| ▲ | Retr0id 8 hours ago | |||||||
It is possible to bypass Play Integrity on most devices (even at the "strong" level) using a sewing needle. Specifically, you poke the data lines of the memory bus to induce bitflips, much like I described in https://www.da.vidbuchanan.co.uk/blog/dram-emfi.html This is trickier if your device has the DRAM mounted directly on top of the CPU, but still possible - you'll need to do some BGA rework to get a wire soldered to one of the DQ lines. Once you get a physical memory read/write primitive, you can start patching the kernel. Play Integrity does not detect this, since it only attests the state of the kernel at boot. I chose to patch out the permission checks related to ptrace, allowing me to inject frida-gadget into running apps, and to inject shellcode into pid 1. The initial exploit is pretty unreliable, and usually takes a few reboots to hit. But once it lands, the device is pwned until the next reboot - like a "tethered jailbreak". I tested this on a Samsung A06 because it was the cheapest device supporting Play Integrity I could get my hands on, but there's no fundamental reason it shouldn't work on any other device, including flagships. Some mitigations would require a different exploit strategy (e.g. memory encryption), but the fundamental flaw is still there. | ||||||||
| ▲ | OsrsNeedsf2P 7 hours ago | parent | next [-] | |||||||
Play Integrity will only get more advanced, though | ||||||||
| ||||||||
| ▲ | userbinator 5 hours ago | parent | prev [-] | |||||||
Much like DRM, the point is that we shouldn't have to fight this BS in the first place. | ||||||||