Category Archives: Exploitation

Xoom FE: Stupid Bugs, and More Plagiarism

Someone mentioned to me that yesterday’s root for the Motorola XYBoard appeared to not work on the Xoom Family Edition (FE), so I took a look. What I found was a set of vulnerabilities so egregious that it’s hard to not draw comparisons to a deliberate backdoor.

Posted in Android, Exploitation | Comments disabled

Rooting the XYBoard/Xoom 2

Another day, another tablet rooted. I wonder when Motorola will realize that it’s hopeless to try to prevent device owners from controlling their own hardware.

Posted in Android, Exploitation, Linux | Comments disabled

Rooting the Droid 4: A Failed Bounty Experiment

Yesterday, I tried a little experiment in releasing a root exploit for the Motorola Droid 4. I set up a bounty, where the first $200 would go towards me buying myself a Droid 4 in exchange for the work I’ve done developing the exploit, and the remaining bounty money would go directly to the American Red Cross. I thought this would be a good arrangement for everyone: users get a shiny root exploit for a few bucks, I get a new phone in payment, and money gets donated to charity. Everybody wins.

Posted in Android, Exploitation | Comments disabled

Rooting the Sony Tablet S

After getting a taste of rooting tablets with the Lenovo Thinkpad tablet, I decided to turn my attention to the Sony Tablet S. It turned out to be a tough device to root.

Posted in Android, Exploitation | Comments disabled

Rooting the Thinkpad Tablet

Another day, another Android root. Let’s just skip the details this time and let Lenovo figure it out for themselves. The following root package only works on Windows. I feel like a Linux traitor right now, but 99% of the people using this run Windows, and if you run Linux, just peek at the batch script and perform the steps manually.

Posted in Android, Exploitation | Comments disabled

Plagiarism in the Android Rooting Scene

In the past few months that I’ve been involved in rooting/modding Android phones, one thing that has continually bothered me is a lack of understanding about who deserves credit in the development of a root exploit for an Android phone, which frequently leads to cases of plagiarism. In this post, I hope to give some background for those not involved in the technical side of rooting phones so they can better understand the process.

Posted in Android, Exploitation | Comments disabled

Defeating Windows 8 ROP Mitigation

Windows 8 introduced a number of exploit mitigation features, including hardening of both the userland and kernel heaps, mitigation against kernel-mode NULL pointer dereferences, and protection against abuse of virtual function pointer tables. One feature that stood out to me appears to be designed to help mitigate exploits leveraging return-oriented programming (ROP).

Posted in Exploitation | Comments disabled

Rooting the Samsung Admire

On request of the Samsung Admire community, I decided to root another Android phone.

Posted in Exploitation, Linux | Comments disabled

Rooting the Droid 3

The Motorola Droid 3 was released July 14, 2011, and has no public technique available to get root access. On request of some members of the Android community, I decided to audit the platform in order to root the device.

Posted in Exploitation, Linux | Comments disabled

WP: Safe or Not?

During the course of kernel exploitation (or some other form of runtime kernel modification), it is frequently desirable to be able to modify the contents of read-only memory. On x86, a classic trick is to leverage the WP (write-protect) bit in the CR0 register.

Posted in Exploitation, Kernel, Linux | Comments disabled