to see if the vulnerability was patched. if it was, the work starts all over again.. Its like playing "whack a mole." And even then you likely will have write protection enabled... so any power off/on or "hard boot" will mean lost changes to your phone.
Since the 2013 X is getting old, and only ATT, Verizon, and Republic wireless can't unlock their bootloader through Motorola's site, Paying $25 to use Sunshine if your phone is still on 4.4.2 or lower, is not a bad deal if you want to be sure you can root and disable write protection no matter what Android version comes to your phone.
NOTE: I am not affiliated with Sunshine... just trying to help you understand... Coming up with a root process for a LOCKED Bootloader isn't "quick and easy"
d3athsd00r said:
I'm on AT&T, so my bootloader is still locked. Unless someone has figured out how to unlock without paying $25.
Click to expand...
Click to collapse
That's literally the only way you are going to have root on lollipop. At least for a while anyways. I don't think many people would be interested in finding and creating exploits after this phone has already be exploited to the point where almost everyone can unlock their bootloader. I started at 4.4, went down to 4.2.2, used RockMyMoto and MotoWPnomo, then used SlapMyMoto when upgrading back to 4.4. After that I installed Safestrap and was able to use the stock (and rooted) ROMs by @Ctrl-Freak all the way up to 4.4.4. But after I heard about Sunshine... That was the holy grail. Unlocked my bootloader, flashed a clean install of stock 4.4 and just upgraded till 4.4.4 again, flashed TWRP, rooted, and that was it.
Thanks guys. I was always wary about Sunshine. Just never sat well with me, but I think I'm going to do it after I move into my new house since I have no plans to upgrade anytime soon.
d3athsd00r said:
Thanks guys. I was always wary about Sunshine. Just never sat well with me, but I think I'm going to do it after I move into my new house since I have no plans to upgrade anytime soon.
Click to expand...
Click to collapse
Its true, Sunshine is kind of risky... BUT because of those involved with it, I would consider it as safe as any "hack" can get.
If I didn't have a Dev Edition X, and needed to unlock my bootloader, I would not hesitate to use Sunshine.

Still need to use sunshine to unlock bootloader with magisk around?

I was just wondering if I still need to use sunshine (ie pay) to unlock bootloader now that there is this magisk thing on the quark scene now....
Yes, you will always need to unlock the bootloader of these Motorola phones. Magisk hides root and system alterations from apps that don't like it.
You will have to use Sunshine to unlock your bootloader for the Droid Turbo XT1254. There's no other way. Magisk and other stuff like iSu are just used to camouflage the changes you have made.
You can't have permanent root in the first place until you unlock your bootloader. You don't need Magisk if you don't have an unlocked bootloader and don't have root.
And luckily Sunshine has been available since November 2015, unless you took the most recent OTA MCG24.251-5-5, released March 1, 2017 (not to be confused with MCG24.251-5).
ChazzMatt said:
Yes, you will always need to unlock the bootloader of these Motorola phones. Magisk hides root and system alterations from apps that don't like it.
You will have to use Sunshine to unlock your bootloader. There's no other way. Magisk and other stuff like iSu are just used to camouflage the changes you have made.
You can't have permanent root in the first place until you unlock your bootloader. You don't need Magisk if you don't have an unlocked bootloader and don't have root.
And luckily Sunshine has been available since November 2015, unless you took the most recent OTA in 2017.
Click to expand...
Click to collapse
ok thanks.
Not the answer I was hoping for but it is a full answer that I needed.
My one is a SU4TL-49
android security patch level 2016-04-01
am I good to go with sunshine/that guide post?
mrw187 said:
ok thanks.
Not the answer I was hoping for but it is a full answer that I needed.
My one is a SU4TL-49
android security patch level 2016-04-01
am I good to go with sunshine/that guide post?
Click to expand...
Click to collapse
Yes, Sunshine works on Verizon Droid Turbo XT1254 firmware:
SU4TL-44 (Lollipop)
SU4TL-49 (Lollopop)
MCG24.251-4 (Marshmallow)
MCG24.251-5 (Marshmallow)
It does NOT work (yet) on MCG24.251-5-5, the very latest OTA update released March 1, 2017.

Categories

Resources