top | item 7799086

(no title)

herokusaki | 11 years ago

The bounty only explicitly mentions stock firmware but it is implied that the exploit should also not require disassembling your device and messing with its hardware. This makes me wonder: would a hardware exploit be easier? Modchips have been a staple of the console scene since at least the original PlayStation but I am unaware of their use in smartphones.

discuss

userbinator|11 years ago

I'm not familiar with the S5 in particular but in principle I think all you need to do is get direct write access to the filesystem and you can write whatever firmware you want, so being able to read/write the eMMC directly should be enough --- provided it's not been encrypted/password protected/etc. Correct me if I'm wrong.

talonstriker|11 years ago

On most (if not all), the "firmware" is under the /system partition. That partition is mounted as read-only. You need root to remount it as r/w.

AFAIK, rooting exploits in the past took advantage of buffer overflows and remote code exploits to execute code at a raised privilege levels. Now a days, that's also difficult since past vulnerabilities have been fixed and the proliferation of SE Linux.

pjc50|11 years ago

JTAG is usually an extremely effective way of breaking into the phone, but it's usually used as a first step in reverse engineering rather than for the end-user.

Of course, some phones (Apple) are glued shut which prevents end-user modding.

rsynnott|11 years ago

iPhones aren't glued shut (though the battery is glued down in the newest one): http://www.ifixit.com/Teardown/iPhone+5s+Teardown/17383

You may be thinking about the HTC One, which is almost impossible to disassemble without destroying it (though this has improved a bit in the M8).

morenoh149|11 years ago

It's such a small form factor, a phone. I don't think many ppl would be willing to put after market chips in there.