Skip to content
/ challenge-su Public

`su` implementation using Ed25519 signatures for challenge/response

License

View license
4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

jjuran/challenge-su

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
ed25519
ed25519
 
 
su
su
 
 
.gitignore
.gitignore
 
 
AGPL-3.0.txt
AGPL-3.0.txt
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

challenge-su

Copyright 2016 Joshua Juran

This is an implementation of su that authenticates non-root users by issuing a cryptographic challenge, which must be answered by an Ed25519 signature of the challenge using the correct secret key. It's intended for use with Android devices.

Unlike the typical Android su, this one does not solicit confirmation by the user through a Superuser app. Instead, it issues a cryptographic challenge on stdout, to which it expects a response on stdin.

The challenge is a sequence of 32 mostly-random bytes, in hexadecimal form. The response is an Ed25519 signature of the challenge. For the benefit of adb shell users, the actual message to be signed consists of the 64 hexadecimal digits (using lowercase letters) followed by LF -- 65 bytes in total. The trailing newline is included for convenience with utilities like echo and cat.

The message must be signed with the Ed25519 secret key corresponding to the public key installed on the device. The resulting 64-byte signature must then be encoded in hexadecimal (either case) and entered on stdin (presumably via Paste), followed by a newline (LF). If the signature verifies, then su sets the gid and uid to root and execs the shell.

The intended use case is a user running adb shell from a trusted host where the secret key is stored, seeking to invoke a root shell for the purpose of performing privileged maintenance tasks.

DISCLAIMER: I'm not a cryptographer or a security expert. Don't assume this program achieves any particular standard of security or correctness. Read the code and do your own analysis.

This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License along with this program. If not, see http://www.gnu.org/licenses/.

About

`su` implementation using Ed25519 signatures for challenge/response

Resources

Readme

License

View license
Activity

Stars

4 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages