Saturday, August 28, 2010

Please hold the line!



Sure. I always did!
If you are on top, you should stop. The 743C project is past.


There is not much we can achieve from now on anyways. More
or less all the robots are belong to us. There is not much chance
that a device or brand cannot be owned with any of
the 743C exploits recently published. Even devices which
are not yet available on the market (epic) can be
rooted with these (src now included). If there are any
devices where the exploit doesnt work -- just let them live.


Personally, I will return to server&network security again
as well as HPC/HA. There will be no more 743C exploits in future.
Every now and then, I will have a look at android, since
- after all - it is a nice OS and there are a lot of things
I am eager to learn from it.


The 743C project was a short, but funny one. I want to thank
all the people involved with it; who discussed issues with
me as well as the folks who wrote all the tutorials and
hints or sent feedback.Thanks to the six people who
were actually PayPaling me :-)


Last but not least, I am very proud that 743C was hosted
by the Openwall Project.
They provided us with stable, secure and reliable hosting.
Without reliable hosting, everything is nothing.





5 comments:

Unknown said...

Deeply thanks for your contribution ! :-)

Evan said...

Yes, thank you very much for your work! Where is your donation link?

Erik said...

Thanks for your work. I'm very much a novice at this stuff but I have been learning a lot with each step I take.

That being said, I've tried this exploit but it doesn't work on my device (Sharp IS03, 2.1update-1).

I know, you mentioned that if this doesn't work on a device, let the device live. I'm a little stubborn in this regard.

tl;dr, repeat: thanks for your contribution.

Tom Jeffery said...

Just a quick question, what prevents Google from fixing this in adb so that the exploit doesn't work anymore?

Tom

Sebastian said...

It has already been fixed in
new versions of android.

The update process of vulnerable
packages/programs in the mobile world
is not yet well established,
to say it diplomatically.

Even though mobile devices are
really made for quick patch-submission (always on) due to their
DRM habbit and signing/readonly partitions you end up with a crappy blob.