I spent a bit of time this morning reading through various forum posts and did not see anywhere this type of post would not be allowed. MODS forgive me if it isn’t allowed.
The title says it all.
A little background first. I am a 32 year old living in Phoenix AZ. Besides having been in the military at a younger age I have been around technology my whole life and electronic engineering is in my blood!
For the last decade or so I have been really into Android. At first I was a bit apprehensive and was more of a lurker in the community. About 6 years ago is when I became more of an active developer. I have self taught my way through Android. At first it was simple roms and scripts. I have delved in apk building, theming (the hard way before overlays and theme engines) and recently in the past year into security research.
I reside in the USA and have had big red as my carrier for the last 8 years. I mainly work on Samsung Snapdragon devices. Most know big red (and now seemingly all US carriers now) tend to lock down the boot loaders making it difficult for end users like myself who want root and freedom to develop on devices I fully own. Hence why I made the move to security research as it is something I am passionate about.
In the past 2 or 3 years I have met some great developers and consitently gained more knowledge and experience.
The first security exploit I was involved in (as an observer and tester mostly) was for the LG V20. Dirty cow was used to overwrite the devices firmware with user debug firmware which of course led to unlocking the bootloader.
After that I moved back to Samsung and got the S8+. I spent countless hours on this device. In the end it paid off. We were able to root the device using a few exploits. We first had to flash ENG firmware which wasn’t enough by itself. We had to exploit the setsid binary to launch an unstable, tethered root shell. We then pushed a root script into uevent helper so the root script was executed by the kernel. This method I dubbed SamPWND root. Of course this was quickly patched. After this I had a helping hand in the method called SamFAIL which involved flashing a pre-rooted system in ODIN. It would secure check fail but since it was such a large partition it would write to the device before it crashed. This was eventually patched as well.
My next exploit which I reported to Samsung ended up being a critical vulnerability. It was similar to SamFAIL except it involved another partition. This partition was not checked during the flashing process and thus could modify it and flash in ODIN without a failure. The other exploit used in conjunction with this was there were some init scripts that were executed by init I had to modify so init would execute and install root for me. This was of course patched.
My most recent exploit works on just about all the Samsung devices including both Exynos and SD chipsets. This again involves a script that is world readable/writable and can be executed with a simple setprop command. The initial script is executed as system user. This isn’t high enough so I daisy chain it. Use system script to modify another script that is executed as root user on a reboot. Now we have a script executed as root user to do as we want. This exploit has been reported to Samsung who is in the process of patching it.
As you can see, I have been busy learning and then implementing those skills to find exploits. It is very fun!
This brings me to this post and again, I apologize in advance if this is not allowed. My laptop is severely underpowered and unable to keep up with the advancements in technology. I have been plagued with system failures, drives going out, over heating etc. Which is becoming increasingly difficult for me to continue my hobby. It got to the point where (unsuccessfully) I resorted to booting windows on arm on a raspberry pi 3 b+ just so I can have something to flash my device in the even of a brick (which happens often when searching for exploits) due to my PC no longer being reliable.
I currently have a relative in the hospital who is dieing and won’t be around much longer as well as any money I make at my day job barely gets us by on the Bill’s. This means I have no way to upgrade or purchase a new PC anytime soon which has sidelined me and my hobby.
I searched for ways to get money or a new laptop but so far have been unsuccessful. Someone suggested I set up a GoFundMe which I didn’t know was a thing until yesterday. Doing a bit of research and creating a campaign I soon realized it will be a difficult task. It is all about crowd sourcing. I quickly realized there aren’t too many developers or patrons in this community just browsing around GoFundMe so my campaign would most likely fail on launch day due to no traffic and whoever did look at it might not understand the concept at all and simply ignore it.
Then I got to thinking where I can find other developers and people who understand my plight and the first thing that popped in my head was Bugcrowd. After all, it is a crowd source with people just like me doing the same things I love to do and want to continue to do.
I figured why not give it a shot. Below I will post a link to my GoFundMe and hopefully some of you can see it in your hearts to help out a fellow developer in need! If not I understand as I clearly am financially strapped myself.
If you are unable to help out with funds then please share my story on your social media platforms and hopefully soon I will be able to get back to it!
Thanks for taking the time out of your day to hear my story and happy BUG HUNTING!