stereo griever

All posts stereo's posts Post Back to profile

stereo griever

these takes might be spicy, but whatever.

https://liberda.nl/weblog/trust-no-client/

Like 27 Jul 2023 at 22:41 | Open on social.hackerspace.pl

11 comments

:blobcatlaptop: gravitos :blobcatcomfsip:

@selfisekai i have contacted the developers of Kiwi Browser for Android, which is a fork of Chromium that allows extensions. they said, basically, "Fuck it, we're fooling the Web Environment Integrity."

you don't even need root to inject into processes.

27 Jul 2023 at 23:00 | Open on wetdry.world

leo vriscrab² (homestuck) :dado_verified:

@selfisekai universal safetynet fix passes MEETS_STRONG_INTEGRITY on the Pixel 7 series

27 Jul 2023 at 23:03 | Open on 60228.dev

leo vriscrab² (homestuck) :dado_verified:

@selfisekai

27 Jul 2023 at 23:04 | Open on 60228.dev

stereo griever

@leo hm, what's the result without the fix module? did you just flash Magisk on stock or install some custom ROM? did you have to re-lock your bootloader?

27 Jul 2023 at 23:12 | Open on social.hackerspace.pl

leo vriscrab² (homestuck) :dado_verified:

@selfisekai dont remember, magisk on lineageos, unlocked bootloader

27 Jul 2023 at 23:12 | Open on 60228.dev

2xsaiko 🐀

@selfisekai@social.hackerspace.pl I don’t think this is a spicy take at all. As you said, “never trust the client” is kinda a very basic security principle. And usually when you see it used regardless, it’s usually in the context of stupid anti-consumer features like this…