So North Korea apparently has an android phone with basically a rootkit on it, that doesn’t allow you to open anything not signed by it on it, takes screenshots periodically and stuff.
Now assume you just wanna get around this, and have tools available, how do you do it?
Would you need to solder a new memory there? Could you try some sort of exploit first?
Excuse me if the following question is very dumb, but if there’s even custom hardware on these phones, like a chip that does this screenshotting, wouldn’t flashing on a new OS do nothing against that?
Hard to say. I expect its more likely that you’re right than wrong, but that’s not to say it’s definitely that way.
So I’m not 100% certain this is how it would act, but them having a separate chip for screenshots - like, what does that mean? So I see two possibilities: a hardware subsystem Frankensteined onto an existing phone; or a separate SOC that exists within the phone’s frame for monitoring.
For the Frankenstein’s version, it’d probably basically be a timer, minor image processing (to read the screen), and a small memory store (to keep data from screen caps). It’d probably route instructions through the phones CPU. I don’t know thats flashing your OS would prevent this from operating, but that’s where I’d start in trying to bypass it.
For the separate SOC, yeah you’re fucked. Maybe you can bust open the frame and remove it…lol, but good luck without the internet handy.