Categories > Etc > Software & Hardware >
Anybody here good at reverse engineering or finding vulnerabilities in Linux?
Posted
I'm working on my RE skills, but anyways I'm trying to find vulnerabilities in Tizen to get root access on my TV so I can modify system applications and write some homebrew applications in native languages like C for users to install such as a system wide ad-blocker.
I'm still trying to find some things in the firmware files and software update programs that could be useful, such as firmware decryption keys.
Anyways, the main goal is to get root access and enable SSH, and maybe get write access to the filesystem.
Replied
F Samsung moment, this is prob impossible cuz Tizen is basically built from Linux instead of Android + Samsung loves to lock down their stuff :/
I could not find anything related to Tizen on a TV, autho I was able to find rooting for a Tizen phone (Yes samsung use to make those e);
https://gist.github.com/rossja/d65f6b31c8f47010700161bd90e24a6c
could be a starting point idk, I'm assuming if that works above, u might be able to get away with a similar method on a tv but idk
XDA forums also has a Tizen sub forum but it seems related to the phone Tizen only, not TV
https://forum.xda-developers.com/f/tizen-software-development.2082/
Cancel
Post
Reputation Goal: 69
#NoMoreMods
#MEWANTGLOBALCHAT
Replied
Not impossible. Very much possible actually. It's just a matter of finding a vulnerability to give arbitrary code execution, a vuln to get write access to the filesystem or exploiting a vulnerable system application that has root permissions.
Thing is as a beginner I don't know where to start looking for such things.
This has been done with LG webOS which also runs linux.
Cancel
Post
Replied
put it into dnspy
Cancel
Post
https://media.discordapp.net/attachments/1010636204225601659/1012865624797610044/sKQybOLT.gif
Replied
nono not really how that works lol.
I can access the filesystem anyways, at least most of it through samsungs filesystem API. That's not the issue.
Reading the filesystem is no issue and is easily done. What we need to be able to is to write to the file system and protected memory space.
I just stumbled upon a writeup for a vuln by this group that will let me do just this. Will let me get a shell instance in the browser, escalate privelleges, and then get the firmware decryption keys. Hopefully ill have a full implementation done within the next couple weeks and I'll release it.
Cancel
Post
Added
Yeah I mean, of course system apps like SWU mode have write privs but thats done under a special update mode, which more than likely is protected well.
I'm going to utilize this Chromium exploit to get root privs tho
Cancel
Post
Added
thats not enforcing root access, thats all devices in existence. You can't update the system while its runnings obviously, so it gets put into an update mode so the system can modify files
Cancel
Post
Replied
hey there add me on discord ZeeXOR#8226
Cancel
Post
We Hate VOID
Users viewing this thread:
( Members: 0, Guests: 1, Total: 1 )
Cancel
Post