Re: [PLUG] Hacking Tizen via microSD silliness

Aaron Mulder on 22 May 2018 04:42:29 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Hacking Tizen via microSD silliness

From: Aaron Mulder <ammulder@alumni.princeton.edu>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Hacking Tizen via microSD silliness
Date: Tue, 22 May 2018 07:42:23 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to; bh=2w09yU2UnweEZ+MEHbNoCunzrHmP22r26mczTmnEexM=; b=pcCvqOZLiCZNslm110++sOXvKDBq7TpeE7rpeGOLgpOUKsFuX3O4wA1ionEeyZFcQg 8idNoq1na8AZN7bkwGZnK6T6US9dpOhWFuvXnSdDc7re3kvZGtWm29je5UY029VD5X5B ainON54klIaUmbCy81qaehIR54wWQpShd9o2+UxyCNboNlhjKixB3rhVpASPzwAADMi5 6fO4Q0r2P6i1pFsqegTAecGozpth9yz0U9AaJONXGBEQPUlGVllBgs5xxYVO2FVtUE6j fMLwWVCcsuq5gtVEFPVbMt0qMuGoXeKfUVYXyoeOTpCuwGX1ZKyFVDVMDkQQ2r5i8if7 1YeQ==
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

If that was going to work, would it work to use an SD card with the
physical read-only switch on it, throw the switch, and use an adapter
like this:

https://www.amazon.com/SD-to-Micro-Adapter/dp/B0143QFXYO

I don't know how those switches work -- whether the card enforces it
or whether it relies on the OS, but it would certainly be easier to
try than the FPGA business.

Thanks,
      Aaron

On Tue, May 22, 2018 at 7:27 AM, Philip Rushik <prushik@gmail.com> wrote:
> Hey everybody,
>
> I have a weird phone, the Samsung Z1 (the first Tizen based phone). I would
> like to get root access to it, though because its not a common (in the US)
> phone, there are no prepackaged root exploits available for it.
>
> I noticed that it does something weird with microSD cards though. It
> automounts the
> file system when the card is inserted, but does not mount with nosuid or
> noexec flags. I thought this would make rooting it easy, but it turns out it
> does something much stupider to prevent me from inserting a suid root su or
> sh. To prevent using suid root programs from an SD card, the phone goes
> through the microSD card when it is mounted and rewrites the owner of all
> files (uid 1005 iirc). And yes, it does actually modify the card, not just
> treat all files as logically uid 1005.
>
> My next thought was to make a microSD card shaped connector that attaches to
> an SD card, but with an FPGA in between, and the FPGA would pass through all
> reads, but intercept writes and just pretend they were successful. That way,
> the phone wouldn't be able to rewrite the owner and all suid executables
> would remain suid root when I tried to execute them, thus giving me root
> access.
>
> However, this seems like it would be a big time/work investment, can anybody
> think of an easier solution?
>
> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug
>
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Hacking Tizen via microSD silliness
  - From: Philip Rushik <prushik@gmail.com>

References:
- [PLUG] Hacking Tizen via microSD silliness
  - From: Philip Rushik <prushik@gmail.com>

Prev by Date: [PLUG] Hacking Tizen via microSD silliness
Next by Date: Re: [PLUG] Hacking Tizen via microSD silliness
Previous by thread: [PLUG] Hacking Tizen via microSD silliness
Next by thread: Re: [PLUG] Hacking Tizen via microSD silliness
Index(es):
- Date
- Thread