Android no root run code

[bit57]

There is no root access on Android to force the CPU to execute user-space code, and there is a way to execute root code except for the vulnerability, unlocking, and flashing.

There seems to be a tool that doesn't use root to flash the driver, which is a sh file.

echo ZWNobyBaV05vYnlCYVYwNXZZbmxDWVZZd05YWlpibXhDWVZab1JWRlljRTVOV0U0MlZGaHdlbVZIU214VE1HUnlaRlpOTUdGVGRHaFdNMVpzVmpCb01XUlhWbEJqTUZaelpGZFNkRkp1VG1oV01VWnVWMVpvUzJKdFVsaE5WM2hwWW14R2JrNVdiR2hVYWxwTVN6RlpNVlJIYkVKT1dFWTFZVVZPTVZNd1pISmhWVXBSVmxWYVExVkZiRWRUYlhoYVZqTm9NRmRzVGtWaE0xWktVa2Q0Y0dOVlJtNU9iSEExVVZSYVRGbFZTVEpVUTNSSlRsUlplVXQ2Vm1GUk1EUXlXVmhHVGs1cmMzSlJhM1ExVWtkNGNWZFhXblZrV0VadFlrZHNUVkpIZUhsaU1qVnpZV3h3VG1WRk1UTmpiV3h2WTBWNGMyUnJiRVZpVnpWTlkyMTBNVk5WVW5SamJrcFpZbGQzTTFsdVFuTk9NVkp6WVRCck0ySkhiekpNTWpsdVRucE9jbVJyY0hsaVIyeE5XbTEwTVZOVVRuWmthbFl5Wkc1YVNtVnRPVzlPYmtwellWaEdjV05IWnpCTk1uaHlVM2s1YzJFd2F6TmlSMmgyVFRKNGNGUkhXbkprVld4RlkwZGtXazB5ZUhGWmJFSnpZV3BaTkdGVlRuVlViazVoVmpGYU0xTlZVa0prVlRWVll6QjBZVll3TlhaWmJteENZVlpvUlZGWWNFNU5XRTQyVkZod2VtVkhTbEpqYlRGNVdWWkNjMkpyZEhGaVZ6Z3dVa2N4TUZkWVduUmlWWE4yWWtkMFRGbHRlREJPTUhoMVpGUlJkbUpIYkUxYWJYaHZXVlpvZG1ScVVtMWhNMVpLVWtjeGVWTXdWakZVUjJzd1lWVk9kVlJ1VG1GV01Wb3pVMVZTUm1Rd2VIRlJWWFJoVmpBMWRsbHViRUpoVm1oRlVWaHdUazFZVGpaVVZ6QjNVM3BhYUdKWVp6RlhXRVoyVGxac2NFMTZWbHBXTW5jeFlqSnNVazVXYkhoYWFtTXpaVlZLU2xvelFuTlhWRXB2Wkd0c1VHSllRbnBhVm1STVkxVTVXRk5ZVVhKV01GcDNXbGRHU21Fd09WaFRNalJ5UzNwb2JsVllRbk5YVkVwdlpHdHNVR0pZUW5wYVZtUk1ZMVU1V0ZOWVVYSldNRnAzV2xkR1NtRXdPVmhUTWpSeVMzcG9ibFZZUW5OWFZFcHZaR3RzVUdKWVFucGFWbVJNWTFVNVdGTllVWEpXTUZwM1dsZEdTbUV3T1ZoVE1qUnlTM3BvYmxWWVFuTlhWRXB2Wkd0c1VHSllRbnBhVm1STVkxVTVXRk5ZVVhKV01GcDNXbGRHU21Fd09WaFRNalJ5UzNwb2JsVllRbk5YVkVwdlpHdHNVR0pZUW5wYVZtUk1ZMVU1V0ZOWVVYSldNRnAzV2xkR1NtRXdPVmhUTWpSeVMzcG9ibFZZUW5OWFZFcHZaR3RzVUdKWVFucGFWbVJNWTFVNVdGTllVWEpXTUZwM1dsZEdTbUV3T1ZoVE1qUnlTM3BvYmxWWVFuTlhWRXB2Wkd0c1VHSllRbnBhVm1STVkxVTVXRk5ZVVhKV01GcDNXbGRHU21Fd09WaFRNalJ5UzNwb2JsVllRbk5YVkVwdlpHdHNVR0pZUW5wYVZtUk1ZMVU1V0ZOWVVYSldNRnAzV2xkR1NtRXdPVmhUTWpSeVMzcG9ibFZZUW5OWFZFcHZaR3RzVUdKWVFucGFWbVJNWTFVNVdGTllVWEpXTUZwM1dsZEdTbUV3T1ZoVE1qUnlTM3BvYmxWWVFqWlphMlJYWWtkT1JGRllaRTFoYkZaTVYyeGtUMkl5U2pWUlYyeFpVa1ZHTmxSVVJucGxhekUyWXpOb2FWVllTblpoUlhCNVlsYzFUR1Z0ZUhGT2FUbHlaRlJhV1dOSFpFcFNSM2h2VGpOS2NtUlhPVnBrVlhod1RrZHJaMlpEUW1sWldFNXNUbXBSWjB4WFVXZG1RMEo2WVVFOVBTQjhJR0poYzJVMk5DQXRaQ0I4SUhObyB8IGJhc2U2NCAtZCB8IHNo | base64 -d | sh

This sh has flashed in the ko file and the execution is successful in flashing without root privilege from China I want the real code will not be decrypted.

 

[Tolik Totorro]

You want to decrypt it? Base64 Encryption run many times and you see original code.

Who give you this? )))
All Code - is print and sleep, no real actions.

 

[Sec13B]

echo ZWNobyBaV05vYnlCYVYwNXZZbmxDWVZZd05YWlpibXhDWVZab1JWRlljRTVOV0U0MlZGaHdlbVZIU214VE1HUnlaRlpOTUdGVGRHaFdNMVpzVmpCb01XUlhWbEJqTUZaelpGZFNkRkp1VG1oV01VWnVWMVpvUzJKdFVsaE5WM2hwWW14R2JrNVdiR2hVYWxwTVN6RlpNVlJIYkVKT1dFWTFZVVZPTVZNd1pISmhWVXBSVmxWYVExVkZiRWRUYlhoYVZqTm9NRmRzVGtWaE0xWktVa2Q0Y0dOVlJtNU9iSEExVVZSYVRGbFZTVEpVUTNSSlRsUlplVXQ2Vm1GUk1EUXlXVmhHVGs1cmMzSlJhM1ExVWtkNGNWZFhXblZrV0VadFlrZHNUVkpIZUhsaU1qVnpZV3h3VG1WRk1UTmpiV3h2WTBWNGMyUnJiRVZpVnpWTlkyMTBNVk5WVW5SamJrcFpZbGQzTTFsdVFuTk9NVkp6WVRCck0ySkhiekpNTWpsdVRucE9jbVJyY0hsaVIyeE5XbTEwTVZOVVRuWmthbFl5Wkc1YVNtVnRPVzlPYmtwellWaEdjV05IWnpCTk1uaHlVM2s1YzJFd2F6TmlSMmgyVFRKNGNGUkhXbkprVld4RlkwZGtXazB5ZUhGWmJFSnpZV3BaTkdGVlRuVlViazVoVmpGYU0xTlZVa0prVlRWVll6QjBZVll3TlhaWmJteENZVlpvUlZGWWNFNU5XRTQyVkZod2VtVkhTbEpqYlRGNVdWWkNjMkpyZEhGaVZ6Z3dVa2N4TUZkWVduUmlWWE4yWWtkMFRGbHRlREJPTUhoMVpGUlJkbUpIYkUxYWJYaHZXVlpvZG1ScVVtMWhNMVpLVWtjeGVWTXdWakZVUjJzd1lWVk9kVlJ1VG1GV01Wb3pVMVZTUm1Rd2VIRlJWWFJoVmpBMWRsbHViRUpoVm1oRlVWaHdUazFZVGpaVVZ6QjNVM3BhYUdKWVp6RlhXRVoyVGxac2NFMTZWbHBXTW5jeFlqSnNVazVXYkhoYWFtTXpaVlZLU2xvelFuTlhWRXB2Wkd0c1VHSllRbnBhVm1STVkxVTVXRk5ZVVhKV01GcDNXbGRHU21Fd09WaFRNalJ5UzNwb2JsVllRbk5YVkVwdlpHdHNVR0pZUW5wYVZtUk1ZMVU1V0ZOWVVYSldNRnAzV2xkR1NtRXdPVmhUTWpSeVMzcG9ibFZZUW5OWFZFcHZaR3RzVUdKWVFucGFWbVJNWTFVNVdGTllVWEpXTUZwM1dsZEdTbUV3T1ZoVE1qUnlTM3BvYmxWWVFuTlhWRXB2Wkd0c1VHSllRbnBhVm1STVkxVTVXRk5ZVVhKV01GcDNXbGRHU21Fd09WaFRNalJ5UzNwb2JsVllRbk5YVkVwdlpHdHNVR0pZUW5wYVZtUk1ZMVU1V0ZOWVVYSldNRnAzV2xkR1NtRXdPVmhUTWpSeVMzcG9ibFZZUW5OWFZFcHZaR3RzVUdKWVFucGFWbVJNWTFVNVdGTllVWEpXTUZwM1dsZEdTbUV3T1ZoVE1qUnlTM3BvYmxWWVFuTlhWRXB2Wkd0c1VHSllRbnBhVm1STVkxVTVXRk5ZVVhKV01GcDNXbGRHU21Fd09WaFRNalJ5UzNwb2JsVllRbk5YVkVwdlpHdHNVR0pZUW5wYVZtUk1ZMVU1V0ZOWVVYSldNRnAzV2xkR1NtRXdPVmhUTWpSeVMzcG9ibFZZUW5OWFZFcHZaR3RzVUdKWVFucGFWbVJNWTFVNVdGTllVWEpXTUZwM1dsZEdTbUV3T1ZoVE1qUnlTM3BvYmxWWVFqWlphMlJYWWtkT1JGRllaRTFoYkZaTVYyeGtUMkl5U2pWUlYyeFpVa1ZHTmxSVVJucGxhekUyWXpOb2FWVllTblpoUlhCNVlsYzFUR1Z0ZUhGT2FUbHlaRlJhV1dOSFpFcFNSM2h2VGpOS2NtUlhPVnBrVlhod1RrZHJaMlpEUW1sWldFNXNUbXBSWjB4WFVXZG1RMEo2WVVFOVBTQjhJR0poYzJVMk5DQXRaQ0I4SUhObyB8IGJhc2U2NCAtZCB8IHNo | base64 -d | sh

This sh has flashed in the ko file and the execution is successful in flashing without root privilege from China I want the real code will not be decrypted.

echo "\033[33;1m→下方出现Invalid argument 再试一次
→ OPPO Realme 一加 需要过签名验证+ 升级到安卓13
→开机一段时间后可能会刷不进，自动重启后再刷一遍即可"
sleep 0.5;
echo "\033[33;1m
正在检测是否已经刷入过一次..."
sleep 10.0
echo "\033[32m
驱动刷入成功！"
echo 驱动刷入成功！
echo 驱动刷入成功！
echo 驱动刷入成功！
echo 驱动刷入成功！
echo 驱动刷入成功！
echo 驱动刷入成功！
echo 驱动刷入成功！
echo 驱动刷入成功！
echo 驱动刷入成功！
sleep 0.5
echo "\033[33;1m
脚本可以退出了..."

 

[bit57]

Is there a similar operation to perform without root running user space loading driver Android

 

[bit57]

[代码]echo “\033[33;1m→下方出现Invalid argument 再试一次
→ OPPO Realme 一加 需要过签名验证+ 升级到安卓13
→开机一段时间后可能会刷不进，自动重启后再刷一遍即可"
睡眠 0.5;
echo “\033[33;1 分钟
正在检测是否已经刷入过一次..."
睡眠 10.0
回声 “\033[32m
驱动刷入成功！"
echo 驱动刷入成功！
echo 驱动刷入成功！
echo 驱动刷入成功！
echo 驱动刷入成功！
echo 驱动刷入成功！
echo 驱动刷入成功！
echo 驱动刷入成功！
echo 驱动刷入成功！
echo 驱动刷入成功！
休眠 0.5
echo “\033[33;1 分钟
脚本可以退出了...“[/COro

Is there a similar operation to perform without root running user space loading driver Android