ActivityLauncher icon indicating copy to clipboard operation
ActivityLauncher copied to clipboard
verified publisher icon butzist

bypass non exported activity

Open NSTAdventure opened this issue 3 years ago • 4 comments

I'm found some method to bypass system restriction that prevent non exported activity being launched by others: https://blog.oversecured.com/Android-Access-to-app-protected-components/

if that possible please implement them on the activity launcher

this bypass causing user can launch non exported activity without rooting

NSTAdventure avatar Mar 19 '22 22:03 NSTAdventure

Interesting approach - unfortunately, I'm not interested in implementing this myself, because I have su available on my devices. Anyone?

butzist avatar Mar 20 '22 08:03 butzist

Interesting approach - unfortunately, I'm not interested in implementing this myself, because I have su available on my devices. Anyone?

pls do not close this issues

i hope someone will take assignment for this

ghost avatar Mar 20 '22 09:03 ghost

@butzist - I don't have root access, nowadays it doesn't worth it (it's pointless), especially on samsung, as it's not as simple as flashing a custom recovery and then Magisk, so this will be really nice for someone to implement, or Shizuku...

@NSTAdventure - Nice one, I hope too... ;)

Maybe @Ismael034 will give it a shot...

drogga avatar Mar 20 '22 10:03 drogga

I'm found some method to bypass system restriction that prevent non exported activity being launched by others: https://blog.oversecured.com/Android-Access-to-app-protected-components/

if that possible please implement them on the activity launcher

this bypass causing user can launch non exported activity without rooting

@drogga @butzist

I'm found alternative method using virtual environment like BlackBox but VE still have caveats proceed with caution. so i hope you guys still considering my idea above waiting for assignment

discussion #152

ghost avatar Apr 13 '22 02:04 ghost

I've created a branch to use the CVE-2023-20963 vulnerability to launch non-exported activities. https://github.com/ybtag/SuperActivityLauncher/tree/LaunchAnywhere

ybtag avatar Feb 28 '24 21:02 ybtag

@ybtag Nice, I'm not familiar with the exploit and on which configurations it should work, but I will try it ASAP, please also consider doing the same for /sdex/ActivityManager, but build them to an .apk so I can test and upload them either in releases or file upload to the repo, "release" GH Actions build is also an option I guess and if butzist is interested - maybe a PR here in future...

It would be nice if you also enable the Issues or/and the Discussion tab(s) in your fork repo, so people can actually contact you and report problems if any ;)

drogga avatar Feb 28 '24 23:02 drogga