Category Archives: Android

Xoom FE: Stupid Bugs, and More Plagiarism

Someone mentioned to me that yesterday’s root for the Motorola XYBoard appeared to not work on the Xoom Family Edition (FE), so I took a look. What I found was a set of vulnerabilities so egregious that it’s hard to not draw comparisons to a deliberate backdoor.

Posted in Android, Exploitation | Comments disabled

Rooting the XYBoard/Xoom 2

Another day, another tablet rooted. I wonder when Motorola will realize that it’s hopeless to try to prevent device owners from controlling their own hardware.

Posted in Android, Exploitation, Linux | Comments disabled

Re-Rooting the LG Esteem

Someone told me that LG patched the last vulnerability used to root the LG Esteem. Here’s another root.

Posted in Android, Linux | Comments disabled

Rooting the Droid 4: A Failed Bounty Experiment

Yesterday, I tried a little experiment in releasing a root exploit for the Motorola Droid 4. I set up a bounty, where the first $200 would go towards me buying myself a Droid 4 in exchange for the work I’ve done developing the exploit, and the remaining bounty money would go directly to the American Red Cross. I thought this would be a good arrangement for everyone: users get a shiny root exploit for a few bucks, I get a new phone in payment, and money gets donated to charity. Everybody wins.

Posted in Android, Exploitation | Comments disabled

Rooting the Sony Tablet S

After getting a taste of rooting tablets with the Lenovo Thinkpad tablet, I decided to turn my attention to the Sony Tablet S. It turned out to be a tough device to root.

Posted in Android, Exploitation | Comments disabled

Rooting the Thinkpad Tablet

Another day, another Android root. Let’s just skip the details this time and let Lenovo figure it out for themselves. The following root package only works on Windows. I feel like a Linux traitor right now, but 99% of the people using this run Windows, and if you run Linux, just peek at the batch script and perform the steps manually.

Posted in Android, Exploitation | Comments disabled

Unpacking Compressed Carrier IQ Profiles

Recently, the EFF launched an initiative to collect and analyze Carrier IQ profiles, which dictate exactly what information is collected by the Carrier IQ application, and where and when it is submitted to the carrier. Jered Wierzbicki and Peter Eckersley published a great tool that converts the profiles, which are WBXML-encoded blobs, to human-readable XML. However, not all Carrier IQ profiles are stored in this format on disk. Instead, they may be kept inside a file named “archive.img”. In this post, I describe how I reverse engineered the format used to store these profiles in order to create a tool … Continue reading

Posted in Android | Comments disabled

CarrierIQ: The Real Story

Since the beginning of the media frenzy over CarrierIQ, I have repeatedly stated that based on my knowledge of the software, claims that keystrokes, SMS bodies, email bodies, and other data of this nature are being collected are erroneous. I have also stated that to satisfy users, it’s important that there be increased visibility into what data is actually being collected on these devices. This post represents my findings on how CarrierIQ works, and what data it is capable of collecting.

Posted in Android | Comments disabled

Plagiarism in the Android Rooting Scene

In the past few months that I’ve been involved in rooting/modding Android phones, one thing that has continually bothered me is a lack of understanding about who deserves credit in the development of a root exploit for an Android phone, which frequently leads to cases of plagiarism. In this post, I hope to give some background for those not involved in the technical side of rooting phones so they can better understand the process.

Posted in Android, Exploitation | Comments disabled