Android exploited – elevated privileges – SE Policy exploit – system as root – dual boot – living in my ramdisk. What now? [on hold]

Ive been chipping away at this for days and going in circles so I need to put this out there – somewhere.

My Samsung s9+ hasnt been acting properly for a long time – but in the past few weeks this thing has become a nightmare. Calls and messages come through sometimes days late or apparently days early as the time is changed routinely. The OS is constantly reverting back to some kind of stock image (android pie it is not) with settings completely reset. Weird errors have forced resetting several times and my photos have all been destroyed in random ways (faces altered, photos smudged, scratched out etc). Daily backups have been ignored.

I will attach some of the snide logs this thing generates as well as the init.rc and build.props (fstab goldfish files etc) – im not sure what is handy so i will wait for a response as i have most system documents. These system files and logs that show that adbd is placed in the privileged position pre init – it then discards any update or change installing instead from a hidden partition (or network – the thing is never offline or properly shut down). There it remaps me to a virtual disk and assumes root control of my operating system. I am not sure if it is timed or if there is someone behind it – but as i get close to removing the files (or think i do) it will pretend to brick for an hour or two and then suddenly leap into recovery mode.

Now im not concerned with the causes or what its doing. In its current condition i cant factory reset or erase with odin as it has positioned itself to respond to exactly this threat. Before the setup screen presents this thing has root access and is busy setting tasks and countdowns – similar behaviour is manifesting itself in my PC but i think this exploit has had longer to stretch out on the phone. Can anyone offer any assistance. Its sending me nuts being trapped fixing the damn thing.

How to Increase Root Partition

I put an Image of Ubuntu 18.04.3 onto a 32GB SD card. It came with no desktop, so I am trying to install xubuntu. When I try to install it using sudo apt-get install xubuntu-desktop I get the following error: You don't have enough free space in /var/cache/apt/archives

I tried sudo apt-get autoclean sudo apt-get clean and different variants of sudo apt-get autoremove but nothing worked.

Results of df -h are the following

Filesystem Size Used Avail Use% Mounted on /dev/root 2.1G 1.4G 513M 74% / devtmpfs 1.9G 0 1.9G 0% /dev tmpfs 1.9B 0 1.9G 0% /dev/shm tmpfs 1.9G 2.5M 1.9G 1% /run tmpfs 5.0M 0 5.0M 0% /run/lock tmpfs 1.9G 0 1.9G 0% /sys/fs/cgroup /dev/mmcblk0p1 253M 29M 224M 12% /boot/firmware tmpfs 381M 0 381M 0% /run/user/1000

I’m new to linux, but why is my root (and filesystem in general) so small if my SD card is 32GB? And is there a way to increase root through the command line(maybe fdisk)? I don’t have another linux machine that I can run Gparted on. But I do have a Windows laptop that could possibly do Gparted Live. I’ve never done that before so if that is the best solution, tips to get started would be much appreciated.

Don’t know if it matters but I’m following the instructions hereRaspberry Pi 4 Ubuntu Server/ Desktop 18.04.3 Image (unofficial) to try and get Ubuntu up and running xubuntu on my Rpi 4.

EDIT:

Results of sudo parted -ls are the following

Model: SD SK32G (sd/mmc) Disk /dev/mmcblk0: 31.98GB Sector size (logical/physical): 512B/512B Partition Table: msdos Disk Flags:  Number  Start     End     Size   Type     File System    Flags 1       1049kB   269MB   268MB   primary    fat32        boot,lba 2       269MB   31.9GB   31.6GB  primary    ext4      

Why do I get a root shell by dpkg when choosing ‘examine the situation’ after config file changes?

When updating packages, it sometimes happens that the package distributor ships an updated version of some configuration files. Usually, the following dialogue appears:

==> Modified (by you or by a script) since installation.  ==> Package distributor has shipped an updated version.    What would you like to do about it ?  Your options are:     Y or I  : install the package maintainer's version     N or O  : keep your currently-installed version       D     : show the differences between the versions       Z     : start a shell to examine the situation  The default action is to keep your current version. *** bash.bashrc (Y/I/N/O/D/Z) [default=N] ?  

I chose to start a shell to “examine the situation” (Z).

I probably have to add that the updated configuration file required root permissions to read & write.

I was a little surprised when I saw that the sub-shell was a root shell and I didn’t have to provide a password.

Why do I get a root shell without having to type in the root password?

Isn’t that a security issue?

Gain root rights on web cam?

I bought a webcam from AliExpress for few dollars just to hack it and gain root rights. Things did go well first few atempts and I figured out how to connect over telnet using a non-root user called default. Now I have access to file system but its not root.

Later I figured out there is a shell script called /home/start.sh which is executed every time the cam restarts. The root executes that script and default user may edit it using VI editor. At first I thought BINGOOO!!!!

I wrote following command at the end of /home/start.sh file hoping to reset the root password:

echo "test" > /home/pw_reset.dat echo "test" >> /home/pw_reset.dat passwd root < /home/pw_reset.dat 2> /home/err.log 

It didn’t work as expected and the error message was something like:

/etc/passwd read-only filesystem... 

After googling this error msg I figured a command to mount root disk with read write rights:

mount -o remount,rw / 

This didn’t help me either. Now I am stuck and need your help. The Linux running on the webcam doesn’t support many commands, for example the chown cannot be found.

Please share with me your ideas and examples. What may I try out furthermore to gain root access? What kind of hacky hack do I need to change root pw?

Root CA key generation compliant with WebTrust and HSM independent

I’m trying to figure out how to generate private key for the Root CA according the principles of WebTrust.

One additional requirement I have that the generate private key should be then imported to any HSM, independent of the vendor.

I have never done any WebTrust audit, so I am not able to figure out if something like that will break any principle or requirement. The following high level procedure can from my point of view ensure secure backup of private keys that can be imported to any HSM (the assumption is that all HW is certified according FIPS 140-2 Level 3 or similar):

  1. Generate strong symmetric key (e.g. AES-256) inside HSM with certified RNG
  2. Provide clear-text of at least 2 components of AES-256 key to key custodians, they will record it (or securely print it to security envelopes)
  3. Check the integrity of the components using KCV to be sure that it was recorded correctly
  4. Store the clear-text key components in secure envelopes inside safe, each separately
  5. Generate 4096 RSA private key inside the same HSM
  6. Export private key using AES key in a PKCS#8 format to file
  7. Create HMAC of generated file in order to record and verify later integrity of exported RSA key using the same AES key
  8. Delete RSA na AES key from HSM

The key generation procedure is supervised and the output is RSA key in PKCS#8 encrypted by AES key which is securely stored in clear-text components in safes (or it can be achieved the same using smart cards, PIN protected).

Then when I would like to import it into HSM, I should follow the supervised procedure on importing AES-256 key, and then importing RSA key which would not be exportable anymore, and delete the AES wrapping key.

The security of all keys should be ensured. Do you see any weak points, what would not be considered secure mainly form the WebTrust point of view?

How do I increase the volume of file system root

I’m new to Ubuntu and I’ve installed it (Ubuntu 16.04.6) on a partition of my 128GB SSD so that I have a dual boot operating system (windows 10 and Ubuntu). However I keep getting a warning message saying ‘The volume “Filesystem root” has only 82 MB disk space remaining’ and I don’t know how to expand it. I tried expanding the partition ubuntu is installed on while in windows but it wouldn’t let me add any unassigned storage onto the partition containing Ubuntu.

I was wondering increasing the partition size is possible (or if that is even the problem) or if I’m better off creating a new partition in my 1tb HDD and installing it there instead since I can probably only add a few more gb to the SSD ubuntu partition at most.

john@johnubuntu:~$   df -h   Filesystem      Size  Used Avail Use% Mounted on   udev            7.8G     0  7.8G   0% /dev   tmpfs           1.6G  9.5M  1.6G   1% /run   /dev/sda7       8.8G  8.3G   60M 100% /   tmpfs           7.8G  205M  7.6G   3% /dev/shm   tmpfs           5.0M  4.0K  5.0M   1% /run/lock   tmpfs           7.8G     0  7.8G   0% /sys/fs/cgroup   /dev/sda1       496M   69M  428M  14% /boot/efi   tmpfs           1.6G   72K  1.6G   1% /run/user/1000 

Any help would be very much appreciated.