Some Allwinner Kernel Forks Contain Easy Root Exploit


Chinese chipmaker and device OEM Allwinner, who recently unveiled their very own laptop, competes mostly on level with MediaTek in the budget space, but doesn't do quite as well. Their chips normally end up in super-budget phones, handheld game consoles and TV sticks. Thanks to this low popularity, they don't get a ton of community attention, which is why a flaw in a few versions of their in-house kernel code only recently came to light. Armbian, a branch of Debian Linux made for ARM processors and commonly used on boards like the Raspberry Pi, was responsible for the discovery of the bug.

The backdoor is actually quite simple and, thankfully, out in the open and easy to patch. Whether left in on purpose or something that happened to slip through quality control, some versions of Allwinner's ARM kernel contain a piece of code referencing an instruction called "rootmydevice". When any process, even a network process, calls on this code, root privileges are provided with no further questions asked. This bug is not present in all devices with Allwinner chips, only certain chips that mostly fall into the Pi device family and a few device trees for Android devices. The code is actually declared openly in the logcat on device boot and is simple enough to find in the device code, even on Allwinner's GitHub, practically ruling out any malicious intent. In all likelihood, it's the result of a slip-up, leaving a debugging and developing process in a final release. It could also be there to help users easily accomplish root tasks on their devices. In any case, Allwinner has been mostly tight lipped about the issue.


The code has, as of this writing, not been fixed upstream, meaning that if you happen to own a device with the exploit, you'll have to wait for an update to patch it. If you compiled the kernel yourself from upstream sources, such as for your own Linux variant for ARM devices, it should be no chore to simply use CTRL+F to find the code and delete it. To check if your device has the exploit, crack open a terminal or use ADB to issue the command, " echo "rootmydevice" > /proc/sunxi_debug/sunxi_debug ", obviously without the outer quotes. If you are not greeted with a message saying you have root privileges, your device does not have the exploit. For full details on the Armbian community's findings, head through the source link.

Share this page

Copyright ©2016 Android Headlines. All Rights Reserved.

This post may contain affiliate links. See our privacy policy for more information.
Senior Staff Writer

Daniel has been writing for Android Headlines since 2015, and is one of the site's Senior Staff Writers. He's been living the Android life since 2010, and has been interested in technology of all sorts since childhood. His personal, educational and professional backgrounds in computer science, gaming, literature, and music leave him uniquely equipped to handle a wide range of news topics for the site. These include the likes of machine learning, Voice assistants, AI technology development news in the Android world. Contact him at [email protected]

View Comments