New exploit available for LG G5: QuadRooter - LG G5 Guides, News, & Discussion

A set of exploits has been found by Check Point, allowing malicious apps to get root privilege.
blog.checkpoint.com/2016/08/07/quadrooter/
I'll turn off OTA from now on and wait for tools that make use of this exploit.
QuadRooter is a set of four vulnerabilities affecting Android devices built using Qualcomm chipsets. Qualcomm is the world’s leading designer of LTE chipsets with a 65% share of the LTE modem baseband market. If any one of the four vulnerabilities is exploited, an attacker can trigger privilege escalations for the purpose of gaining root access to a device.
Click to expand...
Click to collapse

How do you turn off ota ? I can't find it

there are 4 exploits that are already patched
might be a way if you have pre-April firmware installed
https://gwolf2u.com/quadrooter-android-security-bugs-affect-over-900-million-devices/

I have 3 of the 4 exploits. I have Sprint

I have the latest v10d firmware on my H850 and the app shows me 4 of 4 vulnerable.
2016-06-01 security patch

fsi09 said:
I have the latest v10d firmware on my H850 and the app shows me 4 of 4 vulnerable.
2016-06-01 security patch
Click to expand...
Click to collapse
mine as well
on v10d

H868 reports 4/4 with the latest security patch.
For those who want to root their G5, search for "update" in Settings and turn off auto update.

Is this what we've been waiting for? Ridiculously excited if so, will this help rs988?

muppetmaster916 said:
Is this what we've been waiting for? Ridiculously excited if so, will this help rs988?
Click to expand...
Click to collapse
Download the Quadrooter Scanner and see if 4/4 vulnerabilities. If so, hope is right there.

cdiscrete said:
Download the Quadrooter Scanner and see if 4/4 vulnerabilities. If so, hope is right there.
Click to expand...
Click to collapse
I have 4/4, will this lead to development for our phones?

muppetmaster916 said:
I have 4/4, will this lead to development for our phones?
Click to expand...
Click to collapse
Yes. The last step is a tool that makes use of these vulnerabilities. That's what we are waiting for.

I've looked,searched and looked again.I can not find the turn off automatic updates. Can some one screen shot please. I posted a picture,there is no option for it

On Latest OTA installed, on sprint. I have 3 of the four

4/4 south América H840 variant here, i hope we do get root

AT&T H820, 4/4 shown here with April 01 security update. Will pledge $50 towards the bounty if someone can make use of this.

RS988 with 2016-06-01 Android security patch level. 4/4 vulnerabilities. If this is what we were waiting for, I'm excited!

It's not, I spoke to jcase earlier and he pretty much stated that until a solution to the locked bootloader is found we're screwed. No bump possibility either.

muppetmaster916 said:
It's not, I spoke to jcase earlier and he pretty much stated that until a solution to the locked bootloader is found we're screwed. No bump possibility either.
Click to expand...
Click to collapse
But at least we can get some xposed stuff right?

BR7fan said:
I've looked,searched and looked again.I can not find the turn off automatic updates. Can some one screen shot please. I posted a picture,there is no option for it
Click to expand...
Click to collapse
Seems your Settings is different from mine.

We need a great hacker for this exploit to work..
I will patiently wait

Related

Rooted, surprised not on here:

Hope some XDAers are able to get it rooted before it gets patched.
http://www.androidheadlines.com/201...te-available-for-android-root-access-bug.html
This has already been patched and pushed out, BB was actually impressively quick to patch the issue and push out a new update. A few carriers in the US might not yet have signed off on the update, but the vast majority of reports from users say they've gotten this update. I know I have.
But, can we just load an older build using an auto-loader ?
Artemis-kun said:
This has already been patched and pushed out, BB was actually impressively quick to patch the issue and push out a new update. A few carriers in the US might not yet have signed off on the update, but the vast majority of reports from users say they've gotten this update. I know I have.
Click to expand...
Click to collapse
I haven't.
santimaster2000 said:
But, can we just load an older build using an auto-loader ?
Click to expand...
Click to collapse
On blackberry 10, when an update fixed security issues, they put the older versions in a blacklist, so you couldn't downgrade with the autoloader
Tipika said:
On blackberry 10, when an update fixed security issues, they put the older versions in a blacklist, so you couldn't downgrade with the autoloader
Click to expand...
Click to collapse
This is not BB10, this is Android, and yes, I can downgrade, I've tested it.
can root using this exploit?
A small group of devs wrote a script to get root using this exploit for a few Sony phones. Ive looked through there git and if i understand it correctly then the script should be modifiable to work for the priv but you first need to figure out the physical addresses in the memory for the kernel in order to make it work. I don't know awhole lot about this stuff so correct me if I'm wrong.
Seeing all those one click root apps i was thinking it was going to be easier to root the priv once an exploit was found
Sent from my Nexus 5X using XDA-Developers mobile app
FrankenDroid said:
A small group of devs wrote a script to get root using this exploit for a few Sony phones. Ive looked through there git and if i understand it correctly then the script should be modifiable to work for the priv but you first need to figure out the physical addresses in the memory for the kernel in order to make it work. I don't know awhole lot about this stuff so correct me if I'm wrong.
Click to expand...
Click to collapse
Could you link me to that post please ?
Boom, right here: https://github.com/dosomder/iovyroot
So does this mean one can downgrade and then root using iovyroot?
Shani Ace said:
So does this mean one can downgrade and then root using iovyroot?
Click to expand...
Click to collapse
Theoretically, yes, you would need to add the absolute kernel addresses of the Priv to the source code, then compile it, but still, you would only get temp root, that's only good for using Titanium Backup and the like.
Ah okay, I understand.
So this root is only temp then? Still hoping something comes out but the community seems very small.

Just got a software update

Looks to be some type of security updates.
Just popped on mine. Installed the update.
Matches this Software Version: MMB29M.N910VVRU2CPG2
https://www.verizonwireless.com/support/samsung-galaxy-note-4-update/
Kernel 3.10.40
Android Version 6.0.1
Android Patch Level September 1,2016
Baseband Version N910VVRU2CPG2
Will this update break Foxfi for Verizon Note 4?
Anyone know if PG2 does anything to the bootloader to prevent rolling back?
Sent from my SM-N910V using Tapatalk
subzero2000 said:
Anyone know if PG2 does anything to the bootloader to prevent rolling back?
Sent from my SM-N910V using Tapatalk
Click to expand...
Click to collapse
It appears to be a boot.img update. Flashfire rejected it as a safe OTA and I proceeded to freeze System Updates with Titanium Backup to eliminate future notifications. A bootloader update for sure.
Hopefully someone can tell if it's locking the bootloader down to prevent downgrading or the bootloader unlock method. Is there a way to freeze the update prompts if I'm not rooted yet? Just got the phone and haven't had a chance to unlock and root this bad boy.
Sent from my VS990 using Tapatalk
corporal_hades said:
Hopefully someone can tell if it's locking the bootloader down to prevent downgrading or the bootloader unlock method. Is there a way to freeze the update prompts if I'm not rooted yet? Just got the phone and haven't had a chance to unlock and root this bad boy.
Sent from my VS990 using Tapatalk
Click to expand...
Click to collapse
buy package disabler. it is well worth the $1 price tag
Use Debloater, then freeze SDM.apk.
Root not required, very easy.
No, it does not break Foxfi.
Could someone please upload the ota zip file
Could you provide more details on how to do this please? I download it and disabled the package listed in the post below yours but I still get the stupid notification to update. Thanks
Edit. Oops, meant to quote hwaa18, not sure why it didn't let me, thanks
Nobody around here anymore?
PapaDocta said:
Could someone please upload the ota zip file
Click to expand...
Click to collapse
I'm relatively new here, with regard to uploads. I am on a vzw Note 4, running Jasminerom 7.0, with an unlocked bootloader. I don't even have an SDM, as it wasn't present on the ROM, however I found a post for shutting off Samsung updates that required shutting off two system update modules, and one or two other software and security modules. I'm beginning to think Samsung is in collusion with the carriers to make our phones obsolete, and prevent further mods. If you let me know how and where to upload to you, I can send you the file, if you still want it.
Sent from my SM-N910V using XDA-Developers Legacy app
Renegade_2k said:
I'm relatively new here, with regard to uploads. I am on a vzw Note 4, running Jasminerom 7.0, with an unlocked bootloader. I don't even have an SDM, as it wasn't present on the ROM, however I found a post for shutting off Samsung updates that required shutting off two system update modules, and one or two other software and security modules. I'm beginning to think Samsung is in collusion with the carriers to make our phones obsolete, and prevent further mods. If you let me know how and where to upload to you, I can send you the file, if you still want it.
Click to expand...
Click to collapse
Thank you so much, I already sold my Note 4 and got s7 edge till they release note 8.

looks like a new VZW OTA is out

Well it's that time again VZW put out a new OTA anyone taken this yet what does it fix and is it worth it and I think all of us will be wondering is will it lock your bootloader Its unlocked
Me too, I got an OTA notification today, update size is 823.5 MB, don't know what build it is.
I have VZ Pixel, unlocked, stock rooted NMF260 with VZ service. Is it safe to install updates ? Please advice.
Thanks in advance.
azn6929 said:
Me too, I got an OTA notification today, update size is 823.5 MB, don't know what build it is.
I have VZ Pixel, unlocked, stock rooted NMF260 with VZ service. Is it safe to install updates ? Please advice.
Thanks in advance.
Click to expand...
Click to collapse
I think your safe I doubt Verizon would lock your bootloader. That would wipe your device again
@Shiftydogit, @azn6929 got hold of a screenshot? If yes, pls share.
As you can see OTA notification
My guess is it's probably another patch or possibly a kernel update who knows or bug fix one of the three
Here it is
azn6929 said:
Here it is
Click to expand...
Click to collapse
Might as well just do it lmao
So one of you said you are on nmf260. That is December. So i doubt this is a "new" update, you are just behind. Google only releases on the first Monday of the month. VZ uses the same exact releases. There is no special VZ version.
Update away.
TonikJDK said:
So one of you said you are on nmf260. That is December. So i doubt this is a "new" update, you are just behind. Google only releases on the first Monday of the month. VZ uses the same exact releases. There is no special VZ version.
Update away.
Click to expand...
Click to collapse
Brand new update came out yesterday last update was December as you can see
Shiftydogit said:
Brand new update came out yesterday last update was December as you can see
Click to expand...
Click to collapse
Holy cow, they are two months behind. I had no idea, that is nuts. It is the exact same as the Google December update, FWIW.
TonikJDK said:
Holy cow, they are two months behind. I had no idea, that is nuts. It is the exact same as the Google December update, FWIW.
Click to expand...
Click to collapse
Leave it to VZW to be behind on updates as they try to patch everything I think it's safe to update I'll probably do it tonight
Shiftydogit said:
Leave it to VZW to be behind on updates as they try to patch everything I think it's safe to update I'll probably do it tonight
Click to expand...
Click to collapse
That's the crazy part. It is the exact same as what Google released in December. The Pixel's are different...they are only using Googles updates. No changes, no bloat, no nothing.
TonikJDK said:
That's the crazy part. It is the exact same as what Google released in December. The Pixel's are different...they are only using Googles updates. No changes, no bloat, no nothing.
Click to expand...
Click to collapse
Then us VZW users may want to start checking Google for updates instead of waiting for VZW OTAs
Shiftydogit said:
Then us VZW users may want to start checking Google for updates instead of waiting for VZW OTAs
Click to expand...
Click to collapse
They are at the link below, posted the first Monday of each month. Dunno how you get them on an unlocked phone, I know it is doable...just dunno how.
https://developers.google.com/android/ota
EDIT: LOL, I'm an idiot. The instructions are right at the top of the page I linked to.
TonikJDK said:
They are at the link below, posted the first Monday of each month. Dunno how you get them on an unlocked phone, I know it is doable...just dunno how.
https://developers.google.com/android/ota
Click to expand...
Click to collapse
You'd just download them then sideload the OTA via recovery or you can flash it via fastboot/ADB but if you have TWRP installed fastboot will replace it with stock recovery
OK so with update my phone lost TWRP and root other than that bootloader is still unlocked and everything seems fine
Also build number changed after update OK then
If you are getting a new Verizon OTA, it is late. My Verizon Pixel updated to NOF26V (Feb security patch), weeks ago. NOF26V is the most current image for Verizon Pixels.
I updated. New build is NOF26V. Everything seems to be fine. But root is gone. lol

UPDATES

Can anyone tell me what the most current build of Android is for the Moto g5 plus ? Currently it's showing build 7.0 January security patch NPN25 137-33
I'm used to just FastBoot and Nexus/Pixle devices so Motorola is a change for me , does Moto have an image site or somewhere I can download factory Images from ?
Sadly no. You have to wait to get the OTA directly, or for someone to capture a compatible one and post it here. I'm retgb and have exactly the same version as you currently with a January security patch.
surrealjam said:
Sadly no. You have to wait to get the OTA directly, or for someone to capture a compatible one and post it here. I'm retgb and have exactly the same version as you currently with a January security patch.
Click to expand...
Click to collapse
Damn , I thought Motorola had a tool like Samsung's ODIN ?
surrealjam said:
Sadly no. You have to wait to get the OTA directly, or for someone to capture a compatible one and post it here. I'm retgb and have exactly the same version as you currently with a January security patch.
Click to expand...
Click to collapse
Im sure you have already seen this but if not https://forum.xda-developers.com/g5-plus/how-to/npn25-137-33-stock-firmware-t3577081
I just got the device so I'm going to spend a few more days learning about it till I jump into flashing but it seems pretty straight forward like NEXUS Devices are .
drawde40599 said:
Im sure you have already seen this but if not https://forum.xda-developers.com/g5-plus/how-to/npn25-137-33-stock-firmware-t3577081
I just got the device so I'm going to spend a few more days learning about it till I jump into flashing but it seems pretty straight forward like NEXUS Devices are .
Click to expand...
Click to collapse
Yeah sorry I just meant there is no official firmware listing so you're reliant on people posting links here. Also there's a bit of a minefield for us as there isn't one standard device/software channel across the whole world like there is with Nexus devices. I really miss those days, but the Pixel was just too rich for me.
surrealjam said:
Sadly no. You have to wait to get the OTA directly, or for someone to capture a compatible one and post it here. I'm retgb and have exactly the same version as you currently with a January security patch.
Click to expand...
Click to collapse
That has been my big question, I'm on retus and with several different versions being posted, will I ruin my modem or make some parts incompatible if I sideload? I am not rooted yet but I'm frustrated being on the same(??) version you are.

I'm seeing software update 12/10/17

Guys I just noticed my phone downloading the software update. When I click on it it doesn't give my any info of what it is. As soon as it finishes the download I'll followup.
Does anyone know if LG pushed out an update for unlocked v20 and if so is it Oreo or just 7.1.1
I hope it's Oreo ?
But honestly I hope it's a good functioning update.
LG has a lot to improve.
I'll followup.
Ok so that update is the security update only.
Not any os update as I hoped....?, Not even 7.1.1
LG thank you ... I have made up my mind.
.... Don't think I'll be sticking with LG for my next phone. ?
What model, and what is the version number now?
-- Brian
US996 unlocked (non-US Cellular) version security update
My LG V20 US996 unlocked phone now shows a security update available. The update is labeled "US99610n".
It's still on 7.0. A year since the last update and this is all we get.
kparikh82276 said:
Ok so that update is the security update only.
Not any os update as I hoped....?, Not even 7.1.1
LG thank you ... I have made up my mind.
.... Don't think I'll be sticking with LG for my next phone. ?
Click to expand...
Click to collapse
If updates are very important to you guys then get a pixel....
harpo1 said:
It's still on 7.0. A year since the last update and this is all we get.
Click to expand...
Click to collapse
Still_living714 said:
If updates are very important to you guys then get a pixel....
Click to expand...
Click to collapse
Buy me one and I'll get it.
harpo1 said:
Buy me one and I'll get it.
Click to expand...
Click to collapse
If you can't afford one then make the best of the v20 instead of complaining about updates.
Before I apply the update, my biggest questions are:
- What's the Changelog?
- Does this fix the Dirty Cow vulnerability that allow us to root?
kparikh82276 said:
Ok so that update is the security update only.
Not any os update as I hoped....[emoji19], Not even 7.1.1
LG thank you ... I have made up my mind.
.... Don't think I'll be sticking with LG for my next phone. [emoji30]
Click to expand...
Click to collapse
I'm with you on that. Sent an email to LG a few weeks ago stating just that. It took them a whole year for a security update on my US996.
Sent from my LG-US996 using Tapatalk
If I'm going to get a phone that isn't well supported for updates but has true functionality, I'll stick with Galaxy note series ....
Google pixel unless they produce a note type stylus I'll pass although I did think about it.
Pixel maybe... Don't know. Let's see if it's discounted.
I think HTC is the only manufacture that started to be good with updates with their later flagship phones. I would even consider HTC before I consider LG again for phones.
Are LG V20 US996 unlocked phones still rootable after the US99610n update?
Would someone who has aleady accepted the newest update be so kind as to check and post the current ARB on their phone?
feretio said:
Before I apply the update, my biggest questions are:
- What's the Changelog?
- Does this fix the Dirty Cow vulnerability that allow us to root?
Click to expand...
Click to collapse
1. Security update to one of the November patch sets.
2. This is the us996 unlocked that can be bootloader unlocked through LGs website and never needed dirtycow. AFAIK LGs unlocking processes should work fine. If for whatever reason you wanted to use dirtycow anyway its still possible to revert to the previous version since they didn't increment arb.
Phoenix591 said:
1. Security update to one of the November patch sets.
2. This is the us996 unlocked that can be bootloader unlocked through LGs website and never needed dirtycow. AFAIK LGs unlocking processes should work fine. If for whatever reason you wanted to use dirtycow anyway its still possible to revert to the previous version since they didn't increment arb.
Click to expand...
Click to collapse
Hi,
In particular, I wanted to know if this update includes fixes for the KRACK and blueborne vulnerabilities. Do you know where I could find a changelog?
Also, if I do the OTA update do you know if it's going to wipe out TWRP? If so, I might what to wait for a zip file that I can install with TWRP from dimm0k or McNutnut:
https://forum.xda-developers.com/v20/how-to/us996unlocked-twrp-flashable-10f-t3544573
https://forum.xda-developers.com/v20/development/rom-us99610k-stock-rom-twrp-flashable-t3691784
Thanks!
created 10n here https://forum.xda-developers.com/v2...-flashable-t3691784/post74229596#post74229596
feretio said:
Hi,
In particular, I wanted to know if this update includes fixes for the KRACK and blueborne vulnerabilities. Do you know where I could find a changelog?
Also, if I do the OTA update do you know if it's going to wipe out TWRP? If so, I might what to wait for a zip file that I can install with TWRP from dimm0k or McNutnut:
https://forum.xda-developers.com/v20/how-to/us996unlocked-twrp-flashable-10f-t3544573
https://forum.xda-developers.com/v20/development/rom-us99610k-stock-rom-twrp-flashable-t3691784
Thanks!
Click to expand...
Click to collapse
it includes those fixes since its at Nov 6 security patch ( Nov 6 exactly has the KRACK fix, while blueborne was fixed in the September patch). I expect taking the ota will wipe twrp however.
Still_living714 said:
If you can't afford one then make the best of the v20 instead of complaining about updates.
Click to expand...
Click to collapse
Rather not bite. I'll wait until I see what Sony's next move is. I wouldn't give in on the missing headphone jack on any phone.
SFrsfair said:
Would someone who has aleady accepted the newest update be so kind as to check and post the current ARB on their phone?
Click to expand...
Click to collapse
Mine is a US Unlocked 9960, purchased online.. After today's security update (and researching what an ARB is, and how to access it) my ARB (Anti Rollback Version) number remains 0.
lowridincrew said:
Rather not bite. I'll wait until I see what Sony's next move is. I wouldn't give in on the missing headphone jack on any phone.
Click to expand...
Click to collapse
I agree, missing headphone jack is also a deal breaker for me.
For those who have rooted US996's, this thread has links to TWRP flashable images and instructions on how to install them which won't overwrite the the recovery partition as an OTA might do:
https://forum.xda-developers.com/v20/development/rom-us99610k-stock-rom-twrp-flashable-t3691784

Resources