ZTE Z839 Android handsets Emode.APK android.uid.system LPE exploit

hackerhouse-opensource · hackerhouse-opensource · commit dbefc8e0b3a8 · 2020-11-27T18:59:51.000-05:00
diff --git a/README.md b/README.md
@@ -8,7 +8,6 @@ Exploits and proof-of-concept code from the team at Hacker House.
 |*adobe-psp.tgz* | Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow PSP bypass (metasploit) |
 |*aix53l-libc.c* | AIX 5.3L libc locale environment handling local root exploit |
 |*aix53l-lquerypv.c* | AIX 5.3L /usr/sbin/lquerypv local root privilege escalation |
-|*alcatelpwn.java* | Alcatel Android devices LPE PoC | 
 |*amanda-amstar.txt* |  Advanced Maryland Automatic Network Disk Archiver local root privilege escalation exploit |
 |*amanda-backup.txt* |  Advanced Maryland Automatic Network Disk Archiver local root privilege escalation exploit |
 |*applejack.c* |PonyOS 3.0 & below tty ioctl() kernel local root exploit |
@@ -137,6 +136,6 @@ Exploits and proof-of-concept code from the team at Hacker House.
 |*winnuke2011.sh* | MS11-083 Win7/Vista/2008 ICMP refCount denial-of-service flaw |
 |*wysewig.py* | Wyse embedded XP remote SYSTEM command execution exploit | 
 |*xclm-exploit.c* | Microchip XC local root exploit (Linux) (installed by defcon 26 attendees) |
-|*zte-emode.txt*| Multiple ZTE Android handsets Emode.APK android.uid.system LPE exploit |
+|*zte-emode.txt*| ZTE Z839 Android handsets Emode.APK android.uid.system LPE exploit|
 
 These files are available under a Attribution-NonCommercial-NoDerivatives 4.0 International license.
diff --git a/zte-emode.txt b/zte-emode.txt
@@ -1,6 +1,6 @@
-Multiple ZTE Android handsets Emode.APK android.uid.system LPE exploit
-======================================================================
-ZTE handsets (sub $100) sold by Walmart during 2019 contain an engineering mode APK that utilizes "Android Secret Codes"
+ZTE Z839 Android handsets Emode.APK android.uid.system LPE exploit
+==================================================================
+ZTE Blade Vantage (Z839) Android 7.1.1 handsets contain an engineering mode APK that utilizes "Android Secret Codes"
 for accessing hidden engineering functionality. Such hidden features are common for Android devices and perform
 functions such as testing sensors and modem settings. Using the "secret codes", it is also possible for ZTE to obtain
 root privileges on any device by installing "zteroot.apk" (must be signed by ZTE as AndroidOS checks signature and privs
@@ -211,6 +211,10 @@ uid=1000(system) gid=1000(system) groups=1000(system),1007(log),1010(wifi),1015(
 uname -a
 Linux localhost 3.10.49-g24db3b3 #1 SMP PREEMPT Sun Aug 20 11:59:09 CST 2017 armv7l
 
+The Janus vulnerability is patched in the latest version of Z839V1.0.0B13 - this flaw was tested against
+firmware version Z839V1.0.0B08. The Emode engineering access is present in the latest version but exploitation
+must be achieved through other means.
+
  -- Hacker Fantastic
 (https://hacker.house)
 
