Understated opportunity: CopyFail means we get to jailbreak a whole new generation of locked down Linux devices.
-
Understated opportunity: CopyFail means we get to jailbreak a whole new generation of locked down Linux devices.
Ever wanted root access on your router, phone, (tv/portable/etc) media player, washing machine, Jumbo jet, newag train, etc?
If you find a way to run the copyfail POC through somewhere, you'll be root!
Just make sure to try this before the next update gets installed on the device
-
R relay@relay.mycrowd.ca shared this topic
-
Understated opportunity: CopyFail means we get to jailbreak a whole new generation of locked down Linux devices.
Ever wanted root access on your router, phone, (tv/portable/etc) media player, washing machine, Jumbo jet, newag train, etc?
If you find a way to run the copyfail POC through somewhere, you'll be root!
Just make sure to try this before the next update gets installed on the device
@anthropy I don't think it will help much:
- On embedded systems, more often than not there's only root / getting access as a regular user is as hard as getting root.
- Custom kernel builds might not have AF_ALG support (though some might, I specifically implemented support for AF_ALG based hashing in casync-nano because we used that on one particular piece of hardware)
-
Understated opportunity: CopyFail means we get to jailbreak a whole new generation of locked down Linux devices.
Ever wanted root access on your router, phone, (tv/portable/etc) media player, washing machine, Jumbo jet, newag train, etc?
If you find a way to run the copyfail POC through somewhere, you'll be root!
Just make sure to try this before the next update gets installed on the device
@anthropy
Phones and other bespoke things are unlikely to usealgif_aead, and as such will not be affected. -
Understated opportunity: CopyFail means we get to jailbreak a whole new generation of locked down Linux devices.
Ever wanted root access on your router, phone, (tv/portable/etc) media player, washing machine, Jumbo jet, newag train, etc?
If you find a way to run the copyfail POC through somewhere, you'll be root!
Just make sure to try this before the next update gets installed on the device
@anthropy the AF_ALG vector and small payload betrays itself
-
Understated opportunity: CopyFail means we get to jailbreak a whole new generation of locked down Linux devices.
Ever wanted root access on your router, phone, (tv/portable/etc) media player, washing machine, Jumbo jet, newag train, etc?
If you find a way to run the copyfail POC through somewhere, you'll be root!
Just make sure to try this before the next update gets installed on the device
(I know this requires some way to run the POC as normal user, and that not every kernel build and device has the necessary exploitable bits, but it will still be an available way that you can try; I do suggest trying it simply to see if it works, wouldn't be the first time an (embedded or otherwise) device has weird libraries, oversized kernel builds, and bad protection past the frontend)
